| Changelog |
* Sun Mar 12 2023 Paul Howarth <paul@city-fan.org> - 3.1.0-1
- Update to 3.1.0 (rhbz#2177436)
- Add an explicit 'channel_timeout' keyword argument to
'paramiko.client.SSHClient.connect', allowing users to configure the
previously-hardcoded default value of 3600 seconds (GH#2009, GH#2013, and
others)
- Accept single tabs as field separators (in addition to single spaces) in
'paramiko.hostkeys.HostKeyEntry.from_line' for parity with OpenSSH's
KnownHosts parser (GH#2173)
- Apply 'codespell' to the codebase, which found a lot of very old minor
spelling mistakes in docstrings; also, modernize many instances of '*largs'
vs. '*args' and '**kwarg' vs. '**kwargs' (GH#2178)
* Sun Jan 22 2023 Paul Howarth <paul@city-fan.org> - 3.0.0-1
- Update to 3.0.0 (rhbz#2162914)
- Remove some unnecessary '__repr__' calls when handling bytes-vs-str
conversions; this was apparently doing a lot of unintentional data
processing, which adds up in some use cases, such as SFTP transfers,
which may now be significantly faster (GH#2110)
- Streamline some redundant (and costly) byte conversion calls in the
packetizer and the core SFTP module; this should lead to some SFTP
speedups at the very least (GH#2165)
- 'paramiko.util.retry_on_signal' (and any internal uses of same, and also
any internal retries of 'EINTR' on e.g. socket operations) has been
removed; as of Python 3.5, per PEP 475 (https://peps.python.org/pep-0475/),
this functionality (and retrying 'EINTR' generally) is now part of the
standard library
Note: This change is backwards incompatible if you were explicitly
importing/using this particular function; the observable behavior otherwise
should not be changing
- '~paramiko.config.SSHConfig' used to straight-up delete the 'proxycommand'
key from config lookup results when the source config said
'ProxyCommand none'; this has been altered to preserve the key and give it
the Python value 'None', thus making the Python representation more in line
with the source config file
Note: This change is backwards incompatible if you were relying on the old
(1.x, 2.x) behavior for some reason (e.g. assuming all 'proxycommand'
values were valid subcommand strings)
- The behavior of private key classes' (i.e. anything inheriting from
'~paramiko.pkey.PKey') private key writing methods used to perform a
manual, extra 'chmod' call after writing; this hasn't been strictly
necessary since the mid 2.x release line (when key writing started giving
the 'mode' argument to 'os.open'), and has now been removed entirely; this
should only be observable if you were mocking Paramiko's system calls
during your own testing, or similar
- 'PKey.__cmp__' has been removed - ordering-oriented comparison of key files
is unlikely to have ever made sense (the old implementation attempted to
order by the hashes of the key material) and so we have not bothered
setting up '__lt__' and friends at this time; the class continues to have
its original '__eq__' untouched
Note: This change is backwards incompatible if you were actually trying to
sort public key objects (directly or indirectly); please file bug reports
detailing your use case if you have some intractable need for this
behavior, and we'll consider adding back the necessary Python 3 magic
methods so that it works as before
- A handful of lower-level classes (notably 'paramiko.message.Message' and
'paramiko.pkey.PKey') previously returned 'bytes' objects from their
implementation of '__str__', even under Python 3; and there was never any
'__bytes__' method; these issues have been fixed by renaming '__str__' to
'__bytes__' and relying on Python's default "stringification returns the
output of '__repr__'" behavior re: any real attempts to 'str()' such objects
- 'paramiko.common.asbytes' has been moved to 'paramiko.util.asbytes'
Note: This change is backwards incompatible if you were directly using this
function (which is unlikely)
- Remove the now irrelevant 'paramiko.py3compat' module
Note: This change is backwards incompatible - such references should be
search-and-replaced with their modern Python 3.6+ equivalents; in some
cases, still-useful methods or values have been moved to 'paramiko.util'
(most) or 'paramiko.common' ('byte_*')
- Drop support for Python versions less than 3.6, including Python 2; so long
and thanks for all the fish! Our packaging metadata has been updated to
include 'python_requires', so this should not cause breakage unless you're
on an old installation method that can't read this metadata
Note: As part of this change, our dependencies have been updated; e.g. we
now require Cryptography>=3.3, up from 2.5
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.12.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sun Nov 06 2022 Paul Howarth <paul@city-fan.org> - 2.12.0-1
- Update to 2.12.0 (rhbz#2140281)
- Add a 'transport_factory' kwarg to 'SSHClient.connect' for advanced users
to gain more control over early Transport setup and manipulation (GH#2054,
GH#2125)
- Update '~paramiko.client.SSHClient' so it explicitly closes its wrapped
socket object upon encountering socket errors at connection time; this
should help somewhat with certain classes of memory leaks, resource
warnings, and/or errors (though we hasten to remind everyone that Client
and Transport have their own '.close()' methods for use in non-error
situations!) (GH#1822)
- Raise '~paramiko.ssh_exception.SSHException' explicitly when blank private
key data is loaded, instead of the natural result of 'IndexError'; this
should help more bits of Paramiko or Paramiko-adjacent codebases to
correctly handle this class of error (GH#1599, GH#1637)
- Use SPDX-format license tag
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 14 2022 Python Maint <python-maint@redhat.com> - 2.11.0-2
- Rebuilt for Python 3.11
* Tue May 17 2022 Paul Howarth <paul@city-fan.org> - 2.11.0-1
- Update to 2.11.0
- Align signature verification algorithm with OpenSSH re: zero-padding
signatures that don't match their nominal size/length; this shouldn't
affect most users, but will help Paramiko-implemented SSH servers handle
poorly behaved clients such as PuTTY (GH#1933)
- OpenSSH 7.7 and older has a bug preventing it from understanding how to
perform SHA2 signature verification for RSA certificates (specifically
certs - not keys), so when we added SHA2 support it broke all clients using
RSA certificates with these servers; this has been fixed in a manner similar
to what OpenSSH's own client does - a version check is performed and the
algorithm used is downgraded if needed (GH#2017)
- Recent versions of Cryptography have deprecated Blowfish algorithm support;
in lieu of an easy method for users to remove it from the list of
algorithms Paramiko tries to import and use, we've decided to remove it
from our "preferred algorithms" list, which will both discourage use of a
weak algorithm, and avoid warnings (GH#2038, GH#2039)
- Windows-native SSH agent support as merged in 2.10 could encounter
'Errno 22' 'OSError' exceptions in some scenarios (e.g. server not cleanly
closing a relevant named pipe); this has been worked around and should be
less problematic (GH#2008, GH#2010)
- Add SSH config token expansion (eg '%h', '%p') when parsing 'ProxyJump'
directives (GH#1951)
- Apply unittest 'skipIf' to tests currently using SHA1 in their critical
path, to avoid failures on systems starting to disable SHA1 outright in
their crypto backends (e.g. RHEL 9) (GH#2004, GH#2011)
* Tue Apr 26 2022 Paul Howarth <paul@city-fan.org> - 2.10.4-1
- Update to 2.10.4
- Update 'camelCase' method calls against the 'threading' module to be
'snake_case'; this and related tweaks should fix some deprecation warnings
under Python 3.10 (GH#1838, GH#1870, GH#2028)
- '~paramiko.pkey.PKey' instances' '__eq__' did not have the usual safety
guard in place to ensure they were being compared to another 'PKey' object,
causing occasional spurious 'BadHostKeyException', among other things
(GH#1964, GH#2023, GH#2024)
- Servers offering certificate variants of hostkey algorithms (e.g.
'ssh-rsa-cert-v01@openssh.com') could not have their host keys verified by
Paramiko clients, as it only ever considered non-cert key types for that
part of connection handshaking (GH#2035)
* Mon Mar 21 2022 Paul Howarth <paul@city-fan.org> - 2.10.3-2
- Skip tests that would fail without SHA-1 signing support in backend, such as
on EL-9 (GH#2011)
* Sat Mar 19 2022 Paul Howarth <paul@city-fan.org> - 2.10.3-1
- Update to 2.10.3
- Certificate-based pubkey auth was inadvertently broken when adding SHA2
support in version 2.9.0 (GH#1963, GH#1977)
- Switch from module-global to thread-local storage when recording thread IDs
for a logging helper; this should avoid one flavor of memory leak for
long-running processes (GH#2002, GH#2003)
* Tue Mar 15 2022 Paul Howarth <paul@city-fan.org> - 2.10.2-1
- Update to 2.10.2
- Fix Python 2 compatibility breakage introduced in 2.10.1 (GH#2001)
- Re-enable sftp tests, no longer failing under mock
* Sun Mar 13 2022 Paul Howarth <paul@city-fan.org> - 2.10.1-1
- Update to 2.10.1
- CVE-2022-24302: Creation of new private key files using
'~paramiko.pkey.PKey' subclasses was subject to a race condition between
file creation and mode modification, which could be exploited by an
attacker with knowledge of where the Paramiko-using code would write out
such files; this has been patched by using 'os.open' and 'os.fdopen' to
ensure new files are opened with the correct mode immediately (we've left
the subsequent explicit 'chmod' in place to minimize any possible
disruption, though it may get removed in future backwards-incompatible
updates)
- Add support for the '%C' token when parsing SSH config files (GH#1976)
- Add support for OpenSSH's Windows agent as a fallback when Putty/WinPageant
isn't available or functional (GH#1509, GH#1837, GH#1868)
- Significantly speed up low-level read/write actions on
'~paramiko.sftp_file.SFTPFile' objects by using 'bytearray'/'memoryview'
(GH#892); this is unlikely to change anything for users of the higher level
methods like 'SFTPClient.get' or 'SFTPClient.getfo', but users of
'SFTPClient.open' will likely see orders of magnitude improvements for
files larger than a few megabytes in size
- Add 'six' explicitly to install-requires; it snuck into active use at some
point but has only been indicated by transitive dependency on 'bcrypt'
until they somewhat-recently dropped it (GH#1985); this will be short-lived
until we drop Python 2 support
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jan 14 2022 Paul Howarth <paul@city-fan.org> - 2.9.2-2
- Avoid use of deprecated python-mock by using unittest.mock instead
https://github.com/paramiko/paramiko/pull/1666
* Sat Jan 08 2022 Paul Howarth <paul@city-fan.org> - 2.9.2-1
- Update to 2.9.2
- Connecting to servers that support 'server-sig-algs' but which have no
overlap between that list and what a Paramiko client supports, now raise
an exception instead of defaulting to 'rsa-sha2-512' (since the use of
'server-sig-algs' allows us to know what the server supports)
- Enhanced log output when connecting to servers that do not support
'server-sig-algs' extensions, making the new-as-of-2.9 defaulting to SHA2
pubkey algorithms more obvious when it kicks in
* Sat Dec 25 2021 Paul Howarth <paul@city-fan.org> - 2.9.1-1
- Update to 2.9.1
- Server-side support for 'rsa-sha2-256' and 'ssh-rsa' wasn't fully operable
after 2.9.0's release (signatures for RSA pubkeys were always run through
'rsa-sha2-512' instead) (GH#1935)
* Fri Dec 24 2021 Paul Howarth <paul@city-fan.org> - 2.9.0-1
- Update to 2.9.0
- Add support for SHA-2 variants of RSA key verification algorithms (as
described in RFC 8332) as well as limited SSH extension negotiation (RFC
8308) (GH#1326, GH#1643, GH#1644, GH#1925)
How SSH servers/clients decide when and how to use this functionality can be
complicated; Paramiko's support is as follows:
- Client verification of server host key during key exchange will now prefer
rsa-sha2-512, rsa-sha2-256, and legacy ssh-rsa algorithms, in that order,
instead of just ssh-rsa
- Note that the preference order of other algorithm families such as
ed25519 and ecdsa has not changed; for example, those two groups are still
preferred over RSA
- Server mode will now offer all 3 RSA algorithms for host key verification
during key exchange, similar to client mode, if it has been configured
with an RSA host key
- Client mode key exchange now sends the ext-info-c flag signaling support
for MSG_EXT_INFO, and support for parsing the latter (specifically, its
server-sig-algs flag) has been added
- Client mode, when performing public key authentication with an RSA key or
cert, will act as follows:
- In all cases, the list of algorithms to consider is based on the new
preferred_pubkeys list and disabled_algorithms; this list, like with
host keys, prefers SHA2-512, SHA2-256 and SHA1, in that order
- When the server does not send server-sig-algs, Paramiko will attempt
the first algorithm in the above list; clients connecting to legacy
servers should thus use disabled_algorithms to turn off SHA2
- When the server does send server-sig-algs, the first algorithm
supported by both ends is used, or if there is none, it falls back to
the previous behavior
- SSH agent support grew the ability to specify algorithm flags when
requesting private key signatures; this is now used to forward SHA2
algorithms when appropriate
- Server mode is now capable of pubkey auth involving SHA-2 signatures from
clients, provided one's server implementation actually provides for doing
so; this includes basic support for sending MSG_EXT_INFO (containing
server-sig-algs only) to clients advertising ext-info-c in their key
exchange list
In order to implement the above, the following API additions were made:
- 'PKey.sign_ssh_data <paramiko.pkey.PKey>': Grew an extra, optional
'algorithm' keyword argument (defaulting to 'None' for most subclasses,
and to "ssh-rsa" for '~paramiko.rsakey.RSAKey')
- A new '~paramiko.ssh_exception.SSHException' subclass was added,
'~paramiko.ssh_exception.IncompatiblePeer', and is raised in all spots
where key exchange aborts due to algorithmic incompatibility; like all
other exceptions in that module, it inherits from 'SSHException', and as
nothing else was changed about the raising (i.e. the attributes and
message text are the same) this change is backwards compatible
- '~paramiko.transport.Transport' grew a '_preferred_pubkeys' attribute and
matching 'preferred_pubkeys' property to match the other, kex-focused,
such members; this allows client pubkey authentication to honor the
'disabled_algorithms' feature
* Mon Nov 29 2021 Paul Howarth <paul@city-fan.org> - 2.8.1-1
- Update to 2.8.1
- Fix listdir failure when server uses a locale (GH#985, GH#992); now on
Python 2.7 SFTPAttributes will decode abbreviated month names correctly
rather than raise 'UnicodeDecodeError'
- Deleting items from '~paramiko.hostkeys.HostKeys' would incorrectly raise
'KeyError' even for valid keys, due to a logic bug (GH#1024)
- Update RSA and ECDSA key decoding subroutines to correctly catch exception
types thrown by modern versions of Cryptography (specifically 'TypeError'
and its internal 'UnsupportedAlgorithm') (GH#1257, GH#1266); these
exception classes will now become '~paramiko.ssh_exception.SSHException'
instances instead of bubbling up
- Update '~paramiko.pkey.PKey' and subclasses to compare ('__eq__') via
direct field/attribute comparison instead of hashing (while retaining the
existing behavior of '__hash__' via a slight refactor) (GH#908)
Warning:
This fixes a security flaw! If you are running Paramiko on 32-bit systems
with low entropy (such as any 32-bit Python 2, or a 32-bit Python 3 that is
running with 'PYTHONHASHSEED=0') it is possible for an attacker to craft a
new keypair from an exfiltrated public key, which Paramiko would consider
equal to the original key.
This could enable attacks such as, but not limited to, the following:
- Paramiko server processes would incorrectly authenticate the attacker
(using their generated private key) as if they were the victim. We see
this as the most plausible attack using this flaw.
- Paramiko client processes would incorrectly validate a connected server
(when host key verification is enabled) while subjected to a
man-in-the-middle attack. This impacts more users than the server-side
version, but also carries higher requirements for the attacker, namely
successful DNS poisoning or other MITM techniques.
* Mon Oct 11 2021 Paul Howarth <paul@city-fan.org> - 2.8.0-1
- Update to 2.8.0
- Administrivia overhaul, including but not limited to:
- Migrate CI to CircleCI
- Primary dev branch is now 'main' (renamed)
- Many README edits for clarity, modernization etc.; including a bunch more
(and consistent) status badges and unification with main project site
index
- PyPI page much more fleshed out (long_description is now filled in with
the README; sidebar links expanded; etc.)
- flake8, pytest configs split out of setup.cfg into their own files
- Invoke/invocations (used by maintainers/contributors) upgraded to modern
versions
- Newer server-side key exchange algorithms not intended to use SHA1
(diffie-hellman-group14-sha256, diffie-hellman-group16-sha512) were
incorrectly using SHA1 after all, due to a bug causing them to ignore the
'hash_algo' class attribute; this has been corrected (GH#1452, GH#1882)
- Add a 'prefetch' keyword argument to 'SFTPClient.get'/'SFTPClient.getfo' so
that users who need to skip SFTP prefetching are able to conditionally turn
it off (GH#1846)
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 2.7.2-5
- Rebuilt for Python 3.10
|
