From 8b6a0ece3b66b8387670c34ba36b03d5c669f33e Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Sat, 1 Jul 2023 20:48:18 +0200 Subject: [PATCH 1/3] python3-paramiko: update to version 3.2.0 Signed-off-by: Javier Marcet --- lang/python/python-paramiko/Makefile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/lang/python/python-paramiko/Makefile b/lang/python/python-paramiko/Makefile index 03531ff9b2..1507a27f4c 100644 --- a/lang/python/python-paramiko/Makefile +++ b/lang/python/python-paramiko/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-paramiko -PKG_VERSION:=2.12.0 -PKG_RELEASE:=2 +PKG_VERSION:=3.2.0 +PKG_RELEASE:=1 PYPI_NAME:=paramiko -PKG_HASH:=376885c05c5d6aa6e1f4608aac2a6b5b0548b1add40274477324605903d9cd49 +PKG_HASH:=93cdce625a8a1dc12204439d45033f3261bdb2c201648cfcdc06f9fd0f94ec29 PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=LGPL-2.1-or-later @@ -26,10 +26,11 @@ define Package/python3-paramiko endef define Package/python3-paramiko/description - Paramiko is a Python (2.7, 3.4+) implementation of the SSHv2 protocol, - providing both client and server functionality. While it leverages a Python - C extension for low level cryptography (Cryptography), Paramiko itself is a - pure Python interface around SSH networking concepts. + Paramiko is a pure-Python (3.6+) implementation of the SSHv2 protocol, + providing both client and server functionality. It provides the foundation + for the high-level SSH library Fabric, which is what we recommend you use + for common client use-cases such as running remote shell commands or + transferring files. endef $(eval $(call Py3Package,python3-paramiko)) From d26e7f31de6e99decbe41d02436af913f0c2cad4 Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Thu, 31 Aug 2023 15:29:58 +0200 Subject: [PATCH 2/3] python3-paramiko: update to version 3.3.1 Signed-off-by: Javier Marcet --- lang/python/python-paramiko/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-paramiko/Makefile b/lang/python/python-paramiko/Makefile index 1507a27f4c..f9c2d8eff4 100644 --- a/lang/python/python-paramiko/Makefile +++ b/lang/python/python-paramiko/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-paramiko -PKG_VERSION:=3.2.0 +PKG_VERSION:=3.3.1 PKG_RELEASE:=1 PYPI_NAME:=paramiko -PKG_HASH:=93cdce625a8a1dc12204439d45033f3261bdb2c201648cfcdc06f9fd0f94ec29 +PKG_HASH:=6a3777a961ac86dbef375c5f5b8d50014a1a96d0fd7f054a43bc880134b0ff77 PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=LGPL-2.1-or-later From 9a586e465f9e32b18055baf21476a466df3112cf Mon Sep 17 00:00:00 2001 From: Javier Marcet Date: Mon, 1 Jan 2024 12:11:34 +0100 Subject: [PATCH 3/3] python3-paramiko: update to version 3.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - [Feature]: Transport grew a new packetizer_class kwarg for overriding the packet-handler class used internally. Mostly for testing, but advanced users may find this useful when doing deep hacks. - [Bug]: Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the original implementation made assumptions based on an OpenSSH implementation detail. - [Bug]: Address CVE 2023-48795 (aka the “Terrapin Attack”, a vulnerability found in the SSH protocol re: treatment of packet sequence numbers) as follows: - The vulnerability only impacts encrypt-then-MAC digest algorithms in tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko currently only implements hmac-sha2-(256|512)-etm in tandem with AES-CBC. If you are unable to upgrade to Paramiko versions containing the below fixes right away, you may instead use the disabled_algorithms connection option to disable the ETM MACs and/or the CBC ciphers (this option is present in Paramiko >=2.6). - As the fix for the vulnerability requires both ends of the connection to cooperate, the below changes will only take effect when the remote end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode, as of this patch version) and configured to use the new “strict kex” mode. Paramiko will always attempt to use “strict kex” mode if offered by the server, unless you override this by specifying strict_kex=False in Transport.__init__. - Paramiko will now raise an SSHException subclass (MessageOrderError) when protocol messages are received in unexpected order. This includes situations like receiving MSG_DEBUG or MSG_IGNORE during initial key exchange, which are no longer allowed during strict mode. - Key (re)negotiation – i.e. MSG_NEWKEYS, whenever it is encountered – now resets packet sequence numbers. (This should be invisible to users during normal operation, only causing exceptions if the exploit is encountered, which will usually result in, again, MessageOrderError.) - Sequence number rollover will now raise SSHException if it occurs during initial key exchange (regardless of strict mode status). Signed-off-by: Javier Marcet --- lang/python/python-paramiko/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lang/python/python-paramiko/Makefile b/lang/python/python-paramiko/Makefile index f9c2d8eff4..7ee37b1063 100644 --- a/lang/python/python-paramiko/Makefile +++ b/lang/python/python-paramiko/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python-paramiko -PKG_VERSION:=3.3.1 +PKG_VERSION:=3.4.0 PKG_RELEASE:=1 PYPI_NAME:=paramiko -PKG_HASH:=6a3777a961ac86dbef375c5f5b8d50014a1a96d0fd7f054a43bc880134b0ff77 +PKG_HASH:=aac08f26a31dc4dffd92821527d1682d99d52f9ef6851968114a8728f3c274d3 PKG_MAINTAINER:=Javier Marcet PKG_LICENSE:=LGPL-2.1-or-later