The NetBSD Project

CVS log for pkgsrc/security/py-paramiko/Makefile

[BACK] Up to [] / pkgsrc / security / py-paramiko

Request diff between arbitrary revisions

Default branch: MAIN

Revision 1.50 / (download) - annotate - [select for diffs], Mon Jul 31 16:16:48 2023 UTC (4 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3, HEAD
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)

py-paramiko: updated to 3.3.1

3.3.1 2023-07-28
[Bug]: Cleaned up some very old root level files, mostly just to exercise some of our doc build and release machinery. This changelog entry intentionally left blank! nothing-to-see-here-move-along.gif

3.3.0 2023-07-28
[Feature] Add an explicit max_concurrent_prefetch_requests argument to paramiko.client.SSHClient.get and paramiko.client.SSHClient.getfo, allowing users to limit the number of concurrent requests used during prefetch. Patch by @kschoelhorn, with a test by @bwinston-sdp.
[Feature] Add support and tests for Match final „ŗ(frequently used in ProxyJump configurations to exclude the jump host) to our SSH config parser. Patch by @commonism.

Revision 1.49 / (download) - annotate - [select for diffs], Tue Jul 18 15:54:43 2023 UTC (4 months, 2 weeks ago) by adam
Branch: MAIN
Changes since 1.48: +9 -6 lines
Diff to previous 1.48 (colored)

py-paramiko: updated to 3.2.0

3.2.0 2023-05-25
[Feature]: PKey grew a new .fingerprint property which emits a fingerprint string matching the SHA256+Base64 values printed by various OpenSSH tooling (eg ssh-add -l, ssh -v). This is intended to help troubleshoot Paramiko-vs-OpenSSH behavior and will eventually replace the venerable get_fingerprint method.

[Feature]: PKey grew a new .algorithm_name property which displays the key algorithm; this is typically derived from the value of get_name. For example, ED25519 keys have a get_name of ssh-ed25519 (the SSH protocol key type field value), and now have a algorithm_name of ED25519.

[Feature]: PKey now offers convenience ◊őeta-constructors„ŗ static methods that simplify the process of instantiating the correct subclass for a given key input.

For example, PKey.from_path can load a file path without knowing a priori what type of key it is (thanks to some handy methods within our cryptography dependency). Going forwards, we expect this to be the primary method of loading keys by user code that runs on „ŗ◊…uman time„ŗ(i.e. where some minor efficiencies are worth the convenience).

In addition, PKey.from_type_string now exists, and is being used in some internals to load ssh-agent keys.

As part of these changes, PKey and friends grew an identifiers classmethod; this is inspired by the supported_key_format_identifiers classmethod (which now refers to the new method.) This also includes adding a .name attribute to most key classes (which will eventually replace .get_name().

[Feature]: Enhanced AgentKey with new attributes, such as:

Added a comment attribute (and constructor argument); Agent.get_keys() now uses this kwarg to store any comment field sent over by the agent. The original version of the agent feature inexplicably did not store the comment anywhere.
Agent-derived keys now attempt to instantiate a copy of the appropriate key class for access to other algorithm-specific members (eg key size). This is available as the .inner_key attribute.
This functionality is now in use in Fabric„ŗ—‘ new --list-agent-keys feature, as well as in Paramiko„ŗ—‘ debug logging.
[Feature] Users of SSHClient can now configure the authentication logic Paramiko uses when connecting to servers; this functionality is intended for advanced users and higher-level libraries such as Fabric. See auth_strategy for details.

Fabric„ŗ—‘ co-temporal release includes a proof-of-concept use of this feature, implementing an auth flow much closer to that of the OpenSSH client (versus Paramiko„ŗ—‘ legacy behavior). It is strongly recommended that if this interests you, investigate replacing any direct use of SSHClient with Fabric„ŗ—‘ Connection.

This feature is EXPERIMENTAL; please see its docs for details.
[Feature]: Implement _fields() on AgentKey so that it may be compared (via ==) with other PKey instances.

[Bug]: AgentKey had a dangling Python 3 incompatible __str__ method returning bytes. This method has been removed, allowing the superclass„ŗ(PKey) method to run instead.

[Bug] Since its inception, Paramiko has (for reasons lost to time) implemented authentication as a side effect of handling affirmative replies to MSG_SERVICE_REQUEST protocol messages. What this means is Paramiko makes one such request before every MSG_USERAUTH_REQUEST, i.e. every auth attempt.

OpenSSH doesn„ŗ—’ care if clients send multiple service requests, but other server implementations are often stricter in what they accept after an initial service request (due to the RFCs not being clear). This can result in odd behavior when a user doesn„ŗ—’ authenticate successfully on the very first try (for example, when the right key for a target host is the third in one„ŗ—‘ ssh-agent).

This version of Paramiko now contains an opt-in Transport subclass, ServiceRequestingTransport, which more-correctly implements service request handling in the Transport, and uses an auth-handler subclass internally which has been similarly adapted. Users wanting to try this new experimental code path may hand this class to SSHClient.connect as its transport_factory kwarg.

This feature is EXPERIMENTAL and its code may be subject to change.

In addition:
minor backwards incompatible changes exist in the new code paths, most notably the removal of the (inconsistently applied and rarely used) event arguments to the auth_xxx methods.
GSSAPI support has only been partially implemented, and is untested.
Some minor backwards-compatible changes were made to the existing Transport and AuthHandler classes to facilitate the new code. For example, Transport._handler_table and AuthHandler._client_handler_table are now properties instead of raw attributes.
[Bug] The server-sig-algs and RSA-SHA2 features added around Paramiko 2.9 or so, had the annoying side effect of not working with servers that don„ŗ—’ support either of those feature sets, requiring use of disabled_algorithms to forcibly disable the SHA2 algorithms on Paramiko„ŗ—‘ end.

The experimental ServiceRequestingTransport (noted in its own entry in this changelog) includes a fix for this issue, specifically by falling back to the same algorithm as the in-use pubkey if it„ŗ—‘ in the algorithm list (leaving the „ŗ◊«irst algorithm in said list„ŗas an absolute final fallback).

[Bug]: Fixed a very sneaky bug found at the apparently rarely-traveled intersection of RSA-SHA2 keys, certificates, SSH agents, and stricter-than-OpenSSH server targets. This manifested as yet another „ŗ◊ōell, if we turn off SHA2 at one end or another, everything works again„ŗproblem, for example with version 12 of the Teleport server endpoint.

This has been fixed; Paramiko tweaked multiple aspects of how it requests agent signatures, and the agent appears to do the right thing now.

Revision 1.48 / (download) - annotate - [select for diffs], Mon Nov 14 09:28:16 2022 UTC (12 months, 3 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)

py-paramiko: updated to 2.12.0

2.12.0 2022-11-04
[Feature] Add a transport_factory kwarg to SSHClient.connect for advanced users to gain more control over early Transport setup and manipulation. Thanks to Noah Pederson for the patch.

Revision 1.47 / (download) - annotate - [select for diffs], Wed Oct 19 13:56:33 2022 UTC (13 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.46: +3 -2 lines
Diff to previous 1.46 (colored)

fighting a losing battle against py-cryptography rustification, part 2

Switch users to

Revision 1.46 / (download) - annotate - [select for diffs], Wed Jul 13 20:06:23 2022 UTC (16 months, 3 weeks ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base, pkgsrc-2022Q3
Changes since 1.45: +9 -8 lines
Diff to previous 1.45 (colored)

py-paramiko: updated to 2.11.0

2.11.0 2022-05-16
[Feature]: Add SSH config token expansion (eg %h, %p) when parsing ProxyJump directives. Patch courtesy of Bruno Inec.
[Support]: Apply unittest skipIf to tests currently using SHA1 in their critical path, to avoid failures on systems starting to disable SHA1 outright in their crypto backends (eg RHEL 9). Report & patch via Paul Howarth.
[Support]: Update camelCase method calls against the threading module to be snake_case; this and related tweaks should fix some deprecation warnings under Python 3.10. Thanks to Karthikeyan Singaravelan for the report, @Narendra-Neerukonda for the patch, and to Thomas Grainger and Jun Omae for patch workshopping.
[Support]: Recent versions of Cryptography have deprecated Blowfish algorithm support; in lieu of an easy method for users to remove it from the list of algorithms Paramiko tries to import and use, we„ŗ—◊e decided to remove it from our „ŗ◊—referred algorithms„ŗlist. This will both discourage use of a weak algorithm, and avoid warnings. Credit for report/patch goes to Mike Roest.

Revision 1.45 / (download) - annotate - [select for diffs], Thu May 5 17:59:35 2022 UTC (19 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored)

py-paramiko: updated to 2.10.4

2.10.4 2022-04-25

[Bug]: Servers offering certificate variants of hostkey algorithms (eg could not have their host keys verified by Paramiko clients, as it only ever considered non-cert key types for that part of connection handshaking. This has been fixed.
[Bug]: PKey instances„ŗ__eq__ did not have the usual safety guard in place to ensure they were being compared to another PKey object, causing occasional spurious BadHostKeyException (among other things). This has been fixed. Thanks to Shengdun Hua for the original report/patch and to Christopher Papke for the final version of the fix.
[Support]: Update camelCase method calls against the threading module to be snake_case; this and related tweaks should fix some deprecation warnings under Python 3.10. Thanks to Karthikeyan Singaravelan for the report, @Narendra-Neerukonda for the patch, and to Thomas Grainger and Jun Omae for patch workshopping.

Revision 1.44 / (download) - annotate - [select for diffs], Thu Apr 21 11:00:01 2022 UTC (19 months, 2 weeks ago) by wiz
Branch: MAIN
Changes since 1.43: +3 -3 lines
Diff to previous 1.43 (colored)

*: convert to versioned_dependencies for py-cryptography

Revision 1.43 / (download) - annotate - [select for diffs], Tue Jan 4 20:54:43 2022 UTC (23 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q1-base, pkgsrc-2022Q1
Changes since 1.42: +2 -1 lines
Diff to previous 1.42 (colored)

*: bump PKGREVISION for users

They now have a tool dependency on py-setuptools instead of a DEPENDS

Revision 1.42 / (download) - annotate - [select for diffs], Mon Nov 29 09:33:19 2021 UTC (2 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4
Changes since 1.41: +3 -3 lines
Diff to previous 1.41 (colored)

py-paramiko: updated to 2.8.1

2.8.1 2021-11-28
[Bug]: (also 908) Update PKey and subclasses to compare (__eq__) via direct field/attribute comparison instead of hashing (while retaining the existing behavior of __hash__ via a slight refactor). Big thanks to Josh Snyder and Jun Omae for the reports, and to Josh Snyder for reproduction details & patch.

This fixes a security flaw! If you are running Paramiko on 32-bit systems with low entropy (such as any 32-bit Python 2, or a 32-bit Python 3 which is running with PYTHONHASHSEED=0) it is possible for an attacker to craft a new keypair from an exfiltrated public key, which Paramiko would consider equal to the original key.

This could enable attacks such as, but not limited to, the following:

Paramiko server processes would incorrectly authenticate the attacker (using their generated private key) as if they were the victim. We see this as the most plausible attack using this flaw.
Paramiko client processes would incorrectly validate a connected server (when host key verification is enabled) while subjected to a man-in-the-middle attack. This impacts more users than the server-side version, but also carries higher requirements for the attacker, namely successful DNS poisoning or other MITM techniques.
[Bug] 1257: (also 1266) Update RSA and ECDSA key decoding subroutines to correctly catch exception types thrown by modern versions of Cryptography (specifically TypeError and its internal UnsupportedAlgorithm). These exception classes will now become SSHException instances instead of bubbling up. Thanks to Ignat Semenov for the report and @tylergarcianet for an early patch.
[Bug] 1024: Deleting items from HostKeys would incorrectly raise KeyError even for valid keys, due to a logic bug. This has been fixed. Report & patch credit: Jia Zhang.
[Bug] 985: (via 992) Fix listdir failure when server uses a locale. Now on Python 2.7 SFTPAttributes will decode abbreviated month names correctly rather than raise UnicodeDecodeError`. Patch courtesy of Martin Packman.

Revision 1.41 / (download) - annotate - [select for diffs], Mon Oct 11 09:34:52 2021 UTC (2 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored)

py-paramiko: updated to 2.8.0

2.8.0 2021-10-09
[Feature] Add a prefetch keyword argument to SFTPClient.get/SFTPClient.getfo so users who need to skip SFTP prefetching are able to conditionally turn it off. Thanks to Github user @h3ll0r for the PR.
[Bug] Newer server-side key exchange algorithms not intended to use SHA1 (diffie-hellman-group14-sha256, diffie-hellman-group16-sha512) were incorrectly using SHA1 after all, due to a bug causing them to ignore the hash_algo class attribute. This has been corrected. Big thanks to @miverson for the report and to Benno Rice for the patch.
[Support] Remove leading whitespace from OpenSSH RSA test suite static key fixture, to conform better to spec. Credit: Alex Gaynor.
[Support] Add missing test suite fixtures directory to, reinstating the ability to run Paramiko„ŗ—‘ tests from an sdist tarball. Thanks to Sandro Tosi for reporting the issue and to Blazej Michalik for the PR.
[Support]: Update our CI to catch issues with sdist generation, installation and testing.
[Support]: Administrivia overhaul, including but not limited to:
Migrate CI to CircleCI
Primary dev branch is now main (renamed)
Many README edits for clarity, modernization etc; including a bunch more (and consistent) status badges & unification with main project site index
PyPI page much more fleshed out (long_description is now filled in with the README; sidebar links expanded; etc)
flake8, pytest configs split out of setup.cfg into their own files
Invoke/invocations (used by maintainers/contributors) upgraded to modern versions

Revision 1.40 / (download) - annotate - [select for diffs], Tue Sep 8 17:43:12 2020 UTC (3 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)

py-paramiko: updated to 2.7.2

[Bug] Fix incorrectly swapped order of p and q numbers when loading OpenSSH-format RSA private keys. At minimum this should address a slowdown when using such keys, and it also means Paramiko works with Cryptography 3.1 and above (which complains strenuously when this problem appears). Thanks to Alex Gaynor for the patch.
[Bug]: Fix incorrect string formatting causing unhelpful error message annotation when using Kerberos/GSSAPI. (Thanks, newer version of flake8!)
[Support] Remove leading whitespace from OpenSSH RSA test suite static key fixture, to conform better to spec. Credit: Alex Gaynor.
[Support] Add missing test suite fixtures directory to, reinstating the ability to run Paramiko„ŗ—‘ tests from an sdist tarball. Thanks to Sandro Tosi for reporting the issue and to Blazej Michalik for the PR.
[Support]: Update our CI to catch issues with sdist generation, installation and testing.

Revision 1.39 / (download) - annotate - [select for diffs], Sun May 17 19:34:13 2020 UTC (3 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.38: +4 -2 lines
Diff to previous 1.38 (colored)

pytest from versioned depends

Revision 1.38 / (download) - annotate - [select for diffs], Sun Jan 26 17:32:07 2020 UTC (3 years, 10 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)

all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.

Revision 1.37 / (download) - annotate - [select for diffs], Wed Dec 11 10:43:53 2019 UTC (3 years, 11 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)

py-paramiko: updated to 2.7.1

[Bug] Fix a bug in support for ECDSA keys under the newly supported OpenSSH key format. Thanks to Pierce Lopez for the patch.
[Bug] The new-style private key format (added in 2.7) suffered from an unpadding bug which had been fixed earlier for Ed25519 (as that key type has always used the newer format). That fix has been refactored and applied to the base key class, courtesy of Pierce Lopez.

[Feature]: Add new convenience classmethod constructors to SSHConfig: from_text, from_file, and from_path. No more annoying two-step process!
[Feature] Implement most „ŗŌńanonical hostname„ŗssh_config functionality (CanonicalizeHostname, CanonicalDomains, CanonicalizeFallbackLocal, and CanonicalizeMaxDots; CanonicalizePermittedCNAMEs has not yet been implemented). All were previously silently ignored. Reported by Michael Leinartas.
[Feature] Implement support for the Match keyword in ssh_config files. Previously, this keyword was simply ignored & keywords inside such blocks were treated as if they were part of the previous block. Thanks to Michael Leinartas for the initial patchset.

This feature adds a new optional install dependency, Invoke, for managing Match exec subprocesses.

[Feature]: A couple of outright SSHConfig parse errors were previously represented as vanilla Exception instances; as part of recent feature work a more specific exception class, ConfigParseError, has been created. It is now also used in those older spots, which is naturally backwards compatible.
[Feature] Implement support for OpenSSH 6.5-style private key files (typically denoted as having BEGIN OPENSSH PRIVATE KEY headers instead of PEM format„ŗ—‘ BEGIN RSA PRIVATE KEY or similar). If you were getting any sort of weird auth error from „ŗ◊őodern„ŗkeys generated on newer operating system releases (such as macOS Mojave), this is the first update to try.

Major thanks to everyone who contributed or tested versions of the patch, including but not limited to: Kevin Abel, Michiel Tiller, Pierce Lopez, and Jared Hobbs.

[Bug]: Perform deduplication of IdentityFile contents during ssh_config parsing; previously, if your config would result in the same value being encountered more than once, IdentityFile would contain that many copies of the same string.
[Bug]: Paramiko„ŗ—‘ use of subprocess for ProxyCommand support is conditionally imported to prevent issues on limited interpreter platforms like Google Compute Engine. However, any resulting ImportError was lost instead of preserved for raising (in the rare cases where a user tried leveraging ProxyCommand in such an environment). This has been fixed.
[Bug]: ssh_config token expansion used a different method of determining the local username ($USER env var), compared to what the (much older) client connection code does (getpass.getuser, which includes $USER but may check other variables first, and is generally much more comprehensive). Both modules now use getpass.getuser.
[Support]: Explicitly document which ssh_config features we currently support. Previously users just had to guess, which is simply no good.
[Support]: Additional installation extras_require „ŗ◊«lavors„ŗ(ed25519, invoke, and all) have been added to our packaging metadata; see the install docs for details.

Revision 1.36 / (download) - annotate - [select for diffs], Tue Jul 2 04:31:13 2019 UTC (4 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.35: +4 -5 lines
Diff to previous 1.35 (colored)

py-paramiko: updated to 2.6.0

Add a new keyword argument to SSHClient.connect and Transport, disabled_algorithms, which allows selectively disabling one or more kex/key/cipher/etc algorithms. This can be useful when disabling algorithms your target server (or client) does not support cleanly, or to work around unpatched bugs in Paramiko„ŗ—‘ own implementation thereof.

SSHClient.exec_command previously returned a naive ChannelFile object for its stdin value; such objects don„ŗ—’ know to properly shut down the remote end„ŗ—‘ stdin when they .close(). This lead to issues (such as hangs) when running remote commands that read from stdin.

Add backwards-compatible support for the gssapi GSSAPI library, as the previous backend (python-gssapi) has since become defunct. This change also includes tests for the GSSAPI functionality.

Tweak many exception classes so their string representations are more human-friendly; this also includes incidental changes to some super() calls.

Revision 1.35 / (download) - annotate - [select for diffs], Mon Jun 10 08:42:57 2019 UTC (4 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.34: +3 -2 lines
Diff to previous 1.34 (colored)

py-paramiko: updated to 2.5.0

[Feature] Updated SSHConfig.lookup so it returns a new, type-casting-friendly dict subclass (SSHConfigDict) in lieu of dict literals. This ought to be backwards compatible, and allows an easier way to check boolean or int type ssh_config values.

[Feature] Add support for Curve25519 key exchange (aka

[Feature] Add support for encrypt-then-MAC (ETM) schemes (, and two newer Diffie-Hellman group key exchange algorithms (group14, using SHA256; and group16, using SHA512). Patch courtesy of Edgar Sousa.

[Support] Update our install docs with (somewhat) recently added additional dependencies; we previously only required Cryptography, but the docs never got updated after we incurred bcrypt and pynacl requirements for Ed25519 key support.

Additionally, pyasn1 was never actually hard-required; it was necessary during a development branch, and is used by the optional GSSAPI support, but is not required for regular installation. Thus, it has been removed from our and its imports in the GSSAPI code made optional.

[Support] Add *.pub files to the MANIFEST so distributed source packages contain some necessary test assets. Credit: Alexander Kapshuna.

[Support] Add support for the modern (as of Python 3.3) import location of MutableMapping (used in host key management) to avoid the old location becoming deprecated in Python 3.8.
[Support] Raise Cryptography dependency requirement to version 2.5 (from 1.5) and update some deprecated uses of its API.

Revision 1.34 / (download) - annotate - [select for diffs], Fri Sep 21 11:04:16 2018 UTC (5 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)

py-paramiko: updated to 2.4.2

Fix exploit (CVE pending) in Paramiko„ŗ—‘ server mode (not client mode) where hostile clients could trick the server into thinking they were authenticated without actually submitting valid authentication.

Specifically, steps have been taken to start separating client and server related message types in the message handling tables within Transport and AuthHandler; this work is not complete but enough has been performed to close off this particular exploit (which was the only obvious such exploit for this particular channel).

Modify protocol message handling such that Transport does not respond to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED. This behavior probably didn„ŗ—’ cause any outright errors, but it doesn„ŗ—’ seem to conform to the RFCs and could cause (non-infinite) feedback loops in some scenarios (usually those involving Paramiko on both ends).
Add *.pub files to the MANIFEST so distributed source packages contain some necessary test assets. Credit: Alexander Kapshuna.
Backport pytest support and application of the black code formatter (both of which previously only existed in the 2.4 branch and above) to everything 2.0 and newer. This makes back/forward porting bugfixes significantly easier.
Backport changes from 979 (added in Paramiko 2.3) to Paramiko 2.0-2.2, using duck-typing to preserve backwards compatibility. This allows these older versions to use newer Cryptography sign/verify APIs when available, without requiring them (as is the case with Paramiko 2.3+).

Revision 1.33 / (download) - annotate - [select for diffs], Thu Sep 6 13:28:00 2018 UTC (5 years, 3 months ago) by adam
Branch: MAIN
Changes since 1.32: +3 -3 lines
Diff to previous 1.32 (colored)


Revision 1.32 / (download) - annotate - [select for diffs], Tue Mar 13 18:35:29 2018 UTC (5 years, 8 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)

py-paramiko: updated to 2.4.1

[Bug] Ed25519 auth key decryption raised an unexpected exception when given a unicode password string (typical in python 3). Report by Theodor van Nahl and fix by Pierce Lopez.
[Bug] Add newer key classes for Ed25519 and ECDSA to paramiko.__all__ so that code introspecting that attribute, or using from paramiko import * (such as some IDEs) sees them. Thanks to @patriksevallius for the patch.
[Bug] Fix a security flaw (CVE-2018-7750) in Paramiko„ŗ—‘ server mode (emphasis on server mode; this does not impact client use!) where authentication status was not checked before processing channel-open and other requests typically only sent after authenticating. Big thanks to Matthijs Kooijman for the report.

Revision 1.31 / (download) - annotate - [select for diffs], Wed Nov 15 09:24:14 2017 UTC (6 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4
Changes since 1.30: +5 -3 lines
Diff to previous 1.30 (colored)

py-paramiko: updated to 2.4.0


[Feature]: Add a new passphrase kwarg to SSHClient.connect so users may disambiguate key-decryption passphrases from password-auth passwords. (This is a backwards compatible change; password will still pull double duty as a passphrase when passphrase is not given.)
[Support]: Drop Python 2.6 and Python 3.3 support; now only 2.7 and 3.4+ are supported. If you„ŗ—”e unable to upgrade from 2.6 or 3.3, please stick to the Paramiko 2.3.x (or below) release lines.
[Support]: Include LICENSE file in wheel archives.
[Support]: Updated the test suite & related docs/metadata/config to be compatible with pytest instead of using the old, custom, crufty unittest-based

This includes marking known-slow tests (mostly the SFTP ones) so they can be filtered out by inv test„ŗŌ‘ default behavior; as well as other minor tweaks to test collection and/or display (for example, GSSAPI tests are collected, but skipped, instead of not even being collected by default as in

[Support]: Update tearDown of client test suite to avoid hangs due to eternally blocking accept() calls on the internal server thread (which can occur when test code raises an exception before actually connecting to the server.)

Revision 1.30 / (download) - annotate - [select for diffs], Wed Oct 25 06:38:53 2017 UTC (6 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)


Revision 1.29 / (download) - annotate - [select for diffs], Thu Oct 12 12:42:26 2017 UTC (6 years, 1 month ago) by adam
Branch: MAIN
Changes since 1.28: +16 -18 lines
Diff to previous 1.28 (colored)

py-paramiko: update to 2.3.1

[Bug] 1071: Certificate support broke the no-certificate case for Ed25519 keys (symptom is an AttributeError about public_blob.) This went uncaught due to cert autoload behavior (i.e. our test suite never actually ran the no-cert case, because the cert existed!) Both issues have been fixed. Thanks to John Hu for the report.

Revision 1.28 / (download) - annotate - [select for diffs], Fri May 19 14:47:10 2017 UTC (6 years, 6 months ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)

Upgrade py-paramiko from 1.15.3 to 1.18.2.

Pkgsrc changes:
Adapt PLIST.

Upstream changes:

1.18.2 2017-02-20
  [Bug] #895: Fix a bug in server-mode concerning multiple interactive
     auth steps (which were incorrectly responded to). Thanks to Dennis
     Kaarsemaker for catch & patch.
  [Bug] #713: (via #714 and #889) Don't pass initialization vectors
     to PyCrypto when dealing with counter-mode ciphers; newer PyCrypto
     versions throw an exception otherwise (older ones simply ignored
     this parameter altogether). Thanks to @jmh045000 for report &
  [Bug] #44: (via #891) SSHClient now gives its internal Transport
     a handle on itself, preventing garbage collection of the client
     until the session is closed. Without this, some code which returns
     stream or transport objects without the client that generated
     them, would result in premature session closure when the client
     was GCd. Credit: @w31rd0 for original report, Omer Anson for the
  [Bug] #862: (via #863) Avoid test suite exceptions on platforms
    lacking errno.ETIME (which seems to be some FreeBSD and some
    Windows environments.) Thanks to Sofian Brabez.
  [Bug] #853: Tweak how RSAKey.__str__ behaves so it doesn't
    cause TypeError under Python 3. Thanks to Francisco Couzo for
    the report.
  [Support] #866: (also #838) Remove an old test-related file we
    don't support, and add PyPy to Travis-CI config. Thanks to
    Pierce Lopez for the final patch and Pedro Rodrigues for an
    earlier edition.

1.18.1 2016-12-12
  [Bug] #859: (via #860) A tweak to the original patch implementing
    #398 was not fully applied, causing calls to invoke_shell to
    fail with AttributeError. This has been fixed. Patch credit:
    Kirk Byers.

1.18.0 2016-12-09
  [Feature] #398: Add an environment dict argument to
    Client.exec_command (plus the lower level Channel.update_environment
    and Channel.set_environment_variable methods) which implements
    the env SSH message type. This means the remote shell environment
    can be set without the use of VARNAME=value shell tricks,
    provided the server's AcceptEnv lists the variables you need
    to set. Thanks to Philip Lorenz for the pull request.
  [Feature] #780: (also #779, and may help users affected by
    #520) Add an optional timeout parameter to Transport.start_client
    (and feed it the value of the configured connection timeout
    when used within SSHClient.) This helps prevent situations
    where network connectivity isn't timing out, but the remote
    server is otherwise unable to service the connection in a timely
    manner. Credit to @sanseihappa.
  [Support] #819: Document how lacking gmp headers at install
    time can cause a significant performance hit if you build
    PyCrypto from source. (Most system-distributed packages already
    have this enabled.)
  [Support] #854: Fix incorrect docstring/param-list for
    Transport.auth_gssapi_keyex so it matches the real signature.
    Caught by @Score_Under.
  [Support] #792: Minor updates to the README and demos; thanks to Alan Yee.
  [Support] #801: Skip a Unix-only test when on Windows; thanks to Gabi Davar.

For pre-1.18.0 changes, see

Revision 1.27 / (download) - annotate - [select for diffs], Wed Jun 8 17:43:38 2016 UTC (7 years, 6 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)


Revision 1.26 / (download) - annotate - [select for diffs], Wed May 18 12:43:00 2016 UTC (7 years, 6 months ago) by he
Branch: MAIN
Changes since 1.25: +1 -2 lines
Diff to previous 1.25 (colored)

Undo previous, contaminated testing environment, py-cryptography isn't
needed after all.

Revision 1.25 / (download) - annotate - [select for diffs], Wed May 18 12:01:53 2016 UTC (7 years, 6 months ago) by he
Branch: MAIN
Changes since 1.24: +2 -1 lines
Diff to previous 1.24 (colored)

Add missing dependency on py-cryptography.  Without this, usage fails
with "ImportError: No module named cryptography.hazmat.backends" from

Revision 1.24 / (download) - annotate - [select for diffs], Sat Oct 3 22:54:17 2015 UTC (8 years, 2 months ago) by rodent
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.23: +2 -4 lines
Diff to previous 1.23 (colored)

Update to 1.15.3. Mostly, the point of this update is to clarify that paramiko
is not, from what I can tell by building and using (also from the repo),
broken under py3x. Therefore, dependencies marked as broken under py3x due to
paramiko will be unmarked (unless they are broken for lack of py3x support).

From sites/www/changelog.rst:

:support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch.

:support:`516 backported` Document ~paramiko.agent.AgentRequestHandler. Thanks to @toejough for report & suggestions.

:bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI support (note: this includes switching from PyCrypo's Random to os.urandom). Thanks to Anselm Kruis for catch & patch.

:bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout functionality to address hangs from dropped network connections and/or failed handshakes. Credit to @vazir and @dacut for the original patches and to Olle Lundberg for reimplementation.

:bug:`490` Skip invalid/unparseable lines in known_hosts files, instead of raising ~paramiko.ssh_exception.SSHException. This brings Paramiko's behavior more in line with OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin Topholm.

:bug:`404` Print details when displaying ~paramiko.ssh_exception.BadHostKeyException objects (expected vs received data) instead of just "hey shit broke". Patch credit: Loic Dachary.

:bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a typo introduced in the 1.15 release which broke WinPageant support. Thanks to everyone who submitted patches, and to Steve Cohen who was the lucky winner of the cherry-pick lottery.

:bug:`353` (via :issue:`482`) Fix a bug introduced in the Python 3 port which caused OverFlowError (and other symptoms) in SFTP functionality. Thanks to @dboreham for leading the troubleshooting charge, and to Scott Maxwell for the final patch.

:support:`582` Fix some old related helper code which was breaking bdist_dumb on Mac OS X. Thanks to Peter Odding for the patch.

:bug:`22 major` Try harder to connect to multiple network families (e.g. IPv4 vs IPv6) in case of connection issues; this helps with problems such as hosts which resolve both IPv4 and IPv6 addresses but are only listening on IPv4. Thanks to Dries Desmet for original report and Torsten Landschoff for the foundational patchset.

:bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless TypeError with a human-readable ~paramiko.ssh_exception.AuthenticationException. Credit to Ken Jordan for the fix and Yvan Marques for original report.

Revision 1.23 / (download) - annotate - [select for diffs], Mon Jan 5 13:18:28 2015 UTC (8 years, 11 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.22: +3 -3 lines
Diff to previous 1.22 (colored)

update to 0.15.2
There is no useful changelog, but it makes the client work again a recent
OpenSSH server (6.7p1-hpn14v5) again. Tested with "duplicity".

Revision 1.22 / (download) - annotate - [select for diffs], Thu Jun 12 00:43:28 2014 UTC (9 years, 5 months ago) by gls
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)

Update security/py-paramiko to 1.14.0

Upstream changes:

:release:`1.14.0 <2014-05-07>`

:bug:`-` incorrectly returned text
 strings after the Python 3 migration, despite bytes being more
 appropriate for file contents
(which may be binary or of an unknown encoding.) This has been addressed.

paramiko.file.BufferedFile.readline continues to return strings,
 not bytes, as "lines" only make sense for textual data.
 It assumes UTF-8 by default.

This should fix this issue raised on the Obnam mailing list.
 Thanks to Antoine Brenner for the patch.

:bug:`-` Added self.args for exception classes. Used for unpickling.
 Related to (Fabric #986, Fabric #714). Thanks to Alex Plugaru.

:bug:`-` Fix logging error in sftp_client for filenames containing
 the '%' character. Thanks to Antoine Brenner.

:bug:`308` Fix regression in that caused sporadic
 signature verification failures. Thanks to Chris Rose.

:support:`299` Use deterministic signatures for ECDSA keys for
 improved security. Thanks to Alex Gaynor.

:support:`297` Replace PyCrypto's Random with os.urandom for
 improved speed and security. Thanks again to Alex.

:support:`295` Swap out a bunch of PyCrypto hash functions with use of
 hashlib. Thanks to Alex Gaynor.

:support:`290` (also :issue:`292`) Add support for building universal
 (Python 2+3 compatible) wheel files during the release process.
 Courtesy of Alex Gaynor.

:support:`284` Add Python language trove identifiers to
 Thanks to Alex Gaynor for catch & patch.

:bug:`235` Improve string type testing in a handful of spots
 (e.g. s/if type(x) is str/if isinstance(x, basestring)/g.)
 Thanks to @ksamuel for the report.

:release:`1.13.0 <2014-03-13>`

:feature:`16` Python 3 support! Our test suite passes under Python 3,
 and it (& Fabric's test suite) continues to pass under Python 2.
 Python 2.5 is no longer supported with this change!

The merged code was built on many contributors' efforts, both code &
 feedback. In no particular order, we thank Daniel Goertzen, Ivan
 Kolodyazhny, Tomi Pieviläinen, Jason R. Coombs, Jan N. Schulze,
 @Lazik, Dorian Pula, Scott Maxwell, Tshepang Lekhonkhobe, Aaron Meurer,
 and Dave Halter.

:support:`256 backported` Convert API documentation to Sphinx, yielding
 a new API docs website to replace the old Epydoc one.
 Thanks to Olle Lundberg for the initial conversion work.

:bug:`-` Use constant-time hash comparison operations where possible,
to protect against timing-based attacks. Thanks to Alex Gaynor for the patch.

:release:`1.12.2 <2014-02-14>`

:feature:`58` Allow client code to access the stored SSH server banner via
 Transport.get_banner <paramiko.transport.Transport.get_banner>.
 Thanks to @Jhoanor for the patch.

:bug:`252` (Fabric #1020) Enhanced the implementation of ProxyCommand to
 avoid a deadlock/hang condition that frequently occurs at Transport
 shutdown time. Thanks to Mateusz Kobos, Matthijs van der Vleuten and
 Guillaume Zitta for the original reports and to Marius Gedminas for
 helping test nontrivial use cases.

:bug:`268` Fix some missed renames of ProxyCommand related error classes.
 Thanks to Marius Gedminas for catch & patch.

:bug:`34` (PR :issue:`35`) Fix SFTP prefetching incompatibility with some
 SFTP servers regarding request/response ordering.
 Thanks to Richard Kettlewell.

:bug:`193` (and its attentant PRs :issue:`230` & :issue:`253`) Fix SSH
 agent problems present on Windows. Thanks to David Hobbs for initial
 report and to Aarni Koskela & Olle Lundberg for the patches.

:release:`1.12.1 <2014-01-08>`

:bug:`225 (1.12+)` Note ecdsa requirement in README. Thanks to Amaury
 Rodriguez for the catch.

:bug:`176` Fix AttributeError bugs in known_hosts file (re)loading.
 Thanks to Nathan Scowcroft for the patch & Martin Blumenstingl for the
 initial test case.

Revision 1.21 / (download) - annotate - [select for diffs], Fri May 9 07:37:18 2014 UTC (9 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)

Mark packages that are not ready for python-3.3 also not ready for 3.4,
until proven otherwise.

Revision 1.20 / (download) - annotate - [select for diffs], Mon Jan 27 18:41:14 2014 UTC (9 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.19: +1 -2 lines
Diff to previous 1.19 (colored)

Do not set FETCH_USING, should not be set in a package Makefile.

Revision 1.19 / (download) - annotate - [select for diffs], Sat Jan 25 10:30:20 2014 UTC (9 years, 10 months ago) by wiz
Branch: MAIN
Changes since 1.18: +3 -1 lines
Diff to previous 1.18 (colored)

Mark packages as not ready for python-3.x where applicable;
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE=  33 # not yet ported as of x.y.z
respectively, please use the same style for other packages,
and check during updates.

Use where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.

Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.

Whitespace cleanups and other nits corrected, where necessary.

Revision 1.18 / (download) - annotate - [select for diffs], Sun Oct 20 17:02:02 2013 UTC (10 years, 1 month ago) by gls
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.17: +4 -2 lines
Diff to previous 1.17 (colored)

Update security/py-paramiko to 1.12.0

pkgsrc changes:
- Depends on security/py-ecdsa
- FETCH_USING=curl to deal with PyPi's htpps only website.

upstream changes:
v1.12.0 (27th Sep 2013)

* #152: Add tentative support for ECDSA keys. *This adds the ecdsa
  module as a new dependency of Paramiko.* The module is available at
  [warner/python-ecdsa on Github]( and
  [ecdsa on PyPI](
    * Note that you might still run into problems with key negotiation --
      Paramiko picks the first key that the server offers, which might not be
      what you have in your known_hosts file.
    * Mega thanks to Ethan Glasser-Camp for the patch.
* #136: Add server-side support for the SSH protocol's 'env' command. Thanks to
  Benjamin Pollack for the patch.

v1.11.2 (27th Sep 2013)

* #156: Fix potential deadlock condition when using Channel objects as sockets
  (e.g. when using SSH gatewaying). Thanks to Steven Noonan and Frank Arnold
  for catch & patch.
* #179: Fix a missing variable causing errors when an ssh_config file has a
  non-default AddressFamily set. Thanks to Ed Marshall & Tomaz Muraus for catch
  & patch.
* #200: Fix an exception-causing typo in ``. Thanks to Alex
  Buchanan for catch & Dave Foster for patch.
* #199: Typo fix in the license header cross-project. Thanks to Armin Ronacher
  for catch & patch.

v1.12.0 (27th Sep 2013)

* #152: Add tentative support for ECDSA keys. *This adds the ecdsa
  module as a new dependency of Paramiko.* The module is available at
  [warner/python-ecdsa on Github]( and
  [ecdsa on PyPI](
    * Note that you might still run into problems with key negotiation --
      Paramiko picks the first key that the server offers, which might not be
      what you have in your known_hosts file.
    * Mega thanks to Ethan Glasser-Camp for the patch.
* #136: Add server-side support for the SSH protocol's 'env' command. Thanks to
  Benjamin Pollack for the patch.

v1.11.2 (27th Sep 2013)

* #156: Fix potential deadlock condition when using Channel objects as sockets
  (e.g. when using SSH gatewaying). Thanks to Steven Noonan and Frank Arnold
  for catch & patch.
* #179: Fix a missing variable causing errors when an ssh_config file has a
  non-default AddressFamily set. Thanks to Ed Marshall & Tomaz Muraus for catch
  & patch.
* #200: Fix an exception-causing typo in ``. Thanks to Alex
  Buchanan for catch & Dave Foster for patch.
* #199: Typo fix in the license header cross-project. Thanks to Armin Ronacher
  for catch & patch.

Revision 1.17 / (download) - annotate - [select for diffs], Tue Aug 6 20:12:18 2013 UTC (10 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.16: +1 -3 lines
Diff to previous 1.16 (colored)

Remove FETCH_USING=curl after putting distfile on nbftp.

Revision 1.16 / (download) - annotate - [select for diffs], Tue Aug 6 18:11:28 2013 UTC (10 years, 4 months ago) by gls
Branch: MAIN
Changes since 1.15: +4 -3 lines
Diff to previous 1.15 (colored)

Update security/py-paramiko to 1.11.0

pkgsrc changes:
FETCH_USING= curl, as PyPi moved to https.

Upstream changes:

v1.11.0 (26th Jul 2013)

* #98: On Windows, when interacting with the PuTTY PAgeant, Paramiko now
  creates the shared memory map with explicit Security Attributes of the user,
  which is the same technique employed by the canonical PuTTY library to avoid
  permissions issues when Paramiko is running under a different UAC context
  than the PuTTY Ageant process. Thanks to Jason R. Coombs for the patch.
* #100: Remove use of PyWin32 in `win_pageant` module. Module was already
  dependent on ctypes for constructing appropriate structures and had ctypes
  implementations of all functionality. Thanks to Jason R. Coombs for the
* #87: Ensure updates to `known_hosts` files account for any updates to said
  files after Paramiko initially read them. (Includes related fix to guard
  against duplicate entries during subsequent `known_hosts` loads.) Thanks to
  `@sunweaver` for the contribution.

v1.10.2 (26th Jul 2013)

* #153, #67: Warn on parse failure when reading known_hosts file. Thanks to
  `@glasserc` for patch.
* #146: Indentation fixes for readability. Thanks to Abhinav Upadhyay for catch
  & patch.

Revision 1.15 / (download) - annotate - [select for diffs], Thu Apr 11 16:28:50 2013 UTC (10 years, 7 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

update to 1.10.1
changes: minor fixes

Revision 1.14 / (download) - annotate - [select for diffs], Sat Mar 9 15:46:57 2013 UTC (10 years, 9 months ago) by gdt
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1
Changes since 1.13: +3 -3 lines
Diff to previous 1.13 (colored)

Update to 1.10.0.

Upstream appears to have no changelog or NEWS; the included README is
about changes in 1.8.0.  Browsing github makes this look like minor
features and bugfixes.

Revision 1.13 / (download) - annotate - [select for diffs], Tue Nov 27 22:13:32 2012 UTC (11 years ago) by gls
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)

Update security/py-paramiko to 1.9.0.

Fix a tyop in DESCR.

Upstream changes:

v1.9.0 (6th Nov 2012)

* #97 (with a little #93): Improve config parsing of `ProxyCommand` directives
  and provide a wrapper class to allow subprocess-driven proxy commands to be
  used as `sock=` arguments for `SSHClient.connect`.
* #77: Allow `SSHClient.connect()` to take an explicit `sock` parameter
  overriding creation of an internal, implicit socket object.
* Thanks in no particular order to Erwin Bolwidt, Oskari Saarenmaa, Steven
  Noonan, Vladimir Lazarenko, Lincoln de Sousa, Valentino Volonghi, Olle
  Lundberg, and Github user `@acrish` for the various and sundry patches
  leading to the above changes.

v1.8.1 (6th Nov 2012)

* #90: Ensure that callbacks handed to `SFTPClient.get()` always fire at least
  once, even for zero-length files downloaded. Thanks to Github user `@enB` for
  the catch.
* #85: Paramiko's test suite overrides
  `unittest.TestCase.assertTrue/assertFalse` to provide these modern assertions
  to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7,
  this now causes deprecation warnings. The overrides have been patched to only
  execute when necessary. Thanks to `@Arfrever` for catch & patch.

v1.8.0 (3rd Oct 2012)

* #17 ('ssh' 28): Fix spurious `NoneType has no attribute 'error'` and similar
  exceptions that crop up on interpreter exit.
* 'ssh' 32: Raise a more useful error explaining which `known_hosts` key line was
  problematic, when encountering `binascii` issues decoding known host keys.
  Thanks to `@thomasvs` for catch & patch.
* 'ssh' 33: Bring `ssh_config` parsing more in line with OpenSSH spec, re: order of
  setting overrides by `Host` specifiers. Specifically, the overrides now go by
  file order instead of automatically sorting by `Host` value length. In
  addition, the first value found per config key (e.g. `Port`, `User` etc)
  wins, instead of the last. Thanks to Jan Brauer for the contribution.
* 'ssh' 36: Support new server two-factor authentication option
  (`RequiredAuthentications2`), at least re: combining key-based & password
  auth. Thanks to Github user `bninja`.
* 'ssh' 11: When raising an exception for hosts not listed in
  `known_hosts` (when `RejectPolicy` is in effect) the exception message was
  confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for
  highlighting the issue.
* 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk.
* 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the
  implementation of `ssh_config(5)`. Thanks to Olle Lundberg for the patch.
* 'ssh' 24: Switch some internal type checking to use `isinstance` to help prevent
  problems with client libraries using subclasses of builtin types. Thanks to
  Alex Morega for the patch.
* Fabric #562: Agent forwarding would error out (with `Authentication response
  too long`) or freeze, when more than one remote connection to the local agent
  was active at the same time. This has been fixed. Thanks to Steven McDonald
  for assisting in troubleshooting/patching, and to GitHub user `@lynxis` for
  providing the final version of the patch.
* 'ssh' 5: Moved a `fcntl` import closer to where it's used to help avoid
  `ImportError` problems on Windows platforms. Thanks to Jason Coombs for the
  catch + suggested fix.
* 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit
  Windows. Thanks again to Jason Coombs for the patch.
* Added an IO loop sleep() call to avoid needless CPU usage when agent
  forwarding is in use.
* Handful of internal tweaks to version number storage.
* Updated `` with `==dev` install URL for `pip` users.
* Updated `` to account for packaging problems in PyCrypto 2.4.0
* Added an extra `atfork()` call to help prevent spurious RNG errors when
  running under high parallel (multiprocess) load.
* Merge PR #28: which adds a
  ssh-keygen like demo module. (Sofian Brabez)

v1.7.7.2 16may12
  * Merge pull request #63: which
    fixes exceptions that occur when re-keying over fast connections. (Dwayne

Revision 1.12 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:54 2012 UTC (11 years, 1 month ago) by asau
Branch: MAIN
Changes since 1.11: +1 -3 lines
Diff to previous 1.11 (colored)

Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.11 / (download) - annotate - [select for diffs], Fri Jul 22 14:03:30 2011 UTC (12 years, 4 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3
Changes since 1.10: +4 -7 lines
Diff to previous 1.10 (colored)

Update py-paramiko to
various bug fixes; requires pycrypto 2.1. or newer

Revision 1.10 / (download) - annotate - [select for diffs], Tue Apr 5 08:36:41 2011 UTC (12 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)

Fix PKGREVISION variable name. From Robert Elz.

Revision 1.9 / (download) - annotate - [select for diffs], Mon Dec 6 22:22:08 2010 UTC (13 years ago) by gls
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4
Changes since 1.8: +6 -4 lines
Diff to previous 1.8 (colored)

Direct MASTER_SITES to, as the original MASTER_SITE doesn't host the
distfile anymore. Add DIST_SUBDIR to force re-download of the tarball, which
content has been modified.

While here, switch DEPENDS to py-crypto instead of py-amkCrypto.


Revision 1.8 / (download) - annotate - [select for diffs], Wed Jun 2 18:31:41 2010 UTC (13 years, 6 months ago) by gls
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2
Changes since 1.7: +7 -6 lines
Diff to previous 1.7 (colored)

This is a Python egg.
Don't hardwire paths in PLIST.

As noted by Ryo HAYASAKA in PR/43405.

Revision 1.7 / (download) - annotate - [select for diffs], Mon May 31 20:30:31 2010 UTC (13 years, 6 months ago) by gls
Branch: MAIN
Changes since 1.6: +5 -2 lines
Diff to previous 1.6 (colored)

Update security/py-paramiko to 1.7.6.
pkgsrc changes:
- patches/patch-aa no longer required

ARC4 & CTR support, IP6 support, and various bug fixes (incl. an important
Windows random number generation fix)

Revision 1.6 / (download) - annotate - [select for diffs], Thu Jun 12 02:14:45 2008 UTC (15 years, 5 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Changes since 1.5: +3 -1 lines
Diff to previous 1.5 (colored)

Add DESTDIR support.

Revision 1.5 / (download) - annotate - [select for diffs], Thu May 15 18:27:43 2008 UTC (15 years, 6 months ago) by drochner
Branch: MAIN
Changes since 1.4: +5 -2 lines
Diff to previous 1.4 (colored)

update to 1.7.3
-direct-tcpip support
-bug fixes

pkgsrc change: disable use of Python setuptools
	(gives unpredictable results)

Revision 1.4 / (download) - annotate - [select for diffs], Fri Apr 25 20:39:12 2008 UTC (15 years, 7 months ago) by joerg
Branch: MAIN
Changes since 1.3: +1 -2 lines
Diff to previous 1.3 (colored)

- assume that Python 2.4 and 2.5 are compatible and allow checking for
- remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+
default. Modify the others to deal with the removals.

Revision 1.3 / (download) - annotate - [select for diffs], Fri Dec 14 13:35:04 2007 UTC (15 years, 11 months ago) by bjs
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)

Update to version 1.7.1.


Update to version 1.7.1.  Changes:

v1.7.1 (Amy) 10jun07
  * windows SSH agent support can use the 'ctypes' module now if 'win32all' is
    not available [patch from alexander belchenko]
  * SFTPClient.listdir_attr() now preserves the 'longname' field [patch from
    wesley augur]
  * SFTPClient.get_channel() API added
  * SSHClient constuctor takes an optional 'timeout' parameter [patch from
    james bardin]

v1.7 (zubat) 18feb07
  * added x11 channel support (patch from david guerizec)
  * added reverse port forwarding support
  * (bug 75370) raise an exception when contacting a broken SFTP server
  * (bug 80295) SSHClient shouldn't expand the user directory twice when reading
    RSA/DSS keys
  * (bug 82383) typo in DSS key in SSHClient
  * (bug 83523) python 2.5 warning when encoding a file's modification time
  * if connecting to an SSH agent fails, silently fallback instead of raising
    an exception

v1.6.4 (yanma) 19nov06
  * fix on osx (oops!)
  * (bug 69330) check for the existence of RSA/DSA keys before trying to open
    them in SFTPClient
  * (bug 69222) catch EAGAIN in socket code to workaround a bug in recent
    Linux 2.6 kernels
  * (bug 70398) improve dict emulation in HostKeys objects
  * try harder to make sure all worker threads are joined on Transport.close()

v1.6.3 (xatu) 14oct06
  * fixed bug where HostKeys.__setitem__ wouldn't always do the right thing
  * fixed bug in SFTPClient.chdir and SFTPAttributes.__str__ [patch from
    mike barber]
  * try harder not to raise EOFError from within SFTPClient
  * fixed bug where a thread waiting in accept() could block forever if the
    transport dies [patch from mike looijmans]

v1.6.2 (weedle) 16aug06
  * added support for "old" group-exchange server mode, for compatibility
    with the windows putty client
  * fixed some more interactions with SFTP file readv() and prefetch()
  * when saving the known_hosts file, preserve the original order [patch from
    warren young]
  * fix a couple of broken lines when exporting classes (bug 55946)

v1.6.1 (vulpix) 10jul06
  * more unit tests fixed for windows/cygwin (thanks to alexander belchenko)
  * a couple of fixes related to exceptions leaking out of SFTPClient
  * added ability to set items in HostKeys via __setitem__
  * HostKeys now retains order and has a save() method
  * added PKey.write_private_key and PKey.from_private_key

v1.6 (umbreon) 10may06
  * pageant support on Windows thanks to john arbash meinel and todd whiteman
  * fixed unit tests to work under windows and cygwin (thanks to alexander
    belchenko for debugging)
  * various bugfixes/tweaks to SFTP file prefetch
  * added SSHClient for a higher-level API
  * SFTP readv() now yields results as it gets them
  * several APIs changed to throw an exception instead of "False" on failure

Revision 1.2 / (download) - annotate - [select for diffs], Tue Jul 11 00:21:17 2006 UTC (17 years, 5 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2007Q3-base, pkgsrc-2007Q3, pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1, pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)

The yield syntax used in one of the modules is not supported by
Python 2.2, so mark it as 2.3+ only.

Revision / (download) - annotate - [select for diffs] (vendor branch), Tue Jul 4 15:35:54 2006 UTC (17 years, 5 months ago) by drochner
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

add py-paramiko-1.6, a python extension implementing the ssh2 protocol

Revision 1.1 / (download) - annotate - [select for diffs], Tue Jul 4 15:35:54 2006 UTC (17 years, 5 months ago) by drochner
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

CVSweb <>