-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-516633d461 2022-05-26 01:33:55.873835 --------------------------------------------------------------------------------
Name : python-paramiko Product : Fedora 35 Version : 2.11.0 Release : 1.fc35 URL : https://github.com/paramiko/paramiko Summary : SSH2 protocol library for python Description :
Paramiko (a combination of the Esperanto words for "paranoid" and "friend") is a module for python 2.3 or greater that implements the SSH2 protocol for secure (encrypted and authenticated) connections to remote machines. Unlike SSL (aka TLS), the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. You may know SSH2 as the protocol that replaced telnet and rsh for secure access to remote shells, but the protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel (this is how sftp works, for example).
-------------------------------------------------------------------------------- Update Information:
This update includes fixes for better compatibility with OpenSSH and removes the deprecated Blowfish algorithm from the "preferred algorithms" list. -------------------------------------------------------------------------------- ChangeLog:
* Tue May 17 2022 Paul Howarth paul@city-fan.org - 2.11.0-1 - Update to 2.11.0 - Align signature verification algorithm with OpenSSH re: zero-padding signatures that don't match their nominal size/length; this shouldn't affect most users, but will help Paramiko-implemented SSH servers handle poorly behaved clients such as PuTTY (GH#1933) - OpenSSH 7.7 and older has a bug preventing it from understanding how to perform SHA2 signature verification for RSA certificates (specifically certs - not keys), so when we added SHA2 support it broke all clients using RSA certificates with these servers; this has been fixed in a manner similar to what OpenSSH's own client does - a version check is performed and the algorithm used is downgraded if needed (GH#2017) - Recent versions of Cryptography have deprecated Blowfish algorithm support; in lieu of an easy method for users to remove it from the list of algorithms Paramiko tries to import and use, we've decided to remove it from our "preferred algorithms" list, which will both discourage use of a weak algorithm, and avoid warnings (GH#2038, GH#2039) - Windows-native SSH agent support as merged in 2.10 could encounter 'Errno 22' 'OSError' exceptions in some scenarios (e.g. server not cleanly closing a relevant named pipe); this has been worked around and should be less problematic (GH#2008, GH#2010) - Add SSH config token expansion (eg '%h', '%p') when parsing 'ProxyJump' directives (GH#1951) - Apply unittest 'skipIf' to tests currently using SHA1 in their critical path, to avoid failures on systems starting to disable SHA1 outright in their crypto backends (e.g. RHEL 9) (GH#2004, GH#2011) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2087206 - python-paramiko-2.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2087206 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-516633d461' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org