Revisions of python-paramiko

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1225317 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 64)
- reenable python 313 build

- Update to 3.5.0:
  * [Feature] #982: (via #2444, which was a rebase of #2157)
    Add support for AES-GCM encryption ciphers (128 and 256 bit variants).
    Thanks to Alex Gaynor for the report (& for cryptography review),
    Shen Cheng for the original PR, and Chris Mason for the updated PR;
    plus as usual to everyone who tested the patches and reported their results!
    This functionality has been tested in client mode against OpenSSH 9.0, 9.2,
    and 9.6, as well as against a number of proprietary appliance SSH servers.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1173814 from Steve Kowalik's avatar Steve Kowalik (StevenK) (revision 62)
- Add patch support-pytest-8.patch:
  * Use non-deprecated setup method to support pytest >= 8.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1134140 from Steve Kowalik's avatar Steve Kowalik (StevenK) (revision 61)
- Update to 3.4.0: (CVE-2023-48795, bsc#1218168)
  * Transport grew a new packetizer_class kwarg for overriding the
    packet-handler class used internally.
  * Address CVE 2023-48795 (aka the "Terrapin Attack", a vulnerability found
    in the SSH protocol re: treatment of packet sequence numbers) as follows:
    + The vulnerability only impacts encrypt-then-MAC digest algorithms in
      tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko
      currently only implements hmac-sha2-(256|512)-etm in tandem with
      AES-CBC.
    + As the fix for the vulnerability requires both ends of the connection
      to cooperate, the below changes will only take effect when the remote
      end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode,
      as of this patch version) and configured to use the new
      "strict kex" mode.
    + Paramiko will now raise an SSHException subclass (MessageOrderError)
      when protocol messages are received in unexpected order. This includes
      situations like receiving MSG_DEBUG or MSG_IGNORE during initial key
      exchange, which are no longer allowed during strict mode.
    + Key (re)negotiation -- i.e. MSG_NEWKEYS, whenever it is encountered --
      now resets packet sequence numbers. (This should be invisible to users
      during normal operation, only causing exceptions if the exploit is
      encountered, which will usually result in, again, MessageOrderError.)
    + Sequence number rollover will now raise SSHException if it occurs
      during initial key exchange (regardless of strict mode status).
  * Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the
    original implementation made assumptions based on an OpenSSH
    implementation detail.
- Add patch use-64-bit-maxsize-everywhere.patch:
  * Use the 64-bit value of sys.maxsize.
Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1116019 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 60)
  * [Feature] #1951: Add SSH config token expansion (eg %h, %p) when
  * [Support] #2004: (via #2011) Apply unittest skipIf to tests currently
    using SHA1 in their critical path, to avoid failures on systems starting
  * [Support] #1838: (via #1870/#2028) Update camelCase method calls
    against the threading module to be snake_case; this and related tweaks
  * [Support] #2038: (via #2039) Recent versions of Cryptography have
    deprecated Blowfish algorithm support; in lieu of an easy method for
    users to remove it from the list of algorithms Paramiko tries to import
    and use, we’ve decided to remove it from our “preferred algorithms” list.
    This will both discourage use of a weak algorithm, and avoid warnings.
  * [Bug] #2017: OpenSSH 7.7 and older has a bug preventing it from
    understanding how to perform SHA2 signature verification for RSA
    certificates (specifically certs - not keys), so when we added SHA2
    support it broke all clients using RSA certificates with these servers.
    This has been fixed in a manner similar to what OpenSSH’s own client
    does: a version check is performed and the algorithm used is downgraded
  * [Bug] #1933: Align signature verification algorithm with OpenSSH re:
    zero-padding signatures which don’t match their nominal size/length. This
    shouldn’t affect most users, but will help Paramiko-implemented SSH
- Update to 2.10.3 (bsc#1197279, CVE-2022-24302)
  - [Feature] #1846: Add a prefetch keyword argument to
  - [Support] #1727: Add missing test suite fixtures directory to
- Set environment to utf-8 to allow tests to pass on Python 2. (bsc#1178341)
  * gh#paramiko/paramiko#1655
- update to 2.7.2 (bsc#1166758, bsc#1166758, bsc#1205132)
- update to 2.6.0 (bsc#1200603)
- update to 2.5.0
  extend timeout in testsuite to pass on ppc64le
     key-decryption passphrases from password-auth passwords.
  * Certificate support broke the no-certificate case for Ed25519 keys
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1086711 from Daniel Garcia's avatar Daniel Garcia (dgarcia) (revision 58)
- Delete paramiko-pr1665-remove-pytest-relaxed.patch
- Add remove-icecream-dep.patch
- Update to 3.1.0:
  * [Feature] #2173: Accept single tabs as field separators (in
    addition to single spaces) in
    <paramiko.hostkeys.HostKeyEntry.from_line> for parity with
    OpenSSH’s KnownHosts parser. Patched by Alex Chavkin.
  * [Feature] #2013: (solving #2009, plus others) Add an explicit
    channel_timeout keyword argument to
    paramiko.client.SSHClient.connect, allowing users to configure the
    previously-hardcoded default value of 3600 seconds. Thanks to
    @VakarisZ and @ilija-lazoroski for the report and patch, with
    credit to Mike Salvatore for patch review.
  * [Support] #2178: Apply codespell to the codebase, which found a
    lot of very old minor spelling mistakes in docstrings. Also
    modernize many instances of *largs vs *args and **kwarg vs
    **kwargs. Patch courtesy of Yaroslav Halchenko, with review from
    Brian Skinn.
- 3.0.0:
  * [Bug]: A handful of lower-level classes (notably
    paramiko.message.Message and paramiko.pkey.PKey) previously
    returned bytes objects from their implementation of __str__, even
    under Python 3; and there was never any __bytes__ method.
  * These issues have been fixed by renaming __str__ to __bytes__ and
    relying on Python’s default “stringification returns the output of
    __repr__” behavior re: any real attempts to str() such objects.
  * [Bug] #2165: Streamline some redundant (and costly) byte
    conversion calls in the packetizer and the core SFTP module. This
    should lead to some SFTP speedups at the very least. Thanks to
    Alex Gaynor for the patch.
  * [Bug] #2110: Remove some unnecessary __repr__ calls when handling
    bytes-vs-str conversions. This was apparently doing a lot of
    unintentional data processing, which adds up in some use cases –
    such as SFTP transfers, which may now be significantly faster.
    Kudos to Shuhua Zhong for catch & patch.
  * [Support]: Drop support for Python versions less than 3.6,
    including Python 2. So long and thanks for all the fish!
  * [Support]: Remove the now irrelevant paramiko.py3compat module.
  * [Support]: paramiko.common.asbytes has been moved to
    paramiko.util.asbytes.
  * [Support]: PKey.__cmp__ has been removed. Ordering-oriented
    comparison of key files is unlikely to have ever made sense (the
    old implementation attempted to order by the hashes of the key
    material) and so we have not bothered setting up __lt__ and
    friends at this time. The class continues to have its original
    __eq__ untouched.
  * [Support]: The behavior of private key classes’ (ie anything
    inheriting from PKey) private key writing methods used to perform
    a manual, extra chmod call after writing. This hasn’t been
    strictly necessary since the mid 2.x release line (when key
    writing started giving the mode argument to os.open), and has now
    been removed entirely.
  * This should only be observable if you were mocking Paramiko’s
    system calls during your own testing, or similar.
  * [Support] #732: (also re: #630) SSHConfig used to straight-up
    delete the proxycommand key from config lookup results when the
    source config said ProxyCommand none. This has been altered to
    preserve the key and give it the Python value None, thus making
    the Python representation more in line with the source config
    file.
  * [Support]: paramiko.util.retry_on_signal (and any internal uses of
    same, and also any internal retries of EINTR on eg socket
    operations) has been removed. As of Python 3.5, per PEP 475, this
    functionality (and retrying EINTR generally) is now part of the
    standard library.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1083119 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 57)
- Move documentation into main package for SLE15

- add sle15_python_module_pythons (jsc#PED-68)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 973836 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 54)
- update to 2.10.4:
  * Servers offering certificate variants of hostkey algorithms (eg
    ssh-rsa-cert-v01@openssh.com) could not have their host keys verified by
    Paramiko clients, as it only ever considered non-cert key types for that
    part of connection handshaking. This has been fixed.
  * gq PKey instances’ __eq__ did not have the usual safety guard in place to
    ensure they were being compared to another PKey object, causing occasional
    spurious BadHostKeyException (among other things). This has been fixed.
  * Update camelCase method calls against the threading module to be snake_case;
    this and related tweaks should fix some deprecation warnings under Python 3.10.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 853510 from Steve Kowalik's avatar Steve Kowalik (StevenK) (revision 50)
- Set environment to utf-8 to allow tests to pass on Python 2. (bsc#1178341)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 832015 from Ondřej Súkup's avatar Ondřej Súkup (mimi_vx) (revision 48)
- update to 2.7.2
- drop configs.tar.gz
 * Add missing test suite fixtures directory to MANIFEST.in
 * Remove leading whitespace from OpenSSH RSA test suite static key fixture,
 * Fix incorrect string formatting causing unhelpful error message annotation
     when using Kerberos/GSSAPI.
 * Fix incorrectly swapped order of p and q numbers when loading
     OpenSSH-format RSA private keys.
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 758748 from Ondřej Súkup's avatar Ondřej Súkup (mimi_vx) (revision 47)
- update to 2.7.1
- add configs.tar.gz with missing test data
 * full changelog at http://www.paramiko.org/changelog.html
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 711850 from Ondřej Súkup's avatar Ondřej Súkup (mimi_vx) (revision 46)
- update to 2.6.0
- drop relaxed.patch and 1311.patch
 * add a new keyword argument to SSHClient.connect <paramiko.client.SSHClient.connect>
     and paramiko.transport.Transport -> disabled_algorithms
 * Fix Ed25519 key handling so certain key comment lengths don't cause
    SSHException("Invalid key")
 * Add backwards-compatible support for the gssapi
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 709720 from Ondřej Súkup's avatar Ondřej Súkup (mimi_vx) (revision 45)
- update to 2.5.0 
- dropped 1379.patch
- refreshed patches:
    paramiko-test_extend_timeout.patch
    relaxed.patch
    1311.patch
 * Add support for encrypt-then-MAC (ETM) schemes (hmac-sha2-256-etm@openssh.com,
    hmac-sha2-512-etm@openssh.com) and two newer Diffie-Hellman group key exchange
    algorithms (group14, using SHA256; and group16, using SHA512).
 * Add support for Curve25519 key exchange.
 * Raise Cryptography dependency requirement to version 2.5
 * Add support for the modern (as of Python 3.3) import location of MutableMapping
Displaying revisions 1 - 20 of 64
openSUSE Build Service is sponsored by