commit 8a3308430e6a5fdf0de60ce1bb7003675db828d9 Author: Adrian Schröter Date: Fri Dec 22 10:59:37 2023 +0100 Sync from SUSE:ALP:Source:Standard:1.0 python-paramiko revision 2aa14895b8d0c7144c8cd2c5d2e38f9d diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/paramiko-3.4.0.tar.gz b/paramiko-3.4.0.tar.gz new file mode 100644 index 0000000..5b090c6 --- /dev/null +++ b/paramiko-3.4.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:aac08f26a31dc4dffd92821527d1682d99d52f9ef6851968114a8728f3c274d3 +size 1277306 diff --git a/paramiko-test_extend_timeout.patch b/paramiko-test_extend_timeout.patch new file mode 100644 index 0000000..36efebe --- /dev/null +++ b/paramiko-test_extend_timeout.patch @@ -0,0 +1,13 @@ +Index: paramiko-2.5.0/tests/test_buffered_pipe.py +=================================================================== +--- paramiko-2.5.0.orig/tests/test_buffered_pipe.py ++++ paramiko-2.5.0/tests/test_buffered_pipe.py +@@ -68,7 +68,7 @@ class BufferedPipeTest(unittest.TestCase + self.assertTrue(False) + except PipeTimeout: + pass +- self.assertEqual(b"b", p.read(1, 1.0)) ++ self.assertEqual(b"b", p.read(1, 3.0)) + self.assertEqual(b"", p.read(1)) + + def test_close_while_reading(self): diff --git a/python-paramiko.changes b/python-paramiko.changes new file mode 100644 index 0000000..6531629 --- /dev/null +++ b/python-paramiko.changes @@ -0,0 +1,972 @@ +------------------------------------------------------------------- +Wed Dec 20 06:57:15 UTC 2023 - Steve Kowalik + +- Update to 3.4.0: (CVE-2023-48795, bsc#1218168) + * Transport grew a new packetizer_class kwarg for overriding the + packet-handler class used internally. + * Address CVE 2023-48795 (aka the "Terrapin Attack", a vulnerability found + in the SSH protocol re: treatment of packet sequence numbers) as follows: + + The vulnerability only impacts encrypt-then-MAC digest algorithms in + tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko + currently only implements hmac-sha2-(256|512)-etm in tandem with + AES-CBC. + + As the fix for the vulnerability requires both ends of the connection + to cooperate, the below changes will only take effect when the remote + end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode, + as of this patch version) and configured to use the new + "strict kex" mode. + + Paramiko will now raise an SSHException subclass (MessageOrderError) + when protocol messages are received in unexpected order. This includes + situations like receiving MSG_DEBUG or MSG_IGNORE during initial key + exchange, which are no longer allowed during strict mode. + + Key (re)negotiation -- i.e. MSG_NEWKEYS, whenever it is encountered -- + now resets packet sequence numbers. (This should be invisible to users + during normal operation, only causing exceptions if the exploit is + encountered, which will usually result in, again, MessageOrderError.) + + Sequence number rollover will now raise SSHException if it occurs + during initial key exchange (regardless of strict mode status). + * Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the + original implementation made assumptions based on an OpenSSH + implementation detail. +- Add patch use-64-bit-maxsize-everywhere.patch: + * Use the 64-bit value of sys.maxsize. + +------------------------------------------------------------------- +Fri Sep 29 22:29:46 UTC 2023 - Ondřej Súkup + +- refresh remove-icecream-dep.patch +- update to 3.3.1 + detailed changelog: https://www.paramiko.org/changelog.html# + +------------------------------------------------------------------- +Fri May 12 09:27:30 UTC 2023 - Daniel Garcia + +- Delete paramiko-pr1665-remove-pytest-relaxed.patch +- Add remove-icecream-dep.patch +- Update to 3.1.0: + * [Feature] #2173: Accept single tabs as field separators (in + addition to single spaces) in + for parity with + OpenSSH’s KnownHosts parser. Patched by Alex Chavkin. + * [Feature] #2013: (solving #2009, plus others) Add an explicit + channel_timeout keyword argument to + paramiko.client.SSHClient.connect, allowing users to configure the + previously-hardcoded default value of 3600 seconds. Thanks to + @VakarisZ and @ilija-lazoroski for the report and patch, with + credit to Mike Salvatore for patch review. + * [Support] #2178: Apply codespell to the codebase, which found a + lot of very old minor spelling mistakes in docstrings. Also + modernize many instances of *largs vs *args and **kwarg vs + **kwargs. Patch courtesy of Yaroslav Halchenko, with review from + Brian Skinn. +- 3.0.0: + * [Bug]: A handful of lower-level classes (notably + paramiko.message.Message and paramiko.pkey.PKey) previously + returned bytes objects from their implementation of __str__, even + under Python 3; and there was never any __bytes__ method. + * These issues have been fixed by renaming __str__ to __bytes__ and + relying on Python’s default “stringification returns the output of + __repr__” behavior re: any real attempts to str() such objects. + * [Bug] #2165: Streamline some redundant (and costly) byte + conversion calls in the packetizer and the core SFTP module. This + should lead to some SFTP speedups at the very least. Thanks to + Alex Gaynor for the patch. + * [Bug] #2110: Remove some unnecessary __repr__ calls when handling + bytes-vs-str conversions. This was apparently doing a lot of + unintentional data processing, which adds up in some use cases – + such as SFTP transfers, which may now be significantly faster. + Kudos to Shuhua Zhong for catch & patch. + * [Support]: Drop support for Python versions less than 3.6, + including Python 2. So long and thanks for all the fish! + * [Support]: Remove the now irrelevant paramiko.py3compat module. + * [Support]: paramiko.common.asbytes has been moved to + paramiko.util.asbytes. + * [Support]: PKey.__cmp__ has been removed. Ordering-oriented + comparison of key files is unlikely to have ever made sense (the + old implementation attempted to order by the hashes of the key + material) and so we have not bothered setting up __lt__ and + friends at this time. The class continues to have its original + __eq__ untouched. + * [Support]: The behavior of private key classes’ (ie anything + inheriting from PKey) private key writing methods used to perform + a manual, extra chmod call after writing. This hasn’t been + strictly necessary since the mid 2.x release line (when key + writing started giving the mode argument to os.open), and has now + been removed entirely. + * This should only be observable if you were mocking Paramiko’s + system calls during your own testing, or similar. + * [Support] #732: (also re: #630) SSHConfig used to straight-up + delete the proxycommand key from config lookup results when the + source config said ProxyCommand none. This has been altered to + preserve the key and give it the Python value None, thus making + the Python representation more in line with the source config + file. + * [Support]: paramiko.util.retry_on_signal (and any internal uses of + same, and also any internal retries of EINTR on eg socket + operations) has been removed. As of Python 3.5, per PEP 475, this + functionality (and retrying EINTR generally) is now part of the + standard library. + +------------------------------------------------------------------- +Sun Apr 23 23:16:46 UTC 2023 - Matej Cepl + +- Move documentation into main package for SLE15 + +------------------------------------------------------------------- +Fri Apr 21 12:28:59 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Sun Nov 20 18:38:07 UTC 2022 - Ben Greiner + +- Update to 2.12.0 + * [Feature] #2125: (also re: #2054) Add a transport_factory kwarg + to SSHClient.connect for advanced users to gain more control + over early Transport setup and manipulation. Thanks to Noah + Pederson for the patch. +- Release 2.11.1 + * [Bug]: bug:1637 (via #1599) Raise SSHException explicitly when + blank private key data is loaded, instead of the natural result + of IndexError. This should help more bits of Paramiko or + Paramiko-adjacent codebases to correctly handle this class of + error. Credit: Nicholas Dietz. + * [Bug] #1822: (via, and relating to, far too many other issues + to mention here) Update SSHClient so it explicitly closes its + wrapped socket object upon encountering socket errors at + connection time. This should help somewhat with certain classes + of memory leaks, resource warnings, and/or errors (though we + hasten to remind everyone that Client and Transport have their + own .close() methods for use in non-error situations!). Patch + courtesy of @YoavCohen. +- Rename and refresh: + - paramiko-pr1655-remove-pytest-relaxed.patch + + paramiko-pr1665-remove-pytest-relaxed.patch + * gh#paramiko/paramiko#1665 + +------------------------------------------------------------------- +Thu May 26 20:43:45 UTC 2022 - Michael Ströder + +- update to 2.11.0 + * [Feature] #1951: Add SSH config token expansion (eg %h, %p) when + parsing ProxyJump directives. + * [Support] #2004: (via #2011) Apply unittest skipIf to tests currently + using SHA1 in their critical path, to avoid failures on systems starting + to disable SHA1 outright in their crypto backends (eg RHEL 9). + * [Support] #1838: (via #1870/#2028) Update camelCase method calls + against the threading module to be snake_case; this and related tweaks + should fix some deprecation warnings under Python 3.10. + * [Support] #2038: (via #2039) Recent versions of Cryptography have + deprecated Blowfish algorithm support; in lieu of an easy method for + users to remove it from the list of algorithms Paramiko tries to import + and use, we’ve decided to remove it from our “preferred algorithms” list. + This will both discourage use of a weak algorithm, and avoid warnings. +- update to 2.10.5 + * [Bug] #2008: (via #2010) Windows-native SSH agent support as merged in + 2.10 could encounter Errno 22 OSError exceptions in some scenarios + (eg server not cleanly closing a relevant named pipe). + This has been worked around and should be less problematic. + * [Bug] #2017: OpenSSH 7.7 and older has a bug preventing it from + understanding how to perform SHA2 signature verification for RSA + certificates (specifically certs - not keys), so when we added SHA2 + support it broke all clients using RSA certificates with these servers. + This has been fixed in a manner similar to what OpenSSH’s own client + does: a version check is performed and the algorithm used is downgraded + if needed. + * [Bug] #1933: Align signature verification algorithm with OpenSSH re: + zero-padding signatures which don’t match their nominal size/length. This + shouldn’t affect most users, but will help Paramiko-implemented SSH + servers handle poorly behaved clients such as PuTTY. + +------------------------------------------------------------------- +Thu Apr 28 21:26:08 UTC 2022 - Dirk Müller + +- update to 2.10.4: + * Servers offering certificate variants of hostkey algorithms (eg + ssh-rsa-cert-v01@openssh.com) could not have their host keys verified by + Paramiko clients, as it only ever considered non-cert key types for that + part of connection handshaking. This has been fixed. + * gq PKey instances’ __eq__ did not have the usual safety guard in place to + ensure they were being compared to another PKey object, causing occasional + spurious BadHostKeyException (among other things). This has been fixed. + * Update camelCase method calls against the threading module to be snake_case; + this and related tweaks should fix some deprecation warnings under Python 3.10. + +------------------------------------------------------------------- +Fri Apr 8 07:44:16 UTC 2022 - pgajdos@suse.com + +- do not require python-mock for build + +------------------------------------------------------------------- +Fri Mar 18 22:52:45 UTC 2022 - Michael Ströder + +- Update to 2.10.3 (bsc#1197279, CVE-2022-24302) + Too many changes to be listed here: + https://www.paramiko.org/changelog.html + +------------------------------------------------------------------- +Tue Oct 12 11:03:02 UTC 2021 - ecsos + +- Update to 2.8.0 + - [Feature] #1846: Add a prefetch keyword argument to + SFTPClient.get/SFTPClient.getfo so users who need to skip SFTP + prefetching are able to conditionally turn it off. + - [Bug] #1462: (via #1882) Newer server-side key exchange + algorithms not intended to use SHA1 (diffie-hellman-group14-sha256, + diffie-hellman-group16-sha512) were incorrectly using SHA1 after all, + due to a bug causing them to ignore the hash_algo class attribute. + This has been corrected. + - [Support] #1722: Remove leading whitespace from OpenSSH RSA test + suite static key fixture, to conform better to spec. + - [Support] #1727: Add missing test suite fixtures directory to + MANIFEST.in, reinstating the ability to run Paramiko’s tests from + an sdist tarball. + - [Support]: Update our CI to catch issues with sdist generation, + installation and testing. + - [Support]: Administrivia overhaul, including but not limited to: + - Migrate CI to CircleCI + - Primary dev branch is now main (renamed) + - Many README edits for clarity, modernization etc; including + a bunch more (and consistent) status badges & unification with + main project site index + - PyPI page much more fleshed out (long_description is now filled + in with the README; sidebar links expanded; etc) + - flake8, pytest configs split out of setup.cfg into their own files + - Invoke/invocations (used by maintainers/contributors) upgraded + to modern versions +- Skip python2 to fix build errors for Leap. +- Rebase paramiko-pr1655-remove-pytest-relaxed.patch. + +------------------------------------------------------------------- +Mon Dec 7 07:22:31 UTC 2020 - Steve Kowalik + +- Set environment to utf-8 to allow tests to pass on Python 2. (bsc#1178341) + +------------------------------------------------------------------- +Tue Oct 13 10:51:07 UTC 2020 - Benjamin Greiner + +- remove dependency on pytest-relaxed + * paramiko-pr1655-remove-pytest-relaxed.patch + * gh#paramiko/paramiko#1655 + +------------------------------------------------------------------- +Fri Sep 4 06:29:23 UTC 2020 - Ondřej Súkup + +- update to 2.7.2 (bsc#1166758, bsc#1166758, bsc#1205132) +- drop configs.tar.gz + * Add missing test suite fixtures directory to MANIFEST.in + * Remove leading whitespace from OpenSSH RSA test suite static key fixture, + * Fix incorrect string formatting causing unhelpful error message annotation + when using Kerberos/GSSAPI. + * Fix incorrectly swapped order of p and q numbers when loading + OpenSSH-format RSA private keys. + +------------------------------------------------------------------- +Sat Dec 21 17:11:48 UTC 2019 - Ondřej Súkup + +- update to 2.7.1 +- add configs.tar.gz with missing test data + * full changelog at http://www.paramiko.org/changelog.html + +------------------------------------------------------------------- +Tue Jun 25 10:47:26 UTC 2019 - Ondřej Súkup + +- update to 2.6.0 (bsc#1200603) +- drop relaxed.patch and 1311.patch + * add a new keyword argument to SSHClient.connect + and paramiko.transport.Transport -> disabled_algorithms + * Fix Ed25519 key handling so certain key comment lengths don't cause + SSHException("Invalid key") + * Add backwards-compatible support for the gssapi + +------------------------------------------------------------------- +Tue Jun 11 11:22:32 UTC 2019 - Ondřej Súkup + +- update to 2.5.0 +- dropped 1379.patch +- refreshed patches: + paramiko-test_extend_timeout.patch + relaxed.patch + 1311.patch + * Add support for encrypt-then-MAC (ETM) schemes (hmac-sha2-256-etm@openssh.com, + hmac-sha2-512-etm@openssh.com) and two newer Diffie-Hellman group key exchange + algorithms (group14, using SHA256; and group16, using SHA512). + * Add support for Curve25519 key exchange. + * Raise Cryptography dependency requirement to version 2.5 + * Add support for the modern (as of Python 3.3) import location of MutableMapping + +------------------------------------------------------------------- +Wed Mar 13 14:01:04 UTC 2019 - Tomáš Chvátal + +- Run tests verbosely +- Drop cert_support.tar.gz as it is currently properly in the release + +------------------------------------------------------------------- +Thu Feb 14 20:49:56 UTC 2019 - Hans-Peter Jansen + +- add empty line after %autopatch: build fails up to 42.3 otherwise + +------------------------------------------------------------------- +Thu Feb 14 17:00:13 UTC 2019 - Ondřej Súkup + +- drop python-pytest_relaxed dependency +- add patches: + 1311.patch - fix warnings + 1379.patch - fix support for gssapi + relaxed.patch - remove unnecessary pytest_relaxed dep +- remove patch: + disable-gssapi.patch - supersseded + +------------------------------------------------------------------- +Tue Dec 4 12:51:08 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +------------------------------------------------------------------- +Tue Nov 13 11:47:43 UTC 2018 - Ondřej Súkup + +- add disable-gssapi.patch - workaround for boo#1115769 + +------------------------------------------------------------------- +Fri Oct 5 08:26:46 UTC 2018 - Ondřej Súkup + +- update to 2.4.2 (bsc#1111151, CVE-2018-1000805) +- refresh paramiko-test_extend_timeout.patch + * Fix exploit (CVE pending) in Paramiko's server mode (not client mode) + where hostile clients could trick the server into thinking they were + authenticated without actually submitting valid authentication. + * Modify protocol message handling such that Transport does not respond + to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED + * Updated SSHConfig.lookup so it returns + a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict) + in lieu of dict literals. + +------------------------------------------------------------------- +Thu Mar 15 18:38:22 CET 2018 - ro@suse.de + +- add paramiko-test_extend_timeout.patch (bsc#1085529) + extend timeout in testsuite to pass on ppc64le + +------------------------------------------------------------------- +Thu Mar 15 07:10:09 UTC 2018 - tbechtold@suse.com + +update to version 2.4.1 (bsc#1085276, CVE-2018-7750): + * changelog: update for #1039 / #1051 + * Screen off dev version of Python from test matrix + * ensure ed25519 password is bytes + * Cut 2.0.8 + * Cut 2.3.2 + * Initial tests proving CVE-2018-7750 / #1175 + * Guess something else added this prior to the merge + * Fixes CVE-2018-7750 / #1175 + * Uncaught typo in test suite + * Initial tests proving CVE-2018-7750 / #XXX + * Test proving #1039 / efficacy of #1051 + * Changelog closes #1175 + * Cut 2.1.5 + * Allow overriding test client connect kwargs in Transport test suite + * Cut 2.4.1 + * Fixes CVE-2018-7750 / #XXX + * Cut 2.2.3 + * flake8 + +------------------------------------------------------------------- +Thu Nov 16 09:36:24 UTC 2017 - mimi.vx@gmail.com + +- update to 2.4.0 + + new pytest based testsuite + * dd a new passphrase kwarg to SSHClient.connect so users may disambiguate + key-decryption passphrases from password-auth passwords. + * Drop Python 2.6 and Python 3.3 support + +------------------------------------------------------------------- +Thu Oct 5 11:12:50 UTC 2017 - mimi.vx@gmail.com + +- update to 2.3.1 + + cert_support.tar.gz - missing test certificates for testsuite + * Certificate support broke the no-certificate case for Ed25519 keys + (symptom is an AttributeError about public_blob.) This went uncaught + due to cert autoload behavior (i.e. our test suite never actually ran + the no-cert case, because the cert existed!) Both issues have been fixed. + * Implement basic client-side certificate authentication + (as per the OpenSSH vendor extension.) + * Added pre-authentication banner support for the server interface + (ServerInterface.get_banner plus related support in Transport/AuthHandler.) + * Update Ed25519Key so its constructor offers the same file_obj parameter + as its sibling key classes. + * Add a gss_trust_dns option to Client and Transport to allow explicitly + setting whether or not DNS canonicalization should occur when using GSSAPI. + * Paramiko originally defaulted to zlib compression level 9 + (when one connects with compression=True; it defaults to off.) This has been + found to be quite wasteful and tends to cause much longer transfers in most + cases, than is necessar + * Enhance documentation around the new SFTP.posix_rename method + so it’s referenced in the ‘standard’ rename method for increased visibility. + * Modify logic around explicit disconnect messages, and unknown-channel situations, + so that they rely on centralized shutdown code instead of running their own. + This is at worst removing some unnecessary code, and may help with some + situations where Paramiko hangs at the end of a session. + * Display exception type and message when logging auth-rejection messages + (ones reading Auth rejected: unsupported or mangled public key); previously + this error case had a bare except and did not display exactly why the key + failed. + * Ed25519 keys never got proper API documentation support; this has been fixed. + * Update how we use Cryptography‘s signature/verification methods + so we aren’t relying on a deprecated API. + +------------------------------------------------------------------- +Thu Oct 5 10:33:48 UTC 2017 - mimi.vx@gmail.com + +- update to 2.2.2: + * SSHClient now requests the type of host key it has (e.g. from known_hosts) + and does not consider a different type to be a “Missing” host key. + This fixes a common case where an ECDSA key is in known_hosts and the server + also has an RSA host key. + * Fix up host-key checking in our GSSAPI support, which was previously + using an incorrect API call + * Fix key exchange (kex) algorithm list for GSSAPI authentication; + reviously, the list used solely out-of-date algorithms, and now contains + newer ones listed preferentially before the old + * Clean up GSSAPI authentication procedures so they do not prevent normal + fallback to other authentication methods on failure. + * Add rekeying support to GSSAPI connections, which was erroneously missing. + +------------------------------------------------------------------- +Thu Aug 10 08:11:25 UTC 2017 - tbechtold@suse.com + +- update to 2.2.1: + * Missed a spot + * Update .travis.yml + * Whitespace + * Having this in a mini-toctree made the nav look funny and is also just unintuitive + * Changelog re #471, re #65 + * these are bytes + * changelog: update for #990 and #993 + * ecdh kex support + * flake8/whitespace + * Trailing comma + * Add test for posix-rename@openssh.com extension for SFTP client + * Changelog re #921 + * Add a note about new Python-level deps to changelog re: Ed25519 support + * Add method for "posix-rename@openssh.com" extension for SFTP client. + * Add IOError in posix-rename@openssh.com test for python 2 support. + * this isnt bytes + * Added a auth_timeout to handle situations where SSH server stops responding during auth. + * small cleanups + * More changelog flimflammery + * Added changelog entry + * python 3 compatibility + * Incorrect comparison, should be <= + * DDD re #857 + * Improve __hash__ functions + * Hrm that should always have been an h1 + * No idea how this got past all the earlier flake8 work... + * comments + * Fixed test to support python 2.6 + * Note ecdh-sha2 preferred-kex placement in changelog entry for #951, re #983 + * Changelog language tweaks + * Reorder cipher and key preferences to make more sense + * Added a test to check that the auth_timeout argument is passed through and applied. + * Changelog tweak + * Cut 2.2.1 + * transport: change order of preferred kex and hmac algorithms + * need bcrypt >= 3.1.3 for kdf() ignore_few_rounds kwarg + * Changelog re #972, re #325, closes #325 + * cleanup/simplify auth_timeout tests + * Missed a merge conflict lolol + * flake8 + * Changelog re #951 + * Perplexed at why flake8 did not report this earlier + * Add Python 3.6 to classifiers + * Add support for posix-rename@openssh.com for the SFTP server side and fix tests accordingly. + * sphinx nitpick fixes + * Fixed encoding/decoding of the public key on the wire + * Added test for authentication timeout from a non-responsive server + * refactor files + * fixed comment + consistency + * Changelog re #857 + * Cut 2.2.0 + * integration test, with ourselves + * TODO + * That was easy. Closes #857 + * Add sanity note to changelog re #869 + * Unit tests + * Fixes #325 -- add support for Ed25519 keys + * Happy New Year + * implement __hash__() method for Ed25519Key + * pep8 + * Increased auth_timeout to 30 seconds + * py3k + * fixed long line + * Link to the spec + * set a minimum version + * Support decrypting keys + * Failing test proving need for #857 +- move demos/ to extra -doc package + +------------------------------------------------------------------- +Sun Jun 11 16:32:09 UTC 2017 - mimi.vx@gmail.com + +- update to 2.1.3 +* Make util.log_to_file append instead of replace. +* SSHClient and Transport could cause a memory leak if there’s a connection + problem or protocol error, even if Transport.close() is called. +* Prior support for ecdsa-sha2-nistp(384|521) algorithms didn’t fully extend + to covering host keys, preventing connection to hosts which only offer + these key types and no others. This is now fixed. +* Prefer newer ecdsa-sha2-nistp keys over RSA and DSA keys during host key + selection. This improves compatibility with OpenSSH, both in terms of general + behavior, and also re: ability to properly leverage OpenSSH-modified + known_hosts files. +* The RC4/arcfour family of ciphers has been broken since version 2.0; but since + the algorithm is now known to be completely insecure, we are opting + to remove support outright instead of fixing it. +* Move sha1 above the now-arguably-broken md5 in the list of preferred MAC + algorithms, as an incremental security improvement for users whose target + systems offer both. +* Writing encrypted/password-protected private key files was silently broken + since 2.0 due to an incorrect API call + Includes a directly related fix, namely adding the ability to read AES-256-CBC + ciphered private keys (which is now what we tend to write out as it is + Cryptography’s default private key cipher.) +* Allow any type implementing the buffer API to be used with BufferedFile, + Channel, and SFTPFile. This resolves a regression introduced in 1.13 + with the Python 3 porting changes, when using types such as memoryview. +* Enhance default cipher preference order such that aes(192|256)-cbc are preferred + over blowfish-cbc. +* SSHClient now requests the type of host key it has (e.g. from known_hosts) + and does not consider a different type to be a “Missing” host key. This fixes + a common case where an ECDSA key is in known_hosts and the server also has + an RSA host key. +* Overhaul the codebase to be PEP-8 + +------------------------------------------------------------------- +Wed Apr 19 17:24:58 UTC 2017 - toddrme2178@gmail.com + +- Implement single-spec version. + +------------------------------------------------------------------- +Fri Mar 17 20:25:35 UTC 2017 - rjschwei@suse.com + +- Fix version setting for cryptography for build + +------------------------------------------------------------------- +Thu Mar 16 22:23:45 UTC 2017 - rjschwei@suse.com + +- Add python-pyasn1 as Buildrequires for testing + +------------------------------------------------------------------- +Fri Feb 24 16:27:00 UTC 2017 - mimi.vx@gmail.com + +- update to 2.1.2 +* Fix a bug in server-mode concerning multiple interactive auth steps +* SSHClient now gives its internal Transport a handle on itself, preventing + garbage collection of the client until the session is closed. Without this, + some code which returns stream or transport objects without the client that + generated them, would result in premature session closure + when the client was GCd +* Avoid test suite exceptions on platforms lacking errno.ETIME +* weak how RSAKey.__str__ behaves so it doesn’t cause TypeError under Python 3. + +------------------------------------------------------------------- +Tue Dec 13 11:50:39 UTC 2016 - mimi.vx@gmail.com + +- update to 2.1.1 +* A tweak to the original patch implementing gh#398 was not fully applied, + causing calls to ~paramiko.client.SSHClient.invoke_shell to fail with + AttributeError. This has been fixed. +* Fix the implementation of PKey.write_private_key_file (this method is only + publicly defined on subclasses; the fix was in the private real + implementation) so it passes the correct params to open() +* Add an optional timeout parameter to Transport.start_clienti + (and feed it the value of the + configured connection timeout when used within SSHClient + .) +* Catch AssertionError thrown by Cryptography when attempting to load bad + ECDSA keys, turning it into an SSHException. +* Add a missing .closed attribute (plus ._closed because reasons) to + ProxyCommand +* Make the subprocess import in proxy.py lazy so users on platforms without + it (such as Google App Engine) can import Paramiko successfully +* Fix incorrect docstring/param-list for Transport.auth_gssapi_keyex + so it matches + the real signature. +* Add an environment dict argument to Client.exec_command + +------------------------------------------------------------------- +Fri Oct 7 09:13:06 UTC 2016 - tbechtold@suse.com + +- Fix Requires for python-cryptography +- Add missing Requires for python-pyasn1 + +------------------------------------------------------------------- +Sun Jul 31 12:15:25 UTC 2016 - michael@stroeder.com + +- update to 2.0.2 + * [Bug] #758: Apply type definitions to _winapi module from + jaraco.windows 3.6.1. This should address issues on Windows platforms + that often result in errors like ArgumentError: [...] int too long to + convert. Thanks to @swohlerLL for the report and Jason R. Coombs for the + patch. + * [Bug] #774: Add a _closed private attribute to Channel objects so that + they continue functioning when used as proxy sockets under Python 3 (e.g. + as direct-tcpip gateways for other Paramiko connections.) + * [Bug] #673: (via #681) Fix protocol banner read errors (SSHException) + which would occasionally pop up when using ProxyCommand gatewaying. + Thanks to @Depado for the initial report and Paul Kapp for the fix. + +------------------------------------------------------------------- +Sat Jul 23 14:20:34 UTC 2016 - michael@stroeder.com + +- updated homepage URL +- update to 2.0.1: + * [Bug] #537: Fix a bug in BufferedPipe.set_event which could cause + deadlocks/hangs when one uses select.select against Channel objects (or + otherwise calls Channel.fileno after the channel has closed). + * [Bug] #520: (Partial fix) Fix at least one instance of race condition + driven threading hangs at end of the Python interpreter session. + (Includes a docs update as well - always make sure to .close() your + clients!) + +------------------------------------------------------------------- +Fri Jul 8 08:50:08 UTC 2016 - dmueller@suse.com + +- fix build + +------------------------------------------------------------------- +Mon Jun 6 11:32:04 UTC 2016 - dmueller@suse.com + +- fix source url + +------------------------------------------------------------------- +Sun May 8 21:11:31 UTC 2016 - hpj@urpla.net + +- update to 2.0.0: + * Add support for 384- and 512-bit elliptic curve groups in ECDSA + key types (aka ecdsa-sha2-nistp384 / ecdsa-sha2-nistp521). + * Due to an earlier bugfix, less-specific Host blocks' ProxyCommand + values were overriding ProxyCommand none in more-specific Host + blocks. This has been fixed in a backwards compatible manner (i.e. + ProxyCommand none continues to appear as a total lack of any + proxycommand key in parsed config structures). + * Fix a backwards incompatibility issue that cropped up in + SFTPFile.prefetch <~paramiko.sftp_file.prefetch> re: the + erroneously non-optional file_size parameter. Should only affect + users who manually call prefetch. + * Replace PyCrypto with the Python Cryptographic Authority (PyCA) + 'Cryptography' library suite. This improves security, + installability, and performance; adds PyPy support; and much more. + * Fix stalled/hung SFTP downloads by cleaning up some threading lock + issues. + * Fix a Python 3 compatibility issue when handling two-factor + authentication. + * Clean up setup.py to always use setuptools, not doing so was a + historical artifact from bygone days. + * Update the module in charge of handling SSH moduli so it's + consistent with OpenSSH behavior re: prime number selection. + * Fix up ~paramiko.ssh_exception.NoValidConnectionsError so it + pickles correctly, and fix a related Python 3 compatibility issue. + * Update to jaraco.windows 3.4.1 to fix some errors related to + ctypes on Windows platforms. + * Annotate some public attributes on ~paramiko.channel.Channel such + as .closed. + * Fix logic bug in the SFTP client's callback-calling functionality; + previously there was a chance the given callback would fire twice + at the end of a transfer. + * Identify & work around a race condition in the test for handshake + timeouts, which was causing frequent test failures for a subset of + contributors as well as Travis-CI (usually, but not always, + limited to Python 3.5). + * Remove whitespace in our setup.py's install_requires as it + triggers occasional bugs in some versions of setuptools. + * Strip trailing/leading whitespace from lines when parsing SSH + config files - this brings things in line with OpenSSH behavior. + * Fix behavior of gssapi-with-mic auth requests so they fail + gracefully (allowing followup via other auth methods) instead of + raising an exception. + * Add missing file-like object methods for ~paramiko.file.BufferedFile + and ~paramiko.sftp_file.SFTPFile. + * Clean up and enhance the README (and rename it to README.rst from + just README). + +------------------------------------------------------------------- +Mon Feb 1 11:26:44 UTC 2016 - toddrme2178@gmail.com + +- Add --no-transport to fix a known issue with the tests + https://github.com/paramiko/paramiko/issues/574 + Check if still failing on next release. + The tests is currently failing on Python 3.5, but it is not + actually Python 3.5 specific, it is just more likely to be + encountered on Python 3.5 +- update to version 1.16.0: + * Streamline use of stat when downloading SFTP files via + SFTPClient.get ; this avoids + triggering bugs in some off-spec SFTP servers such as IBM + Sterling. Thanks to @muraleee for the initial report and to Torkil + Gustavsen for the patch. + * Fully enable two-factor authentication (e.g. when a server + requires AuthenticationMethods + pubkey,keyboard-interactive). Thanks to @perryjrandall for the + patch and to @nevins-b and Matt Robenolt for additional support. + * Fix 'exec' requests in server mode to use get_string instead of + get_text to avoid UnicodeDecodeError on non-UTF-8 input. Thanks to + Anselm Kruis for the patch & discussion. + * Fix line number reporting in log output regarding invalid + known_hosts line entries. Thanks to Dylan Thacker-Smith for catch + & patch. + * Update the vendored Windows API addon to a more recent + edition. Also fixes :issue:`193`, :issue:`488`, + :issue:`498`. Thanks to Jason Coombs. + +------------------------------------------------------------------- +Thu Feb 26 11:00:52 UTC 2015 - tbechtold@suse.com + +- update to version 1.15.2 (bsc#962291) + * [Bug] #320: Update our win_pageant module to be Python 3 compatible + * [Bug] #429: Server-level debug message logging was overlooked during the + Python 3 compatibility update; Python 3 clients attempting to log SSH + debug packets encountered type errors. This is now fixed + * [Bug] #459: Tighten up agent connection closure behavior to avoid + spurious ResourceWarning display in some situations + * [Bug] #266: Change numbering of Transport channels to start at 0 + instead of 1 for better compatibility with OpenSSH & certain server + implementations which break on 1-indexed channels + * [Support] #419: Modernize a bunch of the codebase internals to + leverage decorators. Props to @beckjake for realizing we’re no longer + on Python 2.2 :D + * [Support] #421: Modernize threading calls to user newer API + * [Support] #422: Clean up some unused imports + * [Support] #431: Replace handrolled ssh_config parsing code with + use of the shlex module + * [Bug] #415: Fix ssh_config parsing to correctly interpret ProxyCommand + none as the lack of a proxy command, instead of as a literal command + string of "none" + * [Bug] #428: Fix an issue in BufferedFile (primarily used in the SFTP + modules) concerning incorrect behavior by readlines on files whose + size exceeds the buffer size + * [Bug] #455: Tweak packet size handling to conform better to the + OpenSSH RFCs; this helps address issues with interactive program cursors + * [Bug] #413: (also #414, #420, #454) Be significantly smarter about polling + & timing behavior when running proxy commands, to avoid unnecessary + (often 100%!) CPU usage + +------------------------------------------------------------------- +Thu Oct 2 16:33:24 UTC 2014 - andrea@opensuse.org + +- new upsteam version 1.15.1 + * fixed from previous version: Bug] #399: SSH agent forwarding + would hang due to incorrect values passed into the new window + size arguments for Transport + * detailed changelog available on pramiko website: + http://paramiko-www.readthedocs.org/en/latest/changelog.html + +------------------------------------------------------------------- +Sat May 31 11:35:11 UTC 2014 - dmueller@suse.com + +- update to 1.13.1: +* :support:`256 backported` Convert API documentation to Sphinx, yielding a new + API docs website to replace the old Epydoc one. +* :bug:`-` Use constant-time hash comparison operations where possible, to + protect against `timing-based attacks + `_. Thanks to Alex Gaynor + for the patch. +* :feature:`58` Allow client code to access the stored SSH server banner via + `Transport.get_banner `. Thanks to + ``@Jhoanor`` for the patch. +* :bug:`252` (`Fabric #1020 `_) + Enhanced the implementation of ``ProxyCommand`` to avoid a deadlock/hang + condition that frequently occurs at ``Transport`` shutdown time. Thanks to + Mateusz Kobos, Matthijs van der Vleuten and Guillaume Zitta for the original + reports and to Marius Gedminas for helping test nontrivial use cases. +* :bug:`268` Fix some missed renames of ``ProxyCommand`` related error classes. + Thanks to Marius Gedminas for catch & patch. +* :bug:`34` (PR :issue:`35`) Fix SFTP prefetching incompatibility with some + SFTP servers regarding request/response ordering. Thanks to Richard + Kettlewell. +* :bug:`193` (and its attentant PRs :issue:`230` & :issue:`253`) Fix SSH agent + problems present on Windows. Thanks to David Hobbs for initial report and to + Aarni Koskela & Olle Lundberg for the patches. +* :bug:`225 (1.12+)` Note ecdsa requirement in README. Thanks to Amaury + Rodriguez for the catch. +* :bug:`176` Fix AttributeError bugs in known_hosts file (re)loading. Thanks + to Nathan Scowcroft for the patch & Martin Blumenstingl for the initial test + case. + +------------------------------------------------------------------- +Fri Apr 18 15:10:24 UTC 2014 - rschweikert@suse.com + +- include in SLE 12 (FATE #315990) + +------------------------------------------------------------------- +Mon Nov 25 23:01:56 UTC 2013 - p.drouand@gmail.com + +- Update to version 1.12 + * #152: Add tentative support for ECDSA keys. *This adds the ecdsa + module as a new dependency of Paramiko.* The module is available at + [warner/python-ecdsa on Github](https://github.com/warner/python-ecdsa) and + [ecdsa on PyPI](https://pypi.python.org/pypi/ecdsa). + * Note that you might still run into problems with key negotiation -- + Paramiko picks the first key that the server offers, which might not be + what you have in your known_hosts file. + * Mega thanks to Ethan Glasser-Camp for the patch. + * #136: Add server-side support for the SSH protocol's 'env' command +- Use local source instead of service +- Add python-ecdsa requirement; new dependency + +------------------------------------------------------------------- +Sun Oct 27 17:50:34 UTC 2013 - lukas@wunner.de + +- update to 1.11.2: + * #156: Fix potential deadlock condition when using Channel objects as + sockets (e.g. when using SSH gatewaying). Thanks to Steven Noonan and + Frank Arnold for catch & patch. + * #179: Fix a missing variable causing errors when an ssh_config file + has a non-default AddressFamily set. Thanks to Ed Marshall & Tomaz + Muraus for catch & patch. + * #200: Fix an exception-causing typo in `demo_simple.py`. Thanks to + Alex Buchanan for catch & Dave Foster for patch. + * #199: Typo fix in the license header cross-project. Thanks to Armin + Ronacher for catch & patch. + * #162: Clean up HMAC module import to avoid deadlocks in certain uses + of SSHClient. Thanks to Gernot Hillier for the catch & suggested fix. + * #36: Fix the port-forwarding demo to avoid file descriptor errors. + Thanks to Jonathan Halcrow for catch & patch. + * #168: Update config handling to properly handle multiple 'localforward' + and 'remoteforward' keys. Thanks to Emre Yilmaz for the patch. + +------------------------------------------------------------------- +Tue Sep 3 08:06:53 UTC 2013 - dmueller@suse.com + +- update to 1.11.0: + * #98: On Windows, when interacting with the PuTTY PAgeant, Paramiko now + creates the shared memory map with explicit Security Attributes of the user, + which is the same technique employed by the canonical PuTTY library to avoid + permissions issues when Paramiko is running under a different UAC context + than the PuTTY Ageant process. Thanks to Jason R. Coombs for the patch. + * #100: Remove use of PyWin32 in `win_pageant` module. Module was already + dependent on ctypes for constructing appropriate structures and had ctypes + implementations of all functionality. Thanks to Jason R. Coombs for the + patch. + * #87: Ensure updates to `known_hosts` files account for any updates to said + files after Paramiko initially read them. (Includes related fix to guard + against duplicate entries during subsequent `known_hosts` loads.) Thanks to + `@sunweaver` for the contribution. + +------------------------------------------------------------------- +Mon Apr 29 12:52:27 UTC 2013 - dmueller@suse.com + +- update to 1.10.1: + * SFTP put of empty file will still return the attributes + of the put file. Thanks to Jason R. Coombs for the patch. + * Forwarded SSH agent connections left stale local pipes + lying around, which could cause local (and sometimes remote or network + resource starvation when running many agent-using remote commands. Thanks to + * Batch SFTP writes to help speed up file transfers + * Fix handling of window-change events to be on-spec + * Overhaul SSH config parsing to be in line with `man ssh_config` + * Forego random padding for packets when running under `*-ctr` ciphers + * Add `SFTPClient.putfo` and `.getfo` methods to allow direct + uploading/downloading of file-like objects + * Add `timeout` parameter to `SSHClient.exec_command` for easier setting + of the command's internal channel object's timeout + * Expose the internal "is closed" property of the file transfer class + BufferedFile` as `.closed`, better conforming to Python's file interface + +------------------------------------------------------------------- +Sat Dec 1 15:12:44 UTC 2012 - saschpe@suse.de + +- Update to version 1.9.0: + + #97 (with a little #93): Improve config parsing of ProxyCommand directives + and provide a wrapper class to allow subprocess-driven proxy commands to be + used as sock= arguments for SSHClient.connect. + + #77: Allow SSHClient.connect() to take an explicit sock parameter + overriding creation of an internal, implicit socket object. +- Changes from version 1.8.1: + + #90: Ensure that callbacks handed to SFTPClient.get() always fire at least + once, even for zero-length files downloaded. Thanks to Github user @enB for + the catch. + + #85: Paramiko's test suite overrides + unittest.TestCase.assertTrue/assertFalse to provide these modern assertions + to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7, + this now causes deprecation warnings. The overrides have been patched to only + execute when necessary. Thanks to @Arfrever for catch & patch. +- Changes from version 1.8.0: + + #17 ('ssh' 28): Fix spurious NoneType has no attribute 'error' and similar + exceptions that crop up on interpreter exit. + + 'ssh' 32: Raise a more useful error explaining which known_hosts key line was + problematic, when encountering binascii issues decoding known host keys. + Thanks to @thomasvs for catch & patch. + + 'ssh' 33: Bring ssh_config parsing more in line with OpenSSH spec, re: order of + setting overrides by Host specifiers. Specifically, the overrides now go by + file order instead of automatically sorting by Host value length. In + addition, the first value found per config key (e.g. Port, User etc) + wins, instead of the last. Thanks to Jan Brauer for the contribution. + + 'ssh' 36: Support new server two-factor authentication option + (RequiredAuthentications2), at least re: combining key-based & password + auth. Thanks to Github user bninja. + + 'ssh' 11: When raising an exception for hosts not listed in + known_hosts (when RejectPolicy is in effect) the exception message was + confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for + highlighting the issue. + + 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk. + + 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the + implementation of ssh_config(5). Thanks to Olle Lundberg for the patch. + + 'ssh' 24: Switch some internal type checking to use isinstance to help prevent + problems with client libraries using subclasses of builtin types. Thanks to + Alex Morega for the patch. + + Fabric #562: Agent forwarding would error out (with Authentication response + too long) or freeze, when more than one remote connection to the local agent + was active at the same time. This has been fixed. Thanks to Steven McDonald + for assisting in troubleshooting/patching, and to GitHub user @lynxis for + providing the final version of the patch. + + 'ssh' 5: Moved a fcntl import closer to where it's used to help avoid + ImportError problems on Windows platforms. Thanks to Jason Coombs for the + catch + suggested fix. + + 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit + Windows. Thanks again to Jason Coombs for the patch. + + Added an IO loop sleep() call to avoid needless CPU usage when agent + forwarding is in use. + + Handful of internal tweaks to version number storage. + + Updated setup.py with ==dev install URL for pip users. + + Updated setup.py to account for packaging problems in PyCrypto 2.4.0 + + Added an extra atfork() call to help prevent spurious RNG errors when + running under high parallel (multiprocess) load. + + Merge PR #28: https://github.com/paramiko/paramiko/pull/28 which adds a + ssh-keygen like demo module. (Sofian Brabez) + +------------------------------------------------------------------- +Sun Jun 24 20:04:03 UTC 2012 - os-dev@jacraig.com + +- Update to 1.7.7.2: + * Merge pull request #63: https://github.com/paramiko/paramiko/pull/63 which + fixes exceptions that occur when re-keying over fast connections. +- Add unit tests to build + +------------------------------------------------------------------- +Mon Mar 12 21:05:53 UTC 2012 - saschpe@gmx.de + +- Simplified macro usage + +------------------------------------------------------------------- +Tue Sep 20 14:30:25 UTC 2011 - saschpe@suse.de + +- Update to version 0.7.7: + * Various bug fixes (upstream provides no further changes) + +------------------------------------------------------------------- +Tue Oct 5 08:20:00 UTC 2010 - nix@opensuse.org + +- Require newer python-crypto + +------------------------------------------------------------------- +Thu Sep 16 07:58:41 UTC 2010 - coolo@novell.com + +- updte to 1.7.6 "Fanny" + various bug fixes, "Ernest" brought ARC4 & CTR support and IP6 support + +------------------------------------------------------------------- +Wed Sep 24 11:44:21 CEST 2008 - kssingvo@suse.de + +- initial version 1.7.4 required from bzr + based on python-paramiko from openSUSE BuildService: + devel:languages:python/openSUSE_Factory diff --git a/python-paramiko.spec b/python-paramiko.spec new file mode 100644 index 0000000..427eee5 --- /dev/null +++ b/python-paramiko.spec @@ -0,0 +1,102 @@ +# +# spec file for package python-paramiko +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +Name: python-paramiko +Version: 3.4.0 +Release: 0 +Summary: SSH2 protocol library +License: LGPL-2.1-or-later +URL: https://www.paramiko.org/ +Source0: https://files.pythonhosted.org/packages/source/p/paramiko/paramiko-%{version}.tar.gz +Patch0: paramiko-test_extend_timeout.patch +# PATCH-FIX-OPENSUSE remove-icecream-dep.patch to do not depend on python-icecream and unvendor lexicon +Patch1: remove-icecream-dep.patch +# PATCH-FIX-OPENSUSE use 64-bit value of sys.maxsize to prevent test failure on 32-bit +Patch2: use-64-bit-maxsize-everywhere.patch +BuildRequires: %{python_module PyNaCl >= 1.0.1} +BuildRequires: %{python_module Sphinx} +BuildRequires: %{python_module bcrypt >= 3.2} +BuildRequires: %{python_module cryptography >= 3.3} +BuildRequires: %{python_module gssapi} +BuildRequires: %{python_module invocations} +BuildRequires: %{python_module invoke >= 2.0} +BuildRequires: %{python_module lexicon} +BuildRequires: %{python_module pyasn1} +BuildRequires: %{python_module pytest-relaxed} +BuildRequires: %{python_module pytest-xdist} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module setuptools} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Recommends: python-gssapi +Recommends: python-invoke +Recommends: python-pyasn1 >= 0.1.7 +Requires: python-PyNaCl >= 1.5 +Requires: python-bcrypt >= 3.2 +Requires: python-cryptography >= 3.3 +BuildArch: noarch +%python_subpackages + +%description +This is a library for making SSH2 connections (client or server). +Emphasis is on using SSH2 as an alternative to SSL for making secure +connections between python scripts. All major ciphers and hash methods +are supported. SFTP client and server mode are both supported too. + +%package -n python-paramiko-doc +Summary: Documentation for %{name} +Provides: %{python_module paramiko-doc = %{version}} + +%description -n python-paramiko-doc +This is a library for making SSH2 connections (client or server). +Emphasis is on using SSH2 as an alternative to SSL for making secure +connections between python scripts. All major ciphers and hash methods +are supported. SFTP client and server mode are both supported too. + +This package contains the documentation. + +%prep +%autosetup -p1 -n paramiko-%{version} +# Fix non-executable script rpmlint issue: +find demos -name "*.py" -exec sed -i "/#\!\/usr\/bin\/.*/d" {} \; -exec chmod -x {} \; + +%build +%python_build + +%install +%python_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +export LANG=en_US.UTF-8 +# Do not test k5shell to avoid dependency +donttest="k5shell" +%pytest tests/test_*.py -k "not $donttest" + +%files %{python_files} +%license LICENSE +%doc README.rst +%{python_sitelib}/paramiko +%{python_sitelib}/paramiko-%{version}*-info + +%files -n python-paramiko-doc +%license LICENSE +%doc demos/ + +%changelog diff --git a/remove-icecream-dep.patch b/remove-icecream-dep.patch new file mode 100644 index 0000000..4200603 --- /dev/null +++ b/remove-icecream-dep.patch @@ -0,0 +1,27 @@ +Index: paramiko-3.3.1/tests/conftest.py +=================================================================== +--- paramiko-3.3.1.orig/tests/conftest.py ++++ paramiko-3.3.1/tests/conftest.py +@@ -4,7 +4,7 @@ import shutil + import threading + from pathlib import Path + +-from invoke.vendor.lexicon import Lexicon ++from lexicon import Lexicon + + import pytest + from paramiko import ( +@@ -22,13 +22,6 @@ from ._loop import LoopSocket + from ._stub_sftp import StubServer, StubSFTPServer + from ._util import _support + +-from icecream import ic, install as install_ic +- +- +-# Better print() for debugging - use ic()! +-install_ic() +-ic.configureOutput(includeContext=True) +- + + # Perform logging by default; pytest will capture and thus hide it normally, + # presenting it on error/failure. (But also allow turning it off when doing diff --git a/use-64-bit-maxsize-everywhere.patch b/use-64-bit-maxsize-everywhere.patch new file mode 100644 index 0000000..11d0ab0 --- /dev/null +++ b/use-64-bit-maxsize-everywhere.patch @@ -0,0 +1,19 @@ +Index: paramiko-3.4.0/tests/test_transport.py +=================================================================== +--- paramiko-3.4.0.orig/tests/test_transport.py ++++ paramiko-3.4.0/tests/test_transport.py +@@ -1423,12 +1423,12 @@ class TestStrictKex: + setattr( + self.packetizer, + "_Packetizer__sequence_number_in", +- sys.maxsize, ++ 2**63-1, + ) + setattr( + self.packetizer, + "_Packetizer__sequence_number_out", +- sys.maxsize, ++ 2**63-1, + ) + + with raises(