2008-09-30 04:50:30 +02:00
|
|
|
#
|
2011-09-21 11:12:24 +02:00
|
|
|
# spec file for package python-paramiko
|
2008-09-30 04:50:30 +02:00
|
|
|
#
|
2024-05-14 05:28:44 +02:00
|
|
|
# Copyright (c) 2024 SUSE LLC
|
2008-09-30 04:50:30 +02:00
|
|
|
#
|
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2018-10-06 18:35:47 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2008-09-30 04:50:30 +02:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
2023-04-26 23:03:02 +02:00
|
|
|
%{?sle15_python_module_pythons}
|
2008-09-30 04:50:30 +02:00
|
|
|
Name: python-paramiko
|
- Update to 3.4.0: (CVE-2023-48795, bsc#1218168)
* Transport grew a new packetizer_class kwarg for overriding the
packet-handler class used internally.
* Address CVE 2023-48795 (aka the "Terrapin Attack", a vulnerability found
in the SSH protocol re: treatment of packet sequence numbers) as follows:
+ The vulnerability only impacts encrypt-then-MAC digest algorithms in
tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko
currently only implements hmac-sha2-(256|512)-etm in tandem with
AES-CBC.
+ As the fix for the vulnerability requires both ends of the connection
to cooperate, the below changes will only take effect when the remote
end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode,
as of this patch version) and configured to use the new
"strict kex" mode.
+ Paramiko will now raise an SSHException subclass (MessageOrderError)
when protocol messages are received in unexpected order. This includes
situations like receiving MSG_DEBUG or MSG_IGNORE during initial key
exchange, which are no longer allowed during strict mode.
+ Key (re)negotiation -- i.e. MSG_NEWKEYS, whenever it is encountered --
now resets packet sequence numbers. (This should be invisible to users
during normal operation, only causing exceptions if the exploit is
encountered, which will usually result in, again, MessageOrderError.)
+ Sequence number rollover will now raise SSHException if it occurs
during initial key exchange (regardless of strict mode status).
* Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the
original implementation made assumptions based on an OpenSSH
implementation detail.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=118
2023-12-19 07:43:04 +01:00
|
|
|
Version: 3.4.0
|
2014-04-22 20:52:51 +02:00
|
|
|
Release: 0
|
2011-09-21 11:12:24 +02:00
|
|
|
Summary: SSH2 protocol library
|
2018-03-15 08:57:46 +01:00
|
|
|
License: LGPL-2.1-or-later
|
2022-04-29 08:46:25 +02:00
|
|
|
URL: https://www.paramiko.org/
|
2019-12-21 18:14:00 +01:00
|
|
|
Source0: https://files.pythonhosted.org/packages/source/p/paramiko/paramiko-%{version}.tar.gz
|
2018-03-15 18:58:33 +01:00
|
|
|
Patch0: paramiko-test_extend_timeout.patch
|
2023-09-30 15:02:20 +02:00
|
|
|
# PATCH-FIX-OPENSUSE remove-icecream-dep.patch to do not depend on python-icecream and unvendor lexicon
|
2023-05-12 11:31:22 +02:00
|
|
|
Patch1: remove-icecream-dep.patch
|
2023-12-20 07:58:14 +01:00
|
|
|
# PATCH-FIX-OPENSUSE use 64-bit value of sys.maxsize to prevent test failure on 32-bit
|
|
|
|
|
Patch2: use-64-bit-maxsize-everywhere.patch
|
2024-05-14 05:28:44 +02:00
|
|
|
# PATCH-FIX-UPSTREAM gh#paramiko/paramiko#2349 Use non-deprecated setup method name to support pytest >= 8
|
|
|
|
|
Patch3: support-pytest-8.patch
|
2017-08-11 16:34:08 +02:00
|
|
|
BuildRequires: %{python_module PyNaCl >= 1.0.1}
|
2023-04-26 23:03:02 +02:00
|
|
|
BuildRequires: %{python_module Sphinx}
|
2023-05-12 11:31:22 +02:00
|
|
|
BuildRequires: %{python_module bcrypt >= 3.2}
|
|
|
|
|
BuildRequires: %{python_module cryptography >= 3.3}
|
2019-02-14 20:17:12 +01:00
|
|
|
BuildRequires: %{python_module gssapi}
|
2019-12-21 18:14:00 +01:00
|
|
|
BuildRequires: %{python_module invocations}
|
2023-05-12 11:31:22 +02:00
|
|
|
BuildRequires: %{python_module invoke >= 2.0}
|
2023-09-30 15:02:20 +02:00
|
|
|
BuildRequires: %{python_module lexicon}
|
|
|
|
|
BuildRequires: %{python_module pyasn1}
|
2023-05-12 11:31:22 +02:00
|
|
|
BuildRequires: %{python_module pytest-relaxed}
|
2019-12-21 18:14:00 +01:00
|
|
|
BuildRequires: %{python_module pytest-xdist}
|
2020-10-13 13:47:59 +02:00
|
|
|
BuildRequires: %{python_module pytest}
|
Accepting request 502890 from home:mimi_vx:branches:devel:languages:python
- update to 2.1.3
* Make util.log_to_file append instead of replace.
* SSHClient and Transport could cause a memory leak if there’s a connection
problem or protocol error, even if Transport.close() is called.
* Prior support for ecdsa-sha2-nistp(384|521) algorithms didn’t fully extend
to covering host keys, preventing connection to hosts which only offer
these key types and no others. This is now fixed.
* Prefer newer ecdsa-sha2-nistp keys over RSA and DSA keys during host key
selection. This improves compatibility with OpenSSH, both in terms of general
behavior, and also re: ability to properly leverage OpenSSH-modified
known_hosts files.
* The RC4/arcfour family of ciphers has been broken since version 2.0; but since
the algorithm is now known to be completely insecure, we are opting
to remove support outright instead of fixing it.
* Move sha1 above the now-arguably-broken md5 in the list of preferred MAC
algorithms, as an incremental security improvement for users whose target
systems offer both.
* Writing encrypted/password-protected private key files was silently broken
since 2.0 due to an incorrect API call
Includes a directly related fix, namely adding the ability to read AES-256-CBC
ciphered private keys (which is now what we tend to write out as it is
Cryptography’s default private key cipher.)
* Allow any type implementing the buffer API to be used with BufferedFile,
Channel, and SFTPFile. This resolves a regression introduced in 1.13
with the Python 3 porting changes, when using types such as memoryview.
* Enhance default cipher preference order such that aes(192|256)-cbc are preferred
over blowfish-cbc.
* SSHClient now requests the type of host key it has (e.g. from known_hosts)
and does not consider a different type to be a “Missing” host key. This fixes
a common case where an ECDSA key is in known_hosts and the server also has
OBS-URL: https://build.opensuse.org/request/show/502890
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=62
2017-06-14 11:20:40 +02:00
|
|
|
BuildRequires: %{python_module setuptools}
|
|
|
|
|
BuildRequires: fdupes
|
|
|
|
|
BuildRequires: python-rpm-macros
|
2019-02-14 20:17:12 +01:00
|
|
|
Recommends: python-gssapi
|
2019-12-21 18:14:00 +01:00
|
|
|
Recommends: python-invoke
|
2023-09-30 15:02:20 +02:00
|
|
|
Recommends: python-pyasn1 >= 0.1.7
|
2023-05-12 11:31:22 +02:00
|
|
|
Requires: python-PyNaCl >= 1.5
|
|
|
|
|
Requires: python-bcrypt >= 3.2
|
|
|
|
|
Requires: python-cryptography >= 3.3
|
2010-09-18 01:45:34 +02:00
|
|
|
BuildArch: noarch
|
2017-04-19 19:40:20 +02:00
|
|
|
%python_subpackages
|
2008-09-30 04:50:30 +02:00
|
|
|
|
|
|
|
|
%description
|
2011-09-21 11:12:24 +02:00
|
|
|
This is a library for making SSH2 connections (client or server).
|
|
|
|
|
Emphasis is on using SSH2 as an alternative to SSL for making secure
|
|
|
|
|
connections between python scripts. All major ciphers and hash methods
|
|
|
|
|
are supported. SFTP client and server mode are both supported too.
|
2008-09-30 04:50:30 +02:00
|
|
|
|
2017-08-11 16:34:08 +02:00
|
|
|
%package -n python-paramiko-doc
|
|
|
|
|
Summary: Documentation for %{name}
|
|
|
|
|
Provides: %{python_module paramiko-doc = %{version}}
|
|
|
|
|
|
|
|
|
|
%description -n python-paramiko-doc
|
|
|
|
|
This is a library for making SSH2 connections (client or server).
|
|
|
|
|
Emphasis is on using SSH2 as an alternative to SSL for making secure
|
|
|
|
|
connections between python scripts. All major ciphers and hash methods
|
|
|
|
|
are supported. SFTP client and server mode are both supported too.
|
|
|
|
|
|
|
|
|
|
This package contains the documentation.
|
|
|
|
|
|
2008-09-30 04:50:30 +02:00
|
|
|
%prep
|
2022-11-20 21:28:40 +01:00
|
|
|
%autosetup -p1 -n paramiko-%{version}
|
2017-08-11 16:34:08 +02:00
|
|
|
# Fix non-executable script rpmlint issue:
|
2022-11-20 21:28:40 +01:00
|
|
|
find demos -name "*.py" -exec sed -i "/#\!\/usr\/bin\/.*/d" {} \; -exec chmod -x {} \;
|
2008-09-30 04:50:30 +02:00
|
|
|
|
|
|
|
|
%build
|
2017-04-19 19:40:20 +02:00
|
|
|
%python_build
|
2008-09-30 04:50:30 +02:00
|
|
|
|
|
|
|
|
%install
|
2017-04-19 19:40:20 +02:00
|
|
|
%python_install
|
|
|
|
|
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
2008-09-30 04:50:30 +02:00
|
|
|
|
2012-06-25 12:11:05 +02:00
|
|
|
%check
|
2020-12-07 08:24:21 +01:00
|
|
|
export LANG=en_US.UTF-8
|
2023-05-12 11:31:22 +02:00
|
|
|
# Do not test k5shell to avoid dependency
|
|
|
|
|
donttest="k5shell"
|
|
|
|
|
%pytest tests/test_*.py -k "not $donttest"
|
2012-06-25 12:11:05 +02:00
|
|
|
|
2017-04-19 19:40:20 +02:00
|
|
|
%files %{python_files}
|
2018-10-06 18:35:47 +02:00
|
|
|
%license LICENSE
|
|
|
|
|
%doc README.rst
|
2022-11-20 21:28:40 +01:00
|
|
|
%{python_sitelib}/paramiko
|
|
|
|
|
%{python_sitelib}/paramiko-%{version}*-info
|
2008-09-30 04:50:30 +02:00
|
|
|
|
2017-08-11 16:34:08 +02:00
|
|
|
%files -n python-paramiko-doc
|
2018-10-06 18:35:47 +02:00
|
|
|
%license LICENSE
|
|
|
|
|
%doc demos/
|
2017-08-11 16:34:08 +02:00
|
|
|
|
2008-09-30 04:50:30 +02:00
|
|
|
%changelog
|
