- update to 2.5.0

- dropped 1379.patch
- refreshed patches:
    paramiko-test_extend_timeout.patch
    relaxed.patch
    1311.patch
 * Add support for encrypt-then-MAC (ETM) schemes (hmac-sha2-256-etm@openssh.com,
    hmac-sha2-512-etm@openssh.com) and two newer Diffie-Hellman group key exchange
    algorithms (group14, using SHA256; and group16, using SHA512).
 * Add support for Curve25519 key exchange.
 * Raise Cryptography dependency requirement to version 2.5
 * Add support for the modern (as of Python 3.3) import location of MutableMapping

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=86

1379.patch

@@ -1,172 +0,0 @@
-From 36fbe57629cbbb7bf0f4a1e98c43352b82fe181d Mon Sep 17 00:00:00 2001
-From: Andrew Wason <rectalogic@rectalogic.com>
-Date: Wed, 6 Feb 2019 10:56:53 -0500
-Subject: [PATCH 1/4] Move to cryptography 2.5 and stop using deprecated APIs.
-
-Fixes #1369
----
- paramiko/ecdsakey.py      |  4 ++--
- paramiko/kex_ecdh_nist.py | 37 +++++++++++++++++++++++++++++--------
- setup.py                  |  2 +-
- tests/test_kex.py         | 12 ++++++------
- 5 files changed, 40 insertions(+), 19 deletions(-)
-
-Index: paramiko-2.4.2/paramiko/ecdsakey.py
-===================================================================
---- paramiko-2.4.2.orig/paramiko/ecdsakey.py
-+++ paramiko-2.4.2/paramiko/ecdsakey.py
-@@ -160,12 +160,12 @@ class ECDSAKey(PKey):
- 
-             pointinfo = msg.get_binary()
-             try:
--                numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(
-+                key = ec.EllipticCurvePublicKey.from_encoded_point(
-                     self.ecdsa_curve.curve_class(), pointinfo
-                 )
-+                self.verifying_key = key
-             except ValueError:
-                 raise SSHException("Invalid public key")
--            self.verifying_key = numbers.public_key(backend=default_backend())
- 
-     @classmethod
-     def supported_key_format_identifiers(cls):
-Index: paramiko-2.4.2/paramiko/kex_ecdh_nist.py
-===================================================================
---- paramiko-2.4.2.orig/paramiko/kex_ecdh_nist.py
-+++ paramiko-2.4.2/paramiko/kex_ecdh_nist.py
-@@ -9,6 +9,7 @@ from paramiko.py3compat import byte_chr,
- from paramiko.ssh_exception import SSHException
- from cryptography.hazmat.backends import default_backend
- from cryptography.hazmat.primitives.asymmetric import ec
-+from cryptography.hazmat.primitives import serialization
- from binascii import hexlify
- 
- _MSG_KEXECDH_INIT, _MSG_KEXECDH_REPLY = range(30, 32)
-@@ -36,7 +37,12 @@ class KexNistp256:
-         m = Message()
-         m.add_byte(c_MSG_KEXECDH_INIT)
-         # SEC1: V2.0  2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion
--        m.add_string(self.Q_C.public_numbers().encode_point())
-+        m.add_string(
-+            self.Q_C.public_bytes(
-+                serialization.Encoding.X962,
-+                serialization.PublicFormat.UncompressedPoint,
-+            )
-+        )
-         self.transport._send_message(m)
-         self.transport._expect_packet(_MSG_KEXECDH_REPLY)
- 
-@@ -58,11 +64,11 @@ class KexNistp256:
- 
-     def _parse_kexecdh_init(self, m):
-         Q_C_bytes = m.get_string()
--        self.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point(
-+        self.Q_C = ec.EllipticCurvePublicKey.from_encoded_point(
-             self.curve, Q_C_bytes
-         )
-         K_S = self.transport.get_server_key().asbytes()
--        K = self.P.exchange(ec.ECDH(), self.Q_C.public_key(default_backend()))
-+        K = self.P.exchange(ec.ECDH(), self.Q_C)
-         K = long(hexlify(K), 16)
-         # compute exchange hash
-         hm = Message()
-@@ -75,7 +81,12 @@ class KexNistp256:
-         hm.add_string(K_S)
-         hm.add_string(Q_C_bytes)
-         # SEC1: V2.0  2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion
--        hm.add_string(self.Q_S.public_numbers().encode_point())
-+        hm.add_string(
-+            self.Q_S.public_bytes(
-+                serialization.Encoding.X962,
-+                serialization.PublicFormat.UncompressedPoint,
-+            )
-+        )
-         hm.add_mpint(long(K))
-         H = self.hash_algo(hm.asbytes()).digest()
-         self.transport._set_K_H(K, H)
-@@ -84,7 +95,12 @@ class KexNistp256:
-         m = Message()
-         m.add_byte(c_MSG_KEXECDH_REPLY)
-         m.add_string(K_S)
--        m.add_string(self.Q_S.public_numbers().encode_point())
-+        m.add_string(
-+            self.Q_S.public_bytes(
-+                serialization.Encoding.X962,
-+                serialization.PublicFormat.UncompressedPoint,
-+            )
-+        )
-         m.add_string(sig)
-         self.transport._send_message(m)
-         self.transport._activate_outbound()
-@@ -92,11 +108,11 @@ class KexNistp256:
-     def _parse_kexecdh_reply(self, m):
-         K_S = m.get_string()
-         Q_S_bytes = m.get_string()
--        self.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point(
-+        self.Q_S = ec.EllipticCurvePublicKey.from_encoded_point(
-             self.curve, Q_S_bytes
-         )
-         sig = m.get_binary()
--        K = self.P.exchange(ec.ECDH(), self.Q_S.public_key(default_backend()))
-+        K = self.P.exchange(ec.ECDH(), self.Q_S)
-         K = long(hexlify(K), 16)
-         # compute exchange hash and verify signature
-         hm = Message()
-@@ -108,7 +124,12 @@ class KexNistp256:
-         )
-         hm.add_string(K_S)
-         # SEC1: V2.0  2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion
--        hm.add_string(self.Q_C.public_numbers().encode_point())
-+        hm.add_string(
-+            self.Q_C.public_bytes(
-+                serialization.Encoding.X962,
-+                serialization.PublicFormat.UncompressedPoint,
-+            )
-+        )
-         hm.add_string(Q_S_bytes)
-         hm.add_mpint(K)
-         self.transport._set_K_H(K, self.hash_algo(hm.asbytes()).digest())
-Index: paramiko-2.4.2/setup.py
-===================================================================
---- paramiko-2.4.2.orig/setup.py
-+++ paramiko-2.4.2/setup.py
-@@ -73,7 +73,7 @@ setup(
-     ],
-     install_requires=[
-         "bcrypt>=3.1.3",
--        "cryptography>=1.5",
-+        "cryptography>=2.5",
-         "pynacl>=1.0.1",
-         "pyasn1>=0.1.7",
-     ],
-Index: paramiko-2.4.2/tests/test_kex.py
-===================================================================
---- paramiko-2.4.2.orig/tests/test_kex.py
-+++ paramiko-2.4.2/tests/test_kex.py
-@@ -42,20 +42,20 @@ def dummy_urandom(n):
- def dummy_generate_key_pair(obj):
-     private_key_value = 94761803665136558137557783047955027733968423115106677159790289642479432803037
-     public_key_numbers = "042bdab212fa8ba1b7c843301682a4db424d307246c7e1e6083c41d9ca7b098bf30b3d63e2ec6278488c135360456cc054b3444ecc45998c08894cbc1370f5f989"
--    public_key_numbers_obj = ec.EllipticCurvePublicNumbers.from_encoded_point(
-+    public_key_numbers_obj = ec.EllipticCurvePublicKey.from_encoded_point(
-         ec.SECP256R1(), unhexlify(public_key_numbers)
--    )
-+    ).public_numbers()
-     obj.P = ec.EllipticCurvePrivateNumbers(
-         private_value=private_key_value, public_numbers=public_key_numbers_obj
-     ).private_key(default_backend())
-     if obj.transport.server_mode:
--        obj.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point(
-+        obj.Q_S = ec.EllipticCurvePublicKey.from_encoded_point(
-             ec.SECP256R1(), unhexlify(public_key_numbers)
--        ).public_key(default_backend())
-+        )
-         return
--    obj.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point(
-+    obj.Q_C = ec.EllipticCurvePublicKey.from_encoded_point(
-         ec.SECP256R1(), unhexlify(public_key_numbers)
--    ).public_key(default_backend())
-+    )
- 
- 
- class FakeKey(object):

paramiko-2.4.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a8975a7df3560c9f1e2b43dc54ebd40fd00a7017392ca5445ce7df409f900fcb
-size 1207299

paramiko-2.5.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9f081281064b5180dc0ef60e256224a280ff16f603a99f3dd4ba6334ebb65f7e
+size 1224952

paramiko-test_extend_timeout.patch

@@ -1,8 +1,8 @@
-Index: paramiko-2.4.2/tests/test_buffered_pipe.py
+Index: paramiko-2.5.0/tests/test_buffered_pipe.py
 ===================================================================
---- paramiko-2.4.2.orig/tests/test_buffered_pipe.py
-+++ paramiko-2.4.2/tests/test_buffered_pipe.py
-@@ -69,7 +69,7 @@ class BufferedPipeTest(unittest.TestCase
+--- paramiko-2.5.0.orig/tests/test_buffered_pipe.py
++++ paramiko-2.5.0/tests/test_buffered_pipe.py
+@@ -68,7 +68,7 @@ class BufferedPipeTest(unittest.TestCase
              self.assertTrue(False)
          except PipeTimeout:
              pass
@@ -10,4 +10,4 @@ Index: paramiko-2.4.2/tests/test_buffered_pipe.py
 +        self.assertEqual(b"b", p.read(1, 3.0))
          self.assertEqual(b"", p.read(1))
  
-     def test_3_close_while_reading(self):
+     def test_close_while_reading(self):

python-paramiko.changes

@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Tue Jun 11 11:22:32 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- update to 2.5.0 
+- dropped 1379.patch
+- refreshed patches:
+    paramiko-test_extend_timeout.patch
+    relaxed.patch
+    1311.patch
+ * Add support for encrypt-then-MAC (ETM) schemes (hmac-sha2-256-etm@openssh.com,
+    hmac-sha2-512-etm@openssh.com) and two newer Diffie-Hellman group key exchange
+    algorithms (group14, using SHA256; and group16, using SHA512).
+ * Add support for Curve25519 key exchange.
+ * Raise Cryptography dependency requirement to version 2.5
+ * Add support for the modern (as of Python 3.3) import location of MutableMapping
+
 -------------------------------------------------------------------
 Wed Mar 13 14:01:04 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
 

python-paramiko.spec

@@ -18,7 +18,7 @@
 
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-paramiko
-Version:        2.4.2
+Version:        2.5.0
 Release:        0
 Summary:        SSH2 protocol library
 License:        LGPL-2.1-or-later
@@ -28,7 +28,6 @@ Source:         https://files.pythonhosted.org/packages/source/p/paramiko/parami
 Patch0:         paramiko-test_extend_timeout.patch
 Patch2:         relaxed.patch
 Patch3:         1311.patch
-Patch4:         1379.patch
 BuildRequires:  %{python_module PyNaCl >= 1.0.1}
 BuildRequires:  %{python_module bcrypt >= 3.1.3}
 BuildRequires:  %{python_module cryptography >= 2.5}

relaxed.patch

@@ -1,5 +1,7 @@
---- paramiko-2.4.2.orig/tests/test_client.py
-+++ paramiko-2.4.2/tests/test_client.py
+Index: paramiko-2.5.0/tests/test_client.py
+===================================================================
+--- paramiko-2.5.0.orig/tests/test_client.py
++++ paramiko-2.5.0/tests/test_client.py
 @@ -33,7 +33,7 @@ import warnings
  import weakref
  from tempfile import mkstemp
@@ -9,7 +11,7 @@
  
  import paramiko
  from paramiko.pkey import PublicBlob
-@@ -662,7 +662,7 @@ class PasswordPassphraseTests(ClientTest):
+@@ -662,7 +662,7 @@ class PasswordPassphraseTests(ClientTest
  
      # TODO: more granular exception pending #387; should be signaling "no auth
      # methods available" because no key and no password
@@ -18,12 +20,12 @@
      def test_passphrase_kwarg_not_used_for_password_auth(self):
          # Using the "right" password in the "wrong" field shouldn't work.
          self._test_connection(passphrase="pygmalion")
-@@ -683,7 +683,7 @@ class PasswordPassphraseTests(ClientTest):
+@@ -683,7 +683,7 @@ class PasswordPassphraseTests(ClientTest
              password="television",
          )
  
 -    @raises(AuthenticationException)  # TODO: more granular
 +    @pytest.mark.xfail(raises=AuthenticationException)  # TODO: more granular
-     def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given(
+     def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given(  # noqa
          self
-     ):  # noqa
+     ):