pool/python-paramiko
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 676253 from devel:languages:python

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/676253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-paramiko?expand=0&rev=43
This commit is contained in:
Stephan Kulow 2019-02-17 11:19:00 +00:00 committed by Git OBS Bridge
commit 604f3dae5f
6 changed files with 1387 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1161
1311.patch Normal file
View File

File diff suppressed because it is too large Load Diff

172
1379.patch Normal file
View File

@ -0,0 +1,172 @@
From 36fbe57629cbbb7bf0f4a1e98c43352b82fe181d Mon Sep 17 00:00:00 2001
From: Andrew Wason <rectalogic@rectalogic.com>
Date: Wed, 6 Feb 2019 10:56:53 -0500
Subject: [PATCH 1/4] Move to cryptography 2.5 and stop using deprecated APIs.
Fixes #1369
---
paramiko/ecdsakey.py | 4 ++--
paramiko/kex_ecdh_nist.py | 37 +++++++++++++++++++++++++++++--------
setup.py | 2 +-
tests/test_kex.py | 12 ++++++------
5 files changed, 40 insertions(+), 19 deletions(-)
Index: paramiko-2.4.2/paramiko/ecdsakey.py
===================================================================
--- paramiko-2.4.2.orig/paramiko/ecdsakey.py
+++ paramiko-2.4.2/paramiko/ecdsakey.py
@@ -160,12 +160,12 @@ class ECDSAKey(PKey):
pointinfo = msg.get_binary()
try:
- numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(
+ key = ec.EllipticCurvePublicKey.from_encoded_point(
self.ecdsa_curve.curve_class(), pointinfo
)
+ self.verifying_key = key
except ValueError:
raise SSHException("Invalid public key")
- self.verifying_key = numbers.public_key(backend=default_backend())
@classmethod
def supported_key_format_identifiers(cls):
Index: paramiko-2.4.2/paramiko/kex_ecdh_nist.py
===================================================================
--- paramiko-2.4.2.orig/paramiko/kex_ecdh_nist.py
+++ paramiko-2.4.2/paramiko/kex_ecdh_nist.py
@@ -9,6 +9,7 @@ from paramiko.py3compat import byte_chr,
from paramiko.ssh_exception import SSHException
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import ec
+from cryptography.hazmat.primitives import serialization
from binascii import hexlify
_MSG_KEXECDH_INIT, _MSG_KEXECDH_REPLY = range(30, 32)
@@ -36,7 +37,12 @@ class KexNistp256:
m = Message()
m.add_byte(c_MSG_KEXECDH_INIT)
# SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion
- m.add_string(self.Q_C.public_numbers().encode_point())
+ m.add_string(
+ self.Q_C.public_bytes(
+ serialization.Encoding.X962,
+ serialization.PublicFormat.UncompressedPoint,
+ )
+ )
self.transport._send_message(m)
self.transport._expect_packet(_MSG_KEXECDH_REPLY)
@@ -58,11 +64,11 @@ class KexNistp256:
def _parse_kexecdh_init(self, m):
Q_C_bytes = m.get_string()
- self.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point(
+ self.Q_C = ec.EllipticCurvePublicKey.from_encoded_point(
self.curve, Q_C_bytes
)
K_S = self.transport.get_server_key().asbytes()
- K = self.P.exchange(ec.ECDH(), self.Q_C.public_key(default_backend()))
+ K = self.P.exchange(ec.ECDH(), self.Q_C)
K = long(hexlify(K), 16)
# compute exchange hash
hm = Message()
@@ -75,7 +81,12 @@ class KexNistp256:
hm.add_string(K_S)
hm.add_string(Q_C_bytes)
# SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion
- hm.add_string(self.Q_S.public_numbers().encode_point())
+ hm.add_string(
+ self.Q_S.public_bytes(
+ serialization.Encoding.X962,
+ serialization.PublicFormat.UncompressedPoint,
+ )
+ )
hm.add_mpint(long(K))
H = self.hash_algo(hm.asbytes()).digest()
self.transport._set_K_H(K, H)
@@ -84,7 +95,12 @@ class KexNistp256:
m = Message()
m.add_byte(c_MSG_KEXECDH_REPLY)
m.add_string(K_S)
- m.add_string(self.Q_S.public_numbers().encode_point())
+ m.add_string(
+ self.Q_S.public_bytes(
+ serialization.Encoding.X962,
+ serialization.PublicFormat.UncompressedPoint,
+ )
+ )
m.add_string(sig)
self.transport._send_message(m)
self.transport._activate_outbound()
@@ -92,11 +108,11 @@ class KexNistp256:
def _parse_kexecdh_reply(self, m):
K_S = m.get_string()
Q_S_bytes = m.get_string()
- self.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point(
+ self.Q_S = ec.EllipticCurvePublicKey.from_encoded_point(
self.curve, Q_S_bytes
)
sig = m.get_binary()
- K = self.P.exchange(ec.ECDH(), self.Q_S.public_key(default_backend()))
+ K = self.P.exchange(ec.ECDH(), self.Q_S)
K = long(hexlify(K), 16)
# compute exchange hash and verify signature
hm = Message()
@@ -108,7 +124,12 @@ class KexNistp256:
)
hm.add_string(K_S)
# SEC1: V2.0 2.3.3 Elliptic-Curve-Point-to-Octet-String Conversion
- hm.add_string(self.Q_C.public_numbers().encode_point())
+ hm.add_string(
+ self.Q_C.public_bytes(
+ serialization.Encoding.X962,
+ serialization.PublicFormat.UncompressedPoint,
+ )
+ )
hm.add_string(Q_S_bytes)
hm.add_mpint(K)
self.transport._set_K_H(K, self.hash_algo(hm.asbytes()).digest())
Index: paramiko-2.4.2/setup.py
===================================================================
--- paramiko-2.4.2.orig/setup.py
+++ paramiko-2.4.2/setup.py
@@ -73,7 +73,7 @@ setup(
],
install_requires=[
"bcrypt>=3.1.3",
- "cryptography>=1.5",
+ "cryptography>=2.5",
"pynacl>=1.0.1",
"pyasn1>=0.1.7",
],
Index: paramiko-2.4.2/tests/test_kex.py
===================================================================
--- paramiko-2.4.2.orig/tests/test_kex.py
+++ paramiko-2.4.2/tests/test_kex.py
@@ -42,20 +42,20 @@ def dummy_urandom(n):
def dummy_generate_key_pair(obj):
private_key_value = 94761803665136558137557783047955027733968423115106677159790289642479432803037
public_key_numbers = "042bdab212fa8ba1b7c843301682a4db424d307246c7e1e6083c41d9ca7b098bf30b3d63e2ec6278488c135360456cc054b3444ecc45998c08894cbc1370f5f989"
- public_key_numbers_obj = ec.EllipticCurvePublicNumbers.from_encoded_point(
+ public_key_numbers_obj = ec.EllipticCurvePublicKey.from_encoded_point(
ec.SECP256R1(), unhexlify(public_key_numbers)
- )
+ ).public_numbers()
obj.P = ec.EllipticCurvePrivateNumbers(
private_value=private_key_value, public_numbers=public_key_numbers_obj
).private_key(default_backend())
if obj.transport.server_mode:
- obj.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point(
+ obj.Q_S = ec.EllipticCurvePublicKey.from_encoded_point(
ec.SECP256R1(), unhexlify(public_key_numbers)
- ).public_key(default_backend())
+ )
return
- obj.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point(
+ obj.Q_C = ec.EllipticCurvePublicKey.from_encoded_point(
ec.SECP256R1(), unhexlify(public_key_numbers)
- ).public_key(default_backend())
+ )
class FakeKey(object):

13
disable-gssapi.patch
View File

@ -1,13 +0,0 @@
Index: paramiko-2.4.2/paramiko/ssh_gss.py
===================================================================
--- paramiko-2.4.2.orig/paramiko/ssh_gss.py
+++ paramiko-2.4.2/paramiko/ssh_gss.py
@@ -53,7 +53,7 @@ try:
import gssapi
GSS_EXCEPTIONS = (gssapi.GSSException,)
-except (ImportError, OSError):
+except (ImportError, OSError, AttributeError):
try:
import pywintypes
import sspicon

16
python-paramiko.changes
View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Thu Feb 14 20:49:56 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
- add empty line after %autopatch: build fails up to 42.3 otherwise
-------------------------------------------------------------------
Thu Feb 14 17:00:13 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
- drop python-pytest_relaxed dependency
- add patches:
1311.patch - fix warnings
1379.patch - fix support for gssapi
relaxed.patch - remove unnecessary pytest_relaxed dep
- remove patch:
disable-gssapi.patch - supersseded
-------------------------------------------------------------------
Tue Dec 4 12:51:08 UTC 2018 - Matej Cepl <mcepl@suse.com>

15
python-paramiko.spec
View File

@ -29,22 +29,25 @@ Source: https://files.pythonhosted.org/packages/source/p/paramiko/parami
# certificates needed by testsuite
Source1: cert_support.tar.gz
Patch0: paramiko-test_extend_timeout.patch
Patch1: disable-gssapi.patch
Patch2: relaxed.patch
Patch3: 1311.patch
Patch4: 1379.patch
BuildRequires: %{python_module PyNaCl >= 1.0.1}
BuildRequires: %{python_module bcrypt >= 3.1.3}
BuildRequires: %{python_module cryptography >= 1.1}
BuildRequires: %{python_module cryptography >= 2.5}
BuildRequires: %{python_module gssapi}
BuildRequires: %{python_module pyasn1 >= 0.1.7}
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
Recommends: python-gssapi
Requires: python-PyNaCl >= 1.0.1
Requires: python-bcrypt >= 3.1.3
Requires: python-cryptography >= 1.5
Requires: python-cryptography >= 2.5
Requires: python-pyasn1 >= 0.1.7
BuildArch: noarch
%if %{with test}
BuildRequires: %{python_module mock}
BuildRequires: %{python_module pytest-relaxed}
BuildRequires: %{python_module pytest}
%endif
%python_subpackages
@ -70,8 +73,8 @@ This package contains the documentation.
%prep
%setup -q -n paramiko-%{version}
%patch0 -p1
%patch1 -p1
%autopatch -p1
# Fix non-executable script rpmlint issue:
find demos -name "*.py" -exec sed -i "/#\!\/usr\/bin\/.*/d" {} \;
tar xvzf %{SOURCE1} -C tests/

29
relaxed.patch Normal file
View File

@ -0,0 +1,29 @@
--- paramiko-2.4.2.orig/tests/test_client.py
+++ paramiko-2.4.2/tests/test_client.py
@@ -33,7 +33,7 @@ import warnings
import weakref
from tempfile import mkstemp
-from pytest_relaxed import raises
+import pytest
import paramiko
from paramiko.pkey import PublicBlob
@@ -662,7 +662,7 @@ class PasswordPassphraseTests(ClientTest):
# TODO: more granular exception pending #387; should be signaling "no auth
# methods available" because no key and no password
- @raises(SSHException)
+ @pytest.mark.xfail(raises=SSHException)
def test_passphrase_kwarg_not_used_for_password_auth(self):
# Using the "right" password in the "wrong" field shouldn't work.
self._test_connection(passphrase="pygmalion")
@@ -683,7 +683,7 @@ class PasswordPassphraseTests(ClientTest):
password="television",
)
- @raises(AuthenticationException) # TODO: more granular
+ @pytest.mark.xfail(raises=AuthenticationException) # TODO: more granular
def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given(
self
): # noqa