Accepting request 1310589 from devel:languages:python

- Add fido2-compat.patch to restore compatibility with python-fido2 >= 2
- Update requirements from pyproject.toml
- Update to 2.21.1
  * Added the capability to defer invoking passphrase callback until
    an encrypted private key is actually used in a signing operation,
    rather than triggering the callback when keys are loaded. This
    will only work when a public key is provided with an encrypted
    private key either explicitly or as part of the key format (such
    as in OpenSSH's private key format).
  * Improved handling of KeyboardInterrupt and task cancellation in
    SCP. Thanks go to Viktor Kertesz for reporting this issue and
    helping to understand the behavior in various versions of Python.
  * Fixed the env option to support mappings other than dict. Thanks
    go to Boris Pavlovic for reporting this issue.
  * Fixed a potential race condition in SSHForwarder cleanup. Thanks
    go to GitHub user misa-hase for reporting this issue and helping
    to test the fix.

OBS-URL: https://build.opensuse.org/request/show/1310589
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-asyncssh?expand=0&rev=32

asyncssh-2.14.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e956bf8988d07a06ba3305f6604e261f4ca014c4a232f0873f1c7692fbe3cfc2
-size 498190

asyncssh-2.21.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9943802955e2131536c2b1e71aacc68f56973a399937ed0b725086d7461c990c
+size 540515

fido2-compat.patch

@@ -0,0 +1,176 @@
+From b9e58a3914c7d1df7f2c096e8c1c0220799e247f Mon Sep 17 00:00:00 2001
+From: Ron Frederick <ronf@timeheart.net>
+Date: Fri, 3 Oct 2025 17:44:39 -0700
+Subject: [PATCH] Update asycnssh to use version 2 of the fido2 package
+
+---
+ asyncssh/sk.py   | 33 ++++++++++++++++++++++-----------
+ pyproject.toml   |  2 +-
+ tests/sk_stub.py | 26 +++++++++++++++++++++-----
+ 3 files changed, 44 insertions(+), 17 deletions(-)
+
+diff --git a/asyncssh/sk.py b/asyncssh/sk.py
+index ca5aef7..bb02ed2 100644
+--- a/asyncssh/sk.py
++++ b/asyncssh/sk.py
+@@ -128,7 +128,9 @@ def _ctap2_enroll(dev: 'CtapHidDevice', alg: int, application: str,
+ def _win_enroll(alg: int, application: str, user: str) -> Tuple[bytes, bytes]:
+     """Enroll a new security key using Windows WebAuthn API"""
+ 
+-    client = WindowsClient(application, verify=_verify_rp_id)
++    data_collector = DefaultClientDataCollector(origin=application,
++                                                verify=_verify_rp_id)
++    client = WindowsClient(data_collector)
+ 
+     rp = {'id': application, 'name': application}
+     user_cred = {'id': user.encode('utf-8'), 'name': user}
+@@ -137,7 +139,8 @@ def _win_enroll(alg: int, application: str, user: str) -> Tuple[bytes, bytes]:
+                'pubKeyCredParams': key_params}
+ 
+     result = client.make_credential(options)
+-    cdata = result.attestation_object.auth_data.credential_data
++    response = result.response
++    cdata = response.attestation_object.auth_data.credential_data
+ 
+     # pylint: disable=no-member
+     return _decode_public_key(alg, cdata.public_key), cdata.credential_id
+@@ -188,17 +191,20 @@ def _win_sign(data: bytes, application: str,
+               key_handle: bytes) -> Tuple[int, int, bytes, bytes]:
+     """Sign a message with a security key using Windows WebAuthn API"""
+ 
+-    client = WindowsClient(application, verify=_verify_rp_id)
++    data_collector = DefaultClientDataCollector(origin=application,
++                                                verify=_verify_rp_id)
++    client = WindowsClient(data_collector)
+ 
+     creds = [{'type': 'public-key', 'id': key_handle}]
+     options = {'challenge': data, 'rpId': application,
+                'allowCredentials': creds}
+ 
+     result = client.get_assertion(options).get_response(0)
+-    auth_data = result.authenticator_data
++    response = result.response
++    auth_data = response.authenticator_data
+ 
+     return auth_data.flags, auth_data.counter, \
+-           result.signature, bytes(result.client_data)
++           response.signature, bytes(response.client_data)
+ 
+ 
+ def sk_webauthn_prefix(data: bytes, application: str) -> bytes:
+@@ -327,7 +333,7 @@ def sk_get_resident(application: str, user: Optional[str],
+ 
+ 
+ try:
+-    from fido2.client import WindowsClient
++    from fido2.client import DefaultClientDataCollector
+     from fido2.ctap import CtapError
+     from fido2.ctap1 import Ctap1, APDU, ApduError
+     from fido2.ctap2 import Ctap2, ClientPin, PinProtocolV1
+@@ -335,13 +341,8 @@ def sk_get_resident(application: str, user: Optional[str],
+     from fido2.hid import CtapHidDevice
+ 
+     sk_available = True
+-
+-    sk_use_webauthn = WindowsClient.is_available() and \
+-                      hasattr(ctypes, 'windll') and \
+-                      not ctypes.windll.shell32.IsUserAnAdmin()
+ except (ImportError, OSError, AttributeError): # pragma: no cover
+     sk_available = False
+-    sk_use_webauthn = False
+ 
+     def _sk_not_available(*args: object, **kwargs: object) -> NoReturn:
+         """Report that security key support is unavailable"""
+@@ -351,3 +352,13 @@ def _sk_not_available(*args: object, **kwargs: object) -> NoReturn:
+     sk_enroll = _sk_not_available
+     sk_sign = _sk_not_available
+     sk_get_resident = _sk_not_available
++
++try:
++    from fido2.client.windows import WindowsClient
++
++    sk_use_webauthn = WindowsClient.is_available() and \
++                      hasattr(ctypes, 'windll') and \
++                      not ctypes.windll.shell32.IsUserAnAdmin()
++except ImportError:
++    WindowsClient = None
++    sk_use_webauthn = False
+diff --git a/pyproject.toml b/pyproject.toml
+index ea30886..2f4f113 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -35,7 +35,7 @@ dynamic = ['version']
+ 
+ [project.optional-dependencies]
+ bcrypt    = ['bcrypt >= 3.1.3']
+-fido2     = ['fido2 >= 0.9.2, < 2']
++fido2     = ['fido2 >= 2']
+ gssapi    = ['gssapi >= 1.2.0']
+ libnacl   = ['libnacl >= 1.4.2']
+ pkcs11    = ['python-pkcs11 >= 0.7.0']
+diff --git a/tests/sk_stub.py b/tests/sk_stub.py
+index 0926e4e..090f150 100644
+--- a/tests/sk_stub.py
++++ b/tests/sk_stub.py
+@@ -93,6 +93,13 @@ def __init__(self, attestation_object):
+         self.attestation_object = attestation_object
+ 
+ 
++class _RegistrationResponse:
++    """Security key registration response"""
++
++    def __init__(self, attestation_response):
++        self.response = attestation_response
++
++
+ class _AuthenticatorData:
+     """Security key authenticator data in aseertion"""
+ 
+@@ -110,6 +117,13 @@ def __init__(self, client_data, auth_data, signature):
+         self.signature = signature
+ 
+ 
++class _AuthenticationResponse:
++    """Security key authentication response"""
++
++    def __init__(self, response):
++        self.response = response
++
++
+ class _AssertionSelection:
+     """Security key assertion response list"""
+ 
+@@ -261,9 +275,9 @@ def get_assertions(self, application, message_hash, allow_creds, options):
+ class WindowsClient(_CtapStub):
+     """Stub for unit testing U2F security keys via Windows WebAuthn"""
+ 
+-    def __init__(self, origin, verify):
+-        self._origin = origin
+-        self._verify = verify
++    def __init__(self, data_collector):
++        self._origin = data_collector._origin
++        self._verify = data_collector._verify
+ 
+     def make_credential(self, options):
+         """Make a credential using Windows WebAuthN API"""
+@@ -275,8 +289,9 @@ def make_credential(self, options):
+         public_key, key_handle = self._enroll(alg)
+ 
+         cdata = _CredentialData(alg, public_key, key_handle)
++        attestation_object = _Credential(_CredentialAuthData(cdata))
+ 
+-        return _AttestationResponse(_Credential(_CredentialAuthData(cdata)))
++        return _RegistrationResponse(_AttestationResponse(attestation_object))
+ 
+     def get_assertion(self, options):
+         """Get assertion using Windows WebAuthN API"""
+@@ -297,7 +312,8 @@ def get_assertion(self, options):
+                                          key_handle, flags)
+ 
+         auth_data = _AuthenticatorData(flags, counter)
+-        assertion = _AssertionResponse(data, auth_data, sig)
++        response = _AssertionResponse(data, auth_data, sig)
++        assertion = _AuthenticationResponse(response)
+ 
+         return _AssertionSelection([assertion])
+ 

python-asyncssh.changes

@@ -1,3 +1,272 @@
+-------------------------------------------------------------------
+Fri Oct 10 11:51:00 UTC 2025 - Nico Krapp <nico.krapp@suse.com>
+
+- Add fido2-compat.patch to restore compatibility with python-fido2 >= 2
+- Update requirements from pyproject.toml
+
+-------------------------------------------------------------------
+Thu Oct  9 12:26:08 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 2.21.1
+  * Added the capability to defer invoking passphrase callback until
+    an encrypted private key is actually used in a signing operation,
+    rather than triggering the callback when keys are loaded. This
+    will only work when a public key is provided with an encrypted
+    private key either explicitly or as part of the key format (such
+    as in OpenSSH's private key format).
+  * Improved handling of KeyboardInterrupt and task cancellation in
+    SCP. Thanks go to Viktor Kertesz for reporting this issue and
+    helping to understand the behavior in various versions of Python.
+  * Fixed the env option to support mappings other than dict. Thanks
+    go to Boris Pavlovic for reporting this issue.
+  * Fixed a potential race condition in SSHForwarder cleanup. Thanks
+    go to GitHub user misa-hase for reporting this issue and helping
+    to test the fix.
+
+-------------------------------------------------------------------
+Sat Jul 12 17:35:09 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.21.0:
+  * Added sparse file support for SFTP, allowing file copying
+    which automatically skips over any "holes" in a source file,
+    transferring only the data ranges which are actually present.
+  * Added support for applications to request that session,
+    connection, or TUN/TAP requests arriving on an
+    SSHServerConnection be forwarded out some other established
+    SSHClientConnection. Callback methods on SSHServer which
+    decide how to handle these requests can now return an
+    SSHClientConnection to set up this tunneling, instead of
+    having to accept the request and implement their own
+    forwarding logic.
+  * Further hardened the SSH key exchange process to make
+    AsyncSSH more strict when accepting messages during key
+    exchange. Thanks go to Fabian Bäumer and Marcus Brinkmann for
+    identifying potential issues here.
+  * Added support for the auth_completed callback in SSHServer to
+    be either a callable or a coroutine, allowing async
+    operations to be performed when user authentication completes
+    successfully, prior to accepting session requests.
+  * Added support for the sftp_factory config argument be either
+    a callable or a coroutine, allowing async operations to be
+    performed when starting up a new SFTP server session.
+  * Fixed a bug where the exit() method of SFTPServer didn't
+    handle being declared as a coroutine. Thanks go to C. R.
+    Oldham for reporting this issue.
+  * Improved handling of exceptions in connection_lost()
+    callbacks. Exceptions in connection_lost() will now be
+    reported in the debug log, but other cleanup code in AsyncSSH
+    will continue, ignoring those exceptions. Thanks go to Danil
+    Slinchuk for reporting this issue.
+  * Added support for specifying an explicit path when
+    configuring agent forwarding. Thanks go to Aleksandr Ilin for
+    pointing out that this options supports more than just a
+    boolean value.
+  * Added support for environment variable expansion in SSH
+    config, for options which support percent expansion.
+  * Added a new begin_auth callback in SSHClient, reporting the
+    username being sent during SSH client authentication. This
+    can be useful when the user is conditionally set via an SSH
+    config file.
+  * Improved strict-kex interoperability during re-keying. Thanks
+    go to GitHub user emeryalden for reporting this issue and
+    helping to track down the source of the problem.
+  * Updated SFTP max_requests default to reduce memory usage when
+    using large block sizes.
+  * Updated testing to add Python 3.13 and drop Python 3.7,
+    avoiding deprecation warnings from the cryptography package.
+  * Fixed unit test issues under Windows, allowing unit tests to
+    run on Windows on all supported versions of Python.
+  * Fixed a couple of issues with Python 3.14. Thanks go to Georg
+    Sauthoff for initially reporting this.
+  * Added support for WebAuthN authentication with U2F security
+    keys, allowing non-admin Windows users to use these keys for
+    authentication. Previously, authentication with U2F keys
+    worked on Windows, but only for admin users.
+  * Added support for hostname canonicalization, compatible with
+    the configuration parameters used in OpenSSH, as well as
+    support for the "canonical" and "final" match keywords and
+    negation support for match. Thanks go to GitHub user
+    commonism who suggested this and provided a proposed
+    implementation for negation.
+  * Added client and server support for SFTP copy-data extension
+    and a new SFTP remote_copy() function which allows data to be
+    moved between two remote files without downloading and re-
+    uploading the data. Thanks go to Ali Khosravi for suggesting
+    this addition.
+  * Moved project metadata from setup.py to pyproject.toml.
+    Thanks go to Marc Mueller for contributing this.
+  * Updated SSH connection to keep strong references to
+    outstanding tasks, to avoid potential issues with the garbage
+    collector while the connection is active. Thanks go to GitHub
+    user Birnendampf for pointing out this potential issue and
+    suggesting a simple fix.
+  * Fixed some issues with block_size argument in SFTP copy
+    functions. Thanks go to Krzysztof Kotlenga for finding and
+    reporting these issues.
+  * Fixed an import error when fido2 package wasn't available.
+    Thanks go to GitHub user commonism for reporting this issue.
+
+-------------------------------------------------------------------
+Fri Jun 13 05:35:08 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Switch to pyproject macros.
+
+-------------------------------------------------------------------
+Thu Nov  7 12:11:27 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 2.18.0
+  * Added support for post-quantum ML-KEM key exchange algorithms,
+    interoperable with OpenSSH 9.9.
+  * Added support for the OpenSSH "limits" extension, allowing the
+    client to query server limits such as the maximum supported read
+    and write sizes. The client will automatically default to the reported
+    maximum size on servers that support this extension.
+  * Added more ways to specify environment variables via the `env` option.
+    Sequences of either 'key=value' strings or (key, value) tuples are now
+    supported, in addition to a dict.
+  * Added support for getting/setting environment variables as byte strings
+    on platforms which support it. Previously, only Unicode strings were
+    accepted and they were always encoded on the wire using UTF-8.
+  * Added support for non-TCP sockets (such as a socketpair) as the `sock`
+    parameter in connect calls. Thanks go to Christian Wendt for reporting
+    this problem and proposing a fix.
+  * Changed compression to be disabled by default to avoid it becoming a
+    performance bottleneck on high-bandwidth connections. This now also
+    matches the OpenSSH default.
+  * Improved speed of parallelized SFTP reads when read-ahead goes beyond
+    the end of the file. Thanks go to Maximilian Knespel for reporting
+    this issue and providing performance measurements on the code before
+    and after the change.
+  * Improved cancellation handling during SCP transfers.
+  * Improved support for selecting the currently available security key
+    when the application lists multiple keys to try. Thanks go to GitHub
+    user zanda8893 for reporting the issue and helping to work out the
+    details of the problem.
+  * Improved handling of reverse DNS failures in host-based authentication.
+    Thanks go to GitHub user xBiggs for suggesting this change.
+  * Improved debug logging of byte strings with non-printable characters.
+  * Switched to using an executor on GSSAPI calls to avoid blocking the
+    event loop.
+  * Fixed handling of "UserKnownHostsFile none" in config files. This
+    previously caused it to use the default known hosts, rather than
+    disabling known host checking.
+  * Fixed a runtime warning about not awaiting a coroutine in unit tests.
+  * Fixed a unit test failure on Windows when calling abort on a transport.
+  * Fixed a problem where a "MAC verification failed" error was sometimes
+    sent on connection close.
+  * Fixed SSHClientProcess code to not raise a runtime exception when
+    waiting more than once for a process to finish. Thanks go to GitHub
+    user starflows for reporting this issue.
+  * Handled an error when attempting to import older verions of pyOpenSSL.
+    Thanks go to Maximilian Knespel for reporting this issue and testing
+    the fix.
+  * Updated simple_server example code to switch from crypt to bcrypt,
+    since crypt has been removed in Python 3.13. Thanks go to Colin
+    Watson for providing this update.
+
+-------------------------------------------------------------------
+Thu Sep 26 20:05:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
+
+- update to 2.17.0:
+  * Add support for specifying a per-connection credential store
+    for GSSAPI authentication.
+  * Fixed a regression introduced in AsyncSSH 2.15.0 which could
+    cause connections to be closed with an uncaught exception when
+    a session on the connection was closed.
+  * Added a workaround where getaddrinfo() on some systems may
+    return duplicate entries, causing bind() to fail when opening
+    a listener.
+  * Relaxed padding length check on OpenSSH private keys to
+    provide better compatibility with keys generated by PuTTYgen.
+  * Improved documentation on SSHClient and SSHServer classes to
+    explain when they are created and their relationship to the
+    SSHClientConnection and SSHServerConnection classes.
+  * Updated examples to use Python 3.7 and made some minor
+    improvements.
+- update to 2.16.0:
+  * Added client and server support for the OpenSSH "hostkeys"
+    extension. When using known_hosts, clients can provide a
+    handler which will be called with the changes between the
+    keys currently trusted in the client's known hosts and those
+    available on the server. On the server side, an application
+    can choose whether or not to enable the sending of this host
+    key information.
+  * Related to the above, AsyncSSH now allows the configuration of
+    multiple server host keys of the same type when the
+    send_server_host_keys option is enabled. Only the first key of
+    each type will be used in the SSH handshake, but the others can
+    appear in the list of supported host keys for clients to begin
+    trusting, allowing for smoother key rotation.
+  * Fixed logging and typing issues in SFTP high-level copy
+    functions. A mix of bytes, str, and PurePath entries are now
+    supported in places where a list of file paths is allowed, and
+    the type signatures have been updated to reflect that the
+    functions accept either a single path or a list of paths.
+  * Improved typing on SFTP listdir() function.
+  * Reworked the config file parser to improve on a previous fix
+    related to handling key/value pairs with an equals delimiter.
+  * Improved handling of ciphers deprecated in cryptography 43.0.0.
+  * Improved support for use of Windows pathnames in ProxyCommand.
+
+-------------------------------------------------------------------
+Fri Aug  9 06:53:42 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.15.0:
+  * Added experimental support for tunneling of TUN/TAP network
+    interfaces on Linux and macOS, allowing for either automatic
+    packet forwarding or explicit reading and writing of packets
+    sent through the tunnel by the application. Both callback and
+    stream APIs are available.
+  * Added support for forwarding terminal size and terminal size
+    changes when stdin on an SSHServerProcess is redirected to a
+    local TTY.
+  * Added support for multiple tunnel/ProxyJump hosts. Thanks go
+    to Adam Martin for suggesting this enhancement and proposing
+    a solution.
+  * Added support for OpenSSH lsetstat SFTP extension to set
+    attributes on symbolic links on platforms which support that
+    and use it to improve symlink handling in the SFTP get, put,
+    and copy methods. In addition, a follow_symlinks option has
+    been added on various SFTPClient methods which get and set
+    these attributes. Thanks go to GitHub user eyalgolan1337 for
+    reporting this issue.
+  * Added support for password and passphrase arguments to be a
+    callable or awaitable, called when performing authentication
+    or loading encrypted private keys. Thanks go to GitHub user
+    goblin for suggesting this enhancement.
+  * Added support for proper flow control when using
+    AsyncFileWriter or StreamWriter classes to do SSH process
+    redirection. Thanks go to Benjy Wiener for reporting this
+    issue and providing feedback on the fix.
+  * Added is_closed() method
+    SSHClientConnection/SSHServerConnection to return whether the
+    associated network connection is closed or not.
+  * Added support for setting and matching tags in OpenSSH config
+    files.
+  * Added an example of using "await" in addition to "async with"
+    when opening a new SSHClientConnection. Thanks go to Michael
+    Davis for suggesting this added documentation.
+  * Improved handling CancelledError in SCP, avoiding an issue
+    where AsyncSSH could sometimes get stuck waiting for the
+    channel to close. Thanks go to Max Orlov for reporting the
+    problem and providing code to reproduce it.
+  * Fixed a regression from 2.14.1 related to rekeying an SSH
+    connection when there's acitivty on the connection in the
+    middle of rekeying. Thanks go to GitHub user eyalgolan1337
+    for helping to narrow down this problem and test the fix.
+  * Fixed a problem with process redirection when a close is
+    received without a preceding EOF. Thanks go to GitHub user
+    xuoguoto who helped to provide sample scripts and ran tests
+    to help track this down.
+  * Fixed the processing of paths in SFTP client symlink
+    requests. Thanks go to André Glüpker for reporting the
+    problem and providing test code to demonstrate it.
+  * Fixed an OpenSSH config file parsing issue. Thanks go to
+    Siddh Raman Pant for reporting this issue.
+  * Worked around a bug in a user auth banner generated by the
+    cryptlib library. Thanks go to GitHub user mmayomoar for
+    reporting this issue and suggesting a fix.
+
 -------------------------------------------------------------------
 Mon Dec 18 15:55:18 UTC 2023 - Dirk Müller <dmueller@suse.com>
 

python-asyncssh.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-asyncssh
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-asyncssh
-Version:        2.14.2
+Version:        2.21.1
 Release:        0
 Summary:        Asynchronous SSHv2 client and server library
 License:        EPL-2.0 OR GPL-2.0-or-later
@@ -26,29 +26,31 @@ Group:          Development/Languages/Python
 URL:            https://github.com/ronf/asyncssh
 Source:         https://files.pythonhosted.org/packages/source/a/asyncssh/asyncssh-%{version}.tar.gz
 Patch0:         gss_test.patch
+# PATCH-FIX-UPSTREAM fido2-compat.patch
+Patch1:         fido2-compat.patch
 # SECTION test requirements
 BuildRequires:  %{python_module bcrypt >= 3.1.3}
-BuildRequires:  %{python_module cryptography >= 2.8}
+BuildRequires:  %{python_module cryptography >= 39.0}
-BuildRequires:  %{python_module fido2 >= 0.8.1}
+BuildRequires:  %{python_module fido2 >= 2}
 BuildRequires:  %{python_module gssapi >= 1.2.0}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pyOpenSSL >= 17.0.0}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module setuptools}
-BuildRequires:  %{python_module typing_extensions}
+BuildRequires:  %{python_module typing_extensions >= 4.0.0}
-BuildRequires:  %{python_module uvloop >= 0.9.1}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  openssh
 BuildRequires:  openssl
-BuildRequires:  (libnettle8 if python38-base)
 # /SECTION
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-bcrypt >= 3.1.3
+Requires:       python-cryptography >= 39.0
-Requires:       python-cryptography >= 2.8
+Requires:       python-typing_extensions >= 4.0.0
-Requires:       python-gssapi >= 1.2.0
+Recommends:     python-bcrypt >= 3.1.3
-Requires:       python-libnacl >= 1.4.2
+Recommends:     python-fido2 >= 2
-Requires:       python-pyOpenSSL >= 17.0.0
+Recommends:     python-gssapi >= 1.2.0
-Recommends:     libnettle8
+Recommends:     python-libnacl >= 1.4.2
-Recommends:     python-fido2 >= 0.8.1
+Recommends:     python-pyOpenSSL >= 23.0.0
 BuildArch:      noarch
 
 %python_subpackages
@@ -61,10 +63,10 @@ server implementation of the SSHv2 protocol on top of the Python asyncio framewo
 %autosetup -p1 -n asyncssh-%{version}
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
@@ -74,6 +76,6 @@ server implementation of the SSHv2 protocol on top of the Python asyncio framewo
 %license LICENSE COPYRIGHT
 %doc README.rst
 %{python_sitelib}/asyncssh
-%{python_sitelib}/asyncssh-%{version}*-info
+%{python_sitelib}/asyncssh-%{version}.dist-info
 
 %changelog