File python-paramiko.changes of Package python-paramiko

-------------------------------------------------------------------
Sun Aug 18 17:53:00 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>

- Update to 3.4.1:
  * Fix a 64-bit-ism in the test suite so the tests don't
    encounter a false negative on 32-bit systems.
  * Modify a test-harness skiptest check to work with newer
    versions of Cryptography.
  * Massage our import of the TripleDES cipher to support
    Cryptography >=43; this should prevent
    CryptographyDeprecationWarning from appearing upon import.
- Remove patches that are not needed anymore since they've
  been fixed upstream:
  * support-pytest-8.patch
  * use-64-bit-maxsize-everywhere.patch

-------------------------------------------------------------------
Tue May 14 03:27:34 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>

- Add patch support-pytest-8.patch:
  * Use non-deprecated setup method to support pytest >= 8.

-------------------------------------------------------------------
Wed Dec 20 06:57:15 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>

- Update to 3.4.0: (CVE-2023-48795, bsc#1218168)
  * Transport grew a new packetizer_class kwarg for overriding the
    packet-handler class used internally.
  * Address CVE 2023-48795 (aka the "Terrapin Attack", a vulnerability found
    in the SSH protocol re: treatment of packet sequence numbers) as follows:
    + The vulnerability only impacts encrypt-then-MAC digest algorithms in
      tandem with CBC ciphers, and ChaCha20-poly1305; of these, Paramiko
      currently only implements hmac-sha2-(256|512)-etm in tandem with
      AES-CBC.
    + As the fix for the vulnerability requires both ends of the connection
      to cooperate, the below changes will only take effect when the remote
      end is OpenSSH >= 9.6 (or equivalent, such as Paramiko in server mode,
      as of this patch version) and configured to use the new
      "strict kex" mode.
    + Paramiko will now raise an SSHException subclass (MessageOrderError)
      when protocol messages are received in unexpected order. This includes
      situations like receiving MSG_DEBUG or MSG_IGNORE during initial key
      exchange, which are no longer allowed during strict mode.
    + Key (re)negotiation -- i.e. MSG_NEWKEYS, whenever it is encountered --
      now resets packet sequence numbers. (This should be invisible to users
      during normal operation, only causing exceptions if the exploit is
      encountered, which will usually result in, again, MessageOrderError.)
    + Sequence number rollover will now raise SSHException if it occurs
      during initial key exchange (regardless of strict mode status).
  * Tweak ext-info-(c|s) detection during KEXINIT protocol phase; the
    original implementation made assumptions based on an OpenSSH
    implementation detail.
- Add patch use-64-bit-maxsize-everywhere.patch:
  * Use the 64-bit value of sys.maxsize.

-------------------------------------------------------------------
Fri Sep 29 22:29:46 UTC 2023 - Ondřej Súkup <mimi.vx@gmail.com>

- refresh remove-icecream-dep.patch
- update to 3.3.1
 detailed changelog: https://www.paramiko.org/changelog.html#

-------------------------------------------------------------------
Fri May 12 09:27:30 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>

- Delete paramiko-pr1665-remove-pytest-relaxed.patch
- Add remove-icecream-dep.patch
- Update to 3.1.0:
  * [Feature] #2173: Accept single tabs as field separators (in
    addition to single spaces) in
    <paramiko.hostkeys.HostKeyEntry.from_line> for parity with
    OpenSSH’s KnownHosts parser. Patched by Alex Chavkin.
  * [Feature] #2013: (solving #2009, plus others) Add an explicit
    channel_timeout keyword argument to
    paramiko.client.SSHClient.connect, allowing users to configure the
    previously-hardcoded default value of 3600 seconds. Thanks to
    @VakarisZ and @ilija-lazoroski for the report and patch, with
    credit to Mike Salvatore for patch review.
  * [Support] #2178: Apply codespell to the codebase, which found a
    lot of very old minor spelling mistakes in docstrings. Also
    modernize many instances of *largs vs *args and **kwarg vs
    **kwargs. Patch courtesy of Yaroslav Halchenko, with review from
    Brian Skinn.
- 3.0.0:
  * [Bug]: A handful of lower-level classes (notably
    paramiko.message.Message and paramiko.pkey.PKey) previously
    returned bytes objects from their implementation of __str__, even
    under Python 3; and there was never any __bytes__ method.
  * These issues have been fixed by renaming __str__ to __bytes__ and
    relying on Python’s default “stringification returns the output of
    __repr__” behavior re: any real attempts to str() such objects.
  * [Bug] #2165: Streamline some redundant (and costly) byte
    conversion calls in the packetizer and the core SFTP module. This
    should lead to some SFTP speedups at the very least. Thanks to
    Alex Gaynor for the patch.
  * [Bug] #2110: Remove some unnecessary __repr__ calls when handling
    bytes-vs-str conversions. This was apparently doing a lot of
    unintentional data processing, which adds up in some use cases –
    such as SFTP transfers, which may now be significantly faster.
    Kudos to Shuhua Zhong for catch & patch.
  * [Support]: Drop support for Python versions less than 3.6,
    including Python 2. So long and thanks for all the fish!
  * [Support]: Remove the now irrelevant paramiko.py3compat module.
  * [Support]: paramiko.common.asbytes has been moved to
    paramiko.util.asbytes.
  * [Support]: PKey.__cmp__ has been removed. Ordering-oriented
    comparison of key files is unlikely to have ever made sense (the
    old implementation attempted to order by the hashes of the key
    material) and so we have not bothered setting up __lt__ and
    friends at this time. The class continues to have its original
    __eq__ untouched.
  * [Support]: The behavior of private key classes’ (ie anything
    inheriting from PKey) private key writing methods used to perform
    a manual, extra chmod call after writing. This hasn’t been
    strictly necessary since the mid 2.x release line (when key
    writing started giving the mode argument to os.open), and has now
    been removed entirely.
  * This should only be observable if you were mocking Paramiko’s
    system calls during your own testing, or similar.
  * [Support] #732: (also re: #630) SSHConfig used to straight-up
    delete the proxycommand key from config lookup results when the
    source config said ProxyCommand none. This has been altered to
    preserve the key and give it the Python value None, thus making
    the Python representation more in line with the source config
    file.
  * [Support]: paramiko.util.retry_on_signal (and any internal uses of
    same, and also any internal retries of EINTR on eg socket
    operations) has been removed. As of Python 3.5, per PEP 475, this
    functionality (and retrying EINTR generally) is now part of the
    standard library.

-------------------------------------------------------------------
Sun Apr 23 23:16:46 UTC 2023 - Matej Cepl <mcepl@suse.com>

- Move documentation into main package for SLE15

-------------------------------------------------------------------
Fri Apr 21 12:28:59 UTC 2023 - Dirk Müller <dmueller@suse.com>

- add sle15_python_module_pythons (jsc#PED-68)

-------------------------------------------------------------------
Sun Nov 20 18:38:07 UTC 2022 - Ben Greiner <code@bnavigator.de>

- Update to 2.12.0
  * [Feature] #2125: (also re: #2054) Add a transport_factory kwarg
    to SSHClient.connect for advanced users to gain more control
    over early Transport setup and manipulation. Thanks to Noah
    Pederson for the patch.
- Release 2.11.1
  * [Bug]: bug:1637 (via #1599) Raise SSHException explicitly when
    blank private key data is loaded, instead of the natural result
    of IndexError. This should help more bits of Paramiko or
    Paramiko-adjacent codebases to correctly handle this class of
    error. Credit: Nicholas Dietz.
  * [Bug] #1822: (via, and relating to, far too many other issues
    to mention here) Update SSHClient so it explicitly closes its
    wrapped socket object upon encountering socket errors at
    connection time. This should help somewhat with certain classes
    of memory leaks, resource warnings, and/or errors (though we
    hasten to remind everyone that Client and Transport have their
    own .close() methods for use in non-error situations!). Patch
    courtesy of @YoavCohen.
- Rename and refresh:
  - paramiko-pr1655-remove-pytest-relaxed.patch
  + paramiko-pr1665-remove-pytest-relaxed.patch
  * gh#paramiko/paramiko#1665

-------------------------------------------------------------------
Thu May 26 20:43:45 UTC 2022 - Michael Ströder <michael@stroeder.com>

- update to 2.11.0
  * [Feature] #1951: Add SSH config token expansion (eg %h, %p) when
    parsing ProxyJump directives.
  * [Support] #2004: (via #2011) Apply unittest skipIf to tests currently
    using SHA1 in their critical path, to avoid failures on systems starting
    to disable SHA1 outright in their crypto backends (eg RHEL 9).
  * [Support] #1838: (via #1870/#2028) Update camelCase method calls
    against the threading module to be snake_case; this and related tweaks
    should fix some deprecation warnings under Python 3.10.
  * [Support] #2038: (via #2039) Recent versions of Cryptography have
    deprecated Blowfish algorithm support; in lieu of an easy method for
    users to remove it from the list of algorithms Paramiko tries to import
    and use, we’ve decided to remove it from our “preferred algorithms” list.
    This will both discourage use of a weak algorithm, and avoid warnings.
- update to 2.10.5
  * [Bug] #2008: (via #2010) Windows-native SSH agent support as merged in
    2.10 could encounter Errno 22 OSError exceptions in some scenarios
    (eg server not cleanly closing a relevant named pipe).
    This has been worked around and should be less problematic.
  * [Bug] #2017: OpenSSH 7.7 and older has a bug preventing it from
    understanding how to perform SHA2 signature verification for RSA
    certificates (specifically certs - not keys), so when we added SHA2
    support it broke all clients using RSA certificates with these servers.
    This has been fixed in a manner similar to what OpenSSH’s own client
    does: a version check is performed and the algorithm used is downgraded
    if needed.
  * [Bug] #1933: Align signature verification algorithm with OpenSSH re:
    zero-padding signatures which don’t match their nominal size/length. This
    shouldn’t affect most users, but will help Paramiko-implemented SSH
    servers handle poorly behaved clients such as PuTTY.

-------------------------------------------------------------------
Thu Apr 28 21:26:08 UTC 2022 - Dirk Müller <dmueller@suse.com>

- update to 2.10.4:
  * Servers offering certificate variants of hostkey algorithms (eg
    ssh-rsa-cert-v01@openssh.com) could not have their host keys verified by
    Paramiko clients, as it only ever considered non-cert key types for that
    part of connection handshaking. This has been fixed.
  * gq PKey instances’ __eq__ did not have the usual safety guard in place to
    ensure they were being compared to another PKey object, causing occasional
    spurious BadHostKeyException (among other things). This has been fixed.
  * Update camelCase method calls against the threading module to be snake_case;
    this and related tweaks should fix some deprecation warnings under Python 3.10.

-------------------------------------------------------------------
Fri Apr  8 07:44:16 UTC 2022 - pgajdos@suse.com

- do not require python-mock for build

-------------------------------------------------------------------
Fri Mar 18 22:52:45 UTC 2022 - Michael Ströder <michael@stroeder.com>

- Update to 2.10.3 (bsc#1197279, CVE-2022-24302)
  Too many changes to be listed here:
  https://www.paramiko.org/changelog.html

-------------------------------------------------------------------
Tue Oct 12 11:03:02 UTC 2021 - ecsos <ecsos@opensuse.org>

- Update to 2.8.0
  - [Feature] #1846: Add a prefetch keyword argument to
    SFTPClient.get/SFTPClient.getfo so users who need to skip SFTP
    prefetching are able to conditionally turn it off.
  - [Bug] #1462: (via #1882) Newer server-side key exchange
    algorithms not intended to use SHA1 (diffie-hellman-group14-sha256,
    diffie-hellman-group16-sha512) were incorrectly using SHA1 after all,
    due to a bug causing them to ignore the hash_algo class attribute.
    This has been corrected.
  - [Support] #1722: Remove leading whitespace from OpenSSH RSA test
    suite static key fixture, to conform better to spec.
  - [Support] #1727: Add missing test suite fixtures directory to
    MANIFEST.in, reinstating the ability to run Paramiko’s tests from
    an sdist tarball.
  - [Support]: Update our CI to catch issues with sdist generation,
    installation and testing.
  - [Support]: Administrivia overhaul, including but not limited to:
    - Migrate CI to CircleCI
    - Primary dev branch is now main (renamed)
    - Many README edits for clarity, modernization etc; including
      a bunch more (and consistent) status badges & unification with
      main project site index
    - PyPI page much more fleshed out (long_description is now filled
      in with the README; sidebar links expanded; etc)
    - flake8, pytest configs split out of setup.cfg into their own files
    - Invoke/invocations (used by maintainers/contributors) upgraded
      to modern versions
- Skip python2 to fix build errors for Leap.
- Rebase paramiko-pr1655-remove-pytest-relaxed.patch.

-------------------------------------------------------------------
Mon Dec  7 07:22:31 UTC 2020 - Steve Kowalik <steven.kowalik@suse.com>

- Set environment to utf-8 to allow tests to pass on Python 2. (bsc#1178341)

-------------------------------------------------------------------
Tue Oct 13 10:51:07 UTC 2020 - Benjamin Greiner <code@bnavigator.de>

- remove dependency on pytest-relaxed
  * paramiko-pr1655-remove-pytest-relaxed.patch
  * gh#paramiko/paramiko#1655

-------------------------------------------------------------------
Fri Sep  4 06:29:23 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>

- update to 2.7.2 (bsc#1166758, bsc#1166758, bsc#1205132)
- drop configs.tar.gz
 * Add missing test suite fixtures directory to MANIFEST.in
 * Remove leading whitespace from OpenSSH RSA test suite static key fixture,
 * Fix incorrect string formatting causing unhelpful error message annotation
     when using Kerberos/GSSAPI.
 * Fix incorrectly swapped order of p and q numbers when loading
     OpenSSH-format RSA private keys.

-------------------------------------------------------------------
Sat Dec 21 17:11:48 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>

- update to 2.7.1
- add configs.tar.gz with missing test data
 * full changelog at http://www.paramiko.org/changelog.html

-------------------------------------------------------------------
Tue Jun 25 10:47:26 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>

- update to 2.6.0 (bsc#1200603)
- drop relaxed.patch and 1311.patch
 * add a new keyword argument to SSHClient.connect <paramiko.client.SSHClient.connect>
     and paramiko.transport.Transport -> disabled_algorithms
 * Fix Ed25519 key handling so certain key comment lengths don't cause
    SSHException("Invalid key")
 * Add backwards-compatible support for the gssapi

-------------------------------------------------------------------
Tue Jun 11 11:22:32 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>

- update to 2.5.0
- dropped 1379.patch
- refreshed patches:
    paramiko-test_extend_timeout.patch
    relaxed.patch
    1311.patch
 * Add support for encrypt-then-MAC (ETM) schemes (hmac-sha2-256-etm@openssh.com,
    hmac-sha2-512-etm@openssh.com) and two newer Diffie-Hellman group key exchange
    algorithms (group14, using SHA256; and group16, using SHA512).
 * Add support for Curve25519 key exchange.
 * Raise Cryptography dependency requirement to version 2.5
 * Add support for the modern (as of Python 3.3) import location of MutableMapping

-------------------------------------------------------------------
Wed Mar 13 14:01:04 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>

- Run tests verbosely
- Drop cert_support.tar.gz as it is currently properly in the release

-------------------------------------------------------------------
Thu Feb 14 20:49:56 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>

- add empty line after %autopatch: build fails up to 42.3 otherwise

-------------------------------------------------------------------
Thu Feb 14 17:00:13 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>

- drop python-pytest_relaxed dependency
- add patches:
   1311.patch - fix warnings
   1379.patch - fix support for gssapi
   relaxed.patch - remove unnecessary pytest_relaxed dep
- remove patch:
   disable-gssapi.patch - supersseded

-------------------------------------------------------------------
Tue Dec  4 12:51:08 UTC 2018 - Matej Cepl <mcepl@suse.com>

- Remove superfluous devel dependency for noarch package

-------------------------------------------------------------------
Tue Nov 13 11:47:43 UTC 2018 - Ondřej Súkup <mimi.vx@gmail.com>

- add disable-gssapi.patch - workaround for boo#1115769

-------------------------------------------------------------------
Fri Oct  5 08:26:46 UTC 2018 - Ondřej Súkup <mimi.vx@gmail.com>

- update to 2.4.2 (bsc#1111151, CVE-2018-1000805)
- refresh paramiko-test_extend_timeout.patch
 * Fix exploit (CVE pending) in Paramiko's server mode (not client mode)
     where hostile clients could trick the server into thinking they were
     authenticated without actually submitting valid authentication.
 * Modify protocol message handling such that Transport does not respond
    to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED
 * Updated SSHConfig.lookup <paramiko.config.SSHConfig.lookup> so it returns
    a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict)
    in lieu of dict literals.

-------------------------------------------------------------------
Thu Mar 15 18:38:22 CET 2018 - ro@suse.de

- add paramiko-test_extend_timeout.patch (bsc#1085529)
  extend timeout in testsuite to pass on ppc64le

-------------------------------------------------------------------
Thu Mar 15 07:10:09 UTC 2018 - tbechtold@suse.com

update to version 2.4.1 (bsc#1085276, CVE-2018-7750):
  * changelog: update for #1039 / #1051
  * Screen off dev version of Python from test matrix
  * ensure ed25519 password is bytes
  * Cut 2.0.8
  * Cut 2.3.2
  * Initial tests proving CVE-2018-7750 / #1175
  * Guess something else added this prior to the merge
  * Fixes CVE-2018-7750 / #1175
  * Uncaught typo in test suite
  * Initial tests proving CVE-2018-7750 / #XXX
  * Test proving #1039 / efficacy of #1051
  * Changelog closes #1175
  * Cut 2.1.5
  * Allow overriding test client connect kwargs in Transport test suite
  * Cut 2.4.1
  * Fixes CVE-2018-7750 / #XXX
  * Cut 2.2.3
  * flake8

-------------------------------------------------------------------
Thu Nov 16 09:36:24 UTC 2017 - mimi.vx@gmail.com

- update to 2.4.0
  + new pytest based testsuite
  * dd a new passphrase kwarg to SSHClient.connect so users may disambiguate
     key-decryption passphrases from password-auth passwords.
  * Drop Python 2.6 and Python 3.3 support

-------------------------------------------------------------------
Thu Oct  5 11:12:50 UTC 2017 - mimi.vx@gmail.com

- update to 2.3.1
  + cert_support.tar.gz - missing test certificates for testsuite
  * Certificate support broke the no-certificate case for Ed25519 keys
      (symptom is an AttributeError about public_blob.) This went uncaught
      due to cert autoload behavior (i.e. our test suite never actually ran
      the no-cert case, because the cert existed!) Both issues have been fixed.
  * Implement basic client-side certificate authentication
      (as per the OpenSSH vendor extension.)
  * Added pre-authentication banner support for the server interface
      (ServerInterface.get_banner plus related support in Transport/AuthHandler.)
  * Update Ed25519Key so its constructor offers the same file_obj parameter
      as its sibling key classes.
  * Add a gss_trust_dns option to Client and Transport to allow explicitly
      setting whether or not DNS canonicalization should occur when using GSSAPI.
  * Paramiko originally defaulted to zlib compression level 9
      (when one connects with compression=True; it defaults to off.) This has been
      found to be quite wasteful and tends to cause much longer transfers in most
      cases, than is necessar
  * Enhance documentation around the new SFTP.posix_rename method
      so it’s referenced in the ‘standard’ rename method for increased visibility.
  * Modify logic around explicit disconnect messages, and unknown-channel situations,
      so that they rely on centralized shutdown code instead of running their own.
      This is at worst removing some unnecessary code, and may help with some
      situations where Paramiko hangs at the end of a session.
  * Display exception type and message when logging auth-rejection messages
      (ones reading Auth rejected: unsupported or mangled public key); previously
      this error case had a bare except and did not display exactly why the key
      failed.
  * Ed25519 keys never got proper API documentation support; this has been fixed.
  * Update how we use Cryptography‘s signature/verification methods
        so we aren’t relying on a deprecated API.

-------------------------------------------------------------------
Thu Oct  5 10:33:48 UTC 2017 - mimi.vx@gmail.com

- update to 2.2.2:
  * SSHClient now requests the type of host key it has (e.g. from known_hosts)
    and does not consider a different type to be a “Missing” host key.
    This fixes a common case where an ECDSA key is in known_hosts and the server
    also has an RSA host key.
  * Fix up host-key checking in our GSSAPI support, which was previously
    using an incorrect API call
  * Fix key exchange (kex) algorithm list for GSSAPI authentication;
    reviously, the list used solely out-of-date algorithms, and now contains
    newer ones listed preferentially before the old
  * Clean up GSSAPI authentication procedures so they do not prevent normal
    fallback to other authentication methods on failure.
  * Add rekeying support to GSSAPI connections, which was erroneously missing.

-------------------------------------------------------------------
Thu Aug 10 08:11:25 UTC 2017 - tbechtold@suse.com

- update to 2.2.1:
  * Missed a spot
  * Update .travis.yml
  * Whitespace
  * Having this in a mini-toctree made the nav look funny and is also just unintuitive
  * Changelog re #471, re #65
  * these are bytes
  * changelog: update for #990 and #993
  * ecdh kex support
  * flake8/whitespace
  * Trailing comma
  * Add test for posix-rename@openssh.com extension for SFTP client
  * Changelog re #921
  * Add a note about new Python-level deps to changelog re: Ed25519 support
  * Add method for "posix-rename@openssh.com" extension for SFTP client.
  * Add IOError in posix-rename@openssh.com test for python 2 support.
  * this isnt bytes
  * Added a auth_timeout to handle situations where SSH server stops responding during auth.
  * small cleanups
  * More changelog flimflammery
  * Added changelog entry
  * python 3 compatibility
  * Incorrect comparison, should be <=
  * DDD re #857
  * Improve __hash__ functions
  * Hrm that should always have been an h1
  * No idea how this got past all the earlier flake8 work...
  * comments
  * Fixed test to support python 2.6
  * Note ecdh-sha2 preferred-kex placement in changelog entry for #951, re #983
  * Changelog language tweaks
  * Reorder cipher and key preferences to make more sense
  * Added a test to check that the auth_timeout argument is passed through and applied.
  * Changelog tweak
  * Cut 2.2.1
  * transport: change order of preferred kex and hmac algorithms
  * need bcrypt >= 3.1.3 for kdf() ignore_few_rounds kwarg
  * Changelog re #972, re #325, closes #325
  * cleanup/simplify auth_timeout tests
  * Missed a merge conflict lolol
  * flake8
  * Changelog re #951
  * Perplexed at why flake8 did not report this earlier
  * Add Python 3.6 to classifiers
  * Add support for posix-rename@openssh.com for the SFTP server side and fix tests accordingly.
  * sphinx nitpick fixes
  * Fixed encoding/decoding of the public key on the wire
  * Added test for authentication timeout from a non-responsive server
  * refactor files
  * fixed comment + consistency
  * Changelog re #857
  * Cut 2.2.0
  * integration test, with ourselves
  * TODO
  * That was easy. Closes #857
  * Add sanity note to changelog re #869
  * Unit tests
  * Fixes #325 -- add support for Ed25519 keys
  * Happy New Year
  * implement __hash__() method for Ed25519Key
  * pep8
  * Increased auth_timeout to 30 seconds
  * py3k
  * fixed long line
  * Link to the spec
  * set a minimum version
  * Support decrypting keys
  * Failing test proving need for #857
- move demos/ to extra -doc package

-------------------------------------------------------------------
Sun Jun 11 16:32:09 UTC 2017 - mimi.vx@gmail.com

- update to 2.1.3
* Make util.log_to_file append instead of replace.
* SSHClient and Transport could cause a memory leak if there’s a connection
	 problem or protocol error, even if Transport.close() is called.
* Prior support for ecdsa-sha2-nistp(384|521) algorithms didn’t fully extend
	 to covering host keys, preventing connection to hosts which only offer
	 these key types and no others. This is now fixed.
* Prefer newer ecdsa-sha2-nistp keys over RSA and DSA keys during host key
	 selection. This improves compatibility with OpenSSH, both in terms of general
	 behavior, and also re: ability to properly leverage OpenSSH-modified
	 known_hosts files.
* The RC4/arcfour family of ciphers has been broken since version 2.0; but since
	 the algorithm is now known to be completely insecure, we are opting
	 to remove support outright instead of fixing it.
* Move sha1 above the now-arguably-broken md5 in the list of preferred MAC
	 algorithms, as an incremental security improvement for users whose target
	 systems offer both.
* Writing encrypted/password-protected private key files was silently broken
	 since 2.0 due to an incorrect API call
     Includes a directly related fix, namely adding the ability to read AES-256-CBC
	 ciphered private keys (which is now what we tend to write out as it is
	 Cryptography’s default private key cipher.)
* Allow any type implementing the buffer API to be used with BufferedFile,
	 Channel, and SFTPFile. This resolves a regression introduced in 1.13
	 with the Python 3 porting changes, when using types such as memoryview.
* Enhance default cipher preference order such that aes(192|256)-cbc are preferred
	 over blowfish-cbc.
* SSHClient now requests the type of host key it has (e.g. from known_hosts)
	 and does not consider a different type to be a “Missing” host key. This fixes
	 a common case where an ECDSA key is in known_hosts and the server also has
	 an RSA host key.
* Overhaul the codebase to be PEP-8

-------------------------------------------------------------------
Wed Apr 19 17:24:58 UTC 2017 - toddrme2178@gmail.com

- Implement single-spec version.

-------------------------------------------------------------------
Fri Mar 17 20:25:35 UTC 2017 - rjschwei@suse.com

- Fix version setting for cryptography for build

-------------------------------------------------------------------
Thu Mar 16 22:23:45 UTC 2017 - rjschwei@suse.com

- Add python-pyasn1 as Buildrequires for testing

-------------------------------------------------------------------
Fri Feb 24 16:27:00 UTC 2017 - mimi.vx@gmail.com

- update to 2.1.2
* Fix a bug in server-mode concerning multiple interactive auth steps
*  SSHClient now gives its internal Transport a handle on itself, preventing
    garbage collection of the client until the session is closed. Without this,
    some code which returns stream or transport objects without the client that
    generated them, would result in premature session closure
    when the client was GCd
* Avoid test suite exceptions on platforms lacking errno.ETIME
* weak how RSAKey.__str__ behaves so it doesn’t cause TypeError under Python 3.

-------------------------------------------------------------------
Tue Dec 13 11:50:39 UTC 2016 - mimi.vx@gmail.com

- update to 2.1.1
* A tweak to the original patch implementing gh#398 was not fully applied,
    causing calls to ~paramiko.client.SSHClient.invoke_shell to fail with
    AttributeError. This has been fixed.
* Fix the implementation of PKey.write_private_key_file (this method is only
    publicly defined on subclasses; the fix was in the private real
    implementation) so it passes the correct params to open()
* Add an optional timeout parameter to Transport.start_clienti
    <paramiko.transport.Transport.start_client> (and feed it the value of the
    configured connection timeout when used within SSHClient
    <paramiko.client.SSHClient>.)
* Catch AssertionError thrown by Cryptography when attempting to load bad
    ECDSA keys, turning it into an SSHException.
* Add a missing .closed attribute (plus ._closed because reasons) to
    ProxyCommand <paramiko.proxy.ProxyCommand>
* Make the subprocess import in proxy.py lazy so users on platforms without
    it (such as Google App Engine) can import Paramiko successfully
* Fix incorrect docstring/param-list for Transport.auth_gssapi_keyex
    <paramiko.transport.Transport.auth_gssapi_keyex> so it matches
    the real signature.
* Add an environment dict argument to Client.exec_command

-------------------------------------------------------------------
Fri Oct  7 09:13:06 UTC 2016 - tbechtold@suse.com

- Fix Requires for python-cryptography
- Add missing Requires for python-pyasn1

-------------------------------------------------------------------
Sun Jul 31 12:15:25 UTC 2016 - michael@stroeder.com

- update to 2.0.2
  * [Bug] #758: Apply type definitions to _winapi module from
    jaraco.windows 3.6.1. This should address issues on Windows platforms
    that often result in errors like ArgumentError: [...] int too long to
    convert. Thanks to @swohlerLL for the report and Jason R. Coombs for the
    patch.
  * [Bug] #774: Add a _closed private attribute to Channel objects so that
    they continue functioning when used as proxy sockets under Python 3 (e.g.
    as direct-tcpip gateways for other Paramiko connections.)
  * [Bug] #673: (via #681) Fix protocol banner read errors (SSHException)
    which would occasionally pop up when using ProxyCommand gatewaying.
    Thanks to @Depado for the initial report and Paul Kapp for the fix.

-------------------------------------------------------------------
Sat Jul 23 14:20:34 UTC 2016 - michael@stroeder.com

- updated homepage URL
- update to 2.0.1:
  * [Bug] #537: Fix a bug in BufferedPipe.set_event which could cause
    deadlocks/hangs when one uses select.select against Channel objects (or
    otherwise calls Channel.fileno after the channel has closed).
  * [Bug] #520: (Partial fix) Fix at least one instance of race condition
    driven threading hangs at end of the Python interpreter session.
    (Includes a docs update as well - always make sure to .close() your
    clients!)

-------------------------------------------------------------------
Fri Jul  8 08:50:08 UTC 2016 - dmueller@suse.com

- fix build

-------------------------------------------------------------------
Mon Jun  6 11:32:04 UTC 2016 - dmueller@suse.com

- fix source url

-------------------------------------------------------------------
Sun May  8 21:11:31 UTC 2016 - hpj@urpla.net

- update to 2.0.0:
  * Add support for 384- and 512-bit elliptic curve groups in ECDSA
    key types (aka ecdsa-sha2-nistp384 / ecdsa-sha2-nistp521).
  * Due to an earlier bugfix, less-specific Host blocks' ProxyCommand
    values were overriding ProxyCommand none in more-specific Host
    blocks. This has been fixed in a backwards compatible manner (i.e.
    ProxyCommand none continues to appear as a total lack of any
    proxycommand key in parsed config structures).
  * Fix a backwards incompatibility issue that cropped up in
    SFTPFile.prefetch <~paramiko.sftp_file.prefetch> re: the
    erroneously non-optional file_size parameter. Should only affect
    users who manually call prefetch.
  * Replace PyCrypto with the Python Cryptographic Authority (PyCA)
    'Cryptography' library suite. This improves security,
    installability, and performance; adds PyPy support; and much more.
  * Fix stalled/hung SFTP downloads by cleaning up some threading lock
    issues.
  * Fix a Python 3 compatibility issue when handling two-factor
    authentication.
  * Clean up setup.py to always use setuptools, not doing so was a
    historical artifact from bygone days.
  * Update the module in charge of handling SSH moduli so it's
    consistent with OpenSSH behavior re: prime number selection.
  * Fix up ~paramiko.ssh_exception.NoValidConnectionsError so it
    pickles correctly, and fix a related Python 3 compatibility issue.
  * Update to jaraco.windows 3.4.1 to fix some errors related to
    ctypes on Windows platforms.
  * Annotate some public attributes on ~paramiko.channel.Channel such
    as .closed.
  * Fix logic bug in the SFTP client's callback-calling functionality;
    previously there was a chance the given callback would fire twice
    at the end of a transfer.
  * Identify & work around a race condition in the test for handshake
    timeouts, which was causing frequent test failures for a subset of
    contributors as well as Travis-CI (usually, but not always,
    limited to Python 3.5).
  * Remove whitespace in our setup.py's install_requires as it
    triggers occasional bugs in some versions of setuptools.
  * Strip trailing/leading whitespace from lines when parsing SSH
    config files - this brings things in line with OpenSSH behavior.
  * Fix behavior of gssapi-with-mic auth requests so they fail
    gracefully (allowing followup via other auth methods) instead of
    raising an exception.
  * Add missing file-like object methods for ~paramiko.file.BufferedFile
    and ~paramiko.sftp_file.SFTPFile.
  * Clean up and enhance the README (and rename it to README.rst from
    just README).

-------------------------------------------------------------------
Mon Feb  1 11:26:44 UTC 2016 - toddrme2178@gmail.com

- Add --no-transport to fix a known issue with the tests
  https://github.com/paramiko/paramiko/issues/574
  Check if still failing on next release.
  The tests is currently failing on Python 3.5, but it is not
  actually Python 3.5 specific, it is just more likely to be
  encountered on Python 3.5
- update to version 1.16.0:
  * Streamline use of stat when downloading SFTP files via
    SFTPClient.get <paramiko.sftp_client.SFTPClient.get>; this avoids
    triggering bugs in some off-spec SFTP servers such as IBM
    Sterling. Thanks to @muraleee for the initial report and to Torkil
    Gustavsen for the patch.
  * Fully enable two-factor authentication (e.g. when a server
    requires AuthenticationMethods
    pubkey,keyboard-interactive). Thanks to @perryjrandall for the
    patch and to @nevins-b and Matt Robenolt for additional support.
  * Fix 'exec' requests in server mode to use get_string instead of
    get_text to avoid UnicodeDecodeError on non-UTF-8 input. Thanks to
    Anselm Kruis for the patch & discussion.
  * Fix line number reporting in log output regarding invalid
    known_hosts line entries. Thanks to Dylan Thacker-Smith for catch
    & patch.
  * Update the vendored Windows API addon to a more recent
    edition. Also fixes :issue:`193`, :issue:`488`,
    :issue:`498`. Thanks to Jason Coombs.

-------------------------------------------------------------------
Thu Feb 26 11:00:52 UTC 2015 - tbechtold@suse.com

- update to version 1.15.2 (bsc#962291)
  * [Bug] #320: Update our win_pageant module to be Python 3 compatible
  * [Bug] #429: Server-level debug message logging was overlooked during the
    Python 3 compatibility update; Python 3 clients attempting to log SSH
    debug packets encountered type errors. This is now fixed
  * [Bug] #459: Tighten up agent connection closure behavior to avoid
    spurious ResourceWarning display in some situations
  * [Bug] #266: Change numbering of Transport channels to start at 0
    instead of 1 for better compatibility with OpenSSH & certain server
    implementations which break on 1-indexed channels
  * [Support] #419: Modernize a bunch of the codebase internals to
    leverage decorators. Props to @beckjake for realizing we’re no longer
    on Python 2.2 :D
  * [Support] #421: Modernize threading calls to user newer API
  * [Support] #422: Clean up some unused imports
  * [Support] #431: Replace handrolled ssh_config parsing code with
    use of the shlex module
  * [Bug] #415: Fix ssh_config parsing to correctly interpret ProxyCommand
    none as the lack of a proxy command, instead of as a literal command
    string of "none"
  * [Bug] #428: Fix an issue in BufferedFile (primarily used in the SFTP
    modules) concerning incorrect behavior by readlines on files whose
    size exceeds the buffer size
  * [Bug] #455: Tweak packet size handling to conform better to the
    OpenSSH RFCs; this helps address issues with interactive program cursors
  * [Bug] #413: (also #414, #420, #454) Be significantly smarter about polling
    & timing behavior when running proxy commands, to avoid unnecessary
    (often 100%!) CPU usage

-------------------------------------------------------------------
Thu Oct  2 16:33:24 UTC 2014 - andrea@opensuse.org

- new upsteam version 1.15.1
  * fixed from previous version: Bug] #399: SSH agent forwarding
    would hang due to incorrect values passed into the new window
    size arguments for Transport
  * detailed changelog available on pramiko website:
    http://paramiko-www.readthedocs.org/en/latest/changelog.html

-------------------------------------------------------------------
Sat May 31 11:35:11 UTC 2014 - dmueller@suse.com

- update to 1.13.1:
* :support:`256 backported` Convert API documentation to Sphinx, yielding a new
  API docs website to replace the old Epydoc one.
* :bug:`-` Use constant-time hash comparison operations where possible, to
  protect against `timing-based attacks
  <http://codahale.com/a-lesson-in-timing-attacks/>`_. Thanks to Alex Gaynor
  for the patch.
* :feature:`58` Allow client code to access the stored SSH server banner via
  `Transport.get_banner <paramiko.transport.Transport.get_banner>`. Thanks to
  ``@Jhoanor`` for the patch.
* :bug:`252` (`Fabric #1020 <https://github.com/fabric/fabric/issues/1020>`_)
  Enhanced the implementation of ``ProxyCommand`` to avoid a deadlock/hang
  condition that frequently occurs at ``Transport`` shutdown time. Thanks to
  Mateusz Kobos, Matthijs van der Vleuten and Guillaume Zitta for the original
  reports and to Marius Gedminas for helping test nontrivial use cases.
* :bug:`268` Fix some missed renames of ``ProxyCommand`` related error classes.
  Thanks to Marius Gedminas for catch & patch.
* :bug:`34` (PR :issue:`35`) Fix SFTP prefetching incompatibility with some
  SFTP servers regarding request/response ordering. Thanks to Richard
  Kettlewell.
* :bug:`193` (and its attentant PRs :issue:`230` & :issue:`253`) Fix SSH agent
  problems present on Windows. Thanks to David Hobbs for initial report and to
  Aarni Koskela & Olle Lundberg for the patches.
* :bug:`225 (1.12+)` Note ecdsa requirement in README. Thanks to Amaury
  Rodriguez for the catch.
* :bug:`176` Fix AttributeError bugs in known_hosts file (re)loading. Thanks
  to Nathan Scowcroft for the patch & Martin Blumenstingl for the initial test
  case.

-------------------------------------------------------------------
Fri Apr 18 15:10:24 UTC 2014 - rschweikert@suse.com

- include in SLE 12 (FATE #315990)

-------------------------------------------------------------------
Mon Nov 25 23:01:56 UTC 2013 - p.drouand@gmail.com

- Update to version 1.12
  * #152: Add tentative support for ECDSA keys. *This adds the ecdsa
    module as a new dependency of Paramiko.* The module is available at
    [warner/python-ecdsa on Github](https://github.com/warner/python-ecdsa) and
    [ecdsa on PyPI](https://pypi.python.org/pypi/ecdsa).
    * Note that you might still run into problems with key negotiation --
      Paramiko picks the first key that the server offers, which might not be
      what you have in your known_hosts file.
    * Mega thanks to Ethan Glasser-Camp for the patch.
  * #136: Add server-side support for the SSH protocol's 'env' command
- Use local source instead of service
- Add python-ecdsa requirement; new dependency

-------------------------------------------------------------------
Sun Oct 27 17:50:34 UTC 2013 - lukas@wunner.de

- update to 1.11.2:
  * #156: Fix potential deadlock condition when using Channel objects as
  sockets (e.g. when using SSH gatewaying). Thanks to Steven Noonan and
  Frank Arnold for catch & patch.
  * #179: Fix a missing variable causing errors when an ssh_config file
  has a non-default AddressFamily set. Thanks to Ed Marshall & Tomaz
  Muraus for catch & patch.
  * #200: Fix an exception-causing typo in `demo_simple.py`. Thanks to
  Alex Buchanan for catch & Dave Foster for patch.
  * #199: Typo fix in the license header cross-project. Thanks to Armin
  Ronacher for catch & patch.
  * #162: Clean up HMAC module import to avoid deadlocks in certain uses
  of SSHClient. Thanks to Gernot Hillier for the catch & suggested fix.
  * #36: Fix the port-forwarding demo to avoid file descriptor errors.
  Thanks to Jonathan Halcrow for catch & patch.
  * #168: Update config handling to properly handle multiple 'localforward'
  and 'remoteforward' keys. Thanks to Emre Yilmaz for the patch.

-------------------------------------------------------------------
Tue Sep  3 08:06:53 UTC 2013 - dmueller@suse.com

- update to 1.11.0:
  * #98: On Windows, when interacting with the PuTTY PAgeant, Paramiko now
  creates the shared memory map with explicit Security Attributes of the user,
  which is the same technique employed by the canonical PuTTY library to avoid
  permissions issues when Paramiko is running under a different UAC context
  than the PuTTY Ageant process. Thanks to Jason R. Coombs for the patch.
  * #100: Remove use of PyWin32 in `win_pageant` module. Module was already
  dependent on ctypes for constructing appropriate structures and had ctypes
  implementations of all functionality. Thanks to Jason R. Coombs for the
  patch.
  * #87: Ensure updates to `known_hosts` files account for any updates to said
  files after Paramiko initially read them. (Includes related fix to guard
  against duplicate entries during subsequent `known_hosts` loads.) Thanks to
  `@sunweaver` for the contribution.

-------------------------------------------------------------------
Mon Apr 29 12:52:27 UTC 2013 - dmueller@suse.com

- update to 1.10.1:
  * SFTP put of empty file will still return the attributes
  of the put file. Thanks to Jason R. Coombs for the patch.
  * Forwarded SSH agent connections left stale local pipes
  lying around, which could cause local (and sometimes remote or network
  resource starvation when running many agent-using remote commands. Thanks to
  * Batch SFTP writes to help speed up file transfers
  * Fix handling of window-change events to be on-spec
  * Overhaul SSH config parsing to be in line with `man ssh_config`
  * Forego random padding for packets when running under `*-ctr` ciphers
  * Add `SFTPClient.putfo` and `.getfo` methods to allow direct
    uploading/downloading of file-like objects
  * Add `timeout` parameter to `SSHClient.exec_command` for easier setting
    of the command's internal channel object's timeout
  * Expose the internal "is closed" property of the file transfer class
    BufferedFile` as `.closed`, better conforming to Python's file interface

-------------------------------------------------------------------
Sat Dec  1 15:12:44 UTC 2012 - saschpe@suse.de

- Update to version 1.9.0:
  + #97 (with a little #93): Improve config parsing of ProxyCommand directives
    and provide a wrapper class to allow subprocess-driven proxy commands to be
    used as sock= arguments for SSHClient.connect.
  + #77: Allow SSHClient.connect() to take an explicit sock parameter
    overriding creation of an internal, implicit socket object.
- Changes from version 1.8.1:
  + #90: Ensure that callbacks handed to SFTPClient.get() always fire at least
    once, even for zero-length files downloaded. Thanks to Github user @enB for
    the catch.
  + #85: Paramiko's test suite overrides
    unittest.TestCase.assertTrue/assertFalse to provide these modern assertions
    to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7,
    this now causes deprecation warnings. The overrides have been patched to only
    execute when necessary. Thanks to @Arfrever for catch & patch.
- Changes from version 1.8.0:
  + #17 ('ssh' 28): Fix spurious NoneType has no attribute 'error' and similar
    exceptions that crop up on interpreter exit.
  + 'ssh' 32: Raise a more useful error explaining which known_hosts key line was
    problematic, when encountering binascii issues decoding known host keys.
    Thanks to @thomasvs for catch & patch.
  + 'ssh' 33: Bring ssh_config parsing more in line with OpenSSH spec, re: order of
    setting overrides by Host specifiers. Specifically, the overrides now go by
    file order instead of automatically sorting by Host value length. In
    addition, the first value found per config key (e.g. Port, User etc)
    wins, instead of the last. Thanks to Jan Brauer for the contribution.
  + 'ssh' 36: Support new server two-factor authentication option
    (RequiredAuthentications2), at least re: combining key-based & password
    auth. Thanks to Github user bninja.
  + 'ssh' 11: When raising an exception for hosts not listed in
    known_hosts (when RejectPolicy is in effect) the exception message was
    confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for
    highlighting the issue.
  + 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk.
  + 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the
    implementation of ssh_config(5). Thanks to Olle Lundberg for the patch.
  + 'ssh' 24: Switch some internal type checking to use isinstance to help prevent
    problems with client libraries using subclasses of builtin types. Thanks to
    Alex Morega for the patch.
  + Fabric #562: Agent forwarding would error out (with Authentication response
    too long) or freeze, when more than one remote connection to the local agent
    was active at the same time. This has been fixed. Thanks to Steven McDonald
    for assisting in troubleshooting/patching, and to GitHub user @lynxis for
    providing the final version of the patch.
  + 'ssh' 5: Moved a fcntl import closer to where it's used to help avoid
    ImportError problems on Windows platforms. Thanks to Jason Coombs for the
    catch + suggested fix.
  + 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit
    Windows. Thanks again to Jason Coombs for the patch.
  + Added an IO loop sleep() call to avoid needless CPU usage when agent
    forwarding is in use.
  + Handful of internal tweaks to version number storage.
  + Updated setup.py with ==dev install URL for pip users.
  + Updated setup.py to account for packaging problems in PyCrypto 2.4.0
  + Added an extra atfork() call to help prevent spurious RNG errors when
    running under high parallel (multiprocess) load.
  + Merge PR #28: https://github.com/paramiko/paramiko/pull/28 which adds a
    ssh-keygen like demo module. (Sofian Brabez)

-------------------------------------------------------------------
Sun Jun 24 20:04:03 UTC 2012 - os-dev@jacraig.com

- Update to 1.7.7.2:
  * Merge pull request #63: https://github.com/paramiko/paramiko/pull/63 which
    fixes exceptions that occur when re-keying over fast connections.
- Add unit tests to build

-------------------------------------------------------------------
Mon Mar 12 21:05:53 UTC 2012 - saschpe@gmx.de

- Simplified macro usage

-------------------------------------------------------------------
Tue Sep 20 14:30:25 UTC 2011 - saschpe@suse.de

- Update to version 0.7.7:
  * Various bug fixes (upstream provides no further changes)

-------------------------------------------------------------------
Tue Oct  5 08:20:00 UTC 2010 - nix@opensuse.org

- Require newer python-crypto

-------------------------------------------------------------------
Thu Sep 16 07:58:41 UTC 2010 - coolo@novell.com

- updte to 1.7.6 "Fanny"
  various bug fixes, "Ernest" brought ARC4 & CTR support and IP6 support

-------------------------------------------------------------------
Wed Sep 24 11:44:21 CEST 2008 - kssingvo@suse.de

- initial version 1.7.4 required from bzr
  based on python-paramiko from openSUSE BuildService:
  devel:languages:python/openSUSE_Factory
openSUSE Build Service is sponsored by