Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-paramiko for openSUSE:Factory checked in at 2022-05-30 12:42:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-paramiko (Old) and /work/SRC/openSUSE:Factory/.python-paramiko.new.2254 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-paramiko" Mon May 30 12:42:42 2022 rev:55 rq:979467 version:2.11.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-paramiko/python-paramiko.changes 2022-05-01 18:53:35.639163260 +0200 +++ /work/SRC/openSUSE:Factory/.python-paramiko.new.2254/python-paramiko.changes 2022-05-30 12:43:19.852341060 +0200 @@ -1,0 +2,34 @@ +Thu May 26 20:43:45 UTC 2022 - Michael Str??der <mich...@stroeder.com> + +- update to 2.11.0 + * [Feature] #1951: Add SSH config token expansion (eg %h, %p) when + parsing ProxyJump directives. + * [Support] #2004: (via #2011) Apply unittest skipIf to tests currently + using SHA1 in their critical path, to avoid failures on systems starting + to disable SHA1 outright in their crypto backends (eg RHEL 9). + * [Support] #1838: (via #1870/#2028) Update camelCase method calls + against the threading module to be snake_case; this and related tweaks + should fix some deprecation warnings under Python 3.10. + * [Support] #2038: (via #2039) Recent versions of Cryptography have + deprecated Blowfish algorithm support; in lieu of an easy method for + users to remove it from the list of algorithms Paramiko tries to import + and use, we???ve decided to remove it from our ???preferred algorithms??? list. + This will both discourage use of a weak algorithm, and avoid warnings. +- update to 2.10.5 + * [Bug] #2008: (via #2010) Windows-native SSH agent support as merged in + 2.10 could encounter Errno 22 OSError exceptions in some scenarios + (eg server not cleanly closing a relevant named pipe). + This has been worked around and should be less problematic. + * [Bug] #2017: OpenSSH 7.7 and older has a bug preventing it from + understanding how to perform SHA2 signature verification for RSA + certificates (specifically certs - not keys), so when we added SHA2 + support it broke all clients using RSA certificates with these servers. + This has been fixed in a manner similar to what OpenSSH???s own client + does: a version check is performed and the algorithm used is downgraded + if needed. + * [Bug] #1933: Align signature verification algorithm with OpenSSH re: + zero-padding signatures which don???t match their nominal size/length. This + shouldn???t affect most users, but will help Paramiko-implemented SSH + servers handle poorly behaved clients such as PuTTY. + +------------------------------------------------------------------- Old: ---- paramiko-2.10.4.tar.gz New: ---- paramiko-2.11.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-paramiko.spec ++++++ --- /var/tmp/diff_new_pack.3dlrsJ/_old 2022-05-30 12:43:20.384341768 +0200 +++ /var/tmp/diff_new_pack.3dlrsJ/_new 2022-05-30 12:43:20.388341773 +0200 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-paramiko -Version: 2.10.4 +Version: 2.11.0 Release: 0 Summary: SSH2 protocol library License: LGPL-2.1-or-later ++++++ paramiko-2.10.4.tar.gz -> paramiko-2.11.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/PKG-INFO new/paramiko-2.11.0/PKG-INFO --- old/paramiko-2.10.4/PKG-INFO 2022-04-25 18:26:15.000000000 +0200 +++ new/paramiko-2.11.0/PKG-INFO 2022-05-17 03:06:27.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: paramiko -Version: 2.10.4 +Version: 2.11.0 Summary: SSH2 protocol library Home-page: https://paramiko.org Author: Jeff Forcier @@ -77,7 +77,7 @@ Classifier: Programming Language :: Python :: 3.7 Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 -Provides-Extra: ed25519 +Provides-Extra: gssapi Provides-Extra: all Provides-Extra: invoke -Provides-Extra: gssapi +Provides-Extra: ed25519 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/demos/demo.py new/paramiko-2.11.0/demos/demo.py --- old/paramiko-2.10.4/demos/demo.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/demos/demo.py 2022-05-17 03:04:13.000000000 +0200 @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import base64 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/demos/demo_keygen.py new/paramiko-2.11.0/demos/demo_keygen.py --- old/paramiko-2.10.4/demos/demo_keygen.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/demos/demo_keygen.py 2022-05-17 03:04:13.000000000 +0200 @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import sys diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/demos/demo_server.py new/paramiko-2.11.0/demos/demo_server.py --- old/paramiko-2.10.4/demos/demo_server.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/demos/demo_server.py 2022-05-17 03:04:13.000000000 +0200 @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import base64 from binascii import hexlify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/demos/demo_sftp.py new/paramiko-2.11.0/demos/demo_sftp.py --- old/paramiko-2.10.4/demos/demo_sftp.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/demos/demo_sftp.py 2022-05-17 03:04:13.000000000 +0200 @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # based on code provided by raymond mosteller (thanks!) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/demos/demo_simple.py new/paramiko-2.11.0/demos/demo_simple.py --- old/paramiko-2.10.4/demos/demo_simple.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/demos/demo_simple.py 2022-05-17 03:04:13.000000000 +0200 @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import base64 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/demos/forward.py new/paramiko-2.11.0/demos/forward.py --- old/paramiko-2.10.4/demos/forward.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/demos/forward.py 2022-05-17 03:04:13.000000000 +0200 @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Sample script showing how to do local port forwarding over paramiko. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/demos/interactive.py new/paramiko-2.11.0/demos/interactive.py --- old/paramiko-2.10.4/demos/interactive.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/demos/interactive.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import socket diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/demos/rforward.py new/paramiko-2.11.0/demos/rforward.py --- old/paramiko-2.10.4/demos/rforward.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/demos/rforward.py 2022-05-17 03:04:13.000000000 +0200 @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Sample script showing how to do remote port forwarding over paramiko. Binary files old/paramiko-2.10.4/docs/.doctrees/environment.pickle and new/paramiko-2.11.0/docs/.doctrees/environment.pickle differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/__init__.py new/paramiko-2.11.0/paramiko/__init__.py --- old/paramiko-2.10.4/paramiko/__init__.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/__init__.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # flake8: noqa import sys diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/_version.py new/paramiko-2.11.0/paramiko/_version.py --- old/paramiko-2.10.4/paramiko/_version.py 2022-04-25 18:25:50.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/_version.py 2022-05-17 03:06:20.000000000 +0200 @@ -1,2 +1,2 @@ -__version_info__ = (2, 10, 4) +__version_info__ = (2, 11, 0) __version__ = ".".join(map(str, __version_info__)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/agent.py new/paramiko-2.11.0/paramiko/agent.py --- old/paramiko-2.10.4/paramiko/agent.py 2022-04-25 18:25:27.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/agent.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ SSH Agent interface diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/auth_handler.py new/paramiko-2.11.0/paramiko/auth_handler.py --- old/paramiko-2.10.4/paramiko/auth_handler.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/auth_handler.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ `.AuthHandler` @@ -22,6 +22,7 @@ import weakref import time +import re from paramiko.common import ( cMSG_SERVICE_REQUEST, @@ -298,6 +299,23 @@ key_type ), ) + # NOTE re #2017: When the key is an RSA cert and the remote server is + # OpenSSH 7.7 or earlier, always use ssh-rsa-cert-...@openssh.com. + # Those versions of the server won't support rsa-sha2 family sig algos + # for certs specifically, and in tandem with various server bugs + # regarding server-sig-algs, it's impossible to fit this into the rest + # of the logic here. + if key_type.endswith("-cert-...@openssh.com") and re.search( + r"-OpenSSH_(?:[1-6]|7\.[0-7])", self.transport.remote_version + ): + pubkey_algo = "ssh-rsa-cert-...@openssh.com" + self.transport._agreed_pubkey_algorithm = pubkey_algo + self._log(DEBUG, "OpenSSH<7.8 + RSA cert = forcing ssh-rsa!") + self._log( + DEBUG, "Agreed upon {!r} pubkey algorithm".format(pubkey_algo) + ) + return pubkey_algo + # Normal attempts to handshake follow from here. # Only consider RSA algos from our list, lest we agree on another! my_algos = [x for x in self.transport.preferred_pubkeys if "rsa" in x] self._log(DEBUG, "Our pubkey algorithm list: {}".format(my_algos)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/ber.py new/paramiko-2.11.0/paramiko/ber.py --- old/paramiko-2.10.4/paramiko/ber.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/ber.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. from paramiko.common import max_byte, zero_byte from paramiko.py3compat import b, byte_ord, byte_chr, long diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/buffered_pipe.py new/paramiko-2.11.0/paramiko/buffered_pipe.py --- old/paramiko-2.10.4/paramiko/buffered_pipe.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/buffered_pipe.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Attempt to generalize the "feeder" part of a `.Channel`: an object which can be diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/channel.py new/paramiko-2.11.0/paramiko/channel.py --- old/paramiko-2.10.4/paramiko/channel.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/channel.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Abstraction for an SSH2 channel. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/client.py new/paramiko-2.11.0/paramiko/client.py --- old/paramiko-2.10.4/paramiko/client.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/client.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ SSH client & key policies diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/common.py new/paramiko-2.11.0/paramiko/common.py --- old/paramiko-2.10.4/paramiko/common.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/common.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Common constants and global variables. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/compress.py new/paramiko-2.11.0/paramiko/compress.py --- old/paramiko-2.10.4/paramiko/compress.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/compress.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Compression implementations for a Transport. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/config.py new/paramiko-2.11.0/paramiko/config.py --- old/paramiko-2.10.4/paramiko/config.py 2022-04-25 18:25:27.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/config.py 2022-05-17 03:04:13.000000000 +0200 @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Configuration file (aka ``ssh_config``) support. @@ -64,6 +64,7 @@ "hostname": ["%h"], "identityfile": ["%C", "~", "%d", "%h", "%l", "%u", "%r"], "proxycommand": ["~", "%h", "%p", "%r"], + "proxyjump": ["%h", "%p", "%r"], # Doesn't seem worth making this 'special' for now, it will fit well # enough (no actual match-exec config key to be confused with). "match-exec": ["%C", "%d", "%h", "%L", "%l", "%n", "%p", "%r", "%u"], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/dsskey.py new/paramiko-2.11.0/paramiko/dsskey.py --- old/paramiko-2.10.4/paramiko/dsskey.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/dsskey.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ DSS keys. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/ecdsakey.py new/paramiko-2.11.0/paramiko/ecdsakey.py --- old/paramiko-2.10.4/paramiko/ecdsakey.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/ecdsakey.py 2022-05-17 03:04:13.000000000 +0200 @@ -7,14 +7,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ ECDSA keys diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/ed25519key.py new/paramiko-2.11.0/paramiko/ed25519key.py --- old/paramiko-2.10.4/paramiko/ed25519key.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/ed25519key.py 2022-05-17 03:04:13.000000000 +0200 @@ -5,14 +5,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import bcrypt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/file.py new/paramiko-2.11.0/paramiko/file.py --- old/paramiko-2.10.4/paramiko/file.py 2022-04-25 18:25:27.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/file.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. from paramiko.common import ( linefeed_byte_value, crlf, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/hostkeys.py new/paramiko-2.11.0/paramiko/hostkeys.py --- old/paramiko-2.10.4/paramiko/hostkeys.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/hostkeys.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import binascii diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/kex_gex.py new/paramiko-2.11.0/paramiko/kex_gex.py --- old/paramiko-2.10.4/paramiko/kex_gex.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/kex_gex.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Variant on `KexGroup1 <paramiko.kex_group1.KexGroup1>` where the prime "p" and diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/kex_group1.py new/paramiko-2.11.0/paramiko/kex_group1.py --- old/paramiko-2.10.4/paramiko/kex_group1.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/kex_group1.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Standard SSH key exchange ("kex" if you wanna sound cool). Diffie-Hellman of diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/kex_group14.py new/paramiko-2.11.0/paramiko/kex_group14.py --- old/paramiko-2.10.4/paramiko/kex_group14.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/kex_group14.py 2022-05-17 03:04:13.000000000 +0200 @@ -7,14 +7,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Standard SSH key exchange ("kex" if you wanna sound cool). Diffie-Hellman of diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/kex_group16.py new/paramiko-2.11.0/paramiko/kex_group16.py --- old/paramiko-2.10.4/paramiko/kex_group16.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/kex_group16.py 2022-05-17 03:04:13.000000000 +0200 @@ -7,14 +7,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Standard SSH key exchange ("kex" if you wanna sound cool). Diffie-Hellman of diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/kex_gss.py new/paramiko-2.11.0/paramiko/kex_gss.py --- old/paramiko-2.10.4/paramiko/kex_gss.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/kex_gss.py 2022-05-17 03:04:13.000000000 +0200 @@ -17,7 +17,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/message.py new/paramiko-2.11.0/paramiko/message.py --- old/paramiko-2.10.4/paramiko/message.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/message.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Implementation of an SSH2 "message". diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/packet.py new/paramiko-2.11.0/paramiko/packet.py --- old/paramiko-2.10.4/paramiko/packet.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/packet.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Packet handling diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/pipe.py new/paramiko-2.11.0/paramiko/pipe.py --- old/paramiko-2.10.4/paramiko/pipe.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/pipe.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Abstraction of a one-way pipe where the read end can be used in diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/pkey.py new/paramiko-2.11.0/paramiko/pkey.py --- old/paramiko-2.10.4/paramiko/pkey.py 2022-04-25 18:25:27.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/pkey.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Common API for all public keys. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/primes.py new/paramiko-2.11.0/paramiko/primes.py --- old/paramiko-2.10.4/paramiko/primes.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/primes.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Utility functions for dealing with primes. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/proxy.py new/paramiko-2.11.0/paramiko/proxy.py --- old/paramiko-2.10.4/paramiko/proxy.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/proxy.py 2022-05-17 03:04:13.000000000 +0200 @@ -7,14 +7,14 @@ # Software Foundation; either version 2.1 of the License, or (at your option) # any later version. # -# Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY +# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR # A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more # details. # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import os diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/rsakey.py new/paramiko-2.11.0/paramiko/rsakey.py --- old/paramiko-2.10.4/paramiko/rsakey.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/rsakey.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ RSA keys. @@ -141,12 +141,16 @@ if isinstance(key, rsa.RSAPrivateKey): key = key.public_key() + # NOTE: pad received signature with leading zeros, key.verify() + # expects a signature of key size (e.g. PuTTY doesn't pad) + sign = msg.get_binary() + diff = key.key_size - len(sign) * 8 + if diff > 0: + sign = b"\x00" * ((diff + 7) // 8) + sign + try: key.verify( - msg.get_binary(), - data, - padding.PKCS1v15(), - self.HASHES[sig_algorithm](), + sign, data, padding.PKCS1v15(), self.HASHES[sig_algorithm]() ) except InvalidSignature: return False diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/server.py new/paramiko-2.11.0/paramiko/server.py --- old/paramiko-2.10.4/paramiko/server.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/server.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ `.ServerInterface` is an interface to override for server support. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/sftp.py new/paramiko-2.11.0/paramiko/sftp.py --- old/paramiko-2.10.4/paramiko/sftp.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/sftp.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import select import socket diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/sftp_attr.py new/paramiko-2.11.0/paramiko/sftp_attr.py --- old/paramiko-2.10.4/paramiko/sftp_attr.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/sftp_attr.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import stat import time diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/sftp_client.py new/paramiko-2.11.0/paramiko/sftp_client.py --- old/paramiko-2.10.4/paramiko/sftp_client.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/sftp_client.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. from binascii import hexlify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/sftp_file.py new/paramiko-2.11.0/paramiko/sftp_file.py --- old/paramiko-2.10.4/paramiko/sftp_file.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/sftp_file.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ SFTP file object diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/sftp_handle.py new/paramiko-2.11.0/paramiko/sftp_handle.py --- old/paramiko-2.10.4/paramiko/sftp_handle.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/sftp_handle.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Abstraction of an SFTP file handle (for server mode). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/sftp_server.py new/paramiko-2.11.0/paramiko/sftp_server.py --- old/paramiko-2.10.4/paramiko/sftp_server.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/sftp_server.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Server-mode SFTP support. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/sftp_si.py new/paramiko-2.11.0/paramiko/sftp_si.py --- old/paramiko-2.10.4/paramiko/sftp_si.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/sftp_si.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ An interface to override for SFTP server support. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/ssh_exception.py new/paramiko-2.11.0/paramiko/ssh_exception.py --- old/paramiko-2.10.4/paramiko/ssh_exception.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/ssh_exception.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import socket diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/ssh_gss.py new/paramiko-2.11.0/paramiko/ssh_gss.py --- old/paramiko-2.10.4/paramiko/ssh_gss.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/ssh_gss.py 2022-05-17 03:04:13.000000000 +0200 @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/transport.py new/paramiko-2.11.0/paramiko/transport.py --- old/paramiko-2.10.4/paramiko/transport.py 2022-04-25 18:25:27.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/transport.py 2022-05-17 03:04:13.000000000 +0200 @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Core protocol implementation @@ -158,7 +158,6 @@ "aes128-cbc", "aes192-cbc", "aes256-cbc", - "blowfish-cbc", "3des-cbc", ) _preferred_macs = ( @@ -232,12 +231,6 @@ "block-size": 16, "key-size": 32, }, - "blowfish-cbc": { - "class": algorithms.Blowfish, - "mode": modes.CBC, - "block-size": 8, - "key-size": 16, - }, "aes128-cbc": { "class": algorithms.AES, "mode": modes.CBC, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/util.py new/paramiko-2.11.0/paramiko/util.py --- old/paramiko-2.10.4/paramiko/util.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/util.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Useful functions used by the rest of paramiko. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/win_openssh.py new/paramiko-2.11.0/paramiko/win_openssh.py --- old/paramiko-2.10.4/paramiko/win_openssh.py 2022-04-25 18:25:27.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/win_openssh.py 2022-05-17 03:04:13.000000000 +0200 @@ -15,26 +15,42 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import os.path +import time PIPE_NAME = r"\\.\pipe\openssh-ssh-agent" def can_talk_to_agent(): - return os.path.exists(PIPE_NAME) + # use os.listdir() instead of os.path.exists(), because os.path.exists() + # uses CreateFileW() API and the pipe cannot be reopen unless the server + # calls DisconnectNamedPipe(). + dir_, name = os.path.split(PIPE_NAME) + name = name.lower() + return any(name == n.lower() for n in os.listdir(dir_)) class OpenSSHAgentConnection: def __init__(self): - self._pipe = open(PIPE_NAME, "rb+", buffering=0) + while True: + try: + self._pipe = os.open(PIPE_NAME, os.O_RDWR | os.O_BINARY) + except OSError as e: + # retry when errno 22 which means that the server has not + # called DisconnectNamedPipe() yet. + if e.errno != 22: + raise + else: + break + time.sleep(0.1) def send(self, data): - return self._pipe.write(data) + return os.write(self._pipe, data) def recv(self, n): - return self._pipe.read(n) + return os.read(self._pipe, n) def close(self): - return self._pipe.close() + return os.close(self._pipe) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko/win_pageant.py new/paramiko-2.11.0/paramiko/win_pageant.py --- old/paramiko-2.10.4/paramiko/win_pageant.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/paramiko/win_pageant.py 2022-05-17 03:04:13.000000000 +0200 @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Functions for communicating with Pageant, the basic windows ssh agent program. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/paramiko.egg-info/PKG-INFO new/paramiko-2.11.0/paramiko.egg-info/PKG-INFO --- old/paramiko-2.10.4/paramiko.egg-info/PKG-INFO 2022-04-25 18:26:15.000000000 +0200 +++ new/paramiko-2.11.0/paramiko.egg-info/PKG-INFO 2022-05-17 03:06:27.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: paramiko -Version: 2.10.4 +Version: 2.11.0 Summary: SSH2 protocol library Home-page: https://paramiko.org Author: Jeff Forcier @@ -77,7 +77,7 @@ Classifier: Programming Language :: Python :: 3.7 Classifier: Programming Language :: Python :: 3.8 Classifier: Programming Language :: Python :: 3.9 -Provides-Extra: ed25519 +Provides-Extra: gssapi Provides-Extra: all Provides-Extra: invoke -Provides-Extra: gssapi +Provides-Extra: ed25519 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/setup_helper.py new/paramiko-2.11.0/setup_helper.py --- old/paramiko-2.10.4/setup_helper.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/setup_helper.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. # Note: Despite the copyright notice, this was submitted by John # Arbash Meinel. Thanks John! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/loop.py new/paramiko-2.11.0/tests/loop.py --- old/paramiko-2.10.4/tests/loop.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/loop.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import socket import threading diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/stub_sftp.py new/paramiko-2.11.0/tests/stub_sftp.py --- old/paramiko-2.10.4/tests/stub_sftp.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/stub_sftp.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ A stub SFTP server for loopback SFTP testing. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_auth.py new/paramiko-2.11.0/tests/test_auth.py --- old/paramiko-2.10.4/tests/test_auth.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_auth.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for authenticating over a Transport. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_buffered_pipe.py new/paramiko-2.11.0/tests/test_buffered_pipe.py --- old/paramiko-2.10.4/tests/test_buffered_pipe.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_buffered_pipe.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for BufferedPipe. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_client.py new/paramiko-2.11.0/tests/test_client.py --- old/paramiko-2.10.4/tests/test_client.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_client.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for SSHClient. @@ -41,7 +41,7 @@ from paramiko.pkey import PublicBlob from paramiko.ssh_exception import SSHException, AuthenticationException -from .util import _support, slow +from .util import _support, requires_sha1_signing, slow requires_gss_auth = unittest.skipUnless( @@ -152,7 +152,12 @@ self.sockl.close() def _run( - self, allowed_keys=None, delay=0, public_blob=None, kill_event=None + self, + allowed_keys=None, + delay=0, + public_blob=None, + kill_event=None, + server_name=None, ): if allowed_keys is None: allowed_keys = FINGERPRINTS.keys() @@ -164,6 +169,8 @@ self.socks.close() return self.ts = paramiko.Transport(self.socks) + if server_name is not None: + self.ts.local_version = server_name keypath = _support("test_rsa.key") host_key = paramiko.RSAKey.from_private_key_file(keypath) self.ts.add_server_key(host_key) @@ -179,11 +186,11 @@ """ (Most) kwargs get passed directly into SSHClient.connect(). - The exception is ``allowed_keys`` which is stripped and handed to the - ``NullServer`` used for testing. + The exceptions are ``allowed_keys``/``public_blob``/``server_name`` + which are stripped and handed to the ``NullServer`` used for testing. """ run_kwargs = {"kill_event": self.kill_event} - for key in ("allowed_keys", "public_blob"): + for key in ("allowed_keys", "public_blob", "server_name"): run_kwargs[key] = kwargs.pop(key, None) # Server setup threading.Thread(target=self._run, kwargs=run_kwargs).start() @@ -205,7 +212,9 @@ self.event.wait(1.0) self.assertTrue(self.event.is_set()) self.assertTrue(self.ts.is_active()) - self.assertEqual("slowdive", self.ts.get_username()) + self.assertEqual( + self.connect_kwargs["username"], self.ts.get_username() + ) self.assertEqual(True, self.ts.is_authenticated()) self.assertEqual(False, self.tc.get_transport().gss_kex_used) @@ -235,33 +244,39 @@ class SSHClientTest(ClientTest): + @requires_sha1_signing def test_client(self): """ verify that the SSHClient stuff works too. """ self._test_connection(password="pygmalion") + @requires_sha1_signing def test_client_dsa(self): """ verify that SSHClient works with a DSA key. """ self._test_connection(key_filename=_support("test_dss.key")) + @requires_sha1_signing def test_client_rsa(self): """ verify that SSHClient works with an RSA key. """ self._test_connection(key_filename=_support("test_rsa.key")) + @requires_sha1_signing def test_client_ecdsa(self): """ verify that SSHClient works with an ECDSA key. """ self._test_connection(key_filename=_support("test_ecdsa_256.key")) + @requires_sha1_signing def test_client_ed25519(self): self._test_connection(key_filename=_support("test_ed25519.key")) + @requires_sha1_signing def test_multiple_key_files(self): """ verify that SSHClient accepts and tries multiple key files. @@ -293,6 +308,7 @@ self.tearDown() self.setUp() + @requires_sha1_signing def test_multiple_key_files_failure(self): """ Expect failure when multiple keys in play and none are accepted @@ -306,6 +322,7 @@ allowed_keys=["ecdsa-sha2-nistp256"], ) + @requires_sha1_signing def test_certs_allowed_as_key_filename_values(self): # NOTE: giving cert path here, not key path. (Key path test is below. # They're similar except for which path is given; the expected auth and @@ -319,6 +336,7 @@ public_blob=PublicBlob.from_file(cert_path), ) + @requires_sha1_signing def test_certs_implicitly_loaded_alongside_key_filename_keys(self): # NOTE: a regular test_connection() w/ test_rsa.key would incidentally # test this (because test_xxx.key-cert.pub exists) but incidental tests @@ -336,6 +354,29 @@ ), ) + def _cert_algo_test(self, ver, alg): + # Issue #2017; see auth_handler.py + self.connect_kwargs["username"] = "somecertuser" # neuter pw auth + self._test_connection( + # NOTE: SSHClient is able to take either the key or the cert & will + # set up its internals as needed + key_filename=_support( + os.path.join("cert_support", "test_rsa.key-cert.pub") + ), + server_name="SSH-2.0-OpenSSH_{}".format(ver), + ) + assert ( + self.tc._transport._agreed_pubkey_algorithm + == "{}-cert-...@openssh.com".format(alg) + ) + + def test_old_openssh_needs_ssh_rsa_for_certs_not_rsa_sha2(self): + self._cert_algo_test(ver="7.7", alg="ssh-rsa") + + def test_newer_openssh_uses_rsa_sha2_for_certs_not_ssh_rsa(self): + # NOTE: 512 happens to be first in our list and is thus chosen + self._cert_algo_test(ver="7.8", alg="rsa-sha2-512") + def test_default_key_locations_trigger_cert_loads_if_found(self): # TODO: what it says on the tin: ~/.ssh/id_rsa tries to load # ~/.ssh/id_rsa-cert.pub. Right now no other tests actually test that @@ -469,6 +510,7 @@ kwargs = dict(self.connect_kwargs, banner_timeout=0.5) self.assertRaises(paramiko.SSHException, self.tc.connect, **kwargs) + @requires_sha1_signing def test_auth_trickledown(self): """ Failed key auth doesn't prevent subsequent pw auth from succeeding @@ -489,6 +531,7 @@ ) self._test_connection(**kwargs) + @requires_sha1_signing @slow def test_auth_timeout(self): """ @@ -591,6 +634,7 @@ host_key = paramiko.ECDSAKey.generate() self._client_host_key_bad(host_key) + @requires_sha1_signing def test_host_key_negotiation_2(self): host_key = paramiko.RSAKey.generate(2048) self._client_host_key_bad(host_key) @@ -598,6 +642,7 @@ def test_host_key_negotiation_3(self): self._client_host_key_good(paramiko.ECDSAKey, "test_ecdsa_256.key") + @requires_sha1_signing def test_host_key_negotiation_4(self): self._client_host_key_good(paramiko.RSAKey, "test_rsa.key") @@ -681,6 +726,7 @@ # instead of suffering a real connection cycle. # TODO: in that case, move the below to be part of an integration suite? + @requires_sha1_signing def test_password_kwarg_works_for_password_auth(self): # Straightforward / duplicate of earlier basic password test. self._test_connection(password="pygmalion") @@ -688,10 +734,12 @@ # TODO: more granular exception pending #387; should be signaling "no auth # methods available" because no key and no password @raises(SSHException) + @requires_sha1_signing def test_passphrase_kwarg_not_used_for_password_auth(self): # Using the "right" password in the "wrong" field shouldn't work. self._test_connection(passphrase="pygmalion") + @requires_sha1_signing def test_passphrase_kwarg_used_for_key_passphrase(self): # Straightforward again, with new passphrase kwarg. self._test_connection( @@ -699,6 +747,7 @@ passphrase="television", ) + @requires_sha1_signing def test_password_kwarg_used_for_passphrase_when_no_passphrase_kwarg_given( self ): # noqa @@ -709,6 +758,7 @@ ) @raises(AuthenticationException) # TODO: more granular + @requires_sha1_signing def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given( # noqa self ): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_config.py new/paramiko-2.11.0/tests/test_config.py --- old/paramiko-2.10.4/tests/test_config.py 2022-04-25 18:25:27.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_config.py 2022-05-17 03:04:13.000000000 +0200 @@ -207,6 +207,25 @@ assert got == expected @patch("paramiko.config.getpass") + def test_proxyjump_token_expansion(self, getpass): + getpass.getuser.return_value = "gandalf" + config = SSHConfig.from_text( + """ +Host justhost + ProxyJump jumpuser@%h +Host userhost + ProxyJump %r@%h:222 +Host allcustom + ProxyJump %r@%h:%p +""" + ) + assert config.lookup("justhost")["proxyjump"] == "jumpuser@justhost" + assert config.lookup("userhost")["proxyjump"] == "gandalf@userhost:222" + assert ( + config.lookup("allcustom")["proxyjump"] == "gandalf@allcustom:22" + ) + + @patch("paramiko.config.getpass") def test_controlpath_token_expansion(self, getpass, socket): getpass.getuser.return_value = "gandalf" config = SSHConfig.from_text( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_file.py new/paramiko-2.11.0/tests/test_file.py --- old/paramiko-2.10.4/tests/test_file.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_file.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for the BufferedFile abstraction. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_gssapi.py new/paramiko-2.11.0/tests/test_gssapi.py --- old/paramiko-2.10.4/tests/test_gssapi.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_gssapi.py 2022-05-17 03:04:13.000000000 +0200 @@ -16,7 +16,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Test the used APIs for GSS-API / SSPI authentication diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_hostkeys.py new/paramiko-2.11.0/tests/test_hostkeys.py --- old/paramiko-2.10.4/tests/test_hostkeys.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_hostkeys.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for HostKeys. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_kex.py new/paramiko-2.11.0/tests/test_kex.py --- old/paramiko-2.10.4/tests/test_kex.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_kex.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for the key exchange protocols. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_kex_gss.py new/paramiko-2.11.0/tests/test_kex_gss.py --- old/paramiko-2.10.4/tests/test_kex_gss.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_kex_gss.py 2022-05-17 03:04:13.000000000 +0200 @@ -17,7 +17,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Unit Tests for the GSS-API / SSPI SSHv2 Diffie-Hellman Key Exchange and user diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_message.py new/paramiko-2.11.0/tests/test_message.py --- old/paramiko-2.10.4/tests/test_message.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_message.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for ssh protocol message blocks. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_packetizer.py new/paramiko-2.11.0/tests/test_packetizer.py --- old/paramiko-2.10.4/tests/test_packetizer.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_packetizer.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for the ssh2 protocol in Transport. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_pkey.py new/paramiko-2.11.0/tests/test_pkey.py --- old/paramiko-2.10.4/tests/test_pkey.py 2022-04-25 18:25:27.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_pkey.py 2022-05-17 03:04:13.000000000 +0200 @@ -15,7 +15,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for public/private key objects. @@ -44,7 +44,7 @@ from mock import patch, Mock import pytest -from .util import _support, is_low_entropy +from .util import _support, is_low_entropy, requires_sha1_signing # from openssh's ssh-keygen @@ -256,6 +256,7 @@ pub = RSAKey(data=key.asbytes()) self.assertTrue(pub.verify_ssh_sig(b"ice weasels", msg)) + @requires_sha1_signing def test_sign_and_verify_ssh_rsa(self): self._sign_and_verify_rsa("ssh-rsa", SIGNED_RSA) @@ -280,6 +281,7 @@ pub = DSSKey(data=key.asbytes()) self.assertTrue(pub.verify_ssh_sig(b"ice weasels", msg)) + @requires_sha1_signing def test_generate_rsa(self): key = RSAKey.generate(1024) msg = key.sign_ssh_data(b"jerri blank") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_sftp.py new/paramiko-2.11.0/tests/test_sftp.py --- old/paramiko-2.10.4/tests/test_sftp.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_sftp.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ some unit tests to make sure sftp works. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_sftp_big.py new/paramiko-2.11.0/tests/test_sftp_big.py --- old/paramiko-2.10.4/tests/test_sftp_big.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_sftp_big.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ some unit tests to make sure sftp works well with large files. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_ssh_gss.py new/paramiko-2.11.0/tests/test_ssh_gss.py --- old/paramiko-2.10.4/tests/test_ssh_gss.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_ssh_gss.py 2022-05-17 03:04:13.000000000 +0200 @@ -17,7 +17,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Unit Tests for the GSS-API / SSPI SSHv2 Authentication (gssapi-with-mic) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_transport.py new/paramiko-2.11.0/tests/test_transport.py --- old/paramiko-2.10.4/tests/test_transport.py 2022-04-25 18:25:27.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_transport.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for the ssh2 protocol in Transport. @@ -61,7 +61,7 @@ from paramiko.py3compat import bytes, byte_chr from paramiko.message import Message -from .util import needs_builtin, _support, slow +from .util import needs_builtin, _support, requires_sha1_signing, slow from .loop import LoopSocket @@ -196,9 +196,9 @@ def test_security_options(self): o = self.tc.get_security_options() self.assertEqual(type(o), SecurityOptions) - self.assertTrue(("aes256-cbc", "blowfish-cbc") != o.ciphers) - o.ciphers = ("aes256-cbc", "blowfish-cbc") - self.assertEqual(("aes256-cbc", "blowfish-cbc"), o.ciphers) + self.assertTrue(("aes256-cbc", "aes192-cbc") != o.ciphers) + o.ciphers = ("aes256-cbc", "aes192-cbc") + self.assertEqual(("aes256-cbc", "aes192-cbc"), o.ciphers) try: o.ciphers = ("aes256-cbc", "made-up-cipher") self.assertTrue(False) @@ -1289,6 +1289,7 @@ # are new tests in test_pkey.py which use known signature blobs to prove # the SHA2 family was in fact used! + @requires_sha1_signing def test_base_case_ssh_rsa_still_used_as_fallback(self): # Prove that ssh-rsa is used if either, or both, participants have SHA2 # algorithms disabled @@ -1411,6 +1412,7 @@ ) as (tc, ts, err): assert isinstance(err, AuthenticationException) + @requires_sha1_signing def test_ssh_rsa_still_used_when_sha2_disabled(self): privkey = RSAKey.from_private_key_file(_support("test_rsa.key")) # NOTE: this works because key obj comparison uses public bytes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/test_util.py new/paramiko-2.11.0/tests/test_util.py --- old/paramiko-2.10.4/tests/test_util.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/test_util.py 2022-05-17 03:04:13.000000000 +0200 @@ -14,7 +14,7 @@ # # You should have received a copy of the GNU Lesser General Public License # along with Paramiko; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. """ Some unit tests for utility functions. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/paramiko-2.10.4/tests/util.py new/paramiko-2.11.0/tests/util.py --- old/paramiko-2.10.4/tests/util.py 2022-04-25 18:22:40.000000000 +0200 +++ new/paramiko-2.11.0/tests/util.py 2022-05-17 03:04:13.000000000 +0200 @@ -9,6 +9,10 @@ from paramiko.py3compat import builtins, PY2 from paramiko.ssh_gss import GSS_AUTH_AVAILABLE +from cryptography.exceptions import UnsupportedAlgorithm, _Reasons +from cryptography.hazmat.backends import default_backend +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import padding, rsa tests_dir = dirname(realpath(__file__)) @@ -144,3 +148,31 @@ # I don't see a way to tell internally if the hash seed was set this # way, but env should be plenty sufficient, this is only for testing. return is_32bit and os.environ.get("PYTHONHASHSEED", None) == "0" + + +def sha1_signing_unsupported(): + """ + This is used to skip tests in environments where SHA-1 signing is + not supported by the backend. + """ + private_key = rsa.generate_private_key( + public_exponent=65537, key_size=2048, backend=default_backend() + ) + message = b"Some dummy text" + try: + private_key.sign( + message, + padding.PSS( + mgf=padding.MGF1(hashes.SHA1()), + salt_length=padding.PSS.MAX_LENGTH, + ), + hashes.SHA1(), + ) + return False + except UnsupportedAlgorithm as e: + return e._reason is _Reasons.UNSUPPORTED_HASH + + +requires_sha1_signing = unittest.skipIf( + sha1_signing_unsupported(), "SHA-1 signing not supported" +) ++++++ paramiko-pr1655-remove-pytest-relaxed.patch ++++++ --- /var/tmp/diff_new_pack.3dlrsJ/_old 2022-05-30 12:43:20.568342013 +0200 +++ /var/tmp/diff_new_pack.3dlrsJ/_new 2022-05-30 12:43:20.572342018 +0200 @@ -15,11 +15,11 @@ tests/test_client.py | 20 ++++++++++---------- 3 files changed, 10 insertions(+), 14 deletions(-) -Index: paramiko-2.8.0/tests/test_client.py +Index: paramiko-2.11.0/tests/test_client.py =================================================================== ---- paramiko-2.8.0.orig/tests/test_client.py -+++ paramiko-2.8.0/tests/test_client.py -@@ -33,7 +33,7 @@ import warnings +--- paramiko-2.11.0.orig/tests/test_client.py 2022-05-17 03:04:13.000000000 +0200 ++++ paramiko-2.11.0/tests/test_client.py 2022-05-26 22:57:20.216831045 +0200 +@@ -33,7 +33,7 @@ import weakref from tempfile import mkstemp @@ -28,11 +28,12 @@ from mock import patch, Mock import paramiko -@@ -687,10 +687,10 @@ class PasswordPassphraseTests(ClientTest +@@ -733,11 +733,11 @@ # TODO: more granular exception pending #387; should be signaling "no auth # methods available" because no key and no password - @raises(SSHException) + @requires_sha1_signing def test_passphrase_kwarg_not_used_for_password_auth(self): - # Using the "right" password in the "wrong" field shouldn't work. - self._test_connection(passphrase="pygmalion") @@ -40,13 +41,14 @@ + # Using the "right" password in the "wrong" field shouldn't work. + self._test_connection(passphrase="pygmalion") + @requires_sha1_signing def test_passphrase_kwarg_used_for_key_passphrase(self): - # Straightforward again, with new passphrase kwarg. -@@ -708,14 +708,14 @@ class PasswordPassphraseTests(ClientTest +@@ -757,15 +757,15 @@ password="television", ) - @raises(AuthenticationException) # TODO: more granular + @requires_sha1_signing def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given( # noqa self ):