python-paramiko-2.4.2-bp152.3.1

- paramiko-fix-1169489.patch: fixed fallout from last patch (bsc#1169489)

- add-support-for-new-OpenSSH-private-key-format.patch:
  Add support for new OpenSSH >= 7.8p1 private key format  (bsc#1166758)

- add disable-gssapi.patch - workaround for boo#1115769

- update to 2.4.2
- refresh paramiko-test_extend_timeout.patch
  * Fix exploit (CVE pending) in Paramiko's server mode (not client mode)
    where hostile clients could trick the server into thinking they were
    authenticated without actually submitting valid authentication.
  * Modify protocol message handling such that Transport does not respond
    to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED
  * Updated SSHConfig.lookup <paramiko.config.SSHConfig.lookup> so it returns
    a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict)
    in lieu of dict literals.

- add paramiko-test_extend_timeout.patch (bsc#1085529)
  extend timeout in testsuite to pass on ppc64le

update to version 2.4.1 (bsc#1085276, CVE-2018-7750):
  * changelog: update for #1039 / #1051
  * Screen off dev version of Python from test matrix
  * ensure ed25519 password is bytes
  * Cut 2.0.8
  * Cut 2.3.2
  * Initial tests proving CVE-2018-7750 / #1175
  * Guess something else added this prior to the merge
  * Fixes CVE-2018-7750 / #1175
  * Uncaught typo in test suite
  * Initial tests proving CVE-2018-7750 / #XXX
  * Test proving #1039 / efficacy of #1051
  * Changelog closes #1175
  * Cut 2.1.5
  * Allow overriding test client connect kwargs in Transport test suite
  * Cut 2.4.1
  * Fixes CVE-2018-7750 / #XXX
  * Cut 2.2.3
  * flake8

- update to 2.4.0
  + new pytest based testsuite
  * dd a new passphrase kwarg to SSHClient.connect so users may disambiguate
    key-decryption passphrases from password-auth passwords.
  * Drop Python 2.6 and Python 3.3 support

- update to 2.3.1
  + cert_support.tar.gz - missing test certificates for testsuite
  * Certificate support broke the no-certificate case for Ed25519 keys
    (symptom is an AttributeError about public_blob.) This went uncaught
    due to cert autoload behavior (i.e. our test suite never actually ran
    the no-cert case, because the cert existed!) Both issues have been fixed.
  * Implement basic client-side certificate authentication
    (as per the OpenSSH vendor extension.)
  * Added pre-authentication banner support for the server interface
    (ServerInterface.get_banner plus related support in Transport/AuthHandler.)
  * Update Ed25519Key so its constructor offers the same file_obj parameter
    as its sibling key classes.
  * Add a gss_trust_dns option to Client and Transport to allow explicitly
    setting whether or not DNS canonicalization should occur when using GSSAPI.
  * Paramiko originally defaulted to zlib compression level 9
    (when one connects with compression=True; it defaults to off.) This has been
    found to be quite wasteful and tends to cause much longer transfers in most
    cases, than is necessar
  * Enhance documentation around the new SFTP.posix_rename method
    so it?s referenced in the ?standard? rename method for increased visibility.
  * Modify logic around explicit disconnect messages, and unknown-channel situations,
    so that they rely on centralized shutdown code instead of running their own.
    This is at worst removing some unnecessary code, and may help with some
    situations where Paramiko hangs at the end of a session.
  * Display exception type and message when logging auth-rejection messages
    (ones reading Auth rejected: unsupported or mangled public key); previously
    this error case had a bare except and did not display exactly why the key
    failed.
  * Ed25519 keys never got proper API documentation support; this has been fixed.
  * Update how we use Cryptography?s signature/verification methods
    so we aren?t relying on a deprecated API.

- update to 2.2.2:
  * SSHClient now requests the type of host key it has (e.g. from known_hosts)
    and does not consider a different type to be a ?Missing? host key.
    This fixes a common case where an ECDSA key is in known_hosts and the server
    also has an RSA host key.
  * Fix up host-key checking in our GSSAPI support, which was previously
    using an incorrect API call
  * Fix key exchange (kex) algorithm list for GSSAPI authentication;
    reviously, the list used solely out-of-date algorithms, and now contains
    newer ones listed preferentially before the old
  * Clean up GSSAPI authentication procedures so they do not prevent normal
    fallback to other authentication methods on failure.
  * Add rekeying support to GSSAPI connections, which was erroneously missing.

- update to 2.2.1:
  * Missed a spot
  * Update .travis.yml
  * Whitespace
  * Having this in a mini-toctree made the nav look funny and is also just unintuitive
  * Changelog re #471, re #65
  * these are bytes
  * changelog: update for #990 and #993
  * ecdh kex support
  * flake8/whitespace
  * Trailing comma
  * Add test for posix-rename@openssh.com extension for SFTP client
  * Changelog re #921
  * Add a note about new Python-level deps to changelog re: Ed25519 support
  * Add method for "posix-rename@openssh.com" extension for SFTP client.
  * Add IOError in posix-rename@openssh.com test for python 2 support.
  * this isnt bytes
  * Added a auth_timeout to handle situations where SSH server stops responding during auth.
  * small cleanups
  * More changelog flimflammery
  * Added changelog entry
  * python 3 compatibility
  * Incorrect comparison, should be <=
  * DDD re #857
  * Improve __hash__ functions
  * Hrm that should always have been an h1
  * No idea how this got past all the earlier flake8 work...
  * comments
  * Fixed test to support python 2.6
  * Note ecdh-sha2 preferred-kex placement in changelog entry for #951, re #983
  * Changelog language tweaks
  * Reorder cipher and key preferences to make more sense
  * Added a test to check that the auth_timeout argument is passed through and applied.
  * Changelog tweak
  * Cut 2.2.1
  * transport: change order of preferred kex and hmac algorithms
  * need bcrypt >= 3.1.3 for kdf() ignore_few_rounds kwarg
  * Changelog re #972, re #325, closes #325
  * cleanup/simplify auth_timeout tests
  * Missed a merge conflict lolol
  * flake8
  * Changelog re #951
  * Perplexed at why flake8 did not report this earlier
  * Add Python 3.6 to classifiers
  * Add support for posix-rename@openssh.com for the SFTP server side and fix tests accordingly.
  * sphinx nitpick fixes
  * Fixed encoding/decoding of the public key on the wire
  * Added test for authentication timeout from a non-responsive server
  * refactor files
  * fixed comment + consistency
  * Changelog re #857
  * Cut 2.2.0
  * integration test, with ourselves
  * TODO
  * That was easy. Closes #857
  * Add sanity note to changelog re #869
  * Unit tests
  * Fixes #325 -- add support for Ed25519 keys
  * Happy New Year
  * implement __hash__() method for Ed25519Key
  * pep8
  * Increased auth_timeout to 30 seconds
  * py3k
  * fixed long line
  * Link to the spec
  * set a minimum version
  * Support decrypting keys
  * Failing test proving need for #857
- move demos/ to extra -doc package

- update to 2.1.3
  * Make util.log_to_file append instead of replace.
  * SSHClient and Transport could cause a memory leak if there?s a connection
  problem or protocol error, even if Transport.close() is called.
  * Prior support for ecdsa-sha2-nistp(384|521) algorithms didn?t fully extend
  to covering host keys, preventing connection to hosts which only offer
  these key types and no others. This is now fixed.
  * Prefer newer ecdsa-sha2-nistp keys over RSA and DSA keys during host key
  selection. This improves compatibility with OpenSSH, both in terms of general
  behavior, and also re: ability to properly leverage OpenSSH-modified
  known_hosts files.
  * The RC4/arcfour family of ciphers has been broken since version 2.0; but since
  the algorithm is now known to be completely insecure, we are opting
  to remove support outright instead of fixing it.
  * Move sha1 above the now-arguably-broken md5 in the list of preferred MAC
  algorithms, as an incremental security improvement for users whose target
  systems offer both.
  * Writing encrypted/password-protected private key files was silently broken
  since 2.0 due to an incorrect API call
    Includes a directly related fix, namely adding the ability to read AES-256-CBC
  ciphered private keys (which is now what we tend to write out as it is
  Cryptography?s default private key cipher.)
  * Allow any type implementing the buffer API to be used with BufferedFile,
  Channel, and SFTPFile. This resolves a regression introduced in 1.13
  with the Python 3 porting changes, when using types such as memoryview.
  * Enhance default cipher preference order such that aes(192|256)-cbc are preferred
  over blowfish-cbc.
  * SSHClient now requests the type of host key it has (e.g. from known_hosts)
  and does not consider a different type to be a ?Missing? host key. This fixes
  a common case where an ECDSA key is in known_hosts and the server also has
  an RSA host key.
  * Overhaul the codebase to be PEP-8

- Implement single-spec version.

- Fix version setting for cryptography for build

- Add python-pyasn1 as Buildrequires for testing

- update to 2.1.2
  * Fix a bug in server-mode concerning multiple interactive auth steps
  * SSHClient now gives its internal Transport a handle on itself, preventing
    garbage collection of the client until the session is closed. Without this,
    some code which returns stream or transport objects without the client that
    generated them, would result in premature session closure
    when the client was GCd
  * Avoid test suite exceptions on platforms lacking errno.ETIME
  * weak how RSAKey.__str__ behaves so it doesn?t cause TypeError under Python 3.

- update to 2.1.1
  * A tweak to the original patch implementing gh#398 was not fully applied,
    causing calls to ~paramiko.client.SSHClient.invoke_shell to fail with
    AttributeError. This has been fixed.
  * Fix the implementation of PKey.write_private_key_file (this method is only
    publicly defined on subclasses; the fix was in the private real
    implementation) so it passes the correct params to open()
  * Add an optional timeout parameter to Transport.start_clienti
    <paramiko.transport.Transport.start_client> (and feed it the value of the
    configured connection timeout when used within SSHClient
    <paramiko.client.SSHClient>.)
  * Catch AssertionError thrown by Cryptography when attempting to load bad
    ECDSA keys, turning it into an SSHException.
  * Add a missing .closed attribute (plus ._closed because reasons) to
    ProxyCommand <paramiko.proxy.ProxyCommand>
  * Make the subprocess import in proxy.py lazy so users on platforms without
    it (such as Google App Engine) can import Paramiko successfully
  * Fix incorrect docstring/param-list for Transport.auth_gssapi_keyex
    <paramiko.transport.Transport.auth_gssapi_keyex> so it matches
    the real signature.
  * Add an environment dict argument to Client.exec_command

- Fix Requires for python-cryptography
- Add missing Requires for python-pyasn1

- update to 2.0.2
  * [Bug] #758: Apply type definitions to _winapi module from
    jaraco.windows 3.6.1. This should address issues on Windows platforms
    that often result in errors like ArgumentError: [...] int too long to
    convert. Thanks to @swohlerLL for the report and Jason R. Coombs for the
    patch.
  * [Bug] #774: Add a _closed private attribute to Channel objects so that
    they continue functioning when used as proxy sockets under Python 3 (e.g.
    as direct-tcpip gateways for other Paramiko connections.)
  * [Bug] #673: (via #681) Fix protocol banner read errors (SSHException)
    which would occasionally pop up when using ProxyCommand gatewaying.
    Thanks to @Depado for the initial report and Paul Kapp for the fix.

- updated homepage URL
- update to 2.0.1:
  * [Bug] #537: Fix a bug in BufferedPipe.set_event which could cause
    deadlocks/hangs when one uses select.select against Channel objects (or
    otherwise calls Channel.fileno after the channel has closed).
  * [Bug] #520: (Partial fix) Fix at least one instance of race condition
    driven threading hangs at end of the Python interpreter session.
    (Includes a docs update as well - always make sure to .close() your
    clients!)

- fix build