Log message:
fighting a losing battle against py-cryptography rustification, part 2

Switch users to versioned_dependencies.mk.

Log message:
py-paramiko: updated to 2.11.0

2.11.0 2022-05-16
[Feature]: Add SSH config token expansion (eg %h, %p) when parsing ProxyJump \ 
directives. Patch courtesy of Bruno Inec.
[Support]: Apply unittest skipIf to tests currently using SHA1 in their critical \ 
path, to avoid failures on systems starting to disable SHA1 outright in their \ 
crypto backends (eg RHEL 9). Report & patch via Paul Howarth.
[Support]: Update camelCase method calls against the threading module to be \ 
snake_case; this and related tweaks should fix some deprecation warnings under \ 
Python 3.10. Thanks to Karthikeyan Singaravelan for the report, \ 
@Narendra-Neerukonda for the patch, and to Thomas Grainger and Jun Omae for \ 
patch workshopping.
[Support]: Recent versions of Cryptography have deprecated Blowfish algorithm \ 
support; in lieu of an easy method for users to remove it from the list of \ 
algorithms Paramiko tries to import and use, we’ve decided to remove it from \ 
our “preferred algorithms” list. This will both discourage use of a weak \ 
algorithm, and avoid warnings. Credit for report/patch goes to Mike Roest.

Log message:
py-paramiko: updated to 2.10.4

2.10.4 2022-04-25

[Bug]: Servers offering certificate variants of hostkey algorithms (eg \ 
ssh-rsa-cert-v01@openssh.com) could not have their host keys verified by \ 
Paramiko clients, as it only ever considered non-cert key types for that part of \ 
connection handshaking. This has been fixed.
[Bug]: PKey instances’ __eq__ did not have the usual safety guard in place to \ 
ensure they were being compared to another PKey object, causing occasional \ 
spurious BadHostKeyException (among other things). This has been fixed. Thanks \ 
to Shengdun Hua for the original report/patch and to Christopher Papke for the \ 
final version of the fix.
[Support]: Update camelCase method calls against the threading module to be \ 
snake_case; this and related tweaks should fix some deprecation warnings under \ 
Python 3.10. Thanks to Karthikeyan Singaravelan for the report, \ 
@Narendra-Neerukonda for the patch, and to Thomas Grainger and Jun Omae for \ 
patch workshopping.

Log message:
*: convert to versioned_dependencies for py-cryptography

Log message:
*: bump PKGREVISION for egg.mk users

They now have a tool dependency on py-setuptools instead of a DEPENDS

Log message:
py-paramiko: updated to 2.8.1

2.8.1 2021-11-28
[Bug]: (also 908) Update PKey and subclasses to compare (__eq__) via direct \ 
field/attribute comparison instead of hashing (while retaining the existing \ 
behavior of __hash__ via a slight refactor). Big thanks to Josh Snyder and Jun \ 
Omae for the reports, and to Josh Snyder for reproduction details & patch.

Warning
This fixes a security flaw! If you are running Paramiko on 32-bit systems with \ 
low entropy (such as any 32-bit Python 2, or a 32-bit Python 3 which is running \ 
with PYTHONHASHSEED=0) it is possible for an attacker to craft a new keypair \ 
from an exfiltrated public key, which Paramiko would consider equal to the \ 
original key.

This could enable attacks such as, but not limited to, the following:

Paramiko server processes would incorrectly authenticate the attacker (using \ 
their generated private key) as if they were the victim. We see this as the most \ 
plausible attack using this flaw.
Paramiko client processes would incorrectly validate a connected server (when \ 
host key verification is enabled) while subjected to a man-in-the-middle attack. \ 
This impacts more users than the server-side version, but also carries higher \ 
requirements for the attacker, namely successful DNS poisoning or other MITM \ 
techniques.
[Bug] 1257: (also 1266) Update RSA and ECDSA key decoding subroutines to \ 
correctly catch exception types thrown by modern versions of Cryptography \ 
(specifically TypeError and its internal UnsupportedAlgorithm). These exception \ 
classes will now become SSHException instances instead of bubbling up. Thanks to \ 
Ignat Semenov for the report and @tylergarcianet for an early patch.
[Bug] 1024: Deleting items from HostKeys would incorrectly raise KeyError even \ 
for valid keys, due to a logic bug. This has been fixed. Report & patch \ 
credit: Jia Zhang.
[Bug] 985: (via 992) Fix listdir failure when server uses a locale. Now on \ 
Python 2.7 SFTPAttributes will decode abbreviated month names correctly rather \ 
than raise UnicodeDecodeError`. Patch courtesy of Martin Packman.

Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2

Log message:
py-paramiko: updated to 2.8.0

2.8.0 2021-10-09
[Feature] Add a prefetch keyword argument to SFTPClient.get/SFTPClient.getfo so \ 
users who need to skip SFTP prefetching are able to conditionally turn it off. \ 
Thanks to Github user @h3ll0r for the PR.
[Bug] Newer server-side key exchange algorithms not intended to use SHA1 \ 
(diffie-hellman-group14-sha256, diffie-hellman-group16-sha512) were incorrectly \ 
using SHA1 after all, due to a bug causing them to ignore the hash_algo class \ 
attribute. This has been corrected. Big thanks to @miverson for the report and \ 
to Benno Rice for the patch.
[Support] Remove leading whitespace from OpenSSH RSA test suite static key \ 
fixture, to conform better to spec. Credit: Alex Gaynor.
[Support] Add missing test suite fixtures directory to MANIFEST.in, reinstating \ 
the ability to run Paramiko’s tests from an sdist tarball. Thanks to Sandro \ 
Tosi for reporting the issue and to Blazej Michalik for the PR.
[Support]: Update our CI to catch issues with sdist generation, installation and \ 
testing.
[Support]: Administrivia overhaul, including but not limited to:
Migrate CI to CircleCI
Primary dev branch is now main (renamed)
Many README edits for clarity, modernization etc; including a bunch more (and \ 
consistent) status badges & unification with main project site index
PyPI page much more fleshed out (long_description is now filled in with the \ 
README; sidebar links expanded; etc)
flake8, pytest configs split out of setup.cfg into their own files
Invoke/invocations (used by maintainers/contributors) upgraded to modern versions

Log message:
security: Remove SHA1 hashes for distfiles

Log message:
py-paramiko: updated to 2.7.2

2.7.2:
[Bug] Fix incorrectly swapped order of p and q numbers when loading \ 
OpenSSH-format RSA private keys. At minimum this should address a slowdown when \ 
using such keys, and it also means Paramiko works with Cryptography 3.1 and \ 
above (which complains strenuously when this problem appears). Thanks to Alex \ 
Gaynor for the patch.
[Bug]: Fix incorrect string formatting causing unhelpful error message \ 
annotation when using Kerberos/GSSAPI. (Thanks, newer version of flake8!)
[Support] Remove leading whitespace from OpenSSH RSA test suite static key \ 
fixture, to conform better to spec. Credit: Alex Gaynor.
[Support] Add missing test suite fixtures directory to MANIFEST.in, reinstating \ 
the ability to run Paramiko’s tests from an sdist tarball. Thanks to Sandro \ 
Tosi for reporting the issue and to Blazej Michalik for the PR.
[Support]: Update our CI to catch issues with sdist generation, installation and \ 
testing.