Log message:
py-paramiko: updated to 2.6.0

2.6.0:
Add a new keyword argument to SSHClient.connect and Transport, \ 
disabled_algorithms, which allows selectively disabling one or more \ 
kex/key/cipher/etc algorithms. This can be useful when disabling algorithms your \ 
target server (or client) does not support cleanly, or to work around unpatched \ 
bugs in Paramiko’s own implementation thereof.

SSHClient.exec_command previously returned a naive ChannelFile object for its \ 
stdin value; such objects don’t know to properly shut down the remote end’s \ 
stdin when they .close(). This lead to issues (such as hangs) when running \ 
remote commands that read from stdin.

Add backwards-compatible support for the gssapi GSSAPI library, as the previous \ 
backend (python-gssapi) has since become defunct. This change also includes \ 
tests for the GSSAPI functionality.

Tweak many exception classes so their string representations are more \ 
human-friendly; this also includes incidental changes to some super() calls.

Log message:
py-paramiko: updated to 2.5.0

2.5.0:
[Feature] Updated SSHConfig.lookup so it returns a new, type-casting-friendly \ 
dict subclass (SSHConfigDict) in lieu of dict literals. This ought to be \ 
backwards compatible, and allows an easier way to check boolean or int type \ 
ssh_config values.

[Feature] Add support for Curve25519 key exchange (aka curve25519-sha256@libssh.org).

[Feature] Add support for encrypt-then-MAC (ETM) schemes \ 
(hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com) and two newer \ 
Diffie-Hellman group key exchange algorithms (group14, using SHA256; and \ 
group16, using SHA512). Patch courtesy of Edgar Sousa.

[Support] Update our install docs with (somewhat) recently added additional \ 
dependencies; we previously only required Cryptography, but the docs never got \ 
updated after we incurred bcrypt and pynacl requirements for Ed25519 key \ 
support.

Additionally, pyasn1 was never actually hard-required; it was necessary during a \ 
development branch, and is used by the optional GSSAPI support, but is not \ 
required for regular installation. Thus, it has been removed from our setup.py \ 
and its imports in the GSSAPI code made optional.

[Support] Add *.pub files to the MANIFEST so distributed source packages contain \ 
some necessary test assets. Credit: Alexander Kapshuna.

[Support] Add support for the modern (as of Python 3.3) import location of \ 
MutableMapping (used in host key management) to avoid the old location becoming \ 
deprecated in Python 3.8.
[Support] Raise Cryptography dependency requirement to version 2.5 (from 1.5) \ 
and update some deprecated uses of its API.

Log message:
py-paramiko: updated to 2.4.2

2.4.2:
Fix exploit (CVE pending) in Paramiko’s server mode (not client mode) where \ 
hostile clients could trick the server into thinking they were authenticated \ 
without actually submitting valid authentication.

Specifically, steps have been taken to start separating client and server \ 
related message types in the message handling tables within Transport and \ 
AuthHandler; this work is not complete but enough has been performed to close \ 
off this particular exploit (which was the only obvious such exploit for this \ 
particular channel).

Modify protocol message handling such that Transport does not respond to \ 
MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED. This behavior probably \ 
didn’t cause any outright errors, but it doesn’t seem to conform to the RFCs \ 
and could cause (non-infinite) feedback loops in some scenarios (usually those \ 
involving Paramiko on both ends).
Add *.pub files to the MANIFEST so distributed source packages contain some \ 
necessary test assets. Credit: Alexander Kapshuna.
Backport pytest support and application of the black code formatter (both of \ 
which previously only existed in the 2.4 branch and above) to everything 2.0 and \ 
newer. This makes back/forward porting bugfixes significantly easier.
Backport changes from 979 (added in Paramiko 2.3) to Paramiko 2.0-2.2, using \ 
duck-typing to preserve backwards compatibility. This allows these older \ 
versions to use newer Cryptography sign/verify APIs when available, without \ 
requiring them (as is the case with Paramiko 2.3+).

Log message:
py-paramiko: BUILD_DEPENDS -> TEST_DEPENDS

Log message:
Added missing patch

Log message:
py-paramiko: updated to 2.4.1

2.4.1:
[Bug] Ed25519 auth key decryption raised an unexpected exception when given a \ 
unicode password string (typical in python 3). Report by Theodor van Nahl and \ 
fix by Pierce Lopez.
[Bug] Add newer key classes for Ed25519 and ECDSA to paramiko.__all__ so that \ 
code introspecting that attribute, or using from paramiko import * (such as some \ 
IDEs) sees them. Thanks to @patriksevallius for the patch.
[Bug] Fix a security flaw (CVE-2018-7750) in Paramiko’s server mode (emphasis \ 
on server mode; this does not impact client use!) where authentication status \ 
was not checked before processing channel-open and other requests typically only \ 
sent after authenticating. Big thanks to Matthijs Kooijman for the report.

Log message:
py-paramiko: updated to 2.4.0

2.4.0:

[Feature]: Add a new passphrase kwarg to SSHClient.connect so users may \ 
disambiguate key-decryption passphrases from password-auth passwords. (This is a \ 
backwards compatible change; password will still pull double duty as a \ 
passphrase when passphrase is not given.)
[Support]: Drop Python 2.6 and Python 3.3 support; now only 2.7 and 3.4+ are \ 
supported. If you’re unable to upgrade from 2.6 or 3.3, please stick to the \ 
Paramiko 2.3.x (or below) release lines.
[Support]: Include LICENSE file in wheel archives.
[Support]: Updated the test suite & related docs/metadata/config to be \ 
compatible with pytest instead of using the old, custom, crufty unittest-based \ 
test.py.

This includes marking known-slow tests (mostly the SFTP ones) so they can be \ 
filtered out by inv test‘s default behavior; as well as other minor tweaks to \ 
test collection and/or display (for example, GSSAPI tests are collected, but \ 
skipped, instead of not even being collected by default as in test.py.)

[Support]: Update tearDown of client test suite to avoid hangs due to eternally \ 
blocking accept() calls on the internal server thread (which can occur when test \ 
code raises an exception before actually connecting to the server.)

Log message:
Updated HOMEPAGE

Log message:
py-paramiko: update to 2.3.1

2.3.1:
[Bug] 1071: Certificate support broke the no-certificate case for Ed25519 keys \ 
(symptom is an AttributeError about public_blob.) This went uncaught due to cert \ 
autoload behavior (i.e. our test suite never actually ran the no-cert case, \ 
because the cert existed!) Both issues have been fixed. Thanks to John Hu for \ 
the report.

Log message:
Upgrade py-paramiko from 1.15.3 to 1.18.2.

Pkgsrc changes:
Adapt PLIST.

Upstream changes:

1.18.2 2017-02-20
  [Bug] #895: Fix a bug in server-mode concerning multiple interactive
     auth steps (which were incorrectly responded to). Thanks to Dennis
     Kaarsemaker for catch & patch.
  [Bug] #713: (via #714 and #889) Don't pass initialization vectors
     to PyCrypto when dealing with counter-mode ciphers; newer PyCrypto
     versions throw an exception otherwise (older ones simply ignored
     this parameter altogether). Thanks to @jmh045000 for report &
     patches.
  [Bug] #44: (via #891) SSHClient now gives its internal Transport
     a handle on itself, preventing garbage collection of the client
     until the session is closed. Without this, some code which returns
     stream or transport objects without the client that generated
     them, would result in premature session closure when the client
     was GCd. Credit: @w31rd0 for original report, Omer Anson for the
     patch.
  [Bug] #862: (via #863) Avoid test suite exceptions on platforms
    lacking errno.ETIME (which seems to be some FreeBSD and some
    Windows environments.) Thanks to Sofian Brabez.
  [Bug] #853: Tweak how RSAKey.__str__ behaves so it doesn't
    cause TypeError under Python 3. Thanks to Francisco Couzo for
    the report.
  [Support] #866: (also #838) Remove an old test-related file we
    don't support, and add PyPy to Travis-CI config. Thanks to
    Pierce Lopez for the final patch and Pedro Rodrigues for an
    earlier edition.

1.18.1 2016-12-12
  [Bug] #859: (via #860) A tweak to the original patch implementing
    #398 was not fully applied, causing calls to invoke_shell to
    fail with AttributeError. This has been fixed. Patch credit:
    Kirk Byers.

1.18.0 2016-12-09
  [Feature] #398: Add an environment dict argument to
    Client.exec_command (plus the lower level Channel.update_environment
    and Channel.set_environment_variable methods) which implements
    the env SSH message type. This means the remote shell environment
    can be set without the use of VARNAME=value shell tricks,
    provided the server's AcceptEnv lists the variables you need
    to set. Thanks to Philip Lorenz for the pull request.
  [Feature] #780: (also #779, and may help users affected by
    #520) Add an optional timeout parameter to Transport.start_client
    (and feed it the value of the configured connection timeout
    when used within SSHClient.) This helps prevent situations
    where network connectivity isn't timing out, but the remote
    server is otherwise unable to service the connection in a timely
    manner. Credit to @sanseihappa.
  [Support] #819: Document how lacking gmp headers at install
    time can cause a significant performance hit if you build
    PyCrypto from source. (Most system-distributed packages already
    have this enabled.)
  [Support] #854: Fix incorrect docstring/param-list for
    Transport.auth_gssapi_keyex so it matches the real signature.
    Caught by @Score_Under.
  [Support] #792: Minor updates to the README and demos; thanks to Alan Yee.
  [Support] #801: Skip a Unix-only test when on Windows; thanks to Gabi Davar.

For pre-1.18.0 changes, see
  http://www.paramiko.org/changelog.html