Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.

Log message:
py-paramiko: updated to 2.7.1

2.7.1:
[Bug] Fix a bug in support for ECDSA keys under the newly supported OpenSSH key \ 
format. Thanks to Pierce Lopez for the patch.
[Bug] The new-style private key format (added in 2.7) suffered from an unpadding \ 
bug which had been fixed earlier for Ed25519 (as that key type has always used \ 
the newer format). That fix has been refactored and applied to the base key \ 
class, courtesy of Pierce Lopez.

2.7.0:
[Feature]: Add new convenience classmethod constructors to SSHConfig: from_text, \ 
from_file, and from_path. No more annoying two-step process!
[Feature] Implement most ‘canonical hostname’ ssh_config functionality \ 
(CanonicalizeHostname, CanonicalDomains, CanonicalizeFallbackLocal, and \ 
CanonicalizeMaxDots; CanonicalizePermittedCNAMEs has not yet been implemented). \ 
All were previously silently ignored. Reported by Michael Leinartas.
[Feature] Implement support for the Match keyword in ssh_config files. \ 
Previously, this keyword was simply ignored & keywords inside such blocks \ 
were treated as if they were part of the previous block. Thanks to Michael \ 
Leinartas for the initial patchset.

Note
This feature adds a new optional install dependency, Invoke, for managing Match \ 
exec subprocesses.

[Feature]: A couple of outright SSHConfig parse errors were previously \ 
represented as vanilla Exception instances; as part of recent feature work a \ 
more specific exception class, ConfigParseError, has been created. It is now \ 
also used in those older spots, which is naturally backwards compatible.
[Feature] Implement support for OpenSSH 6.5-style private key files (typically \ 
denoted as having BEGIN OPENSSH PRIVATE KEY headers instead of PEM format’s \ 
BEGIN RSA PRIVATE KEY or similar). If you were getting any sort of weird auth \ 
error from “modern” keys generated on newer operating system releases (such \ 
as macOS Mojave), this is the first update to try.

Major thanks to everyone who contributed or tested versions of the patch, \ 
including but not limited to: Kevin Abel, Michiel Tiller, Pierce Lopez, and \ 
Jared Hobbs.

[Bug]: Perform deduplication of IdentityFile contents during ssh_config parsing; \ 
previously, if your config would result in the same value being encountered more \ 
than once, IdentityFile would contain that many copies of the same string.
[Bug]: Paramiko’s use of subprocess for ProxyCommand support is conditionally \ 
imported to prevent issues on limited interpreter platforms like Google Compute \ 
Engine. However, any resulting ImportError was lost instead of preserved for \ 
raising (in the rare cases where a user tried leveraging ProxyCommand in such an \ 
environment). This has been fixed.
[Bug]: ssh_config token expansion used a different method of determining the \ 
local username ($USER env var), compared to what the (much older) client \ 
connection code does (getpass.getuser, which includes $USER but may check other \ 
variables first, and is generally much more comprehensive). Both modules now use \ 
getpass.getuser.
[Support]: Explicitly document which ssh_config features we currently support. \ 
Previously users just had to guess, which is simply no good.
[Support]: Additional installation extras_require “flavors” (ed25519, \ 
invoke, and all) have been added to our packaging metadata; see the install docs \ 
for details.

Log message:
py-paramiko: updated to 2.6.0

2.6.0:
Add a new keyword argument to SSHClient.connect and Transport, \ 
disabled_algorithms, which allows selectively disabling one or more \ 
kex/key/cipher/etc algorithms. This can be useful when disabling algorithms your \ 
target server (or client) does not support cleanly, or to work around unpatched \ 
bugs in Paramiko’s own implementation thereof.

SSHClient.exec_command previously returned a naive ChannelFile object for its \ 
stdin value; such objects don’t know to properly shut down the remote end’s \ 
stdin when they .close(). This lead to issues (such as hangs) when running \ 
remote commands that read from stdin.

Add backwards-compatible support for the gssapi GSSAPI library, as the previous \ 
backend (python-gssapi) has since become defunct. This change also includes \ 
tests for the GSSAPI functionality.

Tweak many exception classes so their string representations are more \ 
human-friendly; this also includes incidental changes to some super() calls.

Log message:
py-paramiko: updated to 2.5.0

2.5.0:
[Feature] Updated SSHConfig.lookup so it returns a new, type-casting-friendly \ 
dict subclass (SSHConfigDict) in lieu of dict literals. This ought to be \ 
backwards compatible, and allows an easier way to check boolean or int type \ 
ssh_config values.

[Feature] Add support for Curve25519 key exchange (aka curve25519-sha256@libssh.org).

[Feature] Add support for encrypt-then-MAC (ETM) schemes \ 
(hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com) and two newer \ 
Diffie-Hellman group key exchange algorithms (group14, using SHA256; and \ 
group16, using SHA512). Patch courtesy of Edgar Sousa.

[Support] Update our install docs with (somewhat) recently added additional \ 
dependencies; we previously only required Cryptography, but the docs never got \ 
updated after we incurred bcrypt and pynacl requirements for Ed25519 key \ 
support.

Additionally, pyasn1 was never actually hard-required; it was necessary during a \ 
development branch, and is used by the optional GSSAPI support, but is not \ 
required for regular installation. Thus, it has been removed from our setup.py \ 
and its imports in the GSSAPI code made optional.

[Support] Add *.pub files to the MANIFEST so distributed source packages contain \ 
some necessary test assets. Credit: Alexander Kapshuna.

[Support] Add support for the modern (as of Python 3.3) import location of \ 
MutableMapping (used in host key management) to avoid the old location becoming \ 
deprecated in Python 3.8.
[Support] Raise Cryptography dependency requirement to version 2.5 (from 1.5) \ 
and update some deprecated uses of its API.

Log message:
py-paramiko: updated to 2.4.2

2.4.2:
Fix exploit (CVE pending) in Paramiko’s server mode (not client mode) where \ 
hostile clients could trick the server into thinking they were authenticated \ 
without actually submitting valid authentication.

Specifically, steps have been taken to start separating client and server \ 
related message types in the message handling tables within Transport and \ 
AuthHandler; this work is not complete but enough has been performed to close \ 
off this particular exploit (which was the only obvious such exploit for this \ 
particular channel).

Modify protocol message handling such that Transport does not respond to \ 
MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED. This behavior probably \ 
didn’t cause any outright errors, but it doesn’t seem to conform to the RFCs \ 
and could cause (non-infinite) feedback loops in some scenarios (usually those \ 
involving Paramiko on both ends).
Add *.pub files to the MANIFEST so distributed source packages contain some \ 
necessary test assets. Credit: Alexander Kapshuna.
Backport pytest support and application of the black code formatter (both of \ 
which previously only existed in the 2.4 branch and above) to everything 2.0 and \ 
newer. This makes back/forward porting bugfixes significantly easier.
Backport changes from 979 (added in Paramiko 2.3) to Paramiko 2.0-2.2, using \ 
duck-typing to preserve backwards compatibility. This allows these older \ 
versions to use newer Cryptography sign/verify APIs when available, without \ 
requiring them (as is the case with Paramiko 2.3+).

Log message:
py-paramiko: BUILD_DEPENDS -> TEST_DEPENDS

Log message:
Added missing patch

Log message:
py-paramiko: updated to 2.4.1

2.4.1:
[Bug] Ed25519 auth key decryption raised an unexpected exception when given a \ 
unicode password string (typical in python 3). Report by Theodor van Nahl and \ 
fix by Pierce Lopez.
[Bug] Add newer key classes for Ed25519 and ECDSA to paramiko.__all__ so that \ 
code introspecting that attribute, or using from paramiko import * (such as some \ 
IDEs) sees them. Thanks to @patriksevallius for the patch.
[Bug] Fix a security flaw (CVE-2018-7750) in Paramiko’s server mode (emphasis \ 
on server mode; this does not impact client use!) where authentication status \ 
was not checked before processing channel-open and other requests typically only \ 
sent after authenticating. Big thanks to Matthijs Kooijman for the report.

Log message:
py-paramiko: updated to 2.4.0

2.4.0:

[Feature]: Add a new passphrase kwarg to SSHClient.connect so users may \ 
disambiguate key-decryption passphrases from password-auth passwords. (This is a \ 
backwards compatible change; password will still pull double duty as a \ 
passphrase when passphrase is not given.)
[Support]: Drop Python 2.6 and Python 3.3 support; now only 2.7 and 3.4+ are \ 
supported. If you’re unable to upgrade from 2.6 or 3.3, please stick to the \ 
Paramiko 2.3.x (or below) release lines.
[Support]: Include LICENSE file in wheel archives.
[Support]: Updated the test suite & related docs/metadata/config to be \ 
compatible with pytest instead of using the old, custom, crufty unittest-based \ 
test.py.

This includes marking known-slow tests (mostly the SFTP ones) so they can be \ 
filtered out by inv test‘s default behavior; as well as other minor tweaks to \ 
test collection and/or display (for example, GSSAPI tests are collected, but \ 
skipped, instead of not even being collected by default as in test.py.)

[Support]: Update tearDown of client test suite to avoid hangs due to eternally \ 
blocking accept() calls on the internal server thread (which can occur when test \ 
code raises an exception before actually connecting to the server.)

Log message:
Updated HOMEPAGE