Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-paramiko for openSUSE:Factory
checked in at 2026-06-13 18:45:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-paramiko (Old)
and /work/SRC/openSUSE:Factory/.python-paramiko.new.1981 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-paramiko"
Sat Jun 13 18:45:48 2026 rev:70 rq:1358968 version:5.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-paramiko/python-paramiko.changes
2026-03-30 18:29:44.271176481 +0200
+++
/work/SRC/openSUSE:Factory/.python-paramiko.new.1981/python-paramiko.changes
2026-06-13 18:46:42.435858495 +0200
@@ -1,0 +2,43 @@
+Mon Jun 8 08:31:34 UTC 2026 - Nico Krapp <[email protected]>
+
+- Update to 5.0.0 (fixes CVE-2026-44405, bsc#1264225)
+ * [Feature]: Added a new, optional file_format keyword argument to
+ PKey.write_private_key and PKey.write_private_key_file to allow writing
+ out OpenSSH-style private key files in addition to the legacy PEM format.
+ * [Bug]: Added a password kwarg to PKey.from_type_string so it can handle
+ encrypted keys like most other PKey constructors already could.
+ * [Bug]: Fix Ed25519Key’s internals such that it no longer throws
+ AttributeError during calls to __repr__ when only partly initialized. This
+ isn’t a normal runtime problem (it only happens inside error handling for
+ fatal errors like “not a valid private key”) but was perennially
+ complicating test failure diagnosis and similar scenarios.
+ * [Support]: Removed the demos/ folder; they’ve become too big a support
+ burden and we’ve wanted to remove them for years.
+ * [Support]: Renamed PKey.from_path’s passphrase argument to password so
+ it’s consistent with all the other methods of instantiating PKey objects.
+ * [Support]: Removed support for verifying/signing with RSA keys using SHA-1
+ hashing. Generally, this means most cases where "ssh-rsa" was used as an
+ algorithm identifier (as opposed to a key material identifier) will no
+ longer accept that string as valid, and the relevant code that actually
+ used eg hashes.SHA1 no longer does.
+ * [Support]: Removed support for key exchange using SHA-1, meaning the kex
+ methods diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1,
+ and diffie-hellman-group1-sha1 are now gone. Implementing classes have
+ been removed/merged/shuffled as required.
+ * [Support]: Removed GSSAPI support, as the current (buggy, no longer easily
+ testable in CI, poorly understood and not used by the core team)
+ implementation is SHA-1 based and no SHA-256 upgrade appeared to be
+ forthcoming from contributors.
+ * [Support]: Raised the minimum modulus size in
+ diffie-hellman-group-exchange-sha256 key exchange from 1024 (the original
+ spec’s minimum) to 2048 (the contemporary minimum according to RFC 9142,
+ and matching a similar change by OpenSSH ten years ago in 7.2 / 2016).
+ * [Support]: The PKey class family tree reorganized the write_private_key and
+ write_private_key_file methods; with other recent changes, having
individual
+ implementations on the child classes made no sense, so key writing is now
+ implemented in PKey itself and the included child classes such as ECDSAKey
+ no longer define their own such methods, instead simply exposing their
+ underlying cryptographic private key objects as .private_key.
+- drop python-paramiko-doc subpackage as demos are no longer included
+
+-------------------------------------------------------------------
Old:
----
paramiko-4.0.0.tar.gz
New:
----
paramiko-5.0.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-paramiko.spec ++++++
--- /var/tmp/diff_new_pack.t8kHkx/_old 2026-06-13 18:46:44.171930621 +0200
+++ /var/tmp/diff_new_pack.t8kHkx/_new 2026-06-13 18:46:44.171930621 +0200
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-paramiko
-Version: 4.0.0
+Version: 5.0.0
Release: 0
Summary: SSH2 protocol library
License: LGPL-2.1-or-later
@@ -59,22 +59,8 @@
connections between python scripts. All major ciphers and hash methods
are supported. SFTP client and server mode are both supported too.
-%package -n python-paramiko-doc
-Summary: Documentation for %{name}
-Provides: %{python_module paramiko-doc = %{version}}
-
-%description -n python-paramiko-doc
-This is a library for making SSH2 connections (client or server).
-Emphasis is on using SSH2 as an alternative to SSL for making secure
-connections between python scripts. All major ciphers and hash methods
-are supported. SFTP client and server mode are both supported too.
-
-This package contains the documentation.
-
%prep
%autosetup -p1 -n paramiko-%{version}
-# Fix non-executable script rpmlint issue:
-find demos -name "*.py" -exec sed -i "/#\!\/usr\/bin\/.*/d" {} \; -exec chmod
-x {} \;
%build
%pyproject_wheel
@@ -98,7 +84,3 @@
%{python_sitelib}/paramiko
%{python_sitelib}/paramiko-%{version}*-info
-%files -n python-paramiko-doc
-%license LICENSE
-%doc demos/
-
++++++ paramiko-4.0.0.tar.gz -> paramiko-5.0.0.tar.gz ++++++
++++ 14620 lines of diff (skipped)
++++++ remove-icecream-dep.patch ++++++
--- /var/tmp/diff_new_pack.t8kHkx/_old 2026-06-13 18:46:44.671951394 +0200
+++ /var/tmp/diff_new_pack.t8kHkx/_new 2026-06-13 18:46:44.675951560 +0200
@@ -1,21 +1,22 @@
---- paramiko-4.0.0.orig/tests/conftest.py 2025-08-04 01:21:13.000000000
+0200
-+++ paramiko-4.0.0/tests/conftest.py 2026-03-27 12:28:15.432058168 +0100
-@@ -4,7 +4,7 @@
- import threading
+Index: paramiko-5.0.0/tests/conftest.py
+===================================================================
+--- paramiko-5.0.0.orig/tests/conftest.py
++++ paramiko-5.0.0/tests/conftest.py
+@@ -5,9 +5,7 @@ import threading
from pathlib import Path
+ import pytest
+-from icecream import ic
+-from icecream import install as install_ic
-from invoke.vendor.lexicon import Lexicon
+from lexicon import Lexicon
- import pytest
from paramiko import (
-@@ -21,13 +21,6 @@
+ SFTP,
+@@ -23,10 +21,6 @@ from ._loop import LoopSocket
from ._stub_sftp import StubServer, StubSFTPServer
from ._util import _support
--from icecream import ic, install as install_ic
--
--
-# Better print() for debugging - use ic()!
-install_ic()
-ic.configureOutput(includeContext=True)
