%global srcname paramiko

%if 0%{?rhel} && 0%{?rhel} <= 7

%bcond_with weak_deps

%bcond_with python3

%else

%bcond_without weak_deps

%bcond_without python3

%endif

Name:          python-%{srcname}

Version:       2.1.1

Release:       9%{?dist}

Provides:       python2-paramiko = %{version}-%{release}

Summary:       SSH2 protocol library for python

# No version specified.

License:       LGPLv2+

URL:           https://github.com/paramiko/paramiko

Source0:       %{url}/archive/%{version}/%{srcname}-%{version}.tar.gz

Patch0:        CVE-2018-7750.diff

Patch1:	       CVE-2018-1000805.diff

BuildArch:     noarch

Requires:      python-cryptography

Requires:      python2-pyasn1

BuildRequires: python2-devel

BuildRequires: python-setuptools

BuildRequires: python-cryptography

BuildRequires: python2-pyasn1

%global paramiko_desc \

Paramiko (a combination of the esperanto words for "paranoid" and "friend") is\

a module for python 2.3 or greater that implements the SSH2 protocol for secure\

(encrypted and authenticated) connections to remote machines. Unlike SSL (aka\

TLS), the SSH2 protocol does not require heirarchical certificates signed by a\

powerful central authority. You may know SSH2 as the protocol that replaced\

telnet and rsh for secure access to remote shells, but the protocol also\

includes the ability to open arbitrary channels to remote services across an\

encrypted tunnel. (This is how sftp works, for example.)\

%description

%{paramiko_desc}

%if %{with weak_deps}

Recommends:    python-gssapi

%endif

%if %{with python3}

%package -n python%{python3_pkgversion}-%{srcname}

Summary:       SSH2 protocol library for python

%{?python_provide:%python_provide python%{python3_pkgversion}-%{srcname}}

BuildRequires: python%{python3_pkgversion}-devel

BuildRequires: python%{python3_pkgversion}-setuptools

BuildRequires: python%{python3_pkgversion}-cryptography

Requires:      python%{python3_pkgversion}-cryptography

%if %{with weak_deps}

Recommends:    python%{python3_pkgversion}-gssapi

%endif

%description -n python%{python3_pkgversion}-%{srcname}

%{paramiko_desc}

Python 3 version.

%endif

%package doc

Summary:       Docs and demo for SSH2 protocol library for python

BuildRequires: /usr/bin/sphinx-build

BuildRequires: python2-sphinx-theme-alabaster

Requires:      %{name} = %{version}-%{release}

%description doc

%{paramiko_desc}

This is the documentation and demos.

%prep

%autosetup -n %{srcname}-%{version} -p1

chmod a-x demos/*

sed -i -e '/^#!/,1d' demos/*

%build

CFLAGS="%{optflags}" %{__python} setup.py %{?py_setup_args} build --executable="%{__python2} -s"

%if %{with python3}

%py3_build

%endif

%install

CFLAGS="%{optflags}" %{__python} setup.py %{?py_setup_args} install -O1 --skip-build --root %{buildroot}

%if %{with python3}

%py3_install

%endif

sphinx-build -b html sites/docs/ html/

rm -f html/.buildinfo

%check

%{__python2} ./test.py --no-sftp --no-big-file

%if %{with python3}

%{__python3} ./test.py --no-sftp --no-big-file

%endif

%files -n python-%{srcname}

%license LICENSE

%doc NEWS README.rst

%{python2_sitelib}/%{srcname}-*.egg-info/

%{python2_sitelib}/%{srcname}/

%if %{with python3}

%files -n python%{python3_pkgversion}-%{srcname}

%license LICENSE

%doc NEWS README.rst

%{python3_sitelib}/%{srcname}-*.egg-info/

%{python3_sitelib}/%{srcname}/

%endif

%files doc

%doc html/ demos/

%changelog

* Thu Oct 18 2018 Jake Hunsaker <jhunsake@redhat.com> - 2.1.1-9

- Fix a security flaw (CVE-2018-1000805) in Paramiko's server

  mode (does not effect client mode).

  Backported from 2.1.6

  Resolves rhbz#1637366

* Fri Jul 20 2018 Jake Hunsaker <jhunsake@redhat.com> - 2.1.1-5

- Rebuild for move from Extras to Base for 7.6

* Thu Mar 22 2018 Pavel Cahyna <pcahyna@redhat.com> - 2.1.1-4

- Add a dependency on python2-pyasn1. It used to be a dependency

  of python2-cryptography, but it is not the case with newer versions.

  (RHBZ #1559133)

* Wed Mar 21 2018 Pavel Cahyna <pcahyna@redhat.com> - 2.1.1-3

- Fix a security flaw (CVE-2018-7750) in Paramiko's server

  mode (emphasis on **server** mode; this does **not** impact *client* use!)

  Backported from 2.1.5.

  Resolves #1557142

* Fri May 12 2017 Pavel Cahyna <pcahyna@redhat.com> - 2.1.1-2

- Rebuild for RHEL 7.4 Extras

* Thu Jan 05 2017 Troy Dawson <tdawson@redhat.com> 2.1.1-1

- Update to 2.1.1

* Fri Jul 08 2016 Jon Schlueter <jschluet@redhat.com> 2.0.0-1.0

- Rebuild

* Fri Apr 29 2016 Igor Gnatenko <ignatenko@redhat.com> - 2.0.0-1

- Update to 2.0.0 (RHBZ #1331737)

* Sun Mar 27 2016 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 1.16.0-1

- Update to 1.16.0

- Adopt to new packaging guidelines

* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.2-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15.2-4

- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5

* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.15.2-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

* Sun Mar 22 2015 Peter Robinson <pbrobinson@fedoraproject.org> 1.15.2-2

- Use %%license

- Move duplicated docs to single doc sub package

- Remove old F-15 conditionals

* Tue Dec 23 2014 Athmane Madjoudj <athmane@fedoraproject.org> 1.15.2-1

- Update to 1.15.2

* Mon Nov 24 2014 Athmane Madjoudj <athmane@fedoraproject.org> 1.15.1-5

- Add conditional to exclude EL since does not have py3

* Sat Nov 15 2014 Athmane Madjoudj <athmane@fedoraproject.org> 1.15.1-4

- py3dir creation should be in prep section

* Fri Nov 14 2014 Athmane Madjoudj <athmane@fedoraproject.org> 1.15.1-3

- Build each pkg in a clean dir

* Fri Nov 14 2014 Athmane Madjoudj <athmane@fedoraproject.org> 1.15.1-2

- Add support for python3

- Add BR -devel for python macros.

* Fri Oct 17 2014 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.15.1-1

- Update to 1.15.1

* Fri Jun 13 2014 Orion Poplawski <orion@cora.nwra.com> - 1.12.4-1

- Update to 1.12.4

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.2-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Tue Feb 25 2014 Orion Poplawski <orion@cora.nwra.com> - 1.12.2-1

- Update to 1.12.2

* Wed Jan 22 2014 Orion Poplawski <orion@cora.nwra.com> - 1.11.3-1

- Update to 1.11.3

* Mon Oct 21 2013 Orion Poplawski <orion@cora.nwra.com> - 1.11.0-1

- Update to 1.11.0

* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.10.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Thu May  9 2013 Jeffrey Ollie <jeff@ocjtech.us> - 1.10.1-1

- Update to 1.10.1

* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.0-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

* Wed Jan  2 2013 Jeffrey Ollie <jeff@ocjtech.us> - 1.9.0-1

- Update to 1.9.0

* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.7.1-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.7.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Wed Jul  6 2011 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.7.1-1

- v1.7.7.1 (George) 21may11

- -------------------------

-   * Make the verification phase of SFTP.put optional (Larry Wright)

-   * Patches to fix AIX support (anonymous)

-   * Patch from Michele Bertoldi to allow compression to be turned on in the

-     client constructor.

-   * Patch from Shad Sharma to raise an exception if the transport isn't active

-     when you try to open a new channel.

-   * Stop leaking file descriptors in the SSH agent (John Adams)

-   * More fixes for Windows address family support (Andrew Bennetts)

-   * Use Crypto.Random rather than Crypto.Util.RandomPool

-     (Gary van der Merwe, #271791)

-   * Support for openssl keys (tehfink)

-   * Fix multi-process support by calling Random.atfork (sugarc0de)

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.6-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Tue Jan 4 2011 Toshio Kuratomi <toshio@fedoraproject.org> - 1.7.6-3

- Patch to address deprecation warning from pycrypto

- Simplify build as shown in new python guidelines

- Enable test suite

* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 1.7.6-2

- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

* Mon Nov  2 2009 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.6-1

- v1.7.6 (Fanny) 1nov09

- ---------------------

-  * fixed bugs 411099 (sftp chdir isn't unicode-safe), 363163 & 411910 (more

-    IPv6 problems on windows), 413850 (race when server closes the channel),

-    426925 (support port numbers in host keys)

* Tue Oct 13 2009 Jeremy Katz <katzj@fedoraproject.org> - 1.7.5-2

- Fix race condition (#526341)

* Thu Jul 23 2009 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.5-1

- v1.7.5 (Ernest) 19jul09

- -----------------------

-  * added support for ARC4 cipher and CTR block chaining (Denis Bernard)

-  * made transport threads daemonize, to fix python 2.6 atexit behavior

-  * support unicode hostnames, and IP6 addresses (Maxime Ripard, Shikhar

-    Bhushan)

-  * various small bug fixes

* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.4-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Mon Feb 16 2009 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.4-4

- Add demos as documentation. BZ#485742

* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 1.7.4-3

- Rebuild for Python 2.6

* Wed Sep  3 2008 Tom "spot" Callaway <tcallawa@redhat.com> - 1.7.4-2

- fix license tag

* Sun Jul  6 2008 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.4-1

- Update to 1.7.4

* Mon Mar 24 2008 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.3-1

- Update to 1.7.3.

* Tue Jan 22 2008 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.2-1

- Update to 1.7.2.

- Remove upstreamed patch.

* Mon Jan 14 2008 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.1-3

- Update to latest Python packaging guidelines.

- Apply patch that fixes insecure use of RandomPool.

* Thu Jul 19 2007 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.1-2

- Bump rev

* Thu Jul 19 2007 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.7.1-1

- Update to 1.7.1

* Sat Dec 09 2006 Toshio Kuratomi <toshio@tiki-lounge.com> - 1.6.4-1

- Update to 1.6.4

- Upstream is now shipping tarballs

- Bump for python 2.5 in devel

* Mon Oct  9 2006 Jeffrey C. Ollie <jeff@ocjtech.us> - 1.6.2-1

- Update to 1.6.2

* Sat Sep 16 2006 Shahms E. King <shahms@shahms.com> 1.6.1-3

- Rebuild for FC6

* Fri Aug 11 2006 Shahms E. King <shahms@shahms.com> 1.6.1-2

- Include, don't ghost .pyo files per new guidelines

* Tue Aug 08 2006 Shahms E. King <shahms@shahms.com> 1.6.1-1

- Update to new upstream version

* Fri Jun 02 2006 Shahms E. King <shahms@shahms.com> 1.6-1

- Update to new upstream version

- ghost the .pyo files

* Fri May 05 2006 Shahms E. King <shahms@shahms.com> 1.5.4-2

- Fix source line and rebuild

* Fri May 05 2006 Shahms E. King <shahms@shahms.com> 1.5.4-1

- Update to new upstream version

* Wed Apr 12 2006 Shahms E. King <shahms@shahms.com> 1.5.3-1

  - Initial package