Bug 25094 - python-paramiko produces warnings
Summary: python-paramiko produces warnings
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-10 22:58 CEST by Marc Krämer
Modified: 2019-07-14 23:39 CEST (History)
1 user (show)

See Also:
Source RPM: python-paramiko-2.4.2-2.mga7.src.rpm
CVE:
Status comment:


Attachments

Description Marc Krämer 2019-07-10 22:58:16 CEST
The shipped version 2.4.2 is old and generates warnings:
/usr/lib/python2.7/site-packages/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.ecdsa_curve.curve_class(), pointinfo
/usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  m.add_string(self.Q_C.public_numbers().encode_point())
/usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.curve, Q_S_bytes
/usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  hm.add_string(self.Q_C.public_numbers().encode_point())
/usr/lib/python2.7/site-packages/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.ecdsa_curve.curve_class(), pointinfo
/usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  m.add_string(self.Q_C.public_numbers().encode_point())
/usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.curve, Q_S_bytes
/usr/lib/python2.7/site-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  hm.add_string(self.Q_C.public_numbers().encode_point())

since this is used by e.g. duplicity, I get this mail every hour.
Comment 1 Marc Krämer 2019-07-10 22:58:51 CEST
I assume version 2.6.0 fixes this problem (?)
Jani Välimaa 2019-07-11 17:12:19 CEST

Summary: Old version produces warnings => python-paramiko produces warnings

Comment 2 David GEIGER 2019-07-12 06:40:13 CEST
Please test python-paramiko-2.6.0-1.mga7 in Core/Updates_testing repo!

CC: (none) => geiger.david68210

Comment 3 Marc Krämer 2019-07-12 10:59:23 CEST
jepp, that solves the problem!
no more log entries :)
Thanks!
Comment 4 David GEIGER 2019-07-12 11:08:27 CEST
Assigning to QA now,


Advisory:
========================

Our current paramiko package is a quite olg and generates plenty of warnings log.
So this updates paramiko to a more recent and maintained release and also fixes this issue.

========================

Packages in 7/core/updates_testing:
========================
python2-paramiko-2.6.0-1.mga7.noarch.rpm
python3-paramiko-2.6.0-1.mga7.noarch.rpm

Source RPM: 
========================
python-paramiko-2.6.0-1.mga7.src.rpm

Assignee: bugsquad => qa-bugs

Comment 5 Marc Krämer 2019-07-14 23:39:03 CEST
For x86_64 everythings works well with duplicity.

Note You need to log in before you can comment on or make changes to this bug.