From 8972085b0062610135c43ebac9a3e476606aa4ed54901188df96bc64eb512f95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Sat, 6 Oct 2018 16:35:47 +0000 Subject: [PATCH] Accepting request 640130 from home:mimi_vx:branches:devel:languages:python - update to 2.4.2 - refresh paramiko-test_extend_timeout.patch * Fix exploit (CVE pending) in Paramiko's server mode (not client mode) where hostile clients could trick the server into thinking they were authenticated without actually submitting valid authentication. * Modify protocol message handling such that Transport does not respond to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED * Updated SSHConfig.lookup so it returns a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict) in lieu of dict literals. OBS-URL: https://build.opensuse.org/request/show/640130 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-paramiko?expand=0&rev=73 --- paramiko-2.4.1.tar.gz | 3 --- paramiko-2.4.2.tar.gz | 3 +++ paramiko-test_extend_timeout.patch | 14 ++++++++------ python-paramiko.changes | 14 ++++++++++++++ python-paramiko.spec | 28 +++++++++++++--------------- 5 files changed, 38 insertions(+), 24 deletions(-) delete mode 100644 paramiko-2.4.1.tar.gz create mode 100644 paramiko-2.4.2.tar.gz diff --git a/paramiko-2.4.1.tar.gz b/paramiko-2.4.1.tar.gz deleted file mode 100644 index 585cd49..0000000 --- a/paramiko-2.4.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:33e36775a6c71790ba7692a73f948b329cf9295a72b0102144b031114bd2a4f3 -size 1490565 diff --git a/paramiko-2.4.2.tar.gz b/paramiko-2.4.2.tar.gz new file mode 100644 index 0000000..63087df --- /dev/null +++ b/paramiko-2.4.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a8975a7df3560c9f1e2b43dc54ebd40fd00a7017392ca5445ce7df409f900fcb +size 1207299 diff --git a/paramiko-test_extend_timeout.patch b/paramiko-test_extend_timeout.patch index 25435aa..47b0b8e 100644 --- a/paramiko-test_extend_timeout.patch +++ b/paramiko-test_extend_timeout.patch @@ -1,11 +1,13 @@ ---- paramiko-2.4.1/tests/test_buffered_pipe.py 2018/03/15 17:40:29 1.1 -+++ paramiko-2.4.1/tests/test_buffered_pipe.py 2018/03/15 17:40:36 -@@ -69,7 +69,7 @@ +Index: paramiko-2.4.2/tests/test_buffered_pipe.py +=================================================================== +--- paramiko-2.4.2.orig/tests/test_buffered_pipe.py ++++ paramiko-2.4.2/tests/test_buffered_pipe.py +@@ -69,7 +69,7 @@ class BufferedPipeTest(unittest.TestCase self.assertTrue(False) except PipeTimeout: pass -- self.assertEqual(b'b', p.read(1, 1.0)) -+ self.assertEqual(b'b', p.read(1, 3.0)) - self.assertEqual(b'', p.read(1)) +- self.assertEqual(b"b", p.read(1, 1.0)) ++ self.assertEqual(b"b", p.read(1, 3.0)) + self.assertEqual(b"", p.read(1)) def test_3_close_while_reading(self): diff --git a/python-paramiko.changes b/python-paramiko.changes index 538d75d..85e0741 100644 --- a/python-paramiko.changes +++ b/python-paramiko.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Fri Oct 5 08:26:46 UTC 2018 - Ondřej Súkup + +- update to 2.4.2 +- refresh paramiko-test_extend_timeout.patch + * Fix exploit (CVE pending) in Paramiko's server mode (not client mode) + where hostile clients could trick the server into thinking they were + authenticated without actually submitting valid authentication. + * Modify protocol message handling such that Transport does not respond + to MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED + * Updated SSHConfig.lookup so it returns + a new, type-casting-friendly dict subclass (~paramiko.config.SSHConfigDict) + in lieu of dict literals. + ------------------------------------------------------------------- Thu Mar 15 18:38:22 CET 2018 - ro@suse.de diff --git a/python-paramiko.spec b/python-paramiko.spec index 7790578..dc46652 100644 --- a/python-paramiko.spec +++ b/python-paramiko.spec @@ -12,25 +12,23 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%bcond_without test - %{?!python_module:%define python_module() python-%{**} python3-%{**}} +%bcond_without test Name: python-paramiko -Version: 2.4.1 +Version: 2.4.2 Release: 0 -Url: http://www.paramiko.org/ Summary: SSH2 protocol library License: LGPL-2.1-or-later Group: Development/Languages/Python +URL: http://www.paramiko.org/ Source: https://files.pythonhosted.org/packages/source/p/paramiko/paramiko-%{version}.tar.gz # certificates needed by testsuite Source1: cert_support.tar.gz Patch0: paramiko-test_extend_timeout.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: %{python_module PyNaCl >= 1.0.1} BuildRequires: %{python_module bcrypt >= 3.1.3} BuildRequires: %{python_module cryptography >= 1.1} @@ -39,17 +37,16 @@ BuildRequires: %{python_module pyasn1 >= 0.1.7} BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros -%if %{with test} - -BuildRequires: %{python_module pytest-relaxed} -BuildRequires: %{python_module pytest} -%endif Requires: python-PyNaCl >= 1.0.1 Requires: python-bcrypt >= 3.1.3 Requires: python-cryptography >= 1.5 Requires: python-pyasn1 >= 0.1.7 BuildArch: noarch - +%if %{with test} +BuildRequires: %{python_module mock} +BuildRequires: %{python_module pytest-relaxed} +BuildRequires: %{python_module pytest} +%endif %python_subpackages %description @@ -92,11 +89,12 @@ export LANG=en_US.UTF-8 %endif %files %{python_files} -%defattr(-,root,root) -%doc LICENSE README.rst +%license LICENSE +%doc README.rst %{python_sitelib}/* %files -n python-paramiko-doc -%doc LICENSE demos/ +%license LICENSE +%doc demos/ %changelog