Merge branch 'master' of git+ssh://git.debian.org/git/collab-maint/paramiko

4 files changed, 110 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index 38c3c0e..db8c990 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+paramiko (1.7.7.1-2.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Add Fix-SSHException-when-re-keying-over-a-fast-connection.patch patch.
+    Fix bug "Transfers fail after 1GB; rekeying window too small".
+    (Closes: #659007)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Sat, 07 Jul 2012 17:09:08 +0200
+
+paramiko (1.7.7.1-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix broken host key handling when port != 22 (Closes: 668239)
+
+ -- Luk Claes <luk@debian.org>  Thu, 05 Jul 2012 00:38:56 +0000
+
 paramiko (1.7.7.1-2) unstable; urgency=low
 
   * debian/*: Update build to use dh_python2 (Closes: #637379)
diff --git a/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch b/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch
new file mode 100644
index 0000000..62f0a07
--- /dev/null
+++ b/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch
@@ -0,0 +1,75 @@
+Description: Fix SSHException when re-keying over a fast connection
+Origin: https://github.com/dlitz/paramiko/commit/c51b3b208c228fe6482ef00b3572a19683e7bb98
+Bug: https://github.com/paramiko/paramiko/issues/49
+Bug-Debian: http://bugs.debian.org/659007
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2012-07-07
+
+--- a/paramiko/packet.py
++++ b/paramiko/packet.py
+@@ -57,8 +57,11 @@
+ 
+     # READ the secsh RFC's before raising these values.  if anything,
+     # they should probably be lower.
+-    REKEY_PACKETS = pow(2, 30)
+-    REKEY_BYTES = pow(2, 30)
++    REKEY_PACKETS = pow(2, 29)
++    REKEY_BYTES = pow(2, 29)
++
++    REKEY_PACKETS_OVERFLOW_MAX = pow(2,29)      # Allow receiving this many packets after a re-key request before terminating
++    REKEY_BYTES_OVERFLOW_MAX = pow(2,29)        # Allow receiving this many bytes after a re-key request before terminating
+ 
+     def __init__(self, socket):
+         self.__socket = socket
+@@ -74,6 +77,7 @@
+         self.__sent_packets = 0
+         self.__received_bytes = 0
+         self.__received_packets = 0
++        self.__received_bytes_overflow = 0
+         self.__received_packets_overflow = 0
+ 
+         # current inbound/outbound ciphering:
+@@ -134,6 +138,7 @@
+         self.__mac_key_in = mac_key
+         self.__received_bytes = 0
+         self.__received_packets = 0
++        self.__received_bytes_overflow = 0
+         self.__received_packets_overflow = 0
+         # wait until the reset happens in both directions before clearing rekey flag
+         self.__init_count |= 2
+@@ -316,6 +321,7 @@
+                 # only ask once for rekeying
+                 self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes sent)' %
+                           (self.__sent_packets, self.__sent_bytes))
++                self.__received_bytes_overflow = 0
+                 self.__received_packets_overflow = 0
+                 self._trigger_rekey()
+         finally:
+@@ -368,19 +374,23 @@
+         self.__sequence_number_in = (self.__sequence_number_in + 1) & 0xffffffffL
+ 
+         # check for rekey
+-        self.__received_bytes += packet_size + self.__mac_size_in + 4
++        raw_packet_size = packet_size + self.__mac_size_in + 4
++        self.__received_bytes += raw_packet_size
+         self.__received_packets += 1
+         if self.__need_rekey:
+-            # we've asked to rekey -- give them 20 packets to comply before
++            # we've asked to rekey -- give them some packets to comply before
+             # dropping the connection
++            self.__received_bytes_overflow += raw_packet_size
+             self.__received_packets_overflow += 1
+-            if self.__received_packets_overflow >= 20:
++            if (self.__received_packets_overflow >= self.REKEY_PACKETS_OVERFLOW_MAX) or \
++               (self.__received_bytes_overflow >= self.REKEY_BYTES_OVERFLOW_MAX):
+                 raise SSHException('Remote transport is ignoring rekey requests')
+         elif (self.__received_packets >= self.REKEY_PACKETS) or \
+              (self.__received_bytes >= self.REKEY_BYTES):
+             # only ask once for rekeying
+             self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes received)' %
+                       (self.__received_packets, self.__received_bytes))
++            self.__received_bytes_overflow = 0
+             self.__received_packets_overflow = 0
+             self._trigger_rekey()
+ 
diff --git a/debian/patches/hostkey.patch b/debian/patches/hostkey.patch
new file mode 100644
index 0000000..6997d8a
--- /dev/null
+++ b/debian/patches/hostkey.patch
@@ -0,0 +1,17 @@
+Index: paramiko-1.7.7.1/paramiko/client.py
+===================================================================
+--- paramiko-1.7.7.1.orig/paramiko/client.py	2011-05-22 01:57:09.000000000 +0000
++++ paramiko-1.7.7.1/paramiko/client.py	2012-07-05 00:38:50.000000000 +0000
+@@ -303,11 +303,7 @@
+ 
+         server_key = t.get_remote_server_key()
+         keytype = server_key.get_name()
+-
+-        if port == SSH_PORT:
+-            server_hostkey_name = hostname
+-        else:
+-            server_hostkey_name = "[%s]:%d" % (hostname, port)
++        server_hostkey_name = hostname
+         our_server_key = self._system_host_keys.get(server_hostkey_name, {}).get(keytype, None)
+         if our_server_key is None:
+             our_server_key = self._host_keys.get(server_hostkey_name, {}).get(keytype, None)
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..d6dadb3
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,2 @@
+hostkey.patch
+Fix-SSHException-when-re-keying-over-a-fast-connection.patch