debian/0000755000000000000000000000000013361401047007165 5ustar debian/tests/0000755000000000000000000000000012236711362010333 5ustar debian/tests/control0000644000000000000000000000006612236711362011740 0ustar Tests: upstream Depends: @ Restrictions: allow-stderr debian/tests/upstream0000644000000000000000000000005512236711362012116 0ustar #!/bin/sh set -e python ./test.py --verbose debian/rules0000755000000000000000000000213413252602341010244 0ustar #!/usr/bin/make -f PYTHON2=$(shell pyversions -vr) %: dh $@ --with python2 ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) test-python%: python$* test.py --verbose override_dh_auto_test: $(PYTHON2:%=test-python%) endif build-python%: python$* setup.py build override_dh_auto_build: $(PYTHON2:%=build-python%) dh_auto_build install-python%: python$* setup.py install --root=$(CURDIR)/debian/tmp --install-layout=deb override_dh_auto_install: $(PYTHON2:%=install-python%) dh_auto_install override_dh_installdocs: epydoc --no-private -o docs/ paramiko dh_installdocs # Commands not to run override_dh_installcatalogs override_dh_installcron: override_dh_installdebconf override_dh_installemacsen override_dh_installifupdown: override_dh_installinfo override_dh_installinit override_dh_installmenu override_dh_installmime: override_dh_installmodules override_dh_installlogcheck override_dh_installlogrotate: override_dh_installpam override_dh_installppp override_dh_installudev override_dh_installwm: override_dh_installxfonts override_dh_gconf override_dh_icons override_dh_perl override_dh_usrlocal: debian/control0000644000000000000000000000306513361401032010566 0ustar Source: paramiko Section: python Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Jeremy T. Bouse Uploaders: Guido Guenther Build-Depends: debhelper (>> 8), python-all (>= 2.6.6-3~), python-crypto (>= 2.1.0-2), python-mock, python-setuptools, python-epydoc Standards-Version: 3.9.4 Homepage: https://github.com/paramiko/paramiko/ Vcs-Git: git://git.debian.org/collab-maint/paramiko.git Vcs-Browser: http://git.debian.org/?p=collab-maint/paramiko.git XS-Testsuite: autopkgtest Package: paramiko-doc Section: doc Architecture: all Depends: ${misc:Depends} Description: Make ssh v2 connections with Python (Documentation) This is a library for making SSH2 connections (client or server). Emphasis is on using SSH2 as an alternative to SSL for making secure connections between Python scripts. All major ciphers and hash methods are supported. SFTP client and server mode are both supported too. . This is the documentation for the package. Package: python-paramiko Architecture: all Depends: ${misc:Depends}, ${python:Depends}, python-crypto (>= 2.1.0-2) Provides: ${python:Provides} Description: Make ssh v2 connections with Python (Python 2) This is a library for making SSH2 connections (client or server). Emphasis is on using SSH2 as an alternative to SSL for making secure connections between Python scripts. All major ciphers and hash methods are supported. SFTP client and server mode are both supported too. . This is the Python 2 version of the package. debian/watch0000644000000000000000000000012312236711362010216 0ustar version=3 https://github.com/paramiko/paramiko/tags .*/archive/v(\d[\d\.]*).tar.gz debian/gbp.conf0000644000000000000000000000022212236711362010604 0ustar [DEFAULT] pristine-tar = True [git-buildpackage] sign-tags = True postbuild = lintian $GBP_CHANGES_FILE [git-dch] meta = True git-author = True debian/patches/0000755000000000000000000000000013361403560010616 5ustar debian/patches/series0000644000000000000000000000035613361400554012037 0ustar 0001-Remove-upstream-Makefile.patch 0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch 0003-Initial-tests-proving-CVE-2018-7750-1175.patch 0004-Fixes-CVE-2018-7750-1175.patch CVE-2018-1000805-pre.patch CVE-2018-1000805.patch debian/patches/0004-Fixes-CVE-2018-7750-1175.patch0000644000000000000000000000774513253017215015307 0ustar From e9dfd854bdaf8af15d7834f7502a0451d217bb8c Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 12 Mar 2018 15:34:06 -0700 Subject: [PATCH] Fixes CVE-2018-7750 / #1175 At least, insofar as the new tests pass...! [Ubuntu note: backported patch to 1.10, including Message.get_text() -> Message->get_string() conversion, cMSG_REQUEST_FAILURE -> chr(MSG_REQUEST_FAILURE), and cMSG_CHANNEL_OPEN_FAILURE -> chr(MSG_CHANNEL_OPEN_FAILURE). --sbeattie] --- paramiko/common.py | 1 + paramiko/transport.py | 44 +++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 44 insertions(+), 1 deletion(-) Index: b/paramiko/common.py =================================================================== --- a/paramiko/common.py +++ b/paramiko/common.py @@ -27,6 +27,7 @@ MSG_USERAUTH_REQUEST, MSG_USERAUTH_FAILU MSG_USERAUTH_BANNER = range(50, 54) MSG_USERAUTH_PK_OK = 60 MSG_USERAUTH_INFO_REQUEST, MSG_USERAUTH_INFO_RESPONSE = range(60, 62) +HIGHEST_USERAUTH_MESSAGE_ID = 79 MSG_GLOBAL_REQUEST, MSG_REQUEST_SUCCESS, MSG_REQUEST_FAILURE = range(80, 83) MSG_CHANNEL_OPEN, MSG_CHANNEL_OPEN_SUCCESS, MSG_CHANNEL_OPEN_FAILURE, \ MSG_CHANNEL_WINDOW_ADJUST, MSG_CHANNEL_DATA, MSG_CHANNEL_EXTENDED_DATA, \ Index: b/paramiko/transport.py =================================================================== --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -1525,6 +1525,44 @@ class Transport (threading.Thread): finally: self.lock.release() + def _ensure_authed(self, ptype, message): + """ + Checks message type against current auth state. + + If server mode, and auth has not succeeded, and the message is of a + post-auth type (channel open or global request) an appropriate error + response Message is crafted and returned to caller for sending. + + Otherwise (client mode, authed, or pre-auth message) returns None. + """ + if ( + not self.server_mode + or ptype <= HIGHEST_USERAUTH_MESSAGE_ID + or self.is_authenticated() + ): + return None + # WELP. We must be dealing with someone trying to do non-auth things + # without being authed. Tell them off, based on message class. + reply = Message() + # Global requests have no details, just failure. + if ptype == MSG_GLOBAL_REQUEST: + reply.add_byte(chr(MSG_REQUEST_FAILURE)) + # Channel opens let us reject w/ a specific type + message. + elif ptype == MSG_CHANNEL_OPEN: + kind = message.get_string() + chanid = message.get_int() + reply.add_byte(chr(MSG_CHANNEL_OPEN_FAILURE)) + reply.add_int(chanid) + reply.add_int(OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED) + reply.add_string('') + reply.add_string('en') + # NOTE: Post-open channel messages do not need checking; the above will + # reject attemps to open channels, meaning that even if a malicious + # user tries to send a MSG_CHANNEL_REQUEST, it will simply fall under + # the logic that handles unknown channel IDs (as the channel list will + # be empty.) + return reply + def run(self): # (use the exposed "run" method, because if we specify a thread target # of a private method, threading.Thread will keep a reference to it @@ -1582,7 +1620,11 @@ class Transport (threading.Thread): continue if ptype in self._handler_table: - self._handler_table[ptype](self, m) + error_msg = self._ensure_authed(ptype, m) + if error_msg: + self._send_message(error_msg) + else: + self._handler_table[ptype](self, m) elif ptype in self._channel_handler_table: chanid = m.get_int() chan = self._channels.get(chanid) debian/patches/0001-Remove-upstream-Makefile.patch0000644000000000000000000000156112236711362017030 0ustar From: Jeremy T. Bouse Date: Sat, 25 May 2013 01:05:44 -0400 Subject: [PATCH] Remove upstream Makefile The upstream Makefile is non-functional for package building. It is meant for upstream release management rather than package management. Removing it to get it out of the way and allow debhelper to build using python setuptools. --- Makefile | 15 --------------- 1 files changed, 0 insertions(+), 15 deletions(-) delete mode 100644 Makefile diff --git a/Makefile b/Makefile deleted file mode 100644 index 572f867..0000000 --- a/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -release: docs - python setup.py sdist register upload - -docs: paramiko/* - epydoc --no-private -o docs/ paramiko - -clean: - rm -rf build dist docs - rm -f MANIFEST *.log demos/*.log - rm -f paramiko/*.pyc - rm -f test.log - rm -rf paramiko.egg-info - -test: - python ./test.py -- debian/patches/0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch0000644000000000000000000000313013252602341024301 0ustar From 91b9249616cd0147944ff93fb2d508fac1e30524 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 12 Mar 2018 09:15:55 -0700 Subject: [PATCH] Allow overriding test client connect kwargs in Transport test suite --- tests/test_transport.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) Index: b/tests/test_transport.py =================================================================== --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -120,7 +120,9 @@ class TransportTest(ParamikoTest): self.socks.close() self.sockc.close() - def setup_test_server(self, client_options=None, server_options=None): + def setup_test_server( + self, client_options=None, server_options=None, connect_kwargs=None, + ): host_key = RSAKey.from_private_key_file('tests/test_rsa.key') public_host_key = RSAKey(data=str(host_key)) self.ts.add_server_key(host_key) @@ -134,8 +136,13 @@ class TransportTest(ParamikoTest): self.server = NullServer() self.assert_(not event.isSet()) self.ts.start_server(event, self.server) - self.tc.connect(hostkey=public_host_key, - username='slowdive', password='pygmalion') + if connect_kwargs is None: + connect_kwargs = dict( + hostkey=public_host_key, + username='slowdive', + password='pygmalion', + ) + self.tc.connect(**connect_kwargs) event.wait(1.0) self.assert_(event.isSet()) self.assert_(self.ts.is_active()) debian/patches/0003-Initial-tests-proving-CVE-2018-7750-1175.patch0000644000000000000000000000674513252602341020441 0ustar From afd38eea1a1c76e05109d71cf79704133a4a8ff4 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 12 Mar 2018 09:17:43 -0700 Subject: [PATCH] Initial tests proving CVE-2018-7750 / #1175 --- tests/test_transport.py | 42 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/tests/test_transport.py b/tests/test_transport.py index 778fed4..6e3fd24 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -32,7 +32,7 @@ from hashlib import sha1 import random from paramiko import Transport, SecurityOptions, ServerInterface, RSAKey, DSSKey, \ - SSHException, BadAuthenticationType, InteractiveQuery, ChannelException + SSHException, BadAuthenticationType, InteractiveQuery, ChannelException, Channel from paramiko import AUTH_FAILED, AUTH_PARTIALLY_SUCCESSFUL, AUTH_SUCCESSFUL from paramiko import OPEN_SUCCEEDED, OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED from paramiko.common import MSG_KEXINIT, MSG_CHANNEL_WINDOW_ADJUST @@ -88,7 +88,11 @@ class NullServer (ServerInterface): def check_global_request(self, kind, msg): self._global_request = kind - return False + # NOTE: for w/e reason, older impl of this returned False always, even + # tho that's only supposed to occur if the request cannot be served. + # For now, leaving that the default unless test supplies specific + # 'acceptable' request kind + return kind == 'acceptable' def check_channel_x11_request(self, channel, single_connection, auth_protocol, auth_cookie, screen_number): self._x11_single_connection = single_connection @@ -922,3 +926,37 @@ class TransportTest(unittest.TestCase): # Close the channels schan.close() chan.close() + + def test_server_rejects_open_channel_without_auth(self): + try: + self.setup_test_server(connect_kwargs={}) + self.tc.open_session() + except ChannelException as e: + assert e.code == OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED + else: + assert False, "Did not raise ChannelException!" + + def test_server_rejects_arbitrary_global_request_without_auth(self): + self.setup_test_server(connect_kwargs={}) + # NOTE: this dummy global request kind would normally pass muster + # from the test server. + self.tc.global_request('acceptable') + # Global requests never raise exceptions, even on failure (not sure why + # this was the original design...ugh.) Best we can do to tell failure + # happened is that the client transport's global_response was set back + # to None; if it had succeeded, it would be the response Message. + err = "Unauthed global response incorrectly succeeded!" + assert self.tc.global_response is None, err + + def test_server_rejects_port_forward_without_auth(self): + # NOTE: at protocol level port forward requests are treated same as a + # regular global request, but Paramiko server implements a special-case + # method for it, so it gets its own test. (plus, THAT actually raises + # an exception on the client side, unlike the general case...) + self.setup_test_server(connect_kwargs={}) + try: + self.tc.request_port_forward('localhost', 1234) + except SSHException as e: + assert "forwarding request denied" in str(e) + else: + assert False, "Did not raise SSHException!" -- 2.7.4 debian/patches/CVE-2018-1000805-pre.patch0000644000000000000000000001072013361400546014244 0ustar Backport of: From 852176d2d776b183a39e100009d3e18b6896323b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 18 Sep 2018 18:21:33 -0700 Subject: [PATCH] Fix a pseudo-bug re: responding to MSG_UNIMPLEMENTED w/ itself --- dev-requirements.txt | 1 + paramiko/transport.py | 23 ++++++++++++++++++----- sites/www/changelog.rst | 5 +++++ tests/test_transport.py | 25 +++++++++++++++++++++++++ 4 files changed, 49 insertions(+), 5 deletions(-) Index: paramiko-1.10.1/paramiko/transport.py =================================================================== --- paramiko-1.10.1.orig/paramiko/transport.py 2018-10-16 11:14:37.930340430 -0400 +++ paramiko-1.10.1/paramiko/transport.py 2018-10-16 11:15:56.930852015 -0400 @@ -1639,11 +1639,22 @@ class Transport (threading.Thread): elif (self.auth_handler is not None) and (ptype in self.auth_handler._handler_table): self.auth_handler._handler_table[ptype](self.auth_handler, m) else: - self._log(WARNING, 'Oops, unhandled type %d' % ptype) - msg = Message() - msg.add_byte(chr(MSG_UNIMPLEMENTED)) - msg.add_int(m.seqno) - self._send_message(msg) + # Respond with "I don't implement this particular + # message type" message (unless the message type was + # itself literally MSG_UNIMPLEMENTED, in which case, we + # just shut up to avoid causing a useless loop). + name = MSG_NAMES[ptype] + self._log( + WARNING, + "Oops, unhandled type {} ({!r})".format( + ptype, name + ), + ) + if ptype != MSG_UNIMPLEMENTED: + msg = Message() + msg.add_byte(chr(MSG_UNIMPLEMENTED)) + msg.add_int(m.seqno) + self._send_message(msg) except SSHException, e: self._log(ERROR, 'Exception: ' + str(e)) self._log(ERROR, util.tb_strings()) Index: paramiko-1.10.1/tests/test_transport.py =================================================================== --- paramiko-1.10.1.orig/tests/test_transport.py 2018-10-16 11:14:37.930340430 -0400 +++ paramiko-1.10.1/tests/test_transport.py 2018-10-16 11:18:48.939877963 -0400 @@ -28,12 +28,13 @@ import time import threading import unittest import random +from mock import Mock from paramiko import Transport, SecurityOptions, ServerInterface, RSAKey, DSSKey, \ SSHException, BadAuthenticationType, InteractiveQuery, ChannelException, Channel from paramiko import AUTH_FAILED, AUTH_PARTIALLY_SUCCESSFUL, AUTH_SUCCESSFUL from paramiko import OPEN_SUCCEEDED, OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED -from paramiko.common import MSG_KEXINIT, MSG_CHANNEL_WINDOW_ADJUST +from paramiko.common import MSG_KEXINIT, MSG_CHANNEL_WINDOW_ADJUST, MSG_UNIMPLEMENTED from paramiko.message import Message from loop import LoopSocket from util import ParamikoTest @@ -797,3 +798,26 @@ class TransportTest(ParamikoTest): assert "forwarding request denied" in str(e) else: assert False, "Did not raise SSHException!" + + def _send_unimplemented(self, server_is_sender): + self.setup_test_server() + sender, recipient = self.tc, self.ts + if server_is_sender: + sender, recipient = self.ts, self.tc + recipient._send_message = Mock() + msg = Message() + msg.add_byte(chr(MSG_UNIMPLEMENTED)) + sender._send_message(msg) + # TODO: I hate this but I literally don't see a good way to know when + # the recipient has received the sender's message (there are no + # existing threading events in play that work for this), esp in this + # case where we don't WANT a response (as otherwise we could + # potentially try blocking on the sender's receipt of a reply...maybe). + time.sleep(0.1) + assert not recipient._send_message.called + + def test_server_does_not_respond_to_MSG_UNIMPLEMENTED(self): + self._send_unimplemented(server_is_sender=False) + + def test_client_does_not_respond_to_MSG_UNIMPLEMENTED(self): + self._send_unimplemented(server_is_sender=True) debian/patches/CVE-2018-1000805.patch0000644000000000000000000001350313361403560013461 0ustar Backport of: From 56c96a659658acdbb873aef8809a7b508434dcce Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 18 Sep 2018 19:59:16 -0700 Subject: [PATCH] Fix and changelog re #1283 --- paramiko/auth_handler.py | 36 ++++++++++++++++++++++++---- sites/www/changelog.rst | 12 ++++++++++ tests/test_transport.py | 51 +++++++++++++++++++++++++++++++++++++++- 3 files changed, 94 insertions(+), 5 deletions(-) Index: paramiko-1.10.1/paramiko/auth_handler.py =================================================================== --- paramiko-1.10.1.orig/paramiko/auth_handler.py 2018-10-16 11:43:45.222765827 -0400 +++ paramiko-1.10.1/paramiko/auth_handler.py 2018-10-16 11:43:45.222765827 -0400 @@ -413,14 +413,36 @@ class AuthHandler (object): self._send_auth_result(self.auth_username, 'keyboard-interactive', result) - _handler_table = { + # TODO: do the same to the other tables, in Transport. + # TODO 3.0: MAY make sense to make these tables into actual + # classes/instances that can be fed a mode bool or whatever. Or, + # alternately (both?) make the message types small classes or enums that + # embed this info within themselves (which could also then tidy up the + # current 'integer -> human readable short string' stuff in common.py). + # TODO: if we do that, also expose 'em publicly. + + # Messages which should be handled _by_ servers (sent by clients) + _server_handler_table = { MSG_SERVICE_REQUEST: _parse_service_request, - MSG_SERVICE_ACCEPT: _parse_service_accept, MSG_USERAUTH_REQUEST: _parse_userauth_request, + MSG_USERAUTH_INFO_RESPONSE: _parse_userauth_info_response, + } + + # Messages which should be handled _by_ clients (sent by servers) + _client_handler_table = { + MSG_SERVICE_ACCEPT: _parse_service_accept, MSG_USERAUTH_SUCCESS: _parse_userauth_success, MSG_USERAUTH_FAILURE: _parse_userauth_failure, MSG_USERAUTH_BANNER: _parse_userauth_banner, MSG_USERAUTH_INFO_REQUEST: _parse_userauth_info_request, - MSG_USERAUTH_INFO_RESPONSE: _parse_userauth_info_response, } + # NOTE: prior to the fix for #1283, this was a static dict instead of a + # property. Should be backwards compatible in most/all cases. + @property + def _handler_table(self): + if self.transport.server_mode: + return self._server_handler_table + else: + return self._client_handler_table + Index: paramiko-1.10.1/tests/test_transport.py =================================================================== --- paramiko-1.10.1.orig/tests/test_transport.py 2018-10-16 11:43:45.222765827 -0400 +++ paramiko-1.10.1/tests/test_transport.py 2018-10-16 11:44:41.919002492 -0400 @@ -31,10 +31,11 @@ import random from mock import Mock from paramiko import Transport, SecurityOptions, ServerInterface, RSAKey, DSSKey, \ - SSHException, BadAuthenticationType, InteractiveQuery, ChannelException, Channel + SSHException, BadAuthenticationType, InteractiveQuery, ChannelException, Channel, AuthHandler from paramiko import AUTH_FAILED, AUTH_PARTIALLY_SUCCESSFUL, AUTH_SUCCESSFUL from paramiko import OPEN_SUCCEEDED, OPEN_FAILED_ADMINISTRATIVELY_PROHIBITED -from paramiko.common import MSG_KEXINIT, MSG_CHANNEL_WINDOW_ADJUST, MSG_UNIMPLEMENTED +from paramiko.common import MSG_KEXINIT, MSG_CHANNEL_WINDOW_ADJUST, \ + MSG_NAMES, MSG_UNIMPLEMENTED, MSG_USERAUTH_SUCCESS from paramiko.message import Message from loop import LoopSocket from util import ParamikoTest @@ -821,3 +822,48 @@ class TransportTest(ParamikoTest): def test_client_does_not_respond_to_MSG_UNIMPLEMENTED(self): self._send_unimplemented(server_is_sender=True) + + def _send_client_message(self, message_type): + self.setup_test_server(connect_kwargs={}) + self.ts._send_message = Mock() + # NOTE: this isn't 100% realistic (most of these message types would + # have actual other fields in 'em) but it suffices to test the level of + # message dispatch we're interested in here. + msg = Message() + # TODO: really not liking the whole cMSG_XXX vs MSG_XXX duality right + # now, esp since the former is almost always just byte_chr(the + # latter)...but since that's the case... + msg.add_byte(chr(message_type)) + self.tc._send_message(msg) + # No good way to actually wait for server action (see above tests re: + # MSG_UNIMPLEMENTED). Grump. + time.sleep(0.1) + + def _expect_unimplemented(self): + # Ensure MSG_UNIMPLEMENTED was sent (implies it hit end of loop instead + # of truly handling the given message). + # NOTE: When bug present, this will actually be the first thing that + # fails (since in many cases actual message handling doesn't involve + # sending a message back right away). + assert self.ts._send_message.call_count == 1 + reply = self.ts._send_message.call_args[0][0] + reply.rewind() # Because it's pre-send, not post-receive + assert reply.get_byte() == chr(MSG_UNIMPLEMENTED) + + def test_server_transports_reject_client_message_types(self): + # TODO: handle Transport's own tables too, not just its inner auth + # handler's table. See TODOs in auth_handler.py + for message_type in AuthHandler._client_handler_table: + self._send_client_message(message_type) + self._expect_unimplemented() + # Reset for rest of loop + self.tearDown() + self.setUp() + + def test_server_rejects_client_MSG_USERAUTH_SUCCESS(self): + self._send_client_message(MSG_USERAUTH_SUCCESS) + # Sanity checks + assert not self.ts.authenticated + assert not self.ts.auth_handler.authenticated + # Real fix's behavior + self._expect_unimplemented() debian/clean0000644000000000000000000000001112236711362010166 0ustar test.log debian/paramiko-doc.docs0000644000000000000000000000001412236711362012404 0ustar README docs debian/compat0000644000000000000000000000000212236711362010367 0ustar 8 debian/copyright0000644000000000000000000000215012236711362011122 0ustar This package was debianized by Guido Guenther on Mon, 31 Jan 2005 11:24:37 +0100. It was downloaded from http://www.lag.net/paramiko/download/ Upstream Author: Robey Pointer Copyright 2003, 2004, 2005, 2006 Robey Pointer Paramiko is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. Paramiko is distrubuted in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with Paramiko; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. On Debian GNU/Linux systems, the complete text of the Lesser GNU General Public License can be found in `/usr/share/common-licenses/LGPL-2.1'. debian/paramiko-doc.doc-base0000644000000000000000000000045012236711362013135 0ustar Document: python-paramiko Title: Paramiko Author: Robey Pointer Abstract: A Python interface to the paramiko SSH2 protocol library Section: Programming/Python Format: html Index: /usr/share/doc/paramiko-doc/docs/index.html Files: /usr/share/doc/paramiko-doc/docs/*.html debian/python-paramiko.install0000644000000000000000000000002112236711362013674 0ustar usr/lib/python2* debian/source/0000755000000000000000000000000012236711362010471 5ustar debian/source/format0000644000000000000000000000001412236711362011677 0ustar 3.0 (quilt) debian/python-paramiko.examples0000644000000000000000000000001012236711362014042 0ustar demos/* debian/changelog0000644000000000000000000002046613361401047011047 0ustar paramiko (1.10.1-1git1ubuntu0.2) trusty-security; urgency=medium * SECURITY UPDATE: server-side authentication vulnerability - debian/patches/CVE-2018-1000805-pre.patch: fix MSG_UNIMPLEMENTED in paramiko/transport.py, added tests to tests/test_transport.py. - debian/patches/CVE-2018-1000805.patch: split messages dict in paramiko/auth_handler.py, added tests to tests/test_transport.py. - debian/control: added python-mock to Build-Depends. - CVE-2018-1000805 -- Marc Deslauriers Tue, 16 Oct 2018 11:21:31 -0400 paramiko (1.10.1-1git1ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: customized clients can skip auth - 0004-Fixes-CVE-2018-7750-1175.patch: send message failure if not authenticated and message type is a service request - 0002-Allow-overriding-test-client-connect-kwargs-in-Trans.patch, 0003-Initial-tests-proving-CVE-2018-7750-1175.patch: add testcases plus prereq - CVE-2018-7750 * debian/rules: actually run the test suite during the build -- Steve Beattie Thu, 15 Mar 2018 16:04:49 -0700 paramiko (1.10.1-1git1build1) trusty; urgency=medium * Rebuild to drop files installed into /usr/share/pyshared. -- Matthias Klose Sun, 23 Feb 2014 13:49:47 +0000 paramiko (1.10.1-1git1) trusty; urgency=low Upload current Debian packaging git head. [ Jean-Baptiste Lallement ] * Add autopkgtest that runs the upstream test suite against the installed package. (LP: #1248706) -- Martin Pitt Thu, 07 Nov 2013 14:17:13 +0100 paramiko (1.10.1-1) unstable; urgency=low * Imported Upstream version 1.10.1 * debian/control: Revise debhelper Build-Depends entry * debian/{control,watch}: Update for new maintainer and source address (Closes: #690080) - thanks to Mike Gabriel * debian/gbp.conf: Add standard git-buildpackage settings * debian/patches/*: Removed patch included in upstream * debian/patches/*: Removed hostkey patch that caused problems - thanks to Lars Noschinski * debian/*: clean up build files for new version * debian/control: Add Build-Depend on python-epydoc * debian/patches/*: Add patch to remove upstream Makefile * debian/*: Build out separate paramiko-doc package (Closes: #682255) - thanks to Touko Korpela -- Jeremy T. Bouse Thu, 27 Jun 2013 22:59:08 -0400 paramiko (1.7.7.1-3) unstable; urgency=low * Accept NMU uploads (Closes: #659007, #668239) * Update package to clean up lintian findings * debian/source/local-options: set unapply-patches option * debian/watch: Don't need to use uupdate with gbp * debian/control: Upgrade Debian Standard (no changes needed) -- Jeremy T. Bouse Mon, 09 Jul 2012 11:02:38 -0400 paramiko (1.7.7.1-2.2) unstable; urgency=low * Non-maintainer upload. * Add Fix-SSHException-when-re-keying-over-a-fast-connection.patch patch. Fix bug "Transfers fail after 1GB; rekeying window too small". (Closes: #659007) -- Salvatore Bonaccorso Sat, 07 Jul 2012 17:09:08 +0200 paramiko (1.7.7.1-2.1) unstable; urgency=low * Non-maintainer upload. * Fix broken host key handling when port != 22 (Closes: 668239) -- Luk Claes Thu, 05 Jul 2012 00:38:56 +0000 paramiko (1.7.7.1-2) unstable; urgency=low * debian/*: Update build to use dh_python2 (Closes: #637379) * Debian package build environment cleanup * Acknowledge previous NMU patch that was included in upstream update release Thanks Jelmer Vernooij (Closes: #611361) -- Jeremy T. Bouse Sun, 02 Oct 2011 13:46:01 -0400 paramiko (1.7.7.1-1) unstable; urgency=low * Imported Upstream version 1.7.7.1 (Closes: #627754) * debian/patches: Patches included in upstream * debian/control: Updated standards version (no change) -- Jeremy T. Bouse Tue, 31 May 2011 21:23:55 -0400 paramiko (1.7.6-6) unstable; urgency=low * Add back quilt support NMU removed & update clean target * Accept NMU upload. Thanks Jelmer Vernooij -- Jeremy T. Bouse Sat, 29 Jan 2011 12:02:16 -0500 paramiko (1.7.6-5.1) unstable; urgency=low * Non-maintainer upload. * Avoid deprecated RandomPool. Patch by Gary van der Merwe. Closes: #576697 * Try connecting to each available address family until one succeeds. Patch by Andrew Bennetts. Closes: #602251 * Bump standards version to 3.9.1 (no changes). -- Jelmer Vernooij Fri, 28 Jan 2011 12:35:12 +0100 paramiko (1.7.6-5) unstable; urgency=low * debian/control: Fix python-crypto version dependency * debian/rules: Remove simple-patchsys.mk -- Jeremy T. Bouse Sat, 17 Jul 2010 00:00:40 -0400 paramiko (1.7.6-4) unstable; urgency=low * Update Standards-Version to 3.9.0 * debian/control: Add versioned dependency on python-crypto (Closes: #479596) * debian/control: Build-Depends python-all-dev to python-all -- Jeremy T. Bouse Fri, 16 Jul 2010 10:54:06 -0400 paramiko (1.7.6-3) unstable; urgency=medium * Add conflict against fabric 0.9.0-1 (Closes: #563490) - thanks to Chris Lamb for being a packaging tool -- Jeremy T. Bouse Mon, 04 Jan 2010 10:12:32 -0500 paramiko (1.7.6-2) unstable; urgency=low * debian/control: Fix last remaining lintian warning -- Jeremy T. Bouse Wed, 16 Dec 2009 08:15:36 -0500 paramiko (1.7.6-1) unstable; urgency=low * Imported Upstream version 1.7.6 (Closes: #543784) * Fix formatting error for __all__ in paramiko/__init__.py (Closes: #494836) * Update debian/watch syntax * Package build clean-up * Include docs/ contents with build (LP: #364998) * Update Build-Depends * debian/control: Update Vcs-* entries -- Jeremy T. Bouse Tue, 15 Dec 2009 09:46:29 -0500 paramiko (1.7.4-0.1) unstable; urgency=medium * NMU. * New upstream version. - Fix random number regression (stop using RandomPool). Closes: #490961. -- Matthias Klose Fri, 18 Jul 2008 14:16:08 +0200 paramiko (1.7.3-1) unstable; urgency=low * New upstream version Closes: #475505. * Acknowledge NMU changes * Missing examples included Closes: #455547. * Confirmed new upstream version corrected FutureWarning Closes: #405552. -- Jeremy T. Bouse Sun, 04 May 2008 11:41:27 -0400 paramiko (1.7.2-0.1) unstable; urgency=low * Non-maintainer upload to DELAYED/14-day. (¹) * New upstream release. (Closes: #415060) * Drop the patch introduced in 1.6.4-1.1, as it's part of 1.7.2. (¹) Counting since the initial 1.7.1-0.1 upload in Jan 13th. -- Adeodato Simó Thu, 24 Jan 2008 13:54:18 +0100 paramiko (1.6.4-1.1) unstable; urgency=high * Non-maintainer upload by security team. * Fix insecure use of RandomPool if paramiko is used for threads or multiple forked processes. This enables one session to predict random data of another session using its own random data. (CVE id pending; Closes: #460706). -- Nico Golde Mon, 14 Jan 2008 19:36:40 +0100 paramiko (1.6.4-1) unstable; urgency=low * New upstream release (Closes: #344734, #382348). -- Jeremy T. Bouse Tue, 26 Dec 2006 15:48:42 -0500 paramiko (1.5.2-0.1) unstable; urgency=low [ Wouter van Heyst ] * Non-maintainer upload. * New upstream release. + Drop python_script_fix.patch and pathmangle.sh, no longer needed. * Merge some ubuntu changes. + Add watch file. + Update copyright file. -- Robert Collins Fri, 28 Jul 2006 14:26:29 +1000 paramiko (1.5-1.1) unstable; urgency=low * Non-maintainer upload. * Fix B-D-I/B-D glitches. * Update package to the new python policy (Closes: #373472). -- Pierre Habouzit Thu, 29 Jun 2006 23:00:34 +0200 paramiko (1.5-1) unstable; urgency=low * New upstream release. * Initial package upload (Closes: #292942). -- Jeremy T. Bouse Tue, 18 Oct 2005 14:57:46 -0700 paramiko (1.1-1) unstable; urgency=low * Initial Release. -- Guido Guenther Mon, 31 Jan 2005 11:24:37 +0100