1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1109661: unblock: paramiko/3.5.1-3

    From Colin Watson@21:1/5 to All on Mon Jul 21 12:20:01 2025
    XPost: linux.debian.devel.release

    Package: release.debian.org
    Severity: normal
    X-Debbugs-Cc: [email protected]
    Control: affects -1 + src:paramiko
    User: [email protected]
    Usertags: unblock

    [ Reason ]
    Fix important bug https://bugs.debian.org/1108434 (does not correctly
    handle OpenSSH 10 version).

    [ Impact ]
    When using RSA certificates, paramiko misdetects the current version of
    OpenSSH as being earlier than 7.8 and uses inappropriate fallback code.

    [ Tests ]
    The history of https://github.com/paramiko/paramiko/pull/2516 suggests
    that it's at least somewhat covered (given that the first incorrect
    version of the PR caused a test failure), but tests aren't failing at
    the moment so it evidently isn't entirely robust.

    [ Risks ]
    I don't think adding a "\." to a version-matching regex can have much in
    the way of fallout. The worst case would be that we incorrectly fall
    back to the pre-7.8 logic, but that's what's already happening.

    [ Checklist ]
    [x] all changes are documented in the d/changelog
    [x] I reviewed all changes and I approve them
    [x] attach debdiff against the package in testing

    unblock paramiko/3.5.1-3

    Thanks,

    --
    Colin Watson (he/him) [[email protected]]

    diff -Nru paramiko-3.5.1/debian/changelog paramiko-3.5.1/debian/changelog
    --- paramiko-3.5.1/debian/changelog 2025-02-17 21:52:38.000000000 +0000
    +++ paramiko-3.5.1/debian/changelog 2025-07-13 08:09:25.000000000 +0100
    @@ -1,3 +1,10 @@
    +paramiko (3.5.1-3) unstable; urgency=medium
    +
    + * Team upload.
    + * Fixed version parsing issue with OpenSSH >= 10.0 (closes: #1108434).
    +
    + -- Colin Watson <[email protected]> Sun, 13 Jul 2025 09:09:25 +0200
    +
    paramiko (3.5.1-2) unstable; urgency=medium

    * Team upload.
    diff -Nru paramiko-3.5.1/debian/patches/openssh-10.patch paramiko-3.5.1/debian/patches/openssh-10.patch
    --- paramiko-3.5.1/debian/patches/openssh-10.patch 1970-01-01 01:00:00.000000000 +0100
    +++ paramiko-3.5.1/debian/patches/openssh-10.patch 2025-07-13 08:09:25.000000000 +0100
    @@ -0,0 +1,26 @@
    +From: rebcim <[email protected]>
    +Date: Wed, 4 Jun 2025 14:13:52 +0200
    +Subject: Fixed version parsing issue with OpenSSH 10.0
    +
    +Regex matches now for Version 1..7 but not for 10.
    +
    +Origin: other, https://github.com/paramiko/paramiko/pull/