Your message dated Mon, 21 Jul 2025 15:22:24 +0000
with message-id <[email protected]>
and subject line unblock paramiko
has caused the Debian Bug report #1109661,
regarding unblock: paramiko/3.5.1-3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109661: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109661
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:paramiko
User: [email protected]
Usertags: unblock
[ Reason ]
Fix important bug https://bugs.debian.org/1108434 (does not correctly
handle OpenSSH 10 version).
[ Impact ]
When using RSA certificates, paramiko misdetects the current version of
OpenSSH as being earlier than 7.8 and uses inappropriate fallback code.
[ Tests ]
The history of https://github.com/paramiko/paramiko/pull/2516 suggests
that it's at least somewhat covered (given that the first incorrect
version of the PR caused a test failure), but tests aren't failing at
the moment so it evidently isn't entirely robust.
[ Risks ]
I don't think adding a "\." to a version-matching regex can have much in
the way of fallout. The worst case would be that we incorrectly fall
back to the pre-7.8 logic, but that's what's already happening.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock paramiko/3.5.1-3
Thanks,
--
Colin Watson (he/him) [[email protected]]
diff -Nru paramiko-3.5.1/debian/changelog paramiko-3.5.1/debian/changelog
--- paramiko-3.5.1/debian/changelog 2025-02-17 21:52:38.000000000 +0000
+++ paramiko-3.5.1/debian/changelog 2025-07-13 08:09:25.000000000 +0100
@@ -1,3 +1,10 @@
+paramiko (3.5.1-3) unstable; urgency=medium
+
+ * Team upload.
+ * Fixed version parsing issue with OpenSSH >= 10.0 (closes: #1108434).
+
+ -- Colin Watson <[email protected]> Sun, 13 Jul 2025 09:09:25 +0200
+
paramiko (3.5.1-2) unstable; urgency=medium
* Team upload.
diff -Nru paramiko-3.5.1/debian/patches/openssh-10.patch
paramiko-3.5.1/debian/patches/openssh-10.patch
--- paramiko-3.5.1/debian/patches/openssh-10.patch 1970-01-01
01:00:00.000000000 +0100
+++ paramiko-3.5.1/debian/patches/openssh-10.patch 2025-07-13
08:09:25.000000000 +0100
@@ -0,0 +1,26 @@
+From: rebcim <[email protected]>
+Date: Wed, 4 Jun 2025 14:13:52 +0200
+Subject: Fixed version parsing issue with OpenSSH 10.0
+
+Regex matches now for Version 1..7 but not for 10.
+
+Origin: other, https://github.com/paramiko/paramiko/pull/2516
+Bug-Debian: https://bugs.debian.org/1108434
+Last-Update: 2025-07-13
+---
+ paramiko/auth_handler.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py
+index bc7f298..2b54877 100644
+--- a/paramiko/auth_handler.py
++++ b/paramiko/auth_handler.py
+@@ -321,7 +321,7 @@ class AuthHandler:
+ # regarding server-sig-algs, it's impossible to fit this into the rest
+ # of the logic here.
+ if key_type.endswith("[email protected]") and re.search(
+- r"-OpenSSH_(?:[1-6]|7\.[0-7])", self.transport.remote_version
++ r"-OpenSSH_(?:[1-6]\.|7\.[0-7])", self.transport.remote_version
+ ):
+ pubkey_algo = "[email protected]"
+ self.transport._agreed_pubkey_algorithm = pubkey_algo
diff -Nru paramiko-3.5.1/debian/patches/series
paramiko-3.5.1/debian/patches/series
--- paramiko-3.5.1/debian/patches/series 2025-02-17 21:52:38.000000000
+0000
+++ paramiko-3.5.1/debian/patches/series 2025-07-13 08:09:25.000000000
+0100
@@ -1,2 +1,3 @@
1071675.patch
0002-Ignore-host-keys-with-markers.patch
+openssh-10.patch
--- End Message ---
--- Begin Message ---
Unblocked paramiko.
--- End Message ---
