Ubuntu
paramiko package

Please merge paramiko 3.4.0-1 into Oracular

Bug #2066061 reported by Hector CAO
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
paramiko (Ubuntu)
Fix Released
Undecided
Hector CAO

Bug Description

paramiko
Fri May 3 21:50:49 2024

Below now follows the report of the automated merge of the Ubuntu
changes to the paramiko source package against the new Debian version.

Here are the particulars of the three versions of paramiko that were
chosen for the merge. The base is the newest version that is a common
ancestor of both the Ubuntu and Debian packages. It may be of a
different upstream version, but that's not usually a problem.

The files are the source package itself, and the patch from the common
base to that version.

base: 2.12.0-2
    paramiko_2.12.0-2.dsc
    paramiko_2.12.0.orig.tar.xz
    paramiko_2.12.0-2.debian.tar.xz

ubuntu: 2.12.0-2ubuntu4
    paramiko_2.12.0-2ubuntu4.dsc
    paramiko_2.12.0.orig.tar.xz
    paramiko_2.12.0-2ubuntu4.debian.tar.xz

base -> ubuntu
    paramiko_2.12.0-2ubuntu4.patch

debian: 3.4.0-1
    paramiko_3.4.0-1.dsc
    paramiko_3.4.0.orig.tar.xz
    paramiko_3.4.0-1.debian.tar.xz

base -> debian
    paramiko_3.4.0-1.patch

Generated Result
================

Due to conflict or error, it was not possible to automatically create
a source package. Instead the result of the merge has been placed
into the following tar file which you will need to turn into a source
package once the problems have been resolved.

    paramiko_3.4.0-1ubuntu1.src.tar.gz

Conflicts
=========

In one or more cases, there were different changes made in both Ubuntu
and Debian to the same file; these are known as conflicts.

It is not possible for these to be automatically resolved, so this
source needs human attention.

Those files marked with 'C ' contain diff3 conflict markers, which can
be resolved using the text editor of your choice. Those marked with
'C*' could not be merged that way, so you will find .UBUNTU and
.DEBIAN files instead and should choose one of them or a combination
of both, moving it to the real filename and deleting the other.

  C debian/patches/series

Related branches

~hectorcao/ubuntu/+source/paramiko:merge-lp2066061
Marc Deslauriers (community): Approve
Canonical Server Reporter: Pending requested
git-ubuntu import: Pending requested
Diff: 225 lines (+140/-3)
4 files modified
debian/changelog (+121/-0)
debian/control (+3/-3)
debian/patches/disable_flaky_test.patch (+15/-0)
debian/patches/series (+1/-0)

CVE References

Hector CAO (hectorcao)
Changed in paramiko (Ubuntu):
assignee: nobody → Hector CAO (hectorcao)
status: New → In Progress
Revision history for this message
Hector CAO (hectorcao) wrote :

The folowing Ubuntu changes are dropped:
- SECURITY UPDATE: Prefix truncation attack on BPP
    - debian/patches/CVE-2023-48795-*.patch: implement strict key
      exchange.
    - CVE-2023-48795
  These changes are backports from upstream and the new debian version contains these commits.
  Per consequence, no need anymore to apply them

- debian/patches/remove_six.patch
  This patch is dropped since it is in upstream

- debian/patches/fix_test_on_armhf.patch
  This patch is dropped because the file tests/test_transport.py is changed in the new version and
  this patch is not application neither necessary

Revision history for this message
Hector CAO (hectorcao) wrote :

The merge request : https://code.launchpad.net/~hectorcao/ubuntu/+source/paramiko/+git/paramiko/+merge/466111

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package paramiko - 3.4.0-1ubuntu1

---------------
paramiko (3.4.0-1ubuntu1) oracular; urgency=medium

  * Merge with Debian unstable. Remaining changes (LP: #2066061):
      - d/control: Demote python3-invoke from Recommends to Suggests as
        the python-invoke package lacks unit test execution so is not suitable
        for main inclusion
      - debian/patches/disable_flaky_test.patch: disable flaky
        test_sequence_numbers_reset_on_newkeys_when_strict test.
    Dropped changes:
      - SECURITY UPDATE: Prefix truncation attack on BPP
        - debian/patches/CVE-2023-48795-*.patch: implement strict key
          exchange.
        - CVE-2023-48795
        Dropped because these patches are applied upstream
      - debian/patches/remove_six.patch : removed because already upstreamed
      - debian/patches/fix_test_on_armhf.patch : removed because not applicable
        since the tests/test_transport.py has been changed upstreamed

paramiko (3.4.0-1) unstable; urgency=medium

  * Team upload
  * New upstream version 3.4.0
    - Fix Terrapin MitM attack (CVE-2023-48795) (Closes: #1059006)
  * Add debian/salsa-ci.yml
  * Update debian/patches/remove_pytest_relaxed.patch
  * Add python3-icecream to build-dependencies
  * Fix nose deprecation errors produced by pytest. Patch:
    0001-Use-pytest-s-setup_method-in-pytest-8-the-nose-metho.patch
  * Fix 32-bit-ism in protocol seqno rollover test from Terrapin fix. Patch
    from upstream
  * Add myself to Uploaders

paramiko (2.12.0-3) unstable; urgency=medium

  * remove myself

 -- Hector Cao <email address hidden> Fri, 17 May 2024 19:12:44 +0200

Changed in paramiko (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.