Hi On Sat, May 26, 2012 at 12:10:38AM -0400, Dwayne C. Litzenberger wrote: > tags 659007 + fixed-upstream patch > thanks > > A new versions of Paramiko has been released, which fixes this bug: > > http://pypi.python.org/pypi/paramiko/1.7.7.2 > > Do you think you could upload a new version of python-paramiko soon > so that this bug can be fixed before the wheezy is frozen?
I have prepared a NMU based on your patch found on github. Could you test it please? [1]. Attached is also the proposed debdiff for the NMU. [1]: http://people.debian.org/~carnil/tmp/paramiko/python-paramiko_1.7.7.1-2.2_all.deb Regards, Salvatore
diff -Nru paramiko-1.7.7.1/debian/changelog paramiko-1.7.7.1/debian/changelog --- paramiko-1.7.7.1/debian/changelog 2012-07-05 02:45:26.000000000 +0200 +++ paramiko-1.7.7.1/debian/changelog 2012-07-07 02:05:46.000000000 +0200 @@ -1,3 +1,12 @@ +paramiko (1.7.7.1-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Add Fix-SSHException-when-re-keying-over-a-fast-connection.patch patch. + Fix bug "Transfers fail after 1GB; rekeying window too small". + (Closes: #659007) + + -- Salvatore Bonaccorso <car...@debian.org> Sat, 07 Jul 2012 02:05:37 +0200 + paramiko (1.7.7.1-2.1) unstable; urgency=low * Non-maintainer upload. diff -Nru paramiko-1.7.7.1/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch paramiko-1.7.7.1/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch --- paramiko-1.7.7.1/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch 1970-01-01 01:00:00.000000000 +0100 +++ paramiko-1.7.7.1/debian/patches/Fix-SSHException-when-re-keying-over-a-fast-connection.patch 2012-07-07 02:05:46.000000000 +0200 @@ -0,0 +1,75 @@ +Description: Fix SSHException when re-keying over a fast connection +Origin: https://github.com/dlitz/paramiko/commit/c51b3b208c228fe6482ef00b3572a19683e7bb98 +Bug: https://github.com/paramiko/paramiko/issues/49 +Bug-Debian: http://bugs.debian.org/659007 +Forwarded: not-needed +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2012-07-07 + +--- a/paramiko/packet.py ++++ b/paramiko/packet.py +@@ -57,8 +57,11 @@ + + # READ the secsh RFC's before raising these values. if anything, + # they should probably be lower. +- REKEY_PACKETS = pow(2, 30) +- REKEY_BYTES = pow(2, 30) ++ REKEY_PACKETS = pow(2, 29) ++ REKEY_BYTES = pow(2, 29) ++ ++ REKEY_PACKETS_OVERFLOW_MAX = pow(2,29) # Allow receiving this many packets after a re-key request before terminating ++ REKEY_BYTES_OVERFLOW_MAX = pow(2,29) # Allow receiving this many bytes after a re-key request before terminating + + def __init__(self, socket): + self.__socket = socket +@@ -74,6 +77,7 @@ + self.__sent_packets = 0 + self.__received_bytes = 0 + self.__received_packets = 0 ++ self.__received_bytes_overflow = 0 + self.__received_packets_overflow = 0 + + # current inbound/outbound ciphering: +@@ -134,6 +138,7 @@ + self.__mac_key_in = mac_key + self.__received_bytes = 0 + self.__received_packets = 0 ++ self.__received_bytes_overflow = 0 + self.__received_packets_overflow = 0 + # wait until the reset happens in both directions before clearing rekey flag + self.__init_count |= 2 +@@ -316,6 +321,7 @@ + # only ask once for rekeying + self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes sent)' % + (self.__sent_packets, self.__sent_bytes)) ++ self.__received_bytes_overflow = 0 + self.__received_packets_overflow = 0 + self._trigger_rekey() + finally: +@@ -368,19 +374,23 @@ + self.__sequence_number_in = (self.__sequence_number_in + 1) & 0xffffffffL + + # check for rekey +- self.__received_bytes += packet_size + self.__mac_size_in + 4 ++ raw_packet_size = packet_size + self.__mac_size_in + 4 ++ self.__received_bytes += raw_packet_size + self.__received_packets += 1 + if self.__need_rekey: +- # we've asked to rekey -- give them 20 packets to comply before ++ # we've asked to rekey -- give them some packets to comply before + # dropping the connection ++ self.__received_bytes_overflow += raw_packet_size + self.__received_packets_overflow += 1 +- if self.__received_packets_overflow >= 20: ++ if (self.__received_packets_overflow >= self.REKEY_PACKETS_OVERFLOW_MAX) or \ ++ (self.__received_bytes_overflow >= self.REKEY_BYTES_OVERFLOW_MAX): + raise SSHException('Remote transport is ignoring rekey requests') + elif (self.__received_packets >= self.REKEY_PACKETS) or \ + (self.__received_bytes >= self.REKEY_BYTES): + # only ask once for rekeying + self._log(DEBUG, 'Rekeying (hit %d packets, %d bytes received)' % + (self.__received_packets, self.__received_bytes)) ++ self.__received_bytes_overflow = 0 + self.__received_packets_overflow = 0 + self._trigger_rekey() + diff -Nru paramiko-1.7.7.1/debian/patches/series paramiko-1.7.7.1/debian/patches/series --- paramiko-1.7.7.1/debian/patches/series 2012-07-05 02:30:28.000000000 +0200 +++ paramiko-1.7.7.1/debian/patches/series 2012-07-07 02:05:46.000000000 +0200 @@ -1 +1,2 @@ hostkey.patch +Fix-SSHException-when-re-keying-over-a-fast-connection.patch
signature.asc
Description: Digital signature
