diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-05-26 09:08:49 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-05-26 09:08:49 +0100 |
commit | 720452fca3cdf447b4c65bc3bb363032a983309e (patch) | |
tree | babdd1cb196da2b5da2e481505e2e492cb4fe458 /dev-python/paramiko/files | |
parent | 5923f7107d7596f9ecb6a86b451105462668601c (diff) |
gentoo auto-resync : 26:05:2023 - 09:08:49
Diffstat (limited to 'dev-python/paramiko/files')
-rw-r--r-- | dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch | 58 | ||||
-rw-r--r-- | dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch | 134 |
2 files changed, 192 insertions, 0 deletions
diff --git a/dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch b/dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch new file mode 100644 index 000000000000..942f5161ee6f --- /dev/null +++ b/dev-python/paramiko/files/paramiko-3.2.0-disable-server.patch @@ -0,0 +1,58 @@ +From a47e9bdc80224c9ceafcea6da5cea1539ddfbd4d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org> +Date: Fri, 26 May 2023 06:05:13 +0200 +Subject: [PATCH 3/3] Disable server component due to security issues + +--- + paramiko/transport.py | 4 ++++ + tests/conftest.py | 5 +++++ + 2 files changed, 9 insertions(+) + +diff --git a/paramiko/transport.py b/paramiko/transport.py +index 8785d6bb..803d07d1 100644 +--- a/paramiko/transport.py ++++ b/paramiko/transport.py +@@ -120,6 +120,8 @@ from paramiko.util import ( + ) + + ++SERVER_DISABLED_BY_GENTOO = True ++ + # for thread cleanup + _active_threads = [] + +@@ -768,6 +770,8 @@ class Transport(threading.Thread, ClosingContextManager): + `.SSHException` -- if negotiation fails (and no ``event`` was + passed in) + """ ++ if SERVER_DISABLED_BY_GENTOO: ++ raise Exception("Disabled by Gentoo for security reasons. Enable with 'server' USE flag") + if server is None: + server = ServerInterface() + self.server_mode = True +diff --git a/tests/conftest.py b/tests/conftest.py +index 7546aae4..804a289e 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -16,6 +16,7 @@ from paramiko import ( + Ed25519Key, + ECDSAKey, + PKey, ++ transport, + ) + + from ._loop import LoopSocket +@@ -23,6 +24,10 @@ from ._stub_sftp import StubServer, StubSFTPServer + from ._util import _support + + ++# We need the server component for testing ++transport.SERVER_DISABLED_BY_GENTOO = False ++ ++ + # Perform logging by default; pytest will capture and thus hide it normally, + # presenting it on error/failure. (But also allow turning it off when doing + # very pinpoint debugging - e.g. using breakpoints, so you don't want output +-- +2.40.1 + diff --git a/dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch b/dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch new file mode 100644 index 000000000000..84fb618dffb8 --- /dev/null +++ b/dev-python/paramiko/files/paramiko-3.2.0-nih-test-deps.patch @@ -0,0 +1,134 @@ +From 33c56a44f425bb5c4bf63759fbe85cfee06ab087 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org> +Date: Tue, 17 May 2022 07:26:36 +0200 +Subject: [PATCH 1/3] Replace pytest-relaxed with plain pytest.raises + +There is really no technical reason to bring pytest-relaxed to call +@raises as a decorator while plain pytest works just fine. Plus, +pytest.raises() is used in test_sftp already. + +pytest-relaxed causes humongous breakage to other packages +on the system. It has been banned from Gentoo for this reason. +--- + tests/test_client.py | 19 +++++++++---------- + 1 file changed, 9 insertions(+), 10 deletions(-) + +diff --git a/tests/test_client.py b/tests/test_client.py +index 1c0c6c84..c12cbe9a 100644 +--- a/tests/test_client.py ++++ b/tests/test_client.py +@@ -33,7 +33,6 @@ import weakref + from tempfile import mkstemp + + import pytest +-from pytest_relaxed import raises + from unittest.mock import patch, Mock + + import paramiko +@@ -799,11 +798,11 @@ class PasswordPassphraseTests(ClientTest): + + # TODO: more granular exception pending #387; should be signaling "no auth + # methods available" because no key and no password +- @raises(SSHException) + @requires_sha1_signing + def test_passphrase_kwarg_not_used_for_password_auth(self): +- # Using the "right" password in the "wrong" field shouldn't work. +- self._test_connection(passphrase="pygmalion") ++ with pytest.raises(SSHException): ++ # Using the "right" password in the "wrong" field shouldn't work. ++ self._test_connection(passphrase="pygmalion") + + @requires_sha1_signing + def test_passphrase_kwarg_used_for_key_passphrase(self): +@@ -823,15 +822,15 @@ class PasswordPassphraseTests(ClientTest): + password="television", + ) + +- @raises(AuthenticationException) # TODO: more granular + @requires_sha1_signing + def test_password_kwarg_not_used_for_passphrase_when_passphrase_kwarg_given( # noqa + self, + ): + # Sanity: if we're given both fields, the password field is NOT used as + # a passphrase. +- self._test_connection( +- key_filename=_support("test_rsa_password.key"), +- password="television", +- passphrase="wat? lol no", +- ) ++ with pytest.raises(AuthenticationException): ++ self._test_connection( ++ key_filename=_support("test_rsa_password.key"), ++ password="television", ++ passphrase="wat? lol no", ++ ) +-- +2.40.1 + +From a75bdc46a6eb72a0b0e80eeafad2e2a2536a9bd8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org> +Date: Sat, 21 Jan 2023 06:56:09 +0100 +Subject: [PATCH 2/3] Remove icecream dep + +--- + tests/conftest.py | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/tests/conftest.py b/tests/conftest.py +index 12b97283..7546aae4 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -22,13 +22,6 @@ from ._loop import LoopSocket + from ._stub_sftp import StubServer, StubSFTPServer + from ._util import _support + +-from icecream import ic, install as install_ic +- +- +-# Better print() for debugging - use ic()! +-install_ic() +-ic.configureOutput(includeContext=True) +- + + # Perform logging by default; pytest will capture and thus hide it normally, + # presenting it on error/failure. (But also allow turning it off when doing +-- +2.40.1 + +From a4f96f21450942398b46f2b5f125b89297f3f3f2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org> +Date: Fri, 26 May 2023 06:18:25 +0200 +Subject: [PATCH] Remove pointless use of Lexicon vendored from invoke with + class + +--- + tests/conftest.py | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/tests/conftest.py b/tests/conftest.py +index 7546aae4..45362de8 100644 +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -4,8 +4,6 @@ import shutil + import threading + from pathlib import Path + +-from invoke.vendor.lexicon import Lexicon +- + import pytest + from paramiko import ( + SFTPServer, +@@ -132,6 +130,10 @@ for datum in key_data: + datum.insert(0, short) + + ++class Lexicon: ++ pass ++ ++ + @pytest.fixture(scope="session", params=key_data, ids=lambda x: x[0]) + def keys(request): + """ +-- +2.40.1 + |