diff --git a/CVE-2018-1000805.patch b/CVE-2018-1000805.patch new file mode 100644 index 0000000000000000000000000000000000000000..ce270fde8fc15a9a2c336b891cb20f5e9954817c --- /dev/null +++ b/CVE-2018-1000805.patch @@ -0,0 +1,74 @@ +From 56c96a659658acdbb873aef8809a7b508434dcce Mon Sep 17 00:00:00 2001 +From: Jeff Forcier +Date: Tue, 18 Sep 2018 19:59:16 -0700 +Subject: [PATCH] Fix and changelog re #1283 + +--- + paramiko/auth_handler.py | 36 +++++++++++++++++++++++++---- + 1 file changed, 32 insertions(+), 4 deletions(-) + +diff --git a/paramiko/auth_handler.py b/paramiko/auth_handler.py +index a1ce5e3..137330e 100644 +--- a/paramiko/auth_handler.py ++++ b/paramiko/auth_handler.py +@@ -664,17 +664,39 @@ Error Message: {} + self.auth_event.set() + return + +- _handler_table = { ++ # TODO: do the same to the other tables, in Transport. ++ # TODO 3.0: MAY make sense to make these tables into actual ++ # classes/instances that can be fed a mode bool or whatever. Or, ++ # alternately (both?) make the message types small classes or enums that ++ # embed this info within themselves (which could also then tidy up the ++ # current 'integer -> human readable short string' stuff in common.py). ++ # TODO: if we do that, also expose 'em publicly. ++ ++ # Messages which should be handled _by_ servers (sent by clients) ++ _server_handler_table = { + MSG_SERVICE_REQUEST: _parse_service_request, +- MSG_SERVICE_ACCEPT: _parse_service_accept, + MSG_USERAUTH_REQUEST: _parse_userauth_request, ++ MSG_USERAUTH_INFO_RESPONSE: _parse_userauth_info_response, ++ } ++ ++ # Messages which should be handled _by_ clients (sent by servers) ++ _client_handler_table = { ++ MSG_SERVICE_ACCEPT: _parse_service_accept, + MSG_USERAUTH_SUCCESS: _parse_userauth_success, + MSG_USERAUTH_FAILURE: _parse_userauth_failure, + MSG_USERAUTH_BANNER: _parse_userauth_banner, + MSG_USERAUTH_INFO_REQUEST: _parse_userauth_info_request, +- MSG_USERAUTH_INFO_RESPONSE: _parse_userauth_info_response, + } + ++ # NOTE: prior to the fix for #1283, this was a static dict instead of a ++ # property. Should be backwards compatible in most/all cases. ++ @property ++ def _handler_table(self): ++ if self.transport.server_mode: ++ return self._server_handler_table ++ else: ++ return self._client_handler_table ++ + + class GssapiWithMicAuthHandler(object): + """A specialized Auth handler for gssapi-with-mic +@@ -767,9 +789,15 @@ class GssapiWithMicAuthHandler(object): + self._restore_delegate_auth_handler() + return self._delegate._parse_userauth_request(m) + +- _handler_table = { ++ __handler_table = { + MSG_SERVICE_REQUEST: _parse_service_request, + MSG_USERAUTH_REQUEST: _parse_userauth_request, + MSG_USERAUTH_GSSAPI_TOKEN: _parse_userauth_gssapi_token, + MSG_USERAUTH_GSSAPI_MIC: _parse_userauth_gssapi_mic, + } ++ ++ @property ++ def _handler_table(self): ++ # TODO: determine if we can cut this up like we did for the primary ++ # AuthHandler class. ++ return self.__handler_table + diff --git a/python-paramiko.spec b/python-paramiko.spec index 5a83a80ae8c0e224e492779cb4b4b25fdc4f0831..8e013236d053cdf3161536f32c480f358aa6311b 100644 --- a/python-paramiko.spec +++ b/python-paramiko.spec @@ -1,6 +1,6 @@ Name: python-paramiko Version: 2.4.1 -Release: 7 +Release: 8 Summary: Python SSH module License: LGPLv2+ URL: https://github.com/paramiko/paramiko @@ -8,6 +8,7 @@ Source0: https://github.com/paramiko/paramiko/archive/%{version}/paramiko- Patch0: paramiko-2.3.1-disable-gssapi-on-unsupported-version.patch Patch1: paramiko-2.4.1-drop-pytest-relaxed.patch +Patch2: CVE-2018-1000805.patch BuildArch: noarch @@ -90,5 +91,8 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} pytest-%{python3_version} %doc html/ demos/ NEWS README.rst %changelog +* Thu Feb 4 2021 zhanghua - 2.4.1-8 +- fix CVE-2018-1000805 + * Wed Nov 06 2019 Lijin Yang - 2.4.1-7 - init package