Your message dated Mon, 09 Jul 2012 15:32:11 +0000
with message-id <e1sofwz-0001mu...@franck.debian.org>
and subject line Bug#659007: fixed in paramiko 1.7.7.1-2.2
has caused the Debian Bug report #659007,
regarding Transfers fail after 1GB; rekeying window too small
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
659007: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659007
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-paramiko
Version: 1.7.7.1-2
Severity: normal
i've had reports about paramiko bungling a self-initiated rekey operation
by not waiting long enough for the other party to respond before
it throws an exception (see #660378).
lines 374++ of packet.py show that paramiko waits no more than 20 packets
until after sending a key exchange request before it gives up.
section 7.1 of the ssh rfc (https://tools.ietf.org/html/rfc4253#section-7.1)
says quite explicitely that this is not the way to go:
Note, however, that during a key re-exchange, after sending a
SSH_MSG_KEXINIT message, each party MUST be prepared to process an
arbitrary number of messages that may be in-flight before receiving a
SSH_MSG_KEXINIT message from the other party.
with a large tcp window, a high-rtt path and a busy ssh session
i'm quite certain that 20+ packets can be 'in-flight' when paramiko
wants a rekey.
to me it looks as if this packet count limit should either be raised
substantially, or the code in question rewritten completely with
a different heuristic for when to give up.
regards
az
--- End Message ---
--- Begin Message ---
Source: paramiko
Source-Version: 1.7.7.1-2.2
We believe that the bug you reported is fixed in the latest version of
paramiko, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 659...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated paramiko package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 07 Jul 2012 17:09:08 +0200
Source: paramiko
Binary: python-paramiko
Architecture: source all
Version: 1.7.7.1-2.2
Distribution: unstable
Urgency: low
Maintainer: Jeremy T. Bouse <jbo...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description:
python-paramiko - Make ssh v2 connections with Python
Closes: 659007
Changes:
paramiko (1.7.7.1-2.2) unstable; urgency=low
.
* Non-maintainer upload.
* Add Fix-SSHException-when-re-keying-over-a-fast-connection.patch patch.
Fix bug "Transfers fail after 1GB; rekeying window too small".
(Closes: #659007)
Checksums-Sha1:
c757b94d0ad465a913b3c5b79fb049694426ef66 1979 paramiko_1.7.7.1-2.2.dsc
d57ef136591a349715054bd687a8f5ae34564e5b 5213
paramiko_1.7.7.1-2.2.debian.tar.gz
c93e31e4db90ce969a8e77eaa3165a5965e4aaa1 806838
python-paramiko_1.7.7.1-2.2_all.deb
Checksums-Sha256:
f710ac5dc1b02d5ed9ddb72214fe374e89e20f71da357c42901dee7544054500 1979
paramiko_1.7.7.1-2.2.dsc
6ddb0c4633d5edfd41493481cab52dbe939f2d1b3d8937bc43ef095334d7bf12 5213
paramiko_1.7.7.1-2.2.debian.tar.gz
29dec6a8ba9a696b67780fe616bb57c76aec81577e36f0cd5f7cd4e328a76535 806838
python-paramiko_1.7.7.1-2.2_all.deb
Files:
ac2d753fbd839e43e993ef9b96534d7c 1979 python optional paramiko_1.7.7.1-2.2.dsc
d6e3c351ba013979a37fa51de33b0f87 5213 python optional
paramiko_1.7.7.1-2.2.debian.tar.gz
53d60c9144c6fc9a15e6f0e38149a29e 806838 python optional
python-paramiko_1.7.7.1-2.2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJP+FLzAAoJEHidbwV/2GP+S/kP/ifwB/nY387FQU+iRPDeYrpR
1cpZzvKLgvU/TMjVQ0n2ZwEOI1PQDLUeNkgrkqgldrksnbarnjoyw2Ekre++kMiM
Rg0/Itwm93mVNpRTHrggsuu5r1wOkH79aGOXDvaz/o1SgpS5bJLG7p+FjgaagtVU
0HsC/Rhfs01bT+9SulUN7ZX0rDMcKNVItZvvdBMKxVhJNdTalI9YMiQSV2JJ0EyX
CpQxQlgdTI9NdZ696MLp8wp9sHCZ+3x1PRP+IqwgbmUZ4YCi1+/bIJcCYZ6MY0s/
xKTRfQAyJlVP3luRVIe9oR8l9H633WZhvSKbQFM8Bao+FtIgUKCgMPsg40ispLVm
leXfHg3xdmfilAdjgcqDzA0daS7qR6aM2USmNyL7O9Enc9fWmpQJTyVdGfBmIy9x
VtThPLSdrqsS0A0qmtDrgmp+iUrVt6FC5dIShBVRTXjAcg9ueMyO17FC5d9LZSdu
M1QWDTHXD/vWHYAC5pzWWBl0UJagxNKStj4oY11cybSoSfnVfcsG3P57vd5dR8WC
N7u9PXb3e6coKp0dTqd5xGDmDMN35OUkNhdmE8HOqZOnvBbMXe3yEy2vNdicOzUd
AF9QcoYweeJvsAnRLpaWcxrtexiE+r7KgdUr/ECf654XOtUhhDgXQtTgiMlMXFR/
nQrqL9OBHAVBI4Vg7kYK
=FCuH
-----END PGP SIGNATURE-----
--- End Message ---
