From 28e7e2b6ccd187aa7850b3a9201b6d8b43898905 Mon Sep 17 00:00:00 2001
From: Virgil Dupras <vdupras@gentoo.org>
Date: Wed, 26 Sep 2018 09:56:25 -0400
Subject: [PATCH] dev-python/paramiko: bump to 2.4.2

Also, disable the server feature by default for security reasons. It can
be re-enabled with the 'server' USE flag, which is going to be
hard-masked.

Bug: https://bugs.gentoo.org/666619
Package-Manager: Portage-2.3.50, Repoman-2.3.11
Signed-off-by: Virgil Dupras <vdupras@gentoo.org>
---
 dev-python/paramiko/Manifest                  |  1 +
 .../files/paramiko-2.4.2-disable-server.patch | 46 ++++++++++++++
 dev-python/paramiko/metadata.xml              |  3 +
 dev-python/paramiko/paramiko-2.4.2.ebuild     | 62 +++++++++++++++++++
 4 files changed, 112 insertions(+)
 create mode 100644 dev-python/paramiko/files/paramiko-2.4.2-disable-server.patch
 create mode 100644 dev-python/paramiko/paramiko-2.4.2.ebuild

diff --git a/dev-python/paramiko/Manifest b/dev-python/paramiko/Manifest
index d90724711bec..25fa5b44f4ae 100644
--- a/dev-python/paramiko/Manifest
+++ b/dev-python/paramiko/Manifest
@@ -1,2 +1,3 @@
 DIST paramiko-2.1.2.tar.gz 1196746 BLAKE2B c184e171fe550fc231d67473867db283b706a93aebbd13ffb2503e10d69e43b9ab712237e6698fccae13472f0cb8135b6c015381ac687c4c20d4d1cb1620ae00 SHA512 465c5381b1b0a472d2ad8e690f0916a5f51713880486c7b94cadcf85ea0a52569e18337ccfee5440869e4a0c76bd2b1bc15c414128c07326b40ecd36ea021466
 DIST paramiko-2.4.1.tar.gz 285151 BLAKE2B 767c4ad11da77c5c6796165057715f318cab417c5bae72cd97b51af94ecbf233316fd4286e35b2f855027e05bcf195c869b45a87f66954bee3bb98ae9d0ef1a9 SHA512 5a580d25e7911937f228ef4a2b89b5a1efd771f576c6c68cf1c36e1abbc38adbc6ad5dc91400de7112238fcf7803f5f26c13fe10be4af8a2a86af9398da7a8de
+DIST paramiko-2.4.2.tar.gz 289126 BLAKE2B 767f81a09b32762241eed6661e520e3b3a96acfe8e6e638ea7ae180a8b6866f8f4adeae0a0146d46ecbfccbe71334c5f5c14e2d049744258ca4808ac21365185 SHA512 894c2ebfcfb35a84fe74670d0eb67022a49b7bf165f31acd929045c17509d8a2be111e8319f20513b5034efd033edc6432b2ca2e7027dc7e3c6703166a96790f
diff --git a/dev-python/paramiko/files/paramiko-2.4.2-disable-server.patch b/dev-python/paramiko/files/paramiko-2.4.2-disable-server.patch
new file mode 100644
index 000000000000..19450cbee1bc
--- /dev/null
+++ b/dev-python/paramiko/files/paramiko-2.4.2-disable-server.patch
@@ -0,0 +1,46 @@
+diff --git a/paramiko/transport.py b/paramiko/transport.py
+index f72eebaf..ec7a1445 100644
+--- a/paramiko/transport.py
++++ b/paramiko/transport.py
+@@ -110,6 +110,8 @@ from paramiko.ssh_exception import (
+ from paramiko.util import retry_on_signal, ClosingContextManager, clamp_value
+ 
+ 
++SERVER_DISABLED_BY_GENTOO = True
++
+ # for thread cleanup
+ _active_threads = []
+ 
+@@ -633,6 +635,8 @@ class Transport(threading.Thread, ClosingContextManager):
+             `.SSHException` -- if negotiation fails (and no ``event`` was
+             passed in)
+         """
++        if SERVER_DISABLED_BY_GENTOO:
++            raise Exception("Disabled by Gentoo for security reasons. Enable with 'server' USE flag")
+         if server is None:
+             server = ServerInterface()
+         self.server_mode = True
+diff --git a/tests/conftest.py b/tests/conftest.py
+index 2b509c5c..bb23ac74 100644
+--- a/tests/conftest.py
++++ b/tests/conftest.py
+@@ -4,7 +4,7 @@ import shutil
+ import threading
+ 
+ import pytest
+-from paramiko import RSAKey, SFTPServer, SFTP, Transport
++from paramiko import RSAKey, SFTPServer, SFTP, Transport, transport
+ 
+ from .loop import LoopSocket
+ from .stub_sftp import StubServer, StubSFTPServer
+@@ -15,6 +15,10 @@ from .util import _support
+ # 'nicer'.
+ 
+ 
++# We need the server component for testing
++transport.SERVER_DISABLED_BY_GENTOO = False
++
++
+ # Perform logging by default; pytest will capture and thus hide it normally,
+ # presenting it on error/failure. (But also allow turning it off when doing
+ # very pinpoint debugging - e.g. using breakpoints, so you don't want output
diff --git a/dev-python/paramiko/metadata.xml b/dev-python/paramiko/metadata.xml
index 054a7be7a59b..3624b8442687 100644
--- a/dev-python/paramiko/metadata.xml
+++ b/dev-python/paramiko/metadata.xml
@@ -21,6 +21,9 @@ are supported. SFTP client mode is now supported too.
 ç¨ãã¦ããæã§ããæåãªCipherã¨Hashå¦çã®å¨ã¦ããµãã¼ãããã¦ãã¾ããSFTPã¯ã©ã¤
 ã¢ã³ãããµãã¼ãããã¦ãã¾ãã
 </longdescription>
+  <use>
+    <flag name="server">Enable server feature</flag>
+  </use>
   <upstream>
     <remote-id type="pypi">paramiko</remote-id>
     <remote-id type="github">paramiko/paramiko</remote-id>
diff --git a/dev-python/paramiko/paramiko-2.4.2.ebuild b/dev-python/paramiko/paramiko-2.4.2.ebuild
new file mode 100644
index 000000000000..fb8e47b707db
--- /dev/null
+++ b/dev-python/paramiko/paramiko-2.4.2.ebuild
@@ -0,0 +1,62 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python2_7 python3_{4,5,6} )
+PYTHON_REQ_USE="threads(+)"
+
+inherit distutils-r1
+
+DESCRIPTION="SSH2 protocol library"
+HOMEPAGE="http://www.paramiko.org/ https://github.com/paramiko/paramiko/ https://pypi.org/project/paramiko/"
+# pypi tarballs are missing test data
+#SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
+SRC_URI="https://github.com/${PN}/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris"
+IUSE="doc examples server test"
+
+RDEPEND="
+	>=dev-python/bcrypt-3.1.3[${PYTHON_USEDEP}]
+	>=dev-python/cryptography-1.5[${PYTHON_USEDEP}]
+	>=dev-python/pynacl-1.0.1[${PYTHON_USEDEP}]
+	>=dev-python/pyasn1-0.1.7[${PYTHON_USEDEP}]
+"
+BDEPEND="
+	dev-python/setuptools[${PYTHON_USEDEP}]
+	doc? ( dev-python/sphinx[${PYTHON_USEDEP}] )
+	test? (
+		dev-python/mock[${PYTHON_USEDEP}]
+		dev-python/pytest[${PYTHON_USEDEP}]
+		dev-python/pytest-relaxed[${PYTHON_USEDEP}]
+	)
+"
+
+src_prepare() {
+	if ! use server; then
+		eapply "${FILESDIR}/${PN}-2.4.2-disable-server.patch"
+	fi
+	eapply_user
+}
+
+python_test() {
+	py.test -v || die "Tests fail with ${EPYTHON}"
+}
+
+python_compile_all() {
+	use doc && esetup.py build_sphinx -s sites/docs
+}
+
+python_install_all() {
+	use doc && local HTML_DOCS=( "${BUILD_DIR}"/sphinx/html/. )
+
+	distutils-r1_python_install_all
+
+	if use examples; then
+		insinto /usr/share/doc/${PF}/examples
+		doins demos/*
+	fi
+}
-- 
2.26.2