diff options
author | Jeff Forcier <jeff@bitprophet.org> | 2017-06-06 14:04:04 -0700 |
---|---|---|
committer | Jeff Forcier <jeff@bitprophet.org> | 2017-06-06 14:04:04 -0700 |
commit | f0372ad11cc59e2b750fc3a3252f5ee3458ce623 (patch) | |
tree | 25f6944e44f8c26ca736e6da39a9ca0ad678491b /sites/www/changelog.rst | |
parent | c5febfa0176be1d230aabf6bb4ed94731a60e325 (diff) | |
parent | 2804b79cdeb2c140862d48883b7fdc105f05b95a (diff) |
Merge branch 'master' into 869-int
Diffstat (limited to 'sites/www/changelog.rst')
-rw-r--r-- | sites/www/changelog.rst | 134 |
1 files changed, 103 insertions, 31 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 855fdd30..234d9df6 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -5,14 +5,85 @@ Changelog * :feature:`add-auth-timeout` Adds a timeout for the authentication process. This is a fix to prevent the client getting stuck if an SSH server becomes un-responsive during the authentication. Credit to ``@timsavage``. -* :support:`866 backported` (also :issue:`838`) Remove an old test-related file - we don't support, and add PyPy to Travis-CI config. Thanks to Pierce Lopez - for the final patch and Pedro Rodrigues for an earlier edition. +* :support:`921` Tighten up the ``__hash__`` implementation for various key + classes; less code is good code. Thanks to Francisco Couzo for the patch. +* :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of + preferred MAC algorithms, as an incremental security improvement for users + whose target systems offer both. Credit: Pierce Lopez. +* :bug:`667` The RC4/arcfour family of ciphers has been broken since version + 2.0; but since the algorithm is now known to be completely insecure, we are + opting to remove support outright instead of fixing it. Thanks to Alex Gaynor + for catch & patch. +* :feature:`857` Allow `SSHClient.set_missing_host_key_policy + <paramiko.client.SSHClient.set_missing_host_key_policy>` to accept policy + classes _or_ instances, instead of only instances, thus fixing a + long-standing gotcha for unaware users. +* :feature:`951` Add support for ECDH key exchange (kex), specifically the + algorithms ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, and + ``ecdh-sha2-nistp521``. They now come before the older ``diffie-hellman-*`` + family of kex algorithms in the preferred-kex list. Thanks to Shashank + Veerapaneni for the patch & Pierce Lopez for a follow-up. +* :support:`- backported` A big formatting pass to clean up an enormous number + of invalid Sphinx reference links, discovered by switching to a modern, + rigorous nitpicking doc-building mode. +* :bug:`900` (via :issue:`911`) Prefer newer ``ecdsa-sha2-nistp`` keys over RSA + and DSA keys during host key selection. This improves compatibility with + OpenSSH, both in terms of general behavior, and also re: ability to properly + leverage OpenSSH-modified ``known_hosts`` files. Credit: ``@kasdoe`` for + original report/PR and Pierce Lopez for the second draft. +* :bug:`794` (via :issue:`981`) Prior support for ``ecdsa-sha2-nistp(384|521)`` + algorithms didn't fully extend to covering host keys, preventing connection + to hosts which only offer these key types and no others. This is now fixed. + Thanks to ``@ncoult`` and ``@kasdoe`` for reports and Pierce Lopez for the + patch. +* :feature:`325` (via :issue:`972`) Add Ed25519 support, for both host keys + and user authentication. Big thanks to Alex Gaynor for the patch. + + .. note:: + This change adds the ``bcrypt`` and ``pynacl`` Python libraries as + dependencies. No C-level dependencies beyond those previously required (for + Cryptography) have been added. + +* :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant + (i.e. passes the maintainer's preferred `flake8 <http://flake8.pycqa.org/>`_ + configuration) and add a ``flake8`` step to the Travis config. Big thanks to + Dorian Pula! +* :bug:`683` Make ``util.log_to_file`` append instead of replace. Thanks + to ``@vlcinsky`` for the report. +* :release:`2.1.2 <2017-02-20>` +* :release:`2.0.5 <2017-02-20>` +* :release:`1.18.2 <2017-02-20>` +* :release:`1.17.4 <2017-02-20>` +* :bug:`853 (1.17+)` Tweak how `RSAKey.__str__ <paramiko.rsakey.RSAKey>` + behaves so it doesn't cause ``TypeError`` under Python 3. Thanks to Francisco + Couzo for the report. +* :bug:`862 (1.17+)` (via :issue:`863`) Avoid test suite exceptions on + platforms lacking ``errno.ETIME`` (which seems to be some FreeBSD and some + Windows environments.) Thanks to Sofian Brabez. +* :bug:`44 (1.17+)` (via :issue:`891`) `SSHClient <paramiko.client.SSHClient>` + now gives its internal `Transport <paramiko.transport.Transport>` a handle on + itself, preventing garbage collection of the client until the session is + closed. Without this, some code which returns stream or transport objects + without the client that generated them, would result in premature session + closure when the client was GCd. Credit: ``@w31rd0`` for original report, + Omer Anson for the patch. +* :bug:`713 (<2.0)` (via :issue:`714` and :issue:`889`) Don't pass + initialization vectors to PyCrypto when dealing with counter-mode ciphers; + newer PyCrypto versions throw an exception otherwise (older ones simply + ignored this parameter altogether). Thanks to ``@jmh045000`` for report & + patches. +* :bug:`895 (1.17+)` Fix a bug in server-mode concerning multiple interactive + auth steps (which were incorrectly responded to). Thanks to Dennis + Kaarsemaker for catch & patch. +* :support:`866 backported (1.17+)` (also :issue:`838`) Remove an old + test-related file we don't support, and add PyPy to Travis-CI config. Thanks + to Pierce Lopez for the final patch and Pedro Rodrigues for an earlier + edition. * :release:`2.1.1 <2016-12-12>` * :release:`2.0.4 <2016-12-12>` * :release:`1.18.1 <2016-12-12>` -* :bug:`859` (via :issue:`860`) A tweak to the original patch implementing - :issue:`398` was not fully applied, causing calls to +* :bug:`859 (1.18+)` (via :issue:`860`) A tweak to the original patch + implementing :issue:`398` was not fully applied, causing calls to `~paramiko.client.SSHClient.invoke_shell` to fail with ``AttributeError``. This has been fixed. Patch credit: Kirk Byers. * :bug:`-` Accidentally merged the new features from 1.18.0 into the @@ -31,15 +102,15 @@ Changelog * :bug:`802 (1.17+)` (via :issue:`804`) Update our vendored Windows API module to address errors of the form ``AttributeError: 'module' object has no attribute 'c_ssize_t'``. Credit to Jason R. Coombs. -* :bug:`824` Fix the implementation of ``PKey.write_private_key_file`` (this - method is only publicly defined on subclasses; the fix was in the private - real implementation) so it passes the correct params to ``open()``. This bug - apparently went unnoticed and unfixed for 12 entire years. Congrats to John - Villalovos for noticing & submitting the patch! -* :support:`801 (1.17+)` Skip a Unix-only test when on Windows; thanks to - Gabi Davar. -* :support:`792 (1.17+)` Minor updates to the README and demos; thanks to Alan - Yee. +* :bug:`824 (1.17+)` Fix the implementation of ``PKey.write_private_key_file`` + (this method is only publicly defined on subclasses; the fix was in the + private real implementation) so it passes the correct params to ``open()``. + This bug apparently went unnoticed and unfixed for 12 entire years. Congrats + to John Villalovos for noticing & submitting the patch! +* :support:`801 backported (1.17+)` Skip a Unix-only test when on Windows; + thanks to Gabi Davar. +* :support:`792 backported (1.17+)` Minor updates to the README and demos; + thanks to Alan Yee. * :feature:`780 (1.18+)` (also :issue:`779`, and may help users affected by :issue:`520`) Add an optional ``timeout`` parameter to `Transport.start_client <paramiko.transport.Transport.start_client>` (and @@ -53,21 +124,21 @@ Changelog ``SSHException``. This moves the behavior in line with other "bad keys" situations, re: Paramiko's main auth loop. Thanks to MengHuan Yu for the patch. -* :bug:`789` Add a missing ``.closed`` attribute (plus ``._closed`` because - reasons) to `ProxyCommand <paramiko.proxy.ProxyCommand>` so the earlier - partial fix for :issue:`520` works in situations where one is gatewaying via - ``ProxyCommand``. -* :bug:`334` Make the ``subprocess`` import in ``proxy.py`` lazy so users on - platforms without it (such as Google App Engine) can import Paramiko +* :bug:`789 (1.17+)` Add a missing ``.closed`` attribute (plus ``._closed`` + because reasons) to `ProxyCommand <paramiko.proxy.ProxyCommand>` so the + earlier partial fix for :issue:`520` works in situations where one is + gatewaying via ``ProxyCommand``. +* :bug:`334 (1.17+)` Make the ``subprocess`` import in ``proxy.py`` lazy so + users on platforms without it (such as Google App Engine) can import Paramiko successfully. (Relatedly, make it easier to tweak an active socket check - timeout [in `Transport <paramko.transport.Transport>`] which was previously + timeout [in `Transport <paramiko.transport.Transport>`] which was previously hardcoded.) Credit: Shinya Okano. -* :support:`854 backported` Fix incorrect docstring/param-list for +* :support:`854 backported (1.17+)` Fix incorrect docstring/param-list for `Transport.auth_gssapi_keyex <paramiko.transport.Transport.auth_gssapi_keyex>` so it matches the real signature. Caught by ``@Score_Under``. -* :bug:`681` Fix a Python3-specific bug re: the handling of read buffers when - using ``ProxyCommand``. Thanks to Paul Kapp for catch & patch. +* :bug:`681 (1.17+)` Fix a Python3-specific bug re: the handling of read + buffers when using ``ProxyCommand``. Thanks to Paul Kapp for catch & patch. * :feature:`398 (1.18+)` Add an ``environment`` dict argument to `Client.exec_command <paramiko.client.SSHClient.exec_command>` (plus the lower level `Channel.update_environment @@ -125,10 +196,10 @@ Changelog ``proxycommand`` key in parsed config structures). Thanks to Pat Brisbin for the catch. * :bug:`676` (via :issue:`677`) Fix a backwards incompatibility issue that - cropped up in `SFTPFile.prefetch <~paramiko.sftp_file.prefetch>` re: the - erroneously non-optional ``file_size`` parameter. Should only affect users - who manually call ``prefetch``. Thanks to ``@stevevanhooser`` for catch & - patch. + cropped up in `SFTPFile.prefetch <paramiko.sftp_file.SFTPFile.prefetch>` re: + the erroneously non-optional ``file_size`` parameter. Should only affect + users who manually call ``prefetch``. Thanks to ``@stevevanhooser`` for catch + & patch. * :feature:`394` Replace PyCrypto with the Python Cryptographic Authority (PyCA) 'Cryptography' library suite. This improves security, installability, and performance; adds PyPy support; and much more. @@ -218,7 +289,7 @@ Changelog * :release:`1.15.4 <2015-11-02>` * :release:`1.14.3 <2015-11-02>` * :release:`1.13.4 <2015-11-02>` -* :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string +* :bug:`366` Fix `~paramiko.sftp_attr.SFTPAttributes` so its string representation doesn't raise exceptions on empty/initialized instances. Patch by Ulrich Petri. * :bug:`359` Use correct attribute name when trying to use Python 3's @@ -329,8 +400,9 @@ Changelog * :release:`1.15.1 <2014-09-22>` * :bug:`399` SSH agent forwarding (potentially other functionality as well) would hang due to incorrect values passed into the new window size - arguments for `.Transport` (thanks to a botched merge). This has been - corrected. Thanks to Dylan Thacker-Smith for the report & patch. + arguments for `~paramiko.transport.Transport` (thanks to a botched merge). + This has been corrected. Thanks to Dylan Thacker-Smith for the report & + patch. * :feature:`167` Add `~paramiko.config.SSHConfig.get_hostnames` for easier introspection of a loaded SSH config file or object. Courtesy of Søren Løvborg. |