summaryrefslogtreecommitdiffhomepage
path: root/sites/www
diff options
context:
space:
mode:
Diffstat (limited to 'sites/www')
-rw-r--r--sites/www/changelog.rst79
-rw-r--r--sites/www/installing.rst27
2 files changed, 102 insertions, 4 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index e664f7d4..f3ff0749 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -2,6 +2,85 @@
Changelog
=========
+- :release:`2.7.2 <2020-08-30>`
+- :support:`- backported` Update our CI to catch issues with sdist generation,
+ installation and testing.
+- :support:`1727 backported` Add missing test suite fixtures directory to
+ MANIFEST.in, reinstating the ability to run Paramiko's tests from an sdist
+ tarball. Thanks to Sandro Tosi for reporting the issue and to Blazej Michalik
+ for the PR.
+- :support:`1722 backported` Remove leading whitespace from OpenSSH RSA test
+ suite static key fixture, to conform better to spec. Credit: Alex Gaynor.
+- :bug:`-` Fix incorrect string formatting causing unhelpful error message
+ annotation when using Kerberos/GSSAPI. (Thanks, newer version of flake8!)
+- :bug:`1723` Fix incorrectly swapped order of ``p`` and ``q`` numbers when
+ loading OpenSSH-format RSA private keys. At minimum this should address a
+ slowdown when using such keys, and it also means Paramiko works with
+ Cryptography 3.1 and above (which complains strenuously when this problem
+ appears). Thanks to Alex Gaynor for the patch.
+- :release:`2.7.1 <2019-12-09>`
+- :bug:`1567` The new-style private key format (added in 2.7) suffered from an
+ unpadding bug which had been fixed earlier for Ed25519 (as that key type has
+ always used the newer format). That fix has been refactored and applied to
+ the base key class, courtesy of Pierce Lopez.
+- :bug:`1565` (via :issue:`1566`) Fix a bug in support for ECDSA keys under the
+ newly supported OpenSSH key format. Thanks to Pierce Lopez for the patch.
+- :release:`2.7.0 <2019-12-03>`
+- :feature:`602` (via :issue:`1343`, :issue:`1313`, :issue:`618`) Implement
+ support for OpenSSH 6.5-style private key files (typically denoted as having
+ ``BEGIN OPENSSH PRIVATE KEY`` headers instead of PEM format's ``BEGIN RSA
+ PRIVATE KEY`` or similar). If you were getting any sort of weird auth error
+ from "modern" keys generated on newer operating system releases (such as
+ macOS Mojave), this is the first update to try.
+
+ Major thanks to everyone who contributed or tested versions of the patch,
+ including but not limited to: Kevin Abel, Michiel Tiller, Pierce Lopez, and
+ Jared Hobbs.
+- :bug:`- major` ``ssh_config`` :ref:`token expansion <TOKENS>` used a
+ different method of determining the local username (``$USER`` env var),
+ compared to what the (much older) client connection code does
+ (``getpass.getuser``, which includes ``$USER`` but may check other variables
+ first, and is generally much more comprehensive). Both modules now use
+ ``getpass.getuser``.
+- :feature:`-` A couple of outright `~paramiko.config.SSHConfig` parse errors
+ were previously represented as vanilla ``Exception`` instances; as part of
+ recent feature work a more specific exception class,
+ `~paramiko.ssh_exception.ConfigParseError`, has been created. It is now also
+ used in those older spots, which is naturally backwards compatible.
+- :feature:`717` Implement support for the ``Match`` keyword in ``ssh_config``
+ files. Previously, this keyword was simply ignored & keywords inside such
+ blocks were treated as if they were part of the previous block. Thanks to
+ Michael Leinartas for the initial patchset.
+
+ .. note::
+ This feature adds a new :doc:`optional install dependency </installing>`,
+ `Invoke <https://www.pyinvoke.org>`_, for managing ``Match exec``
+ subprocesses.
+
+- :support:`-` Additional :doc:`installation </installing>` ``extras_require``
+ "flavors" (``ed25519``, ``invoke``, and ``all``) have been added to
+ our packaging metadata; see the install docs for details.
+- :bug:`- major` Paramiko's use of ``subprocess`` for ``ProxyCommand`` support
+ is conditionally imported to prevent issues on limited interpreter platforms
+ like Google Compute Engine. However, any resulting ``ImportError`` was lost
+ instead of preserved for raising (in the rare cases where a user tried
+ leveraging ``ProxyCommand`` in such an environment). This has been fixed.
+- :bug:`- major` Perform deduplication of ``IdentityFile`` contents during
+ ``ssh_config`` parsing; previously, if your config would result in the same
+ value being encountered more than once, ``IdentityFile`` would contain that
+ many copies of the same string.
+- :feature:`897` Implement most 'canonical hostname' ``ssh_config``
+ functionality (``CanonicalizeHostname``, ``CanonicalDomains``,
+ ``CanonicalizeFallbackLocal``, and ``CanonicalizeMaxDots``;
+ ``CanonicalizePermittedCNAMEs`` has **not** yet been implemented). All were
+ previously silently ignored. Reported by Michael Leinartas.
+- :support:`-` Explicitly document :ref:`which ssh_config features we
+ currently support <ssh-config-support>`. Previously users just had to guess,
+ which is simply no good.
+- :feature:`-` Add new convenience classmethod constructors to
+ `~paramiko.config.SSHConfig`: `~paramiko.config.SSHConfig.from_text`,
+ `~paramiko.config.SSHConfig.from_file`, and
+ `~paramiko.config.SSHConfig.from_path`. No more annoying two-step process!
- :release:`2.6.0 <2019-06-23>`
- :feature:`1463` Add a new keyword argument to `SSHClient.connect
<paramiko.client.SSHClient.connect>` and `~paramiko.transport.Transport`,
diff --git a/sites/www/installing.rst b/sites/www/installing.rst
index 2e2f639c..b50efc4b 100644
--- a/sites/www/installing.rst
+++ b/sites/www/installing.rst
@@ -22,15 +22,31 @@ via `pip <http://pip-installer.org>`_::
We currently support **Python 2.7, 3.4+, and PyPy**. Users on Python 2.6 or
older (or 3.3 or older) are urged to upgrade.
-Paramiko has only a few direct dependencies:
+Paramiko has only a few **direct dependencies**:
- The big one, with its own sub-dependencies, is Cryptography; see :ref:`its
- specific note below <cryptography>` for more details.
+ specific note below <cryptography>` for more details;
- `bcrypt <https://pypi.org/project/bcrypt/>`_, for Ed25519 key support;
- `pynacl <https://pypi.org/project/PyNaCl/>`_, also for Ed25519 key support.
-If you need GSS-API / SSPI support, see :ref:`the below subsection on it
-<gssapi>` for details on its optional dependencies.
+There are also a number of **optional dependencies** you may install using
+`setuptools 'extras'
+<https://packaging.python.org/tutorials/installing-packages/#installing-setuptools-extras>`_:
+
+.. TODO 3.0: tweak the invoke line to mention proxycommand too
+.. TODO 3.0: tweak the ed25519 line to remove the caveat
+
+- If you want all optional dependencies at once, use ``paramiko[all]``.
+- For ``Match exec`` config support, use ``paramiko[invoke]`` (which installs
+ `Invoke <https://www.pyinvoke.org>`_).
+- For GSS-API / SSPI support, use ``paramiko[gssapi]``, though also see
+ :ref:`the below subsection on it <gssapi>` for details.
+- ``paramiko[ed25519]`` references the dependencies for Ed25519 key support.
+
+ - As of Paramiko 2.x this doesn't technically do anything, as those
+ dependencies are core installation requirements.
+ - However, you should use this for forwards compatibility; 3.0 will drop
+ those dependencies from core, leaving them purely optional.
.. _release-lines:
@@ -122,6 +138,9 @@ optional Python package requirements by changing your installation to refer to
(Or update your ``requirements.txt``, or etc.)
+
+.. TODO: just axe this once legacy gssapi support is gone, no point reiterating
+
Manual dependency installation
------------------------------
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-22 03:18:55 +0000