diff options
Diffstat (limited to 'sites/www')
| -rw-r--r-- | sites/www/changelog.rst | 65 | ||||
| -rw-r--r-- | sites/www/index.rst | 1 | ||||
| -rw-r--r-- | sites/www/installing-1.x.rst | 1 | ||||
| -rw-r--r-- | sites/www/installing.rst | 6 |
4 files changed, 64 insertions, 9 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 302e157c..6bf41ecc 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -9,13 +9,22 @@ Changelog where authentication status was not checked before processing channel-open and other requests typically only sent after authenticating. Big thanks to Matthijs Kooijman for the report. +* :bug:`1039` Ed25519 auth key decryption raised an unexpected exception when + given a unicode password string (typical in python 3). Report by Theodor van + Nahl and fix by Pierce Lopez. * :bug:`1108 (1.17+)` Rename a private method keyword argument (which was named ``async``) so that we're compatible with the upcoming Python 3.7 release (where ``async`` is a new keyword.) Thanks to ``@vEpiphyte`` for the report. * :support:`- backported` Include LICENSE file in wheel archives. +* :release:`2.2.2 <2017-09-18>` * :release:`2.1.4 <2017-09-18>` * :release:`2.0.7 <2017-09-18>` * :release:`1.18.4 <2017-09-18>` +* :bug:`1065` Add rekeying support to GSSAPI connections, which was erroneously + missing. Without this fix, any attempt to renegotiate the transport keys for + a ``gss-kex``-authed `~paramiko.transport.Transport` would cause a MIC + failure and terminate the connection. Thanks to Sebastian Deiß and Anselm + Kruis for the patch. * :bug:`1061` Clean up GSSAPI authentication procedures so they do not prevent normal fallback to other authentication methods on failure. (In other words, presence of GSSAPI functionality on a target server precluded use of _any_ @@ -33,6 +42,18 @@ Changelog consider a different type to be a "Missing" host key. This fixes a common case where an ECDSA key is in known_hosts and the server also has an RSA host key. Thanks to Pierce Lopez. +* :support:`1012` (via :issue:`1016`) Enhance documentation around the new + `SFTP.posix_rename <paramiko.sftp_client.SFTPClient.posix_rename>` method so + it's referenced in the 'standard' ``rename`` method for increased visibility. + Thanks to Marius Flage for the report. +* :release:`2.2.1 <2017-06-13>` +* :bug:`993` Ed25519 host keys were not comparable/hashable, causing an + exception if such a key existed in a ``known_hosts`` file. Thanks to Oleh + Prypin for the report and Pierce Lopez for the fix. +* :bug:`990` The (added in 2.2.0) ``bcrypt`` dependency should have been on + version 3.1.3 or greater (was initially set to 3.0.0 or greater.) Thanks to + Paul Howarth for the report. +* :release:`2.2.0 <2017-06-09>` * :release:`2.1.3 <2017-06-09>` * :release:`2.0.6 <2017-06-09>` * :release:`1.18.3 <2017-06-09>` @@ -61,9 +82,30 @@ Changelog Thanks to ``@virlos`` for the original report, Chris Harris and ``@ibuler`` for initial draft PRs, and ``@jhgorrell`` for the final patch. -* :support:`956 (1.17+)` Switch code coverage service from coveralls.io to - codecov.io (& then disable the latter's auto-comments.) Thanks to Nikolai - Røed Kristiansen for the patch. +* :feature:`65` (via :issue:`471`) Add support for OpenSSH's SFTP + ``posix-rename`` protocol extension (section 3.3 of `OpenSSH's protocol + extension document + <http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL?rev=1.31>`_), + via a new ``posix_rename`` method in `SFTPClient + <paramiko.sftp_client.SFTPClient.posix_rename>` and `SFTPServerInterface + <paramiko.sftp_si.SFTPServerInterface.posix_rename>`. Thanks to Wren Turkal + for the initial patch & Mika Pflüger for the enhanced, merged PR. +* :feature:`869` Add an ``auth_timeout`` kwarg to `SSHClient.connect + <paramiko.client.SSHClient.connect>` (default: 30s) to avoid hangs when the + remote end becomes unresponsive during the authentication step. Credit to + ``@timsavage``. + + .. note:: + This technically changes behavior, insofar as very slow auth steps >30s + will now cause timeout exceptions instead of completing. We doubt most + users will notice; those affected can simply give a higher value to + ``auth_timeout``. + +* :support:`921` Tighten up the ``__hash__`` implementation for various key + classes; less code is good code. Thanks to Francisco Couzo for the patch. +* :support:`956 backported (1.17+)` Switch code coverage service from + coveralls.io to codecov.io (& then disable the latter's auto-comments.) + Thanks to Nikolai Røed Kristiansen for the patch. * :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an incremental security improvement for users whose target systems offer both. Credit: Pierce Lopez. @@ -71,6 +113,15 @@ Changelog 2.0; but since the algorithm is now known to be completely insecure, we are opting to remove support outright instead of fixing it. Thanks to Alex Gaynor for catch & patch. +* :feature:`857` Allow `SSHClient.set_missing_host_key_policy + <paramiko.client.SSHClient.set_missing_host_key_policy>` to accept policy + classes _or_ instances, instead of only instances, thus fixing a + long-standing gotcha for unaware users. +* :feature:`951` Add support for ECDH key exchange (kex), specifically the + algorithms ``ecdh-sha2-nistp256``, ``ecdh-sha2-nistp384``, and + ``ecdh-sha2-nistp521``. They now come before the older ``diffie-hellman-*`` + family of kex algorithms in the preferred-kex list. Thanks to Shashank + Veerapaneni for the patch & Pierce Lopez for a follow-up. * :support:`- backported` A big formatting pass to clean up an enormous number of invalid Sphinx reference links, discovered by switching to a modern, rigorous nitpicking doc-building mode. @@ -84,6 +135,14 @@ Changelog to hosts which only offer these key types and no others. This is now fixed. Thanks to ``@ncoult`` and ``@kasdoe`` for reports and Pierce Lopez for the patch. +* :feature:`325` (via :issue:`972`) Add Ed25519 support, for both host keys + and user authentication. Big thanks to Alex Gaynor for the patch. + + .. note:: + This change adds the ``bcrypt`` and ``pynacl`` Python libraries as + dependencies. No C-level dependencies beyond those previously required (for + Cryptography) have been added. + * :support:`974 backported` Overhaul the codebase to be PEP-8, etc, compliant (i.e. passes the maintainer's preferred `flake8 <http://flake8.pycqa.org/>`_ configuration) and add a ``flake8`` step to the Travis config. Big thanks to diff --git a/sites/www/index.rst b/sites/www/index.rst index b09ab589..f0a5db8a 100644 --- a/sites/www/index.rst +++ b/sites/www/index.rst @@ -20,6 +20,7 @@ Please see the sidebar to the left to begin. changelog FAQs <faq> installing + installing-1.x contributing contact diff --git a/sites/www/installing-1.x.rst b/sites/www/installing-1.x.rst index 356fac49..8ede40d5 100644 --- a/sites/www/installing-1.x.rst +++ b/sites/www/installing-1.x.rst @@ -1,3 +1,4 @@ +================ Installing (1.x) ================ diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 6537b850..f335a9e7 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -110,9 +110,3 @@ due to their infrequent utility & non-platform-agnostic requirements): delegation, make sure that the target host is trusted for delegation in the active directory configuration. For details see: http://technet.microsoft.com/en-us/library/cc738491%28v=ws.10%29.aspx - - -.. toctree:: - :hidden: - - installing-1.x |