From 9b01487407b6d604e4424197954ff362ae1c9fb3 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Apr 2016 14:30:06 -0700 Subject: Reinstate release line for 1.15.5 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 498f809e..cf2f945b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.5 <2016-04-25>` * :bug:`577` (via :issue:`578`; should also fix :issue:`718`, :issue:`560`) Fix stalled/hung SFTP downloads by cleaning up some threading lock issues. Thanks to Stephen C. Pope for the patch. -- cgit v1.2.3 From 9fe9feacb85aa9cf8ad6a694b331208720723444 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Apr 2016 14:33:46 -0700 Subject: Reinstate 1.16.1 release line --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 83c61eeb..af188663 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.16.1 <2016-04-25>` * :release:`1.15.5 <2016-04-25>` * :bug:`676` (via :issue:`677`) Fix a backwards incompatibility issue that cropped up in `SFTPFile.prefetch <~paramiko.sftp_file.prefetch>` re: the -- cgit v1.2.3 From b1d3c0b26b08a032b894aef6fa38b7cd60722d94 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Apr 2016 14:34:08 -0700 Subject: Reinstate 1.17.0 release line --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6065378e..c80885ed 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.17.0 <2016-04-25>` * :release:`1.16.1 <2016-04-25>` * :release:`1.15.5 <2016-04-25>` * :bug:`676` (via :issue:`677`) Fix a backwards incompatibility issue that -- cgit v1.2.3 From 1163fd91e31f280d7b1c4857529fe8314c61fdd5 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Apr 2016 15:20:07 -0700 Subject: Neglected to mark a bug 1.15+. Was showing up in 1.13, 1.14 releases --- sites/www/changelog.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index cf2f945b..2047d904 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -55,8 +55,8 @@ Changelog class. Thanks to Jared Hance for the patch. * :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. Thanks to ``@toejough`` for report & suggestions. -* :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI - support (note: this includes switching from PyCrypo's Random to +* :bug:`496 (1.15+)` Fix a handful of small but critical bugs in Paramiko's + GSSAPI support (note: this includes switching from PyCrypo's Random to `os.urandom`). Thanks to Anselm Kruis for catch & patch. * :bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout functionality to address hangs from dropped network connections and/or failed -- cgit v1.2.3 From 1a92ef5cf9a97a5dcdf96fdfa69ad0900b9dec87 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Apr 2016 18:33:33 -0700 Subject: Test & implementation for part 1 re: #670 --- paramiko/config.py | 19 +++++++++++++------ tests/test_util.py | 30 ++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/paramiko/config.py b/paramiko/config.py index e18fa4bf..7374eb1a 100644 --- a/paramiko/config.py +++ b/paramiko/config.py @@ -76,15 +76,17 @@ class SSHConfig (object): 'config': {} } elif key == 'proxycommand' and value.lower() == 'none': - # Proxycommands of none should not be added as an actual value. (Issue #415) - continue + # Store 'none' as None; prior to 3.x, it will get stripped out + # at the end (for compatibility with issue #415). After 3.x, it + # will simply not get stripped, leaving a nice explicit marker. + host['config'][key] = None else: if value.startswith('"') and value.endswith('"'): value = value[1:-1] - #identityfile, localforward, remoteforward keys are special cases, since they are allowed to be - # specified multiple times and they should be tried in order - # of specification. + # identityfile, localforward, remoteforward keys are special + # cases, since they are allowed to be specified multiple times + # and they should be tried in order of specification. if key in ['identityfile', 'localforward', 'remoteforward']: if key in host['config']: host['config'][key].append(value) @@ -127,10 +129,13 @@ class SSHConfig (object): # else it will reference the original list # in self._config and update that value too # when the extend() is being called. - ret[key] = value[:] + ret[key] = value[:] if value is not None else value elif key == 'identityfile': ret[key].extend(value) ret = self._expand_variables(ret, hostname) + # TODO: remove in 3.x re #670 + if 'proxycommand' in ret and ret['proxycommand'] is None: + del ret['proxycommand'] return ret def get_hostnames(self): @@ -211,6 +216,8 @@ class SSHConfig (object): } for k in config: + if config[k] is None: + continue if k in replacements: for find, replace in replacements[k]: if isinstance(config[k], list): diff --git a/tests/test_util.py b/tests/test_util.py index a6a2c30b..e25f0563 100644 --- a/tests/test_util.py +++ b/tests/test_util.py @@ -485,3 +485,33 @@ Host proxycommand-with-equals-none paramiko.util.lookup_ssh_host_config(host, config), values ) + + def test_proxycommand_none_masking(self): + # Re: https://github.com/paramiko/paramiko/issues/670 + source_config = """ +Host specific-host + ProxyCommand none + +Host other-host + ProxyCommand other-proxy + +Host * + ProxyCommand default-proxy +""" + config = paramiko.SSHConfig() + config.parse(StringIO(source_config)) + # When bug is present, the full stripping-out of specific-host's + # ProxyCommand means it actually appears to pick up the default + # ProxyCommand value instead, due to cascading. It should (for + # backwards compatibility reasons in 1.x/2.x) appear completely blank, + # as if the host had no ProxyCommand whatsoever. + # Threw another unrelated host in there just for sanity reasons. + self.assertFalse('proxycommand' in config.lookup('specific-host')) + self.assertEqual( + config.lookup('other-host')['proxycommand'], + 'other-proxy' + ) + self.assertEqual( + config.lookup('some-random-host')['proxycommand'], + 'default-proxy' + ) -- cgit v1.2.3 From 7d66aa62e7b8074a643d84cd4324c58750b10f1d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Apr 2016 18:37:43 -0700 Subject: Changelog closes #670 --- sites/www/changelog.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 2047d904..bfa0627f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -3,6 +3,12 @@ Changelog ========= * :release:`1.15.5 <2016-04-25>` +* :bug:`670` Due to an earlier bugfix, less-specific ``Host`` blocks' + ``ProxyCommand`` values were overriding ``ProxyCommand none`` in + more-specific ``Host`` blocks. This has been fixed in a backwards compatible + manner (i.e. ``ProxyCommand none`` continues to appear as a total lack of any + ``proxycommand`` key in parsed config structures). Thanks to Pat Brisbin for + the catch. * :bug:`577` (via :issue:`578`; should also fix :issue:`718`, :issue:`560`) Fix stalled/hung SFTP downloads by cleaning up some threading lock issues. Thanks to Stephen C. Pope for the patch. -- cgit v1.2.3