From 3e1f9f09b1da0397f82e4ee9e1886f5271705e29 Mon Sep 17 00:00:00 2001 From: Sebastian Deiss Date: Tue, 11 Feb 2014 13:08:11 +0100 Subject: GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and user authentication with Python 3 support Add Python 3 support for the GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and user authentication. This patch supersedes pull request #250. --- sites/www/changelog.rst | 114 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 sites/www/changelog.rst (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst new file mode 100644 index 00000000..2680086e --- /dev/null +++ b/sites/www/changelog.rst @@ -0,0 +1,114 @@ +========= +Changelog +========= + +* :feature:`250` GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and user authentication. +* :bug:`193` (and its attentant PRs :issue:`230` & :issue:`253`): Fix SSH agent + problems present on Windows. Thanks to David Hobbs for initial report and to + Aarni Koskela & Olle Lundberg for the patches. +* :release:`1.12.1 <2014-01-08>` +* :release:`1.11.3 <2014-01-08>` 176 +* :release:`1.10.5 <2014-01-08>` 176 +* :bug:`225` Note ecdsa requirement in README. Thanks to Amaury Rodriguez for + the catch. +* :bug:`176` Fix AttributeError bugs in known_hosts file (re)loading. Thanks + to Nathan Scowcroft for the patch & Martin Blumenstingl for the initial test + case. +* :release:`1.12.0 <2013-09-27>` +* :release:`1.11.2 <2013-09-27>` +* :release:`1.10.4 <2013-09-27>` 199, 200, 179 +* :feature:`152` Add tentative support for ECDSA keys. *This adds the ecdsa + module as a new dependency of Paramiko.* The module is available at + [warner/python-ecdsa on Github](https://github.com/warner/python-ecdsa) and + [ecdsa on PyPI](https://pypi.python.org/pypi/ecdsa). + + * Note that you might still run into problems with key negotiation -- + Paramiko picks the first key that the server offers, which might not be + what you have in your known_hosts file. + * Mega thanks to Ethan Glasser-Camp for the patch. + +* :feature:`136` Add server-side support for the SSH protocol's 'env' command. + Thanks to Benjamin Pollack for the patch. +* :bug:`156` Fix potential deadlock condition when using Channel objects as + sockets (e.g. when using SSH gatewaying). Thanks to Steven Noonan and Frank + Arnold for catch & patch. +* :bug:`179` Fix a missing variable causing errors when an ssh_config file has + a non-default AddressFamily set. Thanks to Ed Marshall & Tomaz Muraus for + catch & patch. +* :bug:`200` Fix an exception-causing typo in ``demo_simple.py``. Thanks to Alex + Buchanan for catch & Dave Foster for patch. +* :bug:`199` Typo fix in the license header cross-project. Thanks to Armin + Ronacher for catch & patch. +* :release:`1.11.1 <2013-09-20>` +* :release:`1.10.3 <2013-09-20>` +* :bug:`162` Clean up HMAC module import to avoid deadlocks in certain uses of + SSHClient. Thanks to Gernot Hillier for the catch & suggested fix. +* :bug:`36` Fix the port-forwarding demo to avoid file descriptor errors. + Thanks to Jonathan Halcrow for catch & patch. +* :bug:`168` Update config handling to properly handle multiple 'localforward' + and 'remoteforward' keys. Thanks to Emre Yılmaz for the patch. +* :release:`1.11.0 <2013-07-26>` +* :release:`1.10.2 <2013-07-26>` +* :bug:`98 major` On Windows, when interacting with the PuTTY PAgeant, Paramiko + now creates the shared memory map with explicit Security Attributes of the + user, which is the same technique employed by the canonical PuTTY library to + avoid permissions issues when Paramiko is running under a different UAC + context than the PuTTY Ageant process. Thanks to Jason R. Coombs for the + patch. +* :support:`100` Remove use of PyWin32 in ``win_pageant`` module. Module was + already dependent on ctypes for constructing appropriate structures and had + ctypes implementations of all functionality. Thanks to Jason R. Coombs for + the patch. +* :bug:`87 major` Ensure updates to ``known_hosts`` files account for any + updates to said files after Paramiko initially read them. (Includes related + fix to guard against duplicate entries during subsequent ``known_hosts`` + loads.) Thanks to ``@sunweaver`` for the contribution. +* :bug:`153` (also :issue:`67`) Warn on parse failure when reading known_hosts + file. Thanks to ``@glasserc`` for patch. +* :bug:`146` Indentation fixes for readability. Thanks to Abhinav Upadhyay for + catch & patch. +* :release:`1.10.1 <2013-04-05>` +* :bug:`142` (`Fabric #811 `_) + SFTP put of empty file will still return the attributes of the put file. + Thanks to Jason R. Coombs for the patch. +* :bug:`154` (`Fabric #876 `_) + Forwarded SSH agent connections left stale local pipes lying around, which + could cause local (and sometimes remote or network) resource starvation when + running many agent-using remote commands. Thanks to Kevin Tegtmeier for catch + & patch. +* :release:`1.10.0 <2013-03-01>` +* :feature:`66` Batch SFTP writes to help speed up file transfers. Thanks to + Olle Lundberg for the patch. +* :bug:`133 major` Fix handling of window-change events to be on-spec and not + attempt to wait for a response from the remote sshd; this fixes problems with + less common targets such as some Cisco devices. Thanks to Phillip Heller for + catch & patch. +* :feature:`93` Overhaul SSH config parsing to be in line with ``man + ssh_config`` (& the behavior of ``ssh`` itself), including addition of parameter + expansion within config values. Thanks to Olle Lundberg for the patch. +* :feature:`110` Honor SSH config ``AddressFamily`` setting when looking up + local host's FQDN. Thanks to John Hensley for the patch. +* :feature:`128` Defer FQDN resolution until needed, when parsing SSH config + files. Thanks to Parantapa Bhattacharya for catch & patch. +* :bug:`102 major` Forego random padding for packets when running under + ``*-ctr`` ciphers. This corrects some slowdowns on platforms where random + byte generation is inefficient (e.g. Windows). Thanks to ``@warthog618`` for + catch & patch, and Michael van der Kolff for code/technique review. +* :feature:`127` Turn ``SFTPFile`` into a context manager. Thanks to Michael + Williamson for the patch. +* :feature:`116` Limit ``Message.get_bytes`` to an upper bound of 1MB to protect + against potential DoS vectors. Thanks to ``@mvschaik`` for catch & patch. +* :feature:`115` Add convenience ``get_pty`` kwarg to ``Client.exec_command`` so + users not manually controlling a channel object can still toggle PTY + creation. Thanks to Michael van der Kolff for the patch. +* :feature:`71` Add ``SFTPClient.putfo`` and ``.getfo`` methods to allow direct + uploading/downloading of file-like objects. Thanks to Eric Buehl for the + patch. +* :feature:`113` Add ``timeout`` parameter to ``SSHClient.exec_command`` for + easier setting of the command's internal channel object's timeout. Thanks to + Cernov Vladimir for the patch. +* :support:`94` Remove duplication of SSH port constant. Thanks to Olle + Lundberg for the catch. +* :feature:`80` Expose the internal "is closed" property of the file transfer + class ``BufferedFile`` as ``.closed``, better conforming to Python's file + interface. Thanks to ``@smunaut`` and James Hiscock for catch & patch. -- cgit v1.2.3 From 5a430def22aa5cbd755f347c8714e4140d6cdcab Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 27 Mar 2014 14:02:03 -0700 Subject: Forgot to explicitly note python 2.5 drop in changelog for py3 --- sites/www/changelog.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 02fee80b..4563877d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -15,7 +15,8 @@ Changelog * :release:`1.11.5 <2014-03-13>` * :release:`1.10.7 <2014-03-13>` * :feature:`16` **Python 3 support!** Our test suite passes under Python 3, and - it (& Fabric's test suite) continues to pass under Python 2. + it (& Fabric's test suite) continues to pass under Python 2. **Python 2.5 is + no longer supported with this change!** The merged code was built on many contributors' efforts, both code & feedback. In no particular order, we thank Daniel Goertzen, Ivan Kolodyazhny, -- cgit v1.2.3 From 160e2c08e0b7652a92d879c0e481ce72cddafef7 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 10:48:55 -0400 Subject: Changelog, closes #295 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 4563877d..eff8c2e8 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`295` Swap out a bunch of PyCrypto hash functions with use of + `hashlib` * :support:`290` (also :issue:`292`) Add support for building universal (Python 2+3 compatible) wheel files during the release process. Courtesy of Alex Gaynor. -- cgit v1.2.3 From 1e0e296b05a3e63b33291cfe3d688a435f592c3c Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 10:50:12 -0400 Subject: Derp --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index eff8c2e8..5f019bb8 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -3,7 +3,7 @@ Changelog ========= * :support:`295` Swap out a bunch of PyCrypto hash functions with use of - `hashlib` + `hashlib`. Thanks to Alex Gaynor. * :support:`290` (also :issue:`292`) Add support for building universal (Python 2+3 compatible) wheel files during the release process. Courtesy of Alex Gaynor. -- cgit v1.2.3 From 9e2e9812247adbedf0eab84ad5cdd80c458d68f9 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 11:05:25 -0400 Subject: Changelog, closes #297 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5f019bb8..653502ca 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`297` Replace PyCrypto's ``Random`` with `os.urandom` for improved + speed and security. Thanks again to Alex. * :support:`295` Swap out a bunch of PyCrypto hash functions with use of `hashlib`. Thanks to Alex Gaynor. * :support:`290` (also :issue:`292`) Add support for building universal -- cgit v1.2.3 From e96e2653a2ca0a465d2773b1fe468c0f87e758bc Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 14 Apr 2014 11:29:41 -0400 Subject: Changelog, closes #299 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 653502ca..2c4c1cf7 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`299` Use deterministic signatures for ECDSA keys for improved + security. Thanks to Alex Gaynor. * :support:`297` Replace PyCrypto's ``Random`` with `os.urandom` for improved speed and security. Thanks again to Alex. * :support:`295` Swap out a bunch of PyCrypto hash functions with use of -- cgit v1.2.3 From 951faed80b017e553a27c4cb98f210df44341f8f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 7 May 2014 16:13:33 -0700 Subject: Cut 1.14 --- paramiko/__init__.py | 2 +- setup.py | 2 +- sites/www/changelog.rst | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/__init__.py b/paramiko/__init__.py index 22f1bc21..4c62ad4a 100644 --- a/paramiko/__init__.py +++ b/paramiko/__init__.py @@ -23,7 +23,7 @@ if sys.version_info < (2, 6): __author__ = "Jeff Forcier " -__version__ = "1.13.1" +__version__ = "1.14.0" __version_info__ = tuple([ int(d) for d in __version__.split(".") ]) __license__ = "GNU Lesser General Public License (LGPL)" diff --git a/setup.py b/setup.py index 05dc98d5..c0f1e579 100644 --- a/setup.py +++ b/setup.py @@ -56,7 +56,7 @@ if sys.platform == 'darwin': setup( name = "paramiko", - version = "1.13.1", + version = "1.14.0", description = "SSH2 protocol library", long_description = longdesc, author = "Jeff Forcier", diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 52fe4ff3..f8a4d2c1 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.14.0 <2014-05-07>` * :release:`1.13.1 <2014-05-07>` * :release:`1.12.4 <2014-05-07>` * :release:`1.11.6 <2014-05-07>` -- cgit v1.2.3 From 5d010cd8c496e1ed7e13e7110f7fca9632c08e47 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Aug 2014 16:28:02 -0700 Subject: Changelog re #371 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f8a4d2c1..5ed0c961 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`371` Add Travis support & docs update for Python 3.4. Thanks to + Olle Lundberg. * :release:`1.14.0 <2014-05-07>` * :release:`1.13.1 <2014-05-07>` * :release:`1.12.4 <2014-05-07>` -- cgit v1.2.3 From fd1e162243898e34545ef5c1985bedee16174981 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Aug 2014 21:59:59 -0700 Subject: Changelog re #285, re #352 --- sites/www/changelog.rst | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5ed0c961..2e2d2f63 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,12 @@ Changelog ========= +* :bug:`285` (also :issue:`352`) Update our Python 3 ``b()`` compatibility shim + to handle ``buffer`` objects correctly; this fixes a frequently reported + issue affecting many users, including users of the ``bzr`` software suite. + Thanks to ``@basictheprogram`` for the initial report, Jelmer Vernooij for + the fix and Andrew Starr-Bochicchio & Jeremy T. Bouse (among others) for + discussion & feedback. * :support:`371` Add Travis support & docs update for Python 3.4. Thanks to Olle Lundberg. * :release:`1.14.0 <2014-05-07>` -- cgit v1.2.3 From d7b93df7aaf9f409da7578a107829c138d042121 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Aug 2014 23:43:48 -0700 Subject: Cut 1.14.1 --- paramiko/__init__.py | 2 +- setup.py | 2 +- sites/www/changelog.rst | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/__init__.py b/paramiko/__init__.py index 4c62ad4a..2ebc8a65 100644 --- a/paramiko/__init__.py +++ b/paramiko/__init__.py @@ -23,7 +23,7 @@ if sys.version_info < (2, 6): __author__ = "Jeff Forcier " -__version__ = "1.14.0" +__version__ = "1.14.1" __version_info__ = tuple([ int(d) for d in __version__.split(".") ]) __license__ = "GNU Lesser General Public License (LGPL)" diff --git a/setup.py b/setup.py index c0f1e579..38e444f5 100644 --- a/setup.py +++ b/setup.py @@ -56,7 +56,7 @@ if sys.platform == 'darwin': setup( name = "paramiko", - version = "1.14.0", + version = "1.14.1", description = "SSH2 protocol library", long_description = longdesc, author = "Jeff Forcier", diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index c4c1e698..0fcde10f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.14.1 <2014-08-25>` * :release:`1.13.2 <2014-08-25>` * :bug:`376` Be less aggressive about expanding variables in ``ssh_config`` files, which results in a speedup of SSH config parsing. Credit to Olle -- cgit v1.2.3 From 28b7db145fed32840f8d2edea8fdce27dc00ca26 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 25 Aug 2014 23:48:28 -0700 Subject: Consolidate version info. Closes #249 --- paramiko/__init__.py | 3 +-- paramiko/_version.py | 2 ++ setup.py | 9 ++++++++- sites/www/changelog.rst | 2 ++ 4 files changed, 13 insertions(+), 3 deletions(-) create mode 100644 paramiko/_version.py (limited to 'sites/www/changelog.rst') diff --git a/paramiko/__init__.py b/paramiko/__init__.py index 2ebc8a65..65f6f8a2 100644 --- a/paramiko/__init__.py +++ b/paramiko/__init__.py @@ -17,14 +17,13 @@ # 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. import sys +from paramiko._version import __version__, __version_info__ if sys.version_info < (2, 6): raise RuntimeError('You need Python 2.6+ for this module.') __author__ = "Jeff Forcier " -__version__ = "1.14.1" -__version_info__ = tuple([ int(d) for d in __version__.split(".") ]) __license__ = "GNU Lesser General Public License (LGPL)" diff --git a/paramiko/_version.py b/paramiko/_version.py new file mode 100644 index 00000000..a7857b09 --- /dev/null +++ b/paramiko/_version.py @@ -0,0 +1,2 @@ +__version_info__ = (1, 15, 0) +__version__ = '.'.join(map(str, __version_info__)) diff --git a/setup.py b/setup.py index 3d8268d1..13386c8e 100644 --- a/setup.py +++ b/setup.py @@ -54,9 +54,16 @@ if sys.platform == 'darwin': setup_helper.install_custom_make_tarball() +# Version info -- read without importing +_locals = {} +with open('paramiko/_version.py') as fp: + exec(fp.read(), None, _locals) +version = _locals['__version__'] + + setup( name = "paramiko", - version = "1.14.1", + version = version, description = "SSH2 protocol library", long_description = longdesc, author = "Jeff Forcier", diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 089ec30e..b6fa7ccc 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`249` Consolidate version information into one spot. Thanks to Gabi + Davar for the reminder. * :release:`1.14.1 <2014-08-25>` * :release:`1.13.2 <2014-08-25>` * :bug:`376` Be less aggressive about expanding variables in ``ssh_config`` -- cgit v1.2.3 From 35b9d1540bd98af39e133960c61b06aba621f30d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 5 Sep 2014 11:44:22 -0700 Subject: Changelog re #131 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 24679d5f..e18b5368 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :feature:`131` Add a `~paramiko.sftp_client.SFTPClient.listdir_iter` method + to `~paramiko.sftp_client.SFTPClient` allowing for more efficient, + async/generator based file listings. Thanks to John Begeman. * :support:`378 backported` Minor code cleanup in the SSH config module courtesy of Olle Lundberg. * :support:`249` Consolidate version information into one spot. Thanks to Gabi -- cgit v1.2.3 From b8022866fac62d1757aa730d5991030f223088fd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 5 Sep 2014 13:27:22 -0700 Subject: Changelog re #184 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e18b5368..57f00f12 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :feature:`184` Support quoted values in SSH config file parsing. Credit to + Yan Kalchevskiy. * :feature:`131` Add a `~paramiko.sftp_client.SFTPClient.listdir_iter` method to `~paramiko.sftp_client.SFTPClient` allowing for more efficient, async/generator based file listings. Thanks to John Begeman. -- cgit v1.2.3 From 286b5fb7088b11efcbe6c1b452a1d1785890ac3f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 5 Sep 2014 14:26:27 -0700 Subject: Changelog re #335 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 57f00f12..f1215f62 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :bug:`335 major` Fix ECDSA key generation (generation of brand new ECDSA keys + was broken previously). Thanks to ``@solarw`` for catch & patch. * :feature:`184` Support quoted values in SSH config file parsing. Credit to Yan Kalchevskiy. * :feature:`131` Add a `~paramiko.sftp_client.SFTPClient.listdir_iter` method -- cgit v1.2.3 From 89a8ef55a662883239102c802cd637c56fcaebd5 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 5 Sep 2014 19:49:32 -0700 Subject: Changelog re #218 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f1215f62..f04e338b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :feature:`218` Add support for ECDSA private keys on the client side. Thanks + to ``@aszlig`` for the patch. * :bug:`335 major` Fix ECDSA key generation (generation of brand new ECDSA keys was broken previously). Thanks to ``@solarw`` for catch & patch. * :feature:`184` Support quoted values in SSH config file parsing. Credit to -- cgit v1.2.3 From ec9f8a26d4ea77ce6e4a1afe1a9e3b29dbf002bf Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sat, 6 Sep 2014 16:09:16 -0700 Subject: Changelog re #234 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f04e338b..44bd61e9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`234 major` Lower logging levels for a few overly-noisy log messages + about secure channels. Thanks to David Pursehouse for noticing & contributing + the fix. * :feature:`218` Add support for ECDSA private keys on the client side. Thanks to ``@aszlig`` for the patch. * :bug:`335 major` Fix ECDSA key generation (generation of brand new ECDSA keys -- cgit v1.2.3 From b36b87ceefd50fa691eb5b46865d0c28a8c511dd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 10:48:33 -0700 Subject: Changelog re #298 --- sites/www/changelog.rst | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 44bd61e9..2f23d0fc 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,15 @@ Changelog ========= +* :bug:`298 major` Don't perform point validation on ECDSA keys in + ``known_hosts`` files, since a) this can cause significant slowdown when such + keys exist, and b) ``known_hosts`` files are implicitly trustworthy. Thanks + to Kieran Spear for catch & patch. + + .. note:: + This change bumps up the version requirement for the ``ecdsa`` library to + ``0.11``. + * :bug:`234 major` Lower logging levels for a few overly-noisy log messages about secure channels. Thanks to David Pursehouse for noticing & contributing the fix. -- cgit v1.2.3 From 76aba9dbda5d5cad6b3c092e943c538079fcc7f0 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 11:01:47 -0700 Subject: Changelog re #377 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 2f23d0fc..afe3b78d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`377` Factor `~paramiko.channel.Channel` openness sanity check into + a decorator. Thanks to Olle Lundberg for original patch. * :bug:`298 major` Don't perform point validation on ECDSA keys in ``known_hosts`` files, since a) this can cause significant slowdown when such keys exist, and b) ``known_hosts`` files are implicitly trustworthy. Thanks -- cgit v1.2.3 From a0f854d17fc59f0279d4d2b07d3fd810dfb1894e Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 11:10:30 -0700 Subject: Changelog re #374, #375 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index afe3b78d..41e8310d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`374` (also :issue:`375`) Old code cleanup courtesy of Olle + Lundberg. * :support:`377` Factor `~paramiko.channel.Channel` openness sanity check into a decorator. Thanks to Olle Lundberg for original patch. * :bug:`298 major` Don't perform point validation on ECDSA keys in -- cgit v1.2.3 From 24e022bdf656f272b4dafb76df1a7739965be2f9 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 12:50:03 -0700 Subject: Changelog re #373 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 41e8310d..87f54e4e 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`373 major` Attempt to fix a handful of issues (such as :issue:`354`) + related to infinite loops and threading deadlocks. Thanks to Olle Lundberg as + well as a handful of community members who provided advice & feedback via + IRC. * :support:`374` (also :issue:`375`) Old code cleanup courtesy of Olle Lundberg. * :support:`377` Factor `~paramiko.channel.Channel` openness sanity check into -- cgit v1.2.3 From 88d932f2bbab907879639122969fb1f763258d29 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 14:58:45 -0700 Subject: Changelog re #372 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 87f54e4e..9dfb254f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :feature:`372` Update default window & packet sizes to more closely adhere to + the pertinent RFC; also expose these settings in the public API so they may + be overridden by client code. This should address some general speed issues + such as :issue:`175`. Big thanks to Olle Lundberg for the update. * :bug:`373 major` Attempt to fix a handful of issues (such as :issue:`354`) related to infinite loops and threading deadlocks. Thanks to Olle Lundberg as well as a handful of community members who provided advice & feedback via -- cgit v1.2.3 From 9c9dcaf4885653f4dcd100b2724199976a20c21e Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 15:04:41 -0700 Subject: Changelog re #362 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9dfb254f..879483a4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :feature:`362` Allow users to control the SSH banner timeout. Thanks to Cory + Benfield. * :feature:`372` Update default window & packet sizes to more closely adhere to the pertinent RFC; also expose these settings in the public API so they may be overridden by client code. This should address some general speed issues -- cgit v1.2.3 From de391e88e0a7e75cd977f162a883aa5ffdbdc591 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 15:41:46 -0700 Subject: Changelog re #346 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 879483a4..e111aab4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`346 major` Fix an issue in private key files' encryption salts that + could cause tracebacks and file corruption if keys were re-encrypted. Credit + to Xavier Nunn. * :feature:`362` Allow users to control the SSH banner timeout. Thanks to Cory Benfield. * :feature:`372` Update default window & packet sizes to more closely adhere to -- cgit v1.2.3 From d992118747e2f1dab247bd4e3d78b55d9b99c759 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 15:59:40 -0700 Subject: Update changelog re #267, #250 --- sites/www/changelog.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f97b4970..a42cfb3d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,8 +2,9 @@ Changelog ========= -* :feature:`250` GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and - user authentication. +* :feature:`250` (also :issue:`267`) Add GSS-API / SSPI (e.g. Kerberos) key + exchange and authentication support. Mega thanks to Sebastian Deiß, with + assist by Torsten Landschoff. * :bug:`346 major` Fix an issue in private key files' encryption salts that could cause tracebacks and file corruption if keys were re-encrypted. Credit to Xavier Nunn. -- cgit v1.2.3 From 150b0797e935ebf2f62e86ae1c08a1a1ab94c459 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 16:36:33 -0700 Subject: Update README, docs, changelog re #267 --- README | 16 +++------------- sites/www/changelog.rst | 4 ++-- sites/www/installing.rst | 28 +++++++++++++++++++++++++++- 3 files changed, 32 insertions(+), 16 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/README b/README index ceb3598a..b5ccb697 100644 --- a/README +++ b/README @@ -75,19 +75,9 @@ Please file bug reports at https://github.com/paramiko/paramiko/. There is curre Kerberos Support ---------------- -If you want paramiko to do kerberos authentication or key exchange using GSS-API or SSPI, you -need the following python packages: - -- pyasn1 0.1.7 or better -- python-gssapi 0.6.1 or better (Unix) -- pywin32 2.1.8 or better (Windows) - -So you have to install pyasn1 and python-gssapi on Unix or pywin32 on Windows. -To enable GSS-API / SSPI authentication or key exchange see the demos or paramiko docs. -Note: If you use Microsoft SSPI for kerberos authentication and credential -delegation in paramiko, make sure that the target host is trusted for -delegation in the active directory configuration. For details see: -http://technet.microsoft.com/en-us/library/cc738491%28v=ws.10%29.aspx +Paramiko ships with optional Kerberos/GSSAPI support; for info on the extra +dependencies for this, see the 'GSS-API' section on the 'Installation' page of +our main website, http://paramiko.org . Demo diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index a42cfb3d..3be56890 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -3,8 +3,8 @@ Changelog ========= * :feature:`250` (also :issue:`267`) Add GSS-API / SSPI (e.g. Kerberos) key - exchange and authentication support. Mega thanks to Sebastian Deiß, with - assist by Torsten Landschoff. + exchange and authentication support (:ref:`installation docs here `). + Mega thanks to Sebastian Deiß, with assist by Torsten Landschoff. * :bug:`346 major` Fix an issue in private key files' encryption salts that could cause tracebacks and file corruption if keys were re-encrypted. Credit to Xavier Nunn. diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 052825c4..5528b28a 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -20,11 +20,14 @@ We currently support **Python 2.6, 2.7 and 3.3+** (Python **3.2** should also work but has a less-strong compatibility guarantee from us.) Users on Python 2.5 or older are urged to upgrade. -Paramiko has two dependencies: the pure-Python ECDSA module ``ecdsa``, and the +Paramiko has two hard dependencies: the pure-Python ECDSA module ``ecdsa``, and the PyCrypto C extension. ``ecdsa`` is easily installable from wherever you obtained Paramiko's package; PyCrypto may require more work. Read on for details. +If you need GSS-API / SSPI support, see :ref:`the below subsection on it +` for details on additional dependencies. + .. _release-lines: Release lines @@ -99,3 +102,26 @@ installation of Paramiko via ``pypm``:: Installing paramiko-1.7.8 Installing pycrypto-2.4 C:\> + + +.. _gssapi: + +Optional dependencies for GSS-API / SSPI / Kerberos +=================================================== + +In order to use Kerberos & related functionality, a couple of additional +dependencies are required (these are not listed in our ``setup.py`` due to +their infrequent utility & non-platform-agnostic requirements): + +* **All platforms** need `pyasn1 `_ + ``0.1.7`` or better. +* **Unix** needs `python-gssapi `_ + ``0.6.1`` or better. +* **Windows** needs `pywin32 `_ ``2.1.8`` + or better. + +.. note:: + If you use Microsoft SSPI for kerberos authentication and credential + delegation, make sure that the target host is trusted for delegation in the + active directory configuration. For details see: + http://technet.microsoft.com/en-us/library/cc738491%28v=ws.10%29.aspx -- cgit v1.2.3 From e05f3bce49c38b2b861bda4a96b0b8f19a84863a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 8 Sep 2014 16:37:57 -0700 Subject: Tweak changelog again for more tickets, use actually-merged PR as main issue number --- sites/www/changelog.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3be56890..1dab5219 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,9 +2,10 @@ Changelog ========= -* :feature:`250` (also :issue:`267`) Add GSS-API / SSPI (e.g. Kerberos) key - exchange and authentication support (:ref:`installation docs here `). - Mega thanks to Sebastian Deiß, with assist by Torsten Landschoff. +* :feature:`267` (also :issue:`250`, :issue:`241`, :issue:`228`) Add GSS-API / + SSPI (e.g. Kerberos) key exchange and authentication support + (:ref:`installation docs here `). Mega thanks to Sebastian Deiß, with + assist by Torsten Landschoff. * :bug:`346 major` Fix an issue in private key files' encryption salts that could cause tracebacks and file corruption if keys were re-encrypted. Credit to Xavier Nunn. -- cgit v1.2.3 From 8bdd921d4c5c607b7c1f568df27f5460acd5a548 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Sep 2014 15:34:48 -0700 Subject: Note how python-gssapi only works on 2.7+ --- sites/www/changelog.rst | 6 ++++++ sites/www/installing.rst | 3 +++ 2 files changed, 9 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1dab5219..a40338b0 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -6,6 +6,12 @@ Changelog SSPI (e.g. Kerberos) key exchange and authentication support (:ref:`installation docs here `). Mega thanks to Sebastian Deiß, with assist by Torsten Landschoff. + + .. note:: + Unix users should be aware that the ``python-gssapi`` library (a + requirement for using this functionality) only appears to support + Python 2.7 and up at this time. + * :bug:`346 major` Fix an issue in private key files' encryption salts that could cause tracebacks and file corruption if keys were re-encrypted. Credit to Xavier Nunn. diff --git a/sites/www/installing.rst b/sites/www/installing.rst index 486ed7e3..a657c3fc 100644 --- a/sites/www/installing.rst +++ b/sites/www/installing.rst @@ -119,6 +119,9 @@ due to their infrequent utility & non-platform-agnostic requirements): ``0.1.7`` or better. * **Unix** needs `python-gssapi `_ ``0.6.1`` or better. + + .. note:: This library appears to only function on Python 2.7 and up. + * **Windows** needs `pywin32 `_ ``2.1.8`` or better. -- cgit v1.2.3 From 381e86171e28ebfaa64c3dabe0e394448eb03aa3 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Sep 2014 16:26:54 -0700 Subject: Changelog re #393 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index a40338b0..38a56101 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`393` Replace internal use of PyCrypto's ``SHA.new`` with the + stdlib's ``hashlib.sha1``. Thanks to Alex Gaynor. * :feature:`267` (also :issue:`250`, :issue:`241`, :issue:`228`) Add GSS-API / SSPI (e.g. Kerberos) key exchange and authentication support (:ref:`installation docs here `). Mega thanks to Sebastian Deiß, with -- cgit v1.2.3 From 35cb81b307ed44b5fe5f212a6f488f96364f954f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Sep 2014 16:56:37 -0700 Subject: Cut 1.15 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 38a56101..d0bd481c 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.0 <2014-09-18>` * :support:`393` Replace internal use of PyCrypto's ``SHA.new`` with the stdlib's ``hashlib.sha1``. Thanks to Alex Gaynor. * :feature:`267` (also :issue:`250`, :issue:`241`, :issue:`228`) Add GSS-API / -- cgit v1.2.3 From 84995f99a9528b84bd1666060c832ca673641a53 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 19 Sep 2014 12:26:48 -0700 Subject: Changelog re #167 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d0bd481c..49067855 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :feature:`167` Add `.SSHConfig.get_hostnames` for easier introspection of a + loaded SSH config file or object. Courtesy of Søren Løvborg. * :release:`1.15.0 <2014-09-18>` * :support:`393` Replace internal use of PyCrypto's ``SHA.new`` with the stdlib's ``hashlib.sha1``. Thanks to Alex Gaynor. -- cgit v1.2.3 From 8bc2e827cffa7efce074404f71ad62ac028c5c84 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 22 Sep 2014 09:53:33 -0700 Subject: Changelog re #399 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d0bd481c..43988826 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`399` SSH agent forwarding (potentially other functionality as + well) would hang due to incorrect values passed into the new window size + arguments for `.Transport` (thanks to a botched merge). This has been + corrected. Thanks to Dylan Thacker-Smith for the report & patch. * :release:`1.15.0 <2014-09-18>` * :support:`393` Replace internal use of PyCrypto's ``SHA.new`` with the stdlib's ``hashlib.sha1``. Thanks to Alex Gaynor. -- cgit v1.2.3 From af9f16f9a03bede1c5af84d00bc73097f6b45b54 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 22 Sep 2014 11:31:58 -0700 Subject: Cut 1.15.1 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/_version.py b/paramiko/_version.py index a7857b09..d9f78740 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 0) +__version_info__ = (1, 15, 1) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 43988826..3e654f69 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.1 <2014-09-22>` * :bug:`399` SSH agent forwarding (potentially other functionality as well) would hang due to incorrect values passed into the new window size arguments for `.Transport` (thanks to a botched merge). This has been -- cgit v1.2.3 From 14b517d3c131fd508e287fee1e09c632b6faa615 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 14:45:02 -0800 Subject: Changelog re #419, closes #419 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 79cf318b..e8f103a9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :support:`419` Modernize a bunch of the codebase internals to leverage + decorators. Props to ``@beckjake`` for realizing we're no longer on Python + 2.2 :D * :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to start at 0 instead of 1 for better compatibility with OpenSSH & certain server implementations which break on 1-indexed channels. Thanks to -- cgit v1.2.3 From e07dbc9cd7dcf6ebaa9315ad9d4a44eb5ed20e5b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 14:59:43 -0800 Subject: Changelog re #421, closes #421 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e8f103a9..de432870 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`421` Modernize threading calls to user newer API. Thanks to Olle + Lundberg. * :support:`419` Modernize a bunch of the codebase internals to leverage decorators. Props to ``@beckjake`` for realizing we're no longer on Python 2.2 :D -- cgit v1.2.3 From c0520adbe5905af2befc85064b25f3ba0a39b019 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:10:12 -0800 Subject: Changelog closes #413 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1c312ba2..68f5e910 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`413` Replace handrolled ``ssh_config`` parsing code with use of the + ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. * :support:`421` Modernize threading calls to user newer API. Thanks to Olle Lundberg. -- cgit v1.2.3 From e5b105ca57b21b3142a80f29ee07e2a5e87ac547 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:13:31 -0800 Subject: Dyslexia strikes again. Actually close #431, not #413 --- sites/www/changelog.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 68f5e910..d35ad788 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,7 +2,7 @@ Changelog ========= -* :support:`413` Replace handrolled ``ssh_config`` parsing code with use of the +* :support:`431` Replace handrolled ``ssh_config`` parsing code with use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. * :support:`421` Modernize threading calls to user newer API. Thanks to Olle -- cgit v1.2.3 From 0a73a54c745c2102b74f0e40514692448e942fec Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 15:35:09 -0800 Subject: Changelog re #415 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index d35ad788..9c2e2a0f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`415` Fix ``ssh_config`` parsing to correctly interpret ``ProxyCommand + none`` as the lack of a proxy command, instead of as a literal command string + of ``"none"``. Thanks to Richard Spiers for the catch & Sean Johnson for the + fix. * :support:`431` Replace handrolled ``ssh_config`` parsing code with use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422` Clean up some unused imports. Courtesy of Olle Lundberg. -- cgit v1.2.3 From 681f32583fe052c0516a2fda67e163169676ad11 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 17 Dec 2014 16:07:13 -0800 Subject: Changelog closes #455 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9603e6d5..4e56ad1f 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`455` Tweak packet size handling to conform better to the OpenSSH RFCs; + this helps address issues with interactive program cursors. Courtesy of Jeff + Quast. * :bug:`428` Fix an issue in `~paramiko.file.BufferedFile` (primarily used in the SFTP modules) concerning incorrect behavior by `~paramiko.file.BufferedFile.readlines` on files whose size exceeds the -- cgit v1.2.3 From 5601bf0928e2e738917320d83f8302703a62091b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 18 Dec 2014 14:02:28 -0800 Subject: Mark more backported support issues as such --- sites/www/changelog.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f6f2bb28..e5adbd22 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -18,15 +18,15 @@ Changelog none`` as the lack of a proxy command, instead of as a literal command string of ``"none"``. Thanks to Richard Spiers for the catch & Sean Johnson for the fix. -* :support:`431` Replace handrolled ``ssh_config`` parsing code with use of the - ``shlex`` module. Thanks to Yan Kalchevskiy. +* :support:`431 backported` Replace handrolled ``ssh_config`` parsing code with + use of the ``shlex`` module. Thanks to Yan Kalchevskiy. * :support:`422 backported` Clean up some unused imports. Courtesy of Olle Lundberg. -* :support:`421` Modernize threading calls to user newer API. Thanks to Olle - Lundberg. -* :support:`419` Modernize a bunch of the codebase internals to leverage - decorators. Props to ``@beckjake`` for realizing we're no longer on Python - 2.2 :D +* :support:`421 backported` Modernize threading calls to user newer API. Thanks + to Olle Lundberg. +* :support:`419 backported` Modernize a bunch of the codebase internals to + leverage decorators. Props to ``@beckjake`` for realizing we're no longer on + Python 2.2 :D * :bug:`266` Change numbering of `~paramiko.transport.Transport` channels to start at 0 instead of 1 for better compatibility with OpenSSH & certain server implementations which break on 1-indexed channels. Thanks to -- cgit v1.2.3 From ccdfd02c047d5588b6bebdc501a766271a009493 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 19 Dec 2014 14:55:15 -0800 Subject: Cut 1.14.2 --- sites/www/changelog.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 8ad82a71..695149de 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly smarter about polling & timing behavior when running proxy commands, to avoid -- cgit v1.2.3 From 424ba615c2a94d3b059e7f24db1a1093a92d8d22 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 19 Dec 2014 14:55:48 -0800 Subject: Cut 1.15.2 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/_version.py b/paramiko/_version.py index d9f78740..3bf9dac7 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 1) +__version_info__ = (1, 15, 2) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f5348e5b..bb93f885 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.2 <2014-12-19>` * :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly -- cgit v1.2.3 From c5d0d6a2919ca2158b3f6271f7449faeeb3c865f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 4 Feb 2015 16:00:50 -0800 Subject: Changelog fixes #402, closes #479 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index bb93f885..6520dde4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`402` Check to see if an SSH agent is actually present before trying to + forward it to the remote end. This replaces what was usually a useless + ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken + Jordan for the fix and Yvan Marques for original report. * :release:`1.15.2 <2014-12-19>` * :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` -- cgit v1.2.3 From d1f72859c76beda46a072cdc75b2e19e4418275a Mon Sep 17 00:00:00 2001 From: Olle Lundberg Date: Tue, 24 Feb 2015 14:49:36 +0100 Subject: Expose handshake timeout in the transport API. This is a reimplementation of #62. --- paramiko/transport.py | 9 +++++++++ sites/www/changelog.rst | 5 +++++ tests/test_transport.py | 17 +++++++++++++++++ 3 files changed, 31 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/transport.py b/paramiko/transport.py index 36da3043..6047fb99 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -295,6 +295,8 @@ class Transport (threading.Thread, ClosingContextManager): self.global_response = None # response Message from an arbitrary global request self.completion_event = None # user-defined event callbacks self.banner_timeout = 15 # how long (seconds) to wait for the SSH banner + self.handshake_timeout = 15 # how long (seconds) to wait for the handshake to finish after SSH banner sent. + # server mode: self.server_mode = False @@ -1582,6 +1584,12 @@ class Transport (threading.Thread, ClosingContextManager): try: self.packetizer.write_all(b(self.local_version + '\r\n')) self._check_banner() + # The above is actually very much part of the handshake, but sometimes the banner can be read + # but the machine is not responding, for example when the remote ssh daemon is loaded in to memory + # but we can not read from the disk/spawn a new shell. + # Make sure we can specify a timeout for the initial handshake. + # Re-use the banner timeout for now. + self.packetizer.start_handshake(self.handshake_timeout) self._send_kex_init() self._expect_packet(MSG_KEXINIT) @@ -1631,6 +1639,7 @@ class Transport (threading.Thread, ClosingContextManager): msg.add_byte(cMSG_UNIMPLEMENTED) msg.add_int(m.seqno) self._send_message(msg) + self.packetizer.complete_handshake() except SSHException as e: self._log(ERROR, 'Exception: ' + str(e)) self._log(ERROR, util.tb_strings()) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6520dde4..f9900327 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`62` Add timeout for handshake completion. + This adds a mechanism for timing out a connection if the ssh handshake + never completes. + Credit to ``@dacut`` for initial report and patch and to Olle Lundberg for + re-implementation. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken diff --git a/tests/test_transport.py b/tests/test_transport.py index 5cf9a867..3c8ad81e 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -792,3 +792,20 @@ class TransportTest(unittest.TestCase): (None, DEFAULT_WINDOW_SIZE), (2**32, MAX_WINDOW_SIZE)]: self.assertEqual(self.tc._sanitize_window_size(val), correct) + + def test_L_handshake_timeout(self): + """ + verify that we can get a hanshake timeout. + """ + host_key = RSAKey.from_private_key_file(test_path('test_rsa.key')) + public_host_key = RSAKey(data=host_key.asbytes()) + self.ts.add_server_key(host_key) + event = threading.Event() + server = NullServer() + self.assertTrue(not event.is_set()) + self.tc.handshake_timeout = 0.000000000001 + self.ts.start_server(event, server) + self.assertRaises(EOFError, self.tc.connect, + hostkey=public_host_key, + username='slowdive', + password='pygmalion') -- cgit v1.2.3 From 6ba6ccda7bb34f16e92aa1acfb430055f264bd41 Mon Sep 17 00:00:00 2001 From: Olle Lundberg Date: Tue, 24 Feb 2015 15:14:51 +0100 Subject: Patch resolving the timeout issue on lost conection. (This rolls in patch in #439) --- paramiko/client.py | 2 +- paramiko/transport.py | 18 +++++++++++++----- sites/www/changelog.rst | 3 +++ 3 files changed, 17 insertions(+), 6 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/client.py b/paramiko/client.py index 393e3e09..9ee30287 100644 --- a/paramiko/client.py +++ b/paramiko/client.py @@ -338,7 +338,7 @@ class SSHClient (ClosingContextManager): :raises SSHException: if the server fails to execute the command """ - chan = self._transport.open_session() + chan = self._transport.open_session(timeout=timeout) if get_pty: chan.get_pty() chan.settimeout(timeout) diff --git a/paramiko/transport.py b/paramiko/transport.py index 6047fb99..31c27a2f 100644 --- a/paramiko/transport.py +++ b/paramiko/transport.py @@ -589,7 +589,7 @@ class Transport (threading.Thread, ClosingContextManager): """ return self.active - def open_session(self, window_size=None, max_packet_size=None): + def open_session(self, window_size=None, max_packet_size=None, timeout=None): """ Request a new channel to the server, of type ``"session"``. This is just an alias for calling `open_channel` with an argument of @@ -614,7 +614,8 @@ class Transport (threading.Thread, ClosingContextManager): """ return self.open_channel('session', window_size=window_size, - max_packet_size=max_packet_size) + max_packet_size=max_packet_size, + timeout=timeout) def open_x11_channel(self, src_addr=None): """ @@ -661,7 +662,8 @@ class Transport (threading.Thread, ClosingContextManager): dest_addr=None, src_addr=None, window_size=None, - max_packet_size=None): + max_packet_size=None, + timeout=None): """ Request a new channel to the server. `Channels <.Channel>` are socket-like objects used for the actual transfer of data across the @@ -685,17 +687,20 @@ class Transport (threading.Thread, ClosingContextManager): optional window size for this session. :param int max_packet_size: optional max packet size for this session. + :param float timeout: + optional timeout opening a channel, default 3600s (1h) :return: a new `.Channel` on success - :raises SSHException: if the request is rejected or the session ends - prematurely + :raises SSHException: if the request is rejected, the session ends + prematurely or there is a timeout openning a channel .. versionchanged:: 1.15 Added the ``window_size`` and ``max_packet_size`` arguments. """ if not self.active: raise SSHException('SSH session not active') + timeout = 3600 if timeout is None else timeout self.lock.acquire() try: window_size = self._sanitize_window_size(window_size) @@ -724,6 +729,7 @@ class Transport (threading.Thread, ClosingContextManager): finally: self.lock.release() self._send_user_message(m) + start_ts = time.time() while True: event.wait(0.1) if not self.active: @@ -733,6 +739,8 @@ class Transport (threading.Thread, ClosingContextManager): raise e if event.is_set(): break + elif start_ts + timeout < time.time(): + raise SSHException('Timeout openning channel.') chan = self._channels.get(chanid) if chan is not None: return chan diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f9900327..16a60a68 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`439` Resolve the timeout issue on lost conection. + When the destination disappears on an established session paramiko will hang on trying to open a channel. + Credit to ``@vazir`` for patch. * :bug:`62` Add timeout for handshake completion. This adds a mechanism for timing out a connection if the ssh handshake never completes. -- cgit v1.2.3 From 4ca8d68c0443c4e5e17ae4fcee39dd6f2507c7cd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 27 Feb 2015 13:19:35 -0800 Subject: Changelog closes #22 --- sites/www/changelog.rst | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6520dde4..0e8f92c4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,11 @@ Changelog ========= +* :bug:`22 major` Try harder to connect to multiple network families (e.g. IPv4 + vs IPv6) in case of connection issues; this helps with problems such as hosts + which resolve both IPv4 and IPv6 addresses but are only listening on IPv4. + Thanks to Dries Desmet for original report and Torsten Landschoff for the + foundational patchset. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken -- cgit v1.2.3 From 97e134aa43c9632f34be278ca1d08f56cc83993a Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Thu, 10 Sep 2015 14:09:13 -0700 Subject: Changelog fixes #582 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 0e8f92c4..6379dba9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`582` Fix some old ``setup.py`` related helper code which was + breaking ``bdist_dumb`` on Mac OS X. Thanks to Peter Odding for the patch. * :bug:`22 major` Try harder to connect to multiple network families (e.g. IPv4 vs IPv6) in case of connection issues; this helps with problems such as hosts which resolve both IPv4 and IPv6 addresses but are only listening on IPv4. -- cgit v1.2.3 From aef405c9adc3ca087b21836d4a2ee56e05a2b3c4 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:02:27 -0700 Subject: Changelog closes #353 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 6520dde4..be3f5da7 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`353` (via :issue:`482`) Fix a bug introduced in the Python 3 port + which caused ``OverFlowError`` (and other symptoms) in SFTP functionality. + Thanks to ``@dboreham`` for leading the troubleshooting charge, and to + Scott Maxwell for the final patch. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken -- cgit v1.2.3 From e9d65f4199bb6a8589c9a89f8a8d68edd66ac6d0 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:09:15 -0700 Subject: Changelog closes #488 --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index be3f5da7..7e8c02fe 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a + typo introduced in the 1.15 release which broke WinPageant support. Thanks to + everyone who submitted patches, and to Steve Cohen who was the lucky winner + of the cherry-pick lottery. * :bug:`353` (via :issue:`482`) Fix a bug introduced in the Python 3 port which caused ``OverFlowError`` (and other symptoms) in SFTP functionality. Thanks to ``@dboreham`` for leading the troubleshooting charge, and to -- cgit v1.2.3 From 48dc72b87567152ac8d45b4bad2bdd0d4ad3ac8b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:14:27 -0700 Subject: Changelog closes #404 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 7e8c02fe..3c11ff87 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`404` Print details when displaying `BadHostKeyException` objects + (expected vs received data) instead of just "hey shit broke". Patch credit: + Loic Dachary. * :bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a typo introduced in the 1.15 release which broke WinPageant support. Thanks to everyone who submitted patches, and to Steve Cohen who was the lucky winner -- cgit v1.2.3 From fb258f88b4b61627a51f30f9a21fcbc7ec35c1e6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:18:24 -0700 Subject: Changelog closes #490, closes #500 (cherry-pick) --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3c11ff87..5f6a16f9 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`490` Skip invalid/unparseable lines in ``known_hosts`` files, instead + of raising `SSHException`. This brings Paramiko's behavior more in line with + OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin + Topholm. * :bug:`404` Print details when displaying `BadHostKeyException` objects (expected vs received data) instead of just "hey shit broke". Patch credit: Loic Dachary. -- cgit v1.2.3 From 57106d04def84ca1d9dd23c4d85b2ba9242556ff Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 14:53:02 -0700 Subject: Rework changelog entries re #491 a bit Closes #491, closes #62, closes #439 --- sites/www/changelog.rst | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 97b6fe9c..764c8801 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,14 +2,10 @@ Changelog ========= -* :bug:`439` Resolve the timeout issue on lost conection. - When the destination disappears on an established session paramiko will hang on trying to open a channel. - Credit to ``@vazir`` for patch. -* :bug:`62` Add timeout for handshake completion. - This adds a mechanism for timing out a connection if the ssh handshake - never completes. - Credit to ``@dacut`` for initial report and patch and to Olle Lundberg for - re-implementation. +* :bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout + functionality to address hangs from dropped network connections and/or failed + handshakes. Credit to ``@vazir`` and ``@dacut`` for the original patches and + to Olle Lundberg for reimplementation. * :bug:`490` Skip invalid/unparseable lines in ``known_hosts`` files, instead of raising `SSHException`. This brings Paramiko's behavior more in line with OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin -- cgit v1.2.3 From 8bf03014128b074bf6988100f18e48a94671cca2 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 15:43:59 -0700 Subject: Changelog re #496 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 764c8801..5b900c61 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI + support (note: this includes switching from PyCrypo's Random to + `os.urandom`). Thanks to Anselm Kruis for catch & patch. * :bug:`491` (combines :issue:`62` and :issue:`439`) Implement timeout functionality to address hangs from dropped network connections and/or failed handshakes. Credit to ``@vazir`` and ``@dacut`` for the original patches and -- cgit v1.2.3 From b67ee80ba6cbb985a537123a0ae099b81ddfc999 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Wed, 30 Sep 2015 15:59:04 -0700 Subject: Changelog closes #516 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5b900c61..b7f19d63 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. + Thanks to ``@toejough`` for report & suggestions. * :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI support (note: this includes switching from PyCrypo's Random to `os.urandom`). Thanks to Anselm Kruis for catch & patch. -- cgit v1.2.3 From a8ac9e6441030f2cc49de579c3d598e5f05ca331 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 15:23:16 -0700 Subject: Changelog closes #554 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index b7f19d63..1d3debb7 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key + class. Thanks to Jared Hance for the patch. * :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. Thanks to ``@toejough`` for report & suggestions. * :bug:`496` Fix a handful of small but critical bugs in Paramiko's GSSAPI -- cgit v1.2.3 From 9a5fbad601d7567cde59071f36ba6a34d6bcf696 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 15:56:28 -0700 Subject: Fix some typos/bad doc references in changelog --- sites/www/changelog.rst | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 1d3debb7..9a4e6c76 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -14,12 +14,12 @@ Changelog handshakes. Credit to ``@vazir`` and ``@dacut`` for the original patches and to Olle Lundberg for reimplementation. * :bug:`490` Skip invalid/unparseable lines in ``known_hosts`` files, instead - of raising `SSHException`. This brings Paramiko's behavior more in line with - OpenSSH, which silently ignores such input. Catch & patch courtesy of Martin - Topholm. -* :bug:`404` Print details when displaying `BadHostKeyException` objects - (expected vs received data) instead of just "hey shit broke". Patch credit: - Loic Dachary. + of raising `~paramiko.ssh_exception.SSHException`. This brings Paramiko's + behavior more in line with OpenSSH, which silently ignores such input. Catch + & patch courtesy of Martin Topholm. +* :bug:`404` Print details when displaying + `~paramiko.ssh_exception.BadHostKeyException` objects (expected vs received + data) instead of just "hey shit broke". Patch credit: Loic Dachary. * :bug:`469` (also :issue:`488`, :issue:`461` and like a dozen others) Fix a typo introduced in the 1.15 release which broke WinPageant support. Thanks to everyone who submitted patches, and to Steve Cohen who was the lucky winner @@ -30,8 +30,9 @@ Changelog Scott Maxwell for the final patch. * :bug:`402` Check to see if an SSH agent is actually present before trying to forward it to the remote end. This replaces what was usually a useless - ``TypeError`` with a human-readable ``AuthenticationError``. Credit to Ken - Jordan for the fix and Yvan Marques for original report. + ``TypeError`` with a human-readable + `~paramiko.ssh_exception.AuthenticationException`. Credit to Ken Jordan for + the fix and Yvan Marques for original report. * :release:`1.15.2 <2014-12-19>` * :release:`1.14.2 <2014-12-19>` * :release:`1.13.3 <2014-12-19>` -- cgit v1.2.3 From 5b1b13c2fb48ac55d64022212bf132b8c01ce0c7 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Fri, 2 Oct 2015 15:59:15 -0700 Subject: Cut 1.15.3 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/_version.py b/paramiko/_version.py index 3bf9dac7..25aac14f 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 2) +__version_info__ = (1, 15, 3) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9a4e6c76..d94d5bc2 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.3 <2015-10-02>` * :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch. * :support:`516 backported` Document `~paramiko.agent.AgentRequestHandler`. -- cgit v1.2.3 From 66ff4deabbd1c14df3fd2d8729107d904c30c7d5 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 1 Nov 2015 16:04:58 -0800 Subject: Changelog closes #356, closes #596. Will expand to include SHA512 stuff if I merge that prior to release. --- sites/www/changelog.rst | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ff05365c..833560af 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,15 @@ Changelog ========= +* :feature:`356` (also :issue:`596`, :issue:`365`, :issue:`341`, :issue:`164`, + and a bunch of other duplicates besides) Add support for 256-bit SHA-2 based + key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` and + (H)MAC algorithm ``hmac-sha2-256``. + + Thanks to the many people who submitted patches for this functionality and/or + assisted in testing those patches. That list includes but is not limited to, + and in no particular order: Matthias Witte, Dag Wieers, Ash Berlin, Etienne + Perot, Gert van Dijk, ``@GuyShaanan``, Aaron Bieber, and ``@cyphase``. * :release:`1.15.3 <2015-10-02>` * :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch. -- cgit v1.2.3 From 5a89ea28105ea7e6caad861e64b8aa4f2ffc7394 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 1 Nov 2015 18:19:16 -0800 Subject: Update changelog closing #581 --- sites/www/changelog.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 833560af..f1e33bcf 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -3,14 +3,15 @@ Changelog ========= * :feature:`356` (also :issue:`596`, :issue:`365`, :issue:`341`, :issue:`164`, - and a bunch of other duplicates besides) Add support for 256-bit SHA-2 based - key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` and - (H)MAC algorithm ``hmac-sha2-256``. + :issue:`581`, and a bunch of other duplicates besides) Add support for SHA-2 + based key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` + and (H)MAC algorithms ``hmac-sha2-256`` and ``hmac-sha2-512``. Thanks to the many people who submitted patches for this functionality and/or assisted in testing those patches. That list includes but is not limited to, and in no particular order: Matthias Witte, Dag Wieers, Ash Berlin, Etienne - Perot, Gert van Dijk, ``@GuyShaanan``, Aaron Bieber, and ``@cyphase``. + Perot, Gert van Dijk, ``@GuyShaanan``, Aaron Bieber, ``@cyphase``, and Eric + Brown. * :release:`1.15.3 <2015-10-02>` * :support:`554 backported` Fix inaccuracies in the docstring for the ECDSA key class. Thanks to Jared Hance for the patch. -- cgit v1.2.3 From 9c12f12a08f25a2135e0f17832d2acdc8bafbf1b Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Sun, 1 Nov 2015 18:24:37 -0800 Subject: Add note re: logging tweaks to changelog. Better safe than sorry. --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index f1e33bcf..3aa2b84b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -6,6 +6,10 @@ Changelog :issue:`581`, and a bunch of other duplicates besides) Add support for SHA-2 based key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` and (H)MAC algorithms ``hmac-sha2-256`` and ``hmac-sha2-512``. + + This change includes tweaks to debug-level logging regarding + algorithm-selection handshakes; the old all-in-one log line is now multiple + easier-to-read, printed-at-handshake-time log lines. Thanks to the many people who submitted patches for this functionality and/or assisted in testing those patches. That list includes but is not limited to, -- cgit v1.2.3 From 9a091e0494269ae5e6074877fb0b335181ad28ae Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 10:24:48 -0800 Subject: Changelog closes #604 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 3aa2b84b..9c94002d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :feature:`604` Add support for the ``aes192-ctr`` and ``aes192-cbc`` ciphers. + Thanks to Michiel Tiller for noticing it was as easy as tweaking some key + sizes :D * :feature:`356` (also :issue:`596`, :issue:`365`, :issue:`341`, :issue:`164`, :issue:`581`, and a bunch of other duplicates besides) Add support for SHA-2 based key exchange (kex) algorithm ``diffie-hellman-group-exchange-sha256`` -- cgit v1.2.3 From fcacbe4620a867acedf33da7a069b09e4a8d370d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 12:52:24 -0800 Subject: Changelog closes #565 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 9ce2eded..7c6b74e4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`565` Don't explode with ``IndexError`` when reading private key files + lacking an ``-----END PRIVATE KEY-----`` footer. Patch courtesy of + Prasanna Santhanam. * :release:`1.13.3 <2014-12-19>` * :bug:`413` (also :issue:`414`, :issue:`420`, :issue:`454`) Be significantly smarter about polling & timing behavior when running proxy commands, to avoid -- cgit v1.2.3 From 3e08a40e9aee4aa289e9704c115773e1596d7f5d Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 12:55:36 -0800 Subject: Changelog closes #594 --- sites/www/changelog.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 7c6b74e4..e81327fc 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,8 @@ Changelog ========= +* :support:`594 backported` Correct some post-Python3-port docstrings to + specify ``bytes`` type instead of ``str``. Credit to ``@redixin``. * :bug:`565` Don't explode with ``IndexError`` when reading private key files lacking an ``-----END PRIVATE KEY-----`` footer. Patch courtesy of Prasanna Santhanam. -- cgit v1.2.3 From 7611c57910f49aadf8caafbc7970bc3d991382d8 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 13:07:02 -0800 Subject: Changelog closes #359 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e81327fc..5dc877c4 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`359` Use correct attribute name when trying to use Python 3's + ``int.bit_length`` method; prior to fix, the Python 2 custom fallback + implementation was always used, even on Python 3. Thanks to Alex Gaynor. * :support:`594 backported` Correct some post-Python3-port docstrings to specify ``bytes`` type instead of ``str``. Credit to ``@redixin``. * :bug:`565` Don't explode with ``IndexError`` when reading private key files -- cgit v1.2.3 From f3649c0d7d9d6d46269c5ad05ef88383cf50180f Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 13:12:39 -0800 Subject: Changelog closes #366 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 5dc877c4..831d425b 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string + representation doesn't raise exceptions on empty/initialized instances. Patch + by Ulrich Petri. * :bug:`359` Use correct attribute name when trying to use Python 3's ``int.bit_length`` method; prior to fix, the Python 2 custom fallback implementation was always used, even on Python 3. Thanks to Alex Gaynor. -- cgit v1.2.3 From 0a57d0337778d99066688e310c81d449c64c9bb6 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 17:57:45 -0800 Subject: Cut 1.13.4 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/_version.py b/paramiko/_version.py index 0402fcf2..63bba727 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 13, 3) +__version_info__ = (1, 13, 4) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 831d425b..e435c65e 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.13.4 <2015-11-02>` * :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string representation doesn't raise exceptions on empty/initialized instances. Patch by Ulrich Petri. -- cgit v1.2.3 From 79bdefe35610b651566bb7422518fb60b3f72bdd Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 17:59:40 -0800 Subject: Cut 1.14.3 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/_version.py b/paramiko/_version.py index f941ac22..871565d3 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 14, 2) +__version_info__ = (1, 14, 3) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index 484e7be9..7a140e38 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.14.3 <2015-11-02>` * :release:`1.13.4 <2015-11-02>` * :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string representation doesn't raise exceptions on empty/initialized instances. Patch -- cgit v1.2.3 From d37c68673396b247c08d0d5122bb012e9c3c46c3 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Mon, 2 Nov 2015 18:01:15 -0800 Subject: Cut 1.15.4 --- paramiko/_version.py | 2 +- sites/www/changelog.rst | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'sites/www/changelog.rst') diff --git a/paramiko/_version.py b/paramiko/_version.py index 25aac14f..3b9c059e 100644 --- a/paramiko/_version.py +++ b/paramiko/_version.py @@ -1,2 +1,2 @@ -__version_info__ = (1, 15, 3) +__version_info__ = (1, 15, 4) __version__ = '.'.join(map(str, __version_info__)) diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index a7824175..fe4b2b2d 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,7 @@ Changelog ========= +* :release:`1.15.4 <2015-11-02>` * :release:`1.14.3 <2015-11-02>` * :release:`1.13.4 <2015-11-02>` * :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string -- cgit v1.2.3 From 6f773cef69f2a70e51d44affd0e592edc099cc11 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 3 Nov 2015 12:57:14 -0800 Subject: Changelog re #525 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index e435c65e..cbecabea 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :support:`525 backported` Update the vendored Windows API addon to a more + recent edition. Also fixes :issue:`193`, :issue:`488`, :issue:`498`. Thanks + to Jason Coombs. * :release:`1.13.4 <2015-11-02>` * :bug:`366` Fix `~paramiko.sftp_attributes.SFTPAttributes` so its string representation doesn't raise exceptions on empty/initialized instances. Patch -- cgit v1.2.3 From 3a5227c477295c8e14e395d3ac66e9a58db0ebc8 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 3 Nov 2015 13:31:13 -0800 Subject: Changelog closes #401 --- sites/www/changelog.rst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'sites/www/changelog.rst') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index cbecabea..278f7450 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`401` Fix line number reporting in log output regarding invalid + ``known_hosts`` line entries. Thanks to Dylan Thacker-Smith for catch & + patch. * :support:`525 backported` Update the vendored Windows API addon to a more recent edition. Also fixes :issue:`193`, :issue:`488`, :issue:`498`. Thanks to Jason Coombs. -- cgit v1.2.3