====
NEWS
====

Highlights of what's new in each release.

Issues noted as "'ssh' #NN" can be found at https://github.com/bitprophet/ssh/.

Issues noted as "Fabric #NN" can be found at https://github.com/fabric/fabric/.

Releases
========

v1.11.2 (27th Sep 2013)
-----------------------

* #156: Fix potential deadlock condition when using Channel objects as sockets
  (e.g. when using SSH gatewaying). Thanks to Steven Noonan and Frank Arnold
  for catch & patch.

v1.10.4 (27th Sep 2013)
-----------------------

* #179: Fix a missing variable causing errors when an ssh_config file has a
  non-default AddressFamily set. Thanks to Ed Marshall & Tomaz Muraus for catch
  & patch.
* #200: Fix an exception-causing typo in `demo_simple.py`. Thanks to Alex
  Buchanan for catch & Dave Foster for patch.

v1.11.1 (20th Sep 2013)
-----------------------

* #162: Clean up HMAC module import to avoid deadlocks in certain uses of
  SSHClient. Thanks to Gernot Hillier for the catch & suggested
  fix.
* #36: Fix the port-forwarding demo to avoid file descriptor errors. Thanks to
  Jonathan Halcrow for catch & patch.
* #168: Update config handling to properly handle multiple 'localforward' and
  'remoteforward' keys. Thanks to Emre Yılmaz for the patch.

v1.10.3 (20th Sep 2013)
-----------------------

* #162: Clean up HMAC module import to avoid deadlocks in certain uses of
  SSHClient. Thanks to Gernot Hillier for the catch & suggested
  fix.
* #36: Fix the port-forwarding demo to avoid file descriptor errors. Thanks to
  Jonathan Halcrow for catch & patch.
* #168: Update config handling to properly handle multiple 'localforward' and
  'remoteforward' keys. Thanks to Emre Yılmaz for the patch.

v1.11.0 (26th Jul 2013)
-----------------------

* #98: On Windows, when interacting with the PuTTY PAgeant, Paramiko now
  creates the shared memory map with explicit Security Attributes of the user,
  which is the same technique employed by the canonical PuTTY library to avoid
  permissions issues when Paramiko is running under a different UAC context
  than the PuTTY Ageant process. Thanks to Jason R. Coombs for the patch.
* #100: Remove use of PyWin32 in `win_pageant` module. Module was already
  dependent on ctypes for constructing appropriate structures and had ctypes
  implementations of all functionality. Thanks to Jason R. Coombs for the
  patch.
* #87: Ensure updates to `known_hosts` files account for any updates to said
  files after Paramiko initially read them. (Includes related fix to guard
  against duplicate entries during subsequent `known_hosts` loads.) Thanks to
  `@sunweaver` for the contribution.

v1.10.2 (26th Jul 2013)
-----------------------

* #153, #67: Warn on parse failure when reading known_hosts file. Thanks to
  `@glasserc` for patch.
* #146: Indentation fixes for readability. Thanks to Abhinav Upadhyay for catch
  & patch.

v1.10.1 (5th Apr 2013)
----------------------

* #142: (Fabric #811) SFTP put of empty file will still return the attributes
  of the put file. Thanks to Jason R. Coombs for the patch.
* #154: (Fabric #876) Forwarded SSH agent connections left stale local pipes
  lying around, which could cause local (and sometimes remote or network)
  resource starvation when running many agent-using remote commands. Thanks to
  Kevin Tegtmeier for catch & patch.

v1.10.0 (1st Mar 2013)
--------------------

* #66: Batch SFTP writes to help speed up file transfers. Thanks to Olle
  Lundberg for the patch.
* #133: Fix handling of window-change events to be on-spec and not
  attempt to wait for a response from the remote sshd; this fixes problems with
  less common targets such as some Cisco devices. Thanks to Phillip Heller for
  catch & patch.
* #93: Overhaul SSH config parsing to be in line with `man ssh_config` (& the
  behavior of `ssh` itself), including addition of parameter expansion within
  config values. Thanks to Olle Lundberg for the patch.
* #110: Honor SSH config `AddressFamily` setting when looking up local
  host's FQDN. Thanks to John Hensley for the patch.
* #128: Defer FQDN resolution until needed, when parsing SSH config files.
  Thanks to Parantapa Bhattacharya for catch & patch.
* #102: Forego random padding for packets when running under `*-ctr` ciphers.
  This corrects some slowdowns on platforms where random byte generation is
  inefficient (e.g. Windows). Thanks to  `@warthog618` for catch & patch, and
  Michael van der Kolff for code/technique review.
* #127: Turn `SFTPFile` into a context manager. Thanks to Michael Williamson
  for the patch.
* #116: Limit `Message.get_bytes` to an upper bound of 1MB to protect against
  potential DoS vectors. Thanks to `@mvschaik` for catch & patch.
* #115: Add convenience `get_pty` kwarg to `Client.exec_command` so users not
  manually controlling a channel object can still toggle PTY creation. Thanks
  to Michael van der Kolff for the patch.
* #71: Add `SFTPClient.putfo` and `.getfo` methods to allow direct
  uploading/downloading of file-like objects. Thanks to Eric Buehl for the
  patch.
* #113: Add `timeout` parameter to `SSHClient.exec_command` for easier setting
  of the command's internal channel object's timeout. Thanks to Cernov Vladimir
  for the patch.
* #94: Remove duplication of SSH port constant. Thanks to Olle Lundberg for the
  catch.
* #80: Expose the internal "is closed" property of the file transfer class
  `BufferedFile` as `.closed`, better conforming to Python's file interface.
  Thanks to `@smunaut` and James Hiscock for catch & patch.

v1.9.0 (6th Nov 2012)
---------------------

* #97 (with a little #93): Improve config parsing of `ProxyCommand` directives
  and provide a wrapper class to allow subprocess-driven proxy commands to be
  used as `sock=` arguments for `SSHClient.connect`.
* #77: Allow `SSHClient.connect()` to take an explicit `sock` parameter
  overriding creation of an internal, implicit socket object.
* Thanks in no particular order to Erwin Bolwidt, Oskari Saarenmaa, Steven
  Noonan, Vladimir Lazarenko, Lincoln de Sousa, Valentino Volonghi, Olle
  Lundberg, and Github user `@acrish` for the various and sundry patches
  leading to the above changes.

v1.8.1 (6th Nov 2012)
---------------------

* #90: Ensure that callbacks handed to `SFTPClient.get()` always fire at least
  once, even for zero-length files downloaded. Thanks to Github user `@enB` for
  the catch.
* #85: Paramiko's test suite overrides
  `unittest.TestCase.assertTrue/assertFalse` to provide these modern assertions
  to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7,
  this now causes deprecation warnings. The overrides have been patched to only
  execute when necessary. Thanks to `@Arfrever` for catch & patch.


v1.8.0 (3rd Oct 2012)
---------------------

* #17 ('ssh' 28): Fix spurious `NoneType has no attribute 'error'` and similar
  exceptions that crop up on interpreter exit.
* 'ssh' 32: Raise a more useful error explaining which `known_hosts` key line was
  problematic, when encountering `binascii` issues decoding known host keys.
  Thanks to `@thomasvs` for catch & patch.
* 'ssh' 33: Bring `ssh_config` parsing more in line with OpenSSH spec, re: order of
  setting overrides by `Host` specifiers. Specifically, the overrides now go by
  file order instead of automatically sorting by `Host` value length. In
  addition, the first value found per config key (e.g. `Port`, `User` etc)
  wins, instead of the last. Thanks to Jan Brauer for the contribution.
* 'ssh' 36: Support new server two-factor authentication option
  (`RequiredAuthentications2`), at least re: combining key-based & password
  auth. Thanks to Github user `bninja`.
* 'ssh' 11: When raising an exception for hosts not listed in
  `known_hosts` (when `RejectPolicy` is in effect) the exception message was
  confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for
  highlighting the issue.
* 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk.
* 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the
  implementation of `ssh_config(5)`. Thanks to Olle Lundberg for the patch.
* 'ssh' 24: Switch some internal type checking to use `isinstance` to help prevent
  problems with client libraries using subclasses of builtin types. Thanks to
  Alex Morega for the patch.
* Fabric #562: Agent forwarding would error out (with `Authentication response
  too long`) or freeze, when more than one remote connection to the local agent
  was active at the same time.  This has been fixed. Thanks to Steven McDonald
  for assisting in troubleshooting/patching, and to GitHub user `@lynxis` for
  providing the final version of the patch.
* 'ssh' 5: Moved a `fcntl` import closer to where it's used to help avoid
  `ImportError` problems on Windows platforms. Thanks to Jason Coombs for the
  catch + suggested fix.
* 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit
  Windows. Thanks again to Jason Coombs for the patch.
* Added an IO loop sleep() call to avoid needless CPU usage when agent
  forwarding is in use.
* Handful of internal tweaks to version number storage.
* Updated `setup.py` with `==dev` install URL for `pip` users.
* Updated `setup.py` to account for packaging problems in PyCrypto 2.4.0
* Added an extra `atfork()` call to help prevent spurious RNG errors when
  running under high parallel (multiprocess) load.
* Merge PR #28: https://github.com/paramiko/paramiko/pull/28 which adds a
  ssh-keygen like demo module. (Sofian Brabez)

v1.7.7.2 16may12
----------------
  * Merge pull request #63: https://github.com/paramiko/paramiko/pull/63 which
    fixes exceptions that occur when re-keying over fast connections. (Dwayne
    Litzenberger)

v1.7.7.1 (George) 21may11
-------------------------
  * Make the verification phase of SFTP.put optional (Larry Wright)
  * Patches to fix AIX support (anonymous)
  * Patch from Michele Bertoldi to allow compression to be turned on in the
    client constructor.
  * Patch from Shad Sharma to raise an exception if the transport isn't active
    when you try to open a new channel.
  * Stop leaking file descriptors in the SSH agent (John Adams)
  * More fixes for Windows address family support (Andrew Bennetts)
  * Use Crypto.Random rather than Crypto.Util.RandomPool
    (Gary van der Merwe, #271791)
  * Support for openssl keys (tehfink)
  * Fix multi-process support by calling Random.atfork (sugarc0de)

v1.7.6 (Fanny) 1nov09
---------------------
  * fixed bugs 411099 (sftp chdir isn't unicode-safe), 363163 & 411910 (more
    IPv6 problems on windows), 413850 (race when server closes the channel),
    426925 (support port numbers in host keys)

v1.7.5 (Ernest) 19jul09
-----------------------
  * added support for ARC4 cipher and CTR block chaining (Denis Bernard)
  * made transport threads daemonize, to fix python 2.6 atexit behavior
  * support unicode hostnames, and IP6 addresses (Maxime Ripard, Shikhar
    Bhushan)
  * various small bug fixes

v1.7.4 (Desmond) 06jul08
------------------------
  * more randpool fixes for windows, from Dwayne Litzenberger
    (NOTE: this may require a pycrypto upgrade on windows)
  * fix potential deadlock during key exchange (Dwayne Litzenberger)
  * remove MFC dependency from windows (Mark Hammond)
  * added some optional API improvements for SFTPClient get() and put()

v1.7.3 (Clara) 23mar08
----------------------
  * SSHClient can be asked not to use an SSH agent now, and not to search
    for private keys
  * added WarningPolicy option for SSHClient (warn, but allow, on unknown
    server keys)
  * added Channel.exit_status_ready to poll if a channel has received an
    exit status yet
  * new demo for reverse port forwarding
  * (bug 177117) fix UTF-8 passwords
  * (bug 189466) fix typo in osrandom.py
  * (bug 191657) potentially fix a race at channel shutdown
  * (bug 192749) document that SSHClient.connect may raise socket.error
  * (bug 193779) translate EOFError into AuthException during authentication
  * (bug 200416) don't create a new logger object for each channel

v1.7.2 (Basil) 21jan08
----------------------
  * (bug 137219) catch EINTR and handle correctly
  * (bug 157205) fix select() to trigger on stderr for a channel too
  * added SSHClient.get_transport()
  * added Channel.send_ready()
  * added direct-tcpip forwarding [patch from david guerizec]
  * fixed the PRNG to be more secure on windows and in cases where fork() is
    called [patch from dwayne litzenberger]

v1.7.1 (Amy) 10jun07
--------------------
  * windows SSH agent support can use the 'ctypes' module now if 'win32all' is
    not available [patch from alexander belchenko]
  * SFTPClient.listdir_attr() now preserves the 'longname' field [patch from
    wesley augur]
  * SFTPClient.get_channel() API added
  * SSHClient constuctor takes an optional 'timeout' parameter [patch from
    james bardin]

v1.7 (zubat) 18feb07
--------------------
  * added x11 channel support (patch from david guerizec)
  * added reverse port forwarding support
  * (bug 75370) raise an exception when contacting a broken SFTP server
  * (bug 80295) SSHClient shouldn't expand the user directory twice when reading
    RSA/DSS keys
  * (bug 82383) typo in DSS key in SSHClient
  * (bug 83523) python 2.5 warning when encoding a file's modification time
  * if connecting to an SSH agent fails, silently fallback instead of raising
    an exception

v1.6.4 (yanma) 19nov06
----------------------
  * fix setup.py on osx (oops!)
  * (bug 69330) check for the existence of RSA/DSA keys before trying to open
    them in SFTPClient
  * (bug 69222) catch EAGAIN in socket code to workaround a bug in recent
    Linux 2.6 kernels
  * (bug 70398) improve dict emulation in HostKeys objects
  * try harder to make sure all worker threads are joined on Transport.close()

v1.6.3 (xatu) 14oct06
---------------------
  * fixed bug where HostKeys.__setitem__ wouldn't always do the right thing
  * fixed bug in SFTPClient.chdir and SFTPAttributes.__str__ [patch from
    mike barber]
  * try harder not to raise EOFError from within SFTPClient
  * fixed bug where a thread waiting in accept() could block forever if the
    transport dies [patch from mike looijmans]

v1.6.2 (weedle) 16aug06
-----------------------
  * added support for "old" group-exchange server mode, for compatibility
    with the windows putty client
  * fixed some more interactions with SFTP file readv() and prefetch()
  * when saving the known_hosts file, preserve the original order [patch from
    warren young]
  * fix a couple of broken lines when exporting classes (bug 55946)

v1.6.1 (vulpix) 10jul06
-----------------------
  * more unit tests fixed for windows/cygwin (thanks to alexander belchenko)
  * a couple of fixes related to exceptions leaking out of SFTPClient
  * added ability to set items in HostKeys via __setitem__
  * HostKeys now retains order and has a save() method
  * added PKey.write_private_key and PKey.from_private_key

v1.6 (umbreon) 10may06
----------------------
  * pageant support on Windows thanks to john arbash meinel and todd whiteman
  * fixed unit tests to work under windows and cygwin (thanks to alexander
    belchenko for debugging)
  * various bugfixes/tweaks to SFTP file prefetch
  * added SSHClient for a higher-level API
  * SFTP readv() now yields results as it gets them
  * several APIs changed to throw an exception instead of "False" on failure

v1.5.4 (tentacool) 11mar06
--------------------------
  * fixed HostKeys to more correctly emulate a python dict
  * fixed a bug where file read buffering was too aggressive
  * improved prefetching so that out-of-order reads still use the prefetch
    buffer
  * added experimental SFTPFile.readv() call
  * more unit tests

v1.5.3 (squirtle) 19feb06
-------------------------
  * a few performance enhancements
  * added HostKeys, for dealing with openssh style "known_hosts" files, and
    added support for hashed hostnames
  * added Transport.atfork() for dealing with forked children
  * added SFTPClient.truncate, SFTPFile.chmod, SFTPFile.chown, SFTPFile.utime,
    and SFTPFile.truncate
  * improved windows demos [patch from mike looijmans], added an sftp demo, and
    moved demos to the demos/ folder
  * fixed a few interoperability bugs
  * cleaned up logging a bit
  * fixed a bug where EOF on a Channel might not be detected by select [found
    by thomas steinacher]
  * fixed python 2.4-ism that crept in [patch by jan hudec]
  * fixed a few reference loops that could have interacted badly with the python
    garbage collector
  * fixed a bunch of pychecker warnings, some of which were bugs

v1.5.2 (rhydon) 04dec05
-----------------------
  * compression support (opt-in via Transport.use_compression)
  * sftp files may be opened with mode flag 'x' for O_EXCL (exclusive-open)
    behavior, which has no direct python equivalent
  * added experimental util functions for parsing openssh config files
  * fixed a few bugs (and potential deadlocks) with key renegotiation
  * fixed a bug that caused SFTPFile.prefetch to occasionally lock up
  * fixed an sftp bug which affected van dyke sftp servers
  * fixed the behavior of select()ing on a closed channel, such that it will
    always trigger as readable

v1.5.1 (quilava) 31oct05
------------------------
  * SFTPFile.prefetch() added to dramatically speed up downloads (automatically
    turned on in SFTPClient.get())
  * fixed bug where garbage-collected Channels could trigger the Transport to
    close the session (reported by gordon good)
  * fixed a deadlock in rekeying (reported by wendell wood)
  * fixed some windows bugs and SFTPAttributes.__str__() (reported by grzegorz
    makarewicz)
  * better sftp error reporting by adding fake "errno" info to IOErrors

v1.5 (paras) 02oct05
--------------------
  * added support for "keyboard-interactive" authentication
  * added mode (on by default) where password authentication will try to
    fallback to "keyboard-interactive" if it's supported
  * added pipelining to SFTPFile.write and SFTPClient.put
  * fixed bug with SFTPFile.close() not guarding against being called more
    than once (thanks to Nathaniel Smith)
  * fixed broken 'a' flag in SFTPClient.file() (thanks to Nathaniel Smith)
  * fixed up epydocs to look nicer
  * reorganized auth_transport into auth_handler, which seems to be a cleaner
    separation
  * demo scripts fixed to have a better chance of loading the host keys
    correctly on windows/cygwin

v1.4 (oddish) 17jul05
---------------------
  * added SSH-agent support (for posix) from john rochester
  * added chdir() and getcwd() to SFTPClient, to emulate a "working directory"
  * added get() and put() to SFTPClient, to emulate ftp whole-file transfers
  * added check() to SFTPFile (a file hashing protocol extension)
  * fixed Channels and SFTPFiles (among others) to auto-close when GC'd
  * fixed Channel.fileno() for Windows, this time really
  * don't log socket errors as "unknown exception"
  * some misc. backward-compatible API improvements (like allowing
    Transport.start_client() and start_server() to be called in a blocking way)

v1.3.1 (nidoran) 28jun05
------------------------
  * added SFTPClient.close()
  * fixed up some outdated documentation
  * made SFTPClient.file() an alias for open()
  * added Transport.open_sftp_client() for convenience
  * refactored packetizing out of Transport
  * fixed bug (reported by alain s.) where connecting to a non-SSH host could
    cause paramiko to freeze up
  * fixed Channel.fileno() for Windows (again)
  * some more unit tests

v1.3 (marowak) 09apr05
----------------------
  * fixed a bug where packets larger than about 12KB would cause the session
    to die on all platforms except osx
  * added a potential workaround for windows to let Channel.fileno() (and
    therefore the select module) work!
  * changed API for subsystem handlers (sorry!) to pass more info and make it
    easier to write a functional SFTP server

v1.2 (lapras) 28feb05
---------------------
  * added SFTPClient.listdir_attr() for fetching a list of files and their
    attributes in one call
  * added Channel.recv_exit_status() and Channel.send_exit_status() for
    manipulating the exit status of a command from either client or server
    mode
  * moved check_global_request into ServerInterface, where it should've been
    all along (oops)
  * SFTPHandle's default implementations are fleshed out more
  * made logging a bit more consistent, and started logging thread ids
  * fixed a few race conditions, one of which would sometimes cause a Transport
    to fail to start on slow machines
  * more unit tests

v1.1 (kabuto) 12dec04
---------------------
  * server-side SFTP support
  * added support for stderr streams on client & server channels
  * added a new distinct exception for failed client authentication
    when caused by the server rejecting that *type* of auth
  * added support for multi-part authentication
  * fixed bug where get_username() wasn't working in server mode

v1.0 (jigglypuff) 06nov04
-------------------------
  * fixed bug that broke server-mode authentication by private key
  * fixed bug where closing a Channel could end up killing the entire
    Transport
  * actually include demo_windows.py this time (oops!)
  * fixed recently-introduced bug in group-exchange key negotiation that
    would generate the wrong hash (and therefore fail the initial handshake)
  * server-mode subsystem handler is a bit more flexible

v0.9 (ivysaur) 22oct04
----------------------
  * new ServerInterface class for implementing server policy, so it's no
    longer necessary to subclass Transport or Channel -- server code will
    need to be updated to follow this new API!  (see demo_server.py)
  * some bugfixes for re-keying an active session
  * Transport.get_security_options() allows fine-tuned control over the
    crypto negotiation on a new session
  * Transport.connect() takes a single hostkey object now instead of two
    string parameters
  * the Channel request methods (like 'exec_command') now return True on
    success or False on failure
  * added a mechanism for providing subsystems in server mode (and a new
    class to be subclassed: SubsystemHandler)
  * renamed SFTP -> SFTPClient (but left an alias for existing code)
  * added SFTPClient.normalize() to resolve paths on the server
  * fleshed out the API a bit more for SFTPClient and private keys
  * a bunch of new unit tests!

v0.9 (horsea) 27jun04
---------------------
  * fixed a lockup that could happen if the channel was closed while the
    send window was full
  * better checking of maximum packet sizes
  * better line buffering for file objects
  * now chops sftp requests into smaller packets for some older servers
  * more sftp unit tests

v0.9 (gyarados) 31may04
-----------------------
  * Transport.open_channel() -- supports local & remote port forwarding now
  * now imports UTF-8 encodings explicitly as a hint to "freeze" utilities
  * no longer rejects older SFTP servers
  * default packet size bumped to 8kB
  * fixed deadlock in closing a channel
  * Transport.connect() -- fixed bug where it would always fail when given a
    host key to verify

v0.9 (fearow) 23apr04
---------------------
  * Transport.send_ignore() -- send random ignored bytes
  * RSAKey/DSSKey added from_private_key_file() as a factory constructor;
    write_private_key_file() & generate() to create and save ssh2 keys;
    get_base64() to retrieve the exported public key
  * Transport added global_request() [client] and check_global_request()
    [server]
  * Transport.get_remove_server_key() now returns a PKey object instead of a
    tuple of strings
  * Transport.get_username() -- return the username you auth'd as [client]
  * Transport.set_keepalive() -- makes paramiko send periodic junk packets
    to the remote host, to keep the session active
  * python 2.2 support (thanks to Roger Binns)
  * misc. bug fixes

v0.9 (eevee) 08mar04
--------------------

v0.9 (doduo) 04jan04
--------------------

v0.1 (charmander) 10nov03
-------------------------

v0.1 (bulbasaur) 18sep03
------------------------

v0.1 (aerodactyl) 13sep03
-------------------------