From 1a716ed46d1d556d4ba6798608ab498320acd886 Mon Sep 17 00:00:00 2001 From: "Jeremy T. Bouse" Date: Sat, 25 May 2013 00:04:32 -0400 Subject: Imported Upstream version 1.10.1 --- NEWS | 473 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 473 insertions(+) create mode 100644 NEWS (limited to 'NEWS') diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..7a983ba --- /dev/null +++ b/NEWS @@ -0,0 +1,473 @@ + +==== +NEWS +==== + +Highlights of what's new in each release. + +Issues noted as "'ssh' #NN" can be found at https://github.com/bitprophet/ssh/. + +Issues noted as "Fabric #NN" can be found at https://github.com/fabric/fabric/. + +Releases +======== + +v1.10.1 (5th Apr 2013) +---------------------- + +* #142: (Fabric #811) SFTP put of empty file will still return the attributes + of the put file. Thanks to Jason R. Coombs for the patch. +* #154: (Fabric #876) Forwarded SSH agent connections left stale local pipes + lying around, which could cause local (and sometimes remote or network) + resource starvation when running many agent-using remote commands. Thanks to + Kevin Tegtmeier for catch & patch. + +v1.10.0 (1st Mar 2013) +-------------------- + +* #66: Batch SFTP writes to help speed up file transfers. Thanks to Olle + Lundberg for the patch. +* #133: Fix handling of window-change events to be on-spec and not + attempt to wait for a response from the remote sshd; this fixes problems with + less common targets such as some Cisco devices. Thanks to Phillip Heller for + catch & patch. +* #93: Overhaul SSH config parsing to be in line with `man ssh_config` (& the + behavior of `ssh` itself), including addition of parameter expansion within + config values. Thanks to Olle Lundberg for the patch. +* #110: Honor SSH config `AddressFamily` setting when looking up local + host's FQDN. Thanks to John Hensley for the patch. +* #128: Defer FQDN resolution until needed, when parsing SSH config files. + Thanks to Parantapa Bhattacharya for catch & patch. +* #102: Forego random padding for packets when running under `*-ctr` ciphers. + This corrects some slowdowns on platforms where random byte generation is + inefficient (e.g. Windows). Thanks to `@warthog618` for catch & patch, and + Michael van der Kolff for code/technique review. +* #127: Turn `SFTPFile` into a context manager. Thanks to Michael Williamson + for the patch. +* #116: Limit `Message.get_bytes` to an upper bound of 1MB to protect against + potential DoS vectors. Thanks to `@mvschaik` for catch & patch. +* #115: Add convenience `get_pty` kwarg to `Client.exec_command` so users not + manually controlling a channel object can still toggle PTY creation. Thanks + to Michael van der Kolff for the patch. +* #71: Add `SFTPClient.putfo` and `.getfo` methods to allow direct + uploading/downloading of file-like objects. Thanks to Eric Buehl for the + patch. +* #113: Add `timeout` parameter to `SSHClient.exec_command` for easier setting + of the command's internal channel object's timeout. Thanks to Cernov Vladimir + for the patch. +* #94: Remove duplication of SSH port constant. Thanks to Olle Lundberg for the + catch. +* #80: Expose the internal "is closed" property of the file transfer class + `BufferedFile` as `.closed`, better conforming to Python's file interface. + Thanks to `@smunaut` and James Hiscock for catch & patch. + +v1.9.0 (6th Nov 2012) +--------------------- + +* #97 (with a little #93): Improve config parsing of `ProxyCommand` directives + and provide a wrapper class to allow subprocess-driven proxy commands to be + used as `sock=` arguments for `SSHClient.connect`. +* #77: Allow `SSHClient.connect()` to take an explicit `sock` parameter + overriding creation of an internal, implicit socket object. +* Thanks in no particular order to Erwin Bolwidt, Oskari Saarenmaa, Steven + Noonan, Vladimir Lazarenko, Lincoln de Sousa, Valentino Volonghi, Olle + Lundberg, and Github user `@acrish` for the various and sundry patches + leading to the above changes. + +v1.8.1 (6th Nov 2012) +--------------------- + +* #90: Ensure that callbacks handed to `SFTPClient.get()` always fire at least + once, even for zero-length files downloaded. Thanks to Github user `@enB` for + the catch. +* #85: Paramiko's test suite overrides + `unittest.TestCase.assertTrue/assertFalse` to provide these modern assertions + to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7, + this now causes deprecation warnings. The overrides have been patched to only + execute when necessary. Thanks to `@Arfrever` for catch & patch. + + +v1.8.0 (3rd Oct 2012) +--------------------- + +* #17 ('ssh' 28): Fix spurious `NoneType has no attribute 'error'` and similar + exceptions that crop up on interpreter exit. +* 'ssh' 32: Raise a more useful error explaining which `known_hosts` key line was + problematic, when encountering `binascii` issues decoding known host keys. + Thanks to `@thomasvs` for catch & patch. +* 'ssh' 33: Bring `ssh_config` parsing more in line with OpenSSH spec, re: order of + setting overrides by `Host` specifiers. Specifically, the overrides now go by + file order instead of automatically sorting by `Host` value length. In + addition, the first value found per config key (e.g. `Port`, `User` etc) + wins, instead of the last. Thanks to Jan Brauer for the contribution. +* 'ssh' 36: Support new server two-factor authentication option + (`RequiredAuthentications2`), at least re: combining key-based & password + auth. Thanks to Github user `bninja`. +* 'ssh' 11: When raising an exception for hosts not listed in + `known_hosts` (when `RejectPolicy` is in effect) the exception message was + confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for + highlighting the issue. +* 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk. +* 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the + implementation of `ssh_config(5)`. Thanks to Olle Lundberg for the patch. +* 'ssh' 24: Switch some internal type checking to use `isinstance` to help prevent + problems with client libraries using subclasses of builtin types. Thanks to + Alex Morega for the patch. +* Fabric #562: Agent forwarding would error out (with `Authentication response + too long`) or freeze, when more than one remote connection to the local agent + was active at the same time. This has been fixed. Thanks to Steven McDonald + for assisting in troubleshooting/patching, and to GitHub user `@lynxis` for + providing the final version of the patch. +* 'ssh' 5: Moved a `fcntl` import closer to where it's used to help avoid + `ImportError` problems on Windows platforms. Thanks to Jason Coombs for the + catch + suggested fix. +* 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit + Windows. Thanks again to Jason Coombs for the patch. +* Added an IO loop sleep() call to avoid needless CPU usage when agent + forwarding is in use. +* Handful of internal tweaks to version number storage. +* Updated `setup.py` with `==dev` install URL for `pip` users. +* Updated `setup.py` to account for packaging problems in PyCrypto 2.4.0 +* Added an extra `atfork()` call to help prevent spurious RNG errors when + running under high parallel (multiprocess) load. +* Merge PR #28: https://github.com/paramiko/paramiko/pull/28 which adds a + ssh-keygen like demo module. (Sofian Brabez) + +v1.7.7.2 16may12 +---------------- + * Merge pull request #63: https://github.com/paramiko/paramiko/pull/63 which + fixes exceptions that occur when re-keying over fast connections. (Dwayne + Litzenberger) + +v1.7.7.1 (George) 21may11 +------------------------- + * Make the verification phase of SFTP.put optional (Larry Wright) + * Patches to fix AIX support (anonymous) + * Patch from Michele Bertoldi to allow compression to be turned on in the + client constructor. + * Patch from Shad Sharma to raise an exception if the transport isn't active + when you try to open a new channel. + * Stop leaking file descriptors in the SSH agent (John Adams) + * More fixes for Windows address family support (Andrew Bennetts) + * Use Crypto.Random rather than Crypto.Util.RandomPool + (Gary van der Merwe, #271791) + * Support for openssl keys (tehfink) + * Fix multi-process support by calling Random.atfork (sugarc0de) + +v1.7.6 (Fanny) 1nov09 +--------------------- + * fixed bugs 411099 (sftp chdir isn't unicode-safe), 363163 & 411910 (more + IPv6 problems on windows), 413850 (race when server closes the channel), + 426925 (support port numbers in host keys) + +v1.7.5 (Ernest) 19jul09 +----------------------- + * added support for ARC4 cipher and CTR block chaining (Denis Bernard) + * made transport threads daemonize, to fix python 2.6 atexit behavior + * support unicode hostnames, and IP6 addresses (Maxime Ripard, Shikhar + Bhushan) + * various small bug fixes + +v1.7.4 (Desmond) 06jul08 +------------------------ + * more randpool fixes for windows, from Dwayne Litzenberger + (NOTE: this may require a pycrypto upgrade on windows) + * fix potential deadlock during key exchange (Dwayne Litzenberger) + * remove MFC dependency from windows (Mark Hammond) + * added some optional API improvements for SFTPClient get() and put() + +v1.7.3 (Clara) 23mar08 +---------------------- + * SSHClient can be asked not to use an SSH agent now, and not to search + for private keys + * added WarningPolicy option for SSHClient (warn, but allow, on unknown + server keys) + * added Channel.exit_status_ready to poll if a channel has received an + exit status yet + * new demo for reverse port forwarding + * (bug 177117) fix UTF-8 passwords + * (bug 189466) fix typo in osrandom.py + * (bug 191657) potentially fix a race at channel shutdown + * (bug 192749) document that SSHClient.connect may raise socket.error + * (bug 193779) translate EOFError into AuthException during authentication + * (bug 200416) don't create a new logger object for each channel + +v1.7.2 (Basil) 21jan08 +---------------------- + * (bug 137219) catch EINTR and handle correctly + * (bug 157205) fix select() to trigger on stderr for a channel too + * added SSHClient.get_transport() + * added Channel.send_ready() + * added direct-tcpip forwarding [patch from david guerizec] + * fixed the PRNG to be more secure on windows and in cases where fork() is + called [patch from dwayne litzenberger] + +v1.7.1 (Amy) 10jun07 +-------------------- + * windows SSH agent support can use the 'ctypes' module now if 'win32all' is + not available [patch from alexander belchenko] + * SFTPClient.listdir_attr() now preserves the 'longname' field [patch from + wesley augur] + * SFTPClient.get_channel() API added + * SSHClient constuctor takes an optional 'timeout' parameter [patch from + james bardin] + +v1.7 (zubat) 18feb07 +-------------------- + * added x11 channel support (patch from david guerizec) + * added reverse port forwarding support + * (bug 75370) raise an exception when contacting a broken SFTP server + * (bug 80295) SSHClient shouldn't expand the user directory twice when reading + RSA/DSS keys + * (bug 82383) typo in DSS key in SSHClient + * (bug 83523) python 2.5 warning when encoding a file's modification time + * if connecting to an SSH agent fails, silently fallback instead of raising + an exception + +v1.6.4 (yanma) 19nov06 +---------------------- + * fix setup.py on osx (oops!) + * (bug 69330) check for the existence of RSA/DSA keys before trying to open + them in SFTPClient + * (bug 69222) catch EAGAIN in socket code to workaround a bug in recent + Linux 2.6 kernels + * (bug 70398) improve dict emulation in HostKeys objects + * try harder to make sure all worker threads are joined on Transport.close() + +v1.6.3 (xatu) 14oct06 +--------------------- + * fixed bug where HostKeys.__setitem__ wouldn't always do the right thing + * fixed bug in SFTPClient.chdir and SFTPAttributes.__str__ [patch from + mike barber] + * try harder not to raise EOFError from within SFTPClient + * fixed bug where a thread waiting in accept() could block forever if the + transport dies [patch from mike looijmans] + +v1.6.2 (weedle) 16aug06 +----------------------- + * added support for "old" group-exchange server mode, for compatibility + with the windows putty client + * fixed some more interactions with SFTP file readv() and prefetch() + * when saving the known_hosts file, preserve the original order [patch from + warren young] + * fix a couple of broken lines when exporting classes (bug 55946) + +v1.6.1 (vulpix) 10jul06 +----------------------- + * more unit tests fixed for windows/cygwin (thanks to alexander belchenko) + * a couple of fixes related to exceptions leaking out of SFTPClient + * added ability to set items in HostKeys via __setitem__ + * HostKeys now retains order and has a save() method + * added PKey.write_private_key and PKey.from_private_key + +v1.6 (umbreon) 10may06 +---------------------- + * pageant support on Windows thanks to john arbash meinel and todd whiteman + * fixed unit tests to work under windows and cygwin (thanks to alexander + belchenko for debugging) + * various bugfixes/tweaks to SFTP file prefetch + * added SSHClient for a higher-level API + * SFTP readv() now yields results as it gets them + * several APIs changed to throw an exception instead of "False" on failure + +v1.5.4 (tentacool) 11mar06 +-------------------------- + * fixed HostKeys to more correctly emulate a python dict + * fixed a bug where file read buffering was too aggressive + * improved prefetching so that out-of-order reads still use the prefetch + buffer + * added experimental SFTPFile.readv() call + * more unit tests + +v1.5.3 (squirtle) 19feb06 +------------------------- + * a few performance enhancements + * added HostKeys, for dealing with openssh style "known_hosts" files, and + added support for hashed hostnames + * added Transport.atfork() for dealing with forked children + * added SFTPClient.truncate, SFTPFile.chmod, SFTPFile.chown, SFTPFile.utime, + and SFTPFile.truncate + * improved windows demos [patch from mike looijmans], added an sftp demo, and + moved demos to the demos/ folder + * fixed a few interoperability bugs + * cleaned up logging a bit + * fixed a bug where EOF on a Channel might not be detected by select [found + by thomas steinacher] + * fixed python 2.4-ism that crept in [patch by jan hudec] + * fixed a few reference loops that could have interacted badly with the python + garbage collector + * fixed a bunch of pychecker warnings, some of which were bugs + +v1.5.2 (rhydon) 04dec05 +----------------------- + * compression support (opt-in via Transport.use_compression) + * sftp files may be opened with mode flag 'x' for O_EXCL (exclusive-open) + behavior, which has no direct python equivalent + * added experimental util functions for parsing openssh config files + * fixed a few bugs (and potential deadlocks) with key renegotiation + * fixed a bug that caused SFTPFile.prefetch to occasionally lock up + * fixed an sftp bug which affected van dyke sftp servers + * fixed the behavior of select()ing on a closed channel, such that it will + always trigger as readable + +v1.5.1 (quilava) 31oct05 +------------------------ + * SFTPFile.prefetch() added to dramatically speed up downloads (automatically + turned on in SFTPClient.get()) + * fixed bug where garbage-collected Channels could trigger the Transport to + close the session (reported by gordon good) + * fixed a deadlock in rekeying (reported by wendell wood) + * fixed some windows bugs and SFTPAttributes.__str__() (reported by grzegorz + makarewicz) + * better sftp error reporting by adding fake "errno" info to IOErrors + +v1.5 (paras) 02oct05 +-------------------- + * added support for "keyboard-interactive" authentication + * added mode (on by default) where password authentication will try to + fallback to "keyboard-interactive" if it's supported + * added pipelining to SFTPFile.write and SFTPClient.put + * fixed bug with SFTPFile.close() not guarding against being called more + than once (thanks to Nathaniel Smith) + * fixed broken 'a' flag in SFTPClient.file() (thanks to Nathaniel Smith) + * fixed up epydocs to look nicer + * reorganized auth_transport into auth_handler, which seems to be a cleaner + separation + * demo scripts fixed to have a better chance of loading the host keys + correctly on windows/cygwin + +v1.4 (oddish) 17jul05 +--------------------- + * added SSH-agent support (for posix) from john rochester + * added chdir() and getcwd() to SFTPClient, to emulate a "working directory" + * added get() and put() to SFTPClient, to emulate ftp whole-file transfers + * added check() to SFTPFile (a file hashing protocol extension) + * fixed Channels and SFTPFiles (among others) to auto-close when GC'd + * fixed Channel.fileno() for Windows, this time really + * don't log socket errors as "unknown exception" + * some misc. backward-compatible API improvements (like allowing + Transport.start_client() and start_server() to be called in a blocking way) + +v1.3.1 (nidoran) 28jun05 +------------------------ + * added SFTPClient.close() + * fixed up some outdated documentation + * made SFTPClient.file() an alias for open() + * added Transport.open_sftp_client() for convenience + * refactored packetizing out of Transport + * fixed bug (reported by alain s.) where connecting to a non-SSH host could + cause paramiko to freeze up + * fixed Channel.fileno() for Windows (again) + * some more unit tests + +v1.3 (marowak) 09apr05 +---------------------- + * fixed a bug where packets larger than about 12KB would cause the session + to die on all platforms except osx + * added a potential workaround for windows to let Channel.fileno() (and + therefore the select module) work! + * changed API for subsystem handlers (sorry!) to pass more info and make it + easier to write a functional SFTP server + +v1.2 (lapras) 28feb05 +--------------------- + * added SFTPClient.listdir_attr() for fetching a list of files and their + attributes in one call + * added Channel.recv_exit_status() and Channel.send_exit_status() for + manipulating the exit status of a command from either client or server + mode + * moved check_global_request into ServerInterface, where it should've been + all along (oops) + * SFTPHandle's default implementations are fleshed out more + * made logging a bit more consistent, and started logging thread ids + * fixed a few race conditions, one of which would sometimes cause a Transport + to fail to start on slow machines + * more unit tests + +v1.1 (kabuto) 12dec04 +--------------------- + * server-side SFTP support + * added support for stderr streams on client & server channels + * added a new distinct exception for failed client authentication + when caused by the server rejecting that *type* of auth + * added support for multi-part authentication + * fixed bug where get_username() wasn't working in server mode + +v1.0 (jigglypuff) 06nov04 +------------------------- + * fixed bug that broke server-mode authentication by private key + * fixed bug where closing a Channel could end up killing the entire + Transport + * actually include demo_windows.py this time (oops!) + * fixed recently-introduced bug in group-exchange key negotiation that + would generate the wrong hash (and therefore fail the initial handshake) + * server-mode subsystem handler is a bit more flexible + +v0.9 (ivysaur) 22oct04 +---------------------- + * new ServerInterface class for implementing server policy, so it's no + longer necessary to subclass Transport or Channel -- server code will + need to be updated to follow this new API! (see demo_server.py) + * some bugfixes for re-keying an active session + * Transport.get_security_options() allows fine-tuned control over the + crypto negotiation on a new session + * Transport.connect() takes a single hostkey object now instead of two + string parameters + * the Channel request methods (like 'exec_command') now return True on + success or False on failure + * added a mechanism for providing subsystems in server mode (and a new + class to be subclassed: SubsystemHandler) + * renamed SFTP -> SFTPClient (but left an alias for existing code) + * added SFTPClient.normalize() to resolve paths on the server + * fleshed out the API a bit more for SFTPClient and private keys + * a bunch of new unit tests! + +v0.9 (horsea) 27jun04 +--------------------- + * fixed a lockup that could happen if the channel was closed while the + send window was full + * better checking of maximum packet sizes + * better line buffering for file objects + * now chops sftp requests into smaller packets for some older servers + * more sftp unit tests + +v0.9 (gyarados) 31may04 +----------------------- + * Transport.open_channel() -- supports local & remote port forwarding now + * now imports UTF-8 encodings explicitly as a hint to "freeze" utilities + * no longer rejects older SFTP servers + * default packet size bumped to 8kB + * fixed deadlock in closing a channel + * Transport.connect() -- fixed bug where it would always fail when given a + host key to verify + +v0.9 (fearow) 23apr04 +--------------------- + * Transport.send_ignore() -- send random ignored bytes + * RSAKey/DSSKey added from_private_key_file() as a factory constructor; + write_private_key_file() & generate() to create and save ssh2 keys; + get_base64() to retrieve the exported public key + * Transport added global_request() [client] and check_global_request() + [server] + * Transport.get_remove_server_key() now returns a PKey object instead of a + tuple of strings + * Transport.get_username() -- return the username you auth'd as [client] + * Transport.set_keepalive() -- makes paramiko send periodic junk packets + to the remote host, to keep the session active + * python 2.2 support (thanks to Roger Binns) + * misc. bug fixes + +v0.9 (eevee) 08mar04 +-------------------- + +v0.9 (doduo) 04jan04 +-------------------- + +v0.1 (charmander) 10nov03 +------------------------- + +v0.1 (bulbasaur) 18sep03 +------------------------ + +v0.1 (aerodactyl) 13sep03 +------------------------- -- cgit v1.2.3