Changelog |
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Dec 11 2019 Paul Howarth <paul@city-fan.org> - 2.7.1-1
- Update to 2.7.1
- The new-style private key format (added in 2.7.0) suffered from an
unpadding bug that had been fixed earlier for Ed25519 (as that key type has
always used the newer format); that fix has been refactored and applied to
the base key class (GH#1567)
- Fix a bug in support for ECDSA keys under the newly-supported OpenSSH key
format (GH#1565, GH#1566)
* Wed Dec 04 2019 Paul Howarth <paul@city-fan.org> - 2.7.0-1
- Update to 2.7.0
- Implement support for OpenSSH 6.5-style private key files (typically
denoted as having 'BEGIN OPENSSH PRIVATE KEY' headers instead of PEM
format's 'BEGIN RSA PRIVATE KEY' or similar); if you were getting any sort
of weird auth error from "modern" keys generated on newer operating system
releases (such as macOS Mojave), this is the first update to try (GH#602,
GH#618, GH#1313, GH#1343)
- Token expansion in 'ssh_config' used a different method of determining the
local username ('$USER' environment variable), compared to what the (much
older) client connection code does ('getpass.getuser', which includes
'$USER' but may check other variables first, and is generally much more
comprehensive); both modules now use 'getpass.getuser'
- A couple of outright '~paramiko.config.SSHConfig' parse errors were
previously represented as vanilla 'Exception' instances; as part of recent
feature work a more specific exception class,
'~paramiko.ssh_exception.ConfigParseError', has been created; it is now
also used in those older spots, which is naturally backwards compatible
- Implement support for the 'Match' keyword in 'ssh_config' files;
previously, this keyword was simply ignored and keywords inside such blocks
were treated as if they were part of the previous block (GH#717)
- Note: this feature adds a new optional install dependency 'Invoke'
(https://www.pyinvoke.org), for managing 'Match exec' subprocesses
- Additional installation 'extras_require' "flavors" ('ed25519', 'invoke',
and 'all') have been added to our packaging metadata
- Paramiko's use of 'subprocess' for 'ProxyCommand' support is conditionally
imported to prevent issues on limited interpreter platforms like Google
Compute Engine; however, any resulting 'ImportError' was lost instead of
preserved for raising (in the rare cases where a user tried leveraging
'ProxyCommand' in such an environment); this has been fixed
- Perform deduplication of 'IdentityFile' contents during 'ssh_config'
parsing; previously, if your config would result in the same value being
encountered more than once, 'IdentityFile' would contain that many copies
of the same string
- Implement most 'canonical hostname' 'ssh_config' functionality
('CanonicalizeHostname', 'CanonicalDomains', 'CanonicalizeFallbackLocal',
and 'CanonicalizeMaxDots'; 'CanonicalizePermittedCNAMEs' has *not* yet
been implemented) - all were previously silently ignored (GH#897)
- Explicitly document which ssh_config features we currently support;
previously users just had to guess, which is simply no good
- Add new convenience classmethod constructors to
'~paramiko.config.SSHConfig': '~paramiko.config.SSHConfig.from_text',
'~paramiko.config.SSHConfig.from_file', and
'~paramiko.config.SSHConfig.from_path'; no more annoying two-step process!
- Add Recommends: of python3-invoke and python3-pyasn1 for optional
functionality
* Sun Oct 06 2019 Othman Madjoudj <athmane@fedoraproject.org> - 2.6.0-5
- Drop python2 subpackage since it's eol-ed
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.0-4
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.6.0-3
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 27 2019 Paul Howarth <paul@city-fan.org> - 2.6.0-1
- Update to 2.6.0
- Add a new keyword argument to 'SSHClient.connect' and
'~paramiko.transport.Transport', 'disabled_algorithms', which allows
selectively disabling one or more kex/key/cipher/etc algorithms; this can
be useful when disabling algorithms your target server (or client) does not
support cleanly, or to work around unpatched bugs in Paramiko's own
implementation thereof (GH#1463)
- Tweak many exception classes so their string representations are more
human-friendly; this also includes incidental changes to some 'super()'
calls (GH#1440, GH#1460)
- Add backwards-compatible support for the 'gssapi' GSSAPI library, as the
previous backend ('python-gssapi') has become defunct (GH#584, GH#1166,
GH#1311)
- 'SSHClient.exec_command' now returns a new subclass,
'~paramiko.channel.ChannelStdinFile', rather than a naïve
'~paramiko.channel.ChannelFile' object for its 'stdin' value, which fixes
issues such as hangs when running remote commands that read from stdin
(GH#322)
- Drop gssapi patch as it's no longer needed
- Drop pytest-relaxed patch as it's no longer needed
* Thu Jun 27 2019 Paul Howarth <paul@city-fan.org> - 2.5.1-1
- Update to 2.5.1
- Fix Ed25519 key handling so certain key comment lengths don't cause
'SSHException("Invalid key")' (GH#1306, GH#1400)
* Mon Jun 10 2019 Paul Howarth <paul@city-fan.org> - 2.5.0-1
- Update to 2.5.0
- Add support for encrypt-then-MAC (ETM) schemes and two newer Diffie-Hellman
group key exchange algorithms ('group14', using SHA256; and 'group16',
using SHA512)
- Add support for Curve25519 key exchange
- Raise Cryptography dependency requirement to version 2.5 (from 1.5) and
update some deprecated uses of its API
- Add support for the modern (as of Python 3.3) import location of
'MutableMapping' (used in host key management) to avoid the old location
becoming deprecated in Python 3.8
- Drop hard dependency on pyasn1 as it's only needed for optional GSSAPI
functionality
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Oct 09 2018 Paul Howarth <paul@city-fan.org> - 2.4.2-1
- Update to 2.4.2
- Fix exploit (GH#1283, CVE-2018-1000805) in Paramiko’s server mode (not
client mode) where hostile clients could trick the server into thinking
they were authenticated without actually submitting valid authentication
- Modify protocol message handling such that Transport does not respond to
MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED; this behavior probably
didn’t cause any outright errors, but it doesn’t seem to conform to the
RFCs and could cause (non-infinite) feedback loops in some scenarios
(usually those involving Paramiko on both ends)
- Add *.pub files to the MANIFEST so distributed source packages contain
some necessary test assets (GH#1262)
- Test suite now requires mock ≥ 2.0.0
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 20 2018 Miro Hrončok <mhroncok@redhat.com> - 2.4.1-4
- Rebuilt for Python 3.7
- Remove dependency on on pytest-relaxed
* Fri Mar 16 2018 Paul Howarth <paul@city-fan.org> - 2.4.1-1
- Update to 2.4.1
- Fix a security flaw (GH#1175, CVE-2018-7750) in Paramiko's server mode
(this does not impact client use) where authentication status was not
checked before processing channel-open and other requests typically only
sent after authenticating
- Ed25519 auth key decryption raised an unexpected exception when given a
unicode password string (typical in python 3) (GH#1039)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|