paramiko/NEWS

474 lines
21 KiB
Plaintext

====
NEWS
====
Highlights of what's new in each release.
Issues noted as "'ssh' #NN" can be found at https://github.com/bitprophet/ssh/.
Issues noted as "Fabric #NN" can be found at https://github.com/fabric/fabric/.
Releases
========
v1.10.1 (DD MM YYYY)
--------------------
* #142: (Fabric #811) SFTP put of empty file will still return the attributes
of the put file. Thanks to Jason R. Coombs for the patch.
* #154: (Fabric #876) Forwarded SSH agent connections left stale local pipes
lying around, which could cause local (and sometimes remote or network)
resource starvation when running many agent-using remote commands. Thanks to
Kevin Tegtmeier for catch & patch.
v1.10.0 (1st Mar 2013)
--------------------
* #66: Batch SFTP writes to help speed up file transfers. Thanks to Olle
Lundberg for the patch.
* #133: Fix handling of window-change events to be on-spec and not
attempt to wait for a response from the remote sshd; this fixes problems with
less common targets such as some Cisco devices. Thanks to Phillip Heller for
catch & patch.
* #93: Overhaul SSH config parsing to be in line with `man ssh_config` (& the
behavior of `ssh` itself), including addition of parameter expansion within
config values. Thanks to Olle Lundberg for the patch.
* #110: Honor SSH config `AddressFamily` setting when looking up local
host's FQDN. Thanks to John Hensley for the patch.
* #128: Defer FQDN resolution until needed, when parsing SSH config files.
Thanks to Parantapa Bhattacharya for catch & patch.
* #102: Forego random padding for packets when running under `*-ctr` ciphers.
This corrects some slowdowns on platforms where random byte generation is
inefficient (e.g. Windows). Thanks to `@warthog618` for catch & patch, and
Michael van der Kolff for code/technique review.
* #127: Turn `SFTPFile` into a context manager. Thanks to Michael Williamson
for the patch.
* #116: Limit `Message.get_bytes` to an upper bound of 1MB to protect against
potential DoS vectors. Thanks to `@mvschaik` for catch & patch.
* #115: Add convenience `get_pty` kwarg to `Client.exec_command` so users not
manually controlling a channel object can still toggle PTY creation. Thanks
to Michael van der Kolff for the patch.
* #71: Add `SFTPClient.putfo` and `.getfo` methods to allow direct
uploading/downloading of file-like objects. Thanks to Eric Buehl for the
patch.
* #113: Add `timeout` parameter to `SSHClient.exec_command` for easier setting
of the command's internal channel object's timeout. Thanks to Cernov Vladimir
for the patch.
* #94: Remove duplication of SSH port constant. Thanks to Olle Lundberg for the
catch.
* #80: Expose the internal "is closed" property of the file transfer class
`BufferedFile` as `.closed`, better conforming to Python's file interface.
Thanks to `@smunaut` and James Hiscock for catch & patch.
v1.9.0 (6th Nov 2012)
---------------------
* #97 (with a little #93): Improve config parsing of `ProxyCommand` directives
and provide a wrapper class to allow subprocess-driven proxy commands to be
used as `sock=` arguments for `SSHClient.connect`.
* #77: Allow `SSHClient.connect()` to take an explicit `sock` parameter
overriding creation of an internal, implicit socket object.
* Thanks in no particular order to Erwin Bolwidt, Oskari Saarenmaa, Steven
Noonan, Vladimir Lazarenko, Lincoln de Sousa, Valentino Volonghi, Olle
Lundberg, and Github user `@acrish` for the various and sundry patches
leading to the above changes.
v1.8.1 (6th Nov 2012)
---------------------
* #90: Ensure that callbacks handed to `SFTPClient.get()` always fire at least
once, even for zero-length files downloaded. Thanks to Github user `@enB` for
the catch.
* #85: Paramiko's test suite overrides
`unittest.TestCase.assertTrue/assertFalse` to provide these modern assertions
to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7,
this now causes deprecation warnings. The overrides have been patched to only
execute when necessary. Thanks to `@Arfrever` for catch & patch.
v1.8.0 (3rd Oct 2012)
---------------------
* #17 ('ssh' 28): Fix spurious `NoneType has no attribute 'error'` and similar
exceptions that crop up on interpreter exit.
* 'ssh' 32: Raise a more useful error explaining which `known_hosts` key line was
problematic, when encountering `binascii` issues decoding known host keys.
Thanks to `@thomasvs` for catch & patch.
* 'ssh' 33: Bring `ssh_config` parsing more in line with OpenSSH spec, re: order of
setting overrides by `Host` specifiers. Specifically, the overrides now go by
file order instead of automatically sorting by `Host` value length. In
addition, the first value found per config key (e.g. `Port`, `User` etc)
wins, instead of the last. Thanks to Jan Brauer for the contribution.
* 'ssh' 36: Support new server two-factor authentication option
(`RequiredAuthentications2`), at least re: combining key-based & password
auth. Thanks to Github user `bninja`.
* 'ssh' 11: When raising an exception for hosts not listed in
`known_hosts` (when `RejectPolicy` is in effect) the exception message was
confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for
highlighting the issue.
* 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk.
* 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the
implementation of `ssh_config(5)`. Thanks to Olle Lundberg for the patch.
* 'ssh' 24: Switch some internal type checking to use `isinstance` to help prevent
problems with client libraries using subclasses of builtin types. Thanks to
Alex Morega for the patch.
* Fabric #562: Agent forwarding would error out (with `Authentication response
too long`) or freeze, when more than one remote connection to the local agent
was active at the same time. This has been fixed. Thanks to Steven McDonald
for assisting in troubleshooting/patching, and to GitHub user `@lynxis` for
providing the final version of the patch.
* 'ssh' 5: Moved a `fcntl` import closer to where it's used to help avoid
`ImportError` problems on Windows platforms. Thanks to Jason Coombs for the
catch + suggested fix.
* 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit
Windows. Thanks again to Jason Coombs for the patch.
* Added an IO loop sleep() call to avoid needless CPU usage when agent
forwarding is in use.
* Handful of internal tweaks to version number storage.
* Updated `setup.py` with `==dev` install URL for `pip` users.
* Updated `setup.py` to account for packaging problems in PyCrypto 2.4.0
* Added an extra `atfork()` call to help prevent spurious RNG errors when
running under high parallel (multiprocess) load.
* Merge PR #28: https://github.com/paramiko/paramiko/pull/28 which adds a
ssh-keygen like demo module. (Sofian Brabez)
v1.7.7.2 16may12
----------------
* Merge pull request #63: https://github.com/paramiko/paramiko/pull/63 which
fixes exceptions that occur when re-keying over fast connections. (Dwayne
Litzenberger)
v1.7.7.1 (George) 21may11
-------------------------
* Make the verification phase of SFTP.put optional (Larry Wright)
* Patches to fix AIX support (anonymous)
* Patch from Michele Bertoldi to allow compression to be turned on in the
client constructor.
* Patch from Shad Sharma to raise an exception if the transport isn't active
when you try to open a new channel.
* Stop leaking file descriptors in the SSH agent (John Adams)
* More fixes for Windows address family support (Andrew Bennetts)
* Use Crypto.Random rather than Crypto.Util.RandomPool
(Gary van der Merwe, #271791)
* Support for openssl keys (tehfink)
* Fix multi-process support by calling Random.atfork (sugarc0de)
v1.7.6 (Fanny) 1nov09
---------------------
* fixed bugs 411099 (sftp chdir isn't unicode-safe), 363163 & 411910 (more
IPv6 problems on windows), 413850 (race when server closes the channel),
426925 (support port numbers in host keys)
v1.7.5 (Ernest) 19jul09
-----------------------
* added support for ARC4 cipher and CTR block chaining (Denis Bernard)
* made transport threads daemonize, to fix python 2.6 atexit behavior
* support unicode hostnames, and IP6 addresses (Maxime Ripard, Shikhar
Bhushan)
* various small bug fixes
v1.7.4 (Desmond) 06jul08
------------------------
* more randpool fixes for windows, from Dwayne Litzenberger
(NOTE: this may require a pycrypto upgrade on windows)
* fix potential deadlock during key exchange (Dwayne Litzenberger)
* remove MFC dependency from windows (Mark Hammond)
* added some optional API improvements for SFTPClient get() and put()
v1.7.3 (Clara) 23mar08
----------------------
* SSHClient can be asked not to use an SSH agent now, and not to search
for private keys
* added WarningPolicy option for SSHClient (warn, but allow, on unknown
server keys)
* added Channel.exit_status_ready to poll if a channel has received an
exit status yet
* new demo for reverse port forwarding
* (bug 177117) fix UTF-8 passwords
* (bug 189466) fix typo in osrandom.py
* (bug 191657) potentially fix a race at channel shutdown
* (bug 192749) document that SSHClient.connect may raise socket.error
* (bug 193779) translate EOFError into AuthException during authentication
* (bug 200416) don't create a new logger object for each channel
v1.7.2 (Basil) 21jan08
----------------------
* (bug 137219) catch EINTR and handle correctly
* (bug 157205) fix select() to trigger on stderr for a channel too
* added SSHClient.get_transport()
* added Channel.send_ready()
* added direct-tcpip forwarding [patch from david guerizec]
* fixed the PRNG to be more secure on windows and in cases where fork() is
called [patch from dwayne litzenberger]
v1.7.1 (Amy) 10jun07
--------------------
* windows SSH agent support can use the 'ctypes' module now if 'win32all' is
not available [patch from alexander belchenko]
* SFTPClient.listdir_attr() now preserves the 'longname' field [patch from
wesley augur]
* SFTPClient.get_channel() API added
* SSHClient constuctor takes an optional 'timeout' parameter [patch from
james bardin]
v1.7 (zubat) 18feb07
--------------------
* added x11 channel support (patch from david guerizec)
* added reverse port forwarding support
* (bug 75370) raise an exception when contacting a broken SFTP server
* (bug 80295) SSHClient shouldn't expand the user directory twice when reading
RSA/DSS keys
* (bug 82383) typo in DSS key in SSHClient
* (bug 83523) python 2.5 warning when encoding a file's modification time
* if connecting to an SSH agent fails, silently fallback instead of raising
an exception
v1.6.4 (yanma) 19nov06
----------------------
* fix setup.py on osx (oops!)
* (bug 69330) check for the existence of RSA/DSA keys before trying to open
them in SFTPClient
* (bug 69222) catch EAGAIN in socket code to workaround a bug in recent
Linux 2.6 kernels
* (bug 70398) improve dict emulation in HostKeys objects
* try harder to make sure all worker threads are joined on Transport.close()
v1.6.3 (xatu) 14oct06
---------------------
* fixed bug where HostKeys.__setitem__ wouldn't always do the right thing
* fixed bug in SFTPClient.chdir and SFTPAttributes.__str__ [patch from
mike barber]
* try harder not to raise EOFError from within SFTPClient
* fixed bug where a thread waiting in accept() could block forever if the
transport dies [patch from mike looijmans]
v1.6.2 (weedle) 16aug06
-----------------------
* added support for "old" group-exchange server mode, for compatibility
with the windows putty client
* fixed some more interactions with SFTP file readv() and prefetch()
* when saving the known_hosts file, preserve the original order [patch from
warren young]
* fix a couple of broken lines when exporting classes (bug 55946)
v1.6.1 (vulpix) 10jul06
-----------------------
* more unit tests fixed for windows/cygwin (thanks to alexander belchenko)
* a couple of fixes related to exceptions leaking out of SFTPClient
* added ability to set items in HostKeys via __setitem__
* HostKeys now retains order and has a save() method
* added PKey.write_private_key and PKey.from_private_key
v1.6 (umbreon) 10may06
----------------------
* pageant support on Windows thanks to john arbash meinel and todd whiteman
* fixed unit tests to work under windows and cygwin (thanks to alexander
belchenko for debugging)
* various bugfixes/tweaks to SFTP file prefetch
* added SSHClient for a higher-level API
* SFTP readv() now yields results as it gets them
* several APIs changed to throw an exception instead of "False" on failure
v1.5.4 (tentacool) 11mar06
--------------------------
* fixed HostKeys to more correctly emulate a python dict
* fixed a bug where file read buffering was too aggressive
* improved prefetching so that out-of-order reads still use the prefetch
buffer
* added experimental SFTPFile.readv() call
* more unit tests
v1.5.3 (squirtle) 19feb06
-------------------------
* a few performance enhancements
* added HostKeys, for dealing with openssh style "known_hosts" files, and
added support for hashed hostnames
* added Transport.atfork() for dealing with forked children
* added SFTPClient.truncate, SFTPFile.chmod, SFTPFile.chown, SFTPFile.utime,
and SFTPFile.truncate
* improved windows demos [patch from mike looijmans], added an sftp demo, and
moved demos to the demos/ folder
* fixed a few interoperability bugs
* cleaned up logging a bit
* fixed a bug where EOF on a Channel might not be detected by select [found
by thomas steinacher]
* fixed python 2.4-ism that crept in [patch by jan hudec]
* fixed a few reference loops that could have interacted badly with the python
garbage collector
* fixed a bunch of pychecker warnings, some of which were bugs
v1.5.2 (rhydon) 04dec05
-----------------------
* compression support (opt-in via Transport.use_compression)
* sftp files may be opened with mode flag 'x' for O_EXCL (exclusive-open)
behavior, which has no direct python equivalent
* added experimental util functions for parsing openssh config files
* fixed a few bugs (and potential deadlocks) with key renegotiation
* fixed a bug that caused SFTPFile.prefetch to occasionally lock up
* fixed an sftp bug which affected van dyke sftp servers
* fixed the behavior of select()ing on a closed channel, such that it will
always trigger as readable
v1.5.1 (quilava) 31oct05
------------------------
* SFTPFile.prefetch() added to dramatically speed up downloads (automatically
turned on in SFTPClient.get())
* fixed bug where garbage-collected Channels could trigger the Transport to
close the session (reported by gordon good)
* fixed a deadlock in rekeying (reported by wendell wood)
* fixed some windows bugs and SFTPAttributes.__str__() (reported by grzegorz
makarewicz)
* better sftp error reporting by adding fake "errno" info to IOErrors
v1.5 (paras) 02oct05
--------------------
* added support for "keyboard-interactive" authentication
* added mode (on by default) where password authentication will try to
fallback to "keyboard-interactive" if it's supported
* added pipelining to SFTPFile.write and SFTPClient.put
* fixed bug with SFTPFile.close() not guarding against being called more
than once (thanks to Nathaniel Smith)
* fixed broken 'a' flag in SFTPClient.file() (thanks to Nathaniel Smith)
* fixed up epydocs to look nicer
* reorganized auth_transport into auth_handler, which seems to be a cleaner
separation
* demo scripts fixed to have a better chance of loading the host keys
correctly on windows/cygwin
v1.4 (oddish) 17jul05
---------------------
* added SSH-agent support (for posix) from john rochester
* added chdir() and getcwd() to SFTPClient, to emulate a "working directory"
* added get() and put() to SFTPClient, to emulate ftp whole-file transfers
* added check() to SFTPFile (a file hashing protocol extension)
* fixed Channels and SFTPFiles (among others) to auto-close when GC'd
* fixed Channel.fileno() for Windows, this time really
* don't log socket errors as "unknown exception"
* some misc. backward-compatible API improvements (like allowing
Transport.start_client() and start_server() to be called in a blocking way)
v1.3.1 (nidoran) 28jun05
------------------------
* added SFTPClient.close()
* fixed up some outdated documentation
* made SFTPClient.file() an alias for open()
* added Transport.open_sftp_client() for convenience
* refactored packetizing out of Transport
* fixed bug (reported by alain s.) where connecting to a non-SSH host could
cause paramiko to freeze up
* fixed Channel.fileno() for Windows (again)
* some more unit tests
v1.3 (marowak) 09apr05
----------------------
* fixed a bug where packets larger than about 12KB would cause the session
to die on all platforms except osx
* added a potential workaround for windows to let Channel.fileno() (and
therefore the select module) work!
* changed API for subsystem handlers (sorry!) to pass more info and make it
easier to write a functional SFTP server
v1.2 (lapras) 28feb05
---------------------
* added SFTPClient.listdir_attr() for fetching a list of files and their
attributes in one call
* added Channel.recv_exit_status() and Channel.send_exit_status() for
manipulating the exit status of a command from either client or server
mode
* moved check_global_request into ServerInterface, where it should've been
all along (oops)
* SFTPHandle's default implementations are fleshed out more
* made logging a bit more consistent, and started logging thread ids
* fixed a few race conditions, one of which would sometimes cause a Transport
to fail to start on slow machines
* more unit tests
v1.1 (kabuto) 12dec04
---------------------
* server-side SFTP support
* added support for stderr streams on client & server channels
* added a new distinct exception for failed client authentication
when caused by the server rejecting that *type* of auth
* added support for multi-part authentication
* fixed bug where get_username() wasn't working in server mode
v1.0 (jigglypuff) 06nov04
-------------------------
* fixed bug that broke server-mode authentication by private key
* fixed bug where closing a Channel could end up killing the entire
Transport
* actually include demo_windows.py this time (oops!)
* fixed recently-introduced bug in group-exchange key negotiation that
would generate the wrong hash (and therefore fail the initial handshake)
* server-mode subsystem handler is a bit more flexible
v0.9 (ivysaur) 22oct04
----------------------
* new ServerInterface class for implementing server policy, so it's no
longer necessary to subclass Transport or Channel -- server code will
need to be updated to follow this new API! (see demo_server.py)
* some bugfixes for re-keying an active session
* Transport.get_security_options() allows fine-tuned control over the
crypto negotiation on a new session
* Transport.connect() takes a single hostkey object now instead of two
string parameters
* the Channel request methods (like 'exec_command') now return True on
success or False on failure
* added a mechanism for providing subsystems in server mode (and a new
class to be subclassed: SubsystemHandler)
* renamed SFTP -> SFTPClient (but left an alias for existing code)
* added SFTPClient.normalize() to resolve paths on the server
* fleshed out the API a bit more for SFTPClient and private keys
* a bunch of new unit tests!
v0.9 (horsea) 27jun04
---------------------
* fixed a lockup that could happen if the channel was closed while the
send window was full
* better checking of maximum packet sizes
* better line buffering for file objects
* now chops sftp requests into smaller packets for some older servers
* more sftp unit tests
v0.9 (gyarados) 31may04
-----------------------
* Transport.open_channel() -- supports local & remote port forwarding now
* now imports UTF-8 encodings explicitly as a hint to "freeze" utilities
* no longer rejects older SFTP servers
* default packet size bumped to 8kB
* fixed deadlock in closing a channel
* Transport.connect() -- fixed bug where it would always fail when given a
host key to verify
v0.9 (fearow) 23apr04
---------------------
* Transport.send_ignore() -- send random ignored bytes
* RSAKey/DSSKey added from_private_key_file() as a factory constructor;
write_private_key_file() & generate() to create and save ssh2 keys;
get_base64() to retrieve the exported public key
* Transport added global_request() [client] and check_global_request()
[server]
* Transport.get_remove_server_key() now returns a PKey object instead of a
tuple of strings
* Transport.get_username() -- return the username you auth'd as [client]
* Transport.set_keepalive() -- makes paramiko send periodic junk packets
to the remote host, to keep the session active
* python 2.2 support (thanks to Roger Binns)
* misc. bug fixes
v0.9 (eevee) 08mar04
--------------------
v0.9 (doduo) 04jan04
--------------------
v0.1 (charmander) 10nov03
-------------------------
v0.1 (bulbasaur) 18sep03
------------------------
v0.1 (aerodactyl) 13sep03
-------------------------