python-paramiko/python-paramiko.changes

-------------------------------------------------------------------
Sun Jun 11 16:32:09 UTC 2017 - mimi.vx@gmail.com

- update to 2.1.3
* Make util.log_to_file append instead of replace.
* SSHClient and Transport could cause a memory leak if there’s a connection
	 problem or protocol error, even if Transport.close() is called.
* Prior support for ecdsa-sha2-nistp(384|521) algorithms didn’t fully extend
	 to covering host keys, preventing connection to hosts which only offer
	 these key types and no others. This is now fixed.
* Prefer newer ecdsa-sha2-nistp keys over RSA and DSA keys during host key
	 selection. This improves compatibility with OpenSSH, both in terms of general
	 behavior, and also re: ability to properly leverage OpenSSH-modified
	 known_hosts files.
* The RC4/arcfour family of ciphers has been broken since version 2.0; but since
	 the algorithm is now known to be completely insecure, we are opting
	 to remove support outright instead of fixing it.
* Move sha1 above the now-arguably-broken md5 in the list of preferred MAC
	 algorithms, as an incremental security improvement for users whose target
	 systems offer both.
* Writing encrypted/password-protected private key files was silently broken
	 since 2.0 due to an incorrect API call
     Includes a directly related fix, namely adding the ability to read AES-256-CBC
	 ciphered private keys (which is now what we tend to write out as it is
	 Cryptography’s default private key cipher.)
* Allow any type implementing the buffer API to be used with BufferedFile,
	 Channel, and SFTPFile. This resolves a regression introduced in 1.13
	 with the Python 3 porting changes, when using types such as memoryview.
* Enhance default cipher preference order such that aes(192|256)-cbc are preferred
	 over blowfish-cbc.
* SSHClient now requests the type of host key it has (e.g. from known_hosts)
	 and does not consider a different type to be a “Missing” host key. This fixes
	 a common case where an ECDSA key is in known_hosts and the server also has
	 an RSA host key.
* Overhaul the codebase to be PEP-8

-------------------------------------------------------------------
Wed Apr 19 17:24:58 UTC 2017 - toddrme2178@gmail.com

- Implement single-spec version.

-------------------------------------------------------------------
Fri Mar 17 20:25:35 UTC 2017 - rjschwei@suse.com

- Fix version setting for cryptography for build

-------------------------------------------------------------------
Thu Mar 16 22:23:45 UTC 2017 - rjschwei@suse.com

- Add python-pyasn1 as Buildrequires for testing

-------------------------------------------------------------------
Fri Feb 24 16:27:00 UTC 2017 - mimi.vx@gmail.com

- update to 2.1.2
* Fix a bug in server-mode concerning multiple interactive auth steps
*  SSHClient now gives its internal Transport a handle on itself, preventing 
    garbage collection of the client until the session is closed. Without this,
    some code which returns stream or transport objects without the client that
    generated them, would result in premature session closure
    when the client was GCd
* Avoid test suite exceptions on platforms lacking errno.ETIME
* weak how RSAKey.__str__ behaves so it doesn’t cause TypeError under Python 3.

-------------------------------------------------------------------
Tue Dec 13 11:50:39 UTC 2016 - mimi.vx@gmail.com

- update to 2.1.1
* A tweak to the original patch implementing gh#398 was not fully applied, 
    causing calls to ~paramiko.client.SSHClient.invoke_shell to fail with
    AttributeError. This has been fixed.
* Fix the implementation of PKey.write_private_key_file (this method is only
    publicly defined on subclasses; the fix was in the private real
    implementation) so it passes the correct params to open()
* Add an optional timeout parameter to Transport.start_clienti
    <paramiko.transport.Transport.start_client> (and feed it the value of the
    configured connection timeout when used within SSHClient
    <paramiko.client.SSHClient>.)
* Catch AssertionError thrown by Cryptography when attempting to load bad
    ECDSA keys, turning it into an SSHException.
* Add a missing .closed attribute (plus ._closed because reasons) to
    ProxyCommand <paramiko.proxy.ProxyCommand>
* Make the subprocess import in proxy.py lazy so users on platforms without
    it (such as Google App Engine) can import Paramiko successfully
* Fix incorrect docstring/param-list for Transport.auth_gssapi_keyex
    <paramiko.transport.Transport.auth_gssapi_keyex> so it matches
    the real signature.
* Add an environment dict argument to Client.exec_command

-------------------------------------------------------------------
Fri Oct  7 09:13:06 UTC 2016 - tbechtold@suse.com

- Fix Requires for python-cryptography
- Add missing Requires for python-pyasn1

-------------------------------------------------------------------
Sun Jul 31 12:15:25 UTC 2016 - michael@stroeder.com

- update to 2.0.2
  * [Bug] #758: Apply type definitions to _winapi module from 
    jaraco.windows 3.6.1. This should address issues on Windows platforms 
    that often result in errors like ArgumentError: [...] int too long to 
    convert. Thanks to @swohlerLL for the report and Jason R. Coombs for the 
    patch.
  * [Bug] #774: Add a _closed private attribute to Channel objects so that 
    they continue functioning when used as proxy sockets under Python 3 (e.g. 
    as direct-tcpip gateways for other Paramiko connections.)
  * [Bug] #673: (via #681) Fix protocol banner read errors (SSHException) 
    which would occasionally pop up when using ProxyCommand gatewaying. 
    Thanks to @Depado for the initial report and Paul Kapp for the fix.

-------------------------------------------------------------------
Sat Jul 23 14:20:34 UTC 2016 - michael@stroeder.com

- updated homepage URL
- update to 2.0.1:
  * [Bug] #537: Fix a bug in BufferedPipe.set_event which could cause 
    deadlocks/hangs when one uses select.select against Channel objects (or 
    otherwise calls Channel.fileno after the channel has closed).
  * [Bug] #520: (Partial fix) Fix at least one instance of race condition 
    driven threading hangs at end of the Python interpreter session. 
    (Includes a docs update as well - always make sure to .close() your 
    clients!)

-------------------------------------------------------------------
Fri Jul  8 08:50:08 UTC 2016 - dmueller@suse.com

- fix build

-------------------------------------------------------------------
Mon Jun  6 11:32:04 UTC 2016 - dmueller@suse.com

- fix source url

-------------------------------------------------------------------
Sun May  8 21:11:31 UTC 2016 - hpj@urpla.net

- update to 2.0.0:
  * Add support for 384- and 512-bit elliptic curve groups in ECDSA
    key types (aka ecdsa-sha2-nistp384 / ecdsa-sha2-nistp521).
  * Due to an earlier bugfix, less-specific Host blocks' ProxyCommand
    values were overriding ProxyCommand none in more-specific Host
    blocks. This has been fixed in a backwards compatible manner (i.e.
    ProxyCommand none continues to appear as a total lack of any
    proxycommand key in parsed config structures).
  * Fix a backwards incompatibility issue that cropped up in 
    SFTPFile.prefetch <~paramiko.sftp_file.prefetch> re: the 
    erroneously non-optional file_size parameter. Should only affect 
    users who manually call prefetch. 
  * Replace PyCrypto with the Python Cryptographic Authority (PyCA)
    'Cryptography' library suite. This improves security,
    installability, and performance; adds PyPy support; and much more.
  * Fix stalled/hung SFTP downloads by cleaning up some threading lock
    issues.
  * Fix a Python 3 compatibility issue when handling two-factor
    authentication.
  * Clean up setup.py to always use setuptools, not doing so was a 
    historical artifact from bygone days.
  * Update the module in charge of handling SSH moduli so it's
    consistent with OpenSSH behavior re: prime number selection. 
  * Fix up ~paramiko.ssh_exception.NoValidConnectionsError so it 
    pickles correctly, and fix a related Python 3 compatibility issue.
  * Update to jaraco.windows 3.4.1 to fix some errors related to 
    ctypes on Windows platforms. 
  * Annotate some public attributes on ~paramiko.channel.Channel such
    as .closed.
  * Fix logic bug in the SFTP client's callback-calling functionality;
    previously there was a chance the given callback would fire twice
    at the end of a transfer.
  * Identify & work around a race condition in the test for handshake
    timeouts, which was causing frequent test failures for a subset of
    contributors as well as Travis-CI (usually, but not always, 
    limited to Python 3.5).
  * Remove whitespace in our setup.py's install_requires as it 
    triggers occasional bugs in some versions of setuptools.
  * Strip trailing/leading whitespace from lines when parsing SSH 
    config files - this brings things in line with OpenSSH behavior.
  * Fix behavior of gssapi-with-mic auth requests so they fail 
    gracefully (allowing followup via other auth methods) instead of 
    raising an exception.
  * Add missing file-like object methods for ~paramiko.file.BufferedFile
    and ~paramiko.sftp_file.SFTPFile.
  * Clean up and enhance the README (and rename it to README.rst from
    just README).

-------------------------------------------------------------------
Mon Feb  1 11:26:44 UTC 2016 - toddrme2178@gmail.com

- Add --no-transport to fix a known issue with the tests
  https://github.com/paramiko/paramiko/issues/574
  Check if still failing on next release.
  The tests is currently failing on Python 3.5, but it is not
  actually Python 3.5 specific, it is just more likely to be
  encountered on Python 3.5
- update to version 1.16.0:
  * Streamline use of stat when downloading SFTP files via
    SFTPClient.get <paramiko.sftp_client.SFTPClient.get>; this avoids
    triggering bugs in some off-spec SFTP servers such as IBM
    Sterling. Thanks to @muraleee for the initial report and to Torkil
    Gustavsen for the patch.
  * Fully enable two-factor authentication (e.g. when a server
    requires AuthenticationMethods
    pubkey,keyboard-interactive). Thanks to @perryjrandall for the
    patch and to @nevins-b and Matt Robenolt for additional support.
  * Fix 'exec' requests in server mode to use get_string instead of
    get_text to avoid UnicodeDecodeError on non-UTF-8 input. Thanks to
    Anselm Kruis for the patch & discussion.
  * Fix line number reporting in log output regarding invalid
    known_hosts line entries. Thanks to Dylan Thacker-Smith for catch
    & patch.
  * Update the vendored Windows API addon to a more recent
    edition. Also fixes :issue:`193`, :issue:`488`,
    :issue:`498`. Thanks to Jason Coombs.

-------------------------------------------------------------------
Thu Feb 26 11:00:52 UTC 2015 - tbechtold@suse.com

- update to version 1.15.2 (bsc#962291)
  * [Bug] #320: Update our win_pageant module to be Python 3 compatible
  * [Bug] #429: Server-level debug message logging was overlooked during the
    Python 3 compatibility update; Python 3 clients attempting to log SSH
    debug packets encountered type errors. This is now fixed
  * [Bug] #459: Tighten up agent connection closure behavior to avoid
    spurious ResourceWarning display in some situations
  * [Bug] #266: Change numbering of Transport channels to start at 0
    instead of 1 for better compatibility with OpenSSH & certain server
    implementations which break on 1-indexed channels
  * [Support] #419: Modernize a bunch of the codebase internals to
    leverage decorators. Props to @beckjake for realizing we’re no longer
    on Python 2.2 :D
  * [Support] #421: Modernize threading calls to user newer API
  * [Support] #422: Clean up some unused imports
  * [Support] #431: Replace handrolled ssh_config parsing code with
    use of the shlex module
  * [Bug] #415: Fix ssh_config parsing to correctly interpret ProxyCommand
    none as the lack of a proxy command, instead of as a literal command
    string of "none"
  * [Bug] #428: Fix an issue in BufferedFile (primarily used in the SFTP
    modules) concerning incorrect behavior by readlines on files whose
    size exceeds the buffer size
  * [Bug] #455: Tweak packet size handling to conform better to the
    OpenSSH RFCs; this helps address issues with interactive program cursors
  * [Bug] #413: (also #414, #420, #454) Be significantly smarter about polling
    & timing behavior when running proxy commands, to avoid unnecessary
    (often 100%!) CPU usage

-------------------------------------------------------------------
Thu Oct  2 16:33:24 UTC 2014 - andrea@opensuse.org

- new upsteam version 1.15.1
  * fixed from previous version: Bug] #399: SSH agent forwarding
    would hang due to incorrect values passed into the new window
    size arguments for Transport 
  * detailed changelog available on pramiko website:
    http://paramiko-www.readthedocs.org/en/latest/changelog.html

-------------------------------------------------------------------
Sat May 31 11:35:11 UTC 2014 - dmueller@suse.com

- update to 1.13.1:
* :support:`256 backported` Convert API documentation to Sphinx, yielding a new
  API docs website to replace the old Epydoc one.
* :bug:`-` Use constant-time hash comparison operations where possible, to
  protect against `timing-based attacks
  <http://codahale.com/a-lesson-in-timing-attacks/>`_. Thanks to Alex Gaynor
  for the patch.
* :feature:`58` Allow client code to access the stored SSH server banner via
  `Transport.get_banner <paramiko.transport.Transport.get_banner>`. Thanks to
  ``@Jhoanor`` for the patch.
* :bug:`252` (`Fabric #1020 <https://github.com/fabric/fabric/issues/1020>`_)
  Enhanced the implementation of ``ProxyCommand`` to avoid a deadlock/hang
  condition that frequently occurs at ``Transport`` shutdown time. Thanks to
  Mateusz Kobos, Matthijs van der Vleuten and Guillaume Zitta for the original
  reports and to Marius Gedminas for helping test nontrivial use cases.
* :bug:`268` Fix some missed renames of ``ProxyCommand`` related error classes.
  Thanks to Marius Gedminas for catch & patch.
* :bug:`34` (PR :issue:`35`) Fix SFTP prefetching incompatibility with some
  SFTP servers regarding request/response ordering. Thanks to Richard
  Kettlewell.
* :bug:`193` (and its attentant PRs :issue:`230` & :issue:`253`) Fix SSH agent
  problems present on Windows. Thanks to David Hobbs for initial report and to
  Aarni Koskela & Olle Lundberg for the patches.
* :bug:`225 (1.12+)` Note ecdsa requirement in README. Thanks to Amaury
  Rodriguez for the catch.
* :bug:`176` Fix AttributeError bugs in known_hosts file (re)loading. Thanks
  to Nathan Scowcroft for the patch & Martin Blumenstingl for the initial test
  case.

-------------------------------------------------------------------
Fri Apr 18 15:10:24 UTC 2014 - rschweikert@suse.com

- include in SLE 12 (FATE #315990)

-------------------------------------------------------------------
Mon Nov 25 23:01:56 UTC 2013 - p.drouand@gmail.com

- Update to version 1.12  
  * #152: Add tentative support for ECDSA keys. *This adds the ecdsa
    module as a new dependency of Paramiko.* The module is available at
    [warner/python-ecdsa on Github](https://github.com/warner/python-ecdsa) and
    [ecdsa on PyPI](https://pypi.python.org/pypi/ecdsa).
    * Note that you might still run into problems with key negotiation --
      Paramiko picks the first key that the server offers, which might not be
      what you have in your known_hosts file.
    * Mega thanks to Ethan Glasser-Camp for the patch.
  * #136: Add server-side support for the SSH protocol's 'env' command
- Use local source instead of service
- Add python-ecdsa requirement; new dependency

-------------------------------------------------------------------
Sun Oct 27 17:50:34 UTC 2013 - lukas@wunner.de

- update to 1.11.2:
  * #156: Fix potential deadlock condition when using Channel objects as
  sockets (e.g. when using SSH gatewaying). Thanks to Steven Noonan and
  Frank Arnold for catch & patch.
  * #179: Fix a missing variable causing errors when an ssh_config file
  has a non-default AddressFamily set. Thanks to Ed Marshall & Tomaz
  Muraus for catch & patch.
  * #200: Fix an exception-causing typo in `demo_simple.py`. Thanks to
  Alex Buchanan for catch & Dave Foster for patch.
  * #199: Typo fix in the license header cross-project. Thanks to Armin
  Ronacher for catch & patch.
  * #162: Clean up HMAC module import to avoid deadlocks in certain uses
  of SSHClient. Thanks to Gernot Hillier for the catch & suggested fix.
  * #36: Fix the port-forwarding demo to avoid file descriptor errors.
  Thanks to Jonathan Halcrow for catch & patch.
  * #168: Update config handling to properly handle multiple 'localforward'
  and 'remoteforward' keys. Thanks to Emre Yilmaz for the patch.

-------------------------------------------------------------------
Tue Sep  3 08:06:53 UTC 2013 - dmueller@suse.com

- update to 1.11.0:
  * #98: On Windows, when interacting with the PuTTY PAgeant, Paramiko now
  creates the shared memory map with explicit Security Attributes of the user,
  which is the same technique employed by the canonical PuTTY library to avoid
  permissions issues when Paramiko is running under a different UAC context
  than the PuTTY Ageant process. Thanks to Jason R. Coombs for the patch.
  * #100: Remove use of PyWin32 in `win_pageant` module. Module was already
  dependent on ctypes for constructing appropriate structures and had ctypes
  implementations of all functionality. Thanks to Jason R. Coombs for the
  patch.
  * #87: Ensure updates to `known_hosts` files account for any updates to said
  files after Paramiko initially read them. (Includes related fix to guard
  against duplicate entries during subsequent `known_hosts` loads.) Thanks to
  `@sunweaver` for the contribution.

-------------------------------------------------------------------
Mon Apr 29 12:52:27 UTC 2013 - dmueller@suse.com

- update to 1.10.1:
  * SFTP put of empty file will still return the attributes
  of the put file. Thanks to Jason R. Coombs for the patch.
  * Forwarded SSH agent connections left stale local pipes
  lying around, which could cause local (and sometimes remote or network
  resource starvation when running many agent-using remote commands. Thanks to
  * Batch SFTP writes to help speed up file transfers
  * Fix handling of window-change events to be on-spec
  * Overhaul SSH config parsing to be in line with `man ssh_config`
  * Forego random padding for packets when running under `*-ctr` ciphers
  * Add `SFTPClient.putfo` and `.getfo` methods to allow direct
    uploading/downloading of file-like objects
  * Add `timeout` parameter to `SSHClient.exec_command` for easier setting
    of the command's internal channel object's timeout
  * Expose the internal "is closed" property of the file transfer class
    BufferedFile` as `.closed`, better conforming to Python's file interface

-------------------------------------------------------------------
Sat Dec  1 15:12:44 UTC 2012 - saschpe@suse.de

- Update to version 1.9.0:
  + #97 (with a little #93): Improve config parsing of ProxyCommand directives
    and provide a wrapper class to allow subprocess-driven proxy commands to be
    used as sock= arguments for SSHClient.connect.
  + #77: Allow SSHClient.connect() to take an explicit sock parameter
    overriding creation of an internal, implicit socket object.
- Changes from version 1.8.1:
  + #90: Ensure that callbacks handed to SFTPClient.get() always fire at least
    once, even for zero-length files downloaded. Thanks to Github user @enB for
    the catch.
  + #85: Paramiko's test suite overrides
    unittest.TestCase.assertTrue/assertFalse to provide these modern assertions
    to Python 2.2/2.3, which lacked them. However on newer Pythons such as 2.7,
    this now causes deprecation warnings. The overrides have been patched to only
    execute when necessary. Thanks to @Arfrever for catch & patch.
- Changes from version 1.8.0:
  + #17 ('ssh' 28): Fix spurious NoneType has no attribute 'error' and similar
    exceptions that crop up on interpreter exit.
  + 'ssh' 32: Raise a more useful error explaining which known_hosts key line was
    problematic, when encountering binascii issues decoding known host keys.
    Thanks to @thomasvs for catch & patch.
  + 'ssh' 33: Bring ssh_config parsing more in line with OpenSSH spec, re: order of
    setting overrides by Host specifiers. Specifically, the overrides now go by
    file order instead of automatically sorting by Host value length. In
    addition, the first value found per config key (e.g. Port, User etc)
    wins, instead of the last. Thanks to Jan Brauer for the contribution.
  + 'ssh' 36: Support new server two-factor authentication option
    (RequiredAuthentications2), at least re: combining key-based & password
    auth. Thanks to Github user bninja.
  + 'ssh' 11: When raising an exception for hosts not listed in
    known_hosts (when RejectPolicy is in effect) the exception message was
    confusing/vague. This has been improved somewhat. Thanks to Cal Leeming for
    highlighting the issue.
  + 'ssh' 40: Fixed up & expanded EINTR signal handling. Thanks to Douglas Turk.
  + 'ssh' 15: Implemented parameter substitution in SSHConfig, matching the
    implementation of ssh_config(5). Thanks to Olle Lundberg for the patch.
  + 'ssh' 24: Switch some internal type checking to use isinstance to help prevent
    problems with client libraries using subclasses of builtin types. Thanks to
    Alex Morega for the patch.
  + Fabric #562: Agent forwarding would error out (with Authentication response
    too long) or freeze, when more than one remote connection to the local agent
    was active at the same time. This has been fixed. Thanks to Steven McDonald
    for assisting in troubleshooting/patching, and to GitHub user @lynxis for
    providing the final version of the patch.
  + 'ssh' 5: Moved a fcntl import closer to where it's used to help avoid
    ImportError problems on Windows platforms. Thanks to Jason Coombs for the
    catch + suggested fix.
  + 'ssh' 4: Updated implementation of WinPageant integration to work on 64-bit
    Windows. Thanks again to Jason Coombs for the patch.
  + Added an IO loop sleep() call to avoid needless CPU usage when agent
    forwarding is in use.
  + Handful of internal tweaks to version number storage.
  + Updated setup.py with ==dev install URL for pip users.
  + Updated setup.py to account for packaging problems in PyCrypto 2.4.0
  + Added an extra atfork() call to help prevent spurious RNG errors when
    running under high parallel (multiprocess) load.
  + Merge PR #28: https://github.com/paramiko/paramiko/pull/28 which adds a
    ssh-keygen like demo module. (Sofian Brabez)

-------------------------------------------------------------------
Sun Jun 24 20:04:03 UTC 2012 - os-dev@jacraig.com

- Update to 1.7.7.2:
  * Merge pull request #63: https://github.com/paramiko/paramiko/pull/63 which
    fixes exceptions that occur when re-keying over fast connections.
- Add unit tests to build

-------------------------------------------------------------------
Mon Mar 12 21:05:53 UTC 2012 - saschpe@gmx.de

- Simplified macro usage

-------------------------------------------------------------------
Tue Sep 20 14:30:25 UTC 2011 - saschpe@suse.de

- Update to version 0.7.7:
  * Various bug fixes (upstream provides no further changes)

-------------------------------------------------------------------
Tue Oct  5 08:20:00 UTC 2010 - nix@opensuse.org

- Require newer python-crypto

-------------------------------------------------------------------
Thu Sep 16 07:58:41 UTC 2010 - coolo@novell.com

- updte to 1.7.6 "Fanny"
  various bug fixes, "Ernest" brought ARC4 & CTR support and IP6 support

-------------------------------------------------------------------
Wed Sep 24 11:44:21 CEST 2008 - kssingvo@suse.de

- initial version 1.7.4 required from bzr
  based on python-paramiko from openSUSE BuildService:
  devel:languages:python/openSUSE_Factory