|
|
|
@@ -1,3 +1,188 @@
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
|
|
Sat Jul 12 17:35:09 UTC 2025 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- update to 2.21.0:
|
|
|
|
|
|
|
|
* Added sparse file support for SFTP, allowing file copying
|
|
|
|
|
|
|
|
which automatically skips over any "holes" in a source file,
|
|
|
|
|
|
|
|
transferring only the data ranges which are actually present.
|
|
|
|
|
|
|
|
* Added support for applications to request that session,
|
|
|
|
|
|
|
|
connection, or TUN/TAP requests arriving on an
|
|
|
|
|
|
|
|
SSHServerConnection be forwarded out some other established
|
|
|
|
|
|
|
|
SSHClientConnection. Callback methods on SSHServer which
|
|
|
|
|
|
|
|
decide how to handle these requests can now return an
|
|
|
|
|
|
|
|
SSHClientConnection to set up this tunneling, instead of
|
|
|
|
|
|
|
|
having to accept the request and implement their own
|
|
|
|
|
|
|
|
forwarding logic.
|
|
|
|
|
|
|
|
* Further hardened the SSH key exchange process to make
|
|
|
|
|
|
|
|
AsyncSSH more strict when accepting messages during key
|
|
|
|
|
|
|
|
exchange. Thanks go to Fabian Bäumer and Marcus Brinkmann for
|
|
|
|
|
|
|
|
identifying potential issues here.
|
|
|
|
|
|
|
|
* Added support for the auth_completed callback in SSHServer to
|
|
|
|
|
|
|
|
be either a callable or a coroutine, allowing async
|
|
|
|
|
|
|
|
operations to be performed when user authentication completes
|
|
|
|
|
|
|
|
successfully, prior to accepting session requests.
|
|
|
|
|
|
|
|
* Added support for the sftp_factory config argument be either
|
|
|
|
|
|
|
|
a callable or a coroutine, allowing async operations to be
|
|
|
|
|
|
|
|
performed when starting up a new SFTP server session.
|
|
|
|
|
|
|
|
* Fixed a bug where the exit() method of SFTPServer didn't
|
|
|
|
|
|
|
|
handle being declared as a coroutine. Thanks go to C. R.
|
|
|
|
|
|
|
|
Oldham for reporting this issue.
|
|
|
|
|
|
|
|
* Improved handling of exceptions in connection_lost()
|
|
|
|
|
|
|
|
callbacks. Exceptions in connection_lost() will now be
|
|
|
|
|
|
|
|
reported in the debug log, but other cleanup code in AsyncSSH
|
|
|
|
|
|
|
|
will continue, ignoring those exceptions. Thanks go to Danil
|
|
|
|
|
|
|
|
Slinchuk for reporting this issue.
|
|
|
|
|
|
|
|
* Added support for specifying an explicit path when
|
|
|
|
|
|
|
|
configuring agent forwarding. Thanks go to Aleksandr Ilin for
|
|
|
|
|
|
|
|
pointing out that this options supports more than just a
|
|
|
|
|
|
|
|
boolean value.
|
|
|
|
|
|
|
|
* Added support for environment variable expansion in SSH
|
|
|
|
|
|
|
|
config, for options which support percent expansion.
|
|
|
|
|
|
|
|
* Added a new begin_auth callback in SSHClient, reporting the
|
|
|
|
|
|
|
|
username being sent during SSH client authentication. This
|
|
|
|
|
|
|
|
can be useful when the user is conditionally set via an SSH
|
|
|
|
|
|
|
|
config file.
|
|
|
|
|
|
|
|
* Improved strict-kex interoperability during re-keying. Thanks
|
|
|
|
|
|
|
|
go to GitHub user emeryalden for reporting this issue and
|
|
|
|
|
|
|
|
helping to track down the source of the problem.
|
|
|
|
|
|
|
|
* Updated SFTP max_requests default to reduce memory usage when
|
|
|
|
|
|
|
|
using large block sizes.
|
|
|
|
|
|
|
|
* Updated testing to add Python 3.13 and drop Python 3.7,
|
|
|
|
|
|
|
|
avoiding deprecation warnings from the cryptography package.
|
|
|
|
|
|
|
|
* Fixed unit test issues under Windows, allowing unit tests to
|
|
|
|
|
|
|
|
run on Windows on all supported versions of Python.
|
|
|
|
|
|
|
|
* Fixed a couple of issues with Python 3.14. Thanks go to Georg
|
|
|
|
|
|
|
|
Sauthoff for initially reporting this.
|
|
|
|
|
|
|
|
* Added support for WebAuthN authentication with U2F security
|
|
|
|
|
|
|
|
keys, allowing non-admin Windows users to use these keys for
|
|
|
|
|
|
|
|
authentication. Previously, authentication with U2F keys
|
|
|
|
|
|
|
|
worked on Windows, but only for admin users.
|
|
|
|
|
|
|
|
* Added support for hostname canonicalization, compatible with
|
|
|
|
|
|
|
|
the configuration parameters used in OpenSSH, as well as
|
|
|
|
|
|
|
|
support for the "canonical" and "final" match keywords and
|
|
|
|
|
|
|
|
negation support for match. Thanks go to GitHub user
|
|
|
|
|
|
|
|
commonism who suggested this and provided a proposed
|
|
|
|
|
|
|
|
implementation for negation.
|
|
|
|
|
|
|
|
* Added client and server support for SFTP copy-data extension
|
|
|
|
|
|
|
|
and a new SFTP remote_copy() function which allows data to be
|
|
|
|
|
|
|
|
moved between two remote files without downloading and re-
|
|
|
|
|
|
|
|
uploading the data. Thanks go to Ali Khosravi for suggesting
|
|
|
|
|
|
|
|
this addition.
|
|
|
|
|
|
|
|
* Moved project metadata from setup.py to pyproject.toml.
|
|
|
|
|
|
|
|
Thanks go to Marc Mueller for contributing this.
|
|
|
|
|
|
|
|
* Updated SSH connection to keep strong references to
|
|
|
|
|
|
|
|
outstanding tasks, to avoid potential issues with the garbage
|
|
|
|
|
|
|
|
collector while the connection is active. Thanks go to GitHub
|
|
|
|
|
|
|
|
user Birnendampf for pointing out this potential issue and
|
|
|
|
|
|
|
|
suggesting a simple fix.
|
|
|
|
|
|
|
|
* Fixed some issues with block_size argument in SFTP copy
|
|
|
|
|
|
|
|
functions. Thanks go to Krzysztof Kotlenga for finding and
|
|
|
|
|
|
|
|
reporting these issues.
|
|
|
|
|
|
|
|
* Fixed an import error when fido2 package wasn't available.
|
|
|
|
|
|
|
|
Thanks go to GitHub user commonism for reporting this issue.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
|
|
Fri Jun 13 05:35:08 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Switch to pyproject macros.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
|
|
Thu Nov 7 12:11:27 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Update to 2.18.0
|
|
|
|
|
|
|
|
* Added support for post-quantum ML-KEM key exchange algorithms,
|
|
|
|
|
|
|
|
interoperable with OpenSSH 9.9.
|
|
|
|
|
|
|
|
* Added support for the OpenSSH "limits" extension, allowing the
|
|
|
|
|
|
|
|
client to query server limits such as the maximum supported read
|
|
|
|
|
|
|
|
and write sizes. The client will automatically default to the reported
|
|
|
|
|
|
|
|
maximum size on servers that support this extension.
|
|
|
|
|
|
|
|
* Added more ways to specify environment variables via the `env` option.
|
|
|
|
|
|
|
|
Sequences of either 'key=value' strings or (key, value) tuples are now
|
|
|
|
|
|
|
|
supported, in addition to a dict.
|
|
|
|
|
|
|
|
* Added support for getting/setting environment variables as byte strings
|
|
|
|
|
|
|
|
on platforms which support it. Previously, only Unicode strings were
|
|
|
|
|
|
|
|
accepted and they were always encoded on the wire using UTF-8.
|
|
|
|
|
|
|
|
* Added support for non-TCP sockets (such as a socketpair) as the `sock`
|
|
|
|
|
|
|
|
parameter in connect calls. Thanks go to Christian Wendt for reporting
|
|
|
|
|
|
|
|
this problem and proposing a fix.
|
|
|
|
|
|
|
|
* Changed compression to be disabled by default to avoid it becoming a
|
|
|
|
|
|
|
|
performance bottleneck on high-bandwidth connections. This now also
|
|
|
|
|
|
|
|
matches the OpenSSH default.
|
|
|
|
|
|
|
|
* Improved speed of parallelized SFTP reads when read-ahead goes beyond
|
|
|
|
|
|
|
|
the end of the file. Thanks go to Maximilian Knespel for reporting
|
|
|
|
|
|
|
|
this issue and providing performance measurements on the code before
|
|
|
|
|
|
|
|
and after the change.
|
|
|
|
|
|
|
|
* Improved cancellation handling during SCP transfers.
|
|
|
|
|
|
|
|
* Improved support for selecting the currently available security key
|
|
|
|
|
|
|
|
when the application lists multiple keys to try. Thanks go to GitHub
|
|
|
|
|
|
|
|
user zanda8893 for reporting the issue and helping to work out the
|
|
|
|
|
|
|
|
details of the problem.
|
|
|
|
|
|
|
|
* Improved handling of reverse DNS failures in host-based authentication.
|
|
|
|
|
|
|
|
Thanks go to GitHub user xBiggs for suggesting this change.
|
|
|
|
|
|
|
|
* Improved debug logging of byte strings with non-printable characters.
|
|
|
|
|
|
|
|
* Switched to using an executor on GSSAPI calls to avoid blocking the
|
|
|
|
|
|
|
|
event loop.
|
|
|
|
|
|
|
|
* Fixed handling of "UserKnownHostsFile none" in config files. This
|
|
|
|
|
|
|
|
previously caused it to use the default known hosts, rather than
|
|
|
|
|
|
|
|
disabling known host checking.
|
|
|
|
|
|
|
|
* Fixed a runtime warning about not awaiting a coroutine in unit tests.
|
|
|
|
|
|
|
|
* Fixed a unit test failure on Windows when calling abort on a transport.
|
|
|
|
|
|
|
|
* Fixed a problem where a "MAC verification failed" error was sometimes
|
|
|
|
|
|
|
|
sent on connection close.
|
|
|
|
|
|
|
|
* Fixed SSHClientProcess code to not raise a runtime exception when
|
|
|
|
|
|
|
|
waiting more than once for a process to finish. Thanks go to GitHub
|
|
|
|
|
|
|
|
user starflows for reporting this issue.
|
|
|
|
|
|
|
|
* Handled an error when attempting to import older verions of pyOpenSSL.
|
|
|
|
|
|
|
|
Thanks go to Maximilian Knespel for reporting this issue and testing
|
|
|
|
|
|
|
|
the fix.
|
|
|
|
|
|
|
|
* Updated simple_server example code to switch from crypt to bcrypt,
|
|
|
|
|
|
|
|
since crypt has been removed in Python 3.13. Thanks go to Colin
|
|
|
|
|
|
|
|
Watson for providing this update.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
|
|
|
Thu Sep 26 20:05:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- update to 2.17.0:
|
|
|
|
|
|
|
|
* Add support for specifying a per-connection credential store
|
|
|
|
|
|
|
|
for GSSAPI authentication.
|
|
|
|
|
|
|
|
* Fixed a regression introduced in AsyncSSH 2.15.0 which could
|
|
|
|
|
|
|
|
cause connections to be closed with an uncaught exception when
|
|
|
|
|
|
|
|
a session on the connection was closed.
|
|
|
|
|
|
|
|
* Added a workaround where getaddrinfo() on some systems may
|
|
|
|
|
|
|
|
return duplicate entries, causing bind() to fail when opening
|
|
|
|
|
|
|
|
a listener.
|
|
|
|
|
|
|
|
* Relaxed padding length check on OpenSSH private keys to
|
|
|
|
|
|
|
|
provide better compatibility with keys generated by PuTTYgen.
|
|
|
|
|
|
|
|
* Improved documentation on SSHClient and SSHServer classes to
|
|
|
|
|
|
|
|
explain when they are created and their relationship to the
|
|
|
|
|
|
|
|
SSHClientConnection and SSHServerConnection classes.
|
|
|
|
|
|
|
|
* Updated examples to use Python 3.7 and made some minor
|
|
|
|
|
|
|
|
improvements.
|
|
|
|
|
|
|
|
- update to 2.16.0:
|
|
|
|
|
|
|
|
* Added client and server support for the OpenSSH "hostkeys"
|
|
|
|
|
|
|
|
extension. When using known_hosts, clients can provide a
|
|
|
|
|
|
|
|
handler which will be called with the changes between the
|
|
|
|
|
|
|
|
keys currently trusted in the client's known hosts and those
|
|
|
|
|
|
|
|
available on the server. On the server side, an application
|
|
|
|
|
|
|
|
can choose whether or not to enable the sending of this host
|
|
|
|
|
|
|
|
key information.
|
|
|
|
|
|
|
|
* Related to the above, AsyncSSH now allows the configuration of
|
|
|
|
|
|
|
|
multiple server host keys of the same type when the
|
|
|
|
|
|
|
|
send_server_host_keys option is enabled. Only the first key of
|
|
|
|
|
|
|
|
each type will be used in the SSH handshake, but the others can
|
|
|
|
|
|
|
|
appear in the list of supported host keys for clients to begin
|
|
|
|
|
|
|
|
trusting, allowing for smoother key rotation.
|
|
|
|
|
|
|
|
* Fixed logging and typing issues in SFTP high-level copy
|
|
|
|
|
|
|
|
functions. A mix of bytes, str, and PurePath entries are now
|
|
|
|
|
|
|
|
supported in places where a list of file paths is allowed, and
|
|
|
|
|
|
|
|
the type signatures have been updated to reflect that the
|
|
|
|
|
|
|
|
functions accept either a single path or a list of paths.
|
|
|
|
|
|
|
|
* Improved typing on SFTP listdir() function.
|
|
|
|
|
|
|
|
* Reworked the config file parser to improve on a previous fix
|
|
|
|
|
|
|
|
related to handling key/value pairs with an equals delimiter.
|
|
|
|
|
|
|
|
* Improved handling of ciphers deprecated in cryptography 43.0.0.
|
|
|
|
|
|
|
|
* Improved support for use of Windows pathnames in ProxyCommand.
|
|
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
Fri Aug 9 06:53:42 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|
|
|
Fri Aug 9 06:53:42 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
