Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
security:tls:staging
python-asyncssh
python-asyncssh.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File python-asyncssh.changes of Package python-asyncssh
------------------------------------------------------------------- Thu Nov 7 12:11:27 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> - Update to 2.18.0 * Added support for post-quantum ML-KEM key exchange algorithms, interoperable with OpenSSH 9.9. * Added support for the OpenSSH "limits" extension, allowing the client to query server limits such as the maximum supported read and write sizes. The client will automatically default to the reported maximum size on servers that support this extension. * Added more ways to specify environment variables via the `env` option. Sequences of either 'key=value' strings or (key, value) tuples are now supported, in addition to a dict. * Added support for getting/setting environment variables as byte strings on platforms which support it. Previously, only Unicode strings were accepted and they were always encoded on the wire using UTF-8. * Added support for non-TCP sockets (such as a socketpair) as the `sock` parameter in connect calls. Thanks go to Christian Wendt for reporting this problem and proposing a fix. * Changed compression to be disabled by default to avoid it becoming a performance bottleneck on high-bandwidth connections. This now also matches the OpenSSH default. * Improved speed of parallelized SFTP reads when read-ahead goes beyond the end of the file. Thanks go to Maximilian Knespel for reporting this issue and providing performance measurements on the code before and after the change. * Improved cancellation handling during SCP transfers. * Improved support for selecting the currently available security key when the application lists multiple keys to try. Thanks go to GitHub user zanda8893 for reporting the issue and helping to work out the details of the problem. * Improved handling of reverse DNS failures in host-based authentication. Thanks go to GitHub user xBiggs for suggesting this change. * Improved debug logging of byte strings with non-printable characters. * Switched to using an executor on GSSAPI calls to avoid blocking the event loop. * Fixed handling of "UserKnownHostsFile none" in config files. This previously caused it to use the default known hosts, rather than disabling known host checking. * Fixed a runtime warning about not awaiting a coroutine in unit tests. * Fixed a unit test failure on Windows when calling abort on a transport. * Fixed a problem where a "MAC verification failed" error was sometimes sent on connection close. * Fixed SSHClientProcess code to not raise a runtime exception when waiting more than once for a process to finish. Thanks go to GitHub user starflows for reporting this issue. * Handled an error when attempting to import older verions of pyOpenSSL. Thanks go to Maximilian Knespel for reporting this issue and testing the fix. * Updated simple_server example code to switch from crypt to bcrypt, since crypt has been removed in Python 3.13. Thanks go to Colin Watson for providing this update. ------------------------------------------------------------------- Thu Sep 26 20:05:34 UTC 2024 - Antonio Larrosa <alarrosa@suse.com> - update to 2.17.0: * Add support for specifying a per-connection credential store for GSSAPI authentication. * Fixed a regression introduced in AsyncSSH 2.15.0 which could cause connections to be closed with an uncaught exception when a session on the connection was closed. * Added a workaround where getaddrinfo() on some systems may return duplicate entries, causing bind() to fail when opening a listener. * Relaxed padding length check on OpenSSH private keys to provide better compatibility with keys generated by PuTTYgen. * Improved documentation on SSHClient and SSHServer classes to explain when they are created and their relationship to the SSHClientConnection and SSHServerConnection classes. * Updated examples to use Python 3.7 and made some minor improvements. - update to 2.16.0: * Added client and server support for the OpenSSH "hostkeys" extension. When using known_hosts, clients can provide a handler which will be called with the changes between the keys currently trusted in the client's known hosts and those available on the server. On the server side, an application can choose whether or not to enable the sending of this host key information. * Related to the above, AsyncSSH now allows the configuration of multiple server host keys of the same type when the send_server_host_keys option is enabled. Only the first key of each type will be used in the SSH handshake, but the others can appear in the list of supported host keys for clients to begin trusting, allowing for smoother key rotation. * Fixed logging and typing issues in SFTP high-level copy functions. A mix of bytes, str, and PurePath entries are now supported in places where a list of file paths is allowed, and the type signatures have been updated to reflect that the functions accept either a single path or a list of paths. * Improved typing on SFTP listdir() function. * Reworked the config file parser to improve on a previous fix related to handling key/value pairs with an equals delimiter. * Improved handling of ciphers deprecated in cryptography 43.0.0. * Improved support for use of Windows pathnames in ProxyCommand. ------------------------------------------------------------------- Fri Aug 9 06:53:42 UTC 2024 - Dirk Müller <dmueller@suse.com> - update to 2.15.0: * Added experimental support for tunneling of TUN/TAP network interfaces on Linux and macOS, allowing for either automatic packet forwarding or explicit reading and writing of packets sent through the tunnel by the application. Both callback and stream APIs are available. * Added support for forwarding terminal size and terminal size changes when stdin on an SSHServerProcess is redirected to a local TTY. * Added support for multiple tunnel/ProxyJump hosts. Thanks go to Adam Martin for suggesting this enhancement and proposing a solution. * Added support for OpenSSH lsetstat SFTP extension to set attributes on symbolic links on platforms which support that and use it to improve symlink handling in the SFTP get, put, and copy methods. In addition, a follow_symlinks option has been added on various SFTPClient methods which get and set these attributes. Thanks go to GitHub user eyalgolan1337 for reporting this issue. * Added support for password and passphrase arguments to be a callable or awaitable, called when performing authentication or loading encrypted private keys. Thanks go to GitHub user goblin for suggesting this enhancement. * Added support for proper flow control when using AsyncFileWriter or StreamWriter classes to do SSH process redirection. Thanks go to Benjy Wiener for reporting this issue and providing feedback on the fix. * Added is_closed() method SSHClientConnection/SSHServerConnection to return whether the associated network connection is closed or not. * Added support for setting and matching tags in OpenSSH config files. * Added an example of using "await" in addition to "async with" when opening a new SSHClientConnection. Thanks go to Michael Davis for suggesting this added documentation. * Improved handling CancelledError in SCP, avoiding an issue where AsyncSSH could sometimes get stuck waiting for the channel to close. Thanks go to Max Orlov for reporting the problem and providing code to reproduce it. * Fixed a regression from 2.14.1 related to rekeying an SSH connection when there's acitivty on the connection in the middle of rekeying. Thanks go to GitHub user eyalgolan1337 for helping to narrow down this problem and test the fix. * Fixed a problem with process redirection when a close is received without a preceding EOF. Thanks go to GitHub user xuoguoto who helped to provide sample scripts and ran tests to help track this down. * Fixed the processing of paths in SFTP client symlink requests. Thanks go to André Glüpker for reporting the problem and providing test code to demonstrate it. * Fixed an OpenSSH config file parsing issue. Thanks go to Siddh Raman Pant for reporting this issue. * Worked around a bug in a user auth banner generated by the cryptlib library. Thanks go to GitHub user mmayomoar for reporting this issue and suggesting a fix. ------------------------------------------------------------------- Mon Dec 18 15:55:18 UTC 2023 - Dirk Müller <dmueller@suse.com> - update to 2.14.2 (bsc#1218165, CVE-2023-48795): * Implemented "strict kex" support and other countermeasures to * protect against the Terrapin Attack described in CVE-2023-48795 * Fixed config parser to properly an optional equals delimiter in all config arguments. * Fixed TCP send error handling to avoid race condition when receiving incoming disconnect message. * Improved type signature in SSHConnection async context manager. ------------------------------------------------------------------- Fri Nov 10 12:34:04 UTC 2023 - Dirk Müller <dmueller@suse.com> - update to 2.14.1 (bsc#1217028, CVE-2023-46445): * Hardened AsyncSSH state machine against potential message injection attacks, described in more detail in `CVE-2023-46445 and CVE-2023-46446 * Added support for passing in a regex in readuntil in SSHReader, * Added support for get_addresses() and get_port() methods on * SSHAcceptor. * Fixed an issue with AsyncFileWriter potentially writing data * out of order. * Updated testing to include Python 3.12. * Updated readthedocs integration to use YAML config file. ------------------------------------------------------------------- Thu Oct 5 09:42:35 UTC 2023 - Dirk Müller <dmueller@suse.com> - update to 2.14.0: * Added support for a new accept_handler argument when setting up local port forwarding, allowing the client host and port to be validated and/or logged for each new forwarded connection. * Added an option to disable expensive RSA private key checks when using OpenSSL 3.x. Functions that read private keys have been modified to include a new unsafe_skip_rsa_key_validation argument which can be used to avoid these additional checks, if you are loading keys from a trusted source. * Added host information into AsyncSSH exceptions when host key validation fails, and a few other improvements related to X.509 certificate validation errors. * Fixed a regression which prevented keys loaded into an SSH agent with a certificate from working correctly beginning in AsyncSSH after version 2.5.0. * Fixed an issue which was triggering an internal exception when shutting down server sessions with the line editor enabled which could cause some output to be lost on exit, especially when running on Windows. * Fixed a documentation error in SSHClientConnectionOptions and SSHServerConnectionOptions. ------------------------------------------------------------------- Sat Jul 1 20:43:24 UTC 2023 - Dirk Müller <dmueller@suse.com> - update to 2.13.2: * Fixed an issue with host-based authentication when using proxy_command, allowing it to be used if the caller explicitly specifies client_host. * Improved handling of signature algorithms for OpenSSH certificates so that RSA SHA-2 signatures will work with both older and newer versions of OpenSSH. * Worked around an issue with some Cisco SSH implementations generating invalid "ignore" packets. * Fixed unit tests to avoid errors when cryptography's version of * OpenSSL disables support for SHA-1 signatures. * Fixed unit tests to avoid errors when the filesystem enforces that filenames be valid UTF-8 strings. * Added documentation about which config options apply when passing a string as a tunnel argument. ------------------------------------------------------------------- Mon Mar 6 21:40:22 UTC 2023 - Dirk Müller <dmueller@suse.com> - update to 2.13.1: * Updated type definitions for mypy 1.0.0, removing a dependency on implicit Optional types, and working around an issue that could trigger a mypy internal error. * Updated unit tests to avoid calculation of SHA-1 signatures, which are no longer allowed in cryptography 39.0.0. - drop remove-sha1.patch (upstream) ------------------------------------------------------------------- Wed Jan 25 12:18:38 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com> - Add remove-sha1.patch to make it compatible with latests versions of cryptography gh#ronf/asyncssh@fae5a9e8baad ------------------------------------------------------------------- Thu Jan 5 21:06:40 UTC 2023 - Dirk Müller <dmueller@suse.com> - update to 2.13.0: * Updated testing and coverage to drop Python 3.6 and add Python 3.11. * Added new "recv_eof" option to not pass an EOF from a channel to a redirected target, allowing output from multiple SSH sessions to be sent and mixed with other direct output to that target. * Added new methods to make it easy to perform forwarding between TCP ports and UNIX domain sockets. * Added a workaround for a problem seen on a Huawei SFTP server where it sends an invalid combination of file attribute flags. * Fixed an issue with copying files to SFTP servers that don't support random access I/O. * Fixed an issue when requesting remote port forwarding on a dynamically allocated port. * Fixed an issue where readexactly could block indefinitely when a signal is delivered in the stream before the requested number of bytes are available. * Fixed an interoperability issue with OpenSSH when using SSH certificates with RSA keys with a SHA-2 signature. * Fixed an issue with handling "None" in ProxyCommand, GlobalKnownHostsFile, and UserKnownHostsFile config file options. ------------------------------------------------------------------- Fri Sep 23 02:23:16 UTC 2022 - Yogalakshmi Arunachalam <yarunachalam@suse.com> - Update to 2.12.0 * Fix an issue with SFTP servers which don't support random access I/O * Fix "Recceived window change" in log message (#509) * Fix forwarding a dynamically allocated port in the server (#512) * Fix type of SSHServerProcessFactory * Bump version number up to 2.12.0 and update change log ------------------------------------------------------------------- Thu Aug 4 09:02:37 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com> - Update to 2.11.0: * Made a number of improvements in SFTP glob support, with thanks to Github user LuckyDams for all the help working out these changes! * Added a new glob_sftpname() method which returns glob matches together with attribute information, avoiding the need for a caller to make separate calls to stat() on the returned results. * Switched from listdir() to scandir() to reduce the number of stat() operations required while finding matches. * Added code to remove duplicates when glob() is called with multiple patterns that match the same path. * Added a cache of directory listing and stat results to improve performance when matching patterns with overlapping paths. * Fixed an "index out of range" bug in recursive glob matching and aligned it better with results reeturned by UNIX shells. * Changed matching to ignore inaccessible or non-existent paths in a glob pattern, to allow accessible paths to be fully explored before returning an error. The error handler will now be called only if a pattern results in no matches, or if a more serious error occurs while scanning. * Changed SFTP makedirs() method to work better cases where parts of requested path already exist but don't allow read access. As long as the entire path can be created, makedirs() will succeed, even if some directories on the path don't allow their contents to be read. Thanks go to Peter Rowlands for providing this fix. * Replaced custom Diffie Hellman implementation in AsyncSSH with the one in the cryptography package, resulting in an over 10x speedup. Thanks go to Github user iwanb for suggesting this change. * Fixed AsyncSSH to re-acquire GSS credentials when performing key renegotiation to avoid expired credentials on long-lived connections. Thanks go to Github user PromyLOPh for pointing out this issue and suggesting a fix. * Fixed GSS MIC to work properly with GSS key exchange when AsyncSSH is running as a server. This was previously fixed on the client side, but a similar fix for the server was missed. * Changed connection timeout unit tests to work better in environments where a firewall is present. Thanks go to Stefano Rivera for reporting this issue. * Improved unit tests of Windows SSPI GSSAPI module. * Improved speed of unit tests by reducing the number of key generation calls. RSA key generation in particular has gotten much more expensive in OpenSSL 3. - Changes from 2.10.1: * Added a workaround for a bug in dropbear which can improperly reject full-sized data packets when compression is enabled. Thanks go to Matti Niemenmaa for reporting this issue and helping to reproduce it. * Added support for "Match Exec" in config files and updated AsyncSSH API calls to do config parsing in an executor to avoid blocking the event loop if a "Match Exec" command doesn't return immediately. * Fixed an issue where settings associated with server channels set when creating a listener rather than at the time a new channel is opened were not always being applied correctly. * Fixed config file handling to be more consistent with OpenSSH, making all relative paths be evaluated relative to ~/.ssh and allowing references to config file patterns which don't match anything to only trigger a debug message rather than an error. Thanks go to Caleb Ho for reporting this issue! * Updated minimum required version of cryprography package to 3.1, to allow calls to it to be made without passing in a "backend" argument. This was missed back in the 2.9 release. Thanks go to Github users sebby97 and JavaScriptDude for reporting this issue! - Changes from 2.10.0: * Added new get_server_auth_methods() function which returns the set of auth methods available for a given user and SSH server. * Added support for new line_echo argument when creating a server channel which controls whether input in the line editor is echoed to the output immediately or under the control of the application, allowing more control over the ordering of input and output. * Added explicit support for RSA SHA-2 certificate algorithms. Previously SHA-2 signatures were supported using the original ssh-rsa-cert-v01@openssh.com algorithm name, but recent versions of SSH now disable this algorithm by default, so the new SHA-2 algorithm names need to be advertised for SHA-2 signatures to work when using OpenSSH certificates. * Improved handling of config file loading when options argument is used allowing config loading to be overridden at connect() time even if the options passed in referenced a config file. * Improved speed of unit tests by avoiding some network timeouts when connecting to invalid addresses. * Merged GitHub workflows contributed by GitHub user hexchain to run unit tests and collect code coverage information on multiple platforms and Python versions. Thanks so much for this work! * Fixed issue with GSS auth unit tests hanging on Windows. * Fixed issue with known_hosts matching when ProxyJump is being used. Thanks go to GitHub user velavokr for reporting this and helping to debug it. * Fixed type annotations for SFTP client and server open methods. Thanks go to Marat Sharafutdinov for reporting this! ------------------------------------------------------------------- Mon Jan 31 01:37:54 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com> - Skip more tests that are unstable. ------------------------------------------------------------------- Fri Jan 28 23:45:58 UTC 2022 - Matej Cepl <mcepl@suse.com> - Update to 2.9.0: - Added mypy-compatible type annotations to all AsyncSSH modules, and a "py.typed" file to signal that annotations are now available for this package. - Added experimental support for SFTP versions 4-6. While AsyncSSH still defaults to only advertising version 3 when acting as both a client and a server, applications can explicitly enable support for later versions, which will be used if both ends of the connection agree. Not all features are fully supported, but a number of useful enhancements are now available, including as users and groups specified by name, higher resolution timestamps, and more granular error reporting. - Updated documentation to make it clear that keys from a PKCS11 provider or ssh-agent will be used even when client_keys is specified, unless those sources are explicitly disabled. - Improved handling of task cancellation in AsyncSSH to avoid triggering an error of "Future exception was never retrieved". Thanks go to Krzysztof Kotlenga for reporting this issue and providing test code to reliably reproduce it. - Changed implementation of OpenSSH keepalive handler to improve interoperability with servers which don't expect a "success" response when this message is sent. ------------------------------------------------------------------- Fri Dec 17 12:41:16 UTC 2021 - Michael Ströder <michael@stroeder.com> - Update to v2.8.1 Way too many changes to be listed here. - use pytest to exclude test_connect_timeout_exceeded_* due to OBS network restrictions ------------------------------------------------------------------- Fri Sep 17 07:02:49 UTC 2021 - Dominique Leuenberger <dimstar@opensuse.org> - Do not build for python 3.6: the required dependency uvloop does no longer support Python 3.6 since version 0.16. ------------------------------------------------------------------- Mon Feb 22 13:21:14 UTC 2021 - John Vandenberg <jayvdb@gmail.com> - Update URL - Add missing test dependencis fido2 and libnettle8 - Recommend libnettle8 - Update to v2.5.0 * Added support for limiting which identities in an SSH agent will be used when making a connection, via a new "agent_identities" config option. This change also adds compatibility with the OpenSSL config file option "IdentitiesOnly". * Added support for including Subject Key Identifier and Authority Key Identifier extensions in generated X.509 certificates to better comply with RFC 5280. * Added support for makedirs() and rmtree() methods in the AsyncSSH SFTP client, as well as a new scandir() method which returns an async iterator to more efficiently process very large directories. * Significantly reworked AsyncSSH line editor support to improve its performance by several orders of magnitude on long input lines, and added a configurable maximum line length when the editor is in use to avoid potential denial-of-service attacks. This limit defaults to 1024 bytes, but with the improvements it can reasonably handle lines which are megabytes in size if needed. * Changed AsyncSSH to allow SSH agent identities to still be used when an explicit list of client keys is specified, for better compatibility with OpenSSH. The previous behavior can still be achieved by explicitly setting the agent_path option to None when setting client_keys. * Changed AsyncSSH to enforce a limit of 1024 characters on usernames when acting as a server to avoid a potential denial-of-service issue related to SASLprep username normalization. * Changed SCP implementation to explicitly yield to other coroutines when sending a large file to better share an event loop. * Fixed a few potential race conditions related to cleanup of objects during connection close. * Re-applied a previous fix which was unintentionally lost to allow Pageant to be used by default on Windows. - from v2.4.2 * Fixed a potential race condition when receiving EOF right after a channel is opened. * Fixed a couple of issues related to the error_handler and progress_handler callbacks in AsyncSSH SFTP/SCP. * Fixed a couple of issues related to using pathlib objects with AsyncSSH SCP. - from v2.4.1 * Fixed SCP server to send back an exit status when closing the SSH channel, since the OpenSSH scp client returns this status to the shell which executed it. * Fixed listeners created by forward_local_port(), forward_local_path(), and forward_socks() to automatically close when the SSH connection closes, unblocking any wait_closed() calls which are in progress. * Fixed a potential exception that could trigger when the SSH connection is closed while authentication is in progress. * Fixed tunnel connect code to properly clean up an implicitly created tunnel when a failure occurs in trying to open a connection over that tunnel. - from v2.4.0 * Added support for accessing keys through a PKCS#11 provider, allowing keys on PIV security tokens to be used directly by AsyncSSH without the need to run an SSH agent. X.509 certificates can also be retrieved from the security token and used with SSH servers which support that. * Added support for using Ed25519 and Ed448 keys in X.509 certificates, and the corresponding SSH certificate and signature algorithms. Certificates can use these keys as either subject keys or signing keys, and certificates can be generated by either AsyncSSH or by OpenSSL version 1.1.1 or later. * Added support for feed_data() and feed_eof() methods in SSHReader, mirroring methods of the same name in asyncio's StreamReader to improve interoperability between the two APIs. * Updated unit tests to test interoperability with OpenSSL 1.1.1 when reading and writing Ed25519 and Ed448 public and private key files. Previously, due to lack of support in OpenSSL, AsyncSSH could only test against OpenSSH, and only in OpenSSH key formats. With OpenSSL 1.1.1, testing is now also done using PKCS#8 format. * Fixed config file parser to properly ignore all comment lines, even if the lines contain unbalanced quotes. * Removed a note about the lack of a timeout parameter in the AsyncSSH connect() method, now that it supports a login_timeout argument. ------------------------------------------------------------------- Tue Jul 28 16:49:45 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com> - update to 2.3.0 * Added initial support for reading configuration from OpenSSH-compatible config files, when present. Both client and server configuration files are supported, but not all config options are supported. * Added support for the concept of only a subset of supported algorithms being enabled by default, and for the ability to use wildcards when specifying algorithm names. Also, OpenSSH’s syntax of prefixing the list with ‘^’, ‘+’, or ‘-‘ is supported for incrementally adjusting the list of algorithms starting from the default set. * Added support for specifying a preferred list of client authentication methods, in order of preference. * Added the ability to use AsyncSSH’s “password” argument on servers which are using keyboard-interactive authentication to prompt for a “passcode”. * Added support for providing separate lists of private keys and certificates, rather than requiring them to be specifying together as a tuple. When this new option is used, AsyncSSH will automatically associate the private keys with their corresponding certificates if matching certificates are present in the list. * Added support for the “known_hosts” argument to accept a list of known host files, rather than just a single file. Known hosts can also be specified using the GlobalKnownHostFile and UserKnownHostFile config file options, each of which can take multiple filenames. * Added new “request_tty” option to provide finer grained control over whether AsyncSSH will request a TTY when opening new sessions. The default is to still tie this to whether a “term_type” is specified, but now that can be overridden. Supported options of “yes”, “no”, “force”, and “auto” match the values supported by OpenSSH. * Added new “rdns_lookup” option to control whether the server does a reverse DNS of client addresses to allow matching of clients based on hostname in authorized keys and config files. When this option is disabled (the default), matches can only be based on client IP. * Added new “send_env” argument when opening a session to forward local environment variables using their existing values, augmenting the “env” argument that lets you specify remote environment variables to set and their corresponding values. * Added new “tcp_keepalive” option to control whether TCP-level keepalives are enabled or not on SSH connections. * Added support for sending and parsing client EXT_INFO messages, and for sending the “global-requests-ok” option in these messages when AsyncSSH is acting as a client. * Added support for expansion of ‘~’ home directory expansion when specifying arguments which contain filenames. * Added support for time intervals and byte counts to optionally be specified as string values with units, allowing for values such as “1.5h” or “1h30m” instead of having to specify that as 5400 seconds. Similarly, a byte count of “1g” can be passed to indicate 1 gigabyte, rather than specifying 1073741824 bytes. * Enhanced logging to report lists of sent and received algorithms when no matching algorithm is found. * Fixed an interoperability issue with PKIXSSH when attempting to use X.509 certificates with a signature algorithm of “x509v3-rsa2048-sha256”. * Fixed keepalive handler to avoid leaking a timer object in some cases. ------------------------------------------------------------------- Thu Jul 9 22:36:54 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com> - update to 2.2.1 * Added optional timeout parameter to SSHClientProcess.wait() and SSHClientConnection.run() methods. * Created subclasses for SFTPError exceptions, allowing applications to more easily have distinct exception handling for different errors. * Fixed an issue in SFTP parallel I/O related to handling low-level connection failures * Fixed an issue with SFTP file copy where a local file could sometimes be left open if an attempt to close a remote file failed. * Fixed an issue in the handling of boolean return values when SSHServer.server_requested() returns a coroutine * Fixed an issue with passing tuples to the SFTP copy functions. ------------------------------------------------------------------- Mon Mar 2 14:19:17 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com> - update to 2.2.0 - add gss_test.patch to avoid segfault in kerberos * Added support for U2F/FIDO2 security keys * Added login timeout client option and limits on the length and number of banner lines AsyncSSH will accept prior to the SSH version header. * Improved load_keypairs() to read public key files, confirming that they are consistent with their associated private key when they are present. * Fixed issues in the SCP server related to handling filenames with spaces. * Fixed an issue with resuming reading after readuntil() returns an incomplete read. * Fixed a potential issue related to asyncio not reporting sockname/peername when a connection is closed immediately after it is opened. * Made SSHConnection a subclass of asyncio.Protocol to please type checkers. ------------------------------------------------------------------- Thu Jan 16 12:16:52 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com> - update to 2.1.0 * Added support in the SSHProcess redirect mechanism to accept asyncio StreamReader and StreamWriter objects, allowing asyncio streams to be plugged in as stdin/stdout/stderr in an SSHProcess. * Added support for key handlers in the AsyncSSH line editor to trigger signals being delivered when certain “hot keys” are hit while reading input. * Improved cleanup of unreturned connection objects when an error occurs or the connection request is canceled or times out. * Improved cleanup of SSH agent client objects to avoid triggering a false positive warning in Python 3.8. * Added an example to the documentation for how to create reverse-direction SSH client and server connections. * Made check of session objects against None explicit to avoid confusion on user-defined sessions that implement __len__ or __bool__. Thanks go to Lars-Dominik Braun for contributing this improvement! * Some API changes which should have been included in the 2.0.0 release were missed. This release corrects that, but means that additional changes may be needed in applications moving to 2.0.1. This should hopefully be the last of such changes, but if any other issues are discovered, additional changes will be limited to 2.0.x patch releases and the API will stabilize again in the AsyncSSH 2.1 release. See the next bullet for details about the additional incompatible change. * To be consistent with other connect and listen functions, all methods on SSHClientConnection which previously returned None on listen failures have been changed to raise an exception instead. A new ChannelListenError exception will now be raised when an SSH server returns failure on a request to open a remote listener. This change affects the following SSHClientConnection methods: create_server, create_unix_server, start_server, start_unix_server, forward_remote_port, and forward_remote_path. * Restored the ability for SSHListener objects to be used as async context managers. This previously worked in AsyncSSH 1.x and was unintentionally broken in AsyncSSH 2.0.0. * Added support for a number of additional functions to be called from within an “async with” statement. These functions already returned objects capable of being async context managers, but were not decorated to allow them to be directly called from within “async with”. This change applies to the top level functions create_server, listen, and listen_reverse and the SSHClientConnection methods create_server, create_unix_server, start_server, start_unix_server, forward_local_port, forward_local_path, forward_remote_port, forward_remote_path, listen_ssh, and listen_reverse_ssh, * Fixed a couple of issues in loading OpenSSH-format certificates which were missing a trailing newline. * Changed load_certificates() to allow multiple certificates to be loaded from a single byte string argument, making it more consistent with how load_certificates() works when reading from a file. * Updated AsyncSSH to use the modern async/await syntax internally, now requiring Python 3.6 or later. Those wishing to use AsyncSSH on Python 3.4 or 3.5 should stick to the AsyncSSH 1.x releases. * Changed first argument of SFTPServer constructor from an SSHServerConnection (conn) to an SSHServerChannel (chan) to allow custom SFTP server implementations to access environment variables set on the channel that SFTP is run over. Applications which subclass the SFTPServer class and implement an __init__ method will need to be updated to account for this change and pass the new argument through to the SFTPServer parent class. If the subclass has no __init__ and just uses the connection, channel, and env properties of SFTPServer to access this information, no changes should be required. * Removed deprecated “session_encoding” and “session_errors” arguments from create_server() and listen() functions. These arguments were renamed to “encoding” and “errors” back in version 1.16.0 to be consistent with other AsyncSSH APIs. * Removed get_environment(), get_command(), and get_subsystem() methods on SSHServerProcess class. This information was made available as “env”, “command”, and “subsystem” properties of SSHServerProcess in AsyncSSH 1.11.0. * Removed optional loop argument from all public AsyncSSH APIs, consistent with the deprecation of this argument in the asyncio package in Python 3.8. Calls will now always use the event loop which is active at the time of the call. * Removed support for non-async context managers on AsyncSSH connections and processes and SFTP client connections and file objects. Callers should use “async with” to invoke the async the context managers on these objects. * Added support for SSHAgentClient being an async context manager. To be consistent with other connect calls, connect_agent() will now raise an exception when no agent is found or a connection failure occurs, rather than logging a warning and returning None. Callers should catch OSError or ChannelOpenError exceptions rather than looking for a return value of None when calling this function. * Added set_input() and clear_input() methods on SSHLineEditorChannel to change the value of the current input line when line editing is enabled. * Added is_closing() method to the SSHChannel, SSHProcess, SSHWriter, and SSHSubprocessTransport classes. mirroring the asyncio BaseTransport and StreamWriter methods added in Python 3.7. * Added wait_closed() async method to the SSHWriter class, mirroring the asyncio StreamWriter method added in Python 3.7. ------------------------------------------------------------------- Fri Sep 13 11:36:14 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com> - Update to 1.18.0: * Added support for GSSAPI ECDH and Edwards DH key exchange algorithms. * Fixed gssapi-with-mic authentication to work with GSS key exchanges, in cases where gssapi-keyex is not supported. * Made connect_ssh and connect_reverse_ssh methods into async context managers, simplifying the syntax needed to use them to create tunneled SSH connections. * Fixed a couple of issues with known hosts matching on tunneled SSH connections. * Improved flexibility of key/certificate parser automatic format detection to properly recognize PEM even when other arbitrary text is present at the beginning of the file. With this change, the parser can also now handle mixing of multiple key formats in a single file. * Added support for OpenSSL “TRUSTED” PEM certificates. For now, no enforcement is done of the additional trust restrictions, but such certificates can be loaded and used by AsyncSSH without converting them back to regular PEM format. * Fixed some additional SFTP and SCP issues related to parsing of Windows paths with drive letters and paths with multiple colons. * Made AsyncSSH tolerant of a client which sends multiple service requests for the “ssh-userauth” service. This is needed by the Paramiko client when it tries more than one form of authentication on a connection. ------------------------------------------------------------------- Thu Aug 8 12:49:50 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com> - update to 1.17.1 * Improved construction of file paths in SFTP to better handle native Windows source paths containing backslashes or drive letters. * Improved SFTP parallel I/O for large reads and file copies to better handle the case where a read returns less data than what was requested when not at the end of the file, allowing AsyncSSH to get back the right result even if the requested block size is larger than the SFTP server can handle. * Fixed an issue where the requested SFTP block_size wasn’t used in the get, copy, mget, and mcopy functions if it was larger than the default size of 16 KB. * Fixed a problem where the list of client keys provided in an SSHClientConnectionOptions object wasn’t always preserved properly across the opening of multiple SSH connections. * Made AsyncSSH tolerant of unexpected authentication success/failure messages sent after authentication completes. AsyncSSH previously treated this as a protocol error and dropped the connection, while most other SSH implementations ignored these messages and allowed the connection to continue. * Made AsyncSSH tolerant of SFTP status responses which are missing error message and language tag fields, improving interoperability with servers that omit these fields. When missing, AsyncSSH treats these fields as if they were set to empty strings. ------------------------------------------------------------------- Tue Jun 4 13:07:40 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com> - drop old_openssl.patch - update to 1.17.0 * Added support for “reverse direction” SSH connections, useful to support applications like NETCONF Call Home, described in RFC 8071. * Added support for the PyCA implementation of Chacha20-Poly1305, eliminating the dependency on libnacl/libsodium to provide this functionality, as long as OpenSSL 1.1.1b or later is installed. * Restored libnacl support for Curve25519/Ed25519 on systems which have an older version of OpenSSL that doesn’t have that support. This fallback also applies to Chacha20-Poly1305. * Disabled the use of RSA SHA-2 signatures when using the Pageant or Windows 10 OpenSSH agent on Windows, since neither of those support the signature flags options to request them. * Fixed a regression where a callable was no longer usable in the sftp_factory argument of create_server. ------------------------------------------------------------------- Tue Apr 23 08:29:31 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com> - add old_openssl.patch - return support for ed25519/448 via libnacl on systems with older openSSL ------------------------------------------------------------------- Mon Apr 1 13:23:08 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com> - update to 1.16.1 - drop 194.patch * Added channel, connection, and env properties to SFTPServer instances, so connection and channel information can be used to influence the SFTP server's behavior. Previously, connection information was made avaiable through the constructor, but channel and environment information was not. Now, all of these are available as properties on the SFTPServer instance without the need to explicitly store anything in a custom constructor. * Optimized SFTP glob matching when the glob pattern contains directory names without glob characters in them. Thanks go to Mikhail Terekhov for contributing this improvement! * Added support for PurePath in a few places that were missed when this support was originally added. Once again, thanks go to Mikhail Terehkov for these fixes. * Fixed bug in SFTP parallel I/O file reader where it sometimes returned EOF prematurely. Thanks go to David G for reporting this problem and providing a reproducible test case. * Fixed test failures seen on Fedora Rawhide. Thanks go to Georg Sauthof for reporting this issue and providing a test environment to help debug it. * Updated Ed25519/448 and Curve25519/448 tests to only run when these algorithms are available. ------------------------------------------------------------------- Wed Mar 6 14:55:29 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com> - remove python-nacl from builddeps - add 194.patch to fix testsuite ------------------------------------------------------------------- Wed Mar 6 12:36:52 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com> - Update to 1.16.0: * Added support for Ed448 host/client keys and certificates and rewrote Ed25519 support to use the PyCA implementation, reducing the dependency on libnacl and libsodium to only be needed to support the chacha20-poly1305 cipher. * Added support for PKCS#8 format Ed25519 and Ed448 private and public keys (in addition to the OpenSSH format previously supported). * Added support for multiple delimiters in SSHReader’s readuntil() function, causing it to return data as soon as any of the specified delimiters are matched. * Added the ability to register custom key handlers in the line editor which can modify the input line, extending the built-in editing functionality. * Added SSHSubprocessProtocol and SSHSubprocessTransport classes to provide compatibility with asyncio.SubprocessProtocol and asyncio.SubprocessTransport. Code which is designed to call BaseEventLoop.subprocess_shell() or BaseEventLoop.subprocess_exec() can be easily adapted to work against a remote process by calling SSHClientConnection.create_subprocess(). * Added support for sending keepalive messages when the SSH connection is idle, with an option to automatically disconnect the connection if the remote system doesn’t respond to these keepalives. * Changed AsyncSSH to ignore errors when loading unsupported key types from the default file locations. * Changed the reuse_port option to only be available on Python releases which support it (3.4.4 and later). * Fixed an issue where MSG_IGNORE packets could sometimes be sent between MSG_NEWKEYS and MSG_EXT_INFO, which caused some SSH implementations to fail to properly parse the MSG_EXT_INFO. * Fixed a couple of errors in the handling of disconnects occurring prior to authentication completing. * Renamed “session_encoding” and “session_errors” arguments in asyncssh.create_server() to “encoding” and “errors”, to match the names used for these arguments in other AsyncSSH APIs. The old names are still supported for now, but they are marked as deprecated and will be removed in a future release. ------------------------------------------------------------------- Tue Feb 5 14:34:42 UTC 2019 - Jan Engelhardt <jengelh@inai.de> - Avoid name repetition in summary ------------------------------------------------------------------- Thu Jan 31 13:08:53 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com> - update to 1.15.1 * Added callback-based host validation in SSHClient, allowing callers to decide programmatically whether to trust server host keys and certificates rather than having to provide a list of trusted values in advance. * Changed SSH client code to only load the default known hosts file if if exists. Previously an error was returned if a known_hosts value wasn't specified and the default known_hosts file didn't exist. For host validate to work in this case, verification callbacks must be implemented or other forms of validation such as X.509 trusted CAs or GSS-based key exchange must be used. * Fixed known hosts validation to completely disable certificate checks when known_hosts is set to None. * Switched curve25519 key exchange to use the PyCA implementation * Added get_fingerprint() method to return a fingerprint of an SSHKey. * Added the ability to pass keyword arguments provided in the scp() command through to asyncssh.connect() calls it makes, allowing things like custom credentials to be specified. * Added support for a reuse_port argument in create_server(). * Added support for "soft" EOF when line editing in enabled * Added support for the Windows 10 OpenSSH ssh-agent. * Reworked scoped link-local IPv6 address normalization to work better on Linux systems. * Fixed a problem preserving directory structure in recursive scp(). * Fixed SFTP chmod tests to avoid attempting to set the sticky bit on a plain file * Updated note in SSHClientChannel's send_signal() documentation to reflect that OpenSSH 7.9 and later should now support processing of signal messages. ------------------------------------------------------------------- Wed Oct 24 22:56:19 UTC 2018 - Ondřej Súkup <mimi.vx@gmail.com> - initial commit version 1.14.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor