summaryrefslogtreecommitdiff
path: root/sites
diff options
context:
space:
mode:
Diffstat (limited to 'sites')
-rw-r--r--sites/docs/api/config.rst1
-rw-r--r--sites/www/changelog.rst54
2 files changed, 55 insertions, 0 deletions
diff --git a/sites/docs/api/config.rst b/sites/docs/api/config.rst
index ea4939b2..d42de8ac 100644
--- a/sites/docs/api/config.rst
+++ b/sites/docs/api/config.rst
@@ -99,6 +99,7 @@ properties of the local system).
Specifically, we are known to support the below, where applicable (e.g. as in
OpenSSH, ``%L`` works in ``ControlPath`` but not elsewhere):
+- ``%C``
- ``%d``
- ``%h``
- ``%l``
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst
index ada0d86c..df438626 100644
--- a/sites/www/changelog.rst
+++ b/sites/www/changelog.rst
@@ -6,6 +6,7 @@ Changelog
private key data is loaded, instead of the natural result of ``IndexError``.
This should help more bits of Paramiko or Paramiko-adjacent codebases to
correctly handle this class of error. Credit: Nicholas Dietz.
+- :release:`2.10.5 <2022-05-16>`
- :release:`2.9.5 <2022-05-16>`
- :bug:`1933` Align signature verification algorithm with OpenSSH re:
zero-padding signatures which don't match their nominal size/length. This
@@ -19,6 +20,12 @@ Changelog
to what OpenSSH's own client does: a version check is performed and the
algorithm used is downgraded if needed. Reported by Adarsh Chauhan, with fix
suggested by Jun Omae.
+- :bug:`2008` (via :issue:`2010`) Windows-native SSH agent support as merged in
+ 2.10 could encounter ``Errno 22`` ``OSError`` exceptions in some scenarios
+ (eg server not cleanly closing a relevant named pipe). This has been worked
+ around and should be less problematic. Reported by Danilo Campana Fuchs and
+ patched by Jun Omae.
+- :release:`2.10.4 <2022-04-25>`
- :release:`2.9.4 <2022-04-25>`
- :support:`1838 backported` (via :issue:`1870`/:issue:`2028`) Update
``camelCase`` method calls against the ``threading`` module to be
@@ -32,6 +39,11 @@ Changelog
causing occasional spurious ``BadHostKeyException`` (among other things).
This has been fixed. Thanks to Shengdun Hua for the original report/patch and
to Christopher Papke for the final version of the fix.
+- :bug:`2035` Servers offering certificate variants of hostkey algorithms (eg
+ ``ssh-rsa-cert-v01@openssh.com``) could not have their host keys verified by
+ Paramiko clients, as it only ever considered non-cert key types for that part
+ of connection handshaking. This has been fixed.
+- :release:`2.10.3 <2022-03-18>`
- :release:`2.9.3 <2022-03-18>`
- :bug:`1963` (via :issue:`1977`) Certificate-based pubkey auth was
inadvertently broken when adding SHA2 support; this has been fixed. Reported
@@ -40,6 +52,48 @@ Changelog
storage when recording thread IDs for a logging helper; this should avoid one
flavor of memory leak for long-running processes. Catch & patch via Richard
Kojedzinszky.
+- :release:`2.10.2 <2022-03-14>`
+- :bug:`2001` Fix Python 2 compatibility breakage introduced in 2.10.1. Spotted
+ by Christian Hammond.
+
+ .. warning::
+ This is almost certainly the last time we will fix Python 2 related
+ errors! Please see `the roadmap
+ <https://bitprophet.org/projects/#roadmap>`_.
+
+- :release:`2.10.1 <2022-03-11>`
+- :bug:`-` (`CVE-2022-24302
+ <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24302>`_) Creation
+ of new private key files using `~paramiko.pkey.PKey` subclasses was subject
+ to a race condition between file creation & mode modification, which could be
+ exploited by an attacker with knowledge of where the Paramiko-using code
+ would write out such files.
+
+ This has been patched by using `os.open` and `os.fdopen` to ensure new files
+ are opened with the correct mode immediately. We've left the subsequent
+ explicit ``chmod`` in place to minimize any possible disruption, though it
+ may get removed in future backwards-incompatible updates.
+
+ Thanks to Jan Schejbal for the report & feedback on the solution, and to
+ Jeremy Katz at Tidelift for coordinating the disclosure.
+- :release:`2.10.0 <2022-03-11>`
+- :feature:`1976` Add support for the ``%C`` token when parsing SSH config
+ files. Foundational PR submitted by ``@jbrand42``.
+- :feature:`1509` (via :issue:`1868`, :issue:`1837`) Add support for OpenSSH's
+ Windows agent as a fallback when Putty/WinPageant isn't available or
+ functional. Reported by ``@benj56`` with patches/PRs from ``@lewgordon`` and
+ Patrick Spendrin.
+- :bug:`892 major` Significantly speed up low-level read/write actions on
+ `~paramiko.sftp_file.SFTPFile` objects by using `bytearray`/`memoryview`.
+ This is unlikely to change anything for users of the higher level methods
+ like `SFTPClient.get <paramiko.sftp_client.SFTPClient.get>` or
+ `SFTPClient.getfo <paramiko.sftp_client.SFTPClient.getfo>`, but users of
+ `SFTPClient.open <paramiko.sftp_client.SFTPClient.open>` will likely see
+ orders of magnitude improvements for files larger than a few megabytes in
+ size.
+
+ Thanks to ``@jkji`` for the original report and to Sevastian Tchernov for the
+ patch.
- :support:`1985` Add ``six`` explicitly to install-requires; it snuck into
active use at some point but has only been indicated by transitive dependency
on ``bcrypt`` until they somewhat-recently dropped it. This will be
View Lorry Controller Status