2023-12-18 17:11:17 by Thomas Klausner | Files touched by this commit (2) | |
Log message: py-asyncssh: update to 2.14.2. Release 2.14.2 (18 Dec 2023) ---------------------------- * Implemented "strict kex" support and other countermeasures to protect against the Terrapin Attack described in `CVE-2023-48795 <https://github.com/advisories/GHSA-hfmc-7525-mj55>`. Thanks once again go to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk for identifying and reporting this vulnerability and providing detailed analysis and suggestions about proposed fixes. * Fixed config parser to properly an optional equals delimiter in all config arguments. Thanks go to Fawaz Orabi for reporting this issue. * Fixed TCP send error handling to avoid race condition when receiving incoming disconnect message. * Improved type signature in SSHConnection async context manager. Thanks go to Pieter-Jan Briers for providing this. |
2023-12-18 16:52:20 by Thomas Klausner | Files touched by this commit (1) |
Log message: py-asyncssh: bump PKGREVISION for previous |
2023-12-18 16:52:05 by Thomas Klausner | Files touched by this commit (2) |
Log message: py-asyncssh: convert to wheel.mk Fix LICENSE while here. |
2023-11-17 21:45:34 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-asyncssh: updated to 2.14.1 Release 2.14.1 (8 Nov 2023) --------------------------- * Hardened AsyncSSH state machine against potential message injection attacks, described in more detail in `CVE-2023-46445 <https://github.com/advisories/CVE-2023-46445>`_ and `CVE-2023-46446 <https://github.com/advisories/CVE-2023-46446>`_. Thanks go to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk for identifying and reporting these vulnerabilities and providing detailed analysis and suggestions about the proposed fixes. * Added support for passing in a regex in readuntil in SSHReader, contributed by Oded Engel. * Added support for get_addresses() and get_port() methods on SSHAcceptor. Thanks go to Allison Karlitskaya for suggesting this feature. * Fixed an issue with AsyncFileWriter potentially writing data out of order. Thanks go to Chan Chun Wai for reporting this issue and providing code to reproduce it. * Updated testing to include Python 3.12. * Updated readthedocs integration to use YAML config file. |
2023-10-01 18:11:32 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-asyncssh: updated to 2.14.0 Release 2.14.0 (30 Sep 2023) ---------------------------- * Added support for a new accept_handler argument when setting up local port forwarding, allowing the client host and port to be validated and/or logged for each new forwarded connection. An accept handler can also be returned from the server_requested function to provide this functionality when acting as a server. Thanks go to GitHub user zgxkbtl for suggesting this feature. * Added an option to disable expensive RSA private key checks when using OpenSSL 3.x. Functions that read private keys have been modified to include a new unsafe_skip_rsa_key_validation argument which can be used to avoid these additional checks, if you are loading keys from a trusted source. * Added host information into AsyncSSH exceptions when host key validation fails, and a few other improvements related to X.509 certificate validation errors. Thanks go to Peter Moore for suggesting this and providing an example. * Fixed a regression which prevented keys loaded into an SSH agent with a certificate from working correctly beginning in AsyncSSH after version 2.5.0. Thanks go to GitHub user htol for reporting this issue and suggesting the commit which caused the problem. * Fixed an issue which was triggering an internal exception when shutting down server sessions with the line editor enabled which could cause some output to be lost on exit, especially when running on Windows. Thanks go to GitHub user jerrbe for reporting this issue. * Fixed an issue in a unit test seen in Python 3.12 beta. Thanks go to Georg Sauthoff for providing this fix. * Fixed a documentation error in SSHClientConnectionOptions and SSHServerConnectionOptions. Thanks go to GitHub user bowenerchen for reporting this issue. |
2023-07-10 18:19:36 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-asyncssh: updated to 2.13.2 Release 2.13.2 (21 Jun 2023) ---------------------------- * Fixed an issue with host-based authentication when using proxy_command, allowing it to be used if the caller explicitly specifies client_host. Thanks go to GitHub user yuqingm7 for reporting this issue. * Improved handling of signature algorithms for OpenSSH certificates so that RSA SHA-2 signatures will work with both older and newer versions of OpenSSH. * Worked around an issue with some Cisco SSH implementations generating invalid "ignore" packets. Thanks go to Jost Luebbe for reporting and helping to debug this issue. * Fixed unit tests to avoid errors when cryptography's version of OpenSSL disables support for SHA-1 signatures. * Fixed unit tests to avoid errors when the filesystem enforces that filenames be valid UTF-8 strings. Thanks go to Robert Schütz and Martin Weinelt for reporting this issue. * Added documentation about which config options apply when passing a string as a tunnel argument. |
2023-03-17 18:18:31 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-asyncssh: updated to 2.13.1 Release 2.13.1 (18 Feb 2023) ---------------------------- * Updated type definitions for mypy 1.0.0, removing a dependency on implicit Optional types, and working around an issue that could trigger a mypy internal error. * Updated unit tests to avoid calculation of SHA-1 signatures, which are no longer allowed in cryptography 39.0.0. |
2023-01-11 13:04:08 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message: py-asyncssh: updated to 2.13.0 Release 2.13.0 (27 Dec 2022) ---------------------------- * Updated testing and coverage to drop Python 3.6 and add Python 3.11. Thanks go to GitHub user hexchain for maintaining the GitHub workflows supporting this! * Added new "recv_eof" option to not pass an EOF from a channel to a redirected target, allowing output from multiple SSH sessions to be sent and mixed with other direct output to that target. This is meant to be similar to the existing "send_eof" option which controls whether EOF on a redirect source is passed through to the SSH channel. Thanks go to Stuart Reynolds for inspiring this idea. * Added new methods to make it easy to perform forwarding between TCP ports and UNIX domain sockets. Thanks go to Alex Rogozhnikov for suggesting this use case. * Added a workaround for a problem seen on a Huawei SFTP server where it sends an invalid combination of file attribute flags. In cases where the flags are otherwise valid and the right amount of attribute data is available, AsyncSSH will ignore the invalid flags and proceed. * Fixed an issue with copying files to SFTP servers that don't support random access I/O. The potential to trigger this failyre goes back several releases, but a change in AsyncSSH 2.12 made out-of-order writes much more likely. This fix returns AsyncSSH to its previous behavior where out-of-order writes are unlikely even when taking advantage of parallel reads. Thanks go to Patrik Lindgren and Stefan Walkner for reporting this issue and helping to identify the source of the problem. * Fixed an issue when requesting remote port forwarding on a dynamically allocated port. Thanks go to Daniel Shimon for reporting this and proposing a fix. * Fixed an issue where readexactly could block indefinitely when a signal is delivered in the stream before the requested number of bytes are available. Thanks go to Artem Bezborodko for reporting this and providing a fix. * Fixed an interoperability issue with OpenSSH when using SSH certificates with RSA keys with a SHA-2 signature. Thanks go to Łukasz Siudut for reporting this. * Fixed an issue with handling "None" in ProxyCommand, \ GlobalKnownHostsFile, and UserKnownHostsFile config file options. Thanks go to GitHub user dtrifiro for reporting this issue and suggesting a fix. |