2022-08-18 18:45:30 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-asyncssh: updated to 2.12.0
Release 2.12.0 (10 Aug 2022)
----------------------------
* Added top-level functions run_client() and run_server() which allow
you to begin running an SSH client or server on an already-connected
socket. This capability is also available via a new "sock" argument
in the existing connect(), connect_reverse(), get_server_host_key(),
and get_server_auth_methods() functions.
* Added "sock" argument to listen() and listen_reverse() functions
which takes an already-bound listening socket instead of a host
and port to bind a new socket to.
* Added support for forwarding break, signal, and terminal size updates
when redirection of stdin is set up between two SSHProcess instances.
* Added support for sntrup761x25519-sha512@openssh.com post-quantum
key exchange algorithm. For this to be available, the Open Quantum
Safe (liboqs) dynamic library must be installed.
* Added "sig_alg" argument to set a signature algorithm when creating
OpenSSH certificates, allowing a choice between ssh-rsa, rsa-sha2-256,
and rsa-sha2-512 for certificates signed by RSA keys.
* Added new read_parallel() method in SFTPClientFile which allows
parallel reads to be performed from a remote file, delivering
incremental results as these reads complete. Previously, large
reads would automatically be parallelized, but a result was only
returned after all reads completed.
* Added definition of __all__ for public symbols in AsyncSSH to make
pyright autocompletion work better. Thanks go to Nicolas Riebesel
for providing this change.
* Updated SFTP and SCP glob and copy functions to use scandir() instead
of listdir() to improve efficiency.
* Updated default for "ignore_encrypted" client connection option to
ignore encrypted keys specified in an OpenSSH config file when no
passphrase is provided, similar to what was previosuly done for
keys with default names.
* Fixed an issue when using an SSH agent with RSA keys and an X.509
certificate while requesting SHA-2 signatures.
* Fixed an issue with use of expanduser() in unit tests on newer versions
of Python. Thanks go to Georg Sauthoff for providing an initial version
of this fix.
* Fixed an issue with fallback to a Pageant agent not working properly
on Windows when no agent_path or SSH_AUTH_SOCK was set.
* Fixed improper escaping in readuntil(), causing certain punctuation in
separator to not match properly. Thanks go to Github user MazokuMaxy
for reporting this issue.
* Fixed the connection close handler to properly mark channels as fully
closed when the peer unexpected closes the connection, allowing
exceptions to fire if an application continues to try and use
the channel. Thanks go to Taha Jahangir for reporting this issue and
suggesting a possible fix.
* Eliminated unit testing against OpenSSH for tests involving DSA and
RSA keys using SHA-1 signatures, since this support is being dropped
in some distributions of OpenSSH. These tests are still performed, but
using only AsyncSSH code. Thanks go to Ken Dreyer and Georg Sauthoff
for reporting this issue and helping me to reproduce it.
|
2022-07-08 10:00:42 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-asyncssh: updated to 2.11.0
Release 2.11.0 (4 Jun 2022)
---------------------------
* Made a number of improvements in SFTP glob support, with thanks to
Github user LuckyDams for all the help working out these changes!
* Added a new glob_sftpname() method which returns glob matches
together with attribute information, avoiding the need for a
caller to make separate calls to stat() on the returned results.
* Switched from listdir() to scandir() to reduce the number of
stat() operations required while finding matches.
* Added code to remove duplicates when glob() is called with
multiple patterns that match the same path.
* Added a cache of directory listing and stat results to improve
performance when matching patterns with overlapping paths.
* Fixed an "index out of range" bug in recursive glob matching
and aligned it better with results reeturned by UNIX shells.
* Changed matching to ignore inaccessible or non-existent paths
in a glob pattern, to allow accessible paths to be fully
explored before returning an error. The error handler will now
be called only if a pattern results in no matches, or if a more
serious error occurs while scanning.
* Changed SFTP makedirs() method to work better cases where parts of
requested path already exist but don't allow read access. As long as
the entire path can be created, makedirs() will succeed, even if some
directories on the path don't allow their contents to be read. Thanks
go to Peter Rowlands for providing this fix.
* Replaced custom Diffie Hellman implementation in AsyncSSH with the
one in the cryptography package, resulting in an over 10x speedup.
Thanks go to Github user iwanb for suggesting this change.
* Fixed AsyncSSH to re-acquire GSS credentials when performing key
renegotiation to avoid expired credentials on long-lived connections.
Thanks go to Github user PromyLOPh for pointing out this issue and
suggesting a fix.
* Fixed GSS MIC to work properly with GSS key exchange when AsyncSSH
is running as a server. This was previously fixed on the client side,
but a similar fix for the server was missed.
* Changed connection timeout unit tests to work better in environments
where a firewall is present. Thanks go to Stefano Rivera for
reporting this issue.
* Improved unit tests of Windows SSPI GSSAPI module.
* Improved speed of unit tests by reducing the number of key generation
calls. RSA key generation in particular has gotten much more expensive
in OpenSSL 3.
|
2022-05-20 14:09:48 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asyncssh: updated to 2.10.1
Release 2.10.1 (16 Apr 2022)
----------------------------
* Added support for "Match Exec" in config files and updated AsyncSSH
API calls to do config parsing in an executor to avoid blocking the
event loop if a "Match Exec" command doesn't return immediately.
* Fixed an issue where settings associated with server channels set
when creating a listener rather than at the time a new channel is
opened were not always being applied correctly.
* Fixed config file handling to be more consistent with OpenSSH, making
all relative paths be evaluated relative to ~/.ssh and allowing
references to config file patterns which don't match anything to only
trigger a debug message rather than an error. Thanks go to Caleb Ho
for reporting this issue!
* Update minimum required version of cryprography package to 3.1, to
allow calls to it to be made without passing in a "backend" argument.
This was missed back in the 2.9 release. Thanks go to Github users
sebby97 and JavaScriptDude for reporting this issue!
Release 2.10.0 (26 Mar 2022)
----------------------------
* Added new get_server_auth_methods() function which returns the set
of auth methods available for a given user and SSH server.
* Added support for new line_echo argument when creating a server
channel which controls whether input in the line editor is echoed
to the output immediately or under the control of the application,
allowing more control over the ordering of input and output.
* Added explicit support for RSA SHA-2 certificate algorithms.
Previously, SHA-2 signatures were supported using the original
ssh-rsa-cert-v01@openssh.com algorithm name, but recent versions
of SSH now disable this algorithm by default, so the new SHA-2
algorithm names need to be advertised for SHA-2 signatures to
work when using OpenSSH certificates.
* Improved handling of config file loading when options argument is
used, allowing config loading to be overridden at connect() time
even if the options passed in referenced a config file.
* Improved speed of unit tests by avoiding some network timeouts
when connecting to invalid addresses.
* Merged GitHub workflows contributed by GitHub user hexchain to
run unit tests and collect code coverage information on multiple
platforms and Python versions. Thanks so much for this work!
* Fixed issue with GSS auth unit tests hanging on Windows.
* Fixed issue with known_hosts matching when ProxyJump is being used.
Thanks go to GitHub user velavokr for reporting this and helping
to debug it.
* Fixed type annotations for SFTP client and server open methods.
Thanks go to Marat Sharafutdinov for reporting this!
|
2022-01-24 13:50:28 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
py-asyncssh: updated to 2.9.0
Release 2.9.0 (23 Jan 2022)
---------------------------
* Added mypy-compatible type annotations to all AsyncSSH modules, and a
"py.typed" file to signal that annotations are now available for this
package.
* Added experimental support for SFTP versions 4-6. While AsyncSSH still
defaults to only advertising version 3 when acting as both a client and
a server, applications can explicitly enable support for later versions,
which will be used if both ends of the connection agree. Not all features
are fully supported, but a number of useful enhancements are now
available, including as users and groups specified by name, higher
resolution timestamps, and more granular error reporting.
* Updated documentation to make it clear that keys from a PKCS11 provider
or ssh-agent will be used even when client_keys is specified, unless
those sources are explicitly disabled.
* Improved handling of task cancellation in AsyncSSH to avoid triggering
an error of "Future exception was never retrieved". Thanks go to \
Krzysztof
Kotlenga for reporting this issue and providing test code to reliably
reproduce it.
* Changed implementation of OpenSSH keepalive handler to improve
interoperability with servers which don't expect a "success" response
when this message is sent.
Release 2.8.1 (8 Nov 2021)
--------------------------
* Fixed a regression in handling of the passphrase argument used to
decrypt private keys.
Release 2.8.0 (3 Nov 2021)
--------------------------
* Added new connect_timeout option to set a timeout which includes the
time taken to open an outbound TCP connection, allowing connections
to be aborted without waiting for the default socket connect timeout.
The existing login_timeout option only applies after the TCP connection
was established, so it could not be used for this. The support for the
ConnectTimeout config file option has also been updated to use this new
capability, making it more consistent with OpenSSH's behavior.
* Added the ability to use the passphrase argument specified in a connect
call to be used to decrypt keys used to connect to bastion hosts.
Previously, this argument was only applied when making a connection
to the main host and encrypted keys could only be used when they
were loaded separately.
* Updated AsyncSSH's "Record" class to make it more IDE-friendly when
it comes to things like auto-completion. This class is used as a base
class for SSHCompletedProcess and various SFTP attribute classes.
Thanks go to Github user zentarim for suggesting this improvement.
* Fixed a potential uncaught exception when handling forwarded connections
which are immediately closed by a peer.
|
2022-01-04 21:55:40 by Thomas Klausner | Files touched by this commit (1595) |
Log message:
*: bump PKGREVISION for egg.mk users
They now have a tool dependency on py-setuptools instead of a DEPENDS
|
2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
|
2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606) |
Log message:
security: Remove SHA1 hashes for distfiles
|
2021-09-16 12:35:27 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asyncssh: updated to 2.7.2
Release 2.7.2
* Fixed a regression related to server host key selection when attempting
to use a leading '+' to add algorithms to the front of the default list.
* Fixed logging to properly handle SFTPName objects with string filenames.
* Fixed SSH_EXT_INFO to only be sent after the first key exchange.
|
2021-09-13 10:39:47 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asyncssh: updated to 2.7.1
Release 2.7.1 (6 Sep 2021)
--------------------------
* Added an option to allow encrypted keys to be ignored when no passphrase
is set. This behavior previously happened by default when loading keys
from default locations, but now this option to load_keypairs() can be
specified when loading any set of keys.
* Changed loading of default keys to automatically skip key types which
aren't supported due to missing dependencies.
* Added the ability to specify "default" for server_host_key_algs, as
a way for a client to request that its full set of default algorithms
be advertised to the server, rather than just the algorithms matching
keys in the client's known hosts list. Thanks go to Manfred Kaiser
for suggesting this improvement.
* Added support for tilde-expansion in the config file "include"
directive. Thanks go to Zack Cerza for reporting this and suggesting
a fix.
* Improved interoperatbility of AsyncSSH SOCKS listener by sending a zero
address rather than an empty hostname in the SOCKS CONNECT response.
Thanks go to Github user juouy for reporting this and suggesting a fix.
* Fixed a couple of issues related to sending SSH_EXT_INFO messages.
* Fixed an issue with using SSHAcceptor as an async context manager.
Thanks go to Paulo Costa for reporing this.
* Fixed an issue where a tunnel wasn't always cleaned up properly when
creating a remote listener.
* Improved handling of connection drops, avoiding exceptions from being
raised in some cases when the transport is abruptly closed.
* Made AsyncSSH SFTP support more tolerant of file permission values with
undefined bits set. Thanks go to GitHub user ccwufu for reporting this.
* Added some missing key exchange algorithms in the AsyncSSH documentation.
Thanks go to Jeremy Norris for noticing and reporting this.
* Added support for running AsyncSSH unit tests on systems with OpenSSL
3.0 installed. Thanks go to Ken Dreyer for raising this issue and
pointing out the new OpenSSL "provider" support for legacy algorithms.
|
2021-06-29 15:36:26 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
py-asyncssh: updated to 2.7.0
Release 2.7.0 (19 Jun 2021)
Added support for the ProxyCommand config file option and a corresponding \
proxy_command argument in the SSH connection options, allowing a subprocess to \
be used to make the connection to the SSH server. When the config option is \
used, it should be fully compatible with OpenSSH percent expansion in the \
command to run.
Added support for accessing terminal information as properties in the \
SSHServerProcess class. As part of this change, both the environment and \
terminal modes are now available as read-only mappings. Thanks again to velavokr \
for suggesitng this and submitting a PR with a proposed version of the change.
Fixed terminal information passed to pty_requested() callback to properly \
reflect requested terminal type, size, and modes. Thanks go to velavokr for \
reporting this issue and proposing a fix.
Fixed an edge case where a connection object might not be cleaned up properly if \
the connection request was cancelled before it was fully established.
Fixed an issue where some unit tests weren’t properly closing connection \
objects before exiting.
|