Magic-wormhole

Latest version: v0.13.0

Safety actively analyzes 613734 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 6

0.13.0

* Python 2.7 support is dropped (457)
* Python 3.5 and 3.6 are past their EOL date and support is dropped (448)
* SECURITY: Replace "weird" characters in receiver's display (476)
* SECURITY: all past binary signatures are now in Git
* Use the HKDF primitive from "cryptography" (462)
* `wormhole receive` now accepts `--allocate-code` so that a sender can
use `--code` to send them a file (450)
* Stream to disk after 10MB on directory receive (447)
* Handle SSH keys with comments properly (434)
* Properly parse IPv6 Transit address (461)

Also of interest to developers in this release are a few changes to the experimental Dilation implementation and description; some documentation cleanups; dropping of dependencies; and some test cleanups.
The Dilation changes properly send `use-version` and split messages over Noise-sized chunks more seamlessly (allowing the specified 4-byte maximum message size at the application layer).

For packagers: PyPI has stopped serving detached signature files.
Going forward, all signatures will be committed to Git (in the signatures/ subdirectory).
All available signatures from PyPI for historic releases have been added here too.

Thanks to the many contributors of bug-fixes, patches, and other help with this
release:

* Jelle van der Waa https://github.com/jelly (#466)
* Matthias Riße https://github.com/matrss (#432, 434)
* meejah https://meejah.ca (#484, 481, 483, 455, 477, 464, 456, 460)
* Perseid https://github.com/Perseid (#476)
* FelisDiligens https://github.com/FelisDiligens (#461)
* Casey Link https://github.com/Ramblurr (#468)
* Kian-Meng Ang https://github.com/kianmeng (#452)
* sitiom https://github.com/sitiom (#436)
* Sagar Howal https://github.com/sagarhowal (#410)
* Adam Sroka https://github.com/adam-sroka (#403, 404)
* vu3rdd https://github.com/vu3rdd (reviews)

0.12.0

* A command like `wormhole send /dev/fd0` can send the contents of the named
block device (USB stick, SD card, floppy, etc), resulting in a plain file
on the other side. (323)
* Change "accept this file?" default answer from no to yes. (327 330 331)
* Actually use tempfile for large directory transfers. This fixes a five-year
old bug which prevents transfers of directories larger than available RAM
by finally really building the temporary zipfile on disk. (379)
* Accept 'wss' for TLS-protected relay connections, which default to port 443
if no other port is accepted. A future release will change the public relay
to use TLS. (144)
* Drop support for python3.4
* Stall `--verify` long enough to send the verifier. This fixes a bug when
both sides use `--verify`, the receiver uses tab-completion, the sender
sees the verifier and waits for the user to confirm, but the receiver
cannot show the verifier (enabling that confirmation) until the sender
approves the transfer. (349)

This release also includes an incomplete implementation of the new "Dilation"
API (see ticket 312 for details). In the future this will enable restarting
interrupted transfers, tolerating changes in network address, bidirectional
transfers in a long-running GUI/daemon process, and more. The protocol is not
finalized, nor is it backward compatible with the old "Transit" protocol yet,
so there is no CLI access so far. The code is present and tested to make sure
it doesn't regress and for ease of development, but intrepid folks who want
to try it out will need to write a client first (and be aware that the
protocol may change out from under them). A future release will add
compatibility negotiation with old clients and start using the new protocol.

PRs and tickets addressed in this release: 144 312 318 321 323 327 330
331 332 339 349 361 365 368 367 378 379.

Thanks to the many contributors of bugs, patches, and other help with this
release:

* Adam Spiers aka aspiers
* Евгений Протозанов aka WeirdCarrotMonster
* Edward Betts aka EdwardBetts
* Jacek Politowski aka jpolnetpl
* Julian Stecklina aka blitz
* Jürgen Gmach aka jugmac00
* Louis Wilson aka louiswins
* Miro Hrončok aka hroncok
* Moritz Schlichting aka morrieinmaas
* Shea Polansky aka Phyxius
* sneakypete81

0.11.2

Rerelease to fix the long description on PyPI. Thanks to Marius Gedminas for
tracking down the problem and providing the fix. (316)

0.11.1

* Fix `python -m wormhole` on py2. (315)

Thanks to Marius Gedminas, FreddieHo, and Jakub Wilk for patches and bug
reports in this release.

0.11.0

* Python-3.7 compatibility was fixed. (306)
* Support for Python-3.4 on Windows has been dropped. py3.4 is still
supported on unix-like operating systems.
* The client version is now sent to the mailbox server for each connection. I
strive to have the client share as little information as possible, but I
think this will help me improve the protocol by giving me a better idea of
client-upgrade adoption rates. (293)

Packaging changes:

* We removed the Rendezvous Server (now named the "Mailbox Server") out to a
separate package and repository named `magic-wormhole-mailbox-server`. We
still import it for tests. Use `pip install magic-wormhole-mailbox-server`
to run your own server. (240)
* The code is now formatted to be PEP8 compliant. (296)
* The Dockerfile was removed: after the Mailbox Server was moved out, I don't
think it was relevant. (295)

Thanks to Andreas `Baeumla` Bäuml, Marius `mgedmin` Gedminas, Ofek `ofek`
Lev, Thomas `ThomasWaldmann` Waldmann, and Vasudev `copyninja` Kamath for
patches and bug reports in this release.

0.10.5

* Upgrade to newer python-spake2, to improve startup speed by not computing
blinding factors for unused parameter sets. On a Raspberry Pi 3, this
reduces "wormhole --version" time from ~19s to 7s.
* Fix a concurrency bug that could cause a crash if the server responded too
quickly. (280)

Page 1 of 6

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.