-
Notifications
You must be signed in to change notification settings - Fork 7
/
NEWS
6831 lines (4231 loc) · 214 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changelog for the libssh2 project. Generated with git2news.pl
Daniel Stenberg (29 Aug 2021)
- [Will Cosgrove brought this change]
updated docs for 1.10.0 release
Marc Hörsken (30 May 2021)
- [Laurent Stacul brought this change]
[tests] Try several times to connect the ssh server
Sometimes, as the OCI container is run in detached mode, it is possible
the actual server is not ready yet to handle SSH traffic. The goal of
this PR is to try several times (max 3). The mechanism is the same as
for the connection to the docker machine.
- [Laurent Stacul brought this change]
Remove openssh_server container on test exit
- [Laurent Stacul brought this change]
Allow the tests to run inside a container
The current tests suite starts SSH server as OCI container. This commit
add the possibility to run the tests in a container provided that:
* the docker client is installed builder container
* the host docker daemon unix socket has been mounted in the builder
container (with, if needed, the DOCKER_HOST environment variable
accordingly set, and the permission to write on this socket)
* the builder container is run on the default bridge network, or the
host network. This PR does not handle the case where the builder
container is on another network.
Marc Hoersken (28 May 2021)
- CI/appveyor: run SSH server for tests on GitHub Actions (#607)
No longer rely on DigitalOcean to host the Docker container.
Unfortunately we require a small dispatcher script that has
access to a GitHub access token with scope repo in order to
trigger the daemon workflow on GitHub Actions also for PRs.
This script is hosted by myself for the time being until GitHub
provides a tighter scope to trigger the workflow_dispatch event.
GitHub (26 May 2021)
- [Will Cosgrove brought this change]
openssl.c: guards around calling FIPS_mode() #596 (#603)
Notes:
FIPS_mode() is not implemented in LibreSSL and this API is removed in OpenSSL 3.0 and was introduced in 0.9.7. Added guards around making this call.
Credit:
Will Cosgrove
- [Will Cosgrove brought this change]
configure.ac: don't undefine scoped variable (#594)
* configure.ac: don't undefine scoped variable
To get this script to run with Autoconf 2.71 on macOS I had to remove the undefine of the backend for loop variable. It seems scoped to the for loop and also isn't referenced later in the script so it seems OK to remove it.
* configure.ac: remove cygwin specific CFLAGS #598
Notes:
Remove cygwin specific Win32 CFLAGS and treat the build like a posix build
Credit:
Will Cosgrove, Brian Inglis
- [Laurent Stacul brought this change]
tests: Makefile.am: Add missing tests client keys in distribution tarball (#604)
Notes:
Added missing test keys.
Credit:
Laurent Stacul
- [Laurent Stacul brought this change]
Makefile.am: Add missing test keys in the distribution tarball (#601)
Notes:
Fix tests missing key to build the OCI image
Credit:
Laurent Stacul
Daniel Stenberg (16 May 2021)
- dist: add src/agent.h
Fixes #597
Closes #599
GitHub (12 May 2021)
- [Will Cosgrove brought this change]
packet.c: Reset read timeout after received a packet (#576) (#586)
File:
packet.c
Notes:
Attempt keyboard interactive login (Azure AD 2FA login) and use more than 60 seconds to complete the login, the connection fails.
The _libssh2_packet_require function does almost the same as _libssh2_packet_requirev but this function sets state->start = 0 before returning.
Credit:
teottin, Co-authored-by: Tor Erik Ottinsen <tor.ottinsen@kdi.kongsberg.com>
- [kkoenig brought this change]
Support ECDSA certificate authentication (#570)
Files: hostkey.c, userauth.c, test_public_key_auth_succeeds_with_correct_ecdsa_key.c
Notes:
Support ECDSA certificate authentication
Add a test for:
- Existing ecdsa basic public key authentication
- ecdsa public key authentication with a signed public key
Credit:
kkoenig
- [Gabriel Smith brought this change]
agent.c: Add support for Windows OpenSSH agent (#517)
Files: agent.c, agent.h, agent_win.c
Notes:
* agent: Add support for Windows OpenSSH agent
The implementation was partially taken and modified from that found in
the Portable OpenSSH port to Win32 by the PowerShell team, but mostly
based on the existing Unix OpenSSH agent support.
https://github.com/PowerShell/openssh-portable
Regarding the partial transfer support implementation: partial transfers
are easy to deal with, but you need to track additional state when
non-blocking IO enters the picture. A tracker of how many bytes have
been transfered has been placed in the transfer context struct as that's
where it makes most sense. This tracker isn't placed behind a WIN32
#ifdef as it will probably be useful for other agent implementations.
* agent: win32 openssh: Disable overlapped IO
Non-blocking IO is not currently supported by the surrounding agent
code, despite a lot of the code having everything set up to handle it.
Credit:
Co-authored-by: Gabriel Smith <gabriel.smith@precisionot.com>
- [Zenju brought this change]
Fix detailed _libssh2_error being overwritten (#473)
Files: openssl.c, pem.c, userauth.c
Notes:
* Fix detailed _libssh2_error being overwritten by generic errors
* Unified error handling
Credit:
Zenju
- [Paul Capron brought this change]
Fix _libssh2_random() silently discarding errors (#520)
Notes:
* Make _libssh2_random return code consistent
Previously, _libssh2_random was advertized in HACKING.CRYPTO as
returning `void` (and was implemented that way in os400qc3.c), but that
was in other crypto backends a lie; _libssh2_random is (a macro
expanding) to an int-value expression or function.
Moreover, that returned code was:
— 0 or success, -1 on error for the MbedTLS & WinCNG crypto backends
But also:
— 1 on success, -1 or 0 on error for the OpenSSL backend!
– 1 on success, error cannot happen for libgcrypt!
This commit makes explicit that _libssh2_random can fail (because most of
the underlying crypto functions can indeed fail!), and it makes its result
code consistent: 0 on success, -1 on error.
This is related to issue #519 https://github.com/libssh2/libssh2/issues/519
It fixes the first half of it.
* Don't silent errors of _libssh2_random
Make sure to check the returned code of _libssh2_random(), and
propagates any failure.
A new LIBSSH_ERROR_RANDGEN constant is added to libssh2.h
None of the existing error constants seemed fit.
This commit is related to d74285b68450c0e9ea6d5f8070450837fb1e74a7
and to https://github.com/libssh2/libssh2/issues/519 (see the issue
for more info.) It closes #519.
Credit:
Paul Capron
- [Gabriel Smith brought this change]
ci: Remove caching of docker image layers (#589)
Notes:
continued ci reliability work.
Credit:
Gabriel Smith
- [Gabriel Smith brought this change]
ci: Speed up docker builds for tests (#587)
Notes:
The OpenSSH server docker image used for tests is pre-built to prevent
wasting time building it during a test, and unneeded rebuilds are
prevented by caching the image layers.
Credit:
Gabriel Smith
- [Will Cosgrove brought this change]
userauth.c: don't error if using keys without RSA (#555)
file: userauth.c
notes: libssh2 now supports many other key types besides RSA, if the library is built without RSA support and a user attempts RSA auth it shouldn't be an automatic error
credit:
Will Cosgrove
- [Marc brought this change]
openssl.c: Avoid OpenSSL latent error in FIPS mode (#528)
File:
openssl.c
Notes:
Avoid initing MD5 digest, which is not permitted in OpenSSL FIPS certified cryptography mode.
Credit:
Marc
- [Laurent Stacul brought this change]
openssl.c: Fix EVP_Cipher interface change in openssl 3 #463
File:
openssl.c
Notes:
Fixes building with OpenSSL 3, #463.
The change is described there:
https://github.com/openssl/openssl/commit/f7397f0d58ce7ddf4c5366cd1846f16b341fbe43
Credit:
Laurent Stacul, reported by Sergei
- [Gabriel Smith brought this change]
openssh_fixture.c: Fix potential overwrite of buffer when reading stdout of command (#580)
File:
openssh_fixture.c
Notes:
If reading the full output from the executed command took multiple
passes (such as when reading multiple lines) the old code would read
into the buffer starting at the some position (the start) every time.
The old code only works if fgets updated p or had an offset parameter,
both of which are not true.
Credit:
Gabriel Smith
- [Gabriel Smith brought this change]
ci: explicitly state the default branch (#585)
Notes:
It looks like the $default-branch macro only works in templates, not
workflows. This is not explicitly stated anywhere except the linked PR
comment.
https://github.com/actions/starter-workflows/pull/590#issuecomment-672360634
credit:
Gabriel Smith
- [Gabriel Smith brought this change]
ci: Swap from Travis to Github Actions (#581)
Files: ci files
Notes:
Move Linux CI using Github Actions
Credit:
Gabriel Smith, Marc Hörsken
- [Mary brought this change]
libssh2_priv.h: add iovec on 3ds (#575)
file: libssh2_priv.h
note: include iovec for 3DS
credit: Mary Mstrodl
- [Laurent Stacul brought this change]
Tests: Fix unused variables warning (#561)
file: test_public_key_auth_succeeds_with_correct_ed25519_key_from_mem.c
notes: fixed unused vars
credit:
Laurent Stacul
- [Viktor Szakats brought this change]
bcrypt_pbkdf.c: fix clang10 false positive warning (#563)
File: bcrypt_pbkdf.c
Notes:
blf_enc() takes a number of 64-bit blocks to encrypt, but using
sizeof(uint64_t) in the calculation triggers a warning with
clang 10 because the actual data type is uint32_t. Pass
BCRYPT_BLOCKS / 2 for the number of blocks like libc bcrypt(3)
does.
Ref: https://github.com/openbsd/src/commit/04a2240bd8f465bcae6b595d912af3e2965856de
Fixes #562
Credit:
Viktor Szakats
- [Will Cosgrove brought this change]
transport.c: release payload on error (#554)
file: transport.c
notes: If the payload is invalid and there is an early return, we could leak the payload
credit:
Will Cosgrove
- [Will Cosgrove brought this change]
ssh2_client_fuzzer.cc: fixed building
The GitHub web editor did some funky things
- [Will Cosgrove brought this change]
ssh_client_fuzzer.cc: set blocking mode on (#553)
file: ssh_client_fuzzer.cc
notes: the session needs blocking mode turned on to avoid EAGAIN being returned from libssh2_session_handshake()
credit:
Will Cosgrove, reviewed by Michael Buckley
- [Etienne Samson brought this change]
Add a LINT option to CMake (#372)
* ci: make style-checking available locally
* cmake: add a linting target
* tests: check test suite syntax with checksrc.pl
- [Will Cosgrove brought this change]
kex.c: kex_agree_instr() improve string reading (#552)
* kex.c: kex_agree_instr() improve string reading
file: kex.c
notes: if haystack isn't null terminated we should use memchr() not strchar(). We should also make sure we don't walk off the end of the buffer.
credit:
Will Cosgrove, reviewed by Michael Buckley
- [Will Cosgrove brought this change]
kex.c: use string_buf in ecdh_sha2_nistp (#551)
* kex.c: use string_buf in ecdh_sha2_nistp
file: kex.c
notes:
use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
- [Will Cosgrove brought this change]
kex.c: move EC macro outside of if check #549 (#550)
File: kex.c
Notes:
Moved the macro LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY outside of the LIBSSH2_ECDSA since it's also now used by the ED25519 code.
Sha 256, 384 and 512 need to be defined for all backends now even if they aren't used directly. I believe this is already the case, but just a heads up.
Credit:
Stefan-Ghinea
- [Tim Gates brought this change]
kex.c: fix simple typo, niumber -> number (#545)
File: kex.c
Notes:
There is a small typo in src/kex.c.
Should read `number` rather than `niumber`.
Credit:
Tim Gates
- [Tseng Jun brought this change]
session.c: Correct a typo which may lead to stack overflow (#533)
File: session.c
Notes:
Seems the author intend to terminate banner_dup buffer, later, print it to the debug console.
Author:
Tseng Jun
Marc Hoersken (10 Oct 2020)
- wincng: fix random big number generation to match openssl
The old function would set the least significant bits in
the most significant byte instead of the most significant bits.
The old function would also zero pad too much bits in the
most significant byte. This lead to a reduction of key space
in the most significant byte according to the following listing:
- 8 bits reduced to 0 bits => eg. 2048 bits to 2040 bits DH key
- 7 bits reduced to 1 bits => eg. 2047 bits to 2041 bits DH key
- 6 bits reduced to 2 bits => eg. 2046 bits to 2042 bits DH key
- 5 bits reduced to 3 bits => eg. 2045 bits to 2043 bits DH key
No change would occur for the case of 4 significant bits.
For 1 to 3 significant bits in the most significant byte
the DH key would actually be expanded instead of reduced:
- 3 bits expanded to 5 bits => eg. 2043 bits to 2045 bits DH key
- 2 bits expanded to 6 bits => eg. 2042 bits to 2046 bits DH key
- 1 bits expanded to 7 bits => eg. 2041 bits to 2047 bits DH key
There is no case of 0 significant bits in the most significant byte
since this would be a case of 8 significant bits in the next byte.
At the moment only the following case applies due to a fixed
DH key size value currently being used in libssh2:
The DH group_order is fixed to 256 (bytes) which leads to a
2047 bits DH key size by calculating (256 * 8) - 1.
This means the DH keyspace was previously reduced from 2047 bits
to 2041 bits (while the top and bottom bits are always set), so the
keyspace is actually always reduced from 2045 bits to 2039 bits.
All of this is only relevant for Windows versions supporting the
WinCNG backend (Vista or newer) before Windows 10 version 1903.
Closes #521
Daniel Stenberg (28 Sep 2020)
- libssh2_session_callback_set.3: explain the recv/send callbacks
Describe how to actually use these callbacks.
Closes #518
GitHub (23 Sep 2020)
- [Will Cosgrove brought this change]
agent.c: formatting
Improved formatting of RECV_SEND_ALL macro.
- [Will Cosgrove brought this change]
CMakeLists.txt: respect install lib dir #405 (#515)
Files:
CMakeLists.txt
Notes:
Use CMAKE_INSTALL_LIBDIR directory
Credit: Arfrever
- [Will Cosgrove brought this change]
kex.c: group16-sha512 and group18-sha512 support #457 (#468)
Files: kex.c
Notes:
Added key exchange group16-sha512 and group18-sha512. As a result did the following:
Abstracted diffie_hellman_sha256() to diffie_hellman_sha_algo() which is now algorithm agnostic and takes the algorithm as a parameter since we needed sha512 support. Unfortunately it required some helper functions but they are simple.
Deleted diffie_hellman_sha1()
Deleted diffie_hellman_sha1 specific macro
Cleaned up some formatting
Defined sha384 in os400 and wincng backends
Defined LIBSSH2_DH_MAX_MODULUS_BITS to abort the connection if we receive too large of p from the server doing sha1 key exchange.
Reorder the default key exchange list to match OpenSSH and improve security
Credit:
Will Cosgrove
- [Igor Klevanets brought this change]
agent.c: Recv and send all bytes via network in agent_transact_unix() (#510)
Files: agent.c
Notes:
Handle sending/receiving partial packet replies in agent.c API.
Credit: Klevanets Igor <cerevra@yandex-team.ru>
- [Daniel Stenberg brought this change]
Makefile.am: include all test files in the dist #379
File:
Makefile.am
Notes:
No longer conditionally include OpenSSL specific test files, they aren't run if we're not building against OpenSSL 1.1.x anyway.
Credit:
Daniel Stenberg
- [Max Dymond brought this change]
Add support for an OSS Fuzzer fuzzing target (#392)
Files:
.travis.yml, configure.ac, ossfuzz
Notes:
This adds support for an OSS-Fuzz fuzzing target in ssh2_client_fuzzer,
which is a cut down example of ssh2.c. Future enhancements can improve
coverage.
Credit:
Max Dymond
- [Sebastián Katzer brought this change]
mbedtls.c: ECDSA support for mbed TLS (#385)
Files:
mbedtls.c, mbedtls.h, .travis.yml
Notes:
This PR adds support for ECDSA for both key exchange and host key algorithms.
The following elliptic curves are supported:
256-bit curve defined by FIPS 186-4 and SEC1
384-bit curve defined by FIPS 186-4 and SEC1
521-bit curve defined by FIPS 186-4 and SEC1
Credit:
Sebastián Katzer
Marc Hoersken (1 Sep 2020)
- buildconf: exec autoreconf to avoid additional process (#512)
Also make buildconf exit with the return code of autoreconf.
Follow up to #224
- scp.c: fix indentation in shell_quotearg documentation
- wincng: make more use of new helper functions (#496)
- wincng: make sure algorithm providers are closed once (#496)
GitHub (10 Jul 2020)
- [David Benjamin brought this change]
openssl.c: clean up curve25519 code (#499)
File: openssl.c, openssl.h, crypto.h, kex.c
Notes:
This cleans up a few things in the curve25519 implementation:
- There is no need to create X509_PUBKEYs or PKCS8_PRIV_KEY_INFOs to
extract key material. EVP_PKEY_get_raw_private_key and
EVP_PKEY_get_raw_public_key work fine.
- libssh2_x25519_ctx was never used (and occasionally mis-typedefed to
libssh2_ed25519_ctx). Remove it. The _libssh2_curve25519_new and
_libssh2_curve25519_gen_k interfaces use the bytes. Note, if it needs
to be added back, there is no need to roundtrip through
EVP_PKEY_new_raw_private_key. EVP_PKEY_keygen already generated an
EVP_PKEY.
- Add some missing error checks.
Credit:
David Benjamin
- [Will Cosgrove brought this change]
transport.c: socket is disconnected, return error (#500)
File: transport.c
Notes:
This is to fix #102, instead of continuing to attempt to read a disconnected socket, it will now error out.
Credit:
TDi-jonesds
- [Will Cosgrove brought this change]
stale.yml
Increasing stale values.
Marc Hoersken (6 Jul 2020)
- wincng: try newer DH API first, fallback to legacy RSA API
Avoid the use of RtlGetVersion or similar Win32 functions,
since these depend on version information from manifests.
This commit makes the WinCNG backend first try to use the
new DH algorithm API with the raw secret derivation feature.
In case this feature is not available the WinCNG backend
will fallback to the classic approach of using RSA-encrypt
to perform the required modular exponentiation of BigNums.
The feature availability test is done during the first handshake
and the result is stored in the crypto backends global state.
Follow up to #397
Closes #484
- wincng: fix indentation of function arguments and comments
Follow up to #397
- [Wez Furlong brought this change]
wincng: use newer DH API for Windows 8.1+
Since Windows 1903 the approach used to perform DH kex with the CNG
API has been failing.
This commit switches to using the `DH` algorithm provider to perform
generation of the key pair and derivation of the shared secret.
It uses a feature of CNG that is not yet documented. The sources of
information that I've found on this are:
* https://stackoverflow.com/a/56378698/149111
* https://github.com/wbenny/mini-tor/blob/5d39011e632be8e2b6b1819ee7295e8bd9b7a769/mini/crypto/cng/dh.inl#L355
With this change I am able to successfully connect from Windows 10 to my
ubuntu system.
Refs: https://github.com/alexcrichton/ssh2-rs/issues/122
Fixes: https://github.com/libssh2/libssh2/issues/388
Closes: https://github.com/libssh2/libssh2/pull/397
GitHub (1 Jul 2020)
- [Zenju brought this change]
comp.c: Fix name clash with ZLIB macro "compress" (#418)
File: comp.c
Notes:
* Fix name clash with ZLIB macro "compress".
Credit:
Zenju
- [yann-morin-1998 brought this change]
buildsystem: drop custom buildconf script, rely on autoreconf (#224)
Notes:
The buildconf script is currently required, because we need to copy a
header around, because it is used both from the library and the examples
sources.
However, having a custom 'buildconf'-like script is not needed if we can
ensure that the header exists by the time it is needed. For that, we can
just append the src/ directory to the headers search path for the
examples.
And then it means we no longer need to generate the same header twice,
so we remove the second one from configure.ac.
Now, we can just call "autoreconf -fi" to generate the autotools files,
instead of relying on the canned sequence in "buildconf", since
autoreconf has now long known what to do at the correct moment (future
versions of autotools, automake, autopoint, autoheader etc... may
require an other ordering, or other intermediate steps, etc...).
Eventually, get rid of buildconf now it is no longer needed. In fact, we
really keep it for legacy, but have it just call autoreconf (and print a
nice user-friendly warning). Don't include it in the release tarballs,
though.
Update doc, gitignore, and travis-CI jobs accordingly.
Credit:
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Sam Voss <sam.voss@rockwellcollins.com>
- [Will Cosgrove brought this change]
libssh2.h: Update Diffie Hellman group values (#493)
File: libssh2.h
Notes:
Update the min, preferred and max DH group values based on RFC 8270.
Credit:
Will Cosgrove, noted from email list by Mitchell Holland
Marc Hoersken (22 Jun 2020)
- travis: use existing Makefile target to run checksrc
- Makefile: also run checksrc on test source files
- tests: avoid use of deprecated function _sleep (#490)
- tests: avoid use of banned function strncat (#489)
- tests: satisfy checksrc regarding max line length of 79 chars
Follow up to 2764bc8e06d51876b6796d6080c6ac51e20f3332
- tests: satisfy checksrc with whitespace only fixes
checksrc.pl -i4 -m79 -ASIZEOFNOPAREN -ASNPRINTF
-ACOPYRIGHT -AFOPENMODE tests/*.[ch]
- tests: add support for ports published via Docker for Windows
- tests: restore retry behaviour for docker-machine ip command
- tests: fix mix of declarations and code failing C89 compliance
- wincng: add and improve checks in bit counting function
- wincng: align bits to bytes calculation in all functions
- wincng: do not disable key validation that can be enabled
The modular exponentiation also works with key validation enabled.
- wincng: fix return value in _libssh2_dh_secret
Do not ignore return value of modular exponentiation.
- appveyor: build and run tests for WinCNG crypto backend
GitHub (1 Jun 2020)
- [suryakalpo brought this change]
INSTALL_CMAKE.md: Update formatting (#481)
File: INSTALL_CMAKE.md
Notes:
Although the original text would be immediately clear to seasoned users of CMAKE and/or Unix shell, the lack of newlines may cause some confusion for newcomers. Hence, wrapping the texts in a md code-block such that the newlines appear as intended.
credit:
suryakalpo
Marc Hoersken (31 May 2020)
- src: add new and align include guards in header files (#480)
Make sure all include guards exist and follow the same format.
- wincng: fix multiple definition of `_libssh2_wincng' (#479)
Add missing include guard and move global state
from header to source file by using extern.
GitHub (28 May 2020)
- [Will Cosgrove brought this change]
transport.c: moving total_num check from #476 (#478)
file: transport.c
notes:
moving total_num zero length check from #476 up to the prior bounds check which already includes a total_num check. Makes it slightly more readable.
credit:
Will Cosgrove
- [lutianxiong brought this change]
transport.c: fix use-of-uninitialized-value (#476)
file:transport.c
notes:
return error if malloc(0)
credit:
lutianxiong
- [Dr. Koutheir Attouchi brought this change]
libssh2_sftp.h: Changed type of LIBSSH2_FX_* constants to unsigned long, fixes #474
File:
libssh2_sftp.h
Notes:
Error constants `LIBSSH2_FX_*` are only returned by `libssh2_sftp_last_error()` which returns `unsigned long`.
Therefore these constants should be defined as unsigned long literals, instead of int literals.
Credit:
Dr. Koutheir Attouchi
- [monnerat brought this change]
os400qc3.c: constify libssh2_os400qc3_hash_update() data parameter. (#469)
Files: os400qc3.c, os400qc3.h
Notes:
Fixes building on OS400. #426
Credit:
Reported-by: hjindra on github, dev by Monnerat
- [monnerat brought this change]
HACKING.CRYPTO: keep up to date with new crypto definitions from code. (#466)
File: HACKING.CRYPTO
Notes:
This commit updates the HACKING.CRYPTO documentation file in an attempt to make it in sync with current code.
New documented features are:
SHA384
SHA512
ECDSA
ED25519
Credit:
monnerat
- [Harry Sintonen brought this change]
kex.c: Add diffie-hellman-group14-sha256 Key Exchange Method (#464)
File: kex.c
Notes: Added diffie-hellman-group14-sha256 kex
Credit: Harry Sintonen <sintonen@iki.fi>
- [Will Cosgrove brought this change]
os400qc3.h: define sha512 macros (#465)
file: os400qc3.h
notes: fixes for building libssh2 1.9.x
- [Will Cosgrove brought this change]
os400qc3.h: define EC types to fix building #426 (#462)
File: os400qc3.h
Notes: define missing EC types which prevents building
Credit: hjindra
- [Brendan Shanks brought this change]
hostkey.c: Fix 'unsigned int'/'uint32_t' mismatch (#461)
File: hostkey.c
Notes:
These types are the same size so most compilers are fine with it, but CodeWarrior (on classic MacOS) throws an ‘illegal implicit conversion’ error
Credit: Brendan Shanks
- [Thomas Klausner brought this change]
Makefile.am: Fix unportable test(1) operator. (#459)
file: Makefile.am
Notes:
The POSIX comparison operator for test(1) is =; bash supports == but not even test from GNU coreutils does.
Credit:
Thomas Klausner
- [Tseng Jun brought this change]
openssl.c: minor changes of coding style (#454)
File: openssl.c
Notes:
minor changes of coding style and align preprocessor conditional for #439
Credit:
Tseng Jun
- [Hans Meier brought this change]
openssl.c: Fix for use of uninitialized aes_ctr_cipher.key_len (#453)
File:
Openssl.c
Notes:
* Fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression from #439
Credit:
Hans Meirer, Tseng Jun
- [Zenju brought this change]
agent.c: Fix Unicode builds on Windows (#417)
File: agent.c
Notes:
Fixes unicode builds for Windows in Visual Studio 16.3.2.
Credit:
Zenju
- [Hans Meier brought this change]
openssl.c: Fix use-after-free crash in openssl backend without memory leak (#439)
Files: openssl.c
Notes:
Fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
Credit:
Hans Meier
- [Romain Geissler @ Amadeus brought this change]
Session.c: Fix undefined warning when mixing with LTO-enabled libcurl. (#449)
File: Session.c
Notes:
With gcc 9, libssh2, libcurl and LTO enabled for all binaries I see this
warning (error with -Werror):
vssh/libssh2.c: In function ‘ssh_statemach_act’:
/data/mwrep/rgeissler/ospack/ssh2/BUILD/libssh2-libssh2-03c7c4a/src/session.c:579:9: error: ‘seconds_to_next’ is used uninitialized in this function [-Werror=uninitialized]