8 | TITLE(Changelog) 9 | BOXTOP 10 | 11 | 12 | SUBTITLE(Version 1.11.1 - October 16 2024) 13 |
14 | Enhancements and bugfixes 15 |
16 |
-
17 |
- autotools: fix to update `LDFLAGS` for each detected dependency (d19b6190 #1384 #1381 #1377) 18 |
- autotools: delete `--disable-tests` option, fix CI tests (e051ae34 #1271 #715 revert: 7483edfa) 19 |
- autotools: show the default for `hidden-symbols` option (a3f5594a #1269) 20 |
- autotools: enable `-Wunused-macros` with gcc (ecdf5199 #1262 #1227 #1224) 21 |
- autotools: fix dotless gcc and Apple clang version detections (89ccc83c #1232 #1187) 22 |
- autotools: show more clang/gcc version details (fb580161 #1230) 23 |
- autotools: avoid warnings in libtool stub code (96682bd5 #1227 #1224) 24 |
- autotools: sync warning enabler code with curl (5996fefe #1223) 25 |
- autotools: rename variable (ce5f208a #1222) 26 |
- autotools: picky warning options tidy-up (cdca8cff #1221) 27 |
- autotools: fix `cp` to preserve attributes and timestamp in `Makefile.am` (f64e6318) 28 |
- autotools: fix selecting WinCNG in cross-builds (and more) (00a3b88c #1187 #1186) 29 |
- autotools: use comma separator in `Requires.private` of `libssh2.pc` (7f83de14 #1124) 30 |
- autotools: remove `AB_INIT` from `configure.ac` (f4f52ccc) 31 |
- autotools: improve libz position (c89174a7 #1077 #941 #1075 #1013 regr: 4f0f4bff) 32 |
- autotools: skip tests requiring static lib if `--disable-static` (572c57c9 #1072 #663 #1056 regr: 83853f8a) 33 |
- build: stop detecting `sys/param.h` header (2677d3b0 #1418 #1415) 34 |
- build: silence warnings inside `FD_SET()`/`FD_ISSET()` macros (323a14b2 #1379) 35 |
- build: drop `-Wformat-nonliteral` warning suppressions (c452c5cc #1342) 36 |
- build: enable `-pedantic-errors` (3ec53f3e #1286) 37 |
- build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute (f8c45794 #1287) 38 |
- build: add `LIBSSH2_NO_DEPRECATED` option (b1414503 #1267 #1266 #1260 #1259) 39 |
- build: enable missing OpenSSF-recommended warnings, with fixes (afa6b865 #1257) 40 |
- build: enable more compiler warnings and fix them (7ecc309c #1224) 41 |
- build: picky warning updates (328a96b3 #1219) 42 |
- build: revert: respect autotools `DLL_EXPORT` in `libssh2.h` (481be044 #1141 #917 revert: fb1195cf) 43 |
- build: stop requiring libssl from openssl (c84745e3 #1128) 44 |
- build: tidy-up `libssh2.pc.in` variable names (5720dd9f #1125) 45 |
- build: add/fix `Requires.private` packages in `libssh2.pc` (ef538069 #1123) 46 |
- buildconf: drop (814a850c #1441 follow: fc5d7788) 47 |
- checksrc: update, check all sources, fix fallouts (1117b677 #1457) 48 |
- checksrc: sync with curl (8cd473c9 #1272) 49 |
- checksrc: fix spelling in comment (a95d401f) 50 |
- checksrc: modernise Perl file open (3d309f9b) 51 |
- checksrc: switch to dot file (d67a91aa #1052) 52 |
- ci: use Ninja with cmake (20ad047d #1458) 53 |
- ci: disable dependency tracking in autotools builds (e44f0418 #1396) 54 |
- ci: fix mbedtls runners on macOS (84411539 #1381) 55 |
- ci: enable Unity mode for most CMake builds (1bfae57b #1367 #1034) 56 |
- ci: add shellcheck job and script (d88b9bcd) 57 |
- ci: verify build and install from tarball (a86e27e8 #1362) 58 |
- ci: add reproducibility test for `maketgz` (2d765e45 #1360) 59 |
- ci: use Linux runner for BSDs, add arm64 FreeBSD 14 job (6f86b196 #1343) 60 |
- ci: do not parallelize `distcheck` job (5e65dd87 #1339) 61 |
- ci: add FreeBSD 14 job, fix issues (46333adf #1277) 62 |
- ci: add OmniOS job, fix issues (5e0ec991) 63 |
- ci: show compiler in cross/cygwin job names (c9124088) 64 |
- ci: add OpenBSD (v7.4) job + fix build error in example (0c9a8e35 #1250) 65 |
- ci: add NetBSD (v9.3) job (65c7a7a5) 66 |
- ci: update and speed up FreeBSD job (eee4e805) 67 |
- ci: use absolute path in `CMAKE_INSTALL_PREFIX` (74948816 #1247) 68 |
- ci: boost mbedTLS build speed (236e79a1 #1245) 69 |
- ci: add BoringSSL job (cmake, gcc, amd64) (c9dd3566 #1233) 70 |
- ci: fixup FreeBSD version, bump mbedTLS (fea6664e #1217) 71 |
- ci: add FreeBSD 13.2 job (a7d2a573 #1215) 72 |
- ci: mbedTLS 3.5.0 (5e190442 #1202) 73 |
- ci: update actions, use shallow clones with appveyor (d468a33f #1199) 74 |
- ci: replace `mv` + `chmod` with `install` in `Dockerfile` (5754fed6 #1175) 75 |
- ci: set file mode early in `appveyor_docker.yml` (633db55f) 76 |
- ci: add spellcheck (codespell) (a79218d3) 77 |
- ci: add MSYS builds (autotools and cmake) (d43b8d9b #1162) 78 |
- ci: add Cygwin builds (autotools and cmake) (f1e96e73 #1161) 79 |
- ci: add mingw-w64 UWP build (1215aa5f #1155 #1147) 80 |
- ci: add missing timeout to 'autotools distcheck' step (6265ffdb) 81 |
- ci: add non-static autotools i386 build, ignore GHA updates on AppVeyor (c6e137f7 #1074 #1072) 82 |
- ci: prefer `=` operator in shell snippets (e5c03043 #1073) 83 |
- ci: drop redundant/unused vars, sync var names (ab8e95bc #1059) 84 |
- ci: add i386 Linux build (with mbedTLS) (abdf40c7 #1057 #1053) 85 |
- ci/appveyor: reduce test runs (workaround for infrastructure permafails) (b5e68bdc #1461) 86 |
- ci/appveyor: increase wait for SSH server on GHA (bf3af90b) 87 |
- ci/appveyor: bump to OpenSSL 3.2.1 (53d9c1a6 #1363 #1348) 88 |
- ci/appveyor: re-enable parallel mode (e190e5b2 #1294 #884 #867) 89 |
- ci/appveyor: delete UWP job broken since Visual Studio upgrade (d0a7f1da #1275) 90 |
- ci/appveyor: YAML/PowerShell formatting, shorten variable name (06fd721f #1200) 91 |
- ci/appveyor: move to pure PowerShell (8a081fd9 #1197) 92 |
- ci/GHA: revert concurrency and improve permissions (e4c042f6) 93 |
- ci/GHA: FreeBSD 14.1, actions bump (ae04b1b9 #1424) 94 |
- ci/GHA: fix wolfSSL-from-source AES-GCM tests (1c0b07a7 #1409 #1408) 95 |
- ci/GHA: add Linux job with latest wolfSSL built from source (d4cea53f #1408 #1299 #1020) 96 |
- ci/GHA: tidy up build-from-source steps (2c633033) 97 |
- ci/GHA: show configure logs on failure and other tidy-ups (dab48398 #1403) 98 |
- ci/GHA: bump parallel jobs to nproc+1 (6f3d3bc8 #1402) 99 |
- ci/GHA: show test logs on failure (b8ffa7a5 #1401) 100 |
- ci/GHA: fix `Dockerfile` failing after Ubuntu package update (839bb84e #1400) 101 |
- ci/GHA: use ubuntu-latest with OmniOS job (50143d58) 102 |
- ci/GHA: shell syntax tidy-up (3b23e039 #1390) 103 |
- ci/GHA: bump NetBSD/OpenBSD, add NetBSD arm64 job (e980af72 #1388) 104 |
- ci/GHA: tidy up wolfSSL autotools config on macOS (5953c1f1 #1383) 105 |
- ci/GHA: shorter mbedTLS autotools workaround (736e3d7d #1382 #1381) 106 |
- ci/GHA: fix gcrypt with autotools/macOS/Homebrew/ARM64 (ae2770de #1377) 107 |
- ci/GHA: fix verbose option for autotools jobs (499b27ae #1376) 108 |
- ci/GHA: dump `config.log` on failure for macOS autotools jobs (4fa69214 #1375) 109 |
- ci/GHA: fix `autoreconf` failure on macOS/Homebrew (0b64b30b #1374) 110 |
- ci/GHA: fixup Homebrew location (for ARM runners) (6128aee0 #1373) 111 |
- ci/GHA: review/fixup auto-cancel settings (b08cfbc9 #1292) 112 |
- ci/GHA: restore curly braces in `if` (36748270 #1145) 113 |
- ci/GHA: simplify `if` strings (cab3db58 #1140) 114 |
- cmake: sync and improve Find modules, add `pkg-config` native detection (45064137 #1445 #1420) 115 |
- cmake: generate `LIBSSH2_PC_LIBS_PRIVATE` dynamically (c87f1296 #1466) 116 |
- cmake: add comment about `ibssh2.pc.in` variables (14b1b9d0) 117 |
- cmake: support absolute `CMAKE_INSTALL_INCLUDEDIR`/`CMAKE_INSTALL_LIBDIR` (d70cee36 #1465) 118 |
- cmake: rename two variables and initialize them (0fce9dcc #1464) 119 |
- cmake: prefer `find_dependency()` in `libssh2-config.cmake` (d9c2e550 #1460) 120 |
- cmake: tidy up syntax, minor improvements (9d9ee780 #1446) 121 |
- cmake: rename mbedTLS and wolfSSL Find modules (570de0f2) 122 |
- cmake: fixup version detection in mbedTLS Find module (8e3c40b2 #1444) 123 |
- cmake: mbedTLS detection tidy-ups (6d1d13c2 #1438) 124 |
- cmake: add quotes, delete ending dirseps (2bb46d44 #1437 #1166) 125 |
- cmake: sync formatting in `cmake/Find*` modules (a0310699) 126 |
- cmake: tidy up function name casing in `CopyRuntimeDependencies.cmake` (03547cb8) 127 |
- cmake: use the imported target of FindOpenSSL module (82b09f9b #1322) 128 |
- cmake: rename picky warnings script (64d6789f #1225) 129 |
- cmake: fix multiple include of libssh2 package (932d6a32 #1216) 130 |
- cmake: show crypto backend in feature summary (20387285 #1211) 131 |
- cmake: simplify showing CMake version (fc00bdd7 #1203) 132 |
- cmake: cleanup mbedTLS version detection more (4c241d5c #1196 #1192) 133 |
- cmake: delete duplicate `include()` (30eef0a6) 134 |
- cmake: improve/fix mbedTLS detection (41594675 #1192 #1191) 135 |
- cmake: tidy-up `foreach()` syntax (4a64ca14 #1180) 136 |
- cmake: verify `libssh2_VERSION` in integration tests (a20572e9) 137 |
- cmake: show cmake versions in ci (87f5769b) 138 |
- cmake: quote more strings (e9c7d3af #1173) 139 |
- cmake: add `ExternalProject` integration test (aeaefaf6 #1171) 140 |
- cmake: add integration tests (8715c3d5 #1170) 141 |
- cmake: (re-)add aliases for `add_subdirectory()` builds (4ff64ae3 #1169) 142 |
- cmake: style tidy-up (3fa5282d #1166) 143 |
- cmake: add `LIB_NAME` variable (5453fc80 #1159) 144 |
- cmake: tidy-up concatenation in `CMAKE_MODULE_PATH` (ae7d5108 #1157) 145 |
- cmake: replace `libssh2` literals with `PROJECT_NAME` variable (72fd2595 #1152) 146 |
- cmake: fix `STREQUAL` check in error branch (42d3bf13 #1151) 147 |
- cmake: cache more config values on Windows (11a03690 #1142) 148 |
- cmake: streamline invocation (f58f77b5 #1138) 149 |
- cmake: merge `set_target_properties()` calls (a9091007 #1132) 150 |
- cmake: (re-)add zlib to `Libs.private` in `libssh2.pc` (64643018 #1131) 151 |
- cmake: use `wolfssl/options.h` for detection, like autotools (c5ec6c49 #1130) 152 |
- cmake: add openssl libs to `Libs.private` in `libssh2.pc` (5cfa59d3 #1127) 153 |
- cmake: bump minimum CMake version to v3.7.0 (9cd18f45 #1126) 154 |
- cmake: CMAKE_SOURCE_DIR -> PROJECT_SOURCE_DIR (0f396aa9 #1121) 155 |
- cmake: tidy-ups (2fc36790 #1122) 156 |
- cmake: re-add `Libssh2:libssh2` for compatibility + lowercase namespace (2da13c13 #1104 #731 #1103) 157 |
- copyright: remove years from copyright headers (187d89bb #1082) 158 |
- disable DSA by default (b7ab0faa #1435 #1433) 159 |
- docs: update `INSTALL_AUTOTOOLS` (2f0efde3 #1316) 160 |
- docs: replace SHA1 with SHA256 in CMake example (766bde9f) 161 |
- example: restore `sys/time.h` for AIX (24503cb9 #1340 #1335 #1334 #1001 regr: e53aae0e) 162 |
- example: use `libssh2_socket_t` in X11 example (3f60ccb7) 163 |
- example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (8d69e63d #1258 follow: 6c84a426) 164 |
- example: fix regression in `ssh2_exec.c` (279a2e57 #1106 #861 #846 #1105 regr: b13936bd) 165 |
- example, tests: call `WSACleanup()` for each `WSAStartup()` (94b6bad3 #1283) 166 |
- example, tests: fix/silence `-Wformat-truncation=2` gcc warnings (744e059f) 167 |
- hostkey: do not advertise ssh-rsa when SHA1 is disabled (82d1b8ff #1093 #1092) 168 |
- kex: prevent possible double free of hostkey (b3465418 #1452) 169 |
- kex: always check for null pointers before calling _libssh2_bn_set_word (9f23a3bb #1423) 170 |
- kex: fix a memory leak in key exchange (19101843 #1412 #1404) 171 |
- kex: always add extension indicators to kex_algorithms (00e2a07e #1327 #1326) 172 |
- libssh2.h: add deprecated function warnings (9839ebe5 #1289 #1260) 173 |
- libssh2.h: add portable `LIBSSH2_SOCKET_CLOSE()` macro (28dbf016 #1278) 174 |
- libssh2.h: use `_WIN32` for Windows detection instead of rolling our own (631e7734 #1238) 175 |
- libssh2.pc: reference mbedcrypto pkgconfig (c149a127 #1405) 176 |
- libssh2.pc: re-add & extend support for static-only libssh2 builds (624abe27 #1119 #1114) 177 |
- libssh2.pc: don't put `@LIBS@` in pc file (1209c16d) 178 |
- mac: add empty hash functions for `mac_method_hmac_aesgcm` to not crash when e.g. setting `LIBSSH2_METHOD_CRYPT_CS` (b2738391 #1321) 179 |
- mac: handle low-level errors (f64885b6 #1297) 180 |
- Makefile.mk: delete Windows-focused raw GNU Make build (43485579 #1204) 181 |
- maketgz: reproducible tarballs/zip, display tarball hashes (d52fe1b4 #1357 #1359) 182 |
- maketgz: `set -eu`, reproducibility, improve zip, add CI test (cba7f975 #1353) 183 |
- man: improve `libssh2_userauth_publickey_from*` manpages (581b72aa #1347 #1308 #652) 184 |
- man: fix double spaces and dash escaping (a3ffc422 #1210) 185 |
- man: add description to `libssh2_session_get_blocking.3` (67e39091 #1185) 186 |
- mbedtls: always init ECDSA mbedtls_pk_context (a50d7deb #1430) 187 |
- mbedtls: correctly initialize values (ECDSA) (1701d5c0 #1428 #1421) 188 |
- mbedtls: expose `mbedtls_pk_load_file()` for our use (1628f6ca #1421 #1393 #1349 follow: e973493f) 189 |
- mbedtls: add workaround + FIXME to build with 3.6.0 (2e4c5ec4 #1349) 190 |
- mbedtls: improve disabling `-Wredundant-decls` (ecec68a2 #1226 #1224) 191 |
- mbedtls: include `version.h` for `MBEDTLS_VERSION_NUMBER` (9d7bc253 #1095 #1094) 192 |
- mbedtls: use more `size_t` to sync up with `crypto.h` (1153ebde #1054 #879 #846 #1053) 193 |
- md5: allow disabling old-style encrypted private keys at build-time (eb9f9de2 #1181) 194 |
- mingw: fix printf mask for 64-bit integers (36c1e1d1 #1091 #876 #846 #1090) 195 |
- misc: flatten `_libssh2_explicit_zero` if tree (74e74288 #1149) 196 |
- NMakefile: delete (c515eed3 #1134 #1129) 197 |
- openssl: free allocated resources when using openssl3 (b942bad1 #1459) 198 |
- openssl: fix memory leaks in `_libssh2_ecdsa_curve_name_with_octal_new` and `_libssh2_ecdsa_verify` (8d3bc19b #1449) 199 |
- openssl: fix calculating DSA public key with OpenSSL 3 (8b3c6e9d #1380) 200 |
- openssl: initialize BIGNUMs to NULL in `gen_publickey_from_dsa` for OpenSSL 3 (f1133c75 #1320) 201 |
- openssl: fix cppcheck found NULL dereferences (f2945905 #1304) 202 |
- openssl: delete internal `read_openssh_private_key_from_memory()` (34aff5ff #1306) 203 |
- openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job (363dcbf4 #1243 #1235 #1207) 204 |
- openssl: make a function static, add `#ifdef` comments (efee9133 #1246 #248 follow: 03092292) 205 |
- openssl: fix DSA code to use OpenSSL 3 API (82581941 #1244 #1207) 206 |
- openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build (487152f4 #1236 #1235 #1207) 207 |
- openssl: use non-deprecated APIs with OpenSSL 3.x (b0ab005f #1207) 208 |
- openssl: silence `-Wunused-value` warnings (bf285500 #1205) 209 |
- openssl: use automatic initialization with LibreSSL 2.7.0+ (d79047c9 #1146 #302) 210 |
- openssl: add missing check for `LIBRESSL_VERSION_NUMBER` before use (4a42f42e #1117 #1115) 211 |
- os400: drop vsprintf() use (40e817ff #1462 #1457) 212 |
- os400: Add two recent files to the distribution (e4c65e5b #1364) 213 |
- os400: fix shellcheck warnings in scripts (fixups) (81341e1e #1366 #1364 #1358) 214 |
- os400: fix shellcheck warnings in scripts (c6625707 #1358) 215 |
- os400: maintain up to date (8457c37a #1309) 216 |
- packet: properly bounds check packet_authagent_open() (88a960a8 #1179) 217 |
- pem: fix private keys encrypted with AES-GCM methods (e87bdefa #1133) 218 |
- reuse: upgrade to `REUSE.toml` (70b8bf31 #1419) 219 |
- reuse: fix duplicate copyright warning (b9a4ed83) 220 |
- reuse: comply with 3.1 spec and 2.0.0 checker (fe6239a1 #1102 #1101 #1098) 221 |
- reuse: provide SPDX identifiers (f6aa31f4 #1084) 222 |
- scp: fix missing cast for targets without large file support (c317e06f #1060 #1057 #1002 regr: 5db836b2) 223 |
- session: support server banners up to 8192 bytes (was: 256) (1a9e8811 #1443 #1442) 224 |
- session: add `libssh2_session_callback_set2()` (c0f69548 #1285) 225 |
- session: handle EINTR from send/recv/poll/select to try again as the error is not fatal (798ed4a7 #1058 #955) 226 |
- sftp: increase SFTP_HANDLE_MAXLEN back to 4092 (75de6a37 #1422) 227 |
- sftp: implement posix-rename@openssh.com (fb652746 #1386) 228 |
- src: implement chacha20-poly1305@openssh.com (492bc543 #1426 #584) 229 |
- src: use `UINT32_MAX` (dc206408 #1413) 230 |
- src: fix type warning in `libssh2_sftp_unlink` macro (ac2e8c73 #1406) 231 |
- src: check the return value from `_libssh2_bn_*()` functions (95c824d5 #1354) 232 |
- src: support RSA-SHA2 cert-based authentication (rsa-sha2-512_cert and rsa-sha2-256_cert) (3a6ab70d #1314) 233 |
- src: check hash update/final success (4718ede4 #1303 #1301) 234 |
- src: check hash init success (2ed9eb92 #1301) 235 |
- src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" (d34d9258 #1291 #1290) 236 |
- src: disable `-Wsign-conversion` warnings, add option to re-enable (6e451669 #1284 #1257) 237 |
- src: fix gcc 13 `-Wconversion` warning on Darwin (8cca7b77 #1209 follow: 08354e0a) 238 |
- src: drop a redundant `#include` (1f0174d0 #1153) 239 |
- src: improve MSVC C4701 warning fix (8b924999 #1086 #876 #1083) 240 |
- src: bump `hash_len` to `size_t` in `LIBSSH2_HOSTKEY_METHOD` (8b917d76 #1076) 241 |
- src: bump DSA and ECDSA sign `hash_len` to `size_t` (7b8e0225 #1055) 242 |
- tests: avoid using `MAXPATHLEN`, for portability (12427f4f #1415 #198 #1414) 243 |
- tests: fix excluding AES-GCM tests (fbd9d192 #1410) 244 |
- tests: drop default cygpath option `-u` (38e50aa0) 245 |
- tests: fix shellcheck issues in `test_sshd.test` (a2ac8c55) 246 |
- tests: sync port number type with the rest of codebase (eb996af8) 247 |
- tests: fall back to `$LOGNAME` for username (5326a5ce #1241 #1240) 248 |
- tests: show cmake version used in integration tests (2cd2f40e #1201) 249 |
- tests: formatting and tidy-ups (e61987a3) 250 |
- tests: replace FIXME with comments (1a99a86a) 251 |
- tests: add aes256-gcm encrypted key test (802336cf #1135 #1133) 252 |
- tests: trap signals in scripts (b2916b28 #1098) 253 |
- tests: cast to avoid `-Wchar-subscripts` with Cygwin (43df6a46 #1081 #1080) 254 |
- test_read: make it run without Docker (57e9d18e #1139) 255 |
- test_sshd.test: show sshd and test connect logs on harness failure (299c2040 #1097) 256 |
- test_sshd.test: set a safe PID directory (e8cabdcf #1089) 257 |
- test_sshd.test: minor cleanups (d29eea1d) 258 |
- tidy-up: link updates (c905bfd2 #1434) 259 |
- tidy-up: typo in comment (792e1b6f) 260 |
- tidy-up: fix typo found by codespell (706ec36d) 261 |
- tidy-up: bump casts from int to long for large C99 types in printfs (2e5a8719 #1264 #1257) 262 |
- tidy-up: `unsigned` -> `unsigned int` (b136c379) 263 |
- tidy-up: stop using leading underscores in macro names (c6589b88 #1248) 264 |
- tidy-up: around `stdint.h` (bfa00f1b #1212) 265 |
- tidy-up: fix typo in `readme.vms` (a9a79e7a) 266 |
- tidy-up: use built-in `_WIN32` macro to detect Windows (6fbc9505 #1195) 267 |
- tidy-up: drop `www.` from `www.libssh2.org` (6e3e8839 #1172) 268 |
- tidy-up: delete duplicate word from comment (76307435) 269 |
- tidy-up: avoid exclamations, prefer single quotes, in outputs (003fb454 #1079) 270 |
- TODO: disable or drop weak algos (0b4bdc85 #1261) 271 |
- transport: fix unstable connections over non-blocking sockets (de004875 #1454 #720 #1431 #1397) 272 |
- transport: check ETM on remote end when receiving (bde10825 #1332 #1331) 273 |
- transport: fix incorrect byte offset in debug message (2388a3aa #1096) 274 |
- userauth: avoid oob with huge interactive kbd response (f3a85cad #1337) 275 |
- userauth: add a new structure to separate memory read and file read (63b4c20e #773) 276 |
- userauth: check whether `*key_method` is a NULL pointer instead of `key_method` (bec57c40) 277 |
- wincng: fix `DH_GEX_MAXGROUP` set higher than supported (48584671 #1372 #493) 278 |
- wincng: add to ci/GHA, add `./configure` option `--enable-ecdsa-wincng` (3f98bfb0 #1368 #1315) 279 |
- wincng: add ECDSA support for host and user authentication (3e723437 #1315) 280 |
- wincng: prefer `ULONG`/`DWORD` over `unsigned long` (186c1d63 #1165) 281 |
- wincng: tidy-ups (7bb669b5 #1164) 282 |
- wolfssl: drop header path hack (8ae1b2d7 #1439) 283 |
- wolfssl: fix `EVP_Cipher()` use with v5.6.0 and older (a5b0fac2 #1407 #1394 #797 #1299 #1020) 284 |
- wolfssl: bump version in upstream issue comment (5cab802c) 285 |
- wolfssl: require v5.4.0 for AES-GCM (260a721c #1411 #1299 #1020) 286 |
- wolfssl: enable debug logging in wolfSSL when compiled in (76e7a68a #1310) 287 |
292 | Enhancements and bugfixes 293 |
294 |
-
295 |
- Adds support for encrypt-then-mac (ETM) MACs 296 |
- Adds support for AES-GCM crypto protocols 297 |
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys 298 |
- Adds support for RSA certificate authentication 299 |
- Adds FIDO support with *_sk() functions 300 |
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends 301 |
- Adds Agent Forwarding and libssh2_agent_sign() 302 |
- Adds support for Channel Signal message libssh2_channel_signal_ex() 303 |
- Adds support to get the user auth banner message libssh2_userauth_banner() 304 |
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, 305 | AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options 306 |
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() 307 |
- Adds wolfSSL support to CMake file 308 |
- Adds mbedTLS 3.x support 309 |
- Adds LibreSSL 3.5 support 310 |
- Adds support for CMake "unity" builds 311 |
- Adds CMake support for building shared and static libs in a single pass 312 |
- Adds symbol hiding support to CMake 313 |
- Adds support for libssh2.rc for all build tools 314 |
- Adds .zip, .tar.xz and .tar.bz2 release tarballs 315 |
- Enables ed25519 key support for LibreSSL 3.7.0 or higher 316 |
- Improves OpenSSL 1.1 and 3 compatibility 317 |
- Now requires OpenSSL 1.0.2 or newer 318 |
- Now requires CMake 3.1 or newer 319 |
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs 320 |
- SFTP: No longer has a packet limit when reading a directory 321 |
- SFTP: now parses attribute extensions if they exist 322 |
- SFTP: no longer will busy loop if SFTP fails to initialize 323 |
- SFTP: now clear various errors as expected 324 |
- SFTP: no longer skips files if the line buffer is too small 325 |
- SCP: add option to not quote paths 326 |
- SCP: Enables 64-bit offset support unconditionally 327 |
- Now skips leading \r and \n characters in banner_receive() 328 |
- Enables secure memory zeroing with all build tools on all platforms 329 |
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive 330 |
- Speed up base64 encoding by 7x 331 |
- Assert if there is an attempt to write a value that is too large 332 |
- WinCNG: fix memory leak in _libssh2_dh_secret() 333 |
- Added protection against possible null pointer dereferences 334 |
- Agent now handles overly large comment lengths 335 |
- Now ensure KEX replies don't include extra bytes 336 |
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER 337 |
- Fixed possible buffer overflow in keyboard interactive code path 338 |
- Fixed overlapping memcpy() 339 |
- Fixed Windows UWP builds 340 |
- Fixed DLL import name 341 |
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows 342 |
- Support for building with gcc versions older than 8 343 |
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files 344 |
- Restores ANSI C89 compliance 345 |
- Enabled new compiler warnings and fixed/silenced them 346 |
- Improved error messages 347 |
- Now uses CIFuzz 348 |
- Numerous minor code improvements 349 |
- Improvements to CI builds 350 |
- Improvements to unit tests 351 |
- Improvements to doc files 352 |
- Improvements to example files 353 |
- Removed "old gex" build option 354 |
- Removed no-encryption/no-mac builds 355 |
- Removed support for NetWare and Watcom wmake build files 356 |
libssh2 1.10.0 GPG sig 362 |
363 | Enhancements and bugfixes 364 |
-
365 |
- adds agent forwarding support 366 |
- adds OpenSSH Agent support on Windows 367 |
- adds ECDSA key support using the Mbed TLS backend 368 |
- adds ECDSA cert authentication 369 |
- adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, 370 | diffie-hellman-group18-sha512 key exchanges 371 |
- adds support for PKIX key reading when using ed25519 with OpenSSL 372 |
- adds support for EWOULDBLOCK on VMS systems 373 |
- adds support for building with OpenSSL 3 374 |
- adds support for using FIPS mode in OpenSSL 375 |
- adds debug symbols when building with MSVC 376 |
- adds support for building on the 3DS 377 |
- adds unicode build support on Windows 378 |
- restores os400 building 379 |
- increases min, max and opt Diffie Hellman group values 380 |
- improves portiablity of the make file 381 |
- improves timeout behavior with 2FA keyboard auth 382 |
- various improvements to the Wincng backend 383 |
- fixes reading partial packet replies when using an agent 384 |
- fixes Diffie Hellman key exchange on Windows 1903+ builds 385 |
- fixes building tests with older versions of OpenSSL 386 |
- fixes possible multiple definition warnings 387 |
- fixes potential cast issues _libssh2_ecdsa_key_get_curve_type() 388 |
- fixes potential use after free if libssh2_init() is called twice 389 |
- improved linking when using Mbed TLS 390 |
- fixes call to libssh2_crypto_exit() if crypto hasn't been initialized 391 |
- fixes crash when loading public keys with no id 392 |
- fixes possible out of bounds read when exchanging keys 393 |
- fixes possible out of bounds read when reading packets 394 |
- fixes possible out of bounds read when opening an X11 connection 395 |
- fixes possible out of bounds read when ecdh host keys 396 |
- fixes possible hang when trying to read a disconnected socket 397 |
- fixes a crash when using the delayed compression option 398 |
- fixes read error with large known host entries 399 |
- fixes various warnings 400 |
- fixes various small memory leaks 401 |
- improved error handling, various detailed errors will now be reported 402 |
- builds are now using OSS-Fuzz 403 |
- builds now use autoreconf instead of a custom build script 404 |
- cmake now respects install directory 405 |
- improved CI backend 406 |
- updated HACKING-CRYPTO documentation 407 |
- use markdown file extensions 408 |
- improved unit tests 409 |
libssh2 1.9.0 GPG sig 415 |
416 | Enhancements and bugfixes 417 |
-
418 |
- adds ECDSA keys and host key support when using OpenSSL 419 |
- adds ED25519 key and host key support when using OpenSSL 1.1.1 420 |
- adds OpenSSH style key file reading 421 |
- adds AES CTR mode support when using WinCNG 422 |
- adds PEM passphrase protected file support for Libgcrypt and WinCNG 423 |
- adds SHA256 hostkey fingerprint 424 |
- adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() 425 |
- adds explicit zeroing of sensitive data in memory 426 |
- adds additional bounds checks to network buffer reads 427 |
- adds the ability to use the server default permissions when creating sftp directories 428 |
- adds support for building with OpenSSL no engine flag 429 |
- adds support for building with LibreSSL 430 |
- increased sftp packet size to 256k 431 |
- fixed oversized packet handling in sftp 432 |
- fixed building with OpenSSL 1.1 433 |
- fixed a possible crash if sftp stat gets an unexpected response 434 |
- fixed incorrect parsing of the KEX preference string value 435 |
- fixed conditional RSA and AES-CTR support 436 |
- fixed a small memory leak during the key exchange process 437 |
- fixed a possible memory leak of the ssh banner string 438 |
- fixed various small memory leaks in the backends 439 |
- fixed possible out of bounds read when parsing public keys from the server 440 |
- fixed possible out of bounds read when parsing invalid PEM files 441 |
- no longer null terminates the scp remote exec command 442 |
- now handle errors when diffie hellman key pair generation fails 443 |
- fixed compiling on Windows with the flag STDCALL=ON 444 |
- improved building instructions 445 |
- improved unit tests 446 |
libssh2 1.8.2 GPG sig 452 |
453 | Bug fixes: 454 |
-
455 |
- Fixed the misapplied userauth patch that broke 1.8.1 456 |
- moved the MAX size declarations from the public header 457 |
libssh2 1.8.1 GPG sig 463 |
464 | Bug fixes: 465 |
-
466 |
467 |
- fixed possible 468 | integer overflow when reading a specially crafted packet 469 | 470 |
- fixed possible 471 | integer overflow in userauth_keyboard_interactive with a number of 472 | extremely long prompt strings 473 | 474 |
- fixed possible 475 | integer overflow if the server sent an extremely large number of keyboard 476 | prompts 477 | 478 |
- fixed possible out 479 | of bounds read when processing a specially crafted packet 480 | 481 |
- fixed possible 482 | integer overflow when receiving a specially crafted exit signal message 483 | channel packet 484 | 485 |
- fixed possible out 486 | of bounds read when receiving a specially crafted exit status message 487 | channel packet 488 | 489 |
- fixed possible zero 490 | byte allocation when reading a specially crafted SFTP packet 491 | 492 |
- fixed possible out 493 | of bounds reads when processing specially crafted SFTP packets 494 | 495 |
- fixed possible out 496 | of bounds reads in _libssh2_packet_require(v) 497 |
libssh2 1.8.0 GPG sig 503 |
504 | Changes: 505 |
-
506 |
- added a basic dockerised test suite 507 |
- crypto: add support for the mbedTLS backend 508 |
-
512 |
- libgcrypt: fixed a NULL pointer dereference on OOM 513 |
- VMS: can't use %zd for off_t format 514 |
- VMS: update vms/libssh2_config.h 515 |
- windows: link with crypt32.lib 516 |
- libssh2_channel_open: spelling error fixed in channel error message 517 |
- msvc: fixed 14 compilation warnings 518 |
- tests: HAVE_NETINET_IN_H was not defined correctly 519 |
- openssl: add OpenSSL 1.1.0 compatibility 520 |
- cmake: Add CLEAR_MEMORY option, analogously to that for autoconf 521 |
- configure: make the --with-* options override the OpenSSL default 522 |
- libssh2_wait_socket: set err_msg on errors 523 |
- libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds 524 |
libssh2 1.7.0 GPG sig 530 |
531 | Changes: 532 |
-
533 |
- libssh2_session_set_last_error: Add function 534 |
- mac: Add support for HMAC-SHA-256 and HMAC-SHA-512 535 |
- WinCNG: support for SHA256/512 HMAC 536 |
- kex: Added diffie-hellman-group-exchange-sha256 support 537 |
- OS/400 crypto library QC3 support 538 |
-
541 |
- diffie_hellman_sha256: convert bytes to bits 542 | CVE-2016-0787 543 |
- SFTP: Increase speed and datasize in SFTP read 544 |
- openssl: make libssh2_sha1 return error code 545 |
- openssl: fix memleak in _libssh2_dsa_sha1_verify() 546 |
- cmake: include CMake files in the release tarballs 547 |
- Fix builds with Visual Studio 2015 548 |
- hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined 549 |
- GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS 550 |
- GNUmakefile: add -m64 CFLAGS when targeting mingw64 551 |
- kex: free server host key before allocating it (again) 552 |
- SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows 553 |
- channel: Detect bad usage of libssh2_channel_process_startup 554 |
- userauth: Fix off by one error when reading public key file 555 |
- kex: removed dupe entry from libssh2_kex_methods 556 |
- _libssh2_error: Support allocating the error message 557 |
- hostkey: fix invalid memory access if libssh2_dsa_new fails 558 |
- hostkey: align code path of ssh_rsa_init to ssh_dss_init 559 |
- libssh2.pc.in: fix the output of pkg-config --libs 560 |
- wincng: fixed possible memory leak in _libssh2_wincng_hash 561 |
- wincng: fixed _libssh2_wincng_hash_final return value 562 |
- add OpenSSL 1.1.0-pre2 compatibility 563 |
- agent_disconnect_unix: unset the agent fd after closing it 564 |
- sftp: stop reading when buffer is full 565 |
- sftp: Send at least one read request before reading 566 |
- sftp: Don't return EAGAIN if data was written to buffer 567 |
- sftp: Check read packet file offset 568 |
- configure: build "silent" if possible 569 |
- openssl: add OpenSSL 1.1.0-pre3-dev compatibility 570 |
- GNUmakefile: list system libs after user libs 571 |
libssh2 1.6.0 GPG sig 577 |
578 | Changes: 579 |
-
580 |
- Added CMake build system 581 |
- Added libssh2_userauth_publickey_frommemory() 582 |
584 | Bug fixes: 585 |
-
586 |
- wait_socket: wrong use of difftime() 587 |
- userauth: Fixed prompt text no longer being copied to the prompts struct 588 |
- mingw build: allow to pass custom CFLAGS 589 |
- Let mansyntax.sh work regardless of where it is called from 590 |
- Init HMAC_CTX before using it 591 |
- direct_tcpip: Fixed channel write 592 |
- WinCNG: fixed backend breakage 593 |
- OpenSSL: caused by introducing libssh2_hmac_ctx_init 594 |
- userauth.c: fix possible dereferences of a null pointer 595 |
- wincng: Added explicit clear memory feature to WinCNG backend 596 |
- openssl.c: fix possible segfault in case EVP_DigestInit fails 597 |
- wincng: fix return code of libssh2_md5_init() 598 |
- kex: do not ignore failure of libssh2_sha1_init() 599 |
- scp: fix that scp_send may transmit not initialised memory 600 |
- scp.c: improved command length calculation 601 |
- nonblocking examples: fix warning about unused tvdiff on Mac OS X 602 |
- configure: make clear-memory default but WARN if backend unsupported 603 |
- OpenSSL: Enable use of OpenSSL that doesn't have DSA 604 |
- OpenSSL: Use correct no-blowfish #define 605 |
- kex: fix libgcrypt memory leaks of bignum 606 |
- libssh2_channel_open: more detailed error message 607 |
- wincng: fixed memleak in (block) cipher destructor 608 |
libssh2 1.5.0 GPG sig 614 |
615 | Changes: 616 |
-
617 |
- Added Windows Cryptography API: Next Generation based backend 618 |
620 | Bug fixes: 621 |
-
622 |
- Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782 623 |
- missing _libssh2_error in _libssh2_channel_write 624 |
- knownhost: Fix DSS keys being detected as unknown. 625 |
- knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer. 626 |
- libssh2.h: on Windows, a socket is of type SOCKET, not int 627 |
- libssh2_priv.h: a 1 bit bit-field should be unsigned 628 |
- windows build: do not export externals from static library 629 |
- Fixed two potential use-after-frees of the payload buffer 630 |
- Fixed a few memory leaks in error paths 631 |
- userauth: Fixed an attempt to free from stack on error 632 |
- agent_list_identities: Fixed memory leak on OOM 633 |
- knownhosts: Abort if the hosts buffer is too small 634 |
- sftp_close_handle: ensure the handle is always closed 635 |
- channel_close: Close the channel even in the case of errors 636 |
- docs: added missing libssh2_session_handshake.3 file 637 |
- docs: fixed a bunch of typos 638 |
- userauth_password: pass on the underlying error code 639 |
- _libssh2_channel_forward_cancel: accessed struct after free 640 |
- _libssh2_packet_add: avoid using uninitialized memory 641 |
- _libssh2_channel_forward_cancel: avoid memory leaks on error 642 |
- _libssh2_channel_write: client spins on write when window full 643 |
- windows build: fix build errors 644 |
- publickey_packet_receive: avoid junk in returned pointers 645 |
- channel_receive_window_adjust: store windows size always 646 |
- userauth_hostbased_fromfile: zero assign to avoid uninitialized use 647 |
- configure: change LIBS not LDFLAGS when checking for libs 648 |
- agent_connect_unix: make sure there's a trailing zero 649 |
- MinGW build: Fixed redefine warnings. 650 |
- sftpdir.c: added authentication method detection. 651 |
- Watcom build: added support for WinCNG build. 652 |
- configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS 653 |
- sftp_statvfs: fix for servers not supporting statfvs extension 654 |
- knownhost.c: use LIBSSH2_FREE macro instead of free 655 |
- Fixed compilation using mingw-w64 656 |
- knownhost.c: fixed that 'key_type_len' may be used uninitialized 657 |
- configure: Display individual crypto backends on separate lines 658 |
- examples on Windows: check for WSAStartup return code 659 |
- examples on Windows: check for socket return code 660 |
- agent.c: check return code of MapViewOfFile 661 |
- kex.c: fix possible NULL pointer de-reference with session->kex 662 |
- packet.c: fix possible NULL pointer de-reference within listen_state 663 |
- tests on Windows: check for WSAStartup return code 664 |
- userauth.c: improve readability and clarity of for-loops 665 |
- examples on Windows: use native SOCKET-type instead of int 666 |
- packet.c: i < 256 was always true and i would overflow to 0 667 |
- kex.c: make sure mlist is not set to NULL 668 |
- session.c: check return value of session_nonblock in debug mode 669 |
- session.c: check return value of session_nonblock during startup 670 |
- userauth.c: make sure that sp_len is positive and avoid overflows 671 |
- knownhost.c: fix use of uninitialized argument variable wrote 672 |
- openssl: initialise the digest context before calling EVP_DigestInit() 673 |
- libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET 674 |
- configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib 675 |
- configure.ac: Rework crypto library detection 676 |
- configure.ac: Reorder --with-* options in --help output 677 |
- configure.ac: Call zlib zlib and not libz in text but keep option names 678 |
- Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro 679 |
- sftp: seek: Don't flush buffers on same offset 680 |
- sftp: statvfs: Along error path, reset the correct 'state' variable. 681 |
- sftp: Add support for fsync (OpenSSH extension). 682 |
- _libssh2_channel_read: fix data drop when out of window 683 |
- comp_method_zlib_decomp: Improve buffer growing algorithm 684 |
- _libssh2_channel_read: Honour window_size_initial 685 |
- window_size: redid window handling for flow control reasons 686 |
- knownhosts: handle unknown key types 687 |
libssh2 1.4.3 GPG sig (685712 bytes) 693 |
694 | Changes: 695 |
-
696 |
- compression: add support for zlib@openssh.com 697 |
699 | Bug fixes: 700 |
-
701 |
- sftp_read: return error if a too large package arrives 702 |
- libssh2_hostkey_hash.3: update the description of return value 703 |
- Fixed MSVC NMakefile 704 |
- examples: use stderr for messages, stdout for data 705 |
- openssl: do not leak memory when handling errors 706 |
- improved handling of disabled MD5 algorithm in OpenSSL 707 |
- known_hosts: Fail when parsing unknown keys in known_hosts file 708 |
- configure: gcrypt doesn't come with pkg-config support 709 |
- session_free: wrong variable used for keeping state 710 |
- libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL 711 |
- comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating 712 |
libssh2 1.4.2 GPG sig (679992 bytes) 718 |
719 | Bug fixes: 720 |
-
721 |
- Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner 722 |
- userauth.c: fread() from public key file to correctly detect any errors 723 |
- configure.ac: Add option to disable build of the example applications 724 |
- Added 'Requires.private:' line to libssh2.pc 725 |
- SFTP: filter off incoming "zombie" responses 726 |
- gettimeofday: no need for a replacement under cygwin 727 |
- SSH_MSG_CHANNEL_REQUEST: default to want_reply 728 |
- win32/libssh2_config.h: Remove hardcoded #define LIBSSH2_HAVE_ZLIB 729 |
libssh2 1.4.1 GPG sig (658507 bytes) 735 |
736 | Bug fixes: 737 |
-
738 |
- build error with gcrypt backend 739 |
- always do "forced" window updates to avoid corner case stalls 740 |
- aes: the init function fails when OpenSSL has AES support 741 |
- transport_send: Finish in-progress key exchange before sending data 742 |
- channel_write: acknowledge transport errors 743 |
- examples/x11.c: Make sure sizeof passed to read operation is correct 744 |
- examples/x11.c:,Fix suspicious sizeof usage 745 |
- sftp_packet_add: verify the packet before accepting it 746 |
- SFTP: preserve the original error code more 747 |
- sftp_packet_read: adjust window size as necessary 748 |
- Use safer snprintf rather then sprintf in several places 749 |
- Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET 750 |
- sftp_write: cannot return acked data *and* EAGAIN 751 |
- sftp_read: avoid data *and* EAGAIN 752 |
- libssh2.h: Add missing prototype for libssh2_session_banner_set() 753 |
libssh2 1.4.0 GPG sig (653514 bytes) 759 |
760 | Changes: 761 |
-
762 |
- Added libssh2_session_supported_algs() 763 |
- Added libssh2_session_banner_get() 764 |
- Added libssh2_sftp_get_channel() 765 |
- libssh2.h: bump the default window size to 256K 766 |
768 | Bug fixes: 769 |
-
770 |
- sftp-seek: clear EOF flag 771 |
- userauth: Provide more information if ssh pub key extraction fails 772 |
- ssh2_exec: skip error outputs for EAGAIN 773 |
- LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 774 |
- knownhost_check(): Don't dereference ext if NULL is passed 775 |
- knownhost_add: Avoid dereferencing uninitialized memory on error path 776 |
- OpenSSL EVP: fix threaded use of structs 777 |
- _libssh2_channel_read: react on errors from receive_window_adjust 778 |
- sftp_read: cap the read ahead maximum amount 779 |
- _libssh2_channel_read: fix non-blocking window adjusting 780 |
libssh2 1.3.0 GPG sig (639262 bytes) 786 |
787 | Changes: 788 |
-
789 |
- Added custom callbacks for performing low level socket I/O 790 |
792 | Bug fixes: 793 |
-
794 |
- sftp_read: advance offset correctly for buffered copies 795 |
- libssh2_sftp_seek64: flush packetlist and buffered data 796 |
- _libssh2_packet_add: adjust window size when truncating 797 |
- sftp_read: a short read is not end of file 798 |
libssh2 1.2.9 GPG sig (642150 bytes) 804 |
805 | Changes: 806 |
-
807 |
- Added libssh2_session_set_timeout() and libssh2_session_get_timeout() 808 | to make blocking calls get a timeout 809 |
811 | Bug fixes: 812 |
-
813 |
- configure and pkg-config: fix $VERSION 814 |
- s/\.NF/.nf/ to fix wrong macro name caught by man --warnings 815 |
- keepalive: add first basic man pages 816 |
- sftp_write: flush the packetlist on error 817 |
- sftp_write: clean offsets on error 818 |
- msvcproj: added libs and debug stuff 819 |
- SCP: fix incorrect error code 820 |
- session_startup: init state properly 821 |
- sftp_write_sliding: send the complete file 822 |
- userauth_keyboard_interactive: skip code on zero length auth 823 |
- _libssh2_wait_socket: fix timeouts for poll() uses 824 |
- agent_list_identities: fix out of scope access 825 |
- _libssh2_recv(): handle ENOENT error as EAGAIN 826 |
- userauth_keyboard_interactive: fix buffer overflow 827 |
- removed man pages for non-existing functions! 828 |
- gettimeofday: fix name space pollution 829 |
- _libssh2_channel_write: handle window_size == 0 better 830 |
libssh2 1.2.8 GPG sig (637707 bytes) 836 |
837 | Changes: 838 |
-
839 |
- added libssh2_free, libssh2_channel_get_exit_signal and 840 | libssh2_session_handshake 841 |
- SFTP read/write remade and now MUCH faster, especially on high latency 842 | connections 843 |
- added new examples: ssh2_echo.c, sftp_append.c and sftp_write_sliding.c 844 |
- userauth: derive publickey from private 845 |
- NEWS: now generated from git 846 |
848 | Bug fixes: 849 |
-
850 |
- Support unlimited number of host names in a single line of the 851 | known_hosts file. 852 |
- fix memory leak in userauth_keyboard_interactive() 853 |
- fix memory leaks (two times cipher_data) for each sftp session 854 |
- session_startup: manage server data before server identification 855 |
- SCP: allow file names with bytes > 126 856 |
- scp_recv: improved treatment of channel_read() returning zero 857 |
- libssh2_userauth_authenticated: make it work as documented 858 |
- variable size cleanup: match internal variable sizes better with the sizes 859 | of the fields used on the wire 860 |
- channel_request_pty_size: fix reqPTY_state 861 |
- sftp_symlink: return error if receive buffer too small 862 |
- sftp_readdir: return error if buffer is too small 863 |
- libssh2_knownhost_readfile.3: clarify return value 864 |
- configure: stop using the deprecated AM_INIT_AUTOMAKE syntax 865 |
- Fixed Win32 makefile which was now broken at resource build 866 |
- kex_agree_hostkey: fix NULL pointer dereference 867 |
- _libssh2_ntohu64: fix conversion from network bytes to uint64 868 |
- ssize_t: proper typedef with MSVC compilers 869 |
- zlib: Add debug tracing of zlib errors 870 |
- decomp: increase decompression buffer sizes 871 |
libssh2 1.2.7 GPG sig (583105 bytes) 877 |
878 | Changes: 879 |
-
880 |
- Added Watcom makefile 881 |
883 | Bug fixes: 884 |
-
885 |
- Better handling of invalid key files 886 |
- inputchecks: make lots of API functions check for NULL pointers 887 |
- libssh2_session_callback_set: extended the man page 888 |
- SFTP: limit write() to not produce overly large packets 889 |
- agent: make libssh2_agent_userauth() work blocking properly 890 |
- _libssh2_userauth_publickey: reject method names longer than the data 891 |
- channel_free: ignore problems with channel_close() 892 |
- typedef: make ssize_t get typedef without LIBSSH2_WIN32 893 |
- _libssh2_wait_socket: poll needs milliseconds 894 |
- libssh2_wait_socket: reset error code to "leak" EAGAIN less 895 |
- Added include for sys/select.h to get fd.set on some platforms 896 |
- session_free: free more data to avoid memory leaks 897 |
- openssl: make use of the EVP interface 898 |
- Fix underscore typo for 64-bit printf format specifiers on Windows 899 |
- Make libssh2_debug() create a correctly terminated string 900 |
- userauth_hostbased_fromfile: packet length too short 901 |
- handshake: Compression enabled at the wrong time 902 |
- Don't overflow MD5 server hostkey 903 |
libssh2 1.2.6 GPG sig (579590 bytes) 909 |
910 | Changes: 911 |
-
912 |
- Added libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs() 913 |
- Added libssh2_knownhost_checkp() 914 |
- Added libssh2_scp_send64() 915 |
917 | Bug fixes: 918 |
-
919 |
- wait_socket: make c89 compliant and use two fd_sets for select() 920 |
- OpenSSL AES-128-CTR detection 921 |
- proper keyboard-interactive user dialog in the sftp.c example 922 |
- build procedure for VMS 923 |
- fixed libssh2.dsw to use the generated libssh2.dsp 924 |
- several Windows-related build fixes 925 |
- fail to init SFTP if session isn't already authenticated 926 |
- many tiny fixes that address clang-analyzer warnings 927 |
- sftp_open: deal with short channel_write calls 928 |
- libssh2_publickey_init: fixed to work better non-blocking 929 |
- sftp_close_handle: add precation to not access NULL pointer 930 |
- sftp_readdir: simplified and bugfixed 931 |
- channel_write: if data has been sent, don't return EAGAIN 932 |
libssh2 1.2.5 GPG sig (559553 bytes) 938 |
939 | Changes: 940 |
-
941 |
- Added Add keep-alive support: libssh2_keepalive_config() and 942 | libssh2_keepalive_send() 943 |
- Added libssh2_knownhost_addc(), libssh2_init() and libssh2_exit() 944 |
- Added LIBSSH2_SFTP_S_IS***() macros 945 |
947 | Bug fixes: 948 |
-
949 |
- fix memory leak in libssh2_session_startup() 950 |
- added missing error codes - shown as hangs in blocking mode 951 |
- fix memory leak in userauth_keyboard_interactive() 952 |
- libssh2_knownhost_del: fix write to freed memory 953 |
- Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE 954 |
- Use AES-CTR from OpenSSL when available 955 |
- Fixed gettimeofday to compile with Visual C++ 6 956 |
- NULL dereference when window adjusting a non-existing channel 957 |
- avoid using poll on interix and mac os x systems 958 |
- fix scp memory leak 959 |
- Correctly clear blocking flag after sending multipart packet 960 |
- Reduce used window sizes by factor 10 961 |
- libssh2_userauth_publickey_fromfile_ex() handles a NULL password 962 |
- sftp_init() deal with _libssh2_channel_write() short returns 963 |
libssh2 1.2.4 GPG sig (547675 bytes) 969 |
970 | Bug fixes: 971 |
-
972 |
- Resolve compile issues on Solaris x64 and UltraSPARC 973 |
- Allow compiling with OpenSSL when AES isn't available 974 |
- Fix Tru64 socklen_t compile issue with example/direct_tcpip.c 975 |
libssh2 1.2.3 GPG sig (547652 bytes) 981 |
982 | Changes: 983 |
-
984 |
- ssh-agent support with the new libssh2_agent_* functions 985 |
- Added libssh2_trace_sethandler() 986 |
- Added the direct_tcpip.c and ssh2_agent.c examples 987 |
989 | Bug fixes: 990 |
-
991 |
- Fixed memory leak in userauth_publickey 992 |
- Fixed publickey authentication regression 993 |
- Silenced several compiler warnings 994 |
- avoid returning data to memory already freed 995 |
- transport layer fix for bogus -39 (LIBSSH2_ERROR_BAD_USE) errors 996 |
- Fixed padding in ssh-dss signature blob encoding 997 |
- Fixed direction blocking flag problems 998 |
- Fixed memory leak in sftp_fstat() 999 |
libssh2 1.2.2 GPG sig (535430 bytes) 1005 |
1006 | Changes: 1007 |
-
1008 |
- Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers 1009 |
- Support for the "arcfour128" cipher 1010 |
1012 | Bug fixes: 1013 |
-
1014 |
- Fix crash when server sends an invalid SSH_MSG_IGNORE message 1015 |
libssh2 1.2.1 GPG sig (533302 bytes) 1021 |
1022 | Changes: 1023 |
-
1024 |
- generate and install libssh2.pc 1025 |
1027 | Bug fixes: 1028 |
-
1029 |
- proper return codes returned from several functions 1030 |
- return EAGAIN internal cleanup 1031 |
- added knownhost.c to windows makefiles 1032 |
- pass private-key to OpenSSL as a filename with BIO_new_file(). 1033 |
- make libssh2_scp_send/recv do blocking mode correctly 1034 |
- libssh2_channel_wait_closed() could hang 1035 |
- libssh2_channel_read_ex() must return 0 when closed 1036 |
- added gettimeofday() function for win32 for the debug trace outputs 1037 |
- transport layer bug causing invalid -39 (LIBSSH2_ERROR_BAD_USE) errors 1038 |
- scp examples now loop correctly over libssh2_channel_write() 1039 |
libssh2 1.2 GPG sig (532299 bytes) 1046 |
1047 | Changes: 1048 |
-
1049 |
- we've switched to using git for source code control 1050 |
- the libssh2-devel mailing list moved to cool.haxx.se< 1051 |
- libssh2_poll() and libssh2_poll_channel_read() are now deprecated 1052 |
- a range of libssh2_knownhost_*() functions were added to the API to work 1053 | with OpenSSH style known_hosts files etc 1054 |
- added libssh2_session_hostkey() 1055 |
- added an X11 forwarding example 1056 |
- the makefile now generate MSVS project files 1057 |
1059 | Bug fixes: 1060 |
-
1061 |
- bad 0-return from libssh2_channel_read 1062 |
- failure to "drain" the transport data caused badness 1063 |
- memory leak in libssh2_sftp_shutdown() 1064 |
- fixed stroll() #if condition 1065 |
- build thread-safe on Solaris 1066 |
- error when including libssh2.h in two files on Windows fixed 1067 |
- custom memory function extra argument was wrong 1068 |
- transport now checks for and bail out on packets claing to be zero sized 1069 |
- fixed a number of compiler warnings 1070 |
- buildconf runs on Mac OS X 1071 |
- public headers includable on their own 1072 |
- bad debugdump() caused SIGSEGV at times (when libssh2_trace() was used) 1073 |
- possible data loss when send_existing() failed to send its buffer 1074 |
- passing FILE*s across DLL boundaries (OpenSSL) caused crashes on Windows 1075 |
libssh2 1.1 GPG sig 1082 | 1083 |
-
1084 |
- Downloads using SCP or SFTP are now significantly faster 1085 |
- Added a Libtool -export-symbols-regex flag to reduce the number of 1086 | exported symbols in shared libraries. 1087 |
- Added a bunch of new man pages and renamed some of the previous ones 1088 |
- Enhanced download performance 1089 |
- Made libssh2_scp_recv() and libssh2_scp_send() deal with spaces in 1090 | filenames 1091 |
- Fixed the bad randomness and off-by-one in libssh2_channel_x11_req_ex() 1092 |
- Added libssh2_version() 1093 |
- Fixed libssh2_channel_direct_tcpip_ex() to not fail when called a second 1094 | time 1095 |
- Fixed libssh2_channel_write_ex problems in blocking situations 1096 |
- 'make check' runs fine on cygwin 1097 |
- Added libssh2_channel_receive_window_adjust2() and deprecated 1098 | libssh2_channel_receive_window_adjust() 1099 |
- better socket error handling internally on win32 1100 |
- libssh2 now always set the socket non-blocking internally and deals with 1101 | the interface as blocking or non-blocking set by 1102 | libssh2_session_set_blocking. 1103 |
8 | TITLE(libssh2 Source Code Activity) 9 | BOXTOP 10 | 11 | Since we switched to git, this hasn't been made to work yet! 12 | 13 | BOXBOT 14 | 15 | #include "footer.t" 16 | -------------------------------------------------------------------------------- /date.pm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libssh2/www/7f64f822399de8074c94ba3cf7fc9dd4dce861dd/date.pm -------------------------------------------------------------------------------- /docmake.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | all=docs/libssh2*.3 4 | 5 | out="doc.mk" 6 | 7 | nopath=`echo $all | sed -e 's:docs/::g'` 8 | 9 | html=`echo $nopath | sed -e 's/\.3/.html/g'` 10 | allraw=`echo $nopath | sed -e 's/\.3/.raw/g'` 11 | 12 | echo "all: $html" > $out 13 | echo "" >> $out 14 | 15 | for i in $nopath; do 16 | 17 | h=`echo $i | sed -e 's/\.3/.html/g'` 18 | raw=`echo $i | sed -e 's/\.3/.raw/g'` 19 | f=`echo $i | sed 's/\.3//g'` 20 | echo "$h: func.t $raw \$(MAINPARTS)" >> $out 21 | echo " \$(FCPP) \$(OPTS) -Dfunc=$f -Ddocs_$f -Dfuncinc=\\\"$raw\\\" \$< \$@" >> $out 22 | echo "" >> $out 23 | echo "$raw: docs/$i" >> $out 24 | echo " \$(MAN2HTML) < \$< >\$@" >> $out 25 | echo "" >> $out 26 | done 27 | 28 | echo "clean:" >> $out 29 | echo " rm -f $html $allraw" >> $out 30 | 31 | allfuncs=`echo $nopath | sed -e 's/\.3//g'` 32 | 33 | newd=docmenu-new.t 34 | echo '
' >> $newd 46 | 47 | if { cmp -s $newd docmenu.t >/dev/null; } then 48 | echo "same" >/dev/null 49 | else 50 | # echo "diff" 51 | mv $newd docmenu.t 52 | fi 53 | -------------------------------------------------------------------------------- /docs.t: -------------------------------------------------------------------------------- 1 | #include "doctype.t" 2 | #include "setup.t" 3 | 4 |15 | TITLE(libssh2 docs) 16 | BOXTOP 17 | 18 |
|
19 | 20 | The libssh2 offers a large amount of functions and this is an attempt to 21 | provide HTML versions of the man pages present in the source tree. These pages 22 | are updated automatically from the source code repository. 23 | 24 | 25 | Select page in the menu to the right. 26 | 27 | 28 | The functions are grouped into different subsystems: 29 |
38 | There is also a small collection of examples and 39 | we're always open for adding more! 40 | 41 | | 42 | #include "docmenu.t" 43 | |
| 16 | #include "%rawfile%" 17 | | 18 | SUBTITLE(All Examples) 19 | 20 | #include "allex.t" 21 | |
23 | You will also find all examples in the distribution archive, in the 24 | example directory. 25 | BOXBOT 26 | 27 | #include "footer.t" 28 | -------------------------------------------------------------------------------- /examples/index.t: -------------------------------------------------------------------------------- 1 | #include "doctype.t" 2 | #include "setup.t" 3 |
4 |15 | TITLE(libssh2 examples) 16 | BOXTOP 17 |
|
18 | 19 | Welcome to the examples section of the web site. This displays online versions 20 | of all the examples already present in the example 22 | directory of the release tarballs. 23 | 24 | 25 | If you end up writing any suitable examples yourself, please send them over 26 | and help us expand this section! 27 | 28 | | 29 | SUBTITLE(All Examples) 30 | 31 | #include "allex.t" 32 | |
$2$3\n";
57 | }
58 |
59 | # replace backslashes
60 | $l =~ s/\\\n/\\ \n/g;
61 |
62 | if($l eq "\n") {
63 | print ET " \n";
64 | }
65 | else {
66 | print ET $l;
67 | }
68 | if($_ =~ /^<\/PRE/) {
69 | $show = 0;
70 | }
71 | }
72 | }
73 | close(ET);
74 | close(CMD);
75 |
76 | push @htmlfiles, $htmlfile;
77 | push @basefiles, $base;
78 |
79 | push @mak, "$htmlfile: $rawfile \$(MAINPARTS)\n\t\$(ACTION)\n\n";
80 |
81 | push @mak, "$rawfile: $dir/$cfile\n\tperl mkexam.pl\n\n";
82 | }
83 |
84 | open(MAK, ">Makefile.exhtml");
85 | print MAK "EXAMPLES = ";
86 | for my $f(@htmlfiles) {
87 | print MAK "$f ";
88 | }
89 | print MAK "\n";
90 | close(MAK);
91 |
92 | open(MAK, ">Makefile.examples");
93 | print MAK @mak;
94 | close(MAK);
95 |
96 | open(EX, ">allex.t");
97 | for my $b (sort @basefiles) {
98 | printf EX "%s.c
", $b, $b;
99 | }
100 | print EX "\n";
101 | close(EX);
102 |
--------------------------------------------------------------------------------
/footer.t:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/func.t:
--------------------------------------------------------------------------------
1 | #include "doctype.t"
2 |
3 | func()
4 | #include "css.t"
5 | #include "manpage.t"
6 |
7 | #include "body.t"
8 | #include "setup.t"
9 | #include "menu.t"
10 | TITLE(func)
11 | BOXTOP
12 | | 13 | #include funcinc 14 | | 15 | #include "docmenu.t" 16 | |
the SSH library
10 | TITLE(libssh2) 11 | BOXTOP 12 |
13 |
15 |
17 | SUBTITLE(Capabilities and Features) 18 |
-
19 |
- Key Exchange Methods: diffie-hellman-group-exchange-sha256, 20 | diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 21 |
- Hostkey Types: ssh-ed25519, ssh-ed25519-cert-v01@openssh.com, ecdsa-sha2-nistp521, ecdsa-sha2-nistp384, ecdsa-sha2-nistp256, 22 | ssh-rsa, ssh-dss 23 |
- Ciphers: aes256-gcm@openssh.com, aes128-gcm@openssh.com, 24 | aes256-ctr, aes192-ctr, aes128-ctr, 25 | aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 26 | 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, arcfour128 27 |
- Compression Schemes: zlib, zlib@openssh.com, none 28 |
- MAC hashes: hmac-sha2-512, hmac-sha2-512-etm@openssh.com, hmac-sha2-256, hmac-sha2-256-etm@openssh.com, 29 | hmac-sha1, hmac-sha1-96, 30 | hmac-md5, hmac-md5-96, hmac-ripemd160 (hmac-ripemd160@openssh.com) 31 |
- Authentication: none, password, public-key, hostbased, 32 | keyboard-interactive 33 |
- Channels: shell, exec (incl. SCP wrapper), direct-tcpip, subsystem 34 |
- Global Requests: tcpip-forward 35 |
- Channel Requests: x11, pty, exit-signal, keepalive@openssh.com 36 |
- Subsystems: sftp(version 3), publickey(version 2) 37 |
- SFTP: statvfs@openssh.com, fstatvfs@openssh.com 38 |
- Thread-safe: just do not share handles simultaneously 39 |
- Non-blocking: it can be used both blocking and non-blocking 40 |
- Your sockets: the app hands over the socket, calls select() etc. 41 |
- Crypto backends: OpenSSL, libgcrypt, mbedTLS, wolfSSL or WinCNG (native since Windows Vista): builds with either 42 |
46 |
-
47 | libssh2 1.11.1, released on 2024-10-16. Changelog
49 |
50 |
| libssh2-1.11.1.tar.gz | [gpg] |
| 53 | libssh2-1.11.1.tar.bz2 | [gpg] |
| 55 | libssh2-1.11.1.tar.xz | [gpg] 56 | |
| 58 | libssh2-1.11.1.zip | [gpg] 59 | |
65 |
| 71 | 76 | |
80 |
-
81 |
82 |
- mail: The main place to take issues, discuss development or ask 83 | about how to use libssh2 is the libssh2-devel mailing 84 | list. 85 | 86 |
- Bugs: github issue tracker 87 | 88 |
93 | 94 |
-
95 |
- The libssh2-devel 97 | mailing list 98 | 99 |
4 |
the libssh2 team
5 |