Subject: CVS commit: pkgsrc/security/libssh2
From: Thomas Klausner
Date: 2016-10-31 17:18:02
Message id:

Log Message:
Updated libssh2 to 1.8.0.

Version 1.8.0 (25 Oct 2016)

Daniel Stenberg (25 Oct 2016)
- RELEASE-NOTES: adjusted for 1.8.0

Kamil Dudka (20 Oct 2016)
- Revert "aes: the init function fails when OpenSSL has AES support"

  This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864
  because it caused the compatibility code to call initialization routines
  redundantly, leading to memory leakage with OpenSSL 1.1 and broken curl
  test-suite in Fedora:

  88 bytes in 1 blocks are definitely lost in loss record 5 of 8
     at 0x4C2DB8D: malloc (vg_replace_malloc.c:299)
     by 0x72C607D: CRYPTO_zalloc (mem.c:100)
     by 0x72A2480: EVP_CIPHER_meth_new (cmeth_lib.c:18)
     by 0x4E5A550: make_ctr_evp.isra.0 (openssl.c:407)
     by 0x4E5A8E8: _libssh2_init_aes_ctr (openssl.c:471)
     by 0x4E5BB5A: libssh2_init (global.c:49)

Daniel Stenberg (19 Oct 2016)
- [Charles Collicutt brought this change]

  libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds (#134)

  Fixes #74

- [Charles Collicutt brought this change]

  Set err_msg on _libssh2_wait_socket errors (#135)

- Revert "travis: Test mbedtls too"

  This reverts commit 3e6de50a24815e72ec5597947f1831f6083b7da8.

  Travis doesn't seem to support the mbedtls-dev package

- maketgz: support "only" to only update version number locally

  and fix the date output locale

- configure: make the --with-* options override the OpenSSL default

  ... previously it would default to OpenSSL even with the --with-[crypto]
  options used unless you specificly disabled OpenSSL. Now, enabling another
  backend will automatically disable OpenSSL if the other one is found.

- [Keno Fischer brought this change]

  docs: Add documentation on new cmake/configure options

- [Keno Fischer brought this change]

  configure: Add support for building with mbedtls

- [wildart brought this change]

  travis: Test mbedtls too

- [wildart brought this change]

  crypto: add support for the mbedTLS backend

  Closes #132

- [wildart brought this change]

  cmake: Add CLEAR_MEMORY option, analogously to that for autoconf

- fix link typo

- README: markdown version to look nicer on github

Viktor Szakats (5 Sep 2016)
- [Taylor Holberton brought this change]

  openssl: add OpenSSL 1.1.0 compatibility

Daniel Stenberg (4 Sep 2016)
- [Antenore Gatta brought this change]

  tests: HAVE_NETINET_IN_H was not defined correctly (#127)

  Fixes #125

- SECURITY: fix web site typo

- SECURITY: security process

GitHub (14 Aug 2016)
- [Alexander Lamaison brought this change]

  Basic dockerised test suite.

  This introduces a test suite for libssh2. It runs OpenSSH in a Docker
  container because that works well on Windows (via docker-machine) as
  well as Linux. Presumably it works on Mac too with docker-machine, but
  I've not tested that.

  Because the test suite is docker-machine aware, you can also run it
  against a cloud provider, for more realistic network testing, by setting
  your cloud provider as your active docker machine. The Appveyor CI setup
  in this commit does that because Appveyor doesn't support docker

Kamil Dudka (3 Aug 2016)
- [Viktor Szakats brought this change]

  misc.c: Delete unused static variables

  Closes #114

Daniel Stenberg (9 Apr 2016)
- [Will Cosgrove brought this change]

  Merge pull request #103 from willco007/patch-2

  Fix for security issue CVE-2016-0787

Alexander Lamaison (2 Apr 2016)
- [Zenju brought this change]

  Fix MSVC 14 compilation errors

  For _MSC_VER == 1900 these macros are not needed and create problems:

  1>C:\Program Files (x86)\Windows \ 
Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1925): warning C4005: 'snprintf': \ 
macro redefinition (compiling source file libssh2-files\src\mac.c)

  1> \win32\libssh2_config.h(27): note: see previous definition of 'snprintf' \ 
(compiling source file libssh2-files\src\mac.c)

  1>C:\Program Files (x86)\Windows \ 
Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1927): fatal error C1189: #error: \ 
Macro definition of snprintf conflicts with Standard Library function \ 
declaration (compiling source file libssh2-files\src\mac.c)

Daniel Stenberg (26 Mar 2016)
- [Brad Harder brought this change]

  _libssh2_channel_open: speeling error fixed in channel error message

Alexander Lamaison (15 Mar 2016)
- Link with crypt32.lib on Windows.

  Makes linking with static OpenSSL work again.  Although it's not
  required for dynamic OpenSSL, it does no harm.

  Fixes #98.

- [Craig A. Berry brought this change]

  Tweak VMS help file building.

  Primarily this is handling cases where top-level files moved into
  the docs/ directory.  I also corrected a typo and removed the
  claim that libssh2 is public domain.

- [Craig A. Berry brought this change]

  Build with standard stat structure on VMS.

  This gets us large file support, is available on any VMS release
  in the last decade and more, and gives stat other modern features
  such as 64-bit ino_t.

- [Craig A. Berry brought this change]

  Update vms/libssh2_config.h.

  VMS does have stdlib.h, gettimeofday(), and OpenSSL.  The latter
  is appropriate to hard-wire in the configuration because it's
  installed by default as part of the base operating system and
  there is currently no libgcrypt port.

- [Craig A. Berry brought this change]

  VMS can't use %zd for off_t format.

  %z is a C99-ism that VMS doesn't currently have; even though the
  compiler is C99-compliant, the library isn't quite.  The off_t used
  for the st_size element of the stat can be 32-bit or 64-bit, so
  detect what we've got and pick a format accordingly.

- [Craig A. Berry brought this change]

  Normalize line endings in libssh2_sftp_get_channel.3.

  Somehow it got Windows-style CRLF endings so convert to just LF,
  for consistency as well as not to confuse tools that will regard
  the \r as content (e.g. the OpenVMS help librarian).

Dan Fandrich (29 Feb 2016)
- libgcrypt: Fixed a NULL pointer dereference on OOM

Daniel Stenberg (24 Feb 2016)
- [Viktor Szakats brought this change]

  url updates, HTTP => HTTPS

  Closes #87

Dan Fandrich (23 Feb 2016)
- RELEASE-NOTES: removed some duplicated names