./security/libssh2, SSH2 protocol library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.7.0nb1, Package name: libssh2-1.7.0nb1, Maintainer: pkgsrc-users

libssh2 is a library implementing the SSH2 protocol, available under
the revised BSD license.

Master sites:

SHA1: 02fef9bdafce3da466b36581a4ff53d519637aca
RMD160: 69dd061067e0512e5a08b2d8c4ca6166e22820ba
Filesize: 792.689 KB

Version history: (Expand)

CVS history: (Expand)

   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-02-23 23:47:18 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Update libssh2 to 1.7.0.


    libssh2_session_set_last_error: Add function
    mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
    WinCNG: support for SHA256/512 HMAC
    kex: Added diffie-hellman-group-exchange-sha256 support
    OS/400 crypto library QC3 support

Bug fixes:

    diffie_hellman_sha256: convert bytes to bits CVE-2016-0787
    SFTP: Increase speed and datasize in SFTP read
    openssl: make libssh2_sha1 return error code
    openssl: fix memleak in _libssh2_dsa_sha1_verify()
    cmake: include CMake files in the release tarballs
    Fix builds with Visual Studio 2015
    hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
    GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS
    GNUmakefile: add -m64 CFLAGS when targeting mingw64
    kex: free server host key before allocating it (again)
    SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows
    channel: Detect bad usage of libssh2_channel_process_startup
    userauth: Fix off by one error when reading public key file
    kex: removed dupe entry from libssh2_kex_methods
    _libssh2_error: Support allocating the error message
    hostkey: fix invalid memory access if libssh2_dsa_new fails
    hostkey: align code path of ssh_rsa_init to ssh_dss_init
    libssh2.pc.in: fix the output of pkg-config --libs
    wincng: fixed possible memory leak in _libssh2_wincng_hash
    wincng: fixed _libssh2_wincng_hash_final return value
    add OpenSSL 1.1.0-pre2 compatibility
    agent_disconnect_unix: unset the agent fd after closing it
    sftp: stop reading when buffer is full
    sftp: Send at least one read request before reading
    sftp: Don't return EAGAIN if data was written to buffer
    sftp: Check read packet file offset
    configure: build "silent" if possible
    openssl: add OpenSSL 1.1.0-pre3-dev compatibility
    GNUmakefile: list system libs after user libs
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-07-26 19:15:35 by Niclas Rosenvik | Files touched by this commit (4) | Package updated
Log message:
Updated libssh2 to version 1.6.0.



    Added libssh2_userauth_publickey_frommemory()

Bug fixes:

    wait_socket: wrong use of difftime()
    userauth: Fixed prompt text no longer being copied to the prompts struct
    mingw build: allow to pass custom CFLAGS
    Let mansyntax.sh work regardless of where it is called from
    Init HMAC_CTX before using it
    direct_tcpip: Fixed channel write
    WinCNG: fixed backend breakage
    OpenSSL: caused by introducing libssh2_hmac_ctx_init
    userauth.c: fix possible dereferences of a null pointer
    wincng: Added explicit clear memory feature to WinCNG backend
    openssl.c: fix possible segfault in case EVP_DigestInit fails
    wincng: fix return code of libssh2_md5_init()
    kex: do not ignore failure of libssh2_sha1_init()
    scp: fix that scp_send may transmit not initialised memory
    scp.c: improved command length calculation
    nonblocking examples: fix warning about unused tvdiff on Mac OS X
    configure: make clear-memory default but WARN if backend unsupported
    OpenSSL: Enable use of OpenSSL that doesn't have DSA
    OpenSSL: Use correct no-blowfish #define
    kex: fix libgcrypt memory leaks of bignum
    libssh2_channel_open: more detailed error message
    wincng: fixed memleak in (block) cipher destructor
   2015-03-23 10:14:53 by Niclas Rosenvik | Files touched by this commit (4) | Package updated
Log message:
Update libssh2 to 1.5.0 to address CVE-2015-1782.



This release includes the following changes:

 o Added Windows Cryptography API: Next Generation based backend

This release includes the following bugfixes:

 o Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded
 o missing _libssh2_error in _libssh2_channel_write
 o knownhost: Fix DSS keys being detected as unknown.
 o knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer.
 o libssh2.h: on Windows, a socket is of type SOCKET, not int
 o libssh2_priv.h: a 1 bit bit-field should be unsigned
 o windows build: do not export externals from static library
 o Fixed two potential use-after-frees of the payload buffer
 o Fixed a few memory leaks in error paths
 o userauth: Fixed an attempt to free from stack on error
 o agent_list_identities: Fixed memory leak on OOM
 o knownhosts: Abort if the hosts buffer is too small
 o sftp_close_handle: ensure the handle is always closed
 o channel_close: Close the channel even in the case of errors
 o docs: added missing libssh2_session_handshake.3 file
 o docs: fixed a bunch of typos
 o userauth_password: pass on the underlying error code
 o _libssh2_channel_forward_cancel: accessed struct after free
 o _libssh2_packet_add: avoid using uninitialized memory
 o _libssh2_channel_forward_cancel: avoid memory leaks on error
 o _libssh2_channel_write: client spins on write when window full
 o windows build: fix build errors
 o publickey_packet_receive: avoid junk in returned pointers
 o channel_receive_window_adjust: store windows size always
 o userauth_hostbased_fromfile: zero assign to avoid uninitialized use
 o configure: change LIBS not LDFLAGS when checking for libs
 o agent_connect_unix: make sure there's a trailing zero
 o MinGW build: Fixed redefine warnings.
 o sftpdir.c: added authentication method detection.
 o Watcom build: added support for WinCNG build.
 o configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
 o sftp_statvfs: fix for servers not supporting statfvs extension
 o knownhost.c: use LIBSSH2_FREE macro instead of free
 o Fixed compilation using mingw-w64
 o knownhost.c: fixed that 'key_type_len' may be used uninitialized
 o configure: Display individual crypto backends on separate lines
 o examples on Windows: check for WSAStartup return code
 o examples on Windows: check for socket return code
 o agent.c: check return code of MapViewOfFile
 o kex.c: fix possible NULL pointer de-reference with session->kex
 o packet.c: fix possible NULL pointer de-reference within listen_state
 o tests on Windows: check for WSAStartup return code
 o userauth.c: improve readability and clarity of for-loops
 o examples on Windows: use native SOCKET-type instead of int
 o packet.c: i < 256 was always true and i would overflow to 0
 o kex.c: make sure mlist is not set to NULL
 o session.c: check return value of session_nonblock in debug mode
 o session.c: check return value of session_nonblock during startup
 o userauth.c: make sure that sp_len is positive and avoid overflows
 o knownhost.c: fix use of uninitialized argument variable wrote
 o openssl: initialise the digest context before calling EVP_DigestInit()
 o libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET
 o configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib
 o configure.ac: Rework crypto library detection
 o configure.ac: Reorder --with-* options in --help output
 o configure.ac: Call zlib zlib and not libz in text but keep option names
 o Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro
 o sftp: seek: Don't flush buffers on same offset
 o sftp: statvfs: Along error path, reset the correct 'state' variable.
 o sftp: Add support for fsync (OpenSSH extension).
 o _libssh2_channel_read: fix data drop when out of window
 o comp_method_zlib_decomp: Improve buffer growing algorithm
 o _libssh2_channel_read: Honour window_size_initial
 o window_size: redid window handling for flow control reasons
 o knownhosts: handle unknown key types
   2014-07-21 00:02:58 by Eric Schnoebelen | Files touched by this commit (3) | Package updated
Log message:
Update to 1.4.3:

Version 1.4.3 - November 27 2012

libssh2 1.4.3 GPG sig (685712 bytes)


    compression: add support for zlib@openssh.com

Bug fixes:

    sftp_read: return error if a too large package arrives
    libssh2_hostkey_hash.3: update the description of return value
    Fixed MSVC NMakefile
    examples: use stderr for messages, stdout for data
    openssl: do not leak memory when handling errors
    improved handling of disabled MD5 algorithm in OpenSSL
    known_hosts: Fail when parsing unknown keys in known_hosts file
    configure: gcrypt doesn't come with pkg-config support
    session_free: wrong variable used for keeping state
    libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
    comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating

Version 1.4.2 - May 18 2012

libssh2 1.4.2 GPG sig (679992 bytes)

Bug fixes:

    Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner
    userauth.c: fread() from public key file to correctly detect any
    configure.ac: Add option to disable build of the example
    Added 'Requires.private:' line to libssh2.pc
    SFTP: filter off incoming "zombie" responses
    gettimeofday: no need for a replacement under cygwin
    SSH_MSG_CHANNEL_REQUEST: default to want_reply
    win32/libssh2_config.h: Remove hardcoded #define LIBSSH2_HAVE_ZLIB

Version 1.4.1 - April 4 2012

libssh2 1.4.1 GPG sig (658507 bytes)

Bug fixes:

    build error with gcrypt backend
    always do "forced" window updates to avoid corner case stalls
    aes: the init function fails when OpenSSL has AES support
    transport_send: Finish in-progress key exchange before sending data
    channel_write: acknowledge transport errors
    examples/x11.c: Make sure sizeof passed to read operation is correct
    examples/x11.c:,Fix suspicious sizeof usage
    sftp_packet_add: verify the packet before accepting it
    SFTP: preserve the original error code more
    sftp_packet_read: adjust window size as necessary
    Use safer snprintf rather then sprintf in several places
    Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
    sftp_write: cannot return acked data *and* EAGAIN
    sftp_read: avoid data *and* EAGAIN
    libssh2.h: Add missing prototype for libssh2_session_banner_set()

Version 1.4.0 - January 31 2012

libssh2 1.4.0 GPG sig (653514 bytes)


    Added libssh2_session_supported_algs()
    Added libssh2_session_banner_get()
    Added libssh2_sftp_get_channel()
    libssh2.h: bump the default window size to 256K

Bug fixes:

    sftp-seek: clear EOF flag
    userauth: Provide more informations if ssh pub key extraction fails
    ssh2_exec: skip error outputs for EAGAIN
    LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000
    knownhost_check(): Don't dereference ext if NULL is passed
    knownhost_add: Avoid dereferencing uninitialized memory on error
    OpenSSL EVP: fix threaded use of structs
    _libssh2_channel_read: react on errors from receive_window_adjust
    sftp_read: cap the read ahead maximum amount
    _libssh2_channel_read: fix non-blocking window adjusting

Version 1.3.0 - September 6 2011

libssh2 1.3.0 GPG sig (639262 bytes)


    Added custom callbacks for performing low level socket I/O

Bug fixes:

    sftp_read: advance offset correctly for buffered copies
    libssh2_sftp_seek64: flush packetlist and buffered data
    _libssh2_packet_add: adjust window size when truncating
    sftp_read: a short read is not end of file

Version 1.2.9 - August 16 2011

libssh2 1.2.9 GPG sig (642150 bytes)


    Added libssh2_session_set_timeout() and
libssh2_session_get_timeout() to make blocking calls get a timeout

Bug fixes:

    configure and pkg-config: fix $VERSION
    s/\.NF/.nf/ to fix wrong macro name caught by man --warnings
    keepalive: add first basic man pages
    sftp_write: flush the packetlist on error
    sftp_write: clean offsets on error
    msvcproj: added libs and debug stuff
    SCP: fix incorrect error code
    session_startup: init state properly
    sftp_write_sliding: send the complete file
    userauth_keyboard_interactive: skip code on zero length auth
    _libssh2_wait_socket: fix timeouts for poll() uses
    agent_list_identities: fix out of scope access
    _libssh2_recv(): handle ENOENT error as EAGAIN
    userauth_keyboard_interactive: fix buffer overflow
    removed man pages for non-existing functions!
    gettimeofday: fix name space pollution
    _libssh2_channel_write: handle window_size == 0 better

Version 1.2.8 - April 5 2011

libssh2 1.2.8 GPG sig (637707 bytes)


    added libssh2_free, libssh2_channel_get_exit_signal and
    SFTP read/write remade and now MUCH faster, especially on high
latency connections
    added new examples: ssh2_echo.c, sftp_append.c and
    userauth: derive publickey from private
    NEWS: now generated from git

Bug fixes:

    Support unlimited number of host names in a single line of the
known_hosts file.
    fix memory leak in userauth_keyboard_interactive()
    fix memory leaks (two times cipher_data) for each sftp session
    session_startup: manage server data before server identification
    SCP: allow file names with bytes > 126
    scp_recv: improved treatment of channel_read() returning zero
    libssh2_userauth_authenticated: make it work as documented
    variable size cleanup: match internal variable sizes better with the
sizes of the fields used on the wire
    channel_request_pty_size: fix reqPTY_state
    sftp_symlink: return error if receive buffer too small
    sftp_readdir: return error if buffer is too small
    libssh2_knownhost_readfile.3: clarify return value
    configure: stop using the deprecated AM_INIT_AUTOMAKE syntax
    Fixed Win32 makefile which was now broken at resource build
    kex_agree_hostkey: fix NULL pointer derefence
    _libssh2_ntohu64: fix conversion from network bytes to uint64
    ssize_t: proper typedef with MSVC compilers
    zlib: Add debug tracing of zlib errors
    decomp: increase decompression buffer sizes

Version 1.2.7 - August 17 2010

libssh2 1.2.7 GPG sig (583105 bytes)


    Added Watcom makefile

Bug fixes:

    Better handling of invalid key files
    inputchecks: make lots of API functions check for NULL pointers
    libssh2_session_callback_set: extended the man page
    SFTP: limit write() to not produce overly large packets
    agent: make libssh2_agent_userauth() work blocking properly
    _libssh2_userauth_publickey: reject method names longer than the
    channel_free: ignore problems with channel_close()
    typedef: make ssize_t get typedef without LIBSSH2_WIN32
    _libssh2_wait_socket: poll needs milliseconds
    libssh2_wait_socket: reset error code to "leak" EAGAIN less
    Added include for sys/select.h to get fd.set on some platforms
    session_free: free more data to avoid memory leaks
    openssl: make use of the EVP interface
    Fix underscore typo for 64-bit printf format specifiers on Windows
    Make libssh2_debug() create a correctly terminated string
    userauth_hostbased_fromfile: packet length too short
    handshake: Compression enabled at the wrong time
    Don't overflow MD5 server hostkey

Version 1.2.6 - June 10 2010

libssh2 1.2.6 GPG sig (579590 bytes)


    Added libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs()
    Added libssh2_knownhost_checkp()
    Added libssh2_scp_send64()

Bug fixes:

    wait_socket: make c89 compliant and use two fd_sets for select()
    OpenSSL AES-128-CTR detection
    proper keyboard-interactive user dialog in the sftp.c example
    build procedure for VMS
    fixed libssh2.dsw to use the generated libssh2.dsp
    several Windows-related build fixes
    fail to init SFTP if session isn't already authenticated
    many tiny fixes that address clang-analyzer warnings
    sftp_open: deal with short channel_write calls
    libssh2_publickey_init: fixed to work better non-blocking
    sftp_close_handle: add precation to not access NULL pointer
    sftp_readdir: simplified and bugfixed
    channel_write: if data has been sent, don't return EAGAIN

Version 1.2.5 - April 13 2010

libssh2 1.2.5 GPG sig (559553 bytes)


    Added Add keep-alive support: libssh2_keepalive_config() and
    Added libssh2_knownhost_addc(), libssh2_init() and libssh2_exit()
    Added LIBSSH2_SFTP_S_IS***() macros

Bug fixes:

    fix memory leak in libssh2_session_startup()
    added missing error codes - shown as hangs in blocking mode
    fix memory leak in userauth_keyboard_interactive()
    libssh2_knownhost_del: fix write to freed memory
    Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE
    Use AES-CTR from OpenSSL when available
    Fixed gettimeofday to compile with Visual C++ 6
    NULL dereference when window adjusting a non-existing channel
    avoid using poll on interix and mac os x systems
    fix scp memory leak
    Correctly clear blocking flag after sending multipart packet
    Reduce used window sizes by factor 10
    libssh2_userauth_publickey_fromfile_ex() handles a NULL password
    sftp_init() deal with _libssh2_channel_write() short returns

Version 1.2.4 - February 13 2010

libssh2 1.2.4 GPG sig (547675 bytes)

Bug fixes:

    Resolve compile issues on Solaris x64 and UltraSPARC
    Allow compiling with OpenSSL when AES isn't available
    Fix Tru64 socklen_t compile issue with example/direct_tcpip.c

Version 1.2.3 - February 3 2010

libssh2 1.2.3 GPG sig (547652 bytes)


    ssh-agent support with the new libssh2_agent_* functions
    Added libssh2_trace_sethandler()
    Added the direct_tcpip.c and ssh2_agent.c examples

Bug fixes:

    Fixed memory leak in userauth_publickey
    Fixed publickey authentication regression
    Silenced several compiler warnings
    avoid returning data to memory already freed
    transport layer fix for bogus -39 (LIBSSH2_ERROR_BAD_USE) errors
    Fixed padding in ssh-dss signature blob encoding
    Fixed direction blocking flag problems
    Fixed memory leak in sftp_fstat()
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-02-07 00:24:19 by Jonathan Perkin | Files touched by this commit (1351) | Package updated
Log message:
PKGREVISION bumps for the security/openssl 1.0.1d update.