|2016-10-31 17:18:02 by Thomas Klausner | Files touched by this commit (2) ||
Log message: Updated libssh2 to 1.8.0. Version 1.8.0 (25 Oct 2016) Daniel Stenberg (25 Oct 2016) - RELEASE-NOTES: adjusted for 1.8.0 Kamil Dudka (20 Oct 2016) - Revert "aes: the init function fails when OpenSSL has AES support" This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864 because it caused the compatibility code to call initialization routines redundantly, leading to memory leakage with OpenSSL 1.1 and broken curl test-suite in Fedora: 88 bytes in 1 blocks are definitely lost in loss record 5 of 8 at 0x4C2DB8D: malloc (vg_replace_malloc.c:299) by 0x72C607D: CRYPTO_zalloc (mem.c:100) by 0x72A2480: EVP_CIPHER_meth_new (cmeth_lib.c:18) by 0x4E5A550: make_ctr_evp.isra.0 (openssl.c:407) by 0x4E5A8E8: _libssh2_init_aes_ctr (openssl.c:471) by 0x4E5BB5A: libssh2_init (global.c:49) Daniel Stenberg (19 Oct 2016) - [Charles Collicutt brought this change] libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds (#134) Fixes #74 - [Charles Collicutt brought this change] Set err_msg on _libssh2_wait_socket errors (#135) - Revert "travis: Test mbedtls too" This reverts commit 3e6de50a24815e72ec5597947f1831f6083b7da8. Travis doesn't seem to support the mbedtls-dev package - maketgz: support "only" to only update version number locally and fix the date output locale - configure: make the --with-* options override the OpenSSL default ... previously it would default to OpenSSL even with the --with-[crypto] options used unless you specificly disabled OpenSSL. Now, enabling another backend will automatically disable OpenSSL if the other one is found. - [Keno Fischer brought this change] docs: Add documentation on new cmake/configure options - [Keno Fischer brought this change] configure: Add support for building with mbedtls - [wildart brought this change] travis: Test mbedtls too - [wildart brought this change] crypto: add support for the mbedTLS backend Closes #132 - [wildart brought this change] cmake: Add CLEAR_MEMORY option, analogously to that for autoconf - README.md: fix link typo - README: markdown version to look nicer on github Viktor Szakats (5 Sep 2016) - [Taylor Holberton brought this change] openssl: add OpenSSL 1.1.0 compatibility Daniel Stenberg (4 Sep 2016) - [Antenore Gatta brought this change] tests: HAVE_NETINET_IN_H was not defined correctly (#127) Fixes #125 - SECURITY: fix web site typo - SECURITY: security process GitHub (14 Aug 2016) - [Alexander Lamaison brought this change] Basic dockerised test suite. This introduces a test suite for libssh2. It runs OpenSSH in a Docker container because that works well on Windows (via docker-machine) as well as Linux. Presumably it works on Mac too with docker-machine, but I've not tested that. Because the test suite is docker-machine aware, you can also run it against a cloud provider, for more realistic network testing, by setting your cloud provider as your active docker machine. The Appveyor CI setup in this commit does that because Appveyor doesn't support docker locally. Kamil Dudka (3 Aug 2016) - [Viktor Szakats brought this change] misc.c: Delete unused static variables Closes #114 Daniel Stenberg (9 Apr 2016) - [Will Cosgrove brought this change] Merge pull request #103 from willco007/patch-2 Fix for security issue CVE-2016-0787 Alexander Lamaison (2 Apr 2016) - [Zenju brought this change] Fix MSVC 14 compilation errors For _MSC_VER == 1900 these macros are not needed and create problems: 1>C:\Program Files (x86)\Windows \ Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1925): warning C4005: 'snprintf': \ macro redefinition (compiling source file libssh2-files\src\mac.c) 1> \win32\libssh2_config.h(27): note: see previous definition of 'snprintf' \ (compiling source file libssh2-files\src\mac.c) 1>C:\Program Files (x86)\Windows \ Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1927): fatal error C1189: #error: \ Macro definition of snprintf conflicts with Standard Library function \ declaration (compiling source file libssh2-files\src\mac.c) Daniel Stenberg (26 Mar 2016) - [Brad Harder brought this change] _libssh2_channel_open: speeling error fixed in channel error message Alexander Lamaison (15 Mar 2016) - Link with crypt32.lib on Windows. Makes linking with static OpenSSL work again. Although it's not required for dynamic OpenSSL, it does no harm. Fixes #98. - [Craig A. Berry brought this change] Tweak VMS help file building. Primarily this is handling cases where top-level files moved into the docs/ directory. I also corrected a typo and removed the claim that libssh2 is public domain. - [Craig A. Berry brought this change] Build with standard stat structure on VMS. This gets us large file support, is available on any VMS release in the last decade and more, and gives stat other modern features such as 64-bit ino_t. - [Craig A. Berry brought this change] Update vms/libssh2_config.h. VMS does have stdlib.h, gettimeofday(), and OpenSSL. The latter is appropriate to hard-wire in the configuration because it's installed by default as part of the base operating system and there is currently no libgcrypt port. - [Craig A. Berry brought this change] VMS can't use %zd for off_t format. %z is a C99-ism that VMS doesn't currently have; even though the compiler is C99-compliant, the library isn't quite. The off_t used for the st_size element of the stat can be 32-bit or 64-bit, so detect what we've got and pick a format accordingly. - [Craig A. Berry brought this change] Normalize line endings in libssh2_sftp_get_channel.3. Somehow it got Windows-style CRLF endings so convert to just LF, for consistency as well as not to confuse tools that will regard the \r as content (e.g. the OpenVMS help librarian). Dan Fandrich (29 Feb 2016) - libgcrypt: Fixed a NULL pointer dereference on OOM Daniel Stenberg (24 Feb 2016) - [Viktor Szakats brought this change] url updates, HTTP => HTTPS Closes #87 Dan Fandrich (23 Feb 2016) - RELEASE-NOTES: removed some duplicated names
|2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) ||
Log message: Bump PKGREVISION for security/openssl ABI bump.
|2016-02-23 23:47:18 by Thomas Klausner | Files touched by this commit (3) ||
Log message: Update libssh2 to 1.7.0. Changes: libssh2_session_set_last_error: Add function mac: Add support for HMAC-SHA-256 and HMAC-SHA-512 WinCNG: support for SHA256/512 HMAC kex: Added diffie-hellman-group-exchange-sha256 support OS/400 crypto library QC3 support Bug fixes: diffie_hellman_sha256: convert bytes to bits CVE-2016-0787 SFTP: Increase speed and datasize in SFTP read openssl: make libssh2_sha1 return error code openssl: fix memleak in _libssh2_dsa_sha1_verify() cmake: include CMake files in the release tarballs Fix builds with Visual Studio 2015 hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS GNUmakefile: add -m64 CFLAGS when targeting mingw64 kex: free server host key before allocating it (again) SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows channel: Detect bad usage of libssh2_channel_process_startup userauth: Fix off by one error when reading public key file kex: removed dupe entry from libssh2_kex_methods _libssh2_error: Support allocating the error message hostkey: fix invalid memory access if libssh2_dsa_new fails hostkey: align code path of ssh_rsa_init to ssh_dss_init libssh2.pc.in: fix the output of pkg-config --libs wincng: fixed possible memory leak in _libssh2_wincng_hash wincng: fixed _libssh2_wincng_hash_final return value add OpenSSL 1.1.0-pre2 compatibility agent_disconnect_unix: unset the agent fd after closing it sftp: stop reading when buffer is full sftp: Send at least one read request before reading sftp: Don't return EAGAIN if data was written to buffer sftp: Check read packet file offset configure: build "silent" if possible openssl: add OpenSSL 1.1.0-pre3-dev compatibility GNUmakefile: list system libs after user libs
|2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)|
Log message: Add SHA512 digests for distfiles for security category Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
|2015-07-26 19:15:35 by Niclas Rosenvik | Files touched by this commit (4) ||
Log message: Updated libssh2 to version 1.6.0. Changelog: Changes: Added libssh2_userauth_publickey_frommemory() Bug fixes: wait_socket: wrong use of difftime() userauth: Fixed prompt text no longer being copied to the prompts struct mingw build: allow to pass custom CFLAGS Let mansyntax.sh work regardless of where it is called from Init HMAC_CTX before using it direct_tcpip: Fixed channel write WinCNG: fixed backend breakage OpenSSL: caused by introducing libssh2_hmac_ctx_init userauth.c: fix possible dereferences of a null pointer wincng: Added explicit clear memory feature to WinCNG backend openssl.c: fix possible segfault in case EVP_DigestInit fails wincng: fix return code of libssh2_md5_init() kex: do not ignore failure of libssh2_sha1_init() scp: fix that scp_send may transmit not initialised memory scp.c: improved command length calculation nonblocking examples: fix warning about unused tvdiff on Mac OS X configure: make clear-memory default but WARN if backend unsupported OpenSSL: Enable use of OpenSSL that doesn't have DSA OpenSSL: Use correct no-blowfish #define kex: fix libgcrypt memory leaks of bignum libssh2_channel_open: more detailed error message wincng: fixed memleak in (block) cipher destructor
|2015-03-23 10:14:53 by Niclas Rosenvik | Files touched by this commit (4) ||
Log message: Update libssh2 to 1.5.0 to address CVE-2015-1782. http://www.libssh2.org/adv_20150311.html Set LICENSE. Changelog: This release includes the following changes: o Added Windows Cryptography API: Next Generation based backend This release includes the following bugfixes: o Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded o missing _libssh2_error in _libssh2_channel_write o knownhost: Fix DSS keys being detected as unknown. o knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer. o libssh2.h: on Windows, a socket is of type SOCKET, not int o libssh2_priv.h: a 1 bit bit-field should be unsigned o windows build: do not export externals from static library o Fixed two potential use-after-frees of the payload buffer o Fixed a few memory leaks in error paths o userauth: Fixed an attempt to free from stack on error o agent_list_identities: Fixed memory leak on OOM o knownhosts: Abort if the hosts buffer is too small o sftp_close_handle: ensure the handle is always closed o channel_close: Close the channel even in the case of errors o docs: added missing libssh2_session_handshake.3 file o docs: fixed a bunch of typos o userauth_password: pass on the underlying error code o _libssh2_channel_forward_cancel: accessed struct after free o _libssh2_packet_add: avoid using uninitialized memory o _libssh2_channel_forward_cancel: avoid memory leaks on error o _libssh2_channel_write: client spins on write when window full o windows build: fix build errors o publickey_packet_receive: avoid junk in returned pointers o channel_receive_window_adjust: store windows size always o userauth_hostbased_fromfile: zero assign to avoid uninitialized use o configure: change LIBS not LDFLAGS when checking for libs o agent_connect_unix: make sure there's a trailing zero o MinGW build: Fixed redefine warnings. o sftpdir.c: added authentication method detection. o Watcom build: added support for WinCNG build. o configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS o sftp_statvfs: fix for servers not supporting statfvs extension o knownhost.c: use LIBSSH2_FREE macro instead of free o Fixed compilation using mingw-w64 o knownhost.c: fixed that 'key_type_len' may be used uninitialized o configure: Display individual crypto backends on separate lines o examples on Windows: check for WSAStartup return code o examples on Windows: check for socket return code o agent.c: check return code of MapViewOfFile o kex.c: fix possible NULL pointer de-reference with session->kex o packet.c: fix possible NULL pointer de-reference within listen_state o tests on Windows: check for WSAStartup return code o userauth.c: improve readability and clarity of for-loops o examples on Windows: use native SOCKET-type instead of int o packet.c: i < 256 was always true and i would overflow to 0 o kex.c: make sure mlist is not set to NULL o session.c: check return value of session_nonblock in debug mode o session.c: check return value of session_nonblock during startup o userauth.c: make sure that sp_len is positive and avoid overflows o knownhost.c: fix use of uninitialized argument variable wrote o openssl: initialise the digest context before calling EVP_DigestInit() o libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET o configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib o configure.ac: Rework crypto library detection o configure.ac: Reorder --with-* options in --help output o configure.ac: Call zlib zlib and not libz in text but keep option names o Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro o sftp: seek: Don't flush buffers on same offset o sftp: statvfs: Along error path, reset the correct 'state' variable. o sftp: Add support for fsync (OpenSSH extension). o _libssh2_channel_read: fix data drop when out of window o comp_method_zlib_decomp: Improve buffer growing algorithm o _libssh2_channel_read: Honour window_size_initial o window_size: redid window handling for flow control reasons o knownhosts: handle unknown key types
|2014-07-21 00:02:58 by Eric Schnoebelen | Files touched by this commit (3) ||
Log message: Update to 1.4.3: Changelog: Version 1.4.3 - November 27 2012 libssh2 1.4.3 GPG sig (685712 bytes) Changes: compression: add support for email@example.com Bug fixes: sftp_read: return error if a too large package arrives libssh2_hostkey_hash.3: update the description of return value Fixed MSVC NMakefile examples: use stderr for messages, stdout for data openssl: do not leak memory when handling errors improved handling of disabled MD5 algorithm in OpenSSL known_hosts: Fail when parsing unknown keys in known_hosts file configure: gcrypt doesn't come with pkg-config support session_free: wrong variable used for keeping state libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating Version 1.4.2 - May 18 2012 libssh2 1.4.2 GPG sig (679992 bytes) Bug fixes: Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner userauth.c: fread() from public key file to correctly detect any errors configure.ac: Add option to disable build of the example applications Added 'Requires.private:' line to libssh2.pc SFTP: filter off incoming "zombie" responses gettimeofday: no need for a replacement under cygwin SSH_MSG_CHANNEL_REQUEST: default to want_reply win32/libssh2_config.h: Remove hardcoded #define LIBSSH2_HAVE_ZLIB Version 1.4.1 - April 4 2012 libssh2 1.4.1 GPG sig (658507 bytes) Bug fixes: build error with gcrypt backend always do "forced" window updates to avoid corner case stalls aes: the init function fails when OpenSSL has AES support transport_send: Finish in-progress key exchange before sending data channel_write: acknowledge transport errors examples/x11.c: Make sure sizeof passed to read operation is correct examples/x11.c:,Fix suspicious sizeof usage sftp_packet_add: verify the packet before accepting it SFTP: preserve the original error code more sftp_packet_read: adjust window size as necessary Use safer snprintf rather then sprintf in several places Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET sftp_write: cannot return acked data *and* EAGAIN sftp_read: avoid data *and* EAGAIN libssh2.h: Add missing prototype for libssh2_session_banner_set() Version 1.4.0 - January 31 2012 libssh2 1.4.0 GPG sig (653514 bytes) Changes: Added libssh2_session_supported_algs() Added libssh2_session_banner_get() Added libssh2_sftp_get_channel() libssh2.h: bump the default window size to 256K Bug fixes: sftp-seek: clear EOF flag userauth: Provide more informations if ssh pub key extraction fails ssh2_exec: skip error outputs for EAGAIN LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 knownhost_check(): Don't dereference ext if NULL is passed knownhost_add: Avoid dereferencing uninitialized memory on error path OpenSSL EVP: fix threaded use of structs _libssh2_channel_read: react on errors from receive_window_adjust sftp_read: cap the read ahead maximum amount _libssh2_channel_read: fix non-blocking window adjusting Version 1.3.0 - September 6 2011 libssh2 1.3.0 GPG sig (639262 bytes) Changes: Added custom callbacks for performing low level socket I/O Bug fixes: sftp_read: advance offset correctly for buffered copies libssh2_sftp_seek64: flush packetlist and buffered data _libssh2_packet_add: adjust window size when truncating sftp_read: a short read is not end of file Version 1.2.9 - August 16 2011 libssh2 1.2.9 GPG sig (642150 bytes) Changes: Added libssh2_session_set_timeout() and libssh2_session_get_timeout() to make blocking calls get a timeout Bug fixes: configure and pkg-config: fix $VERSION s/\.NF/.nf/ to fix wrong macro name caught by man --warnings keepalive: add first basic man pages sftp_write: flush the packetlist on error sftp_write: clean offsets on error msvcproj: added libs and debug stuff SCP: fix incorrect error code session_startup: init state properly sftp_write_sliding: send the complete file userauth_keyboard_interactive: skip code on zero length auth _libssh2_wait_socket: fix timeouts for poll() uses agent_list_identities: fix out of scope access _libssh2_recv(): handle ENOENT error as EAGAIN userauth_keyboard_interactive: fix buffer overflow removed man pages for non-existing functions! gettimeofday: fix name space pollution _libssh2_channel_write: handle window_size == 0 better Version 1.2.8 - April 5 2011 libssh2 1.2.8 GPG sig (637707 bytes) Changes: added libssh2_free, libssh2_channel_get_exit_signal and libssh2_session_handshake SFTP read/write remade and now MUCH faster, especially on high latency connections added new examples: ssh2_echo.c, sftp_append.c and sftp_write_sliding.c userauth: derive publickey from private NEWS: now generated from git Bug fixes: Support unlimited number of host names in a single line of the known_hosts file. fix memory leak in userauth_keyboard_interactive() fix memory leaks (two times cipher_data) for each sftp session session_startup: manage server data before server identification SCP: allow file names with bytes > 126 scp_recv: improved treatment of channel_read() returning zero libssh2_userauth_authenticated: make it work as documented variable size cleanup: match internal variable sizes better with the sizes of the fields used on the wire channel_request_pty_size: fix reqPTY_state sftp_symlink: return error if receive buffer too small sftp_readdir: return error if buffer is too small libssh2_knownhost_readfile.3: clarify return value configure: stop using the deprecated AM_INIT_AUTOMAKE syntax Fixed Win32 makefile which was now broken at resource build kex_agree_hostkey: fix NULL pointer derefence _libssh2_ntohu64: fix conversion from network bytes to uint64 ssize_t: proper typedef with MSVC compilers zlib: Add debug tracing of zlib errors decomp: increase decompression buffer sizes Version 1.2.7 - August 17 2010 libssh2 1.2.7 GPG sig (583105 bytes) Changes: Added Watcom makefile Bug fixes: Better handling of invalid key files inputchecks: make lots of API functions check for NULL pointers libssh2_session_callback_set: extended the man page SFTP: limit write() to not produce overly large packets agent: make libssh2_agent_userauth() work blocking properly _libssh2_userauth_publickey: reject method names longer than the data channel_free: ignore problems with channel_close() typedef: make ssize_t get typedef without LIBSSH2_WIN32 _libssh2_wait_socket: poll needs milliseconds libssh2_wait_socket: reset error code to "leak" EAGAIN less Added include for sys/select.h to get fd.set on some platforms session_free: free more data to avoid memory leaks openssl: make use of the EVP interface Fix underscore typo for 64-bit printf format specifiers on Windows Make libssh2_debug() create a correctly terminated string userauth_hostbased_fromfile: packet length too short handshake: Compression enabled at the wrong time Don't overflow MD5 server hostkey Version 1.2.6 - June 10 2010 libssh2 1.2.6 GPG sig (579590 bytes) Changes: Added libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs() Added libssh2_knownhost_checkp() Added libssh2_scp_send64() Bug fixes: wait_socket: make c89 compliant and use two fd_sets for select() OpenSSL AES-128-CTR detection proper keyboard-interactive user dialog in the sftp.c example build procedure for VMS fixed libssh2.dsw to use the generated libssh2.dsp several Windows-related build fixes fail to init SFTP if session isn't already authenticated many tiny fixes that address clang-analyzer warnings sftp_open: deal with short channel_write calls libssh2_publickey_init: fixed to work better non-blocking sftp_close_handle: add precation to not access NULL pointer sftp_readdir: simplified and bugfixed channel_write: if data has been sent, don't return EAGAIN Version 1.2.5 - April 13 2010 libssh2 1.2.5 GPG sig (559553 bytes) Changes: Added Add keep-alive support: libssh2_keepalive_config() and libssh2_keepalive_send() Added libssh2_knownhost_addc(), libssh2_init() and libssh2_exit() Added LIBSSH2_SFTP_S_IS***() macros Bug fixes: fix memory leak in libssh2_session_startup() added missing error codes - shown as hangs in blocking mode fix memory leak in userauth_keyboard_interactive() libssh2_knownhost_del: fix write to freed memory Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE Use AES-CTR from OpenSSL when available Fixed gettimeofday to compile with Visual C++ 6 NULL dereference when window adjusting a non-existing channel avoid using poll on interix and mac os x systems fix scp memory leak Correctly clear blocking flag after sending multipart packet Reduce used window sizes by factor 10 libssh2_userauth_publickey_fromfile_ex() handles a NULL password sftp_init() deal with _libssh2_channel_write() short returns Version 1.2.4 - February 13 2010 libssh2 1.2.4 GPG sig (547675 bytes) Bug fixes: Resolve compile issues on Solaris x64 and UltraSPARC Allow compiling with OpenSSL when AES isn't available Fix Tru64 socklen_t compile issue with example/direct_tcpip.c Version 1.2.3 - February 3 2010 libssh2 1.2.3 GPG sig (547652 bytes) Changes: ssh-agent support with the new libssh2_agent_* functions Added libssh2_trace_sethandler() Added the direct_tcpip.c and ssh2_agent.c examples Bug fixes: Fixed memory leak in userauth_publickey Fixed publickey authentication regression Silenced several compiler warnings avoid returning data to memory already freed transport layer fix for bogus -39 (LIBSSH2_ERROR_BAD_USE) errors Fixed padding in ssh-dss signature blob encoding Fixed direction blocking flag problems Fixed memory leak in sftp_fstat()
|2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)|
Log message: Recursive PKGREVISION bump for OpenSSL API version bump.