pkgsrc.se | The NetBSD package collection

./security/libssh, SSHv2+v1 protocol library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.111, Package name: libssh-0.111, Maintainer: is

libssh is a multiplatform C library implementing the SSHv2 and SSHv1 protocol
on client and server side. With libssh, you can remotely execute programs,
transfer files, use a secure and transparent tunnel for
your remote applications.

Required to run:
[security/heimdal] [security/openssl] [devel/argp] [devel/cmocka]

Required to build:
[pkgtools/cwrappers]

Package options: gssapi, openssl

Master sites:

https://www.libssh.org/files/0.11/ (Download)

Filesize: 606.551 KB

Version history: (Expand)

(2024-12-27) Updated to version: libssh-0.111
(2023-12-18) Updated to version: libssh-0.106
(2023-10-25) Updated to version: libssh-0.105nb2
(2023-06-13) Updated to version: libssh-0.105nb1
(2023-05-07) Updated to version: libssh-0.105
(2023-04-16) Updated to version: libssh-0.104

CVS history: (Expand)

2025-01-10 12:33:08 by Jonathan Perkin | Files touched by this commit (1)

Log message:
libssh: SunOS needs _POSIX_PTHREAD_SEMANTICS.

2025-01-07 06:56:17 by Masatake Daimon | Files touched by this commit (2)

Log message:
security/libssh: Fix build with option "libgcrypt"

2024-12-27 12:15:39 by Adam Ciarcinski | Files touched by this commit (3) | Package updated

Log message:
libssh: updated to 0.11.1

version 0.11.1 (released 2024-08-30)
 * Fixed default TTY modes that are set when stdin is not connected to tty
 * Fixed zlib cleanup procedure, which could crash on i386
 * Various test fixes improving their stability
 * Fixed cygwin build

version 0.11.0 (released 2024-07-31)
  * Deprecations and Removals:
    * Dropped support for DSA
    * Deprecated Blowfish cipher (will be removed in next release)
    * Deprecated SSH_BIND_OPTIONS_{RSA,ECDSA}KEY in favor of generic HOSTKEY
    * Removed the usage of deprecated OpenSSL APIs (Note: Minimum supported
      OpenSSL version is 1.1.1)
    * Disabled preauth compression (zlib) by default
    * Support for pkcs#11 engines are deprecated, pkcs11-provider is used instead
    * Deprecation of old async SFTP API
    * libgcrypt cryptographic backend is deprecated
    * Deprecation of knownhosts hashing
  * SFTP Improvements:
    * Added support for async SFTP IO
    * Added support for sftp_limits() and applied capping to SFTP read/write
      operations accordingly
    * Added sftp_home_directory() API support for sftp extension \ 
"home-directory"
    * Added sftp_lsetstat() API for lsetstat extensions
    * Added sftp_expand_path() to canonicalize path using expand-path@openssh.com
      extension
    * Implemented stat and realpath in sftpserver
    * Added sftp_readlink() API to support hardlink@openssh.com
    * New extensible callback based SFTP server
    * Introduced the posix-rename@openssh.com extension
  * New functions and features:
    * Added support for PKCS #11 provider for OpenSSL 3.0
    * Added testing for GSSAPI Authentication
    * Implemented proxy jump using libssh
    * Recategorized loglevels to show fatal errors and alignment with OpenSSH
      log levels
    * Added ssh_channel_request_pty_size_modes() API to set terminal modes for
      PTYs
    * Added function to check username syntax
    * Added support to check all keys in authorized_keys instead of one in
      example server implementation
    * Handled hostkey similar to OpenSSH
    * Added ssh_session_socket_close() API in order to not close socket passed
      through options on error conditions
    * Added option SSH_BIND_OPTIONS_IMPORT_KEY_STR to read user-supplied key
      string in ssh_bind_options_set()
    * Improved log handling around ssh_set_callbacks
    * Added ssh_set_error_invalid in ssh_options_set()
    * Prevented signature blob to start with 1 bit in libgcrypt
    * Added support to unbreak key comparison of Ed25519 keys imported from PEM
      or OpenSSH container
    * Added support to calculate missing CRT parameters when building RSA key
    * Added ssh_pki_export_privkey_base64_format() and
      ssh_pki_export_privkey_file_format() to support exporting keys in different
      formats (PEM, OpenSSH)
    * Added support to compare certificates and handle automatic certificate
      authentication
    * Added support to make compile-commands generation conditional
    * Built fuzzers for normal testing
    * Avoided passing other events to callbacks when called recursively
    * Added control master and path options
    * Refactored channel_rcv_data, check for errors and report more useful errors
    * Added support to connect to other host addresses than just the first one
    * Terminated the server properly when the MaxAuthTries is reached
    * Added support for no-more-sessions@openssh.com request in both client and
      server
    * Added callback to support forwarded-tcpip requests
    * Bumped minimal CMake version to 3.12
    * Added support for MBedTLS 3.6.x
    * Added support for +,-,^ modifiers in front of algorithm lists in options
    * Added callbacks for channel open response, and channel request response
    * Replaced chroot() from chroot_wrapper internal library with chroot()
      from priv_wrapper package
    * Added a placeholder for non-expanded identities
    * Improved handling of channel transfer window sizes

2024-08-25 08:19:21 by Thomas Klausner | Files touched by this commit (575)

Log message:
*: replace CMAKE_ARGS with CMAKE_CONFIGURE_ARGS

2023-12-18 18:07:25 by Thomas Klausner | Files touched by this commit (3) | Package updated

Log message:
libssh: update to 0.106.

version 0.10.6 (released 2023-12-18)
 * Fix CVE-2023-6004: Command injection using proxycommand
 * Fix CVE-2023-48795: Potential downgrade attack using strict kex
 * Fix CVE-2023-6918: Missing checks for return values of MD functions
 * Fix ssh_send_issue_banner() for CMD(PowerShell)
 * Avoid passing other events to callbacks when poll is called recursively (#202)
 * Allow @ in usernames when parsing from URI composes

2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)

Log message:
*: bump for openssl 3

2023-06-13 19:54:44 by Amitai Schleier | Files touched by this commit (3)

Log message:
libssh: add 'gssapi' option, enabled (as before) by default. Bump PKGREVISION.

2023-05-07 12:21:56 by Thomas Klausner | Files touched by this commit (3) | Package updated

Log message:
libssh: update to 0.105.

version 0.10.5 (released 2023-05-04)
 * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing
 * Fix CVE-2023-2283: a possible authorization bypass in
   pki_verify_data_signature under low-memory conditions.
 * Fix several memory leaks in GSSAPI handling code
 * Escape braces in ProxyCommand created from ProxyJump options for zsh
   compatibility.
 * Fix pkg-config path relocation for MinGW
 * Improve doxygen documentation
 * Fix build with cygwin due to the glob support
 * Do not enqueue outgoing packets after sending SSH2_MSG_NEWKEYS
 * Add support for SSH_SUPPRESS_DEPRECATED
 * Avoid functions declarations without prototype to build with clang 15
 * Fix spelling issues
 * Avoid expanding KnownHosts, ProxyCommands and IdentityFiles repetitively
 * Add support sk-* keys through configuration
 * Improve checking for Argp library
 * Log information about received extensions
 * Correctly handle rekey with delayed compression
 * Move the EC keys handling to OpenSSL 3.0 API
 * Record peer disconnect message
 * Avoid deadlock when write buffering occurs and we call poll recursively to
   flush the output buffer
 * Disable preauthentication compression by default
 * Add CentOS 8 Stream / OpenSSL 1.1.1 to CI
 * Add accidentally removed default compile flags
 * Solve incorrect parsing of ProxyCommand option