Path to this page:
Subject: CVS commit: pkgsrc/security/libssh2
From: Thomas Klausner
Date: 2024-10-16 17:38:13
Message id: 20241016153813.95CFBFC7E@cvs.NetBSD.org
Log Message:
libssh2: update to 1.11.1.
Enhancements and bugfixes
autotools: fix to update `LDFLAGS` for each detected dependency (d19b6190 \
#1384 #1381 #1377)
autotools: delete `--disable-tests` option, fix CI tests (e051ae34 #1271 \
#715 revert: 7483edfa)
autotools: show the default for `hidden-symbols` option (a3f5594a #1269)
autotools: enable `-Wunused-macros` with gcc (ecdf5199 #1262 #1227 #1224)
autotools: fix dotless gcc and Apple clang version detections (89ccc83c \
#1232 #1187)
autotools: show more clang/gcc version details (fb580161 #1230)
autotools: avoid warnings in libtool stub code (96682bd5 #1227 #1224)
autotools: sync warning enabler code with curl (5996fefe #1223)
autotools: rename variable (ce5f208a #1222)
autotools: picky warning options tidy-up (cdca8cff #1221)
autotools: fix `cp` to preserve attributes and timestamp in `Makefile.am` \
(f64e6318)
autotools: fix selecting WinCNG in cross-builds (and more) (00a3b88c #1187 #1186)
autotools: use comma separator in `Requires.private` of `libssh2.pc` \
(7f83de14 #1124)
autotools: remove `AB_INIT` from `configure.ac` (f4f52ccc)
autotools: improve libz position (c89174a7 #1077 #941 #1075 #1013 regr: 4f0f4bff)
autotools: skip tests requiring static lib if `--disable-static` (572c57c9 \
#1072 #663 #1056 regr: 83853f8a)
build: stop detecting `sys/param.h` header (2677d3b0 #1418 #1415)
build: silence warnings inside `FD_SET()`/`FD_ISSET()` macros (323a14b2 #1379)
build: drop `-Wformat-nonliteral` warning suppressions (c452c5cc #1342)
build: enable `-pedantic-errors` (3ec53f3e #1286)
build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute (f8c45794 #1287)
build: add `LIBSSH2_NO_DEPRECATED` option (b1414503 #1267 #1266 #1260 #1259)
build: enable missing OpenSSF-recommended warnings, with fixes (afa6b865 #1257)
build: enable more compiler warnings and fix them (7ecc309c #1224)
build: picky warning updates (328a96b3 #1219)
build: revert: respect autotools `DLL_EXPORT` in `libssh2.h` (481be044 #1141 \
#917 revert: fb1195cf)
build: stop requiring libssl from openssl (c84745e3 #1128)
build: tidy-up `libssh2.pc.in` variable names (5720dd9f #1125)
build: add/fix `Requires.private` packages in `libssh2.pc` (ef538069 #1123)
buildconf: drop (814a850c #1441 follow: fc5d7788)
checksrc: update, check all sources, fix fallouts (1117b677 #1457)
checksrc: sync with curl (8cd473c9 #1272)
checksrc: fix spelling in comment (a95d401f)
checksrc: modernise Perl file open (3d309f9b)
checksrc: switch to dot file (d67a91aa #1052)
ci: use Ninja with cmake (20ad047d #1458)
ci: disable dependency tracking in autotools builds (e44f0418 #1396)
ci: fix mbedtls runners on macOS (84411539 #1381)
ci: enable Unity mode for most CMake builds (1bfae57b #1367 #1034)
ci: add shellcheck job and script (d88b9bcd)
ci: verify build and install from tarball (a86e27e8 #1362)
ci: add reproducibility test for `maketgz` (2d765e45 #1360)
ci: use Linux runner for BSDs, add arm64 FreeBSD 14 job (6f86b196 #1343)
ci: do not parallelize `distcheck` job (5e65dd87 #1339)
ci: add FreeBSD 14 job, fix issues (46333adf #1277)
ci: add OmniOS job, fix issues (5e0ec991)
ci: show compiler in cross/cygwin job names (c9124088)
ci: add OpenBSD (v7.4) job + fix build error in example (0c9a8e35 #1250)
ci: add NetBSD (v9.3) job (65c7a7a5)
ci: update and speed up FreeBSD job (eee4e805)
ci: use absolute path in `CMAKE_INSTALL_PREFIX` (74948816 #1247)
ci: boost mbedTLS build speed (236e79a1 #1245)
ci: add BoringSSL job (cmake, gcc, amd64) (c9dd3566 #1233)
ci: fixup FreeBSD version, bump mbedTLS (fea6664e #1217)
ci: add FreeBSD 13.2 job (a7d2a573 #1215)
ci: mbedTLS 3.5.0 (5e190442 #1202)
ci: update actions, use shallow clones with appveyor (d468a33f #1199)
ci: replace `mv` + `chmod` with `install` in `Dockerfile` (5754fed6 #1175)
ci: set file mode early in `appveyor_docker.yml` (633db55f)
ci: add spellcheck (codespell) (a79218d3)
ci: add MSYS builds (autotools and cmake) (d43b8d9b #1162)
ci: add Cygwin builds (autotools and cmake) (f1e96e73 #1161)
ci: add mingw-w64 UWP build (1215aa5f #1155 #1147)
ci: add missing timeout to 'autotools distcheck' step (6265ffdb)
ci: add non-static autotools i386 build, ignore GHA updates on AppVeyor \
(c6e137f7 #1074 #1072)
ci: prefer `=` operator in shell snippets (e5c03043 #1073)
ci: drop redundant/unused vars, sync var names (ab8e95bc #1059)
ci: add i386 Linux build (with mbedTLS) (abdf40c7 #1057 #1053)
ci/appveyor: reduce test runs (workaround for infrastructure permafails) \
(b5e68bdc #1461)
ci/appveyor: increase wait for SSH server on GHA (bf3af90b)
ci/appveyor: bump to OpenSSL 3.2.1 (53d9c1a6 #1363 #1348)
ci/appveyor: re-enable parallel mode (e190e5b2 #1294 #884 #867)
ci/appveyor: delete UWP job broken since Visual Studio upgrade (d0a7f1da #1275)
ci/appveyor: YAML/PowerShell formatting, shorten variable name (06fd721f #1200)
ci/appveyor: move to pure PowerShell (8a081fd9 #1197)
ci/GHA: revert concurrency and improve permissions (e4c042f6)
ci/GHA: FreeBSD 14.1, actions bump (ae04b1b9 #1424)
ci/GHA: fix wolfSSL-from-source AES-GCM tests (1c0b07a7 #1409 #1408)
ci/GHA: add Linux job with latest wolfSSL built from source (d4cea53f #1408 \
#1299 #1020)
ci/GHA: tidy up build-from-source steps (2c633033)
ci/GHA: show configure logs on failure and other tidy-ups (dab48398 #1403)
ci/GHA: bump parallel jobs to nproc+1 (6f3d3bc8 #1402)
ci/GHA: show test logs on failure (b8ffa7a5 #1401)
ci/GHA: fix `Dockerfile` failing after Ubuntu package update (839bb84e #1400)
ci/GHA: use ubuntu-latest with OmniOS job (50143d58)
ci/GHA: shell syntax tidy-up (3b23e039 #1390)
ci/GHA: bump NetBSD/OpenBSD, add NetBSD arm64 job (e980af72 #1388)
ci/GHA: tidy up wolfSSL autotools config on macOS (5953c1f1 #1383)
ci/GHA: shorter mbedTLS autotools workaround (736e3d7d #1382 #1381)
ci/GHA: fix gcrypt with autotools/macOS/Homebrew/ARM64 (ae2770de #1377)
ci/GHA: fix verbose option for autotools jobs (499b27ae #1376)
ci/GHA: dump `config.log` on failure for macOS autotools jobs (4fa69214 #1375)
ci/GHA: fix `autoreconf` failure on macOS/Homebrew (0b64b30b #1374)
ci/GHA: fixup Homebrew location (for ARM runners) (6128aee0 #1373)
ci/GHA: review/fixup auto-cancel settings (b08cfbc9 #1292)
ci/GHA: restore curly braces in `if` (36748270 #1145)
ci/GHA: simplify `if` strings (cab3db58 #1140)
cmake: sync and improve Find modules, add `pkg-config` native detection \
(45064137 #1445 #1420)
cmake: generate `LIBSSH2_PC_LIBS_PRIVATE` dynamically (c87f1296 #1466)
cmake: add comment about `ibssh2.pc.in` variables (14b1b9d0)
cmake: support absolute `CMAKE_INSTALL_INCLUDEDIR`/`CMAKE_INSTALL_LIBDIR` \
(d70cee36 #1465)
cmake: rename two variables and initialize them (0fce9dcc #1464)
cmake: prefer `find_dependency()` in `libssh2-config.cmake` (d9c2e550 #1460)
cmake: tidy up syntax, minor improvements (9d9ee780 #1446)
cmake: rename mbedTLS and wolfSSL Find modules (570de0f2)
cmake: fixup version detection in mbedTLS Find module (8e3c40b2 #1444)
cmake: mbedTLS detection tidy-ups (6d1d13c2 #1438)
cmake: add quotes, delete ending dirseps (2bb46d44 #1437 #1166)
cmake: sync formatting in `cmake/Find*` modules (a0310699)
cmake: tidy up function name casing in `CopyRuntimeDependencies.cmake` (03547cb8)
cmake: use the imported target of FindOpenSSL module (82b09f9b #1322)
cmake: rename picky warnings script (64d6789f #1225)
cmake: fix multiple include of libssh2 package (932d6a32 #1216)
cmake: show crypto backend in feature summary (20387285 #1211)
cmake: simplify showing CMake version (fc00bdd7 #1203)
cmake: cleanup mbedTLS version detection more (4c241d5c #1196 #1192)
cmake: delete duplicate `include()` (30eef0a6)
cmake: improve/fix mbedTLS detection (41594675 #1192 #1191)
cmake: tidy-up `foreach()` syntax (4a64ca14 #1180)
cmake: verify `libssh2_VERSION` in integration tests (a20572e9)
cmake: show cmake versions in ci (87f5769b)
cmake: quote more strings (e9c7d3af #1173)
cmake: add `ExternalProject` integration test (aeaefaf6 #1171)
cmake: add integration tests (8715c3d5 #1170)
cmake: (re-)add aliases for `add_subdirectory()` builds (4ff64ae3 #1169)
cmake: style tidy-up (3fa5282d #1166)
cmake: add `LIB_NAME` variable (5453fc80 #1159)
cmake: tidy-up concatenation in `CMAKE_MODULE_PATH` (ae7d5108 #1157)
cmake: replace `libssh2` literals with `PROJECT_NAME` variable (72fd2595 #1152)
cmake: fix `STREQUAL` check in error branch (42d3bf13 #1151)
cmake: cache more config values on Windows (11a03690 #1142)
cmake: streamline invocation (f58f77b5 #1138)
cmake: merge `set_target_properties()` calls (a9091007 #1132)
cmake: (re-)add zlib to `Libs.private` in `libssh2.pc` (64643018 #1131)
cmake: use `wolfssl/options.h` for detection, like autotools (c5ec6c49 #1130)
cmake: add openssl libs to `Libs.private` in `libssh2.pc` (5cfa59d3 #1127)
cmake: bump minimum CMake version to v3.7.0 (9cd18f45 #1126)
cmake: CMAKE_SOURCE_DIR -> PROJECT_SOURCE_DIR (0f396aa9 #1121)
cmake: tidy-ups (2fc36790 #1122)
cmake: re-add `Libssh2:libssh2` for compatibility + lowercase namespace \
(2da13c13 #1104 #731 #1103)
copyright: remove years from copyright headers (187d89bb #1082)
disable DSA by default (b7ab0faa #1435 #1433)
docs: update `INSTALL_AUTOTOOLS` (2f0efde3 #1316)
docs: replace SHA1 with SHA256 in CMake example (766bde9f)
example: restore `sys/time.h` for AIX (24503cb9 #1340 #1335 #1334 #1001 \
regr: e53aae0e)
example: use `libssh2_socket_t` in X11 example (3f60ccb7)
example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output \
messages (8d69e63d #1258 follow: 6c84a426)
example: fix regression in `ssh2_exec.c` (279a2e57 #1106 #861 #846 #1105 \
regr: b13936bd)
example, tests: call `WSACleanup()` for each `WSAStartup()` (94b6bad3 #1283)
example, tests: fix/silence `-Wformat-truncation=2` gcc warnings (744e059f)
hostkey: do not advertise ssh-rsa when SHA1 is disabled (82d1b8ff #1093 #1092)
kex: prevent possible double free of hostkey (b3465418 #1452)
kex: always check for null pointers before calling _libssh2_bn_set_word \
(9f23a3bb #1423)
kex: fix a memory leak in key exchange (19101843 #1412 #1404)
kex: always add extension indicators to kex_algorithms (00e2a07e #1327 #1326)
libssh2.h: add deprecated function warnings (9839ebe5 #1289 #1260)
libssh2.h: add portable `LIBSSH2_SOCKET_CLOSE()` macro (28dbf016 #1278)
libssh2.h: use `_WIN32` for Windows detection instead of rolling our own \
(631e7734 #1238)
libssh2.pc: reference mbedcrypto pkgconfig (c149a127 #1405)
libssh2.pc: re-add & extend support for static-only libssh2 builds \
(624abe27 #1119 #1114)
libssh2.pc: don't put `@LIBS@` in pc file (1209c16d)
mac: add empty hash functions for `mac_method_hmac_aesgcm` to not crash when \
e.g. setting `LIBSSH2_METHOD_CRYPT_CS` (b2738391 #1321)
mac: handle low-level errors (f64885b6 #1297)
Makefile.mk: delete Windows-focused raw GNU Make build (43485579 #1204)
maketgz: reproducible tarballs/zip, display tarball hashes (d52fe1b4 #1357 #1359)
maketgz: `set -eu`, reproducibility, improve zip, add CI test (cba7f975 #1353)
man: improve `libssh2_userauth_publickey_from*` manpages (581b72aa #1347 \
#1308 #652)
man: fix double spaces and dash escaping (a3ffc422 #1210)
man: add description to `libssh2_session_get_blocking.3` (67e39091 #1185)
mbedtls: always init ECDSA mbedtls_pk_context (a50d7deb #1430)
mbedtls: correctly initialize values (ECDSA) (1701d5c0 #1428 #1421)
mbedtls: expose `mbedtls_pk_load_file()` for our use (1628f6ca #1421 #1393 \
#1349 follow: e973493f)
mbedtls: add workaround + FIXME to build with 3.6.0 (2e4c5ec4 #1349)
mbedtls: improve disabling `-Wredundant-decls` (ecec68a2 #1226 #1224)
mbedtls: include `version.h` for `MBEDTLS_VERSION_NUMBER` (9d7bc253 #1095 #1094)
mbedtls: use more `size_t` to sync up with `crypto.h` (1153ebde #1054 #879 \
#846 #1053)
md5: allow disabling old-style encrypted private keys at build-time \
(eb9f9de2 #1181)
mingw: fix printf mask for 64-bit integers (36c1e1d1 #1091 #876 #846 #1090)
misc: flatten `_libssh2_explicit_zero` if tree (74e74288 #1149)
NMakefile: delete (c515eed3 #1134 #1129)
openssl: free allocated resources when using openssl3 (b942bad1 #1459)
openssl: fix memory leaks in `_libssh2_ecdsa_curve_name_with_octal_new` and \
`_libssh2_ecdsa_verify` (8d3bc19b #1449)
openssl: fix calculating DSA public key with OpenSSL 3 (8b3c6e9d #1380)
openssl: initialize BIGNUMs to NULL in `gen_publickey_from_dsa` for OpenSSL \
3 (f1133c75 #1320)
openssl: fix cppcheck found NULL dereferences (f2945905 #1304)
openssl: delete internal `read_openssh_private_key_from_memory()` (34aff5ff \
#1306)
openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job (363dcbf4 #1243 \
#1235 #1207)
openssl: make a function static, add `#ifdef` comments (efee9133 #1246 #248 \
follow: 03092292)
openssl: fix DSA code to use OpenSSL 3 API (82581941 #1244 #1207)
openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build \
(487152f4 #1236 #1235 #1207)
openssl: use non-deprecated APIs with OpenSSL 3.x (b0ab005f #1207)
openssl: silence `-Wunused-value` warnings (bf285500 #1205)
openssl: use automatic initialization with LibreSSL 2.7.0+ (d79047c9 #1146 #302)
openssl: add missing check for `LIBRESSL_VERSION_NUMBER` before use \
(4a42f42e #1117 #1115)
os400: drop vsprintf() use (40e817ff #1462 #1457)
os400: Add two recent files to the distribution (e4c65e5b #1364)
os400: fix shellcheck warnings in scripts (fixups) (81341e1e #1366 #1364 #1358)
os400: fix shellcheck warnings in scripts (c6625707 #1358)
os400: maintain up to date (8457c37a #1309)
packet: properly bounds check packet_authagent_open() (88a960a8 #1179)
pem: fix private keys encrypted with AES-GCM methods (e87bdefa #1133)
reuse: upgrade to `REUSE.toml` (70b8bf31 #1419)
reuse: fix duplicate copyright warning (b9a4ed83)
reuse: comply with 3.1 spec and 2.0.0 checker (fe6239a1 #1102 #1101 #1098)
reuse: provide SPDX identifiers (f6aa31f4 #1084)
scp: fix missing cast for targets without large file support (c317e06f #1060 \
#1057 #1002 regr: 5db836b2)
session: support server banners up to 8192 bytes (was: 256) (1a9e8811 #1443 \
#1442)
session: add `libssh2_session_callback_set2()` (c0f69548 #1285)
session: handle EINTR from send/recv/poll/select to try again as the error \
is not fatal (798ed4a7 #1058 #955)
sftp: increase SFTP_HANDLE_MAXLEN back to 4092 (75de6a37 #1422)
sftp: implement posix-rename@openssh.com (fb652746 #1386)
src: implement chacha20-poly1305@openssh.com (492bc543 #1426 #584)
src: use `UINT32_MAX` (dc206408 #1413)
src: fix type warning in `libssh2_sftp_unlink` macro (ac2e8c73 #1406)
src: check the return value from `_libssh2_bn_*()` functions (95c824d5 #1354)
src: support RSA-SHA2 cert-based authentication (rsa-sha2-512_cert and \
rsa-sha2-256_cert) (3a6ab70d #1314)
src: check hash update/final success (4718ede4 #1303 #1301)
src: check hash init success (2ed9eb92 #1301)
src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" \
(d34d9258 #1291 #1290)
src: disable `-Wsign-conversion` warnings, add option to re-enable (6e451669 \
#1284 #1257)
src: fix gcc 13 `-Wconversion` warning on Darwin (8cca7b77 #1209 follow: \
08354e0a)
src: drop a redundant `#include` (1f0174d0 #1153)
src: improve MSVC C4701 warning fix (8b924999 #1086 #876 #1083)
src: bump `hash_len` to `size_t` in `LIBSSH2_HOSTKEY_METHOD` (8b917d76 #1076)
src: bump DSA and ECDSA sign `hash_len` to `size_t` (7b8e0225 #1055)
tests: avoid using `MAXPATHLEN`, for portability (12427f4f #1415 #198 #1414)
tests: fix excluding AES-GCM tests (fbd9d192 #1410)
tests: drop default cygpath option `-u` (38e50aa0)
tests: fix shellcheck issues in `test_sshd.test` (a2ac8c55)
tests: sync port number type with the rest of codebase (eb996af8)
tests: fall back to `$LOGNAME` for username (5326a5ce #1241 #1240)
tests: show cmake version used in integration tests (2cd2f40e #1201)
tests: formatting and tidy-ups (e61987a3)
tests: replace FIXME with comments (1a99a86a)
tests: add aes256-gcm encrypted key test (802336cf #1135 #1133)
tests: trap signals in scripts (b2916b28 #1098)
tests: cast to avoid `-Wchar-subscripts` with Cygwin (43df6a46 #1081 #1080)
test_read: make it run without Docker (57e9d18e #1139)
test_sshd.test: show sshd and test connect logs on harness failure (299c2040 \
#1097)
test_sshd.test: set a safe PID directory (e8cabdcf #1089)
test_sshd.test: minor cleanups (d29eea1d)
tidy-up: link updates (c905bfd2 #1434)
tidy-up: typo in comment (792e1b6f)
tidy-up: fix typo found by codespell (706ec36d)
tidy-up: bump casts from int to long for large C99 types in printfs \
(2e5a8719 #1264 #1257)
tidy-up: `unsigned` -> `unsigned int` (b136c379)
tidy-up: stop using leading underscores in macro names (c6589b88 #1248)
tidy-up: around `stdint.h` (bfa00f1b #1212)
tidy-up: fix typo in `readme.vms` (a9a79e7a)
tidy-up: use built-in `_WIN32` macro to detect Windows (6fbc9505 #1195)
tidy-up: drop `www.` from `www.libssh2.org` (6e3e8839 #1172)
tidy-up: delete duplicate word from comment (76307435)
tidy-up: avoid exclamations, prefer single quotes, in outputs (003fb454 #1079)
TODO: disable or drop weak algos (0b4bdc85 #1261)
transport: fix unstable connections over non-blocking sockets (de004875 \
#1454 #720 #1431 #1397)
transport: check ETM on remote end when receiving (bde10825 #1332 #1331)
transport: fix incorrect byte offset in debug message (2388a3aa #1096)
userauth: avoid oob with huge interactive kbd response (f3a85cad #1337)
userauth: add a new structure to separate memory read and file read \
(63b4c20e #773)
userauth: check whether `*key_method` is a NULL pointer instead of \
`key_method` (bec57c40)
wincng: fix `DH_GEX_MAXGROUP` set higher than supported (48584671 #1372 #493)
wincng: add to ci/GHA, add `./configure` option `--enable-ecdsa-wincng` \
(3f98bfb0 #1368 #1315)
wincng: add ECDSA support for host and user authentication (3e723437 #1315)
wincng: prefer `ULONG`/`DWORD` over `unsigned long` (186c1d63 #1165)
wincng: tidy-ups (7bb669b5 #1164)
wolfssl: drop header path hack (8ae1b2d7 #1439)
wolfssl: fix `EVP_Cipher()` use with v5.6.0 and older (a5b0fac2 #1407 #1394 \
#797 #1299 #1020)
wolfssl: bump version in upstream issue comment (5cab802c)
wolfssl: require v5.4.0 for AES-GCM (260a721c #1411 #1299 #1020)
wolfssl: enable debug logging in wolfSSL when compiled in (76e7a68a #1310)
Files: