Commit graph

29 commits

Author SHA1 Message Date
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
adam
a8f2415e77 libssh2: updated to 1.10.0
libssh2 1.10

This release includes the following enhancements and bugfixes:

 o adds agent forwarding support
 o adds OpenSSH Agent support on Windows
 o adds ECDSA key support using the Mbed TLS backend
 o adds ECDSA cert authentication
 o adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512,
   diffie-hellman-group18-sha512 key exchanges
 o adds support for PKIX key reading when using ed25519 with OpenSSL
 o adds support for EWOULDBLOCK on VMS systems
 o adds support for building with OpenSSL 3
 o adds support for using FIPS mode in OpenSSL
 o adds debug symbols when building with MSVC
 o adds support for building on the 3DS
 o adds unicode build support on Windows
 o restores os400 building
 o increases min, max and opt Diffie Hellman group values
 o improves portiablity of the make file
 o improves timeout behavior with 2FA keyboard auth
 o various improvements to the Wincng backend
 o fixes reading parital packet replies when using an agent
 o fixes Diffie Hellman key exchange on Windows 1903+ builds
 o fixes building tests with older versions of OpenSSL
 o fixes possible multiple definition warnings
 o fixes potential cast issues _libssh2_ecdsa_key_get_curve_type()
 o fixes potential use after free if libssh2_init() is called twice
 o improved linking when using Mbed TLS
 o fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
 o fixes crash when loading public keys with no id
 o fixes possible out of bounds read when exchanging keys
 o fixes possible out of bounds read when reading packets
 o fixes possible out of bounds read when opening an X11 connection
 o fixes possible out of bounds read when ecdh host keys
 o fixes possible hang when trying to read a disconnected socket
 o fixes a crash when using the delayed compression option
 o fixes read error with large known host entries
 o fixes various warnings
 o fixes various small memory leaks
 o improved error handling, various detailed errors will now be reported
 o builds are now using OSS-Fuzz
 o builds now use autoreconf instead of a custom build script
 o cmake now respects install directory
 o improved CI backend
 o updated HACKING-CRYPTO documentation
 o use markdown file extensions
 o improved unit tests
2021-08-30 16:43:19 +00:00
rillig
e534812ab2 security/libssh2: remove unknown configure options 2020-05-10 17:27:27 +00:00
wiz
9a8a7e8d91 libssh2: add upstream bug report 2020-03-12 17:46:22 +00:00
wiz
f78c83d35b libssh2: fix unportable test(1) operator in Makefile.in
Skip check for Makefile.am.
2020-03-12 17:28:10 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
nia
52de89943a libssh2: Don't build examples, they're not installed anyway. 2019-07-21 08:18:53 +00:00
nia
1cc05d818a libssh2: Update to 1.9.0
Changes:
- adds ECDSA keys and host key support when using OpenSSL
- adds ED25519 key and host key support when using OpenSSL 1.1.1
- adds OpenSSH style key file reading
- adds AES CTR mode support when using WinCNG
- adds PEM passphrase protected file support for Libgcrypt and WinCNG
- adds SHA256 hostkey fingerprint
- adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
- adds explicit zeroing of sensitive data in memory
- adds additional bounds checks to network buffer reads
- adds the ability to use the server default permissions when creating sftp directories
- adds support for building with OpenSSL no engine flag
- adds support for building with LibreSSL
- increased sftp packet size to 256k
- fixed oversized packet handling in sftp
- fixed building with OpenSSL 1.1
- fixed a possible crash if sftp stat gets an unexpected response
- fixed incorrect parsing of the KEX preference string value
- fixed conditional RSA and AES-CTR support
- fixed a small memory leak during the key exchange process
- fixed a possible memory leak of the ssh banner string
- fixed various small memory leaks in the backends
- fixed possible out of bounds read when parsing public keys from the server
- fixed possible out of bounds read when parsing invalid PEM files
- no longer null terminates the scp remote exec command
- now handle errors when diffie hellman key pair generation fails
- fixed compiling on Windows with the flag STDCALL=ON
- improved building instructions
- improved unit tests
2019-07-09 10:42:59 +00:00
wiz
d2f359ecda libssh2: update to 1.8.2.
Version 1.8.2 (25 Mar 2019)

Daniel Stenberg (25 Mar 2019)
- RELEASE-NOTES: version 1.8.2

- [Will Cosgrove brought this change]

  moved MAX size declarations #330

- [Will Cosgrove brought this change]

  Fixed misapplied patch (#327)

  Fixes for user auth
2019-04-01 14:21:14 +00:00
wiz
c6c82175af libssh2: update to 1.8.1.
Version 1.8.1 (14 Mar 2019)

Will Cosgrove (14 Mar 2019)
- [Michael Buckley brought this change]

  More 1.8.0 security fixes (#316)

  * Defend against possible integer overflows in comp_method_zlib_decomp.

  * Defend against writing beyond the end of the payload in _libssh2_transport_read().

  * Sanitize padding_length - _libssh2_transport_read(). https://libssh2.org/CVE-2019-3861.html

  This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.

  * Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. https://libssh2.org/CVE-2019-3858.html

  * Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.

  * Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. https://libssh2.org/CVE-2019-3860.html

  * Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). https://libssh2.org/CVE-2019-3862.html

GitHub (14 Mar 2019)
- [Will Cosgrove brought this change]

  1.8 Security fixes (#314)

  * fixed possible integer overflow in packet_length

  CVE https://www.libssh2.org/CVE-2019-3861.html

  * fixed possible interger overflow with userauth_keyboard_interactive

  CVE https://www.libssh2.org/CVE-2019-3856.html

  * fixed possible out zero byte/incorrect bounds allocation

  CVE https://www.libssh2.org/CVE-2019-3857.html

  * bounds checks for response packets

  * fixed integer overflow in userauth_keyboard_interactive

  CVE https://www.libssh2.org/CVE-2019-3863.html
2019-03-25 22:52:15 +00:00
wiz
cdff4fe8ee Updated libssh2 to 1.8.0.
Version 1.8.0 (25 Oct 2016)

Daniel Stenberg (25 Oct 2016)
- RELEASE-NOTES: adjusted for 1.8.0

Kamil Dudka (20 Oct 2016)
- Revert "aes: the init function fails when OpenSSL has AES support"

  This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864
  because it caused the compatibility code to call initialization routines
  redundantly, leading to memory leakage with OpenSSL 1.1 and broken curl
  test-suite in Fedora:

  88 bytes in 1 blocks are definitely lost in loss record 5 of 8
     at 0x4C2DB8D: malloc (vg_replace_malloc.c:299)
     by 0x72C607D: CRYPTO_zalloc (mem.c:100)
     by 0x72A2480: EVP_CIPHER_meth_new (cmeth_lib.c:18)
     by 0x4E5A550: make_ctr_evp.isra.0 (openssl.c:407)
     by 0x4E5A8E8: _libssh2_init_aes_ctr (openssl.c:471)
     by 0x4E5BB5A: libssh2_init (global.c:49)

Daniel Stenberg (19 Oct 2016)
- [Charles Collicutt brought this change]

  libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds (#134)

  Fixes #74

- [Charles Collicutt brought this change]

  Set err_msg on _libssh2_wait_socket errors (#135)

- Revert "travis: Test mbedtls too"

  This reverts commit 3e6de50a24815e72ec5597947f1831f6083b7da8.

  Travis doesn't seem to support the mbedtls-dev package

- maketgz: support "only" to only update version number locally

  and fix the date output locale

- configure: make the --with-* options override the OpenSSL default

  ... previously it would default to OpenSSL even with the --with-[crypto]
  options used unless you specificly disabled OpenSSL. Now, enabling another
  backend will automatically disable OpenSSL if the other one is found.

- [Keno Fischer brought this change]

  docs: Add documentation on new cmake/configure options

- [Keno Fischer brought this change]

  configure: Add support for building with mbedtls

- [wildart brought this change]

  travis: Test mbedtls too

- [wildart brought this change]

  crypto: add support for the mbedTLS backend

  Closes #132

- [wildart brought this change]

  cmake: Add CLEAR_MEMORY option, analogously to that for autoconf

- README.md: fix link typo

- README: markdown version to look nicer on github

Viktor Szakats (5 Sep 2016)
- [Taylor Holberton brought this change]

  openssl: add OpenSSL 1.1.0 compatibility

Daniel Stenberg (4 Sep 2016)
- [Antenore Gatta brought this change]

  tests: HAVE_NETINET_IN_H was not defined correctly (#127)

  Fixes #125

- SECURITY: fix web site typo

- SECURITY: security process

GitHub (14 Aug 2016)
- [Alexander Lamaison brought this change]

  Basic dockerised test suite.

  This introduces a test suite for libssh2. It runs OpenSSH in a Docker
  container because that works well on Windows (via docker-machine) as
  well as Linux. Presumably it works on Mac too with docker-machine, but
  I've not tested that.

  Because the test suite is docker-machine aware, you can also run it
  against a cloud provider, for more realistic network testing, by setting
  your cloud provider as your active docker machine. The Appveyor CI setup
  in this commit does that because Appveyor doesn't support docker
  locally.

Kamil Dudka (3 Aug 2016)
- [Viktor Szakats brought this change]

  misc.c: Delete unused static variables

  Closes #114

Daniel Stenberg (9 Apr 2016)
- [Will Cosgrove brought this change]

  Merge pull request #103 from willco007/patch-2

  Fix for security issue CVE-2016-0787

Alexander Lamaison (2 Apr 2016)
- [Zenju brought this change]

  Fix MSVC 14 compilation errors

  For _MSC_VER == 1900 these macros are not needed and create problems:



  1>C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1925): warning C4005: 'snprintf': macro redefinition (compiling source file libssh2-files\src\mac.c)

  1> \win32\libssh2_config.h(27): note: see previous definition of 'snprintf' (compiling source file libssh2-files\src\mac.c)

  1>C:\Program Files (x86)\Windows Kits\10\Include\10.0.10240.0\ucrt\stdio.h(1927): fatal error C1189: #error: Macro definition of snprintf conflicts with Standard Library function declaration (compiling source file libssh2-files\src\mac.c)

Daniel Stenberg (26 Mar 2016)
- [Brad Harder brought this change]

  _libssh2_channel_open: speeling error fixed in channel error message

Alexander Lamaison (15 Mar 2016)
- Link with crypt32.lib on Windows.

  Makes linking with static OpenSSL work again.  Although it's not
  required for dynamic OpenSSL, it does no harm.

  Fixes #98.

- [Craig A. Berry brought this change]

  Tweak VMS help file building.

  Primarily this is handling cases where top-level files moved into
  the docs/ directory.  I also corrected a typo and removed the
  claim that libssh2 is public domain.

- [Craig A. Berry brought this change]

  Build with standard stat structure on VMS.

  This gets us large file support, is available on any VMS release
  in the last decade and more, and gives stat other modern features
  such as 64-bit ino_t.

- [Craig A. Berry brought this change]

  Update vms/libssh2_config.h.

  VMS does have stdlib.h, gettimeofday(), and OpenSSL.  The latter
  is appropriate to hard-wire in the configuration because it's
  installed by default as part of the base operating system and
  there is currently no libgcrypt port.

- [Craig A. Berry brought this change]

  VMS can't use %zd for off_t format.

  %z is a C99-ism that VMS doesn't currently have; even though the
  compiler is C99-compliant, the library isn't quite.  The off_t used
  for the st_size element of the stat can be 32-bit or 64-bit, so
  detect what we've got and pick a format accordingly.

- [Craig A. Berry brought this change]

  Normalize line endings in libssh2_sftp_get_channel.3.

  Somehow it got Windows-style CRLF endings so convert to just LF,
  for consistency as well as not to confuse tools that will regard
  the \r as content (e.g. the OpenVMS help librarian).

Dan Fandrich (29 Feb 2016)
- libgcrypt: Fixed a NULL pointer dereference on OOM

Daniel Stenberg (24 Feb 2016)
- [Viktor Szakats brought this change]

  url updates, HTTP => HTTPS

  Closes #87

Dan Fandrich (23 Feb 2016)
- RELEASE-NOTES: removed some duplicated names
2016-10-31 16:18:02 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
wiz
547e3271ef Update libssh2 to 1.7.0.
Changes:

    libssh2_session_set_last_error: Add function
    mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
    WinCNG: support for SHA256/512 HMAC
    kex: Added diffie-hellman-group-exchange-sha256 support
    OS/400 crypto library QC3 support

Bug fixes:

    diffie_hellman_sha256: convert bytes to bits CVE-2016-0787
    SFTP: Increase speed and datasize in SFTP read
    openssl: make libssh2_sha1 return error code
    openssl: fix memleak in _libssh2_dsa_sha1_verify()
    cmake: include CMake files in the release tarballs
    Fix builds with Visual Studio 2015
    hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
    GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS
    GNUmakefile: add -m64 CFLAGS when targeting mingw64
    kex: free server host key before allocating it (again)
    SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows
    channel: Detect bad usage of libssh2_channel_process_startup
    userauth: Fix off by one error when reading public key file
    kex: removed dupe entry from libssh2_kex_methods
    _libssh2_error: Support allocating the error message
    hostkey: fix invalid memory access if libssh2_dsa_new fails
    hostkey: align code path of ssh_rsa_init to ssh_dss_init
    libssh2.pc.in: fix the output of pkg-config --libs
    wincng: fixed possible memory leak in _libssh2_wincng_hash
    wincng: fixed _libssh2_wincng_hash_final return value
    add OpenSSL 1.1.0-pre2 compatibility
    agent_disconnect_unix: unset the agent fd after closing it
    sftp: stop reading when buffer is full
    sftp: Send at least one read request before reading
    sftp: Don't return EAGAIN if data was written to buffer
    sftp: Check read packet file offset
    configure: build "silent" if possible
    openssl: add OpenSSL 1.1.0-pre3-dev compatibility
    GNUmakefile: list system libs after user libs
2016-02-23 22:47:18 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
nros
515d5038fe Updated libssh2 to version 1.6.0.
Changelog:

Changes:

    Added libssh2_userauth_publickey_frommemory()

Bug fixes:

    wait_socket: wrong use of difftime()
    userauth: Fixed prompt text no longer being copied to the prompts struct
    mingw build: allow to pass custom CFLAGS
    Let mansyntax.sh work regardless of where it is called from
    Init HMAC_CTX before using it
    direct_tcpip: Fixed channel write
    WinCNG: fixed backend breakage
    OpenSSL: caused by introducing libssh2_hmac_ctx_init
    userauth.c: fix possible dereferences of a null pointer
    wincng: Added explicit clear memory feature to WinCNG backend
    openssl.c: fix possible segfault in case EVP_DigestInit fails
    wincng: fix return code of libssh2_md5_init()
    kex: do not ignore failure of libssh2_sha1_init()
    scp: fix that scp_send may transmit not initialised memory
    scp.c: improved command length calculation
    nonblocking examples: fix warning about unused tvdiff on Mac OS X
    configure: make clear-memory default but WARN if backend unsupported
    OpenSSL: Enable use of OpenSSL that doesn't have DSA
    OpenSSL: Use correct no-blowfish #define
    kex: fix libgcrypt memory leaks of bignum
    libssh2_channel_open: more detailed error message
    wincng: fixed memleak in (block) cipher destructor
2015-07-26 17:15:34 +00:00
nros
5f4c38a761 Update libssh2 to 1.5.0 to address CVE-2015-1782.
http://www.libssh2.org/adv_20150311.html

Set LICENSE.

Changelog:

This release includes the following changes:

 o Added Windows Cryptography API: Next Generation based backend

This release includes the following bugfixes:

 o Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded
 o missing _libssh2_error in _libssh2_channel_write
 o knownhost: Fix DSS keys being detected as unknown.
 o knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer.
 o libssh2.h: on Windows, a socket is of type SOCKET, not int
 o libssh2_priv.h: a 1 bit bit-field should be unsigned
 o windows build: do not export externals from static library
 o Fixed two potential use-after-frees of the payload buffer
 o Fixed a few memory leaks in error paths
 o userauth: Fixed an attempt to free from stack on error
 o agent_list_identities: Fixed memory leak on OOM
 o knownhosts: Abort if the hosts buffer is too small
 o sftp_close_handle: ensure the handle is always closed
 o channel_close: Close the channel even in the case of errors
 o docs: added missing libssh2_session_handshake.3 file
 o docs: fixed a bunch of typos
 o userauth_password: pass on the underlying error code
 o _libssh2_channel_forward_cancel: accessed struct after free
 o _libssh2_packet_add: avoid using uninitialized memory
 o _libssh2_channel_forward_cancel: avoid memory leaks on error
 o _libssh2_channel_write: client spins on write when window full
 o windows build: fix build errors
 o publickey_packet_receive: avoid junk in returned pointers
 o channel_receive_window_adjust: store windows size always
 o userauth_hostbased_fromfile: zero assign to avoid uninitialized use
 o configure: change LIBS not LDFLAGS when checking for libs
 o agent_connect_unix: make sure there's a trailing zero
 o MinGW build: Fixed redefine warnings.
 o sftpdir.c: added authentication method detection.
 o Watcom build: added support for WinCNG build.
 o configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
 o sftp_statvfs: fix for servers not supporting statfvs extension
 o knownhost.c: use LIBSSH2_FREE macro instead of free
 o Fixed compilation using mingw-w64
 o knownhost.c: fixed that 'key_type_len' may be used uninitialized
 o configure: Display individual crypto backends on separate lines
 o examples on Windows: check for WSAStartup return code
 o examples on Windows: check for socket return code
 o agent.c: check return code of MapViewOfFile
 o kex.c: fix possible NULL pointer de-reference with session->kex
 o packet.c: fix possible NULL pointer de-reference within listen_state
 o tests on Windows: check for WSAStartup return code
 o userauth.c: improve readability and clarity of for-loops
 o examples on Windows: use native SOCKET-type instead of int
 o packet.c: i < 256 was always true and i would overflow to 0
 o kex.c: make sure mlist is not set to NULL
 o session.c: check return value of session_nonblock in debug mode
 o session.c: check return value of session_nonblock during startup
 o userauth.c: make sure that sp_len is positive and avoid overflows
 o knownhost.c: fix use of uninitialized argument variable wrote
 o openssl: initialise the digest context before calling EVP_DigestInit()
 o libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET
 o configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib
 o configure.ac: Rework crypto library detection
 o configure.ac: Reorder --with-* options in --help output
 o configure.ac: Call zlib zlib and not libz in text but keep option names
 o Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro
 o sftp: seek: Don't flush buffers on same offset
 o sftp: statvfs: Along error path, reset the correct 'state' variable.
 o sftp: Add support for fsync (OpenSSH extension).
 o _libssh2_channel_read: fix data drop when out of window
 o comp_method_zlib_decomp: Improve buffer growing algorithm
 o _libssh2_channel_read: Honour window_size_initial
 o window_size: redid window handling for flow control reasons
 o knownhosts: handle unknown key types
2015-03-23 09:14:53 +00:00
schnoebe
24c0e575f3 Update to 1.4.3:
Changelog:
Version 1.4.3 - November 27 2012

libssh2 1.4.3 GPG sig (685712 bytes)

Changes:

    compression: add support for zlib@openssh.com

Bug fixes:

    sftp_read: return error if a too large package arrives
    libssh2_hostkey_hash.3: update the description of return value
    Fixed MSVC NMakefile
    examples: use stderr for messages, stdout for data
    openssl: do not leak memory when handling errors
    improved handling of disabled MD5 algorithm in OpenSSL
    known_hosts: Fail when parsing unknown keys in known_hosts file
    configure: gcrypt doesn't come with pkg-config support
    session_free: wrong variable used for keeping state
    libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
    comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating

Version 1.4.2 - May 18 2012

libssh2 1.4.2 GPG sig (679992 bytes)

Bug fixes:

    Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner
    userauth.c: fread() from public key file to correctly detect any
errors
    configure.ac: Add option to disable build of the example
applications
    Added 'Requires.private:' line to libssh2.pc
    SFTP: filter off incoming "zombie" responses
    gettimeofday: no need for a replacement under cygwin
    SSH_MSG_CHANNEL_REQUEST: default to want_reply
    win32/libssh2_config.h: Remove hardcoded #define LIBSSH2_HAVE_ZLIB

Version 1.4.1 - April 4 2012

libssh2 1.4.1 GPG sig (658507 bytes)

Bug fixes:

    build error with gcrypt backend
    always do "forced" window updates to avoid corner case stalls
    aes: the init function fails when OpenSSL has AES support
    transport_send: Finish in-progress key exchange before sending data
    channel_write: acknowledge transport errors
    examples/x11.c: Make sure sizeof passed to read operation is correct
    examples/x11.c:,Fix suspicious sizeof usage
    sftp_packet_add: verify the packet before accepting it
    SFTP: preserve the original error code more
    sftp_packet_read: adjust window size as necessary
    Use safer snprintf rather then sprintf in several places
    Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
    sftp_write: cannot return acked data *and* EAGAIN
    sftp_read: avoid data *and* EAGAIN
    libssh2.h: Add missing prototype for libssh2_session_banner_set()

Version 1.4.0 - January 31 2012

libssh2 1.4.0 GPG sig (653514 bytes)

Changes:

    Added libssh2_session_supported_algs()
    Added libssh2_session_banner_get()
    Added libssh2_sftp_get_channel()
    libssh2.h: bump the default window size to 256K

Bug fixes:

    sftp-seek: clear EOF flag
    userauth: Provide more informations if ssh pub key extraction fails
    ssh2_exec: skip error outputs for EAGAIN
    LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000
    knownhost_check(): Don't dereference ext if NULL is passed
    knownhost_add: Avoid dereferencing uninitialized memory on error
path
    OpenSSL EVP: fix threaded use of structs
    _libssh2_channel_read: react on errors from receive_window_adjust
    sftp_read: cap the read ahead maximum amount
    _libssh2_channel_read: fix non-blocking window adjusting

Version 1.3.0 - September 6 2011

libssh2 1.3.0 GPG sig (639262 bytes)

Changes:

    Added custom callbacks for performing low level socket I/O

Bug fixes:

    sftp_read: advance offset correctly for buffered copies
    libssh2_sftp_seek64: flush packetlist and buffered data
    _libssh2_packet_add: adjust window size when truncating
    sftp_read: a short read is not end of file

Version 1.2.9 - August 16 2011

libssh2 1.2.9 GPG sig (642150 bytes)

Changes:

    Added libssh2_session_set_timeout() and
libssh2_session_get_timeout() to make blocking calls get a timeout

Bug fixes:

    configure and pkg-config: fix $VERSION
    s/\.NF/.nf/ to fix wrong macro name caught by man --warnings
    keepalive: add first basic man pages
    sftp_write: flush the packetlist on error
    sftp_write: clean offsets on error
    msvcproj: added libs and debug stuff
    SCP: fix incorrect error code
    session_startup: init state properly
    sftp_write_sliding: send the complete file
    userauth_keyboard_interactive: skip code on zero length auth
    _libssh2_wait_socket: fix timeouts for poll() uses
    agent_list_identities: fix out of scope access
    _libssh2_recv(): handle ENOENT error as EAGAIN
    userauth_keyboard_interactive: fix buffer overflow
    removed man pages for non-existing functions!
    gettimeofday: fix name space pollution
    _libssh2_channel_write: handle window_size == 0 better

Version 1.2.8 - April 5 2011

libssh2 1.2.8 GPG sig (637707 bytes)

Changes:

    added libssh2_free, libssh2_channel_get_exit_signal and
libssh2_session_handshake
    SFTP read/write remade and now MUCH faster, especially on high
latency connections
    added new examples: ssh2_echo.c, sftp_append.c and
sftp_write_sliding.c
    userauth: derive publickey from private
    NEWS: now generated from git

Bug fixes:

    Support unlimited number of host names in a single line of the
known_hosts file.
    fix memory leak in userauth_keyboard_interactive()
    fix memory leaks (two times cipher_data) for each sftp session
    session_startup: manage server data before server identification
    SCP: allow file names with bytes > 126
    scp_recv: improved treatment of channel_read() returning zero
    libssh2_userauth_authenticated: make it work as documented
    variable size cleanup: match internal variable sizes better with the
sizes of the fields used on the wire
    channel_request_pty_size: fix reqPTY_state
    sftp_symlink: return error if receive buffer too small
    sftp_readdir: return error if buffer is too small
    libssh2_knownhost_readfile.3: clarify return value
    configure: stop using the deprecated AM_INIT_AUTOMAKE syntax
    Fixed Win32 makefile which was now broken at resource build
    kex_agree_hostkey: fix NULL pointer derefence
    _libssh2_ntohu64: fix conversion from network bytes to uint64
    ssize_t: proper typedef with MSVC compilers
    zlib: Add debug tracing of zlib errors
    decomp: increase decompression buffer sizes

Version 1.2.7 - August 17 2010

libssh2 1.2.7 GPG sig (583105 bytes)

Changes:

    Added Watcom makefile

Bug fixes:

    Better handling of invalid key files
    inputchecks: make lots of API functions check for NULL pointers
    libssh2_session_callback_set: extended the man page
    SFTP: limit write() to not produce overly large packets
    agent: make libssh2_agent_userauth() work blocking properly
    _libssh2_userauth_publickey: reject method names longer than the
data
    channel_free: ignore problems with channel_close()
    typedef: make ssize_t get typedef without LIBSSH2_WIN32
    _libssh2_wait_socket: poll needs milliseconds
    libssh2_wait_socket: reset error code to "leak" EAGAIN less
    Added include for sys/select.h to get fd.set on some platforms
    session_free: free more data to avoid memory leaks
    openssl: make use of the EVP interface
    Fix underscore typo for 64-bit printf format specifiers on Windows
    Make libssh2_debug() create a correctly terminated string
    userauth_hostbased_fromfile: packet length too short
    handshake: Compression enabled at the wrong time
    Don't overflow MD5 server hostkey

Version 1.2.6 - June 10 2010

libssh2 1.2.6 GPG sig (579590 bytes)

Changes:

    Added libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs()
    Added libssh2_knownhost_checkp()
    Added libssh2_scp_send64()

Bug fixes:

    wait_socket: make c89 compliant and use two fd_sets for select()
    OpenSSL AES-128-CTR detection
    proper keyboard-interactive user dialog in the sftp.c example
    build procedure for VMS
    fixed libssh2.dsw to use the generated libssh2.dsp
    several Windows-related build fixes
    fail to init SFTP if session isn't already authenticated
    many tiny fixes that address clang-analyzer warnings
    sftp_open: deal with short channel_write calls
    libssh2_publickey_init: fixed to work better non-blocking
    sftp_close_handle: add precation to not access NULL pointer
    sftp_readdir: simplified and bugfixed
    channel_write: if data has been sent, don't return EAGAIN

Version 1.2.5 - April 13 2010

libssh2 1.2.5 GPG sig (559553 bytes)

Changes:

    Added Add keep-alive support: libssh2_keepalive_config() and
libssh2_keepalive_send()
    Added libssh2_knownhost_addc(), libssh2_init() and libssh2_exit()
    Added LIBSSH2_SFTP_S_IS***() macros

Bug fixes:

    fix memory leak in libssh2_session_startup()
    added missing error codes - shown as hangs in blocking mode
    fix memory leak in userauth_keyboard_interactive()
    libssh2_knownhost_del: fix write to freed memory
    Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE
    Use AES-CTR from OpenSSL when available
    Fixed gettimeofday to compile with Visual C++ 6
    NULL dereference when window adjusting a non-existing channel
    avoid using poll on interix and mac os x systems
    fix scp memory leak
    Correctly clear blocking flag after sending multipart packet
    Reduce used window sizes by factor 10
    libssh2_userauth_publickey_fromfile_ex() handles a NULL password
    sftp_init() deal with _libssh2_channel_write() short returns

Version 1.2.4 - February 13 2010

libssh2 1.2.4 GPG sig (547675 bytes)

Bug fixes:

    Resolve compile issues on Solaris x64 and UltraSPARC
    Allow compiling with OpenSSL when AES isn't available
    Fix Tru64 socklen_t compile issue with example/direct_tcpip.c

Version 1.2.3 - February 3 2010

libssh2 1.2.3 GPG sig (547652 bytes)

Changes:

    ssh-agent support with the new libssh2_agent_* functions
    Added libssh2_trace_sethandler()
    Added the direct_tcpip.c and ssh2_agent.c examples

Bug fixes:

    Fixed memory leak in userauth_publickey
    Fixed publickey authentication regression
    Silenced several compiler warnings
    avoid returning data to memory already freed
    transport layer fix for bogus -39 (LIBSSH2_ERROR_BAD_USE) errors
    Fixed padding in ssh-dss signature blob encoding
    Fixed direction blocking flag problems
    Fixed memory leak in sftp_fstat()
2014-07-20 22:02:58 +00:00
tron
c64e9eb269 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:18:26 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
wiz
23bfa90cfb Update HOMEPAGE and remove commented-out sf MASTER_SITE.
From Bug Hunting.
2013-02-03 12:37:40 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
dholland
7e751949e4 Set BUILDLINK_ABI_DEPENDS correctly (with +=, not ?=)
It turns out there were a lot of these.
2012-05-07 01:53:12 +00:00
wiz
e2f84ad43f Reset maintainer for retired developers. 2011-02-28 14:52:37 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
drochner
226b0b6fa9 update to 1.2.2
changes:
-Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers
-Support for the "arcfour128" cipher
-Fix crash when server sends an invalid SSH_MSG_IGNORE message
2009-11-20 16:45:30 +00:00
drochner
f442f1f99f update to 1.2.1
many fixes and improvements, notably speed
2009-11-15 20:07:45 +00:00
joerg
2d1ba244e9 Simply and speed up buildlink3.mk files and processing.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
2009-03-20 19:23:50 +00:00
bjs
8740bfa07f Import libssh2-0.18, a library implementing the SSH2 protocol (available
under the revised BSD license).
2008-03-02 14:11:54 +00:00