| Server IP : 170.10.162.208 / Your IP : 216.73.216.181 Web Server : LiteSpeed System : Linux altar19.supremepanel19.com 4.18.0-553.69.1.lve.el8.x86_64 #1 SMP Wed Aug 13 19:53:59 UTC 2025 x86_64 User : deltahospital ( 1806) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /var/tmp/ |
Upload File : |
/* Copyright (C) 2004-2007 Sara Golemon <sarag@libssh2.org>
* Copyright (C) 2005,2006 Mikhail Gusarov <dottedmag@dottedmag.net>
* Copyright (C) 2006-2007 The Written Word, Inc.
* Copyright (C) 2007 Eli Fant <elifantu@mail.ru>
* Copyright (C) 2009-2023 Daniel Stenberg
* Copyright (C) 2008, 2009 Simon Josefsson
* Copyright (C) 2000 Markus Friedl
* Copyright (C) 2015 Microsoft Corp.
* All rights reserved.
*
* Redistribution and use in source and binary forms,
* with or without modification, are permitted provided
* that the following conditions are met:
*
* Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
*
* Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* Neither the name of the copyright holder nor the names
* of any other contributors may be used to endorse or
* promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*/
see NEWS
libssh2 - SSH2 library
======================
libssh2 is a library implementing the SSH2 protocol, available under
the revised BSD license.
Web site: https://libssh2.org/
Mailing list: https://lists.haxx.se/listinfo/libssh2-devel
License: see COPYING
Source code: https://github.com/libssh2/libssh2
Web site source code: https://github.com/libssh2/www
Installation instructions are in:
- docs/INSTALL_CMAKE for CMake
- docs/INSTALL_AUTOTOOLS for Autotools
Changelog for the libssh2 project. Generated with git2news.pl
Daniel Stenberg (16 Oct 2024)
- RELEASE-NOTES: 1.11.1
Viktor Szakats (8 Oct 2024)
- RELEASE-NOTES: sync [ci skip]
- [Anders Borum brought this change]
session: support server banners up to 8192 bytes (was: 256)
If server had banner exceeding 256 bytes there wasn't enough room in
`_LIBSSH2_SESSION.banner_TxRx_banner`. Only the first 256 bytes would be
read making the first packet read fail but also dooming key exchange as
`session->remote.banner` didn't include everything.
This change bumps the banner buffer to 8KB to match OpenSSH.
Fixes #1442
Closes #1443
- RELEASE-NOTES: sync [ci skip]
- cmake: sync and improve Find modules, add `pkg-config` native detection
- sync code between Find modules.
- wolfssl: replace `pkg-config` hints with native detection.
- libgcrypt, mbedtls: add `pkg-config`-based native detection.
- libgcrypt: add version detection.
- limit `pkg-config` use for `UNIX`, vcpkg, and non-cross MinGW builds,
and builds with no manual customization via `*_INCLUDE_DIR` or
`*_LIBRARY`.
- replace and sync Find module header comments.
- ci: delete manual mbedTLS config that's now redundant.
Based on similar work done in curl.
Second attempt at #1420
Closes #1445
- cmake: initialize `LIBSSH2_LIBDIRS` [ci skip]
Follow-up to c87f12963037b22e6b60411c9c2d6513c06e2f03 #1466
- ci/appveyor: fix and bump OpenSSL 3 path, add path check
Follow-up to b5e68bdc37c6afa0dc777794dda8307167919d04 #1461
Closes #1468
- cmake: link to OpenSSL::Crypto, not OpenSSL::SSL
Follow-up to 82b09f9b3aae97f641fbcc2d746d2a6383abe857 #1322
Follow-up to c84745e34e53f863ffba997ceeee7d43d1c63a4b #1128
Cherry-picked from #1445
Closes #1467
- cmake: generate `LIBSSH2_PC_LIBS_PRIVATE` dynamically
Generate `LIBSSH2_PC_LIBS_PRIVATE` from `LIBSSH2_LIBS`.
Also add extra libdirs (`-L`) to `Libs` and `Libs.private`.
Logic copied from curl.
Closes #1466
- cmake: initialize `LIBSSH2_PC_REQUIRES_PRIVATE` [ci skip]
Follow-up to 0fce9dcc2909ffff5f4a1a1bc3d359fc7f409299 #1464
- cmake: add comment about `ibssh2.pc.in` variables [ci skip]
- cmake: support absolute `CMAKE_INSTALL_INCLUDEDIR`/`CMAKE_INSTALL_LIBDIR`
in `libssh2.pc`.
Also use `${exec_prefix}` (instead of `${prefix}`) as a base for `libdir`.
Closes #1465
- cmake: rename two variables and initialize them
- `LIBRARIES` -> `LIBSSH2_LIBS`
- `SOCKET_LIBRARIES` -> `LIBSSH2_LIBS_SOCKET`
Also initialize them before use.
Cherry-picked from #1445
Closes #1464
- ci/appveyor: reduce test runs (workaround for infrastructure permafails)
Jobs consistently fail to connect to the test server (run in GHA) since
2024-Aug-29:
https://ci.appveyor.com/project/libssh2org/libssh2/builds/50498393
There was an earlier phase of failures one month before that, that got
fixed by increasing the wait for the server in
bf3af90b3f1bb14cf452df7a8eb55cc9088f3e7f.
Thus, skip running tests in AppVeyor CI jobs, except: After some
experiments, it seems that running tests with the last OpenSSL job and
the last WinCrypt job _work_, which still leaves some coverage.
It remains to be seen how stable this is.
This is meant as a temporary fix till there is a solution to make all
jobs run tests reliable like up until a few months ago.
Closes #1461
- [Patrick Monnerat brought this change]
os400: drop vsprintf() use
Follow-up to discussion in #1457
Plus e-mail address update.
Closes #1462
- RELEASE-NOTES: sync [ci skip]
Daniel Stenberg (30 Sep 2024)
- openssl: free allocated resources when using openssl3
Reproduces consistently with curl test case 638
Closes #1459
Viktor Szakats (28 Sep 2024)
- checksrc: update, check all sources, fix fallouts
update from curl:
https://github.com/curl/curl/blob/cff75acfeca65738da8297aee0b30427b004b240/scripts/checksrc.pl
Closes #1457
- cmake: prefer `find_dependency()` in `libssh2-config.cmake`
CMake manual suggest using `find_dependency()` (over `find_package()`)
in `config.cmake` scripts.
Ref: https://cmake.org/cmake/help/latest/module/CMakeFindDependencyMacro.html
Closes #1460
- ci: use Ninja with cmake
Closes #1458
GitHub (27 Sep 2024)
- [dksslq brought this change]
Fix memory leaks in _libssh2_ecdsa_curve_name_with_octal_new and _libssh2_ecdsa_verify (#1449)
Better error handling in`_libssh2_ecdsa_curve_name_with_octal_new` and `_libssh2_ecdsa_verify` to prevent leaks.
Credit: dksslq <dksslq@github.com>
- [rolag brought this change]
Fix unstable connections over nonblocking sockets (#1454)
The `send_existing()` function allows partially sent packets to be sent
fully before any further packets are sent. Originally this returned
`LIBSSH2_ERROR_BAD_USE` when a different caller or thread tried to send
an existing packet created by a different caller or thread causing the
connection to disconnect. Commit 33dddd2f8ac3bc81 removed the return
allowing any caller to continue sending another caller's packet. This
caused connection instability as discussed in #1397 and confused the
client and server causing occasional duplicate packets to be sent and
giving the error `rcvd too much data` as discussed in #1431. We return
`LIBSSH2_ERROR_EAGAIN` instead to allow existing callers to finish
sending their own packets.
Fixes #1397
Fixes #1431
Related #720
Credit: klux21, rolag
- [Will Cosgrove brought this change]
Prevent possible double free of hostkey (#1452)
NULL server hostkey based on fuzzer failure case.
Viktor Szakats (7 Sep 2024)
- cmake: tidy up syntax, minor improvements
- make internal variables underscore-lowercase.
- unfold lines.
- fold lines setting header directories.
- fix indent.
- drop interim variable `EXAMPLES`.
- initialize some variables before populating them.
- clear a variable after use.
- add `libssh2_dumpvars()` function for debugging.
- allow to override default `CMAKE_UNITY_BUILD_BATCH_SIZE`.
- bump up default `CMAKE_UNITY_BUILD_BATCH_SIZE` to 0 (was 32).
- tidy up option descriptions.
Closes #1446
- cmake: rename mbedTLS and wolfSSL Find modules
To match the curl ones.
Cherry-picked from #1445
- RELEASE-NOTES: sync [ci skip]
- cmake: fixup version detection in mbedTLS find module
- avoid warning with 2.x versions about missing header file while
extracting the version number.
- clear temp variables.
Closes #1444
- buildconf: drop
Use `autoreconf -fi` instead.
Follow-up to fc5d77881eb6bb179f831e626d15f4f29179aad5
Closes #1441
- [Michael Buckley brought this change]
Implement chacha20-poly1305@openssh.com
Probably the biggest and potentially most controversial change we have
to upstream.
Because earlier versions of OpenSSL implemented the algorithm before
standardization, using an older version of OpenSSL can cause problems
connecting to OpenSSH servers. Because of this, we use the public domain
reference implementation instead of the crypto backends, just like
OpenSSH does.
We've been holding this one for a few years. We were about to upstream
it around the same time as aes128gcm landed upstream, and the two
changes were completely incompatible. Honestly, it took me weeks to
reconcile these two implementations, and it could be much better.
Our original implementation changed every crypt method to decrypt the
entire message at once. the AESGCM implementation instead went with this
firstlast design, where a firstlast paramater indicates whether this is
the first or last call to the crypt method for each message. That added
a lot of bookkeeping overhead, and wasn't compatible with the chacha
public domain implementation.
As far as I could tell, OpenSSH uses the technique of decrypting the
entire message in one go, and doesn't have anything like firstlast.
However, I could not get out aes128gcm implementation to work that way,
nor could I get the chacha implementation to work with firstlast, so I
split it down the middle and let each implementation work differently.
It's kind of a mess, and probably should be cleaned up, but I don't have
the time to spend on it anymore, and it's probably better to have
everything upstream.
Fixes #584
Closes #1426
- tidy-up: do/while formatting
Also fix an indentation and delete empty lines.
Closes #1440
- wolfssl: drop header path hack
The wolfSSL OpenSSL headers reside in `wolfssl/openssl/*.h`.
Before this patch the wolfSSL OpenSSL compatibilty header includes were
shared with the native OpenSSL codepath, and used `openssl/*h`. For
wolfSSL builds this required a hack to append the
`<wolfssl-prefix>/wolfssl` directory to the header search path, to find
the headers.
This patch changes the source to use the correct header references,
allowing to drop the header path hack.
Also fix to use the correct variable to set up the header path in CMake:
`WOLFSSL_INCLUDE_DIRS` (was: `WOLFSSL_INCLUDE_DIR`, without the `S`)
Closes #1439
- cmake: mbedTLS detection tidy-ups
- set and use `MBEDTLS_INCLUDE_DIRS`.
- stop marking `MBEDTLS_LIBRARIES` as advanced.
Closes #1438
- cmake: add quotes, delete ending dirseps
Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1 #1166
Closes #1437
- CI/appveyor: increase wait for SSH server on GHA [ci skip]
Blind attempt to make AppVeyor CI tests work again.
- disable DSA by default
Also:
- add `LIBSSH2_DSA_ENABLE` to enable it explicitly.
- test the above option in CI.
- say 'deprecated' in docs and public header.
- disable DSA in the CI server config.
(OpenSSH 9.8 no longer builds with it by default)
https://www.openssh.com/txt/release-9.8
Patch-by: Jose Quaresma
- disable more DSA code when not enabled.
Fixes #1433
Closes #1435
GitHub (30 Jul 2024)
- [Viktor Szakats brought this change]
tidy-up: link updates (#1434)
Marc Hoersken (27 Jul 2024)
- ci/GHA: revert concurrency and improve permissions
Statuses are per AppVeyor event and commit, not pull-request.
Also align permissions approach with curl, least priviledge.
Partially reverts b08cfbc99fa4df3459db4e1ccf4263fd260e9b15.
GitHub (23 Jul 2024)
- [Will Cosgrove brought this change]
Always init mbedtls_pk_context (#1430)
In the failure case, mbedtls_pk_context could be free'd without first being initialized.
- [Viktor Szakats brought this change]
mbedtls: tidy-up (#1429)
- [Will Cosgrove brought this change]
Correctly initialize values (#1428)
Fix regression with commit from #1421
Viktor Szakats (14 Jul 2024)
- RELEASE-NOTES: sync [ci skip]
- [Seo Suchan brought this change]
mbedtls: expose `mbedtls_pk_load_file()` for our use
While it's moved to pk_internal, it won't removed in mbedTLS 3.6 LTS
so it's safe to redeclare it on our side to find it.
This is implementing emergency fix suggested from
https://github.com/libssh2/libssh2/commit/2e4c5ec4627b3ecf4b6da16f365c011dec9a31b4#commitcomment-141379351
Follow-up to e973493f992313b3be73f51d3f7ca6d52e288558 #1393
Follow-up to 2e4c5ec4627b3ecf4b6da16f365c011dec9a31b4 #1349
Closes #1421
GitHub (13 Jul 2024)
- [Viktor Szakats brought this change]
ci/GHA: simplify mbedTLS build hack for autotools (#1425)
Follow-up to e973493f992313b3be73f51d3f7ca6d52e288558 #1393
- [Michael Buckley brought this change]
Always check for null pointers before calling _libssh2_bn_set_word (#1423)
- [Viktor Szakats brought this change]
ci/GHA: FreeBSD 14.1, actions bump (#1424)
- [Michael Buckley brought this change]
Increase SFTP_HANDLE_MAXLEN back to 4092 (#1422)
Match OpenSSH for compatibility.
Viktor Szakats (10 Jul 2024)
- ci/GHA: tidy up casing [ci skip]
- REUSE: fix typo in comment
- REUSE: shorten and improve
Follow-up to 70b8bf314cf4566a7529c5d6eae63097a926abb0 #1419
- REUSE: upgrade to `REUSE.toml`
Closes #1419
- build: stop detecting `sys/param.h` header
This header is no longer used.
Follow-up to 12427f4fb8e789adcee4a6e30974932883915e88 #1415
Closes #1418
- [Nicolas Mora brought this change]
tests: avoid using `MAXPATHLEN`, for portability
`MAXPATHLEN` is not present in some systems, e.g. GNU Hurd.
Co-authored-by: Viktor Szakats
Ref: 54bef4c5dad868a9d45fdbfca9729b191c0abab5 #198
Fixes #1414
Closes #1415
- cmake: sync formatting in `cmake/Find*` modules
- [Michael Buckley brought this change]
sftp: implement posix-rename@openssh.com
Add a new function `libssh2_sftp_posix_rename_ex()` and
`libssh2_sftp_posix_rename()`, which implement
the posix-rename@openssh.com extension.
If the server does not support this extension, the function returns
`LIBSSH2_FX_OP_UNSUPPORTED` and it's up to the user to recover, possibly
by calling `libssh2_sftp_rename()`.
Co-authored-by: Viktor Szakats (bump to size_t)
Closes #1386
- src: use `UINT32_MAX`
Needs to be defined for platforms missing it, e.g. VS2008.
Closes #1413
GitHub (25 Jun 2024)
- [Michael Buckley brought this change]
Fix a memory leak in key exchange. (#1412)
Original fix submitted as a patch by Trzik.
Co-authored-by: Michael Buckley <michael@panic.com>
Viktor Szakats (25 Jun 2024)
- RELEASE-NOTES: sync [ci skip]
- wolfssl: fix `EVP_Cipher()` use with v5.6.0 and older
Add workaround for the wolfSSL `EVP_Cipher(*p, NULL, NULL, 0)` bug to
make libssh2 work with wolfSSL v5.6.0 and older.
wolfSSL fixed this issue in v5.7.0:
https://github.com/wolfSSL/wolfssl/pull/7143
https://github.com/wolfSSL/wolfssl/commit/b0de0a1c95119786cf5651dd76dd7d7bdfac5a04
Without our local workaround:
- v5.3.0 and older fail most tests:
Ref: https://github.com/libssh2/libssh2/actions/runs/9646827522/job/26604211476#step:17:1263
- v5.4.0, v5.5.x, v5.6.0 fail these:
```
29 - test_read-aes128-cbc (Failed)
30 - test_read-aes128-ctr (Failed)
32 - test_read-aes192-cbc (Failed)
33 - test_read-aes192-ctr (Failed)
34 - test_read-aes256-cbc (Failed)
35 - test_read-aes256-ctr (Failed)
```
Ref: https://github.com/libssh2/libssh2/actions/runs/9646827522/job/26604233819#step:17:978
Oddly enough the workaround breaks OpenSSL tests, so only enable it for
the affected wolfSSL versions.
Also add new build-from-source wolfSSL CI job to test the new codepath.
wolfSSL has a build bug where `wolfssl/options.h` and
`wolfssl/version.h` are not copied to the `install` destination with
autotools. With CMake it has a different bug where `wolfcrypt/sp_int.h`
is not copied (with v5.4.0). And another with CMake where `FIPS_mode()`
remains missing (with v5.6.0 and earlier.)
Therefore use CMake with v5.5.4 and a workaround for `FIPS_mode()`.
Another option is autotools with v5.4.0 and a workaround for `install`,
but CMake builds quicker.
Regression-from 3c953c05d67eb1ebcfd3316f279f12c4b1d600b4 #797
Fixes #1020
Fixes #1299
Assisted-by: Michael Buckley via #1394
Closes #1394 (another attempt to fix the mentioned wolfSSL bug)
Closes #1407
- wolfssl: bump version in upstream issue comment [ci skip]
- wolfssl: require v5.4.0 for AES-GCM
Earlier versions crash while running tests.
This patch is part of a series of fixes to make wolfSSL AES-GCM support
work together with libssh2.
Possibly related is this wolfSSL bugfix patch, released in v5.4.0:
https://github.com/wolfSSL/wolfssl/pull/5205
https://github.com/wolfSSL/wolfssl/commit/fb3c611275dfe454c331baa0818445a0406c208a
"Fix another AES-GCM EVP control command issue"
Ref: #1020
Ref: #1299
Cherry-picked from #1407
Closes #1411
- tests: fix excluding AES-GCM tests
Replace hard-coded crypto backends and rely on `LIBSSH2_GCM` macro
to decide whether to run AES-GCM tests.
Without this, build attempted to run AES-GCM tests (and failed)
for crypto backends that have conditional support for this feature, e.g.
wolfSSL without the necessary features built-in
(as in before Homewbrew wolfssl 5.7.0_1, or OpenSSL v1.1.0 and older).
This patch is part of a series of fixes to make wolfSSL AES-GCM support
work together with libssh2.
Cherry-picked from #1407
Closes #1410
- ci/GHA: fix wolfSSL-from-source AES-GCM tests
Turns out these tests:
```
31 - test_read-aes128-gcm@openssh.com (Failed)
36 - test_read-aes256-gcm@openssh.com (Failed)
```
were failing because AES-GCM wasn't enabled in libssh2. This in turn
happened because the `WOLFSSL_AESGCM_STREAM` macro wasn't enabled while
building wolfSSL. Which happened because this macro isn't enabled by
any CMake-level wolfSSL option. Passing it as `CPPFLAGS` fixes it.
This allows enabling tests with wolfSSL 5.7.0.
Follow-up to d4cea53f53c78febad14b4caa600e25d1aaf92fd #1408
Closes #1409
- ci/GHA: add Linux job with latest wolfSSL built from source
After this patch it's possible to run tests with wolfSSL 5.7.0.
wolfSSL 5.7.0 fixes this bug that affects open issues #1020 and #1299:
https://github.com/wolfSSL/wolfssl/pull/7143
`-DWOLFSSL_OPENSSLALL=ON` is necessary for `wolfSSL_FIPS_mode()`
Closes #1408
- ci/GHA: tidy up build-from-source steps [ci skip]
- make curl downloads less verbose.
- fix cmake warning:
```
CMake Warning:
No source or binary directory provided. Both will be assumed to be the
same as the current working directory, but note that this warning will
become a fatal error in future CMake releases.
```
Ref: https://github.com/libssh2/libssh2/actions/runs/9509866494/job/26213472410#step:5:32
- [Adam brought this change]
src: fix type warning in `libssh2_sftp_unlink` macro
The `libssh2_sftp_unlink` macro was implicitly casting the `size_t`
returned by `strlen` to the `unsigned int` type expected by
`libssh2_sftp_unlink_ex`.
This fix adds an explicit cast to match similar macro definitions in
the same file (e.g. `libssh2_sftp_rename`, `libssh2_sftp_mkdir`).
Closes #1406
- libssh2.pc: reference mbedcrypto pkgconfig
mbedtls 3.6.0 got pkgconfig support:
https://github.com/Mbed-TLS/mbedtls/commit/a4d17b34f354557838e05d2cb47200e8dcaaf59b
Reference it from `libssh2.pc`.
Closes #1405
- tidy-up: typo in comment [ci skip]
- RELEASE-NOTES: sync [ci skip]
Also bump planned deprecation dates.
- ci/GHA: show configure logs on failure and other tidy-ups
- dump cmake error log on configure failure. (for cmake 3.26 and newer)
- dump `config.log` on autotools configure failure.
- convert specs filename to Windows format before passing to CMake.
- add missing quotes.
Closes #1403
- ci/GHA: bump parallel jobs to nproc+1
Ref: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#standard-github-hosted-runners-for-public-repositories
Closes #1402
- ci/GHA: show test logs on failure
Closes #1401
- ci/GHA: fix `Dockerfile` failing after Ubuntu package update
Likely due an upstream Ubuntu package update (requiring an apt-get
install call beforehand), tests run via autotools started failing with
no change in the libssh2 repo:
```
FAIL: test_aa_warmup
====================
Error running command 'docker build --quiet -t libssh2/openssh_server %s' (exit 256): Dockerfile:10
--------------------
8 | && apt-get clean \
9 | && rm -rf /var/lib/apt/lists/*
10 | >>> RUN mkdir /var/run/sshd
11 |
12 | # Chmodding because, when building on Windows, files are copied in with
--------------------
ERROR: failed to solve: process "/bin/sh -c mkdir /var/run/sshd" did not complete successfully: exit code: 1
Failed to build docker image
Cannot stop session - none started
Cannot stop container - none started
Command: docker build --quiet -t libssh2/openssh_server ../../tests/openssh_server
FAIL test_aa_warmup (exit status: 1)
```
Ref: https://github.com/libssh2/libssh2/actions/runs/9322194756/job/25662748095#step:11:390
Fix it by skipping `mkdir` if `/var/run/sshd` already exists.
(Why cmake-based jobs aren't affected, I don't know.)
Ref: https://github.com/libssh2/libssh2/commit/50143d5867d35df76a6cf589ca8a13b22105aa64#commitcomment-142560875
Closes #1400
- ci/GHA: use ubuntu-latest with OmniOS job
It's the same as ubuntu-22.04.
Also update OmniOS package search link.
- ci: disable dependency tracking in autotools builds
For better build performance. Dependency tracking causes a build
overhead while compiling to help a subsequent build, but in CI there is
never one and the extra work is discarded.
Closes #1396
- mbedtls: fail to compile with v3.6.0 outside CI
A compile-time failure is preferred over an unexpected one at
runtime.
The problem is silenced with a macro in CI and this macro will have
to be added to more platforms when mbedTLS v3.6.0 reaches them.
Follow-up to 2e4c5ec4627b3ecf4b6da16f365c011dec9a31b4 #1349
Closes #1393
- tests: drop default cygpath option `-u`
- tidy-up: fix typo found by codespell
Ref: https://github.com/libssh2/libssh2/actions/runs/9224795055/job/25380857082?pr=1393#step:4:5
- ci/GHA: shell syntax tidy-up
Closes #1390
- RELEASE-NOTES: sync [ci skip]
- ci/GHA: bump NetBSD/OpenBSD, add NetBSD arm64 job
OpenBSD arm64 jobs were very slow, so skipped that.
Closes #1388
- autotools: fix to update `LDFLAGS` for each detected dependency
autotools lib detection routine failed to extend LDFLAGS for each
detection. This could cause successful detection of a dependency, but
later failing to use it. This did not cause an issue as long as all
dependencies lived under the same prefix, but started breaking on macOS
ARM + Homebrew where this was no longer true for mbedTLS and zlib in
particular.
Follow-up to 844115393bffb4e92c6569204cbe4cd8e553480d #1381
Follow-up to ae2770de25949bc7c74e60b4cc6a011bbe1d3d7c #1377
Closes #1384
GitHub (8 May 2024)
- [Michael Buckley brought this change]
OpenSSL 3: Fix calculating DSA public key (#1380)
Viktor Szakats (8 May 2024)
- ci/GHA: tidy-up wolfSSL autotools config on macOS
Closes #1383
- ci/GHA: shorter mbedTLS autotools workaround
Follow-up to 844115393bffb4e92c6569204cbe4cd8e553480d #1381
Closes #1382
GitHub (8 May 2024)
- [Michael Buckley brought this change]
ci: fix mbedtls runners on macOS (#1381)
Sets LDFLAGS while configuring the autoconf mbedTLS build for macOS.
Viktor Szakats (29 Apr 2024)
- RELEASE-NOTES: sync [ci skip]
- [binary1248 brought this change]
wincng: fix `DH_GEX_MAXGROUP` set higher than supported
In 1c3a03ebc3166cf69735111aba2b8cee57cdba51 #493,
`LIBSSH2_DH_GEX_MAXGROUP` was introduced to specify
crypto-backend-specific modulus sizes. Unfortunately, the max size for
the wincng DH modulus was defined to 8192, probably because this is the
value most other backends support.
According to Microsoft documentation [1], `BCryptGenerateKeyPair`
currently only supports up to 4096-bit keys when the selected algorithm
is `BCRYPT_DH_ALGORITHM`. Requesting larger keys when calling
`BCryptGenerateKeyPair` in `_libssh2_dh_key_pair` always results in
`STATUS_INVALID_PARAMETER` being returned and ultimately key exchange
failing.
When attempting to connect to any server that offers 8192 bit DH, this
causes key exchange to always fail when using the wincng backend.
Reducing `LIBSSH2_DH_GEX_MAXGROUP` to 4096 fixes the issue.
[1] https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/nf-bcrypt-bcryptgeneratekeypair
Closes #1372
- build: silence warnings inside `FD_SET()`/`FD_ISSET()` macros
Use an ugly workaround to silence `-Wsign-conversion` warnings triggered
by the internals of `FD_SET()`/`FD_ISSET()` macros. They've been showing
up in OmniOS CI builds when compiling `example` programs. They also have
been seen with older Cygwin and other envs and configurations.
Also scope two related variables in examples.
E.g.:
```
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
251 | FD_SET(forwardsock, &fds);
| ^~~~~~
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
259 | if(rc && FD_ISSET(forwardsock, &fds)) {
| ^~~~~~~~
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/8854199687/job/24316762831#step:3:2020
Closes #1379
- autotools: use `AM_CFLAGS`
Use `AM_CFLAGS` to pass custom, per-target C flags. This replaces using
`CFLAGS` which triggered this warning when running `autoreconf -fi`:
```
tests/Makefile.am:8: warning: 'CFLAGS' is a user variable, you should not override it;
tests/Makefile.am:8: use 'AM_CFLAGS' instead
```
(Only for `tests`, even though `example` and `src` also used this
method. The warning is also missing from curl, that also uses
`CFLAGS`.)
Follow-up to 3ec53f3ea26f61cbf2e0fbbeccb852fca7f9b156 #1286
Closes #1378
GitHub (25 Apr 2024)
- [Viktor Szakats brought this change]
ci/GHA: fix gcrypt with autotools/macOS/Homebrew/ARM64 (#1377)
mbedtls configure fails to detect anything due to this:
```
configure:23101: gcc -o conftest -g -O2 -I/opt/homebrew/include conftest.c -lmbedcrypto -lz >&5
ld: library 'mbedcrypto' not found
clang: error: linker command failed with exit code 1 (use -v to see invocation)
```
Viktor Szakats (25 Apr 2024)
- autotools: delete bogus square bracket from help text [ci skip]
Follow-up to 3f98bfb0900b5e68445a339cfebc60b307a24650 #1368
GitHub (25 Apr 2024)
- [Viktor Szakats brought this change]
ci/GHA: fix verbose option for autotools jobs (#1376)
Also enable verbose for macOS `make` step.
- [Viktor Szakats brought this change]
ci/GHA: dump `config.log` on failure for macOS autotools jobs (#1375)
- [Viktor Szakats brought this change]
ci/GHA: fix `autoreconf` failure on macOS/Homebrew (#1374)
By manually installing `libtool`.
```
autoreconf -fi
shell: /bin/bash -e {0}
configure.ac:75: error: possibly undefined macro: AC_LIBTOOL_WIN32_DLL
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
configure.ac:76: error: possibly undefined macro: AC_PROG_LIBTOOL
autoreconf: error: /opt/homebrew/Cellar/autoconf/2.72/bin/autoconf failed with exit status: 1
```
Ref: https://github.com/libssh2/libssh2/actions/runs/8833608758/job/24253334557#step:4:1
- [Viktor Szakats brought this change]
ci/GHA: fixup Homebrew location (for ARM runners) (#1373)
GHA macOS runners became ARM64 machines. Make the Homebrew prefix
dynamic to adapt to these installations.
Viktor Szakats (14 Apr 2024)
- RELEASE-NOTES: sync [ci skip]
- [Patrick Monnerat brought this change]
os400: Add two recent files to the distribution
Closes #1364
- wincng: add to ci/GHA, add `./configure` option `--enable-ecdsa-wincng`
- add `./configure` option `--enable-ecdsa-wincng`
- add WinCNG autotools jobs to GHA.
- enable WinCNG ECDSA in some GHA jobs (both CMake and autotools).
Follow-up to 3e72343737e5b17ac98236c03d5591d429b119ae #1315
Closes #1368
GitHub (14 Apr 2024)
- [Johannes Passing brought this change]
wincng: add ECDSA support for host and user authentication (#1315)
The WinCNG backend currently only supports DSA and RSA. This PR
adds ECDSA support for host and user authentication.
* Disable WinCNG ECDSA support by default to maintain backward
compatibility for projects that target versions below Windows 10.
* Add cmake option `ENABLE_ECDSA_WINCNG` to guard ECDSA support.
* Update AppVeyor job matrix to only enable ECDSA on Server 2016+
Viktor Szakats (14 Apr 2024)
- ci: enable Unity mode for most CMake builds
Ref: 7129ea9ca8cca86dac80a6bac2d63937987efe9d #1034
Closes #1367
- os400: fix shellcheck warnings in scripts (fixups)
- Build scripts must be executed by the os/400 shell (sh), not bash which
is a PASE program: The `-ot` non-POSIX test extension works in os/400 as
well. Ref: https://github.com/libssh2/libssh2/pull/1364#issue-2241646754
- Drop/fixup mods trying to make some syntax highlighters happier.
Follow-up to c6625707b94d9093f38f1a0a4d89c11b64f12ba8 #1358
Assisted-by: Patrick Monnerat
Closes #1364
Closes #1366
- cmake: style tidy-up (more)
Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1 #1166
Closes #1365
- RELEASE-NOTES: sync [ci skip]
- os400: fix shellcheck warnings in scripts
- use `$()` instead of backticks, and re-arrange double-quotes inside.
- add missing `|| exit 1` to `cd` calls. (could be dropped by using `set -eu`.)
- add `-n` to a few `if`s.
- shorten redirections by using `{} >` (as shellcheck recommended).
- silence warnings where variables were detected as unused (SC2034).
- a couple misc updates to silence warnings.
- switch to bash shebang for `-ot` feature.
- split two lines to unbreak syntax highlighting in my editor. (`$(expr \`, `$(dirname \`)
Also enable CI checks for OS/400 shell scripts.
Ref: d88b9bcdafe9d19aad2fb120d0a0acb3edab64f7
Closes #1358
- RELEASE-NOTES: sync [ci skip]
- ci: add shellcheck job and script
Add FIXME for OS/400 scripts.
Cherry-picked from #1358
- tests: fix shellcheck issues in `test_sshd.test`
Cherry-picked from #1358
- RELEASE-NOTES: sync [ci skip]
GitHub (9 Apr 2024)
- [Viktor Szakats brought this change]
ci/appveyor: re-enable OpenSSL 3, also bump to 3.2.1 (#1363)
Ref: 104744f4a523de574ce3767c50948d9b8385be4c #1348
Viktor Szakats (9 Apr 2024)
- ci: use a better test timestamp [ci skip]
Mar 27 2024 08:00:00 GMT+0000
Follow-up to 2d765e454d98b794a5e5bbc497b1fcba4a9b8c4b #1360
GitHub (9 Apr 2024)
- [Viktor Szakats brought this change]
ci: verify build and install from tarball (#1362)
Install verification based on:
https://github.com/curl/curl/blob/28c5ddf13ac311d10bc4e8f9fc4ce0858a19b888/scripts/installcheck.sh
Viktor Szakats (9 Apr 2024)
- tidy-up: dir names, command-line [ci skip]
Follow-up to 2d765e454d98b794a5e5bbc497b1fcba4a9b8c4b #1360
- cmake: tidy up function name casing in `CopyRuntimeDependencies.cmake`
Use lowercase to match callers.
GitHub (9 Apr 2024)
- [Viktor Szakats brought this change]
ci: add reproducibility test for `maketgz` (#1360)
Viktor Szakats (9 Apr 2024)
- maketgz: add reproducible dir entries to tarballs
In the initial implementation of reproducible tarballs, they were
missing directory entries, while .zip archives had them. It meant
that on extracting the tarball, on-disk directory entries got the
current timestamp.
This patch fixes this by including directory entries in the tarball,
with reproducible timestamps. It also moves sorting inside tar,
to ensure reproducible directory entry timestamps on extract
(without the need of `--delay-directory-restore` option, when
extracting with GNU tar. BSD tar got that right by default.)
GNU tar 1.28 (2014-07-28) introduced `--sort=`.
Follow-up to d52fe1b4358fab891037d86b5c73c098079567db #1357
Closes #1359
- ci/GHA: improve version number in `maketgz` test
Follow-up to cba7f97506c1b8e5ff131bbbc57b5796ac634c56 #1353
GitHub (8 Apr 2024)
- [Michael Buckley brought this change]
src: check the return value from `_libssh2_bn_*()` functions (#1354)
Found by oss-fuzz. In `diffie_hellman_sha_algo()`, we were calling
`_libssh2_bn_from_bin()` with data recieved by the server without
checking whether that data was zero-length or ridiculously long.
In the OpenSSL backend, this would cause `_libssh2_bn_from_bin()`
to fail an allocation, which would eventually lead to a NULL
dereference when the bignum was used.
Add the same check for `_libssh2_bn_set_word()` and
`_libssh2_bn_to_bin()`.
Viktor Szakats (8 Apr 2024)
- maketgz: reproducible tarballs/zip, display tarball hashes
- support `SOURCE_DATE_EPOCH` for reproducibility.
- make tarballs reproducible.
- make file timestamps in tarball/zip reproducible.
- make directory timestamps in zip reproducible.
- make timestamps of tarballs/zip reproducible.
- make file order in tarball/zip reproducible.
- use POSIX ustar tarball format to avoid supply chain vulnerability: https://seclists.org/oss-sec/2021/q4/0
- make uid/gid in tarball reproducible.
- omit owner user/group names from tarball for reproducibility and privacy.
- omit current timestamp from .gz header for reproducibility.
- display SHA-256 hashes of produced tarballs/zip. (Requires `sha256sum`)
- re-sync formatting with curl's `maketgz`.
Closes #1357
- maketgz: `set -eu`, reproducibility, improve zip, add CI test
- set bash `-eu`.
- fix bash `-eu` issues.
- apply `TZ=UTC` and `LC_ALL=C` for reproducibility.
- sort `.zip` entries for reproducibility.
- zip with `--no-extra` for reproducibliity.
- use maximum zip compression.
- add the gpg sign command-line. Copied from curl.
- add CI test for `maketgz`.
Closes #1353
- RELEASE-NOTES: sync and cleanups [ci skip]
GitHub (3 Apr 2024)
- [Tejaswikandula brought this change]
Support RSA SHA2 cert-based authentication (rsa-sha2-512_cert and rsa-sha2-256_cert) (#1314)
Replicating OpenSSH's behavior to handle RSA certificate authentication
differently based on the remote server version.
1. For OpenSSH versions >= 7.8, ascertain server's support for RSA Cert
types by checking if the certificate's signature type is present in
the `server-sig-algs`.
2. For OpenSSH versions < 7.8, Set the "SSH_BUG_SIGTYPE" flag when the
RSA key in question is a certificate to ignore `server-sig-algs` and
only offer ssh-rsa signature algorithm for RSA certs.
This arises from the fact that OpenSSH versions up to 7.7 accept
RSA-SHA2 keys but not RSA-SHA2 certificate types. Although OpenSSH <=7.7
includes RSA-SHA2 keys in the `server-sig-algs`, versions <=7.7 do not
actually support RSA certs. Therefore, server sending RSA-SHA2 keys in
`server-sig-algs` should not be interpreted as indicating support for
RSA-SHA2 certs. So, `server-sig-algs` are ignored when the RSA key in
question is a cert, and the remote server version is 7.7 or below.
Relevant sections of the OpenSSH source code:
<https://github.com/openssh/openssh-portable/blob/V_8_9_P1/sshconnect2.c#L1191-L1197>
<https://github.com/openssh/openssh-portable/blob/master/compat.c#L43>
Assisted-by: Will Cosgrove
Reviewed-by: Viktor Szakats
Viktor Szakats (3 Apr 2024)
- RELEASE-NOTES: sync [ci skip]
Also fix to include 3-digit issue/PR references.
- mbedtls: add workaround + FIXME to build with 3.6.0
This is just a stub to make `_libssh2_mbedtls_ecdsa_new_private`
compile.
mbedtls 3.6.0 silently deleted its public API `mbedtls_pk_load_file`,
which this function relies on.
Closes #1349
GitHub (3 Apr 2024)
- [Viktor Szakats brought this change]
ci/appveyor: OpenSSL 3 no longer found by CMake, revert to 1.1.1 (#1348)
Ref: https://github.com/appveyor/build-images/commit/702e8cdca01f28f6a40687783f493c786cebbe2c
Ref: https://github.com/appveyor/build-images/pull/149
Viktor Szakats (3 Apr 2024)
- docs: improve `libssh2_userauth_publickey_from*` manpages
Reported-by: Lyndon Brown
Assisted-by: Ryan Kelley
Fixes #652
Closes #1308
Closes #xxxx
- RELEASE-NOTES: sync [ci skip]
GitHub (2 Apr 2024)
- [Viktor Szakats brought this change]
test debian:testing-slim post xz backdoor removal (#1346)
The unexplained CI fallouts are gone with the latest debian:testing (20240330).
Ref #1328 #1329 #1338.
Closes #1346
Viktor Szakats (30 Mar 2024)
- ci: use Linux runner for BSDs, add arm64 FreeBSD 14 job
- bump cross-platform-actions to 0.23.0.
Ref: https://github.com/cross-platform-actions/action/releases/tag/v0.23.0
- switch to Linux runners (from macOS) for cross-platform-actions.
It's significantly faster.
- switch back FreeBSD 14 job to cross-platform-actions.
Also switch back to default shell.
- add FreeBSD 14 arm64 job.
Closes #1343
- ci: use single quotes in yaml [ci skip]
- ci: tidy-up job order [ci skip]
- build: drop `-Wformat-nonliteral` warning suppressions
Also markup a vararg function as such.
In functions marked up as vararg functions, there is no need to suppress
`-Wformat-nonliteral` warnings. It's done automatically by the compiler.
Closes #1342
- ci: delete flaky FreeBSD 13.2 job
Keep FreeBSD 14.
- RELEASE-NOTES: sync [ci skip]
- example: restore `sys/time.h` for AIX
In AIX, `time.h` header file doesn't have definitions like
`fd_set`, `struct timeval`, which are found in `sys/time.h`.
Add `sys/time.h` to files affected when available.
Regression from e53aae0e16dbf53ddd1a4fcfc50e365a15fcb8b9 #1001.
Reported-by: shubhamhii on GitHub
Assisted-by: shubhamhii on GitHub
Fixes #1334
Fixes #1335
Closes #1340
- userauth: avoid oob with huge interactive kbd response
- If the length of a response is `UINT_MAX - 3` or larger, an unsigned
integer overflow occurs on 64-bit systems. Avoid such truncation to
always allocate enough memory to avoid subsequent out of boundary
writes.
Patch-by: Tobias Stoeckmann
- also add FIXME to bump up length field to `size_t` (ABI break)
Closes #1337
GitHub (28 Mar 2024)
- [Josef Cejka brought this change]
transport: check ETM on remote end when receiving (#1332)
We should check if encrypt-then-MAC feature is enabled in remote end's
configuration.
Fixes #1331
- [Josef Cejka brought this change]
kex: always add extension indicators to kex_algorithms (#1327)
KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
are in default kex method list but they were lost after configuring
custom kex method list in libssh2_session_method_pref().
Fixes #1326
- [Jiwoo Park brought this change]
cmake: use the imported target of FindOpenSSL module (#1322)
* Use the imported target of FindOpenSSL module
* Build libssh2 before test runner
* Use find_package() in the CMake config file
* Use find_dependency() rather than find_package()
* Install CMake module files and use them in the config file
* Use elseif() to choose the crypto backend
- [Andrei Augustin brought this change]
docs: update INSTALL_AUTOTOOLS (#1316)
corrected --with-libmbedtls-prefix to current option --with-libmbedcrypto-prefix
Viktor Szakats (28 Mar 2024)
- ci: don't parallelize `distcheck` job
A while ago the `distcheck` CI job became flaky. This continued after
switching to Debian stable (from testing). Try stabilzing it by running
it single-threaded.
Closes #1339
- Dockerfile: switch to Debian stable (from testing)
This fixes flakiness experienced recently with two OpenSSL jobs and one
libgcrypt job, and/or intermittently causing all Docker-based tests to
fail.
Reported-by: András Fekete
Fixes #1328
Fixes #1329
Closes #1338
GitHub (22 Feb 2024)
- [Michael Buckley brought this change]
Supply empty hash functions for mac_method_hmac_aesgcm to avoid a crash when e.g. setting LIBSSH2_METHOD_CRYPT_CS (#1321)
- [Michael Buckley brought this change]
gen_publickey_from_dsa: Initialize BIGNUMs to NULL for OpenSSL 3 (#1320)
Viktor Szakats (23 Jan 2024)
- RELEASE-NOTES: add algo deprecation notices [ci skip]
Closes #1307
- RELEASE-NOTES: sync [ci skip]
GitHub (22 Jan 2024)
- [Juliusz Sosinowicz brought this change]
wolfssl: enable debug logging in wolfSSL when compiled in (#1310)
Co-authored-by: Viktor Szakats
- [monnerat brought this change]
os400: maintain up to date (#1309)
- Handle MD5 conditionals in os400qc3.
- Check for errors in os400qc3 pbkdf1.
- Implement an optional build options override file.
- Sync ILE/RPG copy files with current C header files.
- Allow a null session within a string conversion cache.
- Add an ILE/RPG example.
- Adjust outdated copyrights in changed files.
Viktor Szakats (18 Jan 2024)
- RELEASE-NOTES: sync
- src: check hash update/final success
Also:
- delete unused internal macro `libssh2_md5()` where defined.
- prefix `libssh2_os400qc3_hash*()` function names with underscore.
These are public/visible, but internal.
- add FIXMEs to OS/400 code to verify update/final calls; some OS API,
some internal.
Ref: https://github.com/libssh2/libssh2/pull/1301#discussion_r1446861650
Reviewed-by: Michael Buckley
Reviewed-by: Patrick Monnerat
Closes #1303
- RELEASE-NOTES: sync [ci skip]
GitHub (18 Jan 2024)
- [Ryan Kelley brought this change]
openssl: fix cppcheck found NULL dereferences (#1304)
* Fix NULL dereference in gen_publickey_from_rsa_evp and
gen_publickey_from_dsa_evp.
* Add checks for en_publickey_from_ec_evp and en_publickey_from_ed_evp
Viktor Szakats (12 Jan 2024)
- openssl: delete internal `read_openssh_private_key_from_memory()`
It was wrapping another internal function with no added logic.
Closes #1306
- openssl: formatting/whitespace
Also use `NULL` instead of `0` for pointers.
Closes #1305
- HACKING-CRYPTO: more fixups [ci skip]
Follow-up to f64885b6ab9bbdae2da9ebd70f4dd5cea56e838a #1297
- HACKING-CRYPTO: fixups [ci skip]
Follow-up to f64885b6ab9bbdae2da9ebd70f4dd5cea56e838a #1297
- RELEASE-NOTES: sync [ci skip]
- src: check hash init success
Before this patch, SHA2 and SHA1 init function results were cast to
`void`. This patch makes sure to verify these values.
Also:
- exclude an `assert(0)` from release builds in `_libssh2_sha_algo_ctx_init()`.
(return error instead)
- fix indentation / whitespace
Reviewed-by: Michael Buckley
Closes #1301
- mac: handle low-level errors
- update low-level hmac functions from macros to functions.
- libgcrypt: propagate low-level hmac errors.
- libgcrypt: add error checks for hmac calls.
- os400qc3: add error checks, propagate them.
Assisted-by: Patrick Monnerat
- mbedtls: fix propagating low-level hmac errors.
- wincng: fix propagating low-level hmac errors.
- mac: verify success of low-level hmac functions.
- knownhost: verify success of low-level hmac functions.
- transport: verify success of MAC hash call.
- minor type cleanup in wincng.
- delete unused ripemd wrapper in wincng.
- delete unused SHA384 wrapper in mbedtls.
Reported-by: Paul Howarth
Reviewed-by: Michael Buckley
Closes #1297
GitHub (8 Jan 2024)
- [Michael Buckley brought this change]
Fix an out-of-bounds read in _libssh2_kex_agree_instr when searching for a KEX not in the server list (#1302)
Viktor Szakats (21 Dec 2023)
- RELEASE-NOTES: sync [ci skip]
- ci/appveyor: re-enable parallel mode
The comment cited earlier is no longer true with recent CMake versions.
This options does actually enable parallel builds with MSVC since CMake
v3.26.0: https://gitlab.kitware.com/cmake/cmake/-/issues/20564
The effect isn't much for libssh2, because it spends most time in tests,
but let's enable it anyway for efficiency.
Ref: 0d08974633cfc02641e6593db8d569ddb3644255 #884
Ref: 7a039d9a7a2945c10b4622f38eeed21ba6b4ec55 #867
Closes #1294
- ci/gha: review/fixup auto-cancel settings
- use the group expression from `reuse.yml` (via curl).
- add auto-cancel for `ci` and `cifuzz`.
- add auto-cancel to `appveyor_docker`. I'm just guessing here.
The hope is that it fixes AppVeyor CI runs when re-pushing a PR.
This frequently caused the freshly pushed session to fail waiting for
a connection.
- sync group expression in `appveyor_status` with `reuse`.
Closes #1292
- RELEASE-NOTES: fix casing in GitHub names [ci skip]
- RELEASE-NOTES: synced [ci skip]
Closes #1279
- [Michael Buckley brought this change]
src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
Refs:
https://terrapin-attack.com/
https://seclists.org/oss-sec/2023/q4/292
https://osv.dev/list?ecosystem=&q=CVE-2023-48795
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
Fixes #1290
Closes #1291
- session: add `libssh2_session_callback_set2()`
Add new `libssh2_session_callback_set2()` API that deprecates
`libssh2_session_callback_set()`.
The new implementation offers the same functionality, but accepts and
returns a generic function pointer (of type `libssh2_cb_generic *`), as
opposed to the old function that used data pointers (`void *`). The new
solution thus avoids data to function (and vice versa) pointer
conversions, which has undefined behaviour in standard C.
About the name: It seems the `*2` suffix was used in the past for
replacement functions for deprecated ones. Let's stick with that.
`*_ex` was preferred for new functions that extend existing ones with
new features.
Closes #1285
- build: enable `-pedantic-errors`
According to the manual, this isn't the same as `-Werror -pedantic`.
Enable it together with `-Werror`.
https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-pedantic-errors-1
This option results in autotools feature detection going into crazies.
To avoid this, we add it to `CFLAGS` late. Idea copied from curl.
This option has an effect only with gcc 5.0 and newer as of this commit.
Let's enable it for clang and older versions too for simplicity. Ref:
https://github.com/curl/curl/commit/d5c0351055d5709da8f3e16c91348092fdb481aa
https://github.com/curl/curl/pull/2747
Closes #1286
- build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute
And fix the warning it detected.
Closes #1287
- libssh2.h: add deprecated function warnings
With deprecated-at versions and suggested replacement function.
It's possible to silence them by defining `LIBSSH2_DISABLE_DEPRECATION`.
Also add depcreated-at versions to documentation, and unify wording.
Ref: https://github.com/libssh2/libssh2/pull/1260#issuecomment-1837017987
Closes #1289
- ci/spellcheck: delete redundant option [ci skip]
`--check-hidden` not necessary when passing filenames explicitly.
Follow-up to a79218d3a058a333bb9de14079548a3511679a04
- tidy-up: add empty line for clarity [ci skip]
- build: FIXME `-Wsign-conversion` to be errors [ci skip]
- src: disable `-Wsign-conversion` warnings, add option to re-enable
To avoid the log noise till we fix those ~360 compiler warnings.
Also add macro `LIBSSH2_WARN_SIGN_CONVERSION` to re-enable them.
Follow-up to afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257
Closes #1284
- cmake: fix indentation [ci skip]
- example, tests: call `WSACleanup()` for each `WSAStartup()`
On Windows.
Closes #1283
- RELEASE-NOTES: update credits [ci skip]
Ref: https://github.com/libssh2/libssh2/pull/1241#issuecomment-1830118584
- RELEASE-NOTES: avoid splitting names, fix typo, refine order [ci skip]
- RELEASE-NOTES: synced [ci skip]
- add portable `LIBSSH2_SOCKET_CLOSE()` macro
Add `LIBSSH2_SOCKET_CLOSE()` to the public `libssh2.h` header, for user
code. It translates to `closesocket()` on Windows and `close()` on other
platforms.
Use it in example code.
It makes them more readable by reducing the number of `_WIN32` guards.
Closes #1278
- ci: add FreeBSD 14 job, fix issues
- install bash to fix error when running tests:
```
ERROR: test_sshd.test - missing test plan
ERROR: test_sshd.test - exited with status 127 (command not found?)
=====================================
[...]
# TOTAL: 4
# PASS: 2
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
[...]
env: bash: No such file or directory
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998
- fix sshd issue when running tests:
```
# sshd log:
# Server listening on :: port 4711.
# Server listening on 0.0.0.0 port 4711.
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059
Cherry-picked from #1277
Closes #1277
- ci: add OmniOS job, fix issues
- use GNU Make, to avoid errors:
```
make: Fatal error in reader: Makefile, line 983: Badly formed macro assignment
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429838379#step:3:1956
Caused by `?=` in `Makefile.am`. Fix it just in case.
```
make: Fatal error in reader: Makefile, line 438: Unexpected end of line seen
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7135524843/job/19432451767#step:3:1966
It's around line 43 in `Makefile.am`, reason undiscovered.
- fix error:
```
../../src/hostkey.c:1227:44: error: pointer targets in passing argument 5 of '_libssh2_ed25519_sign' differ in signedness [-Werror=pointer-sign]
1227 | datavec[0].iov_base, datavec[0].iov_len);
| ~~~~~~~~~~^~~~~~~~~
| |
| caddr_t {aka char *}
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7135102832/job/19431233967#step:3:2225
https://docs.oracle.com/cd/E36784_01/html/E36887/iovec-9s.html
- FIXME: new `-Wsign-conversion` warnings appeared in examples:
```
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
251 | FD_SET(forwardsock, &fds);
| ^~~~~~
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
259 | if(rc && FD_ISSET(forwardsock, &fds)) {
| ^~~~~~~~
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
[...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7136086865/job/19433997429#step:3:3450
Cherry-picked from #1277
- example: use `libssh2_socket_t` in X11 example
Cherry-picked from #1277
- [Aaron Stone brought this change]
Handle EINTR from send/recv/poll/select to try again as the error is not fatal
Integration-patches-by: Viktor Szakats
Fixes #955
Closes #1058
- appveyor: delete UWP job broken since Visual Studio upgrade
Few days ago UWP job started permafailing.
fail: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48678129/job/yb8n2pox8mfjwv6m
good: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48673013
Other projects also affected:
https://ci.appveyor.com/project/c-ares/c-ares/builds/48687390/job/l0fo4b0sijvqkw9r
No related local update. Same CMake version. Same CI image.
This seems to be the culprit, which could mean that this update broke
CMake detection, needs a different CMake configuration on our end, or
that this MSVC update pulled support for UWP apps:
fail: -- The C compiler identification is MSVC 19.38.33130.0 (~ Visual Studio 2022 v17.8)
good: -- The C compiler identification is MSVC 19.37.32825.0 (~ Visual Studio 2022 v17.7)
If this is v17.8, release notes don't readily suggest a feature removal:
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.8
So it might just be UWP accidentally broken in this release.
Closes #1275
- checksrc: sync with curl
Closes #1272
- autotools: delete `--disable-tests` option, fix CI tests
Originally added to improve build performance by skipping building
tests. But, there seems to be no point in this, because autotools
doesn't build tests by default, unless explicitly invoking
`make check`.
Delete this option from Cygwin and FreeBSD CI tests, where it caused
`make check` to do nothing. Tests are built now, and runtime tests are
too, where supported.
Also disable Docker-based tests for these, and add a missing `make -j3`
for FreeBSD.
Reverts 7483edfada1f7e17cf8f9ac1c87ffa3d814c987e #715
Closes #1271
GitHub (6 Dec 2023)
- [ren mingshuai brought this change]
build: add `LIBSSH2_NO_DEPRECATED` option (#1266)
The following APIs have been deprecated for over 10 years and
use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated:
libssh2_session_startup()
libssh2_banner_set()
libssh2_channel_receive_window_adjust()
libssh2_channel_handle_extended_data()
libssh2_scp_recv()
Add these options to disable them:
- autotools: `--disable-deprecated`
- cmake: `-DLIBSSH2_NO_DEPRECATED=ON`
- `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED`
Fixes #1259
Replaces #1260
Co-authored-by: Viktor Szakats
Closes #1267
Viktor Szakats (5 Dec 2023)
- autotools: show the default for `hidden-symbols` option
Closes #1269
- tidy-up: bump casts from int to long for large C99 types in printfs
Cast large integer types to avoid dealing with printf masks for
`size_t` and other C99 types. Some of existing code used `int`
for this, bump them to `long`.
Ref: afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257
Closes #1264
- build: enable missing OpenSSF-recommended warnings, with fixes
Ref:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
(2023-11-29)
Enable new warnings:
- replace `-Wno-sign-conversion` with `-Wsign-conversion`.
Fix them in example, tests and wincng. There remain about 360 of these
warnings in `src`. Add a TODO item for those and disable `-Werror` for
this particular warning.
- enable `-Wformat=2` for clang (in both cmake and autotools).
- enable `__attribute__((format))` for `_libssh2_debug()`,
`_libssh2_snprintf()` and in tests for `run_command()`.
`LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
Fix them:
- src: replace obsolete fall-through-comments with
`__attribute__((fallthrough))`.
- wincng: fix `-Wsign-conversion` warnings.
- tests: fix `-Wsign-conversion` warnings.
- example: fix `-Wsign-conversion` warnings.
- src: fix `-Wformat` issues in trace calls.
Also, where necessary fix `int` and `unsigned char` casts to
`unsigned int` and adjust printf format strings. These were not
causing compiler warnings.
Cast large types to `long` to avoid dealing with printf masks for
`size_t` and other C99 types. Existing code often used `int` for this.
I'll update them to `long` in an upcoming commit.
- tests: fix `-Wformat` warning.
- silence `-Wformat-nonliteral` warnings.
- mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
in external header.
Closes #1257
- packet: whitespace fix
Tested via #1257
- tidy-up: unsigned -> unsigned int
In the `interval` argument of public `libssh2_keepalive_config()`.
Tested via #1257
- tests: sync port number type with the rest of codebase
Tested via #1257
- autotools: enable `-Wunused-macros` with gcc
It works with gcc without the libtool warnings seen with clang
on Windows in 96682bd5e14c20828e18bf10ed5b4b5c7543924a #1227.
Sync usage of of this macro with CMake and
autotools + clang + non-Windows. Making it enabled everywhere except
autotools + clang + Windows due to the libtool stub issue.
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Closes #1262
- TODO: disable or drop weak algos [ci skip]
Closes #1261
- example, tests: fix/silence `-Wformat-truncation=2` gcc warnings
Then sync this warning option with curl.
Seems like a false positive and/or couldn't figure how to fix it, so silence:
```
example/ssh2.c:227:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~
example/ssh2.c:227:34: note: assuming directive output of 1 byte
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~
example/ssh2.c:227:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
example/ssh2.c:228:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~
example/ssh2.c:228:34: note: assuming directive output of 1 byte
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~
example/ssh2.c:228:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205970397#step:10:98
Fix:
```
tests/openssh_fixture.c:116:38: error: ' 2>&1' directive output may be truncated writing 5 bytes into a region of size between 1 and 1024 [-Werror=format-truncation=]
tests/openssh_fixture.c:116:11: note: 'snprintf' output between 6 and 1029 bytes into a destination of size 1024
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205969221#step:10:51
Tested via #1257
- example: fix indentation follow-up
Fix long line and fix more indentations.
Follow-up to 9e896e1b80911a53d6aabb322e034e6ca51b6898
- example: fix indentation
Tested via #1257
- autotools: fix missed `-pedantic` and `-Wall` options for gcc
Follow-up to 5996fefe2bad80cfba85b2569ce6ab6ef575142c #1223
Tested via #1257
- ci: show compiler in cross/cygwin job names
Tested via #1257
- mbedtls: further improve disabling `-Wredundant-decls`
Move warning option suppression to `src/mbedtls.h` to surround the actual
external header #includes that need it.
Follow-up to ecec68a2c13a9c63fe8c2dc457ae785a513e157c #1226
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Tested via #1257
GitHub (1 Dec 2023)
- [ren mingshuai brought this change]
example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (#1258)
libssh2_scp_recv is deprecated and has been replaced by libssh2_scp_recv2
in prior commit.
Follow-up to 6c84a426beb494980579e5c1d244ea54d3fc1a3f
Viktor Szakats (27 Nov 2023)
- openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job
- use OpenSSL 3 API when available for HMAC.
This fixes building with OpenSSL 3 `no-deprecated` builds.
- ensure we support pure OpenSSL 3 API by adding a CI job using
OpenSSL 3 custom-built with `no-deprecated`.
Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207
Fixes #1235
Closes #1243
- ci: restore lost comment for FreeBSD [ci skip]
Follow-up to eee4e8055ab375c9f9061d4feb39086737f41a9c
- ci: add OpenBSD (v7.4) job + fix build error in example
- Use CMake, LibreSSL and clang from the base install.
- This uncovered a build error in `example/subsystem_netconf.c`, caused
by using the `%n` printf mask. This is a security risk and some
systems (notably OpenBSD) disable this feature.
Fix it by applying this patch from OpenBSD ports (from 2021-09-11):
https://cvsweb.openbsd.org/ports/security/libssh2/patches/patch-example_subsystem_netconf_c?rev=1.1&content-type=text/x-cvsweb-markup
https://github.com/openbsd/ports/commit/2c5b2f3e94381914a3e8ade960ce8c997ca9d6d7
"The old code is also broken, as it passes a pointer to a variable
of a different size (on LP64). There is no check for truncation,
but buf[] is 1MB in size."
Patch-by: naddy
```
/home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:252:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror]
"]]>]]>\n%n", (int *)&len);
~^
/home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:270:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror]
"]]>]]>\n%n", (int *)&len);
~^
2 errors generated.
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6991449778/job/19022024280#step:3:420
Also made tests with arm64, but it takes consistently almost 14m to
finish the job, vs. 2-3m for the native amd64:
https://github.com/libssh2/libssh2/actions/runs/6991648984/job/19022440525
https://github.com/libssh2/libssh2/actions/runs/6991551220/job/19022233651
Cherry-picked from #1250
Closes #1250
- ci: add NetBSD (v9.3) job
Use CMake, OpenSSL (v1.1) and clang from the base install.
Cherry-picked from #1250
- ci: update and speed up FreeBSD job
- switch to an alternate GitHub action. This one seems (more) actively
maintained, and runs faster:
https://github.com/cross-platform-actions/action
- use clang instead of gcc. clang is already present in the base
install, saving install time and bandwidth.
- stop installing `openssl-quictls` and use the OpenSSL (v1.1) from
the base system.
(I'm suspecting that quictls before this patch wasn't detected by
the build.)
https://wiki.freebsd.org/OpenSSL
Cherry-picked from #1250
- stop using leading underscores in macro names
Underscored macros are reserved for the compiler / standard lib / etc.
Stop using them in user code.
We used them as header guards in `src` and in `__FILESIZE` in `example`.
Closes #1248
- ci: use absolute path in `CMAKE_INSTALL_PREFIX`
To make the installed locations unambiguous in the build logs.
Closes #1247
- openssl: make a function static, add `#ifdef` comments
Follow-up to 03092292597ac601c3f9f0c267ecb145dda75e4e #248
where the function was added.
Also add comments to make `#ifdef` branches easier to follow in
`openssl.h`.
Closes #1246
- ci: boost mbedTLS build speed
Build times down to 4 seconds (from 18-20).
Closes #1245
- openssl: fix DSA code to use OpenSSL 3 API
- fix missing `DSA` type when building for OpenSSL 3 `no-deprecated`.
- fix fallouts after fixing the above by switching away from `DSA`
with OpenSSL 3.
Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207
Closes #1244
- openssl: formatting (delete empty lines) [ci skip]
- tests: fall back to `$LOGNAME` for username
If the `$USER` variable is empty, fall back to using `$LOGNAME` to
retrieve the logged-in username.
In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and
on some systems it may not be set. Without this value, tests were unable
to provide the correct username when logging into the SSH server running
under the active user's session.
Reported-by: Nicolas Mora
Suggested-by: Nicolas Mora
Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348
Fixes #1240
Closes #1241
- libssh2.h: use `_WIN32` for Windows detection instead of rolling our own
Sync up `libssh2.h` Windows detection with the libssh2 source code.
`libssh2.h` was using `WIN32` and `LIBSSH2_WIN32` for Windows detection,
next to the official `_WIN32`. After this patch it only uses `_WIN32`
for this. Also, make it stop defining `LIBSSH2_WIN32`.
There is a slight chance these break compatibility with Windows
compilers that fail to define `_WIN32`. I'm not aware of any obsolete
or modern compiler affected, but in case there is one, one possible
solution is to define this macro manually.
Closes #1238
- openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build
Fixes:
```
src/openssl.c:650:5: error: use of undeclared identifier 'EC_KEY'
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
^
src/openssl.c:650:13: error: use of undeclared identifier 'ec_key'
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
^
src/openssl.c:650:22: error: implicit declaration of function 'EC_KEY_new_by_curve_name' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
^
src/openssl.c:650:22: note: did you mean 'EC_GROUP_new_by_curve_name'?
./quictls/_a64-mac-sys/usr/include/openssl/ec.h:483:11: note: 'EC_GROUP_new_by_curve_name' declared here
EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
^
In file included from ./_a64-mac-sys-bld/src/CMakeFiles/libssh2_static.dir/Unity/unity_0_c.c:19:
In file included from src/crypto.c:10:
src/openssl.c:652:8: error: use of undeclared identifier 'ec_key'
if(ec_key) {
^
```
Ref: https://github.com/curl/curl-for-win/actions/runs/6950001225/job/18909297867#step:3:4341
Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207
Bug #1235
Closes #1236
- openssl: formatting
Sync up these lines with the other two similar occurrences in the code.
Cherry-picked from #1236
GitHub (21 Nov 2023)
- [Michael Buckley brought this change]
openssl: use non-deprecated APIs with OpenSSL 3.x (#1207)
Assisted-by: Viktor Szakats
Viktor Szakats (21 Nov 2023)
- ci: add BoringSSL job (cmake, gcc, amd64)
Closes #1233
- autotools: fix dotless gcc and Apple clang version detections
- fix parsing dotless (major-only) gcc versions.
Follow-up to 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad #1187
- sync gcc detection variable names with curl.
- fix Apple clang version detection for releases between
'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the
version was under-detected as 3.7 llvm/clang equivalent.
- fix Apple clang version detection for 'Apple clang version 11.0.0'
and newer where the Apple clang version was detected, instead of its
llvm/clang equivalent.
- revert to show `clang` instead of `Apple clang`, because we follow it
with an llvm/clang version number. (Apple-ness still visible in raw
version.)
Used this collection for Apple clang / llvm/clang translation and test
inputs: https://gist.github.com/yamaya/2924292
Closes #1232
- acinclude.m4: revert accidental edit [ci skip]
Follow-up to 8c320a93a48775b74f40415e46f84bf68b4d5ae8
- autotools: show more clang/gcc version details
Also:
- show if we detected Apple clang.
- delete duplicate version detection for clang.
Closes #1230
- acinclude.m4: re-sync with curl [ci skip]
- autotools: avoid warnings in libtool stub code
Seen on Windows with clang64, in libtool-generated stub code for
examples and tests.
The error didn't break the CI job for some reason.
msys2 (autotools, clang64, clang-x86_64:
```
[...]
2023-11-17T20:14:17.8639574Z ./.libs/lt-test_read.c:91:10: error: macro is not used [-Werror,-Wunused-macros]
[...]
2023-11-17T20:14:39.8729255Z ./.libs/lt-sftp_write_nonblock.c:91:10: error: macro is not used [-Werror,-Wunused-macros]
[...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6908585056/job/18798193405?pr=1226#step:8:474
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Closes #1227
- mbedtls: improve disabling `-Wredundant-decls`
Disable these warnings specifically for the mbedTLS public headers
and leave it on for the the rest of the code. This also fixes this
issue for autotools. Previous solution was globally disabling this
warning for the whole code when using mbedTLS and only with CMake.
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Closes #1226
- cmake: rename picky warnings script
To match the camel-case style used in other CMake scripts and also
to match the name used in curl.
Closes #1225
- build: enable more compiler warnings and fix them
Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
functionality for it.
Fix issues found along the way:
- wincng, mbedtls: delete duplicate function declarations.
Most of this was due to re-#defining crypto functions to
crypto-backend specific implementations These redefines also remapped
the declarations in `crypto.h`, making the backend-specific
declarations duplicates.
This patch deletes the backend-specific declarations.
- wincng mapped two crypto functions to the same local function.
Also causing double declarations.
Fix this by adding two disctinct wrappers and moving
the common function to a static one.
- delete unreachable `break;` statements.
- kex: disable macros when unused.
- agent: disable unused constants.
- mbedtls: disable double declaration warnings because public mbedTLS
headers trigger it. (with function `psa_set_key_domain_parameters`)
- crypto.h: formatting.
Ref: https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake
Closes #1224
- autotools: sync warning enabler code with curl
Tiny changes and minor updates to bring this code closer
to curl's `m4/curl-compilers.m4`.
Closes #1223
- acinclude.m4: fix indentation [ci skip]
Also match indentation of curl's `m4/curl-compilers.m4` for
easier syncing.
- autotool: rename variable
`WARN` -> `tmp_CFLAGS`
To match curl and make syncing this code easier.
Ref: https://github.com/curl/curl/blob/d1820768cce0e797d1f072343868ce1902170e93/m4/curl-compilers.m4#L479
Closes #1222
- autotools: picky warning options tidy-up
- sync clang warning version limits with CMake.
- make `WARN=` vs. `CURL_ADD_COMPILER_WARNINGS()` consistent with curl
and between clang and gcc (`WARN=` is for `no-` options in general).
Closes #1221
- build: picky warning updates
- cmake, autotools: sync picky gcc warnings with curl.
- cmake, autotools: add `-Wold-style-definition` for clang too.
- cmake, autotools: add comment for `-Wformat-truncation=1`.
- cmake: more precise version info for old clang options.
Closes #1219
- ci: fixup FreeBSD version, bump mbedtls
We haven't been using the FreeBSD version. Also it turns out,
the single version supported is 13.2 at the moment:
https://github.com/vmactions/freebsd-vm/tree/main/conf
Stop trying to set the version and instead rely on the action
providing the latest supported one automatically.
Follow-up to a7d2a573be26238cc2b55e5ff6649bbe620cb8d9
Also:
- add more details to the FreeBSD job description.
- bump mbedtls version while here.
Closes #1217
- cmake: fix multiple include of libssh2 package
Also extend our integration test double inclusion. It will still not
catch this case, because that requires
`cmake_minimum_required(VERSION 3.18)` or higher.
Fixes:
```
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:8 (add_library):
add_library cannot create ALIAS target "libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:13 (add_library):
add_library cannot create ALIAS target "Libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
```
Test to reproduce:
```cmake
cmake_minimum_required(VERSION 3.18) # must be 3.18 or higher
project(test)
find_package(libssh2 CONFIG)
find_package(libssh2 CONFIG) # fails
add_executable(test main.c)
target_link_libraries(test libssh2::libssh2)
```
Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes
Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html
Assisted-by: Kai Pastor
Assisted-by: Harry Mallon
Ref: https://github.com/curl/curl/pull/11913
Closes #1216
- ci: add FreeBSD 13.2 job
It runs over Linux via qemu. First two runs were (very) slow, then it
became (much) more performant at just 2x slower than a native Linux
build. Then got slow again, then fast again. Still seems acceptable
for the value this adds.
The build uses autotools and quictls.
Successful builds:
1. https://github.com/libssh2/libssh2/actions/runs/6802676786/job/18496286419 (13m59s, -j3)
2. https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497243225 (11m5s, -j2)
3. https://github.com/libssh2/libssh2/actions/runs/6803142201/job/18497785049 (3m6s, -j1)
4. https://github.com/libssh2/libssh2/actions/runs/6803194839/job/18497962766 (3m10s, -j2)
5. https://github.com/libssh2/libssh2/actions/runs/6803267201/job/18498208501 (3m13s)
6. https://github.com/libssh2/libssh2/actions/runs/6803510333/job/18498993698 (15m25s)
7. https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528571057 (3m13s)
Similar solution exists for Solaris (over macOS via VirtualBox), but it
hangs forever at `Waiting for text: solaris console login`:
https://github.com/libssh2/libssh2/actions/runs/6802388128/job/18495391869#step:4:185
Idea taken from LibreSSL.
FIXME: Unrelated, the `distcheck` job became flaky in recent days:
https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497256437#step:10:536
```
FAIL: test_auth_pubkey_ok_rsa_aes256gcm
```
https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528588933#step:10:533
```
FAIL: test_read
```
Closes #1215
- reuse: fix duplicate copyright warning
```
PendingDeprecationWarning:
Copyright and licensing information for 'tests/openssh_server/Dockerfile'
has been found in both 'tests/openssh_server/Dockerfile' and in the DEP5
file located at '.reuse/dep5'. The information for these two sources has
been aggregated. In the future this behaviour will change, and you will
need to explicitly enable aggregation. [...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6789274955/job/18456085964#step:4:4
- Makefile.mk: delete Windows-focused raw GNU Make build
We recommend using CMake instead. Especially in unity mode, it's faster
and probably more familiar for most. It's also easily portable.
(`Makefile.mk` was also portable, but in practice only usable for
Windows. Other platforms required a manual config header.)
Also:
- migrate `LIBSSH2_NO_*` option CI tests to CMake.
- make MSYS2 CMake builds verbose to show compilation options.
Closes #1204
- tidy-up: around `stdint.h`
- os400: delete unused `HAVE_STDINT_H`.
- fuzz: delete redundant `stdint.h` use.
`inttypes.h` is already included via `testinput.h`.
- docs/TODO: adjust type in planned function.
Closes #1212
- cmake: show crypto backend in feature summary
This was visible as an enabled package before this patch, but it missed
to show WinCNG.
Closes #1211
- man: fix double spaces and dash escaping
- `- ` -> `- `
- `. ` -> `. `
- `\- ` -> `- `
- `-1` -> `\-1`
- fold long lines along the way
This makes the minus sign come out as a Unicode minus sign
(0x2212), and title separator dashes as Unicode hyphen (0x2010),
with `groff -Tutf8` v1.23.0.
Ref: https://lwn.net/Articles/947941/
Closes #1210
- src: fix gcc 13 `-Wconversion` warning on Darwin
```
src/session.c: In function 'libssh2_poll':
src/session.c:1776:22: warning: conversion from 'long int' to '__darwin_suseconds_t' {aka 'int'} may change value [-Wconversion]
1776 | tv.tv_usec = (timeout_remaining % 1000) * 1000;
| ^
```
Ref: https://github.com/curl/curl-for-win/actions/runs/6711735060/job/18239768548#step:3:4368
Follow-up to 08354e0abbe86d4cc5088d210d53531be6d8981a
Closes #1209
- openssl: silence `-Wunused-value` warnings
Seen with gcc 12.
Manual: https://www.openssl.org/docs/man3.1/man3/BIO_reset.html
```
./quictls/linux-a64-musl/usr/include/openssl/bio.h:555:34: warning: value computed is not used [-Wunused-value]
555 | # define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./libssh2/src/openssl.c:3518:5: note: in expansion of macro 'BIO_reset'
./libssh2/src/openssl.c:3884:5: note: in expansion of macro 'BIO_reset'
./libssh2/src/openssl.c:3995:5: note: in expansion of macro 'BIO_reset'
```
Ref: https://github.com/curl/curl-for-win/actions/runs/6696392318/job/18194032712#step:3:5060
Closes #1205
- Makefile.am: fix `cp` to preserve attributes and timestamp
- cmake: simplify showing CMake version
Move it to `CMakeLists.txt`. Drop `cmake --version` commands.
Credit to the `zlib-ng` project for the idea:
https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078bd1399/CMakeLists.txt#L7
Closes #1203
- ci: mbedtls 3.5.0
v3.5.0 needs extra compiler option for i386 to avoid:
```
#error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
```
Closes #1202
- tests: show cmake version used in integration tests
Closes #1201
- readme.vms: fix typo [ci skip]
Detected by codespell 2.2.6
- appveyor: YAML/PowerShell formatting, shorten variable name
- use single-quotes in yaml and PowerShell.
- shorten a variable name.
- use indentation 2 for scripts.
- use C else-style in PowerShell.
Closes #1200
- ci: update actions, use shallow clones with appveyor
- update GitHub Actions to their latest versions.
- use shallow git clones in AppVeyor CI to save data over the wire.
Closes #1199
- appveyor: move to pure PowerShell
- replace batch commands with PowerShell.
- merge separate command entries into single PowerShell blocks.
Closes #1197
- windows: use built-in `_WIN32` macro to detect Windows
Instead of `WIN32`.
The compiler defines `_WIN32`. Windows SDK headers or build env defines
`WIN32`, or we have to take care of it. The agreement seems to be that
`_WIN32` is the preferred practice here.
Minor downside is that CMake uses `WIN32` and we also adopted it in
`Makefile.mk`.
In public libssh2 headers we stick with accepting either `_WIN32` or
`WIN32` and define our own namespaced `LIBSSH2_WIN32` based on them.
grepping for `WIN32` remains useful to detect Windows-specific code.
Closes #1195
- cmake: cleanup mbedTLS version detection more
- lowercase, underscored local variables.
- fix `find_library()` to use the multiple names passed.
- rely more on `find_package_handle_standard_args()`.
Logic based on our `Findwolfssl.cmake`.
- delete ignored/unused `MBEDTLS_LIBRARY_DIR`.
- revert CI configuration to use `MBEDCRTYPO_LIBRARY`.
- clarify inputs/outputs in comment header.
- use variable for regex.
- formatting.
Follow-up to 41594675072c578294674230d4cf5f47fa828778 #1192
Closes #1196
- cmake: delete duplicate `include()`
- cmake: improve/fix mbedTLS detection
- libssh2 needs the crypto lib only, stop dealing with the rest.
- simplify logic.
- drop hard-wired toolchain specific options that broke with e.g. MSVC.
Reported by: AR Visions
Fixes #1191
- add mbedTLS version detection for recent releases.
- merge custom detection results display into a single line.
- shorten mbedTLS configuration in macOS CI job.
Used the curl mbedTLS detection logic for ideas:
https://github.com/curl/curl/blob/a8c773845f4fdbfb09b08a6ec4b656c812568995/CMake/FindMbedTLS.cmake
Closes #1192
GitHub (24 Sep 2023)
- [concussious brought this change]
libssh2_session_get_blocking.3: Add description (#1185)
Viktor Szakats (21 Sep 2023)
- autotools: fix selecting wincng in cross-builds (and more)
- Fix explicitly selecting WinCNG in autotools cross-builds by moving
`windows.h` header check before the WinCNG availability check.
Follow-up to d43b8d9b0b9cd62668459fe5d582ed83aabf77e7
Reported-by: Jack L
Fixes #1186
- Add Linux -> mingw-w64 cross-builds for autotools and CMake. This
doesn't detect #1186, because that happened when explicitly specifying
WinCNG via `--with-crypto=wincng`, but not when falling back to WinCNG
by default.
- autotools: fix to strip suffix from gcc version
Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu
may return `n-win32` (also with `-dumpfullversion`). Causing these
errors and failing to enable picky warnings:
```
../configure: line 23845: test: : integer expression expected
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143
Fix that by stripping any dash-suffix.
gcc version detection is still half broken because we translate '10'
to '10.10' because `cut -d. -f2` returns the first word if the
delimiter missing.
More possible `-dumpversion` output: `10-posix`, `10-win32`,
`9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0`
Ref: https://github.com/mamedev/mame/pull/9767
Closes #1187
GitHub (28 Aug 2023)
- [Michael Buckley brought this change]
Properly bounds check packet_authagent_open() (#1179)
* Properly bounds check packet_authagent_open
* packet.c: use strlen instead of sizeof for strings
* Make LIBSSH_CHANNEL's channel_type_len a size_t
* packet_authagent_open: use size_t for offset
Credit:
Michael Buckley, signed off by Will Cosgrove
Viktor Szakats (28 Aug 2023)
- os400qc3: move FIXME comment [ci skip]
Follow-up to eb9f9de2c19ec67d12a444cce34bdd059fd26ddc
- md5: allow disabling old-style encrypted private keys at build-time
Before this patch, this happened at runtime when using an old (pre-3.0),
FIPS-enabled OpenSSL backend.
This patch makes it possible to disable this via the build-time option
`LIBSSH2_NO_MD5_PEM`.
Also:
- make sure to exclude all MD5 internal APIs when both the above and
`LIBSSH2_NO_MD5` are enabled.
- fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM`
and `LIBSSH2_NO_3DES`.
- add FIXME to apply this change to `os400qc3.*`.
Old-style encrypted private keys require MD5 and they look like this:
```
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<MD5-hex>
<base64>
-----END RSA PRIVATE KEY-----
```
E.g.: `tests/key_rsa_encrypted`
Ref: https://github.com/libssh2/www/issues/20
Closes #1181
- cmake: tidy-up `foreach()` syntax
Use `IN LISTS` and `IN ITEMS`. This appears to be the preferred way
within CMake's own source code and possibly improves readability.
Fixup a side-effect of `IN LISTS`, where it retains empty values at
the end of the list, as opposed to the syntax used before, which
dropped it. In our case this happened with lines read from a text
file via `file(READ)`.
https://cmake.org/cmake/help/v3.7/command/foreach.html
Closes #1180
- ci: replace `mv` + `chmod` with `install` in `Dockerfile`
Cherry-picked from #1175
Closes #1175
- ci: set file mode early in `appveyor_docker.yml`
Also:
- replace tab with spaces in generated config file
- formatting
Cherry-picked from #1175
- ci: add spellcheck (codespell)
Also rename a variable in `src/os400qc3.c` to avoid a false positive.
Cherry-picked from #1175
- cmake: also test for `libssh2_VERSION`
Cherry-picked from #1175
- cmake: show cmake versions in ci
Cherry-picked from #1175
- tests: formatting and tidy-ups
- Dockerfile: use standard sep with `sed`
- Dockerfile: use single quotes in shell command
- appveyor.yml: use long-form option with `choco`
- tests/cmake: add language to test project
- reuse.yml: fix indentation
```
$ yamllint reuse.yml
reuse.yml
[...]
11:5 error wrong indentation: expected 6 but found 4 (indentation)
15:5 error wrong indentation: expected 6 but found 4 (indentation)
[...]
27:5 error wrong indentation: expected 6 but found 4 (indentation)
```
Cherry-picked from #1175
- openssl.c: whitespace fixes
Cherry-picked from #1175
- checksrc: fix spelling in comment [ci skip]
- cmake: quote more strings
Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1
Closes #1173
- drop `www.` from `www.libssh2.org`
<https://www.libssh2.org/*> is now a 301 permanent redirect to
<https://libssh2.org/*>.
Update all references to point directly to the new destination.
Ref: https://github.com/libssh2/www/commit/ccf4a7de7f702a8ee17e2c697bcbef47fcf485ed
Closes #1172
- cmake: add `ExternalProject` integration test
- via `ExternalProject_Add()`:
https://cmake.org/cmake/help/latest/module/ExternalProject.html
(as documented in `docs/INSTALL_CMAKE.md`)
- also make `FetchContent` fetch from local repo instead of live master.
Closes #1171
- cmake: add integration tests
Add a small project to test dependent/downstream CMake build using
libssh2. Also added to the GHA CI, and you can also run it locally with
`tests/cmake/test.sh`.
Test three methods of integrating libssh2 into a project:
- via `find_package()`:
https://cmake.org/cmake/help/latest/command/find_package.html
- via `add_subdirectory()`:
https://cmake.org/cmake/help/latest/command/add_subdirectory.html
- via `FetchContent`:
https://cmake.org/cmake/help/latest/module/FetchContent.html
Closes #1170
- cmake: (re-)add aliases for `add_subdirectory()` builds
Add internal libssh2 library aliases to make these available for
downstream/dependent projects building libssh2 via `add_subdirectory()`:
- `libssh2:libssh2_static`
- `libssh2:libssh2_shared`
- `libssh2:libssh2` (shared, or static when not building shared)
- `libssh2` (shared, or static when not building shared)
Of these, `libssh2` was present in v1.10.0 and earlier releases, but
missing from v1.11.0.
Closes #1169
- cmake: delete empty line [ci skip]
Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1
- cmake: reflect minimum version in docs [ci skip]
Follow-up to 9cd18f4578baa41dfca197f60557063cad12cd59
- cmake: style tidy up
- quote text literals to improve readability.
(exceptions: `FILES` items, `add_subdirectory` names, `find_package`
names, literal target names, version numbers, 0/1, built-in CMake
values and CMake keywords, list items in `cmake/max_warnings.cmake`)
- quote standalone variables that could break syntax on empty values.
- replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`.
- add missing mode to `message()` call.
- `TRUE`/`FALSE` â `ON`/`OFF`.
- add missing default value `OFF` to `option()` for clarity.
- unfold some lines.
- `INSTALL_CMAKE.md` fixes and updates. Show defaults.
Closes #1166
- wincng: prefer `ULONG`/`DWORD` over `unsigned long`
To match with the types used by the `Crypt*()` (uses `DWORD`) and
`BCrypt*()` (uses `ULONG`) Windows APIs.
This patch doesn't change data width or signedness.
Closes #1165
- wincng: tidy-ups
- make `_libssh2_wincng_key_sha_verify` static.
- prefer `unsigned long` over `size_t` in two static functions.
- prefer `ULONG` over `DWORD` to match `BCryptImportKeyPair()`
and `BCryptGenerateKeyPair()`.
- add a newline.
Closes #1164
- ci: add MSYS builds (autotools and cmake)
Use existing MSYS2 section and extend it with builds for the MSYS
environment with both autotools and cmake.
MSYS builds resemble Cygwin ones: The env is Unixy, where Windows
headers are all available but we don't use them.
Also:
- extend existing autotools logic for Cygwin to skip detecting
`windows.h` for MSYS targets too.
- require `windows.h` for the WinCNG backend in autotools. Before this
patch, autotools allowed selecting WinCNG on the Cygwin and MSYS
platforms, but the builds then fell apart due to the resulting mixed
Unixy + Windowsy environment. The general expectation for Cygwin/MSYS
builds is not to use the Windows API directly in them.
- stop manually selecting the `MSYS Makefiles` CMake generator for
MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but
it broke MSYS build which use `Unix Makefiles`. Deleting this setting
fixes all build flavours.
Closes #1162
- ci: cygwin job tidy-ups
`CMAKE_C_COMPILER=gcc` not necessary, delete it.
Follow-up to f1e96e733fefb495bc31b07f5c2a5845ff877c9c
Cherry-picked from #1163
Closes #1163
- ci: add Cygwin builds (autotools and cmake)
To avoid builds picking up non-Cygwin components coming by default with
the CI machine, I used the solution recommended by Cygwin [1] and set
`PATH` manually. To avoid repeating this for each step, I merged steps
into a single one. Let us know if there is a more elegant way.
Cygwin's Github Action uses cleartext HTTP. We upgrade this to HTTPS.
autotools build seemed to take slightly longer than other jobs. To save
turnaround time I disabled building tests.
Cygwin package search: https://cygwin.com/cgi-bin2/package-grep.cgi
[1] https://github.com/cygwin/cygwin-install-action/tree/v4#path
Closes #1161
- cmake: add `LIB_NAME` variable
It holds the name `libssh2`. Mainly to document its uses, and also
syncing up with the same variable in libcurl.
Closes #1159
- cmake: add one missed `PROJECT_NAME` variable
Follow-up to 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c
Closes #1158
- cmake: tidy-up concatenation in `CMAKE_MODULE_PATH`
Former solution was appending an empty element to the array if
`CMAKE_MODULE_PATH` was originally empty. The new syntax doesn't have
this side-effect.
There is no known issue caused by this. Fixing it for good measure.
Closes #1157
- ci: add mingw-w64 UWP build
Add a CI test for Windows UWP builds using mingw-w64. Before this patch
we had UWP builds tested with MSVC only.
Alike existing UWP jobs, it's not possible to run the binaries due to
the missing UWP runtime DLL:
https://github.com/libssh2/libssh2/actions/runs/5821297010/job/15783475118#step:11:42
We could install `winstorecompat-git` in the setup-msys2 step, but opted
to do it manually to avoid the overhead for every matrix job.
All this would work smoother with llvm-mingw, which features an UWP
toolchain prefix and provides all necessary implibs by default.
This also hit a CMake bug (with v3.26.4), where CMake gets confused and
sets up `windres.exe` to use the MSVC rc.exe-style command-line:
https://github.com/libssh2/libssh2/actions/runs/5819232677/job/15777236773#step:9:126
Notice that MS "sunset" UWP in 2021:
https://github.com/microsoft/WindowsAppSDK/discussions/1615
If this particular CI job turns out to be not worth the maintenance
burden or CPU time, or too much of a hack, feel free to delete it.
Ref: https://github.com/libssh2/libssh2/pull/1147#issuecomment-1670850890
Closes #1155
- cmake: replace `libssh2` literals with `PROJECT_NAME` variable
Where applicable.
This also makes it more obvious which `libssh2` uses were referring
to the project itself.
Closes #1152
- cmake: fix `STREQUAL` check in error branch
This caused a CMake error instead of our custom error when manually
selecting the `WinCNG` crypto-backend for a non-Windows target.
Also cleanup `STREQUAL` checks to use variable name without `${}` on
the left side and quoted string literals on the right.
Closes #1151
- misc: flatten `_libssh2_explicit_zero` if tree
Closes #1149
- src: drop a redundant `#include`
We include `misc.h` via `libssh2_priv.h` already.
Closes #1153
- openssl: use automatic initialization with LibreSSL 2.7.0+
Stop calling `OpenSSL_add_all_*()` for LibreSSL 2.7.0 and later.
LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization and
deprecated these functions. Stop calling these functions manually for
LibreSSL version that no longer need them.
Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt
Ref: https://github.com/libressl/openbsd/commit/46f29f11977800547519ee65e2d1850f2483720b
Ref: https://github.com/libssh2/libssh2/issues/302
Also stop calling `ENGINE_*()` functions when initialization is
automatic with LibreSSL 2.7.0+ and OpenSSL 1.1.0+. Engines are also
initializated automatically with these.
Closes #1146
- gha: restore curly braces in `if`
Without curly braces it was less obvious which string is a GHA expression.
Also fix an `if` expression that always missed its curly braces.
Reverts cab3db588769d6deed97ba89ca9221fd7503405e
Closes #1145
- ci: bump mbedtls
- [renmingshuai brought this change]
Add a new structure to separate memory read and file read.
We use different APIs when we read one private key from memory,
so it is improper to store the private key information in the
structure that stores the private key file information.
Fixes https://github.com/libssh2/libssh2/issues/773
Reported-by: mike-jumper
- tests: replace FIXME with comments
`key_dsa_wrong` is the same kind of (valid) key as `key_dsa`, both with
an empty passphrase. Named "wrong" because it's intentionally not added
to our `openssh_server/authorized_keys` file.
- tidy-up: delete duplicate word from comment
- cmake: cache more config values on Windows
Set two cases of non-detection to save the time dynamically detecting
these on each build init. Affects old MSVC versions.
Before:
https://ci.appveyor.com/project/libssh2org/libssh2/builds/47668870/job/i17e0e9yx8rgpv4i
After:
https://ci.appveyor.com/project/libssh2org/libssh2/builds/47674950/job/ysa1jq0pxtyhui3f
Closes #1142
- revert: build: respect autotools `DLL_EXPORT` in `libssh2.h`
Revert fb1195cf88268a11e2709b9912ab9dca8c23739c #917
On a second look this change did not improve anything with autotools
builds. autotools seems to handle the dll export matter without it.
This patch also broke (e.g.) curl-for-win autotools builds, where the
curl build defines `DLL_EXPORT` while building libcurl DLL. `libssh2.h`
picks it up, resulting in unresolved symbols while trying to link a
static libssh2 on Windows. The best fix seems to be to revert this,
instead of adding extra tweaks to dependents.
Fixes:
https://ci.appveyor.com/project/curlorg/curl-for-win/builds/47667412#L11035
```
ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_block_directions
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_do)
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_connect)
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_multi_statemach)
>>> referenced 8 more times
ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_init_ex
>>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_connect)
ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_set_read_timeout
[...]
```
Closes #1141
- gha: simplify `if` strings
Closes #1140
- test_read: make it run without Docker
Apply an existing fix to `test_read`, so that it falls back to use
the current username instead of the hardcoded `libssh2` when run
outside Docker.
This allows to run algo tests with this command:
```shell
cd tests
./test_sshd.test ./test_read_algos.test
```
Closes #1139
- cmake: streamline invocation
Stop specifiying the current directory.
Simplify build instructions.
Closes #1138
- NMakefile: delete
This make file was for long time unmaintained (last updated in 2014).
Despite best efforts to keep it working in the recent round of major
overhauls, it appears to be broken now. There is also no way to test it
without an actual MSVC env and it's also missing from our CI. Based on
our Issue tracker, it's also not widely used.
Since its addition in 2005, libssh2 got support for CMake in 2014.
CMake should be able to generate NMake makefiles with the option
`-G "NMake Makefiles"`. (I haven't tested this.)
Ref: https://github.com/libssh2/libssh2/discussions/1129
Closes #1134
- tests: add aes256-gcm encrypted key test
Follow-up to #1133
Also update `tests/gen_keys.sh` to set `aes256-ctr` encryption method
for `key_ed25519_encrypted' explicitly.
Closes #1135
GitHub (26 Jul 2023)
- [Jakob Egger brought this change]
Fix private keys encrypted with aes-gcm methods (#1133)
libssh2 1.11.0 fails to decrypt private keys encrypted with
aes128-gcm@openssh.com and aes256-gcm@openssh.com ciphers.
To reproduce the issue, you can create a test key with a command like
the following:
```bash
ssh-keygen -Z aes256-gcm@openssh.com -f id_aes256-gcm
```
If you attempt to use this key for authentication, libssh2 returns the
not-so-helpful error message "Wrong passphrase or invalid/unrecognized
private key file format".
The problem is that OpenSSH encrypts keys differently than packets. It
does not include the length as AAD, and the 16 byte authentication tag
is appended after the encrypted key. The length of the authentication
tag is not included in the encrypted key length.
I have not found any documentation for this behaviour -- I discovered it
by looking at the OpenSSH source. See the `private2_decrypt` function in
<https://github.com/openssh/openssh-portable/blob/master/sshkey.c>.
This patch fixes the code for reading OpenSSH private keys encrypted
with AES-GCM methods.
Viktor Szakats (26 Jul 2023)
- ci: add missing timeout to 'autotools distcheck' step
- cmake: merge `set_target_properties()` calls
Also rename variable `LIBSSH2_VERSION` to `LIBSSH2_LIBVERSION` in
context of lib versioning to avoid collision with another use.
Closes #1132
- cmake: formatting [ci skip]
- cmake: (re-)add zlib to `Libs.private` in `libssh2.pc`
We mistakently added transitive zlib to `Requires.private` before, then
removed it. This patch re-adds zlib, but this time to `Libs.private`,
which is listing raw libs and should include transitive libs as well.
Also add zlib when used as a direct dependency when zlib compression
support is enabled.
Follow-up to ef538069a661a43134fe7b848b1fe66b2b43bdac
Closes #1131
- cmake: formatting [ci skip]
- cmake: use `wolfssl/options.h` for detection, like autotools
Closes #1130
- build: stop requiring libssl from openssl
libssh2 does not use or need the TLS/SSL library of OpenSSL.
It only needs libcrypto.
Closes #1128
- cmake: add openssl libs to `Libs.private` in `libssh2.pc`
Also to sync up with autotools-generated `libssh2.pc`, that
already added them.
Closes #1127
- Makefile.mk: stop linking unused mbedtls libs
Stop linking libmbedtls and libmbedx509 (similarly to autotools).
Only libmbedcrypto is necessary for libssh2.
- cmake: bump minimum CMake version to v3.7.0
Fixes the warning below, which appeared in CMake v3.27.0:
```
CMake Deprecation Warning at CMakeLists.txt:39 (cmake_minimum_required):
Compatibility with CMake < 3.5 will be removed from a future version of
CMake.
Update the VERSION argument <min> value or use a ...<max> suffix to tell
CMake that the project does not need compatibility with older versions.
```
Bump straight up to v3.7.0 to sync up with the curl project:
https://github.com/curl/curl/blob/2900c29218d2d24ab519853589da84caa850e8c7/CMakeLists.txt#L64
CMake release dates:
v3.7.0 2016-11-11
v3.5.0 2016-03-08
v3.1.0 2014-12-17
Closes #1126
- build: tidy-up `libssh2.pc.in` variable names
- prefix with `LIBSSH2_PC_`
- match with the names of `pkg-config` values.
- use the same names in autotools and CMake scripts.
- use `LIBSSH2_VERSION` for the version number in autotools scripts,
to match the name used in CMake.
Closes #1125
- libssh2.pc: re-add & extend support for static-only libssh2 builds
Adapted for libssh2 from the curl commit message by James Le Cuirot:
"A project built entirely statically will call `pkg-config` with
`--static`, which utilises the `Libs.private:` field. Conversely it will
not use `--static` when not being built entirely statically, even if
there is only a static build of libssh2 available. This will most
likely cause the build to fail due to underlinking unless we merge the
`Libs:` fields.
Consider that this is what the Meson build system does when it generates
`pkg-config` files."
This patch extends the above to `Requires:`, to mirror `Libs:` with
`pkg-config` package names.
Follow-up to 1209c16d93cba3c5e0f68c12fa4a5049f49c00d8 #1114
Ref: https://github.com/libssh2/libssh2/pull/1114#issuecomment-1634334809
Ref: https://github.com/curl/curl/commit/98e5904165859679cd78825bcccb52306ee3bb66
Ref: https://github.com/curl/curl/pull/5373
Closes #1119
GitHub (14 Jul 2023)
- [Nursan Valeyev brought this change]
cmake: CMAKE_SOURCE_DIR -> PROJECT_SOURCE_DIR (#1121)
Fixes compiling as dependency with FetchContent
Co-authored-by: Viktor Szakats
Viktor Szakats (14 Jul 2023)
- autotools: use comma separator in `Requires.private` of `libssh2.pc`
In `Requires*:`, the documented name separator is comma. We already used
it in the CMake-generated `libssh2.pc`. Adjust the autotools-generated
one to use it too, instead of spaces.
Ref: https://linux.die.net/man/1/pkg-config
Ref: https://gitlab.freedesktop.org/pkg-config/pkg-config/-/blob/d97db4fae4c1cd099b506970b285dc2afd818ea2/pkg-config.1
Closes #1124
- build: add/fix `Requires.private` packages in `libssh2.pc`
- autotools was using `libwolfssl`. CMake left it empty. wolfSSL
provides `wolfssl.pc`. This patch sets `Requires.private: wolfssl`
with both build tools.
- add `libgcrypt` to `Requires.private` with both autotools and CMake.
Ref:
https://github.com/gpg/libgcrypt/blob/e76e88eef7811ada4c6e1d57520ba8c439139782/src/libgcrypt.pc.in
Present since 2005-04-22:
https://github.com/gpg/libgcrypt/commit/32bf3f13e8b45497322177645bebf0b5d0c9cb8e
Released in v1.3.0 2007-05-04:
https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.3.0
- also stop adding transitive `zlib` deps to `Requires.private`.
The referenced crypto package is adding it as nedded.
This makes deduplication of the list redundant, so stop doing it.
Follow-up to 2fc367900701e6149efc42bd674c4b69127756dd
(`libssh2.pc` not tested as a project dependency.)
Closes #1123
- cmake: tidy-ups
- dedupe `Requires.private` in `libssh2.pc`.
`zlib` could appear on the list twice:
```
Requires.private: libssl,libcrypto,zlib,zlib
```
According to CMake docs `list(REMOVE_DUPLICATES ...)`, is supported by
our minimum required CMake version (and by earlier ones even):
https://cmake.org/cmake/help/v3.1/command/list.html#remove-duplicates
- move `cmake_minimum_required()` to the top.
- move `set(CMAKE_MODULE_PATH)` to the top.
- delete duplicate `set(CMAKE_MODULE_PATH)`.
- replace `CMAKE_CURRENT_SOURCE_DIR` with `PROJECT_SOURCE_DIR` in root
`CMakeLists.txt` for robustness.
- replace `gcovr` option with long-form for readability/consistency.
- rename `GCOV_OPTIONS` to `GCOV_CFLAGS`. These are C options we enable
when using gcov, not gcov tooling options.
Closes #1122
- openssl: add missing check for `LIBRESSL_VERSION_NUMBER` before use
Fixes:
```
openssl.h:101:5: warning: "LIBRESSL_VERSION_NUMBER" is not defined [-Wundef]
LIBRESSL_VERSION_NUMBER >= 0x3050000fL
^
```
Ref: https://github.com/libssh2/libssh2/issues/1115#issuecomment-1631845640
Closes #1117
- [Harmen Stoppels brought this change]
Don't put `@LIBS@` in pc file
- misc: delete redundant NULL check and assignment
Follow-up to 724effcb47ebb713d3ef1776684b8f6407b4b6a5 #1109
Ref: https://github.com/libssh2/libssh2/pull/1109#discussion_r1246613274
Closes #1111
- [renmingshuai brought this change]
We should check whether *key_method is a NULL pointer instead of key_method
Signed-off-by: renmingshuai <renmingshuai@huawei.com>
GitHub (30 Jun 2023)
- [ren mingshuai brought this change]
Add NULL pointer check for outlen before use (#1109)
Before assigning a value to the outlen, we need to check whether it is NULL.
Credit: Ren Mingshuai <renmingshuai@huawei.com>
Viktor Szakats (25 Jun 2023)
- cmake: re-add `Libssh2:libssh2` for compatibiliy + lowercase namespace
- add `libssh2:libssh2` target that selects the shared lib if built,
otherwise the static one.
- re-add `Libssh2:libssh2` target for compatibility with v1.10.0 and
earlier. This is an alias for `libssh2:libssh2`.
- keep `libssh2:libssh2_shared` and `libssh2_libssh2_static` targets.
- allow using `find_package(libssh2)` in dependents as an alternative
to `find_package(Libssh2)`.
Co-authored-by: Radek Brich
Suggested-by: Haowei Hsu
Fixes #1103
Fixes #731
Closes #1104
- example: fix regression in `ssh2_exec.c`
Regression from b13936bd6a89993cd3bf4a18317ca5bd84bb08d7 #861 #846.
Update a variable name missed above.
Reported-by: PewPewPew
Fixes #1105
Closes #1106
- docs: replace SHA1 with SHA256 in CMake example
- checksrc: modernise perl file open
Use regular variables and separate file open modes from filenames.
Suggested by perlcritic
Copied from https://github.com/curl/curl/commit/7f669aa0f1d40ef5d64543981f22bdc5af1272f5
Copied from https://github.com/curl/trurl/commit/f2784a9240f47ee28a845
- reuse: comply with 3.1 spec and 2.0.0 checker
The checker tool was upgraded upstream to 2.0.0 and the REUSE
Specification to version 3.1 (from 3.0), causing these new errors:
```
reuse.project - WARNING - Copyright and licensing information for 'docs/INSTALL_AUTOTOOLS' have been found in 'docs/INSTALL_AUTOTOOLS' and the DEP5 file located at '.reuse/dep5'. The information in the DEP5 file has been overridden. Please ensure that this is correct.
reuse.project - WARNING - Copyright and licensing information for 'tests/openssh_server/Dockerfile' have been found in 'tests/openssh_server/Dockerfile' and the DEP5 file located at '.reuse/dep5'. The information in the DEP5 file has been overridden. Please ensure that this is correct.
The following files have no licensing information:
* docs/INSTALL_AUTOTOOLS
* tests/openssh_server/Dockerfile
```
Via: https://github.com/libssh2/libssh2/actions/runs/5333572682/jobs/9664211341?pr=1098#step:4:4
Ref: https://github.com/fsfe/reuse-tool/releases/tag/v2.0.0
Ref: https://git.fsfe.org/reuse/docs/src/branch/stable/CHANGELOG.md#3-1-2023-06-21
Original discovery: https://github.com/libssh2/libssh2/pull/1098#issuecomment-1600719575
Fixes #1101
Closes #1102
- tests: trap signals in scripts
Closes #1098
- test_sshd.test: fixup to distcheck failure
Fixes:
```
ERROR: test_sshd.test - missing test plan
ERROR: test_sshd.test - exited with status 1
```
Ref: https://github.com/libssh2/libssh2/actions/runs/5322354271/jobs/9638694218#step:10:532
Caused by trying to create the log file in a read-only directory.
Follow-up to 299c2040625830d06ad757d687807a166b57d6de
Closes #1099
GitHub (21 Jun 2023)
- [Viktor Szakats brought this change]
test_sshd.test: show sshd and test connect logs on harness failure (#1097)
- [Joel Depooter brought this change]
Fix incorrect byte offset in debug message (#1096)
Fixes debug log message
Credit:
Joel Depooter
Viktor Szakats (16 Jun 2023)
- tidy-up: delete whitespace at EOL [ci skip]
- mbedtls: include `version.h` for `MBEDTLS_VERSION_NUMBER`
Older (2021 or earlier?) mbedTLS releases require this.
Reported-by: rahmanih on Github
Fixes #1094
Closes #1095
- hostkey: do not advertise ssh-rsa when SHA1 is disabled
Before this patch OpenSSL, mbedTLS, WinCNG and OS/400 advertised both
SHA2 and SHA1 host key algos, even when SHA1 was not supported by the
crypto backend or when forcefully disabled via `LIBSSH2_NO_RSA_SHA1`.
Reported-by: João M. S. Silva
Fixes #1092
Closes #1093
- openssl.h: whitespace tidy-up [ci skip]
GitHub (14 Jun 2023)
- [Dan Fandrich brought this change]
test_sshd.test: set a safe PID directory (#1089)
The compiled in default to sshd can be a non-writable location since it
expects to be run as root.
Viktor Szakats (13 Jun 2023)
- mingw: fix printf mask for 64-bit integers
Before 02f2700a61157ce5a264319bdb80754c92a40a24 #846 #876, we used
`%I64d'. That patch changed this to `%lld`. This patch uses `PRId64`
(defined in `inttypes.h`).
Fixes #1090
Closes #1091
- test_sshd.test: minor cleanups
Daniel Stenberg (7 Jun 2023)
- provide SPDX identifiers
- All files have prominent copyright and SPDX identifier
- If not embedded in the file, in the .reuse/dep5 file
- All used licenses are in LICENSES/ (not shipped in tarballs)
- A new REUSE CI job verify that all files are OK
Assisted-by: Viktor Szakats
Closes #1084
Viktor Szakats (6 Jun 2023)
- src: improve MSVC C4701 warning fix
Simplify the code to avoid this warning. This might also help avoiding
it with other compilers (e.g. gcc?).
Improves 02f2700a61157ce5a264319bdb80754c92a40a24 #876
Might fix #1083
Closes #1086
Daniel Stenberg (5 Jun 2023)
- configure.ac: remove AB_INIT
Not used. Remove m4/autobuild.m4 as well
Viktor Szakats (4 Jun 2023)
- copyright: remove years from copyright headers
Also:
- uppercase `(C)`.
- add missing 'All rights reserved.' lines.
- drop duplicate 'Author' lines.
- add copyright headers where missing.
- enable copyright header check in checksrc.
Reasons for deleting years (copied as-is from curl):
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
Closes #1082
- tests: cast to avoid `-Wchar-subscripts` with Cygwin
```
In file included from $HOME/src/cygwin/libssh2/libssh2-1.11.0-1.x86_64/src/libssh2-1.11.0/tests/openssh_fixture.c:57:
$HOME/src/cygwin/libssh2/libssh2-1.11.0-1.x86_64/src/libssh2-1.11.0/tests/openssh_fixture.c: In function 'run_command_varg':
$HOME/src/cygwin/libssh2/libssh2-1.11.0-1.x86_64/src/libssh2-1.11.0/tests/openssh_fixture.c:136:37: warning: array subscript has type 'char' [-Wchar-subscripts]
136 | while(end > 0 && isspace(buf[end - 1])) {
| ~~~^~~~~~~~~
```
Ref: https://github.com/libssh2/libssh2/files/11644340/cygwin-x86_64-libssh2-1.11.0-1-check.log
Reported-by: Brian Inglis
Fixes #1080
Closes #1081
- tidy-up: avoid exclamations, prefer single quotes, in outputs
Closes #1079
- autotools: improve libz position
We repositioned crypto libs in 4f0f4bff5a92dce6a6cd7a5600a8ee5660402c3f
via #941 and subsequently in d4f58f03438e326b8696edd31acadd6f3e028763
from d93ccf4901ef26443707d341553994715414e207 via #1013.
This patch moves libz accordingly, to unbreak certain build scenarios.
Reported-by: Kenneth Davidson
Regression from 4f0f4bff5a92dce6a6cd7a5600a8ee5660402c3f #941
Fixes #1075
Closes #1077
- src: bump `hash_len` to `size_t` in `LIBSSH2_HOSTKEY_METHOD`
Follow-up to 7b8e02257f01a6dac5f65305b18bb74a157fb5c4
Closes #1076
- ci: add non-static autotools i386 build, ignore GHA updates on AppVeyor
Add a non-static autotools build to GitHub Actions. Make this build
target i386 and libgcrypt, to test a new build combination if we are at
it.
Also:
- GHA: add necessary generic bits for i386 autotools builds.
- AppVeyor CI: teach it to ignore commits updating our GHA config.
Follow-up to 572c57c9d8d4e89cfce19dde40125d55481256d1 #1072
Closes #1074
GitHub (31 May 2023)
- [Xi Ruoyao brought this change]
autotools: skip tests requiring static lib if `--disable-static` (#1072)
Co-authored-by: Viktor Szakats
Regression from 83853f8aea0e2f739cacd491632eb7fd3d03ad2d #663
Fixes #1056
Viktor Szakats (31 May 2023)
- ci: prefer `=` operator in shell snippets
Closes #1073
- src: bump DSA and ECDSA sign `hash_len` to `size_t`
Closes #1055
- scp: fix missing cast for targets without large file support
E.g. on 32-bit Linux. Issue revealed after adding i386 Linux CI build
in abdf40c741c575f94bdea1c67a9d1182ff813ccb #1057.
```
/home/runner/work/libssh2/libssh2/src/scp.c: In function 'scp_recv':
/home/runner/work/libssh2/libssh2/src/scp.c:765:23: error: conversion from 'libssh2_int64_t' {aka 'long long int'} to '__off_t' {aka 'long int'} may change value [-Werror=conversion]
765 | sb->st_size = session->scpRecv_size;
| ^~~~~~~
```
Ref: https://github.com/libssh2/libssh2/actions/runs/5126803482/jobs/9221746299?pr=1054#step:12:51
Regression from 5db836b2a829c6fff1e8c7acaa4b21b246ae1757 #1002
Closes #1060
- mbedtls.h: formatting [ci skip]
For consistency with `mbedtls.c`.
Follow-up to 1153ebdeba563ac657b525edd6bf6da68b1fe5e2
- libssh2.h: bump to 1.11.1_DEV [ci skip]
- mbedtls: use more `size_t` to sync up with `crypto.h`
Ref: 5a96f494ee0b00282afb2db2e091246fc5e1774a #846 #879
Fixes #1053
Closes #1054
- ci: drop redundant/unused vars, sync var names
Closes #1059
- ci: add i386 Linux build (with mbedTLS)
Also:
- reorder Linux build matrix to make build tool more visible.
- hide apt-get progress bar.
- prepare package install step for i386 builds.
Detects bug #1053
Closes #1057
- checksrc: switch to dot file
Closes #1052
Version 1.11.0 (30 May 2023)
Daniel Stenberg (30 May 2023)
- libssh2.h: bump to 1.11.0 for release
GitHub (30 May 2023)
- [Will Cosgrove brought this change]
Libssh2 1.11 release notes, copyright (#1048)
* Libssh2 1.11 release notes, copyright
Viktor Szakats (29 May 2023)
- add copyright/credits
Closes #1050
- ci: add LIBSSH2_NO_AES_CBC to GNU Make build
Closes #1049
- ci: add wolfSSL Linux builds
Exclude wolfSSL builds from tests. All fail:
```
2/43 Test #2: test_aa_warmup ............................***Failed 5.59 sec
libssh2_session_handshake failed (-44): Unable to ask for ssh-userauth service
```
Ref: https://github.com/libssh2/libssh2/actions/runs/5085775952/jobs/9139583212#step:12:942 (with logging)
Ref: https://github.com/libssh2/libssh2/actions/runs/5085586301/jobs/9139192562#step:12:225
wolfSSL version:
```
Get:1 http://azure.archive.ubuntu.com/ubuntu jammy/universe amd64 libwolfssl32 amd64 5.2.0-2 [818 kB]
Get:2 http://azure.archive.ubuntu.com/ubuntu jammy/universe amd64 libwolfssl-dev amd64 5.2.0-2 [1194 kB]
```
Cherry-picked from #1046
Closes #1046
- ci: mbedTLS build config tidy-up
Cherry-picked from #1046
- wolfssl: fix detection of AES-GCM feature
Follow-up to df513c0128e1a811ad863d153892618e728845f0
Ref: https://github.com/libssh2/libssh2/issues/1020#issuecomment-1562069241
Closes #1045
- build: fix 'unused' compiler warnings with all `NO` options set
- add `LIBSSH2_NO_ED25519` build-time option to force-disable ED25519
support. Useful to replicate crypto-backend builds without ED25519,
such as wolfSSL.
- openssl: fix unused variable and function warnings with all supported
`LIBSSH2_NO_*` options enabled.
- mbedtls: fix misplaced `#endif` leaving out the required internal
public function `libssh2_supported_key_sign_algorithms()`.
- mbedtls: add missing prototype for two internal public functions.
- delete a redundant block.
All `NO` options:
```shell
CPPFLAGS='
-DLIBSSH2_NO_MD5 -DLIBSSH2_NO_HMAC_RIPEMD -DLIBSSH2_NO_DSA
-DLIBSSH2_NO_RSA -DLIBSSH2_NO_RSA_SHA1
-DLIBSSH2_NO_ECDSA -DLIBSSH2_NO_ED25519 -DLIBSSH2_NO_AES_CTR
-DLIBSSH2_NO_BLOWFISH -DLIBSSH2_NO_RC4 -DLIBSSH2_NO_CAST
-DLIBSSH2_NO_3DES'
```
Closes #1044
- cmake: avoid `list(PREPEND)` for compatibility
`list(PREPEND)` requires CMake v3.15, our minimum is v3.1. `APPEND`
should work fine for headers anyway.
Also fix a wrongly placed comment.
Ref: https://cmake.org/cmake/help/latest/command/list.html#prepend
Regression from 1e3319a167d2f32d295603167486e9e88af9bb4e
Closes #1043
- checksrc: verify label indent, fix fallouts
Also update two labels to match the rest of the source.
checksrc update credit: Emanuele Torre @emanuele6
Ref: https://github.com/curl/curl/pull/11134
Closes #1042
- tidy-up: minor nits
- ci: drop default shared/static configuration options
Both autotools and cmake build both shared and static lib by default.
Ref: 896154bc17f000c0a1bb89b74bc879692ac0d47c
Delete configuration enabling these explicitly in CI jobs.
Cherry-picked from #1036
Closes #1036
- cmake: enable shared libssh2 library by default
This brings default behaviour in sync with autotools, which builds both
lib flavours by default.
(Notice that on Windows, autotools includes the Windows Resource in the
static library, when building both at the same time. CMake doesn't have
this issue.)
Enabling both lib flavours has a side-effect when using non-MinGW
toolchains (e.g. MSVC): to resolve the filename conflict between import
and static libraries, we add a suffix to the static lib, naming it
`libssh2_static.lib`. This can break dependent builds relying on
`libssh2.lib` for linking the static libssh2.
Workarounds:
- disable either shared or static libssh2 via
`-DBUILD_STATIC_LIBS=OFF` or
`-DBUILD_SHARED_LIBS=OFF`. This results in a libssh2 library (either
static or shared) without a prefix: `libssh2.lib`.
- set a custom static library suffix via:
`-DSTATIC_LIB_SUFFIX=_my_static`. Resulting in
`libssh2_my_static.lib`, and import library
`libssh2.lib`.
- set a custom import library suffix via:
`-DIMPORT_LIB_SUFFIX=_my_implib`. Resulting in
`libssh2_my_implib.lib` import library, and static library
`libssh2.lib`.
- customize the default static/import library suffix (incl. extension)
via
`-DCMAKE_STATIC_LIBRARY_SUFFIX=_my_static_suffix.lib` or
`-DCMAKE_IMPORT_LIBRARY_SUFFIX=_my_import_suffix.lib`.
Cherry-picked from #1036
- cmake: tweak static/import lib name collision avoidance logic
The collision issue affects (typically) MSVC, when building both shared
and static libssh2 in one go.
Ref: https://stackoverflow.com/questions/2140129/what-is-proper-naming-convention-for-msvc-dlls-static-libraries-and-import-libr
Initially we handled this by appending the `_imp` suffix to the import
library filename. This is how curl tackles this, but on a second look,
this solution seem to be accidental and has no widespread use.
It seems more widely accepted to use the '_static' suffix for the static
library. This patch implements this.
(MinGW, Cygwin and unixy platforms are not affected by this issue.)
Follow-up to 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1
Cherry-picked from #1036
- cmake: add `IMPORT_LIB_SUFFIX` (like `STATIC_LIB_SUFFIX`)
Allow resolving the import/static library name collision also by setting
a custom _import_ library name suffix.
Follow-up to 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1
Cherry-picked from #1036
- ci: do not disable shared lib with msys2/autotools in GHA
Cherry-picked from #1036
- Makefile.mk: fix `DYN=1 test` by skipping tests needing static lib
`DYN=1` means to build examples/tests against the shared libssh2.
Before this patch this was broken for building tests. This patch skips
building tests that require the static libssh2 library, so the build now
succeeds.
Also move the list of tests that require static lib from
`CMakeLists.txt` to `Makefile.inc`, so that we can reuse it in
`Makefile.mk`.
Couldn't find a way to also reuse it in `Makefile.am`. Move the
`Makefile.am` specific definitions close to the shared list, to make it
easier to keep them synced.
Cherry-picked from #1036
- ci: make one of the AppVeyor CMake jobs shared-only
This build combination did not have a CI test before.
Cherry-picked from #1036
- cmake: allow tests with `BUILD_STATIC_LIBS=OFF`
Before this patch, the CMake build did not allow to disable static
libssh2 library while also building tests.
This patch removes this constraint, and makes this combination possible.
In this case the 3 (at the moment) tests that require a static libssh2
library, are skipped from the build and test runs.
Cherry-picked from #1036
- build: fix to set `-DLIBSSH2DEBUG` for tests
Required for tests using libssh2 internals. These are the ones
requiring the libssh2 _static_ lib.
Before this patch, `src` and `tests` declared the `session` structure
differently, due to extra struct members added with the `LIBSSH2DEBUG`
macro set. But, the macro was only set for `src` when using CMake. At
runtime this caused struct members to be at different offsets between
lib and test code, resulting in the test failures below.
Due to another bug in the affected test, these failures did not reflect
in the exit code, which always returned success, so this went unnoticed
for a good while. Fixed in: 84d31d0ca7b647ad4c2aa92bf8f4a94b233f5d3b
```
Start 5: test_auth_keyboard_info_request
[...]
5: Test case 1 passed
5: Test case 2 passed
5: Test case 3: expected return code to be 0 got -1
5: Test case 4: expected last error code to be "-6" got "-38"
5: Test case 5: expected last error code to be "-6" got "-38"
5: Test case 6: expected last error code to be "-6" got "-38"
5: Test case 7: expected last error message to be "Unable to decode keyboard-interactive number of keyboard prompts" got "userauth keyboard data buffer too small to get l
5: Test case 8: expected last error code to be "-41" got "-38"
5: Test case 9: expected return code to be 0 got -1
5: Test case 10: expected return code to be 0 got -1
5: Test case 11: expected last error code to be "-6" got "-38"
5: Test case 12: expected last error message to be "Unable to decode user auth keyboard prompt echo" got "userauth keyboard data buffer too small to get length"
5: Test case 13: expected return code to be 0 got -1
5: Test case 14: expected return code to be 0 got -1
5: Test case 15: expected last error code to be "-6" got "-38"
5: Test case 16: expected last error code to be "-6" got "-38"
5: Test case 17: expected last error code to be "-6" got "-38"
5: Test case 18: expected last error code to be "-6" got "-38"
```
Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46925869/job/i9uasceu3coss0i2#L440
Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46983040/job/c3vag25c26a77lyr#L485
Cherry-picked from #1037
Closes #1037
- test_auth_keyboard_info_request: fix to return failure
Before this patch, this test returned success even when one of its tests
failed. Fix it by returning 1 in case any of the tests fails.
This issue masked a CMake build bug with logging enabled. Subject to an
upcoming patch.
Cherry-picked from #1037
- test_auth_keyboard_info_request: fix indentation
Cherry-picked from #1037
- tidy-up: move comment off from copyright header
Cherry-picked from #1037
- ci: enable shared libs in msys2/macOS cmake builds
Shared libs improve example/tests build times. For "unity"
builds the overhead of building shared lib is negligible, so
this even reduced the overall build-time.
Follow-up to 3d64a3f5100f7f4cf52202396eb4f1c3f3567771
Follow-up to d93ccf4901ef26443707d341553994715414e207
Tests:
https://github.com/libssh2/libssh2/actions/runs/4906586658: unity builds enabled
https://github.com/libssh2/libssh2/actions/runs/4906925743: unity builds enabled + parallel msys2 builds
https://github.com/libssh2/libssh2/actions/runs/4906777629: unity + shared lib (this commit)
https://github.com/libssh2/libssh2/actions/runs/4906927190: unity + shared lib (this commit) + parallel msys2 builds
Consider making shared libs enabled by default also in CMake, to sync it with autotools?
Closes #1035
- ci: add missed --parallel 3 from msys2 cmake builds
Follow-up to 3d64a3f5100f7f4cf52202396eb4f1c3f3567771
- cmake: add and test "unity" builds
"Unity" (aka "jumbo", aka "amalgamation" builds concatenate source files
before compiling. It has these benefits for example: faster builds,
improved code optimization, cleaner code. Let's support and test this.
- enable unity builds for some existing CI builds to test this build
scenario.
- tune `UNITY_BUILD_BATCH_SIZE` size.
- disable unity build for example and test programs (they use one source
each already).
You can enable it by passing `-DCMAKE_UNITY_BUILD=ON` to cmake.
Supported by CMake 3.16 and newer.
Ref: https://cmake.org/cmake/help/latest/prop_tgt/UNITY_BUILD.html
Closes #1034
- tests: simplify passing `srcdir` to tests
Before this patch libssh2 used a variety of solutions to pass the source
directory to tests: `FIXTURE_WORKDIR` build-time macro (cmake),
`FIXTURE_WORKDIR` envvar (unused), setting `srcdir` manually
(autotools), setting current directory (cmake), and also `builddir`
envvar (autotools) for passing current working dir to `mansyntax.sh`.
This patch reduces this to using existing `srcdir` with autotools and
setting it ourselves in CMake. This was mostly enabled by this recent
patch: 4c9ed51f962f542b98789b15bedaaa427f4029a2
Details:
- cmake: replace baked-in `FIXTURE_WORKDIR` macro with env.
Added in 54bef4c5dad868a9d45fdbfca9729b191c0abab5 #198 (2018-03-21)
- rename `FIXTURE_WORKDIR` to `srcdir`, to match autotools.
- cmake: add missing `srcdir` for algo and sshd tests.
- session_fixture: stop `chdir()`-ing, rely on prefixing with `srcdir`.
Changing current directory should be unnecessary after
4c9ed51f962f542b98789b15bedaaa427f4029a2 #801 (2023-02-24),
that prefixes referenced input filenames with the `srcdir` envvar.
The `srcdir` envvar was already exported by autotools, and now we're
also setting it from CMake.
- cmake: stop setting `WORKING_DIRECTORY`, rely on `srcdir` env.
`WORKING_DIRECTORY` is no longer necessary, after passing `srcdir` to
all tests, so they can find our source tree and keys/etc in it
regardless of the current directory.
Also this past commit hints that `WORKING_DIRECTORY` wasn't always
working for this purpose as expected:
"tests: Xcode doesn't obey CMake's test working directory"
Ref: https://github.com/libssh2/libssh2/pull/198/commits/10a5cbf945abcc60153ee3d59284d09fc64ea152
- autotools: delete explicit `srcdir` for test env.
Added in 13f8addd1bc17e6c55d52491cc6304319ac38c6d (2015-07-02)
automake documents `srcdir` as exported to the test environment:
https://github.com/autotools-mirror/automake/blob/c04c4e8856e3c933239959ce18e16599fcc04a8b/doc/automake.texi#L9302-L9304
https://www.gnu.org/software/automake/manual/html_node/Scripts_002dbased-Testsuites.html
It's mentioned in the docs back in 1997 and got a regression test in
2012. We can safely assume it to be available without setting it
ourselves.
- autotools: delete explicit `builddir`.
Added in 13f8addd1bc17e6c55d52491cc6304319ac38c6d (2015-07-02)
It seems this wasn't necessary to make the above fix work, and
`mansyntax.sh` is able to figure out the build workdir by reading
`$PWD`. Our out-of-tree and `make distcheck` CI builds also work
without it.
Let us know if there is a scenario we're missing and needs this.
Closes #1032
- src: fix `libssh2_store_*()` for >u32 inputs
`_libssh2_store_str()` and `_libssh2_store_bignum2_bytes()` accept
inputs of `size_t` max, store the size as 32-bit unsigned integer, then
store the complete input buffer.
With inputs larger than `UINT_MAX` this means the stored size is smaller
than the data that follows it.
This patch truncates the stored data to the stored size, and now returns
a boolean with false if the stored length differs from the requested
one. Also add `assert()`s for this condition.
This is still not a correct fix, as we now dump consistent, but still
truncated data which is not what the caller wants. In future steps we'll
need to update all callers that might pass large data to this function
to check the return value and handle an error, or make sure to not call
this function with more than UINT_MAX bytes of data.
Ref: c3bcdd88a44c4636818407aeb894fabc90bb0ecd (2010-04-17)
Ref: ed439a29bb0b4d1c3f681f87ccfcd3e5a66c3ba0 (2022-09-29)
Closes #1025
- cmake: limit WinCNG to Windows
After deleting the `bcrypt.h` check, no check remained. Restore
a `WIN32` check here to ensure WinCNG is not enabled outside Windows.
Follow-up to 1289033598546ee5089ff0fc4369d24e1e2be81f
Tested-in #1032
- cmake: move `CMAKE_VS_GLOBALS` setting to CI configs
To not force this setting for local builds where they might serve
a good purpose.
It makes our CI runs slightly faster and we don't need to track
file changes in unattended, single, CI runs.
Cherry-picked from #1031
- cmake: prefill for faster config phase on Windows
Prefill known detection results on Windows with MinGW and MSVC, to
avoid spending time on detecting these on every cmake configuration
run.
With MinGW + clang and MSVC, this elminates all detections.
With MinGW + gcc, it reduces them to 3.
Cherry-picked from #1031
- libssh2_setup.h: set `HAVE_INTTYPES_H` for MSVC
To sync up the hand-crafted config with actual detection results
by CMake and autotools. Sources compiled fine without it anyway.
Cherry-picked from #1031
- cmake: re-add `select()` detection (regression)
`select()` detection suffered two regressions: First I accidentally
deleted it for non-Windows [1]. Then the Windows-specific setting got
missed from the generated `libssh2_config.h` after a rearrangement in
`CMakeLists.txt` files.
[1] 31fb8860dbaae3e0b7d38f2a647ee527b4b2a95f (2023-03-07)
[2] 803f19f004eb6a5b525c48fff6f46a493d25775c (2023-04-18)
This patch restores detection. For Windows, enable it unconditionally,
not only for speed reasons, but because detection needs `ws2_32`, and
even that is broken on the x86 platform. According to the original
`cmake/SocketLibraries.cmake`, caused by a calling convention mismatch.
FWIW autotools detects it correctly.
Cherry-picked from #1031
- ci: merge make job into msys2 section, enable zlib + openssl
Follow up to dd625766271a0ba13f5ac661bdc2fa40bbfa580a
Cherry-picked from #1030
- ci: add missing timeouts for autotools tests
Cherry-picked from #1030
- ci: add mingw-w64 clang and gcc CMake jobs
Cherry-picked from #1030
- cmake: assume `bcrypt.h` with WinCNG
autotools already didn't check for `bcrypt.h`, and such check is only
required for old/legacy mingw without obsolete/incomplete Windows
headers.
curl deprecated old-mingw support just recently and will delete support
in September 2023.
This patch saves some complexity and detection time by dropping this
check for CMake. Meaning that mingw-w64 is now required to compile
libssh2 when using the WinCNG backend for 32-bit builds. Other backends
and CPU platforms are not affected.
Ref: https://github.com/curl/curl/commit/e4d5685cb5d6eb07e1b43156fd7e3ba3563afba5
Closes #1026
- cmake: do not check for `poll()` on Windows
While it seems to exist on mingw in theory, it's not detected as of this
writing. It also has issues, and not ready for production use:
https://stackoverflow.com/questions/1671827/poll-c-function-on-windows
On MSVC it's even less supported.
Skip checking this to save CMake detection time.
Closes #1027
- agent_win: make a struct static and other build improvements
Also:
- merge back `agent.h` into `agent.c` where it was earlier.
Ref: c998f79384116e9f6633cb69c2731c60d3a442bb
- introduce `HAVE_WIN32_AGENT` internal macro.
- fix two guards to exclude more code unused in UWP builds.
Follow-up to 1c1317cb768688eee0e5496c72683190aaf63b29
Closes #1028
- tidy-up: formatting nits
Whitespace and redundant parenthesis in `return`s.
Closes #1029
GitHub (3 May 2023)
- [Nick Woodruff brought this change]
sftp: parse attribute extensions, if present, to avoid stream parsing errors (#1019)
Prevents directory listing errors when attribute extensions are present
by advancing stream parsing past extensions.
Viktor Szakats (3 May 2023)
- tests: merge `sshd_fixture.sh` into `test_sshd.test`
Merge the loop executing multiple tests and the script that actually
launches the tests into a single script. This same script is now called
from both autotools and CMake. autotools loads the list of tests from
`Makefile.inc`, CMake passes it via the command-line. It's also possible
to call the script manually with a custom list of tests or individual
ones.
With this setup we're now launching a single sshd session for all tests,
instead of launching and killing it for each test. This did not improve
reliability of these test on CI machines, and it's easy to go back to
the previous behaviour if necessary.
Also:
- allow passing custom sshd options via `SSHD_FLAGS`.
- add `SSHD_TESTS_LIMIT_TO` to limit the number of tests to its value.
E.g. `SSHD_TESTS_LIMIT_TO=1` executes the first test only. Meant for
debugging.
- use `ssh` to test the connection (if available) instead of fixed
amount of wait. Made to also work on Windows.
- set `PermitRootLogin yes` in `sshd`, to allow running tests as root.
- show `sshd` path and version.
Cherry-picked from #1017 (the last one)
Closes #1024
- ci: make sure to run tests after all builds in GHA
Whenever possible. Due to flakiness/hangs/timeouts, keep sshd
tests disabled on Windows and macOS.
Also keep Docker tests disabled on these platforms, they do not work:
GHA Windows:
```
no matching manifest for windows/amd64 in the manifest list entries
```
GHA macOS:
```
sh: docker: command not found
```
It's not possible to run UWP and ARM64 binaries:
UWP:
```
Test #2: test_simple ......................Exit code 0xc0000135
```
Needs but doesn't find: `VCRUNTIME140_APP.dll`.
ARM64
```
D:/a/libssh2/libssh2/bld/tests/Release/test_ssh2.exe: cannot execute binary file: Exec format error
```
Cherry-picked from #1017
- tests: disable sshd tests on Windows via new options
Instead of using hacks inside the build systems.
`SSHD` variable added to GitHub Actions is not currently used.
Added there to make it easy to experiment with these tests and
the path is non-trivial to discover. Using the Windows built-in
sshd server is another option (haven't discovered its path yet).
Cherry-picked from #1017
- tests: add cmake/autotools options to disable running tests
autotools:
- `--disable-docker-tests`
- `--disable-sshd-tests`
cmake:
- `RUN_DOCKER_TESTS`
- `RUN_SSHD_TESTS`
Update automake and ci to use this new flag and delete former logic
of relying on Windows detection and `HOST_WINDOWS`. Also fix honoring
this when running `test_read_algos.test`.
This allows to disable these individually and on per-CI/local-job basis.
To run as much tests as the env allows.
Cherry-picked from #1017
- ci: add `make distcheck` job
Cherry-picked from #1017
- ci: switch to out-of-tree autotools builds
Cherry-picked from #1017
- ci: restore parallel builds with cmake
Also add missing -j3 for macOS builds.
Partial revert of 0d08974633cfc02641e6593db8d569ddb3644255
Cherry-picked from #1017
- ci: sync names, steps, syntax, build dirname between jobs
Also:
- delete an unused 64-bit option for Linux (all jobs are 64-bit).
- fix to not install libgcrypt and openssl when doing mbedTLS builds.
[ Empty lines after multiline run commands are solely to unbreak
my editor's syntax highlighting. They can be deleted in the future ]
Cherry-picked from #1017
- ci: add `Makefile.mk` test, with `LIBSSH2_NO_*` options
Cherry-picked from #1017
- Makefile.mk: use Makefile.inc from example and tests
Instead of assembling the list using `$(wildcard ...)`.
Also split off a `tests/Makefile.inc` from `tests/Makefile.am`. With its
simpler syntax, this also allows to delete some complexity from the
CMake loader.
Cherry-picked from #1017
- example, tests: fix ssh2 to correctly return failure
Before this patch ssh2 and test_ssh2 returned success even if the session
failed at `libssh2_session_handshake()` or after.
This patch depends on cda41f7cb87c3af5258ba48ccef19d3efdbd3d3b, that fixed
running test_ssh2 on Windows via sshd_fixture.
Cherry-picked from #1017
- tests: set -e -u in shell scripts
Cherry-picked from #1017
- cmake: use shared libs again in example and tests
Re-sync with autotools and v1.10.0 behavior.
This improves build times. It also allows to stop building our special
shared test target to test shared builds.
Follow-up to 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1
Cherry-picked from #1017
Closes #1022
- tests: retry KEX failures when using the WinCNG backend
Twice. This tests are flaky and we haven't figured out why. In the
meantime use this workaround to test and log these issues, but also
ensure that CI run aren't flagged red because of it.
Also:
- kex: add debug message when hostkey `sig_verify` fails,
to help tracking WinCNG KEX failures.
- test_ssh2: also add retry logic.
I'm not quite sure this is correct. Please let me know.
- session_fixture: bump up `src_path` slots to fit retries and show
message when hitting the limit.
- session_fixture: clear `kbd_password` static variable after use.
- session_fixture: close and deinit socket after use.
- session_fixture: deinit libssh2 after use.
Ref: #804 #846 #979 #1012 #1015
Cherry-picked from #1017
Closes #1023
- example, test_ssh2: shutdown socket before close
Syncing them with `tests/session_fixture.c`.
Cherry-picked from #1017
- ci.yml: fix indentation [ci skip]
Cherry-picked from #1017
- Makefile.mk: make tests depend on runner lib
Cherry-picked from #1017
- build: compile agent_win.c via agent.c
Silences these warnings on non-Windows:
```
ranlib: file: libssh2.a(agent_win.c.o) has no symbols
```
Cherry-picked from #1017
- cmake: delete obsolete comment
Follow-up to 80175921638fa0a345237d23206a2ad1644cdd9b
Cherry-picked from #1017
- checksrc.sh: fix it to run from any current directory
Also silence a shellcheck warning.
Cherry-picked from #1017
- ISSUE_TEMPLATE: ask for crypto backend version
Also fix casing in backend names.
Cherry-picked from #1017
- tests: fix newlines in test keys for sshd on Windows
Make sure these files get LF newlines on checkout. Before this patch
a checked out libssh2 Git repository may have used CRLF newlines in text
files, include test keys. Private keys with CRLF newlines could confuse
sshd on Windows:
```
# sshd version: 'OpenSSH_9.2, OpenSSL 1.1.1t 7 Feb 2023'
Unable to load host key "/d/a/libssh2/libssh2/tests/openssh_server/ssh_host_ed25519_key": invalid format
Unable to load host key: /d/a/libssh2/libssh2/tests/openssh_server/ssh_host_ed25519_key
```
Ref: https://github.com/libssh2/libssh2/actions/runs/4846188677/jobs/8635575847#step:6:39
Cherry-picked from #1017
- cmake: move option descriptions next to definition
Cherry-picked from #1017
- checksrc: sync with curl
There were no new issues detected.
Cherry-picked from #1017
- openssl: enable AES-GCM with wolfSSL
Follow-up to 3c953c05d67eb1ebcfd3316f279f12c4b1d600b4 #797
There is pending issue with wolfSSL, where encryption/decryption is not
working (both with and without this patch). Ref: #1020
Cherry-picked from #1017
- appveyor: add a UWP OpenSSL 3 build
Cherry-picked from #1017
- appveyor: skip `before_test` when not doing tests
Also merge `before_test` section into `test_script`.
Cherry-picked from #1017
- docs: delete two stray characters
Cherry-picked from #1017
- tidy-up: avoid expression 'of course'
Cherry-picked from #1017
- tidy-up: avoid word 'just'
Cherry-picked from #1017
- tidy-up: avoid word 'simply'
Cherry-picked from #1017
- tests: teach to use the `USERNAME` envvar on Windows
Necessary to pick the correct local username when run on Windows.
Cherry-picked from #1017
- test_ssh2: support `FIXTURE_TRACE_ALL*` envvars
Cherry-picked from #1017
- tidy-up: add missing newline to error msg, formatting
Also:
- fix indent
- lowercase variables names
- fix formatting in `src/global.c`
Cherry-picked from #1017
- appveyor: wait more for SSH connection from GHA
Cherry-picked from #1017
- ci: restrict permissions in GitHub Actions
Cherry-picked from #1017
- build: fix autoreconf warnings
- update `AC_HELP_STRING' to 'AS_HELP_STRING`:
```
configure.ac:[...]: warning: The macro `AC_HELP_STRING' is obsolete.
```
"AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works
already since 2.59 so bump the minimum required version to that."
Ref: https://github.com/curl/curl/commit/a59f04611629f0db9ad8e768b9def73b9b4d9423
- simplify to avoid:
```
src/Makefile.inc:48: warning: variable 'EXTRA_DIST_SOURCES' is defined but no program or
src/Makefile.inc:48: library has 'DIST' as canonical name (possible typo)
```
Regression from 2c18b6fc8df060c770fa7e5da704c32cf40a5757
- `AC_TRY_LINK`/`AC_TRY_COMPILE`:
```
configure.ac:335: warning: The macro `AC_TRY_COMPILE' is obsolete.
configure.ac:335: warning: The macro `AC_TRY_LINK' is obsolete.
```
- `libtool`-related ones:
```
configure.ac:70: warning: The macro `AC_LIBTOOL_WIN32_DLL' is obsolete.
configure.ac:70: warning: AC_LIBTOOL_WIN32_DLL: Remove this warning and the call to _LT_SET_OPTION when you
configure.ac:70: put the 'win32-dll' option into LT_INIT's first parameter.
configure.ac:71: warning: The macro `AC_PROG_LIBTOOL' is obsolete.
```
Using code copied from curl:
https://github.com/curl/curl/blob/9ce7eee07042605045dcfd02a6f5b38ad5c8a05d/m4/xc-lt-iface.m4#L157-L163
- delete commented and obsolete `AC_HEADER_STDC`.
- formatting.
Most cherry-picked from `autoupdate` updates.
Cherry-picked from #1017
Closes #1021
- docker-bridge.ps1: use native newlines
Also add a shebang and exec flag to ease testing/handling on *nix.
PowerShell accepts both LF and CRLF.
Cherry-picked from #1017
GitHub (1 May 2023)
- [Zenju brought this change]
sftp: remove packet limit for directory reading (#791)
Currently libssh2 cannot read huge directory listings when the package
size of `LIBSSH2_SFTP_PACKET_MAXLEN` (256KB) is hit. For example AWS
always sends a single package with all files of a directory, no matter
how big it is: https://freefilesync.org/forum/viewtopic.php?t=10020
Package size is probably around 7MB in this case!
`LIBSSH2_SFTP_PACKET_MAXLEN` is a good idea in general, but there
doesn't seem to be a one size fits all. While