- update to 1.6.0
Changes:
Added CMake build system
Added libssh2_userauth_publickey_frommemory()
Bug fixes:
wait_socket: wrong use of difftime()
userauth: Fixed prompt text no longer being copied to the prompts struct
mingw build: allow to pass custom CFLAGS
Let mansyntax.sh work regardless of where it is called from
Init HMAC_CTX before using it
direct_tcpip: Fixed channel write
WinCNG: fixed backend breakage
OpenSSL: caused by introducing libssh2_hmac_ctx_init
userauth.c: fix possible dereferences of a null pointer
wincng: Added explicit clear memory feature to WinCNG backend
openssl.c: fix possible segfault in case EVP_DigestInit fails
wincng: fix return code of libssh2_md5_init()
kex: do not ignore failure of libssh2_sha1_init()
scp: fix that scp_send may transmit not initialised memory
scp.c: improved command length calculation
nonblocking examples: fix warning about unused tvdiff on Mac OS X
configure: make clear-memory default but WARN if backend unsupported
OpenSSL: Enable use of OpenSSL that doesn't have DSA
OpenSSL: Use correct no-blowfish #define
kex: fix libgcrypt memory leaks of bignum
libssh2_channel_open: more detailed error message
wincng: fixed memleak in (block) cipher destructor
OBS-URL: https://build.opensuse.org/request/show/311823
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh2_org?expand=0&rev=51
- update to 1.5.0
* fixes CVE-2015-1782 (bnc#921070)
- tarball verification
* added libssh2_org.keyring
* added libssh2-1.5.0.tar.gz.asc
Changes in 1.5.0:
Added Windows Cryptography API: Next Generation based backend
Bug fixes:
Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782
missing _libssh2_error in _libssh2_channel_write
knownhost: Fix DSS keys being detected as unknown.
knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer.
libssh2.h: on Windows, a socket is of type SOCKET, not int
libssh2_priv.h: a 1 bit bit-field should be unsigned
windows build: do not export externals from static library
Fixed two potential use-after-frees of the payload buffer
Fixed a few memory leaks in error paths
userauth: Fixed an attempt to free from stack on error
agent_list_identities: Fixed memory leak on OOM
knownhosts: Abort if the hosts buffer is too small
sftp_close_handle: ensure the handle is always closed
channel_close: Close the channel even in the case of errors
docs: added missing libssh2_session_handshake.3 file
docs: fixed a bunch of typos
userauth_password: pass on the underlying error code
_libssh2_channel_forward_cancel: accessed struct after free
_libssh2_packet_add: avoid using uninitialized memory
_libssh2_channel_forward_cancel: avoid memory leaks on error
_libssh2_channel_write: client spins on write when window full
windows build: fix build errors
OBS-URL: https://build.opensuse.org/request/show/290303
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh2_org?expand=0&rev=49
- update to 1.4.3
compression: add support for zlib@openssh.com
Bug fixes:
sftp_read: return error if a too large package arrives
libssh2_hostkey_hash.3: update the description of return value
examples: use stderr for messages, stdout for data
openssl: do not leak memory when handling errors
improved handling of disabled MD5 algorithm in OpenSSL
known_hosts: Fail when parsing unknown keys in known_hosts file
configure: gcrypt doesn't come with pkg-config support
session_free: wrong variable used for keeping state
libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating
Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner
userauth.c: fread() from public key file to correctly detect any errors
configure.ac: Add option to disable build of the example applications
Added 'Requires.private:' line to libssh2.pc
SFTP: filter off incoming "zombie" responses
gettimeofday: no need for a replacement under cygwin
SSH_MSG_CHANNEL_REQUEST: default to want_reply
win32/libssh2_config.h: Remove hardcoded #define LIBSSH2_HAVE_ZLIB
build error with gcrypt backend
always do "forced" window updates to avoid corner case stalls
aes: the init function fails when OpenSSL has AES support
transport_send: Finish in-progress key exchange before sending data
channel_write: acknowledge transport errors
examples/x11.c: Make sure sizeof passed to read operation is correct
examples/x11.c:,Fix suspicious sizeof usage
sftp_packet_add: verify the packet before accepting it
SFTP: preserve the original error code more
OBS-URL: https://build.opensuse.org/request/show/147891
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh2_org?expand=0&rev=41
