- add Linux jobs with old OpenSSL versions: 1.1.1, 1.1.0, 1.0.2, with
tests.
(Meaning we test these again after losing them in AppVeyor CI)
- add LibreSSL Linux job with tests.
- cache most dependency packages built from source.
(exception: wolfSSL, which would have added too much complexity
due to the multiple versions, and it's fast to build anyway.)
- change source tarball sources to GitHub for better stability and
performance.
- move dependency versions to the env.
- set `persist-credentials: false` for checkout steps for security.
- pin actions to hash for security.
- checkout repo later, right before use.
- skip building BoringSSL tests to finish quicker.
- set `fail-fast: false` in the BSD build matrix.
- cmake: move UWP workaround from GHA to `CMakeLists.txt`, making it
available for everyone.
- list installed packages in OpenBSD job.
- bump BoringSSL, mbedTLS, wolfSSL, OpenSSL.
- bump cross-platform-actions to v0.26.
- bump docker/build-push-action to v6.
- bump actions/upload-artifact to v4.
- bump NetBSD to 10.1.
- drop `--quiet 2` `apt-get` option to keep useful output.
- drop `--no-install-suggests --no-install-recommends` `apt-get`
options. They are the defaults with the `ubuntu-24.04` image.
- tidy up quotes.
Cherry-picked from #1484Closes#1528
- enable compiler warning `-Wcast-qual`.
- add `LIBSSH2_UNCONST()` macro to strip const where absolutely
necessary to avoid compiler warnings.
- fix const stripping by constifying where necessary.
- fix const stripping by using `LIBSSH2_UNCONST()`.
- libgcrypt.h: drop unnecessary casts.
- openssl: fix to use new `BIO_new_mem_buf()` parameter types
with wolfSSL.
Cherry-picked from #1484Closes#1527
- show platform flags (via curl).
- add `LIBSSH2_USE_PKGCONFIG` option to control whether to use
`pkg-config` to find dependencies.
- set `.pc` names withing the Find modules.
- add `mbedcrypto` to `libssh2.pc` only when detected via `pkg-config`.
Workaround for older mbedtls versions and non-CMake mbedTLS builds
(as of mbedTLS 3.6.2) that don't emit an `mbedcrypto.pc` file.
- set header paths relative to the project root (tidy-up).
- use `-isystem` for crypto backend and zlib header paths.
To match autotools.
- sync header path order with autotools.
- rename local variables to underscore-lowercase.
- minor tidy-ups.
Cherry-picked from #1484Closes#1525
- cmake: add support to build ossfuzz.
Enable with `-DBUILD_OSSFUZZ=ON`.
Also supports `-DLIB_FUZZING_ENGINE=` like autotools does.
- check for `__clang__` when suppressing warnings in source. Necessary
for clang-cl, which set `__clang__`, but doesn't set `__GNU__`.
- cmake: optimize out 4 picky warning option detections with gcc.
- cmake: bring `-pedantic-error`, `-Wall` use closer to curl's.
- cmake: set `-Wno-language-extension-token` for clang-cl.
- cmake: escape only the necessary `-W` options for clang-cl.
- cmake: apply picky warnings to C++.
- cmake: replace `unset(VAR)` with `set(VAR "")` for init.
- cmake: prefer dash-style MSVC options.
- cmake: simplify `MATCHES` expression.
- cmake: formatting/whitespace.
- ci/GHA: bump `actions/upload-artifact` to v4
Closes#1524
For no reason it broke when trying to silence a CMake deprecation
warning in #1510. Then when tested locally, it did not work either with
or without the patch in #1510.
I'm not sure, but existing implementation may have worked by accident
by re-using leftovers from the preceding two integration tests.
After spending a days trying to fix this, I declare defeat. If such
amount of time of testing, reading documentation, blog posts, variable
traces, logs, bug reports is not enough to make this work, or even
to understand how this should work, this seems like a lost cause.
CMake makes it impossible to cleanly query the properties of a target,
which would be essential for debugging. There are rough workarounds
with years of iteration, and those still don't work to this day:
https://stackoverflow.com/questions/32183975/how-to-print-all-the-properties-of-a-target-in-cmake
Copy-pasting an incantation from a blog post that made this work:
https://inhzus.io/posts/2023-12-01-cmake-external-project/
almost made it work, except that it had a workaround for a 10-year old
pending bug, another workaround for Ninja which required CMake 3.29,
with settings hard-wired, and explicitly configured in weird ways. But,
it still missed to pass the libssh2 library to the test target and
failed to link.
Then tried to pass the libssh2 lib the "usual" way via:
```
target_link_libraries(test PRIVATE libssh2)
```
That also did not work because CMake decided that the external libssh2
target is of "UTILITY" type, and errored with:
```
CMake Error at CMakeLists.txt:39 (target_link_libraries):
Target "libssh2" of type UTILITY may not be linked into another target.
One may link only to INTERFACE, OBJECT, STATIC or SHARED libraries, or to
executables with the ENABLE_EXPORTS property set.
```
This type property is read-only, and documentation has no mention of it,
or how to set it whatsoever:
https://cmake.org/cmake/help/latest/module/ExternalProject.html
libssh2's `docs/INSTALL_CMAKE.md` mentions ExternalProject as a way to
use libssh2. Added there with the initial CMake commit. We should
probably delete it from there.
This consumption method has a single mention in public issues:
https://github.com/libssh2/libssh2/issues/1116Closes#1522
* userauth.c: fix possible memory leaks #1504
Notes:
Fix possible memory leaks if `userauth_list()` is called more than once, e.g. an auth error case.
Author:
Will Cosgrove
Credit:
pyscripter
To simplify the initialization. The ` Win64` method was meant for old
CMake versions not in use in CI.
Also pass the `-A` option without a space to make PowerShell pass
the option as expected by CMake.
```
CMake Warning (dev) at cmake/CopyRuntimeDependencies.cmake:59 (add_custom_command):
The following keywords are not supported when using
add_custom_command(TARGET): DEPENDS.
Policy CMP0175 is not set: add_custom_command() rejects invalid arguments.
Run "cmake --help-policy CMP0175" for policy details. Use the cmake_policy
command to set the policy and suppress this warning.
Call Stack (most recent call first):
example/CMakeLists.txt:58 (add_target_to_copy_dependencies)
```
```
CMake Warning (dev) at cmake/CopyRuntimeDependencies.cmake:59 (add_custom_command):
Exactly one of PRE_BUILD, PRE_LINK, or POST_BUILD must be given. Assuming
POST_BUILD to preserve backward compatibility.
Policy CMP0175 is not set: add_custom_command() rejects invalid arguments.
Run "cmake --help-policy CMP0175" for policy details. Use the cmake_policy
command to set the policy and suppress this warning.
Call Stack (most recent call first):
example/CMakeLists.txt:58 (add_target_to_copy_dependencies)
```
Ref: https://github.com/libssh2/libssh2/actions/runs/12614228505/job/35152908184?pr=1510#step:15:77
Do not test the prefix when set to `no`.
(as with `--without-lib*-prefix`)
Before this patch this test was always made and when detected despite
the wrong prefix, the `no` prefix remained in `LDFLAGS` causing a build
failure later in `libtool`.
Fixes:
```
$ ../configure --without-libssl-prefix
[...]
../libtool: line 7756: cd: no/lib: No such file or directory
libtool: error: cannot determine absolute directory name of 'no/lib'
make[2]: *** [libssh2.la] Error 1
```
Follow-up to d19b619070#1384
Reported-by: Christoph Reiter
Fixes#1505Closes#1506
The trace handler is called from two places in libssh2. One of them was
passing a newline at the end of the trace message string, the other one
was not.
When the trace handler feature was introduced, a newline was passed both
via `debugdump()` and `libssh2_debug()`:
44eba0c993 (2010-01-15)
Shortly after a commit deleted the newline for `libssh2_debug()`:
0f0652a309 (2010-06-23)
This patch re-syncs behaviour between the traceback callbacks by
dropping the newline for trace handler calls made from `debugdump()`.
Reported-by: Chris Emsen
Fixes#1485
Follow-up to 0f0652a309Closes#1492
Building 3 tests require static libssh2 lib. Some may prefer not to
create the static lib, yet prefer to build all tests, including those
3 that require it.
Detect such intent by looking for an explicit `BUILD_TESTING=ON` and
`BUILD_STATIC_LIBS=OFF`, then build the static lib anyway but without
installing it.
Reported-by: Eli Schwartz
Fixes#1450Closes#1469
This warning remains silent in unity builds. Since we're using unity
in CI for most jobs, warnings remain undetected there.
Disable them for all builds to avoid a surprise warning outside our CI.
It also doesn't work in any #included `.c` sources, like the crypto
backend sources.
The issue caught by the warning is useful for a tidy codebase, but
doesn't affect executed code. It was enabled in
84338c4de2d7c798e3c270c9610d51a4ad18a90b #12331 (2023-11-15).
llvm source: fee2953f23/clang/lib/Sema/AnalysisBasedWarnings.cpp (L125-L134)
llvm issue: https://github.com/llvm/llvm-project/issues/71046
Follow-up to 7ecc309cd1#1224Closes#1481
`pkg_check_modules()` seems to leave `<PACKAGE>_VERSION` defined with an
empty value, if the package is not found.
When the package is also not found in the fallback branch,
`find_package_handle_standard_args()` logs and error message. In this
message it includes the bogus empty value as: `(found version "")`:
```
Could NOT find Libgcrypt (missing: LIBGCRYPT_INCLUDE_DIR LIBGCRYPT_LIBRARY)
(found version "")
```
Clear the version number to avoid the confusion:
```
Could NOT find Libgcrypt (missing: LIBGCRYPT_INCLUDE_DIR LIBGCRYPT_LIBRARY)
```
Seen with CMake v3.30.3 and 3.30.5.
Closes#1479
- always pass `--no-install-suggests --no-install-recommends`
to `apt-get` to avoid spending time to install packages we don't need.
(notably in the i386 Linux job.)
- drop an `apt-get` hack that's no longer necessary.
Closes#1476
As noted in #771 and #1473, the blessed and signed releases are on
libssh2.org and any other archives, like those generated by GitHub,
are just a collection of files from the tag and are not the official
releases.
This adds a note, which already exists for `LIBSSH2_TIMESTAMP`, to
`LIBSSH2_VERSION`, to clarify this fact.
Closes#1475
If server had banner exceeding 256 bytes there wasn't enough room in
`_LIBSSH2_SESSION.banner_TxRx_banner`. Only the first 256 bytes would be
read making the first packet read fail but also dooming key exchange as
`session->remote.banner` didn't include everything.
This change bumps the banner buffer to 8KB to match OpenSSH.
Fixes#1442Closes#1443
- sync code between Find modules.
- wolfssl: replace `pkg-config` hints with native detection.
- libgcrypt, mbedtls: add `pkg-config`-based native detection.
- libgcrypt: add version detection.
- limit `pkg-config` use for `UNIX`, vcpkg, and non-cross MinGW builds,
and builds with no manual customization via `*_INCLUDE_DIR` or
`*_LIBRARY`.
- replace and sync Find module header comments.
- ci: delete manual mbedTLS config that's now redundant.
Based on similar work done in curl.
Second attempt at #1420Closes#1445
Generate `LIBSSH2_PC_LIBS_PRIVATE` from `LIBSSH2_LIBS`.
Also add extra libdirs (`-L`) to `Libs` and `Libs.private`.
Logic copied from curl.
Closes#1466
