In some cases `ZLIB::ZLIB` and/or `OpenSSL::Crypto` may be aliases,
which prevents setting a libssh2-specific property (.pc module name)
in them:
```
CMake Error at [...]/src/CMakeLists.txt:... (set_target_properties):
set_target_properties can not be used on an ALIAS target.
```
This can happen when doing "superbuilds" with classic zlib or zlib-ng,
which define `ZLIB::ZLIB` on their own, but as an alias, unlike CMake
does with the canonical `ZLIB::ZLIB` target.
Fix by special-casing these built-in targets and manually converting
them to .pc module names, without using the targets themselves
to carry this information throughout libssh2's internal build logic.
A side-effect of this change is that `zlib` is now present in libssh2.pc
when zlib is an indirect dependency via a crypto backend (OpenSSL or
wolfSSL). Before this patch it only appeared there when enabling zlib
explicitly for libssh2.
Ref: https://github.com/curl/curl/pull/20316
Follow-up to df0563a857#1535Closes#1789
- update `actions/checkout` from 6.0.0 to 6.0.1
- update `msys2/setup-msys2` from 2.29.0 to 2.30.0
- update `actions/cache` from 4.3.0 to 5.0.1
- update `cross-platform-actions/action` from 0.30.0 to 0.32.0
- update `actions/upload-artifact` from 5.0.0 to 6.0.0
- update `github/codeql-action` from 4.30.8 to 4.31.9
- update `docker/metadata-action` from 5.8.0 to 5.10.0
It's supported by all known mingw-w64 and MSVC versions, likely also by
other modern Windows compilers.
After this patch, the `LIBSSH2_USE_WIN32_LARGE_FILES` and
`LIBSSH2_USE_WIN32_SMALL_FILES` macros are ignored by the libssh2 public
header, and it no longer defines them.
Closes#1771
- update `actions/checkout` from 5.0.0 to 6.0.0
- update `cross-platform-actions/action` from 0.29.0 to 0.30.0
- update pip package `reuse` from 6.1.2 to 6.2.0
Closes#1755Closes#1756
To make configure step output more readable in case of a build error.
To expose configure logs for successful builds without adding clutter.
Also:
- set shell globally for Windows jobs.
- move all Cygwin files to `D:`.
Closes#1749
The Pageant transact path trusted the 32-bit length in the shared memory
mapping and could memcpy past the mapped view. It also treated
a non-positive SendMessage(WM_COPYDATA) result as success.
Changes:
Reject replies when SendMessage returns ≤ 0 and report
LIBSSH2_ERROR_AGENT_PROTOCOL.
Bound the copy by validating response_len <= PAGEANT_MAX_MSGLEN - 4
(accounting for the length prefix) to avoid OOB reads.
Impact: prevents potential out-of-bounds read and use of uninitialized
mapping contents when Pageant misbehaves or is malicious.
Drop the `git config --global core.autocrlf input` step in Cygwin jobs.
It's no longer necessary. Also saving ~10 seconds per job.
Quote the cmake variable for consistency.
Closes#1730
In `_libssh2_mbedtls_pub_priv_key()` on a NON-error code path, a stack
variable was checked without initializing it first.
I found it interesting that clang-tidy did not find this when building
against the system mbedtls (2.x) with 2.x compatibility code still in.
Then it did find it when using a manual build of mbedtls 3.1.0 with
2.x compatibility code deleted from libssh2. Being such a trivial error
I wonder why no compiler ever detected it as a regular warning.
linux (clang-tidy, amd64, mbedTLS-prev [3.1.0], cmake, ON):
```
src/mbedtls.c:744:8: error: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch,-warnings-as-errors]
744 | if(ret) {
| ^
```
Ref: https://github.com/libssh2/libssh2/actions/runs/18620615649/job/53091295760#step:22:44
Follow-up to 186f1a2d75#132
Cherry-picked from #1727Closes#1729
