mirror of
https://github.com/libssh2/libssh2.git
synced 2026-01-27 00:18:12 +03:00
232 lines
14 KiB
Plaintext
232 lines
14 KiB
Plaintext
libssh2 1.11.1_DEV
|
|
|
|
Deprecation notices:
|
|
|
|
- Starting June 2024, the following algos go deprecated and will be
|
|
disabled in default builds (with an option to enable them):
|
|
|
|
- DSA: `ssh-dss` hostkeys.
|
|
You can disable it now with `-DLIBSSH2_NO_DSA`.
|
|
Disabled by default in OpenSSH 7.0 (2015-08-11).
|
|
- MD5-based MACs and hashes: `hmac-md5`, `hmac-md5-96`,
|
|
`LIBSSH2_HOSTKEY_HASH_MD5`
|
|
You can disable it now with `-DLIBSSH2_NO_MD5`.
|
|
Disabled by default since OpenSSH 7.2 (2016-02-29).
|
|
- 3DES cipher: `3des-cbc`
|
|
You can disable it now with `-DLIBSSH2_NO_3DES`.
|
|
Disabled by default since OpenSSH 7.4 (2016-12-19).
|
|
- RIPEMD-160 MACs: `hmac-ripemd160`, `hmac-ripemd160@openssh.com`
|
|
You can disable it now with `-DLIBSSH2_NO_HMAC_RIPEMD`.
|
|
Removed in OpenSSH 7.6 (2017-10-03).
|
|
- Blowfish cipher: `blowfish-cbc`
|
|
You can disable it now with `-DLIBSSH2_NO_BLOWFISH`.
|
|
Removed in OpenSSH 7.6 (2017-10-03).
|
|
- RC4 ciphers: `arcfour`, `arcfour128`
|
|
You can disable it now with `-DLIBSSH2_NO_RC4`.
|
|
Removed in OpenSSH 7.6 (2017-10-03).
|
|
- CAST cipher: `cast128-cbc`
|
|
You can disable it now with `-DLIBSSH2_NO_CAST`.
|
|
Removed in OpenSSH 7.6 (2017-10-03).
|
|
|
|
- Starting January 2025, above options will be deleted from the
|
|
libssh2 codebase.
|
|
|
|
- Default builds will also disable support for old-style, MD5-based
|
|
encrypted private keys.
|
|
You can disable it now with `-DLIBSSH2_NO_MD5_PEM`.
|
|
|
|
This release includes the following enhancements and bugfixes:
|
|
|
|
- autotools: delete `--disable-tests` option, fix CI tests (e051ae34 #1271 revert: 7483edfa)
|
|
- autotools: show the default for `hidden-symbols` option (a3f5594a #1269)
|
|
- autotools: enable `-Wunused-macros` with gcc (ecdf5199 #1262 #1227 #1224)
|
|
- autotools: fix dotless gcc and Apple clang version detections (89ccc83c #1232 #1187)
|
|
- autotools: show more clang/gcc version details (fb580161 #1230)
|
|
- autotools: avoid warnings in libtool stub code (96682bd5 #1227 #1224)
|
|
- autotools: sync warning enabler code with curl (5996fefe #1223)
|
|
- autotools: rename variable (ce5f208a #1222)
|
|
- autotools: picky warning options tidy-up (cdca8cff #1221)
|
|
- autotools: fix selecting WinCNG in cross-builds (and more) (00a3b88c #1187 #1186)
|
|
- autotools: use comma separator in `Requires.private` of `libssh2.pc` (7f83de14 #1124)
|
|
- autotools: improve libz position (c89174a7 #1077 #1075 #1013 regr: 4f0f4bff)
|
|
- autotools: skip tests requiring static lib if `--disable-static` (572c57c9 #1072 #1056 regr: 83853f8a)
|
|
- build: drop `-Wformat-nonliteral` warning suppressions (c452c5cc #1342)
|
|
- build: enable `-pedantic-errors` (3ec53f3e #1286)
|
|
- build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute (f8c45794 #1287)
|
|
- build: add `LIBSSH2_NO_DEPRECATED` option (b1414503 #1267 #1266 #1260 #1259)
|
|
- build: enable missing OpenSSF-recommended warnings, with fixes (afa6b865 #1257)
|
|
- build: enable more compiler warnings and fix them (7ecc309c #1224)
|
|
- build: picky warning updates (328a96b3 #1219)
|
|
- build: revert: respect autotools `DLL_EXPORT` in `libssh2.h` (481be044 #1141 revert: fb1195cf)
|
|
- build: stop requiring libssl from openssl (c84745e3 #1128)
|
|
- build: tidy-up `libssh2.pc.in` variable names (5720dd9f #1125)
|
|
- build: add/fix `Requires.private` packages in `libssh2.pc` (ef538069 #1123)
|
|
- checksrc: sync with curl (8cd473c9 #1272)
|
|
- checksrc: fix spelling in comment (a95d401f)
|
|
- checksrc: modernise perl file open (3d309f9b)
|
|
- checksrc: switch to dot file (d67a91aa #1052)
|
|
- ci: use Linux runner for BSDs, add arm64 FreeBSD 14 job (6f86b196 #1343)
|
|
- ci: do not parallelize `distcheck` job (5e65dd87 #1339)
|
|
- ci: add FreeBSD 14 job, fix issues (46333adf #1277)
|
|
- ci: add OmniOS job, fix issues (5e0ec991)
|
|
- ci: show compiler in cross/cygwin job names (c9124088)
|
|
- ci: add OpenBSD (v7.4) job + fix build error in example (0c9a8e35 #1250)
|
|
- ci: add NetBSD (v9.3) job (65c7a7a5)
|
|
- ci: update and speed up FreeBSD job (eee4e805)
|
|
- ci: use absolute path in `CMAKE_INSTALL_PREFIX` (74948816 #1247)
|
|
- ci: boost mbedTLS build speed (236e79a1 #1245)
|
|
- ci: add BoringSSL job (cmake, gcc, amd64) (c9dd3566 #1233)
|
|
- ci: fixup FreeBSD version, bump mbedTLS (fea6664e #1217)
|
|
- ci: add FreeBSD 13.2 job (a7d2a573 #1215)
|
|
- ci: mbedTLS 3.5.0 (5e190442 #1202)
|
|
- ci: update actions, use shallow clones with appveyor (d468a33f #1199)
|
|
- ci: replace `mv` + `chmod` with `install` in `Dockerfile` (5754fed6 #1175)
|
|
- ci: set file mode early in `appveyor_docker.yml` (633db55f)
|
|
- ci: add spellcheck (codespell) (a79218d3)
|
|
- ci: add MSYS builds (autotools and cmake) (d43b8d9b #1162)
|
|
- ci: add Cygwin builds (autotools and cmake) (f1e96e73 #1161)
|
|
- ci: add mingw-w64 UWP build (1215aa5f #1155 #1147)
|
|
- ci: add missing timeout to 'autotools distcheck' step (6265ffdb)
|
|
- ci: add non-static autotools i386 build, ignore GHA updates on AppVeyor (c6e137f7 #1074 #1072)
|
|
- ci: prefer `=` operator in shell snippets (e5c03043 #1073)
|
|
- ci: drop redundant/unused vars, sync var names (ab8e95bc #1059)
|
|
- ci: add i386 Linux build (with mbedTLS) (abdf40c7 #1057 #1053)
|
|
- ci/appveyor: re-enable parallel mode (e190e5b2 #1294)
|
|
- ci/appveyor: delete UWP job broken since Visual Studio upgrade (d0a7f1da #1275)
|
|
- ci/appveyor: YAML/PowerShell formatting, shorten variable name (06fd721f #1200)
|
|
- ci/appveyor: move to pure PowerShell (8a081fd9 #1197)
|
|
- ci/GHA: review/fixup auto-cancel settings (b08cfbc9 #1292)
|
|
- ci/GHA: restore curly braces in `if` (36748270 #1145)
|
|
- ci/GHA: simplify `if` strings (cab3db58 #1140)
|
|
- cmake: use the imported target of FindOpenSSL module (82b09f9b #1322)
|
|
- cmake: rename picky warnings script (64d6789f #1225)
|
|
- cmake: fix multiple include of libssh2 package (932d6a32 #1216)
|
|
- cmake: show crypto backend in feature summary (20387285 #1211)
|
|
- cmake: simplify showing CMake version (fc00bdd7 #1203)
|
|
- cmake: cleanup mbedTLS version detection more (4c241d5c #1196 #1192)
|
|
- cmake: delete duplicate `include()` (30eef0a6)
|
|
- cmake: improve/fix mbedTLS detection (41594675 #1192 #1191)
|
|
- cmake: tidy-up `foreach()` syntax (4a64ca14 #1180)
|
|
- cmake: verify `libssh2_VERSION` in integration tests (a20572e9)
|
|
- cmake: show cmake versions in ci (87f5769b)
|
|
- cmake: quote more strings (e9c7d3af #1173)
|
|
- cmake: add `ExternalProject` integration test (aeaefaf6 #1171)
|
|
- cmake: add integration tests (8715c3d5 #1170)
|
|
- cmake: (re-)add aliases for `add_subdirectory()` builds (4ff64ae3 #1169)
|
|
- cmake: style tidy-up (3fa5282d #1166)
|
|
- cmake: add `LIB_NAME` variable (5453fc80 #1159)
|
|
- cmake: tidy-up concatenation in `CMAKE_MODULE_PATH` (ae7d5108 #1157)
|
|
- cmake: replace `libssh2` literals with `PROJECT_NAME` variable (72fd2595 #1152)
|
|
- cmake: fix `STREQUAL` check in error branch (42d3bf13 #1151)
|
|
- cmake: cache more config values on Windows (11a03690 #1142)
|
|
- cmake: streamline invocation (f58f77b5 #1138)
|
|
- cmake: merge `set_target_properties()` calls (a9091007 #1132)
|
|
- cmake: (re-)add zlib to `Libs.private` in `libssh2.pc` (64643018 #1131)
|
|
- cmake: use `wolfssl/options.h` for detection, like autotools (c5ec6c49 #1130)
|
|
- cmake: add openssl libs to `Libs.private` in `libssh2.pc` (5cfa59d3 #1127)
|
|
- cmake: bump minimum CMake version to v3.7.0 (9cd18f45 #1126)
|
|
- cmake: CMAKE_SOURCE_DIR -> PROJECT_SOURCE_DIR (0f396aa9 #1121)
|
|
- cmake: tidy-ups (2fc36790 #1122)
|
|
- cmake: re-add `Libssh2:libssh2` for compatibility + lowercase namespace (2da13c13 #1104 #1103)
|
|
- configure.ac: remove AB_INIT (f4f52ccc)
|
|
- copyright: remove years from copyright headers (187d89bb #1082)
|
|
- docs: update `INSTALL_AUTOTOOLS` (2f0efde3 #1316)
|
|
- docs: replace SHA1 with SHA256 in CMake example (766bde9f)
|
|
- drop `www.` from `www.libssh2.org` (6e3e8839 #1172)
|
|
- example: restore `sys/time.h` for AIX (24503cb9 #1340 #1335 #1334 #1001 regr: e53aae0e)
|
|
- example: use `libssh2_socket_t` in X11 example (3f60ccb7)
|
|
- example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (8d69e63d #1258 follow: 6c84a426)
|
|
- example: fix regression in `ssh2_exec.c` (279a2e57 #1106 #1105 regr: b13936bd)
|
|
- example, tests: call `WSACleanup()` for each `WSAStartup()` (94b6bad3 #1283)
|
|
- example, tests: fix/silence `-Wformat-truncation=2` gcc warnings (744e059f)
|
|
- gen_publickey_from_dsa: Initialize BIGNUMs to NULL for OpenSSL 3 (f1133c75 #1320)
|
|
- hostkey: do not advertise ssh-rsa when SHA1 is disabled (82d1b8ff #1093 #1092)
|
|
- kex: always add extension indicators to kex_algorithms (00e2a07e #1327 #1326)
|
|
- libssh2.h: add deprecated function warnings (9839ebe5 #1289 #1260)
|
|
- libssh2.h: add portable `LIBSSH2_SOCKET_CLOSE()` macro (28dbf016 #1278)
|
|
- libssh2.h: use `_WIN32` for Windows detection instead of rolling our own (631e7734 #1238)
|
|
- libssh2.pc: re-add & extend support for static-only libssh2 builds (624abe27 #1119 #1114)
|
|
- libssh2.pc: don't put `@LIBS@` in pc file (1209c16d)
|
|
- mac: add empty hash functions for `mac_method_hmac_aesgcm` to not crash when e.g. setting `LIBSSH2_METHOD_CRYPT_CS` (b2738391 #1321)
|
|
- mac: handle low-level errors (f64885b6 #1297)
|
|
- Makefile.am: fix `cp` to preserve attributes and timestamp (f64e6318)
|
|
- Makefile.mk: delete Windows-focused raw GNU Make build (43485579 #1204)
|
|
- man: fix double spaces and dash escaping (a3ffc422 #1210)
|
|
- man: add description to `libssh2_session_get_blocking.3` (67e39091 #1185)
|
|
- mbedtls: improve disabling `-Wredundant-decls` (ecec68a2 #1226 #1224)
|
|
- mbedtls: include `version.h` for `MBEDTLS_VERSION_NUMBER` (9d7bc253 #1095 #1094)
|
|
- mbedtls: use more `size_t` to sync up with `crypto.h` (1153ebde #1054 #1053)
|
|
- md5: allow disabling old-style encrypted private keys at build-time (eb9f9de2 #1181)
|
|
- mingw: fix printf mask for 64-bit integers (36c1e1d1 #1091 #1090)
|
|
- misc: flatten `_libssh2_explicit_zero` if tree (74e74288 #1149)
|
|
- NMakefile: delete (c515eed3 #1134 #1129)
|
|
- openssl: fix cppcheck found NULL dereferences (f2945905 #1304)
|
|
- openssl: delete internal `read_openssh_private_key_from_memory()` (34aff5ff #1306)
|
|
- openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job (363dcbf4 #1243 #1235 #1207)
|
|
- openssl: make a function static, add `#ifdef` comments (efee9133 #1246 follow: 03092292)
|
|
- openssl: fix DSA code to use OpenSSL 3 API (82581941 #1244 #1207)
|
|
- openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build (487152f4 #1236 #1235 #1207)
|
|
- openssl: use non-deprecated APIs with OpenSSL 3.x (b0ab005f #1207)
|
|
- openssl: silence `-Wunused-value` warnings (bf285500 #1205)
|
|
- openssl: use automatic initialization with LibreSSL 2.7.0+ (d79047c9 #1146)
|
|
- openssl: add missing check for `LIBRESSL_VERSION_NUMBER` before use (4a42f42e #1117 #1115)
|
|
- os400: maintain up to date (8457c37a #1309)
|
|
- packet: properly bounds check packet_authagent_open() (88a960a8 #1179)
|
|
- pem: fix private keys encrypted with AES-GCM methods (e87bdefa #1133)
|
|
- reuse: fix duplicate copyright warning (b9a4ed83)
|
|
- reuse: comply with 3.1 spec and 2.0.0 checker (fe6239a1 #1102 #1101 #1098)
|
|
- reuse: provide SPDX identifiers (f6aa31f4 #1084)
|
|
- scp: fix missing cast for targets without large file support (c317e06f #1060 #1057 #1002 regr: 5db836b2)
|
|
- session: add `libssh2_session_callback_set2()` (c0f69548 #1285)
|
|
- session: handle EINTR from send/recv/poll/select to try again as the error is not fatal (798ed4a7 #1058)
|
|
- src: check hash update/final success (4718ede4 #1303 #1301)
|
|
- src: check hash init success (2ed9eb92 #1301)
|
|
- src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" (d34d9258 #1291 #1290)
|
|
- src: disable `-Wsign-conversion` warnings, add option to re-enable (6e451669 #1284 #1257)
|
|
- src: fix gcc 13 `-Wconversion` warning on Darwin (8cca7b77 #1209 follow: 08354e0a)
|
|
- src: drop a redundant `#include` (1f0174d0 #1153)
|
|
- src: improve MSVC C4701 warning fix (8b924999 #1086 #1083)
|
|
- src: bump `hash_len` to `size_t` in `LIBSSH2_HOSTKEY_METHOD` (8b917d76 #1076)
|
|
- src: bump DSA and ECDSA sign `hash_len` to `size_t` (7b8e0225 #1055)
|
|
- stop using leading underscores in macro names (c6589b88 #1248)
|
|
- tests: sync port number type with the rest of codebase (eb996af8)
|
|
- tests: fall back to `$LOGNAME` for username (5326a5ce #1241 #1240)
|
|
- tests: show cmake version used in integration tests (2cd2f40e #1201)
|
|
- tests: formatting and tidy-ups (e61987a3)
|
|
- tests: replace FIXME with comments (1a99a86a)
|
|
- tests: add aes256-gcm encrypted key test (802336cf #1135 #1133)
|
|
- tests: trap signals in scripts (b2916b28 #1098)
|
|
- tests: cast to avoid `-Wchar-subscripts` with Cygwin (43df6a46 #1081 #1080)
|
|
- test_read: make it run without Docker (57e9d18e #1139)
|
|
- test_sshd.test: show sshd and test connect logs on harness failure (299c2040 #1097)
|
|
- test_sshd.test: set a safe PID directory (e8cabdcf #1089)
|
|
- test_sshd.test: minor cleanups (d29eea1d)
|
|
- tidy-up: bump casts from int to long for large C99 types in printfs (2e5a8719 #1264 #1257)
|
|
- tidy-up: `unsigned` -> `unsigned int` (b136c379)
|
|
- tidy-up: around `stdint.h` (bfa00f1b #1212)
|
|
- tidy-up: fix typo in `readme.vms` (a9a79e7a)
|
|
- tidy-up: delete duplicate word from comment (76307435)
|
|
- tidy-up: avoid exclamations, prefer single quotes, in outputs (003fb454 #1079)
|
|
- TODO: disable or drop weak algos (0b4bdc85 #1261)
|
|
- transport: check ETM on remote end when receiving (bde10825 #1332 #1331)
|
|
- transport: fix incorrect byte offset in debug message (2388a3aa #1096)
|
|
- userauth: avoid oob with huge interactive kbd response (f3a85cad #1337)
|
|
- userauth: add a new structure to separate memory read and file read (63b4c20e)
|
|
- userauth: check whether `*key_method` is a NULL pointer instead of `key_method` (bec57c40)
|
|
- wincng: prefer `ULONG`/`DWORD` over `unsigned long` (186c1d63 #1165)
|
|
- wincng: tidy-ups (7bb669b5 #1164)
|
|
- windows: use built-in `_WIN32` macro to detect Windows (6fbc9505 #1195)
|
|
- wolfssl: enable debug logging in wolfSSL when compiled in (76e7a68a #1310)
|
|
|
|
This release would not have looked like this without help, code, reports and
|
|
advice from friends like these:
|
|
|
|
Viktor Szakats, Michael Buckley, Ren Mingshuai, Daniel Stenberg, Josef Cejka,
|
|
Patrick Monnerat, Aaron Stone, András Fekete, Andrei Augustin, Brian Inglis,
|
|
concussious on GitHub, Dan Fandrich, Haowei Hsu, Harmen Stoppels,
|
|
Harry Mallon, Jack L, Jakob Egger, Jiwoo Park, João M. S. Silva,
|
|
Joel Depooter, Juliusz Sosinowicz, Kai Pastor, Kenneth Davidson, mike-jumper,
|
|
monnerat, naddy, Nicolas Mora, Nursan Valeyev, Paul Howarth, PewPewPew,
|
|
Radek Brich, rahmanih on GitHub, Ryan Kelley, shubhamhii on GitHub,
|
|
Steve McIntyre, Tobias Stoeckmann, Will Cosgrove, Xi Ruoyao
|