-
Notifications
You must be signed in to change notification settings - Fork 567
src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" #1291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
|
@MichaelBuckley The fuzzer is reporting a leak, would you mind taking a look?: https://github.com/libssh2/libssh2/actions/runs/7254018903?pr=1291 |
@vszakats My initial read is that the fuzzer is likely triggering the new behavior to disconnect after detecting the potential MITM attack, and the allocation in p->payload in _libssh2_transport_read isn't getting freed. That would require the fuzzer to put libssh2 into strict key exchange mode though. I'm not familar with how the fuzzer works. Does it connect to a real OpenSSH server? Otherwise, if we're not in strict KEX mode, I don't think anything has changed here that would affect this. p->payload is allocated in _libssh2_transport_read. So assuming we're in strict KEX mode: Looking at where p->packed is freed, it's freed once in decrypt(), twice in fullpacket(), and twice in _libssh2_transport_read(). fullpacket() is only called from _libssh2_transport_read(), and decrypt is only called from _libssh2_transport_read() and fullpacket(), so essentially, allocation and freeing is all done in _libssh2_transport_read(). In other words, when we return from _libssh2_transport_read(), p->payload should be freed, except when we're returning EAGAIN. fullpacket() calls _libssh2_packet_add(), which, with this change, can now return LIBSSH2_ERROR_BUFFER_TOO_SMALL and LIBSSH2_ERROR_SOCKET_DISCONNECT in strict KEX mode. But when checking the return code of fullpacket(), _libssh2_transport_read() doesn't do any cleanup. This is because fullpacket() releases p->payload in certain cases, so we'd risk a double free by freeing it again here. So I suspect we might need to check for p->payload in fullpacket() after calling _libssh2_packet_add, and free it for a non-EGAIN error. Does that sound reasonable? |
|
@MichaelBuckley It does to me, yes. Thanks for looking into it. Can you prepare a patch, or push it into this branch? [ Regarding the fuzzer, I haven't looked at it yet. At a glance it seems to feed test inputs via sockets, but I may be totally off. ] |
|
It doesn't look like I have permission to push to this branch, but on closer reading, the change should just be one line. No need to check if p->packet exists. Here's a patch. |
|
It is odd, |
|
@vszakats @MichaelBuckley isn't flagged as a maintainer. He probably could be. :) |
|
Looks like I was too optimistic. Desite the comment at the top of _libssh2_packet_add(), it looks like we need to do the freeing in that function, not fullpacket(). I'll prep another change. Sorry about that. |
|
Thanks @MichaelBuckley, looking good! May I merge? |
|
Gave it one more read through, and I think it's good to merge, as long as no one else spotted anything. |
Refs: https://terrapin-attack.com/ https://seclists.org/oss-sec/2023/q4/292 https://osv.dev/list?ecosystem=&q=CVE-2023-48795 GHSA-45x7-px36-x8w8 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 Fixes libssh2#1290 Closes libssh2#1291 # Conflicts: # src/kex.c # src/session.c
commit f0e23dae9128185d1af4345360f0bd712d593a07
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 9 21:37:39 2023 +0000
RELEASE-NOTES: synced [ci skip]
Closes #1279
commit d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a
Author: Michael Buckley <michael@buckleyisms.com>
Date: Thu Nov 30 15:08:02 2023 -0800
src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
Refs:
https://terrapin-attack.com/
https://seclists.org/oss-sec/2023/q4/292
https://osv.dev/list?ecosystem=&q=CVE-2023-48795
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
Fixes #1290
Closes #1291
commit c0f69548be902147ce014ffa40b8db3cf1d4b0b4
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 15:29:00 2023 +0000
session: add `libssh2_session_callback_set2()`
Add new `libssh2_session_callback_set2()` API that deprecates
`libssh2_session_callback_set()`.
The new implementation offers the same functionality, but accepts and
returns a generic function pointer (of type `libssh2_cb_generic *`), as
opposed to the old function that used data pointers (`void *`). The new
solution thus avoids data to function (and vice versa) pointer
conversions, which has undefined behaviour in standard C.
About the name: It seems the `*2` suffix was used in the past for
replacement functions for deprecated ones. Let's stick with that.
`*_ex` was preferred for new functions that extend existing ones with
new features.
Closes #1285
commit 3ec53f3ea26f61cbf2e0fbbeccb852fca7f9b156
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 14 16:46:09 2023 +0000
build: enable `-pedantic-errors`
According to the manual, this isn't the same as `-Werror -pedantic`.
Enable it together with `-Werror`.
https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-pedantic-errors-1
This option results in autotools feature detection going into crazies.
To avoid this, we add it to `CFLAGS` late. Idea copied from curl.
This option has an effect only with gcc 5.0 and newer as of this commit.
Let's enable it for clang and older versions too for simplicity. Ref:
https://github.com/curl/curl/commit/d5c0351055d5709da8f3e16c91348092fdb481aa
https://github.com/curl/curl/pull/2747
Closes #1286
commit f8c457943997b1f034993950e48ec19f90d2a7a1
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 14 22:54:22 2023 +0000
build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute
And fix the warning it detected.
Closes #1287
commit 9839ebe5e9f2df84459dd0f71eceb1bbc3c5d5eb
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 16 12:25:51 2023 +0000
libssh2.h: add deprecated function warnings
With deprecated-at versions and suggested replacement function.
It's possible to silence them by defining `LIBSSH2_DISABLE_DEPRECATION`.
Also add depcreated-at versions to documentation, and unify wording.
Ref: https://github.com/libssh2/libssh2/pull/1260#issuecomment-1837017987
Closes #1289
commit fc24735f618af190823657cb75919b830d6c44cf
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 14 19:18:15 2023 +0000
ci/spellcheck: delete redundant option [ci skip]
`--check-hidden` not necessary when passing filenames explicitly.
Follow-up to a79218d3a058a333bb9de14079548a3511679a04
commit 7010049969592f7c355cf062e68c18c8003ed605
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 14 20:14:55 2023 +0000
tidy-up: add empty line for clarity [ci skip]
commit ac68fbe475e6e02f43610367fe28257a8924a4ec
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 06:32:54 2023 +0000
build: FIXME `-Wsign-conversion` to be errors [ci skip]
commit 6e451669eabcc5ec1ed5c7979c96945092120e9a
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 01:34:35 2023 +0000
src: disable `-Wsign-conversion` warnings, add option to re-enable
To avoid the log noise till we fix those ~360 compiler warnings.
Also add macro `LIBSSH2_WARN_SIGN_CONVERSION` to re-enable them.
Follow-up to afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257
Closes #1284
commit 0f45dafe5eb95d0d2f6c9369e9d2c69c7b7ed79c
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 02:41:05 2023 +0000
cmake: fix indentation [ci skip]
commit 94b6bad3c8aa17fc852d86efa52c28c4f105531f
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 00:14:45 2023 +0000
example, tests: call `WSACleanup()` for each `WSAStartup()`
On Windows.
Closes #1283
commit 52c382f7aae2a8bff4ce3b4b83d18dde30ea11e2
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 9 21:01:49 2023 +0000
RELEASE-NOTES: update credits [ci skip]
Ref: https://github.com/libssh2/libssh2/pull/1241#issuecomment-1830118584
commit b77504837cade82c004b71b74a26a8bb76c04793
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 9 19:00:31 2023 +0000
RELEASE-NOTES: avoid splitting names, fix typo, refine order [ci skip]
commit 747862c0e2b7c1ed0650860df3f8b4e385a221f1
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 9 17:37:17 2023 +0000
RELEASE-NOTES: synced [ci skip]
commit 28dbf01667d8b28d0d9606c9fd474553b93e67a5
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 8 02:22:48 2023 +0000
add portable `LIBSSH2_SOCKET_CLOSE()` macro
Add `LIBSSH2_SOCKET_CLOSE()` to the public `libssh2.h` header, for user
code. It translates to `closesocket()` on Windows and `close()` on other
platforms.
Use it in example code.
It makes them more readable by reducing the number of `_WIN32` guards.
Closes #1278
commit 46333adfb81dabc139d7ee88e510798dd7bc61fe
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 7 20:49:34 2023 +0000
ci: add FreeBSD 14 job, fix issues
- install bash to fix error when running tests:
```
ERROR: test_sshd.test - missing test plan
ERROR: test_sshd.test - exited with status 127 (command not found?)
=====================================
[...]
# TOTAL: 4
# PASS: 2
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
[...]
env: bash: No such file or directory
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998
- fix sshd issue when running tests:
```
# sshd log:
# Server listening on :: port 4711.
# Server listening on 0.0.0.0 port 4711.
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059
Cherry-picked from #1277
Closes #1277
commit 5e0ec99134cf5800b70df947d04daff57b9bbc30
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 7 21:06:09 2023 +0000
ci: add OmniOS job, fix issues
- use GNU Make, to avoid errors:
```
make: Fatal error in reader: Makefile, line 983: Badly formed macro assignment
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429838379#step:3:1956
Caused by `?=` in `Makefile.am`. Fix it just in case.
```
make: Fatal error in reader: Makefile, line 438: Unexpected end of line seen
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7135524843/job/19432451767#step:3:1966
It's around line 43 in `Makefile.am`, reason undiscovered.
- fix error:
```
../../src/hostkey.c:1227:44: error: pointer targets in passing argument 5 of '_libssh2_ed25519_sign' differ in signedness [-Werror=pointer-sign]
1227 | datavec[0].iov_base, datavec[0].iov_len);
| ~~~~~~~~~~^~~~~~~~~
| |
| caddr_t {aka char *}
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7135102832/job/19431233967#step:3:2225
https://docs.oracle.com/cd/E36784_01/html/E36887/iovec-9s.html
- FIXME: new `-Wsign-conversion` warnings appeared in examples:
```
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
251 | FD_SET(forwardsock, &fds);
| ^~~~~~
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
259 | if(rc && FD_ISSET(forwardsock, &fds)) {
| ^~~~~~~~
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
[...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7136086865/job/19433997429#step:3:3450
Cherry-picked from #1277
commit 3f60ccb76bc825899fe9f933b9355d4ad6ca9766
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 8 01:07:57 2023 +0000
example: use `libssh2_socket_t` in X11 example
Cherry-picked from #1277
commit 798ed4a7e54ddb87b3ec2342a453b66cf2945bc7
Author: Aaron Stone <aaron@serendipity.cx>
Date: Fri Jun 2 13:37:14 2023 -0700
Handle EINTR from send/recv/poll/select to try again as the error is not fatal
Integration-patches-by: Viktor Szakats
Fixes #955
Closes #1058
commit d0a7f1da2104ca8b15263aa143a9bc42ea2081af
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 6 11:35:22 2023 +0000
appveyor: delete UWP job broken since Visual Studio upgrade
Few days ago UWP job started permafailing.
fail: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48678129/job/yb8n2pox8mfjwv6m
good: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48673013
Other projects also affected:
https://ci.appveyor.com/project/c-ares/c-ares/builds/48687390/job/l0fo4b0sijvqkw9r
No related local update. Same CMake version. Same CI image.
This seems to be the culprit, which could mean that this update broke
CMake detection, needs a different CMake configuration on our end, or
that this MSVC update pulled support for UWP apps:
fail: -- The C compiler identification is MSVC 19.38.33130.0 (~ Visual Studio 2022 v17.8)
good: -- The C compiler identification is MSVC 19.37.32825.0 (~ Visual Studio 2022 v17.7)
If this is v17.8, release notes don't readily suggest a feature removal:
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.8
So it might just be UWP accidentally broken in this release.
Closes #1275
commit 8cd473c9303007b925d61658846a3f2bccf67735
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 6 01:10:03 2023 +0000
checksrc: sync with curl
Closes #1272
commit e051ae343aca7bee7f586b1ace41f6a827fa011d
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Dec 5 23:41:39 2023 +0000
autotools: delete `--disable-tests` option, fix CI tests
Originally added to improve build performance by skipping building
tests. But, there seems to be no point in this, because autotools
doesn't build tests by default, unless explicitly invoking
`make check`.
Delete this option from Cygwin and FreeBSD CI tests, where it caused
`make check` to do nothing. Tests are built now, and runtime tests are
too, where supported.
Also disable Docker-based tests for these, and add a missing `make -j3`
for FreeBSD.
Reverts 7483edfada1f7e17cf8f9ac1c87ffa3d814c987e #715
Closes #1271
commit b1414503f51c9421557a3d4784b113a84d42c003
Author: ren mingshuai <renmingshuai@huawei.com>
Date: Wed Dec 6 07:14:53 2023 +0800
build: add `LIBSSH2_NO_DEPRECATED` option (#1266)
The following APIs have been deprecated for over 10 years and
use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated:
libssh2_session_startup()
libssh2_banner_set()
libssh2_channel_receive_window_adjust()
libssh2_channel_handle_extended_data()
libssh2_scp_recv()
Add these options to disable them:
- autotools: `--disable-deprecated`
- cmake: `-DLIBSSH2_NO_DEPRECATED=ON`
- `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED`
Fixes #1259
Replaces #1260
Co-authored-by: Viktor Szakats
Closes #1267
commit a3f5594a96bca6f56356c997ab463ff165360990
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Dec 4 22:46:01 2023 +0000
autotools: show the default for `hidden-symbols` option
Closes #1269
commit 2e5a8719d7db495ae346ce58388f875386233300
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 19:29:28 2023 +0000
tidy-up: bump casts from int to long for large C99 types in printfs
Cast large integer types to avoid dealing with printf masks for
`size_t` and other C99 types. Some of existing code used `int`
for this, bump them to `long`.
Ref: afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257
Closes #1264
commit afa6b865604019ab27ec033294edfe3ded9ae0c0
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 30 23:35:11 2023 +0000
build: enable missing OpenSSF-recommended warnings, with fixes
Ref:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
(2023-11-29)
Enable new warnings:
- replace `-Wno-sign-conversion` with `-Wsign-conversion`.
Fix them in example, tests and wincng. There remain about 360 of these
warnings in `src`. Add a TODO item for those and disable `-Werror` for
this particular warning.
- enable `-Wformat=2` for clang (in both cmake and autotools).
- enable `__attribute__((format))` for `_libssh2_debug()`,
`_libssh2_snprintf()` and in tests for `run_command()`.
`LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
Fix them:
- src: replace obsolete fall-through-comments with
`__attribute__((fallthrough))`.
- wincng: fix `-Wsign-conversion` warnings.
- tests: fix `-Wsign-conversion` warnings.
- example: fix `-Wsign-conversion` warnings.
- src: fix `-Wformat` issues in trace calls.
Also, where necessary fix `int` and `unsigned char` casts to
`unsigned int` and adjust printf format strings. These were not
causing compiler warnings.
Cast large types to `long` to avoid dealing with printf masks for
`size_t` and other C99 types. Existing code often used `int` for this.
I'll update them to `long` in an upcoming commit.
- tests: fix `-Wformat` warning.
- silence `-Wformat-nonliteral` warnings.
- mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
in external header.
Closes #1257
commit e0a0466490dc6b669a2b2ce4f62745dea5e0b8f3
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 17:27:23 2023 +0000
packet: whitespace fix
Tested via #1257
commit b136c37998c152530c44672252be511ed2d4a10f
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 14:41:33 2023 +0000
tidy-up: unsigned -> unsigned int
In the `interval` argument of public `libssh2_keepalive_config()`.
Tested via #1257
commit eb996af851c046d040f89caedde0e28c7a7cf84d
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 14:44:50 2023 +0000
tests: sync port number type with the rest of codebase
Tested via #1257
commit ecdf519911a62dc3051bb0e645defe2b56543912
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 17:02:13 2023 +0000
autotools: enable `-Wunused-macros` with gcc
It works with gcc without the libtool warnings seen with clang
on Windows in 96682bd5e14c20828e18bf10ed5b4b5c7543924a #1227.
Sync usage of of this macro with CMake and
autotools + clang + non-Windows. Making it enabled everywhere except
autotools + clang + Windows due to the libtool stub issue.
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Closes #1262
commit 0b4bdc856f9e06a75e6675aad9d7f777ac3eb060
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 2 03:16:08 2023 +0000
TODO: disable or drop weak algos [ci skip]
Closes #1261
commit 744e059f310ab7832f6781f673474e2924d02b4e
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 03:19:04 2023 +0000
example, tests: fix/silence `-Wformat-truncation=2` gcc warnings
Then sync this warning option with curl.
Seems like a false positive and/or couldn't figure how to fix it, so silence:
```
example/ssh2.c:227:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~
example/ssh2.c:227:34: note: assuming directive output of 1 byte
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~
example/ssh2.c:227:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
example/ssh2.c:228:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~
example/ssh2.c:228:34: note: assuming directive output of 1 byte
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~
example/ssh2.c:228:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205970397#step:10:98
Fix:
```
tests/openssh_fixture.c:116:38: error: ' 2>&1' directive output may be truncated writing 5 bytes into a region of size between 1 and 1024 [-Werror=format-truncation=]
tests/openssh_fixture.c:116:11: note: 'snprintf' output between 6 and 1029 bytes into a destination of size 1024
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205969221#step:10:51
Tested via #1257
commit 2e57dcb9d2c2826a3cfdad65f72e6003313eaa64
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 12:55:12 2023 +0000
example: fix indentation follow-up
Fix long line and fix more indentations.
Follow-up to 9e896e1b80911a53d6aabb322e034e6ca51b6898
commit 9e896e1b80911a53d6aabb322e034e6ca51b6898
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 09:41:39 2023 +0000
example: fix indentation
Tested via #1257
commit 6c53815aa78daa66c4c84ee0a6caf3efa8651998
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 04:28:59 2023 +0000
autotools: fix missed `-pedantic` and `-Wall` options for gcc
Follow-up to 5996fefe2bad80cfba85b2569ce6ab6ef575142c #1223
Tested via #1257
commit c9124088099627c39917e093479f2692dce6588b
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 04:38:16 2023 +0000
ci: show compiler in cross/cygwin job names
Tested via #1257
commit 4be5e33ae10431f90f9ffe0d6cba44b64dcd630e
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 30 23:54:58 2023 +0000
mbedtls: further improve disabling `-Wredundant-decls`
Move warning option suppression to `src/mbedtls.h` to surround the actual
external header #includes that need it.
Follow-up to ecec68a2c13a9c63fe8c2dc457ae785a513e157c #1226
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Tested via #1257
commit 8d69e63db9e2e759e3f973fbbc154e2ec1528f83
Author: ren mingshuai <renmingshuai@huawei.com>
Date: Fri Dec 1 11:52:12 2023 +0800
example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (#1258)
libssh2_scp_recv is deprecated and has been replaced by libssh2_scp_recv2
in prior commit.
Follow-up to 6c84a426beb494980579e5c1d244ea54d3fc1a3f
commit 363dcbf449c0c7b13c6526d7af84c6f1db2691cc
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 24 23:33:22 2023 +0000
openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job
- use OpenSSL 3 API when available for HMAC.
This fixes building with OpenSSL 3 `no-deprecated` builds.
- ensure we support pure OpenSSL 3 API by adding a CI job using
OpenSSL 3 custom-built with `no-deprecated`.
Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207
Fixes #1235
Closes #1243
commit 66108f02f0569efced1bdd6e9e8c29f2991c5b24
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Nov 26 12:00:20 2023 +0000
ci: restore lost comment for FreeBSD [ci skip]
Follow-up to eee4e8055ab375c9f9061d4feb39086737f41a9c
commit 0c9a8e3590051bfb80acbb2146388c8fe883b2f8
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 23:47:57 2023 +0000
ci: add OpenBSD (v7.4) job + fix build error in example
- Use CMake, LibreSSL and clang from the base install.
- This uncovered a build error in `example/subsystem_netconf.c`, caused
by using the `%n` printf mask. This is a security risk and some
systems (notably OpenBSD) disable this feature.
Fix it by applying this patch from OpenBSD ports (from 2021-09-11):
https://cvsweb.openbsd.org/ports/security/libssh2/patches/patch-example_subsystem_netconf_c?rev=1.1&content-type=text/x-cvsweb-markup
https://github.com/openbsd/ports/commit/2c5b2f3e94381914a3e8ade960ce8c997ca9d6d7
"The old code is also broken, as it passes a pointer to a variable
of a different size (on LP64). There is no check for truncation,
but buf[] is 1MB in size."
Patch-by: naddy
```
/home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:252:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror]
"]]>]]>\n%n", (int *)&len);
~^
/home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:270:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror]
"]]>]]>\n%n", (int *)&len);
~^
2 errors generated.
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6991449778/job/19022024280#step:3:420
Also made tests with arm64, but it takes consistently almost 14m to
finish the job, vs. 2-3m for the native amd64:
https://github.com/libssh2/libssh2/actions/runs/6991648984/job/19022440525
https://github.com/libssh2/libssh2/actions/runs/6991551220/job/19022233651
Cherry-picked from #1250
Closes #1250
commit 65c7a7a55af037bcc9ee67c2f69ecdb9109ecbb1
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 23:43:22 2023 +0000
ci: add NetBSD (v9.3) job
Use CMake, OpenSSL (v1.1) and clang from the base install.
Cherry-picked from #1250
commit eee4e8055ab375c9f9061d4feb39086737f41a9c
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 23:39:29 2023 +0000
ci: update and speed up FreeBSD job
- switch to an alternate GitHub action. This one seems (more) actively
maintained, and runs faster:
https://github.com/cross-platform-actions/action
- use clang instead of gcc. clang is already present in the base
install, saving install time and bandwidth.
- stop installing `openssl-quictls` and use the OpenSSL (v1.1) from
the base system.
(I'm suspecting that quictls before this patch wasn't detected by
the build.)
https://wiki.freebsd.org/OpenSSL
Cherry-picked from #1250
commit c6589b8823e9d4a282587a6a5dab831b54d412c0
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 11:52:00 2023 +0000
stop using leading underscores in macro names
Underscored macros are reserved for the compiler / standard lib / etc.
Stop using them in user code.
We used them as header guards in `src` and in `__FILESIZE` in `example`.
Closes #1248
commit 7494881617223bc05aa9c94ceaa6b068e2008be2
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 11:03:50 2023 +0000
ci: use absolute path in `CMAKE_INSTALL_PREFIX`
To make the installed locations unambiguous in the build logs.
Closes #1247
commit efee91333b7d641fbfb1ba471fb00d8161d4013c
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 03:49:49 2023 +0000
openssl: make a function static, add `#ifdef` comments
Follow-up to 03092292597ac601c3f9f0c267ecb145dda75e4e #248
where the function was added.
Also add comments to make `#ifdef` branches easier to follow in
`openssl.h`.
Closes #1246
commit 236e79a115791194368b45751e3ec9452d6d73d9
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 10:35:26 2023 +0000
ci: boost mbedTLS build speed
Build times down to 4 seconds (from 18-20).
Closes #1245
commit 82581941d6cd91cd00cf6d8bee1b2a660864ca19
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 00:26:40 2023 +0000
openssl: fix DSA code to use OpenSSL 3 API
- fix missing `DSA` type when building for OpenSSL 3 `no-deprecated`.
- fix fallouts after fixing the above by switching away from `DSA`
with OpenSSL 3.
Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207
Closes #1244
commit d2ef66473ca6f3521eb739eceddf0cba4c44bbed
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 00:35:43 2023 +0000
openssl: formatting (delete empty lines) [ci skip]
commit 5326a5ce262b0a27dbd4714dc370d85814297f55
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 23 23:00:13 2023 +0000
tests: fall back to `$LOGNAME` for username
If the `$USER` variable is empty, fall back to using `$LOGNAME` to
retrieve the logged-in username.
In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and
on some systems it may not be set. Without this value, tests were unable
to provide the correct username when logging into the SSH server running
under the active user's session.
Reported-by: Nicolas Mora
Suggested-by: Nicolas Mora
Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348
Fixes #1240
Closes #1241
commit 631e7734c8d850cd0c8e7a27d4dc524915e20b09
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Nov 21 20:32:12 2023 +0000
libssh2.h: use `_WIN32` for Windows detection instead of rolling our own
Sync up `libssh2.h` Windows detection with the libssh2 source code.
`libssh2.h` was using `WIN32` and `LIBSSH2_WIN32` for Windows detection,
next to the official `_WIN32`. After this patch it only uses `_WIN32`
for this. Also, make it stop defining `LIBSSH2_WIN32`.
There is a slight chance these break compatibility with Windows
compilers that fail to define `_WIN32`. I'm not aware of any obsolete
or modern compiler affected, but in case there is one, one possible
solution is to define this macro manually.
Closes #1238
commit 487152f4fa8bc155fc6cb8a03896947425dc0632
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Nov 21 22:30:59 2023 +0000
openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build
Fixes:
```
src/openssl.c:650:5: error: use of undeclared identifier 'EC_KEY'
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
^
src/openssl.c:650:13: error: use of undeclared identifier 'ec_key'
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
^
src/openssl.c:650:22: error: implicit declaration of function 'EC_KEY_new_by_curve_name' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
^
src/openssl.c:650:22: note: did you mean 'EC_GROUP_new_by_curve_name'?
./quictls/_a64-mac-sys/usr/include/openssl/ec.h:483:11: note: 'EC_GROUP_new_by_curve_name' declared here
EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
^
In file included from ./_a64-mac-sys-bld/src/CMakeFiles/libssh2_static.dir/Unity/unity_0_c.c:19:
In file included from src/crypto.c:10:
src/openssl.c:652:8: error: use of undeclared identifier 'ec_key'
if(ec_key) {
^
```
Ref: https://github.com/curl/curl-for-win/actions/runs/6950001225/job/18909297867#step:3:4341
Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207
Bug #1235
Closes #1236
commit 910ed9b0355cb8b9f2c71e00333426f1ee5f5bb7
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Nov 21 23:31:22 2023 +0000
openssl: formatting
Sync up these lines with the other two similar occurrences in the code.
Cherry-picked from #1236
commit b0ab005fe79260e6e9fe08f8d73b58dd4856943d
Author: Michael Buckley <michael@buckleyisms.com>
Date: Tue Nov 21 09:33:01 2023 -0800
openssl: use non-deprecated APIs with OpenSSL 3.x (#1207)
Assisted-by: Viktor Szakats
commit c9dd3566b2247083f75e1304b7365ee9c8ed3e34
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Nov 21 00:39:44 2023 +0000
ci: add BoringSSL job (cmake, gcc, amd64)
Closes #1233
commit 89ccc83c7da73e7ca3a112e350008131942b592e
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Nov 20 02:06:37 2023 +0000
autotools: fix dotless gcc and Apple clang version detections
- fix parsing dotless (major-only) gcc versions.
Follow-up to 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad #1187
- sync gcc detection variable names with curl.
- fix Apple clang version detection for releases between
'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the
version was under-detected as 3.7 llvm/clang equivalent.
- fix Apple clang version detection for 'Apple clang version 11.0.0'
and newer where the Apple clang version was detected, instead of its
llvm/clang equivalent.
- revert to show `clang` instead of `Apple clang`, because we follow it
with an llvm/clang version number. (Apple-ness still visible in raw
version.)
Used this collection for Apple clang / llvm/clang translation and test
inputs: https://gist.github.com/yamaya/2924292
Closes #1232
commit e9017b10460857cf148f94716356907f60884a3f
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Nov 20 01:48:17 2023 +0000
acinclude.m4: revert accidental edit [ci skip]
Follow-up to 8c320a93a48775b74f40415e46f84bf68b4d5ae8
commit fb58016180090a5baea21d69f0d14b07b7f01ef4
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Nov 19 18:04:57 2023 +0000
autotools: show more clang/gcc version details
Also:
- show if we detected Apple clang.
- delete duplicate version detection for clang.
Closes #1230
commit 8c320a93a48775b74f40415e46f84bf68b4d5ae8
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 18 16:04:19 2023 +0000
acinclude.m4: re-sync with curl [ci skip]
commit 96682bd5e14c20828e18bf10ed5b4b5c7543924a
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 17 21:13:30 2023 +0000
autotools: avoid warnings in libtool stub code
Seen on Windows with clang64, in libtool-generated stub code for
examples and tests.
The error didn't break the CI job for some reason.
msys2 (autotools, clang64, clang-x86_64:
```
[...]
2023-11-17T20:14:17.8639574Z ./.libs/lt-test_read.c:91:10: error: macro is not used [-Werror,-Wunused-macros]
[...]
2023-11-17T20:14:39.8729255Z ./.libs/lt-sftp_write_nonblock.c:91:10: error: macro is not used [-Werror,-Wunused-macros]
[...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6908585056/job/18798193405?pr=1226#step:8:474
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Closes #1227
commit ecec68a2c13a9c63fe8c2dc457ae785a513e157c
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 17 20:04:52 2023 +0000
mbedtls: improve disabling `-Wredundant-decls`
Disable these warnings specifically for the mbedTLS public headers
and leave it on for the the rest of the code. This also fixes this
issue for autotools. Previous solution was globally disabling this
warning for the whole code when using mbedTLS and only with CMake.
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Closes #1226
commit 64d6789f71aa4db25c6903c5e0180790bb12782e
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 16 14:38:44 2023 +0000
cmake: rename picky warnings script
To match the camel-case style used in other CMake scripts and also
to match the name used in curl.
Closes #1225
commit 7ecc309cd10454c54814b478c4f85d0041da6721
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 16 00:54:25 2023 +0000
build: enable more compiler warnings and fix them
Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
functionality for it.
Fix issues found along the way:
- wincng, mbedtls: delete duplicate function declarations.
Most of this was due to re-#defining crypto functions to
crypto-backend specific implementations These redefines also remapped
the declarations in `crypto.h`, making the backend-specific
declarations duplicates.
This patch deletes the backend-specific declarations.
- wincng mapped two crypto functions to the same local function.
Also causing double declarations.
Fix this by adding two disctinct wrappers and moving
the common function to a static one.
- delete unreachable `break;` statements.
- kex: disable macros when unused.
- agent: disable unused constants.
- mbedtls: disable double declaration warnings because public mbedTLS
headers trigger it. (with function `psa_set_key_domain_parameters`)
- crypto.h: formatting.
Ref: https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake
Closes #1224
commit 5996fefe2bad80cfba85b2569ce6ab6ef575142c
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 23:15:17 2023 +0000
autotools: sync warning enabler code with curl
Tiny changes and minor updates to bring this code closer
to curl's `m4/curl-compilers.m4`.
Closes #1223
commit e645fa95f361d70bf1bf014d418b89b72b7e9d8c
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 22:51:41 2023 +0000
acinclude.m4: fix indentation [ci skip]
Also match indentation of curl's `m4/curl-compilers.m4` for
easier syncing.
commit ce5f208a556c92672a959cc7ed879dcdec5836a0
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 20:28:55 2023 +0000
autotool: rename variable
`WARN` -> `tmp_CFLAGS`
To match curl and make syncing this code easier.
Ref: https://github.com/curl/curl/blob/d1820768cce0e797d1f072343868ce1902170e93/m4/curl-compilers.m4#L479
Closes #1222
commit cdca8cff886ce71fb9b8d0c56cdf9774b5a7d355
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 18:43:51 2023 +0000
autotools: picky warning options tidy-up
- sync clang warning version limits with CMake.
- make `WARN=` vs. `CURL_ADD_COMPILER_WARNINGS()` consistent with curl
and between clang and gcc (`WARN=` is for `no-` options in general).
Closes #1221
commit 328a96b3daf92efc867cde2eee651c48958f31ea
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 00:36:55 2023 +0000
build: picky warning updates
- cmake, autotools: sync picky gcc warnings with curl.
- cmake, autotools: add `-Wold-style-definition` for clang too.
- cmake, autotools: add comment for `-Wformat-truncation=1`.
- cmake: more precise version info for old clang options.
Closes #1219
commit fea6664e1bbf52cb9a02fceadc81f6f56c3fd7b9
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 10 15:41:05 2023 +0000
ci: fixup FreeBSD version, bump mbedtls
We haven't been using the FreeBSD version. Also it turns out,
the single version supported is 13.2 at the moment:
https://github.com/vmactions/freebsd-vm/tree/main/conf
Stop trying to set the version and instead rely on the action
providing the latest supported one automatically.
Follow-up to a7d2a573be26238cc2b55e5ff6649bbe620cb8d9
Also:
- add more details to the FreeBSD job description.
- bump mbedtls version while here.
Closes #1217
commit 932d6a32779a39aa6109e2d7aff8b2b6123df4f4
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 9 18:59:01 2023 +0000
cmake: fix multiple include of libssh2 package
Also extend our integration test double inclusion. It will still not
catch this case, because that requires
`cmake_minimum_required(VERSION 3.18)` or higher.
Fixes:
```
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:8 (add_library):
add_library cannot create ALIAS target "libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:13 (add_library):
add_library cannot create ALIAS target "Libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
```
Test to reproduce:
```cmake
cmake_minimum_required(VERSION 3.18) # must be 3.18 or higher
project(test)
find_package(libssh2 CONFIG)
find_package(libssh2 CONFIG) # fails
add_executable(test main.c)
target_link_libraries(test libssh2::libssh2)
```
Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes
Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html
Assisted-by: Kai Pastor
Assisted-by: Harry Mallon
Ref: https://github.com/curl/curl/pull/11913
Closes #1216
commit a7d2a573be26238cc2b55e5ff6649bbe620cb8d9
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 8 18:17:22 2023 +0000
ci: add FreeBSD 13.2 job
It runs over Linux via qemu. First two runs were (very) slow, then it
became (much) more performant at just 2x slower than a native Linux
build. Then got slow again, then fast again. Still seems acceptable
for the value this adds.
The build uses autotools and quictls.
Successful builds:
1. https://github.com/libssh2/libssh2/actions/runs/6802676786/job/18496286419 (13m59s, -j3)
2. https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497243225 (11m5s, -j2)
3. https://github.com/libssh2/libssh2/actions/runs/6803142201/job/18497785049 (3m6s, -j1)
4. https://github.com/libssh2/libssh2/actions/runs/6803194839/job/18497962766 (3m10s, -j2)
5. https://github.com/libssh2/libssh2/actions/runs/6803267201/job/18498208501 (3m13s)
6. https://github.com/libssh2/libssh2/actions/runs/6803510333/job/18498993698 (15m25s)
7. https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528571057 (3m13s)
Similar solution exists for Solaris (over macOS via VirtualBox), but it
hangs forever at `Waiting for text: solaris console login`:
https://github.com/libssh2/libssh2/actions/runs/6802388128/job/18495391869#step:4:185
Idea taken from LibreSSL.
FIXME: Unrelated, the `distcheck` job became flaky in recent days:
https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497256437#step:10:536
```
FAIL: test_auth_pubkey_ok_rsa_aes256gcm
```
https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528588933#step:10:533
```
FAIL: test_read
```
Closes #1215
commit b9a4ed83b4b7fbef4f95e77ff1eab850dfcbac27
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 8 03:24:09 2023 +0000
reuse: fix duplicate copyright warning
```
PendingDeprecationWarning:
Copyright and licensing information for 'tests/openssh_server/Dockerfile'
has been found in both 'tests/openssh_server/Dockerfile' and in the DEP5
file located at '.reuse/dep5'. The information for these two sources has
been aggregated. In the future this behaviour will change, and you will
need to explicitly enable aggregation. [...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6789274955/job/18456085964#step:4:4
commit 43485579609a833827736e8205fe29956900ed74
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Oct 28 11:36:31 2023 +0000
Makefile.mk: delete Windows-focused raw GNU Make build
We recommend using CMake instead. Especially in unity mode, it's faster
and probably more familiar for most. It's also easily portable.
(`Makefile.mk` was also portable, but in practice only usable for
Windows. Other platforms required a manual config header.)
Also:
- migrate `LIBSSH2_NO_*` option CI tests to CMake.
- make MSYS2 CMake builds verbose to show compilation options.
Closes #1204
commit bfa00f1bd5abce93cd95055c8b71791816b3c655
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Nov 6 12:18:25 2023 +0000
tidy-up: around `stdint.h`
- os400: delete unused `HAVE_STDINT_H`.
- fuzz: delete redundant `stdint.h` use.
`inttypes.h` is already included via `testinput.h`.
- docs/TODO: adjust type in planned function.
Closes #1212
commit 20387285d300c74160f655b72ad5d762ee56166b
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Nov 6 00:41:17 2023 +0000
cmake: show crypto backend in feature summary
This was visible as an enabled package before this patch, but it missed
to show WinCNG.
Closes #1211
commit a3ffc4221d7ed4619c1e5e4557287204868e443b
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 3 11:04:22 2023 +0000
man: fix double spaces and dash escaping
- `- ` -> `- `
- `. ` -> `. `
- `\- ` -> `- `
- `-1` -> `\-1`
- fold long lines along the way
This makes the minus sign come out as a Unicode minus sign
(0x2212), and title separator dashes as Unicode hyphen (0x2010),
with `groff -Tutf8` v1.23.0.
Ref: https://lwn.net/Articles/947941/
Closes #1210
commit 8cca7b77527861395de6278b27fa825df3b5b835
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Oct 31 22:41:05 2023 +0000
src: fix gcc 13 `-Wconversion` warning on Darwin
```
src/session.c: In function 'libssh2_poll':
src/session.c:1776:22: warning: conversion from 'long int' to '__darwin_suseconds_t' {aka 'int'} may change value [-Wconversion]
1776 | tv.tv_usec = (timeout_remaining % 1000) * 1000;
| ^
```
Ref: https://github.com/curl/curl-for-win/actions/runs/6711735060/job/18239768548#step:3:4368
Follow-up to 08354e0abbe86d4cc5088d210d53531be6d8981a
Closes #1209
commit bf285500e603b77229bbaf9a87fe7f724bb5ffaa
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Oct 30 17:42:32 2023 +0000
openssl: silence `-Wunused-value` warnings
Seen with gcc 12.
Manual: https://www.openssl.org/docs/man3.1/man3/BIO_reset.html
```
./quictls/linux-a64-musl/usr/include/openssl/bio.h:555:34: warning: value computed is not used [-Wunused-value]
555 | # define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./libssh2/src/openssl.c:3518:5: note: in expansion of macro 'BIO_reset'
./libssh2/src/openssl.c:3884:5: note: in expansion of macro 'BIO_reset'
./libssh2/src/openssl.c:3995:5: note: in expansion of macro 'BIO_reset'
```
Ref: https://github.com/curl/curl-for-win/actions/runs/6696392318/job/18194032712#step:3:5060
Closes #1205
commit f64e6318f031a15d7e727d6f4864a3d2e973aab0
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Oct 30 11:23:47 2023 +0000
Makefile.am: fix `cp` to preserve attributes and timestamp
commit fc00bdd7f195fc6511d18d11cad2801b56c5549e
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Oct 7 15:32:39 2023 +0000
cmake: simplify showing CMake version
Move it to `CMakeLists.txt`. Drop `cmake --version` commands.
Credit to the `zlib-ng` project for the idea:
https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078bd1399/CMakeLists.txt#L7
Closes #1203
commit 5e19044282c219ddb1fedddd8eaba0b4c0256a95
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Oct 7 09:19:49 2023 +0000
ci: mbedtls 3.5.0
v3.5.0 needs extra compiler option for i386 to avoid:
```
#error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
```
Closes #1202
commit 2cd2f40e37ab7e3880bc9504c6d7cda5a188fed7
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Oct 7 09:47:58 2023 +0000
tests: show cmake version used in integration tests
Closes #1201
commit a9a79e7a41f2c80b487ede854ffcad90a7634e7b
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Oct 3 13:46:01 2023 +0000
readme.vms: fix typo [ci skip]
Detected by codespell 2.2.6
commit 06fd721f08f058b3bb83fc5d0e1c50736b28cb26
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Sep 30 19:03:37 2023 +0000
appveyor: YAML/PowerShell formatting, shorten variable name
- use single-quotes in yaml and PowerShell.
- shorten a variable name.
- use indentation 2 for scripts.
- use C else-style in PowerShell.
Closes #1200
commit d468a33f620d56f2fc67ee98cd50b9039d2ecf6e
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Sep 30 14:58:51 2023 +0000
ci: update actions, use shallow clones with appveyor
- update GitHub Actions to their latest versions.
- use shallow git clones in AppVeyor CI to save data over the wire.
Closes #1199
commit 8a081fd98b015e4a5375bfec1c295e0b7e2e4e6c
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Sep 29 20:07:36 2023 +0000
appveyor: move to pure PowerShell
- replace batch commands with PowerShell.
- merge separate command entries into single PowerShell blocks.
Closes #1197
commit 6fbc9505d8a4179ab6a1d44c7df9bb9af6bdc9ba
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Sep 29 08:43:40 2023 +0000
windows: use built-in `_WIN32` macro to detect Windows
Instead of `WIN32`.
The compiler defines `_WIN32`. Windows SDK headers or build env defines
`WIN32`, or we have to take care of it. The agreement seems to be that
`_WIN32` is the preferred practice here.
Minor downside is that CMake uses `WIN32` and we also adopted it in
`Makefile.mk`.
In public libssh2 headers we stick with accepting either `_WIN32` or
`WIN32` and define our own namespaced `LIBSSH2_WIN32` based on them.
grepping for `WIN32` remains useful to detect Windows-specific code.
Closes #1195
commit 4c241d5c65c754141243bebdafa900472b23b68f
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Sep 29 09:27:34 2023 +0000
cmake: cleanup mbedTLS version detection more
- lowercase, underscored local variables.
- fix `find_library()` to use the multiple names passed.
- rely more on `find_package_handle_standard_args()`.
Logic based on our `Findwolfssl.cmake`.
- delete ignored/unused `MBEDTLS_LIBRARY_DIR`.
- revert CI configuration to use `MBEDCRTYPO_LIBRARY`.
- clarify inputs/outputs in comment header.
- use variable for regex.
- formatting.
Follow-up to 41594675072c578294674230d4cf5f47fa828778 #1192
Closes #1196
commit 30eef0a630ab3cc408f06d9b32fa19f647008df7
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Sep 28 18:32:37 2023 +0000
cmake: delete duplicate `include()`
commit 41594675072c578294674230d4cf5f47fa828778
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Sep 28 13:09:36 2023 +0000
cmake: improve/fix mbedTLS detection
- libssh2 needs the crypto lib only, stop dealing with the rest.
- simplify logic.
- drop hard-wired toolchain specific options that broke with e.g. MSVC.
Reported by: AR Visions
Fixes #1191
- add mbedTLS version detection for recent releases.
- merge custom detection results display into a single line.
- shorten mbedTLS configuration in macOS CI job.
Used the curl mbedTLS detection logic for ideas:
https://github.com/curl/curl/blob/a8c773845f4fdbfb09b08a6ec4b656c812568995/CMake/FindMbedTLS.cmake
Closes #1192
commit 67e39091b2fa3b87e22895cdbdeda20e4b2403b1
Author: concussious <79338398+concussious@users.noreply.github.com>
Date: Sat Sep 23 19:00:14 2023 -0400
libssh2_session_get_blocking.3: Add description (#1185)
commit 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Sep 21 08:14:38 2023 +0000
autotools: fix selecting wincng in cross-builds (and more)
- Fix explicitly selecting WinCNG in autotools cross-builds by moving
`windows.h` header check before the WinCNG availability check.
Follow-up to d43b8d9b0b9cd62668459fe5d582ed83aabf77e7
Reported-by: Jack L
Fixes #1186
- Add Linux -> mingw-w64 cross-builds for autotools and CMake. This
doesn't detect #1186, because that happened when explicitly specifying
WinCNG via `--with-crypto=wincng`, but not when falling back to WinCNG
by default.
- autotools: fix to strip suffix from gcc version
Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu
may return `n-win32` (also with `-dumpfullversion`). Causing these
errors and failing to enable picky warnings:
```
../configure: line 23845: test: : integer expression expected
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143
Fix that by stripping any dash-suffix.
gcc version detection is still half broken because we translate '10'
to '10.10' because `cut -d. -f2` returns the first word if the
delimiter missing.
More possible `-dumpversion` output: `10-posix`, `10-win32`,
`9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0`
Ref: https://github.com/mamedev/mame/pull/9767
Closes #1187
commit 88a960a86b9ffbabd17a4bbcf767e26514c4678e
Author: Michael Buckley <michael@buckleyisms.com>
Date: Mon Aug 28 16:47:21 2023 -0700
Properly bounds check packet_authagent_open() (#1179)
* Properly bounds check packet_authagent_open
* packet.c: use strlen instead of sizeof for strings
* Make LIBSSH_CHANNEL's channel_type_len a size_t
* packet_authagent_open: use size_t for offset
Credit:
Michael Buckley, signed off by Will Cosgrove
commit a790d3784eca821aeaee0b5db54cbf037780676f
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 28 23:20:53 2023 +0000
os400qc3: move FIXME comment [ci skip]
Follow-up to eb9f9de2c19ec67d12a444cce34bdd059fd26ddc
commit eb9f9de2c19ec67d12a444cce34bdd059fd26ddc
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Aug 26 21:56:23 2023 +0000
md5: allow disabling old-style encrypted private keys at build-time
Before this patch, this happened at runtime when using an old (pre-3.0),
FIPS-enabled OpenSSL backend.
This patch makes it possible to disable this via the build-time option
`LIBSSH2_NO_MD5_PEM`.
Also:
- make sure to exclude all MD5 internal APIs when both the above and
`LIBSSH2_NO_MD5` are enabled.
- fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM`
and `LIBSSH2_NO_3DES`.
- add FIXME to apply this change to `os400qc3.*`.
Old-style encrypted private keys require MD5 and they look like this:
```
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<MD5-hex>
<base64>
-----END RSA PRIVATE KEY-----
```
E.g.: `tests/key_rsa_encrypted`
Ref: https://github.com/libssh2/www/issues/20
Closes #1181
commit 4a64ca14302e5105c168de3f8f6cc0cbe27e4020
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Aug 26 09:48:34 2023 +0000
cmake: tidy-up `foreach()` syntax
Use `IN LISTS` and `IN ITEMS`. This appears to be the preferred way
within CMake's own source code and possibly improves readability.
Fixup a side-effect of `IN LISTS`, where it retains empty values at
the end of the list, as opposed to the syntax used before, which
dropped it. In our case this happened with lines read from a text
file via `file(READ)`.
https://cmake.org/cmake/help/v3.7/command/foreach.html
Closes #1180
commit 5754fed68644363cb25220fcf3dc86b5c376aa60
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 21:12:25 2023 +0000
ci: replace `mv` + `chmod` with `install` in `Dockerfile`
Cherry-picked from #1175
Closes #1175
commit 633db55f50f79f5cb08d4a7f73d57f2ca57958f1
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 20:56:50 2023 +0000
ci: set file mode early in `appveyor_docker.yml`
Also:
- replace tab with spaces in generated config file
- formatting
Cherry-picked from #1175
commit a79218d3a058a333bb9de14079548a3511679a04
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Aug 20 08:26:55 2023 +0000
ci: add spellcheck (codespell)
Also rename a variable in `src/os400qc3.c` to avoid a false positive.
Cherry-picked from #1175
commit a20572e9afbe53c04c84105327de68d39528ce53
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Aug 22 16:43:16 2023 +0000
cmake: also test for `libssh2_VERSION`
Cherry-picked from #1175
commit 87f5769b5158a81f7a21263b507e069b48f093c2
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 21 21:27:31 2023 +0000
cmake: show cmake versions in ci
Cherry-picked from #1175
commit e61987a3bf5b0ba40357cd769e5a16c5257724fd
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 20:56:02 2023 +0000
tests: formatting and tidy-ups
- Dockerfile: use standard sep with `sed`
- Dockerfile: use single quotes in shell command
- appveyor.yml: use long-form option with `choco`
- tests/cmake: add language to test project
- reuse.yml: fix indentation
```
$ yamllint reuse.yml
reuse.yml
[...]
11:5 error wrong indentation: expected 6 but found 4 (indentation)
15:5 error wrong indentation: expected 6 but found 4 (indentation)
[...]
27:5 error wrong indentation: expected 6 but found 4 (indentation)
```
Cherry-picked from #1175
commit 1676a178140b0c755493af78899f6d4a10b466e8
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 20:55:37 2023 +0000
openssl.c: whitespace fixes
Cherry-picked from #1175
commit a95d401f1f1fef0ac342ca1c0c23586d39999b15
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Aug 20 00:24:59 2023 +0000
checksrc: fix spelling in comment [ci skip]
commit e9c7d3afa0bdf3a004846324213df938b94343b2
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 13:20:03 2023 +0000
cmake: quote more strings
Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1
Closes #1173
commit 6e3e883994eb34ecdf43c373cfac2700101a82bd
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 11:05:52 2023 +0000
drop `www.` from `www.libssh2.org`
<https://www.libssh2.org/*> is now a 301 permanent redirect to
<https://libssh2.org/*>.
Update all references to point directly to the new destination.
Ref: https://github.com/libssh2/www/commit/ccf4a7de7f702a8ee17e2c697bcbef47fcf485ed
Closes #1172
commit aeaefaf6cc5f832dd24d7c6301ea6b5ae6e11496
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Aug 17 23:02:35 2023 +0000
cmake: add `ExternalProject` integration test
- via `ExternalProject_Add()`:
https://cmake.org/cmake/help/latest/module/ExternalProject.html
(as documented in `docs/INSTALL_CMAKE.md`)
- also make `FetchContent` fetch from local repo instead of live master.
Closes #1171
commit 8715c3d51b87ebe72c6eff7b1a71f4ce6c3afb9a
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Aug 16 13:22:30 2023 +0000
cmake: add integration tests
Add a small project to test dependent/downstream CMake build using
libssh2. Also added to the GHA CI, and you can also run it locally with
`tests/cmake/test.sh`.
Test three methods of integrating libssh2 into a project:
- via `find_package()`:
https://cmake.org/cmake/help/latest/command/find_package.html
- via `add_subdirectory()`:
https://cmake.org/cmake/help/latest/command/add_subdirectory.html
- via `FetchContent`:
https://cmake.org/cmake/help/latest/module/FetchContent.html
Closes #1170
commit 4ff64ae3ca14a04c6914c45c48476a061723a872
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Aug 16 06:38:22 2023 +0000
cmake: (re-)add aliases for `add_subdirectory()` builds
Add internal libssh2 library aliases to make these available for
downstream/dependent projects building libssh2 via `add_subdirectory()`:
- `libssh2:libssh2_static`
- `libssh2:libssh2_shared`
- `libssh2:libssh2` (shared, or static when not building shared)
- `libssh2` (shared, or static when not building shared)
Of these, `libssh2` was present in v1.10.0 and earlier releases, but
missing from v1.11.0.
Closes #1169
commit 8eade0c9b75dff36e7c55edde03887d95a5ec260
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Aug 16 06:36:10 2023 +0000
cmake: delete empty line [ci skip]
Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1
commit 6eda1ee4337a57cb92b831ff2647b914b52ff14a
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Aug 15 21:58:18 2023 +0000
cmake: reflect minimum version in docs [ci skip]
Follow-up to 9cd18f4578baa41dfca197f60557063cad12cd59
commit 3fa5282d6284efba62dc591697e6a687152bdcb1
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Aug 10 12:38:24 2023 +0000
cmake: style tidy up
- quote text literals to improve readability.
(exceptions: `FILES` items, `add_subdirectory` names, `find_package`
names, literal target names, version numbers, 0/1, built-in CMake
values and CMake keywords, list items in `cmake/max_warnings.cmake`)
- quote standalone variables that could break syntax on empty values.
- replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`.
- add missing mode to `message()` call.
- `TRUE`/`FALSE` → `ON`/`OFF`.
- add missing default value `OFF` to `option()` for clarity.
- unfold some lines.
- `INSTALL_CMAKE.md` fixes and updates. Show defaults.
Closes #1166
commit 186c1d6394a75e52ea3becd4c11a32aaa6002a52
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Aug 15 01:36:48 2023 +0000
wincng: prefer `ULONG`/`DWORD` over `unsigned long`
To match with the types used by the `Crypt*()` (uses `DWORD`) and
`BCrypt*()` (uses `ULONG`) Windows APIs.
This patch doesn't change data width or signedness.
Closes #1165
commit 7bb669b52adbb1d3d4e239f77544824e83f74209
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 14 23:23:06 2023 +0000
wincng: tidy-ups
- make `_libssh2_wincng_key_sha_verify` static.
- prefer `unsigned long` over `size_t` in two static functions.
- prefer `ULONG` over `DWORD` to match `BCryptImportKeyPair()`
and `BCryptGenerateKeyPair()`.
- add a newline.
Closes #1164
commit d43b8d9b0b9cd62668459fe5d582ed83aabf77e7
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 14 21:57:18 2023 +0000
ci: add MSYS builds (autotools and cmake)
Use existing MSYS2 section and extend it with builds for the MSYS
environment with both autotools and cmake.
MSYS builds resemble Cygwin ones: The env is Unixy, where Windows
headers are all available but we don't use them.
Also:
- extend existing autotools logic for Cygwin to skip detecting
`windows.h` for MSYS targets too.
- require `windows.h` for the WinCNG backend in autotools. Before this
patch, autotools allowed selecting WinCNG on the Cygwin and MSYS
platforms, but the builds then fell apart due to the resulting mixed
Unixy + Windowsy environment. The general expectation for Cygwin/MSYS
builds is not to use the Windows API directly in them.
- stop manually selecting the `MSYS Makefiles` CMake generator for
MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but
it broke MSYS build which use `Unix Makefiles`. Deleting this setting
fixes all build flavours.
Closes #1162
commit 84912e2ed8a9e40016a1e0c381bacbba7cba52b5
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 14 23:07:21 2023 +0000
ci: cygwin job tidy-ups
`CMAKE_C_COMPILER=gcc` not necessary, delete it.
Follow-up to f1e96e733fefb495bc31b07f5c2a5845ff877c9c
Cherry-picked from #1163
Closes #1163
commit f1e96e733fefb495bc31b07f5c2a5845ff877c9c
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 14 21:22:00 2023 +0000
ci: add Cygwin builds (autotools and cmake)
To avoid builds picking up non-Cygwin components coming by default with
the CI machine, I used the solution recommended by Cygwin [1] and set
`PATH` manually. To avoid repeating this for each step, I merged steps
into a single one. Let us know if there is a more elegant way.
Cygwin's Github Action uses cleartext HTTP. We upgrade this to HTTPS.
autotools build seemed to take slightly longer than other jobs. To save
turnaround time I disabled building tests.
Cygwin package search: https://cygwin.com/cgi-bin2/package-grep.cgi
[1] https://github.com/cygwin/cygwin-install-action/tree/v4#path
Closes #1161
commit 5453fc8035b4aaad1a9bbfbeace4fac210fabde8
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Aug 13 09:07:26 2023 +0000
cmake: add `LIB_NAME` variable
It holds the name `libssh2`. Mainly to document its uses, and also
syncing up with the same variable in libcurl.
Closes #1159
commit c705ff3f370582d4363f53826c4fcb23af7ec3b7
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 11 21:57:33 2023 +0000
cmake: add one missed `PROJECT_NAME` variable
Follow-up to 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c
Closes #1158
commit ae7d51085e9e4e8c0d0ca3ded9dd7956f6f7d645
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 11 17:09:27 2023 +0000
cmake: tidy-up concatenation in `CMAKE_MODULE_PATH`
Former solution was appending an empty element to the array if
`CMAKE_MODULE_PATH` was originally empty. The new syntax doesn't have
this side-effect.
There is no known issue caused by this. Fixing it for good measure.
Closes #1157
commit 1215aa5f46a603ce31e8b91b11ccd273a469350a
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Aug 10 02:33:24 2023 +0000
ci: add mingw-w64 UWP build
Add a CI test for Windows UWP builds using mingw-w64. Before this patch
we had UWP builds tested with MSVC only.
Alike existing UWP jobs, it's not possible to run the binaries due to
the missing UWP runtime DLL:
https://github.com/libssh2/libssh2/actions/runs/5821297010/job/15783475118#step:11:42
We could install `winstorecompat-git` in the setup-msys2 step, but opted
to do it manually to avoid the overhead for every matrix job.
All this would work smoother with llvm-mingw, which features an UWP
toolchain prefix and provides all necessary implibs by default.
This also hit a CMake bug (with v3.26.4), where CMake gets confused and
sets up `windres.exe` to use the MSVC rc.exe-style command-line:
https://github.com/libssh2/libssh2/actions/runs/5819232677/job/15777236773#step:9:126
Notice that MS "sunset" UWP in 2021:
https://github.com/microsoft/WindowsAppSDK/discussions/1615
If this particular CI job turns out to be not worth the maintenance
burden or CPU time, or too much of a hack, feel free to delete it.
Ref: https://github.com/libssh2/libssh2/pull/1147#issuecomment-1670850890
Closes #1155
commit 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Aug 9 11:23:37 2023 +0000
cmake: replace `libssh2` literals with `PROJECT_NAME` variable
Where applicable.
This also makes it more obvious which `libssh2` uses were referring
to the pr…
commit f0e23dae9128185d1af4345360f0bd712d593a07
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 9 21:37:39 2023 +0000
RELEASE-NOTES: synced [ci skip]
Closes #1279
commit d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a
Author: Michael Buckley <michael@buckleyisms.com>
Date: Thu Nov 30 15:08:02 2023 -0800
src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
Refs:
https://terrapin-attack.com/
https://seclists.org/oss-sec/2023/q4/292
https://osv.dev/list?ecosystem=&q=CVE-2023-48795
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
Fixes #1290
Closes #1291
commit c0f69548be902147ce014ffa40b8db3cf1d4b0b4
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 15:29:00 2023 +0000
session: add `libssh2_session_callback_set2()`
Add new `libssh2_session_callback_set2()` API that deprecates
`libssh2_session_callback_set()`.
The new implementation offers the same functionality, but accepts and
returns a generic function pointer (of type `libssh2_cb_generic *`), as
opposed to the old function that used data pointers (`void *`). The new
solution thus avoids data to function (and vice versa) pointer
conversions, which has undefined behaviour in standard C.
About the name: It seems the `*2` suffix was used in the past for
replacement functions for deprecated ones. Let's stick with that.
`*_ex` was preferred for new functions that extend existing ones with
new features.
Closes #1285
commit 3ec53f3ea26f61cbf2e0fbbeccb852fca7f9b156
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 14 16:46:09 2023 +0000
build: enable `-pedantic-errors`
According to the manual, this isn't the same as `-Werror -pedantic`.
Enable it together with `-Werror`.
https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-pedantic-errors-1
This option results in autotools feature detection going into crazies.
To avoid this, we add it to `CFLAGS` late. Idea copied from curl.
This option has an effect only with gcc 5.0 and newer as of this commit.
Let's enable it for clang and older versions too for simplicity. Ref:
https://github.com/curl/curl/commit/d5c0351055d5709da8f3e16c91348092fdb481aa
https://github.com/curl/curl/pull/2747
Closes #1286
commit f8c457943997b1f034993950e48ec19f90d2a7a1
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 14 22:54:22 2023 +0000
build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute
And fix the warning it detected.
Closes #1287
commit 9839ebe5e9f2df84459dd0f71eceb1bbc3c5d5eb
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 16 12:25:51 2023 +0000
libssh2.h: add deprecated function warnings
With deprecated-at versions and suggested replacement function.
It's possible to silence them by defining `LIBSSH2_DISABLE_DEPRECATION`.
Also add depcreated-at versions to documentation, and unify wording.
Ref: https://github.com/libssh2/libssh2/pull/1260#issuecomment-1837017987
Closes #1289
commit fc24735f618af190823657cb75919b830d6c44cf
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 14 19:18:15 2023 +0000
ci/spellcheck: delete redundant option [ci skip]
`--check-hidden` not necessary when passing filenames explicitly.
Follow-up to a79218d3a058a333bb9de14079548a3511679a04
commit 7010049969592f7c355cf062e68c18c8003ed605
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 14 20:14:55 2023 +0000
tidy-up: add empty line for clarity [ci skip]
commit ac68fbe475e6e02f43610367fe28257a8924a4ec
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 06:32:54 2023 +0000
build: FIXME `-Wsign-conversion` to be errors [ci skip]
commit 6e451669eabcc5ec1ed5c7979c96945092120e9a
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 01:34:35 2023 +0000
src: disable `-Wsign-conversion` warnings, add option to re-enable
To avoid the log noise till we fix those ~360 compiler warnings.
Also add macro `LIBSSH2_WARN_SIGN_CONVERSION` to re-enable them.
Follow-up to afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257
Closes #1284
commit 0f45dafe5eb95d0d2f6c9369e9d2c69c7b7ed79c
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 02:41:05 2023 +0000
cmake: fix indentation [ci skip]
commit 94b6bad3c8aa17fc852d86efa52c28c4f105531f
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 13 00:14:45 2023 +0000
example, tests: call `WSACleanup()` for each `WSAStartup()`
On Windows.
Closes #1283
commit 52c382f7aae2a8bff4ce3b4b83d18dde30ea11e2
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 9 21:01:49 2023 +0000
RELEASE-NOTES: update credits [ci skip]
Ref: https://github.com/libssh2/libssh2/pull/1241#issuecomment-1830118584
commit b77504837cade82c004b71b74a26a8bb76c04793
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 9 19:00:31 2023 +0000
RELEASE-NOTES: avoid splitting names, fix typo, refine order [ci skip]
commit 747862c0e2b7c1ed0650860df3f8b4e385a221f1
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 9 17:37:17 2023 +0000
RELEASE-NOTES: synced [ci skip]
commit 28dbf01667d8b28d0d9606c9fd474553b93e67a5
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 8 02:22:48 2023 +0000
add portable `LIBSSH2_SOCKET_CLOSE()` macro
Add `LIBSSH2_SOCKET_CLOSE()` to the public `libssh2.h` header, for user
code. It translates to `closesocket()` on Windows and `close()` on other
platforms.
Use it in example code.
It makes them more readable by reducing the number of `_WIN32` guards.
Closes #1278
commit 46333adfb81dabc139d7ee88e510798dd7bc61fe
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 7 20:49:34 2023 +0000
ci: add FreeBSD 14 job, fix issues
- install bash to fix error when running tests:
```
ERROR: test_sshd.test - missing test plan
ERROR: test_sshd.test - exited with status 127 (command not found?)
=====================================
[...]
# TOTAL: 4
# PASS: 2
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
[...]
env: bash: No such file or directory
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998
- fix sshd issue when running tests:
```
# sshd log:
# Server listening on :: port 4711.
# Server listening on 0.0.0.0 port 4711.
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub
# Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059
Cherry-picked from #1277
Closes #1277
commit 5e0ec99134cf5800b70df947d04daff57b9bbc30
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Dec 7 21:06:09 2023 +0000
ci: add OmniOS job, fix issues
- use GNU Make, to avoid errors:
```
make: Fatal error in reader: Makefile, line 983: Badly formed macro assignment
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429838379#step:3:1956
Caused by `?=` in `Makefile.am`. Fix it just in case.
```
make: Fatal error in reader: Makefile, line 438: Unexpected end of line seen
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7135524843/job/19432451767#step:3:1966
It's around line 43 in `Makefile.am`, reason undiscovered.
- fix error:
```
../../src/hostkey.c:1227:44: error: pointer targets in passing argument 5 of '_libssh2_ed25519_sign' differ in signedness [-Werror=pointer-sign]
1227 | datavec[0].iov_base, datavec[0].iov_len);
| ~~~~~~~~~~^~~~~~~~~
| |
| caddr_t {aka char *}
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7135102832/job/19431233967#step:3:2225
https://docs.oracle.com/cd/E36784_01/html/E36887/iovec-9s.html
- FIXME: new `-Wsign-conversion` warnings appeared in examples:
```
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
251 | FD_SET(forwardsock, &fds);
| ^~~~~~
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:251:9: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
259 | if(rc && FD_ISSET(forwardsock, &fds)) {
| ^~~~~~~~
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
[...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7136086865/job/19433997429#step:3:3450
Cherry-picked from #1277
commit 3f60ccb76bc825899fe9f933b9355d4ad6ca9766
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 8 01:07:57 2023 +0000
example: use `libssh2_socket_t` in X11 example
Cherry-picked from #1277
commit 798ed4a7e54ddb87b3ec2342a453b66cf2945bc7
Author: Aaron Stone <aaron@serendipity.cx>
Date: Fri Jun 2 13:37:14 2023 -0700
Handle EINTR from send/recv/poll/select to try again as the error is not fatal
Integration-patches-by: Viktor Szakats
Fixes #955
Closes #1058
commit d0a7f1da2104ca8b15263aa143a9bc42ea2081af
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 6 11:35:22 2023 +0000
appveyor: delete UWP job broken since Visual Studio upgrade
Few days ago UWP job started permafailing.
fail: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48678129/job/yb8n2pox8mfjwv6m
good: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48673013
Other projects also affected:
https://ci.appveyor.com/project/c-ares/c-ares/builds/48687390/job/l0fo4b0sijvqkw9r
No related local update. Same CMake version. Same CI image.
This seems to be the culprit, which could mean that this update broke
CMake detection, needs a different CMake configuration on our end, or
that this MSVC update pulled support for UWP apps:
fail: -- The C compiler identification is MSVC 19.38.33130.0 (~ Visual Studio 2022 v17.8)
good: -- The C compiler identification is MSVC 19.37.32825.0 (~ Visual Studio 2022 v17.7)
If this is v17.8, release notes don't readily suggest a feature removal:
https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.8
So it might just be UWP accidentally broken in this release.
Closes #1275
commit 8cd473c9303007b925d61658846a3f2bccf67735
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Dec 6 01:10:03 2023 +0000
checksrc: sync with curl
Closes #1272
commit e051ae343aca7bee7f586b1ace41f6a827fa011d
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Dec 5 23:41:39 2023 +0000
autotools: delete `--disable-tests` option, fix CI tests
Originally added to improve build performance by skipping building
tests. But, there seems to be no point in this, because autotools
doesn't build tests by default, unless explicitly invoking
`make check`.
Delete this option from Cygwin and FreeBSD CI tests, where it caused
`make check` to do nothing. Tests are built now, and runtime tests are
too, where supported.
Also disable Docker-based tests for these, and add a missing `make -j3`
for FreeBSD.
Reverts 7483edfada1f7e17cf8f9ac1c87ffa3d814c987e #715
Closes #1271
commit b1414503f51c9421557a3d4784b113a84d42c003
Author: ren mingshuai <renmingshuai@huawei.com>
Date: Wed Dec 6 07:14:53 2023 +0800
build: add `LIBSSH2_NO_DEPRECATED` option (#1266)
The following APIs have been deprecated for over 10 years and
use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated:
libssh2_session_startup()
libssh2_banner_set()
libssh2_channel_receive_window_adjust()
libssh2_channel_handle_extended_data()
libssh2_scp_recv()
Add these options to disable them:
- autotools: `--disable-deprecated`
- cmake: `-DLIBSSH2_NO_DEPRECATED=ON`
- `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED`
Fixes #1259
Replaces #1260
Co-authored-by: Viktor Szakats
Closes #1267
commit a3f5594a96bca6f56356c997ab463ff165360990
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Dec 4 22:46:01 2023 +0000
autotools: show the default for `hidden-symbols` option
Closes #1269
commit 2e5a8719d7db495ae346ce58388f875386233300
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 19:29:28 2023 +0000
tidy-up: bump casts from int to long for large C99 types in printfs
Cast large integer types to avoid dealing with printf masks for
`size_t` and other C99 types. Some of existing code used `int`
for this, bump them to `long`.
Ref: afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257
Closes #1264
commit afa6b865604019ab27ec033294edfe3ded9ae0c0
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 30 23:35:11 2023 +0000
build: enable missing OpenSSF-recommended warnings, with fixes
Ref:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
(2023-11-29)
Enable new warnings:
- replace `-Wno-sign-conversion` with `-Wsign-conversion`.
Fix them in example, tests and wincng. There remain about 360 of these
warnings in `src`. Add a TODO item for those and disable `-Werror` for
this particular warning.
- enable `-Wformat=2` for clang (in both cmake and autotools).
- enable `__attribute__((format))` for `_libssh2_debug()`,
`_libssh2_snprintf()` and in tests for `run_command()`.
`LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
Fix them:
- src: replace obsolete fall-through-comments with
`__attribute__((fallthrough))`.
- wincng: fix `-Wsign-conversion` warnings.
- tests: fix `-Wsign-conversion` warnings.
- example: fix `-Wsign-conversion` warnings.
- src: fix `-Wformat` issues in trace calls.
Also, where necessary fix `int` and `unsigned char` casts to
`unsigned int` and adjust printf format strings. These were not
causing compiler warnings.
Cast large types to `long` to avoid dealing with printf masks for
`size_t` and other C99 types. Existing code often used `int` for this.
I'll update them to `long` in an upcoming commit.
- tests: fix `-Wformat` warning.
- silence `-Wformat-nonliteral` warnings.
- mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
in external header.
Closes #1257
commit e0a0466490dc6b669a2b2ce4f62745dea5e0b8f3
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 17:27:23 2023 +0000
packet: whitespace fix
Tested via #1257
commit b136c37998c152530c44672252be511ed2d4a10f
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 14:41:33 2023 +0000
tidy-up: unsigned -> unsigned int
In the `interval` argument of public `libssh2_keepalive_config()`.
Tested via #1257
commit eb996af851c046d040f89caedde0e28c7a7cf84d
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 14:44:50 2023 +0000
tests: sync port number type with the rest of codebase
Tested via #1257
commit ecdf519911a62dc3051bb0e645defe2b56543912
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 17:02:13 2023 +0000
autotools: enable `-Wunused-macros` with gcc
It works with gcc without the libtool warnings seen with clang
on Windows in 96682bd5e14c20828e18bf10ed5b4b5c7543924a #1227.
Sync usage of of this macro with CMake and
autotools + clang + non-Windows. Making it enabled everywhere except
autotools + clang + Windows due to the libtool stub issue.
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Closes #1262
commit 0b4bdc856f9e06a75e6675aad9d7f777ac3eb060
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Dec 2 03:16:08 2023 +0000
TODO: disable or drop weak algos [ci skip]
Closes #1261
commit 744e059f310ab7832f6781f673474e2924d02b4e
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 03:19:04 2023 +0000
example, tests: fix/silence `-Wformat-truncation=2` gcc warnings
Then sync this warning option with curl.
Seems like a false positive and/or couldn't figure how to fix it, so silence:
```
example/ssh2.c:227:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~
example/ssh2.c:227:34: note: assuming directive output of 1 byte
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~
example/ssh2.c:227:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
example/ssh2.c:228:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~
example/ssh2.c:228:34: note: assuming directive output of 1 byte
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~
example/ssh2.c:228:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205970397#step:10:98
Fix:
```
tests/openssh_fixture.c:116:38: error: ' 2>&1' directive output may be truncated writing 5 bytes into a region of size between 1 and 1024 [-Werror=format-truncation=]
tests/openssh_fixture.c:116:11: note: 'snprintf' output between 6 and 1029 bytes into a destination of size 1024
```
Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205969221#step:10:51
Tested via #1257
commit 2e57dcb9d2c2826a3cfdad65f72e6003313eaa64
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 12:55:12 2023 +0000
example: fix indentation follow-up
Fix long line and fix more indentations.
Follow-up to 9e896e1b80911a53d6aabb322e034e6ca51b6898
commit 9e896e1b80911a53d6aabb322e034e6ca51b6898
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 09:41:39 2023 +0000
example: fix indentation
Tested via #1257
commit 6c53815aa78daa66c4c84ee0a6caf3efa8651998
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 04:28:59 2023 +0000
autotools: fix missed `-pedantic` and `-Wall` options for gcc
Follow-up to 5996fefe2bad80cfba85b2569ce6ab6ef575142c #1223
Tested via #1257
commit c9124088099627c39917e093479f2692dce6588b
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Dec 1 04:38:16 2023 +0000
ci: show compiler in cross/cygwin job names
Tested via #1257
commit 4be5e33ae10431f90f9ffe0d6cba44b64dcd630e
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 30 23:54:58 2023 +0000
mbedtls: further improve disabling `-Wredundant-decls`
Move warning option suppression to `src/mbedtls.h` to surround the actual
external header #includes that need it.
Follow-up to ecec68a2c13a9c63fe8c2dc457ae785a513e157c #1226
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Tested via #1257
commit 8d69e63db9e2e759e3f973fbbc154e2ec1528f83
Author: ren mingshuai <renmingshuai@huawei.com>
Date: Fri Dec 1 11:52:12 2023 +0800
example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (#1258)
libssh2_scp_recv is deprecated and has been replaced by libssh2_scp_recv2
in prior commit.
Follow-up to 6c84a426beb494980579e5c1d244ea54d3fc1a3f
commit 363dcbf449c0c7b13c6526d7af84c6f1db2691cc
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 24 23:33:22 2023 +0000
openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job
- use OpenSSL 3 API when available for HMAC.
This fixes building with OpenSSL 3 `no-deprecated` builds.
- ensure we support pure OpenSSL 3 API by adding a CI job using
OpenSSL 3 custom-built with `no-deprecated`.
Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207
Fixes #1235
Closes #1243
commit 66108f02f0569efced1bdd6e9e8c29f2991c5b24
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Nov 26 12:00:20 2023 +0000
ci: restore lost comment for FreeBSD [ci skip]
Follow-up to eee4e8055ab375c9f9061d4feb39086737f41a9c
commit 0c9a8e3590051bfb80acbb2146388c8fe883b2f8
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 23:47:57 2023 +0000
ci: add OpenBSD (v7.4) job + fix build error in example
- Use CMake, LibreSSL and clang from the base install.
- This uncovered a build error in `example/subsystem_netconf.c`, caused
by using the `%n` printf mask. This is a security risk and some
systems (notably OpenBSD) disable this feature.
Fix it by applying this patch from OpenBSD ports (from 2021-09-11):
https://cvsweb.openbsd.org/ports/security/libssh2/patches/patch-example_subsystem_netconf_c?rev=1.1&content-type=text/x-cvsweb-markup
https://github.com/openbsd/ports/commit/2c5b2f3e94381914a3e8ade960ce8c997ca9d6d7
"The old code is also broken, as it passes a pointer to a variable
of a different size (on LP64). There is no check for truncation,
but buf[] is 1MB in size."
Patch-by: naddy
```
/home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:252:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror]
"]]>]]>\n%n", (int *)&len);
~^
/home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:270:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror]
"]]>]]>\n%n", (int *)&len);
~^
2 errors generated.
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6991449778/job/19022024280#step:3:420
Also made tests with arm64, but it takes consistently almost 14m to
finish the job, vs. 2-3m for the native amd64:
https://github.com/libssh2/libssh2/actions/runs/6991648984/job/19022440525
https://github.com/libssh2/libssh2/actions/runs/6991551220/job/19022233651
Cherry-picked from #1250
Closes #1250
commit 65c7a7a55af037bcc9ee67c2f69ecdb9109ecbb1
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 23:43:22 2023 +0000
ci: add NetBSD (v9.3) job
Use CMake, OpenSSL (v1.1) and clang from the base install.
Cherry-picked from #1250
commit eee4e8055ab375c9f9061d4feb39086737f41a9c
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 23:39:29 2023 +0000
ci: update and speed up FreeBSD job
- switch to an alternate GitHub action. This one seems (more) actively
maintained, and runs faster:
https://github.com/cross-platform-actions/action
- use clang instead of gcc. clang is already present in the base
install, saving install time and bandwidth.
- stop installing `openssl-quictls` and use the OpenSSL (v1.1) from
the base system.
(I'm suspecting that quictls before this patch wasn't detected by
the build.)
https://wiki.freebsd.org/OpenSSL
Cherry-picked from #1250
commit c6589b8823e9d4a282587a6a5dab831b54d412c0
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 11:52:00 2023 +0000
stop using leading underscores in macro names
Underscored macros are reserved for the compiler / standard lib / etc.
Stop using them in user code.
We used them as header guards in `src` and in `__FILESIZE` in `example`.
Closes #1248
commit 7494881617223bc05aa9c94ceaa6b068e2008be2
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 11:03:50 2023 +0000
ci: use absolute path in `CMAKE_INSTALL_PREFIX`
To make the installed locations unambiguous in the build logs.
Closes #1247
commit efee91333b7d641fbfb1ba471fb00d8161d4013c
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 03:49:49 2023 +0000
openssl: make a function static, add `#ifdef` comments
Follow-up to 03092292597ac601c3f9f0c267ecb145dda75e4e #248
where the function was added.
Also add comments to make `#ifdef` branches easier to follow in
`openssl.h`.
Closes #1246
commit 236e79a115791194368b45751e3ec9452d6d73d9
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 10:35:26 2023 +0000
ci: boost mbedTLS build speed
Build times down to 4 seconds (from 18-20).
Closes #1245
commit 82581941d6cd91cd00cf6d8bee1b2a660864ca19
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 00:26:40 2023 +0000
openssl: fix DSA code to use OpenSSL 3 API
- fix missing `DSA` type when building for OpenSSL 3 `no-deprecated`.
- fix fallouts after fixing the above by switching away from `DSA`
with OpenSSL 3.
Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207
Closes #1244
commit d2ef66473ca6f3521eb739eceddf0cba4c44bbed
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 25 00:35:43 2023 +0000
openssl: formatting (delete empty lines) [ci skip]
commit 5326a5ce262b0a27dbd4714dc370d85814297f55
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 23 23:00:13 2023 +0000
tests: fall back to `$LOGNAME` for username
If the `$USER` variable is empty, fall back to using `$LOGNAME` to
retrieve the logged-in username.
In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and
on some systems it may not be set. Without this value, tests were unable
to provide the correct username when logging into the SSH server running
under the active user's session.
Reported-by: Nicolas Mora
Suggested-by: Nicolas Mora
Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348
Fixes #1240
Closes #1241
commit 631e7734c8d850cd0c8e7a27d4dc524915e20b09
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Nov 21 20:32:12 2023 +0000
libssh2.h: use `_WIN32` for Windows detection instead of rolling our own
Sync up `libssh2.h` Windows detection with the libssh2 source code.
`libssh2.h` was using `WIN32` and `LIBSSH2_WIN32` for Windows detection,
next to the official `_WIN32`. After this patch it only uses `_WIN32`
for this. Also, make it stop defining `LIBSSH2_WIN32`.
There is a slight chance these break compatibility with Windows
compilers that fail to define `_WIN32`. I'm not aware of any obsolete
or modern compiler affected, but in case there is one, one possible
solution is to define this macro manually.
Closes #1238
commit 487152f4fa8bc155fc6cb8a03896947425dc0632
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Nov 21 22:30:59 2023 +0000
openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build
Fixes:
```
src/openssl.c:650:5: error: use of undeclared identifier 'EC_KEY'
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
^
src/openssl.c:650:13: error: use of undeclared identifier 'ec_key'
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
^
src/openssl.c:650:22: error: implicit declaration of function 'EC_KEY_new_by_curve_name' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
^
src/openssl.c:650:22: note: did you mean 'EC_GROUP_new_by_curve_name'?
./quictls/_a64-mac-sys/usr/include/openssl/ec.h:483:11: note: 'EC_GROUP_new_by_curve_name' declared here
EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
^
In file included from ./_a64-mac-sys-bld/src/CMakeFiles/libssh2_static.dir/Unity/unity_0_c.c:19:
In file included from src/crypto.c:10:
src/openssl.c:652:8: error: use of undeclared identifier 'ec_key'
if(ec_key) {
^
```
Ref: https://github.com/curl/curl-for-win/actions/runs/6950001225/job/18909297867#step:3:4341
Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207
Bug #1235
Closes #1236
commit 910ed9b0355cb8b9f2c71e00333426f1ee5f5bb7
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Nov 21 23:31:22 2023 +0000
openssl: formatting
Sync up these lines with the other two similar occurrences in the code.
Cherry-picked from #1236
commit b0ab005fe79260e6e9fe08f8d73b58dd4856943d
Author: Michael Buckley <michael@buckleyisms.com>
Date: Tue Nov 21 09:33:01 2023 -0800
openssl: use non-deprecated APIs with OpenSSL 3.x (#1207)
Assisted-by: Viktor Szakats
commit c9dd3566b2247083f75e1304b7365ee9c8ed3e34
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Nov 21 00:39:44 2023 +0000
ci: add BoringSSL job (cmake, gcc, amd64)
Closes #1233
commit 89ccc83c7da73e7ca3a112e350008131942b592e
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Nov 20 02:06:37 2023 +0000
autotools: fix dotless gcc and Apple clang version detections
- fix parsing dotless (major-only) gcc versions.
Follow-up to 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad #1187
- sync gcc detection variable names with curl.
- fix Apple clang version detection for releases between
'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the
version was under-detected as 3.7 llvm/clang equivalent.
- fix Apple clang version detection for 'Apple clang version 11.0.0'
and newer where the Apple clang version was detected, instead of its
llvm/clang equivalent.
- revert to show `clang` instead of `Apple clang`, because we follow it
with an llvm/clang version number. (Apple-ness still visible in raw
version.)
Used this collection for Apple clang / llvm/clang translation and test
inputs: https://gist.github.com/yamaya/2924292
Closes #1232
commit e9017b10460857cf148f94716356907f60884a3f
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Nov 20 01:48:17 2023 +0000
acinclude.m4: revert accidental edit [ci skip]
Follow-up to 8c320a93a48775b74f40415e46f84bf68b4d5ae8
commit fb58016180090a5baea21d69f0d14b07b7f01ef4
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Nov 19 18:04:57 2023 +0000
autotools: show more clang/gcc version details
Also:
- show if we detected Apple clang.
- delete duplicate version detection for clang.
Closes #1230
commit 8c320a93a48775b74f40415e46f84bf68b4d5ae8
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Nov 18 16:04:19 2023 +0000
acinclude.m4: re-sync with curl [ci skip]
commit 96682bd5e14c20828e18bf10ed5b4b5c7543924a
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 17 21:13:30 2023 +0000
autotools: avoid warnings in libtool stub code
Seen on Windows with clang64, in libtool-generated stub code for
examples and tests.
The error didn't break the CI job for some reason.
msys2 (autotools, clang64, clang-x86_64:
```
[...]
2023-11-17T20:14:17.8639574Z ./.libs/lt-test_read.c:91:10: error: macro is not used [-Werror,-Wunused-macros]
[...]
2023-11-17T20:14:39.8729255Z ./.libs/lt-sftp_write_nonblock.c:91:10: error: macro is not used [-Werror,-Wunused-macros]
[...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6908585056/job/18798193405?pr=1226#step:8:474
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Closes #1227
commit ecec68a2c13a9c63fe8c2dc457ae785a513e157c
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 17 20:04:52 2023 +0000
mbedtls: improve disabling `-Wredundant-decls`
Disable these warnings specifically for the mbedTLS public headers
and leave it on for the the rest of the code. This also fixes this
issue for autotools. Previous solution was globally disabling this
warning for the whole code when using mbedTLS and only with CMake.
Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224
Closes #1226
commit 64d6789f71aa4db25c6903c5e0180790bb12782e
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 16 14:38:44 2023 +0000
cmake: rename picky warnings script
To match the camel-case style used in other CMake scripts and also
to match the name used in curl.
Closes #1225
commit 7ecc309cd10454c54814b478c4f85d0041da6721
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 16 00:54:25 2023 +0000
build: enable more compiler warnings and fix them
Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
functionality for it.
Fix issues found along the way:
- wincng, mbedtls: delete duplicate function declarations.
Most of this was due to re-#defining crypto functions to
crypto-backend specific implementations These redefines also remapped
the declarations in `crypto.h`, making the backend-specific
declarations duplicates.
This patch deletes the backend-specific declarations.
- wincng mapped two crypto functions to the same local function.
Also causing double declarations.
Fix this by adding two disctinct wrappers and moving
the common function to a static one.
- delete unreachable `break;` statements.
- kex: disable macros when unused.
- agent: disable unused constants.
- mbedtls: disable double declaration warnings because public mbedTLS
headers trigger it. (with function `psa_set_key_domain_parameters`)
- crypto.h: formatting.
Ref: https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake
Closes #1224
commit 5996fefe2bad80cfba85b2569ce6ab6ef575142c
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 23:15:17 2023 +0000
autotools: sync warning enabler code with curl
Tiny changes and minor updates to bring this code closer
to curl's `m4/curl-compilers.m4`.
Closes #1223
commit e645fa95f361d70bf1bf014d418b89b72b7e9d8c
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 22:51:41 2023 +0000
acinclude.m4: fix indentation [ci skip]
Also match indentation of curl's `m4/curl-compilers.m4` for
easier syncing.
commit ce5f208a556c92672a959cc7ed879dcdec5836a0
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 20:28:55 2023 +0000
autotool: rename variable
`WARN` -> `tmp_CFLAGS`
To match curl and make syncing this code easier.
Ref: https://github.com/curl/curl/blob/d1820768cce0e797d1f072343868ce1902170e93/m4/curl-compilers.m4#L479
Closes #1222
commit cdca8cff886ce71fb9b8d0c56cdf9774b5a7d355
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 18:43:51 2023 +0000
autotools: picky warning options tidy-up
- sync clang warning version limits with CMake.
- make `WARN=` vs. `CURL_ADD_COMPILER_WARNINGS()` consistent with curl
and between clang and gcc (`WARN=` is for `no-` options in general).
Closes #1221
commit 328a96b3daf92efc867cde2eee651c48958f31ea
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 15 00:36:55 2023 +0000
build: picky warning updates
- cmake, autotools: sync picky gcc warnings with curl.
- cmake, autotools: add `-Wold-style-definition` for clang too.
- cmake, autotools: add comment for `-Wformat-truncation=1`.
- cmake: more precise version info for old clang options.
Closes #1219
commit fea6664e1bbf52cb9a02fceadc81f6f56c3fd7b9
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 10 15:41:05 2023 +0000
ci: fixup FreeBSD version, bump mbedtls
We haven't been using the FreeBSD version. Also it turns out,
the single version supported is 13.2 at the moment:
https://github.com/vmactions/freebsd-vm/tree/main/conf
Stop trying to set the version and instead rely on the action
providing the latest supported one automatically.
Follow-up to a7d2a573be26238cc2b55e5ff6649bbe620cb8d9
Also:
- add more details to the FreeBSD job description.
- bump mbedtls version while here.
Closes #1217
commit 932d6a32779a39aa6109e2d7aff8b2b6123df4f4
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Nov 9 18:59:01 2023 +0000
cmake: fix multiple include of libssh2 package
Also extend our integration test double inclusion. It will still not
catch this case, because that requires
`cmake_minimum_required(VERSION 3.18)` or higher.
Fixes:
```
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:8 (add_library):
add_library cannot create ALIAS target "libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:13 (add_library):
add_library cannot create ALIAS target "Libssh2::libssh2" because another
target with the same name already exists.
Call Stack (most recent call first):
CMakeLists.txt:24 (find_package)
```
Test to reproduce:
```cmake
cmake_minimum_required(VERSION 3.18) # must be 3.18 or higher
project(test)
find_package(libssh2 CONFIG)
find_package(libssh2 CONFIG) # fails
add_executable(test main.c)
target_link_libraries(test libssh2::libssh2)
```
Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes
Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html
Assisted-by: Kai Pastor
Assisted-by: Harry Mallon
Ref: https://github.com/curl/curl/pull/11913
Closes #1216
commit a7d2a573be26238cc2b55e5ff6649bbe620cb8d9
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 8 18:17:22 2023 +0000
ci: add FreeBSD 13.2 job
It runs over Linux via qemu. First two runs were (very) slow, then it
became (much) more performant at just 2x slower than a native Linux
build. Then got slow again, then fast again. Still seems acceptable
for the value this adds.
The build uses autotools and quictls.
Successful builds:
1. https://github.com/libssh2/libssh2/actions/runs/6802676786/job/18496286419 (13m59s, -j3)
2. https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497243225 (11m5s, -j2)
3. https://github.com/libssh2/libssh2/actions/runs/6803142201/job/18497785049 (3m6s, -j1)
4. https://github.com/libssh2/libssh2/actions/runs/6803194839/job/18497962766 (3m10s, -j2)
5. https://github.com/libssh2/libssh2/actions/runs/6803267201/job/18498208501 (3m13s)
6. https://github.com/libssh2/libssh2/actions/runs/6803510333/job/18498993698 (15m25s)
7. https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528571057 (3m13s)
Similar solution exists for Solaris (over macOS via VirtualBox), but it
hangs forever at `Waiting for text: solaris console login`:
https://github.com/libssh2/libssh2/actions/runs/6802388128/job/18495391869#step:4:185
Idea taken from LibreSSL.
FIXME: Unrelated, the `distcheck` job became flaky in recent days:
https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497256437#step:10:536
```
FAIL: test_auth_pubkey_ok_rsa_aes256gcm
```
https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528588933#step:10:533
```
FAIL: test_read
```
Closes #1215
commit b9a4ed83b4b7fbef4f95e77ff1eab850dfcbac27
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Nov 8 03:24:09 2023 +0000
reuse: fix duplicate copyright warning
```
PendingDeprecationWarning:
Copyright and licensing information for 'tests/openssh_server/Dockerfile'
has been found in both 'tests/openssh_server/Dockerfile' and in the DEP5
file located at '.reuse/dep5'. The information for these two sources has
been aggregated. In the future this behaviour will change, and you will
need to explicitly enable aggregation. [...]
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6789274955/job/18456085964#step:4:4
commit 43485579609a833827736e8205fe29956900ed74
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Oct 28 11:36:31 2023 +0000
Makefile.mk: delete Windows-focused raw GNU Make build
We recommend using CMake instead. Especially in unity mode, it's faster
and probably more familiar for most. It's also easily portable.
(`Makefile.mk` was also portable, but in practice only usable for
Windows. Other platforms required a manual config header.)
Also:
- migrate `LIBSSH2_NO_*` option CI tests to CMake.
- make MSYS2 CMake builds verbose to show compilation options.
Closes #1204
commit bfa00f1bd5abce93cd95055c8b71791816b3c655
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Nov 6 12:18:25 2023 +0000
tidy-up: around `stdint.h`
- os400: delete unused `HAVE_STDINT_H`.
- fuzz: delete redundant `stdint.h` use.
`inttypes.h` is already included via `testinput.h`.
- docs/TODO: adjust type in planned function.
Closes #1212
commit 20387285d300c74160f655b72ad5d762ee56166b
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Nov 6 00:41:17 2023 +0000
cmake: show crypto backend in feature summary
This was visible as an enabled package before this patch, but it missed
to show WinCNG.
Closes #1211
commit a3ffc4221d7ed4619c1e5e4557287204868e443b
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Nov 3 11:04:22 2023 +0000
man: fix double spaces and dash escaping
- `- ` -> `- `
- `. ` -> `. `
- `\- ` -> `- `
- `-1` -> `\-1`
- fold long lines along the way
This makes the minus sign come out as a Unicode minus sign
(0x2212), and title separator dashes as Unicode hyphen (0x2010),
with `groff -Tutf8` v1.23.0.
Ref: https://lwn.net/Articles/947941/
Closes #1210
commit 8cca7b77527861395de6278b27fa825df3b5b835
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Oct 31 22:41:05 2023 +0000
src: fix gcc 13 `-Wconversion` warning on Darwin
```
src/session.c: In function 'libssh2_poll':
src/session.c:1776:22: warning: conversion from 'long int' to '__darwin_suseconds_t' {aka 'int'} may change value [-Wconversion]
1776 | tv.tv_usec = (timeout_remaining % 1000) * 1000;
| ^
```
Ref: https://github.com/curl/curl-for-win/actions/runs/6711735060/job/18239768548#step:3:4368
Follow-up to 08354e0abbe86d4cc5088d210d53531be6d8981a
Closes #1209
commit bf285500e603b77229bbaf9a87fe7f724bb5ffaa
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Oct 30 17:42:32 2023 +0000
openssl: silence `-Wunused-value` warnings
Seen with gcc 12.
Manual: https://www.openssl.org/docs/man3.1/man3/BIO_reset.html
```
./quictls/linux-a64-musl/usr/include/openssl/bio.h:555:34: warning: value computed is not used [-Wunused-value]
555 | # define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./libssh2/src/openssl.c:3518:5: note: in expansion of macro 'BIO_reset'
./libssh2/src/openssl.c:3884:5: note: in expansion of macro 'BIO_reset'
./libssh2/src/openssl.c:3995:5: note: in expansion of macro 'BIO_reset'
```
Ref: https://github.com/curl/curl-for-win/actions/runs/6696392318/job/18194032712#step:3:5060
Closes #1205
commit f64e6318f031a15d7e727d6f4864a3d2e973aab0
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Oct 30 11:23:47 2023 +0000
Makefile.am: fix `cp` to preserve attributes and timestamp
commit fc00bdd7f195fc6511d18d11cad2801b56c5549e
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Oct 7 15:32:39 2023 +0000
cmake: simplify showing CMake version
Move it to `CMakeLists.txt`. Drop `cmake --version` commands.
Credit to the `zlib-ng` project for the idea:
https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078bd1399/CMakeLists.txt#L7
Closes #1203
commit 5e19044282c219ddb1fedddd8eaba0b4c0256a95
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Oct 7 09:19:49 2023 +0000
ci: mbedtls 3.5.0
v3.5.0 needs extra compiler option for i386 to avoid:
```
#error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
```
Closes #1202
commit 2cd2f40e37ab7e3880bc9504c6d7cda5a188fed7
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Oct 7 09:47:58 2023 +0000
tests: show cmake version used in integration tests
Closes #1201
commit a9a79e7a41f2c80b487ede854ffcad90a7634e7b
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Oct 3 13:46:01 2023 +0000
readme.vms: fix typo [ci skip]
Detected by codespell 2.2.6
commit 06fd721f08f058b3bb83fc5d0e1c50736b28cb26
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Sep 30 19:03:37 2023 +0000
appveyor: YAML/PowerShell formatting, shorten variable name
- use single-quotes in yaml and PowerShell.
- shorten a variable name.
- use indentation 2 for scripts.
- use C else-style in PowerShell.
Closes #1200
commit d468a33f620d56f2fc67ee98cd50b9039d2ecf6e
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Sep 30 14:58:51 2023 +0000
ci: update actions, use shallow clones with appveyor
- update GitHub Actions to their latest versions.
- use shallow git clones in AppVeyor CI to save data over the wire.
Closes #1199
commit 8a081fd98b015e4a5375bfec1c295e0b7e2e4e6c
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Sep 29 20:07:36 2023 +0000
appveyor: move to pure PowerShell
- replace batch commands with PowerShell.
- merge separate command entries into single PowerShell blocks.
Closes #1197
commit 6fbc9505d8a4179ab6a1d44c7df9bb9af6bdc9ba
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Sep 29 08:43:40 2023 +0000
windows: use built-in `_WIN32` macro to detect Windows
Instead of `WIN32`.
The compiler defines `_WIN32`. Windows SDK headers or build env defines
`WIN32`, or we have to take care of it. The agreement seems to be that
`_WIN32` is the preferred practice here.
Minor downside is that CMake uses `WIN32` and we also adopted it in
`Makefile.mk`.
In public libssh2 headers we stick with accepting either `_WIN32` or
`WIN32` and define our own namespaced `LIBSSH2_WIN32` based on them.
grepping for `WIN32` remains useful to detect Windows-specific code.
Closes #1195
commit 4c241d5c65c754141243bebdafa900472b23b68f
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Sep 29 09:27:34 2023 +0000
cmake: cleanup mbedTLS version detection more
- lowercase, underscored local variables.
- fix `find_library()` to use the multiple names passed.
- rely more on `find_package_handle_standard_args()`.
Logic based on our `Findwolfssl.cmake`.
- delete ignored/unused `MBEDTLS_LIBRARY_DIR`.
- revert CI configuration to use `MBEDCRTYPO_LIBRARY`.
- clarify inputs/outputs in comment header.
- use variable for regex.
- formatting.
Follow-up to 41594675072c578294674230d4cf5f47fa828778 #1192
Closes #1196
commit 30eef0a630ab3cc408f06d9b32fa19f647008df7
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Sep 28 18:32:37 2023 +0000
cmake: delete duplicate `include()`
commit 41594675072c578294674230d4cf5f47fa828778
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Sep 28 13:09:36 2023 +0000
cmake: improve/fix mbedTLS detection
- libssh2 needs the crypto lib only, stop dealing with the rest.
- simplify logic.
- drop hard-wired toolchain specific options that broke with e.g. MSVC.
Reported by: AR Visions
Fixes #1191
- add mbedTLS version detection for recent releases.
- merge custom detection results display into a single line.
- shorten mbedTLS configuration in macOS CI job.
Used the curl mbedTLS detection logic for ideas:
https://github.com/curl/curl/blob/a8c773845f4fdbfb09b08a6ec4b656c812568995/CMake/FindMbedTLS.cmake
Closes #1192
commit 67e39091b2fa3b87e22895cdbdeda20e4b2403b1
Author: concussious <79338398+concussious@users.noreply.github.com>
Date: Sat Sep 23 19:00:14 2023 -0400
libssh2_session_get_blocking.3: Add description (#1185)
commit 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Sep 21 08:14:38 2023 +0000
autotools: fix selecting wincng in cross-builds (and more)
- Fix explicitly selecting WinCNG in autotools cross-builds by moving
`windows.h` header check before the WinCNG availability check.
Follow-up to d43b8d9b0b9cd62668459fe5d582ed83aabf77e7
Reported-by: Jack L
Fixes #1186
- Add Linux -> mingw-w64 cross-builds for autotools and CMake. This
doesn't detect #1186, because that happened when explicitly specifying
WinCNG via `--with-crypto=wincng`, but not when falling back to WinCNG
by default.
- autotools: fix to strip suffix from gcc version
Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu
may return `n-win32` (also with `-dumpfullversion`). Causing these
errors and failing to enable picky warnings:
```
../configure: line 23845: test: : integer expression expected
```
Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143
Fix that by stripping any dash-suffix.
gcc version detection is still half broken because we translate '10'
to '10.10' because `cut -d. -f2` returns the first word if the
delimiter missing.
More possible `-dumpversion` output: `10-posix`, `10-win32`,
`9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0`
Ref: https://github.com/mamedev/mame/pull/9767
Closes #1187
commit 88a960a86b9ffbabd17a4bbcf767e26514c4678e
Author: Michael Buckley <michael@buckleyisms.com>
Date: Mon Aug 28 16:47:21 2023 -0700
Properly bounds check packet_authagent_open() (#1179)
* Properly bounds check packet_authagent_open
* packet.c: use strlen instead of sizeof for strings
* Make LIBSSH_CHANNEL's channel_type_len a size_t
* packet_authagent_open: use size_t for offset
Credit:
Michael Buckley, signed off by Will Cosgrove
commit a790d3784eca821aeaee0b5db54cbf037780676f
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 28 23:20:53 2023 +0000
os400qc3: move FIXME comment [ci skip]
Follow-up to eb9f9de2c19ec67d12a444cce34bdd059fd26ddc
commit eb9f9de2c19ec67d12a444cce34bdd059fd26ddc
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Aug 26 21:56:23 2023 +0000
md5: allow disabling old-style encrypted private keys at build-time
Before this patch, this happened at runtime when using an old (pre-3.0),
FIPS-enabled OpenSSL backend.
This patch makes it possible to disable this via the build-time option
`LIBSSH2_NO_MD5_PEM`.
Also:
- make sure to exclude all MD5 internal APIs when both the above and
`LIBSSH2_NO_MD5` are enabled.
- fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM`
and `LIBSSH2_NO_3DES`.
- add FIXME to apply this change to `os400qc3.*`.
Old-style encrypted private keys require MD5 and they look like this:
```
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<MD5-hex>
<base64>
-----END RSA PRIVATE KEY-----
```
E.g.: `tests/key_rsa_encrypted`
Ref: https://github.com/libssh2/www/issues/20
Closes #1181
commit 4a64ca14302e5105c168de3f8f6cc0cbe27e4020
Author: Viktor Szakats <commit@vsz.me>
Date: Sat Aug 26 09:48:34 2023 +0000
cmake: tidy-up `foreach()` syntax
Use `IN LISTS` and `IN ITEMS`. This appears to be the preferred way
within CMake's own source code and possibly improves readability.
Fixup a side-effect of `IN LISTS`, where it retains empty values at
the end of the list, as opposed to the syntax used before, which
dropped it. In our case this happened with lines read from a text
file via `file(READ)`.
https://cmake.org/cmake/help/v3.7/command/foreach.html
Closes #1180
commit 5754fed68644363cb25220fcf3dc86b5c376aa60
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 21:12:25 2023 +0000
ci: replace `mv` + `chmod` with `install` in `Dockerfile`
Cherry-picked from #1175
Closes #1175
commit 633db55f50f79f5cb08d4a7f73d57f2ca57958f1
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 20:56:50 2023 +0000
ci: set file mode early in `appveyor_docker.yml`
Also:
- replace tab with spaces in generated config file
- formatting
Cherry-picked from #1175
commit a79218d3a058a333bb9de14079548a3511679a04
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Aug 20 08:26:55 2023 +0000
ci: add spellcheck (codespell)
Also rename a variable in `src/os400qc3.c` to avoid a false positive.
Cherry-picked from #1175
commit a20572e9afbe53c04c84105327de68d39528ce53
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Aug 22 16:43:16 2023 +0000
cmake: also test for `libssh2_VERSION`
Cherry-picked from #1175
commit 87f5769b5158a81f7a21263b507e069b48f093c2
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 21 21:27:31 2023 +0000
cmake: show cmake versions in ci
Cherry-picked from #1175
commit e61987a3bf5b0ba40357cd769e5a16c5257724fd
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 20:56:02 2023 +0000
tests: formatting and tidy-ups
- Dockerfile: use standard sep with `sed`
- Dockerfile: use single quotes in shell command
- appveyor.yml: use long-form option with `choco`
- tests/cmake: add language to test project
- reuse.yml: fix indentation
```
$ yamllint reuse.yml
reuse.yml
[...]
11:5 error wrong indentation: expected 6 but found 4 (indentation)
15:5 error wrong indentation: expected 6 but found 4 (indentation)
[...]
27:5 error wrong indentation: expected 6 but found 4 (indentation)
```
Cherry-picked from #1175
commit 1676a178140b0c755493af78899f6d4a10b466e8
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 20:55:37 2023 +0000
openssl.c: whitespace fixes
Cherry-picked from #1175
commit a95d401f1f1fef0ac342ca1c0c23586d39999b15
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Aug 20 00:24:59 2023 +0000
checksrc: fix spelling in comment [ci skip]
commit e9c7d3afa0bdf3a004846324213df938b94343b2
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 13:20:03 2023 +0000
cmake: quote more strings
Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1
Closes #1173
commit 6e3e883994eb34ecdf43c373cfac2700101a82bd
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 18 11:05:52 2023 +0000
drop `www.` from `www.libssh2.org`
<https://www.libssh2.org/*> is now a 301 permanent redirect to
<https://libssh2.org/*>.
Update all references to point directly to the new destination.
Ref: https://github.com/libssh2/www/commit/ccf4a7de7f702a8ee17e2c697bcbef47fcf485ed
Closes #1172
commit aeaefaf6cc5f832dd24d7c6301ea6b5ae6e11496
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Aug 17 23:02:35 2023 +0000
cmake: add `ExternalProject` integration test
- via `ExternalProject_Add()`:
https://cmake.org/cmake/help/latest/module/ExternalProject.html
(as documented in `docs/INSTALL_CMAKE.md`)
- also make `FetchContent` fetch from local repo instead of live master.
Closes #1171
commit 8715c3d51b87ebe72c6eff7b1a71f4ce6c3afb9a
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Aug 16 13:22:30 2023 +0000
cmake: add integration tests
Add a small project to test dependent/downstream CMake build using
libssh2. Also added to the GHA CI, and you can also run it locally with
`tests/cmake/test.sh`.
Test three methods of integrating libssh2 into a project:
- via `find_package()`:
https://cmake.org/cmake/help/latest/command/find_package.html
- via `add_subdirectory()`:
https://cmake.org/cmake/help/latest/command/add_subdirectory.html
- via `FetchContent`:
https://cmake.org/cmake/help/latest/module/FetchContent.html
Closes #1170
commit 4ff64ae3ca14a04c6914c45c48476a061723a872
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Aug 16 06:38:22 2023 +0000
cmake: (re-)add aliases for `add_subdirectory()` builds
Add internal libssh2 library aliases to make these available for
downstream/dependent projects building libssh2 via `add_subdirectory()`:
- `libssh2:libssh2_static`
- `libssh2:libssh2_shared`
- `libssh2:libssh2` (shared, or static when not building shared)
- `libssh2` (shared, or static when not building shared)
Of these, `libssh2` was present in v1.10.0 and earlier releases, but
missing from v1.11.0.
Closes #1169
commit 8eade0c9b75dff36e7c55edde03887d95a5ec260
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Aug 16 06:36:10 2023 +0000
cmake: delete empty line [ci skip]
Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1
commit 6eda1ee4337a57cb92b831ff2647b914b52ff14a
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Aug 15 21:58:18 2023 +0000
cmake: reflect minimum version in docs [ci skip]
Follow-up to 9cd18f4578baa41dfca197f60557063cad12cd59
commit 3fa5282d6284efba62dc591697e6a687152bdcb1
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Aug 10 12:38:24 2023 +0000
cmake: style tidy up
- quote text literals to improve readability.
(exceptions: `FILES` items, `add_subdirectory` names, `find_package`
names, literal target names, version numbers, 0/1, built-in CMake
values and CMake keywords, list items in `cmake/max_warnings.cmake`)
- quote standalone variables that could break syntax on empty values.
- replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`.
- add missing mode to `message()` call.
- `TRUE`/`FALSE` → `ON`/`OFF`.
- add missing default value `OFF` to `option()` for clarity.
- unfold some lines.
- `INSTALL_CMAKE.md` fixes and updates. Show defaults.
Closes #1166
commit 186c1d6394a75e52ea3becd4c11a32aaa6002a52
Author: Viktor Szakats <commit@vsz.me>
Date: Tue Aug 15 01:36:48 2023 +0000
wincng: prefer `ULONG`/`DWORD` over `unsigned long`
To match with the types used by the `Crypt*()` (uses `DWORD`) and
`BCrypt*()` (uses `ULONG`) Windows APIs.
This patch doesn't change data width or signedness.
Closes #1165
commit 7bb669b52adbb1d3d4e239f77544824e83f74209
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 14 23:23:06 2023 +0000
wincng: tidy-ups
- make `_libssh2_wincng_key_sha_verify` static.
- prefer `unsigned long` over `size_t` in two static functions.
- prefer `ULONG` over `DWORD` to match `BCryptImportKeyPair()`
and `BCryptGenerateKeyPair()`.
- add a newline.
Closes #1164
commit d43b8d9b0b9cd62668459fe5d582ed83aabf77e7
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 14 21:57:18 2023 +0000
ci: add MSYS builds (autotools and cmake)
Use existing MSYS2 section and extend it with builds for the MSYS
environment with both autotools and cmake.
MSYS builds resemble Cygwin ones: The env is Unixy, where Windows
headers are all available but we don't use them.
Also:
- extend existing autotools logic for Cygwin to skip detecting
`windows.h` for MSYS targets too.
- require `windows.h` for the WinCNG backend in autotools. Before this
patch, autotools allowed selecting WinCNG on the Cygwin and MSYS
platforms, but the builds then fell apart due to the resulting mixed
Unixy + Windowsy environment. The general expectation for Cygwin/MSYS
builds is not to use the Windows API directly in them.
- stop manually selecting the `MSYS Makefiles` CMake generator for
MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but
it broke MSYS build which use `Unix Makefiles`. Deleting this setting
fixes all build flavours.
Closes #1162
commit 84912e2ed8a9e40016a1e0c381bacbba7cba52b5
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 14 23:07:21 2023 +0000
ci: cygwin job tidy-ups
`CMAKE_C_COMPILER=gcc` not necessary, delete it.
Follow-up to f1e96e733fefb495bc31b07f5c2a5845ff877c9c
Cherry-picked from #1163
Closes #1163
commit f1e96e733fefb495bc31b07f5c2a5845ff877c9c
Author: Viktor Szakats <commit@vsz.me>
Date: Mon Aug 14 21:22:00 2023 +0000
ci: add Cygwin builds (autotools and cmake)
To avoid builds picking up non-Cygwin components coming by default with
the CI machine, I used the solution recommended by Cygwin [1] and set
`PATH` manually. To avoid repeating this for each step, I merged steps
into a single one. Let us know if there is a more elegant way.
Cygwin's Github Action uses cleartext HTTP. We upgrade this to HTTPS.
autotools build seemed to take slightly longer than other jobs. To save
turnaround time I disabled building tests.
Cygwin package search: https://cygwin.com/cgi-bin2/package-grep.cgi
[1] https://github.com/cygwin/cygwin-install-action/tree/v4#path
Closes #1161
commit 5453fc8035b4aaad1a9bbfbeace4fac210fabde8
Author: Viktor Szakats <commit@vsz.me>
Date: Sun Aug 13 09:07:26 2023 +0000
cmake: add `LIB_NAME` variable
It holds the name `libssh2`. Mainly to document its uses, and also
syncing up with the same variable in libcurl.
Closes #1159
commit c705ff3f370582d4363f53826c4fcb23af7ec3b7
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 11 21:57:33 2023 +0000
cmake: add one missed `PROJECT_NAME` variable
Follow-up to 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c
Closes #1158
commit ae7d51085e9e4e8c0d0ca3ded9dd7956f6f7d645
Author: Viktor Szakats <commit@vsz.me>
Date: Fri Aug 11 17:09:27 2023 +0000
cmake: tidy-up concatenation in `CMAKE_MODULE_PATH`
Former solution was appending an empty element to the array if
`CMAKE_MODULE_PATH` was originally empty. The new syntax doesn't have
this side-effect.
There is no known issue caused by this. Fixing it for good measure.
Closes #1157
commit 1215aa5f46a603ce31e8b91b11ccd273a469350a
Author: Viktor Szakats <commit@vsz.me>
Date: Thu Aug 10 02:33:24 2023 +0000
ci: add mingw-w64 UWP build
Add a CI test for Windows UWP builds using mingw-w64. Before this patch
we had UWP builds tested with MSVC only.
Alike existing UWP jobs, it's not possible to run the binaries due to
the missing UWP runtime DLL:
https://github.com/libssh2/libssh2/actions/runs/5821297010/job/15783475118#step:11:42
We could install `winstorecompat-git` in the setup-msys2 step, but opted
to do it manually to avoid the overhead for every matrix job.
All this would work smoother with llvm-mingw, which features an UWP
toolchain prefix and provides all necessary implibs by default.
This also hit a CMake bug (with v3.26.4), where CMake gets confused and
sets up `windres.exe` to use the MSVC rc.exe-style command-line:
https://github.com/libssh2/libssh2/actions/runs/5819232677/job/15777236773#step:9:126
Notice that MS "sunset" UWP in 2021:
https://github.com/microsoft/WindowsAppSDK/discussions/1615
If this particular CI job turns out to be not worth the maintenance
burden or CPU time, or too much of a hack, feel free to delete it.
Ref: https://github.com/libssh2/libssh2/pull/1147#issuecomment-1670850890
Closes #1155
commit 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c
Author: Viktor Szakats <commit@vsz.me>
Date: Wed Aug 9 11:23:37 2023 +0000
cmake: replace `libssh2` literals with `PROJECT_NAME` variable
Where applicable.
This also makes it more obvious which `libssh2` uses were referring
to the pr…
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | golang.org/x/crypto | `v0.16.0` -> `v0.17.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | copilot:all ### GitHub Vulnerability Alerts #### [CVE-2023-48795](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8) ### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ### Mitigations To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. **Warning: To take effect, both the client and server must support this countermeasure.** As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available. ### Details The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario. The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers. For more details see [https://terrapin-attack.com](https://terrapin-attack.com). ### Impact This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario. --- ### Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) / [GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8) / [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402) <details> <summary>More information</summary> #### Details ##### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ##### Mitigations To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. **Warning: To take effect, both the client and server must support this countermeasure.** As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available. ##### Details The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario. The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers. For more details see [https://terrapin-attack.com](https://terrapin-attack.com). ##### Impact This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario. #### Severity - CVSS Score: 5.9 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N` #### References - [https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8) - [https://nvd.nist.gov/vuln/detail/CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) - [https://github.com/apache/mina-sshd/issues/445](https://togithub.com/apache/mina-sshd/issues/445) - [https://github.com/hierynomus/sshj/issues/916](https://togithub.com/hierynomus/sshj/issues/916) - [https://github.com/janmojzis/tinyssh/issues/81](https://togithub.com/janmojzis/tinyssh/issues/81) - [https://github.com/mwiede/jsch/issues/457](https://togithub.com/mwiede/jsch/issues/457) - [https://github.com/paramiko/paramiko/issues/2337](https://togithub.com/paramiko/paramiko/issues/2337) - [https://github.com/proftpd/proftpd/issues/456](https://togithub.com/proftpd/proftpd/issues/456) - [https://github.com/NixOS/nixpkgs/pull/275249](https://togithub.com/NixOS/nixpkgs/pull/275249) - [https://github.com/libssh2/libssh2/pull/1291](https://togithub.com/libssh2/libssh2/pull/1291) - [https://github.com/mwiede/jsch/pull/461](https://togithub.com/mwiede/jsch/pull/461) - [https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0](https://togithub.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0) - [https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab](https://togithub.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab) - [https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://togithub.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d) - [https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5](https://togithub.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5) - [https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3](https://togithub.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3) - [https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951](https://togithub.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951) - [https://access.redhat.com/security/cve/cve-2023-48795](https://access.redhat.com/security/cve/cve-2023-48795) - [https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/](https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/) - [https://bugs.gentoo.org/920280](https://bugs.gentoo.org/920280) - [https://bugzilla.redhat.com/show_bug.cgi?id=2254210](https://bugzilla.redhat.com/show_bug.cgi?id=2254210) - [https://bugzilla.suse.com/show_bug.cgi?id=1217950](https://bugzilla.suse.com/show_bug.cgi?id=1217950) - [https://crates.io/crates/thrussh/versions](https://crates.io/crates/thrussh/versions) - [https://forum.netgate.com/topic/184941/terrapin-ssh-attack](https://forum.netgate.com/topic/184941/terrapin-ssh-attack) - [https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6](https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6) - [https://github.com/TeraTermProject/teraterm/releases/tag/v5.1](https://togithub.com/TeraTermProject/teraterm/releases/tag/v5.1) - [https://github.com/advisories/GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8) - [https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22](https://togithub.com/connectbot/sshlib/compare/2.2.21...2.2.22) - [https://github.com/drakkan/sftpgo/releases/tag/v2.5.6](https://togithub.com/drakkan/sftpgo/releases/tag/v2.5.6) - [https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42](https://togithub.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42) - [https://github.com/erlang/otp/releases/tag/OTP-26.2.1](https://togithub.com/erlang/otp/releases/tag/OTP-26.2.1) - [https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25](https://togithub.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25) - [https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15](https://togithub.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15) - [https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16](https://togithub.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16) - [https://github.com/openssh/openssh-portable/commits/master](https://togithub.com/openssh/openssh-portable/commits/master) - [https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES) - [https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES) - [https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/master/RELEASE_NOTES) - [https://github.com/rapier1/hpn-ssh/releases](https://togithub.com/rapier1/hpn-ssh/releases) - [https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst](https://togithub.com/ronf/asyncssh/blob/develop/docs/changes.rst) - [https://github.com/ronf/asyncssh/tags](https://togithub.com/ronf/asyncssh/tags) - [https://github.com/warp-tech/russh](https://togithub.com/warp-tech/russh) - [https://github.com/warp-tech/russh/releases/tag/v0.40.2](https://togithub.com/warp-tech/russh/releases/tag/v0.40.2) - [https://gitlab.com/libssh/libssh-mirror/-/tags](https://gitlab.com/libssh/libssh-mirror/-/tags) - [https://go.dev/cl/550715](https://go.dev/cl/550715) - [https://go.dev/issue/64784](https://go.dev/issue/64784) - [https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ](https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ) - [https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg) - [https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/](https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/) - [https://matt.ucc.asn.au/dropbear/CHANGES](https://matt.ucc.asn.au/dropbear/CHANGES) - [https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC](https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC) - [https://news.ycombinator.com/item?id=38684904](https://news.ycombinator.com/item?id=38684904) - [https://news.ycombinator.com/item?id=38685286](https://news.ycombinator.com/item?id=38685286) - [https://oryx-embedded.com/download/#changelog](https://oryx-embedded.com/download/#changelog) - [https://security-tracker.debian.org/tracker/CVE-2023-48795](https://security-tracker.debian.org/tracker/CVE-2023-48795) - [https://security-tracker.debian.org/tracker/source-package/libssh2](https://security-tracker.debian.org/tracker/source-package/libssh2) - [https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg](https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg) - [https://security-tracker.debian.org/tracker/source-package/trilead-ssh2](https://security-tracker.debian.org/tracker/source-package/trilead-ssh2) - [https://thorntech.com/cve-2023-48795-and-sftp-gateway/](https://thorntech.com/cve-2023-48795-and-sftp-gateway/) - [https://twitter.com/TrueSkrillor/status/1736774389725565005](https://twitter.com/TrueSkrillor/status/1736774389725565005) - [https://ubuntu.com/security/CVE-2023-48795](https://ubuntu.com/security/CVE-2023-48795) - [https://www.bitvise.com/ssh-server-version-history](https://www.bitvise.com/ssh-server-version-history) - [https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html](https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html) - [https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update](https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update) - [https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc](https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc) - [https://www.netsarang.com/en/xshell-update-history/](https://www.netsarang.com/en/xshell-update-history/) - [https://www.openssh.com/openbsd.html](https://www.openssh.com/openbsd.html) - [https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6) - [https://www.openwall.com/lists/oss-security/2023/12/18/2](https://www.openwall.com/lists/oss-security/2023/12/18/2) - [https://www.openwall.com/lists/oss-security/2023/12/20/3](https://www.openwall.com/lists/oss-security/2023/12/20/3) - [https://www.paramiko.org/changelog.html](https://www.paramiko.org/changelog.html) - [https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/](https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/) - [https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/](https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/) - [https://www.terrapin-attack.com](https://www.terrapin-attack.com) - [http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html](http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html) - [http://www.openwall.com/lists/oss-security/2023/12/18/3](http://www.openwall.com/lists/oss-security/2023/12/18/3) - [http://www.openwall.com/lists/oss-security/2023/12/19/5](http://www.openwall.com/lists/oss-security/2023/12/19/5) - [http://www.openwall.com/lists/oss-security/2023/12/20/3](http://www.openwall.com/lists/oss-security/2023/12/20/3) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-45x7-px36-x8w8) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) / [GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8) / [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402) <details> <summary>More information</summary> #### Details A protocol weakness allows a MITM attacker to compromise the integrity of the secure channel before it is established, allowing the attacker to prevent transmission of a number of messages immediately after the secure channel is established without either side being aware. The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful of newer security features. This protocol weakness was also fixed in OpenSSH 9.6. #### Severity Unknown #### References - [https://go.dev/issue/64784](https://go.dev/issue/64784) - [https://go.dev/cl/550715](https://go.dev/cl/550715) - [https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://togithub.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d) - [https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg) - [https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2023-2402) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/sheldonhull/az-pr). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
|
It looks like this change is "always on", and no special option is needed to be set to turn it on. Am I right? Thanks for all the hard work on libssh2 by the way! |
|
This change is always on, but dependent on both the client and the server
implementing the protocol extension. If libssh2 connects to a server that
does not implement the protocol extension, libssh2 will not use the
mitigation.
But in terms of code, there is nothing special you need to do to enable the
mitigation.
…On Thu, Dec 28, 2023 at 11:06 PM Jörgen Sigvardsson < ***@***.***> wrote:
It looks like this change is "always on", and no special option is needed
to be set to turn it on. Am I right?
Thanks for all the hard work on libssh2 by the way!
—
Reply to this email directly, view it on GitHub
<#1291 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAMJTDRGTT5E6Y7DJYICATYLZTX3AVCNFSM6AAAAABA2FBD2OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZRG44TQNBYGM>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | golang.org/x/crypto | `v0.14.0` -> `v0.17.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-48795](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8) ### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ### Mitigations To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. **Warning: To take effect, both the client and server must support this countermeasure.** As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available. ### Details The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario. The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers. For more details see [https://terrapin-attack.com](https://terrapin-attack.com). ### Impact This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario. --- ### Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) / [GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8) / [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402) <details> <summary>More information</summary> #### Details A protocol weakness allows a MITM attacker to compromise the integrity of the secure channel before it is established, allowing the attacker to prevent transmission of a number of messages immediately after the secure channel is established without either side being aware. The impact of this attack is relatively limited, as it does not compromise confidentiality of the channel. Notably this attack would allow an attacker to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a handful of newer security features. This protocol weakness was also fixed in OpenSSH 9.6. #### Severity Unknown #### References - [https://go.dev/issue/64784](https://go.dev/issue/64784) - [https://go.dev/cl/550715](https://go.dev/cl/550715) - [https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://togithub.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d) - [https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg) - [https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2023-2402) and the [Go Vulnerability Database](https://togithub.com/golang/vulndb) ([CC-BY 4.0](https://togithub.com/golang/vulndb#license)). </details> --- ### Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) / [GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8) / [GO-2023-2402](https://pkg.go.dev/vuln/GO-2023-2402) <details> <summary>More information</summary> #### Details ##### Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server at the beginning of the secure channel without the client or server noticing it. ##### Mitigations To mitigate this protocol vulnerability, OpenSSH suggested a so-called "strict kex" which alters the SSH handshake to ensure a Man-in-the-Middle attacker cannot introduce unauthenticated messages as well as convey sequence number manipulation across handshakes. **Warning: To take effect, both the client and server must support this countermeasure.** As a stop-gap measure, peers may also (temporarily) disable the affected algorithms and use unaffected alternatives like AES-GCM instead until patches are available. ##### Details The SSH specifications of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com MACs) are vulnerable against an arbitrary prefix truncation attack (a.k.a. Terrapin attack). This allows for an extension negotiation downgrade by stripping the SSH_MSG_EXT_INFO sent after the first message after SSH_MSG_NEWKEYS, downgrading security, and disabling attack countermeasures in some versions of OpenSSH. When targeting Encrypt-then-MAC, this attack requires the use of a CBC cipher to be practically exploitable due to the internal workings of the cipher mode. Additionally, this novel attack technique can be used to exploit previously unexploitable implementation flaws in a Man-in-the-Middle scenario. The attack works by an attacker injecting an arbitrary number of SSH_MSG_IGNORE messages during the initial key exchange and consequently removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH_MSG_IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. In the case of ChaCha20-Poly1305, the attack is guaranteed to work on every connection as this cipher does not maintain an internal state other than the message's sequence number. In the case of Encrypt-Then-MAC, practical exploitation requires the use of a CBC cipher; while theoretical integrity is broken for all ciphers when using this mode, message processing will fail at the application layer for CTR and stream ciphers. For more details see [https://terrapin-attack.com](https://terrapin-attack.com). ##### Impact This attack targets the specification of ChaCha20-Poly1305 (chacha20-poly1305@​openssh.com) and Encrypt-then-MAC (*-etm@openssh.com), which are widely adopted by well-known SSH implementations and can be considered de-facto standard. These algorithms can be practically exploited; however, in the case of Encrypt-Then-MAC, we additionally require the use of a CBC cipher. As a consequence, this attack works against all well-behaving SSH implementations supporting either of those algorithms and can be used to downgrade (but not fully strip) connection security in case SSH extension negotiation (RFC8308) is supported. The attack may also enable attackers to exploit certain implementation flaws in a man-in-the-middle (MitM) scenario. #### Severity - CVSS Score: 5.9 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N` #### References - [https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8](https://togithub.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8) - [https://nvd.nist.gov/vuln/detail/CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) - [https://github.com/PowerShell/Win32-OpenSSH/issues/2189](https://togithub.com/PowerShell/Win32-OpenSSH/issues/2189) - [https://github.com/apache/mina-sshd/issues/445](https://togithub.com/apache/mina-sshd/issues/445) - [https://github.com/cyd01/KiTTY/issues/520](https://togithub.com/cyd01/KiTTY/issues/520) - [https://github.com/hierynomus/sshj/issues/916](https://togithub.com/hierynomus/sshj/issues/916) - [https://github.com/janmojzis/tinyssh/issues/81](https://togithub.com/janmojzis/tinyssh/issues/81) - [https://github.com/mwiede/jsch/issues/457](https://togithub.com/mwiede/jsch/issues/457) - [https://github.com/paramiko/paramiko/issues/2337](https://togithub.com/paramiko/paramiko/issues/2337) - [https://github.com/proftpd/proftpd/issues/456](https://togithub.com/proftpd/proftpd/issues/456) - [https://github.com/ssh-mitm/ssh-mitm/issues/165](https://togithub.com/ssh-mitm/ssh-mitm/issues/165) - [https://github.com/NixOS/nixpkgs/pull/275249](https://togithub.com/NixOS/nixpkgs/pull/275249) - [https://github.com/libssh2/libssh2/pull/1291](https://togithub.com/libssh2/libssh2/pull/1291) - [https://github.com/mwiede/jsch/pull/461](https://togithub.com/mwiede/jsch/pull/461) - [https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0](https://togithub.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0) - [https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab](https://togithub.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab) - [https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d](https://togithub.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d) - [https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5](https://togithub.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5) - [https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3](https://togithub.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3) - [https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951](https://togithub.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951) - [https://access.redhat.com/security/cve/cve-2023-48795](https://access.redhat.com/security/cve/cve-2023-48795) - [https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/](https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/) - [https://bugs.gentoo.org/920280](https://bugs.gentoo.org/920280) - [https://bugzilla.redhat.com/show_bug.cgi?id=2254210](https://bugzilla.redhat.com/show_bug.cgi?id=2254210) - [https://bugzilla.suse.com/show_bug.cgi?id=1217950](https://bugzilla.suse.com/show_bug.cgi?id=1217950) - [https://crates.io/crates/thrussh/versions](https://crates.io/crates/thrussh/versions) - [https://filezilla-project.org/versions.php](https://filezilla-project.org/versions.php) - [https://forum.netgate.com/topic/184941/terrapin-ssh-attack](https://forum.netgate.com/topic/184941/terrapin-ssh-attack) - [https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6](https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6) - [https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta](https://togithub.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta) - [https://github.com/TeraTermProject/teraterm/releases/tag/v5.1](https://togithub.com/TeraTermProject/teraterm/releases/tag/v5.1) - [https://github.com/advisories/GHSA-45x7-px36-x8w8](https://togithub.com/advisories/GHSA-45x7-px36-x8w8) - [https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22](https://togithub.com/connectbot/sshlib/compare/2.2.21...2.2.22) - [https://github.com/drakkan/sftpgo/releases/tag/v2.5.6](https://togithub.com/drakkan/sftpgo/releases/tag/v2.5.6) - [https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42](https://togithub.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42) - [https://github.com/erlang/otp/releases/tag/OTP-26.2.1](https://togithub.com/erlang/otp/releases/tag/OTP-26.2.1) - [https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25](https://togithub.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25) - [https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15](https://togithub.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15) - [https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16](https://togithub.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16) - [https://github.com/openssh/openssh-portable/commits/master](https://togithub.com/openssh/openssh-portable/commits/master) - [https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES) - [https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES) - [https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES](https://togithub.com/proftpd/proftpd/blob/master/RELEASE_NOTES) - [https://github.com/rapier1/hpn-ssh/releases](https://togithub.com/rapier1/hpn-ssh/releases) - [https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst](https://togithub.com/ronf/asyncssh/blob/develop/docs/changes.rst) - [https://github.com/ronf/asyncssh/tags](https://togithub.com/ronf/asyncssh/tags) - [https://github.com/warp-tech/russh](https://togithub.com/warp-tech/russh) - [https://github.com/warp-tech/russh/releases/tag/v0.40.2](https://togithub.com/warp-tech/russh/releases/tag/v0.40.2) - [https://gitlab.com/libssh/libssh-mirror/-/tags](https://gitlab.com/libssh/libssh-mirror/-/tags) - [https://go.dev/cl/550715](https://go.dev/cl/550715) - [https://go.dev/issue/64784](https://go.dev/issue/64784) - [https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ](https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ) - [https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg](https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg) - [https://help.panic.com/releasenotes/transmit5/](https://help.panic.com/releasenotes/transmit5/) - [https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/](https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/) - [https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html](https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/) - [https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/](https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/) - [https://matt.ucc.asn.au/dropbear/CHANGES](https://matt.ucc.asn.au/dropbear/CHANGES) - [https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC](https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC) - [https://news.ycombinator.com/item?id=38684904](https://news.ycombinator.com/item?id=38684904) - [https://news.ycombinator.com/item?id=38685286](https://news.ycombinator.com/item?id=38685286) - [https://news.ycombinator.com/item?id=38732005](https://news.ycombinator.com/item?id=38732005) - [https://nova.app/releases/#v11.8](https://nova.app/releases/#v11.8) - [https://oryx-embedded.com/download/#changelog](https://oryx-embedded.com/download/#changelog) - [https://roumenpetrov.info/secsh/#news20231220](https://roumenpetrov.info/secsh/#news20231220) - [https://security-tracker.debian.org/tracker/CVE-2023-48795](https://security-tracker.debian.org/tracker/CVE-2023-48795) - [https://security-tracker.debian.org/tracker/source-package/libssh2](https://security-tracker.debian.org/tracker/source-package/libssh2) - [https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg](https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg) - [https://security-tracker.debian.org/tracker/source-package/trilead-ssh2](https://security-tracker.debian.org/tracker/source-package/trilead-ssh2) - [https://security.gentoo.org/glsa/202312-16](https://security.gentoo.org/glsa/202312-16) - [https://security.gentoo.org/glsa/202312-17](https://security.gentoo.org/glsa/202312-17) - [https://security.netapp.com/advisory/ntap-20240105-0004/](https://security.netapp.com/advisory/ntap-20240105-0004/) - [https://thorntech.com/cve-2023-48795-and-sftp-gateway/](https://thorntech.com/cve-2023-48795-and-sftp-gateway/) - [https://twitter.com/TrueSkrillor/status/1736774389725565005](https://twitter.com/TrueSkrillor/status/1736774389725565005) - [https://ubuntu.com/security/CVE-2023-48795](https://ubuntu.com/security/CVE-2023-48795) - [https://winscp.net/eng/docs/history#6.2.2](https://winscp.net/eng/docs/history#6.2.2) - [https://www.bitvise.com/ssh-client-version-history#933](https://www.bitvise.com/ssh-client-version-history#933) - [https://www.bitvise.com/ssh-server-version-history](https://www.bitvise.com/ssh-server-version-history) - [https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html](https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html) - [https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update](https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update) - [https://www.debian.org/security/2023/dsa-5586](https://www.debian.org/security/2023/dsa-5586) - [https://www.debian.org/security/2023/dsa-5588](https://www.debian.org/security/2023/dsa-5588) - [https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc](https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc) - [https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508](https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508) - [https://www.netsarang.com/en/xshell-update-history/](https://www.netsarang.com/en/xshell-update-history/) - [https://www.openssh.com/openbsd.html](https://www.openssh.com/openbsd.html) - [https://www.openssh.com/txt/release-9.6](https://www.openssh.com/txt/release-9.6) - [https://www.openwall.com/lists/oss-security/2023/12/18/2](https://www.openwall.com/lists/oss-security/2023/12/18/2) - [https://www.openwall.com/lists/oss-security/2023/12/20/3](https://www.openwall.com/lists/oss-security/2023/12/20/3) - [https://www.paramiko.org/changelog.html](https://www.paramiko.org/changelog.html) - [https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/](https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/) - [https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/](https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/) - [https://www.terrapin-attack.com](https://www.terrapin-attack.com) - [https://www.theregister.com/2023/12/20/terrapin_attack_ssh](https://www.theregister.com/2023/12/20/terrapin_attack_ssh) - [https://www.vandyke.com/products/securecrt/history.txt](https://www.vandyke.com/products/securecrt/history.txt) - [http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html](http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html) - [http://www.openwall.com/lists/oss-security/2023/12/18/3](http://www.openwall.com/lists/oss-security/2023/12/18/3) - [http://www.openwall.com/lists/oss-security/2023/12/19/5](http://www.openwall.com/lists/oss-security/2023/12/19/5) - [http://www.openwall.com/lists/oss-security/2023/12/20/3](http://www.openwall.com/lists/oss-security/2023/12/20/3) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-45x7-px36-x8w8) and the [GitHub Advisory Database](https://togithub.com/github/advisory-database) ([CC-BY 4.0](https://togithub.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41Mi4wIiwidXBkYXRlZEluVmVyIjoiMzcuMTA4LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: mend-for-github-com[bot] <50673670+mend-for-github-com[bot]@users.noreply.github.com>
Refs:
https://terrapin-attack.com/
https://seclists.org/oss-sec/2023/q4/292
https://osv.dev/list?ecosystem=&q=CVE-2023-48795
GHSA-45x7-px36-x8w8
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
Fixes #1290
Closes #1291