diff --git a/package.json b/package.json index 8546739c86..9f06e2c002 100644 --- a/package.json +++ b/package.json @@ -55,7 +55,7 @@ "mocha": "~2.3.4" }, "vendorDependencies": { - "libssh2": "1.6.0", + "libssh2": "1.7.0", "http_parser": "2.5.0" }, "binary": { diff --git a/vendor/libssh2/1.4.3 b/vendor/libssh2/1.4.3 deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/vendor/libssh2/CMakeLists.txt b/vendor/libssh2/CMakeLists.txt new file mode 100644 index 0000000000..dc585cd4d5 --- /dev/null +++ b/vendor/libssh2/CMakeLists.txt @@ -0,0 +1,101 @@ +# Copyright (c) 2014, 2015 Alexander Lamaison +# +# Redistribution and use in source and binary forms, +# with or without modification, are permitted provided +# that the following conditions are met: +# +# Redistributions of source code must retain the above +# copyright notice, this list of conditions and the +# following disclaimer. +# +# Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. +# +# Neither the name of the copyright holder nor the names +# of any other contributors may be used to endorse or +# promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND +# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY +# OF SUCH DAMAGE. + +cmake_minimum_required(VERSION 2.8.11) + +set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake) + +project(libssh2 C) +set(PROJECT_URL "https://www.libssh2.org/") +set(PROJECT_DESCRIPTION "The SSH library") + +option(BUILD_SHARED_LIBS "Build Shared Libraries" OFF) + +# Parse version + +file(READ ${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h _HEADER_CONTENTS) +string( + REGEX REPLACE ".*#define LIBSSH2_VERSION[ \t]+\"([^\"]+)\".*" "\\1" + LIBSSH2_VERSION "${_HEADER_CONTENTS}") +string( + REGEX REPLACE ".*#define LIBSSH2_VERSION_MAJOR[ \t]+([0-9]+).*" "\\1" + LIBSSH2_VERSION_MAJOR "${_HEADER_CONTENTS}") +string( + REGEX REPLACE ".*#define LIBSSH2_VERSION_MINOR[ \t]+([0-9]+).*" "\\1" + LIBSSH2_VERSION_MINOR "${_HEADER_CONTENTS}") +string( + REGEX REPLACE ".*#define LIBSSH2_VERSION_PATCH[ \t]+([0-9]+).*" "\\1" + LIBSSH2_VERSION_PATCH "${_HEADER_CONTENTS}") + +if(NOT LIBSSH2_VERSION OR + NOT LIBSSH2_VERSION_MAJOR MATCHES "^[0-9]+$" OR + NOT LIBSSH2_VERSION_MINOR MATCHES "^[0-9]+$" OR + NOT LIBSSH2_VERSION_PATCH MATCHES "^[0-9]+$") + message( + FATAL_ERROR + "Unable to parse version from" + "${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h") +endif() + +include(GNUInstallDirs) +install( + FILES docs/AUTHORS COPYING docs/HACKING README RELEASE-NOTES NEWS + DESTINATION ${CMAKE_INSTALL_DOCDIR}) + +include(max_warnings) +include(FeatureSummary) + +add_subdirectory(src) + +option(BUILD_EXAMPLES "Build libssh2 examples" ON) +if(BUILD_EXAMPLES) + add_subdirectory(example) +endif() + +option(BUILD_TESTING "Build libssh2 test suite" ON) +if(BUILD_TESTING) + enable_testing() + add_subdirectory(tests) +endif() + +add_subdirectory(docs) + +feature_summary(WHAT ALL) + +set(CPACK_PACKAGE_VERSION_MAJOR ${LIBSSH2_VERSION_MAJOR}) +set(CPACK_PACKAGE_VERSION_MINOR ${LIBSSH2_VERSION_MINOR}) +set(CPACK_PACKAGE_VERSION_PATCH ${LIBSSH2_VERSION_PATCH}) +set(CPACK_PACKAGE_VERSION ${LIBSSH2_VERSION}) +include(CPack) diff --git a/vendor/libssh2/COPYING b/vendor/libssh2/COPYING index 1bd78c9cbb..f2ca94772e 100644 --- a/vendor/libssh2/COPYING +++ b/vendor/libssh2/COPYING @@ -2,7 +2,7 @@ * Copyright (c) 2005,2006 Mikhail Gusarov * Copyright (c) 2006-2007 The Written Word, Inc. * Copyright (c) 2007 Eli Fant - * Copyright (c) 2009 Daniel Stenberg + * Copyright (c) 2009-2014 Daniel Stenberg * Copyright (C) 2008, 2009 Simon Josefsson * All rights reserved. * diff --git a/vendor/libssh2/Makefile.OpenSSL.inc b/vendor/libssh2/Makefile.OpenSSL.inc new file mode 100644 index 0000000000..76f3e85cad --- /dev/null +++ b/vendor/libssh2/Makefile.OpenSSL.inc @@ -0,0 +1,2 @@ +CRYPTO_CSOURCES = openssl.c +CRYPTO_HHEADERS = openssl.h diff --git a/vendor/libssh2/Makefile.WinCNG.inc b/vendor/libssh2/Makefile.WinCNG.inc new file mode 100644 index 0000000000..c18350eedf --- /dev/null +++ b/vendor/libssh2/Makefile.WinCNG.inc @@ -0,0 +1,2 @@ +CRYPTO_CSOURCES = wincng.c +CRYPTO_HHEADERS = wincng.h diff --git a/vendor/libssh2/Makefile.am b/vendor/libssh2/Makefile.am index 023200d0e5..761733e734 100644 --- a/vendor/libssh2/Makefile.am +++ b/vendor/libssh2/Makefile.am @@ -32,8 +32,20 @@ win32/libssh2_config.h win32/config.mk win32/rules.mk \ win32/Makefile.Watcom win32/libssh2.dsw win32/tests.dsp $(DSP) \ win32/msvcproj.head win32/msvcproj.foot win32/libssh2.rc -EXTRA_DIST = $(WIN32FILES) buildconf $(NETWAREFILES) get_ver.awk HACKING \ - maketgz NMakefile TODO RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath +OS400FILES = os400/README400 os400/initscript.sh os400/make.sh \ +os400/make-src.sh os400/make-rpg.sh os400/make-include.sh \ +os400/os400sys.c os400/ccsid.c \ +os400/libssh2_config.h os400/macros.h os400/libssh2_ccsid.h \ +os400/include/alloca.h os400/include/sys/socket.h os400/include/stdio.h \ +os400/libssh2rpg/libssh2.rpgle.in \ +os400/libssh2rpg/libssh2_ccsid.rpgle.in \ +os400/libssh2rpg/libssh2_publickey.rpgle \ +os400/libssh2rpg/libssh2_sftp.rpgle \ +Makefile.os400qc3.inc + +EXTRA_DIST = $(WIN32FILES) buildconf $(NETWAREFILES) get_ver.awk \ + maketgz NMakefile RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath \ + CMakeLists.txt cmake $(OS400FILES) ACLOCAL_AMFLAGS = -I m4 @@ -75,6 +87,9 @@ gen-coverage: coverage: init-coverage build-coverage gen-coverage # DSP/VCPROJ generation adapted from libcurl +# only OpenSSL and WinCNG are supported with this build system +CRYPTO_CSOURCES = openssl.c wincng.c +CRYPTO_HHEADERS = openssl.h wincng.h # Makefile.inc provides the CSOURCES and HHEADERS defines include Makefile.inc diff --git a/vendor/libssh2/Makefile.in b/vendor/libssh2/Makefile.in index 88efc530f8..624dfebd4a 100644 --- a/vendor/libssh2/Makefile.in +++ b/vendor/libssh2/Makefile.in @@ -1,9 +1,8 @@ -# Makefile.in generated by automake 1.11.6 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -17,23 +16,61 @@ VPATH = @srcdir@ -am__make_dryrun = \ - { \ - am__dry=no; \ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ - | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ - *) \ - for am__flg in $$MAKEFLAGS; do \ - case $$am__flg in \ - *=*|--*) ;; \ - *n*) am__dry=yes; break;; \ - esac; \ - done;; \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ - test $$am__dry = yes; \ - } + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -53,12 +90,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @BUILD_EXAMPLES_TRUE@am__append_1 = example -DIST_COMMON = README $(am__configure_deps) $(include_HEADERS) \ - $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ - $(srcdir)/Makefile.inc $(srcdir)/libssh2.pc.in \ - $(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \ - TODO config.guess config.rpath config.sub depcomp install-sh \ - ltmain.sh missing subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \ @@ -69,6 +100,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/autobuild.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(include_HEADERS) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d @@ -76,15 +109,28 @@ CONFIG_HEADER = $(top_builddir)/src/libssh2_config.h \ $(top_builddir)/example/libssh2_config.h CONFIG_CLEAN_FILES = libssh2.pc CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = SOURCES = DIST_SOURCES = -RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ - html-recursive info-recursive install-data-recursive \ - install-dvi-recursive install-exec-recursive \ - install-html-recursive install-info-recursive \ - install-pdf-recursive install-ps-recursive install-recursive \ - installcheck-recursive installdirs-recursive pdf-recursive \ - ps-recursive uninstall-recursive +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -123,12 +169,37 @@ DATA = $(pkgconfig_DATA) HEADERS = $(include_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive -AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ - $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ - distdir dist dist-all distcheck +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + cscope distdir dist dist-all distcheck +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +CSCOPE = cscope DIST_SUBDIRS = src tests docs example +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.inc \ + $(srcdir)/libssh2.pc.in COPYING ChangeLog NEWS README compile \ + config.guess config.rpath config.sub depcomp install-sh \ + ltmain.sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -138,6 +209,7 @@ am__remove_distdir = \ && rm -rf "$(distdir)" \ || { sleep 5 && rm -rf "$(distdir)"; }; \ else :; fi +am__post_remove_distdir = $(am__remove_distdir) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ @@ -165,6 +237,7 @@ am__relativize = \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz GZIP_ENV = --best +DIST_TARGETS = dist-gzip distuninstallcheck_listfiles = find . -type f -print am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' @@ -172,6 +245,7 @@ distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ AS = @AS@ AUTOCONF = @AUTOCONF@ @@ -196,6 +270,8 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ +HAVE_LIBBCRYPT = @HAVE_LIBBCRYPT@ +HAVE_LIBCRYPT32 = @HAVE_LIBCRYPT32@ HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@ HAVE_LIBSSL = @HAVE_LIBSSL@ HAVE_LIBZ = @HAVE_LIBZ@ @@ -206,6 +282,10 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBBCRYPT = @LIBBCRYPT@ +LIBBCRYPT_PREFIX = @LIBBCRYPT_PREFIX@ +LIBCRYPT32 = @LIBCRYPT32@ +LIBCRYPT32_PREFIX = @LIBCRYPT32_PREFIX@ LIBGCRYPT = @LIBGCRYPT@ LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@ LIBOBJS = @LIBOBJS@ @@ -219,6 +299,8 @@ LIBZ = @LIBZ@ LIBZ_PREFIX = @LIBZ_PREFIX@ LIPO = @LIPO@ LN_S = @LN_S@ +LTLIBBCRYPT = @LTLIBBCRYPT@ +LTLIBCRYPT32 = @LTLIBCRYPT32@ LTLIBGCRYPT = @LTLIBGCRYPT@ LTLIBOBJS = @LTLIBOBJS@ LTLIBSSL = @LTLIBSSL@ @@ -292,6 +374,7 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -326,20 +409,34 @@ win32/libssh2_config.h win32/config.mk win32/rules.mk \ win32/Makefile.Watcom win32/libssh2.dsw win32/tests.dsp $(DSP) \ win32/msvcproj.head win32/msvcproj.foot win32/libssh2.rc -EXTRA_DIST = $(WIN32FILES) buildconf $(NETWAREFILES) get_ver.awk HACKING \ - maketgz NMakefile TODO RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath +OS400FILES = os400/README400 os400/initscript.sh os400/make.sh \ +os400/make-src.sh os400/make-rpg.sh os400/make-include.sh \ +os400/os400sys.c os400/ccsid.c \ +os400/libssh2_config.h os400/macros.h os400/libssh2_ccsid.h \ +os400/include/alloca.h os400/include/sys/socket.h os400/include/stdio.h \ +os400/libssh2rpg/libssh2.rpgle.in \ +os400/libssh2rpg/libssh2_ccsid.rpgle.in \ +os400/libssh2rpg/libssh2_publickey.rpgle \ +os400/libssh2rpg/libssh2_sftp.rpgle \ +Makefile.os400qc3.inc + +EXTRA_DIST = $(WIN32FILES) buildconf $(NETWAREFILES) get_ver.awk \ + maketgz NMakefile RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath \ + CMakeLists.txt cmake $(OS400FILES) ACLOCAL_AMFLAGS = -I m4 + +# DSP/VCPROJ generation adapted from libcurl +# only OpenSSL and WinCNG are supported with this build system +CRYPTO_CSOURCES = openssl.c wincng.c +CRYPTO_HHEADERS = openssl.h wincng.h CSOURCES = channel.c comp.c crypt.c hostkey.c kex.c mac.c misc.c \ packet.c publickey.c scp.c session.c sftp.c userauth.c transport.c \ - version.c knownhost.c agent.c openssl.c libgcrypt.c pem.c keepalive.c \ - global.c - -HHEADERS = libssh2_priv.h openssl.h libgcrypt.h transport.h channel.h \ - comp.h mac.h misc.h packet.h userauth.h session.h sftp.h crypto.h + version.c knownhost.c agent.c $(CRYPTO_CSOURCES) pem.c keepalive.c global.c +HHEADERS = libssh2_priv.h $(CRYPTO_HHEADERS) transport.h channel.h comp.h \ + mac.h misc.h packet.h userauth.h session.h sftp.h crypto.h -# DSP/VCPROJ generation adapted from libcurl # Makefile.inc provides the CSOURCES and HHEADERS defines WIN32SOURCES = $(CSOURCES) WIN32HEADERS = $(HHEADERS) libssh2_config.h @@ -361,7 +458,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/Ma echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -371,7 +467,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; -$(srcdir)/Makefile.inc: +$(srcdir)/Makefile.inc $(am__empty): $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck @@ -436,22 +532,25 @@ uninstall-includeHEADERS: dir='$(DESTDIR)$(includedir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd -# into them and run `make' without going through this Makefile. -# To change the values of `make' variables: instead of editing Makefiles, -# (1) if the variable is set in `config.status', edit `config.status' -# (which will cause the Makefiles to be regenerated when you run `make'); -# (2) otherwise, pass the desired values on the `make' command line. -$(RECURSIVE_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ - list='$(SUBDIRS)'; for subdir in $$list; do \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ @@ -466,57 +565,12 @@ $(RECURSIVE_TARGETS): $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" -$(RECURSIVE_CLEAN_TARGETS): - @fail= failcom='exit 1'; \ - for f in x $$MAKEFLAGS; do \ - case $$f in \ - *=* | --[!k]*);; \ - *k*) failcom='fail=yes';; \ - esac; \ - done; \ - dot_seen=no; \ - case "$@" in \ - distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ - *) list='$(SUBDIRS)' ;; \ - esac; \ - rev=''; for subdir in $$list; do \ - if test "$$subdir" = "."; then :; else \ - rev="$$subdir $$rev"; \ - fi; \ - done; \ - rev="$$rev ."; \ - target=`echo $@ | sed s/-recursive//`; \ - for subdir in $$rev; do \ - echo "Making $$target in $$subdir"; \ - if test "$$subdir" = "."; then \ - local_target="$$target-am"; \ - else \ - local_target="$$target"; \ - fi; \ - ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ - || eval $$failcom; \ - done && test -z "$$fail" -tags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ - done -ctags-recursive: - list='$(SUBDIRS)'; for subdir in $$list; do \ - test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ - done +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags -ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ - mkid -fID $$unique -tags: TAGS - -TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ @@ -532,12 +586,7 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ + $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ @@ -549,15 +598,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $$unique; \ fi; \ fi -ctags: CTAGS -CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ - $(TAGS_FILES) $(LISP) - list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | \ - $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in files) print i; }; }'`; \ +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique @@ -566,9 +611,31 @@ GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" +cscope: cscope.files + test ! -s cscope.files \ + || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) +clean-cscope: + -rm -f cscope.files +cscope.files: clean-cscope cscopelist +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f cscope.out cscope.in.out cscope.po.out cscope.files distdir: $(DISTFILES) $(am__remove_distdir) @@ -639,40 +706,42 @@ distdir: $(DISTFILES) || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) + $(am__post_remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 - $(am__remove_distdir) + $(am__post_remove_distdir) dist-lzip: distdir tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz - $(am__remove_distdir) - -dist-lzma: distdir - tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma - $(am__remove_distdir) + $(am__post_remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz - $(am__remove_distdir) + $(am__post_remove_distdir) dist-tarZ: distdir + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z - $(am__remove_distdir) + $(am__post_remove_distdir) dist-shar: distdir + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz - $(am__remove_distdir) + $(am__post_remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) - $(am__remove_distdir) + $(am__post_remove_distdir) -dist dist-all: distdir - tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz - $(am__remove_distdir) +dist dist-all: + $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' + $(am__post_remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another @@ -683,8 +752,6 @@ distcheck: dist GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ - *.tar.lzma*) \ - lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ *.tar.lz*) \ lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ *.tar.xz*) \ @@ -696,18 +763,19 @@ distcheck: dist *.zip*) \ unzip $(distdir).zip ;;\ esac - chmod -R a-w $(distdir); chmod u+w $(distdir) - mkdir $(distdir)/_build - mkdir $(distdir)/_inst + chmod -R a-w $(distdir) + chmod u+w $(distdir) + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build \ - && ../configure --srcdir=.. --prefix="$$dc_install_base" \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ + --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ @@ -730,7 +798,7 @@ distcheck: dist && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 - $(am__remove_distdir) + $(am__post_remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' @@ -869,26 +937,27 @@ ps-am: uninstall-am: uninstall-includeHEADERS uninstall-pkgconfigDATA -.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ - install-am install-strip tags-recursive - -.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ - all all-am am--refresh check check-am clean clean-generic \ - clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \ - dist-gzip dist-hook dist-lzip dist-lzma dist-shar dist-tarZ \ - dist-xz dist-zip distcheck distclean distclean-generic \ - distclean-libtool distclean-tags distcleancheck distdir \ - distuninstallcheck dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-includeHEADERS install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-pkgconfigDATA install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-recursive uninstall uninstall-am \ - uninstall-includeHEADERS uninstall-pkgconfigDATA +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--refresh check check-am clean clean-cscope clean-generic \ + clean-libtool cscope cscopelist-am ctags ctags-am dist \ + dist-all dist-bzip2 dist-gzip dist-hook dist-lzip dist-shar \ + dist-tarZ dist-xz dist-zip distcheck distclean \ + distclean-generic distclean-libtool distclean-tags \ + distcleancheck distdir distuninstallcheck dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am \ + install-includeHEADERS install-info install-info-am \ + install-man install-pdf install-pdf-am install-pkgconfigDATA \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-includeHEADERS uninstall-pkgconfigDATA + +.PRECIOUS: Makefile .PHONY: ChangeLog diff --git a/vendor/libssh2/Makefile.inc b/vendor/libssh2/Makefile.inc index 12a89e536b..8f2e570cb5 100644 --- a/vendor/libssh2/Makefile.inc +++ b/vendor/libssh2/Makefile.inc @@ -1,7 +1,6 @@ CSOURCES = channel.c comp.c crypt.c hostkey.c kex.c mac.c misc.c \ packet.c publickey.c scp.c session.c sftp.c userauth.c transport.c \ - version.c knownhost.c agent.c openssl.c libgcrypt.c pem.c keepalive.c \ - global.c + version.c knownhost.c agent.c $(CRYPTO_CSOURCES) pem.c keepalive.c global.c -HHEADERS = libssh2_priv.h openssl.h libgcrypt.h transport.h channel.h \ - comp.h mac.h misc.h packet.h userauth.h session.h sftp.h crypto.h +HHEADERS = libssh2_priv.h $(CRYPTO_HHEADERS) transport.h channel.h comp.h \ + mac.h misc.h packet.h userauth.h session.h sftp.h crypto.h diff --git a/vendor/libssh2/Makefile.libgcrypt.inc b/vendor/libssh2/Makefile.libgcrypt.inc new file mode 100644 index 0000000000..5d56292ce8 --- /dev/null +++ b/vendor/libssh2/Makefile.libgcrypt.inc @@ -0,0 +1,2 @@ +CRYPTO_CSOURCES = libgcrypt.c +CRYPTO_HHEADERS = libgcrypt.h diff --git a/vendor/libssh2/Makefile.os400qc3.inc b/vendor/libssh2/Makefile.os400qc3.inc new file mode 100644 index 0000000000..e55094d9bd --- /dev/null +++ b/vendor/libssh2/Makefile.os400qc3.inc @@ -0,0 +1,2 @@ +CRYPTO_CSOURCES = os400qc3.c +CRYPTO_HHEADERS = os400qc3.h diff --git a/vendor/libssh2/NEWS b/vendor/libssh2/NEWS index a5f3f77e56..52ba0d4abe 100644 --- a/vendor/libssh2/NEWS +++ b/vendor/libssh2/NEWS @@ -1,4682 +1,5430 @@ Changelog for the libssh2 project. Generated with git2news.pl -Version 1.4.3 (27 Nov 2012) - -Daniel Stenberg (27 Nov 2012) -- RELEASE-NOTES: fixed for 1.4.3 +Version 1.7.0 (23 Feb 2016) -- sftp_read: return error if a too large package arrives +Daniel Stenberg (23 Feb 2016) +- web: the site is now HTTPS -Peter Stuge (13 Nov 2012) -- Only define _libssh2_dsa_*() functions when building with DSA support +- RELEASE-NOTES: 1.7.0 release -Guenter Knauf (8 Nov 2012) -- Added .def file to output. +- diffie_hellman_sha256: convert bytes to bits + + As otherwise we get far too small numbers. + + Reported-by: Andreas Schneider + + CVE-2016-0787 -Kamil Dudka (1 Nov 2012) -- libssh2_hostkey_hash.3: update the description of return value +Alexander Lamaison (18 Feb 2016) +- Allow CI failures with VS 2008 x64. - The function returns NULL also if the hash algorithm is not available. + Appveyor doesn't support this combination. -Guenter Knauf (24 Oct 2012) -- Fixed mode acciedently committed. +Daniel Stenberg (16 Feb 2016) +- [Viktor Szakats brought this change] -- Ignore generated file. + GNUmakefile: list system libs after user libs + + Otherwise some referenced WinSock functions will fail to + resolve when linking against LibreSSL 2.3.x static libraries + with mingw. + + Closes #80 -- Added hack to make use of Makefile.inc. +- [Viktor Szakats brought this change] + + openssl: apply new HAVE_OPAQUE_STRUCTS macro - This should avoid further maintainance of the objects list. + Closes #81 -- Fixed MSVC NMakefile. +- [Viktor Szakats brought this change] + + openssl: fix LibreSSL support after OpenSSL 1.1.0-pre1/2 support + +Alexander Lamaison (14 Feb 2016) +- sftp.h: Fix non-C90 type. - Added missing source files; added resource for DLL. + uint64_t does not exist in C90. Use libssh2_uint64_t instead. -Kamil Dudka (22 Oct 2012) -- examples: use stderr for messages, stdout for data +- Exclude sshd tests from AppVeyor. - Reported by: Karel Srot - Bug: https://bugzilla.redhat.com/867462 + They fail complaining that sshd wasn't invoked with an absolute path. -- openssl: do not leak memory when handling errors +- Test on more versions of Visual Studio. + +- Fix Appveyor builds. + +Daniel Stenberg (14 Feb 2016) +- [Viktor Szakats brought this change] + + openssl: add OpenSSL 1.1.0-pre3-dev compatibility - ,.. in aes_ctr_init(). Detected by Coverity. + by using API instead of accessing an internal structure. + + Closes #83 -- channel: fix possible NULL dereference +- RELEASE-NOTES: synced with 996b04ececdf + +- include/libssh2.h: next version is 1.7.0 + +- configure: build "silent" if possible + +- sftp: re-indented some minor stuff + +- [Jakob Egger brought this change] + + sftp.c: ensure minimum read packet size - ... in libssh2_channel_get_exit_signal(). Detected by Coverity. + For optimum performance we need to ensure we don't request tiny packets. -- Revert "aes: the init function fails when OpenSSL has AES support" +- [Jakob Egger brought this change] + + sftp.c: Explicit return values & sanity checks + +- [Jakob Egger brought this change] + + sftp.c: Check Read Packet File Offset - This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864. + This commit adds a simple check to see if the offset of the read + request matches the expected file offset. - We need to use the EVP_aes_???_ctr() functions in FIPS mode. + We could try to recover, from this condition at some point in the future. + Right now it is better to return an error instead of corrupted data. -- crypt: use hard-wired cipher block sizes consistently +- [Jakob Egger brought this change] -- openssl: do not ignore failure of EVP_CipherInit() + sftp.c: Don't return EAGAIN if data was written to buffer -- kex: do not ignore failure of libssh2_md5_init() +- [Jakob Egger brought this change] + + sftp.c: Send at least one read request before reading - The MD5 algorithm is disabled when running in FIPS mode. + This commit ensures that we have sent at least one read request before + we try to read data in sftp_read(). + + Otherwise sftp_read() would return 0 bytes (indicating EOF) if the + socket is not ready for writing. -Daniel Stenberg (21 Aug 2012) -- [Peter Krempa brought this change] +- [Jakob Egger brought this change] - known_hosts: Fail when parsing unknown keys in known_hosts file. + sftp.c: stop reading when buffer is full - libssh2_knownhost_readfile() silently ignored problems when reading keys - in unsupported formats from the known hosts file. When the file is - written again from the internal structures of libssh2 it gets truntcated - to the point where the first unknown key was located. + Since we can only store data from a single chunk in filep, + we have to stop receiving data as soon as the buffer is full. - * src/knownhost.c:libssh2_knownhost_readfile() - return error if key - parsing fails + This adresses the following bug report: + https://github.com/libssh2/libssh2/issues/50 -- AUTHORS: synced with 42fec44c8a4 +Salvador Fandiño (21 Jan 2016) +- agent_disconnect_unix: unset the agent fd after closing it - 31 recent authors added + "agent_disconnect_unix", called by "libssh2_agent_disconnect", was + leaving the file descriptor in the agent structure unchanged. Later, + "libssh2_agent_free" would call again "libssh2_agent_disconnect" under + the hood and it would try to close again the same file descriptor. In + most cases that resulted in just a harmless error, but it is also + possible that the file descriptor had been reused between the two + calls resulting in the closing of an unrelated file descriptor. + + This patch sets agent->fd to LIBSSH2_INVALID_SOCKET avoiding that + issue. + + Signed-off-by: Salvador Fandiño -- [Dave Hayden brought this change] +Daniel Stenberg (18 Jan 2016) +- [Patrick Monnerat brought this change] - compression: add support for zlib@openssh.com + os400qc3: support encrypted private keys - Add a "use_in_auth" flag to the LIBSSH2_COMP_METHOD struct and a - separate "zlib@openssh.com" method, along with checking session->state - for LIBSSH2_STATE_AUTHENTICATED. Appears to work on the OpenSSH servers - I've tried against, and it should work as before with normal zlib - compression. + PKCS#8 EncryptedPrivateKeyinfo structures are recognized and decoded to get + values accepted by the Qc3 crypto library. -- [Dmitry Smirnov brought this change] +- [Patrick Monnerat brought this change] - configure: gcrypt doesn't come with pkg-config support + os400qc3: New PKCS#5 decoder - ... so use plain old -lgcrypt to the linker to link with it. + The Qc3 library is not able to handle PKCS#8 EncryptedPrivateKeyInfo structures + by itself. It is only capable of decrypting the (encrypted) PrivateKeyInfo + part, providing a key encryption key and an encryption algorithm are given. + Since the encryption key and algorithm description part in a PKCS#8 + EncryptedPrivateKeyInfo is a PKCS#5 structure, such a decoder is needed to + get the derived key method and hash, as well as encryption algorith and + initialisation vector. + +- [Patrick Monnerat brought this change] + + os400qc3: force continuous update on non-final hash/hmac computation + +- [Patrick Monnerat brought this change] + + os400qc3: Be sure hmac keys have a minimum length - Fixes #225 + The Qc3 library requires a minimum key length depending on the target + hash algorithm. Append binary zeroes to the given key if not long enough. + This matches RFC 2104 specifications. -- sftp_read: Value stored to 'next' is never read +- [Patrick Monnerat brought this change] + + os400qc3: Slave descriptor for key encryption key - Detected by clang-analyzer + The Qc3 library requires the key encryption key to exist as long as + the encrypted key is used. Its descriptor token is then kept as an + "encrypted key slave" for recursive release. -- publickey_init: errors are negative, fix check +- [Patrick Monnerat brought this change] + + os400qc3.c: comment PEM/DER decoding + +- [Patrick Monnerat brought this change] + + os400qc3.c: improve ASN.1 header byte checks + +- [Patrick Monnerat brought this change] + + os400qc3.c: improve OID matching + +- [Patrick Monnerat brought this change] + + os400: os400qc3.c: replace malloc by LIBSSH2_ALLOC or alloca where possible + +- [Patrick Monnerat brought this change] + + os400: asn1_new_from_bytes(): use data from a single element only + +- [Patrick Monnerat brought this change] + + os400: fix an ILE/RPG prototype + +- [Patrick Monnerat brought this change] + + os400: implement character encoding conversion support + +- [Patrick Monnerat brought this change] + + os400: do not miss some external prototypes - Detected by clang-analyzer. + Build procedure extproto() did not strip braces from header files, thus + possibly prepended them to true prototypes. This prevented the prototype to + be recognized as such. + The solution implemented here is to map braces to semicolons, effectively + considering them as potential prototype delimiters. -- [Maxime Larocque brought this change] +- [Patrick Monnerat brought this change] - session_free: wrong variable used for keeping state + os400: Really add specific README + +- [Patrick Monnerat brought this change] + + os400: Add specific README and include new files in dist tarball + +- [Patrick Monnerat brought this change] + + os400: add compilation scripts + +- [Patrick Monnerat brought this change] + + os400: include files for ILE/RPG - If libssh2_session_free is called without the channel being freed - previously by libssh2_channel_free a memory leak could occur. + In addition, file os400/macros.h declares all procedures originally + defined as macros. It must not be used for real inclusion and is only + intended to be used as a `database' for macro wrapping procedures generation. + +- [Patrick Monnerat brought this change] + + os400: add supplementary header files/wrappers. Define configuration. + +- [Patrick Monnerat brought this change] + + Protect callback function calls from macro substitution - A mismatch of states variables in session_free() prevent the call to - libssh2_channel_free function. session->state member is used instead of - session->free_state. + Some structure fields holding callback addresses have the same name as the + underlying system function (connect, send, recv). Set parentheses around + their reference to suppress a possible macro substitution. - It causes a leak of around 600 bytes on every connection on my systems - (Linux, x64 and PPC). + Use a macro for connect() on OS/400 to resolve a const/nonconst parameter + problem. + +- [Patrick Monnerat brought this change] + + Add interface for OS/400 crypto library QC3 + +- [Patrick Monnerat brought this change] + + misc: include stdarg.h for debug code + +- [Patrick Monnerat brought this change] + + Document crypto library interface + +- [Patrick Monnerat brought this change] + + Feature an optional crypto-specific macro to rsa sign a data fragment vector - (Debugging done under contract for Accedian Networks) + OS/400 crypto library is unable to sign a precomputed SHA1 hash: however + it does support a procedure that hashes data fragments and rsa signs. + If defined, the new macro _libssh2_rsa_sha1_signv() implements this function + and disables use of _libssh2_rsa_sha1_sign(). - Fixes #246 + The function described above requires that the struct iovec unused slacks are + cleared: for this reason, macro libssh2_prepare_iovec() has been introduced. + It should be defined as empty for crypto backends that are not sensitive + to struct iovec unused slack values. -Guenter Knauf (29 Jun 2012) -- Small NetWare makefile tweak. +- [Patrick Monnerat brought this change] -- Some small Win32 makefile fixes. + Fold long lines in include files -Daniel Stenberg (19 Jun 2012) -- libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL +- [Viktor Szakats brought this change] -- comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating - - When using libssh2 to perform an SFTP file transfer from the "JSCAPE MFT - Server" (http://www.jscape.com) the transfer failed. The default JSCAPE - configuration is to enforce zlib compression on SSH2 sessions so the - session was compressed. The relevant part of the debug trace contained: + kex.c: fix indentation - [libssh2] 1.052750 Transport: unhandled zlib error -5 - [libssh2] 1.052750 Failure Event: -29 - decompression failure + Closes #71 + +- [Viktor Szakats brought this change] + + add OpenSSL-1.1.0-pre2 compatibility - The trace comes from comp_method_zlib_decomp() in comp.c. The "unhandled - zlib error -5" is the status returned from the zlib function - inflate(). The -5 status corresponds to "Z_BUF_ERROR". + Closes #70 + +- [Viktor Szakats brought this change] + + add OpenSSL 1.1.0-pre1 compatibility - The inflate() function takes a pointer to a z_stream structure and - "inflates" (decompresses) as much as it can. The relevant fields of the - z_stream structure are: + * close https://github.com/libssh2/libssh2/issues/69 + * sync a declaration with the rest of similar ones + * handle EVP_MD_CTX_new() returning NULL with OpenSSL 1.1.0 + * fix potential memory leak with OpenSSL 1.1.0 in + _libssh2_*_init() functions, when EVP_MD_CTX_new() succeeds, + but EVP_DigestInit() fails. + +Marc Hoersken (22 Dec 2015) +- wincng.c: fixed _libssh2_wincng_hash_final return value - next_in - pointer to the input buffer containing compressed data - avail_in - the number of bytes available at next_in - next_out - pointer to the output buffer to be filled with uncompressed - data - avail_out - how much space available at next_out + _libssh2_wincng_hash_final was returning the internal BCRYPT + status code instead of a valid libssh2 return value (0 or -1). - To decompress data you set up a z_stream struct with the relevant fields - filled in and pass it to inflate(). On return the fields will have been - updated so next_in and avail_in show how much compressed data is yet to - be processed and next_out and avail_out show how much space is left in - the output buffer. + This also means that _libssh2_wincng_hash never returned 0. + +- wincng.c: fixed possible memory leak in _libssh2_wincng_hash - If the supplied output buffer is too small then on return there will be - compressed data yet to be processed (avail_in != 0) and inflate() will - return Z_OK. In this case the output buffer must be grown, avail_out - updated and inflate() called again. + If _libssh2_wincng_hash_update failed _libssh2_wincng_hash_final + would never have been called before. - If the supplied output buffer was big enough then on return the - compressed data will have been exhausted (avail_in == 0) and inflate() - will return Z_OK, so the data has all been uncompressed. + Reported by Zenju. + +Kamil Dudka (15 Dec 2015) +- [Paul Howarth brought this change] + + libssh2.pc.in: fix the output of pkg-config --libs - There is a corner case where inflate() makes no progress. That is, there - may be unprocessed compressed data and space available in the output - buffer and yet the function does nothing. In this case inflate() will - return Z_BUF_ERROR. From the zlib documentation and the source code it - is not clear under what circumstances this happens. It could be that it - needs to write multiple bytes (all in one go) from its internal state to - the output buffer before processing the next chunk of input but but - can't because there is not enough space (though my guesses as to the - cause are not really relevant). Recovery from Z_BUF_ERROR is pretty - simple - just grow the output buffer, update avail_out and call - inflate() again. + ... such that it does not include LDFLAGS used to build libssh2 itself. + There was a similar fix in the curl project long time ago: - The comp_method_zlib_decomp() function does not handle the case when - inflate() returns Z_BUF_ERROR. It treats it as a non-recoverable error - and basically aborts the session. + https://github.com/bagder/curl/commit/curl-7_19_7-56-g4c8adc8 - Fixes #240 + Bug: https://bugzilla.redhat.com/1279966 + Signed-off-by: Kamil Dudka -Guenter Knauf (12 Jun 2012) -- MinGW makefile tweaks. - - Use GNU tools when compiling on Linux. - Fixed dist and dev targets. +Marc Hoersken (6 Dec 2015) +- hostkey.c: align code path of ssh_rsa_init to ssh_dss_init -- NetWare makefile tweaks. +- hostkey.c: fix invalid memory access if libssh2_dsa_new fails - Changed to use Windows commandline tools instead of - GNU tools when compiling on Windows. Fixed dist and - dev targets. Enabled nlmconv error for unresolved - symbols. + Reported by dimmaq, fixes #66 -Daniel Stenberg (11 Jun 2012) -- Revert "config.rpath: generated file, no need to keep in git" +Daniel Stenberg (3 Nov 2015) +- [Will Cosgrove brought this change] + + gcrypt: define libssh2_sha256_ctx - This reverts commit 1ac7bd09cc685755577fb2c8829adcd081e7ab3c. + Looks like it didn't make it into the latest commit for whatever reason. - This file still used by lib/*m4 functions so we need to keep the file - around. - -- BINDINGS: added PySsh2, a Python-ctypes binding + Closes #58 -Guenter Knauf (8 Jun 2012) -- Fixed MinGW debug build. +- [Salvador Fandino brought this change] -Daniel Stenberg (5 Jun 2012) -- BINDINGS: Added the Cocoa/Objective-C one + libssh2_session_set_last_error: Add function - ... and sorted the bindings after the languages, alphabetically + Net::SSH2, the Perl wrapping module for libssh2 implements several features* + on top of libssh2 that can fail and so need some mechanism to report the error + condition to the user. - Reported by: Mike Abdullah + Until now, besides the error state maintained internally by libssh2, another + error state was maintained at the Perl level for every session object and then + additional logic was used to merge both error states. That is a maintenance + nighmare, and actually there is no way to do it correctly and consistently. + + In order to allow the high level language to add new features to the library + but still rely in its error reporting features the new function + libssh2_session_set_last_error (that just exposses _libssh2_error_flags) is + introduced. + + *) For instance, connecting to a remote SSH service giving the hostname and + port. + + Signed-off-by: Salvador Fandino + Signed-off-by: Salvador Fandiño -- BINDINGS: document the bindings we know of +- [Salvador Fandino brought this change] -Guenter Knauf (4 Jun 2012) -- Fixed LIBSSH2_INT64_T_FORMAT macro. + _libssh2_error: Support allocating the error message - Usually a format macro should hold the whole format, otherwise - it should be named a prefix. Also fixed usage of this macro in - scp.c for a signed var where it was used as prefix for unsigned. + Before this patch "_libssh2_error" required the error message to be a + static string. + + This patch adds a new function "_libssh2_error_flags" accepting an + additional "flags" argument and specifically the flag + "LIBSSH2_ERR_FLAG_DUP" indicating that the passed string must be + duplicated into the heap. + + Then, the method "_libssh2_error" has been rewritten to use that new + function under the hood. + + Signed-off-by: Salvador Fandino + Signed-off-by: Salvador Fandiño -- Removed obsolete define from makefiles. +- [Will Cosgrove brought this change] -- Renamed NetWare makefiles. + added engine.h include to fix warning -- Renamed NetWare makefiles. +- [sune brought this change] -- Synced MinGW makefiles with 56c64a6..39e438f. + kex.c: removed dupe entry from libssh2_kex_methods[] - Also synced MinGW test makefile with b092696..f8cb874. + Closes #51 -Peter Stuge (30 May 2012) -- Revert "sftp: Don't send attrs.permissions on read-only SSH_FXP_OPEN" +- [Salvador Fandiño brought this change] + + userauth: Fix off by one error when reading public key file - This reverts commit 04e79e0c798674a0796be8a55f63dd92e6877790. + After reading the public key from file the size was incorrectly + decremented by one. + + This was usually a harmless error as the last character on the public + key file is an unimportant EOL. But if due to some error the public key + file is empty, the public key size becomes (uint)(0 - 1), resulting in + an unrecoverable out of memory error later. + + Signed-off-by: Salvador Fandi??o -- sftp: Don't send attrs.permissions on read-only SSH_FXP_OPEN +- [Salvador Fandino brought this change] + + channel: Detect bad usage of libssh2_channel_process_startup - This works around a protocol violation in the ProFTPD 1.3.4 mod_sftp - server, as reported by Will Cosgrove in: + A common novice programmer error (at least among those using the + wrapping Perl module Net::SSH2), is to try to reuse channels. - http://libssh2.org/mail/libssh2-devel-archive-2012-05/0079.shtml + This patchs detects that incorrect usage and fails with a + LIBSSH2_ERROR_BAD_USE error instead of hanging. - Based on a suggested fix by TJ Saunders in: + Signed-off-by: Salvador Fandino + +- [Will Cosgrove brought this change] + + kex: Added diffie-hellman-group-exchange-sha256 support - http://libssh2.org/mail/libssh2-devel-archive-2012-05/0104.shtml + ... and fixed HMAC_Init depricated usage + + Closes #48 -Guenter Knauf (28 May 2012) -- Try to detect OpenSSL build type automatically. +Alexander Lamaison (21 Sep 2015) +- Prefixed new #defines to prevent collisions. - Also fixed recently added libgdi32 linkage which is only - required when OpenSSL libs are linked statically. + Other libraries might have their own USE_WIN32_*FILES. -Daniel Stenberg (25 May 2012) -- config.rpath: generated file, no need to keep in git +- [keith-daigle brought this change] -Guenter Knauf (22 May 2012) -- Updated dependency libary versions. + Update examples/scp.c to fix bug where large files on win32 would cause got to wrap and go negative -Daniel Stenberg (18 May 2012) -- 1.4.3: towards the future +- [David Byron brought this change] -Version 1.4.2 (18 May 2012) + add libssh2_scp_recv2 to support large (> 2GB) files on windows -Daniel Stenberg (18 May 2012) -- RELEASE-NOTES: synced with 92a9f952794 +Daniel Stenberg (17 Sep 2015) +- [sune brought this change] -Alexander Lamaison (15 May 2012) -- win32/libssh2_config.h: Remove hardcoded #define LIBSSH2_HAVE_ZLIB. - - Rationale: Everything else in this file states a fact about the win32 - platform that is unconditional for that platform. There is nothing - unconditional about the presence of zlib. It is neither included with - Windows nor with the platform SDK. Therefore, this is not an appropriate - place to assert its presence. Especially as, once asserted, it cannot be - overridden using a compiler flag. + WinCNG: support for SHA256/512 HMAC - In contrast, if it is omitted, then it can easily be reasserted by adding - a compiler flag defining LIBSSH2_HAVE_ZLIB. + Closes #47 -Daniel Stenberg (14 May 2012) -- RELEASE-NOTES: synced with 69a3354467c +- [brian m. carlson brought this change] -- _libssh2_packet_add: SSH_MSG_CHANNEL_REQUEST default to want_reply + Add support for HMAC-SHA-256 and HMAC-SHA-512. - RFC4254 says the default 'want_reply' is TRUE but the code defaulted to - FALSE. Now changed. + Implement support for these algorithms and wire them up to the libgcrypt + and OpenSSL backends. Increase the maximum MAC buffer size to 64 bytes + to prevent buffer overflows. Prefer HMAC-SHA-256 over HMAC-SHA-512, and + that over HMAC-SHA-1, as OpenSSH does. - Fixes #233 + Closes #40 -- gettimeofday: no need for a replacement under cygwin - - Fixes #224 +- [Zenju brought this change] -Alexander Lamaison (13 May 2012) -- Prevent sftp_packet_read accessing freed memory. + kex: free server host key before allocating it (again) - sftp_packet_add takes ownership of the packet passed to it and (now that we - handle zombies) might free the packet. sftp_packet_read uses the packet type - byte as its return code but by this point sftp_packet_add might have freed - it. This change fixes the problem by caching the packet type before calling - sftp_packet_add. + Fixes a memory leak when Synology server requests key exchange - I don't understand why sftp_packet_read uses the packet type as its return - code. A future change might get rid of this entirely. + Closes #43 -Daniel Stenberg (12 May 2012) -- sftp_packet_flush: flush zombies too - - As this function is called when the SFTP session is closed, it needs to - also kill all zombies left in the SFTP session to avoid leaking memory - just in case some zombie would still be in there. +- [Viktor Szakats brought this change] -- sftp_packetlist_flush: zombies must not have responses already + GNUmakefile: up OpenSSL version - When flushing the packetlist, we must only add the request as a zombie - if no response has already been received. Otherwise we could wrongly - make it a zombie even though the response was already received and then - we'd get a zombie stuck there "forever"... + closes #23 -- sftp_read: on EOF remove packet before flush - - Since the sftp_packetlist_flush() function will move all the existing - FXP_READ requests in this handle to the zombie list we must first remove - this just received packet as it is clearly not a zombie. +- [Viktor Szakats brought this change] -- sftp_packet_require: sftp_packet_read() returning 0 is not an error + GNUmakefile: add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS - Exactly as the comment in the code said, checking the return code from - sftp_packet_read() with <= was wrong and it should be < 0. With the new - filtering on incoming packets that are "zombies" we can now see this - getting zero returned. - -- sftp_packetlist_flush: only make it zombie if it was sent + libssh2 equivalent of curl patch https://github.com/bagder/curl/commit/d21b66835f2af781a3c2a685abc92ef9f0cd86be - The list of outgoing packets may also contain packets that never were - sent off and we better not make them zombies too. + This allows to build for the non-default target when using a multi-target mingw distro. + Also bump default OpenSSL dependency path to 1.0.2c. -- [Alexander Lamaison brought this change] +- [Viktor Szakats brought this change] - Mark outstanding read requests after EOF as zombies. + GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS - In order to be fast, sftp_read sends many read requests at once. With a small - file, this can mean that when EOF is received back, many of these requests are - still outstanding. Responses arriving after we close the file and abandon the - file handle are queued in the SFTP packet queue and never collected. This - causes transfer speed to drop as a progressively longer queue must be searched - for every packet. + It is similar to existing LIBSSH2_CFLAG_EXTRAS, but for + extra linker options. - This change introduces a zombie request-ID list in the SFTP session that is - used to recognise these outstanding requests and prevent them being added to - the queue. + Also delete some line/file ending whitespace. + + closes #27 -Peter Stuge (23 Apr 2012) -- [Rafael Kitover brought this change] +- [nasacj brought this change] - Update win32/GNUmakefile to use OpenSSL 1.0.1a + hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined - libcrypto on win32 now depends on gdi32.dll, so move the OpenSSL LDLIBS - block to before the compiler definitions, so that libcrypto gets added - first, and then add -lgdi32 into the following common LDLIBS for gcc. + Closes #32 -Guenter Knauf (23 Apr 2012) -- Changed 'Requires' to 'Requires.private'. - - Only static builds need to link against the crypto libs. +- [Mizunashi Mana brought this change] -- Fixed 'Requires:' names. + openssl.h: adjust the rsa/dsa includes - The 'Requires:' line lists the names of the .pc files. + ... to work when built without DSA support. + + Closes #36 -- Added 'Requires:' line to libssh2.pc. +Alexander Lamaison (26 Jul 2015) +- Let CMake build work as a subproject. - This is necessary so that other libs which lookup libssh2 info - via pkg-config can add the right crypto lib dependencies. + Patch contributed by JasonHaslam. -- Updated dependency lib versions. +- Fix builds with Visual Studio 2015. + + VS2015 moved stdio functions to the header files as inline function. That means check_function_exists can't detect them because it doesn't use header files - just does a link check. Instead we need to use check_symbol_exists with the correct headers. -Peter Stuge (18 Apr 2012) -- configure.ac: Add option to disable build of the example applications +Kamil Dudka (2 Jul 2015) +- cmake: include CMake files in the release tarballs - Examples are built by default. Any of the following options on the - configure command line will skip building them: + Despite we announced the CMake support in libssh2-1.6.0 release notes, + the files required by the CMake build system were not included in the + release tarballs. Hence, the only way to use CMake for build was the + upstream git repository. - --disable-examples-build - --enable-examples-build=no - --enable-examples-build=false + This commit makes CMake actually supported in the release tarballs. -- userauth.c: fread() from public key file to correctly detect any errors +- tests/mansyntax.sh: fix 'make distcheck' with recent autotools - If the filename parameter for file_read_publickey() was the name of a - directory instead of a file then libssh2 would spin trying to fgetc() - from the FILE * for the opened directory when trying to determine the - length of the encoded public key, since fgetc() can't report errors. + Do not create symbolic links off the build directory. Recent autotools + verify that out-of-source build works even if the source directory tree + is not writable. + +- openssl: fix memleak in _libssh2_dsa_sha1_verify() + +Daniel Stenberg (12 Jun 2015) +- openssl: make libssh2_sha1 return error code - Use fread() instead to correctly detect this error condition along - with many others. + - use the internal prefix _libssh2_ for non-exported functions - This fixes the problem reported in - http://www.libssh2.org/mail/libssh2-devel-archive-2012-04/0021.shtml + - removed libssh2_md5() since it wasn't used - Reported-by: Oleksiy Zagorskyi + Reported-by: Kamil Dudka -- Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner +- [LarsNordin-LNdata brought this change] -Guenter Knauf (17 Apr 2012) -- Fixed copyright year. + SFTP: Increase speed and datasize in SFTP read + + The function sftp_read never return more then 2000 bytes (as it should + when I asked Daniel). I increased the MAX_SFTP_READ_SIZE to 30000 but + didn't get the same speed as a sftp read in SecureSSH. I analyzed the + code and found that a return always was dona when a chunk has been read. + I changed it to a sliding buffer and worked on all available chunks. I + got an increase in speed and non of the test I have done has failed + (both local net and over Internet). Please review and test. I think + 30000 is still not the optimal MAX_SFTP_READ_SIZE, my next goal is to + make an API to enable changing this value (The SecureSSH sftp_read has + more complete filled packages when comparing the network traffic) -- Updated dependency lib versions in static makefiles. +- bump: start working on 1.6.1 -Daniel Stenberg (6 Apr 2012) -- version: bump to 1.4.2 - - We're on the 1.4.2 track now (at least) +Version 1.6.0 (5 Jun 2015) -Version 1.4.1 (4 Apr 2012) +Daniel Stenberg (5 Jun 2015) +- RELEASE-NOTES: synced with 858930cae5c6a -Daniel Stenberg (4 Apr 2012) -- RELEASE-NOTES: updated for 1.4.1 release +Marc Hoersken (19 May 2015) +- wincng.c: fixed indentation -- always do "forced" window updates +- [sbredahl brought this change] + + wincng.c: fixed memleak in (block) cipher destructor + +Alexander Lamaison (6 May 2015) +- [Jakob Egger brought this change] + + libssh2_channel_open: more detailed error message - When calling _libssh2_channel_receive_window_adjust() internally, we now - always use the 'force' option to prevent libssh2 to avoid sending the - update if the update isn't big enough. + The error message returned by libssh2_channel_open in case of a server side channel open failure is now more detailed and includes the four standard error conditions in RFC 4254. + +- [Hannes Domani brought this change] + + kex: fix libgcrypt memory leaks of bignum - It isn't fully analyzed but we have seen corner cases which made a - necessary window update not get send due to this and then the other side - doesn't send data our side then sits waiting for forever. + Fixes #168. -- channel_read: force window adjusts! +Marc Hoersken (3 Apr 2015) +- configure.ac: check for SecureZeroMemory for clear memory feature + +- Revert "wincng.c: fix clear memory feature compilation with mingw" - if there's not enough room to receive the data that's being requested, - the window adjustment needs to be sent to the remote and thus the force - option has to be used. _libssh2_channel_receive_window_adjust() would - otherwise "queue" small window adjustments for a later packet but that - is really terribly for the small buffer read that for example is the - final little piece of a very large file as then there is no logical next - packet! + This reverts commit 2d2744efdd0497b72b3e1ff6e732aa4c0037fc43. - Reported by: Armen Babakhanian - Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0130.shtml + Autobuilds show that this did not solve the issue. + And it seems like RtlFillMemory is defined to memset, + which would be optimized out by some compilers. -- [Paul Howarth brought this change] +- wincng.c: fix clear memory feature compilation with mingw - aes: the init function fails when OpenSSL has AES support - - The internal init function only worked fine when the configure script - didn't detect the OpenSSL AES_CTR function! +Alexander Lamaison (1 Apr 2015) +- [LarsNordin-LNdata brought this change] + + Enable use of OpenSSL that doesn't have DSA. - Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml - Reported by: Paul Howarth + Added #if LIBSSH2_DSA for all DSA functions. -- [Matthew Booth brought this change] +- [LarsNordin-LNdata brought this change] - transport_send: Finish in-progress key exchange before sending data + Use correct no-blowfish #define with OpenSSL. - _libssh2_channel_write() first reads outstanding packets before writing - new data. If it reads a key exchange request, it will immediately start - key re-exchange, which will require sending a response. If the output - socket is full, this will result in a return from - _libssh2_transport_read() of LIBSSH2_ERROR_EAGAIN. In order not to block - a write because there is no data to read, this error is explicitly - ignored and the code continues marshalling a packet for sending. When it - is sent, the remote end immediately drops the connection because it was - expecting a continuation of the key exchange, but got a data packet. + The OpenSSL define is OPENSSL_NO_BF, not OPENSSL_NO_BLOWFISH. + +Marc Hoersken (25 Mar 2015) +- configure: error if explicitly enabled clear-memory is not supported - This change adds the same check for key exchange to - _libssh2_transport_send() that is in _libssh2_transport_read(). This - ensures that key exchange is completed before any data packet is sent. + This takes 22bd8d81d8fab956085e2079bf8c29872455ce59 and + b8289b625e291bbb785ed4add31f4759241067f3 into account, + but still makes it enabled by default if it is supported + and error out in case it is unsupported and was requested. -- channel_write: acknowledge transport errors +Daniel Stenberg (25 Mar 2015) +- configure: make clear-memory default but only WARN if backend unsupported - When draining data off the socket with _libssh2_transport_read() (which - in turn has to be done so that we can be sure to have read any possible - window-increasing packets), this code previously ignored errors which - could lead to nasty loops. Now all error codes except EAGAIN will cause - the error to be returned at once. + ... instead of previous ERROR. + +Marc Hoersken (24 Mar 2015) +- wincng.h: fix warning about computed return value not being used + +- nonblocking examples: fix warning about unused tvdiff on Mac OS X + +Daniel Stenberg (24 Mar 2015) +- openssl: fix compiler warnings + +- cofigure: fix --disable-clear-memory check + +Marc Hoersken (23 Mar 2015) +- scp.c: improved command length calculation - Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0068.shtml - Reported by: Matthew Booth + Reduced number of calls to strlen, because shell_quotearg already + returns the length of the resulting string (e.q. quoted path) + which we can add to the existing and known cmd_len. + Removed obsolete call to memset again, because we can put a final + NULL-byte at the end of the string using the calculated length. -- [Steven Dake brought this change] +- scp.c: improved and streamlined formatting - In examples/x11.c, Make sure sizeof passed to read operation is correct +- scp.c: fix that scp_recv may transmit not initialised memory + +- scp.c: fix that scp_send may transmit not initialised memory - sizeof(buf) expands to 8 or 4 (since its a pointer). This variable may - have been static in the past, leading to this error. + Fixes ticket 244. Thanks Torsten. + +- kex: do not ignore failure of libssh2_sha1_init() - Signed-off-by: Steven Dake + Based upon 43b730ce56f010e9d33573fcb020df49798c1ed8. + Fixes ticket 290. Thanks for the suggestion, mstrsn. -- [Steven Dake brought this change] +- wincng.h: fix return code of libssh2_md5_init() - Fix suspicious sizeof usage in examples/x11.c +- openssl.c: fix possible segfault in case EVP_DigestInit fails + +- wincng.c: fix possible use of uninitialized variables + +- wincng.c: fix unused argument warning if clear memory is not enabled + +- wincng: Added explicit clear memory feature to WinCNG backend - In the x11 example, sizeof(buf) = 8UL (on x86_64), when this should - probably represent the buffer size available. I am not sure how to - test that this change is actually correct, however. + This re-introduces the original feature proposed during + the development of the WinCNG crypto backend. It still needs + to be added to libssh2 itself and probably other backends. - Signed-off-by: Steven Dake + Memory is cleared using the function SecureZeroMemory which is + available on Windows systems, just like the WinCNG backend. -- sftp_packet_read: follow-up fix for EAGAIN/window adjust - - The commit in 7194a9bd7ba45 wasn't complete. This change makes sure - variables are initialized properly before used in the EAGAIN and window - adjust cases. +- wincng.c: fixed mixed line-endings -- sftp_packet_add: use named error code instead of number +- wincng.c: fixed use of invalid parameter types in a8d14c5dcf -- sftp_packet_add: verify the packet before accepting it +- wincng.c: only try to load keys corresponding to the algorithm + +- wincng.c: moved PEM headers into definitions + +- wincng.h: fixed invalid parameter name + +- wincng: fixed mismatch with declarations in crypto.h + +- userauth.c: fixed warning C6001: using uninitialized sig and sig_len + +- pem.c: fixed warning C6269: possible incorrect order of operations + +- wincng: add support for authentication keys to be passed in memory - In order to bail out as quickly as possible when things are wrong and - out of sync, make sure the SFTP message is one we understand. + Based upon 18cfec8336e and daa2dfa2db. -- SFTP: preserve the original error code more +- pem.c: add _libssh2_pem_parse_memory to parse PEM from memory - Lots of places in the code translated the original error into the more - generic LIBSSH2_ERROR_SOCKET_TIMEOUT but this turns out to distort the - original error reason a lot and makes tracking down the real origin of a - problem really hard. This change makes the original error code be - preserved to a larger extent when return up to the parent function. + Requirement to implement 18cfec8336e for Libgcrypt and WinCNG. -- sftp_packet_read: adjust window size as necessary +- pem.c: fix copy and paste mistake from 55d030089b8 + +- userauth.c: fix another possible dereference of a null pointer + +- userauth.c: fix possible dereference of a null pointer + +- pem.c: reduce number of calls to strlen in readline + +Alexander Lamaison (17 Mar 2015) +- [Will Cosgrove brought this change] + + Initialise HMAC_CTX in more places. - Commit 03ca9020756 tried to simplify the window sizing logic but broke - SFTP readdir as there was no window sizing code left there so large - directory listings no longer worked. + Missed a couple more places we init ctx to avoid openssl threading crash. + +- Build build breakage in WinCNG backend caused when adding libssh2_userauth_publickey_frommemory. - This change introduces window sizing logic to the sftp_packet_read() - function so that it now tells the remote about the local size having a - window size that suffice when it is about to ask for directory data. + The new feature isn't implemented for the WinCNG backend currently, but the WinCNG backend didn't contain any implementation of the required backend functions - even ones that returns an error. That caused link errors. - Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0069.shtml - Reported by: Eric + This change fixes the problem by providing an implementation of the backend functions that returns an error. -- [Steven Dake brought this change] +- Fix breakage in WinCNG backend caused by introducing libssh2_hmac_ctx_init. + + The macro was defined to nothing for the libgcrypt backend, but not for WinCNG. This brings the latter into line with the former. - Tell C compiler we don't care about return code of libssh2_init +Daniel Stenberg (15 Mar 2015) +- userauth_publickey_frommemory.3: add AVAILABILITY - The call of libssh2_init returns a return code, but nothing could be done - within the _libssh2_init_if_needed execution path. + ... it will be added in 1.6.0 + +- libssh2: next version will be called 1.6.0 - Signed-off-by: Steven Dake + ... since we just added a new function. -- [Steven Dake brought this change] +- docs: add libssh2_userauth_publickey_frommemory.3 to dist + + The function and man page were added in commit 18cfec8336e - Add comment indicating a resource leak is not really a resource leak +- [Jakob Egger brought this change] + + direct_tcpip: Fixed channel write - While possibly obvious to those investigating the code, coverity complains - about this out of scope leak. + There were 3 bugs in this loop: + 1) Started from beginning after partial writes + 2) Aborted when 0 bytes were sent + 3) Ignored LIBSSH2_ERROR_EAGAIN - Signed-off-by: Steven Dake + See also: + https://trac.libssh2.org/ticket/281 + https://trac.libssh2.org/ticket/293 -- [Steven Dake brought this change] +Alexander Lamaison (15 Mar 2015) +- [Will Cosgrove brought this change] - Use safer snprintf rather then sprintf in scp_send() + Must init HMAC_CTX before using it. - Signed-off-by: Steven Dake + Must init ctx before using it or openssl will reuse the hmac which is not thread safe and causes a crash. + Added libssh2_hmac_ctx_init macro. -- [Steven Dake brought this change] +- Add continuous integration configurations. + + Linux-based CI is done by Travis CI. Windows-based CI is done by Appveyor. - Use safer snprintf rather then sprintf in scp_recv() +- [David Calavera brought this change] + + Allow authentication keys to be passed in memory. - While the buffer is indeed allocated to a safe length, better safe then sorry. + All credits go to Joe Turpin, I'm just reaplying and cleaning his patch: + http://www.libssh2.org/mail/libssh2-devel-archive-2012-01/0015.shtml - Signed-off-by: Steven Dake + * Use an unimplemented error for extracting keys from memory with libgcrypt. -- [Steven Dake brought this change] +Daniel Stenberg (14 Mar 2015) +- docs: include the renamed INSTALL* files in dist - use snprintf in knownhost_writeline() rather then sprintf +Alexander Lamaison (13 Mar 2015) +- Prevent collisions between CMake and Autotools in examples/ and tests/. + +- Avoid clash between CMake build and Autotools. - Although the function checks the length, if the code was in error, there - could potentially be a buffer overrun with the use of sprintf. Instead replace - with snprintf. + Autotools expects a configuration template file at src/libssh2_config.h.in, which buildconf generates. But the CMake build system has its CMake-specific version of the file at this path. This means that, if you don't run buildconf, the Autotools build will fail because it configured the wrong header template. - Signed-off-by: Steven Dake - -- [Steven Dake brought this change] + See https://github.com/libssh2/libssh2/pull/8. - Add tracing to print packets left on session at libssh2_session_free +- Merge pull request #8 from alamaison/cmake - Signed-off-by: Steven Dake + CMake build system. -Peter Stuge (2 Mar 2012) -- Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET +- CMake build system. - INVALID_SOCKET is a special value in Windows representing a - non-valid socket identifier. We were #defining this to -1 on - non-Windows platforms, causing unneccessary namespace pollution. - Let's have our own identifier instead. + Tested: + - Windows: + - Visual C++ 2005/2008/2010/2012/2013/MinGW-w64 + - static/shared + - 32/64-bit + - OpenSSL/WinCNG + - Without zlib + - Linux: + - GCC 4.6.3/Clang 3.4 + - static/shared + - 32/64-bit + - OpenSSL/Libgcrypt + - With/Without zlib + - MacOS X + - AppleClang 6.0.0 + - static + - 64-bit + - OpenSSL + - Without zlib - Thanks to Matt Lawson for pointing this out. - -- nw/Makefile.netware: Fix project name typo to avoid needless confusion + Conflicts: + README -- example/x11: Set raw terminal mode manually instead of with cfmakeraw() - - OpenSolaris has no cfmakeraw() so to make the example more portable - we simply do the equivalent operations on struct termios ourselves. - - Thanks to Tom Weber for reporting this problem, and finding a solution. +- Man man syntax tests fail gracefully if man version is not suitable. -Daniel Stenberg (17 Feb 2012) -- sftp_write: cannot return acked data *and* EAGAIN +- Return valid code from test fixture on failure. - Whenever we have acked data and is about to call a function that *MAY* - return EAGAIN we must return the number now and wait to get called - again. Our API only allows data *or* EAGAIN and we must never try to get - both. + The sshd test fixture was returning -1 if an error occurred, but negative error codes aren't technically valid (google it). Bash on Windows converted them to 0 which made setup failure look as though all tests were passing. -Peter Stuge (13 Feb 2012) -- example/x11: Build only when sys/un.h is found by configure - - The example can't be built on systems without AF_UNIX sockets. +- Let mansyntax.sh work regardless of where it is called from. -Daniel Stenberg (10 Feb 2012) -- [Alexander Lamaison brought this change] +Daniel Stenberg (12 Mar 2015) +- [Viktor Szakáts brought this change] - Simplified sftp_read. + mingw build: allow to pass custom CFLAGS - Removed the total_read variable that originally must have tracked how - much data had been written to the buffer. With non-blocking reads, we - must return straight away once we have read data into the buffer so this - variable served not purpose. + Allow to pass custom `CFLAGS` options via environment variable + `LIBSSH2_CFLAG_EXTRAS`. Default and automatically added options of + `GNUmakefile` have preference over custom ones. This addition is useful + for passing f.e. custom CPU tuning or LTO optimization (`-flto + -ffat-lto-objects`) options. The only current way to do this is to edit + `GNUmakefile`. This patch makes it unnecessary. - I think it was still hanging around in case the initial processing of - 'leftover' data meant we wrote to the buffer but this case, like the - others, must return immediately. Now that it does, the last remaining - need for the variable is gone. + This is a mirror of similar libcurl patch: + https://github.com/bagder/curl/pull/136 -- [Alexander Lamaison brought this change] +- [Will Cosgrove brought this change] - Cleaned up sftp_read and added more explanation. + userauth: Fixed prompt text no longer being copied to the prompts struct - Replaced the gotos which were implementing the state machine with - a switch statement which makes the states more explicit. + Regression from 031566f9c -- sftp_read: avoid data *and* EAGAIN +- README: update the git repo locations + +- wait_socket: wrong use of difftime() - Whenever we have data and is about to call a function that *MAY* return - EAGAIN we must return the data now and wait to get called again. Our API - only allows data *or* EAGAIN and we must never try to get both. + With reversed arguments it would always return a negative value... + + Bug: https://github.com/bagder/libssh2/issues/1 -Peter Stuge (2 Feb 2012) -- Add a tcpip-forward example which demonstrates remote port forwarding +- bump: start working toward 1.5.1 now -- libssh2.h: Add missing prototype for libssh2_session_banner_set() +Version 1.5.0 (11 Mar 2015) -- example/subsystem_netconf.c: Return error when read buffer is too small - - Also remove a little redundancy in the read loop condition. +Daniel Stenberg (11 Mar 2015) +- RELEASE-NOTES: 1.5.0 release -- example/subsystem_netconf.c: Add a missing newline in an error message +- [Mariusz Ziulek brought this change] -- Fix undefined reference to _libssh_error in libgcrypt backend + kex: bail out on rubbish in the incoming packet - Commit 209de22299b4b58e582891dfba70f57e1e0492db introduced a function - call to a non-existing function, and since then the libgcrypt backend - has not been buildable. + CVE-2015-1782 + + Bug: http://www.libssh2.org/adv_20150311.html -Version 1.4.0 (31 Jan 2012) +- docs: move INSTALL, AUTHORS, HACKING and TODO to docs/ + + And with this, cleanup README to be shorter and mention the new source + code home. -Daniel Stenberg (31 Jan 2012) -- RELEASE-NOTES: synced with 6bd584d29 for 1.4.0 +- .gitignore: don't ignore INSTALL -- s/1.3.1/1.4.0 +Dan Fandrich (4 Mar 2015) +- examples/x11.c: include sys/select.h for improved portability + +Daniel Stenberg (4 Mar 2015) +- RELEASE-NOTES: synced with a8473c819bc068 - We're bumping the minor number + In preparation for the upcoming 1.5.0 release. -- [Jernej Kovacic brought this change] +Guenter Knauf (8 Jan 2015) +- NetWare build: added some missing exports. - libssh2_session_supported_algs: fix compiler warning +Marc Hoersken (29 Dec 2014) +- knownhost.c: fix use of uninitialized argument variable wrote + + Detected by clang scan in line 1195, column 18. -- [Jernej Kovacic brought this change] +- examples/x11.c: fix result of operation is garbage or undefined + + Fix use of uninitialized structure w_size_bck. + Detected by clang scan in line 386, column 28. - session_supported_algs docs: added an example +- examples/x11.c: remove dead assigments of some return values + + Detected by clang scan in line 212, column 9. + Detected by clang scan in line 222, column 13. + Detected by clang scan in line 410, column 13. -- [Gellule Xg brought this change] +- examples/x11.c: fix possible memory leak if read fails + + Detected by clang scan in line 224, column 21. - sftp-seek: clear EOF flag +- examples/x11.c: fix invalid removal of first list element - Set the EOF flag to False when calling seek64 to be able to get some - data back on a following read + Fix use of memory after it was being freed. + Detected by clang scan in line 56, column 12. -- [Peter Krempa brought this change] +- userauth.c: make sure that sp_len is positive and avoid overflows + + ... if the pointer subtraction of sp1 - pubkey - 1 resulted in a + negative or larger value than pubkey_len, memchr would fail. + + Reported by Coverity CID 89846. - userauth: Provide more informations if ssh pub key extraction fails +- channel.c: remove logically dead code, host cannot be NULL here - If the function that extracts/computes the public key from a private key - fails the errors it reports were masked by the function calling it. This - patch modifies the key extraction function to return errors using - _libssh_error() function. The error messages are tweaked to contain - reference to the failed operaton in addition to the reason. + ... host cannot be NULL in line 525, because it is always + valid (e.g. at least set to "0.0.0.0") after lines 430 and 431. - * AUTHORS: - add my name - * libgcrypt.c: _libssh2_pub_priv_keyfile(): - return a more verbose - error using - _libssh2_error() func. - * openssl.c: - modify call graph of _libssh2_pub_priv_keyfile() to use - _libssh2_error for error reporting(); - * userauth.c: - tweak functions calling _libssh2_pub_priv_keyfile() not - to shadow error messages + Reported by Coverity CID 89807. -- TODO: remove issues we (sort of) did already +- session.c: check return value of session_nonblock during startup + + Reported by Coverity CID 89803. -- ssh2_exec: skip error outputs for EAGAIN +- session.c: check return value of session_nonblock in debug mode - Since the example uses non-blocking mode, it will just flood the output - with this "nonsense" error. + Reported by Coverity CID 89805. -Guenter Knauf (30 Nov 2011) -- Some NetWare makefile tweaks. +- pem.c: fix mixed line-endings introduced with 8670f5da24 -Daniel Stenberg (18 Nov 2011) -- LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 +- pem.c: make sure there's a trailing zero and b64data is not NULL - Some SFTP servers send SFTP packets larger than 40000. Since the limit - is only present to avoid insane sizes anyway, we can easily bump it. + ... if there is no base64 data between PEM header and footer. + Reported by Coverity CID 89823. + +- kex.c: make sure mlist is not set to NULL - The define was formerly in the public header libssh2_sftp.h but served - no external purpose and was moved into the source dir. + ... if the currently unsupported LANG methods are called. + Reported by Coverity CID 89834. + +- packet.c: i < 256 was always true and i would overflow to 0 - Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-11/0004.shtml - Reported by: Michael Harris + Visualize that the 0-termination is intentional, because the array + is later passed to strlen within _libssh2_packet_askv. -Alexander Lamaison (18 Nov 2011) -- [Peter Krempa brought this change] +- silence multiple data conversion warnings - knownhost_check(): Don't dereference ext if NULL is passed - - Documentation for libssh2_knownhost_checkp() and related functions - states that the last argument is filled with data if non-NULL. +Daniel Stenberg (23 Dec 2014) +- agent_connect_unix: make sure there's a trailing zero - "knownhost if set to non-NULL, it must be a pointer to a 'struct - libssh2_knownhost' pointer that gets filled in to point to info about a - known host that matches or partially matches." + ... if the path name was too long. Reported by Coverity CID 89801. + +Marc Hoersken (22 Dec 2014) +- examples on Windows: use native SOCKET-type instead of int - In this function ext is dereferenced even if set to NULL, causing - segfault in applications not needing the extra data. + And check return values accordingly. -Daniel Stenberg (11 Nov 2011) -- [Peter Krempa brought this change] +- userauth.c: improve readability and clarity of for-loops - knownhost_add: Avoid dereferencing uninitialized memory on error path. - - In function knownhost_add, memory is alocated for a new entry. If normal - alocation is used, memory is not initialized to 0 right after, but a - check is done to verify if correct key type is passed. This test is done - BEFORE setting the memory to null, and on the error path function - free_host() is called, that tries to dereference unititialized memory, - resulting into a glibc abort(). +Daniel Stenberg (22 Dec 2014) +- calloc: introduce LIBSSH2_CALLOC() - * knownhost.c - knownhost_add(): - move typemask check before alloc + A simple function using LIBSSH2_ALLOC + memset, since this pattern was + used in multiple places and this simplies code in general. -- windows build: add define to avoid compiler warning - - A recent mingw compiler has started to complain on "#warning Please - include winsock2.h before windows.h" unless the magic define is set - first. - - Reported by: Vincent Torri - Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-10/0064.shtml +Marc Hoersken (15 Dec 2014) +- libssh2_priv.h: Ignore session, context and format parameters -Henrik Nordstrom (31 Oct 2011) -- [Vincent Torri brought this change] +- x11 example: check return value of socket function - Correct Windows include file name case, simplifying cross-compilation - - When cross compiling to Windows, libssh2.h include Windows header files - with upper case filenames : BaseTsd.h and WinSock2.h. +- examples: fixed mixed line-endings introduced with aedfba25b8 + +- wincng.c: explicitly ignore BCrypt*AlgorithmProvider return codes - These files have lowercase names with mingw-w64 (iirc, it's the same with - mingw). And as on Windows, being lowercase or uppercase does not matter. + Fixes VS2012 code analysis warning C6031: + return value ignored: could return unexpected value -Daniel Stenberg (25 Oct 2011) -- [Jernej Kovacic brought this change] +- wincng.c: fix possible invalid memory write access + + Fixes VS2012 code analysis warning C6386: + buffer overrun: accessing 'pbOutput', the writable size is + 'cbOutput' bytes, but '3' bytes may be written: libssh2 wincng.c 610 - libssh2_session_supported_algs: added +- tests on Windows: check for WSAStartup return code + + Fixes VS2012 code analysis warning C6031: + return value ignored: could return unexpected value -- [Kamil Dudka brought this change] +- wincng.c: fix possible NULL pointer de-reference of bignum + + Fixes VS2012 code analysis warning C6011: + dereferencing NULL pointer 'bignum'. libssh2 wincng.c 1567 - example/sftp_RW_nonblock: do not ignore LIBSSH2_ERROR_EAGAIN +- wincng.c: fix possible use of uninitialized memory - Bug: https://bugzilla.redhat.com/745420 + Fixes VS2012 code analysis warning C6001: + using uninitialized memory 'cbDecoded'. libssh2 wincng.c 553 -Peter Stuge (5 Oct 2011) -- example/ssh2_agent: Print host key fingerprint before authentication +- packet.c: fix possible NULL pointer de-reference within listen_state - Also moves the comment about not being authenticated to before the - agent authentication takes place, so that it better matches the code. + Fixes VS2012 code analysis warning C6011: + dereferencing NULL pointer 'listen_state->channel'. libssh2 packet.c 221 -Daniel Stenberg (29 Sep 2011) -- OpenSSL EVP: fix threaded use of structs +- kex.c: fix possible NULL pointer de-reference with session->kex - Make sure we don't clear or reset static structs after first init so - that they work fine even when used from multiple threads. Init the - structs in the global init. + Fixes VS2012 code analysis warning C6011: + dereferencing NULL pointer 'session->kex'. libssh2 kex.c 1761 + +- agent.c: check return code of MapViewOfFile - Help and assistance by: John Engstrom + Fixes VS2012 code analysis warning C6387: 'p+4' may be '0': + this does not adhere to the specification for the function + 'memcpy': libssh2 agent.c 330 - Fixes #229 (again) + Fixes VS2012 code analysis warning C6387: 'p' may be '0': + this does not adhere to the specification for the function + 'UnmapViewOfFile': libssh2 agent.c 333 -- openssl: don't init static structs differently +- examples on Windows: check for socket return code - make_ctr_evp() is changed to take a struct pointer, and then each - _libssh2_EVP_aes_[keylen]_ctr function is made to pass in their own - static struct + Fixes VS2012 code analysis warning C28193: + The variable holds a value that must be examined + +- examples on Windows: check for WSAStartup return code - Reported by: John Engstrom - Fixes #229 + Fixes VS2012 code analysis warning C6031: + return value ignored: could return unexpected value -Guenter Knauf (27 Sep 2011) -- Removed obsolete include path. +Guenter Knauf (11 Dec 2014) +- wincng.c: silent some more gcc compiler warnings. -Daniel Stenberg (21 Sep 2011) -- read_state: clear the state variable better +- wincng.c: silent gcc compiler warnings. + +- Watcom build: added support for WinCNG build. + +- build: updated dependencies in makefiles. + +Daniel Stenberg (4 Dec 2014) +- configure: change LIBS not LDFLAGS when checking for libs - Set read_state back to idle before trying to send anything so that if - the state somehow is wrongly set. + Closes #289 - Also, avoid such a case of confusion by resetting the read_state when an - sftp handle is closed. + Patch-by: maurerpe -- sftp_read: remove leftover fprintf +Guenter Knauf (3 Dec 2014) +- MinGW build: some more GNUMakefile tweaks. - Reported by: Alexander Lamaison - -- sftp.h: fix the #ifdef to prevent multiple inclusions + test/GNUmakefile: added architecture autodetection; added switches to + CFLAGS and RCFLAGS to make sure that the right architecture is used. + Added support to build with WinCNG. -- sftp_read: use a state variable to avoid bad writes +- sftpdir.c: added authentication method detection. - When a channel_write call has gotten an EAGAIN back, we try harder to - continue the same write in the subsequent invoke. + Stuff copied over from ssh2.c to make testing a bit easier. -- window_size: explicit adjustments only - - Removed the automatic window_size adjustments from - _libssh2_channel_read() and instead all channel readers must now make - sure to enlarge the window sizes properly themselves. +- NMake build: fixed LIBS settings. + +- NMake build: added support for WinCNG build. + +- MinGW build: some GNUMakefile tweaks. - libssh2_channel_read_ex() - the public function, now grows the window - size according to the requested buffer size. Applications can still opt - to grow the window more on demand. Larger windows tend to give higher - performance. + Added architecture autodetection; added switches to CFLAGS and + RCFLAGS to make sure that the right architecture is used. + Added support to build with WinCNG. + +- MinGW build: Fixed redefine warnings. + +- Updated copyright year. + +Daniel Stenberg (31 Aug 2014) +- COPYING: bump the copyright year + +Dan Fandrich (28 Jul 2014) +- docs: fixed a bunch of typos + +- docs: added missing libssh2_session_handshake.3 file + +Marc Hoersken (19 May 2014) +- wincng.c: specify the required libraries for dependencies using MSVC - sftp_read() now uses the read-ahead logic to figure out a window_size. + Initially reported by Bob Kast as "for MS VS builds, specify the + libraries that are required so they don't need to go into all + project files that may use this library". Thanks a lot. -- libssh2.h: bump the default window size to 256K +- [Bob Kast brought this change] -- libssh2_userauth_keyboard_interactive.3: fix man warning + windows build: do not export externals from static library - It seemed to occur due to the excessive line length + If you are building a DLL, then you need to explicitly export each + entry point. When building a static library, you should not. + + libssh2 was exporting the entry points whether it was building a DLL or a + static library. To elaborate further, if libssh2 was used as a static + library, which was being linked into a DLL, the libssh2 API would be + exported from that separate DLL. +Daniel Stenberg (19 May 2014) - [Mikhail Gusarov brought this change] - Add missing .gitignore entries + Fix typos in manpages -- [Mikhail Gusarov brought this change] +Marc Hoersken (18 May 2014) +- wincng.c: Fixed memory leak in case of an error during ASN.1 decoding - Add manpage syntax checker to 'check' target +- configure: Display individual crypto backends on separate lines - In virtually every libssh2 release Debian's lintian catches syntax errors in - manpages. Prevent it by checking manpages as a part of testsuite. + This avoids line-wrapping in between parameters and makes the + error message look like the following: + + configure: error: No crypto library found! + Try --with-libssl-prefix=PATH + or --with-libgcrypt-prefix=PATH + or --with-wincng on Windows -- libssh2_banner_set.3: fix nroff syntax mistake +- [Bob Kast brought this change] -Guenter Knauf (10 Sep 2011) -- Use predefined resource compiler macro. + libssh2_priv.h: a 1 bit bit-field should be unsigned + + some compilers may not like this -- Added casts to silent compiler warnings. +- knownhost.c: Fixed warning that pointer targets differ in signedness -- Fixed uint64_t printf. +- wincng.c: Fixed warning about pointer targets differing in signedness -- Fixed macro function signatures. +- tcpip-forward.c: Fixed warning that pointer targets differ in signedness + + libssh2_channel_forward_listen_ex uses ints instead of unsigned ints. -- NetWare makefile tweaks. +- misc.c: Fixed warning about mixed declarations and code -- Removed unused var. +- libgcrypt.h: Fixed warning about pointer targets differing in signedness -- Added 2 samples not mentioned. +- wincng.h: Fixed warning about pointer targets differing in signedness -- Dont build x11 sample with MinGW. +- misc.c: Fixed warning about unused parameter abstract -- Fixed executable file description. +- tcpip-forward.c: Removed unused variables shost, sport and sockopt -- Removed unused var. +- wincng.h: Added forward declarations for all WinCNG functions + + Initially reported by Bob Kast as "Wincng - define function + prototypes for wincng routines". Thanks a lot. + + Also replaced structure definitions with type definitions. -- Kill stupid gcc 3.x uninitialized warning. +- [Bob Kast brought this change] -- Build all examples. + libssh2.h: on Windows, a socket is of type SOCKET, not int -- More MinGW makefile tweaks. +- win32: Added WinCNG targets to generated Visual Studio project - Renamed *.mingw makefiles to GNUmakefile since GNU make picks these - up automatically, and therefore win32/Makefile removed. - -- Removed forgotten WINSOCK_VERSION defines. - -Daniel Stenberg (9 Sep 2011) -- libssh2_session_startup(3) => libssh2_session_handshake(3) + Inspired by Bob Kast's reports, this commit enables the compilation + of libssh2 with WinCNG using the generated Visual Studio project files. + This commit adds WinCNG support to parts of the existing Win32 build + infrastructure, until new build systems, like pre-defined VS project + files or CMake files may be added. - Propagate for the current function in docs and examples. - libssh2_session_startup() is deprecated. + This commit and b20bfeb3e519119a48509a1099c06d65aa7da1d7 raise one + question: How to handle build systems, like VS project files, that + need to include all source files regardless of the desired target, + including all supported crypto backends? For now the mentioned commit + added a check for LIBSSH2_OPENSSL to openssl.c and with this commit + the supported crypto backends are hardcoded within Makefile.am. -- libssh2_banner_set => libssh2_session_banner_get +- libssh2_priv msvc: Removed redundant definition of inline keyword - Marked the old function as deprecated. Added the new name in the correct - name space with the same arguments and functionality. + Initially reported by Bob Kast as "Remove redundant 'inline' define". + Thanks a lot. -- new function: libssh2_session_banner_get +- wincng: Made data parameter to hash update function constant - Returns the banner from the server handshake - - Fixes #226 - -- libssh2.h: bump version to 1.4.0 for new function(s) + Initially reported by Bob Kast as "formal parameter must be const + since it is used in contexts where the actual parameter may be const". + Thanks a lot. -- remove embedded CVS/svn tags +- wincng: fix cross-compilation against the w64 mingw-runtime package -- [liuzl brought this change] +- openssl: Check for LIBSSH2_OPENSSL in order to compile with openssl - API add:libssh2_sftp_get_channel +- wincng: Fixed use of possible uninitialized variable pPaddingInfo - Return the channel of sftp, then caller can - control the channel's behavior. - - Signed-off-by: liuzl + Reported by Bob Kast, thanks a lot. -- _libssh2_channel_read: react on errors from receive_window_adjust - - Previously the function would ignore all errors except for EAGAIN. +- wincng: Added cast for double to unsigned long conversion -- sftp_read: extend and clarify the documentation +- wincng: Cleaned up includes and check NTSTATUS using macro + + Removed header file combination that is not supported on a real + Windows platform and can only be compiled using MinGW. Replaced + custom NTSTATUS return code checks with BCRYPT_SUCCESS macro. -- sftp_read: cap the read ahead maximum amount +Daniel Stenberg (16 Mar 2014) +- userauth_hostbased_fromfile: zero assign to avoid uninitialized use - Now we only go up to LIBSSH2_CHANNEL_WINDOW_DEFAULT*30 bytes SFTP read - ahead, which currently equals 64K*30 == 1966080 bytes. + Detected by clang-analyze -- _libssh2_channel_read: fix non-blocking window adjusting +- channel_receive_window_adjust: store windows size always - If EAGAIN is returned when adjusting the receive window, we must not - read from the transport directly until we've finished the adjusting. + Avoid it sometimes returning without storing it, leaving calling + functions with unknown content! + + Detected by clang-analyzer -Guenter Knauf (8 Sep 2011) -- Fix for systems which need sys/select.h. +- publickey_packet_receive: avoid junk in returned pointers + + clang-analyzer found this risk it would return a non-initialized pointer + in a success case -- The files were not gone but renamed ... +Peter Stuge (16 Mar 2014) +- [Marc Hoersken brought this change] -Daniel Stenberg (6 Sep 2011) -- sftp_read: added documenting comment - - Taken from some recent email conversations I added some descriptions of - the logic in sftp_read() to aid readers. + Added Windows Cryptography API: Next Generation based backend -- 1.3.1: start the work +- [Marc Hoersken brought this change] -Version 1.3.0 (6 Sep 2011) + knownhost.c: fixed that 'key_type_len' may be used uninitialized + + ../src/knownhost.c: In function 'libssh2_knownhost_readline': + ../src/knownhost.c:651:16: warning: 'key_type_len' may be used + uninitialized in this function [-Wmaybe-uninitialized] + rc = knownhost_add(hosts, hostbuf, NULL, + ^ + ../src/knownhost.c:745:12: note: 'key_type_len' was declared here + size_t key_type_len; + ^ -Daniel Stenberg (6 Sep 2011) -- Makefile.am: the Makefile.win32 files are gone +- [Marc Hoersken brought this change] -- RELEASE-NOTES: updated for 1.3.0 + pem.c: always compile pem.c independently of crypto backend -- sftp_read: a short read is not end of file +- Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro - A returned READ packet that is short will now only reduce the - offset. + Commit d512b25f69a1b6778881f6b4b5ff9cfc6023be42 introduced a crypto + library abstraction in the autotools build system, to allow us to more + easily support new crypto libraries. In that process it was found that + all other build system which we support are hard-coded to build with + OpenSSL. Commit f5c1a0d98bd51aeb24aca3d49c7c81dcf8bd858d fixes automake + introduced into non-autotools build systems but still overlooked the + CPP macro saying that we are using OpenSSL. - This is a temporary fix as it is slightly better than the previous - approach but still not very good. + Thanks to Marc Hörsken for identifying this issue and proposing a fix + for win32/{GNUmakefile,config.mk}. This commit uses a slightly different + approach but the end result is the same. -- [liuzl brought this change] +Dan Fandrich (15 Mar 2014) +- channel_close: Close the channel even in the case of errors - _libssh2_packet_add: adjust window size when truncating +- sftp_close_handle: ensure the handle is always closed - When receiving more data than what the window size allows on a - particular channel, make sure that the window size is adjusted in that - case too. Previously it would only adjust the window in the non-error - case. - -Guenter Knauf (29 Aug 2011) -- Silent compiler warning with MinGW64. + Errors are reported on return, but otherwise the close path is + completed as much as possible and the handle is freed on exit. -- Fixed link to native Win32 awk tool. +Alexander Lamaison (6 Mar 2014) +- knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer. + + Commit 85c6627c changed the behaviour of `libssh2_knownhost_writeline` so that it stopped returning the number of bytes needed when the given buffer was too small. Also, the function changed such that is might write to part of the buffer before realising it is too small. + + This commit restores the original behaviour, whilst keeping the unknown-key-type functionality that 85c6627c. Instead of writing to the buffer piecemeal, the length of the various parts is calculated up front and the buffer written only if there is enough space. The calculated necessary size is output in `outlen` regardless of whether the buffer was written to. + + The main use-case for the original behaviour that this commit restores is to allow passing in a NULL buffer to get the actual buffer size needed, before calling the function again with the buffer allocated to the exact size required. -- Renamed MinGW makefiles. +- knownhost: Fix DSS keys being detected as unknown. + + I missing `else` meant ssh-dss format keys were being re-detected as unknown format. -- Some MinGW makefile tweaks. +Dan Fandrich (6 Mar 2014) +- knownhosts: Abort if the hosts buffer is too small - Enable build without GNU tools and with MinGW64 compiler. + This could otherwise cause a match on the wrong host -- Fixed aes_ctr_do_cipher() signature. +- agent_list_identities: Fixed memory leak on OOM -Daniel Stenberg (26 Aug 2011) -- [liuzl brought this change] +- Fixed a few typos - libssh2_sftp_seek64: flush packetlist and buffered data +- userauth: Fixed an attempt to free from stack on error + +- Fixed a few memory leaks in error paths + +- Fixed two potential use-after-frees of the payload buffer - When seeking to a new position, flush the packetlist and buffered data - to prevent already received or pending data to wrongly get used when - sftp-reading from the new offset within the file. + The first might occur if _libssh2_packet_add returns an error, as + fullpacket_state wasn't reset to idle so if it were possible for + fullpacket to be called again, it would return to the same state + handler and re-use the freed p->packet buffer. + + The second could occur if decrypt returned an error, as it freed the + packet buffer but did not clear total_num, meaning that freed buffer + could be written into again later. -- sftp_read: advance offset correctly for buffered copies +Alexander Lamaison (28 Nov 2013) +- Fix missing `_libssh2_error` in `_libssh2_channel_write`. - In the case where a read packet has been received from the server, but - the entire contents couldn't be copied to the user-buffer, the data is - instead buffered and copied to the user's buffer in the next invocation - of sftp_read(). When that "extra" copy is made, the 'offset' pointer was - not advanced accordingly. + In one case, the error code from `_libssh2_transport_read` was being returned from `_libssh2_channel_write` without setting it as the last error by calling `_libssh2_error`. This commit fixes that. - The biggest impact of this flaw was that the 'already' variable at the - top of the function that figures out how much data "ahead" that has - already been asked for would slowly go more and more out of sync, which - could lead to the file not being read all the way to the end. + Found when using a session whose socket had been inadvertently destroyed. The calling code got confused because via `libssh2_session_last_error` it appeared no error had occurred, despite one being returned from the previous function. + +Kamil Dudka (21 Nov 2013) +- [Mark McPherson brought this change] + + openssl: initialise the digest context before calling EVP_DigestInit() - This problem was most noticable in cases where the application would - only try to read the exact file size amount, like curl does. In the - examples libssh2 provides the sftp read function is most often called - with a fixed size large buffer and then the bug would not appear as - easily. + When using the OpenSSL libraries in FIPS mode, the function call + EVP_DigestInit() is actually #defined to FIPS_digestinit(). + Unfortunately wheres EVP_DigestInit() initialises the context and then + calls EVP_DigestInit_ex(), this function assumes that the context has + been pre-initialised and crashes when it isn't. - This bug was introduced in the SFTP rewrite in 1.2.8. + Bug: https://trac.libssh2.org/ticket/279 - Bug: http://curl.haxx.se/mail/lib-2011-08/0305.html - http://www.libssh2.org/mail/libssh2-devel-archive-2011-08/0085.shtml + Fixes #279 -- wrap some long lines < 80 columns +- [Marc Hörsken brought this change] -- LIBSSH2_RECV: fix typo, use the RECV_FD macro + .gitignore: Ignore files like src/libssh2_config.h.in~ -- subsystem_netconf.c: fix compiler warnings +Peter Stuge (13 Nov 2013) +- Move automake conditionals added by commit d512b25f out of Makefile.inc + + Commit d512b25f69a1b6778881f6b4b5ff9cfc6023be42 added automake + conditionals to Makefile.inc but since Makefile.inc is included + from Makefile for all other build systems that does not work. + + This commit instead adds Makefile.OpenSSL.inc and Makefile.libgcrypt.inc + and moves the automake conditional to its proper place, src/Makefile.am. + + The automake conditional includes the correct Makefile.$name.inc per + the crypto library selection/detection done by configure. + + All non-autotools build system files in libssh2 are hardcoded to use + OpenSSL and do not get a conditional but at least there is some reuse + because they can all include the new Makefile.OpenSSL.inc. -- [Henrik Nordstrom brought this change] +Daniel Stenberg (27 Oct 2013) +- [Salvador Fandino brought this change] - Custom callbacks for performing low level socket I/O + Set default window size to 2MB + + The default channel window size used until now was 256KB. This value is + too small and results on a bottleneck on real-life networks where + round-trip delays can easily reach 300ms. + + The issue was not visible because the configured channel window size + was being ignored and a hard-coded value of ~22MB being used instead, + but that was fixed on a previous commit. + + This patch just changes the default window size + (LIBSSH2_CHANNEL_WINDOW_DEFAULT) to 2MB. It is the same value used by + OpenSSH and in our opinion represents a good compromise between memory + used and transfer speed. + + Performance tests were run to determine the optimum value. The details + and related discussion are available from the following thread on the + libssh2 mailing-list: + + http://www.libssh2.org/mail/libssh2-devel-archive-2013-10/0018.shtml + http://article.gmane.org/gmane.network.ssh.libssh2.devel/6543 + + An excerpt follows: + + "I have been running some transfer test and measuring their speed. + + My setup was composed of a quad-core Linux machine running Ubuntu 13.10 + x86_64 with a LXC container inside. The data transfers were performed + from the container to the host (never crossing through a physical + network device). + + Network delays were simulated using the tc tool. And ping was used to + verify that they worked as intended during the tests. + + The operation performed was the equivalent to the following ssh command: + + $ ssh container "dd bs=16K count=8K if=/dev/zero" >/dev/null + + Though, establishment and closing of the SSH connection was excluded + from the timings. + + I run the tests several times transferring files of sizes up to 128MB + and the results were consistent between runs. + + The results corresponding to the 128MB transfer are available here: + + https://docs.google.com/spreadsheet/ccc?key=0Ao1yRmX6PQQzdG5wSFlrZl9HRWNET3ZyN0hnaGo5ZFE&usp=sharing + + It clearly shows that 256KB is too small as the default window size. + Moving to a 512MB generates a great improvement and after the 1MB mark + the returns rapidly diminish. Other factors (TCP window size, probably) + become more limiting than the channel window size + + For comparison I also performed the same transfers using OpenSSH. Its + speed is usually on par with that of libssh2 using a window size of 1MB + (even if it uses a 2MB window, maybe it is less aggressive sending the + window adjust msgs)." + + Signed-off-by: Salvador Fandino -- version bump: start working towards 1.3.0 +- [Salvador brought this change] -Version 1.2.9 (16 Aug 2011) + _libssh2_channel_read: Honour window_size_initial + + _libssh2_channel_read was using an arbitrary hard-coded limit to trigger + the window adjusting code. The adjustment used was also hard-coded and + arbitrary, 15MB actually, which would limit the usability of libssh2 on + systems with little RAM. + + This patch, uses the window_size parameter passed to + libssh2_channel_open_ex (stored as remote.window_size_initial) plus the + buflen as the base for the trigger and the adjustment calculation. + + The memory usage when using the default window size is reduced from 22MB + to 256KB per channel (actually, if compression is used, these numbers + should be incremented by ~50% to account for the errors between the + decompressed packet sizes and the predicted sizes). + + My tests indicate that this change does not impact the performance of + transfers across localhost or a LAN, being it on par with that of + OpenSSH. On the other hand, it will probably slow down transfers on + networks with high bandwidth*delay when the default window size + (LIBSSH2_CHANNEL_WINDOW_DEFAULT=256KB) is used. + + Signed-off-by: Salvador Fandino -Daniel Stenberg (16 Aug 2011) -- RELEASE-NOTES: synced with 95d69d3a81261 +- [Salvador Fandino brought this change] -- [Henrik Nordstrom brought this change] + knownhosts: handle unknown key types + + Store but don't use keys of unsupported types on the known_hosts file. + + Currently, when libssh2 parses a known_host file containing keys of some + type it doesn't natively support, it stops reading the file and returns + an error. + + That means, that the known_host file can not be safely shared with other + software supporting other key types (i.e. OpenSSH). + + This patch adds support for handling keys of unknown type. It can read + and write them, even if they are never going to be matched. + + At the source level the patch does the following things: + + - add a new unknown key type LIBSSH2_KNOWNHOST_KEY_UNKNOWN + + - add a new slot (key_type_name) on the known_host struct that is + used to store the key type in ascii form when it is not supported + + - parse correctly known_hosts entries with unknown key types and + populate the key_type_name slot + + - print correctly known_hosts entries of unknown type + + - when checking a host key ignore keys that do not match the key + + Fixes #276 - Document prototypes for macro defined functions +- windows build: fix build errors + + Fixes various link errors with VS2010 + + Reported-by: "kdekker" + Fixes #272 -- [Henrik Nordstrom brought this change] +- man page: add missing function argument + + for libssh2_userauth_publickey_fromfile_ex() + + Reported-by: "pastey" + + Fixes #262 - Avoid reuse after free when closing X11 channels +- [Salvador brought this change] -- _libssh2_channel_write: handle window_size == 0 better + Fix zlib deflate usage - When about to send data on the channel and the window size is 0, we must - not just return 0 if the transport_read() function returned EAGAIN as it - then causes a busy-loop. + Deflate may return Z_OK even when not all data has been compressed + if the output buffer becomes full. - Bug: http://libssh2.org/mail/libssh2-devel-archive-2011-08/0011.shtml - -- gettimeofday: fix name space pollution + In practice this is very unlikely to happen because the output buffer + size is always some KBs larger than the size of the data passed for + compression from the upper layers and I think that zlib never expands + the data so much, even on the worst cases. - For systems without its own gettimeofday() implementation, we still must - not provide one outside our namespace. + Anyway, this patch plays on the safe side checking that the output + buffer is not exhausted. - Reported by: Bill Segall - -Dan Fandrich (5 Aug 2011) -- libssh2.pc.in: Fixed spelling in pkgconfig file + Signed-off-by: Salvador -Peter Stuge (17 Jul 2011) -- example/subsystem_netconf.c: Add missing #include +- [Salvador brought this change] -- example/subsystem_netconf.c: Discard ]]>]]> and return only XML response + comp_method_zlib_decomp: Improve buffer growing algorithm + + The old algorithm was O(N^2), causing lots and lots of reallocations + when highly compressed data was transferred. + + This patch implements a simpler one that just doubles the buffer size + everytime it is exhausted. It results in O(N) complexity. + + Also a smaller inflate ratio is used to calculate the initial size (x4). + + Signed-off-by: Salvador -- example/subsystem_netconf.c: Fix uninitialized variable bug +- [Salvador brought this change] -- example: Add subsystem_netconf.c + Fix zlib usage - This example demonstrates how to use libssh2 to send a request to - the NETCONF subsystem available e.g. in JunOS. + Data may remain in zlib internal buffers when inflate() returns Z_OK + and avail_out == 0. In that case, inflate has to be called again. - See also http://tools.ietf.org/html/draft-ietf-netconf-ssh-06 + Also, once all the data has been inflated, it returns Z_BUF_ERROR to + signal that the input buffer has been exhausted. + + Until now, the way to detect that a packet payload had been completely + decompressed was to check that no data remained on the input buffer + but that didn't account for the case where data remained on the internal + zlib buffers. + + That resulted in packets not being completely decompressed and the + missing data reappearing on the next packet, though the bug was masked + by the buffer allocation algorithm most of the time and only manifested + when transferring highly compressible data. + + This patch fixes the zlib usage. + + Signed-off-by: Salvador -Daniel Stenberg (16 Jul 2011) -- man page cleanups: non-existing functions need no man pages +- [Salvador brought this change] -- libssh2_new_host_entry.3: removed + _libssh2_channel_read: fix data drop when out of window - This is just junk leftovers. + After filling the read buffer with data from the read queue, when the + window size was too small, "libssh2_channel_receive_window_adjust" was + called to increase it. In non-blocking mode that function could return + EAGAIN and, in that case, the EAGAIN was propagated upwards and the data + already read on the buffer lost. + + The function was also moving between the two read states + "libssh2_NB_state_idle" and "libssh2_NB_state_created" both of which + behave in the same way (excepting a debug statment). + + This commit modifies "_libssh2_channel_read" so that the + "libssh2_channel_receive_window_adjust" call is performed first (when + required) and if everything goes well, then it reads the data from the + queued packets into the read buffer. + + It also removes the useless "libssh2_NB_state_created" read state. + + Some rotted comments have also been updated. + + Signed-off-by: Salvador -- userauth_keyboard_interactive: fix buffer overflow +- [Salvador Fandino brought this change] + + window_size: redid window handling for flow control reasons - Partly reverse 566894494b4972ae12 which was simplifying the code far too - much and ended up overflowing a buffer within the LIBSSH2_SESSION - struct. Back to allocating the buffer properly like it used to do. + Until now, the window size (channel->remote.window_size) was being + updated just after receiving the packet from the transport layer. - Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-06/0032.shtml - Reported by: Alfred Gebert + That behaviour is wrong because the channel queue may grow uncontrolled + when data arrives from the network faster that the upper layer consumes + it. + + This patch adds a new counter, read_avail, which keeps a count of the + bytes available from the packet queue for reading. Also, now the window + size is adjusted when the data is actually read by an upper layer. + + That way, if the upper layer stops reading data, the window will + eventually fill and the remote host will stop sending data. When the + upper layers reads enough data, a window adjust packet is delivered and + the transfer resumes. + + The read_avail counter is used to detect the situation when the remote + server tries to send data surpassing the window size. In that case, the + extra data is discarded. + + Signed-off-by: Salvador -- keyboard-interactive man page: cleaned up +Peter Stuge (15 Sep 2013) +- configure.ac: Call zlib zlib and not libz in text but keep option names -- [Alfred Gebert brought this change] +- configure.ac: Reorder --with-* options in --help output - _libssh2_recv(): handle ENOENT error as EAGAIN - - A sftp session failed with error "failure establishing ssh session" on - Solaris and HP-UX. Sometimes the first recv() function call sets errno - to ENOENT. In the man pages for recv of Solaris and HP-UX the error - ENOENT is not documented. +- configure.ac: Rework crypto library detection - I tested Solaris SPARC and x86, HP-UX i64, AIX, Windows and Linux. + This further simplifies adding new crypto libraries. -- agent_list_identities: fix out of scope access +- Clean up crypto library abstraction in build system and source code - An auto variable out of scope was being referenced and used. + libssh2 used to explicitly check for libgcrypt and default to OpenSSL. - fixes #220 + Now all possible crypto libraries are checked for explicitly, making + the addition of further crypto libraries both simpler and cleaner. -- _libssh2_wait_socket: fix timeouts for poll() uses +- configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib -- windows: inclusion fix +- Revert "Added Windows Cryptography API: Next Generation based backend" - include winsock2.h for all windows compilers + This reverts commit d385230e15715e67796f16f3e65fd899f21a638b. -- keyb-interactive: add the fixed buffer - - Belongs to commit 5668944 +Daniel Stenberg (7 Sep 2013) +- [Leif Salomonsson brought this change] -- code cleanup: don't use C99/c++ comments + sftp_statvfs: fix for servers not supporting statfvs extension - We aim for C89 compliance + Fixes issue arising when server does not support statfvs and or fstatvfs + extensions. sftp_statvfs() and sftp_fstatvfs() after this patch will + handle the case when SSH_FXP_STATUS is returned from server. -- keyb-interactive: allow zero length fields +- [Marc Hoersken brought this change] + + Added Windows Cryptography API: Next Generation based backend + +- [Kamil Dudka brought this change] + + partially revert "window_size: explicit adjustments only" - Allow zero length fields so they don't cause malloc(0) calls + This partially reverts commit 03ca9020756a4e16f0294e5b35e9826ee6af2364 + in order to fix extreme slowdown when uploading to localhost via SFTP. - Avoid free()ing NULL pointers + I was able to repeat the issue on RHEL-7 on localhost only. It did not + occur when uploading via network and it did not occur on a RHEL-6 box + with the same version of libssh2. - Avoid a malloc of a fixed 5 byte buffer. + The problem was that sftp_read() used a read-ahead logic to figure out + the window_size, but sftp_packet_read() called indirectly from + sftp_write() did not use any read-ahead logic. -- libssh2_channel_process_startup.3: clean up +- _libssh2_channel_write: client spins on write when window full - Remove the references to the macro-fied shortcuts as they have their own - individual man pages. + When there's no window to "write to", there's no point in waiting for + the socket to become writable since it most likely just will continue to + be. - Made the prototype different and more readable. + Patch-by: ncm + Fixes #258 -- man page: fix .BR lines +- _libssh2_channel_forward_cancel: avoid memory leaks on error - We don't use \fI etc on .BR lines + Fixes #257 -- userauth_keyboard_interactive: skip code on zero length auth +- _libssh2_packet_add: avoid using uninitialized memory + + In _libssh2_packet_add, called by _libssh2_packet_read, a call to + _libssh2_packet_send that is supposed to send a one-byte message + SSH_MSG_REQUEST_FAILURE would send an uninitialized byte upon re-entry + if its call to _send returns _EAGAIN. + + Fixes #259 -- libssh2_channel_forward_accept.3: mention how to get error +- _libssh2_channel_forward_cancel: accessed struct after free - Since this returns a pointer, libssh2_session_last_errno() must be used - to get the actual error code and it wasn't that clear before. + ... and the assignment was pointless anyway since the struct was about + to be freed. Bug introduced in dde2b094. + + Fixes #268 -- timeout docs: mention they're added in 1.2.9 +Peter Stuge (2 Jun 2013) +- [Marc Hoersken brought this change] -- sftp_write_sliding.c: indent fix - - Use the standard indenting and removed CVS leftover comment + Fixed compilation using mingw-w64 -- [zl liu brought this change] +- [Marc Hoersken brought this change] - sftp_write_sliding: send the complete file + knownhost.c: use LIBSSH2_FREE macro instead of free - When reaching the end of file there can still be data left not sent. + Use LIBSSH2_FREE instead of free since + _libssh2_base64_encode uses LIBSSH2_ALLOC -- [Douglas Masterson brought this change] +Daniel Stenberg (18 May 2013) +- [Matthias Kerestesch brought this change] - session_startup: init state properly + libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET - libssh2_session_startup() didn't set the state correctly so it could get - confused. + ... previously it was left at 0 which is a valid file descriptor! - Fixes #218 - -- timeout: added man pages - -- BLOCK_ADJUST_ERRNO: move rc to right level + Bug: https://trac.libssh2.org/ticket/265 - We can't declare the variable within the block and use it in the final - do-while() expression to be properly portable C89. + Fixes #265 -- [Matt Lilley brought this change] - - adds a timeout to blocking calls +- userauth_password: pass on the underlying error code - Fixes bug #160 as per Daniel's suggestion + _libssh2_packet_requirev() may return different errors and we pass that + to the parent instead of rewriting it. - Adds libssh2_session_set_timeout() and libssh2_session_get_timeout() + Bug: http://libssh2.org/mail/libssh2-devel-archive-2013-04/0029.shtml + Reported by: Cosmin -- SCP: fix incorrect error code - - After an error occurs in libssh2_scp_recv() or libssh2_scp_send(), the - function libssh2_session_last_error() would return - LIBSSH2_ERROR_SOCKET_NONE on error. - - Bug: http://trac.libssh2.org/ticket/216 - Patch by: "littlesavage" - - Fixes #216 +Peter Stuge (9 May 2013) +- [Marc Hoersken brought this change] -Guenter Knauf (19 Apr 2011) -- Updated default (recommended) dependency versions. + libcrypt.c: Fix typo in _libssh2_rsa_sha1_sign() parameter type -Daniel Stenberg (17 Apr 2011) -- libssh2_session_block_directions: fix mistake - - The last LIBSSH2_SESSION_BLOCK_INBOUND should be - LIBSSH2_SESSION_BLOCK_OUTBOUND - - And I shortened the short description +Kamil Dudka (4 May 2013) +- configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS - Reported by: "drswinghead" + Reported by: Quintus + Bug: https://trac.libssh2.org/ticket/261 -- msvcproj: added libs and debug stuff +Guenter Knauf (12 Apr 2013) +- Fixed copyright string for NetWare build. + +Daniel Stenberg (9 Apr 2013) +- [Richard W.M. Jones brought this change] + + sftp: Add support for fsync (OpenSSH extension). - Added libraries needed to link whether using openssl dynamically or - statically + The new libssh2_sftp_fsync API causes data and metadata in the + currently open file to be committed to disk at the server. - Added LIBSSH2DEBUG define to debug versions to enable tracing + This is an OpenSSH extension to the SFTP protocol. See: - URL: http://trac.libssh2.org/ticket/215 - Patch by: Mark Smith + https://bugzilla.mindrot.org/show_bug.cgi?id=1798 -- sftp_write: clean offsets on error - - When an error has occurred on FXP_WRITE, we must make sure that the - offset, sent offset and acked counter are reset properly. +- [Richard W.M. Jones brought this change] -- example/.gitignore: ignore built binaries + sftp: statvfs: Along error path, reset the correct 'state' variable. -- sftp_write: flush the packetlist on error - - When an error occurs during write, flush the entire list of pending - outgoing SFTP packets. +- [Richard W.M. Jones brought this change] -- keepalive: add first basic man pages + sftp: seek: Don't flush buffers on same offset - Someone on IRC pointed out that we don't have these documented so I - wrote up a first set based on the information in the wiki: - http://trac.libssh2.org/wiki/KeepAlive + Signed-off-by: Richard W.M. Jones -- scp_write_nonblock.c: remove pointless check - - libssh2_channel_write() cannot return a value that is larger than the - input length value +Guenter Knauf (9 Feb 2013) +- Updated dependency libs. -Mikhail Gusarov (9 Apr 2011) -- s/\.NF/.nf/ to fix wrong macro name caught by man --warnings +- Fixed tool macro names. -Daniel Stenberg (6 Apr 2011) -- version: bump to 1.2.9_dev - - Also update the copyright year range to include 2011 +Daniel Stenberg (29 Nov 2012) +- [Seth Willits brought this change] -- configure: fix $VERSION + compiler warnings: typecast strlen in macros - Stop using the $VERSION variable as it seems to be magically used by - autoconfig itself and thus gets set to the value set in AC_INIT() - without us wanting that. $LIBSSH2VER is now the libssh2 version as - detected. + ... in macro parameters to avoid compiler warnings about lost precision. - Reported by: Paul Howarth - Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-04/0008.shtml + Several macros in libssh2.h call strlen and pass the result directly to + unsigned int parameters of other functions, which warns about precision + loss because strlen returns size_t which is unsigned long on at least + some platforms (such as OS X). The fix is to simply typecast the + strlen() result to unsigned int. -- maketgz: use git2news.pl by the correct name +- libssh2.h: bump version to 1.4.4-DEV -Version 1.2.8 (4 Apr 2011) +Version 1.4.3 (27 Nov 2012) -Daniel Stenberg (4 Apr 2011) -- RELEASE-NOTES: synced with fabf1a45ee +Daniel Stenberg (27 Nov 2012) +- RELEASE-NOTES: fixed for 1.4.3 -- NEWS: auto-generated from git - - Starting now, the NEWS file is generated from git using the git2news.pl - script. This makes it always accurate and up-to-date, even for daily - snapshots etc. +- sftp_read: return error if a too large package arrives -- sftp_write: handle FXP_WRITE errors +Peter Stuge (13 Nov 2012) +- Only define _libssh2_dsa_*() functions when building with DSA support + +Guenter Knauf (8 Nov 2012) +- Added .def file to output. + +Kamil Dudka (1 Nov 2012) +- libssh2_hostkey_hash.3: update the description of return value - When an sftp server returns an error back on write, make sure the - function bails out and returns the proper error. + The function returns NULL also if the hash algorithm is not available. -- configure: stop using the deprecated AM_INIT_AUTOMAKE syntax +Guenter Knauf (24 Oct 2012) +- Fixed mode acciedently committed. -Alexander Lamaison (13 Mar 2011) -- Support unlimited number of host names in a single line of the known_hosts file. +- Ignore generated file. + +- Added hack to make use of Makefile.inc. - Previously the code assumed either a single host name or a hostname,ip-address pair. However, according to the spec [1], there can be any number of comma separated host names or IP addresses. + This should avoid further maintainance of the objects list. + +- Fixed MSVC NMakefile. - [1] http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8 + Added missing source files; added resource for DLL. -Daniel Stenberg (26 Feb 2011) -- libssh2_knownhost_readfile.3: clarify return value +Kamil Dudka (22 Oct 2012) +- examples: use stderr for messages, stdout for data - This function returns the number of parsed hosts on success, not just - zero as previously documented. + Reported by: Karel Srot + Bug: https://bugzilla.redhat.com/867462 -Peter Stuge (26 Feb 2011) -- Don't save allocated packet size until it has actually been allocated +- openssl: do not leak memory when handling errors - The allocated packet size is internal state which needs to match reality - in order to avoid problems. This commit fixes #211. + ,.. in aes_ctr_init(). Detected by Coverity. -Daniel Stenberg (21 Feb 2011) -- [Alfred Gebert brought this change] +- channel: fix possible NULL dereference + + ... in libssh2_channel_get_exit_signal(). Detected by Coverity. - session_startup: manage server data before server identification +- Revert "aes: the init function fails when OpenSSL has AES support" - Fix the bug that libssh2 could not connect if the sftp server - sends data before sending the version string. + This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864. - http://tools.ietf.org/html/rfc4253#section-4.2 + We need to use the EVP_aes_???_ctr() functions in FIPS mode. + +- crypt: use hard-wired cipher block sizes consistently + +- openssl: do not ignore failure of EVP_CipherInit() + +- kex: do not ignore failure of libssh2_md5_init() - "The server MAY send other lines of data before sending the version - string. Each line SHOULD be terminated by a Carriage Return and Line - Feed. Such lines MUST NOT begin with "SSH-", and SHOULD be encoded - in ISO-10646 UTF-8 [RFC3629] (language is not specified). Clients - MUST be able to process such lines." + The MD5 algorithm is disabled when running in FIPS mode. -- [Alfred Gebert brought this change] +Daniel Stenberg (21 Aug 2012) +- [Peter Krempa brought this change] - fullpacket: decompression only after init + known_hosts: Fail when parsing unknown keys in known_hosts file. - The buffer for the decompression (remote.comp_abstract) is initialised - in time when it is needed. With this fix decompression is disabled when - the buffer (remote.comp_abstract) is not initialised. + libssh2_knownhost_readfile() silently ignored problems when reading keys + in unsupported formats from the known hosts file. When the file is + written again from the internal structures of libssh2 it gets truntcated + to the point where the first unknown key was located. - Bug: http://trac.libssh2.org/ticket/200 + * src/knownhost.c:libssh2_knownhost_readfile() - return error if key + parsing fails -- _libssh2_channel_read: store last error +- AUTHORS: synced with 42fec44c8a4 - When the transport layer returns EAGAIN this function didn't call - _libssh2_error() which made the last_error not get set. + 31 recent authors added -- sftp_write: clarified the comment header +- [Dave Hayden brought this change] -- sftp_read: avoid wrapping counter to insanity - - As pointed out in bug #206, if a second invoke of libssh2_sftp_read() - would shrink the buffer size, libssh2 would go nuts and send out read - requests like crazy. This was due to an unsigned variable turning - "negative" by some wrong math, and that value would be the amount of - data attempt to pre-buffer! + compression: add support for zlib@openssh.com - Bug: http://trac.libssh2.org/ticket/206 + Add a "use_in_auth" flag to the LIBSSH2_COMP_METHOD struct and a + separate "zlib@openssh.com" method, along with checking session->state + for LIBSSH2_STATE_AUTHENTICATED. Appears to work on the OpenSSH servers + I've tried against, and it should work as before with normal zlib + compression. -- sftp_packet_read: use 32bit variables for 32bit data +- [Dmitry Smirnov brought this change] -- libssh2_sftp_stat_ex.3: cleaned up, extended + configure: gcrypt doesn't come with pkg-config support - Removed the macros from it as they have their own man pages. + ... so use plain old -lgcrypt to the linker to link with it. - Added the LIBSSH2_SFTP_ATTRIBUTES struct in here for easier reference. + Fixes #225 -- sftp_readdir: return error if buffer is too small +- sftp_read: Value stored to 'next' is never read - If asked to read data into a buffer and the buffer is too small to hold - the data, this function now returns an error instead of as previously - just copy as much as fits. + Detected by clang-analyzer -- sftp_symlink: return error if receive buffer too small - - and clean up some variable type mismatches +- publickey_init: errors are negative, fix check - Discussion: http://www.libssh2.org/mail/libssh2-devel-archive-2011-01/0001.shtml + Detected by clang-analyzer. -- docs: clarify what happens with a too small buffer - - This flaw is subject to change, but I figured it might be valuable to - users of existing code to know how it works. +- [Maxime Larocque brought this change] -- channel_request_pty_size: fix reqPTY_state + session_free: wrong variable used for keeping state - The state variable isn't properly set so every other call to the - function fails! + If libssh2_session_free is called without the channel being freed + previously by libssh2_channel_free a memory leak could occur. - Bug: http://libssh2.org/mail/libssh2-devel-archive-2010-12/0096.shtml - Reported by: Steve Legg - -- data size: cleanup + A mismatch of states variables in session_free() prevent the call to + libssh2_channel_free function. session->state member is used instead of + session->free_state. - Fix 64bit warnings by using (s)size_t and dedicated uint32_t types more. - -- [Pierre Joye brought this change] - - ssize_t: proper typedef with MSVC compilers + It causes a leak of around 600 bytes on every connection on my systems + (Linux, x64 and PPC). - As discussed on the mailing list, it was wrong for win64 and using the - VC-provided type is the safest approach instead of second- guessing - which one it should be. - -Guenter Knauf (22 Dec 2010) -- Updated OpenSSL version. + (Debugging done under contract for Accedian Networks) + + Fixes #246 -- Expanded tabs to spaces. +Guenter Knauf (29 Jun 2012) +- Small NetWare makefile tweak. -Peter Stuge (21 Dec 2010) -- [Joey Degges brought this change] +- Some small Win32 makefile fixes. - _libssh2_ntohu64: fix conversion from network bytes to uint64 - - Cast individual bytes to uint64 to avoid overflow in arithmetic. +Daniel Stenberg (19 Jun 2012) +- libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL -Daniel Stenberg (20 Dec 2010) -- libssh2_userauth_list: language fix +- comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating - "faily" is not a good English word, and I also cleaned up some other minor - mistakes + When using libssh2 to perform an SFTP file transfer from the "JSCAPE MFT + Server" (http://www.jscape.com) the transfer failed. The default JSCAPE + configuration is to enforce zlib compression on SSH2 sessions so the + session was compressed. The relevant part of the debug trace contained: + + [libssh2] 1.052750 Transport: unhandled zlib error -5 + [libssh2] 1.052750 Failure Event: -29 - decompression failure + + The trace comes from comp_method_zlib_decomp() in comp.c. The "unhandled + zlib error -5" is the status returned from the zlib function + inflate(). The -5 status corresponds to "Z_BUF_ERROR". + + The inflate() function takes a pointer to a z_stream structure and + "inflates" (decompresses) as much as it can. The relevant fields of the + z_stream structure are: + + next_in - pointer to the input buffer containing compressed data + avail_in - the number of bytes available at next_in + next_out - pointer to the output buffer to be filled with uncompressed + data + avail_out - how much space available at next_out + + To decompress data you set up a z_stream struct with the relevant fields + filled in and pass it to inflate(). On return the fields will have been + updated so next_in and avail_in show how much compressed data is yet to + be processed and next_out and avail_out show how much space is left in + the output buffer. + + If the supplied output buffer is too small then on return there will be + compressed data yet to be processed (avail_in != 0) and inflate() will + return Z_OK. In this case the output buffer must be grown, avail_out + updated and inflate() called again. + + If the supplied output buffer was big enough then on return the + compressed data will have been exhausted (avail_in == 0) and inflate() + will return Z_OK, so the data has all been uncompressed. + + There is a corner case where inflate() makes no progress. That is, there + may be unprocessed compressed data and space available in the output + buffer and yet the function does nothing. In this case inflate() will + return Z_BUF_ERROR. From the zlib documentation and the source code it + is not clear under what circumstances this happens. It could be that it + needs to write multiple bytes (all in one go) from its internal state to + the output buffer before processing the next chunk of input but but + can't because there is not enough space (though my guesses as to the + cause are not really relevant). Recovery from Z_BUF_ERROR is pretty + simple - just grow the output buffer, update avail_out and call + inflate() again. + + The comp_method_zlib_decomp() function does not handle the case when + inflate() returns Z_BUF_ERROR. It treats it as a non-recoverable error + and basically aborts the session. + + Fixes #240 -- crypto: unify the generic functions +Guenter Knauf (12 Jun 2012) +- MinGW makefile tweaks. - Added crypto.h that is the unified header to include when using crypto - functionality. It should be the only header that needs to adapt to the - underlying crypto library in use. It provides the set of prototypes that - are library agnostic. + Use GNU tools when compiling on Linux. + Fixed dist and dev targets. -- [Mark Smith brought this change] +- NetWare makefile tweaks. + + Changed to use Windows commandline tools instead of + GNU tools when compiling on Windows. Fixed dist and + dev targets. Enabled nlmconv error for unresolved + symbols. - userauth: derive publickey from private +Daniel Stenberg (11 Jun 2012) +- Revert "config.rpath: generated file, no need to keep in git" - Pass a NULL pointer for the publickey parameter of - libssh2_userauth_publickey_fromfile and - libssh2_userauth_hostbased_fromfile functions. In this case, the - functions recompute the public key from the private key file data. + This reverts commit 1ac7bd09cc685755577fb2c8829adcd081e7ab3c. - This is work done by Jean-Louis CHARTON - , then adapted by Mark Smith and - slightly edited further by me Daniel. + This file still used by lib/*m4 functions so we need to keep the file + around. + +- BINDINGS: added PySsh2, a Python-ctypes binding + +Guenter Knauf (8 Jun 2012) +- Fixed MinGW debug build. + +Daniel Stenberg (5 Jun 2012) +- BINDINGS: Added the Cocoa/Objective-C one - WARNING: this does leave the feature NOT WORKING when libssh2 is built - to use libgcrypt instead of OpenSSL simply due to lack of - implementation. + ... and sorted the bindings after the languages, alphabetically + + Reported by: Mike Abdullah -- ssh2_echo: Value stored to 'exitcode' is never read +- BINDINGS: document the bindings we know of -- _libssh2_packet_add: fix SSH_MSG_DEBUG weirdness +Guenter Knauf (4 Jun 2012) +- Fixed LIBSSH2_INT64_T_FORMAT macro. - I believe I may have caused this weird typo style error when I cleaned - up this function a while ago. Corrected now. + Usually a format macro should hold the whole format, otherwise + it should be named a prefix. Also fixed usage of this macro in + scp.c for a signed var where it was used as prefix for unsigned. -- uint32: more longs converted to proper types +- Removed obsolete define from makefiles. + +- Renamed NetWare makefiles. + +- Renamed NetWare makefiles. + +- Synced MinGW makefiles with 56c64a6..39e438f. - I also moved the MAC struct over to the mac.h header file and made sure - that the users of that struct include that file. + Also synced MinGW test makefile with b092696..f8cb874. -- SFTP: more types to uint32_t +Peter Stuge (30 May 2012) +- Revert "sftp: Don't send attrs.permissions on read-only SSH_FXP_OPEN" - The 'num_names' field in the SSH_FXP_NAME response is an unsigned 32bit - value so we make sure to treat it like that. + This reverts commit 04e79e0c798674a0796be8a55f63dd92e6877790. -- SFTP: request_ids are uint32_t +- sftp: Don't send attrs.permissions on read-only SSH_FXP_OPEN - I went over the code and made sure we use uint32_t all over for the - request_id data. It is an unsigned 32bit value on the wire. + This works around a protocol violation in the ProFTPD 1.3.4 mod_sftp + server, as reported by Will Cosgrove in: + + http://libssh2.org/mail/libssh2-devel-archive-2012-05/0079.shtml + + Based on a suggested fix by TJ Saunders in: + + http://libssh2.org/mail/libssh2-devel-archive-2012-05/0104.shtml -- SFTP: store request_id separately in packets +Guenter Knauf (28 May 2012) +- Try to detect OpenSSL build type automatically. - By using a new separate struct for incoming SFTP packets and not sharing - the generic packet struct, we can get rid of an unused field and add a - new one dedicated for holding the request_id for the incoming - package. As sftp_packet_ask() is called fairly often, a "mere" integer - comparison is MUCH faster than the previous memcmp() of (typically) 5 - bytes. + Also fixed recently added libgdi32 linkage which is only + required when OpenSSL libs are linked statically. -- libssh2_sftp_open_ex: man page extended and cleaned up +Daniel Stenberg (25 May 2012) +- config.rpath: generated file, no need to keep in git + +Guenter Knauf (22 May 2012) +- Updated dependency libary versions. + +Daniel Stenberg (18 May 2012) +- 1.4.3: towards the future + +Version 1.4.2 (18 May 2012) + +Daniel Stenberg (18 May 2012) +- RELEASE-NOTES: synced with 92a9f952794 + +Alexander Lamaison (15 May 2012) +- win32/libssh2_config.h: Remove hardcoded #define LIBSSH2_HAVE_ZLIB. - I added the missing documentation for the 'flags' argument. + Rationale: Everything else in this file states a fact about the win32 + platform that is unconditional for that platform. There is nothing + unconditional about the presence of zlib. It is neither included with + Windows nor with the platform SDK. Therefore, this is not an appropriate + place to assert its presence. Especially as, once asserted, it cannot be + overridden using a compiler flag. + + In contrast, if it is omitted, then it can easily be reasserted by adding + a compiler flag defining LIBSSH2_HAVE_ZLIB. -- SFTP: unify the READ/WRITE chunk structs +Daniel Stenberg (14 May 2012) +- RELEASE-NOTES: synced with 69a3354467c -- SFTP: fix memory leaks +- _libssh2_packet_add: SSH_MSG_CHANNEL_REQUEST default to want_reply - Make sure that we cleanup remainders when the handle is closed and when - the subsystem is shutdown. + RFC4254 says the default 'want_reply' is TRUE but the code defaulted to + FALSE. Now changed. - Existing flaw: if a single handle sends packets that haven't been - replied to yet at the time when the handle is closed, those packets will - arrive later and end up in the generic packet brigade queue and they - will remain in there until flushed. They will use unnecessary memory, - make things slower and they will ruin the SFTP handling if the - request_id counter ever wraps (highly unlikely to every happen). + Fixes #233 -- sftp_close_handle: packet list is generic +- gettimeofday: no need for a replacement under cygwin - Fix comment, simplify the loop logic + Fixes #224 -- sftp_read: pipeline reads +Alexander Lamaison (13 May 2012) +- Prevent sftp_packet_read accessing freed memory. - The SFTP read function now does transfers the same way the SFTP write - function was made to recently: it creates a list of many outgoing - FXP_READ packets that each asks for a small data chunk. The code then - tries to keep sending read request while collecting the acks for the - previous requests and returns the received data. + sftp_packet_add takes ownership of the packet passed to it and (now that we + handle zombies) might free the packet. sftp_packet_read uses the packet type + byte as its return code but by this point sftp_packet_add might have freed + it. This change fixes the problem by caching the packet type before calling + sftp_packet_add. + + I don't understand why sftp_packet_read uses the packet type as its return + code. A future change might get rid of this entirely. + +Daniel Stenberg (12 May 2012) +- sftp_packet_flush: flush zombies too + + As this function is called when the SFTP session is closed, it needs to + also kill all zombies left in the SFTP session to avoid leaking memory + just in case some zombie would still be in there. + +- sftp_packetlist_flush: zombies must not have responses already + + When flushing the packetlist, we must only add the request as a zombie + if no response has already been received. Otherwise we could wrongly + make it a zombie even though the response was already received and then + we'd get a zombie stuck there "forever"... + +- sftp_read: on EOF remove packet before flush + + Since the sftp_packetlist_flush() function will move all the existing + FXP_READ requests in this handle to the zombie list we must first remove + this just received packet as it is clearly not a zombie. + +- sftp_packet_require: sftp_packet_read() returning 0 is not an error + + Exactly as the comment in the code said, checking the return code from + sftp_packet_read() with <= was wrong and it should be < 0. With the new + filtering on incoming packets that are "zombies" we can now see this + getting zero returned. + +- sftp_packetlist_flush: only make it zombie if it was sent + + The list of outgoing packets may also contain packets that never were + sent off and we better not make them zombies too. + +- [Alexander Lamaison brought this change] + + Mark outstanding read requests after EOF as zombies. + + In order to be fast, sftp_read sends many read requests at once. With a small + file, this can mean that when EOF is received back, many of these requests are + still outstanding. Responses arriving after we close the file and abandon the + file handle are queued in the SFTP packet queue and never collected. This + causes transfer speed to drop as a progressively longer queue must be searched + for every packet. + + This change introduces a zombie request-ID list in the SFTP session that is + used to recognise these outstanding requests and prevent them being added to + the queue. + +Peter Stuge (23 Apr 2012) +- [Rafael Kitover brought this change] + + Update win32/GNUmakefile to use OpenSSL 1.0.1a + + libcrypto on win32 now depends on gdi32.dll, so move the OpenSSL LDLIBS + block to before the compiler definitions, so that libcrypto gets added + first, and then add -lgdi32 into the following common LDLIBS for gcc. + +Guenter Knauf (23 Apr 2012) +- Changed 'Requires' to 'Requires.private'. + + Only static builds need to link against the crypto libs. + +- Fixed 'Requires:' names. + + The 'Requires:' line lists the names of the .pc files. + +- Added 'Requires:' line to libssh2.pc. + + This is necessary so that other libs which lookup libssh2 info + via pkg-config can add the right crypto lib dependencies. + +- Updated dependency lib versions. + +Peter Stuge (18 Apr 2012) +- configure.ac: Add option to disable build of the example applications + + Examples are built by default. Any of the following options on the + configure command line will skip building them: + + --disable-examples-build + --enable-examples-build=no + --enable-examples-build=false + +- userauth.c: fread() from public key file to correctly detect any errors + + If the filename parameter for file_read_publickey() was the name of a + directory instead of a file then libssh2 would spin trying to fgetc() + from the FILE * for the opened directory when trying to determine the + length of the encoded public key, since fgetc() can't report errors. + + Use fread() instead to correctly detect this error condition along + with many others. + + This fixes the problem reported in + http://www.libssh2.org/mail/libssh2-devel-archive-2012-04/0021.shtml + + Reported-by: Oleksiy Zagorskyi + +- Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner + +Guenter Knauf (17 Apr 2012) +- Fixed copyright year. + +- Updated dependency lib versions in static makefiles. + +Daniel Stenberg (6 Apr 2012) +- version: bump to 1.4.2 + + We're on the 1.4.2 track now (at least) + +Version 1.4.1 (4 Apr 2012) + +Daniel Stenberg (4 Apr 2012) +- RELEASE-NOTES: updated for 1.4.1 release + +- always do "forced" window updates + + When calling _libssh2_channel_receive_window_adjust() internally, we now + always use the 'force' option to prevent libssh2 to avoid sending the + update if the update isn't big enough. + + It isn't fully analyzed but we have seen corner cases which made a + necessary window update not get send due to this and then the other side + doesn't send data our side then sits waiting for forever. + +- channel_read: force window adjusts! + + if there's not enough room to receive the data that's being requested, + the window adjustment needs to be sent to the remote and thus the force + option has to be used. _libssh2_channel_receive_window_adjust() would + otherwise "queue" small window adjustments for a later packet but that + is really terribly for the small buffer read that for example is the + final little piece of a very large file as then there is no logical next + packet! + + Reported by: Armen Babakhanian + Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0130.shtml + +- [Paul Howarth brought this change] + + aes: the init function fails when OpenSSL has AES support + + The internal init function only worked fine when the configure script + didn't detect the OpenSSL AES_CTR function! + + Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml + Reported by: Paul Howarth + +- [Matthew Booth brought this change] + + transport_send: Finish in-progress key exchange before sending data + + _libssh2_channel_write() first reads outstanding packets before writing + new data. If it reads a key exchange request, it will immediately start + key re-exchange, which will require sending a response. If the output + socket is full, this will result in a return from + _libssh2_transport_read() of LIBSSH2_ERROR_EAGAIN. In order not to block + a write because there is no data to read, this error is explicitly + ignored and the code continues marshalling a packet for sending. When it + is sent, the remote end immediately drops the connection because it was + expecting a continuation of the key exchange, but got a data packet. + + This change adds the same check for key exchange to + _libssh2_transport_send() that is in _libssh2_transport_read(). This + ensures that key exchange is completed before any data packet is sent. + +- channel_write: acknowledge transport errors + + When draining data off the socket with _libssh2_transport_read() (which + in turn has to be done so that we can be sure to have read any possible + window-increasing packets), this code previously ignored errors which + could lead to nasty loops. Now all error codes except EAGAIN will cause + the error to be returned at once. + + Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0068.shtml + Reported by: Matthew Booth -- sftp_write: removed unused variable +- [Steven Dake brought this change] -- _libssh2_channel_close: don't call transport read if disconnected + In examples/x11.c, Make sure sizeof passed to read operation is correct - The loop that waits for remote.close to get set may end up looping - forever since session->socket_state gets set to - LIBSSH2_SOCKET_DISCONNECTED by the packet_add() function called from the - transport_read() function and after having been set to - LIBSSH2_SOCKET_DISCONNECTED, the transport_read() function will only - return 0. + sizeof(buf) expands to 8 or 4 (since its a pointer). This variable may + have been static in the past, leading to this error. - Bug: http://trac.libssh2.org/ticket/198 + Signed-off-by: Steven Dake -- libssh2_sftp_seek64: new man page - - Split off libssh2_sftp_seek64 from the libssh2_sftp_seek man page, and - mentioned that we consider the latter deprecated. Also added a mention - about the dangers of doing seek during writing or reading. +- [Steven Dake brought this change] -- sftp_seek: fix - - The new SFTP write code caused a regression as the seek function no - longer worked as it didn't set the write position properly. + Fix suspicious sizeof usage in examples/x11.c - It should be noted that seeking is STRONGLY PROHIBITED during upload, as - the upload magic uses two different offset positions and the multiple - outstanding packets etc make them sensitive to change in the midst of - operations. + In the x11 example, sizeof(buf) = 8UL (on x86_64), when this should + probably represent the buffer size available. I am not sure how to + test that this change is actually correct, however. - This functionality was just verified with the new example code - sftp_append. This bug was filed as bug #202: + Signed-off-by: Steven Dake + +- sftp_packet_read: follow-up fix for EAGAIN/window adjust - Bug: http://trac.libssh2.org/ticket/202 + The commit in 7194a9bd7ba45 wasn't complete. This change makes sure + variables are initialized properly before used in the EAGAIN and window + adjust cases. -- sftp_append: new example doing SFTP append +- sftp_packet_add: use named error code instead of number -- MAX_SFTP_OUTGOING_SIZE: 30000 - - I ran SFTP upload tests against localhost. It showed that to make the - app reach really good speeds, I needed to do a little code tweak and - change MAX_SFTP_OUTGOING_SIZE from 4000 to 30000. The tests I did before - with the high latency tests didn't show any real difference whatever I - had that size set to. +- sftp_packet_add: verify the packet before accepting it - This number is the size in bytes that libssh2 cuts off the large input - buffer and sends off as an individual sftp packet. + In order to bail out as quickly as possible when things are wrong and + out of sync, make sure the SFTP message is one we understand. -- sftp_write_sliding.c: new example +- SFTP: preserve the original error code more - This is an example that is very similar to sftp_write_nonblock.c, with - the exception that this uses + Lots of places in the code translated the original error into the more + generic LIBSSH2_ERROR_SOCKET_TIMEOUT but this turns out to distort the + original error reason a lot and makes tracking down the real origin of a + problem really hard. This change makes the original error code be + preserved to a larger extent when return up to the parent function. + +- sftp_packet_read: adjust window size as necessary - 1 - a larger upload buffer + Commit 03ca9020756 tried to simplify the window sizing logic but broke + SFTP readdir as there was no window sizing code left there so large + directory listings no longer worked. - 2 - a sliding buffer mechnism to allow the app to keep sending lots of - data to libssh2 without having to first drain the buffer. + This change introduces window sizing logic to the sftp_packet_read() + function so that it now tells the remote about the local size having a + window size that suffice when it is about to ask for directory data. - These are two key issues to make libssh2 SFTP uploads really perform - well at this point in time. + Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0069.shtml + Reported by: Eric -- cpp: s/#elsif/#elif - - This looks like a typo as #elsif is not really C... +- [Steven Dake brought this change] -- _libssh2_channel_write: revert channel_write() use - - The attempts made to have _libssh2_channel_write() accept larger pieces - of data and split up the data by itself into 32700 byte chunks and pass - them on to channel_write() in a loop as a way to do faster operations on - larger data blocks was a failed attempt. - - The reason why it is difficult: + Tell C compiler we don't care about return code of libssh2_init - The API only allows EAGAIN or a length to be returned. When looping over - multiple blocks to get sent, one block can get sent and the next might - not. And yet: when transport_send() has returned EAGAIN we must not call - it again with new data until it has returned OK on the existing data it - is still working on. This makes it a mess and we do get a much easier - job by simply returning the bytes or EAGAIN at once, as in the EAGAIN - case we can assume that we will be called with the same arguments again - and transport_send() will be happy. + The call of libssh2_init returns a return code, but nothing could be done + within the _libssh2_init_if_needed execution path. - Unfortunately, I think we take a small performance hit by not being able - to do this. + Signed-off-by: Steven Dake -- ssh2_echo: new example - - This is a new example snippet. The code is largely based on ssh2_exec, - and is written by Tommy Lindgren. I edited it into C90 compliance and to - conform to libssh2 indent style and some more. +- [Steven Dake brought this change] -- send_existing: return after send_existing + Add comment indicating a resource leak is not really a resource leak - When a piece of data is sent from the send_existing() function we must - make the parent function return afterwards. Otherwise we risk that the - parent function tries to send more data and ends up getting an EGAIN for - that more data and since it can only return one return code it doesn't - return info for the successfully sent data. + While possibly obvious to those investigating the code, coverity complains + about this out of scope leak. - As this change is a regression I now added a larger comment explaining - why it has to work like this. + Signed-off-by: Steven Dake -- _libssh2_channel_write: count resent data as written +- [Steven Dake brought this change] + + Use safer snprintf rather then sprintf in scp_send() - In the logic that resends data that was kept for that purpose due to a - previous EAGAIN, the data was not counted as sent causing badness. + Signed-off-by: Steven Dake -Peter Stuge (13 Nov 2010) -- Use fprintf(stderr, ) instead of write(2, ) for debugging +- [Steven Dake brought this change] -- session/transport: Correctly handle when _libssh2_send() returns -EAGAIN + Use safer snprintf rather then sprintf in scp_recv() + + While the buffer is indeed allocated to a safe length, better safe then sorry. + + Signed-off-by: Steven Dake -- src/agent.c: Simplify _libssh2_send() error checking ever so slightly +- [Steven Dake brought this change] -Daniel Stenberg (12 Nov 2010) -- send/recv: use _libssh2_recv and _libssh2_send now + use snprintf in knownhost_writeline() rather then sprintf - Starting now, we unconditionally use the internal replacement functions - for send() and recv() - creatively named _libssh2_recv() and - _libssh2_send(). + Although the function checks the length, if the code was in error, there + could potentially be a buffer overrun with the use of sprintf. Instead replace + with snprintf. - On errors, these functions return the negative 'errno' value instead of - the traditional -1. This design allows systems that have no "natural" - errno support to not have to invent it. It also means that no code - outside of these two transfer functions should use the errno variable. + Signed-off-by: Steven Dake -- channel_write: move some logic to _libssh2_channel_write - - Some checks are better done in _libssh2_channel_write just once per - write instead of in channel_write() since the looping will call the - latter function multiple times per _libssh2_channel_write() invoke. +- [Steven Dake brought this change] -- sftp_write: handle "left over" acked data - - The SFTP handle struct now buffers number of acked bytes that haven't - yet been returned. The way this is used is as following: + Add tracing to print packets left on session at libssh2_session_free - 1. sftp_write() gets called with a buffer of let say size 32000. We - split 32000 into 8 smaller packets and send them off one by one. One of - them gets acked before the function returns so 4000 is returned. + Signed-off-by: Steven Dake + +Peter Stuge (2 Mar 2012) +- Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET - 2. sftp_write() gets called again a short while after the previous one, - now with a much smaller size passed in to the function. Lets say 8000. - In the mean-time, all of the remaining packets from the previous call - have been acked (7*4000 = 28000). This function then returns 8000 as all - data passed in are already sent and it can't return any more than what - it got passed in. But we have 28000 bytes acked. We now store the - remaining 20000 in the handle->u.file.acked struct field to add up in - the next call. + INVALID_SOCKET is a special value in Windows representing a + non-valid socket identifier. We were #defining this to -1 on + non-Windows platforms, causing unneccessary namespace pollution. + Let's have our own identifier instead. - 3. sftp_write() gets called again, and now there's a backlogged 20000 - bytes to return as fine and that will get skipped from the beginning - of the buffer that is passed in. + Thanks to Matt Lawson for pointing this out. -- sftp_write: polished and simplified +- nw/Makefile.netware: Fix project name typo to avoid needless confusion + +- example/x11: Set raw terminal mode manually instead of with cfmakeraw() - Removed unnecessary struct fields and state changes within the function. + OpenSolaris has no cfmakeraw() so to make the example more portable + we simply do the equivalent operations on struct termios ourselves. - Made the loop that checks for ACKs only check chunks that were fully - sent. + Thanks to Tom Weber for reporting this problem, and finding a solution. -- SCP: on failure, show the numerical error reason +Daniel Stenberg (17 Feb 2012) +- sftp_write: cannot return acked data *and* EAGAIN - By calling libssh2_session_last_errno() - -- SFTP: provide the numerical error reason on failure + Whenever we have acked data and is about to call a function that *MAY* + return EAGAIN we must return the number now and wait to get called + again. Our API only allows data *or* EAGAIN and we must never try to get + both. -- SCP: clean up failure treatment +Peter Stuge (13 Feb 2012) +- example/x11: Build only when sys/un.h is found by configure - When SCP send or recv fails, it gets a special message from the server - with a warning or error message included. We have no current API to - expose that message but the foundation is there. Removed unnecessary use - of session struct fields. + The example can't be built on systems without AF_UNIX sockets. -- sftp_write: enlarge buffer to perform better +Daniel Stenberg (10 Feb 2012) +- [Alexander Lamaison brought this change] -- packets: code cleanup + Simplified sftp_read. - I added size checks in several places. I fixed the code flow to be easier - to read in some places. + Removed the total_read variable that originally must have tracked how + much data had been written to the buffer. With non-blocking reads, we + must return straight away once we have read data into the buffer so this + variable served not purpose. - I removed unnecessary zeroing of structs. I removed unused struct fields. - -- LIBSSH2_CALLBACK_MACERROR: clarify return code use - -- _libssh2_userauth_publickey: avoid shadowing - -- packet: avoid shadowing global symbols - -- sftp_readdir: avoid shadowing - -- shadowing: don't shadow the global compress - -- _libssh2_packet_add: turn ifs into a single switch - -- _libssh2_packet_add: check SSH_MSG_GLOBAL_REQUEST packet + I think it was still hanging around in case the initial processing of + 'leftover' data meant we wrote to the buffer but this case, like the + others, must return immediately. Now that it does, the last remaining + need for the variable is gone. -- _libssh2_packet_add: SSH_MSG_DEBUG length checks - - Verify lengths before using them. Read always_display from the correct - index. Don't copy stuff around just to provide zero-termination of the - strings. +- [Alexander Lamaison brought this change] -- _libssh2_packet_add: SSH_MSG_IGNORE skip memmove + Cleaned up sftp_read and added more explanation. - There's no promise of a zero termination of the data in the callback so - no longer perform ugly operation in order to provide it. + Replaced the gotos which were implementing the state machine with + a switch statement which makes the states more explicit. -- _libssh2_packet_add: SSH_MSG_DISCONNECT length checks +- sftp_read: avoid data *and* EAGAIN - Verify lengths before trying to read data. + Whenever we have data and is about to call a function that *MAY* return + EAGAIN we must return the data now and wait to get called again. Our API + only allows data *or* EAGAIN and we must never try to get both. -- indent: break lines at 80 columns +Peter Stuge (2 Feb 2012) +- Add a tcpip-forward example which demonstrates remote port forwarding -- SSH_MSG_CHANNEL_OPEN_FAILURE: used defined values - - We don't like magic numbers in the code. Now the acceptable failure - codes sent in the SSH_MSG_CHANNEL_OPEN_FAILURE message are added as - defined values in the private header file. +- libssh2.h: Add missing prototype for libssh2_session_banner_set() -- sftp_write: don't return EAGAIN if no EAGAIN was received +- example/subsystem_netconf.c: Return error when read buffer is too small - This function now only returns EAGAIN if a lower layer actually returned - EAGAIN to it. If nothing was acked and no EAGAIN was received, it will - now instead return 0. + Also remove a little redundancy in the read loop condition. -- _libssh2_wait_socket: detect nothing-to-wait-for - - If _libssh2_wait_socket() gets called but there's no direction set to - wait for, this causes a "hang". This code now detects this situation, - set a 1 second timeout instead and outputs a debug output about it. +- example/subsystem_netconf.c: Add a missing newline in an error message -- decomp: remove the free_dest argument +- Fix undefined reference to _libssh_error in libgcrypt backend - Since the decompress function ALWAYS returns allocated memory we get a - lot simpler code by removing the ability to return data unallocated. + Commit 209de22299b4b58e582891dfba70f57e1e0492db introduced a function + call to a non-existing function, and since then the libgcrypt backend + has not been buildable. -- decomp: cleaned off old compression stuff +Version 1.4.0 (31 Jan 2012) + +Daniel Stenberg (31 Jan 2012) +- RELEASE-NOTES: synced with 6bd584d29 for 1.4.0 + +- s/1.3.1/1.4.0 - I cleared off legacy code from when the compression and decompression - functions were a single unified function. Makes the code easier to read - too. + We're bumping the minor number -- [TJ Saunders brought this change] +- [Jernej Kovacic brought this change] - decomp: increase decompression buffer sizes + libssh2_session_supported_algs: fix compiler warning -- [TJ Saunders brought this change] +- [Jernej Kovacic brought this change] - zlib: Add debug tracing of zlib errors + session_supported_algs docs: added an example -- sftp_packet_read: handle partial reads of the length field +- [Gellule Xg brought this change] + + sftp-seek: clear EOF flag - SFTP packets come as [32 bit length][payload] and the code didn't - previously handle that the initial 32 bit field was read only partially - when it was read. + Set the EOF flag to False when calling seek64 to be able to get some + data back on a following read -- [Jasmeet Bagga brought this change] +- [Peter Krempa brought this change] - kex_agree_hostkey: fix NULL pointer derefence + userauth: Provide more informations if ssh pub key extraction fails - While setting up the session, ssh tries to determine the type of - encryption method it can use for the session. This requires looking at - the keys offered by the remote host and comparing these with the methods - supported by libssh2 (rsa & dss). To do this there is an iteration over - the array containing the methods supported by libssh2. + If the function that extracts/computes the public key from a private key + fails the errors it reports were masked by the function calling it. This + patch modifies the key extraction function to return errors using + _libssh_error() function. The error messages are tweaked to contain + reference to the failed operaton in addition to the reason. - If there is no agreement on the type of encryption we come to the 3rd - entry of the hostkeyp array. Here hostkeyp is valid but *hostkep is - NULL. Thus when we dereference that in (*hostkeyp)->name there is a - crash + * AUTHORS: - add my name + * libgcrypt.c: _libssh2_pub_priv_keyfile(): - return a more verbose + error using + _libssh2_error() func. + * openssl.c: - modify call graph of _libssh2_pub_priv_keyfile() to use + _libssh2_error for error reporting(); + * userauth.c: - tweak functions calling _libssh2_pub_priv_keyfile() not + to shadow error messages -- _libssh2_transport_send: remove dead assignment - - 'data' isn't accessed beyond this point so there's no need to assign it. +- TODO: remove issues we (sort of) did already -- scp_recv: remove dead assignment +- ssh2_exec: skip error outputs for EAGAIN - Instead of assigning a variable we won't read, we now use the more - explicit (void) prefix. - -- sftp_write: removed superfluous assignment + Since the example uses non-blocking mode, it will just flood the output + with this "nonsense" error. -- bugfix: avoid use of uninitialized value +Guenter Knauf (30 Nov 2011) +- Some NetWare makefile tweaks. -- sftp_packet_require: propagate error codes better +Daniel Stenberg (18 Nov 2011) +- LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 - There were some chances that they would cause -1 to get returned by - public functions and as we're hunting down all such occurances and since - the underlying functions do return valuable information the code now - passes back proper return codes better. - -- [Alfred Gebert brought this change] + Some SFTP servers send SFTP packets larger than 40000. Since the limit + is only present to avoid insane sizes anyway, we can easily bump it. + + The define was formerly in the public header libssh2_sftp.h but served + no external purpose and was moved into the source dir. + + Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-11/0004.shtml + Reported by: Michael Harris - fix memory leaks (two times cipher_data) for each sftp session +Alexander Lamaison (18 Nov 2011) +- [Peter Krempa brought this change] -- libssh2_userauth_authenticated: make it work as documented + knownhost_check(): Don't dereference ext if NULL is passed - The man page clearly says it returns 1 for "already authenticated" but - the code said non-zero. I changed the code to use 1 now, as that is also - non-zero but it gets the benefit that it now matches the documentation. + Documentation for libssh2_knownhost_checkp() and related functions + states that the last argument is filled with data if non-NULL. - Using 1 instead of non-zero is better for two reasons: + "knownhost if set to non-NULL, it must be a pointer to a 'struct + libssh2_knownhost' pointer that gets filled in to point to info about a + known host that matches or partially matches." - 1. We have the opportunity to introduce other return codes in the future for - things like error and what not. - 2. We don't expose the internal bitmask variable value. + In this function ext is dereferenced even if set to NULL, causing + segfault in applications not needing the extra data. -- userauth_keyboard_interactive: fix indent +Daniel Stenberg (11 Nov 2011) +- [Peter Krempa brought this change] -- [Alfred Gebert brought this change] + knownhost_add: Avoid dereferencing uninitialized memory on error path. + + In function knownhost_add, memory is alocated for a new entry. If normal + alocation is used, memory is not initialized to 0 right after, but a + check is done to verify if correct key type is passed. This test is done + BEFORE setting the memory to null, and on the error path function + free_host() is called, that tries to dereference unititialized memory, + resulting into a glibc abort(). + + * knownhost.c - knownhost_add(): - move typemask check before alloc - fix memory leak in userauth_keyboard_interactive() +- windows build: add define to avoid compiler warning - First I wanted to free the memory in session_free() but then - I had still memory leaks because in my test case the function - userauth_keyboard_interactive() is called twice. It is called - twice perhaps because the server has this authentication - methods available: publickey,gssapi-with-mic,keyboard-interactive - The keyboard-interactive method is successful. + A recent mingw compiler has started to complain on "#warning Please + include winsock2.h before windows.h" unless the magic define is set + first. + + Reported by: Vincent Torri + Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-10/0064.shtml -- dist: include sftp.h in dist archives +Henrik Nordstrom (31 Oct 2011) +- [Vincent Torri brought this change] -Simon Josefsson (27 Oct 2010) -- Update header to match new function prototype, see c48840ba88. + Correct Windows include file name case, simplifying cross-compilation + + When cross compiling to Windows, libssh2.h include Windows header files + with upper case filenames : BaseTsd.h and WinSock2.h. + + These files have lowercase names with mingw-w64 (iirc, it's the same with + mingw). And as on Windows, being lowercase or uppercase does not matter. -Daniel Stenberg (26 Oct 2010) -- bugfixes: the transport rearrange left some subtle flaws now gone +Daniel Stenberg (25 Oct 2011) +- [Jernej Kovacic brought this change] -- libssh2_userauth_publickey_fromfile_ex.3: cleaned up looks + libssh2_session_supported_algs: added -- libssh2_userauth_publickey: add man page - - I found an undocumented public function and we can't have it like - that. The description here is incomplete, but should serve as a template - to allow filling in... +- [Kamil Dudka brought this change] -- libssh2_sftp_write.3: added blurb about the "write ahead" + example/sftp_RW_nonblock: do not ignore LIBSSH2_ERROR_EAGAIN - Documented the new SFTP write concept - -- sftp_close_handle: free any trailing write chunks + Bug: https://bugzilla.redhat.com/745420 -- _libssh2_channel_write: fix warnings +Peter Stuge (5 Oct 2011) +- example/ssh2_agent: Print host key fingerprint before authentication + + Also moves the comment about not being authenticated to before the + agent authentication takes place, so that it better matches the code. -- SFTP: bufgix, move more sftp stuff to sftp.h +Daniel Stenberg (29 Sep 2011) +- OpenSSL EVP: fix threaded use of structs - The sftp_write function shouldn't assume that the buffer pointer will be - the same in subsequent calls, even if it assumes that the data already - passed in before haven't changed. + Make sure we don't clear or reset static structs after first init so + that they work fine even when used from multiple threads. Init the + structs in the global init. - The sftp structs are now moved to sftp.h (which I forgot to add before) + Help and assistance by: John Engstrom + + Fixes #229 (again) -- SFTP: use multiple outgoing packets when writing +- openssl: don't init static structs differently - sftp_write was rewritten to split up outgoing data into multiple packets - and deal with the acks in a more asynchronous manner. This is meant to - help overcome latency and round-trip problems with the SFTP protocol. + make_ctr_evp() is changed to take a struct pointer, and then each + _libssh2_EVP_aes_[keylen]_ctr function is made to pass in their own + static struct + + Reported by: John Engstrom + Fixes #229 -- TODO: implemented a lot of the ideas now +Guenter Knauf (27 Sep 2011) +- Removed obsolete include path. -- _libssh2_channel_write: removed 32500 size limit +Daniel Stenberg (21 Sep 2011) +- read_state: clear the state variable better - Neither _libssh2_channel_write nor sftp_write now have the 32500 size - limit anymore and instead the channel writing function now has its own - logic to send data in multiple calls until everything is sent. + Set read_state back to idle before trying to send anything so that if + the state somehow is wrongly set. + + Also, avoid such a case of confusion by resetting the read_state when an + sftp handle is closed. -- send_existing: don't tell parent to return when drained +- sftp_read: remove leftover fprintf - That will just cause unnecessary code execution. + Reported by: Alexander Lamaison + +- sftp.h: fix the #ifdef to prevent multiple inclusions + +- sftp_read: use a state variable to avoid bad writes + + When a channel_write call has gotten an EAGAIN back, we try harder to + continue the same write in the subsequent invoke. -- _libssh2_channel_write: general code cleanup +- window_size: explicit adjustments only - simplified the function and removed some unused struct fields - -- _libssh2_transport_send: replaces _libssh2_transport_write + Removed the automatic window_size adjustments from + _libssh2_channel_read() and instead all channel readers must now make + sure to enlarge the window sizes properly themselves. - The new function takes two data areas, combines them and sends them as a - single SSH packet. This allows several functions to allocate and copy - less data. + libssh2_channel_read_ex() - the public function, now grows the window + size according to the requested buffer size. Applications can still opt + to grow the window more on demand. Larger windows tend to give higher + performance. - I also found and fixed a mixed up use of the compression function - arguments that I introduced in my rewrite in a recent commit. + sftp_read() now uses the read-ahead logic to figure out a window_size. -- scp_write_nonblock: use select() instead of busyloop +- libssh2.h: bump the default window size to 256K + +- libssh2_userauth_keyboard_interactive.3: fix man warning - Make this example nicer by not busylooping. + It seemed to occur due to the excessive line length -- send_existing: clear olen when the data is sent off +- [Mikhail Gusarov brought this change] -- _libssh2_transport_write: allow 256 extra bytes around the packet + Add missing .gitignore entries -- _libssh2_transport_write: remade to send without malloc +- [Mikhail Gusarov brought this change] -- compress: compression disabled by default + Add manpage syntax checker to 'check' target - We now allow libssh2_session_flag() to enable compression with a new - flag and I added documentation for the previous LIBSSH2_FLAG_SIGPIPE - flag which I wasn't really aware of! + In virtually every libssh2 release Debian's lintian catches syntax errors in + manpages. Prevent it by checking manpages as a part of testsuite. -- comp: split the compress function - - It is now made into two separate compress and decompress functions. In - preparation for upcoming further modficications. +- libssh2_banner_set.3: fix nroff syntax mistake -Dan Fandrich (20 Oct 2010) -- Added header file to allow compiling in older environments +Guenter Knauf (10 Sep 2011) +- Use predefined resource compiler macro. -Daniel Stenberg (20 Oct 2010) -- TODO: add a possible new API for SFTP transfers +- Added casts to silent compiler warnings. -- TODO: "New Transport API" added +- Fixed uint64_t printf. -- TODO: add buffering plans +- Fixed macro function signatures. -Simon Josefsson (13 Oct 2010) -- Mention libssh2_channel_get_exit_signal and give kudos. +- NetWare makefile tweaks. -- [Tommy Lindgren brought this change] +- Removed unused var. - Add libssh2_channel_get_exit_signal man page. - - Signed-off-by: Simon Josefsson +- Added 2 samples not mentioned. -- [Tommy Lindgren brought this change] +- Dont build x11 sample with MinGW. - Add libssh2_channel_get_exit_signal. - - Signed-off-by: Simon Josefsson +- Fixed executable file description. -- Add libssh2_free man page and fix typo. +- Removed unused var. -- Add libssh2_free. +- Kill stupid gcc 3.x uninitialized warning. -Daniel Stenberg (11 Oct 2010) -- scp_recv: improved treatment of channel_read() returning zero +- Build all examples. + +- More MinGW makefile tweaks. - As a zero return code from channel_read() is not an error we must make - sure that the SCP functions deal with that properly. channel_read() - always returns 0 if the channel is EOFed already so we check for EOF - after 0-reads to be able to return error properly. + Renamed *.mingw makefiles to GNUmakefile since GNU make picks these + up automatically, and therefore win32/Makefile removed. -- libssh2_session_methods.3: detail what can be asked for +- Removed forgotten WINSOCK_VERSION defines. -- compression: send zlib before none +Daniel Stenberg (9 Sep 2011) +- libssh2_session_startup(3) => libssh2_session_handshake(3) - As the list of algorithms in a preferred order we should send zlib - before none to increase the chances that the server will let us do - compression. + Propagate for the current function in docs and examples. + libssh2_session_startup() is deprecated. -- compress: faster check, better return codes - - In the transport functions we avoid a strcmp() now and just check a - boolean instead. +- libssh2_banner_set => libssh2_session_banner_get - The compress/decompress function's return code is now acknowledged and - used as actual return code in case of failures. + Marked the old function as deprecated. Added the new name in the correct + name space with the same arguments and functionality. -- libssh2_session_handshake: replaces libssh2_session_startup() +- new function: libssh2_session_banner_get - The function libssh2_session_startup() is now considered deprecated due - to the portability issue with the socket argument. - libssh2_session_handshake() is the name of the replacement. - -- libssh2_socket_t: now externally visible + Returns the banner from the server handshake - In preparation for upcominig changes, the libssh2_socket_t type is now - typedef'ed in the public header. + Fixes #226 -- _libssh2_transport_drain: removed - - This function proved not to be used nor useful. +- libssh2.h: bump version to 1.4.0 for new function(s) -- _libssh2_channel_write: don't iterate over transport writes +- remove embedded CVS/svn tags + +- [liuzl brought this change] + + API add:libssh2_sftp_get_channel - When a call to _libssh2_transport_write() succeeds, we must return from - _libssh2_channel_write() to allow the caller to provide the next chunk - of data. + Return the channel of sftp, then caller can + control the channel's behavior. - We cannot move on to send the next piece of data that may already have - been provided in this same function call, as we risk getting EAGAIN for - that and we can't return information both about sent data as well as - EAGAIN. So, by returning short now, the caller will call this function - again with new data to send. - -- _libssh2_transport_write: updated documentation blurb + Signed-off-by: liuzl -- _libssh2_transport_write: remove fprintf remainder +- _libssh2_channel_read: react on errors from receive_window_adjust - Mistake from previous debugging + Previously the function would ignore all errors except for EAGAIN. -- session: improved errors +- sftp_read: extend and clarify the documentation + +- sftp_read: cap the read ahead maximum amount - Replaced -1/SOCKET_NONE errors with appropriate error defines instead. + Now we only go up to LIBSSH2_CHANNEL_WINDOW_DEFAULT*30 bytes SFTP read + ahead, which currently equals 64K*30 == 1966080 bytes. + +- _libssh2_channel_read: fix non-blocking window adjusting - Made the verbose trace output during banner receiving less annoying for - non-blocking sessions. + If EAGAIN is returned when adjusting the receive window, we must not + read from the transport directly until we've finished the adjusting. -- crypt_init: use correct error define +Guenter Knauf (8 Sep 2011) +- Fix for systems which need sys/select.h. -- _libssh2_error: hide EAGAIN for non-blocking sessions +- The files were not gone but renamed ... + +Daniel Stenberg (6 Sep 2011) +- sftp_read: added documenting comment - In an attempt to make the trace output less cluttered for non-blocking - sessions the error function now avoids calling the debug function if the - error is the EAGAIN and the session is non-blocking. + Taken from some recent email conversations I added some descriptions of + the logic in sftp_read() to aid readers. -- agent: use better error defines +- 1.3.1: start the work -- comp_method_zlib_init: use correct error defines +Version 1.3.0 (6 Sep 2011) -- transport: better error codes - - LIBSSH2_SOCKET_NONE (-1) should no longer be used as error code as it is - (too) generic and we should instead use specific and dedicated error - codes to better describe the error. +Daniel Stenberg (6 Sep 2011) +- Makefile.am: the Makefile.win32 files are gone -- channel: return code and _libssh2_error cleanup - - Made sure that all transport_write() call failures get _libssh2_error - called. +- RELEASE-NOTES: updated for 1.3.0 -- _libssh2_channel_write: limit to 32700 bytes +- sftp_read: a short read is not end of file - The well known and used ssh server Dropbear has a maximum SSH packet - length at 32768 by default. Since the libssh2 design current have a - fixed one-to-one mapping from channel_write() to the packet size created - by transport_write() the previous limit of 32768 in the channel layer - caused the transport layer to create larger packets than 32768 at times - which Dropbear rejected forcibly (by closing the connection). + A returned READ packet that is short will now only reduce the + offset. - The long term fix is of course to remove the hard relation between the - outgoing SSH packet size and what the input length argument is in the - transport_write() function call. + This is a temporary fix as it is slightly better than the previous + approach but still not very good. -- libssh.h: add more dedicated error codes +- [liuzl brought this change] -- SCP: allow file names with bytes > 126 - - When parsing the SCP protocol and verifying that the data looks like a - valid file name, byte values over 126 must not be consider illegal since - UTF-8 file names will use such codes. + _libssh2_packet_add: adjust window size when truncating - Reported by: Uli Zappe - Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2010-08/0112.shtml + When receiving more data than what the window size allows on a + particular channel, make sure that the window size is adjusted in that + case too. Previously it would only adjust the window in the non-error + case. -Dan Fandrich (25 Aug 2010) -- Document the three sftp stat constants +Guenter Knauf (29 Aug 2011) +- Silent compiler warning with MinGW64. -Guenter Knauf (18 Aug 2010) -- Fixed Win32 makefile which was now broken at resource build. +- Fixed link to native Win32 awk tool. -- It is sufficient to pipe stderr to NUL to get rid of the nasty messages. +- Renamed MinGW makefiles. -- [Author: Guenter Knauf brought this change] +- Some MinGW makefile tweaks. + + Enable build without GNU tools and with MinGW64 compiler. - Removed Win32 ifdef completely for sys/uio.h. +- Fixed aes_ctr_do_cipher() signature. + +Daniel Stenberg (26 Aug 2011) +- [liuzl brought this change] + + libssh2_sftp_seek64: flush packetlist and buffered data + + When seeking to a new position, flush the packetlist and buffered data + to prevent already received or pending data to wrongly get used when + sftp-reading from the new offset within the file. + +- sftp_read: advance offset correctly for buffered copies + + In the case where a read packet has been received from the server, but + the entire contents couldn't be copied to the user-buffer, the data is + instead buffered and copied to the user's buffer in the next invocation + of sftp_read(). When that "extra" copy is made, the 'offset' pointer was + not advanced accordingly. + + The biggest impact of this flaw was that the 'already' variable at the + top of the function that figures out how much data "ahead" that has + already been asked for would slowly go more and more out of sync, which + could lead to the file not being read all the way to the end. + + This problem was most noticable in cases where the application would + only try to read the exact file size amount, like curl does. In the + examples libssh2 provides the sftp read function is most often called + with a fixed size large buffer and then the bug would not appear as + easily. + + This bug was introduced in the SFTP rewrite in 1.2.8. - No idea why we had this ifdef at all but MSVC, MingW32, Watcom - and Borland all have no sys/uio.h header; so if there's another - Win32 compiler which needs it then it should be added explicitely - instead of this negative list. + Bug: http://curl.haxx.se/mail/lib-2011-08/0305.html + http://www.libssh2.org/mail/libssh2-devel-archive-2011-08/0085.shtml -- New files should also be added to Makefile.am. - - Otherwise they will never be included with release and snapshot tarballs ... +- wrap some long lines < 80 columns -Daniel Stenberg (18 Aug 2010) -- version: bump to 1.2.8_DEV +- LIBSSH2_RECV: fix typo, use the RECV_FD macro -Version 1.2.7 (17 Aug 2010) +- subsystem_netconf.c: fix compiler warnings -Daniel Stenberg (17 Aug 2010) -- release: updated to hold 1.2.7 info +- [Henrik Nordstrom brought this change] -Guenter Knauf (17 Aug 2010) -- Use the new libssh2.rc file. + Custom callbacks for performing low level socket I/O -- Added resource file for libssh2.dll (shamelessly stolen from libcurl). +- version bump: start working towards 1.3.0 -- Updated Win32 MSVC dependencies versions. +Version 1.2.9 (16 Aug 2011) -- Added include for sys/select.h to get fd.set on some platforms. +Daniel Stenberg (16 Aug 2011) +- RELEASE-NOTES: synced with 95d69d3a81261 -- Added Watcom makefile borrowed from libcurl. - - This makefile compiles already all files fine for static lib, but needs - final touch when I have OpenSSL fully working with shared libs and Watcom. +- [Henrik Nordstrom brought this change] -- Added copyright define to libssh2.h and use it for binary builds. + Document prototypes for macro defined functions -- Moved version defines up in order to include from .rc file. - - Blocked rest of header with ifndef so its possible to let - the rc compiler only use the version defines. +- [Henrik Nordstrom brought this change] -- Some minor makefile tweaks. + Avoid reuse after free when closing X11 channels -Daniel Stenberg (2 Aug 2010) -- example: treat the libssh2_channel_read() return code properly +- _libssh2_channel_write: handle window_size == 0 better - A short read is not an error. Only negative values are errors! - -- libssh2_wait_socket: reset error code to "leak" EAGAIN less + When about to send data on the channel and the window size is 0, we must + not just return 0 if the transport_read() function returned EAGAIN as it + then causes a busy-loop. - Since libssh2 often sets LIBSSH2_ERROR_EAGAIN internally before - _libssh2_wait_socket is called, we can decrease some amount of - confusion in user programs by resetting the error code in this function - to reduce the risk of EAGAIN being stored as error when a blocking - function returns. + Bug: http://libssh2.org/mail/libssh2-devel-archive-2011-08/0011.shtml -- _libssh2_wait_socket: poll needs milliseconds +- gettimeofday: fix name space pollution - As reported on the mailing list, the code path using poll() should - multiple seconds with 1000 to get milliseconds, not divide! + For systems without its own gettimeofday() implementation, we still must + not provide one outside our namespace. - Reported by: Jan Van Boghout + Reported by: Bill Segall -- typedef: make ssize_t get typedef without LIBSSH2_WIN32 - - The condition around the ssize_t typedef depended on both LIBSSH2_WIN32 - *and* _MSC_VER being defined when it should be enough to depend on - _MSC_VER only. It also makes it nicer so libssh2-using code builds fine - without having custom defines. +Dan Fandrich (5 Aug 2011) +- libssh2.pc.in: Fixed spelling in pkgconfig file -- [John Little brought this change] +Peter Stuge (17 Jul 2011) +- example/subsystem_netconf.c: Add missing #include - session_free: free more data to avoid memory leaks +- example/subsystem_netconf.c: Discard ]]>]]> and return only XML response -- channel_free: ignore problems with channel_close() - - As was pointed out in bug #182, we must not return failure from - _libssh2_channel_free() when _libssh2_channel_close() returns an error - that isn't EAGAIN. It can effectively cause the function to never go - through, like it did now in the case where the socket was actually - closed but socket_state still said LIBSSH2_SOCKET_CONNECTED. - - I consider this fix the right thing as it now also survives other - errors, even if making sure socket_state isn't lying is also a good - idea. +- example/subsystem_netconf.c: Fix uninitialized variable bug -- publickey_list_free: no return value from a void function +- example: Add subsystem_netconf.c - Fixed a compiler warning I introduced previously when checking input - arguments more. I also added a check for the other pointer to avoid NULL - pointer dereferences. - -- [Lars Nordin brought this change] - - openssl: make use of the EVP interface + This example demonstrates how to use libssh2 to send a request to + the NETCONF subsystem available e.g. in JunOS. - Make use of the EVP interface for the AES-funktion. Using this method - supports the use of different ENGINES in OpenSSL for the AES function - (and the direct call to the AES_encrypt should not be used according to - openssl.org) + See also http://tools.ietf.org/html/draft-ietf-netconf-ssh-06 -Peter Stuge (23 Jun 2010) -- [Tor Arntsen brought this change] +Daniel Stenberg (16 Jul 2011) +- man page cleanups: non-existing functions need no man pages - Don't overflow MD5 server hostkey +- libssh2_new_host_entry.3: removed - Use SHA_DIGEST_LENGTH and MD5_DIGEST_LENGTH in memcpy instead of hardcoded - values. An incorrect value was used for MD5. + This is just junk leftovers. -- Fix message length bugs in libssh2_debug() +- userauth_keyboard_interactive: fix buffer overflow - There was a buffer overflow waiting to happen when a debug message was - longer than 1536 bytes. + Partly reverse 566894494b4972ae12 which was simplifying the code far too + much and ended up overflowing a buffer within the LIBSSH2_SESSION + struct. Back to allocating the buffer properly like it used to do. - Thanks to Daniel who spotted that there was a problem with the message - length passed to a trace handler also after commit - 0f0652a3093111fc7dac0205fdcf8d02bf16e89f. + Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-06/0032.shtml + Reported by: Alfred Gebert -- Make libssh2_debug() create a correctly terminated string - - Also use FILE *stderr rather than fd 2, which can very well be something - completely different. +- keyboard-interactive man page: cleaned up -Daniel Stenberg (23 Jun 2010) -- [TJ Saunders brought this change] +- [Alfred Gebert brought this change] - handshake: Compression enabled at the wrong time - - In KEXINIT messages, the client and server agree on, among other - things, whether to use compression. This method agreement occurs - in src/kex.c's kex_agree_methods() function. However, if - compression is enabled (either client->server, server->client, or - both), then the compression layer is initialized in - kex_agree_methods() -- before NEWKEYS has been received. - - Instead, the initialization of the compression layer should - happen after NEWKEYS has been received. This looks to occur - insrc/kex.c's diffie_hellman_sha1(), which even has the comment: - - /* The first key exchange has been performed, + _libssh2_recv(): handle ENOENT error as EAGAIN - switch to active crypt/comp/mac mode */ + A sftp session failed with error "failure establishing ssh session" on + Solaris and HP-UX. Sometimes the first recv() function call sets errno + to ENOENT. In the man pages for recv of Solaris and HP-UX the error + ENOENT is not documented. - There, after NEWKEYS is received, the cipher and mac algorithms - are initialized, and that is where the compression should be - initialized as well. + I tested Solaris SPARC and x86, HP-UX i64, AIX, Windows and Linux. + +- agent_list_identities: fix out of scope access - The current implementation fails if server->client compression is - enabled because most server implementations follow OpenSSH's - lead, where compression is initialized after NEWKEYS. Since the - server initializes compression after NEWKEYS, but libssh2 - initializes compression after KEXINIT (i.e. before NEWKEYS), they - are out of sync. + An auto variable out of scope was being referenced and used. - Reported in bug report #180 + fixes #220 -- [TJ Saunders brought this change] +- _libssh2_wait_socket: fix timeouts for poll() uses - userauth_hostbased_fromfile: packet length too short - - The packet length calculated in src/userauth.c's - userauth_hostbased_fromfile() function is too short by 4 bytes; - it forgets to add four bytes for the length of the hostname. - This causes hostbased authentication to fail, since the server - will read junk data. +- windows: inclusion fix - verified against proftpd's mod_sftp module + include winsock2.h for all windows compilers -- _libssh2_userauth_publickey: reject method names longer than the data - - This functions get the method length by looking at the first 32 - bit of data, and I now made it not accept method lengths that are - longer than the whole data set is, as given in the dedicated - function argument. +- keyb-interactive: add the fixed buffer - This was detected when the function was given bogus public key - data as an ascii string, which caused the first 32bits to create - a HUGE number. + Belongs to commit 5668944 -- NULL resistance: make more public functions survive NULL pointer input +- code cleanup: don't use C99/c++ comments - Sending in NULL as the primary pointer is now dealt with by more - public functions. I also narrowed the userauth.c code somewhat to - stay within 80 columns better. + We aim for C89 compliance -- agent: make libssh2_agent_userauth() work blocking properly +- keyb-interactive: allow zero length fields - previously it would always work in a non-blocking manner - -Peter Stuge (17 Jun 2010) -- Fix underscore typo for 64-bit printf format specifiers on Windows + Allow zero length fields so they don't cause malloc(0) calls - Commit 49ddf447ff4bd80285f926eac0115f4e595f9425 was missing underscores. - -Daniel Stenberg (16 Jun 2010) -- libssh2_session_callback_set: extended the man page - -- [John brought this change] + Avoid free()ing NULL pointers + + Avoid a malloc of a fixed 5 byte buffer. - LIBSSH2_DEBUG: macro uses incorrect function variable +- libssh2_channel_process_startup.3: clean up - The LIBSSH2_DEBUG macro, defined in libssh2_priv.h, incorrectly uses the - function variable ssh_msg_disconnect when it should use ssh_msg_debug. + Remove the references to the macro-fied shortcuts as they have their own + individual man pages. - This shows that the LIBSSH2_CALLBACK_DEBUG callback never has worked... + Made the prototype different and more readable. -- warning: fix a compiler warning 'pointer differs in signedness' +- man page: fix .BR lines - As reported in bug #177 + We don't use \fI etc on .BR lines -- portability: introduce LIBSSH2_INT64_T_FORMAT for 64bit printf()s +- userauth_keyboard_interactive: skip code on zero length auth + +- libssh2_channel_forward_accept.3: mention how to get error - As pointed out in bug #177, some of the Windows compilers use - %I64 to output 64 bit variables with the printf family. + Since this returns a pointer, libssh2_session_last_errno() must be used + to get the actual error code and it wasn't that clear before. -- debug: avoid sending NULL to sprintf %s +- timeout docs: mention they're added in 1.2.9 + +- sftp_write_sliding.c: indent fix - Via the _libssh2_debug() macro/function. Pointed out by john in bug report + Use the standard indenting and removed CVS leftover comment -- sftp docs: show macro on macro page, only function on function page +- [zl liu brought this change] + + sftp_write_sliding: send the complete file - The individual man pages for macros now show the full convenience - macro as defined, and then the man page for the actual function - only shows the function. + When reaching the end of file there can still be data left not sent. -- code police: make the code use less than 80 columns +- [Douglas Masterson brought this change] -- libssh2_channel_write_ex: remove macros, added wording on buffer size + session_startup: init state properly + + libssh2_session_startup() didn't set the state correctly so it could get + confused. + + Fixes #218 -- libssh2_sftp_write: document buffer size and changed some ordering +- timeout: added man pages -- libssh2_channel_write_stderr: show how the macro is defined +- BLOCK_ADJUST_ERRNO: move rc to right level + + We can't declare the variable within the block and use it in the final + do-while() expression to be properly portable C89. -- libssh2_channel_write: show how the macro is defined +- [Matt Lilley brought this change] -- SFTP: limit write() to not produce overly large packets + adds a timeout to blocking calls - sftp_write() now limits how much data it gets at a time even more - than before. Since this function creates a complete outgoing - packet based on what gets passed to it, it is crucial that it - doesn't create too large packets. + Fixes bug #160 as per Daniel's suggestion - With this method, there's also no longer any problem to use very - large buffers in your application and feed that to libssh2. I've - done numerous tests now with uploading data over SFTP using 100K - buffers and I've had no problems with that. + Adds libssh2_session_set_timeout() and libssh2_session_get_timeout() -- scp_write_nonblock: add transfer time info +- SCP: fix incorrect error code - Using the same timing logic and output format as - sftp_write_nonblock allows us to very easily run benchmarks on - SCP vs SFTP uploads using libssh2. + After an error occurs in libssh2_scp_recv() or libssh2_scp_send(), the + function libssh2_session_last_error() would return + LIBSSH2_ERROR_SOCKET_NONE on error. + + Bug: http://trac.libssh2.org/ticket/216 + Patch by: "littlesavage" + + Fixes #216 -- sftp_write_nonblock: select() on socket, use *BIG* buffer, time transfer +Guenter Knauf (19 Apr 2011) +- Updated default (recommended) dependency versions. + +Daniel Stenberg (17 Apr 2011) +- libssh2_session_block_directions: fix mistake - The select() is just to make it nicer so that it doesn't - crazy-loop on EAGAIN. The buffer size thing is mostly to verify - that this really work as supposed. + The last LIBSSH2_SESSION_BLOCK_INBOUND should be + LIBSSH2_SESSION_BLOCK_OUTBOUND - Transfer timing is just a minor thing, but it can just as well be - there and help us time and work on performance easier using out - of the box examples. + And I shortened the short description + + Reported by: "drswinghead" -- agent: use _libssh2_error() when returning errors +- msvcproj: added libs and debug stuff - As pointed out in bug report #173, this module basically never - used _libssh2_error() which made it work inconstently with other - parts of the libssh2 code base. This is my first take at making - this code more in line with the rest. + Added libraries needed to link whether using openssl dynamically or + statically + + Added LIBSSH2DEBUG define to debug versions to enable tracing + + URL: http://trac.libssh2.org/ticket/215 + Patch by: Mark Smith -- inputchecks: make lots of API functions check for NULL pointers +- sftp_write: clean offsets on error - If an application accidentally provides a NULL handle pointer to - the channel or sftp public functions, they now return an error - instead of segfaulting. + When an error has occurred on FXP_WRITE, we must make sure that the + offset, sent offset and acked counter are reset properly. -- libssh2_channel_eof: clarify that it returns negative on errors +- example/.gitignore: ignore built binaries -- SFTP: keep the sftp error code as 32 bit +- sftp_write: flush the packetlist on error - 'last_errno' holds to the error code from the SFTP protocol and - since that is 32 bits on the wire there's no point in using a - long for this internally which is larger on some platforms. + When an error occurs during write, flush the entire list of pending + outgoing SFTP packets. -- agent: make the code better deal with unexpected code flows +- keepalive: add first basic man pages - agent->ops gets initialized by the libssh2_agent_connect() call - but we need to make sure that we don't segfault even if a bad - sequence of function calls is used. + Someone on IRC pointed out that we don't have these documented so I + wrote up a first set based on the information in the wiki: + http://trac.libssh2.org/wiki/KeepAlive -Alexander Lamaison (10 Jun 2010) -- Better handling of invalid key files. +- scp_write_nonblock.c: remove pointless check - Passing an invalid public key to libssh2_userauth_publickey_fromfile_ex - triggered an assertion. Replaced this with a runtime check that rejects - obviously invalid key data. - -Daniel Stenberg (10 Jun 2010) -- version: we start working on 1.2.7 now - -Version 1.2.6 (10 Jun 2010) + libssh2_channel_write() cannot return a value that is larger than the + input length value -Daniel Stenberg (10 Jun 2010) -- NEWS: add the 1.2.6 release details +Mikhail Gusarov (9 Apr 2011) +- s/\.NF/.nf/ to fix wrong macro name caught by man --warnings -- RELEASE-NOTES: 1.2.6 details added +Daniel Stenberg (6 Apr 2011) +- version: bump to 1.2.9_dev + + Also update the copyright year range to include 2011 -Guenter Knauf (10 Jun 2010) -- fixed libssh2.dsw to use the generated libssh2.dsp; removed old *.dsp files. +- configure: fix $VERSION + + Stop using the $VERSION variable as it seems to be magically used by + autoconfig itself and thus gets set to the value set in AC_INIT() + without us wanting that. $LIBSSH2VER is now the libssh2 version as + detected. + + Reported by: Paul Howarth + Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2011-04/0008.shtml -- moved MSVC strdup define to libssh2_config.h which we include already. +- maketgz: use git2news.pl by the correct name -- added missing source files to src/NMakefile. +Version 1.2.8 (4 Apr 2011) -Daniel Stenberg (8 Jun 2010) -- libssh2_poll: refer to poll(3) and select(3) instead +Daniel Stenberg (4 Apr 2011) +- RELEASE-NOTES: synced with fabf1a45ee -- example: fix strdup() for MSVC compiles +- NEWS: auto-generated from git - MSVC has a _strdup() that we better use. This was reported in bug + Starting now, the NEWS file is generated from git using the git2news.pl + script. This makes it always accurate and up-to-date, even for daily + snapshots etc. -- SFTP: fail init SFTP if session isn't authenticated +- sftp_write: handle FXP_WRITE errors - Alexander Lamaison filed bug #172 - (http://trac.libssh2.org/ticket/172), and pointed out that SFTP - init would do bad if the session isn't yet authenticated at the - time of the call, so we now check for this situation and returns - an error if detected. Calling sftp_init() at this point is bad - usage to start with. + When an sftp server returns an error back on write, make sure the + function bails out and returns the proper error. -- direct_tcpip: bring back inclusion of libssh2_config.h +- configure: stop using the deprecated AM_INIT_AUTOMAKE syntax + +Alexander Lamaison (13 Mar 2011) +- Support unlimited number of host names in a single line of the known_hosts file. - In order to increase portability of this example, I'm bringing - the inclusion of libssh2_config.h back, and I also added an - require that header for this example to compile. + Previously the code assumed either a single host name or a hostname,ip-address pair. However, according to the spec [1], there can be any number of comma separated host names or IP addresses. - I also made all code lines fit within 80 columns. - -Guenter Knauf (3 Jun 2010) -- cast away a warning. + [1] http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8 -- moved CRT_SECURE_NO_DEPRECATE define up so its defined before the winsock headers are included. +Daniel Stenberg (26 Feb 2011) +- libssh2_knownhost_readfile.3: clarify return value + + This function returns the number of parsed hosts on success, not just + zero as previously documented. -- fixed platform detection for MingW32 test makefile. +Peter Stuge (26 Feb 2011) +- Don't save allocated packet size until it has actually been allocated + + The allocated packet size is internal state which needs to match reality + in order to avoid problems. This commit fixes #211. -- MingW32 has gettimeofday() implemented, so proper ifdef this function here. +Daniel Stenberg (21 Feb 2011) +- [Alfred Gebert brought this change] -- removed MSVC ifdef since seems we can use __int64 still with latest headers. + session_startup: manage server data before server identification + + Fix the bug that libssh2 could not connect if the sftp server + sends data before sending the version string. + + http://tools.ietf.org/html/rfc4253#section-4.2 + + "The server MAY send other lines of data before sending the version + string. Each line SHOULD be terminated by a Carriage Return and Line + Feed. Such lines MUST NOT begin with "SSH-", and SHOULD be encoded + in ISO-10646 UTF-8 [RFC3629] (language is not specified). Clients + MUST be able to process such lines." -- changed copyright notice for MinW32 and NetWare binaries. +- [Alfred Gebert brought this change] -- cleaned up MSVC ifdefs which where spreaded over 3 places. + fullpacket: decompression only after init + + The buffer for the decompression (remote.comp_abstract) is initialised + in time when it is needed. With this fix decompression is disabled when + the buffer (remote.comp_abstract) is not initialised. + + Bug: http://trac.libssh2.org/ticket/200 -- added uint8_t typedef for NetWare CLIB platform. +- _libssh2_channel_read: store last error + + When the transport layer returns EAGAIN this function didn't call + _libssh2_error() which made the last_error not get set. -- if the function declaration gets changed the header should be changed too. +- sftp_write: clarified the comment header -- this is MSVC specific and doesnt apply for all Win32 compilers; - the uint8_t typedef clashes with MingW32 headers. +- sftp_read: avoid wrapping counter to insanity + + As pointed out in bug #206, if a second invoke of libssh2_sftp_read() + would shrink the buffer size, libssh2 would go nuts and send out read + requests like crazy. This was due to an unsigned variable turning + "negative" by some wrong math, and that value would be the amount of + data attempt to pre-buffer! + + Bug: http://trac.libssh2.org/ticket/206 -- updated MingW32 makefiles for latest dependency lib versions. +- sftp_packet_read: use 32bit variables for 32bit data -- updated NetWare makefiles for latest dependency lib versions. +- libssh2_sftp_stat_ex.3: cleaned up, extended + + Removed the macros from it as they have their own man pages. + + Added the LIBSSH2_SFTP_ATTRIBUTES struct in here for easier reference. -Dan Fandrich (30 May 2010) -- Fixed compiling with libgcrypt +- sftp_readdir: return error if buffer is too small - A change of parameter types from unsigned long to size_t was - missed in the prototype in libgcrypt.h + If asked to read data into a buffer and the buffer is too small to hold + the data, this function now returns an error instead of as previously + just copy as much as fits. -Daniel Stenberg (28 May 2010) -- statvfs: use libssh2_sftp_statvfs only, no "_ex" +- sftp_symlink: return error if receive buffer too small - As the long-term goal is to get rid of the extensive set of - macros from the API we can just as well start small by not adding - new macros when we add new functions. Therefore we let the - function be libssh2_sftp_statvfs() plainly without using an _ex - suffix. + and clean up some variable type mismatches - I also made it use size_t instead of unsigned int for the string - length as that too is a long-term goal for the API. - -- [Grubsky Grigory brought this change] - - DSP: output lib name typo - -- [Grubsky Grigory brought this change] + Discussion: http://www.libssh2.org/mail/libssh2-devel-archive-2011-01/0001.shtml - win32: provide a uint8_t typedef for better building on windows +- docs: clarify what happens with a too small buffer + + This flaw is subject to change, but I figured it might be valuable to + users of existing code to know how it works. -- agent: win32: fix bad _libssh2_store_str call +- channel_request_pty_size: fix reqPTY_state - As pointed out by Grubsky Grigory , I - made a mistake when I added the _libssh2_store_str() call before - and I made a slightly different patch than what he suggested. - Based purely on taste. - -Peter Stuge (24 May 2010) -- [Joey Degges brought this change] + The state variable isn't properly set so every other call to the + function fails! + + Bug: http://libssh2.org/mail/libssh2-devel-archive-2010-12/0096.shtml + Reported by: Steve Legg - Add libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs() +- data size: cleanup - These can be used to get file system statistics from servers that - support the statvfs@openssh.com and fstatvfs@openssh.com extensions. + Fix 64bit warnings by using (s)size_t and dedicated uint32_t types more. -Alexander Lamaison (22 May 2010) -- [Jose Baars brought this change] +- [Pierre Joye brought this change] - VMS specific: make sure final release can be installed over daily build + ssize_t: proper typedef with MSVC compilers + + As discussed on the mailing list, it was wrong for win64 and using the + VC-provided type is the safest approach instead of second- guessing + which one it should be. -- [Jose Baars brought this change] +Guenter Knauf (22 Dec 2010) +- Updated OpenSSL version. - VMS: small improvement to the man2help utilities +- Expanded tabs to spaces. -Peter Stuge (22 May 2010) +Peter Stuge (21 Dec 2010) - [Joey Degges brought this change] - libssh2_exit and libssh2_sftp_readdir man page fixes - -Daniel Stenberg (21 May 2010) -- spelling: s/sue/use - -Alexander Lamaison (21 May 2010) -- Change magic port number for generic knownhost check. + _libssh2_ntohu64: fix conversion from network bytes to uint64 - libssh2_knownhost_checkp took 0 as a magic port number that indicated - a 'generic' check should be performed. However, 0 is a valid port - number in its own right so this commit changes the magic value to any - negative int. - -Mikhail Gusarov (5 May 2010) -- Add re-discovered copyright holders to COPYING + Cast individual bytes to uint64 to avoid overflow in arithmetic. -- Restoring copyright statements from pre-git era +Daniel Stenberg (20 Dec 2010) +- libssh2_userauth_list: language fix - Eli Fant has contributed fragmenting SFTP requests + "faily" is not a good English word, and I also cleaned up some other minor + mistakes -- Restoring my copyright statements from pre-git era +- crypto: unify the generic functions - keyboard_interactive, 'exit-status' information packet, non-atomic read/write - under FreeBSD, multi-channel operation bugfixes. - -Daniel Stenberg (3 May 2010) -- pedantic: make the code C90 clean - -Peter Stuge (3 May 2010) -- Do proper keyboard-interactive user dialog in the sftp.c example + Added crypto.h that is the unified header to include when using crypto + functionality. It should be the only header that needs to adapt to the + underlying crypto library in use. It provides the set of prototypes that + are library agnostic. -Daniel Stenberg (3 May 2010) -- added to tarball: libssh2_knownhost_checkp.3 +- [Mark Smith brought this change] -- knownhost: support [host]:port in knownhost file + userauth: derive publickey from private - OpenSSH has ways to add hosts to the knownhosts file that include - a specific port number which makes the key associated with only - that specific host+port pair. libssh2 previously did not support - this, and I was forced to add a new function to the API to - properly expose this ability to applications: - libssh2_knownhost_checkp() + Pass a NULL pointer for the publickey parameter of + libssh2_userauth_publickey_fromfile and + libssh2_userauth_hostbased_fromfile functions. In this case, the + functions recompute the public key from the private key file data. - To *add* such hosts to the knownhosts file, you make sure to pass - on the host name in that manner to the libssh2_knownhost_addc() - function. - -- init/exit: mention these were added in 1.2.5 + This is work done by Jean-Louis CHARTON + , then adapted by Mark Smith and + slightly edited further by me Daniel. + + WARNING: this does leave the feature NOT WORKING when libssh2 is built + to use libgcrypt instead of OpenSSL simply due to lack of + implementation. -- libssh2_knownhost_check docs: correct the prototype +- ssh2_echo: Value stored to 'exitcode' is never read -- examples: avoid use of uninitialized variable 'sock' +- _libssh2_packet_add: fix SSH_MSG_DEBUG weirdness + + I believe I may have caused this weird typo style error when I cleaned + up this function a while ago. Corrected now. -- KEX: stop pretending we negotiate language +- uint32: more longs converted to proper types - There was some stub-like parts of an implementation for - implementing kex language negotiation that caused clang-analyzer - to warn and as it did nothing I've now removed the dead code. + I also moved the MAC struct over to the mac.h header file and made sure + that the users of that struct include that file. -- Uninitialized argument +- SFTP: more types to uint32_t + + The 'num_names' field in the SSH_FXP_NAME response is an unsigned 32bit + value so we make sure to treat it like that. -- sftpdir: removed dead assignment +- SFTP: request_ids are uint32_t + + I went over the code and made sure we use uint32_t all over for the + request_id data. It is an unsigned 32bit value on the wire. -- Makefile.am: include the VMS-specific config header as well +- SFTP: store request_id separately in packets + + By using a new separate struct for incoming SFTP packets and not sharing + the generic packet struct, we can get rid of an unused field and add a + new one dedicated for holding the request_id for the incoming + package. As sftp_packet_ask() is called fairly often, a "mere" integer + comparison is MUCH faster than the previous memcmp() of (typically) 5 + bytes. -- [Jose Baars brought this change] +- libssh2_sftp_open_ex: man page extended and cleaned up + + I added the missing documentation for the 'flags' argument. - Add VMS specific libssh2_config.h +- SFTP: unify the READ/WRITE chunk structs -- fix Value stored to 's' is never read warning +- SFTP: fix memory leaks - and moved variable declaration of s to be more local - -- kexinit: simplify the code and avoid scan-build warning + Make sure that we cleanup remainders when the handle is closed and when + the subsystem is shutdown. - Previously it would say "Value stored to 's' is never read" due - fourth increment of 's'. - -Alexander Lamaison (28 Apr 2010) -- Removed unecessary brackets. + Existing flaw: if a single handle sends packets that haven't been + replied to yet at the time when the handle is closed, those packets will + arrive later and end up in the generic packet brigade queue and they + will remain in there until flushed. They will use unnecessary memory, + make things slower and they will ruin the SFTP handling if the + request_id counter ever wraps (highly unlikely to every happen). -- Changed sftp_attrsize macro to a static function. +- sftp_close_handle: packet list is generic + + Fix comment, simplify the loop logic -Daniel Stenberg (28 Apr 2010) -- release: include the VMS-specific files +- sftp_read: pipeline reads + + The SFTP read function now does transfers the same way the SFTP write + function was made to recently: it creates a list of many outgoing + FXP_READ packets that each asks for a small data chunk. The code then + tries to keep sending read request while collecting the acks for the + previous requests and returns the received data. -- sftp_attrsize: protect the macro argument with proper parentheses +- sftp_write: removed unused variable -- ssh2_agent: avoid using 'session' uninitialized on failures +- _libssh2_channel_close: don't call transport read if disconnected + + The loop that waits for remote.close to get set may end up looping + forever since session->socket_state gets set to + LIBSSH2_SOCKET_DISCONNECTED by the packet_add() function called from the + transport_read() function and after having been set to + LIBSSH2_SOCKET_DISCONNECTED, the transport_read() function will only + return 0. + + Bug: http://trac.libssh2.org/ticket/198 -- examples: remove assignments of variable rc that's never used +- libssh2_sftp_seek64: new man page + + Split off libssh2_sftp_seek64 from the libssh2_sftp_seek man page, and + mentioned that we consider the latter deprecated. Also added a mention + about the dangers of doing seek during writing or reading. -- publickey_init: remove useless variable increment +- sftp_seek: fix + + The new SFTP write code caused a regression as the seek function no + longer worked as it didn't set the write position properly. + + It should be noted that seeking is STRONGLY PROHIBITED during upload, as + the upload magic uses two different offset positions and the multiple + outstanding packets etc make them sensitive to change in the midst of + operations. + + This functionality was just verified with the new example code + sftp_append. This bug was filed as bug #202: + + Bug: http://trac.libssh2.org/ticket/202 -- hostkey_method_ssh_rsa_init: remove useless variable increment +- sftp_append: new example doing SFTP append -- packet_x11_open: removed useless variable increment +- MAX_SFTP_OUTGOING_SIZE: 30000 - and made the declaration of a variable more local - -- packet_queue_listener: removed useless variable increment + I ran SFTP upload tests against localhost. It showed that to make the + app reach really good speeds, I needed to do a little code tweak and + change MAX_SFTP_OUTGOING_SIZE from 4000 to 30000. The tests I did before + with the high latency tests didn't show any real difference whatever I + had that size set to. - and made the declaration of a variable more local + This number is the size in bytes that libssh2 cuts off the large input + buffer and sends off as an individual sftp packet. -- sftp_read: move a read_responses array to where its used +- sftp_write_sliding.c: new example - I find that this increases readability since the array is used - only in the function call just immediately below and nowhere - else. - -- sftp_readdir: turn a small array static const and move it + This is an example that is very similar to sftp_write_nonblock.c, with + the exception that this uses + + 1 - a larger upload buffer + + 2 - a sliding buffer mechnism to allow the app to keep sending lots of + data to libssh2 without having to first drain the buffer. + + These are two key issues to make libssh2 SFTP uploads really perform + well at this point in time. -- sftp_attrsize: converted function to a macro +- cpp: s/#elsif/#elif - This way, the macro can evaluate a static number at compile time - for two out of four uses, and it probably runs faster for the - other two cases too. + This looks like a typo as #elsif is not really C... -- sftp_open: deal with short channel_write calls +- _libssh2_channel_write: revert channel_write() use + + The attempts made to have _libssh2_channel_write() accept larger pieces + of data and split up the data by itself into 32700 byte chunks and pass + them on to channel_write() in a loop as a way to do faster operations on + larger data blocks was a failed attempt. + + The reason why it is difficult: + + The API only allows EAGAIN or a length to be returned. When looping over + multiple blocks to get sent, one block can get sent and the next might + not. And yet: when transport_send() has returned EAGAIN we must not call + it again with new data until it has returned OK on the existing data it + is still working on. This makes it a mess and we do get a much easier + job by simply returning the bytes or EAGAIN at once, as in the EAGAIN + case we can assume that we will be called with the same arguments again + and transport_send() will be happy. - This was an old TODO that just wasn't done before. If - channel_write returns short, that is not an error. + Unfortunately, I think we take a small performance hit by not being able + to do this. -- sftp_open: clean up, better check of input data - - The clang-analyzer report made it look into this function and - I've went through it to remove a potential use of an - uninitialized variable and I also added some validation of input - data received from the server. +- ssh2_echo: new example - In general, lots of more code in this file need to validate the - input before assuming it is correct: there are servers out there - that have bugs or just have another idea of how to do the SFTP - protocol. - -- bugfix: avoid using the socket if it failed to create one - -- bugfix: potential use of NULL pointer + This is a new example snippet. The code is largely based on ssh2_exec, + and is written by Tommy Lindgren. I edited it into C90 compliance and to + conform to libssh2 indent style and some more. -- libssh2_userauth_password_ex: clarify errors somewhat +- send_existing: return after send_existing - The errors mentioned in this man page are possible return codes - but not necessarily the only return codes that this can return. + When a piece of data is sent from the send_existing() function we must + make the parent function return afterwards. Otherwise we risk that the + parent function tries to send more data and ends up getting an EGAIN for + that more data and since it can only return one return code it doesn't + return info for the successfully sent data. - Also reformatted the typ prototypes somewhat. + As this change is a regression I now added a larger comment explaining + why it has to work like this. -- examples: fixed and made them more similar +- _libssh2_channel_write: count resent data as written - The channel read/write functions can return 0 in legitimate cases - without it being an error, and we need to loop properly if they - return short. + In the logic that resends data that was kept for that purpose due to a + previous EAGAIN, the data was not counted as sent causing badness. -- [Jose Baars brought this change] +Peter Stuge (13 Nov 2010) +- Use fprintf(stderr, ) instead of write(2, ) for debugging - VMS port of libssh2; changes in the libssh2 common code +- session/transport: Correctly handle when _libssh2_send() returns -EAGAIN -- Makefile: added the two news headers userauth.h and session.h +- src/agent.c: Simplify _libssh2_send() error checking ever so slightly -- cleanup: prefer the internal functions +Daniel Stenberg (12 Nov 2010) +- send/recv: use _libssh2_recv and _libssh2_send now - To get the blocking vs non-blocking to work as smooth as possible - and behave better internally, we avoid using the external - interfaces when calling functions internally. + Starting now, we unconditionally use the internal replacement functions + for send() and recv() - creatively named _libssh2_recv() and + _libssh2_send(). - Renamed a few internal functions to use _libssh2 prefix when not - being private within a file, and removed the libssh2_ for one - that was private within the file. + On errors, these functions return the negative 'errno' value instead of + the traditional -1. This design allows systems that have no "natural" + errno support to not have to invent it. It also means that no code + outside of these two transfer functions should use the errno variable. -- session_free: remove dead code +- channel_write: move some logic to _libssh2_channel_write + + Some checks are better done in _libssh2_channel_write just once per + write instead of in channel_write() since the looping will call the + latter function multiple times per _libssh2_channel_write() invoke. -- libssh2_publickey_init: fixed to work better non-blocking +- sftp_write: handle "left over" acked data - This was triggered by a clang-analyzer complaint that turned out - to be valid, and it made me dig deeper and fix some generic non- - blocking problems I disovered in the code. + The SFTP handle struct now buffers number of acked bytes that haven't + yet been returned. The way this is used is as following: - While cleaning this up, I moved session-specific stuff over to a - new session.h header from the libssh2_priv.h header. + 1. sftp_write() gets called with a buffer of let say size 32000. We + split 32000 into 8 smaller packets and send them off one by one. One of + them gets acked before the function returns so 4000 is returned. + + 2. sftp_write() gets called again a short while after the previous one, + now with a much smaller size passed in to the function. Lets say 8000. + In the mean-time, all of the remaining packets from the previous call + have been acked (7*4000 = 28000). This function then returns 8000 as all + data passed in are already sent and it can't return any more than what + it got passed in. But we have 28000 bytes acked. We now store the + remaining 20000 in the handle->u.file.acked struct field to add up in + the next call. + + 3. sftp_write() gets called again, and now there's a backlogged 20000 + bytes to return as fine and that will get skipped from the beginning + of the buffer that is passed in. -- channel: reduce duplicated free and returns +- sftp_write: polished and simplified - Simplified the code by trying to free data and return on a single - spot. + Removed unnecessary struct fields and state changes within the function. + + Made the loop that checks for ACKs only check chunks that were fully + sent. -- channel: make variables more local +- SCP: on failure, show the numerical error reason - By making 'data' and 'data_len' more local in several places in - this file it will be easier to spot how they are used and we'll - get less risks to accidentally do bad things with them. + By calling libssh2_session_last_errno() -Mikhail Gusarov (24 Apr 2010) -- Fix typos in manpages, catched by Lintian +- SFTP: provide the numerical error reason on failure -Daniel Stenberg (24 Apr 2010) -- channel_request_pty: simplify the code +- SCP: clean up failure treatment - clang-analyzer pointed out how 'data' could be accessed as a NULL - pointer if the wrong state was set, and while I don't see that - happen in real-life the code flow is easier to read and follow by - moving the LIBSSH2_FREE() call into the block that is supposed to - deal with the data pointer anyway. + When SCP send or recv fails, it gets a special message from the server + with a warning or error message included. We have no current API to + expose that message but the foundation is there. Removed unnecessary use + of session struct fields. -- libssh2_channel_process_startup: simplify the code - - clang-analyzer pointed out how 'data' could be accessed as a NULL - pointer if the wrong state was set, and while I don't see that - happen in real-life the code flow is easier to read and follow by - moving the LIBSSH2_FREE() call into the block that is supposed to - deal with the data pointer anyway. +- sftp_write: enlarge buffer to perform better -- sftp_close_handle: add precation to not access NULL pointer +- packets: code cleanup - clang-analyzer pointed this out as a "Pass-by-value argument in - function call is undefined" but while I can't see exactly how - this can ever happen in reality I think a little check for safety - isn't such a bad thing here. + I added size checks in several places. I fixed the code flow to be easier + to read in some places. + + I removed unnecessary zeroing of structs. I removed unused struct fields. -- scp_write_nonblock: Value stored to 'nread' is never read +- LIBSSH2_CALLBACK_MACERROR: clarify return code use -- scp_write: Value stored to 'ptr' is never read +- _libssh2_userauth_publickey: avoid shadowing -- scp_write_nonblock: Value stored to 'ptr' is never read +- packet: avoid shadowing global symbols -- sftp_mkdir: less silly output but show failures +- sftp_readdir: avoid shadowing -- [Jose Baars brought this change] +- shadowing: don't shadow the global compress - VMS port of libssh2 including VMS specific build procedures +- _libssh2_packet_add: turn ifs into a single switch -- two variable types changes, made lines less than 80 columns - - The two variable type changes are only to match type variable - fields actually read from the binary protocol. +- _libssh2_packet_add: check SSH_MSG_GLOBAL_REQUEST packet -- remove check for negative padding_length +- _libssh2_packet_add: SSH_MSG_DEBUG length checks - It was silly, since it is read as an unsigned char... - -- hostkey_method_ssh_dss_init: Value stored to 's' is never read - -- libssh2_banner_set: avoid unnecessary increment and explain code + Verify lengths before using them. Read always_display from the correct + index. Don't copy stuff around just to provide zero-termination of the + strings. -- agent_transact_unix: remove unused variable +- _libssh2_packet_add: SSH_MSG_IGNORE skip memmove + + There's no promise of a zero termination of the data in the callback so + no longer perform ugly operation in order to provide it. -- remove two unnecessary increments +- _libssh2_packet_add: SSH_MSG_DISCONNECT length checks + + Verify lengths before trying to read data. -- more code converted to use _libssh2_store_*() +- indent: break lines at 80 columns -- libssh2_publickey_list_fetch: removed unused variables +- SSH_MSG_CHANNEL_OPEN_FAILURE: used defined values + + We don't like magic numbers in the code. Now the acceptable failure + codes sent in the SSH_MSG_CHANNEL_OPEN_FAILURE message are added as + defined values in the private header file. -- libssh2_publickey_init: remove unused variables +- sftp_write: don't return EAGAIN if no EAGAIN was received + + This function now only returns EAGAIN if a lower layer actually returned + EAGAIN to it. If nothing was acked and no EAGAIN was received, it will + now instead return 0. -- libssh2_scp_send64: added to API to provide large file transfers +- _libssh2_wait_socket: detect nothing-to-wait-for - The previously existing libssh2_scp_send_ex() function has no way - to send files that are larger than 'size_t' which on 32bit - systems mean 4GB. This new API uses a libssh2_int64_t type and - should thus on most modern systems be able to send enormous - files. + If _libssh2_wait_socket() gets called but there's no direction set to + wait for, this causes a "hang". This code now detects this situation, + set a 1 second timeout instead and outputs a debug output about it. -- sftp_init: remove unused variables and assignments +- decomp: remove the free_dest argument + + Since the decompress function ALWAYS returns allocated memory we get a + lot simpler code by removing the ability to return data unallocated. -- libssh2_knownhost_check: Value stored to 'keylen' is never read +- decomp: cleaned off old compression stuff + + I cleared off legacy code from when the compression and decompression + functions were a single unified function. Makes the code easier to read + too. -- hostkey: fix compiler warning +- [TJ Saunders brought this change] -- remove unused variable + decomp: increase decompression buffer sizes -- data types: convert more to use size_t and uint32_t +- [TJ Saunders brought this change] -- channel: variable type cleanups + zlib: Add debug tracing of zlib errors -- cleanups: better binary packet gen, size_t fixes and PACKET_* removal - - I'll introduce a new internal function set named - - _libssh2_store_u32 - _libssh2_store_u64 - _libssh2_store_str - - That can be used all through the library to build binary outgoing - packets. Using these instead of the current approach removes - hundreds of lines from the library while at the same time greatly - enhances readability. I've not yet fully converted everything to - use these functions. - - I've converted LOTS of 'unsigned long' to 'size_t' where - data/string lengths are dealt with internally. This is The Right - Thing and it will help us make the transition to our - size_t-polished API later on as well. - - I'm removing the PACKET_* error codes. They were originally - introduced as a set of separate error codes from the transport - layer, but having its own set of errors turned out to be very - awkward and they were then converted into a set of #defines that - simply maps them to the global libssh2 error codes instead. Now, - I'l take the next logical step and simply replace the PACKET_* - defines with the actual LIBSSH2_ERROR_* defines. It will increase - readability and decrease confusion. +- sftp_packet_read: handle partial reads of the length field - I also separated packet stuff into its own packet.h header file. + SFTP packets come as [32 bit length][payload] and the code didn't + previously handle that the initial 32 bit field was read only partially + when it was read. + +- [Jasmeet Bagga brought this change] -- clarified the return code + kex_agree_hostkey: fix NULL pointer derefence + + While setting up the session, ssh tries to determine the type of + encryption method it can use for the session. This requires looking at + the keys offered by the remote host and comparing these with the methods + supported by libssh2 (rsa & dss). To do this there is an iteration over + the array containing the methods supported by libssh2. + + If there is no agreement on the type of encryption we come to the 3rd + entry of the hostkeyp array. Here hostkeyp is valid but *hostkep is + NULL. Thus when we dereference that in (*hostkeyp)->name there is a + crash -- rename libssh2_error to the correct _libssh2_error +- _libssh2_transport_send: remove dead assignment - We reserve ^libssh2_ for public symbols and we use _libssh2 as - prefix for internal ones. I fixed the intendation of all these - edits with emacs afterwards, which then changed it slightly more - than just _libssh2_error() expressions but I didn't see any - obvious problems. + 'data' isn't accessed beyond this point so there's no need to assign it. -- data type cleanup: made lots of code use size_t etc +- scp_recv: remove dead assignment - A lot of code used 'unsigned long' and the likes when it should - rather just use plain 'int' or use size_t for data lengths. + Instead of assigning a variable we won't read, we now use the more + explicit (void) prefix. -- wait_socket: make c89 compliant and use two fd_sets for select() +- sftp_write: removed superfluous assignment -- sftp_readdir: always zero terminate, detail the return code - - I also added a description for the 'longentry' field which was - previously undocumented! +- bugfix: avoid use of uninitialized value -- sftp_readdir: simplified and bugfixed +- sftp_packet_require: propagate error codes better - This function no longer has any special purpose code for the - single entry case, as it was pointless. + There were some chances that they would cause -1 to get returned by + public functions and as we're hunting down all such occurances and since + the underlying functions do return valuable information the code now + passes back proper return codes better. + +- [Alfred Gebert brought this change] + + fix memory leaks (two times cipher_data) for each sftp session + +- libssh2_userauth_authenticated: make it work as documented - The previous code would overflow the buffers with an off-by-one - in case the file name or longentry data fields received from the - server were exactly as long as the buffer provided to - libssh2_sftp_readdir_ex. + The man page clearly says it returns 1 for "already authenticated" but + the code said non-zero. I changed the code to use 1 now, as that is also + non-zero but it gets the benefit that it now matches the documentation. - We now make sure that libssh2_sftp_readdir_ex() ALWAYS zero - terminate the buffers it fills in. + Using 1 instead of non-zero is better for two reasons: - The function no longer calls the libssh2_* function again, but - properly uses the internal sftp_* instead. + 1. We have the opportunity to introduce other return codes in the future for + things like error and what not. + 2. We don't expose the internal bitmask variable value. -- channel/transport: we now drain the outgoing send buffer when we ignore EAGAIN - - When we ignore the EAGAIN from the transport layer within channel_write, we - now drain the outgoing transport layer buffer so that remainders in that - won't cause any problems in the next invoke of _libssh2_transport_write() +- userauth_keyboard_interactive: fix indent -- channel_write: if data has been sent, don't return EAGAIN - - When sending data in a loop, we must not return EAGAIN if we - managed to send data in an earlier round. This was reported in - bug #126 => http://libssh2.stuge.se/ticket/126 +- [Alfred Gebert brought this change] -Simon Josefsson (14 Apr 2010) -- Fix OpenSSL AES-128-CTR detection. + fix memory leak in userauth_keyboard_interactive() - Patch from Paul Howarth . + First I wanted to free the memory in session_free() but then + I had still memory leaks because in my test case the function + userauth_keyboard_interactive() is called twice. It is called + twice perhaps because the server has this authentication + methods available: publickey,gssapi-with-mic,keyboard-interactive + The keyboard-interactive method is successful. -Daniel Stenberg (13 Apr 2010) -- version in header file now says 1.2.6-DEV +- dist: include sftp.h in dist archives -- 1.2.6: clean the RELEASE-NOTES for next release round +Simon Josefsson (27 Oct 2010) +- Update header to match new function prototype, see c48840ba88. -- NEWS: add the stuff from the version 1.2.5 RELEASE-NOTES +Daniel Stenberg (26 Oct 2010) +- bugfixes: the transport rearrange left some subtle flaws now gone -Version 1.2.5 (13 Apr 2010) +- libssh2_userauth_publickey_fromfile_ex.3: cleaned up looks -Daniel Stenberg (13 Apr 2010) -- channel_close: no longer wait for the SSH_MSG_CHANNEL_CLOSE message +- libssh2_userauth_publickey: add man page - As the packet may simply not arrive we cannot have the close - function wait for it unconditionally. + I found an undocumented public function and we can't have it like + that. The description here is incomplete, but should serve as a template + to allow filling in... -- less code duplication in the poll vs select code flows +- libssh2_sftp_write.3: added blurb about the "write ahead" - libssh2_keepalive_send and libssh2_session_block_directions are - now used outside of the #ifdef blocks. + Documented the new SFTP write concept -- make it C90 compliant +- sftp_close_handle: free any trailing write chunks -- updated with all changes and bugs since 1.2.4 +- _libssh2_channel_write: fix warnings -- Added LIBSSH2_SFTP_S_IS***() macros and updated docs +- SFTP: bufgix, move more sftp stuff to sftp.h - libssh2_sftp_fstat_ex.3 is now extended quite a lot to describe a - lot of the struct and the bits it uses and how to test for them. + The sftp_write function shouldn't assume that the buffer pointer will be + the same in subsequent calls, even if it assumes that the data already + passed in before haven't changed. + + The sftp structs are now moved to sftp.h (which I forgot to add before) -- sftp_init() deal with _libssh2_channel_write() returns short +- SFTP: use multiple outgoing packets when writing - When _libssh2_channel_write() is asked to send off 9 bytes, the - code needs to deal with the situation where less than 9 bytes - were sent off and prepare to send the remaining piece at a later - time. + sftp_write was rewritten to split up outgoing data into multiple packets + and deal with the acks in a more asynchronous manner. This is meant to + help overcome latency and round-trip problems with the SFTP protocol. -- handle a NULL password as if it was "" +- TODO: implemented a lot of the ideas now + +- _libssh2_channel_write: removed 32500 size limit - libssh2_userauth_publickey_fromfile_ex() takes a "passphrase" - but didn't deal with it being set to NULL. + Neither _libssh2_channel_write nor sftp_write now have the 32500 size + limit anymore and instead the channel writing function now has its own + logic to send data in multiple calls until everything is sent. -- Reduce used window sizes by factor 10 +- send_existing: don't tell parent to return when drained - As reported in bug report #166 http://libssh2.stuge.se/ticket/166 - by 'ptjm', the maximum window size must be less crazy for libssh2 - to do better with more server implementations. I did not do any - testing to see how this changes raw SCP performance, but the - maximum window size is still almost 4MB. This also has the upside - that libssh2 will use less memory. + That will just cause unnecessary code execution. -Peter Stuge (28 Mar 2010) -- Correctly clear blocking flag after sending multipart packet +- _libssh2_channel_write: general code cleanup - commit 7317edab61d2179febc38a2c2c4da0b951d74cbc cleared the outbound - blocking bit when send_existing() returned PACKET_NONE and *ret=0, as - opposed to before even calling send_existing(), but because *ret=1 when - sending parts 2..n of an existing packet, the bit would only be cleared - when calling libssh2_transport_write() for a new packet. + simplified the function and removed some unused struct fields + +- _libssh2_transport_send: replaces _libssh2_transport_write - Clear the direction flag after the final part of a packet has been sent. + The new function takes two data areas, combines them and sends them as a + single SSH packet. This allows several functions to allocate and copy + less data. + + I also found and fixed a mixed up use of the compression function + arguments that I introduced in my rewrite in a recent commit. -Daniel Stenberg (24 Mar 2010) -- Added man page for libssh2_knownhost_addc() +- scp_write_nonblock: use select() instead of busyloop - Added mention in libssh2_knownhost_add() docs that - libssh2_knownhost_addc() is the preferred function now. + Make this example nicer by not busylooping. -- at next soname bump remove libssh2_knownhost_add() +- send_existing: clear olen when the data is sent off -- ignore TAGS ("make tags" makes them) +- _libssh2_transport_write: allow 256 extra bytes around the packet -- fix memory leak - - we must not assign the pointer a NULL since it keeps allocated - data and at least parts of an error string +- _libssh2_transport_write: remade to send without malloc -- fixed the pattern for avoiding the poll check +- compress: compression disabled by default - added some comments about known problems with poll on darwin + We now allow libssh2_session_flag() to enable compression with a new + flag and I added documentation for the previous LIBSSH2_FLAG_SIGPIPE + flag which I wasn't really aware of! -- avoid checking for poll on some systems +- comp: split the compress function - darwin and interix are known to have broken poll implementations - so we skip the check on those and thus have them use select - unconditionally + It is now made into two separate compress and decompress functions. In + preparation for upcoming further modficications. -- ignore libssh2.dsp +Dan Fandrich (20 Oct 2010) +- Added header file to allow compiling in older environments -Simon Josefsson (23 Mar 2010) -- Fix logic in "on-the-fly" crypto init. +Daniel Stenberg (20 Oct 2010) +- TODO: add a possible new API for SFTP transfers -- Make sure keepalive is working even when poll is used. +- TODO: "New Transport API" added -- [Paul Querna brought this change] +- TODO: add buffering plans - Use poll when available on blocking API. +Simon Josefsson (13 Oct 2010) +- Mention libssh2_channel_get_exit_signal and give kudos. + +- [Tommy Lindgren brought this change] + + Add libssh2_channel_get_exit_signal man page. Signed-off-by: Simon Josefsson -Peter Stuge (20 Mar 2010) -- Fix speling +- [Tommy Lindgren brought this change] -Daniel Stenberg (19 Mar 2010) -- fix NULL dereference when window adjusting a non-existing channel + Add libssh2_channel_get_exit_signal. - Suyog Jadhav pointed out that when receiving a window adjust to - a channel not found, the code would reference a NULL pointer. - Now it will instead output a message about that fact. + Signed-off-by: Simon Josefsson -Simon Josefsson (19 Mar 2010) -- Fix build problem. +- Add libssh2_free man page and fix typo. -- Eat our own dog food, call libssh2_init and libssh2_exit in the examples. +- Add libssh2_free. -- Fix init/exit logic. Add self-test of it. +Daniel Stenberg (11 Oct 2010) +- scp_recv: improved treatment of channel_read() returning zero + + As a zero return code from channel_read() is not an error we must make + sure that the SCP functions deal with that properly. channel_read() + always returns 0 if the channel is EOFed already so we check for EOF + after 0-reads to be able to return error properly. -Daniel Stenberg (19 Mar 2010) -- fix typo +- libssh2_session_methods.3: detail what can be asked for -Simon Josefsson (19 Mar 2010) -- Add man page for libssh2_init and libssh2_exit. Fix libssh2_exit prototype. +- compression: send zlib before none + + As the list of algorithms in a preferred order we should send zlib + before none to increase the chances that the server will let us do + compression. -- Shorten constant a bit. More documentation. +- compress: faster check, better return codes + + In the transport functions we avoid a strcmp() now and just check a + boolean instead. + + The compress/decompress function's return code is now acknowledged and + used as actual return code in case of failures. -- Fix namespace pollution. +- libssh2_session_handshake: replaces libssh2_session_startup() + + The function libssh2_session_startup() is now considered deprecated due + to the portability issue with the socket argument. + libssh2_session_handshake() is the name of the replacement. -- Add global init/exit points, to do crypto initialization in one place. +- libssh2_socket_t: now externally visible - By Lars Nordin. + In preparation for upcominig changes, the libssh2_socket_t type is now + typedef'ed in the public header. -Daniel Stenberg (14 Mar 2010) -- libssh2 is released under the Modifed BSD license, not GPL +- _libssh2_transport_drain: removed + + This function proved not to be used nor useful. -Alexander Lamaison (14 Mar 2010) -- Add libssh2_knownhost_addc to handle comments. +- _libssh2_channel_write: don't iterate over transport writes - Comments in known_hosts file were not handle properly. They were parsed as - part of the key causing key matching to return a mismatch if the entry had a - comment. This adds a new API function that takes an optional comment and - changes libssh2_knownhost_readline to parse the comment as pass it to the - new function. + When a call to _libssh2_transport_write() succeeds, we must return from + _libssh2_channel_write() to allow the caller to provide the next chunk + of data. - Fixes #164. + We cannot move on to send the next piece of data that may already have + been provided in this same function call, as we risk getting EAGAIN for + that and we can't return information both about sent data as well as + EAGAIN. So, by returning short now, the caller will call this function + again with new data to send. -- Fix gettimeofday to compile with Visual C++ 6. - - Reported by Steven Van Ingelgem. +- _libssh2_transport_write: updated documentation blurb -Simon Josefsson (10 Mar 2010) -- Add. +- _libssh2_transport_write: remove fprintf remainder + + Mistake from previous debugging -- keepalive.c: Fix libssh2_error usage. +- session: improved errors + + Replaced -1/SOCKET_NONE errors with appropriate error defines instead. + + Made the verbose trace output during banner receiving less annoying for + non-blocking sessions. -- Fix typo in last commit. +- crypt_init: use correct error define -- Tidy up build option notice. +- _libssh2_error: hide EAGAIN for non-blocking sessions + + In an attempt to make the trace output less cluttered for non-blocking + sessions the error function now avoids calling the debug function if the + error is the EAGAIN and the session is non-blocking. -- Add entry about keep alive stuff. +- agent: use better error defines -- Add keep-alive support. +- comp_method_zlib_init: use correct error defines -Alexander Lamaison (7 Mar 2010) -- Untabify. +- transport: better error codes + + LIBSSH2_SOCKET_NONE (-1) should no longer be used as error code as it is + (too) generic and we should instead use specific and dedicated error + codes to better describe the error. -- Fix memory leak in libssh2_knownhost_add. +- channel: return code and _libssh2_error cleanup + + Made sure that all transport_write() call failures get _libssh2_error + called. -Daniel Stenberg (6 Mar 2010) -- change 'int' to 'libssh2_socket_t' in the public API for sockets +- _libssh2_channel_write: limit to 32700 bytes + + The well known and used ssh server Dropbear has a maximum SSH packet + length at 32768 by default. Since the libssh2 design current have a + fixed one-to-one mapping from channel_write() to the packet size created + by transport_write() the previous limit of 32768 in the channel layer + caused the transport layer to create larger packets than 32768 at times + which Dropbear rejected forcibly (by closing the connection). + + The long term fix is of course to remove the hard relation between the + outgoing SSH packet size and what the input length argument is in the + transport_write() function call. -- reduce code duplication and return underlying error better +- libssh.h: add more dedicated error codes -- acknowledge when _libssh2_packet_requirev() returns error +- SCP: allow file names with bytes > 126 - when _libssh2_packet_requirev() returns an error when waiting for - SSH_MSG_USERAUTH_SUCCESS or SSH_MSG_USERAUTH_FAILURE, it is an - error and it should be treated as such + When parsing the SCP protocol and verifying that the data looks like a + valid file name, byte values over 126 must not be consider illegal since + UTF-8 file names will use such codes. + + Reported by: Uli Zappe + Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2010-08/0112.shtml -- wrap long lines +Dan Fandrich (25 Aug 2010) +- Document the three sftp stat constants -- polished the phrasing in two error strings +Guenter Knauf (18 Aug 2010) +- Fixed Win32 makefile which was now broken at resource build. -- silence picky compiler warnings +- It is sufficient to pipe stderr to NUL to get rid of the nasty messages. -- silence picky compiler warnings +- [Author: Guenter Knauf brought this change] -- removed libssh2_error()'s forth argument + Removed Win32 ifdef completely for sys/uio.h. - libssh2_error() no longer allocates a string and only accepts a const - error string. I also made a lot of functions use the construct of - return libssh2_error(...) instead of having one call to - libssh2_error() and then a separate return call. In several of those - cases I then also changed the former -1 return code to a more - detailed one - something that I think will not change behaviors - anywhere but it's worth keeping an eye open for any such. + No idea why we had this ifdef at all but MSVC, MingW32, Watcom + and Borland all have no sys/uio.h header; so if there's another + Win32 compiler which needs it then it should be added explicitely + instead of this negative list. -- repaired --enable-debug +- New files should also be added to Makefile.am. + + Otherwise they will never be included with release and snapshot tarballs ... -Simon Josefsson (1 Mar 2010) -- Make ./configure output a summary of build options. +Daniel Stenberg (18 Aug 2010) +- version: bump to 1.2.8_DEV -Daniel Stenberg (1 Mar 2010) -- let the err_msg in the session struct be const too +Version 1.2.7 (17 Aug 2010) -Simon Josefsson (1 Mar 2010) -- Revert #ifdef change that pulled in AES-CTR code when explicitly disabled. +Daniel Stenberg (17 Aug 2010) +- release: updated to hold 1.2.7 info -Daniel Stenberg (1 Mar 2010) -- fix #ifdefs +Guenter Knauf (17 Aug 2010) +- Use the new libssh2.rc file. -- make function match the new proto +- Added resource file for libssh2.dll (shamelessly stolen from libcurl). -Simon Josefsson (1 Mar 2010) -- Improve AES-CTR check. +- Updated Win32 MSVC dependencies versions. -Daniel Stenberg (1 Mar 2010) -- use const to silence a bazillion warnings +- Added include for sys/select.h to get fd.set on some platforms. -Simon Josefsson (1 Mar 2010) -- Use AES-CTR from OpenSSL when available. +- Added Watcom makefile borrowed from libcurl. - Reported by Lars Nordin . + This makefile compiles already all files fine for static lib, but needs + final touch when I have OpenSSL fully working with shared libs and Watcom. -- Make it possible to disable DSA. - - Patch from Lars Nordin . +- Added copyright define to libssh2.h and use it for binary builds. -Peter Stuge (1 Mar 2010) -- Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE +- Moved version defines up in order to include from .rc file. - Sending SSH_MSG_CHANNEL_CLOSE without channel EOF is explicitly allowed - in RFC 4254, but some non-conforming servers will hang or time out when - the channel is closed before EOF. + Blocked rest of header with ifndef so its possible to let + the rc compiler only use the version defines. + +- Some minor makefile tweaks. + +Daniel Stenberg (2 Aug 2010) +- example: treat the libssh2_channel_read() return code properly - Other common clients send and receive EOF before closing, there are no - drawbacks, and some servers need it to work correctly. + A short read is not an error. Only negative values are errors! -Alexander Lamaison (26 Feb 2010) -- Style improvements to knownhost error handling. +- libssh2_wait_socket: reset error code to "leak" EAGAIN less - Made improvements as suggested by Peter Stuge: http://www.libssh2.org/mail/libssh2-devel-archive-2010-02/0161.shtml. + Since libssh2 often sets LIBSSH2_ERROR_EAGAIN internally before + _libssh2_wait_socket is called, we can decrease some amount of + confusion in user programs by resetting the error code in this function + to reduce the risk of EAGAIN being stored as error when a blocking + function returns. -- Call libssh2_error for every knownhost API failure. +- _libssh2_wait_socket: poll needs milliseconds - The libssh2 API calls should set the last error code and a message when - returning a failure by calling libssh2_error. This changeset adds these - calls to the libssh2_knownhost_* API as well as libssh2_base64_decode. + As reported on the mailing list, the code path using poll() should + multiple seconds with 1000 to get milliseconds, not divide! - This change also makes libssh2_error into a function rather than a macro. - Its implementation is moved to misc.c. This function returns the error - code passed to it allowing callers to return the error value directly - without duplicating the error code. + Reported by: Jan Van Boghout -- Fix LIBSSH2_ALLOC checks. +- typedef: make ssize_t get typedef without LIBSSH2_WIN32 - These appear to be cut-and paste errors where the wrong variable is checked - for NULLness after calling LIBSSH2_ALLOC. + The condition around the ssize_t typedef depended on both LIBSSH2_WIN32 + *and* _MSC_VER being defined when it should be enough to depend on + _MSC_VER only. It also makes it nicer so libssh2-using code builds fine + without having custom defines. -Simon Josefsson (23 Feb 2010) -- Silence compiler warning. +- [John Little brought this change] -- Make it portable; test uses = for string comparison (not ==). Indent. + session_free: free more data to avoid memory leaks -Alexander Lamaison (22 Feb 2010) -- libssh2_knownhost_del: fix write to freed memory. +- channel_free: ignore problems with channel_close() - When removing a known host, libssh2_knownhost_del would remove the node from the linked list, free its memory and then overwrite the struct parameter (which indicated which node to remove) with 0. However, this struct is actually allocated within the just-freed node meaning we're writing to freed memory. This made Windows very upset. + As was pointed out in bug #182, we must not return failure from + _libssh2_channel_free() when _libssh2_channel_close() returns an error + that isn't EAGAIN. It can effectively cause the function to never go + through, like it did now in the case where the socket was actually + closed but socket_state still said LIBSSH2_SOCKET_CONNECTED. - The fix is simply to overwrite the struct first before freeing the memory. - -Daniel Stenberg (21 Feb 2010) -- show more verbose error when SCP send fails - -- libssh2_socket_t is done, a library-free function is needed + I consider this fix the right thing as it now also survives other + errors, even if making sure socket_state isn't lying is also a good + idea. -- clarify that this frees all data associated with a session +- publickey_list_free: no return value from a void function + + Fixed a compiler warning I introduced previously when checking input + arguments more. I also added a check for the other pointer to avoid NULL + pointer dereferences. -- improved error handling +- [Lars Nordin brought this change] -- add missing libssh2_error() calls + openssl: make use of the EVP interface - To make sure the public API is functional and that the - BLOCK_ADJUST_ERRNO() macro works correctly we MUST make sure to - call libssh2_error() when we return errors. + Make use of the EVP interface for the AES-funktion. Using this method + supports the use of different ENGINES in OpenSSL for the AES function + (and the direct call to the AES_encrypt should not be used according to + openssl.org) -- fix memory leak in userauth_keyboard_interactive() +Peter Stuge (23 Jun 2010) +- [Tor Arntsen brought this change] + + Don't overflow MD5 server hostkey - Mr anonymous in bug #125 pointed out that the userauth_keyboard_interactive() - function does in fact assign the same pointer a second time to a new allocated - buffer without properly freeing the previous one, which caused a memory leak. + Use SHA_DIGEST_LENGTH and MD5_DIGEST_LENGTH in memcpy instead of hardcoded + values. An incorrect value was used for MD5. -- added missing error codes +- Fix message length bugs in libssh2_debug() - To allow the libssh2_session_last_error() function to work as - documented, userauth_password() now better makes sure to call - libssh2_error() everywhere before it returns error. + There was a buffer overflow waiting to happen when a debug message was + longer than 1536 bytes. - Pointed out by mr anonymous in bug #128 + Thanks to Daniel who spotted that there was a problem with the message + length passed to a trace handler also after commit + 0f0652a3093111fc7dac0205fdcf8d02bf16e89f. -Peter Stuge (16 Feb 2010) -- Fix resource and memory leaks in examples as reported by cppcheck +- Make libssh2_debug() create a correctly terminated string - Thanks to Ettl Martin for the report and patch. This fixes #132 + Also use FILE *stderr rather than fd 2, which can very well be something + completely different. -Daniel Stenberg (15 Feb 2010) -- mention the new man pages for macros +Daniel Stenberg (23 Jun 2010) +- [TJ Saunders brought this change] -- added man pages for API macros + handshake: Compression enabled at the wrong time - all #defined macros in the public headers are considered to be part - of the API and I've generated individual man pages for each of them - to A) make it easier to figure out what each function/macro actually - is for so that automated lookups work better and for B) make sure we - have all public functions document (both macros and functions) to - make it easier for us to work away from all the macros in a future - release. - -- Committed the patch by Yoichi Iwaki in bug #2929647 + In KEXINIT messages, the client and server agree on, among other + things, whether to use compression. This method agreement occurs + in src/kex.c's kex_agree_methods() function. However, if + compression is enabled (either client->server, server->client, or + both), then the compression layer is initialized in + kex_agree_methods() -- before NEWKEYS has been received. - Committed the patch by Yoichi Iwaki in bug #2929647, which fixed a memory - leak when an 'outbuf' was still allocated when a session was freed. - -- free "outbuf" when killing a session + Instead, the initialization of the compression layer should + happen after NEWKEYS has been received. This looks to occur + insrc/kex.c's diffie_hellman_sha1(), which even has the comment: - Fix memoary leak: if there was an "output" still allocated when a - session was torn down it needs to be freed in session_free() + /* The first key exchange has been performed, - Patch by Yoichi Iwaki in bug #2929647 - -- the working version name is now 1.2.5_DEV - -Version 1.2.4 (13 Feb 2010) - -Daniel Stenberg (13 Feb 2010) -- updated info for 1.2.4 - -Dan Fandrich (10 Feb 2010) -- Allow compiling with OpenSSL when AES isn't available. - -Peter Stuge (9 Feb 2010) -- [Dave McCaldon brought this change] - - Fix Tru64 socklen_t compile issue with example/direct_tcpip.c + switch to active crypt/comp/mac mode */ - Building libssh2-1.2.3 on Tru64 fails at line 48 and 166 because socklen_t - isn't defined on Tru64 unless _POSIX_PII_SOCKET is defined. + There, after NEWKEYS is received, the cipher and mac algorithms + are initialized, and that is where the compression should be + initialized as well. - This patch updates configure.ac to add -D_POSIX_PII_SOCKET when building - on Tru64 platform(s). + The current implementation fails if server->client compression is + enabled because most server implementations follow OpenSSH's + lead, where compression is initialized after NEWKEYS. Since the + server initializes compression after NEWKEYS, but libssh2 + initializes compression after KEXINIT (i.e. before NEWKEYS), they + are out of sync. + + Reported in bug report #180 -- [Dave McCaldon brought this change] +- [TJ Saunders brought this change] - Resolve compile issues on Solaris x64 and UltraSPARC + userauth_hostbased_fromfile: packet length too short - Solaris builds of libssh2-1.2.3 failed on both x64 and UltraSPARC - platforms because of two problems: + The packet length calculated in src/userauth.c's + userauth_hostbased_fromfile() function is too short by 4 bytes; + it forgets to add four bytes for the length of the hostname. + This causes hostbased authentication to fail, since the server + will read junk data. - 1) src/agent.c:145 sun is a reserved word when using the SUNWspro compiler - 2) example/direct_tcpip.c:84 INADDR_NONE is not defined - -Daniel Stenberg (3 Feb 2010) -- towards 1.2.4 now - -Version 1.2.3 (3 Feb 2010) - -Daniel Stenberg (3 Feb 2010) -- Version 1.2.3 (February 3, 2010) + verified against proftpd's mod_sftp module -- fix building out of source tree by proving better include path +- _libssh2_userauth_publickey: reject method names longer than the data - when building out of source tree, we provide -I$(top_builddir)/example - since the libssh2_config.h gets generated in that dir - -Peter Stuge (1 Feb 2010) -- [Sofian Brabez brought this change] + This functions get the method length by looking at the first 32 + bit of data, and I now made it not accept method lengths that are + longer than the whole data set is, as given in the dedicated + function argument. + + This was detected when the function was given bogus public key + data as an ascii string, which caused the first 32bits to create + a HUGE number. - Replace : in hexdump with " " (two spaces) +- NULL resistance: make more public functions survive NULL pointer input + + Sending in NULL as the primary pointer is now dealt with by more + public functions. I also narrowed the userauth.c code somewhat to + stay within 80 columns better. -- Detect when the forwarded connection is closed in example/direct_tcpip.c +- agent: make libssh2_agent_userauth() work blocking properly + + previously it would always work in a non-blocking manner -- Fix example/direct_tcpip.c to work also on WIN32 +Peter Stuge (17 Jun 2010) +- Fix underscore typo for 64-bit printf format specifiers on Windows - read() and write() are no good for WIN32 sockets, use recv() and send(). + Commit 49ddf447ff4bd80285f926eac0115f4e595f9425 was missing underscores. -- Ignore libssh2_config.h.in and stamp-h2 in example/ and remove .cvsignore +Daniel Stenberg (16 Jun 2010) +- libssh2_session_callback_set: extended the man page -- Simplify WIN32 ifdefs in example/direct_tcpip.c to allow standalone compile +- [John brought this change] -- Always #define INVALID_SOCKET -1 in libssh2_priv.h when not on win32 + LIBSSH2_DEBUG: macro uses incorrect function variable - Fix broken builds since commit abd9bd0bbe631efeada1f54552c70b54e1c490c1 - for all non-win32 platforms. - -- Include hmac-md5 and hmac-md5-96 only if crypto backend supports MD5 - -- Use LIBSSH2_HOSTKEY_HASH_SHA1 instead of _MD5 in examples and tests + The LIBSSH2_DEBUG macro, defined in libssh2_priv.h, incorrectly uses the + function variable ssh_msg_disconnect when it should use ssh_msg_debug. - MD5 support is optional and may not always be available, while SHA1 is both - required and recommended. - -- Update mailing list address in configure.ac to @cool.haxx.se + This shows that the LIBSSH2_CALLBACK_DEBUG callback never has worked... -- Make example/direct_tcpip.c compile for win32 +- warning: fix a compiler warning 'pointer differs in signedness' - One warning from FD_SET() remains, it is also in some other examples. - -- Correctly check for an invalid socket in session_startup() - -- Small documentation fix after Dave's _USERAUTH_FAILURE improvement + As reported in bug #177 -- [Dave McCaldon brought this change] +- portability: introduce LIBSSH2_INT64_T_FORMAT for 64bit printf()s + + As pointed out in bug #177, some of the Windows compilers use + %I64 to output 64 bit variables with the printf family. - Handle SSH_MSG_USERAUTH_FAILURE for password and kbd-int authentication +- debug: avoid sending NULL to sprintf %s - Neither libssh2_userauth_password_ex() nor - libssh2_userauth_keyboard_interactive_ex() would return a login failure - error if the server responded with a SSH_MSG_USERAUTH_FAILURE, instead - you would see whatever previous error had occurred, typically - LIBSSH2_ERROR_EAGAIN. + Via the _libssh2_debug() macro/function. Pointed out by john in bug report + +- sftp docs: show macro on macro page, only function on function page - This patch changes error code -18 to LIBSSH2_ERROR_AUTHENTICATION_FAILED - and makes LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED an alias for - LIBSSH2_ERROR_AUTHENTICATION_FAILED. In addition, new logic in - userauth_password() properly handles SSH_MSG_USERAUTH_FAILURE and both - this function and userauth_keyboard_interactive() now properly return - LIBSSH2_ERROR_AUTHENTICATION_FAILED. + The individual man pages for macros now show the full convenience + macro as defined, and then the man page for the actual function + only shows the function. -Simon Josefsson (28 Jan 2010) -- Fix. +- code police: make the code use less than 80 columns -- Also deal with GLOBAL_REQUEST keep-alives. +- libssh2_channel_write_ex: remove macros, added wording on buffer size -- Make OpenSSH-style keepalive work against libssh2 clients. +- libssh2_sftp_write: document buffer size and changed some ordering -Daniel Stenberg (27 Jan 2010) -- clarified +- libssh2_channel_write_stderr: show how the macro is defined -Peter Stuge (26 Jan 2010) -- [Dave McCaldon brought this change] +- libssh2_channel_write: show how the macro is defined - Fix trace context lookup in libssh2_debug() +- SFTP: limit write() to not produce overly large packets - The trace context is actually a bitmask so that tracing output can be - controlled by setting a bitmask using libssh2_trace(). However, the logic - in libssh2_debug() that converted the context to a string was using the - context value as an array index. Because the code used a bounds check on - the array, there was never a danger of a crash, but you would certainly - either get the wrong string, or "unknown". + sftp_write() now limits how much data it gets at a time even more + than before. Since this function creates a complete outgoing + packet based on what gets passed to it, it is crucial that it + doesn't create too large packets. - This patch adds a lookup that iterates over the context strings and uses - it's index to check for the corresponding bit in the context. - -- Fix typo in RELEASE-NOTES - -Daniel Stenberg (20 Jan 2010) -- updated for 1.2.3 with all the stuff I found in the log - -- ignore more generated files + With this method, there's also no longer any problem to use very + large buffers in your application and feed that to libssh2. I've + done numerous tests now with uploading data over SFTP using 100K + buffers and I've had no problems with that. -- [Dave McCaldon brought this change] +- scp_write_nonblock: add transfer time info + + Using the same timing logic and output format as + sftp_write_nonblock allows us to very easily run benchmarks on + SCP vs SFTP uploads using libssh2. - Pass user context through libssh2_trace_sethandler() to callback +- sftp_write_nonblock: select() on socket, use *BIG* buffer, time transfer - The libssh2_trace_sethandler() call allows the user to handle the output of libssh2 rather than having it written to stderr. This patch updates libssh2_trace_sethandler() to allow a user-defined void* context value to be passed back to the output handler. + The select() is just to make it nicer so that it doesn't + crazy-loop on EAGAIN. The buffer size thing is mostly to verify + that this really work as supposed. + + Transfer timing is just a minor thing, but it can just as well be + there and help us time and work on performance easier using out + of the box examples. -- [Dave McCaldon brought this change] +- agent: use _libssh2_error() when returning errors + + As pointed out in bug report #173, this module basically never + used _libssh2_error() which made it work inconstently with other + parts of the libssh2 code base. This is my first take at making + this code more in line with the rest. - Add libssh2_trace_sethandler() to the API (even more) +- inputchecks: make lots of API functions check for NULL pointers + + If an application accidentally provides a NULL handle pointer to + the channel or sftp public functions, they now return an error + instead of segfaulting. -- [Dave McCaldon brought this change] +- libssh2_channel_eof: clarify that it returns negative on errors - Add libssh2_trace_sethandler() to the API +- SFTP: keep the sftp error code as 32 bit + + 'last_errno' holds to the error code from the SFTP protocol and + since that is 32 bits on the wire there's no point in using a + long for this internally which is larger on some platforms. -- cleanup includes +- agent: make the code better deal with unexpected code flows - We now produce a local libssh2_config.h file in this dir for the - examples to use so I cleaned up the include path at the same time. + agent->ops gets initialized by the libssh2_agent_connect() call + but we need to make sure that we don't segfault even if a bad + sequence of function calls is used. -- generate a libssh2_config.h in the example dir +Alexander Lamaison (10 Jun 2010) +- Better handling of invalid key files. - buildconf copies the template to example/ and configure makes sure - to generate a proper file from it and the direct_tcpip.c example - is the first one to use it - to make sure it builds fine on more - paltforms + Passing an invalid public key to libssh2_userauth_publickey_fromfile_ex + triggered an assertion. Replaced this with a runtime check that rejects + obviously invalid key data. -Simon Josefsson (13 Jan 2010) -- Remove redundant #includes and reorder sys/types.h include. +Daniel Stenberg (10 Jun 2010) +- version: we start working on 1.2.7 now -Daniel Stenberg (10 Jan 2010) -- avoid a free(NULL) +Version 1.2.6 (10 Jun 2010) -Simon Josefsson (7 Jan 2010) -- Make it simpler to get more debug info. +Daniel Stenberg (10 Jun 2010) +- NEWS: add the 1.2.6 release details -Daiki Ueno (1 Jan 2010) -- Simplify the commit 63457dfa using type cast from size_t * to ulong *. +- RELEASE-NOTES: 1.2.6 details added -Alexander Lamaison (30 Dec 2009) -- Fixed memory leak in userauth_publickey(). - - userauth_publickey_fromfile() reads the key from a - file using file_read_publickey() which returns two - allocated strings, the decoded key and the key - method (such as "ssh-dss"). The latter can be - derived from the former but returning both avoids a - later allocation while doing so. - - Older versions of userauth_publickey_fromfile() used - this method string directly but when - userauth_publickey() was factored out of - userauth_publickey_fromfile() it derived the method - from the key itself. This resulted in the method - being allocated twice. - - This fix, which maintains the optimisation that - avoids an extra allocation, changes - userauth_publickey() so it doesn't allocate and - derive the method when userauth_pblc_method already - has a value. - - Signed-off-by: Alexander Lamaison +Guenter Knauf (10 Jun 2010) +- fixed libssh2.dsw to use the generated libssh2.dsp; removed old *.dsp files. -Daiki Ueno (25 Dec 2009) -- Fix the return value description of libssh2_knownhost_free(). +- moved MSVC strdup define to libssh2_config.h which we include already. -- Fix compiler warnings for size_t pointers on 32-bit Windows. +- added missing source files to src/NMakefile. -- Define INVALID_SOCKET and use it instead of SOCKET_BAD. +Daniel Stenberg (8 Jun 2010) +- libssh2_poll: refer to poll(3) and select(3) instead + +- example: fix strdup() for MSVC compiles - Revert the part of previous commit that defines SOCKET_BAD library wide. + MSVC has a _strdup() that we better use. This was reported in bug -- Use libssh2_socket_t in the ssh-agent stuff. - Define a portability macro SOCKET_BAD which means "invalid socket". +- SFTP: fail init SFTP if session isn't authenticated + + Alexander Lamaison filed bug #172 + (http://trac.libssh2.org/ticket/172), and pointed out that SFTP + init would do bad if the session isn't yet authenticated at the + time of the call, so we now check for this situation and returns + an error if detected. Calling sftp_init() at this point is bad + usage to start with. -- Mark/unmark connection to Pageant is open/close. +- direct_tcpip: bring back inclusion of libssh2_config.h + + In order to increase portability of this example, I'm bringing + the inclusion of libssh2_config.h back, and I also added an + require that header for this example to compile. + + I also made all code lines fit within 80 columns. -- Add test to check if the socket is connected. +Guenter Knauf (3 Jun 2010) +- cast away a warning. -Peter Stuge (24 Dec 2009) -- Add libssh2.pc to top-level .gitignore +- moved CRT_SECURE_NO_DEPRECATE define up so its defined before the winsock headers are included. -- Fix publickey authentication regression - - Commit 70b199f47659a74b8778c528beccf893843e5ecb introduced a parsing - bug in file_read_publickey() which made the algorithm name contain an - extra trailing space character, breaking all publickey authentication. +- fixed platform detection for MingW32 test makefile. -- Add a direct-tcpip example which shows local port forwarding +- MingW32 has gettimeofday() implemented, so proper ifdef this function here. -- Add session parameter and LIBSSH2_TRACE_SOCKET to libssh2_trace(3) man page +- removed MSVC ifdef since seems we can use __int64 still with latest headers. -- Add TODO: Expose error messages sent by the server +- changed copyright notice for MinW32 and NetWare binaries. -Daiki Ueno (23 Dec 2009) -- Fix doc comments. +- cleaned up MSVC ifdefs which where spreaded over 3 places. -- Add man pages for ssh-agent API. +- added uint8_t typedef for NetWare CLIB platform. -- Don't request userauthlist after authentication. +- if the function declaration gets changed the header should be changed too. -Simon Josefsson (21 Dec 2009) -- Add. +- this is MSVC specific and doesnt apply for all Win32 compilers; + the uint8_t typedef clashes with MingW32 headers. -- [Daiki Ueno brought this change] +- updated MingW32 makefiles for latest dependency lib versions. - Add an example to use ssh-agent API. - - Signed-off-by: Simon Josefsson +- updated NetWare makefiles for latest dependency lib versions. -- [Daiki Ueno brought this change] +Dan Fandrich (30 May 2010) +- Fixed compiling with libgcrypt + + A change of parameter types from unsigned long to size_t was + missed in the prototype in libgcrypt.h - Add ssh-agent API. +Daniel Stenberg (28 May 2010) +- statvfs: use libssh2_sftp_statvfs only, no "_ex" - Signed-off-by: Simon Josefsson + As the long-term goal is to get rid of the extensive set of + macros from the API we can just as well start small by not adding + new macros when we add new functions. Therefore we let the + function be libssh2_sftp_statvfs() plainly without using an _ex + suffix. + + I also made it use size_t instead of unsigned int for the string + length as that too is a long-term goal for the API. -- [Daiki Ueno brought this change] +- [Grubsky Grigory brought this change] - Add callback-based API for publickey auth. - - Signed-off-by: Simon Josefsson + DSP: output lib name typo -- Move examples from example/simple to example/. +- [Grubsky Grigory brought this change] -- Move examples from example/simple to example/. + win32: provide a uint8_t typedef for better building on windows -Daniel Stenberg (17 Dec 2009) -- _libssh2_list_insert() fixed to work +- agent: win32: fix bad _libssh2_store_str call - While this is code not currently in use, it is part of the generic linked - list code and since I found the error I thought I'd better fix it since we - might bring in this function into the code one day. + As pointed out by Grubsky Grigory , I + made a mistake when I added the _libssh2_store_str() call before + and I made a slightly different patch than what he suggested. + Based purely on taste. -Simon Josefsson (16 Dec 2009) -- Silence compiler warnings. +Peter Stuge (24 May 2010) +- [Joey Degges brought this change] + + Add libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs() - Based on patch by Kamil Dudka in - . + These can be used to get file system statistics from servers that + support the statvfs@openssh.com and fstatvfs@openssh.com extensions. -- [Kamil Dudka brought this change] +Alexander Lamaison (22 May 2010) +- [Jose Baars brought this change] - libgcrypt: simplify code of _libssh2_dsa_sha1_sign - - Signed-off-by: Simon Josefsson + VMS specific: make sure final release can be installed over daily build -- [Kamil Dudka brought this change] +- [Jose Baars brought this change] - libgcrypt: follow-up for ssh-dss padding fix - - Signed-off-by: Simon Josefsson + VMS: small improvement to the man2help utilities -Dan Fandrich (15 Dec 2009) -- Check for the right environment variable in the test app +Peter Stuge (22 May 2010) +- [Joey Degges brought this change] -Simon Josefsson (14 Dec 2009) -- Silence warning about unused function parameter. - - Reported by Steven Van Ingelgem . + libssh2_exit and libssh2_sftp_readdir man page fixes -Daniel Stenberg (10 Dec 2009) -- avoid returning data to memory already freed +Daniel Stenberg (21 May 2010) +- spelling: s/sue/use + +Alexander Lamaison (21 May 2010) +- Change magic port number for generic knownhost check. - In case of failure we must make sure that the data we return - doesn't point to a memory area already freed. Reported anonymously - in the bug report #2910103. + libssh2_knownhost_checkp took 0 as a magic port number that indicated + a 'generic' check should be performed. However, 0 is a valid port + number in its own right so this commit changes the magic value to any + negative int. -Peter Stuge (8 Dec 2009) -- Use LIBSSH2_TRACE_* internally and remove redundant LIBSSH2_DBG_* +Mikhail Gusarov (5 May 2010) +- Add re-discovered copyright holders to COPYING -- Add LIBSSH2_TRACE_SOCKET context for tracing send() and recv() +- Restoring copyright statements from pre-git era - Helpful in debugging the -39 errors. + Eli Fant has contributed fragmenting SFTP requests -- Another transport layer fix for bogus -39 (LIBSSH2_ERROR_BAD_USE) errors - - Commit 683aa0f6b52fb1014873c961709102b5006372fc made send_existing() send - more than just the second part of a packet when the kernel did not accept - the full packet, but the function still overlooked the SSH protocol - overhead in each packet, often 48 bytes. +- Restoring my copyright statements from pre-git era - If only the last few bytes of a packet remained, then the packet would - erroneously be considered completely sent, and the next call to write - more data in the session would return a -39 error. - -Daniel Stenberg (6 Dec 2009) -- move local variable to be more localized + keyboard_interactive, 'exit-status' information packet, non-atomic read/write + under FreeBSD, multi-channel operation bugfixes. -- fixed some indent mistakes +Daniel Stenberg (3 May 2010) +- pedantic: make the code C90 clean -Peter Stuge (6 Dec 2009) -- Fix padding in ssh-dss signature blob encoding - - DSA signatures consist of two 160-bit integers called r and s. In ssh-dss - signature blobs r and s are stored directly after each other in binary - representation, making up a 320-bit (40 byte) string. (See RFC4253 p14.) - - The crypto wrappers in libssh2 would either pack r and s incorrectly, or - fail, when at least one integer was small enough to be stored in 19 bytes - or less. - - The patch ensures that r and s are always stored as two 160 bit numbers. +Peter Stuge (3 May 2010) +- Do proper keyboard-interactive user dialog in the sftp.c example -- Don't always clear write direction blocking flag - - When libssh2_transport_write() is called to continue sending a - partially sent packet the write direction flag must not be cleared - until the previous packet has been completely sent, or the app would - hang if the packet still isn't sent completely, since select() gets - called by the internal blocking emulation layer in libssh2 but would - then not be watching the socket for writability. +Daniel Stenberg (3 May 2010) +- added to tarball: libssh2_knownhost_checkp.3 + +- knownhost: support [host]:port in knownhost file - Clear the flag only once processing of previous packet data is - complete and a new packet is about to be prepared. + OpenSSH has ways to add hosts to the knownhosts file that include + a specific port number which makes the key associated with only + that specific host+port pair. libssh2 previously did not support + this, and I was forced to add a new function to the API to + properly expose this ability to applications: + libssh2_knownhost_checkp() + + To *add* such hosts to the knownhosts file, you make sure to pass + on the host name in that manner to the libssh2_knownhost_addc() + function. -Alexander Lamaison (24 Nov 2009) -- Detabify. +- init/exit: mention these were added in 1.2.5 -- [Daniel Stenberg brought this change] +- libssh2_knownhost_check docs: correct the prototype - Fixed memory leak in sftp_fstat(). +- examples: avoid use of uninitialized variable 'sock' -Simon Josefsson (17 Nov 2009) -- Mark date of 1.2.2 release. +- KEX: stop pretending we negotiate language + + There was some stub-like parts of an implementation for + implementing kex language negotiation that caused clang-analyzer + to warn and as it did nothing I've now removed the dead code. -- Merge branch 'master' of ssh://git.stuge.se/var/lib/git/libssh2 +- Uninitialized argument -Version 1.2.2 (16 Nov 2009) +- sftpdir: removed dead assignment -Daniel Stenberg (16 Nov 2009) -- prepared for 1.2.2 +- Makefile.am: include the VMS-specific config header as well -Simon Josefsson (16 Nov 2009) -- Improve NEWS items. +- [Jose Baars brought this change] -- Support AES-Counter ciphers. + Add VMS specific libssh2_config.h -- Silence compiler warning. +- fix Value stored to 's' is never read warning - Reported by Steven Van Ingelgem - in . - -- Mention libssh2-style.el. + and moved variable declaration of s to be more local -- Use memmove instead of memcpy on overlapping memory areas. +- kexinit: simplify the code and avoid scan-build warning - Reported by Bob Alexander in - . + Previously it would say "Value stored to 's' is never read" due + fourth increment of 's'. -- Add. +Alexander Lamaison (28 Apr 2010) +- Removed unecessary brackets. -- Protect against crash on too small SSH_MSG_IGNORE packets. - - Reported by Bob Alexander - in . +- Changed sftp_attrsize macro to a static function. -- add copyright line +Daniel Stenberg (28 Apr 2010) +- release: include the VMS-specific files -- support arcfour128 cipher per RFC 4345 +- sftp_attrsize: protect the macro argument with proper parentheses -Daniel Stenberg (21 Oct 2009) -- [Cristian Rodríguez brought this change] +- ssh2_agent: avoid using 'session' uninitialized on failures - add support for GCC visibility features +- examples: remove assignments of variable rc that's never used -Simon Josefsson (19 Oct 2009) -- less hard coding of cipher mode in libgcrypt backend +- publickey_init: remove useless variable increment -Daniel Stenberg (18 Oct 2009) -- [Juzna brought this change] +- hostkey_method_ssh_rsa_init: remove useless variable increment - libssh2_channel_forward_accept() and listening fixes +- packet_x11_open: removed useless variable increment - The forward accepting was not done right before, and the - packet_queue_listener function didn't assign a necessary - variable. All fixed by Juzna. I (Daniel) modified the - forward_accept() change somewhat. - -- added man page for libssh2_knownhost_free + and made the declaration of a variable more local -- more CVS => DEV conversions +- packet_queue_listener: removed useless variable increment + + and made the declaration of a variable more local -- remove references to "CVS" +- sftp_read: move a read_responses array to where its used + + I find that this increases readability since the array is used + only in the function call just immediately below and nowhere + else. -- we are on the 1.2.2 track nowadays +- sftp_readdir: turn a small array static const and move it -Peter Stuge (17 Oct 2009) -- Ensure that win32/libssh2.dsp will be generated with CRLF line endings +- sftp_attrsize: converted function to a macro - First, win32/msvcproj.{head,foot} are now committed with CRLF line endings, - and .gitattributes specifies that these should not be changed on checkout or - commit. These are win32 files so it makes sense to store them with native - line endings. + This way, the macro can evaluate a static number at compile time + for two out of four uses, and it probably runs faster for the + other two cases too. + +- sftp_open: deal with short channel_write calls - Second, the rules for generating libssh2.dsp and libssh2.vcproj are changed - so that the full file contents passes through awk, which strips all CR and - then prints each line with one CRLF line ending. Stripping CR is important - to avoid CRCRLF in case the input already comes with CRLF. + This was an old TODO that just wasn't done before. If + channel_write returns short, that is not an error. -Dan Fandrich (29 Sep 2009) -- Make sure permissions on the private host key file is tight enough that - sshd doesn't complain. Quote $srcdir to try to cope with embedded spaces. +- sftp_open: clean up, better check of input data + + The clang-analyzer report made it look into this function and + I've went through it to remove a potential use of an + uninitialized variable and I also added some validation of input + data received from the server. + + In general, lots of more code in this file need to validate the + input before assuming it is correct: there are servers out there + that have bugs or just have another idea of how to do the SFTP + protocol. -Peter Stuge (30 Sep 2009) -- Clarify the scp_write examples slightly and use an octal mask for the mode +- bugfix: avoid using the socket if it failed to create one -Version 1.2.1 (29 Sep 2009) +- bugfix: potential use of NULL pointer -Daniel Stenberg (29 Sep 2009) -- 1.2.1 preparations +- libssh2_userauth_password_ex: clarify errors somewhat + + The errors mentioned in this man page are possible return codes + but not necessarily the only return codes that this can return. + + Also reformatted the typ prototypes somewhat. -- remove ChangeLog and win32/libssh2.dsp only at make distclean +- examples: fixed and made them more similar + + The channel read/write functions can return 0 in legitimate cases + without it being an error, and we need to loop properly if they + return short. -Simon Josefsson (23 Sep 2009) -- Fix shell usage. +- [Jose Baars brought this change] -Daniel Stenberg (22 Sep 2009) -- clarify that the paths are the remote ones + VMS port of libssh2; changes in the libssh2 common code -- let hpux systems build with _REENTRANT defined as well +- Makefile: added the two news headers userauth.h and session.h -- updated to match reality +- cleanup: prefer the internal functions - I went over the commit log and added what I believe is all notable - changes and bugfixes since the 1.2 release + To get the blocking vs non-blocking to work as smooth as possible + and behave better internally, we avoid using the external + interfaces when calling functions internally. + + Renamed a few internal functions to use _libssh2 prefix when not + being private within a file, and removed the libssh2_ for one + that was private within the file. -Peter Stuge (20 Sep 2009) -- Fix scp examples to loop correctly over libssh2_channel_write() +- session_free: remove dead code -- Fix transport layer bug causing invalid -39 (LIBSSH2_ERROR_BAD_USE) errors - - The channel layer sends packets using the transport layer, possibly - calling _libssh2_transport_write() many times for each packet. +- libssh2_publickey_init: fixed to work better non-blocking - The transport layer uses the send_existing() helper to send out any - remaining parts of previous packets before a new packet is started. + This was triggered by a clang-analyzer complaint that turned out + to be valid, and it made me dig deeper and fix some generic non- + blocking problems I disovered in the code. - The bug made send_existing() consider the entire packet sent as soon as it - successfully sent the second part of a packet, even if the packet was not - completely done yet. - -Daniel Stenberg (19 Sep 2009) -- [Neil Gierman brought this change] + While cleaning this up, I moved session-specific stuff over to a + new session.h header from the libssh2_priv.h header. - Added gettimeofday() function for win32 +- channel: reduce duplicated free and returns - Neil Gierman's patch adds a gettimeofday() function for win32 - for the libssh2_trace() functionality. The code originates from - cygwin and was put in the public domain by the author - Danny Smith + Simplified the code by trying to free data and return on a single + spot. -- libssh2_channel_read_ex() must return 0 when closed +- channel: make variables more local - If the channel is already at EOF or even closed at the end of the - libssh2_channel_read_ex() function and there's no data to return, - we need to signal that back. We may have gotten that info while - draining the incoming transport layer until EAGAIN so we must not - be fooled by that return code. - -Dan Fandrich (16 Sep 2009) -- Ignore tags file + By making 'data' and 'data_len' more local in several places in + this file it will be easier to spot how they are used and we'll + get less risks to accidentally do bad things with them. -- Some platforms need sys/socket.h included before netinet/in.h. - Fixed an unused variable compiler warning. +Mikhail Gusarov (24 Apr 2010) +- Fix typos in manpages, catched by Lintian -Daniel Stenberg (16 Sep 2009) -- libssh2_channel_wait_closed() could hang +Daniel Stenberg (24 Apr 2010) +- channel_request_pty: simplify the code - libssh2_channel_wait_closed() had a bad loop waiting for the - channel to close, as it could easily miss the info and then if - the socket would be silent from that moment the funtion would - hang if in blocking-mode or just return EAGAIN wrongly to the - app. The drain-transport loop now correctly checks if the close - has arrived. + clang-analyzer pointed out how 'data' could be accessed as a NULL + pointer if the wrong state was set, and while I don't see that + happen in real-life the code flow is easier to read and follow by + moving the LIBSSH2_FREE() call into the block that is supposed to + deal with the data pointer anyway. -- make libssh2_scp_send/recv do blocking mode correctly +- libssh2_channel_process_startup: simplify the code - Somehow I had completely missed to make the libssh2_scp_send/recv - functions support the blocking mode the correct way so when I - cleaned up things the other day blocking mode broke for them... - Fixed now. - -Guenter Knauf (8 Sep 2009) -- changed NetWare test makefile static link order - -- removed conditional sources from Makefile.inc - added ifdef blocks to libgcrypt.c, pem.c, openssl.c - -Simon Josefsson (7 Sep 2009) -- Fix compilation errors. + clang-analyzer pointed out how 'data' could be accessed as a NULL + pointer if the wrong state was set, and while I don't see that + happen in real-life the code flow is easier to read and follow by + moving the LIBSSH2_FREE() call into the block that is supposed to + deal with the data pointer anyway. -Guenter Knauf (6 Sep 2009) -- some more NetWare build fixes. +- sftp_close_handle: add precation to not access NULL pointer + + clang-analyzer pointed this out as a "Pass-by-value argument in + function call is undefined" but while I can't see exactly how + this can ever happen in reality I think a little check for safety + isn't such a bad thing here. -- some more NetWare makefile fixes. +- scp_write_nonblock: Value stored to 'nread' is never read -- added sys/select.h include to samples for fd_set on NetWare. +- scp_write: Value stored to 'ptr' is never read -- accept CFLAGS from environment. +- scp_write_nonblock: Value stored to 'ptr' is never read -- some more .cvsignore / .gitignore fixes. +- sftp_mkdir: less silly output but show failures -- renamed .cvsignore to .gitignore. +- [Jose Baars brought this change] -- changed conditional into make language. + VMS port of libssh2 including VMS specific build procedures -- changed NetWare and MingW32 makefile to use Makefile.inc. +- two variable types changes, made lines less than 80 columns + + The two variable type changes are only to match type variable + fields actually read from the binary protocol. -Daniel Stenberg (2 Sep 2009) -- CVS leftovers removed +- remove check for negative padding_length + + It was silly, since it is read as an unsigned char... -- libssh2_version() exists since 1.1 +- hostkey_method_ssh_dss_init: Value stored to 's' is never read -Hacki (2 Sep 2009) -- added knownhost.c to makefiles. +- libssh2_banner_set: avoid unnecessary increment and explain code -Alexander Lamaison (2 Sep 2009) -- Pass private-key to OpenSSL as a filename with BIO_new_file(). - - This keeps all FILE* handling on the OpenSSL side of the DLL boundary avoiding crashes on Windows while removing the need for libssh2 to read the private key file into memory. This is now done by OpenSSL which is likely to do a better job of it. +- agent_transact_unix: remove unused variable -Daniel Stenberg (1 Sep 2009) -- generate and install libssh2.pc - - oh these are necessary libssh2.pc changes too +- remove two unnecessary increments -- first take at producing and installing a pkg-config file +- more code converted to use _libssh2_store_*() -- renamed to .ac +- libssh2_publickey_list_fetch: removed unused variables -- renamed to the modern name "configure.ac" +- libssh2_publickey_init: remove unused variables -- always braces and else and brace on the same line removed +- libssh2_scp_send64: added to API to provide large file transfers - I don't follow those particular guidelines myself so I think I'd - rather remove them here and keep my style than the opposite. As - I am the most frequent writer of code for the moment. + The previously existing libssh2_scp_send_ex() function has no way + to send files that are larger than 'size_t' which on 32bit + systems mean 4GB. This new API uses a libssh2_int64_t type and + should thus on most modern systems be able to send enormous + files. -- _libssh2_channel_write() only sends the 32K first bytes - - In theory we could split larger buffers into several smaller - packets to pass to transport_write(), but for now we instead only - deal with the first 32K in this call and assume the app will call - this function again with the rest! The 32K size is a - conservative limit based on the text in RFC4253 section 6.1. +- sftp_init: remove unused variables and assignments -- document _libssh2_channel_write's return code +- libssh2_knownhost_check: Value stored to 'keylen' is never read -- s/libssh2_channel_write_ex/_libssh2_channel_write internally +- hostkey: fix compiler warning -- call libssh2_error() when transport_write() returns EAGAIN - - _libssh2_channel_write() should never return error without - libssh2_error() getting called +- remove unused variable -- clarify that zero can be returned without meaning error +- data types: convert more to use size_t and uint32_t -- remove debug leftovers +- channel: variable type cleanups -- channel_read() was changed to _libssh2_channel_read() as lots of - internal code was changed to use that instead of wrongly using - libssh2_channel_read_ex(). Some files now need to include - channel.h to get this proto. +- cleanups: better binary packet gen, size_t fixes and PACKET_* removal - channel_read() calls libssh2_error() properly on transport_read() - failures + I'll introduce a new internal function set named - channel_read() was adjusted to not "invent" EAGAIN return code in - case the transport_read() didn't return it + _libssh2_store_u32 + _libssh2_store_u64 + _libssh2_store_str - channel_close() now returns 0 or error code, as - documented. Previously it would return number of bytes read in - the last read, which was confusing (and useless). - -- changed all return EAGAIN to return the variable instead + That can be used all through the library to build binary outgoing + packets. Using these instead of the current approach removes + hundreds of lines from the library while at the same time greatly + enhances readability. I've not yet fully converted everything to + use these functions. - I made this change just to easier grep for "return .*EAGAIN" cases - as they should be very rare or done wrongly. Already worked to find - a flaw, marked with "TODO FIXME THIS IS WRONG" in channel.c. I also - fixed a few cases to become more general returns now when we have - more unified return codes internally. - -- _libssh2_channel_write() must not invent EAGAIN situations + I've converted LOTS of 'unsigned long' to 'size_t' where + data/string lengths are dealt with internally. This is The Right + Thing and it will help us make the transition to our + size_t-polished API later on as well. - it is important that only the transport layer can generate EAGAIN - error codes so that we limit where we need to set direction bits - and more. When the local window is too small to send data we simply - stop trying to send and (risk) returning zero in - _libssh2_channel_write() - -- error code cleanup - -- remove all libssh2pack_t leftovers - -- removed the libssh2pack_t type + I'm removing the PACKET_* error codes. They were originally + introduced as a set of separate error codes from the transport + layer, but having its own set of errors turned out to be very + awkward and they were then converted into a set of #defines that + simply maps them to the global libssh2 error codes instead. Now, + I'l take the next logical step and simply replace the PACKET_* + defines with the actual LIBSSH2_ERROR_* defines. It will increase + readability and decrease confusion. - and a minor _libssh2_transport_read() simplification + I also separated packet stuff into its own packet.h header file. -- fix return codes, shortened a very long function name +- clarified the return code -- remove use of libssh2_channel_receive_window_adjust +- rename libssh2_error to the correct _libssh2_error - _libssh2_channel_receive_window_adjust is the new replacement that - is both the correct internal version instead of the external API one, - and it has the return code flaw fixed. I also fixed more return - codes to pass long the correct error found. - -- more proper return codes, added a missing libssh2_error() call + We reserve ^libssh2_ for public symbols and we use _libssh2 as + prefix for internal ones. I fixed the intendation of all these + edits with emacs afterwards, which then changed it slightly more + than just _libssh2_error() expressions but I didn't see any + obvious problems. -- clear socket_block_directions bits before send/recv +- data type cleanup: made lots of code use size_t etc - These two places are the only places where send and recv are called - outside of transport.c so make sure they clear/set the bits correctly. + A lot of code used 'unsigned long' and the likes when it should + rather just use plain 'int' or use size_t for data lengths. -- simplified fullpacket, clarified _libssh2_transport_write() comment +- wait_socket: make c89 compliant and use two fd_sets for select() -- cleaned up _libssh2_packet_add() +- sftp_readdir: always zero terminate, detail the return code - removed some code duplication, changed a few return -1 to return - error codes instead and added a missing libssh2_error() invoke - -- convert return -1 instances to return [proper error code] - -- simplify code by removing code duplication + I also added a description for the 'longentry' field which was + previously undocumented! -- fix several return -1 to return a proper error code +- sftp_readdir: simplified and bugfixed - On many places in the code there have been laziness return -1 - statements lying around that should be fixed to return sensible - error codes. Here's a take at fixing a few offenders. - -- change transport to use unified error codes + This function no longer has any special purpose code for the + single entry case, as it was pointless. - I added three new public error codes, and then modified the return - codes we use in the transport layer to use the generic error codes - so that there won't be any risk of internal confusions due to - different error code sets. - -- changes from int to libssh2_socket_t for sokcets + The previous code would overflow the buffers with an off-by-one + in case the file name or longentry data fields received from the + server were exactly as long as the buffer provided to + libssh2_sftp_readdir_ex. - modified two functions to use libssh2_socket_t instead of int - when referring to a socket descriptor - -- introducing libssh2_socket_t type and fixed iovec for windows + We now make sure that libssh2_sftp_readdir_ex() ALWAYS zero + terminate the buffers it fills in. - Steven Van Ingelgem introduces libssh2_socket_t as a generic socket - type to use internally to avoid compiler warnings and mistakes. Also, - the private struct iovec declaration for windows is now made to look - like the POSIX struct does. - -- linked list changes and minor bug fixes - -- linked list code is now converted to new functions - -- remove superfluous braces and re-indent somewhat + The function no longer calls the libssh2_* function again, but + properly uses the internal sftp_* instead. -- move over lots of code to the _libssh2_list_* functions +- channel/transport: we now drain the outgoing send buffer when we ignore EAGAIN - and I fixed a few minor bugs at the same time - -- converted listeners to the linked list functions + When we ignore the EAGAIN from the transport layer within channel_write, we + now drain the outgoing transport layer buffer so that remainders in that + won't cause any problems in the next invoke of _libssh2_transport_write() -- moved the handling of SFTP handles to new linked list code - - Each SFTP file handle is now handled by the "mother-struct" - using the generic linked list functions. The goal is to move - all custom linked list code to use this set of functions. - - I also moved the list declarations to the misc.h where they - belong and made misc.h no longer include libssh2_priv.h itself - since now libssh2_priv.h needs misc.h... +- channel_write: if data has been sent, don't return EAGAIN - In misc.c I added a #if 0'ed _libssh2_list_insert() function - because I ended up writing one, and I believe we may need it here - too once we move over more stuff to use the _libssh2_list* family. + When sending data in a loop, we must not return EAGAIN if we + managed to send data in an earlier round. This was reported in + bug #126 => http://libssh2.stuge.se/ticket/126 -- correct the comment for _libssh2_list_add() +Simon Josefsson (14 Apr 2010) +- Fix OpenSSL AES-128-CTR detection. - it adds the new node to the _end_ of the list - -Alexander Lamaison (16 Aug 2009) -- [Steven Van Ingelgem brought this change] - - Suppress signed/unsigned comparison warning. - -Daniel Stenberg (11 Aug 2009) -- added contributors from the 1.2 release notes + Patch from Paul Howarth . -Simon Josefsson (11 Aug 2009) -- Need to use $(EXEEXT) on programs in TESTS to fix mingw cross-compiles. +Daniel Stenberg (13 Apr 2010) +- version in header file now says 1.2.6-DEV -Daniel Stenberg (10 Aug 2009) -- start working on 1.2.1 +- 1.2.6: clean the RELEASE-NOTES for next release round -Version 1.2 (10 Aug 2009) +- NEWS: add the stuff from the version 1.2.5 RELEASE-NOTES -Daniel Stenberg (10 Aug 2009) -- Version 1.2 (August 10, 2009) +Version 1.2.5 (13 Apr 2010) -- revert parts of the b95fe985af3c80a2babcaaaf7da69a15b1237c49 commit - - Alexander Lamaison tracked down that my previous commit broke SFTP - reads in some aspects. The reversion now gets back to always recv() - until EAGAIN is returned so that the code no longer treats a short - read as an indication that it is "enough for now". +Daniel Stenberg (13 Apr 2010) +- channel_close: no longer wait for the SSH_MSG_CHANNEL_CLOSE message - The bad commit in particular had another independent change included, - which is to clear the direction-bits first in the transport read - and write functions, but this reversion does not revert that change. - Clearing those bits first is a good thing. + As the packet may simply not arrive we cannot have the close + function wait for it unconditionally. -- Fix some nroff formatting +- less code duplication in the poll vs select code flows - Patch by Sofian Brabez + libssh2_keepalive_send and libssh2_session_block_directions are + now used outside of the #ifdef blocks. -Alexander Lamaison (2 Aug 2009) -- Replaced calls to OpenSSL FILE-pointer functions. - - Passing a FILE* argument across a DLL boundary causes problems on Windows. Instead the keys are read into memory by libssh2 and passed to the OpenSSL functions as BIO* arguments. +- make it C90 compliant -Daniel Stenberg (31 Jul 2009) -- Add missing names - - I went over the NEWS and git log outputs and added all mentioned - contributors through the project's history. I want us to make an - effort to give credit to everyone who contributes, big or small. +- updated with all changes and bugs since 1.2.4 -- fix the C99 variadic macro use for _libssh2_debug() +- Added LIBSSH2_SFTP_S_IS***() macros and updated docs - George Neill pointed out that the C99 vararg marcro use was - wrong, and I edited his suggested patch slightly and unified - both prec99-GCC and C99 into the same macro. - -- Include RELEASE-NOTES in the release package + libssh2_sftp_fstat_ex.3 is now extended quite a lot to describe a + lot of the struct and the bits it uses and how to test for them. -- Release notes for the pending release +- sftp_init() deal with _libssh2_channel_write() returns short - I hope to maintain this file during development so that we also add - changes and bugfixes to it when we change things. Makes the daily - snapshots better and makes less of a hurdle when the release day - comes. + When _libssh2_channel_write() is asked to send off 9 bytes, the + code needs to deal with the situation where less than 9 bytes + were sent off and prepare to send the remaining piece at a later + time. -- bad debugdump() causes SIGSEGV, partial sends not done right +- handle a NULL password as if it was "" - The anonymous bug report #2822910 pointed out that debugdump() was - stupidly called within the send_existing() function. At closer - inspection was the report not only right, but it also revealed - another problem to me: when the _libssh2_send() function returns - after sending only a part of the buffer, it would then misbehave. - This probably is very rare though, which must be the reason we - haven't seen a bigger problem with this. + libssh2_userauth_publickey_fromfile_ex() takes a "passphrase" + but didn't deal with it being set to NULL. -Simon Josefsson (28 Jul 2009) -- Silcen compiler warnings. +- Reduce used window sizes by factor 10 + + As reported in bug report #166 http://libssh2.stuge.se/ticket/166 + by 'ptjm', the maximum window size must be less crazy for libssh2 + to do better with more server implementations. I did not do any + testing to see how this changes raw SCP performance, but the + maximum window size is still almost 4MB. This also has the upside + that libssh2 will use less memory. -Daniel Stenberg (27 Jul 2009) -- added two new issues to fix: socket type and better windowing +Peter Stuge (28 Mar 2010) +- Correctly clear blocking flag after sending multipart packet - * make sure the windowing code adapts better to slow situations so that it - doesn't then use as much memory as today + commit 7317edab61d2179febc38a2c2c4da0b951d74cbc cleared the outbound + blocking bit when send_existing() returned PACKET_NONE and *ret=0, as + opposed to before even calling send_existing(), but because *ret=1 when + sending parts 2..n of an existing packet, the bit would only be cleared + when calling libssh2_transport_write() for a new packet. - * Introduce a 'libssh2_socket_t' type for sockets in internal code + Clear the direction flag after the final part of a packet has been sent. -- remove superfluous check for large packets +Daniel Stenberg (24 Mar 2010) +- Added man page for libssh2_knownhost_addc() - as we're already doing the correct check further down anyway there's no point - in doing the (wrong) check further up as well. Paul Veldkamp pointed this out. - -Simon Josefsson (22 Jul 2009) -- Fix make distcheck problems. - -Daniel Stenberg (18 Jul 2009) -- parts of the previous VS project files commit + Added mention in libssh2_knownhost_add() docs that + libssh2_knownhost_addc() is the preferred function now. -- From: Neil Gierman - - Makefile changes to generate MSVS project files - - - I integrated the libssh2_lib.dsp and libssh2_dll.dsp into a single - libssh2.dsp with different targets for lib vs dll - - Since I run Visual Studio 2008 with VC++9 I did not do vcproj files since - I would have newer vc8proj.head|foot than what others will be running - - My patch only has changes to Makefile.am's. I noticed that Makefile.in's - are included in the daily snapshots but they should be generated from the - .am's - - The 3 new files are msvcproj.head and msvcproj.foot for the beginning and - ending of the dsp file, and a new Makefile.inc that will have the source and - header file names. NOTE: All new source files will need to be added to - Makefile.inc and NOT Makefile.am now. - - I moved the win32 dir before the include dir - - I modified the dsw file so it points to the new libssh2.dsp project file +- at next soname bump remove libssh2_knownhost_add() -- From: Alexander Lamaison - Make the public headers includable on their own +- ignore TAGS ("make tags" makes them) -- From: Steven Van Ingelgem - check first for libtoolize, and then for glibtoolize +- fix memory leak - Mac OS X (and others?) needs this + we must not assign the pointer a NULL since it keeps allocated + data and at least parts of an error string -- Fix knownhost checking of non-hashed hosts +- fixed the pattern for avoiding the poll check - From: Ben Kibbey + added some comments about known problems with poll on darwin -- Fix the functionality again with hashed host names again. +- avoid checking for poll on some systems - The breakage came with commit 8b46528c0476af50a43b6e619f2db318a0cad194. - -- [Peter Stuge brought this change] + darwin and interix are known to have broken poll implementations + so we skip the check on those and thus have them use select + unconditionally - Update mailing list URL to new address +- ignore libssh2.dsp -- const'ify two arguments to libssh2_knownhost_check() +Simon Josefsson (23 Mar 2010) +- Fix logic in "on-the-fly" crypto init. -- Fix compiler warnings appearing with VS2008. Based on Steven Van Ingelgem's - patch in #2787839 with a bunch of additional edits by yours truly. +- Make sure keepalive is working even when poll is used. -- Applied Francois Dupoux's extra checks for weird packet or padding length in - incoming packets. We really need to bail out this way on weird input. - bug report #2814613 +- [Paul Querna brought this change] -- Mark McPherson posted bug report #2815836 pointing out that the custom memory - functions were not given the correct data as argument. This is now fixed even - if I personally don't quite grasp why abstract is passed as a pointer to - pointer all over libssh2... + Use poll when available on blocking API. + + Signed-off-by: Simon Josefsson -- Ben Kibbey added a type parameter to the libssh2_session_hostkey() function, - which hasn't yet been in a public release so changing the API is fine! +Peter Stuge (20 Mar 2010) +- Fix speling -- Guenter Knauf fixed this example to build on win32 +Daniel Stenberg (19 Mar 2010) +- fix NULL dereference when window adjusting a non-existing channel + + Suyog Jadhav pointed out that when receiving a window adjust to + a channel not found, the code would reference a NULL pointer. + Now it will instead output a message about that fact. -- corrected (again) +Simon Josefsson (19 Mar 2010) +- Fix build problem. -- clarify +- Eat our own dog food, call libssh2_init and libssh2_exit in the examples. -- Neil Gierman pointed out in bug report #2809163 that these two files cannot - include the public libssh2.h header as it breaks the compile on window. I'll - adapt to this now, but in the long run I think we should rather fix the - includes so that we _can_ include the public headers properly. +- Fix init/exit logic. Add self-test of it. -- fixed the length check in knownhost_writeline() since <= is actually good - enough when the size includes the trailing zero +Daniel Stenberg (19 Mar 2010) +- fix typo -- After a mention from Ben Kibbey we now let knownhost_writeline() return the - length of the actual data it returns, excluding the trailing zero. I also - updated the man page for libssh2_knownhost_writeline() accordingly. +Simon Josefsson (19 Mar 2010) +- Add man page for libssh2_init and libssh2_exit. Fix libssh2_exit prototype. -- empty line removed +- Shorten constant a bit. More documentation. -- Ben Kibbey fixed the hostline() when parsing lines using only one hostname +- Fix namespace pollution. -- Merge branch 'master' of ssh://bagder@git.stuge.se/var/lib/git/libssh2 +- Add global init/exit points, to do crypto initialization in one place. + + By Lars Nordin. -- Provide a libssh2_scp_send() API for files larger than 4GB (32bit size) +Daniel Stenberg (14 Mar 2010) +- libssh2 is released under the Modifed BSD license, not GPL -- Olivier Hervieu provided this x11 forwarding example. This is the version - after my initial cleanup that I posted to the list on May 26th 2009. It still - has a few ugly spots that should be cleaned up, but until then it's will at - least be found in the repo. For this reason I don't add this to the makefile. +Alexander Lamaison (14 Mar 2010) +- Add libssh2_knownhost_addc to handle comments. + + Comments in known_hosts file were not handle properly. They were parsed as + part of the key causing key matching to return a mismatch if the entry had a + comment. This adds a new API function that takes an optional comment and + changes libssh2_knownhost_readline to parse the comment as pass it to the + new function. + + Fixes #164. -- New man page for libssh2_session_hostkey(3). We probably need to improve this - to also return the type of the key. +- Fix gettimeofday to compile with Visual C++ 6. + + Reported by Steven Van Ingelgem. -- Add check for and use of the _REENTRANT define for Solaris so that libssh2 - is then properly thread-safe on that OS. These autuconf macros are straight - from the cURL project and were mostly written by Yang Tse. They were only - very slightly edited by me when imported to here. +Simon Josefsson (10 Mar 2010) +- Add. -- [Tor Arntsen brought this change] +- keepalive.c: Fix libssh2_error usage. - Ignore generated files +- Fix typo in last commit. -- use the correct #if condition for strtoll(), pointed out in bug report +- Tidy up build option notice. -- define the HAVE_LIBSSH2_KNOWNHOST_API to the version number 1.1.1 to make apps - know that when this define exists, the API exists. And the version number can - be used for run-time checks. 1.1.1 is not likely to be the release version as - I think we'll go with 1.2 instead but 1.1.1 OR LATER should still work. +- Add entry about keep alive stuff. -- libssh2_knownhost_add() got an additional argument: 'store' so that an - application can get a pointer back to the internal representation of the host - it just added. Useful for example when the app wants to add a host, and then - convert that exact same host to a line for storing in a known host file. - 'store' can also be set to NULL to simple not care. +- Add keep-alive support. -- Added a call to libssh2_knownhost_writefile() - - Updated to the slightly modified libssh2_knownhost_check() proto +Alexander Lamaison (7 Mar 2010) +- Untabify. -- "struct libssh2_knownhost" is now part of the internal struct for each known - host so we now only return pointers to structs instead of having the app - allocate a full struct - - I moved the private struct definition into knownhosts.c instead of exposing it - wider in libssh2_priv.h - - I thus modified the proto for two functions that previously used 'struct - libssh2_knownhost *' to receive data. +- Fix memory leak in libssh2_knownhost_add. -- when a host is added, we must make sure the app also provides a key *type* even - though we don't use the type in this function +Daniel Stenberg (6 Mar 2010) +- change 'int' to 'libssh2_socket_t' in the public API for sockets -- Added man pages for the two newest members of the knownhosts API family: - libssh2_knownhost_readline() and libssh2_knownhost_writeline() +- reduce code duplication and return underlying error better -- introducing libssh2_knownhost_writeline() and some cleanups to use more - defined error codes instead of the simplified -1 previously used a little too - much here +- acknowledge when _libssh2_packet_requirev() returns error + + when _libssh2_packet_requirev() returns an error when waiting for + SSH_MSG_USERAUTH_SUCCESS or SSH_MSG_USERAUTH_FAILURE, it is an + error and it should be treated as such -- I think *readline() makes a better name +- wrap long lines -- clarify that the key "string" needs to be zero terminated too +- polished the phrasing in two error strings -- introducing libssh2_knownhost_read() that makes libssh2 read a single given - line - const'ified a few args to libssh2_knownhost_add() as well +- silence picky compiler warnings -- fix a warning for a comparison mixing signed and unsigned types +- silence picky compiler warnings -- After review/feedback/discussions on the mailing list. Rename two functions: +- removed libssh2_error()'s forth argument - s/libssh2_knownhost_parsefile/libssh2_knownhost_readfile - s/libssh2_knownhost_dumpfile/libssh2_knownhost_writefile + libssh2_error() no longer allocates a string and only accepts a const + error string. I also made a lot of functions use the construct of + return libssh2_error(...) instead of having one call to + libssh2_error() and then a separate return call. In several of those + cases I then also changed the former -1 return code to a more + detailed one - something that I think will not change behaviors + anywhere but it's worth keeping an eye open for any such. -- define removed +- repaired --enable-debug -- LIBSSH2_KNOWNHOST_TYPE_DEFAULT is not a good idea, scrap it +Simon Josefsson (1 Mar 2010) +- Make ./configure output a summary of build options. -- Added the initial man pages for the 7 new functions for known host handling +Daniel Stenberg (1 Mar 2010) +- let the err_msg in the session struct be const too -- first shot at implementing libssh2_knownhost_dumpfile() and some minor - cleanups +Simon Josefsson (1 Mar 2010) +- Revert #ifdef change that pulled in AES-CTR code when explicitly disabled. -- introducing libssh2_knownhost_get() to the public API +Daniel Stenberg (1 Mar 2010) +- fix #ifdefs -- clarified a comment +- make function match the new proto -- slighty better behavior and comments +Simon Josefsson (1 Mar 2010) +- Improve AES-CTR check. -- remove include since we don't use struct iovec in this file +Daniel Stenberg (1 Mar 2010) +- use const to silence a bazillion warnings -- These examples no longer need to explictly set the socket to non-blocking state - as libssh2 itself will always do that by itself. +Simon Josefsson (1 Mar 2010) +- Use AES-CTR from OpenSSL when available. + + Reported by Lars Nordin . -- add myself as copyright owner +- Make it possible to disable DSA. + + Patch from Lars Nordin . -- mention conversion of code to the new linked list code +Peter Stuge (1 Mar 2010) +- Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE + + Sending SSH_MSG_CHANNEL_CLOSE without channel EOF is explicitly allowed + in RFC 4254, but some non-conforming servers will hang or time out when + the channel is closed before EOF. + + Other common clients send and receive EOF before closing, there are no + drawbacks, and some servers need it to work correctly. -- remove #if 0'ed code +Alexander Lamaison (26 Feb 2010) +- Style improvements to knownhost error handling. + + Made improvements as suggested by Peter Stuge: http://www.libssh2.org/mail/libssh2-devel-archive-2010-02/0161.shtml. -- clarify the fix, as it wasn't a leak +- Call libssh2_error for every knownhost API failure. + + The libssh2 API calls should set the last error code and a message when + returning a failure by calling libssh2_error. This changeset adds these + calls to the libssh2_knownhost_* API as well as libssh2_base64_decode. + + This change also makes libssh2_error into a function rather than a macro. + Its implementation is moved to misc.c. This function returns the error + code passed to it allowing callers to return the error value directly + without duplicating the error code. -- spell fix a comment +- Fix LIBSSH2_ALLOC checks. + + These appear to be cut-and paste errors where the wrong variable is checked + for NULLness after calling LIBSSH2_ALLOC. -- Added some clarifying comments on how the 'sftpInit_sftp' and - 'sftpInit_channel' struct fields within the session struct are used. And made - sure to clear them both correctly when sftp_init() returns instead of at - shutdown time, as it must not touch them at shutdown time. This should make it - possible to properly make more than one SFTP handle. +Simon Josefsson (23 Feb 2010) +- Silence compiler warning. -- no need for LIBSSH2_ERROR_MEMORY when LIBSSH2_ERROR_ALLOC already exist! - added my own copyright line too now +- Make it portable; test uses = for string comparison (not ==). Indent. -- use LIBSSH2_ERROR_ALLOC instead of introducing a new error code +Alexander Lamaison (22 Feb 2010) +- libssh2_knownhost_del: fix write to freed memory. + + When removing a known host, libssh2_knownhost_del would remove the node from the linked list, free its memory and then overwrite the struct parameter (which indicated which node to remove) with 0. However, this struct is actually allocated within the just-freed node meaning we're writing to freed memory. This made Windows very upset. + + The fix is simply to overwrite the struct first before freeing the memory. -- clear session->sftpInit_sftp unconditionally +Daniel Stenberg (21 Feb 2010) +- show more verbose error when SCP send fails -- Fix my recent session->sftpInit_sftp fix which wasn't correct. The memory area - does not need to be freed (it already gets freed) but clearing the pointer is - a good idea. And it should be done _after_ the channel_free() call. +- libssh2_socket_t is done, a library-free function is needed -- add an assert to help debugging +- clarify that this frees all data associated with a session -- Without CVS we must not use cvs tools to generate the changelog. I'm not - confident enough with git to attempt to make one so I'll just make a dummy for - now. +- improved error handling -- - Anonymous bug report #2795816 revealed that libssh2_sftp_shutdown() did not - properly free/cleanup the SFTP handle so libssh2 leaked memory and caused - an assert() on subsequent libssh2_sftp_init() calls on the same session. +- add missing libssh2_error() calls + + To make sure the public API is functional and that the + BLOCK_ADJUST_ERRNO() macro works correctly we MUST make sure to + call libssh2_error() when we return errors. -- Fix _libssh2_channel_write(): fixed the write loop to also read from the - transport layer better, to avoid draining the window size when sending large - packets. I also fixed the return code for it to return the number of bytes - handled in this single invoke (and not the cumulative amount). +- fix memory leak in userauth_keyboard_interactive() + + Mr anonymous in bug #125 pointed out that the userauth_keyboard_interactive() + function does in fact assign the same pointer a second time to a new allocated + buffer without properly freeing the previous one, which caused a memory leak. -- First, only try to send max packet size *4 to channel write, as trying to send - much larger packages only cause internal problems and much larger allocations. +- added missing error codes - Also fix sftp_write() when _libssh2_channel_write() returns that a packet was - only partially sent as that is not an error. + To allow the libssh2_session_last_error() function to work as + documented, userauth_password() now better makes sure to call + libssh2_error() everywhere before it returns error. - Fixed a few error messages to more accurately point out the problem - -- If recv() returns something less than the full buffer we know we're done for - now, so skip looping and doing another read that then simply will cause an - EAGAIN as it may trick the user into believing things that aren't true. + Pointed out by mr anonymous in bug #128 -daniel (14 May 2009) -- remove the old style as it makes little sense to mention here anymore +Peter Stuge (16 Feb 2010) +- Fix resource and memory leaks in examples as reported by cppcheck + + Thanks to Ettl Martin for the report and patch. This fixes #132 -Daniel Stenberg (12 May 2009) -- typo +Daniel Stenberg (15 Feb 2010) +- mention the new man pages for macros -- comment typo and some indent fixes +- added man pages for API macros + + all #defined macros in the public headers are considered to be part + of the API and I've generated individual man pages for each of them + to A) make it easier to figure out what each function/macro actually + is for so that automated lookups work better and for B) make sure we + have all public functions document (both macros and functions) to + make it easier for us to work away from all the macros in a future + release. -- Partial fix based on the patch and discussions in #2788319 +- Committed the patch by Yoichi Iwaki in bug #2929647 + + Committed the patch by Yoichi Iwaki in bug #2929647, which fixed a memory + leak when an 'outbuf' was still allocated when a session was freed. -- clear the passed in struct when the entry has been removed to help prevent - mistakes due to re-use +- free "outbuf" when killing a session + + Fix memoary leak: if there was an "output" still allocated when a + session was torn down it needs to be freed in session_free() + + Patch by Yoichi Iwaki in bug #2929647 -- use a better example file name for the known_hosts file +- the working version name is now 1.2.5_DEV -- split out the knownhost code from hostkey.c into its own separate source file - now: knownhost.c +Version 1.2.4 (13 Feb 2010) -- this was never supposed to be added for real +Daniel Stenberg (13 Feb 2010) +- updated info for 1.2.4 -- My knownhost work as of right now. It works at least partly. More tests and - tweaks will come. +Dan Fandrich (10 Feb 2010) +- Allow compiling with OpenSSL when AES isn't available. -- get host, user, password and command from the command line +Peter Stuge (9 Feb 2010) +- [Dave McCaldon brought this change] -- Added ssh2_exec as a new example, showing how to run a command remotely with - libssh2 + Fix Tru64 socklen_t compile issue with example/direct_tcpip.c + + Building libssh2-1.2.3 on Tru64 fails at line 48 and 166 because socklen_t + isn't defined on Tru64 unless _POSIX_PII_SOCKET is defined. + + This patch updates configure.ac to add -D_POSIX_PII_SOCKET when building + on Tru64 platform(s). -- bug #2785173 pointed out that we really must call _libssh2_transport_read() - in loops until it returns < 0 when we call it, as if we just call it once we - may drain the socket for data and then leave unused in-memory data that we - won't detect because the socket is back to idle... +- [Dave McCaldon brought this change] -- Markus posted a bug report about a bad 0-return from libssh2_channel_read: - http://libssh2.haxx.se/mail/libssh2-devel-archive-2009-04/0076.shtml + Resolve compile issues on Solaris x64 and UltraSPARC - And it was indeed a bad loop that terminated too early due to a receveived - close packet. - -- remove pointless sleeps + Solaris builds of libssh2-1.2.3 failed on both x64 and UltraSPARC + platforms because of two problems: + + 1) src/agent.c:145 sun is a reserved word when using the SUNWspro compiler + 2) example/direct_tcpip.c:84 INADDR_NONE is not defined -- edited +Daniel Stenberg (3 Feb 2010) +- towards 1.2.4 now -- libssh2_poll() and libssh2_poll_channel_read() are now considered and - documented deprecated and they will be removed at next soname bump. It also - saves us from fixing some rather quirky bugs in libssh2_poll()... +Version 1.2.3 (3 Feb 2010) -Guenter Knauf (9 Apr 2009) -- some minor Makefile tweaks; mainly for crosscompiling. +Daniel Stenberg (3 Feb 2010) +- Version 1.2.3 (February 3, 2010) -Daniel Stenberg (6 Apr 2009) -- Jussi Mononen pointed out we used an unsigned variable to store negative - values in, when a plain int is much better anyway since it matches the return - type. +- fix building out of source tree by proving better include path + + when building out of source tree, we provide -I$(top_builddir)/example + since the libssh2_config.h gets generated in that dir -- and we're now on the 1.1.1 track +Peter Stuge (1 Feb 2010) +- [Sofian Brabez brought this change] -- release 1.1 + Replace : in hexdump with " " (two spaces) -- Sofian Brabez removed duplicate calls to libssh2_session_set_blocking() +- Detect when the forwarded connection is closed in example/direct_tcpip.c -- Uh, it is important that we don't set the local state 'local.close' to TRUE - until _after_ we're done as otherwise we might not get called again properly - to clean the entire thing since the close state is checked in - libssh2_channel_free +- Fix example/direct_tcpip.c to work also on WIN32 + + read() and write() are no good for WIN32 sockets, use recv() and send(). -- Removed the trace output that said "May block until packet of type..." since - it simply wasn't true for non-blocking operations. +- Ignore libssh2_config.h.in and stamp-h2 in example/ and remove .cvsignore -- made sure the SFTP code makes more use of internal non-blocking functions - instead of the external API entries +- Simplify WIN32 ifdefs in example/direct_tcpip.c to allow standalone compile -- Fixed the memory leak in in libssh2_userauth_hostbased_fromfile_ex() that - Jean-Louis Charton found. Additional minor indent and comment edits. +- Always #define INVALID_SOCKET -1 in libssh2_priv.h when not on win32 + + Fix broken builds since commit abd9bd0bbe631efeada1f54552c70b54e1c490c1 + for all non-win32 platforms. -- indent changes and removed libssh2_ prefix from static function +- Include hmac-md5 and hmac-md5-96 only if crypto backend supports MD5 -Yang Tse (28 Mar 2009) -- include libssh2_priv.h instead of libssh2.h in order to get - LIBSSH2_API properly defined on LIBSSH2_WIN32 build targets +- Use LIBSSH2_HOSTKEY_HASH_SHA1 instead of _MD5 in examples and tests + + MD5 support is optional and may not always be available, while SHA1 is both + required and recommended. -Daniel Stenberg (27 Mar 2009) -- Additional non-blocking fixes. +- Update mailing list address in configure.ac to @cool.haxx.se -- Me and my long fingers couldn't resist "merging" these statements in a previous - commit but of course that broke functionality and this is a revert of that - change. +- Make example/direct_tcpip.c compile for win32 + + One warning from FD_SET() remains, it is also in some other examples. -- Dump to stderr simply because the other tracing functions in misc.c already - use stderr and mixing output "channels" causes too much confusion for me! +- Correctly check for an invalid socket in session_startup() -- fixed sftp_shutdown() for the blockiness and fixed libssh2_channel_close() - to work properly non-blocking +- Small documentation fix after Dave's _USERAUTH_FAILURE improvement -- Fixed the order of the check in the BLOCK_ADJUST() macro so that it also works - for libssh2_session_free() +- [Dave McCaldon brought this change] -- kill warnings + Handle SSH_MSG_USERAUTH_FAILURE for password and kbd-int authentication + + Neither libssh2_userauth_password_ex() nor + libssh2_userauth_keyboard_interactive_ex() would return a login failure + error if the server responded with a SSH_MSG_USERAUTH_FAILURE, instead + you would see whatever previous error had occurred, typically + LIBSSH2_ERROR_EAGAIN. + + This patch changes error code -18 to LIBSSH2_ERROR_AUTHENTICATION_FAILED + and makes LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED an alias for + LIBSSH2_ERROR_AUTHENTICATION_FAILED. In addition, new logic in + userauth_password() properly handles SSH_MSG_USERAUTH_FAILURE and both + this function and userauth_keyboard_interactive() now properly return + LIBSSH2_ERROR_AUTHENTICATION_FAILED. -- Fix the BLOCK_ADJUST_ERRNO() macro to behave properly in blocking mode. +Simon Josefsson (28 Jan 2010) +- Fix. -Simon Josefsson (27 Mar 2009) -- Add AC_CONFIG_MACRO_DIR to avoid warnings with libtool v2.2.x. +- Also deal with GLOBAL_REQUEST keep-alives. -Daniel Stenberg (27 Mar 2009) -- fix comments, moved to htonu64 function to sftp.c and made it static +- Make OpenSSH-style keepalive work against libssh2 clients. -- More cleaning up converting libssh2_ to _libssh2_ for internal functions and - removing libssh2_ from static functions. Added mac.h. +Daniel Stenberg (27 Jan 2010) +- clarified -- comp.c only as a single _libssh2_ function, no external one +Peter Stuge (26 Jan 2010) +- [Dave McCaldon brought this change] -- * Renamed the functions in src/transport.c to be _libssh2_transport_ prefixed - and introduced a transport.h header. - - * Fixed the blocking mode to only change behavior not the actual underlying - socket mode so we now always work with non-blocking sockets. This also - introduces a new rule of thumb in libssh2 code: we don't call the - external function calls internally. We use the internal (non-blocking) - ones! + Fix trace context lookup in libssh2_debug() - * libssh2_channel_receive_window_adjust2 was added and - libssh2_channel_receive_window_adjust is now deprecated + The trace context is actually a bitmask so that tracing output can be + controlled by setting a bitmask using libssh2_trace(). However, the logic + in libssh2_debug() that converted the context to a string was using the + context value as an array index. Because the code used a bounds check on + the array, there was never a danger of a crash, but you would certainly + either get the wrong string, or "unknown". - * Introduced "local" header files with prototypes etc for different parts - instead of cramming everything into libssh2_priv.h. channel.h is the - first. - -- avoid some busy-looping - -- one function to remove, one proto to correct - -- Updated comments and removed "libssh2_" prefixes from static functions + This patch adds a lookup that iterates over the context strings and uses + it's index to check for the corresponding bit in the context. -- added basic docs +- Fix typo in RELEASE-NOTES -- quite possibly one of the most pointless functions in the libssh2 API...a +Daniel Stenberg (20 Jan 2010) +- updated for 1.2.3 with all the stuff I found in the log -- ENOTCONN obviously doesn't exist in win32 so don't try to map that +- ignore more generated files -- [no comment] +- [Dave McCaldon brought this change] -- EEK revert the part of the previous commit that was just my non-functional - attempts to make things work with blocking sockets. + Pass user context through libssh2_trace_sethandler() to callback + + The libssh2_trace_sethandler() call allows the user to handle the output of libssh2 rather than having it written to stderr. This patch updates libssh2_trace_sethandler() to allow a user-defined void* context value to be passed back to the output handler. -- I cut out the poll_socket argument from the protos for_libssh2_packet_askv() - and _libssh2_packet_ask() since they are internal and nothing in the code base - uses that functionality == simplicity with no drawbacks! +- [Dave McCaldon brought this change] -- pass in unsigned ints for u32 values and not longs + Add libssh2_trace_sethandler() to the API (even more) -- - (Mar 19 2009) Daniel Stenberg: based on a patch by "E L" we now use errno - properly after recv() and send() calls (that internally are now known as - _libssh2_recv() and _libssh2_send()) so that the API and more works fine on - windows too! +- [Dave McCaldon brought this change] -- I'm upgrading myself! + Add libssh2_trace_sethandler() to the API -Simon Josefsson (17 Mar 2009) -- Add StrictModes=no to work around cygwin problem. - Reported by Yang Tse . +- cleanup includes + + We now produce a local libssh2_config.h file in this dir for the + examples to use so I cleaned up the include path at the same time. -- Add UsePrivilegeSeparation=no for cygwin. - Reported by Yang Tse +- generate a libssh2_config.h in the example dir + + buildconf copies the template to example/ and configure makes sure + to generate a proper file from it and the direct_tcpip.c example + is the first one to use it - to make sure it builds fine on more + paltforms -Daniel Stenberg (17 Mar 2009) -- re-indented for clarity +Simon Josefsson (13 Jan 2010) +- Remove redundant #includes and reorder sys/types.h include. -- re-indented _libssh2_channel_packet_data_len() somewhat to make the huge - condition somewhat easier on the eye +Daniel Stenberg (10 Jan 2010) +- avoid a free(NULL) -- A cleanup effort: libssh2_ prefixes only on external APIs. Use _libssh2_ prefix - for library-wide internal functions. Don't use any of those on static functions. - I also did some comments and whitespace changes. +Simon Josefsson (7 Jan 2010) +- Make it simpler to get more debug info. -- bump packet default size to 32768 +Daiki Ueno (1 Jan 2010) +- Simplify the commit 63457dfa using type cast from size_t * to ulong *. -- Refer to the exact symbol name, which also is the exact file name of the man - page file. +Alexander Lamaison (30 Dec 2009) +- Fixed memory leak in userauth_publickey(). + + userauth_publickey_fromfile() reads the key from a + file using file_read_publickey() which returns two + allocated strings, the decoded key and the key + method (such as "ssh-dss"). The latter can be + derived from the former but returning both avoids a + later allocation while doing so. + + Older versions of userauth_publickey_fromfile() used + this method string directly but when + userauth_publickey() was factored out of + userauth_publickey_fromfile() it derived the method + from the key itself. This resulted in the method + being allocated twice. + + This fix, which maintains the optimisation that + avoids an extra allocation, changes + userauth_publickey() so it doesn't allocate and + derive the method when userauth_pblc_method already + has a value. + + Signed-off-by: Alexander Lamaison -Simon Josefsson (17 Mar 2009) -- Use libtool -export-symbols-regex to reduce numer of exported symbols. +Daiki Ueno (25 Dec 2009) +- Fix the return value description of libssh2_knownhost_free(). -Daniel Stenberg (16 Mar 2009) -- cleanup round +- Fix compiler warnings for size_t pointers on 32-bit Windows. -- Added (templates for) the 13 missing man pages +- Define INVALID_SOCKET and use it instead of SOCKET_BAD. + + Revert the part of previous commit that defines SOCKET_BAD library wide. -- two more renaming of man pages to the actual function name +- Use libssh2_socket_t in the ssh-agent stuff. + Define a portability macro SOCKET_BAD which means "invalid socket". -- rename the man page to use the same name as the actual function +- Mark/unmark connection to Pageant is open/close. -- mention the basic changes in my previous few commits +- Add test to check if the socket is connected. -- Patch from bug report #1960894 by "Heiner" applied, and edited by me. It makes - SCP recv and send deal with file names containing spaces (and other - shell-special letters) by quoting them before they are passed to the remote - server. +Peter Stuge (24 Dec 2009) +- Add libssh2.pc to top-level .gitignore -- fixed some wrong comments and did a minor code edit and some further - whitespace changes +- Fix publickey authentication regression + + Commit 70b199f47659a74b8778c528beccf893843e5ecb introduced a parsing + bug in file_read_publickey() which made the algorithm name contain an + extra trailing space character, breaking all publickey authentication. -- added three more public functions I found lacking man pages +- Add a direct-tcpip example which shows local port forwarding -- fix a compiler warning +- Add session parameter and LIBSSH2_TRACE_SOCKET to libssh2_trace(3) man page -- simplified how the "scp" command line is created in the libssh2_scp_recv() - function +- Add TODO: Expose error messages sent by the server -- Simplified libssh2_channel_read_ex() and made it send window adjustments less - frequent, use a few less struct fields in the channel struct and improved - reading from the network with libssh2_packet_read(). I also modified the - windowing algorithm and now use a much larger window. This greatly enhances - SSH/SCP performance. I also increased the size of the buffer the transport - layer uses from 4k to 16K. +Daiki Ueno (23 Dec 2009) +- Fix doc comments. -- oops, use %06d for the microseconds! +- Add man pages for ssh-agent API. -- re-indented and other whitespace edits +- Don't request userauthlist after authentication. -- improved trace logs with time stamps +Simon Josefsson (21 Dec 2009) +- Add. -- fixed to work quite similar to the sftp_nonblock example so that it waits - for the socket correctly and measures the transfer speed fine +- [Daiki Ueno brought this change] -- Cleanups, that do seem to have boosted SFTP download performance up to 300% in - some tests: - - * cut off "_ex" from several internal function names - - * corrected some log outputs - - * simplified libssh2_channel_read_ex() and made it much faster in the process - - * cut out {{{ and }}} comments that were incorrect anyway - - * fixed sftp_packet_ask() to return the correct packet by using memcmp() and - not strncmp() - - * fixed mkdir()'s wait for packet to use the correct request_id - it - semi-worked previously because strncmp() in sftp_packet_ask() made it - match far too easily. + Add an example to use ssh-agent API. - * took away the polling functionality from sftp_packet_ask() since it wasn't - used - -- improved non-blocking behavior for some of the initing stuff before the actual - data transfer begins - -- wait for socket action accordingly, and do some measurements on the transfer - to make this better to use for speed tests - -- - (Mar 7 2009) Olivier Hervieu pointed out a flaw in the - libssh2_channel_x11_req_ex() function that made it produce a crappy random - chunk of data. Peter Stuge improved the fix to not do out-of-boundary - writes. I (Daniel Stenberg) replaced the snprintf() with a plain sprintf() - since the size argument wasn't adding anything anyway. - -Guenter Knauf (6 Mar 2009) -- some minor Makefile tweaks. - -Daniel Stenberg (23 Feb 2009) -- - Added libssh2_version() + Signed-off-by: Simon Josefsson -- - (Feb 20 2009) libssh2_channel_direct_tcpip_ex() bug #1902169 fixed, which - caused it to fail when called a second time. +- [Daiki Ueno brought this change] -Mikhail Gusarov (17 Feb 2009) -- Fixed dash-as-minus warning in libssh2_base64_decode.3 manpage + Add ssh-agent API. + + Signed-off-by: Simon Josefsson -- Fixed syntax error in libssh2_banner_set.3 manpage +- [Daiki Ueno brought this change] -Simon Josefsson (16 Feb 2009) -- Bump ABI revision from 1.0.0 to 1.0.1 due to code changes. + Add callback-based API for publickey auth. + + Signed-off-by: Simon Josefsson -- Fix typo. +- Move examples from example/simple to example/. -- Add date for v1.0 release. +- Move examples from example/simple to example/. -Daniel Stenberg (12 Feb 2009) -- - (Feb 12 2009) Romain Bondue extended Markus Moeller fix from Feb 8, based on - a previous (uncommitted) patch by Erik Brossler. It improves - libssh2_channel_write_ex in blocking situations when the socket is set non- - blocking. +Daniel Stenberg (17 Dec 2009) +- _libssh2_list_insert() fixed to work + + While this is code not currently in use, it is part of the generic linked + list code and since I found the error I thought I'd better fix it since we + might bring in this function into the code one day. -- Markus Moeller fixed a flaw in libssh2_channel_write_ex() that would occur - on EAGAIN situations. +Simon Josefsson (16 Dec 2009) +- Silence compiler warnings. + + Based on patch by Kamil Dudka in + . -- I want to remove all those macros from the official API at next soname bump +- [Kamil Dudka brought this change] -- fixed compiler warnings, and stripped off "libssh2_" from static functions - as that makes shorter function names and then making the code look fine within - 80 columns is easier! + libgcrypt: simplify code of _libssh2_dsa_sha1_sign + + Signed-off-by: Simon Josefsson -- made the three public headers use (mostly) lines shorter than 80 columns as - HACKING says - it makes them much more readable to my old tired eyes... +- [Kamil Dudka brought this change] -- we're actually working on the 1.0.1 version now (or should it be 1.1?) + libgcrypt: follow-up for ssh-dss padding fix + + Signed-off-by: Simon Josefsson -- Added 'TODO' file (again) with some fresh things I could think of right now +Dan Fandrich (15 Dec 2009) +- Check for the right environment variable in the test app -- Added libssh2_trace man page +Simon Josefsson (14 Dec 2009) +- Silence warning about unused function parameter. + + Reported by Steven Van Ingelgem . -- libssh2_base64_decode is deprecated and subject for removal in a future - version (like on the next soname bump) +Daniel Stenberg (10 Dec 2009) +- avoid returning data to memory already freed + + In case of failure we must make sure that the data we return + doesn't point to a memory area already freed. Reported anonymously + in the bug report #2910103. -- wrote up a first libssh2_base64_decode man page, added a few missing man - pages to the tarball +Peter Stuge (8 Dec 2009) +- Use LIBSSH2_TRACE_* internally and remove redundant LIBSSH2_DBG_* -- based on Heiner Steven's report, fix the name and description of these man - pages! +- Add LIBSSH2_TRACE_SOCKET context for tracing send() and recv() + + Helpful in debugging the -39 errors. -- briefly mention my recent sftp-related fixes +- Another transport layer fix for bogus -39 (LIBSSH2_ERROR_BAD_USE) errors + + Commit 683aa0f6b52fb1014873c961709102b5006372fc made send_existing() send + more than just the second part of a packet when the kernel did not accept + the full packet, but the function still overlooked the SSH protocol + overhead in each packet, often 48 bytes. + + If only the last few bytes of a packet remained, then the packet would + erroneously be considered completely sent, and the next call to write + more data in the session would return a -39 error. -- mention web site and mailing list, as I think they're not mentioned anywhere - else in the package! +Daniel Stenberg (6 Dec 2009) +- move local variable to be more localized -- removed obviously superfluous comments +- fixed some indent mistakes -- use a single >>32 instead of "(value / 65536) / 65536", just make sure that - the shift is done on a 64bit type +Peter Stuge (6 Dec 2009) +- Fix padding in ssh-dss signature blob encoding + + DSA signatures consist of two 160-bit integers called r and s. In ssh-dss + signature blobs r and s are stored directly after each other in binary + representation, making up a 320-bit (40 byte) string. (See RFC4253 p14.) + + The crypto wrappers in libssh2 would either pack r and s incorrectly, or + fail, when at least one integer was small enough to be stored in 19 bytes + or less. + + The patch ensures that r and s are always stored as two 160 bit numbers. -- remove unused #ifndef, and two whitespace changes +- Don't always clear write direction blocking flag + + When libssh2_transport_write() is called to continue sending a + partially sent packet the write direction flag must not be cleared + until the previous packet has been completely sent, or the app would + hang if the packet still isn't sent completely, since select() gets + called by the internal blocking emulation layer in libssh2 but would + then not be watching the socket for writability. + + Clear the flag only once processing of previous packet data is + complete and a new packet is about to be prepared. -- style/indent changes only to enforce < 80 column lines more strict +Alexander Lamaison (24 Nov 2009) +- Detabify. -- libssh2_sftp_seek64() it is now for the 64bit seek function too as the seek2 - name has never been used in a release and it makes the naming consistent +- [Daniel Stenberg brought this change] -- 0.19 is now 1.0 + Fixed memory leak in sftp_fstat(). -- Based on Alexander Lamaison's patch, there's now a new - function called libssh2_sftp_tell64() that returns the 64 bit file offset, - as the existing libssh2_sftp_tell() only returns a size_t. +Simon Josefsson (17 Nov 2009) +- Mark date of 1.2.2 release. -- first conversion of a malloc => buffer in the sftp handle struct +- Merge branch 'master' of ssh://git.stuge.se/var/lib/git/libssh2 -- helper script for emacs users to get the code style done libssh2-style - automatically +Version 1.2.2 (16 Nov 2009) -- - Markus Moeller fixed the issue also reported by Alexander Lamaison which - caused SFTP reads with large buffers to fail. +Daniel Stenberg (16 Nov 2009) +- prepared for 1.2.2 -Simon Josefsson (17 Dec 2008) -- Sshd is slow to start on some systems. +Simon Josefsson (16 Nov 2009) +- Improve NEWS items. -Daniel Stenberg (17 Dec 2008) -- Avoid one malloc by putting the entire handle buffer in the handle struct - at once, use a define for the maximum size length of the handle instead of - '256' in the code. +- Support AES-Counter ciphers. -- removed some more libssh2_ prefixes from private functions +- Silence compiler warning. - Made the libssh2_sftp_open_ex() deal with servers that first responds with - STATUS OK and then sends the actual HANDLE. It seems openssh does this at - times and it screwed things up. To me it seems like a spec violation... - -- removed unused code, intended the code somewhat + Reported by Steven Van Ingelgem + in . -- Nothing used libssh2_sftp_packet_read's flush argument anymore so I removed - it and simplified the code somewhat thanks to that. I then renamed the function - to sftp_packet_read() only since it is private in this file anyway. +- Mention libssh2-style.el. -- renamed libssh2_sftp_packet_requirev to plain sftp_packet_requirev since it - is private in this file only and a shorter name is nicer +- Use memmove instead of memcpy on overlapping memory areas. - Removed a "flush" of the data in sftp_packet_requirev() that now seems to have - made SFTP operations a lot more reliable. It didn't make much sense to have it - there but if someone can present a reason for one I figure we should carefully - investigate one and only do it conditionally where/when needed. - -- Clarify that this is only fine to use after an actual SFTP protocol error - return code. + Reported by Bob Alexander in + . -Simon Josefsson (27 Nov 2008) -- Support EXEEXT in self-test. +- Add. -- Cygwin needs -lcrypto for -lssl. - Reported by "Yang Tse" . +- Protect against crash on too small SSH_MSG_IGNORE packets. + + Reported by Bob Alexander + in . -Daniel Stenberg (27 Nov 2008) -- oops, add missing file +- add copyright line -Yang Tse (26 Nov 2008) -- fix again cygwin build failure unreleased regression +- support arcfour128 cipher per RFC 4345 -Dan Fandrich (25 Nov 2008) -- Fixed a potential use of an uninitialized variable, the result of which lead - to an unneeded but harmless realloc. - Reduced the scope of some automatic variables. +Daniel Stenberg (21 Oct 2009) +- [Cristian Rodríguez brought this change] -- Fixed some typos in log messages + add support for GCC visibility features -Daniel Stenberg (24 Nov 2008) -- - Vlad Grachov brought the new function called - libssh2_session_block_directions() which returns a bitmask for what - directions the connection blocks. It is to be used applications that use - non-blocking sockets and when a libssh2 function returns - LIBSSH2_ERROR_EAGAIN this function can be used to figure out in which - direction the socket would block and thus it can wait for the socket to - again be ready for communication in that direction before it calls libssh2 - again. +Simon Josefsson (19 Oct 2009) +- less hard coding of cipher mode in libgcrypt backend -Simon Josefsson (21 Nov 2008) -- Add a more realistic self-test of libssh2. +Daniel Stenberg (18 Oct 2009) +- [Juzna brought this change] -- Ignore coverage/. + libssh2_channel_forward_accept() and listening fixes + + The forward accepting was not done right before, and the + packet_queue_listener function didn't assign a necessary + variable. All fixed by Juzna. I (Daniel) modified the + forward_accept() change somewhat. -- Add rules to generate a code coverage report. +- added man page for libssh2_knownhost_free -- Use AM_CPPFLAGS instead of deprecated INCLUDES. +- more CVS => DEV conversions -- Add self-test of base64 decode. +- remove references to "CVS" -- Add gcov files. +- we are on the 1.2.2 track nowadays -Dan Fandrich (21 Nov 2008) -- Use only C89-style comments +Peter Stuge (17 Oct 2009) +- Ensure that win32/libssh2.dsp will be generated with CRLF line endings + + First, win32/msvcproj.{head,foot} are now committed with CRLF line endings, + and .gitattributes specifies that these should not be changed on checkout or + commit. These are win32 files so it makes sense to store them with native + line endings. + + Second, the rules for generating libssh2.dsp and libssh2.vcproj are changed + so that the full file contents passes through awk, which strips all CR and + then prints each line with one CRLF line ending. Stripping CR is important + to avoid CRCRLF in case the input already comes with CRLF. -- Check LIBSSH2_HMAC_RIPEMD consistently +Dan Fandrich (29 Sep 2009) +- Make sure permissions on the private host key file is tight enough that + sshd doesn't complain. Quote $srcdir to try to cope with embedded spaces. -Simon Josefsson (20 Nov 2008) -- Fix compiler warnings. +Peter Stuge (30 Sep 2009) +- Clarify the scp_write examples slightly and use an octal mask for the mode -- Move pem.c to libgcrypt section, it is not needed for OpenSSL. +Version 1.2.1 (29 Sep 2009) -- Drop pkg-config test, not needed now. +Daniel Stenberg (29 Sep 2009) +- 1.2.1 preparations -- Rewrite OpenSSL+libz detection logic. +- remove ChangeLog and win32/libssh2.dsp only at make distclean -- Add more. +Simon Josefsson (23 Sep 2009) +- Fix shell usage. -Daniel Stenberg (11 Nov 2008) -- fix the include path to also point out the build dir's src/ dir for the cases - where we build the lot outside of the source dir +Daniel Stenberg (22 Sep 2009) +- clarify that the paths are the remote ones -- avoid duplicate function declarations on windows +- let hpux systems build with _REENTRANT defined as well -- WINSOCK_VERSION is no longer used (Richard W.M. Jones fixed) +- updated to match reality + + I went over the commit log and added what I believe is all notable + changes and bugfixes since the 1.2 release -- Richard W.M. Jones' 5 patches that enables libssh2 to get cross-compiled with - mingw +Peter Stuge (20 Sep 2009) +- Fix scp examples to loop correctly over libssh2_channel_write() -Paul Thomas (9 Nov 2008) -- Fixes a problem that the last code change apparently didn't fix. Verified - that this works correctly with another user. +- Fix transport layer bug causing invalid -39 (LIBSSH2_ERROR_BAD_USE) errors + + The channel layer sends packets using the transport layer, possibly + calling _libssh2_transport_write() many times for each packet. + + The transport layer uses the send_existing() helper to send out any + remaining parts of previous packets before a new packet is started. + + The bug made send_existing() consider the entire packet sent as soon as it + successfully sent the second part of a packet, even if the packet was not + completely done yet. -- Fixed an issue with a patch that I submitted where the channel_read_ex() - could get stuck in a busy read loop. +Daniel Stenberg (19 Sep 2009) +- [Neil Gierman brought this change] -Yang Tse (25 Oct 2008) -- fix cygwin build failure unreleased regression + Added gettimeofday() function for win32 + + Neil Gierman's patch adds a gettimeofday() function for win32 + for the libssh2_trace() functionality. The code originates from + cygwin and was put in the public domain by the author + Danny Smith -Paul Thomas (3 Oct 2008) -- Reformatted the code, updated line endings to match original file, - fixed the build problem, removed tabs and replaced with spaces - and removed C89 unfriendly comments. +- libssh2_channel_read_ex() must return 0 when closed + + If the channel is already at EOF or even closed at the end of the + libssh2_channel_read_ex() function and there's no data to return, + we need to signal that back. We may have gotten that info while + draining the incoming transport layer until EAGAIN so we must not + be fooled by that return code. -Daniel Stenberg (2 Oct 2008) -- mention libssh2_channel_request_pty_size_ex() +Dan Fandrich (16 Sep 2009) +- Ignore tags file -- two new committers! +- Some platforms need sys/socket.h included before netinet/in.h. + Fixed an unused variable compiler warning. -Paul Thomas (2 Oct 2008) -- This fix addresses bug# 2141548. Channel reads would fail despite - libssh2_poll() detecting that there was data ready to be read on - the socket. This is seen when small amounts of data are ready to - be read, typically 1-4 chars worth. +Daniel Stenberg (16 Sep 2009) +- libssh2_channel_wait_closed() could hang + + libssh2_channel_wait_closed() had a bad loop waiting for the + channel to close, as it could easily miss the info and then if + the socket would be silent from that moment the funtion would + hang if in blocking-mode or just return EAGAIN wrongly to the + app. The drain-transport loop now correctly checks if the close + has arrived. -- Committed changes to add in support for pty resizing. Credit for this - patch goes to Vincent Jaulin. +- make libssh2_scp_send/recv do blocking mode correctly + + Somehow I had completely missed to make the libssh2_scp_send/recv + functions support the blocking mode the correct way so when I + cleaned up things the other day blocking mode broke for them... + Fixed now. -- Fixed an issue with the libssh2_poll_channel_read function not - reading both normal and extended data when a non-zero value - is passed in as the 2nd parameter. This now matches the functionallity - described in the documentation. +Guenter Knauf (8 Sep 2009) +- changed NetWare test makefile static link order -Daniel Stenberg (30 Sep 2008) -- Carlo Bramini fixed the build for msys+mingw. Bug #1943976. +- removed conditional sources from Makefile.inc + added ifdef blocks to libgcrypt.c, pem.c, openssl.c -- Carlo Bramini's fixes for the nonblocking examples for msys/mingw +Simon Josefsson (7 Sep 2009) +- Fix compilation errors. -- Neil Gierman provided improved Visual Studio 2008 code in bug #1946268 +Guenter Knauf (6 Sep 2009) +- some more NetWare build fixes. -- - Bug #1862727 fixed libssh2_poll() to work on windows (by defining HAVE_SELECT). +- some more NetWare makefile fixes. -- - Based on bug #1815692, we introduce libssh2_sftp_seek2() that allows seeking - beyond the 2GB margin even on 32bit machines. +- added sys/select.h include to samples for fd_set on NetWare. -- - Based on a patch in bug #1878059 by Steven Ayre libssh2 now parses >2GB file - sizes when downloading SCP files. +- accept CFLAGS from environment. diff --git a/vendor/libssh2/NMakefile b/vendor/libssh2/NMakefile index f3fcce1121..07bc2ddad1 100644 --- a/vendor/libssh2/NMakefile +++ b/vendor/libssh2/NMakefile @@ -1,5 +1,10 @@ !include "win32/config.mk" +!if "$(WITH_WINCNG)" == "1" +!include "Makefile.WinCNG.inc" +!else +!include "Makefile.OpenSSL.inc" +!endif !include "Makefile.inc" OBJECTS=$(CSOURCES:.c=.obj) @@ -12,6 +17,7 @@ all-sub: win32\objects.mk clean: -rmdir 2>NUL /s/q $(TARGET) + -del 2>NUL win32\objects.mk real-clean vclean: clean -del 2>NUL libssh2.dll @@ -19,7 +25,6 @@ real-clean vclean: clean -del 2>NUL libssh2.ilk -del 2>NUL libssh2.lib -del 2>NUL *.pdb - -del 2>NUL win32\objects.mk win32\objects.mk: Makefile.inc @echo OBJECTS = \>$@ diff --git a/vendor/libssh2/README b/vendor/libssh2/README index 0ba17f926a..39abc202e8 100644 --- a/vendor/libssh2/README +++ b/vendor/libssh2/README @@ -8,90 +8,12 @@ Web site: http://www.libssh2.org/ Mailing list: http://cool.haxx.se/mailman/listinfo/libssh2-devel -Generic installation instructions are in INSTALL. Some ./configure -options deserve additional comments: +License: see COPYING - * --enable-crypt-none +Source code: https://github.com/libssh2/libssh2 - The SSH2 Transport allows for unencrypted data - transmission using the "none" cipher. Because this is - such a huge security hole, it is typically disabled on - SSH2 implementations and is disabled in libssh2 by - default as well. +Web site source code: https://github.com/libssh2/www - Enabling this option will allow for "none" as a - negotiable method, however it still requires that the - method be advertized by the remote end and that no - more-preferable methods are available. - - * --enable-mac-none - - The SSH2 Transport also allows implementations to - forego a message authentication code. While this is - less of a security risk than using a "none" cipher, it - is still not recommended as disabling MAC hashes - removes a layer of security. - - Enabling this option will allow for "none" as a - negotiable method, however it still requires that the - method be advertized by the remote end and that no - more-preferable methods are available. - - * --disable-gex-new - - The diffie-hellman-group-exchange-sha1 (dh-gex) key - exchange method originally defined an exchange - negotiation using packet type 30 to request a - generation pair based on a single target value. Later - refinement of dh-gex provided for range and target - values. By default libssh2 will use the newer range - method. - - If you experience trouble connecting to an old SSH - server using dh-gex, try this option to fallback on - the older more reliable method. - - * --with-libgcrypt - * --without-libgcrypt - * --with-libgcrypt-prefix=DIR - - libssh2 can use the Libgcrypt library - (http://www.gnupg.org/) for cryptographic operations. - Either Libgcrypt or OpenSSL is required. - - Configure will attempt to locate Libgcrypt - automatically. - - If your installation of Libgcrypt is in another - location, specify it using --with-libgcrypt-prefix. - - * --with-openssl - * --without-openssl - * --with-libssl-prefix=[DIR] - - libssh2 can use the OpenSSL library - (http://www.openssl.org) for cryptographic operations. - Either Libgcrypt or OpenSSL is required. - - Configure will attempt to locate OpenSSL in the - default location. - - If your installation of OpenSSL is in another - location, specify it using --with-libssl-prefix. - - * --with-libz - * --without-libz - * --with-libz-prefix=[DIR] - - If present, libssh2 will attempt to use the zlib - (http://www.zlib.org) for payload compression, however - zlib is not required. - - If your installation of Libz is in another location, - specify it using --with-libz-prefix. - - * --enable-debug - - Will make the build use more pedantic and strict compiler - options as well as enable the libssh2_trace() function (for - showing debug traces). +Installation instructions are in: + - docs/INSTALL_CMAKE for CMake + - docs/INSTALL_AUTOTOOLS for Autotools diff --git a/vendor/libssh2/RELEASE-NOTES b/vendor/libssh2/RELEASE-NOTES index eea78f874d..2b22288cec 100644 --- a/vendor/libssh2/RELEASE-NOTES +++ b/vendor/libssh2/RELEASE-NOTES @@ -1,28 +1,56 @@ -libssh2 1.4.3 +libssh2 1.7.0 This release includes the following changes: - o compression: add support for zlib@openssh.com + o libssh2_session_set_last_error: Add function + o mac: Add support for HMAC-SHA-256 and HMAC-SHA-512 + o WinCNG: support for SHA256/512 HMAC + o kex: Added diffie-hellman-group-exchange-sha256 support + o OS/400 crypto library QC3 support -This release includes the following bugfixes: +This release includes the following security advisory: + + o diffie_hellman_sha256: convert bytes to bits + CVE-2016-0787: http://www.libssh2.org/adv_20160223.html - o sftp_read: return error if a too large package arrives - o libssh2_hostkey_hash.3: update the description of return value - o Fixed MSVC NMakefile - o examples: use stderr for messages, stdout for data - o openssl: do not leak memory when handling errors - o improved handling of disabled MD5 algorithm in OpenSSL - o known_hosts: Fail when parsing unknown keys in known_hosts file - o configure: gcrypt doesn't come with pkg-config support - o session_free: wrong variable used for keeping state - o libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL - o comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating +This release includes the following bugfixes: + o SFTP: Increase speed and datasize in SFTP read + o openssl: make libssh2_sha1 return error code + o openssl: fix memleak in _libssh2_dsa_sha1_verify() + o cmake: include CMake files in the release tarballs + o Fix builds with Visual Studio 2015 + o hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined + o GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS + o GNUmakefile: add -m64 CFLAGS when targeting mingw64 + o kex: free server host key before allocating it (again) + o SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows + o channel: Detect bad usage of libssh2_channel_process_startup + o userauth: Fix off by one error when reading public key file + o kex: removed dupe entry from libssh2_kex_methods + o _libssh2_error: Support allocating the error message + o hostkey: fix invalid memory access if libssh2_dsa_new fails + o hostkey: align code path of ssh_rsa_init to ssh_dss_init + o libssh2.pc.in: fix the output of pkg-config --libs + o wincng: fixed possible memory leak in _libssh2_wincng_hash + o wincng: fixed _libssh2_wincng_hash_final return value + o add OpenSSL 1.1.0-pre2 compatibility + o agent_disconnect_unix: unset the agent fd after closing it + o sftp: stop reading when buffer is full + o sftp: Send at least one read request before reading + o sftp: Don't return EAGAIN if data was written to buffer + o sftp: Check read packet file offset + o configure: build "silent" if possible + o openssl: add OpenSSL 1.1.0-pre3-dev compatibility + o GNUmakefile: list system libs after user libs + This release would not have looked like this without help, code, reports and advice from friends like these: - Guenter Knauf, Peter Stuge, TJ Saunders, Mike Abdullah, Maxime Larocque, - Dmitry Smirnov, Dave Hayden, Peter Krempa, Kamil Dudka - - Thanks! (and sorry if I forgot to mention someone) + Alexander Lamaison, Andreas Schneider, brian m. carlson, Daniel Stenberg, + David Byron, Jakob Egger, Kamil Dudka, Marc Hoersken, Mizunashi Mana, + Patrick Monnerat, Paul Howarth, Salvador Fandino, Salvador Fandiño, + Salvador Fandiño, Viktor Szakats, Will Cosgrove, + (16 contributors) + Thanks! (and sorry if I forgot to mention someone) diff --git a/vendor/libssh2/aclocal.m4 b/vendor/libssh2/aclocal.m4 index 80e968f52e..41ad8c694f 100644 --- a/vendor/libssh2/aclocal.m4 +++ b/vendor/libssh2/aclocal.m4 @@ -1,8 +1,7 @@ -# generated automatically by aclocal 1.11.6 -*- Autoconf -*- +# generated automatically by aclocal 1.15 -*- Autoconf -*- + +# Copyright (C) 1996-2014 Free Software Foundation, Inc. -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, -# Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -12,33 +11,31 @@ # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. +m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, [m4_warning([this file was generated for autoconf 2.69. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. -To do so, use the procedure documented by the package, typically `autoreconf'.])]) +To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008, 2011 Free Software -# Foundation, Inc. +# Copyright (C) 2002-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 1 - # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.11' +[am__api_version='1.15' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.11.6], [], +m4_if([$1], [1.15], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -54,24 +51,22 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.11.6])dnl +[AM_AUTOMAKE_VERSION([1.15])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 1 - # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets -# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to -# `$srcdir', `$srcdir/..', or `$srcdir/../..'. +# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to +# '$srcdir', '$srcdir/..', or '$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and @@ -90,7 +85,7 @@ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually -# harmless because $srcdir is `.', but things will broke when you +# harmless because $srcdir is '.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, @@ -108,30 +103,26 @@ _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], -[dnl Rely on autoconf to set up CDPATH properly. -AC_PREREQ([2.50])dnl -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 9 - # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], -[AC_PREREQ(2.52)dnl - ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], - [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +[AC_PREREQ([2.52])dnl + m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl @@ -150,16 +141,14 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009, -# 2010, 2011 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 12 -# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be +# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing @@ -169,7 +158,7 @@ fi])]) # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. -# NAME is "CC", "CXX", "GCJ", or "OBJC". +# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was @@ -182,12 +171,13 @@ AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl -ifelse([$1], CC, [depcc="$CC" am_compiler_list=], - [$1], CXX, [depcc="$CXX" am_compiler_list=], - [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], - [$1], UPC, [depcc="$UPC" am_compiler_list=], - [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], - [depcc="$$1" am_compiler_list=]) +m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], + [$1], [CXX], [depcc="$CXX" am_compiler_list=], + [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], + [$1], [UPC], [depcc="$UPC" am_compiler_list=], + [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], @@ -195,8 +185,8 @@ AC_CACHE_CHECK([dependency style of $depcc], # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named `D' -- because `-MD' means `put the output - # in D'. + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're @@ -236,16 +226,16 @@ AC_CACHE_CHECK([dependency style of $depcc], : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" + # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -254,8 +244,8 @@ AC_CACHE_CHECK([dependency style of $depcc], test "$am__universal" = false || continue ;; nosideeffect) - # after this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else @@ -263,7 +253,7 @@ AC_CACHE_CHECK([dependency style of $depcc], fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has + # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -311,7 +301,7 @@ AM_CONDITIONAL([am__fastdep$1], [ # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. -# This macro is AC_REQUIREd in _AM_DEPENDENCIES +# This macro is AC_REQUIREd in _AM_DEPENDENCIES. AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl @@ -321,9 +311,13 @@ AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], -[AC_ARG_ENABLE(dependency-tracking, -[ --disable-dependency-tracking speeds up one-time build - --enable-dependency-tracking do not reject slow dependency extractors]) +[AC_ARG_ENABLE([dependency-tracking], [dnl +AS_HELP_STRING( + [--enable-dependency-tracking], + [do not reject slow dependency extractors]) +AS_HELP_STRING( + [--disable-dependency-tracking], + [speeds up one-time build])]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' @@ -338,20 +332,18 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -#serial 5 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{ - # Autoconf 2.62 quotes --file arguments for eval, but not when files + # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in @@ -364,7 +356,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named `Makefile.in', but + # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. @@ -376,21 +368,19 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], continue fi # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running `make'. + # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "am__include" && continue + test -z "$am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # When using ansi2knr, U may be empty or an underscore; expand it - U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` @@ -408,7 +398,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking -# is enabled. FIXME. This creates each `.P' file that we will +# is enabled. FIXME. This creates each '.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], @@ -416,32 +406,23 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) -# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005 -# Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# serial 8 - -# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS. -AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)]) - # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, -# 2005, 2006, 2008, 2009 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 16 - # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. +dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O. +m4_define([AC_PROG_CC], +m4_defn([AC_PROG_CC]) +[_AM_PROG_CC_C_O +]) + # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- @@ -454,7 +435,7 @@ AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)]) # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], -[AC_PREREQ([2.62])dnl +[AC_PREREQ([2.65])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl @@ -483,33 +464,42 @@ AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], -[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl +[AC_DIAGNOSE([obsolete], + [$0: two- and three-arguments forms are deprecated.]) +m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. -m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, +m4_if( + m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), + [ok:ok],, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, -[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) - AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl +[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) + AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl -AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) -AM_MISSING_PROG(AUTOCONF, autoconf) -AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) -AM_MISSING_PROG(AUTOHEADER, autoheader) -AM_MISSING_PROG(MAKEINFO, makeinfo) +AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) +AM_MISSING_PROG([AUTOCONF], [autoconf]) +AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) +AM_MISSING_PROG([AUTOHEADER], [autoheader]) +AM_MISSING_PROG([MAKEINFO], [makeinfo]) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl -AC_REQUIRE([AM_PROG_MKDIR_P])dnl -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +AC_SUBST([mkdir_p], ['$(MKDIR_P)']) +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl @@ -518,34 +508,82 @@ _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], - [_AM_DEPENDENCIES(CC)], - [define([AC_PROG_CC], - defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl + [_AM_DEPENDENCIES([CC])], + [m4_define([AC_PROG_CC], + m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], - [_AM_DEPENDENCIES(CXX)], - [define([AC_PROG_CXX], - defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl + [_AM_DEPENDENCIES([CXX])], + [m4_define([AC_PROG_CXX], + m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], - [_AM_DEPENDENCIES(OBJC)], - [define([AC_PROG_OBJC], - defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl + [_AM_DEPENDENCIES([OBJC])], + [m4_define([AC_PROG_OBJC], + m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], + [_AM_DEPENDENCIES([OBJCXX])], + [m4_define([AC_PROG_OBJCXX], + m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl ]) -_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl -dnl The `parallel-tests' driver may need to know about EXEEXT, so add the -dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro -dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. +AC_REQUIRE([AM_SILENT_RULES])dnl +dnl The testsuite driver may need to know about EXEEXT, so add the +dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This +dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) + fi +fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. ]) -dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) - # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. @@ -567,21 +605,18 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001, 2003, 2005, 2008, 2011 Free Software Foundation, -# Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 1 - # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -589,16 +624,14 @@ if test x"${install_sh}" != xset; then install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi -AC_SUBST(install_sh)]) +AC_SUBST([install_sh])]) -# Copyright (C) 2003, 2005 Free Software Foundation, Inc. +# Copyright (C) 2003-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 2 - # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], @@ -615,20 +648,17 @@ AC_SUBST([am__leading_dot])]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008, -# 2011 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 5 - # AM_MAINTAINER_MODE([DEFAULT-MODE]) # ---------------------------------- # Control maintainer-specific portions of Makefiles. -# Default is to disable them, unless `enable' is passed literally. -# For symmetry, `disable' may be passed as well. Anyway, the user +# Default is to disable them, unless 'enable' is passed literally. +# For symmetry, 'disable' may be passed as well. Anyway, the user # can override the default with the --enable/--disable switch. AC_DEFUN([AM_MAINTAINER_MODE], [m4_case(m4_default([$1], [disable]), @@ -639,10 +669,11 @@ AC_DEFUN([AM_MAINTAINER_MODE], AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) dnl maintainer-mode's default is 'disable' unless 'enable' is passed AC_ARG_ENABLE([maintainer-mode], -[ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful - (and sometimes confusing) to the casual installer], - [USE_MAINTAINER_MODE=$enableval], - [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) + [AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode], + am_maintainer_other[ make rules and dependencies not useful + (and sometimes confusing) to the casual installer])], + [USE_MAINTAINER_MODE=$enableval], + [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) AC_MSG_RESULT([$USE_MAINTAINER_MODE]) AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) MAINT=$MAINTAINER_MODE_TRUE @@ -650,18 +681,14 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) ] ) -AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE]) - # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 4 - # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. @@ -679,7 +706,7 @@ am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# Ignore all kinds of additional output from `make'. +# Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include @@ -706,15 +733,12 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 -# Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 6 - # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], @@ -722,11 +746,10 @@ AC_DEFUN([AM_MISSING_PROG], $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) - # AM_MISSING_HAS_RUN # ------------------ -# Define MISSING if not defined so far and test if it supports --run. -# If it does, set am_missing_run to use it, otherwise, to nothing. +# Define MISSING if not defined so far and test if it is modern enough. +# If it is, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl @@ -739,54 +762,22 @@ if test x"${MISSING+set}" != xset; then esac fi # Use eval to expand $SHELL -if eval "$MISSING --run true"; then - am_missing_run="$MISSING --run " +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " else am_missing_run= - AC_MSG_WARN([`missing' script is too old or missing]) + AC_MSG_WARN(['missing' script is too old or missing]) fi ]) -# Copyright (C) 2003, 2004, 2005, 2006, 2011 Free Software Foundation, -# Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# serial 1 - -# AM_PROG_MKDIR_P -# --------------- -# Check for `mkdir -p'. -AC_DEFUN([AM_PROG_MKDIR_P], -[AC_PREREQ([2.60])dnl -AC_REQUIRE([AC_PROG_MKDIR_P])dnl -dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, -dnl while keeping a definition of mkdir_p for backward compatibility. -dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. -dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of -dnl Makefile.ins that do not define MKDIR_P, so we do our own -dnl adjustment using top_builddir (which is defined more often than -dnl MKDIR_P). -AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl -case $mkdir_p in - [[\\/$]]* | ?:[[\\/]]*) ;; - */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; -esac -]) - # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001, 2002, 2003, 2005, 2008, 2010 Free Software -# Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 5 - # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], @@ -796,7 +787,7 @@ AC_DEFUN([_AM_MANGLE_OPTION], # -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], -[m4_define(_AM_MANGLE_OPTION([$1]), 1)]) +[m4_define(_AM_MANGLE_OPTION([$1]), [1])]) # _AM_SET_OPTIONS(OPTIONS) # ------------------------ @@ -810,24 +801,82 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Check to make sure that the build environment is sane. -*- Autoconf -*- +# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. -# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 -# Free Software Foundation, Inc. +# _AM_PROG_CC_C_O +# --------------- +# Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC +# to automatically call this. +AC_DEFUN([_AM_PROG_CC_C_O], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([compile])dnl +AC_LANG_PUSH([C])dnl +AC_CACHE_CHECK( + [whether $CC understands -c and -o together], + [am_cv_prog_cc_c_o], + [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])]) + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i]) +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +AC_LANG_POP([C])]) + +# For backward compatibility. +AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) + +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 5 +# AM_RUN_LOG(COMMAND) +# ------------------- +# Run COMMAND, save the exit status in ac_status, and log it. +# (This has been adapted from Autoconf's _AC_RUN_LOG macro.) +AC_DEFUN([AM_RUN_LOG], +[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD + ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + (exit $ac_status); }]) + +# Check to make sure that the build environment is sane. -*- Autoconf -*- + +# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) -# Just in case -sleep 1 -echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -838,32 +887,40 @@ case `pwd` in esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) - AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; + AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; esac -# Do `set' in a subshell so we don't clobber the current shell's +# Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$[*]" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - rm -f conftest.file - if test "$[*]" != "X $srcdir/configure conftest.file" \ - && test "$[*]" != "X conftest.file $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken -alias in your environment]) - fi - + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken + alias in your environment]) + fi + if test "$[2]" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done test "$[2]" = conftest.file ) then @@ -873,46 +930,118 @@ else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi -AC_MSG_RESULT(yes)]) +AC_MSG_RESULT([yes]) +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi +AC_CONFIG_COMMANDS_PRE( + [AC_MSG_CHECKING([that generated files are newer than configure]) + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + AC_MSG_RESULT([done])]) +rm -f conftest.file +]) -# Copyright (C) 2001, 2003, 2005, 2011 Free Software Foundation, Inc. +# Copyright (C) 2009-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 1 +# AM_SILENT_RULES([DEFAULT]) +# -------------------------- +# Enable less verbose build rules; with the default set to DEFAULT +# ("yes" being less verbose, "no" or empty being verbose). +AC_DEFUN([AM_SILENT_RULES], +[AC_ARG_ENABLE([silent-rules], [dnl +AS_HELP_STRING( + [--enable-silent-rules], + [less verbose build output (undo: "make V=1")]) +AS_HELP_STRING( + [--disable-silent-rules], + [verbose build output (undo: "make V=0")])dnl +]) +case $enable_silent_rules in @%:@ ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; +esac +dnl +dnl A few 'make' implementations (e.g., NonStop OS and NextStep) +dnl do not support nested variable expansions. +dnl See automake bug#9928 and bug#10237. +am_make=${MAKE-make} +AC_CACHE_CHECK([whether $am_make supports nested variables], + [am_cv_make_support_nested_variables], + [if AS_ECHO([['TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi]) +if test $am_cv_make_support_nested_variables = yes; then + dnl Using '$V' instead of '$(V)' breaks IRIX make. + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AC_SUBST([AM_V])dnl +AM_SUBST_NOTMAKE([AM_V])dnl +AC_SUBST([AM_DEFAULT_V])dnl +AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl +AC_SUBST([AM_DEFAULT_VERBOSITY])dnl +AM_BACKSLASH='\' +AC_SUBST([AM_BACKSLASH])dnl +_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl +]) + +# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- -# One issue with vendor `install' (even GNU) is that you can't +# One issue with vendor 'install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we -# always use install-sh in `make install-strip', and initialize +# always use install-sh in "make install-strip", and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl -# Installed binaries are usually stripped using `strip' when the user -# run `make install-strip'. However `strip' might not be the right +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake -# will honor the `STRIP' environment variable to overrule this program. -dnl Don't test for $cross_compiling = yes, because it might be `maybe'. +# will honor the 'STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006, 2008, 2010 Free Software Foundation, Inc. +# Copyright (C) 2006-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 3 - # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. @@ -926,18 +1055,16 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004, 2005, 2012 Free Software Foundation, Inc. +# Copyright (C) 2004-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. -# serial 2 - # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. -# FORMAT should be one of `v7', `ustar', or `pax'. +# FORMAT should be one of 'v7', 'ustar', or 'pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory @@ -947,76 +1074,114 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar +# AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AC_SUBST([AMTAR], ['$${TAR-tar}']) -m4_if([$1], [v7], - [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], - [m4_case([$1], [ustar],, [pax],, - [m4_fatal([Unknown tar format])]) -AC_MSG_CHECKING([how to create a $1 tar archive]) -# Loop over all known methods to create a tar archive until one works. + +# We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' -_am_tools=${am_cv_prog_tar_$1-$_am_tools} -# Do not fold the above two line into one, because Tru64 sh and -# Solaris sh will not grok spaces in the rhs of `-'. -for _am_tool in $_am_tools -do - case $_am_tool in - gnutar) - for _am_tar in tar gnutar gtar; - do - AM_RUN_LOG([$_am_tar --version]) && break - done - am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' - am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' - am__untar="$_am_tar -xf -" - ;; - plaintar) - # Must skip GNU tar: if it does not support --format= it doesn't create - # ustar tarball either. - (tar --version) >/dev/null 2>&1 && continue - am__tar='tar chf - "$$tardir"' - am__tar_='tar chf - "$tardir"' - am__untar='tar xf -' - ;; - pax) - am__tar='pax -L -x $1 -w "$$tardir"' - am__tar_='pax -L -x $1 -w "$tardir"' - am__untar='pax -r' - ;; - cpio) - am__tar='find "$$tardir" -print | cpio -o -H $1 -L' - am__tar_='find "$tardir" -print | cpio -o -H $1 -L' - am__untar='cpio -i -H $1 -d' - ;; - none) - am__tar=false - am__tar_=false - am__untar=false - ;; - esac - # If the value was cached, stop now. We just wanted to have am__tar - # and am__untar set. - test -n "${am_cv_prog_tar_$1}" && break +m4_if([$1], [v7], + [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], + + [m4_case([$1], + [ustar], + [# The POSIX 1988 'ustar' format is defined with fixed-size fields. + # There is notably a 21 bits limit for the UID and the GID. In fact, + # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 + # and bug#13588). + am_max_uid=2097151 # 2^21 - 1 + am_max_gid=$am_max_uid + # The $UID and $GID variables are not portable, so we need to resort + # to the POSIX-mandated id(1) utility. Errors in the 'id' calls + # below are definitely unexpected, so allow the users to see them + # (that is, avoid stderr redirection). + am_uid=`id -u || echo unknown` + am_gid=`id -g || echo unknown` + AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) + if test $am_uid -le $am_max_uid; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + _am_tools=none + fi + AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) + if test $am_gid -le $am_max_gid; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + _am_tools=none + fi], + + [pax], + [], + + [m4_fatal([Unknown tar format])]) + + AC_MSG_CHECKING([how to create a $1 tar archive]) + + # Go ahead even if we have the value already cached. We do so because we + # need to set the values for the 'am__tar' and 'am__untar' variables. + _am_tools=${am_cv_prog_tar_$1-$_am_tools} + + for _am_tool in $_am_tools; do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac - # tar/untar a dummy directory, and stop if the command works - rm -rf conftest.dir - mkdir conftest.dir - echo GrepMe > conftest.dir/file - AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break + + # tar/untar a dummy directory, and stop if the command works. + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi + done rm -rf conftest.dir - if test -s conftest.tar; then - AM_RUN_LOG([$am__untar /dev/null 2>&1 && break - fi -done -rm -rf conftest.dir -AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) -AC_MSG_RESULT([$am_cv_prog_tar_$1])]) + AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) + AC_MSG_RESULT([$am_cv_prog_tar_$1])]) + AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR diff --git a/vendor/libssh2/cmake/CheckFunctionExistsMayNeedLibrary.cmake b/vendor/libssh2/cmake/CheckFunctionExistsMayNeedLibrary.cmake new file mode 100644 index 0000000000..8ac61abe5e --- /dev/null +++ b/vendor/libssh2/cmake/CheckFunctionExistsMayNeedLibrary.cmake @@ -0,0 +1,81 @@ +# Copyright (c) 2014 Alexander Lamaison +# +# Redistribution and use in source and binary forms, +# with or without modification, are permitted provided +# that the following conditions are met: +# +# Redistributions of source code must retain the above +# copyright notice, this list of conditions and the +# following disclaimer. +# +# Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. +# +# Neither the name of the copyright holder nor the names +# of any other contributors may be used to endorse or +# promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND +# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY +# OF SUCH DAMAGE. + + +# - check_function_exists_maybe_need_library( [lib1 ... libn]) +# +# Check if function is available for linking, first without extra libraries, and +# then, if not found that way, linking in each optional library as well. This +# function is similar to autotools AC_SEARCH_LIBS. +# +# If the function if found, this will define . +# +# If the function was only found by linking in an additional library, this +# will define NEED_LIB_LIBX, where LIBX is the one of lib1 to libn that +# makes the function available, in uppercase. +# +# The following variables may be set before calling this macro to +# modify the way the check is run: +# +# CMAKE_REQUIRED_FLAGS = string of compile command line flags +# CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar) +# CMAKE_REQUIRED_INCLUDES = list of include directories +# CMAKE_REQUIRED_LIBRARIES = list of libraries to link +# + +include(CheckFunctionExists) +include(CheckLibraryExists) + +function(check_function_exists_may_need_library function variable) + + check_function_exists(${function} ${variable}) + + if(NOT ${variable}) + foreach(lib ${ARGN}) + string(TOUPPER ${lib} UP_LIB) + # Use new variable to prevent cache from previous step shortcircuiting + # new test + check_library_exists(${lib} ${function} "" HAVE_${function}_IN_${lib}) + if(HAVE_${function}_IN_${lib}) + set(${variable} 1 CACHE INTERNAL + "Function ${function} found in library ${lib}") + set(NEED_LIB_${UP_LIB} 1 CACHE INTERNAL + "Need to link ${lib}") + break() + endif() + endforeach() + endif() + +endfunction() \ No newline at end of file diff --git a/vendor/libssh2/cmake/CheckNonblockingSocketSupport.cmake b/vendor/libssh2/cmake/CheckNonblockingSocketSupport.cmake new file mode 100644 index 0000000000..74f4776a68 --- /dev/null +++ b/vendor/libssh2/cmake/CheckNonblockingSocketSupport.cmake @@ -0,0 +1,119 @@ +include(CheckCSourceCompiles) + +# - check_nonblocking_socket_support() +# +# Check for how to set a socket to non-blocking state. There seems to exist +# four known different ways, with the one used almost everywhere being POSIX +# and XPG3, while the other different ways for different systems (old BSD, +# Windows and Amiga). +# +# One of the following variables will be set indicating the supported +# method (if any): +# HAVE_O_NONBLOCK +# HAVE_FIONBIO +# HAVE_IOCTLSOCKET +# HAVE_IOCTLSOCKET_CASE +# HAVE_SO_NONBLOCK +# HAVE_DISABLED_NONBLOCKING +# +# The following variables may be set before calling this macro to +# modify the way the check is run: +# +# CMAKE_REQUIRED_FLAGS = string of compile command line flags +# CMAKE_REQUIRED_DEFINITIONS = list of macros to define (-DFOO=bar) +# CMAKE_REQUIRED_INCLUDES = list of include directories +# CMAKE_REQUIRED_LIBRARIES = list of libraries to link +# +macro(check_nonblocking_socket_support) + # There are two known platforms (AIX 3.x and SunOS 4.1.x) where the + # O_NONBLOCK define is found but does not work. + check_c_source_compiles(" +#include +#include +#include + +#if defined(sun) || defined(__sun__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) +# if defined(__SVR4) || defined(__srv4__) +# define PLATFORM_SOLARIS +# else +# define PLATFORM_SUNOS4 +# endif +#endif +#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41) +# define PLATFORM_AIX_V3 +#endif + +#if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) || defined(__BEOS__) +#error \"O_NONBLOCK does not work on this platform\" +#endif + +int main() +{ + int socket; + int flags = fcntl(socket, F_SETFL, flags | O_NONBLOCK); +}" + HAVE_O_NONBLOCK) + + if(NOT HAVE_O_NONBLOCK) + check_c_source_compiles("/* FIONBIO test (old-style unix) */ +#include +#include + +int main() +{ + int socket; + int flags = ioctl(socket, FIONBIO, &flags); +}" + HAVE_FIONBIO) + + if(NOT HAVE_FIONBIO) + check_c_source_compiles("/* ioctlsocket test (Windows) */ +#undef inline +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif + +#include +#include + +int main() +{ + SOCKET sd; + unsigned long flags = 0; + sd = socket(0, 0, 0); + ioctlsocket(sd, FIONBIO, &flags); +}" + HAVE_IOCTLSOCKET) + + if(NOT HAVE_IOCTLSOCKET) + check_c_source_compiles("/* IoctlSocket test (Amiga?) */ +#include + +int main() +{ + int socket; + int flags = IoctlSocket(socket, FIONBIO, (long)1); +}" + HAVE_IOCTLSOCKET_CASE) + + if(NOT HAVE_IOCTLSOCKET_CASE) + check_c_source_compiles("/* SO_NONBLOCK test (BeOS) */ +#include + +int main() +{ + long b = 1; + int socket; + int flags = setsockopt(socket, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b)); +}" + HAVE_SO_NONBLOCK) + + if(NOT HAVE_SO_NONBLOCK) + # No non-blocking socket method found + set(HAVE_DISABLED_NONBLOCKING 1) + endif() + endif() + endif() + endif() + endif() +endmacro() \ No newline at end of file diff --git a/vendor/libssh2/cmake/CopyRuntimeDependencies.cmake b/vendor/libssh2/cmake/CopyRuntimeDependencies.cmake new file mode 100644 index 0000000000..083f762686 --- /dev/null +++ b/vendor/libssh2/cmake/CopyRuntimeDependencies.cmake @@ -0,0 +1,72 @@ +# Copyright (c) 2014 Alexander Lamaison +# +# Redistribution and use in source and binary forms, +# with or without modification, are permitted provided +# that the following conditions are met: +# +# Redistributions of source code must retain the above +# copyright notice, this list of conditions and the +# following disclaimer. +# +# Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. +# +# Neither the name of the copyright holder nor the names +# of any other contributors may be used to endorse or +# promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND +# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY +# OF SUCH DAMAGE. + +include(CMakeParseArguments) + +function(ADD_TARGET_TO_COPY_DEPENDENCIES) + set(options) + set(oneValueArgs TARGET) + set(multiValueArgs DEPENDENCIES BEFORE_TARGETS) + cmake_parse_arguments(COPY + "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN}) + + if(NOT COPY_DEPENDENCIES) + return() + endif() + + # Using a custom target to drive custom commands stops multiple + # parallel builds trying to kick off the commands at the same time + add_custom_target(${COPY_TARGET}) + + foreach(target ${COPY_BEFORE_TARGETS}) + add_dependencies(${target} ${COPY_TARGET}) + endforeach() + + foreach(dependency ${COPY_DEPENDENCIES}) + + add_custom_command( + TARGET ${COPY_TARGET} + DEPENDS ${dependency} + # Make directory first otherwise file is copied in place of + # directory instead of into it + COMMAND ${CMAKE_COMMAND} + ARGS -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR} + COMMAND ${CMAKE_COMMAND} + ARGS -E copy ${dependency} ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR} + VERBATIM) + + endforeach() + +endfunction() diff --git a/vendor/libssh2/cmake/FindLibgcrypt.cmake b/vendor/libssh2/cmake/FindLibgcrypt.cmake new file mode 100644 index 0000000000..44a79873d6 --- /dev/null +++ b/vendor/libssh2/cmake/FindLibgcrypt.cmake @@ -0,0 +1,53 @@ +# Copyright (c) 2014 Alexander Lamaison +# +# Redistribution and use in source and binary forms, +# with or without modification, are permitted provided +# that the following conditions are met: +# +# Redistributions of source code must retain the above +# copyright notice, this list of conditions and the +# following disclaimer. +# +# Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. +# +# Neither the name of the copyright holder nor the names +# of any other contributors may be used to endorse or +# promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND +# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY +# OF SUCH DAMAGE. + +# - Try to find Libgcrypt +# This will define all or none of: +# LIBGCRYPT_FOUND - if Libgcrypt headers and library was found +# LIBGCRYPT_INCLUDE_DIRS - The Libgcrypt include directories +# LIBGCRYPT_LIBRARIES - The libraries needed to use Libgcrypt + +find_path(LIBGCRYPT_INCLUDE_DIR gcrypt.h) + +find_library(LIBGCRYPT_LIBRARY NAMES gcrypt libgcrypt) + +set(LIBGCRYPT_LIBRARIES ${LIBGCRYPT_LIBRARY}) +set(LIBGCRYPT_INCLUDE_DIRS ${LIBGCRYPT_INCLUDE_DIR}) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(Libgcrypt DEFAULT_MSG + LIBGCRYPT_LIBRARY LIBGCRYPT_INCLUDE_DIR) + +mark_as_advanced(LIBGCRYPT_INCLUDE_DIR LIBGCRYPT_LIBRARY) \ No newline at end of file diff --git a/vendor/libssh2/cmake/SocketLibraries.cmake b/vendor/libssh2/cmake/SocketLibraries.cmake new file mode 100644 index 0000000000..bfbbd711e3 --- /dev/null +++ b/vendor/libssh2/cmake/SocketLibraries.cmake @@ -0,0 +1,64 @@ +# Copyright (c) 2014 Alexander Lamaison +# +# Redistribution and use in source and binary forms, +# with or without modification, are permitted provided +# that the following conditions are met: +# +# Redistributions of source code must retain the above +# copyright notice, this list of conditions and the +# following disclaimer. +# +# Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. +# +# Neither the name of the copyright holder nor the names +# of any other contributors may be used to endorse or +# promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND +# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY +# OF SUCH DAMAGE. + +# Some systems have their socket functions in a library. +# (Solaris -lsocket/-lnsl, Windows -lws2_32). This macro appends those +# libraries to the given list +macro(append_needed_socket_libraries LIBRARIES_LIST) + if(CMAKE_SYSTEM_NAME STREQUAL "Windows" AND CMAKE_SIZEOF_VOID_P EQUAL 4) + # x86 Windows uses STDCALL for these functions, so their names are mangled, + # meaning the platform checks don't work. Hardcoding these until we get + # a better solution. + set(HAVE_SOCKET 1) + set(HAVE_SELECT 1) + set(HAVE_INET_ADDR 1) + set(NEED_LIB_WS2_32 1) + else() + check_function_exists_may_need_library(socket HAVE_SOCKET socket ws2_32) + check_function_exists_may_need_library(select HAVE_SELECT ws2_32) + check_function_exists_may_need_library(inet_addr HAVE_INET_ADDR nsl ws2_32) + endif() + + if(NEED_LIB_SOCKET) + list(APPEND ${LIBRARIES_LIST} socket) + endif() + if(NEED_LIB_NSL) + list(APPEND ${LIBRARIES_LIST} nsl) + endif() + if(NEED_LIB_WS2_32) + list(APPEND ${LIBRARIES_LIST} ws2_32) + endif() + +endmacro() \ No newline at end of file diff --git a/vendor/libssh2/cmake/Toolchain-Linux-32.cmake b/vendor/libssh2/cmake/Toolchain-Linux-32.cmake new file mode 100644 index 0000000000..6aad9b1e2d --- /dev/null +++ b/vendor/libssh2/cmake/Toolchain-Linux-32.cmake @@ -0,0 +1,42 @@ +# Copyright (c) 2014 Alexander Lamaison +# +# Redistribution and use in source and binary forms, +# with or without modification, are permitted provided +# that the following conditions are met: +# +# Redistributions of source code must retain the above +# copyright notice, this list of conditions and the +# following disclaimer. +# +# Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. +# +# Neither the name of the copyright holder nor the names +# of any other contributors may be used to endorse or +# promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND +# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY +# OF SUCH DAMAGE. + +# Cross-compile 32-bit binary on 64-bit linux host +set(CMAKE_SYSTEM_NAME Linux) +set(CMAKE_SYSTEM_VERSION 1) +set(CMAKE_SYSTEM_PROCESSOR "i386") + +set(CMAKE_CXX_COMPILER_ARG1 "-m32") +set(CMAKE_C_COMPILER_ARG1 "-m32") \ No newline at end of file diff --git a/vendor/libssh2/cmake/max_warnings.cmake b/vendor/libssh2/cmake/max_warnings.cmake new file mode 100644 index 0000000000..b176d302d3 --- /dev/null +++ b/vendor/libssh2/cmake/max_warnings.cmake @@ -0,0 +1,23 @@ +if(MSVC) + # Use the highest warning level for visual studio. + if(CMAKE_CXX_FLAGS MATCHES "/W[0-4]") + string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") + else() + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /W4") + endif() + if(CMAKE_C_FLAGS MATCHES "/W[0-4]") + string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") + else() + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W4") + endif() + + # Disable broken warnings + add_definitions(-D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_DEPRECATE) +elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) + if(NOT CMAKE_CXX_FLAGS MATCHES "-Wall") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall") + endif() + if(NOT CMAKE_C_FLAGS MATCHES "-Wall") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall") + endif() +endif() diff --git a/vendor/libssh2/compile b/vendor/libssh2/compile new file mode 100755 index 0000000000..531136b068 --- /dev/null +++ b/vendor/libssh2/compile @@ -0,0 +1,347 @@ +#! /bin/sh +# Wrapper for compilers which do not understand '-c -o'. + +scriptversion=2012-10-14.11; # UTC + +# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Written by Tom Tromey . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac + +ofile= +cfile= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use '[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/vendor/libssh2/configure b/vendor/libssh2/configure index 0445d8ddab..8d323ac1a7 100755 --- a/vendor/libssh2/configure +++ b/vendor/libssh2/configure @@ -641,17 +641,31 @@ HAVE_SYS_UN_H_FALSE HAVE_SYS_UN_H_TRUE BUILD_EXAMPLES_FALSE BUILD_EXAMPLES_TRUE +LIBSREQUIRED LIBZ_PREFIX LTLIBZ LIBZ HAVE_LIBZ +OS400QC3_FALSE +OS400QC3_TRUE +WINCNG_FALSE +WINCNG_TRUE +LIBCRYPT32_PREFIX +LTLIBCRYPT32 +LIBCRYPT32 +HAVE_LIBCRYPT32 +LIBBCRYPT_PREFIX +LTLIBBCRYPT +LIBBCRYPT +HAVE_LIBBCRYPT LIBGCRYPT_FALSE LIBGCRYPT_TRUE -LIBSREQUIRED LIBGCRYPT_PREFIX LTLIBGCRYPT LIBGCRYPT HAVE_LIBGCRYPT +OPENSSL_FALSE +OPENSSL_TRUE LIBSSL_PREFIX LTLIBSSL LIBSSL @@ -731,6 +745,10 @@ INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM SED +AM_BACKSLASH +AM_DEFAULT_VERBOSITY +AM_DEFAULT_V +AM_V MAINT MAINTAINER_MODE_FALSE MAINTAINER_MODE_TRUE @@ -753,6 +771,7 @@ infodir docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -776,6 +795,7 @@ ac_subst_files='' ac_user_opts=' enable_option_checking enable_maintainer_mode +enable_silent_rules enable_dependency_tracking enable_shared enable_static @@ -785,16 +805,20 @@ with_gnu_ld with_sysroot enable_libtool_lock enable_largefile -with_libgcrypt with_openssl +with_libgcrypt +with_wincng with_libz enable_rpath with_libssl_prefix with_libgcrypt_prefix +with_libbcrypt_prefix +with_libcrypt32_prefix with_libz_prefix enable_crypt_none enable_mac_none enable_gex_new +enable_clear_memory enable_debug enable_hidden_symbols enable_examples_build @@ -846,6 +870,7 @@ datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1098,6 +1123,15 @@ do | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1235,7 +1269,7 @@ fi for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1388,6 +1422,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1426,10 +1461,15 @@ Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --enable-maintainer-mode enable make rules and dependencies not useful - (and sometimes confusing) to the casual installer - --disable-dependency-tracking speeds up one-time build - --enable-dependency-tracking do not reject slow dependency extractors + --enable-maintainer-mode + enable make rules and dependencies not useful (and + sometimes confusing) to the casual installer + --enable-silent-rules less verbose build output (undo: "make V=1") + --disable-silent-rules verbose build output (undo: "make V=0") + --enable-dependency-tracking + do not reject slow dependency extractors + --disable-dependency-tracking + speeds up one-time build --enable-shared[=PKGS] build shared libraries [default=yes] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] @@ -1441,6 +1481,7 @@ Optional Features: --enable-mac-none Permit "none" MAC -- NOT RECOMMENDED --disable-gex-new Disable "new" diffie-hellman-group-exchange-sha1 method + --disable-clear-memory Disable clearing of memory before being freed --enable-debug Enable pedantic and debug options --disable-debug Disable debug options --enable-hidden-symbols Hide internal symbols in library @@ -1458,14 +1499,19 @@ Optional Packages: --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-sysroot=DIR Search for dependent libraries within DIR (or the compiler's sysroot if not specified). - --with-libgcrypt Use Libgcrypt for crypto --with-openssl Use OpenSSL for crypto - --with-libz Use Libz for compression + --with-libgcrypt Use libgcrypt for crypto + --with-wincng Use Windows CNG for crypto + --with-libz Use zlib for compression --with-gnu-ld assume the C compiler uses GNU ld default=no --with-libssl-prefix[=DIR] search for libssl in DIR/include and DIR/lib --without-libssl-prefix don't search for libssl in includedir and libdir --with-libgcrypt-prefix[=DIR] search for libgcrypt in DIR/include and DIR/lib --without-libgcrypt-prefix don't search for libgcrypt in includedir and libdir + --with-libbcrypt-prefix[=DIR] search for libbcrypt in DIR/include and DIR/lib + --without-libbcrypt-prefix don't search for libbcrypt in includedir and libdir + --with-libcrypt32-prefix[=DIR] search for libcrypt32 in DIR/include and DIR/lib + --without-libcrypt32-prefix don't search for libcrypt32 in includedir and libdir --with-libz-prefix[=DIR] search for libz in DIR/include and DIR/lib --without-libz-prefix don't search for libz in includedir and libdir @@ -1874,6 +1920,52 @@ $as_echo "$ac_res" >&6; } } # ac_fn_c_check_func +# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES +# --------------------------------------------- +# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +# accordingly. +ac_fn_c_check_decl () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + as_decl_name=`echo $2|sed 's/ *(.*//'` + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +$as_echo_n "checking whether $as_decl_name is declared... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +#ifndef $as_decl_name +#ifdef __cplusplus + (void) $as_decl_use; +#else + (void) $as_decl_name; +#endif +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_decl + # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using @@ -2343,6 +2435,45 @@ fi MAINT=$MAINTAINER_MODE_TRUE +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=0;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + # Extract the first word of "sed", so it can be a program name with args. set dummy sed; ac_word=$2 @@ -2394,7 +2525,7 @@ $as_echo "$as_me: WARNING: sed was not found, this may ruin your chances to buil fi LIBSSH2VER=`$SED -ne 's/^#define LIBSSH2_VERSION *"\(.*\)"/\1/p' ${srcdir}/include/libssh2.h` -am__api_version='1.11' +am__api_version='1.15' ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do @@ -2520,9 +2651,6 @@ test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } -# Just in case -sleep 1 -echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -2533,32 +2661,40 @@ case `pwd` in esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) - as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; + as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; esac -# Do `set' in a subshell so we don't clobber the current shell's +# Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( - set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` - if test "$*" = "X"; then - # -L didn't work. - set X `ls -t "$srcdir/configure" conftest.file` - fi - rm -f conftest.file - if test "$*" != "X $srcdir/configure conftest.file" \ - && test "$*" != "X conftest.file $srcdir/configure"; then - - # If neither matched, then we have a broken ls. This can happen - # if, for instance, CONFIG_SHELL is bash and it inherits a - # broken ls alias from the environment. This has actually - # happened. Such a system could not be considered "sane". - as_fn_error $? "ls -t appears to fail. Make sure there is not a broken -alias in your environment" "$LINENO" 5 - fi - + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken + alias in your environment" "$LINENO" 5 + fi + if test "$2" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done test "$2" = conftest.file ) then @@ -2570,6 +2706,16 @@ Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi + +rm -f conftest.file + test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. @@ -2580,8 +2726,8 @@ test "$program_suffix" != NONE && ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in @@ -2592,15 +2738,15 @@ if test x"${MISSING+set}" != xset; then esac fi # Use eval to expand $SHELL -if eval "$MISSING --run true"; then - am_missing_run="$MISSING --run " +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " else am_missing_run= - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 -$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -2609,10 +2755,10 @@ if test x"${install_sh}" != xset; then esac fi -# Installed binaries are usually stripped using `strip' when the user -# run `make install-strip'. However `strip' might not be the right +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake -# will honor the `STRIP' environment variable to overrule this program. +# will honor the 'STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. @@ -2751,12 +2897,6 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } -mkdir_p="$MKDIR_P" -case $mkdir_p in - [\\/$]* | ?:[\\/]*) ;; - */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; -esac - for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -2889,18 +3029,71 @@ AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +mkdir_p='$(MKDIR_P)' + +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar pax cpio none' + am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 + fi +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking libssh2 version" >&5 $as_echo_n "checking libssh2 version... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBSSH2VER" >&5 @@ -3058,7 +3251,7 @@ am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf -# Ignore all kinds of additional output from `make'. +# Ignore all kinds of additional output from 'make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include @@ -3891,6 +4084,65 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } +if ${am_cv_prog_cc_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5 + ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +$as_echo "$am_cv_prog_cc_c_o" >&6; } +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 @@ -3902,8 +4154,8 @@ else # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named `D' -- because `-MD' means `put the output - # in D'. + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're @@ -3938,16 +4190,16 @@ else : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" + # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -3956,8 +4208,8 @@ else test "$am__universal" = false || continue ;; nosideeffect) - # after this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else @@ -3965,7 +4217,7 @@ else fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has + # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -5169,6 +5421,65 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } +if ${am_cv_prog_cc_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5 + ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +$as_echo "$am_cv_prog_cc_c_o" >&6; } +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 @@ -5180,8 +5491,8 @@ else # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up - # making a dummy file named `D' -- because `-MD' means `put the output - # in D'. + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're @@ -5216,16 +5527,16 @@ else : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c - # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with - # Solaris 8's {/usr,}/bin/sh. - touch sub/conftst$i.h + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf - # We check with `-c' and `-o' for the sake of the "dashmstdout" + # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly - # handle `-M -o', and we need to detect this. Also, some Intel - # versions had trouble with output in subdirs + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in @@ -5234,8 +5545,8 @@ else test "$am__universal" = false || continue ;; nosideeffect) - # after this tag, mechanisms are not by side-effect, so they'll - # only be used when explicitly requested + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else @@ -5243,7 +5554,7 @@ else fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) - # This compiler won't grok `-c -o', but also, the minuso test has + # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} @@ -6369,7 +6680,8 @@ else ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` - if test -n "$lt_cv_sys_max_cmd_len"; then + if test -n "$lt_cv_sys_max_cmd_len" && \ + test undefined != "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else @@ -7883,7 +8195,7 @@ ia64-*-hpux*) rm -rf conftest* ;; -x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext @@ -7899,9 +8211,19 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) - LD="${LD-ld} -m elf_i386" + case `/usr/bin/file conftest.o` in + *x86-64*) + LD="${LD-ld} -m elf32_x86_64" + ;; + *) + LD="${LD-ld} -m elf_i386" + ;; + esac ;; - ppc64-*linux*|powerpc64-*linux*) + powerpc64le-*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) @@ -7920,7 +8242,10 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; - ppc*-*linux*|powerpc*-*linux*) + powerpcle-*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) @@ -13041,7 +13366,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -13087,7 +13412,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -13111,7 +13436,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -13156,7 +13481,7 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -13180,7 +13505,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) +#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -13219,6 +13544,14 @@ fi # Configure parameters +# Check whether --with-openssl was given. +if test "${with_openssl+set}" = set; then : + withval=$with_openssl; use_openssl=$withval +else + use_openssl=auto +fi + + # Check whether --with-libgcrypt was given. if test "${with_libgcrypt+set}" = set; then : withval=$with_libgcrypt; use_libgcrypt=$withval @@ -13227,11 +13560,11 @@ else fi -# Check whether --with-openssl was given. -if test "${with_openssl+set}" = set; then : - withval=$with_openssl; use_openssl=$withval +# Check whether --with-wincng was given. +if test "${with_wincng+set}" = set; then : + withval=$with_wincng; use_wincng=$withval else - use_openssl=auto + use_wincng=auto fi @@ -13243,8 +13576,11 @@ else fi -# Look for OpenSSL (default) -if test "$use_openssl" != "no" && test "$use_libgcrypt" != "yes"; then +found_crypto=none +support_clear_memory=no + +# Look for OpenSSL +if test "$found_crypto" = "none" && test "$use_openssl" != "no"; then if test "X$prefix" = "XNONE"; then acl_final_prefix="$ac_default_prefix" @@ -13948,11 +14284,42 @@ $as_echo "$LIBSSL" >&6; } +fi +if test "$ac_cv_libssl" = "yes"; then + +$as_echo "#define LIBSSH2_OPENSSL 1" >>confdefs.h + LIBSREQUIRED=libssl,libcrypto + + # Not all OpenSSL have AES-CTR functions. + save_LIBS="$LIBS" + LIBS="$LIBS $LIBSSL" + for ac_func in EVP_aes_128_ctr +do : + ac_fn_c_check_func "$LINENO" "EVP_aes_128_ctr" "ac_cv_func_EVP_aes_128_ctr" +if test "x$ac_cv_func_EVP_aes_128_ctr" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_EVP_AES_128_CTR 1 +_ACEOF + +fi +done + + LIBS="$save_LIBS" + + found_crypto="OpenSSL (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A})" +fi + if test "$ac_cv_libssl" = "yes"; then + OPENSSL_TRUE= + OPENSSL_FALSE='#' +else + OPENSSL_TRUE='#' + OPENSSL_FALSE= fi + # Look for libgcrypt -if test "$ac_cv_libssl" != "yes" && test "$use_libgcrypt" != "no"; then +if test "$found_crypto" = "none" && test "$use_libgcrypt" != "no"; then @@ -14474,20 +14841,14 @@ $as_echo "$LIBGCRYPT" >&6; } - LIBS="$LIBS -lgcrypt" -fi - - - -if test "$ac_cv_libssl" != "yes" && test "$ac_cv_libgcrypt" != "yes"; then - as_fn_error $? "cannot find OpenSSL or Libgcrypt, -try --with-libssl-prefix=PATH or --with-libgcrypt-prefix=PATH" "$LINENO" 5 fi - if test "$ac_cv_libgcrypt" = "yes"; then $as_echo "#define LIBSSH2_LIBGCRYPT 1" >>confdefs.h + LIBSREQUIRED= # libgcrypt doesn't provide a .pc file. sad face. + LIBS="$LIBS -lgcrypt" + found_crypto=libgcrypt fi if test "$ac_cv_libgcrypt" = "yes"; then LIBGCRYPT_TRUE= @@ -14498,26 +14859,8 @@ else fi -# Not all OpenSSL have AES-CTR functions. -if test "$ac_cv_libssl" = "yes"; then - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $LIBSSL" - for ac_func in EVP_aes_128_ctr -do : - ac_fn_c_check_func "$LINENO" "EVP_aes_128_ctr" "ac_cv_func_EVP_aes_128_ctr" -if test "x$ac_cv_func_EVP_aes_128_ctr" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_EVP_AES_128_CTR 1 -_ACEOF - -fi -done - - LDFLAGS="$save_LDFLAGS" -fi - -# Look for Libz -if test "$use_libz" != "no"; then +# Look for Windows Cryptography API: Next Generation +if test "$found_crypto" = "none" && test "$use_wincng" != "no"; then @@ -14542,9 +14885,9 @@ if test "$use_libz" != "no"; then prefix="$acl_save_prefix" -# Check whether --with-libz-prefix was given. -if test "${with_libz_prefix+set}" = set; then : - withval=$with_libz_prefix; +# Check whether --with-libbcrypt-prefix was given. +if test "${with_libbcrypt_prefix+set}" = set; then : + withval=$with_libbcrypt_prefix; if test "X$withval" = "Xno"; then use_additional=no else @@ -14569,14 +14912,14 @@ if test "${with_libz_prefix+set}" = set; then : fi - LIBZ= - LTLIBZ= - INCZ= - LIBZ_PREFIX= + LIBBCRYPT= + LTLIBBCRYPT= + INCBCRYPT= + LIBBCRYPT_PREFIX= rpathdirs= ltrpathdirs= names_already_handled= - names_next_round='z ' + names_next_round='bcrypt ' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= @@ -14595,9 +14938,9 @@ fi if test -n "$value"; then if test "$value" = yes; then eval value=\"\$LIB$uppername\" - test -z "$value" || LIBZ="${LIBZ}${LIBZ:+ }$value" + test -z "$value" || LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }$value" eval value=\"\$LTLIB$uppername\" - test -z "$value" || LTLIBZ="${LTLIBZ}${LTLIBZ:+ }$value" + test -z "$value" || LTLIBBCRYPT="${LTLIBBCRYPT}${LTLIBBCRYPT:+ }$value" else : fi @@ -14654,7 +14997,7 @@ fi fi fi if test "X$found_dir" = "X"; then - for x in $LDFLAGS $LTLIBZ; do + for x in $LDFLAGS $LTLIBBCRYPT; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" @@ -14713,10 +15056,10 @@ fi done fi if test "X$found_dir" != "X"; then - LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-L$found_dir -l$name" + LTLIBBCRYPT="${LTLIBBCRYPT}${LTLIBBCRYPT:+ }-L$found_dir -l$name" if test "X$found_so" != "X"; then if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then - LIBZ="${LIBZ}${LIBZ:+ }$found_so" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }$found_so" else haveit= for x in $ltrpathdirs; do @@ -14729,10 +15072,10 @@ fi ltrpathdirs="$ltrpathdirs $found_dir" fi if test "$acl_hardcode_direct" = yes; then - LIBZ="${LIBZ}${LIBZ:+ }$found_so" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }$found_so" else if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then - LIBZ="${LIBZ}${LIBZ:+ }$found_so" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }$found_so" haveit= for x in $rpathdirs; do if test "X$x" = "X$found_dir"; then @@ -14745,7 +15088,7 @@ fi fi else haveit= - for x in $LDFLAGS $LIBZ; do + for x in $LDFLAGS $LIBBCRYPT; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" @@ -14761,28 +15104,28 @@ fi fi done if test -z "$haveit"; then - LIBZ="${LIBZ}${LIBZ:+ }-L$found_dir" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }-L$found_dir" fi if test "$acl_hardcode_minus_L" != no; then - LIBZ="${LIBZ}${LIBZ:+ }$found_so" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }$found_so" else - LIBZ="${LIBZ}${LIBZ:+ }-l$name" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }-l$name" fi fi fi fi else if test "X$found_a" != "X"; then - LIBZ="${LIBZ}${LIBZ:+ }$found_a" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }$found_a" else - LIBZ="${LIBZ}${LIBZ:+ }-L$found_dir -l$name" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }-L$found_dir -l$name" fi fi additional_includedir= case "$found_dir" in */$acl_libdirstem | */$acl_libdirstem/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` - LIBZ_PREFIX="$basedir" + LIBBCRYPT_PREFIX="$basedir" additional_includedir="$basedir/include" ;; esac @@ -14797,7 +15140,7 @@ fi fi fi if test -z "$haveit"; then - for x in $CPPFLAGS $INCZ; do + for x in $CPPFLAGS $INCBCRYPT; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" @@ -14814,7 +15157,7 @@ fi done if test -z "$haveit"; then if test -d "$additional_includedir"; then - INCZ="${INCZ}${INCZ:+ }-I$additional_includedir" + INCBCRYPT="${INCBCRYPT}${INCBCRYPT:+ }-I$additional_includedir" fi fi fi @@ -14842,7 +15185,7 @@ fi fi if test -z "$haveit"; then haveit= - for x in $LDFLAGS $LIBZ; do + for x in $LDFLAGS $LIBBCRYPT; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" @@ -14859,11 +15202,11 @@ fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then - LIBZ="${LIBZ}${LIBZ:+ }-L$additional_libdir" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }-L$additional_libdir" fi fi haveit= - for x in $LDFLAGS $LTLIBZ; do + for x in $LDFLAGS $LTLIBBCRYPT; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" @@ -14880,7 +15223,7 @@ fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then - LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-L$additional_libdir" + LTLIBBCRYPT="${LTLIBBCRYPT}${LTLIBBCRYPT:+ }-L$additional_libdir" fi fi fi @@ -14918,15 +15261,15 @@ fi names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` ;; *) - LIBZ="${LIBZ}${LIBZ:+ }$dep" - LTLIBZ="${LTLIBZ}${LTLIBZ:+ }$dep" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }$dep" + LTLIBBCRYPT="${LTLIBBCRYPT}${LTLIBBCRYPT:+ }$dep" ;; esac done fi else - LIBZ="${LIBZ}${LIBZ:+ }-l$name" - LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-l$name" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }-l$name" + LTLIBBCRYPT="${LTLIBBCRYPT}${LTLIBBCRYPT:+ }-l$name" fi fi fi @@ -14942,27 +15285,27 @@ fi libdir="$alldirs" eval flag=\"$acl_hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" - LIBZ="${LIBZ}${LIBZ:+ }$flag" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }$flag" else for found_dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$found_dir" eval flag=\"$acl_hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" - LIBZ="${LIBZ}${LIBZ:+ }$flag" + LIBBCRYPT="${LIBBCRYPT}${LIBBCRYPT:+ }$flag" done fi fi if test "X$ltrpathdirs" != "X"; then for found_dir in $ltrpathdirs; do - LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-R$found_dir" + LTLIBBCRYPT="${LTLIBBCRYPT}${LTLIBBCRYPT:+ }-R$found_dir" done fi ac_save_CPPFLAGS="$CPPFLAGS" - for element in $INCZ; do + for element in $INCBCRYPT; do haveit= for x in $CPPFLAGS; do @@ -14985,17 +15328,20 @@ fi done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libz" >&5 -$as_echo_n "checking for libz... " >&6; } -if ${ac_cv_libz+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libbcrypt" >&5 +$as_echo_n "checking for libbcrypt... " >&6; } +if ${ac_cv_libbcrypt+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_LIBS="$LIBS" - LIBS="$LIBS $LIBZ" + LIBS="$LIBS $LIBBCRYPT" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include + + #include + #include + int main () { @@ -15005,25 +15351,1144 @@ main () } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_libz=yes + ac_cv_libbcrypt=yes else - ac_cv_libz=no + ac_cv_libbcrypt=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$ac_save_LIBS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libz" >&5 -$as_echo "$ac_cv_libz" >&6; } - if test "$ac_cv_libz" = yes; then - HAVE_LIBZ=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libbcrypt" >&5 +$as_echo "$ac_cv_libbcrypt" >&6; } + if test "$ac_cv_libbcrypt" = yes; then + HAVE_LIBBCRYPT=yes -$as_echo "#define HAVE_LIBZ 1" >>confdefs.h +$as_echo "#define HAVE_LIBBCRYPT 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libz" >&5 -$as_echo_n "checking how to link with libz... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBZ" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libbcrypt" >&5 +$as_echo_n "checking how to link with libbcrypt... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBBCRYPT" >&5 +$as_echo "$LIBBCRYPT" >&6; } + else + HAVE_LIBBCRYPT=no + CPPFLAGS="$ac_save_CPPFLAGS" + LIBBCRYPT= + LTLIBBCRYPT= + LIBBCRYPT_PREFIX= + fi + + + + + + + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libcrypt32-prefix was given. +if test "${with_libcrypt32_prefix+set}" = set; then : + withval=$with_libcrypt32_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + fi + fi + +fi + + LIBCRYPT32= + LTLIBCRYPT32= + INCCRYPT32= + LIBCRYPT32_PREFIX= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='crypt32 ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBCRYPT32="${LTLIBCRYPT32}${LTLIBCRYPT32:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBCRYPT32; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBCRYPT32="${LTLIBCRYPT32}${LTLIBCRYPT32:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBCRYPT32; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }$found_so" + else + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }$found_a" + else + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + LIBCRYPT32_PREFIX="$basedir" + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCCRYPT32; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCCRYPT32="${INCCRYPT32}${INCCRYPT32:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBCRYPT32; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBCRYPT32; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBCRYPT32="${LTLIBCRYPT32}${LTLIBCRYPT32:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }$dep" + LTLIBCRYPT32="${LTLIBCRYPT32}${LTLIBCRYPT32:+ }$dep" + ;; + esac + done + fi + else + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }-l$name" + LTLIBCRYPT32="${LTLIBCRYPT32}${LTLIBCRYPT32:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBCRYPT32="${LIBCRYPT32}${LIBCRYPT32:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBCRYPT32="${LTLIBCRYPT32}${LTLIBCRYPT32:+ }-R$found_dir" + done + fi + + + ac_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCCRYPT32; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libcrypt32" >&5 +$as_echo_n "checking for libcrypt32... " >&6; } +if ${ac_cv_libcrypt32+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS="$LIBS" + LIBS="$LIBS $LIBCRYPT32" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_libcrypt32=yes +else + ac_cv_libcrypt32=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$ac_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libcrypt32" >&5 +$as_echo "$ac_cv_libcrypt32" >&6; } + if test "$ac_cv_libcrypt32" = yes; then + HAVE_LIBCRYPT32=yes + +$as_echo "#define HAVE_LIBCRYPT32 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libcrypt32" >&5 +$as_echo_n "checking how to link with libcrypt32... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBCRYPT32" >&5 +$as_echo "$LIBCRYPT32" >&6; } + else + HAVE_LIBCRYPT32=no + CPPFLAGS="$ac_save_CPPFLAGS" + LIBCRYPT32= + LTLIBCRYPT32= + LIBCRYPT32_PREFIX= + fi + + + + + + + + for ac_header in ntdef.h ntstatus.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " + #include + +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + ac_fn_c_check_decl "$LINENO" "SecureZeroMemory" "ac_cv_have_decl_SecureZeroMemory" " + #include + +" +if test "x$ac_cv_have_decl_SecureZeroMemory" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SECUREZEROMEMORY $ac_have_decl +_ACEOF + +fi +if test "$ac_cv_libbcrypt" = "yes"; then + +$as_echo "#define LIBSSH2_WINCNG 1" >>confdefs.h + + LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face. + LIBS="$LIBS -lbcrypt" + if test "$ac_cv_libcrypt32" = "yes"; then + LIBS="$LIBS -lcrypt32" + fi + found_crypto="Windows Cryptography API: Next Generation" + if test "$ac_cv_have_decl_SecureZeroMemory" = "yes"; then + support_clear_memory=yes + fi +fi + if test "$ac_cv_libbcrypt" = "yes"; then + WINCNG_TRUE= + WINCNG_FALSE='#' +else + WINCNG_TRUE='#' + WINCNG_FALSE= +fi + + + if false; then + OS400QC3_TRUE= + OS400QC3_FALSE='#' +else + OS400QC3_TRUE='#' + OS400QC3_FALSE= +fi + + +# Check if crypto library was found +if test "$found_crypto" = "none"; then + as_fn_error $? "No crypto library found! +Try --with-libssl-prefix=PATH + or --with-libgcrypt-prefix=PATH + or --with-wincng on Windows\ +" "$LINENO" 5 +fi + +# Look for Libz +if test "$use_libz" != "no"; then + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libz-prefix was given. +if test "${with_libz_prefix+set}" = set; then : + withval=$with_libz_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + fi + fi + +fi + + LIBZ= + LTLIBZ= + INCZ= + LIBZ_PREFIX= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='z ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBZ="${LIBZ}${LIBZ:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBZ="${LTLIBZ}${LTLIBZ:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBZ; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then + LIBZ="${LIBZ}${LIBZ:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBZ="${LIBZ}${LIBZ:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBZ="${LIBZ}${LIBZ:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBZ; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBZ="${LIBZ}${LIBZ:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBZ="${LIBZ}${LIBZ:+ }$found_so" + else + LIBZ="${LIBZ}${LIBZ:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBZ="${LIBZ}${LIBZ:+ }$found_a" + else + LIBZ="${LIBZ}${LIBZ:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + LIBZ_PREFIX="$basedir" + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCZ; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCZ="${INCZ}${INCZ:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBZ; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBZ="${LIBZ}${LIBZ:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBZ; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBZ="${LIBZ}${LIBZ:+ }$dep" + LTLIBZ="${LTLIBZ}${LTLIBZ:+ }$dep" + ;; + esac + done + fi + else + LIBZ="${LIBZ}${LIBZ:+ }-l$name" + LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBZ="${LIBZ}${LIBZ:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBZ="${LIBZ}${LIBZ:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-R$found_dir" + done + fi + + + ac_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCZ; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libz" >&5 +$as_echo_n "checking for libz... " >&6; } +if ${ac_cv_libz+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS="$LIBS" + LIBS="$LIBS $LIBZ" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_libz=yes +else + ac_cv_libz=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$ac_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libz" >&5 +$as_echo "$ac_cv_libz" >&6; } + if test "$ac_cv_libz" = yes; then + HAVE_LIBZ=yes + +$as_echo "#define HAVE_LIBZ 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libz" >&5 +$as_echo_n "checking how to link with libz... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBZ" >&5 $as_echo "$LIBZ" >&6; } else HAVE_LIBZ=no @@ -15040,17 +16505,23 @@ $as_echo "$LIBZ" >&6; } if test "$ac_cv_libz" != yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: Cannot find libz, disabling compression" >&5 -$as_echo "$as_me: Cannot find libz, disabling compression" >&6;} + { $as_echo "$as_me:${as_lineno-$LINENO}: Cannot find zlib, disabling compression" >&5 +$as_echo "$as_me: Cannot find zlib, disabling compression" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: Try --with-libz-prefix=PATH if you know you have it" >&5 $as_echo "$as_me: Try --with-libz-prefix=PATH if you know you have it" >&6;} else $as_echo "#define LIBSSH2_HAVE_ZLIB 1" >>confdefs.h + if test "${LIBSREQUIRED}" != ""; then + LIBSREQUIRED="${LIBSREQUIRED}," + fi + LIBSREQUIRED="${LIBSREQUIRED}zlib" fi fi + + # # Optional Settings # @@ -15081,6 +16552,36 @@ $as_echo "#define LIBSSH2_DH_GEX_NEW 1" >>confdefs.h fi +# Check whether --enable-clear-memory was given. +if test "${enable_clear_memory+set}" = set; then : + enableval=$enable_clear_memory; CLEAR_MEMORY=$enableval +fi + +if test "$CLEAR_MEMORY" != "no"; then + if test "$support_clear_memory" = "yes"; then + +$as_echo "#define LIBSSH2_CLEAR_MEMORY 1" >>confdefs.h + + enable_clear_memory=yes + else + if test "$CLEAR_MEMORY" = "yes"; then + as_fn_error $? "secure clearing/zeroing of memory is not supported by the selected crypto backend" "$LINENO" 5 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: secure clearing/zeroing of memory is not supported by the selected crypto backend" >&5 +$as_echo "$as_me: WARNING: secure clearing/zeroing of memory is not supported by the selected crypto backend" >&2;} + fi + enable_clear_memory=unsupported + fi +else + if test "$support_clear_memory" = "yes"; then + enable_clear_memory=no + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: secure clearing/zeroing of memory is not supported by the selected crypto backend" >&5 +$as_echo "$as_me: WARNING: secure clearing/zeroing of memory is not supported by the selected crypto backend" >&2;} + enable_clear_memory=unsupported + fi +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable pedantic and debug compiler options" >&5 $as_echo_n "checking whether to enable pedantic and debug compiler options... " >&6; } # Check whether --enable-debug was given. @@ -16104,6 +17605,14 @@ if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +$as_echo_n "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +$as_echo "done" >&6; } if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' @@ -16129,10 +17638,22 @@ if test -z "${SSHD_TRUE}" && test -z "${SSHD_FALSE}"; then Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${OPENSSL_TRUE}" && test -z "${OPENSSL_FALSE}"; then + as_fn_error $? "conditional \"OPENSSL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${LIBGCRYPT_TRUE}" && test -z "${LIBGCRYPT_FALSE}"; then as_fn_error $? "conditional \"LIBGCRYPT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${WINCNG_TRUE}" && test -z "${WINCNG_FALSE}"; then + as_fn_error $? "conditional \"WINCNG\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${OS400QC3_TRUE}" && test -z "${OS400QC3_FALSE}"; then + as_fn_error $? "conditional \"OS400QC3\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${BUILD_EXAMPLES_TRUE}" && test -z "${BUILD_EXAMPLES_FALSE}"; then as_fn_error $? "conditional \"BUILD_EXAMPLES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -17618,7 +19139,7 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} case $ac_file$ac_mode in "depfiles":C) test x"$AMDEP_TRUE" != x"" || { - # Autoconf 2.62 quotes --file arguments for eval, but not when files + # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in @@ -17631,7 +19152,7 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. - # We used to match only the files named `Makefile.in', but + # We used to match only the files named 'Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. @@ -17665,21 +19186,19 @@ $as_echo X"$mf" | continue fi # Extract the definition of DEPDIR, am__include, and am__quote - # from the Makefile without running `make'. + # from the Makefile without running 'make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "am__include" && continue + test -z "$am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` - # When using ansi2knr, U may be empty or an underscore; expand it - U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ - sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do + sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || @@ -18392,11 +19911,12 @@ fi Compiler: ${CC} Compiler flags: ${CFLAGS} Library types: Shared=${enable_shared}, Static=${enable_static} - Crypto library: openssl: ${ac_cv_libssl:-no} (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A}) libgcrypt: ${ac_cv_libgcrypt:-no} + Crypto library: ${found_crypto} + Clear memory: $enable_clear_memory Debug build: $enable_debug Build examples: $build_examples Path to sshd: $ac_cv_path_SSHD (only for self-tests) - libz compression: $ac_cv_libz + zlib compression: $ac_cv_libz " >&5 $as_echo "$as_me: summary of build options: @@ -18406,9 +19926,10 @@ $as_echo "$as_me: summary of build options: Compiler: ${CC} Compiler flags: ${CFLAGS} Library types: Shared=${enable_shared}, Static=${enable_static} - Crypto library: openssl: ${ac_cv_libssl:-no} (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A}) libgcrypt: ${ac_cv_libgcrypt:-no} + Crypto library: ${found_crypto} + Clear memory: $enable_clear_memory Debug build: $enable_debug Build examples: $build_examples Path to sshd: $ac_cv_path_SSHD (only for self-tests) - libz compression: $ac_cv_libz + zlib compression: $ac_cv_libz " >&6;} diff --git a/vendor/libssh2/configure.ac b/vendor/libssh2/configure.ac index dfc6988908..d6bdab4a9c 100644 --- a/vendor/libssh2/configure.ac +++ b/vendor/libssh2/configure.ac @@ -2,8 +2,9 @@ AC_INIT(libssh2, [-], libssh2-devel@cool.haxx.se) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([src]) -AM_CONFIG_HEADER([src/libssh2_config.h example/libssh2_config.h]) +AC_CONFIG_HEADERS([src/libssh2_config.h example/libssh2_config.h]) AM_MAINTAINER_MODE +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) dnl SED is needed by some of the tools AC_PATH_PROG( SED, sed, sed-was-not-found-by-configure, @@ -83,59 +84,111 @@ dnl check for how to do large files AC_SYS_LARGEFILE # Configure parameters -AC_ARG_WITH(libgcrypt, - AC_HELP_STRING([--with-libgcrypt],[Use Libgcrypt for crypto]), - use_libgcrypt=$withval,use_libgcrypt=auto) AC_ARG_WITH(openssl, AC_HELP_STRING([--with-openssl],[Use OpenSSL for crypto]), use_openssl=$withval,use_openssl=auto) +AC_ARG_WITH(libgcrypt, + AC_HELP_STRING([--with-libgcrypt],[Use libgcrypt for crypto]), + use_libgcrypt=$withval,use_libgcrypt=auto) +AC_ARG_WITH(wincng, + AC_HELP_STRING([--with-wincng],[Use Windows CNG for crypto]), + use_wincng=$withval,use_wincng=auto) AC_ARG_WITH(libz, - AC_HELP_STRING([--with-libz],[Use Libz for compression]), + AC_HELP_STRING([--with-libz],[Use zlib for compression]), use_libz=$withval,use_libz=auto) -# Look for OpenSSL (default) -if test "$use_openssl" != "no" && test "$use_libgcrypt" != "yes"; then +found_crypto=none +support_clear_memory=no + +# Look for OpenSSL +if test "$found_crypto" = "none" && test "$use_openssl" != "no"; then AC_LIB_HAVE_LINKFLAGS([ssl], [crypto], [#include ]) +fi +if test "$ac_cv_libssl" = "yes"; then + AC_DEFINE(LIBSSH2_OPENSSL, 1, [Use OpenSSL]) LIBSREQUIRED=libssl,libcrypto + + # Not all OpenSSL have AES-CTR functions. + save_LIBS="$LIBS" + LIBS="$LIBS $LIBSSL" + AC_CHECK_FUNCS(EVP_aes_128_ctr) + LIBS="$save_LIBS" + + found_crypto="OpenSSL (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A})" fi +AM_CONDITIONAL(OPENSSL, test "$ac_cv_libssl" = "yes") # Look for libgcrypt -if test "$ac_cv_libssl" != "yes" && test "$use_libgcrypt" != "no"; then +if test "$found_crypto" = "none" && test "$use_libgcrypt" != "no"; then AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [#include ]) - LIBS="$LIBS -lgcrypt" -fi - -AC_SUBST(LIBSREQUIRED) - -if test "$ac_cv_libssl" != "yes" && test "$ac_cv_libgcrypt" != "yes"; then - AC_MSG_ERROR([cannot find OpenSSL or Libgcrypt, -try --with-libssl-prefix=PATH or --with-libgcrypt-prefix=PATH]) fi - if test "$ac_cv_libgcrypt" = "yes"; then AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use libgcrypt]) + LIBSREQUIRED= # libgcrypt doesn't provide a .pc file. sad face. + LIBS="$LIBS -lgcrypt" + found_crypto=libgcrypt fi AM_CONDITIONAL(LIBGCRYPT, test "$ac_cv_libgcrypt" = "yes") -# Not all OpenSSL have AES-CTR functions. -if test "$ac_cv_libssl" = "yes"; then - save_LDFLAGS="$LDFLAGS" - LDFLAGS="$LDFLAGS $LIBSSL" - AC_CHECK_FUNCS(EVP_aes_128_ctr) - LDFLAGS="$save_LDFLAGS" +# Look for Windows Cryptography API: Next Generation +if test "$found_crypto" = "none" && test "$use_wincng" != "no"; then + AC_LIB_HAVE_LINKFLAGS([bcrypt], [], [ + #include + #include + ]) + AC_LIB_HAVE_LINKFLAGS([crypt32], [], [ + #include + #include + ]) + AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [ + #include + ]) + AC_CHECK_DECLS([SecureZeroMemory], [], [], [ + #include + ]) +fi +if test "$ac_cv_libbcrypt" = "yes"; then + AC_DEFINE(LIBSSH2_WINCNG, 1, [Use Windows CNG]) + LIBSREQUIRED= # wincng doesn't provide a .pc file. sad face. + LIBS="$LIBS -lbcrypt" + if test "$ac_cv_libcrypt32" = "yes"; then + LIBS="$LIBS -lcrypt32" + fi + found_crypto="Windows Cryptography API: Next Generation" + if test "$ac_cv_have_decl_SecureZeroMemory" = "yes"; then + support_clear_memory=yes + fi +fi +AM_CONDITIONAL(WINCNG, test "$ac_cv_libbcrypt" = "yes") + +AM_CONDITIONAL(OS400QC3, false) + +# Check if crypto library was found +if test "$found_crypto" = "none"; then + AC_MSG_ERROR([No crypto library found! +Try --with-libssl-prefix=PATH + or --with-libgcrypt-prefix=PATH + or --with-wincng on Windows\ +]) fi # Look for Libz if test "$use_libz" != "no"; then AC_LIB_HAVE_LINKFLAGS([z], [], [#include ]) if test "$ac_cv_libz" != yes; then - AC_MSG_NOTICE([Cannot find libz, disabling compression]) + AC_MSG_NOTICE([Cannot find zlib, disabling compression]) AC_MSG_NOTICE([Try --with-libz-prefix=PATH if you know you have it]) else AC_DEFINE(LIBSSH2_HAVE_ZLIB, 1, [Compile in zlib support]) + if test "${LIBSREQUIRED}" != ""; then + LIBSREQUIRED="${LIBSREQUIRED}," + fi + LIBSREQUIRED="${LIBSREQUIRED}zlib" fi fi +AC_SUBST(LIBSREQUIRED) + # # Optional Settings # @@ -154,6 +207,30 @@ if test "$GEX_NEW" != "no"; then AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax]) fi +AC_ARG_ENABLE(clear-memory, + AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]), + [CLEAR_MEMORY=$enableval]) +if test "$CLEAR_MEMORY" != "no"; then + if test "$support_clear_memory" = "yes"; then + AC_DEFINE(LIBSSH2_CLEAR_MEMORY, 1, [Enable clearing of memory before being freed]) + enable_clear_memory=yes + else + if test "$CLEAR_MEMORY" = "yes"; then + AC_MSG_ERROR([secure clearing/zeroing of memory is not supported by the selected crypto backend]) + else + AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend]) + fi + enable_clear_memory=unsupported + fi +else + if test "$support_clear_memory" = "yes"; then + enable_clear_memory=no + else + AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend]) + enable_clear_memory=unsupported + fi +fi + dnl ************************************************************ dnl option to switch on compiler debug options dnl @@ -318,9 +395,10 @@ AC_MSG_NOTICE([summary of build options: Compiler: ${CC} Compiler flags: ${CFLAGS} Library types: Shared=${enable_shared}, Static=${enable_static} - Crypto library: openssl: ${ac_cv_libssl:-no} (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A}) libgcrypt: ${ac_cv_libgcrypt:-no} + Crypto library: ${found_crypto} + Clear memory: $enable_clear_memory Debug build: $enable_debug Build examples: $build_examples Path to sshd: $ac_cv_path_SSHD (only for self-tests) - libz compression: $ac_cv_libz + zlib compression: $ac_cv_libz ]) diff --git a/vendor/libssh2/AUTHORS b/vendor/libssh2/docs/AUTHORS similarity index 100% rename from vendor/libssh2/AUTHORS rename to vendor/libssh2/docs/AUTHORS diff --git a/vendor/libssh2/docs/CMakeLists.txt b/vendor/libssh2/docs/CMakeLists.txt new file mode 100644 index 0000000000..3e9d165ef8 --- /dev/null +++ b/vendor/libssh2/docs/CMakeLists.txt @@ -0,0 +1,206 @@ +# Copyright (c) 2014 Alexander Lamaison +# +# Redistribution and use in source and binary forms, +# with or without modification, are permitted provided +# that the following conditions are met: +# +# Redistributions of source code must retain the above +# copyright notice, this list of conditions and the +# following disclaimer. +# +# Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. +# +# Neither the name of the copyright holder nor the names +# of any other contributors may be used to endorse or +# promote products derived from this software without +# specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND +# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE +# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY +# OF SUCH DAMAGE. + +set(MAN_PAGES + libssh2_agent_connect.3 + libssh2_agent_disconnect.3 + libssh2_agent_free.3 + libssh2_agent_get_identity.3 + libssh2_agent_init.3 + libssh2_agent_list_identities.3 + libssh2_agent_userauth.3 + libssh2_banner_set.3 + libssh2_base64_decode.3 + libssh2_channel_close.3 + libssh2_channel_direct_tcpip.3 + libssh2_channel_direct_tcpip_ex.3 + libssh2_channel_eof.3 + libssh2_channel_exec.3 + libssh2_channel_flush.3 + libssh2_channel_flush_ex.3 + libssh2_channel_flush_stderr.3 + libssh2_channel_forward_accept.3 + libssh2_channel_forward_cancel.3 + libssh2_channel_forward_listen.3 + libssh2_channel_forward_listen_ex.3 + libssh2_channel_free.3 + libssh2_channel_get_exit_signal.3 + libssh2_channel_get_exit_status.3 + libssh2_channel_handle_extended_data.3 + libssh2_channel_handle_extended_data2.3 + libssh2_channel_ignore_extended_data.3 + libssh2_channel_open_ex.3 + libssh2_channel_open_session.3 + libssh2_channel_process_startup.3 + libssh2_channel_read.3 + libssh2_channel_read_ex.3 + libssh2_channel_read_stderr.3 + libssh2_channel_receive_window_adjust.3 + libssh2_channel_receive_window_adjust2.3 + libssh2_channel_request_pty.3 + libssh2_channel_request_pty_ex.3 + libssh2_channel_request_pty_size.3 + libssh2_channel_request_pty_size_ex.3 + libssh2_channel_send_eof.3 + libssh2_channel_set_blocking.3 + libssh2_channel_setenv.3 + libssh2_channel_setenv_ex.3 + libssh2_channel_shell.3 + libssh2_channel_subsystem.3 + libssh2_channel_wait_closed.3 + libssh2_channel_wait_eof.3 + libssh2_channel_window_read.3 + libssh2_channel_window_read_ex.3 + libssh2_channel_window_write.3 + libssh2_channel_window_write_ex.3 + libssh2_channel_write.3 + libssh2_channel_write_ex.3 + libssh2_channel_write_stderr.3 + libssh2_channel_x11_req.3 + libssh2_channel_x11_req_ex.3 + libssh2_exit.3 + libssh2_free.3 + libssh2_hostkey_hash.3 + libssh2_init.3 + libssh2_keepalive_config.3 + libssh2_keepalive_send.3 + libssh2_knownhost_add.3 + libssh2_knownhost_addc.3 + libssh2_knownhost_check.3 + libssh2_knownhost_checkp.3 + libssh2_knownhost_del.3 + libssh2_knownhost_free.3 + libssh2_knownhost_get.3 + libssh2_knownhost_init.3 + libssh2_knownhost_readfile.3 + libssh2_knownhost_readline.3 + libssh2_knownhost_writefile.3 + libssh2_knownhost_writeline.3 + libssh2_poll.3 + libssh2_poll_channel_read.3 + libssh2_publickey_add.3 + libssh2_publickey_add_ex.3 + libssh2_publickey_init.3 + libssh2_publickey_list_fetch.3 + libssh2_publickey_list_free.3 + libssh2_publickey_remove.3 + libssh2_publickey_remove_ex.3 + libssh2_publickey_shutdown.3 + libssh2_scp_recv.3 + libssh2_scp_recv2.3 + libssh2_scp_send.3 + libssh2_scp_send64.3 + libssh2_scp_send_ex.3 + libssh2_session_abstract.3 + libssh2_session_banner_get.3 + libssh2_session_banner_set.3 + libssh2_session_block_directions.3 + libssh2_session_callback_set.3 + libssh2_session_disconnect.3 + libssh2_session_disconnect_ex.3 + libssh2_session_flag.3 + libssh2_session_free.3 + libssh2_session_get_blocking.3 + libssh2_session_get_timeout.3 + libssh2_session_hostkey.3 + libssh2_session_init.3 + libssh2_session_init_ex.3 + libssh2_session_last_errno.3 + libssh2_session_last_error.3 + libssh2_session_set_last_error.3 + libssh2_session_method_pref.3 + libssh2_session_methods.3 + libssh2_session_set_blocking.3 + libssh2_session_set_timeout.3 + libssh2_session_startup.3 + libssh2_session_supported_algs.3 + libssh2_sftp_close.3 + libssh2_sftp_close_handle.3 + libssh2_sftp_closedir.3 + libssh2_sftp_fsetstat.3 + libssh2_sftp_fstat.3 + libssh2_sftp_fstat_ex.3 + libssh2_sftp_fstatvfs.3 + libssh2_sftp_fsync.3 + libssh2_sftp_get_channel.3 + libssh2_sftp_init.3 + libssh2_sftp_last_error.3 + libssh2_sftp_lstat.3 + libssh2_sftp_mkdir.3 + libssh2_sftp_mkdir_ex.3 + libssh2_sftp_open.3 + libssh2_sftp_open_ex.3 + libssh2_sftp_opendir.3 + libssh2_sftp_read.3 + libssh2_sftp_readdir.3 + libssh2_sftp_readdir_ex.3 + libssh2_sftp_readlink.3 + libssh2_sftp_realpath.3 + libssh2_sftp_rename.3 + libssh2_sftp_rename_ex.3 + libssh2_sftp_rewind.3 + libssh2_sftp_rmdir.3 + libssh2_sftp_rmdir_ex.3 + libssh2_sftp_seek.3 + libssh2_sftp_seek64.3 + libssh2_sftp_setstat.3 + libssh2_sftp_shutdown.3 + libssh2_sftp_stat.3 + libssh2_sftp_stat_ex.3 + libssh2_sftp_statvfs.3 + libssh2_sftp_symlink.3 + libssh2_sftp_symlink_ex.3 + libssh2_sftp_tell.3 + libssh2_sftp_tell64.3 + libssh2_sftp_unlink.3 + libssh2_sftp_unlink_ex.3 + libssh2_sftp_write.3 + libssh2_trace.3 + libssh2_trace_sethandler.3 + libssh2_userauth_authenticated.3 + libssh2_userauth_hostbased_fromfile.3 + libssh2_userauth_hostbased_fromfile_ex.3 + libssh2_userauth_keyboard_interactive.3 + libssh2_userauth_keyboard_interactive_ex.3 + libssh2_userauth_list.3 + libssh2_userauth_password.3 + libssh2_userauth_password_ex.3 + libssh2_userauth_publickey.3 + libssh2_userauth_publickey_fromfile.3 + libssh2_userauth_publickey_fromfile_ex.3 + libssh2_version.3) + +include(GNUInstallDirs) +install(FILES ${MAN_PAGES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man3) diff --git a/vendor/libssh2/HACKING b/vendor/libssh2/docs/HACKING similarity index 100% rename from vendor/libssh2/HACKING rename to vendor/libssh2/docs/HACKING diff --git a/vendor/libssh2/docs/HACKING.CRYPTO b/vendor/libssh2/docs/HACKING.CRYPTO new file mode 100644 index 0000000000..a8a6a0618b --- /dev/null +++ b/vendor/libssh2/docs/HACKING.CRYPTO @@ -0,0 +1,593 @@ + Definitions needed to implement a specific crypto library + +This document offers some hints about implementing a new crypto library +interface. + +A crypto library interface consists of at least a header file, defining +entities referenced from the libssh2 core modules. +Real code implementation (if needed), is left at the implementor's choice. + +This document lists the entities that must/may be defined in the header file. + +Procedures listed as "void" may indeed have a result type: the void indication +indicates the libssh2 core modules never use the function result. + + +1) Crypto library initialization/termination. + +void libssh2_crypto_init(void); +Initializes the crypto library. May be an empty macro if not needed. + +void libssh2_crypto_exit(void); +Terminates the crypto library use. May be an empty macro if not needed. + + +2) HMAC + +libssh2_hmac_ctx +Type of an HMAC computation context. Generally a struct. +Used for all hash algorithms. + +void libssh2_hmac_ctx_init(libssh2_hmac_ctx ctx); +Initializes the HMAC computation context ctx. +Called before setting-up the hash algorithm. +Note: if the ctx parameter is modified by the underlying code, +this procedure must be implemented as a macro to map ctx --> &ctx. + +void libssh2_hmac_update(libssh2_hmac_ctx ctx, + const unsigned char *data, + int datalen); +Continue computation of an HMAC on datalen bytes at data using context ctx. +Note: if the ctx parameter is modified by the underlying code, +this procedure must be implemented as a macro to map ctx --> &ctx. + +void libssh2_hmac_final(libssh2_hmac_ctx ctx, + unsigned char output[]); +Get the computed HMAC from context ctx into the output buffer. The +minimum data buffer size depends on the HMAC hash algorithm. +Note: if the ctx parameter is modified by the underlying code, +this procedure must be implemented as a macro to map ctx --> &ctx. + +void libssh2_hmac_cleanup(libssh2_hmac_ctx *ctx); +Releases the HMAC computation context at ctx. + + +3) Hash algorithms. + +3.1) SHA-1 +Must always be implemented. + +SHA_DIGEST_LENGTH +#define to 20, the SHA-1 digest length. + +libssh2_sha1_ctx +Type of an SHA1 computation context. Generally a struct. + +int libssh2_sha1_init(libssh2_sha1_ctx *x); +Initializes the SHA-1 computation context at x. +Returns 1 for success and 0 for failure + +void libssh2_sha1_update(libssh2_sha1_ctx ctx, + const unsigned char *data, + size_t len); +Continue computation of SHA-1 on len bytes at data using context ctx. +Note: if the ctx parameter is modified by the underlying code, +this procedure must be implemented as a macro to map ctx --> &ctx. + +void libssh2_sha1_final(libssh2_sha1_ctx ctx, + unsigned char output[SHA1_DIGEST_LEN]); +Get the computed SHA-1 signature from context ctx and store it into the +output buffer. +Release the context. +Note: if the ctx parameter is modified by the underlying code, +this procedure must be implemented as a macro to map ctx --> &ctx. + +void libssh2_hmac_sha1_init(libssh2_hmac_ctx *ctx, + const void *key, + int keylen); +Setup the HMAC computation context ctx for an HMAC-SHA-1 computation using the +keylen-byte key. Is invoked just after libssh2_hmac_ctx_init(). + +3.2) SHA-256 +Must always be implemented. + +SHA256_DIGEST_LENGTH +#define to 32, the SHA-256 digest length. + +libssh2_sha256_ctx +Type of an SHA-256 computation context. Generally a struct. + +int libssh2_sha256_init(libssh2_sha256_ctx *x); +Initializes the SHA-256 computation context at x. +Returns 1 for success and 0 for failure + +void libssh2_sha256_update(libssh2_sha256_ctx ctx, + const unsigned char *data, + size_t len); +Continue computation of SHA-256 on len bytes at data using context ctx. +Note: if the ctx parameter is modified by the underlying code, +this procedure must be implemented as a macro to map ctx --> &ctx. + +void libssh2_sha256_final(libssh2_sha256_ctx ctx, + unsigned char output[SHA256_DIGEST_LENGTH]); +Gets the computed SHA-256 signature from context ctx into the output buffer. +Release the context. +Note: if the ctx parameter is modified by the underlying code, +this procedure must be implemented as a macro to map ctx --> &ctx. + +int libssh2_sha256(const unsigned char *message, + unsigned long len, + unsigned char output[SHA256_DIGEST_LENGTH]); +Computes the SHA-256 signature over the given message of length len and +store the result into the output buffer. +Return 1 if error, else 0. +Note: Seems unused in current code, but defined in each crypto library backend. + +LIBSSH2_HMAC_SHA256 +#define as 1 if the crypto library supports HMAC-SHA-256, else 0. +If defined as 0, the rest of this section can be omitted. + +void libssh2_hmac_sha256_init(libssh2_hmac_ctx *ctx, + const void *key, + int keylen); +Setup the HMAC computation context ctx for an HMAC-256 computation using the +keylen-byte key. Is invoked just after libssh2_hmac_ctx_init(). + +3.3) SHA-512 +LIBSSH2_HMAC_SHA512 +#define as 1 if the crypto library supports HMAC-SHA-512, else 0. +If defined as 0, the rest of this section can be omitted. + +SHA512_DIGEST_LENGTH +#define to 64, the SHA-512 digest length. + +void libssh2_hmac_sha512_init(libssh2_hmac_ctx *ctx, + const void *key, + int keylen); +Setup the HMAC computation context ctx for an HMAC-512 computation using the +keylen-byte key. Is invoked just after libssh2_hmac_ctx_init(). + +3.4) MD5 +LIBSSH2_MD5 +#define to 1 if the crypto library supports MD5, else 0. +If defined as 0, the rest of this section can be omitted. + +MD5_DIGEST_LENGTH +#define to 16, the MD5 digest length. + +libssh2_md5_ctx +Type of an MD5 computation context. Generally a struct. + +int libssh2_md5_init(libssh2_md5_ctx *x); +Initializes the MD5 computation context at x. +Returns 1 for success and 0 for failure + +void libssh2_md5_update(libssh2_md5_ctx ctx, + const unsigned char *data, + size_t len); +Continues computation of MD5 on len bytes at data using context ctx. +Returns 1 for success and 0 for failure. +Note: if the ctx parameter is modified by the underlying code, +this procedure must be implemented as a macro to map ctx --> &ctx. + +void libssh2_md5_final(libssh2_md5_ctx ctx, + unsigned char output[MD5_DIGEST_LENGTH]); +Gets the computed MD5 signature from context ctx into the output buffer. +Release the context. +Note: if the ctx parameter is modified by the underlying code, +this procedure must be implemented as a macro to map ctx --> &ctx. + +void libssh2_hmac_md5_init(libssh2_hmac_ctx *ctx, + const void *key, + int keylen); +Setup the HMAC computation context ctx for an HMAC-MD5 computation using the +keylen-byte key. Is invoked just after libssh2_hmac_ctx_init(). + +3.5) RIPEMD-160 +LIBSSH2_HMAC_RIPEMD +#define as 1 if the crypto library supports HMAC-RIPEMD-160, else 0. +If defined as 0, the rest of this section can be omitted. + +void libssh2_hmac_ripemd160_init(libssh2_hmac_ctx *ctx, + const void *key, + int keylen); +Setup the HMAC computation context ctx for an HMAC-RIPEMD-160 computation using +the keylen-byte key. Is invoked just after libssh2_hmac_ctx_init(). +Returns 1 for success and 0 for failure. + + +4) Bidirectional Key ciphers. + +_libssh2_cipher_ctx +Type of a cipher computation context. + +_libssh2_cipher_type(name); +Macro defining name as storage identifying a cipher algorithm for +the crypto library interface. No trailing semicolon. + +int _libssh2_cipher_init(_libssh2_cipher_ctx *h, + _libssh2_cipher_type(algo), + unsigned char *iv, + unsigned char *secret, + int encrypt); +Creates a cipher context for the given algorithm with the initialization vector +iv and the secret key secret. Prepare for encryption or decryption depending on +encrypt. +Return 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx, + _libssh2_cipher_type(algo), + int encrypt, + unsigned char *block, + size_t blocksize); +Encrypt or decrypt in-place data at (block, blocksize) using the given +context and/or algorithm. +Return 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +void _libssh2_cipher_dtor(_libssh2_cipher_ctx *ctx); +Release cipher context at ctx. + +4.1) AES +4.1.1) AES in CBC block mode. +LIBSSH2_AES +#define as 1 if the crypto library supports AES in CBC mode, else 0. +If defined as 0, the rest of this section can be omitted. + +_libssh2_cipher_aes128 +AES-128-CBC algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + +_libssh2_cipher_aes192 +AES-192-CBC algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + +_libssh2_cipher_aes256 +AES-256-CBC algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + +4.1.2) AES in CTR block mode. +LIBSSH2_AES_CTR +#define as 1 if the crypto library supports AES in CTR mode, else 0. +If defined as 0, the rest of this section can be omitted. + +void _libssh2_init_aes_ctr(void); +Initialize static AES CTR ciphers. +This procedure is already prototyped in crypto.h. + +_libssh2_cipher_aes128ctr +AES-128-CTR algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + +_libssh2_cipher_aes192ctr +AES-192-CTR algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + +_libssh2_cipher_aes256ctr +AES-256-CTR algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + +4.2) Blowfish in CBC block mode. +LIBSSH2_BLOWFISH +#define as 1 if the crypto library supports blowfish in CBC mode, else 0. +If defined as 0, the rest of this section can be omitted. + +_libssh2_cipher_blowfish +Blowfish-CBC algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + +4.3) RC4. +LIBSSH2_RC4 +#define as 1 if the crypto library supports RC4 (arcfour), else 0. +If defined as 0, the rest of this section can be omitted. + +_libssh2_cipher_arcfour +RC4 algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + +4.4) CAST5 in CBC block mode. +LIBSSH2_CAST +#define 1 if the crypto library supports cast, else 0. +If defined as 0, the rest of this section can be omitted. + +_libssh2_cipher_cast5 +CAST5-CBC algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + +4.5) Tripple DES in CBC block mode. +LIBSSH2_3DES +#define as 1 if the crypto library supports TripleDES in CBC mode, else 0. +If defined as 0, the rest of this section can be omitted. + +_libssh2_cipher_3des +TripleDES-CBC algorithm identifier initializer. +#define with constant value of type _libssh2_cipher_type(). + + +5) Big numbers. +Positive multi-byte integers support is sufficient. + +5.1) Computation contexts. +This has a real meaning if the big numbers computations need some context +storage. If not, use a dummy type and functions (macros). + +_libssh2_bn_ctx +Type of multiple precision computation context. May not be empty. if not used, +#define as char, for example. + +libssh2_bn_ctx _libssh2_bn_ctx_new(void); +Returns a new multiple precision computation context. + +void _libssh2_bn_ctx_free(_libssh2_bn_ctx ctx); +Releases a multiple precision computation context. + +5.2) Computation support. +_libssh2_bn +Type of multiple precision numbers (aka bignumbers or huge integers) for the +crypto library. + +_libssh2_bn * _libssh2_bn_init(void); +Creates a multiple precision number (preset to zero). + +_libssh2_bn * _libssh2_bn_init_from_bin(void); +Create a multiple precision number intended to be set by the +_libssh2_bn_from_bin() function (see below). Unlike _libssh2_bn_init(), this +code may be a dummy initializer if the _libssh2_bn_from_bin() actually +allocates the number. Returns a value of type _libssh2_bn *. + +void _libssh2_bn_free(_libssh2_bn *bn); +Destroys the multiple precision number at bn. + +unsigned long _libssh2_bn_bytes(libssh2_bn *bn); +Get the number of bytes needed to store the bits of the multiple precision +number at bn. + +unsigned long _libssh2_bn_bits(_libssh2_bn *bn); +Returns the number of bits of multiple precision number at bn. + +int _libssh2_bn_set_word(_libssh2_bn *bn, unsigned long val); +Sets the value of bn to val. +Returns 1 on success, 0 otherwise. + +_libssh2_bn * _libssh2_bn_from_bin(_libssh2_bn *bn, int len, + const unsigned char *val); +Converts the positive integer in big-endian form of length len at val +into a _libssh2_bn and place it in bn. If bn is NULL, a new _libssh2_bn is +created. +Returns a pointer to target _libssh2_bn or NULL if error. + +int _libssh2_bn_to_bin(_libssh2_bn *bn, unsigned char *val); +Converts the absolute value of bn into big-endian form and store it at +val. val must point to _libssh2_bn_bytes(bn) bytes of memory. +Returns the length of the big-endian number. + +void _libssh2_bn_rand(_libssh2_bn *bn, int bits, int top, int bottom); +Generates a cryptographically strong pseudo-random number of bits in +length and stores it in bn. If top is -1, the most significant bit of the +random number can be zero. If top is 0, it is set to 1, and if top is 1, the +two most significant bits of the number will be set to 1, so that the product +of two such random numbers will always have 2*bits length. If bottom is true, +the number will be odd. + +void _libssh2_bn_mod_exp(_libssh2_bn *r, _libssh2_bn *a, + _libssh2_bn *p, _libssh2_bn *m, + _libssh2_bn_ctx *ctx); +Computes a to the p-th power modulo m and stores the result into r (r=a^p % m). +May use the given context. + + +6) Private key algorithms. +Format of an RSA public key: +a) "ssh-rsa". +b) RSA exponent, MSB first, with high order bit = 0. +c) RSA modulus, MSB first, with high order bit = 0. +Each item is preceded by its 32-bit byte length, MSB first. + +Format of a DSA public key: +a) "ssh-dss". +b) p, MSB first, with high order bit = 0. +c) q, MSB first, with high order bit = 0. +d) g, MSB first, with high order bit = 0. +e) pub_key, MSB first, with high order bit = 0. +Each item is preceded by its 32-bit byte length, MSB first. + +int _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session, + unsigned char **method, + size_t *method_len, + unsigned char **pubkeydata, + size_t *pubkeydata_len, + const char *privatekey, + const char *passphrase); +Reads a private key from file privatekey and extract the public key --> +(pubkeydata, pubkeydata_len). Store the associated method (ssh-rsa or ssh-dss) +into (method, method_len). +Both buffers have to be allocated using LIBSSH2_ALLOC(). +Returns 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +int _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session, + unsigned char **method, + size_t *method_len, + unsigned char **pubkeydata, + size_t *pubkeydata_len, + const char *privatekeydata, + size_t privatekeydata_len, + const char *passphrase); +Gets a private key from bytes at (privatekeydata, privatekeydata_len) and +extract the public key --> (pubkeydata, pubkeydata_len). Store the associated +method (ssh-rsa or ssh-dss) into (method, method_len). +Both buffers have to be allocated using LIBSSH2_ALLOC(). +Returns 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +6.1) RSA +LIBSSH2_RSA +#define as 1 if the crypto library supports RSA, else 0. +If defined as 0, the rest of this section can be omitted. + +libssh2_rsa_ctx +Type of an RSA computation context. Generally a struct. + +int _libssh2_rsa_new(libssh2_rsa_ctx **rsa, + const unsigned char *edata, + unsigned long elen, + const unsigned char *ndata, + unsigned long nlen, + const unsigned char *ddata, + unsigned long dlen, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *e1data, + unsigned long e1len, + const unsigned char *e2data, + unsigned long e2len, + const unsigned char *coeffdata, unsigned long coefflen); +Creates a new context for RSA computations from key source values: + pdata, plen Prime number p. Only used if private key known (ddata). + qdata, qlen Prime number q. Only used if private key known (ddata). + ndata, nlen Modulus n. + edata, elen Exponent e. + ddata, dlen e^-1 % phi(n) = private key. May be NULL if unknown. + e1data, e1len dp = d % (p-1). Only used if private key known (dtata). + e2data, e2len dq = d % (q-1). Only used if private key known (dtata). + coeffdata, coefflen q^-1 % p. Only used if private key known. +Returns 0 if OK. +This procedure is already prototyped in crypto.h. +Note: the current generic code only calls this function with e and n (public +key parameters): unless used internally by the backend, it is not needed to +support the private key and the other parameters here. + +int _libssh2_rsa_new_private(libssh2_rsa_ctx **rsa, + LIBSSH2_SESSION *session, + const char *filename, + unsigned const char *passphrase); +Reads an RSA private key from file filename into a new RSA context. +Must call _libssh2_init_if_needed(). +Return 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa, + LIBSSH2_SESSION *session, + const char *data, + size_t data_len, + unsigned const char *passphrase); +Gets an RSA private key from data into a new RSA context. +Must call _libssh2_init_if_needed(). +Return 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, unsigned long m_len); +Verify (sig, siglen) signature of (m, m_len) using an SHA-1 hash and the +RSA context. +Return 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +int _libssh2_rsa_sha1_signv(LIBSSH2_SESSION *session, + unsigned char **sig, size_t *siglen, + int count, const struct iovec vector[], + libssh2_rsa_ctx *ctx); +RSA signs the SHA-1 hash computed over the count data chunks in vector. +Signature is stored at (sig, siglen). +Signature buffer must be allocated from the given session. +Returns 0 if OK, else -1. +Note: this procedure is optional: if provided, it MUST be defined as a macro. + +int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session, + libssh2_rsa_ctx *rsactx, + const unsigned char *hash, + size_t hash_len, + unsigned char **signature, + size_t *signature_len); +RSA signs the (hash, hashlen) SHA-1 hash bytes and stores the allocated +signature at (signature, signature_len). +Signature buffer must be allocated from the given session. +Returns 0 if OK, else -1. +This procedure is already prototyped in crypto.h. +Note: this procedure is not used if macro _libssh2_rsa_sha1_signv() is defined. + +void _libssh2_rsa_free(libssh2_rsa_ctx *rsactx); +Releases the RSA computation context at rsactx. + + +6.2) DSA +LIBSSH2_DSA +#define as 1 if the crypto library supports DSA, else 0. +If defined as 0, the rest of this section can be omitted. + + +libssh2_dsa_ctx +Type of a DSA computation context. Generally a struct. + +int _libssh2_dsa_new(libssh2_dsa_ctx **dsa, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *gdata, + unsigned long glen, + const unsigned char *ydata, + unsigned long ylen, + const unsigned char *x, unsigned long x_len); +Creates a new context for DSA computations from source key values: + pdata, plen Prime number p. Only used if private key known (ddata). + qdata, qlen Prime number q. Only used if private key known (ddata). + gdata, glen G number. + ydata, ylen Public key. + xdata, xlen Private key. Only taken if xlen non-zero. +Returns 0 if OK. +This procedure is already prototyped in crypto.h. + +int _libssh2_dsa_new_private(libssh2_dsa_ctx **dsa, + LIBSSH2_SESSION *session, + const char *filename, + unsigned const char *passphrase); +Gets a DSA private key from file filename into a new DSA context. +Must call _libssh2_init_if_needed(). +Return 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +int _libssh2_dsa_new_private_frommemory(libssh2_dsa_ctx **dsa, + LIBSSH2_SESSION *session, + const char *data, + size_t data_len, + unsigned const char *passphrase); +Gets a DSA private key from the data_len-bytes data into a new DSA context. +Must call _libssh2_init_if_needed(). +Returns 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx, + const unsigned char *sig, + const unsigned char *m, unsigned long m_len); +Verify (sig, siglen) signature of (m, m_len) using an SHA1 hash and the +DSA context. +Returns 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx, + const unsigned char *hash, + unsigned long hash_len, unsigned char *sig); +DSA signs the (hash, hash_len) data using SHA-1 and store the signature at sig. +Returns 0 if OK, else -1. +This procedure is already prototyped in crypto.h. + +void _libssh2_dsa_free(libssh2_dsa_ctx *dsactx); +Releases the DSA computation context at dsactx. + + +7) Miscellaneous + +void libssh2_prepare_iovec(struct iovec *vector, unsigned int len); +Prepare len consecutive iovec slots before using them. +In example, this is needed to preset unused structure slacks on platforms +requiring it. +If this is not needed, it should be defined as an empty macro. + +void _libssh2_random(unsigned char *buf, int len); +Store len random bytes at buf. diff --git a/vendor/libssh2/INSTALL b/vendor/libssh2/docs/INSTALL_AUTOTOOLS similarity index 77% rename from vendor/libssh2/INSTALL rename to vendor/libssh2/docs/INSTALL_AUTOTOOLS index 23e5f25d0e..bc5a0eb25a 100644 --- a/vendor/libssh2/INSTALL +++ b/vendor/libssh2/docs/INSTALL_AUTOTOOLS @@ -234,3 +234,92 @@ configuration-related scripts to be executed by `/bin/bash'. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. +More configure options +====================== + +Some ./configure options deserve additional comments: + + * --enable-crypt-none + + The SSH2 Transport allows for unencrypted data + transmission using the "none" cipher. Because this is + such a huge security hole, it is typically disabled on + SSH2 implementations and is disabled in libssh2 by + default as well. + + Enabling this option will allow for "none" as a + negotiable method, however it still requires that the + method be advertized by the remote end and that no + more-preferable methods are available. + + * --enable-mac-none + + The SSH2 Transport also allows implementations to + forego a message authentication code. While this is + less of a security risk than using a "none" cipher, it + is still not recommended as disabling MAC hashes + removes a layer of security. + + Enabling this option will allow for "none" as a + negotiable method, however it still requires that the + method be advertized by the remote end and that no + more-preferable methods are available. + + * --disable-gex-new + + The diffie-hellman-group-exchange-sha1 (dh-gex) key + exchange method originally defined an exchange + negotiation using packet type 30 to request a + generation pair based on a single target value. Later + refinement of dh-gex provided for range and target + values. By default libssh2 will use the newer range + method. + + If you experience trouble connecting to an old SSH + server using dh-gex, try this option to fallback on + the older more reliable method. + + * --with-libgcrypt + * --without-libgcrypt + * --with-libgcrypt-prefix=DIR + + libssh2 can use the Libgcrypt library + (http://www.gnupg.org/) for cryptographic operations. + Either Libgcrypt or OpenSSL is required. + + Configure will attempt to locate Libgcrypt + automatically. + + If your installation of Libgcrypt is in another + location, specify it using --with-libgcrypt-prefix. + + * --with-openssl + * --without-openssl + * --with-libssl-prefix=[DIR] + + libssh2 can use the OpenSSL library + (http://www.openssl.org) for cryptographic operations. + Either Libgcrypt or OpenSSL is required. + + Configure will attempt to locate OpenSSL in the + default location. + + If your installation of OpenSSL is in another + location, specify it using --with-libssl-prefix. + + * --with-libz + * --without-libz + * --with-libz-prefix=[DIR] + + If present, libssh2 will attempt to use the zlib + (http://www.zlib.org) for payload compression, however + zlib is not required. + + If your installation of Libz is in another location, + specify it using --with-libz-prefix. + + * --enable-debug + + Will make the build use more pedantic and strict compiler + options as well as enable the libssh2_trace() function (for + showing debug traces). diff --git a/vendor/libssh2/docs/INSTALL_CMAKE b/vendor/libssh2/docs/INSTALL_CMAKE new file mode 100644 index 0000000000..7040370590 --- /dev/null +++ b/vendor/libssh2/docs/INSTALL_CMAKE @@ -0,0 +1,174 @@ +License: see COPYING + +Source code: https://github.com/libssh2/libssh2 + +Web site source code: https://github.com/libssh2/www + +Installation instructions are in docs/INSTALL +======= +To build libssh2 you will need CMake v2.8 or later [1] and one of the +following cryptography libraries: + +* OpenSSL +* Libgcrypt +* WinCNG + +Getting started +--------------- + +If you are happy with the default options, make a new build directory, +change to it, configure the build environment and build the project: + + mkdir bin + cd bin + cmake .. + cmake --build . + +libssh2 will be built as a static library and will use any +cryptography library available. The library binary will be put in +`bin/src`, with the examples in `bin/example` and the tests in +`bin/tests`. + +Customising the build +--------------------- + +Of course, you might want to customise the build options. You can +pass the options to CMake on the command line: + + cmake -D