| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bump PKGREVISION
|
|
Bump PKGREVISION.
|
|
its buildlink3.mk now includes openssl's buildlink3.mk
|
|
version 0.9.6 (released 2021-08-26)
* CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with
different key exchange mechanism
* Fix several memory leaks on error paths
* Reset pending_call_state on disconnect
* Fix handshake bug with AEAD ciphers and no HMAC overlap
* Use OPENSSL_CRYPTO_LIBRARIES in CMake
* Ignore request success and failure message if they are not expected
* Support more identity files in configuration
* Avoid setting compiler flags directly in CMake
* Support build directories with special characters
* Include stdlib.h to avoid crash in Windows
* Fix sftp_new_channel constructs an invalid object
* Fix Ninja multiple rules error
* Several tests fixes
|
|
version 0.9.5 (released 2020-XX-XX)
* CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
* Improve handling of library initialization (T222)
* Fix parsing of subsecond times in SFTP (T219)
* Make the documentation reproducible
* Remove deprecated API usage in OpenSSL
* Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
* Define version in one place (T226)
* Prevent invalid free when using different C runtimes than OpenSSL (T229)
* Compatibility improvements to testsuite
|
|
They don't get installed and at least one of them doesn't like
NetBSD 8.
Bump PKGREVISION
|
|
version 0.9.4 (released 2020-04-09)
* Fixed CVE-2020-1730 - Possible DoS in client and server when handling
AES-CTR keys with OpenSSL
* Added diffie-hellman-group14-sha256
* Fixed serveral possible memory leaks
|
|
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
|
|
|
|
version 0.9.3 (released 2019-12-10)
* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer
|
|
From Joern Clausen in PR pkg/54694.
|
|
|
|
version 0.9.2 (released 2019-11-07)
* Fixed libssh-config.cmake
* Fixed issues with rsa algorithm negotiation (T191)
* Fixed detection of OpenSSL ed25519 support (T197)
|
|
version 0.9.1 (released 2019-10-25)
* Added support for Ed25519 via OpenSSL
* Added support for X25519 via OpenSSL
* Added support for localuser in Match keyword
* Fixed Match keyword to be case sensitive
* Fixed compilation with LibreSSL
* Fixed error report of channel open (T75)
* Fixed sftp documentation (T137)
* Fixed known_hosts parsing (T156)
* Fixed build issue with MinGW (T157)
* Fixed build with gcc 9 (T164)
* Fixed deprecation issues (T165)
* Fixed known_hosts directory creation (T166)
|
|
ChangeLog
Added support for AES-GCM
Added improved rekeying support
Added performance improvements
Disabled blowfish support by default
Fixed several ssh config parsing issues
Added support for DH Group Exchange KEX
Added support for Encrypt-then-MAC mode
Added support for parsing server side configuration file
Added support for ECDSA/Ed25519 certificates
Added FIPS 140-2 compatibility
Improved known_hosts parsing
Improved documentation
Improved OpenSSL API usage for KEX, DH, KDF and signatures
|
|
version 0.8.7 (released 2019-02-25)
* Fixed handling extension flags in the server implementation
* Fixed exporting ed25519 private keys
* Fixed corner cases for rsa-sha2 signatures
* Fixed some issues with connector
|
|
version 0.8.6 (released 2018-12-24)
* Fixed compilation issues with different OpenSSL versions
* Fixed StrictHostKeyChecking in new knownhosts API
* Fixed ssh_send_keepalive() with packet filter
* Fixed possible crash with knownhosts options
* Fixed issus with rekeying
* Fixed strong ECDSA keys
* Fixed some issues with rsa-sha2 extentions
* Fixed access violation in ssh_init() (static linking)
* Fixed ssh_channel_close() handling
|
|
Fix build on NetBSD by removing -Werror=strict-overflow.
Bump PKGREVISION.
|
|
version 0.8.5:
* Added support to get known_hosts locations with ssh_options_get()
* Fixed preferred algorithm for known hosts negotiations
* Fixed KEX with some server implementations (e.g. Cisco)
* Fixed issues with MSVC
* Fixed keyboard-interactive auth in server mode
(regression from CVE-2018-10933)
* Fixed gssapi auth in server mode (regression from CVE-2018-10933)
* Fixed socket fd handling with proxy command
* Fixed a memory leak with OpenSSL
version 0.8.4:
* Fixed CVE-2018-10933
* Fixed building without globbing support
* Fixed possible memory leaks
* Avoid SIGPIPE on sockets
version 0.8.3:
* Added support for rsa-sha2
* Added support to parse private keys in openssh container format
(other than ed25519)
* Added support for diffie-hellman-group18-sha512 and
diffie-hellman-group16-sha512
* Added ssh_get_fingerprint_hash()
* Added ssh_pki_export_privkey_base64()
* Added support for Match keyword in config file
* Improved performance and reduced memory footprint for sftp
* Fixed ecdsa publickey auth
* Fixed reading a closed channel
* Added support to announce posix-rename@openssh.com and
hardlink@openssh.com in the sftp server
version 0.8.2:
* Added sha256 fingerprints for pubkeys
* Improved compiler flag detection
* Fixed race condition in reading sftp messages
* Fixed doxygen generation and added modern style
* Fixed library initialization on Windows
* Fixed __bounded__ attribute detection
* Fixed a bug in the options parser
* Fixed documentation for new knwon_hosts API
version 0.8.1:
* Fixed version number in the header
* Fixed version number in pkg-config and cmake config
* Fixed library initialization
* Fixed attribute detection
version 0.8.0:
* Removed support for deprecated SSHv1 protocol
* Added new connector API for clients
* Added new known_hosts parsing API
* Added support for OpenSSL 1.1
* Added support for chacha20-poly1305 cipher
* Added crypto backend for mbedtls crypto library
* Added ECDSA support with gcrypt backend
* Added advanced client and server testing using cwrap.org
* Added support for curve25519-sha256 alias
* Added support for global known_hosts file
* Added support for symbol versioning
* Improved ssh_config parsing
* Improved threading support
|
|
version 0.7.6 (released 2018-10-16)
* Fixed CVE-2018-10933
* Added support for OpenSSL 1.1
* Added SHA256 support for ssh_get_publickey_hash()
* Fixed config parsing
* Fixed random memory corruption when importing pubkeys
version 0.7.5 (released 2017-04-13)
* Fixed a memory allocation issue with buffers
* Fixed PKI on Windows
* Fixed some SSHv1 functions
* Fixed config hostname expansion
version 0.7.4 (released 2017-02-03)
* Added id_ed25519 to the default identity list
* Fixed sftp EOF packet handling
* Fixed ssh_send_banner() to confirm with RFC 4253
* Fixed some memory leaks
|
|
This fixes build on NetBSD-7.99.39 with pkgsrc-current from 2016-10-09.
Bump PKGREVISION to 2.
|
|
|
|
version 0.7.3 (released 2016-01-23)
* Fixed CVE-2016-0739
* Fixed ssh-agent on big endian
* Fixed some documentation issues
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(We need to keep the old numbering syntax to make versions compare
correctly.)
There are only two consumers in pkgsrc; one of them (remmina and
remmina-plugins) actually needed library version 0.4 or later, and
didn't build the ssh/sftp/nx plugins without. Hydra is also supposed
to build with 0.4.x and later.)
Upstream changelogs:
0.5.4:
CVE-2013-0176 - NULL dereference leads to denial of service
Fixed several NULL pointer dereferences in SSHv1.
Fixed a free crash bug in options parsing.
and for completeness 0.5.3:
This is an important SECURITY and maintenance release in
order to address CVE-2012-4559, CVE-2012-4560, CVE-2012-4561
and CVE-2012-4562.
CVE-2012-4559 - Fix multiple double free() flaws
CVE-2012-4560 - Fix multiple buffer overflow flaws
CVE-2012-4561 - Fix multiple invalid free() flaws
CVE-2012-4562 - Fix multiple improper overflow checks
(...)
Suggested by Noud de Brouwer in wip/libssh and PR pkg/47518, but needed
some changes to PLIST as well as to make "pkg_admin audit" and updates
compare correctly.
|
|
|
|
Bump PKGREVISION
|
|
|
|
in base. Add destdir support.
|
|
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
> -server implementation development. I won't document it before it even works.
> -small bug corrected when connecting to sun ssh servers.
> -channel wierdness corrected (writing huge data packets)
> -channel_read_nonblocking added
> -channel bug where stderr wasn't correctly read fixed.
> -sftp_file_set_nonblocking added. It's now possible to have nonblocking SFTP IO
> -connect_status callback.
> -priv.h contains the internal functions, libssh.h the public interface
> -options_set_timeout (thx marcelo) really working.
> -tcp tunneling through channel_open_forward.
> -channel_request_exec()
> -channel_request_env()
> -ssh_get_pubkey_hash()
> -ssh_is_server_known()
> -ssh_write_known_host()
> -options_set_ssh_dir
> -how could this happen ! there weren't any channel_close !
> -nasty channel_free bug resolved.
> -removed the unsigned long all around the code. use only u8,u32 & u64.
> -it now compiles and runs under amd64 !
> -channel_request_exec()
> -channel_request_env()
> -ssh_get_pubkey_hash()
> -ssh_is_server_known()
> -ssh_write_known_host()
> -options_set_ssh_dir
> -how could this happen ! there weren't any channel_close !
> -nasty channel_free bug resolved.
> -removed the unsigned long all around the code. use only u8,u32 & u64.
> -it now compiles and runs under amd64 !
> -channel_request_pty_size
> -channel_change_pty_size
> -options_copy()
> -ported the doc to an HTML file.
> -small bugfix in packet.c
> -prefixed error constants with SSH_
> -sftp_stat, sftp_lstat, sftp_fstat. thanks Michel Bardiaux for the patch.
> -again channel number mismatch fixed.
> -fixed a bug in ssh_select making the select fail when a signal has been caught.
> -keyboard-interactive authentication working.
|
|
Reword COMMENT (which also removes the typo).
|
|
|
|
|
|
SSH implementation by the mean of a library. The complete control of the
client is made by the programmer.
With libssh, you can remotely execute programs, transfer files, use a
secure and transparent tunnel for your remote programs. With its Secure
FTP implementation, you can play with remote files easily, without
third-party programs others than libcrypto (from openssl).
|
