From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.138]) by sourceware.org (Postfix) with ESMTPS id 431213857C66 for ; Mon, 17 May 2021 23:15:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 431213857C66 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSW.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian.inglis@systematicsw.ab.ca Received: from SystematicSW.ab.ca ([68.147.0.90]) by shaw.ca with ESMTP id imSolZukr7YjPimSplKcoW; Mon, 17 May 2021 17:15:55 -0600 X-Authority-Analysis: v=2.4 cv=fPVaYbWe c=1 sm=1 tr=0 ts=60a2f92b a=T+ovY1NZ+FAi/xYICV7Bgg==:117 a=T+ovY1NZ+FAi/xYICV7Bgg==:17 a=oeppcwj8AAAA:8 a=Xf3QFWXccmUHicLlj0cA:9 a=5n1A7qh1AjcA:10 a=EbX5vdCAct3xugfmopdr:22 a=pHzHmUro8NiASowvMSCR:22 a=Ew2E2A-JSTLzCXPT_086:22 From: Cygwin libssh2 Maintainer To: Cygwin Announcements Reply-To: Cygwin Date: Mon, 17 May 2021 17:10:55 -0600 Message-Id: <20210517171055.58573-1-Brian.Inglis@SystematicSW.ab.ca> Subject: Updated: libssh2_1, libssh2-devel, mingw64-{x86_64,i686}-libssh2 1.9 X-CMAE-Envelope: MS4xfNK7/AlWIPVsbutag8PJA6tadSsFJf2yxyabVEBX6GWXI1a18NQW7zNahI4zfy9MrvgFkUXvmWl4HCtEW/S+GqasCyR9LLJ8aT4n09TN+W119N5xZaOw 94TD3W4I87frxt0f4xQqeFAXkreh9Kix10oiommIMKmTBdwP1XcpGigl6QgqkdcVeR5WL9ly9ljaF2vxuXxWYFhemws2UfnvsmWalehzoJGSnFymUpZ1X5ZQ lIloX3ywEey6YwPwG52CnVO5QgRgeP023gc1diIXWxE= X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_NUMSUBJECT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin-announce@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Read-only mailing list announcing new and updated Cygwin packages List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 May 2021 23:15:57 -0000 The following packages have been upgraded in the Cygwin distribution: * libssh2_1 1.9 * libssh2-devel 1.9 * mingw64-x86_64-libssh2 1.9 * mingw64-i686-libssh2 1.9 libssh2 is a library implementing the SSH2 protocol, supporting many features. The Mingw packages provide Mingw MS VC RT-linked binaries, NOT Cygwin binaries, for use with the mingw64-{x86_64,i686}-gcc cross compilers, installed in /usr/{x86_64,i686}-w64-mingw32/sys-root/mingw/{bin,lib,include}/. For more information see the project home page: https://libssh2.org/ As there are many changes each release please see below or read /usr/share/doc/libssh2/RELEASE-NOTES after installation for complete details: https://libssh2.org/changes.html libssh2 1.9.0 This release includes the following enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * fixed compiling on Windows with the flag STDCALL=ON * improved building instructions * improved unit tests libssh2 1.8.2 This release includes the following bug fixes: * fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header libssh2 1.8.1 This release includes the following bug fixes: * fixed possible integer overflow when reading a specially crafted packet * fixed possible integer overflow in userauth_keyboard_interactive with a number of extremely long prompt strings * fixed possible integer overflow if the server sent an extremely large number of keyboard prompts * fixed possible out of bounds read when processing a specially crafted packet * fixed possible integer overflow when receiving a specially crafted exit signal message channel packet * fixed possible out of bounds read when receiving a specially crafted exit status message channel packet * fixed possible zero byte allocation when reading a specially crafted SFTP packet * fixed possible out of bounds reads when processing specially crafted SFTP packets * fixed possible out of bounds reads in _libssh2_packet_require(v) libssh2 1.8.0 This release includes the following changes: * added a basic dockerised test suite * crypto: add support for the mbedTLS backend This release includes the following bugfixes: * libgcrypt: fixed a NULL pointer dereference on OOM * VMS: can't use %zd for off_t format * VMS: update vms/libssh2_config.h * windows: link with crypt32.lib * libssh2_channel_open: speeling error fixed in channel error message * msvc: fixed 14 compilation warnings * tests: HAVE_NETINET_IN_H was not defined correctly * openssl: add OpenSSL 1.1.0 compatibility * cmake: Add CLEAR_MEMORY option, analogously to that for autoconf * configure: make the --with-* options override the OpenSSL default * libssh2_wait_socket: set err_msg on errors * libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds