-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIPS 140-2 compatibility? #20
Comments
Libssh2 supports FIPS mode as well. IIRC, it's mainly not blowing up if MD5 is disabled in OpenSSL. |
Could not figure how to build OpenSSL (3.1.2) without MD5. The Then tried libssh2 is building fine with It'd be better IMO if MD5 would be completely stripped when building with UPDATE: |
The remaining MD5 use (marked with the FIXME) is necessary to accept old-style encryped private keys. PR to add an build-time option to disable it, and all MD5 uses with it: libssh2/libssh2#1181 |
Before this patch, this happened at runtime when using an old (pre-3.0), FIPS-enabled OpenSSL backend. This patch makes it possible to disable this via the build-time option `LIBSSH2_NO_MD5_PEM`. Also: - make sure to exclude all MD5 internal APIs when both the above and `LIBSSH2_NO_MD5` are enabled. - fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM` and `LIBSSH2_NO_3DES`. - add FIXME to apply this change to `os400qc3.*`. Old-style encrypted private keys require MD5 and they look like this: ``` -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,<MD5-hex> <base64> -----END RSA PRIVATE KEY----- ``` E.g.: `tests/key_rsa_encrypted` Ref: libssh2/www#20 Closes #1181
Merged libssh2/libssh2#1181. Now possible to build libssh2 with no MD5 at all, via FIPS aside, IMO it'd still be a step in the right direction to disable all or some of these algos by default: Most had been disabled by OpenSSH throughout 2015–2017. |
Before this patch, this happened at runtime when using an old (pre-3.0), FIPS-enabled OpenSSL backend. This patch makes it possible to disable this via the build-time option `LIBSSH2_NO_MD5_PEM`. Also: - make sure to exclude all MD5 internal APIs when both the above and `LIBSSH2_NO_MD5` are enabled. - fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM` and `LIBSSH2_NO_3DES`. - add FIXME to apply this change to `os400qc3.*`. Old-style encrypted private keys require MD5 and they look like this: ``` -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,<MD5-hex> <base64> -----END RSA PRIVATE KEY----- ``` E.g.: `tests/key_rsa_encrypted` Ref: libssh2/www#20 Closes libssh2#1181
commit f0e23dae9128185d1af4345360f0bd712d593a07 Author: Viktor Szakats <[email protected]> Date: Sat Dec 9 21:37:39 2023 +0000 RELEASE-NOTES: synced [ci skip] Closes #1279 commit d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a Author: Michael Buckley <[email protected]> Date: Thu Nov 30 15:08:02 2023 -0800 src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" Refs: https://terrapin-attack.com/ https://seclists.org/oss-sec/2023/q4/292 https://osv.dev/list?ecosystem=&q=CVE-2023-48795 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 Fixes #1290 Closes #1291 commit c0f69548be902147ce014ffa40b8db3cf1d4b0b4 Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 15:29:00 2023 +0000 session: add `libssh2_session_callback_set2()` Add new `libssh2_session_callback_set2()` API that deprecates `libssh2_session_callback_set()`. The new implementation offers the same functionality, but accepts and returns a generic function pointer (of type `libssh2_cb_generic *`), as opposed to the old function that used data pointers (`void *`). The new solution thus avoids data to function (and vice versa) pointer conversions, which has undefined behaviour in standard C. About the name: It seems the `*2` suffix was used in the past for replacement functions for deprecated ones. Let's stick with that. `*_ex` was preferred for new functions that extend existing ones with new features. Closes #1285 commit 3ec53f3ea26f61cbf2e0fbbeccb852fca7f9b156 Author: Viktor Szakats <[email protected]> Date: Thu Dec 14 16:46:09 2023 +0000 build: enable `-pedantic-errors` According to the manual, this isn't the same as `-Werror -pedantic`. Enable it together with `-Werror`. https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-pedantic-errors-1 This option results in autotools feature detection going into crazies. To avoid this, we add it to `CFLAGS` late. Idea copied from curl. This option has an effect only with gcc 5.0 and newer as of this commit. Let's enable it for clang and older versions too for simplicity. Ref: https://github.com/curl/curl/commit/d5c0351055d5709da8f3e16c91348092fdb481aa https://github.com/curl/curl/pull/2747 Closes #1286 commit f8c457943997b1f034993950e48ec19f90d2a7a1 Author: Viktor Szakats <[email protected]> Date: Thu Dec 14 22:54:22 2023 +0000 build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute And fix the warning it detected. Closes #1287 commit 9839ebe5e9f2df84459dd0f71eceb1bbc3c5d5eb Author: Viktor Szakats <[email protected]> Date: Sat Dec 16 12:25:51 2023 +0000 libssh2.h: add deprecated function warnings With deprecated-at versions and suggested replacement function. It's possible to silence them by defining `LIBSSH2_DISABLE_DEPRECATION`. Also add depcreated-at versions to documentation, and unify wording. Ref: https://github.com/libssh2/libssh2/pull/1260#issuecomment-1837017987 Closes #1289 commit fc24735f618af190823657cb75919b830d6c44cf Author: Viktor Szakats <[email protected]> Date: Thu Dec 14 19:18:15 2023 +0000 ci/spellcheck: delete redundant option [ci skip] `--check-hidden` not necessary when passing filenames explicitly. Follow-up to a79218d3a058a333bb9de14079548a3511679a04 commit 7010049969592f7c355cf062e68c18c8003ed605 Author: Viktor Szakats <[email protected]> Date: Thu Dec 14 20:14:55 2023 +0000 tidy-up: add empty line for clarity [ci skip] commit ac68fbe475e6e02f43610367fe28257a8924a4ec Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 06:32:54 2023 +0000 build: FIXME `-Wsign-conversion` to be errors [ci skip] commit 6e451669eabcc5ec1ed5c7979c96945092120e9a Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 01:34:35 2023 +0000 src: disable `-Wsign-conversion` warnings, add option to re-enable To avoid the log noise till we fix those ~360 compiler warnings. Also add macro `LIBSSH2_WARN_SIGN_CONVERSION` to re-enable them. Follow-up to afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257 Closes #1284 commit 0f45dafe5eb95d0d2f6c9369e9d2c69c7b7ed79c Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 02:41:05 2023 +0000 cmake: fix indentation [ci skip] commit 94b6bad3c8aa17fc852d86efa52c28c4f105531f Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 00:14:45 2023 +0000 example, tests: call `WSACleanup()` for each `WSAStartup()` On Windows. Closes #1283 commit 52c382f7aae2a8bff4ce3b4b83d18dde30ea11e2 Author: Viktor Szakats <[email protected]> Date: Sat Dec 9 21:01:49 2023 +0000 RELEASE-NOTES: update credits [ci skip] Ref: https://github.com/libssh2/libssh2/pull/1241#issuecomment-1830118584 commit b77504837cade82c004b71b74a26a8bb76c04793 Author: Viktor Szakats <[email protected]> Date: Sat Dec 9 19:00:31 2023 +0000 RELEASE-NOTES: avoid splitting names, fix typo, refine order [ci skip] commit 747862c0e2b7c1ed0650860df3f8b4e385a221f1 Author: Viktor Szakats <[email protected]> Date: Sat Dec 9 17:37:17 2023 +0000 RELEASE-NOTES: synced [ci skip] commit 28dbf01667d8b28d0d9606c9fd474553b93e67a5 Author: Viktor Szakats <[email protected]> Date: Fri Dec 8 02:22:48 2023 +0000 add portable `LIBSSH2_SOCKET_CLOSE()` macro Add `LIBSSH2_SOCKET_CLOSE()` to the public `libssh2.h` header, for user code. It translates to `closesocket()` on Windows and `close()` on other platforms. Use it in example code. It makes them more readable by reducing the number of `_WIN32` guards. Closes #1278 commit 46333adfb81dabc139d7ee88e510798dd7bc61fe Author: Viktor Szakats <[email protected]> Date: Thu Dec 7 20:49:34 2023 +0000 ci: add FreeBSD 14 job, fix issues - install bash to fix error when running tests: ``` ERROR: test_sshd.test - missing test plan ERROR: test_sshd.test - exited with status 127 (command not found?) ===================================== [...] # TOTAL: 4 # PASS: 2 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 2 [...] env: bash: No such file or directory ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998 - fix sshd issue when running tests: ``` # sshd log: # Server listening on :: port 4711. # Server listening on 0.0.0.0 port 4711. # Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub # Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059 Cherry-picked from #1277 Closes #1277 commit 5e0ec99134cf5800b70df947d04daff57b9bbc30 Author: Viktor Szakats <[email protected]> Date: Thu Dec 7 21:06:09 2023 +0000 ci: add OmniOS job, fix issues - use GNU Make, to avoid errors: ``` make: Fatal error in reader: Makefile, line 983: Badly formed macro assignment ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429838379#step:3:1956 Caused by `?=` in `Makefile.am`. Fix it just in case. ``` make: Fatal error in reader: Makefile, line 438: Unexpected end of line seen ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7135524843/job/19432451767#step:3:1966 It's around line 43 in `Makefile.am`, reason undiscovered. - fix error: ``` ../../src/hostkey.c:1227:44: error: pointer targets in passing argument 5 of '_libssh2_ed25519_sign' differ in signedness [-Werror=pointer-sign] 1227 | datavec[0].iov_base, datavec[0].iov_len); | ~~~~~~~~~~^~~~~~~~~ | | | caddr_t {aka char *} ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7135102832/job/19431233967#step:3:2225 https://docs.oracle.com/cd/E36784_01/html/E36887/iovec-9s.html - FIXME: new `-Wsign-conversion` warnings appeared in examples: ``` ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] 251 | FD_SET(forwardsock, &fds); | ^~~~~~ ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:251:9: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] 259 | if(rc && FD_ISSET(forwardsock, &fds)) { | ^~~~~~~~ ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion] [...] ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7136086865/job/19433997429#step:3:3450 Cherry-picked from #1277 commit 3f60ccb76bc825899fe9f933b9355d4ad6ca9766 Author: Viktor Szakats <[email protected]> Date: Fri Dec 8 01:07:57 2023 +0000 example: use `libssh2_socket_t` in X11 example Cherry-picked from #1277 commit 798ed4a7e54ddb87b3ec2342a453b66cf2945bc7 Author: Aaron Stone <[email protected]> Date: Fri Jun 2 13:37:14 2023 -0700 Handle EINTR from send/recv/poll/select to try again as the error is not fatal Integration-patches-by: Viktor Szakats Fixes #955 Closes #1058 commit d0a7f1da2104ca8b15263aa143a9bc42ea2081af Author: Viktor Szakats <[email protected]> Date: Wed Dec 6 11:35:22 2023 +0000 appveyor: delete UWP job broken since Visual Studio upgrade Few days ago UWP job started permafailing. fail: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48678129/job/yb8n2pox8mfjwv6m good: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48673013 Other projects also affected: https://ci.appveyor.com/project/c-ares/c-ares/builds/48687390/job/l0fo4b0sijvqkw9r No related local update. Same CMake version. Same CI image. This seems to be the culprit, which could mean that this update broke CMake detection, needs a different CMake configuration on our end, or that this MSVC update pulled support for UWP apps: fail: -- The C compiler identification is MSVC 19.38.33130.0 (~ Visual Studio 2022 v17.8) good: -- The C compiler identification is MSVC 19.37.32825.0 (~ Visual Studio 2022 v17.7) If this is v17.8, release notes don't readily suggest a feature removal: https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.8 So it might just be UWP accidentally broken in this release. Closes #1275 commit 8cd473c9303007b925d61658846a3f2bccf67735 Author: Viktor Szakats <[email protected]> Date: Wed Dec 6 01:10:03 2023 +0000 checksrc: sync with curl Closes #1272 commit e051ae343aca7bee7f586b1ace41f6a827fa011d Author: Viktor Szakats <[email protected]> Date: Tue Dec 5 23:41:39 2023 +0000 autotools: delete `--disable-tests` option, fix CI tests Originally added to improve build performance by skipping building tests. But, there seems to be no point in this, because autotools doesn't build tests by default, unless explicitly invoking `make check`. Delete this option from Cygwin and FreeBSD CI tests, where it caused `make check` to do nothing. Tests are built now, and runtime tests are too, where supported. Also disable Docker-based tests for these, and add a missing `make -j3` for FreeBSD. Reverts 7483edfada1f7e17cf8f9ac1c87ffa3d814c987e #715 Closes #1271 commit b1414503f51c9421557a3d4784b113a84d42c003 Author: ren mingshuai <[email protected]> Date: Wed Dec 6 07:14:53 2023 +0800 build: add `LIBSSH2_NO_DEPRECATED` option (#1266) The following APIs have been deprecated for over 10 years and use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated: libssh2_session_startup() libssh2_banner_set() libssh2_channel_receive_window_adjust() libssh2_channel_handle_extended_data() libssh2_scp_recv() Add these options to disable them: - autotools: `--disable-deprecated` - cmake: `-DLIBSSH2_NO_DEPRECATED=ON` - `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED` Fixes #1259 Replaces #1260 Co-authored-by: Viktor Szakats Closes #1267 commit a3f5594a96bca6f56356c997ab463ff165360990 Author: Viktor Szakats <[email protected]> Date: Mon Dec 4 22:46:01 2023 +0000 autotools: show the default for `hidden-symbols` option Closes #1269 commit 2e5a8719d7db495ae346ce58388f875386233300 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 19:29:28 2023 +0000 tidy-up: bump casts from int to long for large C99 types in printfs Cast large integer types to avoid dealing with printf masks for `size_t` and other C99 types. Some of existing code used `int` for this, bump them to `long`. Ref: afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257 Closes #1264 commit afa6b865604019ab27ec033294edfe3ded9ae0c0 Author: Viktor Szakats <[email protected]> Date: Thu Nov 30 23:35:11 2023 +0000 build: enable missing OpenSSF-recommended warnings, with fixes Ref: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html (2023-11-29) Enable new warnings: - replace `-Wno-sign-conversion` with `-Wsign-conversion`. Fix them in example, tests and wincng. There remain about 360 of these warnings in `src`. Add a TODO item for those and disable `-Werror` for this particular warning. - enable `-Wformat=2` for clang (in both cmake and autotools). - enable `__attribute__((format))` for `_libssh2_debug()`, `_libssh2_snprintf()` and in tests for `run_command()`. `LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. Fix them: - src: replace obsolete fall-through-comments with `__attribute__((fallthrough))`. - wincng: fix `-Wsign-conversion` warnings. - tests: fix `-Wsign-conversion` warnings. - example: fix `-Wsign-conversion` warnings. - src: fix `-Wformat` issues in trace calls. Also, where necessary fix `int` and `unsigned char` casts to `unsigned int` and adjust printf format strings. These were not causing compiler warnings. Cast large types to `long` to avoid dealing with printf masks for `size_t` and other C99 types. Existing code often used `int` for this. I'll update them to `long` in an upcoming commit. - tests: fix `-Wformat` warning. - silence `-Wformat-nonliteral` warnings. - mbedtls: silence `-Wsign-conversion`/`-Warith-conversion` in external header. Closes #1257 commit e0a0466490dc6b669a2b2ce4f62745dea5e0b8f3 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 17:27:23 2023 +0000 packet: whitespace fix Tested via #1257 commit b136c37998c152530c44672252be511ed2d4a10f Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 14:41:33 2023 +0000 tidy-up: unsigned -> unsigned int In the `interval` argument of public `libssh2_keepalive_config()`. Tested via #1257 commit eb996af851c046d040f89caedde0e28c7a7cf84d Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 14:44:50 2023 +0000 tests: sync port number type with the rest of codebase Tested via #1257 commit ecdf519911a62dc3051bb0e645defe2b56543912 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 17:02:13 2023 +0000 autotools: enable `-Wunused-macros` with gcc It works with gcc without the libtool warnings seen with clang on Windows in 96682bd5e14c20828e18bf10ed5b4b5c7543924a #1227. Sync usage of of this macro with CMake and autotools + clang + non-Windows. Making it enabled everywhere except autotools + clang + Windows due to the libtool stub issue. Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Closes #1262 commit 0b4bdc856f9e06a75e6675aad9d7f777ac3eb060 Author: Viktor Szakats <[email protected]> Date: Sat Dec 2 03:16:08 2023 +0000 TODO: disable or drop weak algos [ci skip] Closes #1261 commit 744e059f310ab7832f6781f673474e2924d02b4e Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 03:19:04 2023 +0000 example, tests: fix/silence `-Wformat-truncation=2` gcc warnings Then sync this warning option with curl. Seems like a false positive and/or couldn't figure how to fix it, so silence: ``` example/ssh2.c:227:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=] 227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey); | ^~ example/ssh2.c:227:34: note: assuming directive output of 1 byte 227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey); | ^~~~~~~ example/ssh2.c:227:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2 227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ example/ssh2.c:228:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=] 228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey); | ^~ example/ssh2.c:228:34: note: assuming directive output of 1 byte 228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey); | ^~~~~~~ example/ssh2.c:228:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2 228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205970397#step:10:98 Fix: ``` tests/openssh_fixture.c:116:38: error: ' 2>&1' directive output may be truncated writing 5 bytes into a region of size between 1 and 1024 [-Werror=format-truncation=] tests/openssh_fixture.c:116:11: note: 'snprintf' output between 6 and 1029 bytes into a destination of size 1024 ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205969221#step:10:51 Tested via #1257 commit 2e57dcb9d2c2826a3cfdad65f72e6003313eaa64 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 12:55:12 2023 +0000 example: fix indentation follow-up Fix long line and fix more indentations. Follow-up to 9e896e1b80911a53d6aabb322e034e6ca51b6898 commit 9e896e1b80911a53d6aabb322e034e6ca51b6898 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 09:41:39 2023 +0000 example: fix indentation Tested via #1257 commit 6c53815aa78daa66c4c84ee0a6caf3efa8651998 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 04:28:59 2023 +0000 autotools: fix missed `-pedantic` and `-Wall` options for gcc Follow-up to 5996fefe2bad80cfba85b2569ce6ab6ef575142c #1223 Tested via #1257 commit c9124088099627c39917e093479f2692dce6588b Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 04:38:16 2023 +0000 ci: show compiler in cross/cygwin job names Tested via #1257 commit 4be5e33ae10431f90f9ffe0d6cba44b64dcd630e Author: Viktor Szakats <[email protected]> Date: Thu Nov 30 23:54:58 2023 +0000 mbedtls: further improve disabling `-Wredundant-decls` Move warning option suppression to `src/mbedtls.h` to surround the actual external header #includes that need it. Follow-up to ecec68a2c13a9c63fe8c2dc457ae785a513e157c #1226 Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Tested via #1257 commit 8d69e63db9e2e759e3f973fbbc154e2ec1528f83 Author: ren mingshuai <[email protected]> Date: Fri Dec 1 11:52:12 2023 +0800 example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (#1258) libssh2_scp_recv is deprecated and has been replaced by libssh2_scp_recv2 in prior commit. Follow-up to 6c84a426beb494980579e5c1d244ea54d3fc1a3f commit 363dcbf449c0c7b13c6526d7af84c6f1db2691cc Author: Viktor Szakats <[email protected]> Date: Fri Nov 24 23:33:22 2023 +0000 openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job - use OpenSSL 3 API when available for HMAC. This fixes building with OpenSSL 3 `no-deprecated` builds. - ensure we support pure OpenSSL 3 API by adding a CI job using OpenSSL 3 custom-built with `no-deprecated`. Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207 Fixes #1235 Closes #1243 commit 66108f02f0569efced1bdd6e9e8c29f2991c5b24 Author: Viktor Szakats <[email protected]> Date: Sun Nov 26 12:00:20 2023 +0000 ci: restore lost comment for FreeBSD [ci skip] Follow-up to eee4e8055ab375c9f9061d4feb39086737f41a9c commit 0c9a8e3590051bfb80acbb2146388c8fe883b2f8 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 23:47:57 2023 +0000 ci: add OpenBSD (v7.4) job + fix build error in example - Use CMake, LibreSSL and clang from the base install. - This uncovered a build error in `example/subsystem_netconf.c`, caused by using the `%n` printf mask. This is a security risk and some systems (notably OpenBSD) disable this feature. Fix it by applying this patch from OpenBSD ports (from 2021-09-11): https://cvsweb.openbsd.org/ports/security/libssh2/patches/patch-example_subsystem_netconf_c?rev=1.1&content-type=text/x-cvsweb-markup https://github.com/openbsd/ports/commit/2c5b2f3e94381914a3e8ade960ce8c997ca9d6d7 "The old code is also broken, as it passes a pointer to a variable of a different size (on LP64). There is no check for truncation, but buf[] is 1MB in size." Patch-by: naddy ``` /home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:252:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror] "]]>]]>\n%n", (int *)&len); ~^ /home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:270:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror] "]]>]]>\n%n", (int *)&len); ~^ 2 errors generated. ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6991449778/job/19022024280#step:3:420 Also made tests with arm64, but it takes consistently almost 14m to finish the job, vs. 2-3m for the native amd64: https://github.com/libssh2/libssh2/actions/runs/6991648984/job/19022440525 https://github.com/libssh2/libssh2/actions/runs/6991551220/job/19022233651 Cherry-picked from #1250 Closes #1250 commit 65c7a7a55af037bcc9ee67c2f69ecdb9109ecbb1 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 23:43:22 2023 +0000 ci: add NetBSD (v9.3) job Use CMake, OpenSSL (v1.1) and clang from the base install. Cherry-picked from #1250 commit eee4e8055ab375c9f9061d4feb39086737f41a9c Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 23:39:29 2023 +0000 ci: update and speed up FreeBSD job - switch to an alternate GitHub action. This one seems (more) actively maintained, and runs faster: https://github.com/cross-platform-actions/action - use clang instead of gcc. clang is already present in the base install, saving install time and bandwidth. - stop installing `openssl-quictls` and use the OpenSSL (v1.1) from the base system. (I'm suspecting that quictls before this patch wasn't detected by the build.) https://wiki.freebsd.org/OpenSSL Cherry-picked from #1250 commit c6589b8823e9d4a282587a6a5dab831b54d412c0 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 11:52:00 2023 +0000 stop using leading underscores in macro names Underscored macros are reserved for the compiler / standard lib / etc. Stop using them in user code. We used them as header guards in `src` and in `__FILESIZE` in `example`. Closes #1248 commit 7494881617223bc05aa9c94ceaa6b068e2008be2 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 11:03:50 2023 +0000 ci: use absolute path in `CMAKE_INSTALL_PREFIX` To make the installed locations unambiguous in the build logs. Closes #1247 commit efee91333b7d641fbfb1ba471fb00d8161d4013c Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 03:49:49 2023 +0000 openssl: make a function static, add `#ifdef` comments Follow-up to 03092292597ac601c3f9f0c267ecb145dda75e4e #248 where the function was added. Also add comments to make `#ifdef` branches easier to follow in `openssl.h`. Closes #1246 commit 236e79a115791194368b45751e3ec9452d6d73d9 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 10:35:26 2023 +0000 ci: boost mbedTLS build speed Build times down to 4 seconds (from 18-20). Closes #1245 commit 82581941d6cd91cd00cf6d8bee1b2a660864ca19 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 00:26:40 2023 +0000 openssl: fix DSA code to use OpenSSL 3 API - fix missing `DSA` type when building for OpenSSL 3 `no-deprecated`. - fix fallouts after fixing the above by switching away from `DSA` with OpenSSL 3. Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207 Closes #1244 commit d2ef66473ca6f3521eb739eceddf0cba4c44bbed Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 00:35:43 2023 +0000 openssl: formatting (delete empty lines) [ci skip] commit 5326a5ce262b0a27dbd4714dc370d85814297f55 Author: Viktor Szakats <[email protected]> Date: Thu Nov 23 23:00:13 2023 +0000 tests: fall back to `$LOGNAME` for username If the `$USER` variable is empty, fall back to using `$LOGNAME` to retrieve the logged-in username. In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and on some systems it may not be set. Without this value, tests were unable to provide the correct username when logging into the SSH server running under the active user's session. Reported-by: Nicolas Mora Suggested-by: Nicolas Mora Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348 Fixes #1240 Closes #1241 commit 631e7734c8d850cd0c8e7a27d4dc524915e20b09 Author: Viktor Szakats <[email protected]> Date: Tue Nov 21 20:32:12 2023 +0000 libssh2.h: use `_WIN32` for Windows detection instead of rolling our own Sync up `libssh2.h` Windows detection with the libssh2 source code. `libssh2.h` was using `WIN32` and `LIBSSH2_WIN32` for Windows detection, next to the official `_WIN32`. After this patch it only uses `_WIN32` for this. Also, make it stop defining `LIBSSH2_WIN32`. There is a slight chance these break compatibility with Windows compilers that fail to define `_WIN32`. I'm not aware of any obsolete or modern compiler affected, but in case there is one, one possible solution is to define this macro manually. Closes #1238 commit 487152f4fa8bc155fc6cb8a03896947425dc0632 Author: Viktor Szakats <[email protected]> Date: Tue Nov 21 22:30:59 2023 +0000 openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build Fixes: ``` src/openssl.c:650:5: error: use of undeclared identifier 'EC_KEY' EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); ^ src/openssl.c:650:13: error: use of undeclared identifier 'ec_key' EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); ^ src/openssl.c:650:22: error: implicit declaration of function 'EC_KEY_new_by_curve_name' is invalid in C99 [-Werror,-Wimplicit-function-declaration] EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); ^ src/openssl.c:650:22: note: did you mean 'EC_GROUP_new_by_curve_name'? ./quictls/_a64-mac-sys/usr/include/openssl/ec.h:483:11: note: 'EC_GROUP_new_by_curve_name' declared here EC_GROUP *EC_GROUP_new_by_curve_name(int nid); ^ In file included from ./_a64-mac-sys-bld/src/CMakeFiles/libssh2_static.dir/Unity/unity_0_c.c:19: In file included from src/crypto.c:10: src/openssl.c:652:8: error: use of undeclared identifier 'ec_key' if(ec_key) { ^ ``` Ref: https://github.com/curl/curl-for-win/actions/runs/6950001225/job/18909297867#step:3:4341 Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207 Bug #1235 Closes #1236 commit 910ed9b0355cb8b9f2c71e00333426f1ee5f5bb7 Author: Viktor Szakats <[email protected]> Date: Tue Nov 21 23:31:22 2023 +0000 openssl: formatting Sync up these lines with the other two similar occurrences in the code. Cherry-picked from #1236 commit b0ab005fe79260e6e9fe08f8d73b58dd4856943d Author: Michael Buckley <[email protected]> Date: Tue Nov 21 09:33:01 2023 -0800 openssl: use non-deprecated APIs with OpenSSL 3.x (#1207) Assisted-by: Viktor Szakats commit c9dd3566b2247083f75e1304b7365ee9c8ed3e34 Author: Viktor Szakats <[email protected]> Date: Tue Nov 21 00:39:44 2023 +0000 ci: add BoringSSL job (cmake, gcc, amd64) Closes #1233 commit 89ccc83c7da73e7ca3a112e350008131942b592e Author: Viktor Szakats <[email protected]> Date: Mon Nov 20 02:06:37 2023 +0000 autotools: fix dotless gcc and Apple clang version detections - fix parsing dotless (major-only) gcc versions. Follow-up to 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad #1187 - sync gcc detection variable names with curl. - fix Apple clang version detection for releases between 'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the version was under-detected as 3.7 llvm/clang equivalent. - fix Apple clang version detection for 'Apple clang version 11.0.0' and newer where the Apple clang version was detected, instead of its llvm/clang equivalent. - revert to show `clang` instead of `Apple clang`, because we follow it with an llvm/clang version number. (Apple-ness still visible in raw version.) Used this collection for Apple clang / llvm/clang translation and test inputs: https://gist.github.com/yamaya/2924292 Closes #1232 commit e9017b10460857cf148f94716356907f60884a3f Author: Viktor Szakats <[email protected]> Date: Mon Nov 20 01:48:17 2023 +0000 acinclude.m4: revert accidental edit [ci skip] Follow-up to 8c320a93a48775b74f40415e46f84bf68b4d5ae8 commit fb58016180090a5baea21d69f0d14b07b7f01ef4 Author: Viktor Szakats <[email protected]> Date: Sun Nov 19 18:04:57 2023 +0000 autotools: show more clang/gcc version details Also: - show if we detected Apple clang. - delete duplicate version detection for clang. Closes #1230 commit 8c320a93a48775b74f40415e46f84bf68b4d5ae8 Author: Viktor Szakats <[email protected]> Date: Sat Nov 18 16:04:19 2023 +0000 acinclude.m4: re-sync with curl [ci skip] commit 96682bd5e14c20828e18bf10ed5b4b5c7543924a Author: Viktor Szakats <[email protected]> Date: Fri Nov 17 21:13:30 2023 +0000 autotools: avoid warnings in libtool stub code Seen on Windows with clang64, in libtool-generated stub code for examples and tests. The error didn't break the CI job for some reason. msys2 (autotools, clang64, clang-x86_64: ``` [...] 2023-11-17T20:14:17.8639574Z ./.libs/lt-test_read.c:91:10: error: macro is not used [-Werror,-Wunused-macros] [...] 2023-11-17T20:14:39.8729255Z ./.libs/lt-sftp_write_nonblock.c:91:10: error: macro is not used [-Werror,-Wunused-macros] [...] ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6908585056/job/18798193405?pr=1226#step:8:474 Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Closes #1227 commit ecec68a2c13a9c63fe8c2dc457ae785a513e157c Author: Viktor Szakats <[email protected]> Date: Fri Nov 17 20:04:52 2023 +0000 mbedtls: improve disabling `-Wredundant-decls` Disable these warnings specifically for the mbedTLS public headers and leave it on for the the rest of the code. This also fixes this issue for autotools. Previous solution was globally disabling this warning for the whole code when using mbedTLS and only with CMake. Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Closes #1226 commit 64d6789f71aa4db25c6903c5e0180790bb12782e Author: Viktor Szakats <[email protected]> Date: Thu Nov 16 14:38:44 2023 +0000 cmake: rename picky warnings script To match the camel-case style used in other CMake scripts and also to match the name used in curl. Closes #1225 commit 7ecc309cd10454c54814b478c4f85d0041da6721 Author: Viktor Szakats <[email protected]> Date: Thu Nov 16 00:54:25 2023 +0000 build: enable more compiler warnings and fix them Enable more picky compiler warnings. I've found these options in the nghttp3 project when implementing the CMake quick picky warning functionality for it. Fix issues found along the way: - wincng, mbedtls: delete duplicate function declarations. Most of this was due to re-#defining crypto functions to crypto-backend specific implementations These redefines also remapped the declarations in `crypto.h`, making the backend-specific declarations duplicates. This patch deletes the backend-specific declarations. - wincng mapped two crypto functions to the same local function. Also causing double declarations. Fix this by adding two disctinct wrappers and moving the common function to a static one. - delete unreachable `break;` statements. - kex: disable macros when unused. - agent: disable unused constants. - mbedtls: disable double declaration warnings because public mbedTLS headers trigger it. (with function `psa_set_key_domain_parameters`) - crypto.h: formatting. Ref: https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake Closes #1224 commit 5996fefe2bad80cfba85b2569ce6ab6ef575142c Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 23:15:17 2023 +0000 autotools: sync warning enabler code with curl Tiny changes and minor updates to bring this code closer to curl's `m4/curl-compilers.m4`. Closes #1223 commit e645fa95f361d70bf1bf014d418b89b72b7e9d8c Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 22:51:41 2023 +0000 acinclude.m4: fix indentation [ci skip] Also match indentation of curl's `m4/curl-compilers.m4` for easier syncing. commit ce5f208a556c92672a959cc7ed879dcdec5836a0 Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 20:28:55 2023 +0000 autotool: rename variable `WARN` -> `tmp_CFLAGS` To match curl and make syncing this code easier. Ref: https://github.com/curl/curl/blob/d1820768cce0e797d1f072343868ce1902170e93/m4/curl-compilers.m4#L479 Closes #1222 commit cdca8cff886ce71fb9b8d0c56cdf9774b5a7d355 Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 18:43:51 2023 +0000 autotools: picky warning options tidy-up - sync clang warning version limits with CMake. - make `WARN=` vs. `CURL_ADD_COMPILER_WARNINGS()` consistent with curl and between clang and gcc (`WARN=` is for `no-` options in general). Closes #1221 commit 328a96b3daf92efc867cde2eee651c48958f31ea Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 00:36:55 2023 +0000 build: picky warning updates - cmake, autotools: sync picky gcc warnings with curl. - cmake, autotools: add `-Wold-style-definition` for clang too. - cmake, autotools: add comment for `-Wformat-truncation=1`. - cmake: more precise version info for old clang options. Closes #1219 commit fea6664e1bbf52cb9a02fceadc81f6f56c3fd7b9 Author: Viktor Szakats <[email protected]> Date: Fri Nov 10 15:41:05 2023 +0000 ci: fixup FreeBSD version, bump mbedtls We haven't been using the FreeBSD version. Also it turns out, the single version supported is 13.2 at the moment: https://github.com/vmactions/freebsd-vm/tree/main/conf Stop trying to set the version and instead rely on the action providing the latest supported one automatically. Follow-up to a7d2a573be26238cc2b55e5ff6649bbe620cb8d9 Also: - add more details to the FreeBSD job description. - bump mbedtls version while here. Closes #1217 commit 932d6a32779a39aa6109e2d7aff8b2b6123df4f4 Author: Viktor Szakats <[email protected]> Date: Thu Nov 9 18:59:01 2023 +0000 cmake: fix multiple include of libssh2 package Also extend our integration test double inclusion. It will still not catch this case, because that requires `cmake_minimum_required(VERSION 3.18)` or higher. Fixes: ``` CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:8 (add_library): add_library cannot create ALIAS target "libssh2::libssh2" because another target with the same name already exists. Call Stack (most recent call first): CMakeLists.txt:24 (find_package) CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:13 (add_library): add_library cannot create ALIAS target "Libssh2::libssh2" because another target with the same name already exists. Call Stack (most recent call first): CMakeLists.txt:24 (find_package) ``` Test to reproduce: ```cmake cmake_minimum_required(VERSION 3.18) # must be 3.18 or higher project(test) find_package(libssh2 CONFIG) find_package(libssh2 CONFIG) # fails add_executable(test main.c) target_link_libraries(test libssh2::libssh2) ``` Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html Assisted-by: Kai Pastor Assisted-by: Harry Mallon Ref: https://github.com/curl/curl/pull/11913 Closes #1216 commit a7d2a573be26238cc2b55e5ff6649bbe620cb8d9 Author: Viktor Szakats <[email protected]> Date: Wed Nov 8 18:17:22 2023 +0000 ci: add FreeBSD 13.2 job It runs over Linux via qemu. First two runs were (very) slow, then it became (much) more performant at just 2x slower than a native Linux build. Then got slow again, then fast again. Still seems acceptable for the value this adds. The build uses autotools and quictls. Successful builds: 1. https://github.com/libssh2/libssh2/actions/runs/6802676786/job/18496286419 (13m59s, -j3) 2. https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497243225 (11m5s, -j2) 3. https://github.com/libssh2/libssh2/actions/runs/6803142201/job/18497785049 (3m6s, -j1) 4. https://github.com/libssh2/libssh2/actions/runs/6803194839/job/18497962766 (3m10s, -j2) 5. https://github.com/libssh2/libssh2/actions/runs/6803267201/job/18498208501 (3m13s) 6. https://github.com/libssh2/libssh2/actions/runs/6803510333/job/18498993698 (15m25s) 7. https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528571057 (3m13s) Similar solution exists for Solaris (over macOS via VirtualBox), but it hangs forever at `Waiting for text: solaris console login`: https://github.com/libssh2/libssh2/actions/runs/6802388128/job/18495391869#step:4:185 Idea taken from LibreSSL. FIXME: Unrelated, the `distcheck` job became flaky in recent days: https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497256437#step:10:536 ``` FAIL: test_auth_pubkey_ok_rsa_aes256gcm ``` https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528588933#step:10:533 ``` FAIL: test_read ``` Closes #1215 commit b9a4ed83b4b7fbef4f95e77ff1eab850dfcbac27 Author: Viktor Szakats <[email protected]> Date: Wed Nov 8 03:24:09 2023 +0000 reuse: fix duplicate copyright warning ``` PendingDeprecationWarning: Copyright and licensing information for 'tests/openssh_server/Dockerfile' has been found in both 'tests/openssh_server/Dockerfile' and in the DEP5 file located at '.reuse/dep5'. The information for these two sources has been aggregated. In the future this behaviour will change, and you will need to explicitly enable aggregation. [...] ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6789274955/job/18456085964#step:4:4 commit 43485579609a833827736e8205fe29956900ed74 Author: Viktor Szakats <[email protected]> Date: Sat Oct 28 11:36:31 2023 +0000 Makefile.mk: delete Windows-focused raw GNU Make build We recommend using CMake instead. Especially in unity mode, it's faster and probably more familiar for most. It's also easily portable. (`Makefile.mk` was also portable, but in practice only usable for Windows. Other platforms required a manual config header.) Also: - migrate `LIBSSH2_NO_*` option CI tests to CMake. - make MSYS2 CMake builds verbose to show compilation options. Closes #1204 commit bfa00f1bd5abce93cd95055c8b71791816b3c655 Author: Viktor Szakats <[email protected]> Date: Mon Nov 6 12:18:25 2023 +0000 tidy-up: around `stdint.h` - os400: delete unused `HAVE_STDINT_H`. - fuzz: delete redundant `stdint.h` use. `inttypes.h` is already included via `testinput.h`. - docs/TODO: adjust type in planned function. Closes #1212 commit 20387285d300c74160f655b72ad5d762ee56166b Author: Viktor Szakats <[email protected]> Date: Mon Nov 6 00:41:17 2023 +0000 cmake: show crypto backend in feature summary This was visible as an enabled package before this patch, but it missed to show WinCNG. Closes #1211 commit a3ffc4221d7ed4619c1e5e4557287204868e443b Author: Viktor Szakats <[email protected]> Date: Fri Nov 3 11:04:22 2023 +0000 man: fix double spaces and dash escaping - `- ` -> `- ` - `. ` -> `. ` - `\- ` -> `- ` - `-1` -> `\-1` - fold long lines along the way This makes the minus sign come out as a Unicode minus sign (0x2212), and title separator dashes as Unicode hyphen (0x2010), with `groff -Tutf8` v1.23.0. Ref: https://lwn.net/Articles/947941/ Closes #1210 commit 8cca7b77527861395de6278b27fa825df3b5b835 Author: Viktor Szakats <[email protected]> Date: Tue Oct 31 22:41:05 2023 +0000 src: fix gcc 13 `-Wconversion` warning on Darwin ``` src/session.c: In function 'libssh2_poll': src/session.c:1776:22: warning: conversion from 'long int' to '__darwin_suseconds_t' {aka 'int'} may change value [-Wconversion] 1776 | tv.tv_usec = (timeout_remaining % 1000) * 1000; | ^ ``` Ref: https://github.com/curl/curl-for-win/actions/runs/6711735060/job/18239768548#step:3:4368 Follow-up to 08354e0abbe86d4cc5088d210d53531be6d8981a Closes #1209 commit bf285500e603b77229bbaf9a87fe7f724bb5ffaa Author: Viktor Szakats <[email protected]> Date: Mon Oct 30 17:42:32 2023 +0000 openssl: silence `-Wunused-value` warnings Seen with gcc 12. Manual: https://www.openssl.org/docs/man3.1/man3/BIO_reset.html ``` ./quictls/linux-a64-musl/usr/include/openssl/bio.h:555:34: warning: value computed is not used [-Wunused-value] 555 | # define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./libssh2/src/openssl.c:3518:5: note: in expansion of macro 'BIO_reset' ./libssh2/src/openssl.c:3884:5: note: in expansion of macro 'BIO_reset' ./libssh2/src/openssl.c:3995:5: note: in expansion of macro 'BIO_reset' ``` Ref: https://github.com/curl/curl-for-win/actions/runs/6696392318/job/18194032712#step:3:5060 Closes #1205 commit f64e6318f031a15d7e727d6f4864a3d2e973aab0 Author: Viktor Szakats <[email protected]> Date: Mon Oct 30 11:23:47 2023 +0000 Makefile.am: fix `cp` to preserve attributes and timestamp commit fc00bdd7f195fc6511d18d11cad2801b56c5549e Author: Viktor Szakats <[email protected]> Date: Sat Oct 7 15:32:39 2023 +0000 cmake: simplify showing CMake version Move it to `CMakeLists.txt`. Drop `cmake --version` commands. Credit to the `zlib-ng` project for the idea: https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078bd1399/CMakeLists.txt#L7 Closes #1203 commit 5e19044282c219ddb1fedddd8eaba0b4c0256a95 Author: Viktor Szakats <[email protected]> Date: Sat Oct 7 09:19:49 2023 +0000 ci: mbedtls 3.5.0 v3.5.0 needs extra compiler option for i386 to avoid: ``` #error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C" ``` Closes #1202 commit 2cd2f40e37ab7e3880bc9504c6d7cda5a188fed7 Author: Viktor Szakats <[email protected]> Date: Sat Oct 7 09:47:58 2023 +0000 tests: show cmake version used in integration tests Closes #1201 commit a9a79e7a41f2c80b487ede854ffcad90a7634e7b Author: Viktor Szakats <[email protected]> Date: Tue Oct 3 13:46:01 2023 +0000 readme.vms: fix typo [ci skip] Detected by codespell 2.2.6 commit 06fd721f08f058b3bb83fc5d0e1c50736b28cb26 Author: Viktor Szakats <[email protected]> Date: Sat Sep 30 19:03:37 2023 +0000 appveyor: YAML/PowerShell formatting, shorten variable name - use single-quotes in yaml and PowerShell. - shorten a variable name. - use indentation 2 for scripts. - use C else-style in PowerShell. Closes #1200 commit d468a33f620d56f2fc67ee98cd50b9039d2ecf6e Author: Viktor Szakats <[email protected]> Date: Sat Sep 30 14:58:51 2023 +0000 ci: update actions, use shallow clones with appveyor - update GitHub Actions to their latest versions. - use shallow git clones in AppVeyor CI to save data over the wire. Closes #1199 commit 8a081fd98b015e4a5375bfec1c295e0b7e2e4e6c Author: Viktor Szakats <[email protected]> Date: Fri Sep 29 20:07:36 2023 +0000 appveyor: move to pure PowerShell - replace batch commands with PowerShell. - merge separate command entries into single PowerShell blocks. Closes #1197 commit 6fbc9505d8a4179ab6a1d44c7df9bb9af6bdc9ba Author: Viktor Szakats <[email protected]> Date: Fri Sep 29 08:43:40 2023 +0000 windows: use built-in `_WIN32` macro to detect Windows Instead of `WIN32`. The compiler defines `_WIN32`. Windows SDK headers or build env defines `WIN32`, or we have to take care of it. The agreement seems to be that `_WIN32` is the preferred practice here. Minor downside is that CMake uses `WIN32` and we also adopted it in `Makefile.mk`. In public libssh2 headers we stick with accepting either `_WIN32` or `WIN32` and define our own namespaced `LIBSSH2_WIN32` based on them. grepping for `WIN32` remains useful to detect Windows-specific code. Closes #1195 commit 4c241d5c65c754141243bebdafa900472b23b68f Author: Viktor Szakats <[email protected]> Date: Fri Sep 29 09:27:34 2023 +0000 cmake: cleanup mbedTLS version detection more - lowercase, underscored local variables. - fix `find_library()` to use the multiple names passed. - rely more on `find_package_handle_standard_args()`. Logic based on our `Findwolfssl.cmake`. - delete ignored/unused `MBEDTLS_LIBRARY_DIR`. - revert CI configuration to use `MBEDCRTYPO_LIBRARY`. - clarify inputs/outputs in comment header. - use variable for regex. - formatting. Follow-up to 41594675072c578294674230d4cf5f47fa828778 #1192 Closes #1196 commit 30eef0a630ab3cc408f06d9b32fa19f647008df7 Author: Viktor Szakats <[email protected]> Date: Thu Sep 28 18:32:37 2023 +0000 cmake: delete duplicate `include()` commit 41594675072c578294674230d4cf5f47fa828778 Author: Viktor Szakats <[email protected]> Date: Thu Sep 28 13:09:36 2023 +0000 cmake: improve/fix mbedTLS detection - libssh2 needs the crypto lib only, stop dealing with the rest. - simplify logic. - drop hard-wired toolchain specific options that broke with e.g. MSVC. Reported by: AR Visions Fixes #1191 - add mbedTLS version detection for recent releases. - merge custom detection results display into a single line. - shorten mbedTLS configuration in macOS CI job. Used the curl mbedTLS detection logic for ideas: https://github.com/curl/curl/blob/a8c773845f4fdbfb09b08a6ec4b656c812568995/CMake/FindMbedTLS.cmake Closes #1192 commit 67e39091b2fa3b87e22895cdbdeda20e4b2403b1 Author: concussious <[email protected]> Date: Sat Sep 23 19:00:14 2023 -0400 libssh2_session_get_blocking.3: Add description (#1185) commit 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad Author: Viktor Szakats <[email protected]> Date: Thu Sep 21 08:14:38 2023 +0000 autotools: fix selecting wincng in cross-builds (and more) - Fix explicitly selecting WinCNG in autotools cross-builds by moving `windows.h` header check before the WinCNG availability check. Follow-up to d43b8d9b0b9cd62668459fe5d582ed83aabf77e7 Reported-by: Jack L Fixes #1186 - Add Linux -> mingw-w64 cross-builds for autotools and CMake. This doesn't detect #1186, because that happened when explicitly specifying WinCNG via `--with-crypto=wincng`, but not when falling back to WinCNG by default. - autotools: fix to strip suffix from gcc version Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu may return `n-win32` (also with `-dumpfullversion`). Causing these errors and failing to enable picky warnings: ``` ../configure: line 23845: test: : integer expression expected ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143 Fix that by stripping any dash-suffix. gcc version detection is still half broken because we translate '10' to '10.10' because `cut -d. -f2` returns the first word if the delimiter missing. More possible `-dumpversion` output: `10-posix`, `10-win32`, `9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0` Ref: https://github.com/mamedev/mame/pull/9767 Closes #1187 commit 88a960a86b9ffbabd17a4bbcf767e26514c4678e Author: Michael Buckley <[email protected]> Date: Mon Aug 28 16:47:21 2023 -0700 Properly bounds check packet_authagent_open() (#1179) * Properly bounds check packet_authagent_open * packet.c: use strlen instead of sizeof for strings * Make LIBSSH_CHANNEL's channel_type_len a size_t * packet_authagent_open: use size_t for offset Credit: Michael Buckley, signed off by Will Cosgrove commit a790d3784eca821aeaee0b5db54cbf037780676f Author: Viktor Szakats <[email protected]> Date: Mon Aug 28 23:20:53 2023 +0000 os400qc3: move FIXME comment [ci skip] Follow-up to eb9f9de2c19ec67d12a444cce34bdd059fd26ddc commit eb9f9de2c19ec67d12a444cce34bdd059fd26ddc Author: Viktor Szakats <[email protected]> Date: Sat Aug 26 21:56:23 2023 +0000 md5: allow disabling old-style encrypted private keys at build-time Before this patch, this happened at runtime when using an old (pre-3.0), FIPS-enabled OpenSSL backend. This patch makes it possible to disable this via the build-time option `LIBSSH2_NO_MD5_PEM`. Also: - make sure to exclude all MD5 internal APIs when both the above and `LIBSSH2_NO_MD5` are enabled. - fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM` and `LIBSSH2_NO_3DES`. - add FIXME to apply this change to `os400qc3.*`. Old-style encrypted private keys require MD5 and they look like this: ``` -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,<MD5-hex> <base64> -----END RSA PRIVATE KEY----- ``` E.g.: `tests/key_rsa_encrypted` Ref: https://github.com/libssh2/www/issues/20 Closes #1181 commit 4a64ca14302e5105c168de3f8f6cc0cbe27e4020 Author: Viktor Szakats <[email protected]> Date: Sat Aug 26 09:48:34 2023 +0000 cmake: tidy-up `foreach()` syntax Use `IN LISTS` and `IN ITEMS`. This appears to be the preferred way within CMake's own source code and possibly improves readability. Fixup a side-effect of `IN LISTS`, where it retains empty values at the end of the list, as opposed to the syntax used before, which dropped it. In our case this happened with lines read from a text file via `file(READ)`. https://cmake.org/cmake/help/v3.7/command/foreach.html Closes #1180 commit 5754fed68644363cb25220fcf3dc86b5c376aa60 Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 21:12:25 2023 +0000 ci: replace `mv` + `chmod` with `install` in `Dockerfile` Cherry-picked from #1175 Closes #1175 commit 633db55f50f79f5cb08d4a7f73d57f2ca57958f1 Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 20:56:50 2023 +0000 ci: set file mode early in `appveyor_docker.yml` Also: - replace tab with spaces in generated config file - formatting Cherry-picked from #1175 commit a79218d3a058a333bb9de14079548a3511679a04 Author: Viktor Szakats <[email protected]> Date: Sun Aug 20 08:26:55 2023 +0000 ci: add spellcheck (codespell) Also rename a variable in `src/os400qc3.c` to avoid a false positive. Cherry-picked from #1175 commit a20572e9afbe53c04c84105327de68d39528ce53 Author: Viktor Szakats <[email protected]> Date: Tue Aug 22 16:43:16 2023 +0000 cmake: also test for `libssh2_VERSION` Cherry-picked from #1175 commit 87f5769b5158a81f7a21263b507e069b48f093c2 Author: Viktor Szakats <[email protected]> Date: Mon Aug 21 21:27:31 2023 +0000 cmake: show cmake versions in ci Cherry-picked from #1175 commit e61987a3bf5b0ba40357cd769e5a16c5257724fd Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 20:56:02 2023 +0000 tests: formatting and tidy-ups - Dockerfile: use standard sep with `sed` - Dockerfile: use single quotes in shell command - appveyor.yml: use long-form option with `choco` - tests/cmake: add language to test project - reuse.yml: fix indentation ``` $ yamllint reuse.yml reuse.yml [...] 11:5 error wrong indentation: expected 6 but found 4 (indentation) 15:5 error wrong indentation: expected 6 but found 4 (indentation) [...] 27:5 error wrong indentation: expected 6 but found 4 (indentation) ``` Cherry-picked from #1175 commit 1676a178140b0c755493af78899f6d4a10b466e8 Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 20:55:37 2023 +0000 openssl.c: whitespace fixes Cherry-picked from #1175 commit a95d401f1f1fef0ac342ca1c0c23586d39999b15 Author: Viktor Szakats <[email protected]> Date: Sun Aug 20 00:24:59 2023 +0000 checksrc: fix spelling in comment [ci skip] commit e9c7d3afa0bdf3a004846324213df938b94343b2 Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 13:20:03 2023 +0000 cmake: quote more strings Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1 Closes #1173 commit 6e3e883994eb34ecdf43c373cfac2700101a82bd Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 11:05:52 2023 +0000 drop `www.` from `www.libssh2.org` <https://www.libssh2.org/*> is now a 301 permanent redirect to <https://libssh2.org/*>. Update all references to point directly to the new destination. Ref: https://github.com/libssh2/www/commit/ccf4a7de7f702a8ee17e2c697bcbef47fcf485ed Closes #1172 commit aeaefaf6cc5f832dd24d7c6301ea6b5ae6e11496 Author: Viktor Szakats <[email protected]> Date: Thu Aug 17 23:02:35 2023 +0000 cmake: add `ExternalProject` integration test - via `ExternalProject_Add()`: https://cmake.org/cmake/help/latest/module/ExternalProject.html (as documented in `docs/INSTALL_CMAKE.md`) - also make `FetchContent` fetch from local repo instead of live master. Closes #1171 commit 8715c3d51b87ebe72c6eff7b1a71f4ce6c3afb9a Author: Viktor Szakats <[email protected]> Date: Wed Aug 16 13:22:30 2023 +0000 cmake: add integration tests Add a small project to test dependent/downstream CMake build using libssh2. Also added to the GHA CI, and you can also run it locally with `tests/cmake/test.sh`. Test three methods of integrating libssh2 into a project: - via `find_package()`: https://cmake.org/cmake/help/latest/command/find_package.html - via `add_subdirectory()`: https://cmake.org/cmake/help/latest/command/add_subdirectory.html - via `FetchContent`: https://cmake.org/cmake/help/latest/module/FetchContent.html Closes #1170 commit 4ff64ae3ca14a04c6914c45c48476a061723a872 Author: Viktor Szakats <[email protected]> Date: Wed Aug 16 06:38:22 2023 +0000 cmake: (re-)add aliases for `add_subdirectory()` builds Add internal libssh2 library aliases to make these available for downstream/dependent projects building libssh2 via `add_subdirectory()`: - `libssh2:libssh2_static` - `libssh2:libssh2_shared` - `libssh2:libssh2` (shared, or static when not building shared) - `libssh2` (shared, or static when not building shared) Of these, `libssh2` was present in v1.10.0 and earlier releases, but missing from v1.11.0. Closes #1169 commit 8eade0c9b75dff36e7c55edde03887d95a5ec260 Author: Viktor Szakats <[email protected]> Date: Wed Aug 16 06:36:10 2023 +0000 cmake: delete empty line [ci skip] Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1 commit 6eda1ee4337a57cb92b831ff2647b914b52ff14a Author: Viktor Szakats <[email protected]> Date: Tue Aug 15 21:58:18 2023 +0000 cmake: reflect minimum version in docs [ci skip] Follow-up to 9cd18f4578baa41dfca197f60557063cad12cd59 commit 3fa5282d6284efba62dc591697e6a687152bdcb1 Author: Viktor Szakats <[email protected]> Date: Thu Aug 10 12:38:24 2023 +0000 cmake: style tidy up - quote text literals to improve readability. (exceptions: `FILES` items, `add_subdirectory` names, `find_package` names, literal target names, version numbers, 0/1, built-in CMake values and CMake keywords, list items in `cmake/max_warnings.cmake`) - quote standalone variables that could break syntax on empty values. - replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`. - add missing mode to `message()` call. - `TRUE`/`FALSE` → `ON`/`OFF`. - add missing default value `OFF` to `option()` for clarity. - unfold some lines. - `INSTALL_CMAKE.md` fixes and updates. Show defaults. Closes #1166 commit 186c1d6394a75e52ea3becd4c11a32aaa6002a52 Author: Viktor Szakats <[email protected]> Date: Tue Aug 15 01:36:48 2023 +0000 wincng: prefer `ULONG`/`DWORD` over `unsigned long` To match with the types used by the `Crypt*()` (uses `DWORD`) and `BCrypt*()` (uses `ULONG`) Windows APIs. This patch doesn't change data width or signedness. Closes #1165 commit 7bb669b52adbb1d3d4e239f77544824e83f74209 Author: Viktor Szakats <[email protected]> Date: Mon Aug 14 23:23:06 2023 +0000 wincng: tidy-ups - make `_libssh2_wincng_key_sha_verify` static. - prefer `unsigned long` over `size_t` in two static functions. - prefer `ULONG` over `DWORD` to match `BCryptImportKeyPair()` and `BCryptGenerateKeyPair()`. - add a newline. Closes #1164 commit d43b8d9b0b9cd62668459fe5d582ed83aabf77e7 Author: Viktor Szakats <[email protected]> Date: Mon Aug 14 21:57:18 2023 +0000 ci: add MSYS builds (autotools and cmake) Use existing MSYS2 section and extend it with builds for the MSYS environment with both autotools and cmake. MSYS builds resemble Cygwin ones: The env is Unixy, where Windows headers are all available but we don't use them. Also: - extend existing autotools logic for Cygwin to skip detecting `windows.h` for MSYS targets too. - require `windows.h` for the WinCNG backend in autotools. Before this patch, autotools allowed selecting WinCNG on the Cygwin and MSYS platforms, but the builds then fell apart due to the resulting mixed Unixy + Windowsy environment. The general expectation for Cygwin/MSYS builds is not to use the Windows API directly in them. - stop manually selecting the `MSYS Makefiles` CMake generator for MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but it broke MSYS build which use `Unix Makefiles`. Deleting this setting fixes all build flavours. Closes #1162 commit 84912e2ed8a9e40016a1e0c381bacbba7cba52b5 Author: Viktor Szakats <[email protected]> Date: Mon Aug 14 23:07:21 2023 +0000 ci: cygwin job tidy-ups `CMAKE_C_COMPILER=gcc` not necessary, delete it. Follow-up to f1e96e733fefb495bc31b07f5c2a5845ff877c9c Cherry-picked from #1163 Closes #1163 commit f1e96e733fefb495bc31b07f5c2a5845ff877c9c Author: Viktor Szakats <[email protected]> Date: Mon Aug 14 21:22:00 2023 +0000 ci: add Cygwin builds (autotools and cmake) To avoid builds picking up non-Cygwin components coming by default with the CI machine, I used the solution recommended by Cygwin [1] and set `PATH` manually. To avoid repeating this for each step, I merged steps into a single one. Let us know if there is a more elegant way. Cygwin's Github Action uses cleartext HTTP. We upgrade this to HTTPS. autotools build seemed to take slightly longer than other jobs. To save turnaround time I disabled building tests. Cygwin package search: https://cygwin.com/cgi-bin2/package-grep.cgi [1] https://github.com/cygwin/cygwin-install-action/tree/v4#path Closes #1161 commit 5453fc8035b4aaad1a9bbfbeace4fac210fabde8 Author: Viktor Szakats <[email protected]> Date: Sun Aug 13 09:07:26 2023 +0000 cmake: add `LIB_NAME` variable It holds the name `libssh2`. Mainly to document its uses, and also syncing up with the same variable in libcurl. Closes #1159 commit c705ff3f370582d4363f53826c4fcb23af7ec3b7 Author: Viktor Szakats <[email protected]> Date: Fri Aug 11 21:57:33 2023 +0000 cmake: add one missed `PROJECT_NAME` variable Follow-up to 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c Closes #1158 commit ae7d51085e9e4e8c0d0ca3ded9dd7956f6f7d645 Author: Viktor Szakats <[email protected]> Date: Fri Aug 11 17:09:27 2023 +0000 cmake: tidy-up concatenation in `CMAKE_MODULE_PATH` Former solution was appending an empty element to the array if `CMAKE_MODULE_PATH` was originally empty. The new syntax doesn't have this side-effect. There is no known issue caused by this. Fixing it for good measure. Closes #1157 commit 1215aa5f46a603ce31e8b91b11ccd273a469350a Author: Viktor Szakats <[email protected]> Date: Thu Aug 10 02:33:24 2023 +0000 ci: add mingw-w64 UWP build Add a CI test for Windows UWP builds using mingw-w64. Before this patch we had UWP builds tested with MSVC only. Alike existing UWP jobs, it's not possible to run the binaries due to the missing UWP runtime DLL: https://github.com/libssh2/libssh2/actions/runs/5821297010/job/15783475118#step:11:42 We could install `winstorecompat-git` in the setup-msys2 step, but opted to do it manually to avoid the overhead for every matrix job. All this would work smoother with llvm-mingw, which features an UWP toolchain prefix and provides all necessary implibs by default. This also hit a CMake bug (with v3.26.4), where CMake gets confused and sets up `windres.exe` to use the MSVC rc.exe-style command-line: https://github.com/libssh2/libssh2/actions/runs/5819232677/job/15777236773#step:9:126 Notice that MS "sunset" UWP in 2021: https://github.com/microsoft/WindowsAppSDK/discussions/1615 If this particular CI job turns out to be not worth the maintenance burden or CPU time, or too much of a hack, feel free to delete it. Ref: https://github.com/libssh2/libssh2/pull/1147#issuecomment-1670850890 Closes #1155 commit 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c Author: Viktor Szakats <[email protected]> Date: Wed Aug 9 11:23:37 2023 +0000 cmake: replace `libssh2` literals with `PROJECT_NAME` variable Where applicable. This also makes it more obvious which `libssh2` uses were referring to the pr…
commit f0e23dae9128185d1af4345360f0bd712d593a07 Author: Viktor Szakats <[email protected]> Date: Sat Dec 9 21:37:39 2023 +0000 RELEASE-NOTES: synced [ci skip] Closes #1279 commit d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a Author: Michael Buckley <[email protected]> Date: Thu Nov 30 15:08:02 2023 -0800 src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" Refs: https://terrapin-attack.com/ https://seclists.org/oss-sec/2023/q4/292 https://osv.dev/list?ecosystem=&q=CVE-2023-48795 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 Fixes #1290 Closes #1291 commit c0f69548be902147ce014ffa40b8db3cf1d4b0b4 Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 15:29:00 2023 +0000 session: add `libssh2_session_callback_set2()` Add new `libssh2_session_callback_set2()` API that deprecates `libssh2_session_callback_set()`. The new implementation offers the same functionality, but accepts and returns a generic function pointer (of type `libssh2_cb_generic *`), as opposed to the old function that used data pointers (`void *`). The new solution thus avoids data to function (and vice versa) pointer conversions, which has undefined behaviour in standard C. About the name: It seems the `*2` suffix was used in the past for replacement functions for deprecated ones. Let's stick with that. `*_ex` was preferred for new functions that extend existing ones with new features. Closes #1285 commit 3ec53f3ea26f61cbf2e0fbbeccb852fca7f9b156 Author: Viktor Szakats <[email protected]> Date: Thu Dec 14 16:46:09 2023 +0000 build: enable `-pedantic-errors` According to the manual, this isn't the same as `-Werror -pedantic`. Enable it together with `-Werror`. https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-pedantic-errors-1 This option results in autotools feature detection going into crazies. To avoid this, we add it to `CFLAGS` late. Idea copied from curl. This option has an effect only with gcc 5.0 and newer as of this commit. Let's enable it for clang and older versions too for simplicity. Ref: https://github.com/curl/curl/commit/d5c0351055d5709da8f3e16c91348092fdb481aa https://github.com/curl/curl/pull/2747 Closes #1286 commit f8c457943997b1f034993950e48ec19f90d2a7a1 Author: Viktor Szakats <[email protected]> Date: Thu Dec 14 22:54:22 2023 +0000 build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute And fix the warning it detected. Closes #1287 commit 9839ebe5e9f2df84459dd0f71eceb1bbc3c5d5eb Author: Viktor Szakats <[email protected]> Date: Sat Dec 16 12:25:51 2023 +0000 libssh2.h: add deprecated function warnings With deprecated-at versions and suggested replacement function. It's possible to silence them by defining `LIBSSH2_DISABLE_DEPRECATION`. Also add depcreated-at versions to documentation, and unify wording. Ref: https://github.com/libssh2/libssh2/pull/1260#issuecomment-1837017987 Closes #1289 commit fc24735f618af190823657cb75919b830d6c44cf Author: Viktor Szakats <[email protected]> Date: Thu Dec 14 19:18:15 2023 +0000 ci/spellcheck: delete redundant option [ci skip] `--check-hidden` not necessary when passing filenames explicitly. Follow-up to a79218d3a058a333bb9de14079548a3511679a04 commit 7010049969592f7c355cf062e68c18c8003ed605 Author: Viktor Szakats <[email protected]> Date: Thu Dec 14 20:14:55 2023 +0000 tidy-up: add empty line for clarity [ci skip] commit ac68fbe475e6e02f43610367fe28257a8924a4ec Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 06:32:54 2023 +0000 build: FIXME `-Wsign-conversion` to be errors [ci skip] commit 6e451669eabcc5ec1ed5c7979c96945092120e9a Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 01:34:35 2023 +0000 src: disable `-Wsign-conversion` warnings, add option to re-enable To avoid the log noise till we fix those ~360 compiler warnings. Also add macro `LIBSSH2_WARN_SIGN_CONVERSION` to re-enable them. Follow-up to afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257 Closes #1284 commit 0f45dafe5eb95d0d2f6c9369e9d2c69c7b7ed79c Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 02:41:05 2023 +0000 cmake: fix indentation [ci skip] commit 94b6bad3c8aa17fc852d86efa52c28c4f105531f Author: Viktor Szakats <[email protected]> Date: Wed Dec 13 00:14:45 2023 +0000 example, tests: call `WSACleanup()` for each `WSAStartup()` On Windows. Closes #1283 commit 52c382f7aae2a8bff4ce3b4b83d18dde30ea11e2 Author: Viktor Szakats <[email protected]> Date: Sat Dec 9 21:01:49 2023 +0000 RELEASE-NOTES: update credits [ci skip] Ref: https://github.com/libssh2/libssh2/pull/1241#issuecomment-1830118584 commit b77504837cade82c004b71b74a26a8bb76c04793 Author: Viktor Szakats <[email protected]> Date: Sat Dec 9 19:00:31 2023 +0000 RELEASE-NOTES: avoid splitting names, fix typo, refine order [ci skip] commit 747862c0e2b7c1ed0650860df3f8b4e385a221f1 Author: Viktor Szakats <[email protected]> Date: Sat Dec 9 17:37:17 2023 +0000 RELEASE-NOTES: synced [ci skip] commit 28dbf01667d8b28d0d9606c9fd474553b93e67a5 Author: Viktor Szakats <[email protected]> Date: Fri Dec 8 02:22:48 2023 +0000 add portable `LIBSSH2_SOCKET_CLOSE()` macro Add `LIBSSH2_SOCKET_CLOSE()` to the public `libssh2.h` header, for user code. It translates to `closesocket()` on Windows and `close()` on other platforms. Use it in example code. It makes them more readable by reducing the number of `_WIN32` guards. Closes #1278 commit 46333adfb81dabc139d7ee88e510798dd7bc61fe Author: Viktor Szakats <[email protected]> Date: Thu Dec 7 20:49:34 2023 +0000 ci: add FreeBSD 14 job, fix issues - install bash to fix error when running tests: ``` ERROR: test_sshd.test - missing test plan ERROR: test_sshd.test - exited with status 127 (command not found?) ===================================== [...] # TOTAL: 4 # PASS: 2 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 2 [...] env: bash: No such file or directory ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998 - fix sshd issue when running tests: ``` # sshd log: # Server listening on :: port 4711. # Server listening on 0.0.0.0 port 4711. # Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub # Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059 Cherry-picked from #1277 Closes #1277 commit 5e0ec99134cf5800b70df947d04daff57b9bbc30 Author: Viktor Szakats <[email protected]> Date: Thu Dec 7 21:06:09 2023 +0000 ci: add OmniOS job, fix issues - use GNU Make, to avoid errors: ``` make: Fatal error in reader: Makefile, line 983: Badly formed macro assignment ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429838379#step:3:1956 Caused by `?=` in `Makefile.am`. Fix it just in case. ``` make: Fatal error in reader: Makefile, line 438: Unexpected end of line seen ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7135524843/job/19432451767#step:3:1966 It's around line 43 in `Makefile.am`, reason undiscovered. - fix error: ``` ../../src/hostkey.c:1227:44: error: pointer targets in passing argument 5 of '_libssh2_ed25519_sign' differ in signedness [-Werror=pointer-sign] 1227 | datavec[0].iov_base, datavec[0].iov_len); | ~~~~~~~~~~^~~~~~~~~ | | | caddr_t {aka char *} ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7135102832/job/19431233967#step:3:2225 https://docs.oracle.com/cd/E36784_01/html/E36887/iovec-9s.html - FIXME: new `-Wsign-conversion` warnings appeared in examples: ``` ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] 251 | FD_SET(forwardsock, &fds); | ^~~~~~ ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:251:9: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] 259 | if(rc && FD_ISSET(forwardsock, &fds)) { | ^~~~~~~~ ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion] [...] ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7136086865/job/19433997429#step:3:3450 Cherry-picked from #1277 commit 3f60ccb76bc825899fe9f933b9355d4ad6ca9766 Author: Viktor Szakats <[email protected]> Date: Fri Dec 8 01:07:57 2023 +0000 example: use `libssh2_socket_t` in X11 example Cherry-picked from #1277 commit 798ed4a7e54ddb87b3ec2342a453b66cf2945bc7 Author: Aaron Stone <[email protected]> Date: Fri Jun 2 13:37:14 2023 -0700 Handle EINTR from send/recv/poll/select to try again as the error is not fatal Integration-patches-by: Viktor Szakats Fixes #955 Closes #1058 commit d0a7f1da2104ca8b15263aa143a9bc42ea2081af Author: Viktor Szakats <[email protected]> Date: Wed Dec 6 11:35:22 2023 +0000 appveyor: delete UWP job broken since Visual Studio upgrade Few days ago UWP job started permafailing. fail: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48678129/job/yb8n2pox8mfjwv6m good: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48673013 Other projects also affected: https://ci.appveyor.com/project/c-ares/c-ares/builds/48687390/job/l0fo4b0sijvqkw9r No related local update. Same CMake version. Same CI image. This seems to be the culprit, which could mean that this update broke CMake detection, needs a different CMake configuration on our end, or that this MSVC update pulled support for UWP apps: fail: -- The C compiler identification is MSVC 19.38.33130.0 (~ Visual Studio 2022 v17.8) good: -- The C compiler identification is MSVC 19.37.32825.0 (~ Visual Studio 2022 v17.7) If this is v17.8, release notes don't readily suggest a feature removal: https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.8 So it might just be UWP accidentally broken in this release. Closes #1275 commit 8cd473c9303007b925d61658846a3f2bccf67735 Author: Viktor Szakats <[email protected]> Date: Wed Dec 6 01:10:03 2023 +0000 checksrc: sync with curl Closes #1272 commit e051ae343aca7bee7f586b1ace41f6a827fa011d Author: Viktor Szakats <[email protected]> Date: Tue Dec 5 23:41:39 2023 +0000 autotools: delete `--disable-tests` option, fix CI tests Originally added to improve build performance by skipping building tests. But, there seems to be no point in this, because autotools doesn't build tests by default, unless explicitly invoking `make check`. Delete this option from Cygwin and FreeBSD CI tests, where it caused `make check` to do nothing. Tests are built now, and runtime tests are too, where supported. Also disable Docker-based tests for these, and add a missing `make -j3` for FreeBSD. Reverts 7483edfada1f7e17cf8f9ac1c87ffa3d814c987e #715 Closes #1271 commit b1414503f51c9421557a3d4784b113a84d42c003 Author: ren mingshuai <[email protected]> Date: Wed Dec 6 07:14:53 2023 +0800 build: add `LIBSSH2_NO_DEPRECATED` option (#1266) The following APIs have been deprecated for over 10 years and use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated: libssh2_session_startup() libssh2_banner_set() libssh2_channel_receive_window_adjust() libssh2_channel_handle_extended_data() libssh2_scp_recv() Add these options to disable them: - autotools: `--disable-deprecated` - cmake: `-DLIBSSH2_NO_DEPRECATED=ON` - `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED` Fixes #1259 Replaces #1260 Co-authored-by: Viktor Szakats Closes #1267 commit a3f5594a96bca6f56356c997ab463ff165360990 Author: Viktor Szakats <[email protected]> Date: Mon Dec 4 22:46:01 2023 +0000 autotools: show the default for `hidden-symbols` option Closes #1269 commit 2e5a8719d7db495ae346ce58388f875386233300 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 19:29:28 2023 +0000 tidy-up: bump casts from int to long for large C99 types in printfs Cast large integer types to avoid dealing with printf masks for `size_t` and other C99 types. Some of existing code used `int` for this, bump them to `long`. Ref: afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257 Closes #1264 commit afa6b865604019ab27ec033294edfe3ded9ae0c0 Author: Viktor Szakats <[email protected]> Date: Thu Nov 30 23:35:11 2023 +0000 build: enable missing OpenSSF-recommended warnings, with fixes Ref: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html (2023-11-29) Enable new warnings: - replace `-Wno-sign-conversion` with `-Wsign-conversion`. Fix them in example, tests and wincng. There remain about 360 of these warnings in `src`. Add a TODO item for those and disable `-Werror` for this particular warning. - enable `-Wformat=2` for clang (in both cmake and autotools). - enable `__attribute__((format))` for `_libssh2_debug()`, `_libssh2_snprintf()` and in tests for `run_command()`. `LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. Fix them: - src: replace obsolete fall-through-comments with `__attribute__((fallthrough))`. - wincng: fix `-Wsign-conversion` warnings. - tests: fix `-Wsign-conversion` warnings. - example: fix `-Wsign-conversion` warnings. - src: fix `-Wformat` issues in trace calls. Also, where necessary fix `int` and `unsigned char` casts to `unsigned int` and adjust printf format strings. These were not causing compiler warnings. Cast large types to `long` to avoid dealing with printf masks for `size_t` and other C99 types. Existing code often used `int` for this. I'll update them to `long` in an upcoming commit. - tests: fix `-Wformat` warning. - silence `-Wformat-nonliteral` warnings. - mbedtls: silence `-Wsign-conversion`/`-Warith-conversion` in external header. Closes #1257 commit e0a0466490dc6b669a2b2ce4f62745dea5e0b8f3 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 17:27:23 2023 +0000 packet: whitespace fix Tested via #1257 commit b136c37998c152530c44672252be511ed2d4a10f Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 14:41:33 2023 +0000 tidy-up: unsigned -> unsigned int In the `interval` argument of public `libssh2_keepalive_config()`. Tested via #1257 commit eb996af851c046d040f89caedde0e28c7a7cf84d Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 14:44:50 2023 +0000 tests: sync port number type with the rest of codebase Tested via #1257 commit ecdf519911a62dc3051bb0e645defe2b56543912 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 17:02:13 2023 +0000 autotools: enable `-Wunused-macros` with gcc It works with gcc without the libtool warnings seen with clang on Windows in 96682bd5e14c20828e18bf10ed5b4b5c7543924a #1227. Sync usage of of this macro with CMake and autotools + clang + non-Windows. Making it enabled everywhere except autotools + clang + Windows due to the libtool stub issue. Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Closes #1262 commit 0b4bdc856f9e06a75e6675aad9d7f777ac3eb060 Author: Viktor Szakats <[email protected]> Date: Sat Dec 2 03:16:08 2023 +0000 TODO: disable or drop weak algos [ci skip] Closes #1261 commit 744e059f310ab7832f6781f673474e2924d02b4e Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 03:19:04 2023 +0000 example, tests: fix/silence `-Wformat-truncation=2` gcc warnings Then sync this warning option with curl. Seems like a false positive and/or couldn't figure how to fix it, so silence: ``` example/ssh2.c:227:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=] 227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey); | ^~ example/ssh2.c:227:34: note: assuming directive output of 1 byte 227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey); | ^~~~~~~ example/ssh2.c:227:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2 227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ example/ssh2.c:228:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=] 228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey); | ^~ example/ssh2.c:228:34: note: assuming directive output of 1 byte 228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey); | ^~~~~~~ example/ssh2.c:228:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2 228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205970397#step:10:98 Fix: ``` tests/openssh_fixture.c:116:38: error: ' 2>&1' directive output may be truncated writing 5 bytes into a region of size between 1 and 1024 [-Werror=format-truncation=] tests/openssh_fixture.c:116:11: note: 'snprintf' output between 6 and 1029 bytes into a destination of size 1024 ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205969221#step:10:51 Tested via #1257 commit 2e57dcb9d2c2826a3cfdad65f72e6003313eaa64 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 12:55:12 2023 +0000 example: fix indentation follow-up Fix long line and fix more indentations. Follow-up to 9e896e1b80911a53d6aabb322e034e6ca51b6898 commit 9e896e1b80911a53d6aabb322e034e6ca51b6898 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 09:41:39 2023 +0000 example: fix indentation Tested via #1257 commit 6c53815aa78daa66c4c84ee0a6caf3efa8651998 Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 04:28:59 2023 +0000 autotools: fix missed `-pedantic` and `-Wall` options for gcc Follow-up to 5996fefe2bad80cfba85b2569ce6ab6ef575142c #1223 Tested via #1257 commit c9124088099627c39917e093479f2692dce6588b Author: Viktor Szakats <[email protected]> Date: Fri Dec 1 04:38:16 2023 +0000 ci: show compiler in cross/cygwin job names Tested via #1257 commit 4be5e33ae10431f90f9ffe0d6cba44b64dcd630e Author: Viktor Szakats <[email protected]> Date: Thu Nov 30 23:54:58 2023 +0000 mbedtls: further improve disabling `-Wredundant-decls` Move warning option suppression to `src/mbedtls.h` to surround the actual external header #includes that need it. Follow-up to ecec68a2c13a9c63fe8c2dc457ae785a513e157c #1226 Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Tested via #1257 commit 8d69e63db9e2e759e3f973fbbc154e2ec1528f83 Author: ren mingshuai <[email protected]> Date: Fri Dec 1 11:52:12 2023 +0800 example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (#1258) libssh2_scp_recv is deprecated and has been replaced by libssh2_scp_recv2 in prior commit. Follow-up to 6c84a426beb494980579e5c1d244ea54d3fc1a3f commit 363dcbf449c0c7b13c6526d7af84c6f1db2691cc Author: Viktor Szakats <[email protected]> Date: Fri Nov 24 23:33:22 2023 +0000 openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job - use OpenSSL 3 API when available for HMAC. This fixes building with OpenSSL 3 `no-deprecated` builds. - ensure we support pure OpenSSL 3 API by adding a CI job using OpenSSL 3 custom-built with `no-deprecated`. Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207 Fixes #1235 Closes #1243 commit 66108f02f0569efced1bdd6e9e8c29f2991c5b24 Author: Viktor Szakats <[email protected]> Date: Sun Nov 26 12:00:20 2023 +0000 ci: restore lost comment for FreeBSD [ci skip] Follow-up to eee4e8055ab375c9f9061d4feb39086737f41a9c commit 0c9a8e3590051bfb80acbb2146388c8fe883b2f8 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 23:47:57 2023 +0000 ci: add OpenBSD (v7.4) job + fix build error in example - Use CMake, LibreSSL and clang from the base install. - This uncovered a build error in `example/subsystem_netconf.c`, caused by using the `%n` printf mask. This is a security risk and some systems (notably OpenBSD) disable this feature. Fix it by applying this patch from OpenBSD ports (from 2021-09-11): https://cvsweb.openbsd.org/ports/security/libssh2/patches/patch-example_subsystem_netconf_c?rev=1.1&content-type=text/x-cvsweb-markup https://github.com/openbsd/ports/commit/2c5b2f3e94381914a3e8ade960ce8c997ca9d6d7 "The old code is also broken, as it passes a pointer to a variable of a different size (on LP64). There is no check for truncation, but buf[] is 1MB in size." Patch-by: naddy ``` /home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:252:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror] "]]>]]>\n%n", (int *)&len); ~^ /home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:270:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror] "]]>]]>\n%n", (int *)&len); ~^ 2 errors generated. ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6991449778/job/19022024280#step:3:420 Also made tests with arm64, but it takes consistently almost 14m to finish the job, vs. 2-3m for the native amd64: https://github.com/libssh2/libssh2/actions/runs/6991648984/job/19022440525 https://github.com/libssh2/libssh2/actions/runs/6991551220/job/19022233651 Cherry-picked from #1250 Closes #1250 commit 65c7a7a55af037bcc9ee67c2f69ecdb9109ecbb1 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 23:43:22 2023 +0000 ci: add NetBSD (v9.3) job Use CMake, OpenSSL (v1.1) and clang from the base install. Cherry-picked from #1250 commit eee4e8055ab375c9f9061d4feb39086737f41a9c Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 23:39:29 2023 +0000 ci: update and speed up FreeBSD job - switch to an alternate GitHub action. This one seems (more) actively maintained, and runs faster: https://github.com/cross-platform-actions/action - use clang instead of gcc. clang is already present in the base install, saving install time and bandwidth. - stop installing `openssl-quictls` and use the OpenSSL (v1.1) from the base system. (I'm suspecting that quictls before this patch wasn't detected by the build.) https://wiki.freebsd.org/OpenSSL Cherry-picked from #1250 commit c6589b8823e9d4a282587a6a5dab831b54d412c0 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 11:52:00 2023 +0000 stop using leading underscores in macro names Underscored macros are reserved for the compiler / standard lib / etc. Stop using them in user code. We used them as header guards in `src` and in `__FILESIZE` in `example`. Closes #1248 commit 7494881617223bc05aa9c94ceaa6b068e2008be2 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 11:03:50 2023 +0000 ci: use absolute path in `CMAKE_INSTALL_PREFIX` To make the installed locations unambiguous in the build logs. Closes #1247 commit efee91333b7d641fbfb1ba471fb00d8161d4013c Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 03:49:49 2023 +0000 openssl: make a function static, add `#ifdef` comments Follow-up to 03092292597ac601c3f9f0c267ecb145dda75e4e #248 where the function was added. Also add comments to make `#ifdef` branches easier to follow in `openssl.h`. Closes #1246 commit 236e79a115791194368b45751e3ec9452d6d73d9 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 10:35:26 2023 +0000 ci: boost mbedTLS build speed Build times down to 4 seconds (from 18-20). Closes #1245 commit 82581941d6cd91cd00cf6d8bee1b2a660864ca19 Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 00:26:40 2023 +0000 openssl: fix DSA code to use OpenSSL 3 API - fix missing `DSA` type when building for OpenSSL 3 `no-deprecated`. - fix fallouts after fixing the above by switching away from `DSA` with OpenSSL 3. Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207 Closes #1244 commit d2ef66473ca6f3521eb739eceddf0cba4c44bbed Author: Viktor Szakats <[email protected]> Date: Sat Nov 25 00:35:43 2023 +0000 openssl: formatting (delete empty lines) [ci skip] commit 5326a5ce262b0a27dbd4714dc370d85814297f55 Author: Viktor Szakats <[email protected]> Date: Thu Nov 23 23:00:13 2023 +0000 tests: fall back to `$LOGNAME` for username If the `$USER` variable is empty, fall back to using `$LOGNAME` to retrieve the logged-in username. In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and on some systems it may not be set. Without this value, tests were unable to provide the correct username when logging into the SSH server running under the active user's session. Reported-by: Nicolas Mora Suggested-by: Nicolas Mora Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348 Fixes #1240 Closes #1241 commit 631e7734c8d850cd0c8e7a27d4dc524915e20b09 Author: Viktor Szakats <[email protected]> Date: Tue Nov 21 20:32:12 2023 +0000 libssh2.h: use `_WIN32` for Windows detection instead of rolling our own Sync up `libssh2.h` Windows detection with the libssh2 source code. `libssh2.h` was using `WIN32` and `LIBSSH2_WIN32` for Windows detection, next to the official `_WIN32`. After this patch it only uses `_WIN32` for this. Also, make it stop defining `LIBSSH2_WIN32`. There is a slight chance these break compatibility with Windows compilers that fail to define `_WIN32`. I'm not aware of any obsolete or modern compiler affected, but in case there is one, one possible solution is to define this macro manually. Closes #1238 commit 487152f4fa8bc155fc6cb8a03896947425dc0632 Author: Viktor Szakats <[email protected]> Date: Tue Nov 21 22:30:59 2023 +0000 openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build Fixes: ``` src/openssl.c:650:5: error: use of undeclared identifier 'EC_KEY' EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); ^ src/openssl.c:650:13: error: use of undeclared identifier 'ec_key' EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); ^ src/openssl.c:650:22: error: implicit declaration of function 'EC_KEY_new_by_curve_name' is invalid in C99 [-Werror,-Wimplicit-function-declaration] EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); ^ src/openssl.c:650:22: note: did you mean 'EC_GROUP_new_by_curve_name'? ./quictls/_a64-mac-sys/usr/include/openssl/ec.h:483:11: note: 'EC_GROUP_new_by_curve_name' declared here EC_GROUP *EC_GROUP_new_by_curve_name(int nid); ^ In file included from ./_a64-mac-sys-bld/src/CMakeFiles/libssh2_static.dir/Unity/unity_0_c.c:19: In file included from src/crypto.c:10: src/openssl.c:652:8: error: use of undeclared identifier 'ec_key' if(ec_key) { ^ ``` Ref: https://github.com/curl/curl-for-win/actions/runs/6950001225/job/18909297867#step:3:4341 Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207 Bug #1235 Closes #1236 commit 910ed9b0355cb8b9f2c71e00333426f1ee5f5bb7 Author: Viktor Szakats <[email protected]> Date: Tue Nov 21 23:31:22 2023 +0000 openssl: formatting Sync up these lines with the other two similar occurrences in the code. Cherry-picked from #1236 commit b0ab005fe79260e6e9fe08f8d73b58dd4856943d Author: Michael Buckley <[email protected]> Date: Tue Nov 21 09:33:01 2023 -0800 openssl: use non-deprecated APIs with OpenSSL 3.x (#1207) Assisted-by: Viktor Szakats commit c9dd3566b2247083f75e1304b7365ee9c8ed3e34 Author: Viktor Szakats <[email protected]> Date: Tue Nov 21 00:39:44 2023 +0000 ci: add BoringSSL job (cmake, gcc, amd64) Closes #1233 commit 89ccc83c7da73e7ca3a112e350008131942b592e Author: Viktor Szakats <[email protected]> Date: Mon Nov 20 02:06:37 2023 +0000 autotools: fix dotless gcc and Apple clang version detections - fix parsing dotless (major-only) gcc versions. Follow-up to 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad #1187 - sync gcc detection variable names with curl. - fix Apple clang version detection for releases between 'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the version was under-detected as 3.7 llvm/clang equivalent. - fix Apple clang version detection for 'Apple clang version 11.0.0' and newer where the Apple clang version was detected, instead of its llvm/clang equivalent. - revert to show `clang` instead of `Apple clang`, because we follow it with an llvm/clang version number. (Apple-ness still visible in raw version.) Used this collection for Apple clang / llvm/clang translation and test inputs: https://gist.github.com/yamaya/2924292 Closes #1232 commit e9017b10460857cf148f94716356907f60884a3f Author: Viktor Szakats <[email protected]> Date: Mon Nov 20 01:48:17 2023 +0000 acinclude.m4: revert accidental edit [ci skip] Follow-up to 8c320a93a48775b74f40415e46f84bf68b4d5ae8 commit fb58016180090a5baea21d69f0d14b07b7f01ef4 Author: Viktor Szakats <[email protected]> Date: Sun Nov 19 18:04:57 2023 +0000 autotools: show more clang/gcc version details Also: - show if we detected Apple clang. - delete duplicate version detection for clang. Closes #1230 commit 8c320a93a48775b74f40415e46f84bf68b4d5ae8 Author: Viktor Szakats <[email protected]> Date: Sat Nov 18 16:04:19 2023 +0000 acinclude.m4: re-sync with curl [ci skip] commit 96682bd5e14c20828e18bf10ed5b4b5c7543924a Author: Viktor Szakats <[email protected]> Date: Fri Nov 17 21:13:30 2023 +0000 autotools: avoid warnings in libtool stub code Seen on Windows with clang64, in libtool-generated stub code for examples and tests. The error didn't break the CI job for some reason. msys2 (autotools, clang64, clang-x86_64: ``` [...] 2023-11-17T20:14:17.8639574Z ./.libs/lt-test_read.c:91:10: error: macro is not used [-Werror,-Wunused-macros] [...] 2023-11-17T20:14:39.8729255Z ./.libs/lt-sftp_write_nonblock.c:91:10: error: macro is not used [-Werror,-Wunused-macros] [...] ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6908585056/job/18798193405?pr=1226#step:8:474 Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Closes #1227 commit ecec68a2c13a9c63fe8c2dc457ae785a513e157c Author: Viktor Szakats <[email protected]> Date: Fri Nov 17 20:04:52 2023 +0000 mbedtls: improve disabling `-Wredundant-decls` Disable these warnings specifically for the mbedTLS public headers and leave it on for the the rest of the code. This also fixes this issue for autotools. Previous solution was globally disabling this warning for the whole code when using mbedTLS and only with CMake. Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Closes #1226 commit 64d6789f71aa4db25c6903c5e0180790bb12782e Author: Viktor Szakats <[email protected]> Date: Thu Nov 16 14:38:44 2023 +0000 cmake: rename picky warnings script To match the camel-case style used in other CMake scripts and also to match the name used in curl. Closes #1225 commit 7ecc309cd10454c54814b478c4f85d0041da6721 Author: Viktor Szakats <[email protected]> Date: Thu Nov 16 00:54:25 2023 +0000 build: enable more compiler warnings and fix them Enable more picky compiler warnings. I've found these options in the nghttp3 project when implementing the CMake quick picky warning functionality for it. Fix issues found along the way: - wincng, mbedtls: delete duplicate function declarations. Most of this was due to re-#defining crypto functions to crypto-backend specific implementations These redefines also remapped the declarations in `crypto.h`, making the backend-specific declarations duplicates. This patch deletes the backend-specific declarations. - wincng mapped two crypto functions to the same local function. Also causing double declarations. Fix this by adding two disctinct wrappers and moving the common function to a static one. - delete unreachable `break;` statements. - kex: disable macros when unused. - agent: disable unused constants. - mbedtls: disable double declaration warnings because public mbedTLS headers trigger it. (with function `psa_set_key_domain_parameters`) - crypto.h: formatting. Ref: https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake Closes #1224 commit 5996fefe2bad80cfba85b2569ce6ab6ef575142c Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 23:15:17 2023 +0000 autotools: sync warning enabler code with curl Tiny changes and minor updates to bring this code closer to curl's `m4/curl-compilers.m4`. Closes #1223 commit e645fa95f361d70bf1bf014d418b89b72b7e9d8c Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 22:51:41 2023 +0000 acinclude.m4: fix indentation [ci skip] Also match indentation of curl's `m4/curl-compilers.m4` for easier syncing. commit ce5f208a556c92672a959cc7ed879dcdec5836a0 Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 20:28:55 2023 +0000 autotool: rename variable `WARN` -> `tmp_CFLAGS` To match curl and make syncing this code easier. Ref: https://github.com/curl/curl/blob/d1820768cce0e797d1f072343868ce1902170e93/m4/curl-compilers.m4#L479 Closes #1222 commit cdca8cff886ce71fb9b8d0c56cdf9774b5a7d355 Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 18:43:51 2023 +0000 autotools: picky warning options tidy-up - sync clang warning version limits with CMake. - make `WARN=` vs. `CURL_ADD_COMPILER_WARNINGS()` consistent with curl and between clang and gcc (`WARN=` is for `no-` options in general). Closes #1221 commit 328a96b3daf92efc867cde2eee651c48958f31ea Author: Viktor Szakats <[email protected]> Date: Wed Nov 15 00:36:55 2023 +0000 build: picky warning updates - cmake, autotools: sync picky gcc warnings with curl. - cmake, autotools: add `-Wold-style-definition` for clang too. - cmake, autotools: add comment for `-Wformat-truncation=1`. - cmake: more precise version info for old clang options. Closes #1219 commit fea6664e1bbf52cb9a02fceadc81f6f56c3fd7b9 Author: Viktor Szakats <[email protected]> Date: Fri Nov 10 15:41:05 2023 +0000 ci: fixup FreeBSD version, bump mbedtls We haven't been using the FreeBSD version. Also it turns out, the single version supported is 13.2 at the moment: https://github.com/vmactions/freebsd-vm/tree/main/conf Stop trying to set the version and instead rely on the action providing the latest supported one automatically. Follow-up to a7d2a573be26238cc2b55e5ff6649bbe620cb8d9 Also: - add more details to the FreeBSD job description. - bump mbedtls version while here. Closes #1217 commit 932d6a32779a39aa6109e2d7aff8b2b6123df4f4 Author: Viktor Szakats <[email protected]> Date: Thu Nov 9 18:59:01 2023 +0000 cmake: fix multiple include of libssh2 package Also extend our integration test double inclusion. It will still not catch this case, because that requires `cmake_minimum_required(VERSION 3.18)` or higher. Fixes: ``` CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:8 (add_library): add_library cannot create ALIAS target "libssh2::libssh2" because another target with the same name already exists. Call Stack (most recent call first): CMakeLists.txt:24 (find_package) CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:13 (add_library): add_library cannot create ALIAS target "Libssh2::libssh2" because another target with the same name already exists. Call Stack (most recent call first): CMakeLists.txt:24 (find_package) ``` Test to reproduce: ```cmake cmake_minimum_required(VERSION 3.18) # must be 3.18 or higher project(test) find_package(libssh2 CONFIG) find_package(libssh2 CONFIG) # fails add_executable(test main.c) target_link_libraries(test libssh2::libssh2) ``` Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html Assisted-by: Kai Pastor Assisted-by: Harry Mallon Ref: https://github.com/curl/curl/pull/11913 Closes #1216 commit a7d2a573be26238cc2b55e5ff6649bbe620cb8d9 Author: Viktor Szakats <[email protected]> Date: Wed Nov 8 18:17:22 2023 +0000 ci: add FreeBSD 13.2 job It runs over Linux via qemu. First two runs were (very) slow, then it became (much) more performant at just 2x slower than a native Linux build. Then got slow again, then fast again. Still seems acceptable for the value this adds. The build uses autotools and quictls. Successful builds: 1. https://github.com/libssh2/libssh2/actions/runs/6802676786/job/18496286419 (13m59s, -j3) 2. https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497243225 (11m5s, -j2) 3. https://github.com/libssh2/libssh2/actions/runs/6803142201/job/18497785049 (3m6s, -j1) 4. https://github.com/libssh2/libssh2/actions/runs/6803194839/job/18497962766 (3m10s, -j2) 5. https://github.com/libssh2/libssh2/actions/runs/6803267201/job/18498208501 (3m13s) 6. https://github.com/libssh2/libssh2/actions/runs/6803510333/job/18498993698 (15m25s) 7. https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528571057 (3m13s) Similar solution exists for Solaris (over macOS via VirtualBox), but it hangs forever at `Waiting for text: solaris console login`: https://github.com/libssh2/libssh2/actions/runs/6802388128/job/18495391869#step:4:185 Idea taken from LibreSSL. FIXME: Unrelated, the `distcheck` job became flaky in recent days: https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497256437#step:10:536 ``` FAIL: test_auth_pubkey_ok_rsa_aes256gcm ``` https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528588933#step:10:533 ``` FAIL: test_read ``` Closes #1215 commit b9a4ed83b4b7fbef4f95e77ff1eab850dfcbac27 Author: Viktor Szakats <[email protected]> Date: Wed Nov 8 03:24:09 2023 +0000 reuse: fix duplicate copyright warning ``` PendingDeprecationWarning: Copyright and licensing information for 'tests/openssh_server/Dockerfile' has been found in both 'tests/openssh_server/Dockerfile' and in the DEP5 file located at '.reuse/dep5'. The information for these two sources has been aggregated. In the future this behaviour will change, and you will need to explicitly enable aggregation. [...] ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6789274955/job/18456085964#step:4:4 commit 43485579609a833827736e8205fe29956900ed74 Author: Viktor Szakats <[email protected]> Date: Sat Oct 28 11:36:31 2023 +0000 Makefile.mk: delete Windows-focused raw GNU Make build We recommend using CMake instead. Especially in unity mode, it's faster and probably more familiar for most. It's also easily portable. (`Makefile.mk` was also portable, but in practice only usable for Windows. Other platforms required a manual config header.) Also: - migrate `LIBSSH2_NO_*` option CI tests to CMake. - make MSYS2 CMake builds verbose to show compilation options. Closes #1204 commit bfa00f1bd5abce93cd95055c8b71791816b3c655 Author: Viktor Szakats <[email protected]> Date: Mon Nov 6 12:18:25 2023 +0000 tidy-up: around `stdint.h` - os400: delete unused `HAVE_STDINT_H`. - fuzz: delete redundant `stdint.h` use. `inttypes.h` is already included via `testinput.h`. - docs/TODO: adjust type in planned function. Closes #1212 commit 20387285d300c74160f655b72ad5d762ee56166b Author: Viktor Szakats <[email protected]> Date: Mon Nov 6 00:41:17 2023 +0000 cmake: show crypto backend in feature summary This was visible as an enabled package before this patch, but it missed to show WinCNG. Closes #1211 commit a3ffc4221d7ed4619c1e5e4557287204868e443b Author: Viktor Szakats <[email protected]> Date: Fri Nov 3 11:04:22 2023 +0000 man: fix double spaces and dash escaping - `- ` -> `- ` - `. ` -> `. ` - `\- ` -> `- ` - `-1` -> `\-1` - fold long lines along the way This makes the minus sign come out as a Unicode minus sign (0x2212), and title separator dashes as Unicode hyphen (0x2010), with `groff -Tutf8` v1.23.0. Ref: https://lwn.net/Articles/947941/ Closes #1210 commit 8cca7b77527861395de6278b27fa825df3b5b835 Author: Viktor Szakats <[email protected]> Date: Tue Oct 31 22:41:05 2023 +0000 src: fix gcc 13 `-Wconversion` warning on Darwin ``` src/session.c: In function 'libssh2_poll': src/session.c:1776:22: warning: conversion from 'long int' to '__darwin_suseconds_t' {aka 'int'} may change value [-Wconversion] 1776 | tv.tv_usec = (timeout_remaining % 1000) * 1000; | ^ ``` Ref: https://github.com/curl/curl-for-win/actions/runs/6711735060/job/18239768548#step:3:4368 Follow-up to 08354e0abbe86d4cc5088d210d53531be6d8981a Closes #1209 commit bf285500e603b77229bbaf9a87fe7f724bb5ffaa Author: Viktor Szakats <[email protected]> Date: Mon Oct 30 17:42:32 2023 +0000 openssl: silence `-Wunused-value` warnings Seen with gcc 12. Manual: https://www.openssl.org/docs/man3.1/man3/BIO_reset.html ``` ./quictls/linux-a64-musl/usr/include/openssl/bio.h:555:34: warning: value computed is not used [-Wunused-value] 555 | # define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./libssh2/src/openssl.c:3518:5: note: in expansion of macro 'BIO_reset' ./libssh2/src/openssl.c:3884:5: note: in expansion of macro 'BIO_reset' ./libssh2/src/openssl.c:3995:5: note: in expansion of macro 'BIO_reset' ``` Ref: https://github.com/curl/curl-for-win/actions/runs/6696392318/job/18194032712#step:3:5060 Closes #1205 commit f64e6318f031a15d7e727d6f4864a3d2e973aab0 Author: Viktor Szakats <[email protected]> Date: Mon Oct 30 11:23:47 2023 +0000 Makefile.am: fix `cp` to preserve attributes and timestamp commit fc00bdd7f195fc6511d18d11cad2801b56c5549e Author: Viktor Szakats <[email protected]> Date: Sat Oct 7 15:32:39 2023 +0000 cmake: simplify showing CMake version Move it to `CMakeLists.txt`. Drop `cmake --version` commands. Credit to the `zlib-ng` project for the idea: https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078bd1399/CMakeLists.txt#L7 Closes #1203 commit 5e19044282c219ddb1fedddd8eaba0b4c0256a95 Author: Viktor Szakats <[email protected]> Date: Sat Oct 7 09:19:49 2023 +0000 ci: mbedtls 3.5.0 v3.5.0 needs extra compiler option for i386 to avoid: ``` #error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C" ``` Closes #1202 commit 2cd2f40e37ab7e3880bc9504c6d7cda5a188fed7 Author: Viktor Szakats <[email protected]> Date: Sat Oct 7 09:47:58 2023 +0000 tests: show cmake version used in integration tests Closes #1201 commit a9a79e7a41f2c80b487ede854ffcad90a7634e7b Author: Viktor Szakats <[email protected]> Date: Tue Oct 3 13:46:01 2023 +0000 readme.vms: fix typo [ci skip] Detected by codespell 2.2.6 commit 06fd721f08f058b3bb83fc5d0e1c50736b28cb26 Author: Viktor Szakats <[email protected]> Date: Sat Sep 30 19:03:37 2023 +0000 appveyor: YAML/PowerShell formatting, shorten variable name - use single-quotes in yaml and PowerShell. - shorten a variable name. - use indentation 2 for scripts. - use C else-style in PowerShell. Closes #1200 commit d468a33f620d56f2fc67ee98cd50b9039d2ecf6e Author: Viktor Szakats <[email protected]> Date: Sat Sep 30 14:58:51 2023 +0000 ci: update actions, use shallow clones with appveyor - update GitHub Actions to their latest versions. - use shallow git clones in AppVeyor CI to save data over the wire. Closes #1199 commit 8a081fd98b015e4a5375bfec1c295e0b7e2e4e6c Author: Viktor Szakats <[email protected]> Date: Fri Sep 29 20:07:36 2023 +0000 appveyor: move to pure PowerShell - replace batch commands with PowerShell. - merge separate command entries into single PowerShell blocks. Closes #1197 commit 6fbc9505d8a4179ab6a1d44c7df9bb9af6bdc9ba Author: Viktor Szakats <[email protected]> Date: Fri Sep 29 08:43:40 2023 +0000 windows: use built-in `_WIN32` macro to detect Windows Instead of `WIN32`. The compiler defines `_WIN32`. Windows SDK headers or build env defines `WIN32`, or we have to take care of it. The agreement seems to be that `_WIN32` is the preferred practice here. Minor downside is that CMake uses `WIN32` and we also adopted it in `Makefile.mk`. In public libssh2 headers we stick with accepting either `_WIN32` or `WIN32` and define our own namespaced `LIBSSH2_WIN32` based on them. grepping for `WIN32` remains useful to detect Windows-specific code. Closes #1195 commit 4c241d5c65c754141243bebdafa900472b23b68f Author: Viktor Szakats <[email protected]> Date: Fri Sep 29 09:27:34 2023 +0000 cmake: cleanup mbedTLS version detection more - lowercase, underscored local variables. - fix `find_library()` to use the multiple names passed. - rely more on `find_package_handle_standard_args()`. Logic based on our `Findwolfssl.cmake`. - delete ignored/unused `MBEDTLS_LIBRARY_DIR`. - revert CI configuration to use `MBEDCRTYPO_LIBRARY`. - clarify inputs/outputs in comment header. - use variable for regex. - formatting. Follow-up to 41594675072c578294674230d4cf5f47fa828778 #1192 Closes #1196 commit 30eef0a630ab3cc408f06d9b32fa19f647008df7 Author: Viktor Szakats <[email protected]> Date: Thu Sep 28 18:32:37 2023 +0000 cmake: delete duplicate `include()` commit 41594675072c578294674230d4cf5f47fa828778 Author: Viktor Szakats <[email protected]> Date: Thu Sep 28 13:09:36 2023 +0000 cmake: improve/fix mbedTLS detection - libssh2 needs the crypto lib only, stop dealing with the rest. - simplify logic. - drop hard-wired toolchain specific options that broke with e.g. MSVC. Reported by: AR Visions Fixes #1191 - add mbedTLS version detection for recent releases. - merge custom detection results display into a single line. - shorten mbedTLS configuration in macOS CI job. Used the curl mbedTLS detection logic for ideas: https://github.com/curl/curl/blob/a8c773845f4fdbfb09b08a6ec4b656c812568995/CMake/FindMbedTLS.cmake Closes #1192 commit 67e39091b2fa3b87e22895cdbdeda20e4b2403b1 Author: concussious <[email protected]> Date: Sat Sep 23 19:00:14 2023 -0400 libssh2_session_get_blocking.3: Add description (#1185) commit 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad Author: Viktor Szakats <[email protected]> Date: Thu Sep 21 08:14:38 2023 +0000 autotools: fix selecting wincng in cross-builds (and more) - Fix explicitly selecting WinCNG in autotools cross-builds by moving `windows.h` header check before the WinCNG availability check. Follow-up to d43b8d9b0b9cd62668459fe5d582ed83aabf77e7 Reported-by: Jack L Fixes #1186 - Add Linux -> mingw-w64 cross-builds for autotools and CMake. This doesn't detect #1186, because that happened when explicitly specifying WinCNG via `--with-crypto=wincng`, but not when falling back to WinCNG by default. - autotools: fix to strip suffix from gcc version Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu may return `n-win32` (also with `-dumpfullversion`). Causing these errors and failing to enable picky warnings: ``` ../configure: line 23845: test: : integer expression expected ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143 Fix that by stripping any dash-suffix. gcc version detection is still half broken because we translate '10' to '10.10' because `cut -d. -f2` returns the first word if the delimiter missing. More possible `-dumpversion` output: `10-posix`, `10-win32`, `9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0` Ref: https://github.com/mamedev/mame/pull/9767 Closes #1187 commit 88a960a86b9ffbabd17a4bbcf767e26514c4678e Author: Michael Buckley <[email protected]> Date: Mon Aug 28 16:47:21 2023 -0700 Properly bounds check packet_authagent_open() (#1179) * Properly bounds check packet_authagent_open * packet.c: use strlen instead of sizeof for strings * Make LIBSSH_CHANNEL's channel_type_len a size_t * packet_authagent_open: use size_t for offset Credit: Michael Buckley, signed off by Will Cosgrove commit a790d3784eca821aeaee0b5db54cbf037780676f Author: Viktor Szakats <[email protected]> Date: Mon Aug 28 23:20:53 2023 +0000 os400qc3: move FIXME comment [ci skip] Follow-up to eb9f9de2c19ec67d12a444cce34bdd059fd26ddc commit eb9f9de2c19ec67d12a444cce34bdd059fd26ddc Author: Viktor Szakats <[email protected]> Date: Sat Aug 26 21:56:23 2023 +0000 md5: allow disabling old-style encrypted private keys at build-time Before this patch, this happened at runtime when using an old (pre-3.0), FIPS-enabled OpenSSL backend. This patch makes it possible to disable this via the build-time option `LIBSSH2_NO_MD5_PEM`. Also: - make sure to exclude all MD5 internal APIs when both the above and `LIBSSH2_NO_MD5` are enabled. - fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM` and `LIBSSH2_NO_3DES`. - add FIXME to apply this change to `os400qc3.*`. Old-style encrypted private keys require MD5 and they look like this: ``` -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,<MD5-hex> <base64> -----END RSA PRIVATE KEY----- ``` E.g.: `tests/key_rsa_encrypted` Ref: https://github.com/libssh2/www/issues/20 Closes #1181 commit 4a64ca14302e5105c168de3f8f6cc0cbe27e4020 Author: Viktor Szakats <[email protected]> Date: Sat Aug 26 09:48:34 2023 +0000 cmake: tidy-up `foreach()` syntax Use `IN LISTS` and `IN ITEMS`. This appears to be the preferred way within CMake's own source code and possibly improves readability. Fixup a side-effect of `IN LISTS`, where it retains empty values at the end of the list, as opposed to the syntax used before, which dropped it. In our case this happened with lines read from a text file via `file(READ)`. https://cmake.org/cmake/help/v3.7/command/foreach.html Closes #1180 commit 5754fed68644363cb25220fcf3dc86b5c376aa60 Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 21:12:25 2023 +0000 ci: replace `mv` + `chmod` with `install` in `Dockerfile` Cherry-picked from #1175 Closes #1175 commit 633db55f50f79f5cb08d4a7f73d57f2ca57958f1 Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 20:56:50 2023 +0000 ci: set file mode early in `appveyor_docker.yml` Also: - replace tab with spaces in generated config file - formatting Cherry-picked from #1175 commit a79218d3a058a333bb9de14079548a3511679a04 Author: Viktor Szakats <[email protected]> Date: Sun Aug 20 08:26:55 2023 +0000 ci: add spellcheck (codespell) Also rename a variable in `src/os400qc3.c` to avoid a false positive. Cherry-picked from #1175 commit a20572e9afbe53c04c84105327de68d39528ce53 Author: Viktor Szakats <[email protected]> Date: Tue Aug 22 16:43:16 2023 +0000 cmake: also test for `libssh2_VERSION` Cherry-picked from #1175 commit 87f5769b5158a81f7a21263b507e069b48f093c2 Author: Viktor Szakats <[email protected]> Date: Mon Aug 21 21:27:31 2023 +0000 cmake: show cmake versions in ci Cherry-picked from #1175 commit e61987a3bf5b0ba40357cd769e5a16c5257724fd Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 20:56:02 2023 +0000 tests: formatting and tidy-ups - Dockerfile: use standard sep with `sed` - Dockerfile: use single quotes in shell command - appveyor.yml: use long-form option with `choco` - tests/cmake: add language to test project - reuse.yml: fix indentation ``` $ yamllint reuse.yml reuse.yml [...] 11:5 error wrong indentation: expected 6 but found 4 (indentation) 15:5 error wrong indentation: expected 6 but found 4 (indentation) [...] 27:5 error wrong indentation: expected 6 but found 4 (indentation) ``` Cherry-picked from #1175 commit 1676a178140b0c755493af78899f6d4a10b466e8 Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 20:55:37 2023 +0000 openssl.c: whitespace fixes Cherry-picked from #1175 commit a95d401f1f1fef0ac342ca1c0c23586d39999b15 Author: Viktor Szakats <[email protected]> Date: Sun Aug 20 00:24:59 2023 +0000 checksrc: fix spelling in comment [ci skip] commit e9c7d3afa0bdf3a004846324213df938b94343b2 Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 13:20:03 2023 +0000 cmake: quote more strings Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1 Closes #1173 commit 6e3e883994eb34ecdf43c373cfac2700101a82bd Author: Viktor Szakats <[email protected]> Date: Fri Aug 18 11:05:52 2023 +0000 drop `www.` from `www.libssh2.org` <https://www.libssh2.org/*> is now a 301 permanent redirect to <https://libssh2.org/*>. Update all references to point directly to the new destination. Ref: https://github.com/libssh2/www/commit/ccf4a7de7f702a8ee17e2c697bcbef47fcf485ed Closes #1172 commit aeaefaf6cc5f832dd24d7c6301ea6b5ae6e11496 Author: Viktor Szakats <[email protected]> Date: Thu Aug 17 23:02:35 2023 +0000 cmake: add `ExternalProject` integration test - via `ExternalProject_Add()`: https://cmake.org/cmake/help/latest/module/ExternalProject.html (as documented in `docs/INSTALL_CMAKE.md`) - also make `FetchContent` fetch from local repo instead of live master. Closes #1171 commit 8715c3d51b87ebe72c6eff7b1a71f4ce6c3afb9a Author: Viktor Szakats <[email protected]> Date: Wed Aug 16 13:22:30 2023 +0000 cmake: add integration tests Add a small project to test dependent/downstream CMake build using libssh2. Also added to the GHA CI, and you can also run it locally with `tests/cmake/test.sh`. Test three methods of integrating libssh2 into a project: - via `find_package()`: https://cmake.org/cmake/help/latest/command/find_package.html - via `add_subdirectory()`: https://cmake.org/cmake/help/latest/command/add_subdirectory.html - via `FetchContent`: https://cmake.org/cmake/help/latest/module/FetchContent.html Closes #1170 commit 4ff64ae3ca14a04c6914c45c48476a061723a872 Author: Viktor Szakats <[email protected]> Date: Wed Aug 16 06:38:22 2023 +0000 cmake: (re-)add aliases for `add_subdirectory()` builds Add internal libssh2 library aliases to make these available for downstream/dependent projects building libssh2 via `add_subdirectory()`: - `libssh2:libssh2_static` - `libssh2:libssh2_shared` - `libssh2:libssh2` (shared, or static when not building shared) - `libssh2` (shared, or static when not building shared) Of these, `libssh2` was present in v1.10.0 and earlier releases, but missing from v1.11.0. Closes #1169 commit 8eade0c9b75dff36e7c55edde03887d95a5ec260 Author: Viktor Szakats <[email protected]> Date: Wed Aug 16 06:36:10 2023 +0000 cmake: delete empty line [ci skip] Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1 commit 6eda1ee4337a57cb92b831ff2647b914b52ff14a Author: Viktor Szakats <[email protected]> Date: Tue Aug 15 21:58:18 2023 +0000 cmake: reflect minimum version in docs [ci skip] Follow-up to 9cd18f4578baa41dfca197f60557063cad12cd59 commit 3fa5282d6284efba62dc591697e6a687152bdcb1 Author: Viktor Szakats <[email protected]> Date: Thu Aug 10 12:38:24 2023 +0000 cmake: style tidy up - quote text literals to improve readability. (exceptions: `FILES` items, `add_subdirectory` names, `find_package` names, literal target names, version numbers, 0/1, built-in CMake values and CMake keywords, list items in `cmake/max_warnings.cmake`) - quote standalone variables that could break syntax on empty values. - replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`. - add missing mode to `message()` call. - `TRUE`/`FALSE` → `ON`/`OFF`. - add missing default value `OFF` to `option()` for clarity. - unfold some lines. - `INSTALL_CMAKE.md` fixes and updates. Show defaults. Closes #1166 commit 186c1d6394a75e52ea3becd4c11a32aaa6002a52 Author: Viktor Szakats <[email protected]> Date: Tue Aug 15 01:36:48 2023 +0000 wincng: prefer `ULONG`/`DWORD` over `unsigned long` To match with the types used by the `Crypt*()` (uses `DWORD`) and `BCrypt*()` (uses `ULONG`) Windows APIs. This patch doesn't change data width or signedness. Closes #1165 commit 7bb669b52adbb1d3d4e239f77544824e83f74209 Author: Viktor Szakats <[email protected]> Date: Mon Aug 14 23:23:06 2023 +0000 wincng: tidy-ups - make `_libssh2_wincng_key_sha_verify` static. - prefer `unsigned long` over `size_t` in two static functions. - prefer `ULONG` over `DWORD` to match `BCryptImportKeyPair()` and `BCryptGenerateKeyPair()`. - add a newline. Closes #1164 commit d43b8d9b0b9cd62668459fe5d582ed83aabf77e7 Author: Viktor Szakats <[email protected]> Date: Mon Aug 14 21:57:18 2023 +0000 ci: add MSYS builds (autotools and cmake) Use existing MSYS2 section and extend it with builds for the MSYS environment with both autotools and cmake. MSYS builds resemble Cygwin ones: The env is Unixy, where Windows headers are all available but we don't use them. Also: - extend existing autotools logic for Cygwin to skip detecting `windows.h` for MSYS targets too. - require `windows.h` for the WinCNG backend in autotools. Before this patch, autotools allowed selecting WinCNG on the Cygwin and MSYS platforms, but the builds then fell apart due to the resulting mixed Unixy + Windowsy environment. The general expectation for Cygwin/MSYS builds is not to use the Windows API directly in them. - stop manually selecting the `MSYS Makefiles` CMake generator for MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but it broke MSYS build which use `Unix Makefiles`. Deleting this setting fixes all build flavours. Closes #1162 commit 84912e2ed8a9e40016a1e0c381bacbba7cba52b5 Author: Viktor Szakats <[email protected]> Date: Mon Aug 14 23:07:21 2023 +0000 ci: cygwin job tidy-ups `CMAKE_C_COMPILER=gcc` not necessary, delete it. Follow-up to f1e96e733fefb495bc31b07f5c2a5845ff877c9c Cherry-picked from #1163 Closes #1163 commit f1e96e733fefb495bc31b07f5c2a5845ff877c9c Author: Viktor Szakats <[email protected]> Date: Mon Aug 14 21:22:00 2023 +0000 ci: add Cygwin builds (autotools and cmake) To avoid builds picking up non-Cygwin components coming by default with the CI machine, I used the solution recommended by Cygwin [1] and set `PATH` manually. To avoid repeating this for each step, I merged steps into a single one. Let us know if there is a more elegant way. Cygwin's Github Action uses cleartext HTTP. We upgrade this to HTTPS. autotools build seemed to take slightly longer than other jobs. To save turnaround time I disabled building tests. Cygwin package search: https://cygwin.com/cgi-bin2/package-grep.cgi [1] https://github.com/cygwin/cygwin-install-action/tree/v4#path Closes #1161 commit 5453fc8035b4aaad1a9bbfbeace4fac210fabde8 Author: Viktor Szakats <[email protected]> Date: Sun Aug 13 09:07:26 2023 +0000 cmake: add `LIB_NAME` variable It holds the name `libssh2`. Mainly to document its uses, and also syncing up with the same variable in libcurl. Closes #1159 commit c705ff3f370582d4363f53826c4fcb23af7ec3b7 Author: Viktor Szakats <[email protected]> Date: Fri Aug 11 21:57:33 2023 +0000 cmake: add one missed `PROJECT_NAME` variable Follow-up to 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c Closes #1158 commit ae7d51085e9e4e8c0d0ca3ded9dd7956f6f7d645 Author: Viktor Szakats <[email protected]> Date: Fri Aug 11 17:09:27 2023 +0000 cmake: tidy-up concatenation in `CMAKE_MODULE_PATH` Former solution was appending an empty element to the array if `CMAKE_MODULE_PATH` was originally empty. The new syntax doesn't have this side-effect. There is no known issue caused by this. Fixing it for good measure. Closes #1157 commit 1215aa5f46a603ce31e8b91b11ccd273a469350a Author: Viktor Szakats <[email protected]> Date: Thu Aug 10 02:33:24 2023 +0000 ci: add mingw-w64 UWP build Add a CI test for Windows UWP builds using mingw-w64. Before this patch we had UWP builds tested with MSVC only. Alike existing UWP jobs, it's not possible to run the binaries due to the missing UWP runtime DLL: https://github.com/libssh2/libssh2/actions/runs/5821297010/job/15783475118#step:11:42 We could install `winstorecompat-git` in the setup-msys2 step, but opted to do it manually to avoid the overhead for every matrix job. All this would work smoother with llvm-mingw, which features an UWP toolchain prefix and provides all necessary implibs by default. This also hit a CMake bug (with v3.26.4), where CMake gets confused and sets up `windres.exe` to use the MSVC rc.exe-style command-line: https://github.com/libssh2/libssh2/actions/runs/5819232677/job/15777236773#step:9:126 Notice that MS "sunset" UWP in 2021: https://github.com/microsoft/WindowsAppSDK/discussions/1615 If this particular CI job turns out to be not worth the maintenance burden or CPU time, or too much of a hack, feel free to delete it. Ref: https://github.com/libssh2/libssh2/pull/1147#issuecomment-1670850890 Closes #1155 commit 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c Author: Viktor Szakats <[email protected]> Date: Wed Aug 9 11:23:37 2023 +0000 cmake: replace `libssh2` literals with `PROJECT_NAME` variable Where applicable. This also makes it more obvious which `libssh2` uses were referring to the pr…
Before this patch, this happened at runtime when using an old (pre-3.0), FIPS-enabled OpenSSL backend. This patch makes it possible to disable this via the build-time option `LIBSSH2_NO_MD5_PEM`. Also: - make sure to exclude all MD5 internal APIs when both the above and `LIBSSH2_NO_MD5` are enabled. - fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM` and `LIBSSH2_NO_3DES`. - add FIXME to apply this change to `os400qc3.*`. Old-style encrypted private keys require MD5 and they look like this: ``` -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,<MD5-hex> <base64> -----END RSA PRIVATE KEY----- ``` E.g.: `tests/key_rsa_encrypted` Ref: libssh2/www#20 Closes libssh2#1181
libssh is said to have this in the comparison table.
But FIPS is a property of the crypto library mostly, isn't it? Ie: in what way is libssh more FIPS ready than libssh2?
The text was updated successfully, but these errors were encountered: