From 81e0e8d96db5f4df8c6a032e0856b95f172f4436 Mon Sep 17 00:00:00 2001 From: Anders Borum Date: Tue, 19 Dec 2023 14:36:52 +0100 Subject: [PATCH] Squashed commit of the following: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit f0e23dae9128185d1af4345360f0bd712d593a07 Author: Viktor Szakats Date: Sat Dec 9 21:37:39 2023 +0000 RELEASE-NOTES: synced [ci skip] Closes #1279 commit d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a Author: Michael Buckley Date: Thu Nov 30 15:08:02 2023 -0800 src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" Refs: https://terrapin-attack.com/ https://seclists.org/oss-sec/2023/q4/292 https://osv.dev/list?ecosystem=&q=CVE-2023-48795 https://github.com/advisories/GHSA-45x7-px36-x8w8 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795 Fixes #1290 Closes #1291 commit c0f69548be902147ce014ffa40b8db3cf1d4b0b4 Author: Viktor Szakats Date: Wed Dec 13 15:29:00 2023 +0000 session: add `libssh2_session_callback_set2()` Add new `libssh2_session_callback_set2()` API that deprecates `libssh2_session_callback_set()`. The new implementation offers the same functionality, but accepts and returns a generic function pointer (of type `libssh2_cb_generic *`), as opposed to the old function that used data pointers (`void *`). The new solution thus avoids data to function (and vice versa) pointer conversions, which has undefined behaviour in standard C. About the name: It seems the `*2` suffix was used in the past for replacement functions for deprecated ones. Let's stick with that. `*_ex` was preferred for new functions that extend existing ones with new features. Closes #1285 commit 3ec53f3ea26f61cbf2e0fbbeccb852fca7f9b156 Author: Viktor Szakats Date: Thu Dec 14 16:46:09 2023 +0000 build: enable `-pedantic-errors` According to the manual, this isn't the same as `-Werror -pedantic`. Enable it together with `-Werror`. https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-pedantic-errors-1 This option results in autotools feature detection going into crazies. To avoid this, we add it to `CFLAGS` late. Idea copied from curl. This option has an effect only with gcc 5.0 and newer as of this commit. Let's enable it for clang and older versions too for simplicity. Ref: https://github.com/curl/curl/commit/d5c0351055d5709da8f3e16c91348092fdb481aa https://github.com/curl/curl/pull/2747 Closes #1286 commit f8c457943997b1f034993950e48ec19f90d2a7a1 Author: Viktor Szakats Date: Thu Dec 14 22:54:22 2023 +0000 build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute And fix the warning it detected. Closes #1287 commit 9839ebe5e9f2df84459dd0f71eceb1bbc3c5d5eb Author: Viktor Szakats Date: Sat Dec 16 12:25:51 2023 +0000 libssh2.h: add deprecated function warnings With deprecated-at versions and suggested replacement function. It's possible to silence them by defining `LIBSSH2_DISABLE_DEPRECATION`. Also add depcreated-at versions to documentation, and unify wording. Ref: https://github.com/libssh2/libssh2/pull/1260#issuecomment-1837017987 Closes #1289 commit fc24735f618af190823657cb75919b830d6c44cf Author: Viktor Szakats Date: Thu Dec 14 19:18:15 2023 +0000 ci/spellcheck: delete redundant option [ci skip] `--check-hidden` not necessary when passing filenames explicitly. Follow-up to a79218d3a058a333bb9de14079548a3511679a04 commit 7010049969592f7c355cf062e68c18c8003ed605 Author: Viktor Szakats Date: Thu Dec 14 20:14:55 2023 +0000 tidy-up: add empty line for clarity [ci skip] commit ac68fbe475e6e02f43610367fe28257a8924a4ec Author: Viktor Szakats Date: Wed Dec 13 06:32:54 2023 +0000 build: FIXME `-Wsign-conversion` to be errors [ci skip] commit 6e451669eabcc5ec1ed5c7979c96945092120e9a Author: Viktor Szakats Date: Wed Dec 13 01:34:35 2023 +0000 src: disable `-Wsign-conversion` warnings, add option to re-enable To avoid the log noise till we fix those ~360 compiler warnings. Also add macro `LIBSSH2_WARN_SIGN_CONVERSION` to re-enable them. Follow-up to afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257 Closes #1284 commit 0f45dafe5eb95d0d2f6c9369e9d2c69c7b7ed79c Author: Viktor Szakats Date: Wed Dec 13 02:41:05 2023 +0000 cmake: fix indentation [ci skip] commit 94b6bad3c8aa17fc852d86efa52c28c4f105531f Author: Viktor Szakats Date: Wed Dec 13 00:14:45 2023 +0000 example, tests: call `WSACleanup()` for each `WSAStartup()` On Windows. Closes #1283 commit 52c382f7aae2a8bff4ce3b4b83d18dde30ea11e2 Author: Viktor Szakats Date: Sat Dec 9 21:01:49 2023 +0000 RELEASE-NOTES: update credits [ci skip] Ref: https://github.com/libssh2/libssh2/pull/1241#issuecomment-1830118584 commit b77504837cade82c004b71b74a26a8bb76c04793 Author: Viktor Szakats Date: Sat Dec 9 19:00:31 2023 +0000 RELEASE-NOTES: avoid splitting names, fix typo, refine order [ci skip] commit 747862c0e2b7c1ed0650860df3f8b4e385a221f1 Author: Viktor Szakats Date: Sat Dec 9 17:37:17 2023 +0000 RELEASE-NOTES: synced [ci skip] commit 28dbf01667d8b28d0d9606c9fd474553b93e67a5 Author: Viktor Szakats Date: Fri Dec 8 02:22:48 2023 +0000 add portable `LIBSSH2_SOCKET_CLOSE()` macro Add `LIBSSH2_SOCKET_CLOSE()` to the public `libssh2.h` header, for user code. It translates to `closesocket()` on Windows and `close()` on other platforms. Use it in example code. It makes them more readable by reducing the number of `_WIN32` guards. Closes #1278 commit 46333adfb81dabc139d7ee88e510798dd7bc61fe Author: Viktor Szakats Date: Thu Dec 7 20:49:34 2023 +0000 ci: add FreeBSD 14 job, fix issues - install bash to fix error when running tests: ``` ERROR: test_sshd.test - missing test plan ERROR: test_sshd.test - exited with status 127 (command not found?) ===================================== [...] # TOTAL: 4 # PASS: 2 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 2 [...] env: bash: No such file or directory ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998 - fix sshd issue when running tests: ``` # sshd log: # Server listening on :: port 4711. # Server listening on 0.0.0.0 port 4711. # Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub # Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059 Cherry-picked from #1277 Closes #1277 commit 5e0ec99134cf5800b70df947d04daff57b9bbc30 Author: Viktor Szakats Date: Thu Dec 7 21:06:09 2023 +0000 ci: add OmniOS job, fix issues - use GNU Make, to avoid errors: ``` make: Fatal error in reader: Makefile, line 983: Badly formed macro assignment ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429838379#step:3:1956 Caused by `?=` in `Makefile.am`. Fix it just in case. ``` make: Fatal error in reader: Makefile, line 438: Unexpected end of line seen ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7135524843/job/19432451767#step:3:1966 It's around line 43 in `Makefile.am`, reason undiscovered. - fix error: ``` ../../src/hostkey.c:1227:44: error: pointer targets in passing argument 5 of '_libssh2_ed25519_sign' differ in signedness [-Werror=pointer-sign] 1227 | datavec[0].iov_base, datavec[0].iov_len); | ~~~~~~~~~~^~~~~~~~~ | | | caddr_t {aka char *} ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7135102832/job/19431233967#step:3:2225 https://docs.oracle.com/cd/E36784_01/html/E36887/iovec-9s.html - FIXME: new `-Wsign-conversion` warnings appeared in examples: ``` ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] 251 | FD_SET(forwardsock, &fds); | ^~~~~~ ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:251:9: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] 259 | if(rc && FD_ISSET(forwardsock, &fds)) { | ^~~~~~~~ ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion] ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion] [...] ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7136086865/job/19433997429#step:3:3450 Cherry-picked from #1277 commit 3f60ccb76bc825899fe9f933b9355d4ad6ca9766 Author: Viktor Szakats Date: Fri Dec 8 01:07:57 2023 +0000 example: use `libssh2_socket_t` in X11 example Cherry-picked from #1277 commit 798ed4a7e54ddb87b3ec2342a453b66cf2945bc7 Author: Aaron Stone Date: Fri Jun 2 13:37:14 2023 -0700 Handle EINTR from send/recv/poll/select to try again as the error is not fatal Integration-patches-by: Viktor Szakats Fixes #955 Closes #1058 commit d0a7f1da2104ca8b15263aa143a9bc42ea2081af Author: Viktor Szakats Date: Wed Dec 6 11:35:22 2023 +0000 appveyor: delete UWP job broken since Visual Studio upgrade Few days ago UWP job started permafailing. fail: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48678129/job/yb8n2pox8mfjwv6m good: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48673013 Other projects also affected: https://ci.appveyor.com/project/c-ares/c-ares/builds/48687390/job/l0fo4b0sijvqkw9r No related local update. Same CMake version. Same CI image. This seems to be the culprit, which could mean that this update broke CMake detection, needs a different CMake configuration on our end, or that this MSVC update pulled support for UWP apps: fail: -- The C compiler identification is MSVC 19.38.33130.0 (~ Visual Studio 2022 v17.8) good: -- The C compiler identification is MSVC 19.37.32825.0 (~ Visual Studio 2022 v17.7) If this is v17.8, release notes don't readily suggest a feature removal: https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.8 So it might just be UWP accidentally broken in this release. Closes #1275 commit 8cd473c9303007b925d61658846a3f2bccf67735 Author: Viktor Szakats Date: Wed Dec 6 01:10:03 2023 +0000 checksrc: sync with curl Closes #1272 commit e051ae343aca7bee7f586b1ace41f6a827fa011d Author: Viktor Szakats Date: Tue Dec 5 23:41:39 2023 +0000 autotools: delete `--disable-tests` option, fix CI tests Originally added to improve build performance by skipping building tests. But, there seems to be no point in this, because autotools doesn't build tests by default, unless explicitly invoking `make check`. Delete this option from Cygwin and FreeBSD CI tests, where it caused `make check` to do nothing. Tests are built now, and runtime tests are too, where supported. Also disable Docker-based tests for these, and add a missing `make -j3` for FreeBSD. Reverts 7483edfada1f7e17cf8f9ac1c87ffa3d814c987e #715 Closes #1271 commit b1414503f51c9421557a3d4784b113a84d42c003 Author: ren mingshuai Date: Wed Dec 6 07:14:53 2023 +0800 build: add `LIBSSH2_NO_DEPRECATED` option (#1266) The following APIs have been deprecated for over 10 years and use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated: libssh2_session_startup() libssh2_banner_set() libssh2_channel_receive_window_adjust() libssh2_channel_handle_extended_data() libssh2_scp_recv() Add these options to disable them: - autotools: `--disable-deprecated` - cmake: `-DLIBSSH2_NO_DEPRECATED=ON` - `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED` Fixes #1259 Replaces #1260 Co-authored-by: Viktor Szakats Closes #1267 commit a3f5594a96bca6f56356c997ab463ff165360990 Author: Viktor Szakats Date: Mon Dec 4 22:46:01 2023 +0000 autotools: show the default for `hidden-symbols` option Closes #1269 commit 2e5a8719d7db495ae346ce58388f875386233300 Author: Viktor Szakats Date: Fri Dec 1 19:29:28 2023 +0000 tidy-up: bump casts from int to long for large C99 types in printfs Cast large integer types to avoid dealing with printf masks for `size_t` and other C99 types. Some of existing code used `int` for this, bump them to `long`. Ref: afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257 Closes #1264 commit afa6b865604019ab27ec033294edfe3ded9ae0c0 Author: Viktor Szakats Date: Thu Nov 30 23:35:11 2023 +0000 build: enable missing OpenSSF-recommended warnings, with fixes Ref: https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html (2023-11-29) Enable new warnings: - replace `-Wno-sign-conversion` with `-Wsign-conversion`. Fix them in example, tests and wincng. There remain about 360 of these warnings in `src`. Add a TODO item for those and disable `-Werror` for this particular warning. - enable `-Wformat=2` for clang (in both cmake and autotools). - enable `__attribute__((format))` for `_libssh2_debug()`, `_libssh2_snprintf()` and in tests for `run_command()`. `LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl. - enable `-Wimplicit-fallthrough`. - enable `-Wtrampolines`. Fix them: - src: replace obsolete fall-through-comments with `__attribute__((fallthrough))`. - wincng: fix `-Wsign-conversion` warnings. - tests: fix `-Wsign-conversion` warnings. - example: fix `-Wsign-conversion` warnings. - src: fix `-Wformat` issues in trace calls. Also, where necessary fix `int` and `unsigned char` casts to `unsigned int` and adjust printf format strings. These were not causing compiler warnings. Cast large types to `long` to avoid dealing with printf masks for `size_t` and other C99 types. Existing code often used `int` for this. I'll update them to `long` in an upcoming commit. - tests: fix `-Wformat` warning. - silence `-Wformat-nonliteral` warnings. - mbedtls: silence `-Wsign-conversion`/`-Warith-conversion` in external header. Closes #1257 commit e0a0466490dc6b669a2b2ce4f62745dea5e0b8f3 Author: Viktor Szakats Date: Fri Dec 1 17:27:23 2023 +0000 packet: whitespace fix Tested via #1257 commit b136c37998c152530c44672252be511ed2d4a10f Author: Viktor Szakats Date: Fri Dec 1 14:41:33 2023 +0000 tidy-up: unsigned -> unsigned int In the `interval` argument of public `libssh2_keepalive_config()`. Tested via #1257 commit eb996af851c046d040f89caedde0e28c7a7cf84d Author: Viktor Szakats Date: Fri Dec 1 14:44:50 2023 +0000 tests: sync port number type with the rest of codebase Tested via #1257 commit ecdf519911a62dc3051bb0e645defe2b56543912 Author: Viktor Szakats Date: Fri Dec 1 17:02:13 2023 +0000 autotools: enable `-Wunused-macros` with gcc It works with gcc without the libtool warnings seen with clang on Windows in 96682bd5e14c20828e18bf10ed5b4b5c7543924a #1227. Sync usage of of this macro with CMake and autotools + clang + non-Windows. Making it enabled everywhere except autotools + clang + Windows due to the libtool stub issue. Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Closes #1262 commit 0b4bdc856f9e06a75e6675aad9d7f777ac3eb060 Author: Viktor Szakats Date: Sat Dec 2 03:16:08 2023 +0000 TODO: disable or drop weak algos [ci skip] Closes #1261 commit 744e059f310ab7832f6781f673474e2924d02b4e Author: Viktor Szakats Date: Fri Dec 1 03:19:04 2023 +0000 example, tests: fix/silence `-Wformat-truncation=2` gcc warnings Then sync this warning option with curl. Seems like a false positive and/or couldn't figure how to fix it, so silence: ``` example/ssh2.c:227:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=] 227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey); | ^~ example/ssh2.c:227:34: note: assuming directive output of 1 byte 227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey); | ^~~~~~~ example/ssh2.c:227:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2 227 | snprintf(fn1, fn1sz, "%s/%s", h, pubkey); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ example/ssh2.c:228:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=] 228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey); | ^~ example/ssh2.c:228:34: note: assuming directive output of 1 byte 228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey); | ^~~~~~~ example/ssh2.c:228:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2 228 | snprintf(fn2, fn2sz, "%s/%s", h, privkey); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205970397#step:10:98 Fix: ``` tests/openssh_fixture.c:116:38: error: ' 2>&1' directive output may be truncated writing 5 bytes into a region of size between 1 and 1024 [-Werror=format-truncation=] tests/openssh_fixture.c:116:11: note: 'snprintf' output between 6 and 1029 bytes into a destination of size 1024 ``` Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205969221#step:10:51 Tested via #1257 commit 2e57dcb9d2c2826a3cfdad65f72e6003313eaa64 Author: Viktor Szakats Date: Fri Dec 1 12:55:12 2023 +0000 example: fix indentation follow-up Fix long line and fix more indentations. Follow-up to 9e896e1b80911a53d6aabb322e034e6ca51b6898 commit 9e896e1b80911a53d6aabb322e034e6ca51b6898 Author: Viktor Szakats Date: Fri Dec 1 09:41:39 2023 +0000 example: fix indentation Tested via #1257 commit 6c53815aa78daa66c4c84ee0a6caf3efa8651998 Author: Viktor Szakats Date: Fri Dec 1 04:28:59 2023 +0000 autotools: fix missed `-pedantic` and `-Wall` options for gcc Follow-up to 5996fefe2bad80cfba85b2569ce6ab6ef575142c #1223 Tested via #1257 commit c9124088099627c39917e093479f2692dce6588b Author: Viktor Szakats Date: Fri Dec 1 04:38:16 2023 +0000 ci: show compiler in cross/cygwin job names Tested via #1257 commit 4be5e33ae10431f90f9ffe0d6cba44b64dcd630e Author: Viktor Szakats Date: Thu Nov 30 23:54:58 2023 +0000 mbedtls: further improve disabling `-Wredundant-decls` Move warning option suppression to `src/mbedtls.h` to surround the actual external header #includes that need it. Follow-up to ecec68a2c13a9c63fe8c2dc457ae785a513e157c #1226 Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Tested via #1257 commit 8d69e63db9e2e759e3f973fbbc154e2ec1528f83 Author: ren mingshuai Date: Fri Dec 1 11:52:12 2023 +0800 example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (#1258) libssh2_scp_recv is deprecated and has been replaced by libssh2_scp_recv2 in prior commit. Follow-up to 6c84a426beb494980579e5c1d244ea54d3fc1a3f commit 363dcbf449c0c7b13c6526d7af84c6f1db2691cc Author: Viktor Szakats Date: Fri Nov 24 23:33:22 2023 +0000 openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job - use OpenSSL 3 API when available for HMAC. This fixes building with OpenSSL 3 `no-deprecated` builds. - ensure we support pure OpenSSL 3 API by adding a CI job using OpenSSL 3 custom-built with `no-deprecated`. Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207 Fixes #1235 Closes #1243 commit 66108f02f0569efced1bdd6e9e8c29f2991c5b24 Author: Viktor Szakats Date: Sun Nov 26 12:00:20 2023 +0000 ci: restore lost comment for FreeBSD [ci skip] Follow-up to eee4e8055ab375c9f9061d4feb39086737f41a9c commit 0c9a8e3590051bfb80acbb2146388c8fe883b2f8 Author: Viktor Szakats Date: Sat Nov 25 23:47:57 2023 +0000 ci: add OpenBSD (v7.4) job + fix build error in example - Use CMake, LibreSSL and clang from the base install. - This uncovered a build error in `example/subsystem_netconf.c`, caused by using the `%n` printf mask. This is a security risk and some systems (notably OpenBSD) disable this feature. Fix it by applying this patch from OpenBSD ports (from 2021-09-11): https://cvsweb.openbsd.org/ports/security/libssh2/patches/patch-example_subsystem_netconf_c?rev=1.1&content-type=text/x-cvsweb-markup https://github.com/openbsd/ports/commit/2c5b2f3e94381914a3e8ade960ce8c997ca9d6d7 "The old code is also broken, as it passes a pointer to a variable of a different size (on LP64). There is no check for truncation, but buf[] is 1MB in size." Patch-by: naddy ``` /home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:252:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror] "]]>]]>\n%n", (int *)&len); ~^ /home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:270:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror] "]]>]]>\n%n", (int *)&len); ~^ 2 errors generated. ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6991449778/job/19022024280#step:3:420 Also made tests with arm64, but it takes consistently almost 14m to finish the job, vs. 2-3m for the native amd64: https://github.com/libssh2/libssh2/actions/runs/6991648984/job/19022440525 https://github.com/libssh2/libssh2/actions/runs/6991551220/job/19022233651 Cherry-picked from #1250 Closes #1250 commit 65c7a7a55af037bcc9ee67c2f69ecdb9109ecbb1 Author: Viktor Szakats Date: Sat Nov 25 23:43:22 2023 +0000 ci: add NetBSD (v9.3) job Use CMake, OpenSSL (v1.1) and clang from the base install. Cherry-picked from #1250 commit eee4e8055ab375c9f9061d4feb39086737f41a9c Author: Viktor Szakats Date: Sat Nov 25 23:39:29 2023 +0000 ci: update and speed up FreeBSD job - switch to an alternate GitHub action. This one seems (more) actively maintained, and runs faster: https://github.com/cross-platform-actions/action - use clang instead of gcc. clang is already present in the base install, saving install time and bandwidth. - stop installing `openssl-quictls` and use the OpenSSL (v1.1) from the base system. (I'm suspecting that quictls before this patch wasn't detected by the build.) https://wiki.freebsd.org/OpenSSL Cherry-picked from #1250 commit c6589b8823e9d4a282587a6a5dab831b54d412c0 Author: Viktor Szakats Date: Sat Nov 25 11:52:00 2023 +0000 stop using leading underscores in macro names Underscored macros are reserved for the compiler / standard lib / etc. Stop using them in user code. We used them as header guards in `src` and in `__FILESIZE` in `example`. Closes #1248 commit 7494881617223bc05aa9c94ceaa6b068e2008be2 Author: Viktor Szakats Date: Sat Nov 25 11:03:50 2023 +0000 ci: use absolute path in `CMAKE_INSTALL_PREFIX` To make the installed locations unambiguous in the build logs. Closes #1247 commit efee91333b7d641fbfb1ba471fb00d8161d4013c Author: Viktor Szakats Date: Sat Nov 25 03:49:49 2023 +0000 openssl: make a function static, add `#ifdef` comments Follow-up to 03092292597ac601c3f9f0c267ecb145dda75e4e #248 where the function was added. Also add comments to make `#ifdef` branches easier to follow in `openssl.h`. Closes #1246 commit 236e79a115791194368b45751e3ec9452d6d73d9 Author: Viktor Szakats Date: Sat Nov 25 10:35:26 2023 +0000 ci: boost mbedTLS build speed Build times down to 4 seconds (from 18-20). Closes #1245 commit 82581941d6cd91cd00cf6d8bee1b2a660864ca19 Author: Viktor Szakats Date: Sat Nov 25 00:26:40 2023 +0000 openssl: fix DSA code to use OpenSSL 3 API - fix missing `DSA` type when building for OpenSSL 3 `no-deprecated`. - fix fallouts after fixing the above by switching away from `DSA` with OpenSSL 3. Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207 Closes #1244 commit d2ef66473ca6f3521eb739eceddf0cba4c44bbed Author: Viktor Szakats Date: Sat Nov 25 00:35:43 2023 +0000 openssl: formatting (delete empty lines) [ci skip] commit 5326a5ce262b0a27dbd4714dc370d85814297f55 Author: Viktor Szakats Date: Thu Nov 23 23:00:13 2023 +0000 tests: fall back to `$LOGNAME` for username If the `$USER` variable is empty, fall back to using `$LOGNAME` to retrieve the logged-in username. In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and on some systems it may not be set. Without this value, tests were unable to provide the correct username when logging into the SSH server running under the active user's session. Reported-by: Nicolas Mora Suggested-by: Nicolas Mora Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348 Fixes #1240 Closes #1241 commit 631e7734c8d850cd0c8e7a27d4dc524915e20b09 Author: Viktor Szakats Date: Tue Nov 21 20:32:12 2023 +0000 libssh2.h: use `_WIN32` for Windows detection instead of rolling our own Sync up `libssh2.h` Windows detection with the libssh2 source code. `libssh2.h` was using `WIN32` and `LIBSSH2_WIN32` for Windows detection, next to the official `_WIN32`. After this patch it only uses `_WIN32` for this. Also, make it stop defining `LIBSSH2_WIN32`. There is a slight chance these break compatibility with Windows compilers that fail to define `_WIN32`. I'm not aware of any obsolete or modern compiler affected, but in case there is one, one possible solution is to define this macro manually. Closes #1238 commit 487152f4fa8bc155fc6cb8a03896947425dc0632 Author: Viktor Szakats Date: Tue Nov 21 22:30:59 2023 +0000 openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build Fixes: ``` src/openssl.c:650:5: error: use of undeclared identifier 'EC_KEY' EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); ^ src/openssl.c:650:13: error: use of undeclared identifier 'ec_key' EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); ^ src/openssl.c:650:22: error: implicit declaration of function 'EC_KEY_new_by_curve_name' is invalid in C99 [-Werror,-Wimplicit-function-declaration] EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve); ^ src/openssl.c:650:22: note: did you mean 'EC_GROUP_new_by_curve_name'? ./quictls/_a64-mac-sys/usr/include/openssl/ec.h:483:11: note: 'EC_GROUP_new_by_curve_name' declared here EC_GROUP *EC_GROUP_new_by_curve_name(int nid); ^ In file included from ./_a64-mac-sys-bld/src/CMakeFiles/libssh2_static.dir/Unity/unity_0_c.c:19: In file included from src/crypto.c:10: src/openssl.c:652:8: error: use of undeclared identifier 'ec_key' if(ec_key) { ^ ``` Ref: https://github.com/curl/curl-for-win/actions/runs/6950001225/job/18909297867#step:3:4341 Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207 Bug #1235 Closes #1236 commit 910ed9b0355cb8b9f2c71e00333426f1ee5f5bb7 Author: Viktor Szakats Date: Tue Nov 21 23:31:22 2023 +0000 openssl: formatting Sync up these lines with the other two similar occurrences in the code. Cherry-picked from #1236 commit b0ab005fe79260e6e9fe08f8d73b58dd4856943d Author: Michael Buckley Date: Tue Nov 21 09:33:01 2023 -0800 openssl: use non-deprecated APIs with OpenSSL 3.x (#1207) Assisted-by: Viktor Szakats commit c9dd3566b2247083f75e1304b7365ee9c8ed3e34 Author: Viktor Szakats Date: Tue Nov 21 00:39:44 2023 +0000 ci: add BoringSSL job (cmake, gcc, amd64) Closes #1233 commit 89ccc83c7da73e7ca3a112e350008131942b592e Author: Viktor Szakats Date: Mon Nov 20 02:06:37 2023 +0000 autotools: fix dotless gcc and Apple clang version detections - fix parsing dotless (major-only) gcc versions. Follow-up to 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad #1187 - sync gcc detection variable names with curl. - fix Apple clang version detection for releases between 'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the version was under-detected as 3.7 llvm/clang equivalent. - fix Apple clang version detection for 'Apple clang version 11.0.0' and newer where the Apple clang version was detected, instead of its llvm/clang equivalent. - revert to show `clang` instead of `Apple clang`, because we follow it with an llvm/clang version number. (Apple-ness still visible in raw version.) Used this collection for Apple clang / llvm/clang translation and test inputs: https://gist.github.com/yamaya/2924292 Closes #1232 commit e9017b10460857cf148f94716356907f60884a3f Author: Viktor Szakats Date: Mon Nov 20 01:48:17 2023 +0000 acinclude.m4: revert accidental edit [ci skip] Follow-up to 8c320a93a48775b74f40415e46f84bf68b4d5ae8 commit fb58016180090a5baea21d69f0d14b07b7f01ef4 Author: Viktor Szakats Date: Sun Nov 19 18:04:57 2023 +0000 autotools: show more clang/gcc version details Also: - show if we detected Apple clang. - delete duplicate version detection for clang. Closes #1230 commit 8c320a93a48775b74f40415e46f84bf68b4d5ae8 Author: Viktor Szakats Date: Sat Nov 18 16:04:19 2023 +0000 acinclude.m4: re-sync with curl [ci skip] commit 96682bd5e14c20828e18bf10ed5b4b5c7543924a Author: Viktor Szakats Date: Fri Nov 17 21:13:30 2023 +0000 autotools: avoid warnings in libtool stub code Seen on Windows with clang64, in libtool-generated stub code for examples and tests. The error didn't break the CI job for some reason. msys2 (autotools, clang64, clang-x86_64: ``` [...] 2023-11-17T20:14:17.8639574Z ./.libs/lt-test_read.c:91:10: error: macro is not used [-Werror,-Wunused-macros] [...] 2023-11-17T20:14:39.8729255Z ./.libs/lt-sftp_write_nonblock.c:91:10: error: macro is not used [-Werror,-Wunused-macros] [...] ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6908585056/job/18798193405?pr=1226#step:8:474 Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Closes #1227 commit ecec68a2c13a9c63fe8c2dc457ae785a513e157c Author: Viktor Szakats Date: Fri Nov 17 20:04:52 2023 +0000 mbedtls: improve disabling `-Wredundant-decls` Disable these warnings specifically for the mbedTLS public headers and leave it on for the the rest of the code. This also fixes this issue for autotools. Previous solution was globally disabling this warning for the whole code when using mbedTLS and only with CMake. Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224 Closes #1226 commit 64d6789f71aa4db25c6903c5e0180790bb12782e Author: Viktor Szakats Date: Thu Nov 16 14:38:44 2023 +0000 cmake: rename picky warnings script To match the camel-case style used in other CMake scripts and also to match the name used in curl. Closes #1225 commit 7ecc309cd10454c54814b478c4f85d0041da6721 Author: Viktor Szakats Date: Thu Nov 16 00:54:25 2023 +0000 build: enable more compiler warnings and fix them Enable more picky compiler warnings. I've found these options in the nghttp3 project when implementing the CMake quick picky warning functionality for it. Fix issues found along the way: - wincng, mbedtls: delete duplicate function declarations. Most of this was due to re-#defining crypto functions to crypto-backend specific implementations These redefines also remapped the declarations in `crypto.h`, making the backend-specific declarations duplicates. This patch deletes the backend-specific declarations. - wincng mapped two crypto functions to the same local function. Also causing double declarations. Fix this by adding two disctinct wrappers and moving the common function to a static one. - delete unreachable `break;` statements. - kex: disable macros when unused. - agent: disable unused constants. - mbedtls: disable double declaration warnings because public mbedTLS headers trigger it. (with function `psa_set_key_domain_parameters`) - crypto.h: formatting. Ref: https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake Closes #1224 commit 5996fefe2bad80cfba85b2569ce6ab6ef575142c Author: Viktor Szakats Date: Wed Nov 15 23:15:17 2023 +0000 autotools: sync warning enabler code with curl Tiny changes and minor updates to bring this code closer to curl's `m4/curl-compilers.m4`. Closes #1223 commit e645fa95f361d70bf1bf014d418b89b72b7e9d8c Author: Viktor Szakats Date: Wed Nov 15 22:51:41 2023 +0000 acinclude.m4: fix indentation [ci skip] Also match indentation of curl's `m4/curl-compilers.m4` for easier syncing. commit ce5f208a556c92672a959cc7ed879dcdec5836a0 Author: Viktor Szakats Date: Wed Nov 15 20:28:55 2023 +0000 autotool: rename variable `WARN` -> `tmp_CFLAGS` To match curl and make syncing this code easier. Ref: https://github.com/curl/curl/blob/d1820768cce0e797d1f072343868ce1902170e93/m4/curl-compilers.m4#L479 Closes #1222 commit cdca8cff886ce71fb9b8d0c56cdf9774b5a7d355 Author: Viktor Szakats Date: Wed Nov 15 18:43:51 2023 +0000 autotools: picky warning options tidy-up - sync clang warning version limits with CMake. - make `WARN=` vs. `CURL_ADD_COMPILER_WARNINGS()` consistent with curl and between clang and gcc (`WARN=` is for `no-` options in general). Closes #1221 commit 328a96b3daf92efc867cde2eee651c48958f31ea Author: Viktor Szakats Date: Wed Nov 15 00:36:55 2023 +0000 build: picky warning updates - cmake, autotools: sync picky gcc warnings with curl. - cmake, autotools: add `-Wold-style-definition` for clang too. - cmake, autotools: add comment for `-Wformat-truncation=1`. - cmake: more precise version info for old clang options. Closes #1219 commit fea6664e1bbf52cb9a02fceadc81f6f56c3fd7b9 Author: Viktor Szakats Date: Fri Nov 10 15:41:05 2023 +0000 ci: fixup FreeBSD version, bump mbedtls We haven't been using the FreeBSD version. Also it turns out, the single version supported is 13.2 at the moment: https://github.com/vmactions/freebsd-vm/tree/main/conf Stop trying to set the version and instead rely on the action providing the latest supported one automatically. Follow-up to a7d2a573be26238cc2b55e5ff6649bbe620cb8d9 Also: - add more details to the FreeBSD job description. - bump mbedtls version while here. Closes #1217 commit 932d6a32779a39aa6109e2d7aff8b2b6123df4f4 Author: Viktor Szakats Date: Thu Nov 9 18:59:01 2023 +0000 cmake: fix multiple include of libssh2 package Also extend our integration test double inclusion. It will still not catch this case, because that requires `cmake_minimum_required(VERSION 3.18)` or higher. Fixes: ``` CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:8 (add_library): add_library cannot create ALIAS target "libssh2::libssh2" because another target with the same name already exists. Call Stack (most recent call first): CMakeLists.txt:24 (find_package) CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:13 (add_library): add_library cannot create ALIAS target "Libssh2::libssh2" because another target with the same name already exists. Call Stack (most recent call first): CMakeLists.txt:24 (find_package) ``` Test to reproduce: ```cmake cmake_minimum_required(VERSION 3.18) # must be 3.18 or higher project(test) find_package(libssh2 CONFIG) find_package(libssh2 CONFIG) # fails add_executable(test main.c) target_link_libraries(test libssh2::libssh2) ``` Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html Assisted-by: Kai Pastor Assisted-by: Harry Mallon Ref: https://github.com/curl/curl/pull/11913 Closes #1216 commit a7d2a573be26238cc2b55e5ff6649bbe620cb8d9 Author: Viktor Szakats Date: Wed Nov 8 18:17:22 2023 +0000 ci: add FreeBSD 13.2 job It runs over Linux via qemu. First two runs were (very) slow, then it became (much) more performant at just 2x slower than a native Linux build. Then got slow again, then fast again. Still seems acceptable for the value this adds. The build uses autotools and quictls. Successful builds: 1. https://github.com/libssh2/libssh2/actions/runs/6802676786/job/18496286419 (13m59s, -j3) 2. https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497243225 (11m5s, -j2) 3. https://github.com/libssh2/libssh2/actions/runs/6803142201/job/18497785049 (3m6s, -j1) 4. https://github.com/libssh2/libssh2/actions/runs/6803194839/job/18497962766 (3m10s, -j2) 5. https://github.com/libssh2/libssh2/actions/runs/6803267201/job/18498208501 (3m13s) 6. https://github.com/libssh2/libssh2/actions/runs/6803510333/job/18498993698 (15m25s) 7. https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528571057 (3m13s) Similar solution exists for Solaris (over macOS via VirtualBox), but it hangs forever at `Waiting for text: solaris console login`: https://github.com/libssh2/libssh2/actions/runs/6802388128/job/18495391869#step:4:185 Idea taken from LibreSSL. FIXME: Unrelated, the `distcheck` job became flaky in recent days: https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497256437#step:10:536 ``` FAIL: test_auth_pubkey_ok_rsa_aes256gcm ``` https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528588933#step:10:533 ``` FAIL: test_read ``` Closes #1215 commit b9a4ed83b4b7fbef4f95e77ff1eab850dfcbac27 Author: Viktor Szakats Date: Wed Nov 8 03:24:09 2023 +0000 reuse: fix duplicate copyright warning ``` PendingDeprecationWarning: Copyright and licensing information for 'tests/openssh_server/Dockerfile' has been found in both 'tests/openssh_server/Dockerfile' and in the DEP5 file located at '.reuse/dep5'. The information for these two sources has been aggregated. In the future this behaviour will change, and you will need to explicitly enable aggregation. [...] ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6789274955/job/18456085964#step:4:4 commit 43485579609a833827736e8205fe29956900ed74 Author: Viktor Szakats Date: Sat Oct 28 11:36:31 2023 +0000 Makefile.mk: delete Windows-focused raw GNU Make build We recommend using CMake instead. Especially in unity mode, it's faster and probably more familiar for most. It's also easily portable. (`Makefile.mk` was also portable, but in practice only usable for Windows. Other platforms required a manual config header.) Also: - migrate `LIBSSH2_NO_*` option CI tests to CMake. - make MSYS2 CMake builds verbose to show compilation options. Closes #1204 commit bfa00f1bd5abce93cd95055c8b71791816b3c655 Author: Viktor Szakats Date: Mon Nov 6 12:18:25 2023 +0000 tidy-up: around `stdint.h` - os400: delete unused `HAVE_STDINT_H`. - fuzz: delete redundant `stdint.h` use. `inttypes.h` is already included via `testinput.h`. - docs/TODO: adjust type in planned function. Closes #1212 commit 20387285d300c74160f655b72ad5d762ee56166b Author: Viktor Szakats Date: Mon Nov 6 00:41:17 2023 +0000 cmake: show crypto backend in feature summary This was visible as an enabled package before this patch, but it missed to show WinCNG. Closes #1211 commit a3ffc4221d7ed4619c1e5e4557287204868e443b Author: Viktor Szakats Date: Fri Nov 3 11:04:22 2023 +0000 man: fix double spaces and dash escaping - `- ` -> `- ` - `. ` -> `. ` - `\- ` -> `- ` - `-1` -> `\-1` - fold long lines along the way This makes the minus sign come out as a Unicode minus sign (0x2212), and title separator dashes as Unicode hyphen (0x2010), with `groff -Tutf8` v1.23.0. Ref: https://lwn.net/Articles/947941/ Closes #1210 commit 8cca7b77527861395de6278b27fa825df3b5b835 Author: Viktor Szakats Date: Tue Oct 31 22:41:05 2023 +0000 src: fix gcc 13 `-Wconversion` warning on Darwin ``` src/session.c: In function 'libssh2_poll': src/session.c:1776:22: warning: conversion from 'long int' to '__darwin_suseconds_t' {aka 'int'} may change value [-Wconversion] 1776 | tv.tv_usec = (timeout_remaining % 1000) * 1000; | ^ ``` Ref: https://github.com/curl/curl-for-win/actions/runs/6711735060/job/18239768548#step:3:4368 Follow-up to 08354e0abbe86d4cc5088d210d53531be6d8981a Closes #1209 commit bf285500e603b77229bbaf9a87fe7f724bb5ffaa Author: Viktor Szakats Date: Mon Oct 30 17:42:32 2023 +0000 openssl: silence `-Wunused-value` warnings Seen with gcc 12. Manual: https://www.openssl.org/docs/man3.1/man3/BIO_reset.html ``` ./quictls/linux-a64-musl/usr/include/openssl/bio.h:555:34: warning: value computed is not used [-Wunused-value] 555 | # define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./libssh2/src/openssl.c:3518:5: note: in expansion of macro 'BIO_reset' ./libssh2/src/openssl.c:3884:5: note: in expansion of macro 'BIO_reset' ./libssh2/src/openssl.c:3995:5: note: in expansion of macro 'BIO_reset' ``` Ref: https://github.com/curl/curl-for-win/actions/runs/6696392318/job/18194032712#step:3:5060 Closes #1205 commit f64e6318f031a15d7e727d6f4864a3d2e973aab0 Author: Viktor Szakats Date: Mon Oct 30 11:23:47 2023 +0000 Makefile.am: fix `cp` to preserve attributes and timestamp commit fc00bdd7f195fc6511d18d11cad2801b56c5549e Author: Viktor Szakats Date: Sat Oct 7 15:32:39 2023 +0000 cmake: simplify showing CMake version Move it to `CMakeLists.txt`. Drop `cmake --version` commands. Credit to the `zlib-ng` project for the idea: https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078bd1399/CMakeLists.txt#L7 Closes #1203 commit 5e19044282c219ddb1fedddd8eaba0b4c0256a95 Author: Viktor Szakats Date: Sat Oct 7 09:19:49 2023 +0000 ci: mbedtls 3.5.0 v3.5.0 needs extra compiler option for i386 to avoid: ``` #error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C" ``` Closes #1202 commit 2cd2f40e37ab7e3880bc9504c6d7cda5a188fed7 Author: Viktor Szakats Date: Sat Oct 7 09:47:58 2023 +0000 tests: show cmake version used in integration tests Closes #1201 commit a9a79e7a41f2c80b487ede854ffcad90a7634e7b Author: Viktor Szakats Date: Tue Oct 3 13:46:01 2023 +0000 readme.vms: fix typo [ci skip] Detected by codespell 2.2.6 commit 06fd721f08f058b3bb83fc5d0e1c50736b28cb26 Author: Viktor Szakats Date: Sat Sep 30 19:03:37 2023 +0000 appveyor: YAML/PowerShell formatting, shorten variable name - use single-quotes in yaml and PowerShell. - shorten a variable name. - use indentation 2 for scripts. - use C else-style in PowerShell. Closes #1200 commit d468a33f620d56f2fc67ee98cd50b9039d2ecf6e Author: Viktor Szakats Date: Sat Sep 30 14:58:51 2023 +0000 ci: update actions, use shallow clones with appveyor - update GitHub Actions to their latest versions. - use shallow git clones in AppVeyor CI to save data over the wire. Closes #1199 commit 8a081fd98b015e4a5375bfec1c295e0b7e2e4e6c Author: Viktor Szakats Date: Fri Sep 29 20:07:36 2023 +0000 appveyor: move to pure PowerShell - replace batch commands with PowerShell. - merge separate command entries into single PowerShell blocks. Closes #1197 commit 6fbc9505d8a4179ab6a1d44c7df9bb9af6bdc9ba Author: Viktor Szakats Date: Fri Sep 29 08:43:40 2023 +0000 windows: use built-in `_WIN32` macro to detect Windows Instead of `WIN32`. The compiler defines `_WIN32`. Windows SDK headers or build env defines `WIN32`, or we have to take care of it. The agreement seems to be that `_WIN32` is the preferred practice here. Minor downside is that CMake uses `WIN32` and we also adopted it in `Makefile.mk`. In public libssh2 headers we stick with accepting either `_WIN32` or `WIN32` and define our own namespaced `LIBSSH2_WIN32` based on them. grepping for `WIN32` remains useful to detect Windows-specific code. Closes #1195 commit 4c241d5c65c754141243bebdafa900472b23b68f Author: Viktor Szakats Date: Fri Sep 29 09:27:34 2023 +0000 cmake: cleanup mbedTLS version detection more - lowercase, underscored local variables. - fix `find_library()` to use the multiple names passed. - rely more on `find_package_handle_standard_args()`. Logic based on our `Findwolfssl.cmake`. - delete ignored/unused `MBEDTLS_LIBRARY_DIR`. - revert CI configuration to use `MBEDCRTYPO_LIBRARY`. - clarify inputs/outputs in comment header. - use variable for regex. - formatting. Follow-up to 41594675072c578294674230d4cf5f47fa828778 #1192 Closes #1196 commit 30eef0a630ab3cc408f06d9b32fa19f647008df7 Author: Viktor Szakats Date: Thu Sep 28 18:32:37 2023 +0000 cmake: delete duplicate `include()` commit 41594675072c578294674230d4cf5f47fa828778 Author: Viktor Szakats Date: Thu Sep 28 13:09:36 2023 +0000 cmake: improve/fix mbedTLS detection - libssh2 needs the crypto lib only, stop dealing with the rest. - simplify logic. - drop hard-wired toolchain specific options that broke with e.g. MSVC. Reported by: AR Visions Fixes #1191 - add mbedTLS version detection for recent releases. - merge custom detection results display into a single line. - shorten mbedTLS configuration in macOS CI job. Used the curl mbedTLS detection logic for ideas: https://github.com/curl/curl/blob/a8c773845f4fdbfb09b08a6ec4b656c812568995/CMake/FindMbedTLS.cmake Closes #1192 commit 67e39091b2fa3b87e22895cdbdeda20e4b2403b1 Author: concussious <79338398+concussious@users.noreply.github.com> Date: Sat Sep 23 19:00:14 2023 -0400 libssh2_session_get_blocking.3: Add description (#1185) commit 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad Author: Viktor Szakats Date: Thu Sep 21 08:14:38 2023 +0000 autotools: fix selecting wincng in cross-builds (and more) - Fix explicitly selecting WinCNG in autotools cross-builds by moving `windows.h` header check before the WinCNG availability check. Follow-up to d43b8d9b0b9cd62668459fe5d582ed83aabf77e7 Reported-by: Jack L Fixes #1186 - Add Linux -> mingw-w64 cross-builds for autotools and CMake. This doesn't detect #1186, because that happened when explicitly specifying WinCNG via `--with-crypto=wincng`, but not when falling back to WinCNG by default. - autotools: fix to strip suffix from gcc version Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu may return `n-win32` (also with `-dumpfullversion`). Causing these errors and failing to enable picky warnings: ``` ../configure: line 23845: test: : integer expression expected ``` Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143 Fix that by stripping any dash-suffix. gcc version detection is still half broken because we translate '10' to '10.10' because `cut -d. -f2` returns the first word if the delimiter missing. More possible `-dumpversion` output: `10-posix`, `10-win32`, `9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0` Ref: https://github.com/mamedev/mame/pull/9767 Closes #1187 commit 88a960a86b9ffbabd17a4bbcf767e26514c4678e Author: Michael Buckley Date: Mon Aug 28 16:47:21 2023 -0700 Properly bounds check packet_authagent_open() (#1179) * Properly bounds check packet_authagent_open * packet.c: use strlen instead of sizeof for strings * Make LIBSSH_CHANNEL's channel_type_len a size_t * packet_authagent_open: use size_t for offset Credit: Michael Buckley, signed off by Will Cosgrove commit a790d3784eca821aeaee0b5db54cbf037780676f Author: Viktor Szakats Date: Mon Aug 28 23:20:53 2023 +0000 os400qc3: move FIXME comment [ci skip] Follow-up to eb9f9de2c19ec67d12a444cce34bdd059fd26ddc commit eb9f9de2c19ec67d12a444cce34bdd059fd26ddc Author: Viktor Szakats Date: Sat Aug 26 21:56:23 2023 +0000 md5: allow disabling old-style encrypted private keys at build-time Before this patch, this happened at runtime when using an old (pre-3.0), FIPS-enabled OpenSSL backend. This patch makes it possible to disable this via the build-time option `LIBSSH2_NO_MD5_PEM`. Also: - make sure to exclude all MD5 internal APIs when both the above and `LIBSSH2_NO_MD5` are enabled. - fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM` and `LIBSSH2_NO_3DES`. - add FIXME to apply this change to `os400qc3.*`. Old-style encrypted private keys require MD5 and they look like this: ``` -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC, -----END RSA PRIVATE KEY----- ``` E.g.: `tests/key_rsa_encrypted` Ref: https://github.com/libssh2/www/issues/20 Closes #1181 commit 4a64ca14302e5105c168de3f8f6cc0cbe27e4020 Author: Viktor Szakats Date: Sat Aug 26 09:48:34 2023 +0000 cmake: tidy-up `foreach()` syntax Use `IN LISTS` and `IN ITEMS`. This appears to be the preferred way within CMake's own source code and possibly improves readability. Fixup a side-effect of `IN LISTS`, where it retains empty values at the end of the list, as opposed to the syntax used before, which dropped it. In our case this happened with lines read from a text file via `file(READ)`. https://cmake.org/cmake/help/v3.7/command/foreach.html Closes #1180 commit 5754fed68644363cb25220fcf3dc86b5c376aa60 Author: Viktor Szakats Date: Fri Aug 18 21:12:25 2023 +0000 ci: replace `mv` + `chmod` with `install` in `Dockerfile` Cherry-picked from #1175 Closes #1175 commit 633db55f50f79f5cb08d4a7f73d57f2ca57958f1 Author: Viktor Szakats Date: Fri Aug 18 20:56:50 2023 +0000 ci: set file mode early in `appveyor_docker.yml` Also: - replace tab with spaces in generated config file - formatting Cherry-picked from #1175 commit a79218d3a058a333bb9de14079548a3511679a04 Author: Viktor Szakats Date: Sun Aug 20 08:26:55 2023 +0000 ci: add spellcheck (codespell) Also rename a variable in `src/os400qc3.c` to avoid a false positive. Cherry-picked from #1175 commit a20572e9afbe53c04c84105327de68d39528ce53 Author: Viktor Szakats Date: Tue Aug 22 16:43:16 2023 +0000 cmake: also test for `libssh2_VERSION` Cherry-picked from #1175 commit 87f5769b5158a81f7a21263b507e069b48f093c2 Author: Viktor Szakats Date: Mon Aug 21 21:27:31 2023 +0000 cmake: show cmake versions in ci Cherry-picked from #1175 commit e61987a3bf5b0ba40357cd769e5a16c5257724fd Author: Viktor Szakats Date: Fri Aug 18 20:56:02 2023 +0000 tests: formatting and tidy-ups - Dockerfile: use standard sep with `sed` - Dockerfile: use single quotes in shell command - appveyor.yml: use long-form option with `choco` - tests/cmake: add language to test project - reuse.yml: fix indentation ``` $ yamllint reuse.yml reuse.yml [...] 11:5 error wrong indentation: expected 6 but found 4 (indentation) 15:5 error wrong indentation: expected 6 but found 4 (indentation) [...] 27:5 error wrong indentation: expected 6 but found 4 (indentation) ``` Cherry-picked from #1175 commit 1676a178140b0c755493af78899f6d4a10b466e8 Author: Viktor Szakats Date: Fri Aug 18 20:55:37 2023 +0000 openssl.c: whitespace fixes Cherry-picked from #1175 commit a95d401f1f1fef0ac342ca1c0c23586d39999b15 Author: Viktor Szakats Date: Sun Aug 20 00:24:59 2023 +0000 checksrc: fix spelling in comment [ci skip] commit e9c7d3afa0bdf3a004846324213df938b94343b2 Author: Viktor Szakats Date: Fri Aug 18 13:20:03 2023 +0000 cmake: quote more strings Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1 Closes #1173 commit 6e3e883994eb34ecdf43c373cfac2700101a82bd Author: Viktor Szakats Date: Fri Aug 18 11:05:52 2023 +0000 drop `www.` from `www.libssh2.org` is now a 301 permanent redirect to . Update all references to point directly to the new destination. Ref: https://github.com/libssh2/www/commit/ccf4a7de7f702a8ee17e2c697bcbef47fcf485ed Closes #1172 commit aeaefaf6cc5f832dd24d7c6301ea6b5ae6e11496 Author: Viktor Szakats Date: Thu Aug 17 23:02:35 2023 +0000 cmake: add `ExternalProject` integration test - via `ExternalProject_Add()`: https://cmake.org/cmake/help/latest/module/ExternalProject.html (as documented in `docs/INSTALL_CMAKE.md`) - also make `FetchContent` fetch from local repo instead of live master. Closes #1171 commit 8715c3d51b87ebe72c6eff7b1a71f4ce6c3afb9a Author: Viktor Szakats Date: Wed Aug 16 13:22:30 2023 +0000 cmake: add integration tests Add a small project to test dependent/downstream CMake build using libssh2. Also added to the GHA CI, and you can also run it locally with `tests/cmake/test.sh`. Test three methods of integrating libssh2 into a project: - via `find_package()`: https://cmake.org/cmake/help/latest/command/find_package.html - via `add_subdirectory()`: https://cmake.org/cmake/help/latest/command/add_subdirectory.html - via `FetchContent`: https://cmake.org/cmake/help/latest/module/FetchContent.html Closes #1170 commit 4ff64ae3ca14a04c6914c45c48476a061723a872 Author: Viktor Szakats Date: Wed Aug 16 06:38:22 2023 +0000 cmake: (re-)add aliases for `add_subdirectory()` builds Add internal libssh2 library aliases to make these available for downstream/dependent projects building libssh2 via `add_subdirectory()`: - `libssh2:libssh2_static` - `libssh2:libssh2_shared` - `libssh2:libssh2` (shared, or static when not building shared) - `libssh2` (shared, or static when not building shared) Of these, `libssh2` was present in v1.10.0 and earlier releases, but missing from v1.11.0. Closes #1169 commit 8eade0c9b75dff36e7c55edde03887d95a5ec260 Author: Viktor Szakats Date: Wed Aug 16 06:36:10 2023 +0000 cmake: delete empty line [ci skip] Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1 commit 6eda1ee4337a57cb92b831ff2647b914b52ff14a Author: Viktor Szakats Date: Tue Aug 15 21:58:18 2023 +0000 cmake: reflect minimum version in docs [ci skip] Follow-up to 9cd18f4578baa41dfca197f60557063cad12cd59 commit 3fa5282d6284efba62dc591697e6a687152bdcb1 Author: Viktor Szakats Date: Thu Aug 10 12:38:24 2023 +0000 cmake: style tidy up - quote text literals to improve readability. (exceptions: `FILES` items, `add_subdirectory` names, `find_package` names, literal target names, version numbers, 0/1, built-in CMake values and CMake keywords, list items in `cmake/max_warnings.cmake`) - quote standalone variables that could break syntax on empty values. - replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`. - add missing mode to `message()` call. - `TRUE`/`FALSE` → `ON`/`OFF`. - add missing default value `OFF` to `option()` for clarity. - unfold some lines. - `INSTALL_CMAKE.md` fixes and updates. Show defaults. Closes #1166 commit 186c1d6394a75e52ea3becd4c11a32aaa6002a52 Author: Viktor Szakats Date: Tue Aug 15 01:36:48 2023 +0000 wincng: prefer `ULONG`/`DWORD` over `unsigned long` To match with the types used by the `Crypt*()` (uses `DWORD`) and `BCrypt*()` (uses `ULONG`) Windows APIs. This patch doesn't change data width or signedness. Closes #1165 commit 7bb669b52adbb1d3d4e239f77544824e83f74209 Author: Viktor Szakats Date: Mon Aug 14 23:23:06 2023 +0000 wincng: tidy-ups - make `_libssh2_wincng_key_sha_verify` static. - prefer `unsigned long` over `size_t` in two static functions. - prefer `ULONG` over `DWORD` to match `BCryptImportKeyPair()` and `BCryptGenerateKeyPair()`. - add a newline. Closes #1164 commit d43b8d9b0b9cd62668459fe5d582ed83aabf77e7 Author: Viktor Szakats Date: Mon Aug 14 21:57:18 2023 +0000 ci: add MSYS builds (autotools and cmake) Use existing MSYS2 section and extend it with builds for the MSYS environment with both autotools and cmake. MSYS builds resemble Cygwin ones: The env is Unixy, where Windows headers are all available but we don't use them. Also: - extend existing autotools logic for Cygwin to skip detecting `windows.h` for MSYS targets too. - require `windows.h` for the WinCNG backend in autotools. Before this patch, autotools allowed selecting WinCNG on the Cygwin and MSYS platforms, but the builds then fell apart due to the resulting mixed Unixy + Windowsy environment. The general expectation for Cygwin/MSYS builds is not to use the Windows API directly in them. - stop manually selecting the `MSYS Makefiles` CMake generator for MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but it broke MSYS build which use `Unix Makefiles`. Deleting this setting fixes all build flavours. Closes #1162 commit 84912e2ed8a9e40016a1e0c381bacbba7cba52b5 Author: Viktor Szakats Date: Mon Aug 14 23:07:21 2023 +0000 ci: cygwin job tidy-ups `CMAKE_C_COMPILER=gcc` not necessary, delete it. Follow-up to f1e96e733fefb495bc31b07f5c2a5845ff877c9c Cherry-picked from #1163 Closes #1163 commit f1e96e733fefb495bc31b07f5c2a5845ff877c9c Author: Viktor Szakats Date: Mon Aug 14 21:22:00 2023 +0000 ci: add Cygwin builds (autotools and cmake) To avoid builds picking up non-Cygwin components coming by default with the CI machine, I used the solution recommended by Cygwin [1] and set `PATH` manually. To avoid repeating this for each step, I merged steps into a single one. Let us know if there is a more elegant way. Cygwin's Github Action uses cleartext HTTP. We upgrade this to HTTPS. autotools build seemed to take slightly longer than other jobs. To save turnaround time I disabled building tests. Cygwin package search: https://cygwin.com/cgi-bin2/package-grep.cgi [1] https://github.com/cygwin/cygwin-install-action/tree/v4#path Closes #1161 commit 5453fc8035b4aaad1a9bbfbeace4fac210fabde8 Author: Viktor Szakats Date: Sun Aug 13 09:07:26 2023 +0000 cmake: add `LIB_NAME` variable It holds the name `libssh2`. Mainly to document its uses, and also syncing up with the same variable in libcurl. Closes #1159 commit c705ff3f370582d4363f53826c4fcb23af7ec3b7 Author: Viktor Szakats Date: Fri Aug 11 21:57:33 2023 +0000 cmake: add one missed `PROJECT_NAME` variable Follow-up to 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c Closes #1158 commit ae7d51085e9e4e8c0d0ca3ded9dd7956f6f7d645 Author: Viktor Szakats Date: Fri Aug 11 17:09:27 2023 +0000 cmake: tidy-up concatenation in `CMAKE_MODULE_PATH` Former solution was appending an empty element to the array if `CMAKE_MODULE_PATH` was originally empty. The new syntax doesn't have this side-effect. There is no known issue caused by this. Fixing it for good measure. Closes #1157 commit 1215aa5f46a603ce31e8b91b11ccd273a469350a Author: Viktor Szakats Date: Thu Aug 10 02:33:24 2023 +0000 ci: add mingw-w64 UWP build Add a CI test for Windows UWP builds using mingw-w64. Before this patch we had UWP builds tested with MSVC only. Alike existing UWP jobs, it's not possible to run the binaries due to the missing UWP runtime DLL: https://github.com/libssh2/libssh2/actions/runs/5821297010/job/15783475118#step:11:42 We could install `winstorecompat-git` in the setup-msys2 step, but opted to do it manually to avoid the overhead for every matrix job. All this would work smoother with llvm-mingw, which features an UWP toolchain prefix and provides all necessary implibs by default. This also hit a CMake bug (with v3.26.4), where CMake gets confused and sets up `windres.exe` to use the MSVC rc.exe-style command-line: https://github.com/libssh2/libssh2/actions/runs/5819232677/job/15777236773#step:9:126 Notice that MS "sunset" UWP in 2021: https://github.com/microsoft/WindowsAppSDK/discussions/1615 If this particular CI job turns out to be not worth the maintenance burden or CPU time, or too much of a hack, feel free to delete it. Ref: https://github.com/libssh2/libssh2/pull/1147#issuecomment-1670850890 Closes #1155 commit 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c Author: Viktor Szakats Date: Wed Aug 9 11:23:37 2023 +0000 cmake: replace `libssh2` literals with `PROJECT_NAME` variable Where applicable. This also makes it more obvious which `libssh2` uses were referring to the project itself. Closes #1152 commit 42d3bf1348dac0d2989f02daf971832f843baf9f Author: Viktor Szakats Date: Wed Aug 9 10:33:59 2023 +0000 cmake: fix `STREQUAL` check in error branch This caused a CMake error instead of our custom error when manually selecting the `WinCNG` crypto-backend for a non-Windows target. Also cleanup `STREQUAL` checks to use variable name without `${}` on the left side and quoted string literals on the right. Closes #1151 commit 74e742887c5cfb988ce820b2b797bd3f2fab8cb0 Author: Viktor Szakats Date: Wed Aug 9 08:42:28 2023 +0000 misc: flatten `_libssh2_explicit_zero` if tree Closes #1149 commit 1f0174d0df6e6aa9c90562abc668a9abd72f5a4b Author: Viktor Szakats Date: Wed Aug 9 13:53:26 2023 +0000 src: drop a redundant `#include` We include `misc.h` via `libssh2_priv.h` already. Closes #1153 commit d79047c938c326d2cdc5184ee3a93f4303d56940 Author: Viktor Szakats Date: Mon Aug 7 14:01:36 2023 +0000 openssl: use automatic initialization with LibreSSL 2.7.0+ Stop calling `OpenSSL_add_all_*()` for LibreSSL 2.7.0 and later. LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization and deprecated these functions. Stop calling these functions manually for LibreSSL version that no longer need them. Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt Ref: https://github.com/libressl/openbsd/commit/46f29f11977800547519ee65e2d1850f2483720b Ref: https://github.com/libssh2/libssh2/issues/302 Also stop calling `ENGINE_*()` functions when initialization is automatic with LibreSSL 2.7.0+ and OpenSSL 1.1.0+. Engines are also initializated automatically with these. Closes #1146 commit 36748270f94eced49bb6890f376cbaf4e7d1713e Author: Viktor Szakats Date: Sat Aug 5 16:32:51 2023 +0000 gha: restore curly braces in `if` Without curly braces it was less obvious which string is a GHA expression. Also fix an `if` expression that always missed its curly braces. Reverts cab3db588769d6deed97ba89ca9221fd7503405e Closes #1145 commit 82b0c89e29cff794df104825f1ed01e029685493 Author: Viktor Szakats Date: Thu Aug 3 21:53:01 2023 +0000 ci: bump mbedtls commit 63b4c20eb031227d040a3aca3224c80189411464 Author: renmingshuai Date: Tue Aug 1 12:36:24 2023 +0800 Add a new structure to separate memory read and file read. We use different APIs when we read one private key from memory, so it is improper to store the private key information in the structure that stores the private key file information. Fixes https://github.com/libssh2/libssh2/issues/773 Reported-by: mike-jumper commit 1a99a86a29a09f4d35094f5daa87a35ea77d7d90 Author: Viktor Szakats Date: Thu Aug 3 00:42:06 2023 +0000 tests: replace FIXME with comments `key_dsa_wrong` is the same kind of (valid) key as `key_dsa`, both with an empty passphrase. Named "wrong" because it's intentionally not added to our `openssh_server/authorized_keys` file. commit 76307435b8221044c51cd54ef9a722a62c5d8344 Author: Viktor Szakats Date: Wed Aug 2 23:03:40 2023 +0000 tidy-up: delete duplicate word from comment commit 11a03690e1c76b98950fdc37b356c3143e2dc716 Author: Viktor Szakats Date: Mon Jul 31 08:41:04 2023 +0000 cmake: cache more config values on Windows Set two cases of non-detection to save the time dynamically detecting these on each build init. Affects old MSVC versions. Before: https://ci.appveyor.com/project/libssh2org/libssh2/builds/47668870/job/i17e0e9yx8rgpv4i After: https://ci.appveyor.com/project/libssh2org/libssh2/builds/47674950/job/ysa1jq0pxtyhui3f Closes #1142 commit 481be044e032741e166aca39dc47d5f691bb48e7 Author: Viktor Szakats Date: Sat Jul 29 22:25:52 2023 +0000 revert: build: respect autotools `DLL_EXPORT` in `libssh2.h` Revert fb1195cf88268a11e2709b9912ab9dca8c23739c #917 On a second look this change did not improve anything with autotools builds. autotools seems to handle the dll export matter without it. This patch also broke (e.g.) curl-for-win autotools builds, where the curl build defines `DLL_EXPORT` while building libcurl DLL. `libssh2.h` picks it up, resulting in unresolved symbols while trying to link a static libssh2 on Windows. The best fix seems to be to revert this, instead of adding extra tweaks to dependents. Fixes: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/47667412#L11035 ``` ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_block_directions >>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_do) >>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_connect) >>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_multi_statemach) >>> referenced 8 more times ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_init_ex >>> referenced by vssh/.libs/libcurl_la-libssh2.o:(ssh_connect) ld.lld-15: error: undefined symbol: __declspec(dllimport) libssh2_session_set_read_timeout [...] ``` Closes #1141 commit cab3db588769d6deed97ba89ca9221fd7503405e Author: Viktor Szakats Date: Fri Jul 28 09:49:43 2023 +0000 gha: simplify `if` strings Closes #1140 commit 57e9d18e38c5f109276cb5a5594d44c84badc347 Author: Viktor Szakats Date: Wed Jul 26 23:01:02 2023 +0000 test_read: make it run without Docker Apply an existing fix to `test_read`, so that it falls back to use the current username instead of the hardcoded `libssh2` when run outside Docker. This allows to run algo tests with this command: ```shell cd tests ./test_sshd.test ./test_read_algos.test ``` Closes #1139 commit f58f77b5c8da07b01c625d85ec418651e2fa1bf5 Author: Viktor Szakats Date: Wed Jul 26 22:32:00 2023 +0000 cmake: streamline invocation Stop specifiying the current directory. Simplify build instructions. Closes #1138 commit c515eed39870e8621c05e1593545abfc2ae5b1fe Author: Viktor Szakats Date: Tue Jul 25 11:47:16 2023 +0000 NMakefile: delete This make file was for long time unmaintained (last updated in 2014). Despite best efforts to keep it working in the recent round of major overhauls, it appears to be broken now. There is also no way to test it without an actual MSVC env and it's also missing from our CI. Based on our Issue tracker, it's also not widely used. Since its addition in 2005, libssh2 got support for CMake in 2014. CMake should be able to generate NMake makefiles with the option `-G "NMake Makefiles"`. (I haven't tested this.) Ref: https://github.com/libssh2/libssh2/discussions/1129 Closes #1134 commit 802336cf951ced50ce41d60bd1039cb7779d23ea Author: Viktor Szakats Date: Tue Jul 25 22:54:26 2023 +0000 tests: add aes256-gcm encrypted key test Follow-up to #1133 Also update `tests/gen_keys.sh` to set `aes256-ctr` encryption method for `key_ed25519_encrypted' explicitly. Closes #1135 commit e87bdefac664d54117640ee719402237a2b471e4 Author: Jakob Egger Date: Wed Jul 26 09:15:20 2023 +0200 Fix private keys encrypted with aes-gcm methods (#1133) libssh2 1.11.0 fails to decrypt private keys encrypted with aes128-gcm@openssh.com and aes256-gcm@openssh.com ciphers. To reproduce the issue, you can create a test key with a command like the following: ```bash ssh-keygen -Z aes256-gcm@openssh.com -f id_aes256-gcm ``` If you attempt to use this key for authentication, libssh2 returns the not-so-helpful error message "Wrong passphrase or invalid/unrecognized private key file format". The problem is that OpenSSH encrypts keys differently than packets. It does not include the length as AAD, and the 16 byte authentication tag is appended after the encrypted key. The length of the authentication tag is not included in the encrypted key length. I have not found any documentation for this behaviour -- I discovered it by looking at the OpenSSH source. See the `private2_decrypt` function in . This patch fixes the code for reading OpenSSH private keys encrypted with AES-GCM methods. commit 6265ffdb703929e21050c3ae5d43da369a2afc99 Author: Viktor Szakats Date: Wed Jul 26 00:05:00 2023 +0000 ci: add missing timeout to 'autotools distcheck' step commit a909100705895c83257509a924a2aae3ca514fc0 Author: Viktor Szakats Date: Tue Jul 25 09:02:45 2023 +0000 cmake: merge `set_target_properties()` calls Also rename variable `LIBSSH2_VERSION` to `LIBSSH2_LIBVERSION` in context of lib versioning to avoid collision with another use. Closes #1132 commit 2fdc10ba049658b2b5659046d0dea8aab472ea9f Author: Viktor Szakats Date: Tue Jul 25 08:38:54 2023 +0000 cmake: formatting [ci skip] commit 6464301820a9ca4a56c5f02717430bbd4150c7b2 Author: Viktor Szakats Date: Sun Jul 23 14:31:39 2023 +0000 cmake: (re-)add zlib to `Libs.private` in `libssh2.pc` We mistakently added transitive zlib to `Requires.private` before, then removed it. This patch re-adds zlib, but this time to `Libs.private`, which is listing raw libs and should include transitive libs as well. Also add zlib when used as a direct dependency when zlib compression support is enabled. Follow-up to ef538069a661a43134fe7b848b1fe66b2b43bdac Closes #1131 commit 83910b724ce9481ddff1026f240512e1d62a6048 Author: Viktor Szakats Date: Sun Jul 23 14:44:22 2023 +0000 cmake: formatting [ci skip] commit c5ec6c4945199fcf936dcd1d93907357400f2ef8 Author: Viktor Szakats Date: Thu Jul 20 23:34:50 2023 +0000 cmake: use `wolfssl/options.h` for detection, like autotools Closes #1130 commit c84745e34e53f863ffba997ceeee7d43d1c63a4b Author: Viktor Szakats Date: Thu Jul 20 13:20:14 2023 +0000 build: stop requiring libssl from openssl libssh2 does not use or need the TLS/SSL library of OpenSSL. It only needs libcrypto. Closes #1128 commit 5cfa59d3910da7ae1ab6d30f022f27d29d2bcda6 Author: Viktor Szakats Date: Thu Jul 20 12:57:36 2023 +0000 cmake: add openssl libs to `Libs.private` in `libssh2.pc` Also to sync up with autotools-generated `libssh2.pc`, that already added them. Closes #1127 commit 75ed30917d8801388c75fdc06f695d0cc28a55c0 Author: Viktor Szakats Date: Thu Jul 20 12:48:58 2023 +0000 Makefile.mk: stop linking unused mbedtls libs Stop linking libmbedtls and libmbedx509 (similarly to autotools). Only libmbedcrypto is necessary for libssh2. commit 9cd18f4578baa41dfca197f60557063cad12cd59 Author: Viktor Szakats Date: Thu Jul 20 10:51:54 2023 +0000 cmake: bump minimum CMake version to v3.7.0 Fixes the warning below, which appeared in CMake v3.27.0: ``` CMake Deprecation Warning at CMakeLists.txt:39 (cmake_minimum_required): Compatibility with CMake < 3.5 will be removed from a future version of CMake. Update the VERSION argument value or use a ... suffix to tell CMake that the project does not need compatibility with older versions. ``` Bump straight up to v3.7.0 to sync up with the curl project: https://github.com/curl/curl/blob/2900c29218d2d24ab519853589da84caa850e8c7/CMakeLists.txt#L64 CMake release dates: v3.7.0 2016-11-11 v3.5.0 2016-03-08 v3.1.0 2014-12-17 Closes #1126 commit 5720dd9fe011d16659f09ddf6645402f15b1c2ea Author: Viktor Szakats Date: Tue Jul 18 15:21:43 2023 +0000 build: tidy-up `libssh2.pc.in` variable names - prefix with `LIBSSH2_PC_` - match with the names of `pkg-config` values. - use the same names in autotools and CMake scripts. - use `LIBSSH2_VERSION` for the version number in autotools scripts, to match the name used in CMake. Closes #1125 commit 624abe275fbb88816539fa5d7ebfef7f0e5ca2f1 Author: Viktor Szakats Date: Thu Jul 13 14:31:18 2023 +0000 libssh2.pc: re-add & extend support for static-only libssh2 builds Adapted for libssh2 from the curl commit message by James Le Cuirot: "A project built entirely statically will call `pkg-config` with `--static`, which utilises the `Libs.private:` field. Conversely it will not use `--static` when not being built entirely statically, even if there is only a static build of libssh2 available. This will most likely cause the build to fail due to underlinking unless we merge the `Libs:` fields. Consider that this is what the Meson build system does when it generates `pkg-config` files." This patch extends the above to `Requires:`, to mirror `Libs:` with `pkg-config` package names. Follow-up to 1209c16d93cba3c5e0f68c12fa4a5049f49c00d8 #1114 Ref: https://github.com/libssh2/libssh2/pull/1114#issuecomment-1634334809 Ref: https://github.com/curl/curl/commit/98e5904165859679cd78825bcccb52306ee3bb66 Ref: https://github.com/curl/curl/pull/5373 Closes #1119 commit 0f396aa926b837de1db1de78726d47d0d3928653 Author: Nursan Valeyev Date: Sat Jul 15 00:25:05 2023 +0300 cmake: CMAKE_SOURCE_DIR -> PROJECT_SOURCE_DIR (#1121) Fixes compiling as dependency with FetchContent Co-authored-by: Viktor Szakats commit 7f83de14a022f60c287361293f9ae513c9443d9c Author: Viktor Szakats Date: Fri Jul 14 18:40:57 2023 +0000 autotools: use comma separator in `Requires.private` of `libssh2.pc` In `Requires*:`, the documented name separator is comma. We already used it in the CMake-generated `libssh2.pc`. Adjust the autotools-generated one to use it too, instead of spaces. Ref: https://linux.die.net/man/1/pkg-config Ref: https://gitlab.freedesktop.org/pkg-config/pkg-config/-/blob/d97db4fae4c1cd099b506970b285dc2afd818ea2/pkg-config.1 Closes #1124 commit ef538069a661a43134fe7b848b1fe66b2b43bdac Author: Viktor Szakats Date: Fri Jul 14 12:41:02 2023 +0000 build: add/fix `Requires.private` packages in `libssh2.pc` - autotools was using `libwolfssl`. CMake left it empty. wolfSSL provides `wolfssl.pc`. This patch sets `Requires.private: wolfssl` with both build tools. - add `libgcrypt` to `Requires.private` with both autotools and CMake. Ref: https://github.com/gpg/libgcrypt/blob/e76e88eef7811ada4c6e1d57520ba8c439139782/src/libgcrypt.pc.in Present since 2005-04-22: https://github.com/gpg/libgcrypt/commit/32bf3f13e8b45497322177645bebf0b5d0c9cb8e Released in v1.3.0 2007-05-04: https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.3.0 - also stop adding transitive `zlib` deps to `Requires.private`. The referenced crypto package is adding it as nedded. This makes deduplication of the list redundant, so stop doing it. Follow-up to 2fc367900701e6149efc42bd674c4b69127756dd (`libssh2.pc` not tested as a project dependency.) Closes #1123 commit 2fc367900701e6149efc42bd674c4b69127756dd Author: Viktor Szakats Date: Fri Jul 14 09:16:46 2023 +0000 cmake: tidy-ups - dedupe `Requires.private` in `libssh2.pc`. `zlib` could appear on the list twice: ``` Requires.private: libssl,libcrypto,zlib,zlib ``` According to CMake docs `list(REMOVE_DUPLICATES ...)`, is supported by our minimum required CMake version (and by earlier ones even): https://cmake.org/cmake/help/v3.1/command/list.html#remove-duplicates - move `cmake_minimum_required()` to the top. - move `set(CMAKE_MODULE_PATH)` to the top. - delete duplicate `set(CMAKE_MODULE_PATH)`. - replace `CMAKE_CURRENT_SOURCE_DIR` with `PROJECT_SOURCE_DIR` in root `CMakeLists.txt` for robustness. - replace `gcovr` option with long-form for readability/consistency. - rename `GCOV_OPTIONS` to `GCOV_CFLAGS`. These are C options we enable when using gcov, not gcov tooling options. Closes #1122 commit 4a42f42e40257360d87b2a3f2ec8b4442d8259d7 Author: Viktor Szakats Date: Wed Jul 12 09:16:57 2023 +0000 openssl: add missing check for `LIBRESSL_VERSION_NUMBER` before use Fixes: ``` openssl.h:101:5: warning: "LIBRESSL_VERSION_NUMBER" is not defined [-Wundef] LIBRESSL_VERSION_NUMBER >= 0x3050000fL ^ ``` Ref: https://github.com/libssh2/libssh2/issues/1115#issuecomment-1631845640 Closes #1117 commit 1209c16d93cba3c5e0f68c12fa4a5049f49c00d8 Author: Harmen Stoppels Date: Sun Jul 9 21:36:07 2023 +0200 Don't put `@LIBS@` in pc file commit 573e4ed0c9c3a6495566e238c42f2385c58240f8 Author: Viktor Szakats Date: Sat Jul 1 16:34:54 2023 +0000 misc: delete redundant NULL check and assignment Follow-up to 724effcb47ebb713d3ef1776684b8f6407b4b6a5 #1109 Ref: https://github.com/libssh2/libssh2/pull/1109#discussion_r1246613274 Closes #1111 commit bec57c409d40822a23f03d2136f33b75b01b4b58 Author: renmingshuai Date: Sat Jul 1 10:14:48 2023 +0800 We should check whether *key_method is a NULL pointer instead of key_method Signed-off-by: renmingshuai commit 724effcb47ebb713d3ef1776684b8f6407b4b6a5 Author: ren mingshuai <78132473+rmsh1216@users.noreply.github.com> Date: Sat Jul 1 01:34:44 2023 +0800 Add NULL pointer check for outlen before use (#1109) Before assigning a value to the outlen, we need to check whether it is NULL. Credit: Ren Mingshuai commit 2da13c13e14d990df23686490a1e98d963ea7f71 Author: Viktor Szakats Date: Fri Jun 23 16:40:01 2023 +0000 cmake: re-add `Libssh2:libssh2` for compatibiliy + lowercase namespace - add `libssh2:libssh2` target that selects the shared lib if built, otherwise the static one. - re-add `Libssh2:libssh2` target for compatibility with v1.10.0 and earlier. This is an alias for `libssh2:libssh2`. - keep `libssh2:libssh2_shared` and `libssh2_libssh2_static` targets. - allow using `find_package(libssh2)` in dependents as an alternative to `find_package(Libssh2)`. Co-authored-by: Radek Brich Suggested-by: Haowei Hsu Fixes #1103 Fixes #731 Closes #1104 commit 279a2e57e58d6c06754c0093b627426970346d41 Author: Viktor Szakats Date: Sun Jun 25 13:22:14 2023 +0000 example: fix regression in `ssh2_exec.c` Regression from b13936bd6a89993cd3bf4a18317ca5bd84bb08d7 #861 #846. Update a variable name missed above. Reported-by: PewPewPew Fixes #1105 Closes #1106 commit 766bde9fb9dfb8b2bdb319ce32165d8239c25935 Author: Viktor Szakats Date: Fri Jun 23 16:31:16 2023 +0000 docs: replace SHA1 with SHA256 in CMake example commit 3d309f9b8d007fe312f577ad4a9f7b01737d8f0d Author: Viktor Szakats Date: Fri Jun 23 16:29:24 2023 +0000 checksrc: modernise perl file open Use regular variables and separate file open modes from filenames. Suggested by perlcritic Copied from https://github.com/curl/curl/commit/7f669aa0f1d40ef5d64543981f22bdc5af1272f5 Copied from https://github.com/curl/trurl/commit/f2784a9240f47ee28a845 commit fe6239a11fce33192c32c9282accb3057088f178 Author: Viktor Szakats Date: Wed Jun 21 17:22:40 2023 +0000 reuse: comply with 3.1 spec and 2.0.0 checker The checker tool was upgraded upstream to 2.0.0 and the REUSE Specification to version 3.1 (from 3.0), causing these new errors: ``` reuse.project - WARNING - Copyright and licensing information for 'docs/INSTALL_AUTOTOOLS' have been found in 'docs/INSTALL_AUTOTOOLS' and the DEP5 file located at '.reuse/dep5'. The information in the DEP5 file has been overridden. Please ensure that this is correct. reuse.project - WARNING - Copyright and licensing information for 'tests/openssh_server/Dockerfile' have been found in 'tests/openssh_server/Dockerfile' and the DEP5 file located at '.reuse/dep5'. The information in the DEP5 file has been overridden. Please ensure that this is correct. The following files have no licensing information: * docs/INSTALL_AUTOTOOLS * tests/openssh_server/Dockerfile ``` Via: https://github.com/libssh2/libssh2/actions/runs/5333572682/jobs/9664211341?pr=1098#step:4:4 Ref: https://github.com/fsfe/reuse-tool/releases/tag/v2.0.0 Ref: https://git.fsfe.org/reuse/docs/src/branch/stable/CHANGELOG.md#3-1-2023-06-21 Original discovery: https://github.com/libssh2/libssh2/pull/1098#issuecomment-1600719575 Fixes #1101 Closes #1102 commit b2916b286bc05ab79b8ddddb02cca0812141df0d Author: Viktor Szakats Date: Wed Jun 21 08:12:23 2023 +0000 tests: trap signals in scripts Closes #1098 commit ad7188456f1622e7fd9b9e344d01133c152c3fd8 Author: Viktor Szakats Date: Wed Jun 21 09:05:21 2023 +0000 test_sshd.test: fixup to distcheck failure Fixes: ``` ERROR: test_sshd.test - missing test plan ERROR: test_sshd.test - exited with status 1 ``` Ref: https://github.com/libssh2/libssh2/actions/runs/5322354271/jobs/9638694218#step:10:532 Caused by trying to create the log file in a read-only directory. Follow-up to 299c2040625830d06ad757d687807a166b57d6de Closes #1099 commit 299c2040625830d06ad757d687807a166b57d6de Author: Viktor Szakats Date: Wed Jun 21 10:09:45 2023 +0200 test_sshd.test: show sshd and test connect logs on harness failure (#1097) commit 2388a3aa4961843e6558ecb9a1ad930de29a89aa Author: Joel Depooter Date: Fri Jun 16 13:55:28 2023 -0700 Fix incorrect byte offset in debug message (#1096) Fixes debug log message Credit: Joel Depooter commit 9218d377988b4938eb22cb3e2d65199d5342679b Author: Viktor Szakats Date: Fri Jun 16 11:34:17 2023 +0000 tidy-up: delete whitespace at EOL [ci skip] commit 9d7bc25306e675bf913f64fef55e9419a8d1764c Author: Viktor Szakats Date: Fri Jun 16 10:34:56 2023 +0000 mbedtls: include `version.h` for `MBEDTLS_VERSION_NUMBER` Older (2021 or earlier?) mbedTLS releases require this. Reported-by: rahmanih on Github Fixes #1094 Closes #1095 commit 82d1b8ff477eb8f7d4d2747806276cc902a59b05 Author: Viktor Szakats Date: Wed Jun 14 17:10:36 2023 +0000 hostkey: do not advertise ssh-rsa when SHA1 is disabled Before this patch OpenSSL, mbedTLS, WinCNG and OS/400 advertised both SHA2 and SHA1 host key algos, even when SHA1 was not supported by the crypto backend or when forcefully disabled via `LIBSSH2_NO_RSA_SHA1`. Reported-by: João M. S. Silva Fixes #1092 Closes #1093 commit 12ae9645ff35a103d1c9f4850cf3d0f1536b4dbd Author: Viktor Szakats Date: Wed Jun 14 12:34:01 2023 +0000 openssl.h: whitespace tidy-up [ci skip] commit e8cabdcf2c3803cc490235c6d61c2d020af1840a Author: Dan Fandrich Date: Tue Jun 13 15:09:48 2023 -0700 test_sshd.test: set a safe PID directory (#1089) The compiled in default to sshd can be a non-writable location since it expects to be run as root. commit 36c1e1d1f2f5a91e48e2311844cfb4dd66a6a7fa Author: Viktor Szakats Date: Tue Jun 13 14:51:43 2023 +0000 mingw: fix printf mask for 64-bit integers Before 02f2700a61157ce5a264319bdb80754c92a40a24 #846 #876, we used `%I64d'. That patch changed this to `%lld`. This patch uses `PRId64` (defined in `inttypes.h`). Fixes #1090 Closes #1091 commit d29eea1d29aa4902a584b81018545be718f6ab55 Author: Viktor Szakats Date: Wed Jun 7 11:53:35 2023 +0000 test_sshd.test: minor cleanups commit f6aa31f48f33d75b71b73a4fd6e7bc26c879515f Author: Daniel Stenberg Date: Mon Jun 5 20:00:19 2023 +0200 provide SPDX identifiers - All files have prominent copyright and SPDX identifier - If not embedded in the file, in the .reuse/dep5 file - All used licenses are in LICENSES/ (not shipped in tarballs) - A new REUSE CI job verify that all files are OK Assisted-by: Viktor Szakats Closes #1084 commit 8b92499940cc930b61ab4c966ff5acc54900bb3f Author: Viktor Szakats Date: Mon Jun 5 19:59:53 2023 +0000 src: improve MSVC C4701 warning fix Simplify the code to avoid this warning. This might also help avoiding it with other compilers (e.g. gcc?). Improves 02f2700a61157ce5a264319bdb80754c92a40a24 #876 Might fix #1083 Closes #1086 commit f4f52ccc4d9a2d132a12df92bcee5e115359c3e3 Author: Daniel Stenberg Date: Mon Jun 5 17:13:33 2023 +0200 configure.ac: remove AB_INIT Not used. Remove m4/autobuild.m4 as well commit 187d89bb0740400e8fa0b5f1441d089392797f53 Author: Viktor Szakats Date: Sun Jun 4 02:09:41 2023 +0000 copyright: remove years from copyright headers Also: - uppercase `(C)`. - add missing 'All rights reserved.' lines. - drop duplicate 'Author' lines. - add copyright headers where missing. - enable copyright header check in checksrc. Reasons for deleting years (copied as-is from curl): - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING Closes #1082 commit 43df6a46b164615c16e6b1a132edd4f6e7281563 Author: Viktor Szakats Date: Sat Jun 3 22:36:06 2023 +0000 tests: cast to avoid `-Wchar-subscripts` with Cygwin ``` In file included from $HOME/src/cygwin/libssh2/libssh2-1.11.0-1.x86_64/src/libssh2-1.11.0/tests/openssh_fixture.c:57: $HOME/src/cygwin/libssh2/libssh2-1.11.0-1.x86_64/src/libssh2-1.11.0/tests/openssh_fixture.c: In function 'run_command_varg': $HOME/src/cygwin/libssh2/libssh2-1.11.0-1.x86_64/src/libssh2-1.11.0/tests/openssh_fixture.c:136:37: warning: array subscript has type 'char' [-Wchar-subscripts] 136 | while(end > 0 && isspace(buf[end - 1])) { | ~~~^~~~~~~~~ ``` Ref: https://github.com/libssh2/libssh2/files/11644340/cygwin-x86_64-libssh2-1.11.0-1-check.log Reported-by: Brian Inglis Fixes #1080 Closes #1081 commit 003fb454c33e420175e89117f71ada61bcadf8e4 Author: Viktor Szakats Date: Thu Jun 1 09:38:00 2023 +0000 tidy-up: avoid exclamations, prefer single quotes, in outputs Closes #1079 commit c89174a78b56a12fad9d772ac62289b5d5e6b6ad Author: Viktor Szakats Date: Thu Jun 1 08:05:47 2023 +0000 autotools: improve libz position We repositioned crypto libs in 4f0f4bff5a92dce6a6cd7a5600a8ee5660402c3f via #941 and subsequently in d4f58f03438e326b8696edd31acadd6f3e028763 from d93ccf4901ef26443707d341553994715414e207 via #1013. This patch moves libz accordingly, to unbreak certain build scenarios. Reported-by: Kenneth Davidson Regression from 4f0f4bff5a92dce6a6cd7a5600a8ee5660402c3f #941 Fixes #1075 Closes #1077 commit 8b917d765f889092bcde493e2d770014ad9bf363 Author: Viktor Szakats Date: Wed May 31 22:07:13 2023 +0000 src: bump `hash_len` to `size_t` in `LIBSSH2_HOSTKEY_METHOD` Follow-up to 7b8e02257f01a6dac5f65305b18bb74a157fb5c4 Closes #1076 commit c6e137f7aaa0f67beb417b695f5486093377ca69 Author: Viktor Szakats Date: Wed May 31 13:57:13 2023 +0000 ci: add non-static autotools i386 build, ignore GHA updates on AppVeyor Add a non-static autotools build to GitHub Actions. Make this build target i386 and libgcrypt, to test a new build combination if we are at it. Also: - GHA: add necessary generic bits for i386 autotools builds. - AppVeyor CI: teach it to ignore commits updating our GHA config. Follow-up to 572c57c9d8d4e89cfce19dde40125d55481256d1 #1072 Closes #1074 commit 572c57c9d8d4e89cfce19dde40125d55481256d1 Author: Xi Ruoyao Date: Wed May 31 21:03:11 2023 +0800 autotools: skip tests requiring static lib if `--disable-static` (#1072) Co-authored-by: Viktor Szakats Regression from 83853f8aea0e2f739cacd491632eb7fd3d03ad2d #663 Fixes #1056 commit e5c03043332bfed6b56b0300a5f8059d37b74018 Author: Viktor Szakats Date: Wed May 31 08:55:38 2023 +0000 ci: prefer `=` operator in shell snippets Closes #1073 commit 7b8e02257f01a6dac5f65305b18bb74a157fb5c4 Author: Viktor Szakats Date: Tue May 30 17:56:21 2023 +0000 src: bump DSA and ECDSA sign `hash_len` to `size_t` Closes #1055 commit c317e06faaee580e450f44cf3fca0b9e76f14ee5 Author: Viktor Szakats Date: Tue May 30 23:03:21 2023 +0000 scp: fix missing cast for targets without large file support E.g. on 32-bit Linux. Issue revealed after adding i386 Linux CI build in abdf40c741c575f94bdea1c67a9d1182ff813ccb #1057. ``` /home/runner/work/libssh2/libssh2/src/scp.c: In function 'scp_recv': /home/runner/work/libssh2/libssh2/src/scp.c:765:23: error: conversion from 'libssh2_int64_t' {aka 'long long int'} to '__off_t' {aka 'long int'} may change value [-Werror=conversion] 765 | sb->st_size = session->scpRecv_size; | ^~~~~~~ ``` Ref: https://github.com/libssh2/libssh2/actions/runs/5126803482/jobs/9221746299?pr=1054#step:12:51 Regression from 5db836b2a829c6fff1e8c7acaa4b21b246ae1757 #1002 Closes #1060 commit bc69ac232aa3c7893ec5a419fe28b73638759e5a Author: Viktor Szakats Date: Tue May 30 23:39:53 2023 +0000 mbedtls.h: formatting [ci skip] For consistency with `mbedtls.c`. Follow-up to 1153ebdeba563ac657b525edd6bf6da68b1fe5e2 commit e800038cb938c7ab16837b8e0218babc5a088393 Author: Viktor Szakats Date: Tue May 30 23:12:04 2023 +0000 libssh2.h: bump to 1.11.1_DEV [ci skip] commit 1153ebdeba563ac657b525edd6bf6da68b1fe5e2 Author: Viktor Szakats Date: Tue May 30 17:28:03 2023 +0000 mbedtls: use more `size_t` to sync up with `crypto.h` Ref: 5a96f494ee0b00282afb2db2e091246fc5e1774a #846 #879 Fixes #1053 Closes #1054 commit ab8e95bcfc498a96baa1b11155a8f34a0daaeaba Author: Viktor Szakats Date: Tue May 30 22:20:59 2023 +0000 ci: drop redundant/unused vars, sync var names Closes #1059 commit abdf40c741c575f94bdea1c67a9d1182ff813ccb Author: Viktor Szakats Date: Tue May 30 18:45:18 2023 +0000 ci: add i386 Linux build (with mbedTLS) Also: - reorder Linux build matrix to make build tool more visible. - hide apt-get progress bar. - prepare package install step for i386 builds. Detects bug #1053 Closes #1057 commit d67a91aa108ba8a65a380261782b7cddf57453e7 Author: Viktor Szakats Date: Tue May 30 12:19:30 2023 +0000 checksrc: switch to dot file Closes #1052 commit 1c3f1b7da588f2652260285529ec3c1f1125eb4e Author: Daniel Stenberg Date: Mon May 29 12:03:18 2023 +0200 libssh2.h: bump to 1.11.0 for release commit 1a186f1ead5ab0beca1fcc12aa693c166ef855b8 Author: Will Cosgrove Date: Tue May 30 08:57:13 2023 -0700 Libssh2 1.11 release notes, copyright (#1048) * Libssh2 1.11 release notes, copyright commit e7a542da6a79b7749dee1546ee72971a09d227b8 Author: Viktor Szakats Date: Sun May 28 00:29:08 2023 +0000 add copyright/credits Closes #1050 commit 3f4ea939b4489bdd5d710b623f3988ac14edb6fa Author: Viktor Szakats Date: Fri May 26 23:04:09 2023 +0000 ci: add LIBSSH2_NO_AES_CBC to GNU Make build Closes #1049 commit 801aebc6a0f46fe7abd4a4ed8db8458c85910c58 Author: Viktor Szakats Date: Thu May 25 22:26:34 2023 +0000 ci: add wolfSSL Linux builds Exclude wolfSSL builds from tests. All fail: ``` 2/43 Test #2: test_aa_warmup ............................***Failed 5.59 sec libssh2_session_handshake failed (-44): Unable to ask for ssh-userauth service ``` Ref: https://github.com/libssh2/libssh2/actions/runs/5085775952/jobs/9139583212#step:12:942 (with logging) Ref: https://github.com/libssh2/libssh2/actions/runs/5085586301/jobs/9139192562#step:12:225 wolfSSL version: ``` Get:1 http://azure.archive.ubuntu.com/ubuntu jammy/universe amd64 libwolfssl32 amd64 5.2.0-2 [818 kB] Get:2 http://azure.archive.ubuntu.com/ubuntu jammy/universe amd64 libwolfssl-dev amd64 5.2.0-2 [1194 kB] ``` Cherry-picked from #1046 Closes #1046 commit 8e3bbd80eba3b9b1237d1d3a9741e0a24f76aaab Author: Viktor Szakats Date: Thu May 25 22:49:16 2023 +0000 ci: mbedTLS build config tidy-up Cherry-picked from #1046 commit 4beb7a3a12811cf079e00e22d793da345a3b1921 Author: Viktor Szakats Date: Thu May 25 10:47:43 2023 +0000 wolfssl: fix detection of AES-GCM feature Follow-up to df513c0128e1a811ad863d153892618e728845f0 Ref: https://github.com/libssh2/libssh2/issues/1020#issuecomment-1562069241 Closes #1045 commit ddb3be7dadfb8c0c7beb8db60d86eef74ed031a2 Author: Viktor Szakats Date: Thu May 18 23:35:53 2023 +0000 build: fix 'unused' compiler warnings with all `NO` options set - add `LIBSSH2_NO_ED25519` build-time option to force-disable ED25519 support. Useful to replicate crypto-backend builds without ED25519, such as wolfSSL. - openssl: fix unused variable and function warnings with all supported `LIBSSH2_NO_*` options enabled. - mbedtls: fix misplaced `#endif` leaving out the required internal public function `libssh2_supported_key_sign_algorithms()`. - mbedtls: add missing prototype for two internal public functions. - delete a redundant block. All `NO` options: ```shell CPPFLAGS=' -DLIBSSH2_NO_MD5 -DLIBSSH2_NO_HMAC_RIPEMD -DLIBSSH2_NO_DSA -DLIBSSH2_NO_RSA -DLIBSSH2_NO_RSA_SHA1 -DLIBSSH2_NO_ECDSA -DLIBSSH2_NO_ED25519 -DLIBSSH2_NO_AES_CTR -DLIBSSH2_NO_BLOWFISH -DLIBSSH2_NO_RC4 -DLIBSSH2_NO_CAST -DLIBSSH2_NO_3DES' ``` Closes #1044 commit e692c55bc0fcb69adba5eeb80142c7d0a6b5dda0 Author: Viktor Szakats Date: Thu May 18 21:16:13 2023 +0000 cmake: avoid `list(PREPEND)` for compatibility `list(PREPEND)` requires CMake v3.15, our minimum is v3.1. `APPEND` should work fine for headers anyway. Also fix a wrongly placed comment. Ref: https://cmake.org/cmake/help/latest/command/list.html#prepend Regression from 1e3319a167d2f32d295603167486e9e88af9bb4e Closes #1043 commit 1c9323416c9d71ebdc1a64271007a1cd59a1f44d Author: Viktor Szakats Date: Thu May 18 10:37:58 2023 +0000 checksrc: verify label indent, fix fallouts Also update two labels to match the rest of the source. checksrc update credit: Emanuele Torre @emanuele6 Ref: https://github.com/curl/curl/pull/11134 Closes #1042 commit bfcf796c17eea6880cd806ffd7364212d3f35b3e Author: Viktor Szakats Date: Wed May 10 08:19:08 2023 +0000 tidy-up: minor nits commit c7074ccc9d47d4dcc07ada9c68e56342af833318 Author: Viktor Szakats Date: Mon May 8 22:05:18 2023 +0000 ci: drop default shared/static configuration options Both autotools and cmake build both shared and static lib by default. Ref: 896154bc17f000c0a1bb89b74bc879692ac0d47c Delete configuration enabling these explicitly in CI jobs. Cherry-picked from #1036 Closes #1036 commit 896154bc17f000c0a1bb89b74bc879692ac0d47c Author: Viktor Szakats Date: Sun May 7 17:34:22 2023 +0000 cmake: enable shared libssh2 library by default This brings default behaviour in sync with autotools, which builds both lib flavours by default. (Notice that on Windows, autotools includes the Windows Resource in the static library, when building both at the same time. CMake doesn't have this issue.) Enabling both lib flavours has a side-effect when using non-MinGW toolchains (e.g. MSVC): to resolve the filename conflict between import and static libraries, we add a suffix to the static lib, naming it `libssh2_static.lib`. This can break dependent builds relying on `libssh2.lib` for linking the static libssh2. Workarounds: - disable either shared or static libssh2 via `-DBUILD_STATIC_LIBS=OFF` or `-DBUILD_SHARED_LIBS=OFF`. This results in a libssh2 library (either static or shared) without a prefix: `libssh2.lib`. - set a custom static library suffix via: `-DSTATIC_LIB_SUFFIX=_my_static`. Resulting in `libssh2_my_static.lib`, and import library `libssh2.lib`. - set a custom import library suffix via: `-DIMPORT_LIB_SUFFIX=_my_implib`. Resulting in `libssh2_my_implib.lib` import library, and static library `libssh2.lib`. - customize the default static/import library suffix (incl. extension) via `-DCMAKE_STATIC_LIBRARY_SUFFIX=_my_static_suffix.lib` or `-DCMAKE_IMPORT_LIBRARY_SUFFIX=_my_import_suffix.lib`. Cherry-picked from #1036 commit 837fa4b8b74b8e2a105a06288a5fe6708c9a9971 Author: Viktor Szakats Date: Mon May 8 18:07:49 2023 +0000 cmake: tweak static/import lib name collision avoidance logic The collision issue affects (typically) MSVC, when building both shared and static libssh2 in one go. Ref: https://stackoverflow.com/questions/2140129/what-is-proper-naming-convention-for-msvc-dlls-static-libraries-and-import-libr Initially we handled this by appending the `_imp` suffix to the import library filename. This is how curl tackles this, but on a second look, this solution seem to be accidental and has no widespread use. It seems more widely accepted to use the '_static' suffix for the static library. This patch implements this. (MinGW, Cygwin and unixy platforms are not affected by this issue.) Follow-up to 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1 Cherry-picked from #1036 commit a791c0b26a7206a7621688b82b616674d44fec9e Author: Viktor Szakats Date: Mon May 8 17:31:41 2023 +0000 cmake: add `IMPORT_LIB_SUFFIX` (like `STATIC_LIB_SUFFIX`) Allow resolving the import/static library name collision also by setting a custom _import_ library name suffix. Follow-up to 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1 Cherry-picked from #1036 commit 9bd4d94a0cdae28196f15ab83afb70eb5315c724 Author: Viktor Szakats Date: Mon May 8 22:08:52 2023 +0000 ci: do not disable shared lib with msys2/autotools in GHA Cherry-picked from #1036 commit 4fcb97bde5b0be33d0b066881b477fd8ea783693 Author: Viktor Szakats Date: Mon May 8 23:22:29 2023 +0000 Makefile.mk: fix `DYN=1 test` by skipping tests needing static lib `DYN=1` means to build examples/tests against the shared libssh2. Before this patch this was broken for building tests. This patch skips building tests that require the static libssh2 library, so the build now succeeds. Also move the list of tests that require static lib from `CMakeLists.txt` to `Makefile.inc`, so that we can reuse it in `Makefile.mk`. Couldn't find a way to also reuse it in `Makefile.am`. Move the `Makefile.am` specific definitions close to the shared list, to make it easier to keep them synced. Cherry-picked from #1036 commit 86eaec4a1ed79453af58f3c0f8283a8de486c5c7 Author: Viktor Szakats Date: Mon May 8 13:32:21 2023 +0000 ci: make one of the AppVeyor CMake jobs shared-only This build combination did not have a CI test before. Cherry-picked from #1036 commit bc2445e56e79137d42d8d173eaac650dbed5cddd Author: Viktor Szakats Date: Sun May 7 23:34:22 2023 +0000 cmake: allow tests with `BUILD_STATIC_LIBS=OFF` Before this patch, the CMake build did not allow to disable static libssh2 library while also building tests. This patch removes this constraint, and makes this combination possible. In this case the 3 (at the moment) tests that require a static libssh2 library, are skipped from the build and test runs. Cherry-picked from #1036 commit 4296fccd1aa88f258e7a03844f5998a1465a0157 Author: Viktor Szakats Date: Mon May 8 02:05:30 2023 +0000 build: fix to set `-DLIBSSH2DEBUG` for tests Required for tests using libssh2 internals. These are the ones requiring the libssh2 _static_ lib. Before this patch, `src` and `tests` declared the `session` structure differently, due to extra struct members added with the `LIBSSH2DEBUG` macro set. But, the macro was only set for `src` when using CMake. At runtime this caused struct members to be at different offsets between lib and test code, resulting in the test failures below. Due to another bug in the affected test, these failures did not reflect in the exit code, which always returned success, so this went unnoticed for a good while. Fixed in: 84d31d0ca7b647ad4c2aa92bf8f4a94b233f5d3b ``` Start 5: test_auth_keyboard_info_request [...] 5: Test case 1 passed 5: Test case 2 passed 5: Test case 3: expected return code to be 0 got -1 5: Test case 4: expected last error code to be "-6" got "-38" 5: Test case 5: expected last error code to be "-6" got "-38" 5: Test case 6: expected last error code to be "-6" got "-38" 5: Test case 7: expected last error message to be "Unable to decode keyboard-interactive number of keyboard prompts" got "userauth keyboard data buffer too small to get l 5: Test case 8: expected last error code to be "-41" got "-38" 5: Test case 9: expected return code to be 0 got -1 5: Test case 10: expected return code to be 0 got -1 5: Test case 11: expected last error code to be "-6" got "-38" 5: Test case 12: expected last error message to be "Unable to decode user auth keyboard prompt echo" got "userauth keyboard data buffer too small to get length" 5: Test case 13: expected return code to be 0 got -1 5: Test case 14: expected return code to be 0 got -1 5: Test case 15: expected last error code to be "-6" got "-38" 5: Test case 16: expected last error code to be "-6" got "-38" 5: Test case 17: expected last error code to be "-6" got "-38" 5: Test case 18: expected last error code to be "-6" got "-38" ``` Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46925869/job/i9uasceu3coss0i2#L440 Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46983040/job/c3vag25c26a77lyr#L485 Cherry-picked from #1037 Closes #1037 commit 84d31d0ca7b647ad4c2aa92bf8f4a94b233f5d3b Author: Viktor Szakats Date: Mon May 8 00:38:30 2023 +0000 test_auth_keyboard_info_request: fix to return failure Before this patch, this test returned success even when one of its tests failed. Fix it by returning 1 in case any of the tests fails. This issue masked a CMake build bug with logging enabled. Subject to an upcoming patch. Cherry-picked from #1037 commit 731e74e26b53f67568f065aa4a82311cba30215b Author: Viktor Szakats Date: Mon May 8 01:30:07 2023 +0000 test_auth_keyboard_info_request: fix indentation Cherry-picked from #1037 commit b48ae2db9f8b4da78d70ceac3eeb94ac518f05e4 Author: Viktor Szakats Date: Mon May 8 01:20:58 2023 +0000 tidy-up: move comment off from copyright header Cherry-picked from #1037 commit 231bd8fae724060f33006564444f9d0ab8390aea Author: Viktor Szakats Date: Sun May 7 10:47:58 2023 +0000 ci: enable shared libs in msys2/macOS cmake builds Shared libs improve example/tests build times. For "unity" builds the overhead of building shared lib is negligible, so this even reduced the overall build-time. Follow-up to 3d64a3f5100f7f4cf52202396eb4f1c3f3567771 Follow-up to d93ccf4901ef26443707d341553994715414e207 Tests: https://github.com/libssh2/libssh2/actions/runs/4906586658: unity builds enabled https://github.com/libssh2/libssh2/actions/runs/4906925743: unity builds enabled + parallel msys2 builds https://github.com/libssh2/libssh2/actions/runs/4906777629: unity + shared lib (this commit) https://github.com/libssh2/libssh2/actions/runs/4906927190: unity + shared lib (this commit) + parallel msys2 builds Consider making shared libs enabled by default also in CMake, to sync it with autotools? Closes #1035 commit 34b6549fe7f2350685dd189d0457ad0a97b4bc20 Author: Viktor Szakats Date: Sun May 7 11:28:09 2023 +0000 ci: add missed --parallel 3 from msys2 cmake builds Follow-up to 3d64a3f5100f7f4cf52202396eb4f1c3f3567771 commit 7129ea9ca8cca86dac80a6bac2d63937987efe9d Author: Viktor Szakats Date: Sun May 7 00:38:55 2023 +0000 cmake: add and test "unity" builds "Unity" (aka "jumbo", aka "amalgamation" builds concatenate source files before compiling. It has these benefits for example: faster builds, improved code optimization, cleaner code. Let's support and test this. - enable unity builds for some existing CI builds to test this build scenario. - tune `UNITY_BUILD_BATCH_SIZE` size. - disable unity build for example and test programs (they use one source each already). You can enable it by passing `-DCMAKE_UNITY_BUILD=ON` to cmake. Supported by CMake 3.16 and newer. Ref: https://cmake.org/cmake/help/latest/prop_tgt/UNITY_BUILD.html Closes #1034 commit cdd7fc009d8e38d46758135b21ad4a6f7aae3b9d Author: Viktor Szakats Date: Wed May 3 23:40:46 2023 +0000 tests: simplify passing `srcdir` to tests Before this patch libssh2 used a variety of solutions to pass the source directory to tests: `FIXTURE_WORKDIR` build-time macro (cmake), `FIXTURE_WORKDIR` envvar (unused), setting `srcdir` manually (autotools), setting current directory (cmake), and also `builddir` envvar (autotools) for passing current working dir to `mansyntax.sh`. This patch reduces this to using existing `srcdir` with autotools and setting it ourselves in CMake. This was mostly enabled by this recent patch: 4c9ed51f962f542b98789b15bedaaa427f4029a2 Details: - cmake: replace baked-in `FIXTURE_WORKDIR` macro with env. Added in 54bef4c5dad868a9d45fdbfca9729b191c0abab5 #198 (2018-03-21) - rename `FIXTURE_WORKDIR` to `srcdir`, to match autotools. - cmake: add missing `srcdir` for algo and sshd tests. - session_fixture: stop `chdir()`-ing, rely on prefixing with `srcdir`. Changing current directory should be unnecessary after 4c9ed51f962f542b98789b15bedaaa427f4029a2 #801 (2023-02-24), that prefixes referenced input filenames with the `srcdir` envvar. The `srcdir` envvar was already exported by autotools, and now we're also setting it from CMake. - cmake: stop setting `WORKING_DIRECTORY`, rely on `srcdir` env. `WORKING_DIRECTORY` is no longer necessary, after passing `srcdir` to all tests, so they can find our source tree and keys/etc in it regardless of the current directory. Also this past commit hints that `WORKING_DIRECTORY` wasn't always working for this purpose as expected: "tests: Xcode doesn't obey CMake's test working directory" Ref: https://github.com/libssh2/libssh2/pull/198/commits/10a5cbf945abcc60153ee3d59284d09fc64ea152 - autotools: delete explicit `srcdir` for test env. Added in 13f8addd1bc17e6c55d52491cc6304319ac38c6d (2015-07-02) automake documents `srcdir` as exported to the test environment: https://github.com/autotools-mirror/automake/blob/c04c4e8856e3c933239959ce18e16599fcc04a8b/doc/automake.texi#L9302-L9304 https://www.gnu.org/software/automake/manual/html_node/Scripts_002dbased-Testsuites.html It's mentioned in the docs back in 1997 and got a regression test in 2012. We can safely assume it to be available without setting it ourselves. - autotools: delete explicit `builddir`. Added in 13f8addd1bc17e6c55d52491cc6304319ac38c6d (2015-07-02) It seems this wasn't necessary to make the above fix work, and `mansyntax.sh` is able to figure out the build workdir by reading `$PWD`. Our out-of-tree and `make distcheck` CI builds also work without it. Let us know if there is a scenario we're missing and needs this. Closes #1032 commit ebf644fb6a6e609dd05a5cb4c070e74ac3e85322 Author: Viktor Szakats Date: Wed May 3 21:17:01 2023 +0000 src: fix `libssh2_store_*()` for >u32 inputs `_libssh2_store_str()` and `_libssh2_store_bignum2_bytes()` accept inputs of `size_t` max, store the size as 32-bit unsigned integer, then store the complete input buffer. With inputs larger than `UINT_MAX` this means the stored size is smaller than the data that follows it. This patch truncates the stored data to the stored size, and now returns a boolean with false if the stored length differs from the requested one. Also add `assert()`s for this condition. This is still not a correct fix, as we now dump consistent, but still truncated data which is not what the caller wants. In future steps we'll need to update all callers that might pass large data to this function to check the return value and handle an error, or make sure to not call this function with more than UINT_MAX bytes of data. Ref: c3bcdd88a44c4636818407aeb894fabc90bb0ecd (2010-04-17) Ref: ed439a29bb0b4d1c3f681f87ccfcd3e5a66c3ba0 (2022-09-29) Closes #1025 commit e36b21df910a412bb27789dd0295fcd439df87b5 Author: Viktor Szakats Date: Fri May 5 13:26:43 2023 +0000 cmake: limit WinCNG to Windows After deleting the `bcrypt.h` check, no check remained. Restore a `WIN32` check here to ensure WinCNG is not enabled outside Windows. Follow-up to 1289033598546ee5089ff0fc4369d24e1e2be81f Tested-in #1032 commit 1458e28f3683c916ecdb348b09f37af453b16f53 Author: Viktor Szakats Date: Thu May 4 22:17:03 2023 +0000 cmake: move `CMAKE_VS_GLOBALS` setting to CI configs To not force this setting for local builds where they might serve a good purpose. It makes our CI runs slightly faster and we don't need to track file changes in unattended, single, CI runs. Cherry-picked from #1031 commit f12e25af30c76301ac0c9e2c3ade5eadfd9a1342 Author: Viktor Szakats Date: Thu May 4 21:04:30 2023 +0000 cmake: prefill for faster config phase on Windows Prefill known detection results on Windows with MinGW and MSVC, to avoid spending time on detecting these on every cmake configuration run. With MinGW + clang and MSVC, this elminates all detections. With MinGW + gcc, it reduces them to 3. Cherry-picked from #1031 commit 62acef1c4480c133c93d832a74be298d67582196 Author: Viktor Szakats Date: Thu May 4 22:18:53 2023 +0000 libssh2_setup.h: set `HAVE_INTTYPES_H` for MSVC To sync up the hand-crafted config with actual detection results by CMake and autotools. Sources compiled fine without it anyway. Cherry-picked from #1031 commit a190503e8ebfe83048cd0613d0e08e6d1d5ea140 Author: Viktor Szakats Date: Thu May 4 22:55:38 2023 +0000 cmake: re-add `select()` detection (regression) `select()` detection suffered two regressions: First I accidentally deleted it for non-Windows [1]. Then the Windows-specific setting got missed from the generated `libssh2_config.h` after a rearrangement in `CMakeLists.txt` files. [1] 31fb8860dbaae3e0b7d38f2a647ee527b4b2a95f (2023-03-07) [2] 803f19f004eb6a5b525c48fff6f46a493d25775c (2023-04-18) This patch restores detection. For Windows, enable it unconditionally, not only for speed reasons, but because detection needs `ws2_32`, and even that is broken on the x86 platform. According to the original `cmake/SocketLibraries.cmake`, caused by a calling convention mismatch. FWIW autotools detects it correctly. Cherry-picked from #1031 commit b9eafb962594784ba45d85b8b37de01bf7eadc80 Author: Viktor Szakats Date: Thu May 4 17:32:42 2023 +0000 ci: merge make job into msys2 section, enable zlib + openssl Follow up to dd625766271a0ba13f5ac661bdc2fa40bbfa580a Cherry-picked from #1030 commit fd97eccecc29ed4156a9e0094e2dc8a58b933772 Author: Viktor Szakats Date: Thu May 4 17:28:28 2023 +0000 ci: add missing timeouts for autotools tests Cherry-picked from #1030 commit 3d64a3f5100f7f4cf52202396eb4f1c3f3567771 Author: Viktor Szakats Date: Thu May 4 12:50:54 2023 +0000 ci: add mingw-w64 clang and gcc CMake jobs Cherry-picked from #1030 commit 1289033598546ee5089ff0fc4369d24e1e2be81f Author: Viktor Szakats Date: Thu May 4 09:10:37 2023 +0000 cmake: assume `bcrypt.h` with WinCNG autotools already didn't check for `bcrypt.h`, and such check is only required for old/legacy mingw without obsolete/incomplete Windows headers. curl deprecated old-mingw support just recently and will delete support in September 2023. This patch saves some complexity and detection time by dropping this check for CMake. Meaning that mingw-w64 is now required to compile libssh2 when using the WinCNG backend for 32-bit builds. Other backends and CPU platforms are not affected. Ref: https://github.com/curl/curl/commit/e4d5685cb5d6eb07e1b43156fd7e3ba3563afba5 Closes #1026 commit a9f1acabe37c7d0eba5e2128a95f0b8ea25674ee Author: Viktor Szakats Date: Thu May 4 11:47:44 2023 +0000 cmake: do not check for `poll()` on Windows While it seems to exist on mingw in theory, it's not detected as of this writing. It also has issues, and not ready for production use: https://stackoverflow.com/questions/1671827/poll-c-function-on-windows On MSVC it's even less supported. Skip checking this to save CMake detection time. Closes #1027 commit 028796168202550c3e1c615bd9b76c364b0f55eb Author: Viktor Szakats Date: Thu May 4 12:40:57 2023 +0000 agent_win: make a struct static and other build improvements Also: - merge back `agent.h` into `agent.c` where it was earlier. Ref: c998f79384116e9f6633cb69c2731c60d3a442bb - introduce `HAVE_WIN32_AGENT` internal macro. - fix two guards to exclude more code unused in UWP builds. Follow-up to 1c1317cb768688eee0e5496c72683190aaf63b29 Closes #1028 commit fc003d4dc3b1b86bfaf7720bfc3fd6f2bf94b17a Author: Viktor Szakats Date: Thu May 4 11:31:40 2023 +0000 tidy-up: formatting nits Whitespace and redundant parenthesis in `return`s. Closes #1029 commit 272a17ce266b4428c95c5337925aababc4acfa53 Author: Nick Woodruff Date: Wed May 3 16:39:25 2023 -0400 sftp: parse attribute extensions, if present, to avoid stream parsing errors (#1019) Prevents directory listing errors when attribute extensions are present by advancing stream parsing past extensions. commit d4690e950995658eccb316cb9403ad6d31e19dba Author: Viktor Szakats Date: Wed May 3 17:43:56 2023 +0000 tests: merge `sshd_fixture.sh` into `test_sshd.test` Merge the loop executing multiple tests and the script that actually launches the tests into a single script. This same script is now called from both autotools and CMake. autotools loads the list of tests from `Makefile.inc`, CMake passes it via the command-line. It's also possible to call the script manually with a custom list of tests or individual ones. With this setup we're now launching a single sshd session for all tests, instead of launching and killing it for each test. This did not improve reliability of these test on CI machines, and it's easy to go back to the previous behaviour if necessary. Also: - allow passing custom sshd options via `SSHD_FLAGS`. - add `SSHD_TESTS_LIMIT_TO` to limit the number of tests to its value. E.g. `SSHD_TESTS_LIMIT_TO=1` executes the first test only. Meant for debugging. - use `ssh` to test the connection (if available) instead of fixed amount of wait. Made to also work on Windows. - set `PermitRootLogin yes` in `sshd`, to allow running tests as root. - show `sshd` path and version. Cherry-picked from #1017 (the last one) Closes #1024 commit 8aa1ca859f751cc4911881dc10c73c69e2f9fa28 Author: Viktor Szakats Date: Wed May 3 14:52:43 2023 +0000 ci: make sure to run tests after all builds in GHA Whenever possible. Due to flakiness/hangs/timeouts, keep sshd tests disabled on Windows and macOS. Also keep Docker tests disabled on these platforms, they do not work: GHA Windows: ``` no matching manifest for windows/amd64 in the manifest list entries ``` GHA macOS: ``` sh: docker: command not found ``` It's not possible to run UWP and ARM64 binaries: UWP: ``` Test #2: test_simple ......................Exit code 0xc0000135 ``` Needs but doesn't find: `VCRUNTIME140_APP.dll`. ARM64 ``` D:/a/libssh2/libssh2/bld/tests/Release/test_ssh2.exe: cannot execute binary file: Exec format error ``` Cherry-picked from #1017 commit 8d076c0f0c95ec62fa9356c7d4bd8bb96ded37b4 Author: Viktor Szakats Date: Wed May 3 14:44:13 2023 +0000 tests: disable sshd tests on Windows via new options Instead of using hacks inside the build systems. `SSHD` variable added to GitHub Actions is not currently used. Added there to make it easy to experiment with these tests and the path is non-trivial to discover. Using the Windows built-in sshd server is another option (haven't discovered its path yet). Cherry-picked from #1017 commit 62178a367a16f3d1010ddc58160b73143e495328 Author: Viktor Szakats Date: Wed May 3 14:30:02 2023 +0000 tests: add cmake/autotools options to disable running tests autotools: - `--disable-docker-tests` - `--disable-sshd-tests` cmake: - `RUN_DOCKER_TESTS` - `RUN_SSHD_TESTS` Update automake and ci to use this new flag and delete former logic of relying on Windows detection and `HOST_WINDOWS`. Also fix honoring this when running `test_read_algos.test`. This allows to disable these individually and on per-CI/local-job basis. To run as much tests as the env allows. Cherry-picked from #1017 commit 54e8d021693c646381184a58d2bce0aed8cfcccc Author: Viktor Szakats Date: Wed May 3 14:13:24 2023 +0000 ci: add `make distcheck` job Cherry-picked from #1017 commit 0c57c56fcebf36b25d625d0dfaec948634bdd7fd Author: Viktor Szakats Date: Wed May 3 14:12:16 2023 +0000 ci: switch to out-of-tree autotools builds Cherry-picked from #1017 commit 03ee8d3cc43ac12fbf06f8c7fcec2492707e6f70 Author: Viktor Szakats Date: Wed May 3 14:06:43 2023 +0000 ci: restore parallel builds with cmake Also add missing -j3 for macOS builds. Partial revert of 0d08974633cfc02641e6593db8d569ddb3644255 Cherry-picked from #1017 commit c01ccf898bde3656e6e910b65e32cd0ec7aa22c1 Author: Viktor Szakats Date: Wed May 3 13:57:18 2023 +0000 ci: sync names, steps, syntax, build dirname between jobs Also: - delete an unused 64-bit option for Linux (all jobs are 64-bit). - fix to not install libgcrypt and openssl when doing mbedTLS builds. [ Empty lines after multiline run commands are solely to unbreak my editor's syntax highlighting. They can be deleted in the future ] Cherry-picked from #1017 commit dd625766271a0ba13f5ac661bdc2fa40bbfa580a Author: Viktor Szakats Date: Wed May 3 12:52:16 2023 +0000 ci: add `Makefile.mk` test, with `LIBSSH2_NO_*` options Cherry-picked from #1017 commit 875bc599e5f94cf141a3130f1723bd90a3dc0da4 Author: Viktor Szakats Date: Mon May 1 19:49:58 2023 +0000 Makefile.mk: use Makefile.inc from example and tests Instead of assembling the list using `$(wildcard ...)`. Also split off a `tests/Makefile.inc` from `tests/Makefile.am`. With its simpler syntax, this also allows to delete some complexity from the CMake loader. Cherry-picked from #1017 commit 8270633eeb3383d52454d30c15704cb8c5d8085f Author: Viktor Szakats Date: Wed May 3 13:05:35 2023 +0000 example, tests: fix ssh2 to correctly return failure Before this patch ssh2 and test_ssh2 returned success even if the session failed at `libssh2_session_handshake()` or after. This patch depends on cda41f7cb87c3af5258ba48ccef19d3efdbd3d3b, that fixed running test_ssh2 on Windows via sshd_fixture. Cherry-picked from #1017 commit 0a29a63ca6c56c0ee1a014550e36db76034b814d Author: Viktor Szakats Date: Wed May 3 12:55:59 2023 +0000 tests: set -e -u in shell scripts Cherry-picked from #1017 commit 612ca85aaa70a3cd570ee45a7af8f240d7e8acf2 Author: Viktor Szakats Date: Tue May 2 22:21:01 2023 +0000 cmake: use shared libs again in example and tests Re-sync with autotools and v1.10.0 behavior. This improves build times. It also allows to stop building our special shared test target to test shared builds. Follow-up to 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1 Cherry-picked from #1017 Closes #1022 commit bc120a343bb3cda0985fb06ee491ec5318e98426 Author: Viktor Szakats Date: Fri Apr 28 23:24:26 2023 +0000 tests: retry KEX failures when using the WinCNG backend Twice. This tests are flaky and we haven't figured out why. In the meantime use this workaround to test and log these issues, but also ensure that CI run aren't flagged red because of it. Also: - kex: add debug message when hostkey `sig_verify` fails, to help tracking WinCNG KEX failures. - test_ssh2: also add retry logic. I'm not quite sure this is correct. Please let me know. - session_fixture: bump up `src_path` slots to fit retries and show message when hitting the limit. - session_fixture: clear `kbd_password` static variable after use. - session_fixture: close and deinit socket after use. - session_fixture: deinit libssh2 after use. Ref: #804 #846 #979 #1012 #1015 Cherry-picked from #1017 Closes #1023 commit d70919fb0032cfec09df7f99b362c904e5a319b3 Author: Viktor Szakats Date: Tue May 2 11:25:49 2023 +0000 example, test_ssh2: shutdown socket before close Syncing them with `tests/session_fixture.c`. Cherry-picked from #1017 commit e99c84f6828fab6a06784fcd42ef03fcf5d7da58 Author: Viktor Szakats Date: Sun Apr 30 17:34:52 2023 +0000 ci.yml: fix indentation [ci skip] Cherry-picked from #1017 commit baecb5eb68d0c789f3a21d80015b96cc9fa19c96 Author: Viktor Szakats Date: Mon May 1 21:14:56 2023 +0000 Makefile.mk: make tests depend on runner lib Cherry-picked from #1017 commit 1c1317cb768688eee0e5496c72683190aaf63b29 Author: Viktor Szakats Date: Mon May 1 19:43:46 2023 +0000 build: compile agent_win.c via agent.c Silences these warnings on non-Windows: ``` ranlib: file: libssh2.a(agent_win.c.o) has no symbols ``` Cherry-picked from #1017 commit 74ffa1e01dde1ac95b64ddfd18e226f9a416a101 Author: Viktor Szakats Date: Tue May 2 22:17:47 2023 +0000 cmake: delete obsolete comment Follow-up to 80175921638fa0a345237d23206a2ad1644cdd9b Cherry-picked from #1017 commit b87fbc91cb787c2b0a80dc59e71bb97f87de1254 Author: Viktor Szakats Date: Tue May 2 11:47:01 2023 +0000 checksrc.sh: fix it to run from any current directory Also silence a shellcheck warning. Cherry-picked from #1017 commit ce9d789689169071a592a983230afd00afb6ac94 Author: Viktor Szakats Date: Tue May 2 14:03:39 2023 +0000 ISSUE_TEMPLATE: ask for crypto backend version Also fix casing in backend names. Cherry-picked from #1017 commit 33f3260a4a2448e661ec8cc9b7863e6987b5e242 Author: Viktor Szakats Date: Sun Apr 30 20:39:50 2023 +0000 tests: fix newlines in test keys for sshd on Windows Make sure these files get LF newlines on checkout. Before this patch a checked out libssh2 Git repository may have used CRLF newlines in text files, include test keys. Private keys with CRLF newlines could confuse sshd on Windows: ``` # sshd version: 'OpenSSH_9.2, OpenSSL 1.1.1t 7 Feb 2023' Unable to load host key "/d/a/libssh2/libssh2/tests/openssh_server/ssh_host_ed25519_key": invalid format Unable to load host key: /d/a/libssh2/libssh2/tests/openssh_server/ssh_host_ed25519_key ``` Ref: https://github.com/libssh2/libssh2/actions/runs/4846188677/jobs/8635575847#step:6:39 Cherry-picked from #1017 commit ec8689b264c2b756f002e6f4d337dd0c14b839d7 Author: Viktor Szakats Date: Sun Apr 30 19:43:15 2023 +0000 cmake: move option descriptions next to definition Cherry-picked from #1017 commit d964289e541bac7b02d9a1cd7cbec29eb358780a Author: Viktor Szakats Date: Mon May 1 13:16:59 2023 +0000 checksrc: sync with curl There were no new issues detected. Cherry-picked from #1017 commit df513c0128e1a811ad863d153892618e728845f0 Author: Viktor Szakats Date: Mon May 1 10:23:59 2023 +0000 openssl: enable AES-GCM with wolfSSL Follow-up to 3c953c05d67eb1ebcfd3316f279f12c4b1d600b4 #797 There is pending issue with wolfSSL, where encryption/decryption is not working (both with and without this patch). Ref: #1020 Cherry-picked from #1017 commit 82ef89611a0e1ed57d1607ea05e5299045dd430a Author: Viktor Szakats Date: Mon May 1 01:57:40 2023 +0000 appveyor: add a UWP OpenSSL 3 build Cherry-picked from #1017 commit 5ca2d638e87dbadc0cd14cd9e96446d6b5821cf1 Author: Viktor Szakats Date: Mon May 1 01:55:54 2023 +0000 appveyor: skip `before_test` when not doing tests Also merge `before_test` section into `test_script`. Cherry-picked from #1017 commit dee8ec92702cd47547fa2e856b7c807c0c3c6fbf Author: Viktor Szakats Date: Tue May 2 10:12:13 2023 +0000 docs: delete two stray characters Cherry-picked from #1017 commit 5ee6d0ffbcb915d285ad2a11944ef99ff95885cc Author: Viktor Szakats Date: Sun Apr 30 11:36:39 2023 +0000 tidy-up: avoid expression 'of course' Cherry-picked from #1017 commit 31851511bfaad779e9e3dafc54564fb33c513850 Author: Viktor Szakats Date: Sun Apr 30 11:27:48 2023 +0000 tidy-up: avoid word 'just' Cherry-picked from #1017 commit 081c04571b32ff23a0e55ac488cd2908ea3423d8 Author: Viktor Szakats Date: Sun Apr 30 11:23:34 2023 +0000 tidy-up: avoid word 'simply' Cherry-picked from #1017 commit cda41f7cb87c3af5258ba48ccef19d3efdbd3d3b Author: Viktor Szakats Date: Sun Apr 30 00:03:16 2023 +0000 tests: teach to use the `USERNAME` envvar on Windows Necessary to pick the correct local username when run on Windows. Cherry-picked from #1017 commit 3f3236eb084feae070ed835aa55e28f3b98ec8a0 Author: Viktor Szakats Date: Sat Apr 29 22:40:31 2023 +0000 test_ssh2: support `FIXTURE_TRACE_ALL*` envvars Cherry-picked from #1017 commit efdacfc791d087131a91ced20a7aa910cc9a3026 Author: Viktor Szakats Date: Sat Apr 29 12:53:32 2023 +0000 tidy-up: add missing newline to error msg, formatting Also: - fix indent - lowercase variables names - fix formatting in `src/global.c` Cherry-picked from #1017 commit 7c982347909e2a010e6c8502f155db893ce1141d Author: Viktor Szakats Date: Sat Apr 29 07:53:34 2023 +0000 appveyor: wait more for SSH connection from GHA Cherry-picked from #1017 commit 6972eb158e4229c643d157390730540e8aa4d9b7 Author: Viktor Szakats Date: Fri Apr 28 21:00:34 2023 +0000 ci: restrict permissions in GitHub Actions Cherry-picked from #1017 commit 7aab5bd6f9960afdf380af772822b2c43e4f33d8 Author: Viktor Szakats Date: Fri Apr 28 20:55:48 2023 +0000 build: fix autoreconf warnings - update `AC_HELP_STRING' to 'AS_HELP_STRING`: ``` configure.ac:[...]: warning: The macro `AC_HELP_STRING' is obsolete. ``` "AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works already since 2.59 so bump the minimum required version to that." Ref: https://github.com/curl/curl/commit/a59f04611629f0db9ad8e768b9def73b9b4d9423 - simplify to avoid: ``` src/Makefile.inc:48: warning: variable 'EXTRA_DIST_SOURCES' is defined but no program or src/Makefile.inc:48: library has 'DIST' as canonical name (possible typo) ``` Regression from 2c18b6fc8df060c770fa7e5da704c32cf40a5757 - `AC_TRY_LINK`/`AC_TRY_COMPILE`: ``` configure.ac:335: warning: The macro `AC_TRY_COMPILE' is obsolete. configure.ac:335: warning: The macro `AC_TRY_LINK' is obsolete. ``` - `libtool`-related ones: ``` configure.ac:70: warning: The macro `AC_LIBTOOL_WIN32_DLL' is obsolete. configure.ac:70: warning: AC_LIBTOOL_WIN32_DLL: Remove this warning and the call to _LT_SET_OPTION when you configure.ac:70: put the 'win32-dll' option into LT_INIT's first parameter. configure.ac:71: warning: The macro `AC_PROG_LIBTOOL' is obsolete. ``` Using code copied from curl: https://github.com/curl/curl/blob/9ce7eee07042605045dcfd02a6f5b38ad5c8a05d/m4/xc-lt-iface.m4#L157-L163 - delete commented and obsolete `AC_HEADER_STDC`. - formatting. Most cherry-picked from `autoupdate` updates. Cherry-picked from #1017 Closes #1021 commit 738cbf5503641e643d55bed56d5d79deebae1af1 Author: Viktor Szakats Date: Wed May 3 01:05:27 2023 +0000 docker-bridge.ps1: use native newlines Also add a shebang and exec flag to ease testing/handling on *nix. PowerShell accepts both LF and CRLF. Cherry-picked from #1017 commit fc7e79e44274d259ba6fad511ea1b4213b8b6b35 Author: Zenju Date: Mon May 1 22:17:18 2023 +0200 sftp: remove packet limit for directory reading (#791) Currently libssh2 cannot read huge directory listings when the package size of `LIBSSH2_SFTP_PACKET_MAXLEN` (256KB) is hit. For example AWS always sends a single package with all files of a directory, no matter how big it is: https://freefilesync.org/forum/viewtopic.php?t=10020 Package size is probably around 7MB in this case! `LIBSSH2_SFTP_PACKET_MAXLEN` is a good idea in general, but there doesn't seem to be a one size fits all. While almost all(?) SFTP responses come in very small packages, I believe the `SSH_FXP_READDIR` request should be exempted. The proposed patch, enhances the package size reading to include parsing the full SFTP packet header. And in case a package is of type `SSH_FXP_NAME` and matches an expected `readdir_request_id`, it does not fail if `LIBSSH2_SFTP_PACKET_MAXLEN` is hit. The chances of accidentally hiding data-corruption are pretty non-existent, because both SFTP `request_id` and packet type must match. No change in behavior otherwise. Best, Zenju Previous discussion: #268 #269 With the above changes, the `LIBSSH2_SFTP_PACKET_MAXLEN` value could (and should?) probably be set back to a small number again. Integration-patches-by: Viktor Szakats commit ccac522260ab93935399b3e47a27e94a6ccab51d Author: Viktor Szakats Date: Fri Apr 28 14:10:11 2023 +0000 checksrc: update and apply fixes Update to latest revision and fix new issues detected. Closes #1014 commit d93ccf4901ef26443707d341553994715414e207 Author: Viktor Szakats Date: Thu Apr 27 16:25:25 2023 +0000 ci: add macOS CI jobs + fix issues revealed Add macOS CI jobs, both cmake and autotools for all supported crypto backends (except BoringSSL), with debug, zlib enabled. Without running tests. It also introduces OpenSSL 1.1 into the CI with a non-MSVC compiler. Credits to curl's `macos.yml`, that I used as a base. Fix these issues uncovered by the new tests: - openssl: fix warning when built with wolfSSL, or OpenSSL 1.1 and earlier. CI missed it because apparently the only OpenSSL 1.1 test we had used MSVC, which did not complain. ``` ../src/openssl.c:3852:19: error: variable 'sslError' set but not used [-Werror,-Wunused-but-set-variable] unsigned long sslError; ^ ``` Regression from 097c8f0dae558643d43051947a1c35b65e1c5761 - pem: add hack to build without MD5 crypto-backend support. The Homebrew wolfSSL build comes with MD5 support disabled. We can expect this becoming the norm. FIPS also requires MD5 disabled. We deleted the same hack from `hostkey.c` a month ago: ad6aae302aaec84afbfacf0c1dfdc446d46eaf21 A better fix would be to guard the MD5 logic with our `LIBSSH2_MD5` macro. ``` pem.c:214:32: error: use of undeclared identifier 'MD5_DIGEST_LENGTH'; did you mean 'SHA_DIGEST_LENGTH'? unsigned char secret[2*MD5_DIGEST_LENGTH]; ^~~~~~~~~~~~~~~~~ SHA_DIGEST_LENGTH ``` Regression from 386e012292a96fcf0dc6861588397845df0aba2c - `configure.ac`: add crypto libs late. Fix it by adding crypto libs to `LIBS` at the end of the configuration process. Otherwise `configure` links crypto libs while doing feature tests, which can cause unwanted detections. For example LibreSSL publishes the function `explicit_bzero()`, which masks the system alternative, e.g. `memset_s()` on macOS. Then when trying to compile libssh2, its declaration is missing: ``` bcrypt_pbkdf.c:93:5: error: implicit declaration of function 'explicit_bzero' is invalid in C99 [-Werror,-Wimplicit-function-declaration] _libssh2_explicit_zero(ciphertext, sizeof(ciphertext)); ^ ../src/misc.h:50:43: note: expanded from macro '_libssh2_explicit_zero' ^ ``` Regression from 4f0f4bff5a92dce6a6cd7a5600a8ee5660402c3f - cmake: fix to list our own include directory before the crypto libs', when building tests. Otherwise a global crypto header path, such as `/usr/local/include`, containing an external `libssh2.h` of a different version, could cause weird errors: ``` cc -DHAVE_CONFIG_H -DLIBSSH2_LIBGCRYPT \ -I../src -I../../src -I/usr/local/include -I[...]/libssh2/include \ -g -isysroot /Library/Developer/CommandLineTools/SDKs/MacOSX13.1.sdk \ -mmacosx-version-min=12.6 -MD -MT \ tests/CMakeFiles/test_aa_warmup.dir/test_aa_warmup.c.o \ -MF CMakeFiles/test_aa_warmup.dir/test_aa_warmup.c.o.d \ -o CMakeFiles/test_aa_warmup.dir/test_aa_warmup.c.o -c \ [...]/libssh2/tests/test_aa_warmup.c ``` ``` [ 62%] Building C object tests/CMakeFiles/test_aa_warmup.dir/test_aa_warmup.c.o In file included from /Users/runner/work/libssh2/libssh2/tests/test_aa_warmup.c:4: In file included from /Users/runner/work/libssh2/libssh2/tests/runner.h:42: In file included from /Users/runner/work/libssh2/libssh2/tests/session_fixture.h:43: /Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:649:5: error: type name requires a specifier or qualifier LIBSSH2_AUTHAGENT_FUNC((*authagent)); ^ /Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:649:30: error: type specifier missing, defaults to 'int' [-Werror,-Wimplicit-int] LIBSSH2_AUTHAGENT_FUNC((*authagent)); ^ /Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:650:5: error: type name requires a specifier or qualifier LIBSSH2_ADD_IDENTITIES_FUNC((*addLocalIdentities)); ^ /Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:650:35: error: type specifier missing, defaults to 'int' [-Werror,-Wimplicit-int] LIBSSH2_ADD_IDENTITIES_FUNC((*addLocalIdentities)); ^ /Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:651:5: error: type name requires a specifier or qualifier LIBSSH2_AUTHAGENT_SIGN_FUNC((*agentSignCallback)); ^ /Users/runner/work/libssh2/libssh2/tests/../src/libssh2_priv.h:651:35: error: type specifier missing, defaults to 'int' [-Werror,-Wimplicit-int] LIBSSH2_AUTHAGENT_SIGN_FUNC((*agentSignCallback)); ^ 6 errors generated. ``` - `tests/session_fixture.h`: delete duplicate `libssh2.h`, `libssh2_priv.h` already includes it. Follow-up to a683133dfe96de126194f58f183131a84c7d36a2 CI logs with these errors: https://github.com/libssh2/libssh2/actions/runs/4824079094 https://github.com/libssh2/libssh2/actions/runs/4824270819 curl's `macos.yml`: https://github.com/curl/curl/blob/da2470de96e94e1c8d276b9ae6e4c97c2cf54239/.github/workflows/macos.yml Tidying-up while here: - tests/session_fixture.h: delete duplicate `libssh2.h`. `libssh2_priv.h` includes it already. Follow-up to a683133dfe96de126194f58f183131a84c7d36a2 - ci.yml: yamllint warnings and formatting. - ci.yml: msvc section formatting and step-naming sync with macOS. Follow-up to f4a4c05dc3bcd62ecaa1b0cac5997faefe16c83f - ci.yml: enable `--enable-werror` for msys2 jobs. Follow-up to 71cae949d577fdd632a271da0bec89f977dc5dd2 - appveyor.yml: show OpenSSL versions, link to image content. Closes #1013 commit f36edf94e7af2797fd431a7dc7bbe31213dac7d7 Author: Viktor Szakats Date: Fri Apr 28 13:58:26 2023 +0000 ci: convert `docker-bridge.bat` to shell script Convert `ci/appveyor/docker-bridge.bat` to a POSIX shell script. Also bump the tunnel to use ed25519 (was RSA-2048). Closes #997 commit 59ed0a784e333d8831fa5a34e6da8b3d58c34a4c Author: Viktor Szakats Date: Mon Apr 17 11:07:21 2023 +0000 kex: use distinctive error strings Use unique error strings to help localize errors. Closes #1011 commit a683133dfe96de126194f58f183131a84c7d36a2 Author: Viktor Szakats Date: Mon Apr 24 21:45:28 2023 +0000 tidy-up: C header use - drop unused or duplicate C headers. - add missing ones (that worked by chance). (`string.h`, `stdlib.h`) - mention the functions that need certain headers. - move some headers from crypto header to crypto C source. - reorder headers in some places. - simplify the #if tree for `sys/select.h` in `libssh2_priv.h`. - move scp-specific macros next to their header to `scp.c` Follow-up to 5db836b2a829c6fff1e8c7acaa4b21b246ae1757 Closes #999 commit d67aaaffc4c9b4a6f8295b4c1d4d4111a12e13d1 Author: Viktor Szakats Date: Thu Apr 27 14:17:52 2023 +0000 tidy-up: text nits, English contractions [ci skip] In input/output text and docs mostly. commit f4a4c05dc3bcd62ecaa1b0cac5997faefe16c83f Author: Viktor Szakats Date: Wed Apr 26 21:43:45 2023 +0000 ci: add MSVC and UWP builds to GitHub Actions - add MSVC jobs to GitHub Actions. They are similar to the 'Build-only' jobs we have on AppVeyor CI, though only the ARM64 Windows one is identical. Major disadvantage is that we don't run tests here. Major advantage is they only take a few minutes to complete, compared to an hour on AppVeyor, so WinCNG build results now appear quicker. Docker tests might be possible, but my light attempts failed. Finding ZLIB also failed, so we still miss an MSVC test with it. Tool versions as of now: Server 2022, VS2022, OpenSSL 1.1.1 - add UWP builds for both ARM64 and x64. This hasn't been CI tested before. (We could probably enable UWP on AppVeyor CI as well. I haven't tried.) - fix two uncovered UWP issues in tests. - rename internal macro `LIBSSH2_WINDOWS_APP` to `LIBSSH2_WINDOWS_UWP`. Follow-up to 2addafb77b662e64248d156c71c69b91ba7b926e - fold long lines and quote truthy values in `.github/workflows/ci.yml`. Closes #1010 commit 23029a9d363a3cd269f43178486077ea6a657044 Author: Viktor Szakats Date: Wed Apr 26 20:25:04 2023 +0000 session_fixture: avoid no-op `chdir(getcwd())` If no `FIXTURE_WORKDIR` macro or envvar is present to set the cwd, avoid querying the cwd and then calling chdir with the result. Ref: 54bef4c5dad868a9d45fdbfca9729b191c0abab5 (patch) Ref: 10a5cbf945abcc60153ee3d59284d09fc64ea152 (individual commit) Closes #1009 commit 8890fb455f28c2395dce78f83f080136ecbb5b47 Author: Viktor Szakats Date: Wed Apr 26 18:22:17 2023 +0000 tests/sshd_fixture.sh: convert back to POSIX There was no strong reason to require bash. Let's use POSIX shell like before the recent overhaul. Follow-up to a459a25302a31f6e2aba3c4e15b1472b83b596fc Closes #1008 commit 33dddd2f8ac3bc811719e6422e9bec6458f91de3 Author: Miguel de Icaza Date: Wed Apr 26 14:51:19 2023 -0400 If SFTP fails to initialize, do not busy loop waiting for IO to happen (#720) Currently SFTP's init will busy loop waiting for the channel to close, even if the underlying transport returns EAGAIN. While this works for sockets, it might not work out if you have a different transport that needs to do some additional processing on the side. Integration-patches-by: Viktor Szakats commit 592e2b37fa79345e57e5c4152ec34bfc174c404b Author: Viktor Szakats Date: Wed Apr 26 17:49:01 2023 +0000 docs: simplify `.TH` header & other cleanups [ci skip] - simplify `.TH` headers. - delete empty lines before sections. - update template with an `AVAILABILITY` section. Left libssh2 version number in the `.TH` header for entries without an `AVAILABILITY` section, or where there was a different version number there. commit d7bec41df3d4c5bef66c75b82b9c80ffdd93f3ab Author: Viktor Szakats Date: Wed Apr 26 17:55:27 2023 +0000 tidy-up: formatting nits [ci skip] commit 6c6bf4e5c004243a8d08e6a46a050b3bf063888f Author: Viktor Szakats Date: Wed Apr 26 13:00:39 2023 +0000 vms: fix to include `sys/socket.h` Due to a typo in the `HAVE_*` macro, this header was never included. A comment suggests that `socklen_t` is not defined on VMS and defines it manually. This symbol is usually in `sys/socket.h`, so the typo may have been the reason for it to be missing. Closes #1007 commit 2c18b6fc8df060c770fa7e5da704c32cf40a5757 Author: Viktor Szakats Date: Wed Apr 26 09:57:49 2023 +0000 build: fix `make distcheck` regressions - add #included C files to `EXTRA_DIST`. Regression from 4f0f4bff5a92dce6a6cd7a5600a8ee5660402c3f - fix `tests/sshd_fixture.sh` to not write into the test dir, by using a pre-assembled `TrustedUserCAKeys` file. Update `Dockerfile` too to use this. Regression from a459a25302a31f6e2aba3c4e15b1472b83b596fc Also update `tests/sshd_fixture.sh` to use `openssh_server/authorized_keys` like `Dockerfile` does. And a few more cosmetic updates. Closes #1006 commit 5db836b2a829c6fff1e8c7acaa4b21b246ae1757 Author: Viktor Szakats Date: Tue Apr 25 19:15:00 2023 +0000 libssh2_priv.h: assume `HAVE_LONGLONG` Unless I'm missing something, it looks like `libssh2.h` has been using `libssh2_int64_t` unconditionally since at least 2010-04-17 when `libssh2_scp_send64()` landed via commit be9ee7095e2d5021985f57d88f5f889d3c2b9d8f. This makes it redundant to detect `HAVE_LONGLONG` to fallback to a 32-bit `scpRecv_size` in `libssh2_priv.h`. Then deal with possible combinations of this flag and `strtoll()` options, which was error-prone. Instead, assume in `libssh2_priv.h` that we have `libssh2_int64_t`, and use it always. For MSVC, this means `_MSC_VER` `1310` (from year 2003) is now required. Based on the above, this was already so before this patch. If there happens to be no 64-bit `strtoll()` detected, fall back to the 32-bit `strtol()` (this should never happen with MSVC, and probably neither with any other reasonably modern toolchain.) Also make sure to set `HAVE_STRTOI64` for older, non-CMake, MSVC builds (e.g. `Makefile.mk` or `NMakefile` ones). Closes #1002 commit 5981bcb19bd17d35867cd7f367ed6ad7adaa3bf8 Author: Miguel de Icaza Date: Wed Apr 26 08:50:50 2023 -0400 fix a couple of small regressions (#1004) - openssl: fix potentially missing `ERR_*` constants by including `openssl/err.h`. This could happen with recent version of Xcode or when building against OpenSSL built with the `OPENSSL_NO_ENGINE` option. Regression from 097c8f0dae558643d43051947a1c35b65e1c5761 (#789) - channel: fix an issue that would corrupt the data stream when attempting to initialize the agent in non-blocking mode, as it is necessary to propagate the `EAGAIN` signal upstream when the transport returns `EAGAIN`. Regression from bc4e619e76071393e466c29220fc4ef5764c2820 (#752) - packet: the current code does not set the state machine upon reaching this point which means that if the code is suspended due to the transport returning an `EAGAIN`, this will re-initialize the structure every time. The issue is that this keeps assigning a new channel-id downstream, which does not match the initial channel-id that is initially generated, causing a lookup later to fail as there is no matching channel. Regression from bc4e619e76071393e466c29220fc4ef5764c2820 (#752) commit e53aae0e16dbf53ddd1a4fcfc50e365a15fcb8b9 Author: Viktor Szakats Date: Tue Apr 25 17:46:45 2023 +0000 tidy-up: `gettimeofday()` fallback and use Simplify the way we handle `gettimeofday()` fallback for platforms without native support or without any support. Make it similar to how we handle `snprintf()`. In case of no native `gettimeofday()` support and a non-Windows platform, our local fallback returns zero in `tv_usec` and `tv_sec`, ending up with a zero `timeout_remaining` in `session.c`, same as before this patch. Also: - drop unused `sys/time.h` headers. - fix our fallback code to compile with any Windows compilers (not just MSVC) - delete unnecessary casts. Closes #1001 commit 55dfb7e051966a0579f6843e9332619ea20bf17c Author: Viktor Szakats Date: Tue Apr 25 18:33:17 2023 +0000 libssh2_priv.h: fix checksrc warning [ci skip] Regression from 9ef75298fae0728305d9d38ba1e3c838ad0513f7 commit 9ef75298fae0728305d9d38ba1e3c838ad0513f7 Author: Viktor Szakats Date: Tue Apr 25 15:56:36 2023 +0000 libssh2_priv.h: whitespace fixes cont. [ci skip] commit 6939f08a88fab28d1e82bac8b44af9aed741cba2 Author: Viktor Szakats Date: Tue Apr 25 15:50:37 2023 +0000 libssh2_priv.h: whitespace fixes [ci skip] commit f2de2fda4e0cc314465ed00e59a541627f5d3ca4 Author: Viktor Szakats Date: Tue Apr 25 14:45:07 2023 +0000 cmake: use portable mkdir for tests/coverage target [ci skip] Makes `make coverage` work without a POSIX mkdir. Tested locally. Ref: https://cmake.org/cmake/help/latest/manual/cmake.1.html#cmdoption-cmake-E-arg-make_directory commit 437af7e88f9ffd5080c54f1223d446769e9ad8a2 Author: Viktor Szakats Date: Thu Apr 20 22:55:49 2023 +0000 kex: fix overlapping memcpy() to memmove() Noticed this when libasan started kicking out errors when sending in MACs preferences that were not supported yet. Reported-by: fourierules on github Fixes #611 Closes #1000 commit 4e256cf18ab96d1132de53e86d781acbe24fc3b2 Author: Viktor Szakats Date: Tue Apr 25 09:27:17 2023 +0000 test/CMakeLists.txt: reuse `Makefile.am` librunner source list Follow-up to a459a25302a31f6e2aba3c4e15b1472b83b596fc Closes #998 commit 097c8f0dae558643d43051947a1c35b65e1c5761 Author: Zenju Date: Tue Apr 25 12:45:49 2023 +0200 openssl: fix misleading error message if wrong passphrase (#789) Fixes #608 commit 66fa286779ce214625c43dbd0f2dccd89f9f96f8 Author: Viktor Szakats Date: Tue Apr 25 10:18:38 2023 +0000 tidy-up: tiny nits [ci skip] commit a459a25302a31f6e2aba3c4e15b1472b83b596fc Author: Viktor Szakats Date: Fri Apr 21 20:06:30 2023 +0000 tests: improve running tests TL;DR: Sync test builds between autotools and CMake. Sync sshd configuration between Docker and non-Docker fixtures. Bump up sshd_config for recent OpenSSH releases. This also opens up the path to have non-Docker tests that use a local sshd process. Though sshd is practically unusable on Windows CI machines out of the box, so this will need further efforts. Details: - cmake: run sshd fixture test just like autotool did already. - sync tests and their order between autotools and CMake. It makes `test_aa_warmup` the first test with both. - cmake: load test lists from `Makefile.am`. Needed to update the loader to throw away certain lines to keep the converted output conform CMake syntax. Using regexp might be an alternative way of doing this, but couldn't make it work. - cmake: use the official way to configure test environment variables. Switch to syntax that's extendable. - cmake: allow to run the same test both under Docker and sshd fixture. Useful for testing the sshd fixture runner, or how the same test behaves in each fixture. - update test fixture to read the username from `USER` envvar instead of using the Dockfile-specific hardwired one, when running outside Docker. - rework `ssh2.sh` into `sshd_fixture.sh`, to: - allow running any tests (not just `test_ssh2`). - configure Docker tests for running outside Docker. - fixup `SSHD` path when running on Windows (e.g. in AppVeyor CI). Fixes: `sshd re-exec requires execution with an absolute path` - allow overriding `PUBKEY` and `PRIVKEY` envvars. - allow overriding `ssh_config` via `SSHD_FIXTURE_CONFIG`. - prepare support for running multiple tests via sshd_fixture. Add a TAP runner for autotools and extend CMake logic. The TAP runner loads the test list from `Makefile.am`. Notice however that on Windows, `sshd_fixture.sh` is very flaky with GitHub Actions. And consistently broken for subsequent tests in AppVeyor CI: 'libssh2_session_handshake failed (-43): Failed getting banner' Another way to try is a single sshd instance serving all tests. For CMake this would probably mean using an external script. - ed25519 test keys were identical for auth and host. Regenerate the auth keypair to make them distinct. - sync the sshd environment between Docker and sshd_fixture. - use common via `openssh_server/sshd_config`. - accept same auth keys. - offer the same host keys. - sync TrustedUserCAKeys. - delete now unused keypairs: `etc/host*`, `etc/user*`. - bump up startup delay for Windows (randomly, to 5 secs, from 3). - delete `UsePrivilegeSeparation no` to avoid deprecation warnings. `command-line line 0: Deprecated option UsePrivilegeSeparation` - delete `Protocol 2` to avoid deprecation warnings. It has been the default since OpenSSH 3.0 (2001-11-06). - delete `StrictModes no` (CI tests work without it, Docker tests never used it). - bump `Dockerfile` base image to `testing-slim` (from `bullseye-slim`). It needed `sshd_config` updates to keep things working with OpenSSH 9.2 (compared to bullseye's 8.4). - replace `ChallengeResponseAuthentication` alias with `KbdInteractiveAuthentication`. The former is no longer present in default `sshd_config` since OpenSSH 8.7 (2021-08-20). This broke the `Dockerfile` script. The new name is documented since OpenSSH 4.9 (2008-03-31) - add `PubkeyAcceptedKeyTypes +ssh-rsa,ssh-dss,ssh-rsa-cert-v01@openssh.com` and `HostKeyAlgorithms +ssh-rsa`. Original-patch-by: Eric van Gyzen (@vangyzen on github) Fixes #691 There is a new name for `PubkeyAcceptedKeyTypes`: `PubkeyAcceptedAlgorithms`. It requires OpenSSH 8.5 (2021-03-03) and breaks some envs so we're not using it just yet. - drop `rijndael-cbc@lysator.liu.se` tests and references from config. This is a draft alias for `aes256-cbc`. No need to test it twice. Also this alias is no longer recognized by OpenSSH 8.5 (2021-03-03). - update `mansyntax.sh` and `sshd_fixture.sh` to not rely on `srcdir`. Hopefully this works with out-of-tree builds. - fix `test_read_algos.test` to honor CRLF EOLs in their inputs (necessary when running on Windows.) - fix `test_read_algos.test` to honor `EXEEXT`. Might be useful when running tests under cross-builds? - `test_ssh2.c`: - use libssh2 API to set blocking mode. This makes it support all platforms. - adapt socket open timeout logic from `openssh_fixture.c`. Sadly this did not help fix flakiness on GHA Windows. - tests: delete unused C headers and variable initialization. - delete unused test files: `sshd_fixture.sh.in`, `sshdwrap`, `etc/sshd_config`. Ref: cf80f2f4b5255cc85a04ee43b27a29c678c1edb1 - autotools: delete stray `.c` test sources from `EXTRA_DIST` in tests. - `tests/.gitignore`: drop two stray tests. - autotools: fix passing `SSHD` containing space (Windows needs this). - autotools: sort `EXTRA_DIST` in tests. - cmake: fix to add `test_ssh2` to `TEST_TARGETS`. - fix `authorized_key` order in `tests/gen_keys.sh`. - silence shellcheck warning in `ci/checksrc.sh`. - set `SSHD` for autotools on GitHub Actions Windows. [skipped] Auto-detection doesn't work (maybe because sshd is installed via Git for Windows and we're using MSYS2's shell.) It enables running sshd fixture (non-Docker) tests in these jobs. I did not include this in the final patch due to flakiness: ``` Connection to 127.0.0.1:4711 attempt #0 failed: retrying... Connection to 127.0.0.1:4711 attempt #1 failed: retrying... Connection to 127.0.0.1:4711 attempt #2 failed: retrying... Failure establishing SSH session: -43 ``` Can be enabled with: `export SSHD='C:/Program Files/Git/usr/bin/sshd.exe'` Closes #996 commit fdf824d6f4c945bb28d825ae173a1b390bb8ceed Author: Viktor Szakats Date: Sat Apr 22 08:58:57 2023 +0000 ci: reduce algo test runtime on AppVeyor Make the block count customizable in `test_read` via environment `FIXTURE_XFER_COUNT`. Set the custom count lower than the default when running on AppVeyor. The goal is to reduce CI roundtrip times. Closes #995 commit bc4e619e76071393e466c29220fc4ef5764c2820 Author: Michael Buckley Date: Sat Apr 22 01:54:20 2023 -0700 Agent forwarding implementation (#752) This PR contains a series of patches that date back many years and I believe were discussed on the mailing list, but never merged. We have been using these in our local copy of libssh2 without issue since 2015, if not earlier. I believe this is the full set of changes, as we tried to use comments to mark where our copy of libssh2 differs from the canonical version. This also contains changes I made earlier this year, but which were not discussed on the mailing list, to support certificates and FIDO2 keys with agent forwarding. Note that this is not a complete implementation of agent forwarding, as that is outside the scope of libssh2. Clients still need to provide their own implementation that parses ssh-agent methods after calling libssh2_channel_read() and calls the appropriate callback messages in libssh2. See the man page changes in this PR for more details. Integration-patches-by: Viktor Szakats * prefer size_t * prefer unsigned int over u_int in public function * add const * docs, indent, checksrc, debug call, compiler warning fixes commit fba0b52b6a8f719b5260530c3f220a653a19f33f Author: Viktor Szakats Date: Fri Apr 21 13:34:26 2023 +0000 ci: add Windows Server 2016 into the test mix We had Windows Server 2012 R2 (8.1) and Windows Server 2019 (10) before this patch. After, we also have Windows Server 2016 (10). The WinCNG flakey tests should have a better chance when running on the newer OS. This update does not change the compiler mix. Also change the test fixture to not use the `--quiet` option with the `docker pull` commant. This option requires docker v19.03, and AppVeyor's Visual Studio 2017 image doesn't support it. Log output did not change without `--quiet`, so it seems safe to delete it. In case we'd need it, another solution is to retry without `--quiet` if the command fails. docker's exit status is 125 in that case. Ref: https://github.com/libssh2/libssh2/issues/804#issuecomment-1515232799 Ref: https://www.appveyor.com/docs/windows-images-software/ Closes #994 commit f7e889b6278393c5b7796a5bc88fe86dd8129cf6 Author: Viktor Szakats Date: Thu Apr 20 20:24:42 2023 +0000 build: add autotools test_read support and more Keep a single list for mac and crypt algos that we use in both CMake and autotools. Use the same test names across build tools. Use the TAP protocol to track individual tests run from a single shell script. Also: - enable the rest of our tests with autotools. - set `make check` verbose to see errors in case they happen. - silence stray 'command not found' error when running `mansyntax.sh` on Windows. GitHub Actions Windows docker tests disabled due to: ``` Command: docker build --quiet -t libssh2/openssh_server ../tests/openssh_server Error running command 'docker build --quiet -t libssh2/openssh_server ../tests/openssh_server' (exit 1): Sending build context to Docker daemon 22.02kB Step 1/42 : FROM debian:bullseye-slim bullseye-slim: Pulling from library/debian no matching manifest for windows/amd64 10.0.20348 in the manifest list entries Failed to build docker image ``` Closes #993 commit cd5977deac862e42501ea63850aa3eecc8c74072 Author: Viktor Szakats Date: Fri Apr 21 14:01:31 2023 +0000 cmake: restore a dash char in comment [ci skip] It's a CMake comment header convention. commit 7b21ef300cc0231507d44d7ebbbc0ebb34c65705 Author: Dan Fandrich Date: Fri Apr 21 03:09:04 2023 -0700 tests: add AES-GCM protocol read tests (#992) Closes #992 commit 0048f3060ecc008d5a04095ca48f5c0421e66c08 Author: Viktor Szakats Date: Fri Apr 21 11:23:52 2023 +0200 support encrypt-then-mac (etm) MACs (#987) Support for calculating MAC (message authentication code) on encrypted data instead of plain text data. This adds support for the following MACs: - `hmac-sha1-etm@openssh.com` - `hmac-sha2-256-etm@openssh.com` - `hmac-sha2-512-etm@openssh.com` Integration-patches-by: Viktor Szakats * rebase on master * fix checksec warnings * fix compiler warning * fix indent/whitespace/eol * rebase/manual merge onto AES-GCM patch #797 * more manual merge of `libssh2_transport_send()` based on dfandrich/shellfish Fixes #582 Closes #655 Closes #987 commit 6812985e6089a7610005366b51d64d46d9a31265 Author: Viktor Szakats Date: Thu Apr 20 23:04:26 2023 +0000 docs: fix typo in argument name [ci skip] commit a4544c0117867d5cc0830497b1626f810ccc0743 Author: Keith Dart Date: Fri Feb 11 23:20:48 2022 -0800 channel: add support for "signal" message Can send specific signals to remote process. Allows for slightly improved remote process management, if the server supports it. Integration-patches-by: Viktor Szakats * doc updates * change `signame_len` to `size_t` * variable scopes * fix checksrc warnings Closes #672 Closes #991 commit 5e560020555ada31c393092e07dd581bfc29a728 Author: Viktor Szakats Date: Thu Apr 20 13:55:30 2023 +0000 crypto: add `LIBSSH2_NO_AES_CBC` option Also rename internal `LIBSSH2_AES` to `LIBSSH2_AES_CBC`. Follow-up to 857e431648df6edcb3e17138d877f2e65d2d769d Closes #990 commit 2d7be5f5d83b17b54a89b0ba70d8ea0cc1497517 Author: Viktor Szakats Date: Thu Apr 20 13:54:54 2023 +0000 tidy-up: indentation fixes [ci skip] commit 3c953c05d67eb1ebcfd3316f279f12c4b1d600b4 Author: Dan Fandrich Date: Thu Apr 20 06:46:44 2023 -0700 Add support for AES-GCM crypto protocols (#797) Add support for aes256-gcm@openssh.com and aes128-gcm@openssh.com ciphers, which are the OpenSSH implementations of AES-GCM cryptography. It is similar to RFC5647 but has changes to the MAC protocol negotiation. These are implemented for recent versions of OpenSSL only. The ciphers work differently than most previous ones in two big areas: the cipher includes its own integrated MAC, and the packet length field in the SSH frame is left unencrypted. The code changes necessary are gated by flags in the LIBSSH2_CRYPT_METHOD configuration structure. These differences mean that both the first and last parts of a block require special handling during encryption. The first part is where the packet length field is, which must be kept out of the encryption path but in the authenticated part (as AAD). The last part is where the Authentication Tag is found, which is calculated and appended during encryption or removed and validated on decryption. As encryption/ decryption is performed on each packet in a loop, one block at a time, flags indicating when the first and last blocks are being processed are passed down to the encryption layers. The strict block-by-block encryption that occurs with other protocols is inappropriate for AES-GCM, since the packet length shifts the first encrypted byte 4 bytes into the block. Additionally, the final part of the block must contain the AES-GCM's Authentication Tag, so it must be presented to the lower encryption layer whole. These requirements mean added code to consolidate blocks as they are passed down. When AES-GCM is negotiated as the cipher, its built-in MAC is automatically used as the SSH MAC so further MAC negotiation is not necessary. The SSH negotiation is skipped when _libssh2_mac_override() indicates that such a cipher is in use. The virtual MAC configuration block mac_method_hmac_aesgcm is then used as the MAC placeholder. This work was sponsored by Anders Borum. Integration-patches-by: Viktor Szakats * fix checksrc errors * fix openssl.c warning * fix transport.c warnings * switch to `LIBSSH2_MIN/MAX()` from `MIN()`/`MAX()` * fix indent * fix libgcrypt unused warning * fix mbedtls unused warning * fix wincng unused warning * fix old openssl unused variable warnings * delete blank lines * updates to help merging with the ETM patch commit d09ca26563a02069523a7bd53f9fdebb6086eee1 Author: Viktor Szakats Date: Thu Apr 20 10:01:23 2023 +0000 tidy-up: align comments [ci skip] commit 5e3acb9da9bc14add324cc1c8b8cf83dd40a4829 Author: Viktor Szakats Date: Thu Apr 20 09:58:10 2023 +0000 tidy-up: whitespace nits [ci skip] commit 857e431648df6edcb3e17138d877f2e65d2d769d Author: Viktor Szakats Date: Thu Apr 20 09:44:56 2023 +0000 crypto: add/fix algo guards and extend `NO` options Add new guard `LIBSSH2_RSA_SHA1`. Add missing guards for `LIBSSH2_RSA`, `LIBSSH2_DSA`. Fix warnings when all options are disabled. This is still not complete and it's possible to break a build with certain crypto backends (e.g. mbedTLS) and/or combination of options. It's not guaranteed that all bits everywhere get disabled by these settings. Consider this a "best effort". Add these new options to disable certain crypto elements: - `LIBSSH2_NO_3DES` - `LIBSSH2_NO_AES_CTR` - `LIBSSH2_NO_BLOWFISH` - `LIBSSH2_NO_CAST` - `LIBSSH2_NO_ECDSA` - `LIBSSH2_NO_RC4` - `LIBSSH2_NO_RSA_SHA1` - `LIBSSH2_NO_RSA` The goal is to offer a way to disable legacy/obsolete/insecure ones. See also: 146a25a06dd2365a4330dad34fefcdcee1a206aa `LIBSSH2_NO_HMAC_RIPEMD` See also: 38015f4e46d8dbeea522dc7ee664522d4f47fc75 `LIBSSH2_NO_DSA` See also: be31457f3071686b555a0f0b19e5dcf63d67fc27 `LIBSSH2_NO_MD5` Closes #986 commit 9a54f212a6671bf84b85f1b62056cbc7031bd07b Author: Viktor Szakats Date: Wed Apr 19 21:55:30 2023 +0000 scp: fix typo in comments [ci skip] Follow-up to 0a500b3554c29451708353279eefce750f4bca6c commit 8d10b21731195d0406c899edf6f0043b987d5819 Author: Viktor Szakats Date: Wed Apr 19 18:22:53 2023 +0000 base64: do not use `snprintf()` on encoding This also significantly (by 7-8x in my limited tests with a short string) speeds up this function. The impact is still minor as this function is only used in `knownhost.c` in release builds. Closes #985 commit 6c01fa5bb7c0a3e9c7e31eeb1db948fd49212592 Author: Viktor Szakats Date: Wed Apr 19 18:19:14 2023 +0000 wincng: constify data arg of `libssh2_wincng_hash()` Tested in #979 commit 31acf572996519696498f0dcb47aab2ba46f935f Author: Viktor Szakats Date: Wed Apr 19 18:16:48 2023 +0000 wincng: fix unused variables with `LIBSSH2_RSA_SHA2` disabled Tested in #979 commit d1bf8fadf70aadb5f22629d0a6091b29336e5a60 Author: Viktor Szakats Date: Wed Apr 19 18:17:20 2023 +0000 ci: delete config elements for unused 32-bit Linux builds They have been disabled since d9b4222ef1c5ab9b9e499fe6234556e5cca7c4fe Tested in #979 commit e8ceea0c8ea7b81ce0beb89caeeef8945ba2fa68 Author: Viktor Szakats Date: Wed Apr 19 18:13:09 2023 +0000 ci: enable FIXTURE_TRACE_ALL_CONNECT for WinCNG tests To hopefully help finding the WinCNG hostkey verification intermittent failure #804. Tested in #979 commit 3336b00f7228dd335806d7731c2323adaa9d4dcb Author: Viktor Szakats Date: Wed Apr 19 18:04:11 2023 +0000 tests: add `FIXTURE_TRACE_ALL_CONNECT` option Works like the `FIXTURE_TRACE_ALL` envvar, but enables full trace for the connection phase only. Also fix a possible NULL deref with `FIXTURE_TRACE_ALL` and a failed `libssh2_session_init_ex()`. Tested in #979 commit 2d0bd5837b06217fcd672977d1b2ceb44ec7f0a5 Author: Viktor Szakats Date: Wed Apr 19 18:07:20 2023 +0000 ci: really enable logging in AppVeyor CMake builds `CONFIGURATION` was never passed to the cmake command, so it had never enabled logging when set to `Debug`. Also `CONFIGURATION` is ambiguous depending on the "generator" used by CMake. In case of Visual Studio, this is a build/ctest-time setting, not a cmake-config parameter. So set this permanently to `Release` and enable logging via our dedicated CMake option `ENABLE_DEBUG_LOGGING`. Tested in #979 commit e4d827479c1df6b332f7b611922161bf4d76c1f2 Author: Viktor Szakats Date: Wed Apr 19 18:19:55 2023 +0000 HACKING-CRYPTO: fix stray whitespace commit 17801d206444a234c25084edb01e26485e130bcf Author: Viktor Szakats Date: Tue Apr 18 08:41:20 2023 +0000 tidy-up: fix more nits - fix indentation errors. - reformat `cmake/FindmbedTLS.cmake` - replace a macro with a variable in `example/sftp_RW_nonblock.c`. - delete macOS macro `_DARWIN_USE_64_BIT_INODE` from the OS/400 config header, `os400/libssh2_config.h`. - fix other minor nits. Closes #983 commit 221335275816317b757e4ef912870763eec098b0 Author: Viktor Szakats Date: Tue Apr 18 08:20:29 2023 +0000 mansyntax: make it work on macOS, check reqs locally - use `gman` alias if present. This makes it work when the correct `man` command is provided via `brew` on macOS. - move CMake attempts to detect tools necessary to run `mansyntax.sh` into the script itself. - delete CMake TODO to move more test logic into CMake. This would make it CMake-specific and require maintaining it separately for each build tool. Just use our external script when a POSIX shell is available. Closes #982 commit 803f19f004eb6a5b525c48fff6f46a493d25775c Author: Viktor Szakats Date: Tue Apr 18 08:20:05 2023 +0000 cmake: dedupe setting `-DHAVE_CONFIG_H` Move `libssh2_config.h` generation and setting `-DHAVE_CONFIG_H` to the root `CMakeFile.txt`. Also move symbol hiding setup there. It needs to be done before generating the config file for `LIBSSH2_API` value to be set in it. After this change the `HIDE_SYMBOLS` setting is accepted without an annoying CMake warning when not actually building a shared libssh2 lib. Closes #981 commit 191c4e8c71d4a3f41ea9db15ba581a35bf177762 Author: Viktor Szakats Date: Tue Apr 18 08:19:34 2023 +0000 build: assume non-blocking I/O on Windows Drop checks from Windows builds and enable it based on `WIN32`. This saves detection time and also makes 3rd party builds simpler. Also: - delete `HAVE_DISABLED_NONBLOCKING`, that we used in build tools to explicitly disable an explicit `#error` in `session.c`. - replace existing `WSAEWOULDBLOCK` check for Windows support with `WIN32`. Cleaner with the same result. Follow-up to f1e80d8d8ce9570d81836da96ba02f4d4552a7b3 Follow-up to 5644eea2161b17f7c16e18f3a10465ebb217ca1f Closes #980 commit 01f3fbf01c0a670e114f50297137a7625a489e88 Author: Viktor Szakats Date: Mon Apr 17 14:31:50 2023 +0000 ci: rename Logging to Debug in AppVeyor commit 739e41bf4083538510d42d968012b2e243921abe Author: Viktor Szakats Date: Mon Apr 17 14:30:51 2023 +0000 switch to internal base64 decode that uses size_t Make the public `libssh2_base64_decode()` a wrapper for that. Bump up length sizes in callers. Also fix output size calculation to first divide then multiply. Closes #978 commit fe64bad58fbebdd1bad6835e12cabf892bda1cd6 Author: Viktor Szakats Date: Sun Apr 16 22:50:40 2023 +0000 tests: switch to debian:bullseye-slim in Dockerfile 'slim' provides all we need, with less bloat. Tested in #976 Follow-up to 78cb64a85955f2cd9700c4fbad3f02d589dd7169 commit 9ecb22daab7a56b9357771573755c31a8670f043 Author: Viktor Szakats Date: Fri Apr 14 23:27:54 2023 +0000 tests: build improvements and more - rename tests to have more succint names and a more useful natural order. - rename `simple` and `ssh2` in tests to have the `test_` prefix. This avoids a name collisions with `ssh2` in examples. - cmake: drop the `example-` prefix for generated examples. Bringing their names in sync with other build tools, like autotools. - move common auth test code into the fixture and simplify tests by using that. - move feature guards from CMake to preprocessor for auth tests. Now it works with all build tools and it's easier to keep it in sync with the lib itself. For this we need to include `libssh2_priv.h` in tests, which in turn needs tweaking on the trick we use to suppress extra MSVS warnings when building tests and examples. - move mbedTLS blocklist for crypto tests from CMake to the test fixture. - add ed25519 hostkey tests to `test_hostkey` and `test_hostkey_hash`. - add shell script to regenerate all test keys used for our tests. - alpha-sort tests. - rename `signed_*` keys to begin with `key` like the rest of the keys do. - whitespace fixes. Closes #969 commit 238def4da87272c0eccc9175c1c83a1349865394 Author: Viktor Szakats Date: Sun Apr 16 19:18:40 2023 +0000 autotools: rename a variable To match its counterpart we use for clang and to better match the original code in curl. Follow-up to ec0feae7920d695ce234a5aba13014bf29824c09 Closes #977 commit 29fd14e22a3df59aef2f273534db775ec9ca984f Author: Viktor Szakats Date: Sun Apr 16 18:38:38 2023 +0000 ssh2.sh: revert likely wrong quoting [ci skip] Follow-up to 50124428509ffc2f5d08d8d3c152fa36546c9a75 commit 16071c225feaa70566caf4f8bde79d97a4615481 Author: Viktor Szakats Date: Sun Apr 16 17:22:10 2023 +0000 build: add `-Wbad-function-cast` picky warning Also adjust minimum gcc versions in comment. Closes #975 commit 819573f94ef252836356836bb7d9697ae93605e6 Author: Viktor Szakats Date: Sun Apr 16 16:54:19 2023 +0000 tests: restore debian:bullseye in Dockerfile Follow-up to 78cb64a85955f2cd9700c4fbad3f02d589dd7169 commit 5644eea2161b17f7c16e18f3a10465ebb217ca1f Author: Viktor Szakats Date: Sun Apr 16 16:20:20 2023 +0000 session: simplify preprocessor logic - by using #elif - by merging two blocks Closes #972 commit c9160bf89cfdceeb58e0401f65d787f79909245e Author: Viktor Szakats Date: Sun Apr 16 16:15:44 2023 +0000 tests: try debian:testing for Dockerfile Follow-up to 78cb64a85955f2cd9700c4fbad3f02d589dd7169 commit 9ffbb05b445496c63f69e85db489d839dce3e68f Author: Viktor Szakats Date: Sun Apr 16 15:48:59 2023 +0000 src: add and use `LIBSSH2_MIN/MAX` macros Also for #797 Closes #974 commit 78cb64a85955f2cd9700c4fbad3f02d589dd7169 Author: Viktor Szakats Date: Sun Apr 16 15:43:43 2023 +0000 tests: switch Dockerfile to debian:testing-slim From debian:bullseye - doesn't need manual bumps. - is ahead of stable and should be stable enough for our purpose. - slim is saving resources. Closes #971 commit f1e80d8d8ce9570d81836da96ba02f4d4552a7b3 Author: Viktor Szakats Date: Sat Apr 15 16:15:04 2023 +0000 cmake: optimize non-blocking tests on WIN32/non-WIN32 Skip testing unixy methods on Windows and vice versa. I continue to assume that CMake doesn't define `WIN32` with Cygwin (as Cygwin doesn't define `_WIN32`/`WIN32` for C), though I haven't tested this. Closes #970 commit 0a500b3554c29451708353279eefce750f4bca6c Author: Jörgen Sigvardsson Date: Sat Apr 15 18:11:19 2023 +0200 scp: option to not quote paths (#803) A new flag named `LIBSSH2_FLAG_QUOTE_PATHS` has been added, to make libssh2 not quote file paths sent to the remote's scp subsystem. Some custom ssh daemons cannot handle quoted paths, and this makes this flag useful. Authored-by: Jörgen Sigvardsson commit 31e6d95d01938c9ae658ec1118daa42e9e845783 Author: Viktor Szakats Date: Sat Apr 15 02:51:26 2023 +0000 cmake: make Windows builds initialize faster By skipping unixy header checks that always fail with the MSVC toolchain or all Windows toolchains. Closes #968 commit bf3b44ca1856a7f7d4d55638b2f7a14685af7876 Author: Viktor Szakats Date: Sat Apr 15 02:50:41 2023 +0000 cmake: use a single build rule for all tests - use the complete filename of test sources in the input list. - build all tests with the ability to access libssh2 internals. This is necessary for `test_keyboard_interactive_auth_info_request` now and might be necessary for others in the future, e.g. to avoid the depreacted public base64 decoding API. - move `test_keyboard_interactive_auth_info_request` into the main test build loop. - move `simple` into the main test build loop too. - build `ssh2` also in static mode. - cleanup the way we detect and enable gcov. - fix indentation. Closes #967 commit c627c1256bf5c3c79fe9638ed340d22214765c40 Author: Viktor Szakats Date: Sat Apr 15 02:49:52 2023 +0000 tidy-up: more whitespace in src Closes #966 commit 5d399233d8d260aea07c05ebf069200c35e40ee6 Author: Viktor Szakats Date: Sat Apr 15 02:46:09 2023 +0000 checksrc: fix `EQUALSNULL` warnings `s/([a-z0-9._>*-]+) == NULL/!\1/g` Closes #964 commit cd5b114e7dc266c6a5cb9847b625184f0bb64613 Author: Viktor Szakats Date: Fri Apr 14 19:28:22 2023 +0000 Makefile.am: add new OS400 header [ci skip] Follow-up to 6dc42e9d625deb816a051d312d09e68926959e78 commit 1b0c93b7553e5182af36394a8c4dc83905e94a14 Author: Viktor Szakats Date: Fri Apr 14 19:16:27 2023 +0000 checksrc: fix `NOTEQUALSZERO` warnings Closes #963 commit 8b4387d0dc079e69a4b7e1560b44ccfb32997117 Author: Viktor Szakats Date: Fri Apr 14 19:15:18 2023 +0000 checksrc: fix `SIZEOFNOPAREN` warnings `s/sizeof ([a-z0-9._>*-]+)/sizeof(\1)/g` Closes #962 commit 146a25a06dd2365a4330dad34fefcdcee1a206aa Author: Viktor Szakats Date: Fri Apr 14 19:14:10 2023 +0000 crypto: add `LIBSSH2_NO_HMAC_RIPEMD` option See also: 38015f4e46d8dbeea522dc7ee664522d4f47fc75 See also: be31457f3071686b555a0f0b19e5dcf63d67fc27 Ref: https://github.com/stribika/stribika.github.io/issues/46 Closes #965 commit 2efdb6747af788384a672c7c63a4821ed15ba32d Author: Viktor Szakats Date: Fri Apr 14 11:05:21 2023 +0000 tidy-up: example, tests continued - fix skip auth if `userauthlist` is NULL. Closes #836 (Reported-by: @sudipm-mukherjee on github) - fix most silenced `checksrc` warnings. - sync examples/tests code between each other. (output messages, error handling, declaration order, comments) - stop including unnecessary headers. - always deinitialize in case of error. - drop some redundant variables. - add error handling where missing. - show more error codes. - switch `perror()` to `fprintf()`. - fix some `printf()`s to be `fprintf()`. - formatting. Closes #960 commit 0162d1649ca018fc704365580ed46dd23fa3a92a Author: Viktor Szakats Date: Thu Apr 13 23:44:17 2023 +0000 src: fix indentation of macro definitions (follow-up) Follow-up to d5438f4ba9036e8028f35258dd1ab97cc2edb37c commit d5438f4ba9036e8028f35258dd1ab97cc2edb37c Author: Viktor Szakats Date: Thu Apr 13 23:39:01 2023 +0000 src: fix indentation of macro definitions And some comment cleanup. Closes #958 commit f4f5841dd52c7efbe9aed3a3c2d5678d11105d73 Author: Viktor Szakats Date: Thu Apr 13 11:23:13 2023 +0000 example/ssh2_exec: drop conditional code for deprecated API commit 6dc42e9d625deb816a051d312d09e68926959e78 Author: monnerat Date: Thu Apr 13 14:08:12 2023 +0200 Make OS/400 implementation work again (#953) * os400: support QADRT development files in a non-standard directory This enables the possibility to compile libssh2 even if the ascii runtime development files are not installed system-wide. * userauth_kbd_packet: fix a pointer target type mismatch. A temporary variable matching the parameter type is used before copying to the real target and checking for overflow (that should not occur!). * os400qc3: move and fix big number procedures A bug added by a previous code style cleaning is fixed. _libssh2_random() now checks and return the success status. * os400qc3: fix cipher definition block lengths They were wrongly set to the key size. * Diffie-Hellman min/max modulus sizes are dependent of crypto-backend In particular, os400qc3 limits the maximum group size to 2048-bits. Move definitions of these parameters to crypto backend header files. * kex: return an error if Diffie-Hellman key pair generation fails * os400: add an ascii assert.h header file * os400qc3: implement RSA SHA2 256/512 commit bf85faaa923bf24ec21a5233db859c5e6bc929c4 Author: Viktor Szakats Date: Thu Apr 13 11:34:11 2023 +0000 sftp: add open functions with custom attribute support Before this patch, libssh2 sent hardcoded `LIBSSH2_SFTP_ATTRIBUTES` struct on handle open. This can be problematic on some special OS, where the file size should be known on new file creation. I added two new functions to resolve this issue. Patch-by: @vajdaakos on github via #506 Changes compared to #506: - drop attr size fixup in favour of #946. - move `memcpy()` under the state where we need it. - bump filename length type to `size_t`. - fix filenames in documentation and other nits. Closes #506 Closes #947 commit ec0feae7920d695ce234a5aba13014bf29824c09 Author: Viktor Szakats Date: Thu Apr 13 11:12:22 2023 +0000 build: speed up and extend picky compiler options Implement picky warnings with clang in autotools. Extend picky gcc warnings, sync them between build tools and compilers and greatly speed up detection in CMake. - autotools: enable clang compiler warnings with `--enable-debug`. - autotools: enable more gcc compiler warnings with `--enable-debug`. - autotools/cmake: sync compiler warning options between gcc and clang. - sync compiler warning options between autotools and cmake. - cmake: reduce option-checks to speed up the detection phase. Bring them down to 3 (from 35). Leaving some checks to keep the CMake logic alive and for an easy way to add new options. clang 3.0 (2011-11-29) and gcc 2.95 (1999-07-31) now required. - autotools logic copied from curl, with these differences: - delete `-Wimplicit-fallthrough=4` due to a false positive. - reduce `-Wformat-truncation=2` to `1` due to a false positive. - simplify MinGW detection for `-Wno-pedantic-ms-format`. - cmake: show enabled picky compiler options (like autotools). - cmake: do compile `tests/simple.c` and `tests/ssh2.c`. - fix new compiler warnings. - `tests/CMakeLists.txt`: fix indentation. Original source of autotools logic: - https://github.com/curl/curl/blob/a8fbdb461cecbfe1ac6ecc5d8f6cf181e1507da8/acinclude.m4 - https://github.com/curl/curl/blob/a8fbdb461cecbfe1ac6ecc5d8f6cf181e1507da8/m4/curl-compilers.m4 Notice that the autotools implementation considers Apple clang as legacy clang 3.7. CMake detection works more accurately, at the same time more error-prone and difficult to update due to the sparsely documented nature of Apple clang option evolution. Closes #952 commit 224fffb178995a320c3cea3d4629ff49141b7351 Author: Viktor Szakats Date: Thu Apr 13 11:09:35 2023 +0000 include: delete leading underscore from macro name It can cause compiler warnings in 3rd-party code. Follow-up to 59666e03f04927e5fe3e8d8772d40729f63c570e Closes #957 commit 1ccae7d5482b362b6685916858dfac726f09fd4b Author: Viktor Szakats Date: Wed Apr 12 09:17:54 2023 +0000 ci: use OpenSSL 3 on AppVeyor VS2022 images Closes #954 commit 73d95a055c8b7bd71323f82c46bd8a0255fa975c Author: Viktor Szakats Date: Wed Apr 12 09:17:10 2023 +0000 build: be friendly with 3rd-party build tools After recent build changes, 3rd party build that took the list of C source to compile them as-is, stopped working as expected, due to `blowfish.c` and crypto-backend C sources no longer expected to compile separately but via `bcrypt_pbkdf.c` and `crypto.c`, respectively. This patch ensures that compiling these files directly result in an empty object instead of redundant code and duplicated symbols. Also: - add a compile-time error if none of the supported crypto backends are enabled. - fix `libssh2_crypto_engine()` for wolfSSL and os400qc3. Rearrange code to avoid a hard-to-find copy of crypto-backend selection guards. Follow-up to 4f0f4bff5a92dce6a6cd7a5600a8ee5660402c3f Follow-up to ff3c774e03585252b70a9ee0fcf254de7b14a767 Closes #951 commit fe02bd2b2d75413dfcda14cb3f1004d677593941 Author: Viktor Szakats Date: Tue Apr 11 00:45:41 2023 +0000 sftp: calculate attr size based on attr content in `sftp_open()` Improve robustness by replacing constant argument of `sftp_attrsize()` in `sftp_open()` with the actual `flag` value read from the `attr` we plan to transfer. Restores state of this before 37624b61e3ec4aa65a608800613d00b55ced56d7. Prerequisite for #947, #506. Also improve readability a bit and link to SFTP specs. Delete comment about version 6: The latest spec no longer features the mentioned "DO NOT IMPLEMENT" notice. Closes #946 commit e590450dccc4703f2cab8aa6bc21a50df40bf5d2 Author: Viktor Szakats Date: Tue Apr 11 00:38:35 2023 +0000 man: fixups - add missing `.fi` tags. - fix misplaced `.nf` tags. - add `.nf`/`.fi` tags `SYNOPSIS` where missing. - fix missing/wrong function name from `SH NAME`. - fix wrong function name in `TH`. - keep return values in a separate line. - indent. - fold long lines. - deleted `libssh2_channel_direct_streamlocal()`, there is no such function. - add missing types. - add missing headers. Closes #949 commit 504026262d0a3aa2bfaa16613176644d1a56293e Author: Viktor Szakats Date: Mon Apr 10 23:08:22 2023 +0000 include: indentation fixes commit 0924632fa09c4827d9fad0ea7b656b42ae864a9f Author: Viktor Szakats Date: Mon Apr 10 23:03:43 2023 +0000 tidy-up: misc & minor cmake MSVS fix - `libssh2.rc`: document language/codepage codes. Ref: https://learn.microsoft.com/windows/win32/intl/code-page-identifiers - convert to Markdown: `docs/BINDINGS`, `docs/HACKING` Blind update for `vms/libssh2_make_help.dcl`. Please double-check. - cmake: fix to recognize dash-style warning options (`-Wn`) with MSVC. - `NMakefile`: sync `rd` command with `Makefile.mk`. - delete a CVS header. - cmake: simplify a `LIBSSH2_HAVE_ZLIB` macro. - few other nits and whitespace mods. Closes #943 commit fe706697ed1094aaa7ad41ba5b6f865bab40d5f9 Author: Viktor Szakats Date: Mon Apr 10 14:23:17 2023 +0200 Support for direct-streamlocal@openssh.com UNIX socket connection (#945) This patch allow to use direct-streamlocal service from OpenSSH 6.7, that allows UNIX socket connections. Mods: - delete unrelated condition: Ref: https://github.com/libssh2/libssh2/pull/216#discussion_r374748111 - rebase on master, whitespace updates. Patch-by: @gjalves Gustavo Junior Alves Closes #216 Closes #632 Closes #945 commit c76b96cbe68453cb1c9a8240a80ce27d20ed4346 Author: Viktor Szakats Date: Mon Apr 10 09:24:31 2023 +0000 build: support `libssh2.rc` with autotools Caveat: When building `--enable-static` and `--enable-shared` at the same time, the compiled Windows resource is also included in the static library. This appears to be an autotools limitation, with no way to have different input lists (or different custom options) for shared and static libraries, even though it builds them separately. The workaround is to build static libraries in a separate `./configure` + `make` pass. Closes #944 commit 38015f4e46d8dbeea522dc7ee664522d4f47fc75 Author: Viktor Szakats Date: Mon Apr 10 09:21:30 2023 +0000 crypto: add `LIBSSH2_NO_DSA` to disable DSA support See also: be31457f3071686b555a0f0b19e5dcf63d67fc27 Closes #942 commit 4f0f4bff5a92dce6a6cd7a5600a8ee5660402c3f Author: Viktor Szakats Date: Mon Apr 10 09:20:13 2023 +0000 build: unify source lists - introduce `src/crypto.c` as an umbrella source that does nothing else than include the selected crypto backend source. Moving this job from the built-tool to the C preprocessor. - this allows dropping the various techniques to pick the correct crypto backend sources in autotools, CMake and other build method. Including the per-backend `Makefile..inc` makefiles. - copy a trick from curl and instead of maintaining duplicate source lists for CMake, convert the GNU Makefile kept for autotools automatically. Do this in `docs`, `examples` and `src`. Ref: https://github.com/curl/curl/blob/dfabe8bca218d2524af052bd551aa87e13b8a10b/CMakeLists.txt#L1399-L1413 Also fixes missing `libssh2_setup.h` from `src/CMakeFiles.txt` after 59666e03f04927e5fe3e8d8772d40729f63c570e. - move `Makefile.inc` from root to `src`. - reformat `src/Makefile.inc` to list each source in separate lines, re-align the continuation character and sort the lists alphabetically. - update `docs/HACKING-CRYPTO` accordingly. - autotools: update the way we add crypto-backends to `LIBS`. - delete old CSV headers, indent, and merge two lines in `docs/Makefile.am` and `src/Makefile.am`. - add `libssh2.pc` to `.gitignore`, while there. Closes #941 commit e1e78e367023704060ada53256bcf57fd57f7a63 Author: Zenju Date: Sun Apr 9 12:15:44 2023 +0200 sftp: always clear protocol error (#787) commit 80175921638fa0a345237d23206a2ad1644cdd9b Author: Viktor Szakats Date: Sun Apr 9 10:13:43 2023 +0000 cmake: add `HIDE_SYMBOLS` option & do symbol hiding on *nix - implement symbol hiding on non-Windows platforms. The essence of the detection logic was copied from: https://github.com/curl/curl/blob/dfabe8bca218d2524af052bd551aa87e13b8a10b/CMake/CurlSymbolHiding.cmake Then simplified and shortened. This method doesn't require a recent CMake version, nor an external, auto-generated C header. Move `configure_file()` after `set(LIBSSH2_API ...)`, for the config file to pick up `LIBSSH2_API`s value. Closes #602 - add CMake option `HIDE_SYMBOLS`. This setting means to hide non-public functions from the libssh2 dynamic library when set to `ON`. The default. When set to `OFF`, make all non-static/internal functions visible in the dynamic library. This setting requires `BUILD_SHARED_LIBS=ON`. - honor this setting on Windows. By setting the `LIBSSH2_EXPORTS` manual macro again, and stop recognizing the automatic CMake macro for this purpose: `libssh2_shared_EXPORT`. Closes #939 commit c1ed4e99dfea636bdc22d90a09381c56f54c4dbb Author: Viktor Szakats Date: Sun Apr 9 10:13:09 2023 +0000 build: make `windows.h` even leaner Disable GDI and NLS features in `windows.h`. libssh2 doesn't use these. Closes #940 commit ff3c774e03585252b70a9ee0fcf254de7b14a767 Author: Viktor Szakats Date: Sat Apr 8 22:26:47 2023 +0000 blowfish: build improvements - include `blowfish.c` into `bcrypt_pbkdf.c`, instead of compiling it as a distinct object. - make low-level blowfish functions static. This prevents this symbols to pollute the public namespace of libssh2. It also allows the compiler to inline these functions. - integrate `blf.h` header into `bcrypt_pbkdf.c` as well. - use `_DEBUG_BLOWFISH` instead of `#if 0`. - fix `_DEBUG_BLOWFISH` compiler warnings and other nits. - `#undef` `inline` before redefining it in `libssh2_priv.h`. (copied from `blowfish.c`) - delete unused `inline` redefinitions from `blowfish.c`. - disable unused low-level blowfish functions. - formatting, header order. Closes #938 commit 279dd47247cbc1d8120cf8fd3e3d738f7338f962 Author: Viktor Szakats Date: Sat Apr 8 22:26:25 2023 +0000 libssh2.rc: fix debug flag, other cleanups - fix to use `LIBSSH2DEBUG` macro to set the debug flag. (was `DEBUGBUILD`, a curl-specific macro) - use manifest constants instead of literals - change language to neutral Closes #937 commit fb9f8883086ddf7249733d6ad8a2c31e07d912a5 Author: Viktor Szakats Date: Sat Apr 8 22:26:10 2023 +0000 tidy-up: example, tests - drop unnecessary `WIN32`-specific branches. - add `static`. - sync header inclusion order. - sync some common code between examples/tests. - fix formatting/indentation. - fix some `checksrc` errors not caught by `checksrc`. Closes #936 commit 7e4855926ef0309212da01167980f3776d748bf2 Author: Viktor Szakats Date: Sat Apr 8 22:25:46 2023 +0000 tests/mansyntax.sh: avoid `if !` for portability Ref: https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Limitations-of-Builtins.html#Limitations-of-Builtins Fixes #704 Closes #935 commit dfb086bfe240fe2e7d93128e4de6b23fe160048a Author: Viktor Szakats Date: Sat Apr 8 10:55:23 2023 +0000 tidy-up: indentation in guarded #includes [ci skip] commit bc0cd58e8770e9382c7051d58e521f5c0668bbfb Author: Viktor Szakats Date: Fri Apr 7 23:50:57 2023 +0000 Makefile.mk: drop `PROOT` variable [ci skip] commit 59666e03f04927e5fe3e8d8772d40729f63c570e Author: Viktor Szakats Date: Fri Apr 7 23:32:42 2023 +0000 build: hand-crafted config rework & header tidy-up - introduce the concept of a project level setup header `src/libssh2_setup.h`, that is used by `src`, `example` and `tests` alike. Move there all common platform/compiler configuration from `src/libssh2_priv.h`, individual sources and `CMakeFiles.txt` files. Also move there our hand-crafted (= not auto-generated by CMake or autotools) configuration `win32/libssh2-config.h`. - `win32` directory is empty now, delete it. - `Makefile.mk`: adapt to the above. Build-directory is the target triplet, or any custom name set via `BLD_DIR`. - sync header path order between build systems: build/src -> source/src -> source/include - delete redundant references to `windows.h`, `winsock2.h`, `ws2tcpip.h`. - delete unnecessary #includes, update order (`libssh2_setup.h` first, `winsock2.h` first), simplify where possible. This makes the code warning-free without `WIN32_LEAN_AND_MEAN`. At the same time this patch applies this macro globally, to avoid header bloat. - example: add missing *nix header guards. - example: fix misindented `HAVE_UNISTD_H` `#ifdef`s. - set `WIN32` with all build-tools. - set `HAVE_SYS_PARAM_H` in the hand-crafted config for MinGW. To match auto-detection. - move a source-specific macro to `misc.c` from `libssh2_priv.h`. See the PR's individual commits for step-by-step updates. Closes #932 commit 8774f4973ff34d19310ca0165aa182ab0efbece1 Author: Viktor Szakats Date: Fri Apr 7 23:01:46 2023 +0000 Makefile.mk: build tests and other improvements [ci skip] - use `example` target for building examples (was: `test`). - add support for building tests via the `test` target. - accept lib-only options in a new `LIBSSH2_CPPFLAGS_LIB` variable. Useful to pass `-DLIBSSH2_EXPORTS` for correct `dllexport` in `libssh2.dll`. - fix to put dynamic library in lib directory for non-Windows builds - fix to not delete lib objects on `testclean` commit 72cd241239c9f1115c618bb7ed8c88241a9696df Author: Viktor Szakats Date: Fri Apr 7 15:43:26 2023 +0000 test_warmup: re-implement as `test()` Instead of overriding `main()`. To align with the other tests. Overriding `main()` can cause duplicate symbols without using a lib for the `runner` code. Follow-up to 40ac6b230a309d35c57aa65a8f6d7ab6654aa3d8 Closes #934 commit ed72926640643512effa5361462f1a888fc674a7 Author: Viktor Szakats Date: Fri Apr 7 14:17:26 2023 +0000 NMakefile: drop `/DEBUG` linker option in release mode [ci skip] commit 17a419ba625e362ac99e13099b1bef8f4d12bf55 Author: Viktor Szakats Date: Fri Apr 7 14:16:26 2023 +0000 NMakefile: simplify [ci skip] commit dfbd28308e068ecfed94b9098ac4ba4e0b9be602 Author: Viktor Szakats Date: Fri Apr 7 14:15:11 2023 +0000 Makefile.mk: merge two rules [ci skip] commit 2082db93b23344b1df5457c085e70129ffea2230 Author: Viktor Szakats Date: Thu Apr 6 10:53:03 2023 +0000 TODO: update item about compiler warnings [ci skip] Follow-up to 08354e0abbe86d4cc5088d210d53531be6d8981a Follow-up to 29347905721d2e7fbb97dabfb0071bee51db3013 Follow-up to 5a96f494ee0b00282afb2db2e091246fc5e1774a Follow-up to 463449fb9ee7dbe5fbe71a28494579a9a6890d6d Follow-up to 02f2700a61157ce5a264319bdb80754c92a40a24 commit 4048d0ba26c2212534783206370e464a3b806433 Author: ihsinme Date: Wed Apr 5 17:23:54 2023 +0300 example/x11: Add null-termination (#749) commit 85582df111af7bc5633397c4be709fb7549766a0 Author: Viktor Szakats Date: Wed Apr 5 13:59:49 2023 +0000 crypto: fix `LIBSSH2_NO_MD5` compiler warnings Follow-up to be31457f3071686b555a0f0b19e5dcf63d67fc27 Closes #933 commit bdad217440c173c613ff6e70504437d128f107ae Author: Viktor Szakats Date: Wed Apr 5 13:58:21 2023 +0000 build: add new man pages Follow-up to c20c81ab105cdf27f5a4e2604bd13085f46e21de commit c20c81ab105cdf27f5a4e2604bd13085f46e21de Author: Daniel Silverstone Date: Wed Apr 5 14:53:53 2023 +0100 Configurable session read timeout (#892) This set of changes provides a mechanism to runtime-configure the previously #define'd timeout for reading packets from a session. The intention here is to also extend libcurl to be able to use this interface so that when fetching from sftp servers which are very slow to return directory listings, connections do not time-out so much. * Add new field to session to hold configurable read timeout * Updated `_libssh2_packet_require()`, `_libssh2_packet_requirev()`, and `sftp_packet_requirev()` to use new field in session structure * Updated docs for API functions to set/get read timeout field in session structure * Updated `libssh2.h` to declare the get/set read timeout functions Co-authored-by: Jon Axtell Credit: Daniel Silverstone commit a7d60c62ab77feb340bb6a33a6796182bfd5f524 Author: Viktor Szakats Date: Tue Apr 4 17:54:17 2023 +0000 cmake: whitespace fixes [ci skip] commit d709e3f9d0823115bb3e832a4da433a4279741a1 Author: Viktor Szakats Date: Tue Apr 4 17:52:10 2023 +0000 libssh2.h: bump LIBSSH2_COPYRIGHT year [ci skip] commit 901bf00d0224d81d13875683cecc5c0725ca24b0 Author: Viktor Szakats Date: Tue Apr 4 00:12:00 2023 +0000 Makefile.mk: move portable GNU Make file to the root Move the GNU Make file formerly known as `win32/GNUmakefile` to the root directory from `win32`. It now supports any platform with a GCC-like toolchain, while also keeping support for win32. For non-Windows platforms it's necessary to provide a hand-crafted `libssh2_config.h` header for now. Usage: `make -f Makefile.mk` commit d58b71368770d2bbaab8b6facb6cc3b2c5199140 Author: Viktor Szakats Date: Tue Apr 4 00:03:52 2023 +0000 src: include `limits.h` for `*_MAX` macros Follow-up to 5a96f494ee0b00282afb2db2e091246fc5e1774a Reported-by: OldWorldOrdr on github Fixes #928 Closes #930 commit 202a4f3f7a3396039bc8f8bad8c1646194f80f9d Author: Viktor Szakats Date: Tue Apr 4 00:03:33 2023 +0000 build: MSVS warning suppression option tidy-up - in `win32/libssh2_config.h` replace `_CRT_SECURE_NO_DEPRECATE` with `_CRT_SECURE_NO_WARNINGS`, to use the official macro for this, like in CMake. Also, it's now safe to move it back under `_MSC_VER`. Suppressing: `warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead.` `warning C4996: 'getenv': This function or variable may be unsafe. Consider using _dupenv_s instead.` - move `_CRT_NONSTDC_NO_DEPRECATE` to `example` and `tests`. Not needed for `src`. Suppressing: `warning C4996: 'strdup': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _strdup.` `warning C4996: 'write': The POSIX name for this item is deprecated. Instead, use the ISO C and C++ conformant name: _write.` - move `_WINSOCK_DEPRECATED_NO_WARNINGS` from source files to CMake files, in `example` and `tests`. Also limit this to MSVC. Suppressing: `warning C4996: 'inet_addr': Use inet_pton() or InetPton() instead` TODO: try fixing these instead of suppressing. Closes #929 commit 8c24a3f59994b4e470548a1f9a94a22ca39ac4a0 Author: Viktor Szakats Date: Mon Apr 3 23:23:21 2023 +0000 win32/GNUmakefile: make it movable [ci skip] - add `BLD_DIR` to customize the output directory (where libs, .zip, obj subdir will go). This directory must exist. It remains `./win32` for Windows builds. - add `CONFIG_H_DIR` option to customize `libssh2_config.h` location. It remains `./win32` for Windows builds. - include `.def` in distro zip for Windows. - ready to move to the root directory. commit 1cd1aaefa67db8dc0f9799475458ab53f40021cd Author: Viktor Szakats Date: Mon Apr 3 15:16:51 2023 +0000 win32/GNUmakefile: drop an unnecessary variable [ci skip] commit e387311bd6631059bda2460a57766d470504a3cb Author: Viktor Szakats Date: Mon Apr 3 12:27:02 2023 +0000 windows: re-add `libssh2.rc` Lost while moving it from the win32 directory Follow-up to 194cfc0f84192809c87f846140e5bf06b7a864af commit be31457f3071686b555a0f0b19e5dcf63d67fc27 Author: Viktor Szakats Date: Mon Apr 3 12:10:47 2023 +0000 crypto: add `LIBSSH2_NO_MD5` to disable MD5 support Closes #927 commit ad6aae302aaec84afbfacf0c1dfdc446d46eaf21 Author: Viktor Szakats Date: Mon Apr 3 12:09:48 2023 +0000 hostkey: fix `hash_len` field constants Replace incorrect `MD5_DIGEST_LENGTH` with `SHA_DIGEST_LENGTH` for these hostkey algos: - `ssh-rsa` and `ssh-dss` Ref: 7a5ffc8cee259bbde82ab92515cd8fea2166854b (2004-12-07 Initial) - `ssh-rsa-cert-v01@openssh.com` Ref: 4b21e49d9d2db74579b18804ed1f5eeb16578b2f (2022-07-28) Ref: #710 Also delete local fall-back definition of `MD5_DIGEST_LENGTH` (added in 9af7eb48dc3854ce8ee0589f7e2beb944e064847). Macro is no longer used. Reported-by: Markus-Schmidt on github Fixes #919 Closes #926 commit 2e3e0be816b2e71f59a6f56a0d38898ceeb5c82f Author: Viktor Szakats Date: Mon Apr 3 12:08:50 2023 +0000 ci: add MSVS 2008/2010 build tests and fix warnings Also: - fix newly surfaced (bogus) warnings in examples with MSVS 2010: ``` ..\..\example\direct_tcpip.c(262): warning C4127: conditional expression is constant ``` Happens for every `FD_SET()` macro reference. Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46677835/job/ni4hs97bh18c14ap - silence MSVS 2010 predefined Windows macro warnings: ``` ..\..\src\wincng.c(867): warning C4306: 'type cast' : conversion from 'int' to 'LPCSTR' of greater size ..\..\src\wincng.c(897): warning C4306: 'type cast' : conversion from 'int' to 'LPCSTR' of greater size ..\..\src\wincng.c(1132): warning C4306: 'type cast' : conversion from 'int' to 'LPCSTR' of greater size ``` Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46678071/job/08t5ktvkcgdghp7r Closes #925 commit d1b36efe417f4c8730ea75a0fc00bd07189a0a22 Author: Viktor Szakats Date: Mon Apr 3 12:07:49 2023 +0000 transport: rename local `RANDOM_PADDING` macro Rename `RANDOM_PADDING` macro used internally to enable some code. Committed in the initial version of `transport.c` in 9d55db6501aa4e21f0858cf36cdc2ddc11b96e83 (2007-02-02). libssh2 code never defined it. The name happens to collide with a Windows macro in `wincrypt.h`. `transport.c` doesn't include this header, but it includes `winsock2.h`, and it turns out it can also define this macro in some cases, e.g. when `WIN32_LEAN_AND_MEAN` is not set. To be on the safe side, prefix the name with `LIBSSH2_` to avoid enabling it by accident. Q: Maybe it'd be best to delete it with the guarded code? Reported-by: Markus-Schmidt on github Fixes #921 Closes #924 commit 194cfc0f84192809c87f846140e5bf06b7a864af Author: Viktor Szakats Date: Mon Apr 3 12:07:13 2023 +0000 windows: move `libssh2.rc` to the `src` directory Closes #918 commit a7a2fcdab6c8ad8c008119ab226c8baf9b46e62d Author: Viktor Szakats Date: Sun Apr 2 01:21:00 2023 +0000 autotools: delete unused conditional `HAVE_SYS_UN_H` No longer necessary after moving the disabling/enabling logic from build tool to `example/x11.c`. Reverts 4774d500e724bc4e548f743a0cb644ab05599474 Follow-up to d245c66cc0029e480674394c23e8be1c9410f7ad commit cffcae4e0daaaf7640d6785145f8b7601fa7ef48 Author: Viktor Szakats Date: Sun Apr 2 09:59:53 2023 +0000 win32/GNUmakefile: update help & exit without crypto backend [ci skip] Follow-up to: 5bcd25c4c980e9765c00a2f20ac5348635063aad Follow-up to: 68fd02fba002c8c6af3ba51a2780de46b47b3787 commit fb1195cf88268a11e2709b9912ab9dca8c23739c Author: Viktor Szakats Date: Sun Apr 2 03:24:39 2023 +0000 build: respect autotools `DLL_EXPORT` in `libssh2.h` The `DLL_EXPORT` macro is automatically set by autotools when building the libssh2 DLL. Certain toolchains might require this to correctly export symbols, so make sure to respect it in `libssh2.h` to enable `declspec(dllexport)`. With this patch we have a manual macro for that (`LIBSSH2_EXPORT`), this autotools one, the CMake one, and `_WINDLL` (added in c355d31ff94a1622526c4988b9d09074f7f7605d), possibly defined by Visual Studio. Closes #917 commit 185292a06b369115e573ba18f6b067e54bfc5313 Author: Viktor Szakats Date: Sun Apr 2 03:24:16 2023 +0000 build: make `HAVE_LIBCRYPT32` local to `wincng.c` libssh2 uses `wincrypt.h` aka the `crypt32` Windows system library for the function `CryptDecodeObjectEx()` [1]. This function has been available for Win32 (and UWP/WinRT apps) for a long while. Even old MinGW supports it, and also Watcom 1.9, of the rare/old compilers I checked. CMake had it permanently enabled, while it also did an extra check for the header to add the lib to the lib list. Autotools did the detection proper. Other builds had it permanently enabled. It seems safe to assume this function/header/lib is available in all environments we support. In this patch we simplify by deleting these detections and feature flags from all build tools. Keep the feature flag internal to `wincng.h`, and for extra safety add the new macro `LIBSSH2_WINCNG_DISABLE_WINCRYPT` do disable it via custom `CPPFLAGS`. WinCNG's other requirement is `bcrypt`. That also has been universally available for a long time. Here the only known outlier is old/legacy MinGW, which is missing support. [1] https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptdecodeobjectex Closes #916 commit a07ba9ee71a08b791700fdf040833b6d3832ec60 Author: Viktor Szakats Date: Sun Apr 2 00:27:56 2023 +0000 autotools: delete `src/libssh2.pc.in` reference [ci skip] Follow-up to 06f281921907fa077884c7020917661ca805b9d3 commit 1b59e907054296eaa2fe20d1df85dfc0a7dd097e Author: Viktor Szakats Date: Sat Apr 1 23:41:57 2023 +0000 tidy-up: null-mac/cipher documentation Move documentation for these deleted build-level options from autotools/cmake docs to the source code itself. Follow-up to 50c9bf868e833258d23c5f55ed546d1fcd5687d0 Closes #915 commit 06f281921907fa077884c7020917661ca805b9d3 Author: Viktor Szakats Date: Sat Apr 1 23:41:42 2023 +0000 cmake: re-use existing `libssh2.pc` template Instead of maintaining a second copy of `libssh2.pc.in` in `src` just for CMake, teach CMake to use the existing template in the root dir, that we already use with autotools. Closes #914 commit cab599120c3ae507838e44b34d23427d3add8f6e Author: Viktor Szakats Date: Sat Apr 1 23:41:07 2023 +0000 delete redundant `HAVE_STDLIB_H` libssh2 used this standard C89 header unconditionally before this patch. Delete the feature checks and all unnecessary header guards. Closes #913 commit 5f790d24ef817e009b024bd31909305bd73a43e0 Author: Viktor Szakats Date: Sat Apr 1 19:45:53 2023 +0000 NMakefile: drop redundant variable and assignments [ci skip] commit eb236329c469ec906a9c8be65e8128b1abd6d414 Author: Viktor Szakats Date: Sat Apr 1 12:31:16 2023 +0000 delete redundant `HAVE_WINSOCK2_H` `libssh2.h` required `winsock2.h` for `_WIN32` since 81d53de4dc5ee39bd6215958c7dce3b12731195e (2011-06-04). Apply that to the whole codebase. This makes it unnecessary to detect `HAVE_WINSOCK2_H` and allows to drop all its uses. Completes TODO from b66d7317ca6c882afbe52fe426f68c119c40d348 TODO: Straighten out the use a mixture of `HAVE_WINDOWS_H`, `WIN32`, `_WIN32` to detect Windows. commit ba53142e0ecd7b3c33f662e0b4ea7a36fbee6ba3 Author: Viktor Szakats Date: Sat Apr 1 16:03:21 2023 +0000 cmake: detect WinCNG last This gives a chance to auto-detect mbedTLS on Windows with CMake. commit 62235989e83126d289dac24a2b25de9b77158ecf Author: Viktor Szakats Date: Sat Apr 1 16:57:08 2023 +0000 NMakefile: rename config variables, default to WinCNG [ci skip] - replace `OPENSSLINC` and `OPENSSLLIB` with `OPENSSL_PATH`. Assume `include` and `lib` subdirs for headers and libs. - replace `WITH_ZLIB`, `ZLIBINC` and `ZLIBLIB` with `ZLIB_PATH`. Assume `include` and `lib` subdirs for header and lib. - make WinCNG the default if `WITH_OPENSSL` is not set. commit f058f7eacc7fb24bc5cf3811f77e517b33feaa7e Author: Viktor Szakats Date: Sat Apr 1 16:38:24 2023 +0000 win32/GNUmakefile: rename object dir and update .gitignore [ci skip] From `-{release|debug}` to `{release|debug}-`. Follow-up to 68fd02fba002c8c6af3ba51a2780de46b47b3787 commit 5bcd25c4c980e9765c00a2f20ac5348635063aad Author: Viktor Szakats Date: Sat Apr 1 16:20:13 2023 +0000 win32/GNUmakefile: add libgcrypt support [ci skip] In the previous commit 969487113aae856e43d3d905c3f2260246d44f9b, the commit message should read `win32/GNUmakefile: ` instead of `libssh2-gnumake.sh: `. Sorry for the mixup. commit 969487113aae856e43d3d905c3f2260246d44f9b Author: Viktor Szakats Date: Sat Apr 1 15:50:15 2023 +0000 libssh2-gnumake.sh: make variable names platform-agnostic [ci skip] Also more consistent. Refer to DLL/SO/shared as 'dyn'. Also add comment on how to find customizable environment variables. commit 68fd02fba002c8c6af3ba51a2780de46b47b3787 Author: Viktor Szakats Date: Sat Apr 1 15:35:14 2023 +0000 win32/GNUmakefile: make it support non-Windows builds [ci skip] With 20-ish extra lines, make this Makefile support all GCC-like toolchains. The temporary directory becomes `-{release|debug}` from the former `{release|debug}`. Also change the lib directory name in the `dist` package from `win32` to `lib`, to match other packages and build tools. commit 82644b649ae101e4a4a915daed1868a5121c2977 Author: Viktor Szakats Date: Sat Apr 1 15:24:37 2023 +0000 win32/GNUmakefile: default to WinCNG [ci skip] Also check for wolfSSL before mbedTLS to match CMake. commit 618c0e68ac91b056799139e4fa7bab4b6ec76c2f Author: Viktor Szakats Date: Sat Apr 1 11:52:53 2023 +0000 win32/GNUmakefile: fixups to previous commit [ci skip] - `-lws2_32` is necessary when building examples. - drop a temporary variable. Follow-up to d245c66cc0029e480674394c23e8be1c9410f7ad commit b66d7317ca6c882afbe52fe426f68c119c40d348 Author: Viktor Szakats Date: Sat Apr 1 01:02:06 2023 +0000 delete redundant `HAVE_WS2TCPIP_H` It was used once in `src/libssh2_priv.h`, but without any effect. The header included `ws2tcpip.h` twice, once guarded by `HAVE_WS2TCPIP_H` and another time by `HAVE_WINSOCK2_H`. Dedupe these to not use `HAVE_WS2TCPIP_H`. Then delete detection of this feature from all build methods. TODO: Replace `HAVE_WINSOCK2_H` with `_WIN32`/`WIN32`. commit 0d1ef8a7cb12acf987ab32a9d752cd8275daf94d Author: Viktor Szakats Date: Sat Apr 1 01:47:08 2023 +0000 win32/libssh2_config.h: set `HAVE_LONGLONG` & `HAVE_STDLIB_H` [ci skip] - enable `HAVE_LONGLONG` for MinGW and MSVC versions supporting it. Necessary for `GNUmakefile`/`NMakefile` builds to create the same binaries as CMake/autotools ones do. - enable `HAVE_STDLIB_H`. It has been universally available on Windows for a long time. Fixes these clang-cl warnings: ``` src\wincng.c(444,5) : warning: implicit declaration of function 'free' is invalid in C99 [-Wimplicit-function-declaration] free(buf); ^ src\wincng.c(491,20) : warning: implicitly declaring library function 'malloc' with type 'void *(unsigned long long)' [-Wimplicit-function-declaration] pbHashObject = malloc(dwHashObject); ^ src\wincng.c(491,20) : note: include the header or explicitly provide a declaration for 'malloc' src\wincng.c(2106,14) : warning: implicitly declaring library function 'realloc' with type 'void *(void *, unsigned long long)' [-Wimplicit-function-declaration] bignum = realloc(bn->bignum, length); ^ src\wincng.c(2106,14) : note: include the header or explicitly provide a declaration for 'realloc' 3 warnings generated. ``` commit d245c66cc0029e480674394c23e8be1c9410f7ad Author: Viktor Szakats Date: Sat Apr 1 01:36:54 2023 +0000 example: make `x11` exclusion build-tool-agnostic Whether to build the `x11` example or not was decided by each build tool. CMake didn't build it even on supported platforms. GNUMakefile used a specific blocklist for it, while autotools enabled it based on feature-detection. Migrate the enabler logic to an #ifdef in source and build `x11` unconditionally with all build tools. On unsupported platforms (=Windows) this program now displays a short message stating that fact. Also: - fix `x11.c` warnings uncovered after CMake started building it. - use `libssh2_socket_t` type for portability in `x11.c` too. - use detected header guards in `x11.c`. - delete a duplicate reference to `-lws2_32` from `win32/GNUmakefile` while there. Closes #909 commit 91af53851d735170926f69505379545ac8a172d3 Author: Viktor Szakats Date: Fri Mar 31 23:45:36 2023 +0000 .gitignore updates [ci skip] commit 9aa1964dfbeec338c38abba171dc658412432719 Author: Viktor Szakats Date: Fri Mar 31 18:14:38 2023 +0000 tidy-up: whitespace, sorting, comment and naming fixups commit ccfeac87da57b8ca2b29c2694c1ff97d83ed02bb Author: Viktor Szakats Date: Fri Mar 31 19:03:21 2023 +0000 cmake: add missing man pages commit ce26743b4ef81c9b839553bd7a98619700aafc72 Author: Viktor Szakats Date: Fri Mar 31 18:11:27 2023 +0000 cmake: dedupe and merge config detection Before this patch CMake did feature detections in three files: `src/CMakefiles.txt`, `examples/CMakefiles.txt` and `tests/CMakefiles.txt`. Merge and move them to the root `CMakefiles.txt`. After this patch we end up with a single `src/libssh2_config.h`. This brings CMake in sync with autotools builds, which already worked with a single config header. This also prevents mistakes where feature detection went out of sync between `src` & `tests` (see ae90a35d15d97154ac0c8554bce99ebfb18ee825). `tests` do compile sources from `src` directly, so these should always be in sync. It also allows to better integrate hand-crafted, platform-specific config headers into the builds, like the one currently residing in the `win32` directory (and also in `vms` and `os400`). Subject to an upcoming PR. Also fix a warning revealed after this patch made CMake correctly enable `HAVE_GETTIMEOFDAY` for `example` programs. Closes #906 commit 67ac735ad09e48bb5c92e765c72a6564d5873c27 Author: Viktor Szakats Date: Fri Mar 31 13:39:11 2023 +0000 cmake: dedupe crypto-backend detection Before this patch CMake did crypto-backend detection in both `src/CMakefiles.txt` and `tests/CMakefiles.txt`. Merge them and move it to the root `CMakefiles.txt`. While here, also add zlib for OpenSSL. Necessary when using OpenSSL builds with zlib enabled. Closes #905 commit 3da46f17adcdee2ba91288aa488ce649a4598371 Author: Viktor Szakats Date: Fri Mar 31 01:05:07 2023 +0000 cmake: add missing #cmakedefines to src - `HAVE_MEMSET_S` missing since 03092292597ac601c3f9f0c267ecb145dda75e4e (2018-08-02) - `HAVE_EXPLICIT_BZERO` and `HAVE_EXPLICIT_MEMSET` missing since 00005682f7b9a1aa42be50e269056ea873637047 (2023-03-28) commit bcb5eda096802fd45c435d2354eb83b313fd2fbb Author: Viktor Szakats Date: Fri Mar 31 00:17:46 2023 +0200 tidy-up: NMakefile (#903) commit e195aeeff390bc695db949af4d93db0aeace6410 Author: Viktor Szakats Date: Thu Mar 30 19:08:27 2023 +0000 GNUmakefile: adjust win32/.gitignore [ci skip] commit 46f233fd7dd6cd2520273466b93dd88d3ec6a02c Author: Viktor Szakats Date: Thu Mar 30 19:03:35 2023 +0000 build: delete references to deleted NMake files [ci skip] Follow-up to 057522bb0f15c10c33159e12899ecc60e40aa6ef commit 057522bb0f15c10c33159e12899ecc60e40aa6ef Author: Viktor Szakats Date: Thu Mar 30 21:01:01 2023 +0200 NMakefile: merge them into a single file [ci skip] (#902) Also: - allow to override `AR` and `ARFLAGS`. - The extra `src` subdir in the target directory is no longer, to simplify things. - gone the dynamically generated `objects.mk`. Now replaced with some tricky logic to do that inline. - add necessary `LIBS` for WinCNG. (untested) Lightly tested via clang-cl. commit 50124428509ffc2f5d08d8d3c152fa36546c9a75 Author: Viktor Szakats Date: Thu Mar 30 20:59:47 2023 +0200 maketgz: tidy-up [ci skip] (#901) - fix shellcheck warnings: - use quotes - use `$()` - use `printf` (instead of calling perl). - indent. - copy/adapt header comment from curl to `maketgz`. commit d23133b5a389ab5ac2b9cf05fc0cfc201e9309b7 Author: Viktor Szakats Date: Wed Mar 29 22:53:59 2023 +0200 ci: flatten AppVeyor jobs, add debug builds (#900) This results in better job names (now including CPU), avoiding the complex exception rules, and fine-tuning the order and variation of these tests. Enable `LIBSSH2DEBUG` for two of the existing jobs. commit 97417ad37f117a3f7a2e2c949412f1bb3a563431 Author: Viktor Szakats Date: Wed Mar 29 20:23:25 2023 +0200 ci: add VS2022 builds (incl. ARM64) to AppVeyor (#899) - add MSVS 2022 WinCNG builds for x64 and ARM64, replacing MSVS 2013 WinCNG builds for x64 and x86. - add MSVS 2022 OpenSSL builds for x64. - fix a compiler warning uncovered by the new ARM64 build: ``` tests\openssh_fixture.c(393,17): warning C4477: 'fprintf' : format string '%d' requires an argument of type 'int', but variadic argument 1 has type 'libssh2_socket_t' tests\openssh_fixture.c(393,17): message : consider using '%lld' in the format string tests\openssh_fixture.c(393,17): message : consider using '%Id' in the format string tests\openssh_fixture.c(393,17): message : consider using '%I64d' in the format string ``` - echo the actual CMake command-line. - cmake: echo the DLL filenames found by the OpenSSL DLL-finder heuristics. - cmake: delete `libcrypto.dll` and `libssl.dll` names from the above logic. I've added these in 19884e5055b6c65f0df93d7cc776a01c518a2f06. That resulted in CMake picking up a rogue `libcrypto.dll` (with no `libssl.dll` pair) from `C:\Windows\System32\` on the `Visual Studio 2022` image, breaking tests. Turns out, OpenSSL v1.0.2 uses the "EAY" names, but let's not re-add those either, because CMake mis-picks those up from `C:/OpenSSL-Win64/bin/`, even while pointing `OPENSSL_ROOT_DIR` to a v1.1.1 installation. - cmake: set `NO_DEFAULT_PATH` for OpenSSL DLL lookup to avoid picking up all kinds of wrong DLLs. CMake considers not the first, but the _last_ hit the valid one. This happened to be `C:/Program Files/Meson/lib*-1_1.dll` when using the `Visual Studio 2022` image. Ref: https://cmake.org/cmake/help/latest/command/find_file.html - cmake: leave two commented debug lines that will be useful next time the DLL detection lookup goes wrong. Ref: https://cmake.org/cmake/help/latest/variable/CMAKE_FIND_DEBUG_MODE.html - on error, also dump `CMakeFiles/CMakeConfigureLog.yaml` if it exists (requires CMake 3.26 and newer) commit 08354e0abbe86d4cc5088d210d53531be6d8981a Author: Viktor Szakats Date: Wed Mar 29 10:07:57 2023 +0200 src: fix compiler warning on Darwin (#898) ``` src/session.c:675:52: warning: implicit conversion loses integer precision: 'long' to '__darwin_suseconds_t' (aka 'int') [-Wshorten-64-to-32] tv.tv_usec = (ms_to_next - tv.tv_sec*1000) * 1000; ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~ ``` commit 0b61317e6f5dc172da26d908295dca2fdc886250 Author: Viktor Szakats Date: Wed Mar 29 00:35:35 2023 +0000 tidy-up: tabs to spaces in Makefile.am [ci skip] Follow-up to 2f16d8105c9491beb2a02b3081f4f1c2a224fa62 commit 84f5cb9f232a925e452229cae60950e0d5232200 Author: Viktor Szakats Date: Wed Mar 29 02:09:30 2023 +0200 netware: delete support (#888) Last related commit happened 15 years ago. NetWare had it last release in 2009. All links referenced from the make file are inaccessible. commit da0584534f52960c53c7a2bf2b11da4550cf9432 Author: Viktor Szakats Date: Tue Mar 28 23:46:58 2023 +0200 wolfssl: add workaround for HMAC_Update() len arg difference (#897) It's `int` in wolfSSL. `size_t` in OpenSSL/quictls/LibreSSL/BoringSSL. Ref: https://github.com/wolfSSL/wolfssl/blob/ba47562d182e10e59813da012e0ab8ef20892231/wolfssl/openssl/hmac.h#L60-L61 /cc @wolfSSL commit 5a4d532ce5a9da227e600f764eb146658b117864 Author: Viktor Szakats Date: Tue Mar 28 19:13:28 2023 +0200 cmake: introduce variables for lib target names (#896) Make our CMake config more self-documenting by introducing variables for the shared and static lib target names. Without this, it might be non-trivial to find out which line is referring to a target name vs libname, export name or other occurrences of `libssh2`. This allows to rename back the shared lib target name to the value used before 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1: `libssh2_shared` -> `libssh2`, if necessary for compatibility. Notice: before that patch, `libssh2` name referred to either the static or shared lib, depending on build settings. commit 00005682f7b9a1aa42be50e269056ea873637047 Author: Viktor Szakats Date: Tue Mar 28 17:49:38 2023 +0200 detect and use explicit_bzero() and explicit_memset() (#895) Also skip detecting these and `memset_s()` for Windows targets in CMake, to save detection time. On Windows we always use `SecureZeroMemory()`. commit 9e99a80ebf5159ac19a819cecf1cf1aa86c8e25b Author: Viktor Szakats Date: Tue Mar 28 17:47:34 2023 +0200 ci: bump mbedtls (#894) commit 9cfb5816df4eeea6c109e223477e7aede18bbae7 Author: Viktor Szakats Date: Tue Mar 28 17:22:40 2023 +0200 GNUmakefile: minor fix for DYN mode [ci skip] (#893) Follow-up to b8762c1003d97e109efa587bdc760ff9873949eb commit 243e7a82f772c64858a7b4fa4816d76e2936d1eb Author: Viktor Szakats Date: Tue Mar 28 14:58:07 2023 +0200 build: delete MS Dev Studio build files (#891) Last updated in 2007. Also delete `VCPROJ` target remains (necessary files seem to have been missing from the repo all along) for Visual Studio 2008. commit 4e0f0ceeb3b5c54df58345bde48f976b12a11a63 Author: Viktor Szakats Date: Tue Mar 28 07:59:24 2023 +0000 checksrc: fix reference in Makefile.am, update options [ci skip] commit b35381e4464d35ec7441fb0610572debf6abf7fd Author: Viktor Szakats Date: Tue Mar 28 09:40:51 2023 +0200 build: delete native Watcom wmake support with Win32 (#889) CMake supports generating Watcom wmake files: https://cmake.org/cmake/help/v3.1/generator/Watcom%20WMake.html commit 4b800182c510e2c33602d65ed4b777d79fd567f7 Author: Viktor Szakats Date: Tue Mar 28 09:37:46 2023 +0200 checksrc: update and fix warnings (#890) Update from: https://github.com/curl/curl/blob/5fec927374e4d9553205d861f2dcb39ec78002cc/scripts/checksrc.pl - suppress these new checks: - EQUALSNULL: 320 warnings - NOTEQUALSZERO: 142 warnings - TYPEDEFSTRUCT: 16 warnings We can enabled them in the future. - fix all other new ones. - also fix whitespace in two `NMakefile` files. commit 480965e2d90f0b429cc3bdb4c6c86d246ac0ac95 Author: Viktor Szakats Date: Mon Mar 27 19:48:41 2023 +0200 tidy-up: fix/update URLs (#887) commit 1d9af006095d5865a5cd37daba28ab32d15ad6ca Author: Viktor Szakats Date: Mon Mar 27 19:26:58 2023 +0200 tidy-up: fix typos (#886) detected by codespell 2.2.4. commit 2f16d8105c9491beb2a02b3081f4f1c2a224fa62 Author: Viktor Szakats Date: Mon Mar 27 18:28:27 2023 +0200 tidy-up: replace tabs and other whitespace (#885) There are a few non-whitespace changes, see them here: https://github.com/libssh2/libssh2/pull/885/files?w=1 commit 0d08974633cfc02641e6593db8d569ddb3644255 Author: Viktor Szakats Date: Mon Mar 27 16:29:00 2023 +0200 ci: drop cmake --parallel (#884) `--parallel 2` did not seem to make builds faster. Neither did 4 or 6. Delete this option from both GHA and AppVeyor jobs. On AppVeyor, with VS, it uses MSBuild under the hood where apparently `--parallel` doesn't do much [1]. The suggested MSBuild-specific option `/p:CL_MPcount=2` did not improve build times either. CMake spends significant time (comparable to building the project itself) on feature detection, it'd be nice to execute those in parallel, but I found not such CMake option. [1] https://discourse.cmake.org/t/parallel-does-not-really-enable-parallel-compiles-with-msbuild/964 Partial revert of 7a039d9a7a2945c10b4622f38eeed21ba6b4ec55 commit 50c9bf868e833258d23c5f55ed546d1fcd5687d0 Author: Viktor Szakats Date: Mon Mar 27 11:34:54 2023 +0200 rework how to enable insecure null-cipher/null-MAC (#873) Null-cipher and null-MAC are security footguns we want to avoid. Existing option names to toggle these were ambiguous and gave room for misinterpretation. Some projects may have had these options enabled by accident. This patch aims to make it more difficult to enable them, and making sure that existing methods require an update to stay enabled. - delete CMake/autotools settings to enable the "none" cipher and MAC. - rename existing C macros that can enable them. To use them, pass them as custom `CPPFLAGS` to the build. - enable them only if `LIBSSH2DEBUG` is also enabled. Best would be to delete them, though they may have some use while developing libssh2 itself, or debugging. commit 38177f18dd4fe484e4044186217cdc287cd04076 Author: Viktor Szakats Date: Mon Mar 27 11:28:51 2023 +0200 delete old gex (SSH2_MSG_KEX_DH_GEX_REQUEST_OLD) build option (#872) libssh2 supports an "old" style KEX message `SSH2_MSG_KEX_DH_GEX_REQUEST_OLD`, as an off-by-default build option. OpenSSH deprecated/disabled this feature in v6.9 (2015-07-01): https://www.openssh.com/releasenotes.html#6.9 This patch deletes this obsolete feature from libssh2, with no option to enable it. Added to libssh2 in: cf8ca63ea0c9388c8ae9079961d7e6a91b72b5c8 (2004-12-31) RFC: https://datatracker.ietf.org/doc/html/rfc4419 (2006-03) commit 4f28eec947d9901605592def35de617134fa053f Author: Viktor Szakats Date: Mon Mar 27 11:27:59 2023 +0200 src: more tolerant snprintf() local override (#881) `#undef snprintf` before redefining it, when `HAVE_SNPRINTF` is not defined, even though `snprintf` is available and it should have been. Possibly with 3rd party builds. Downside is that cases of missing `HAVE_SNPRINTF` are less trivially detected at compile-time. commit a3d42f41d002c72c19fd39d9437e99607e1b3e2a Author: Viktor Szakats Date: Mon Mar 27 11:27:05 2023 +0200 ci: fix cmake warning with AppVeyor WinCNG builds (#883) ``` CMake Warning: Manually-specified variables were not used by the project: OPENSSL_ROOT_DIR ``` Follow-up to 0834b9bcc85b90c78afff103f909b5a909b95e45 commit 71cae949d577fdd632a271da0bec89f977dc5dd2 Author: Viktor Szakats Date: Mon Mar 27 01:23:55 2023 +0200 ci: cmake `ENABLE_WERROR` -> `ON` (#877) Consider warnings as errors for CMake jobs in CI. commit 29347905721d2e7fbb97dabfb0071bee51db3013 Author: Viktor Szakats Date: Sun Mar 26 22:50:14 2023 +0000 src: silence compiler warnings 4 (alignment in WinCNG) Silence alignment warnings in WinCNG, by reworking the code. Also add two unrelated casts to avoid gcc compiler warnings in surrounding code. `increases required alignment from 1 to 4 [-Wcast-align]` `increases required alignment from 1 to 8 [-Wcast-align]` See warning details in the PR's individual commits. Reviewed-by: Marc Hörsken in Cherry-picked from #846 Closes #880 commit 5a96f494ee0b00282afb2db2e091246fc5e1774a Author: Viktor Szakats Date: Sun Mar 26 22:42:04 2023 +0000 src: silence compiler warnings 3 (change types) Apply type changes to avoid casts and warnings. In most cases this means changing to a larger type, usually `size_t` or `ssize_t`. Change signedness in a few places. Also introduce new variables to avoid reusing them for multiple purposes, to avoid casts and warnings. - add FIXME for public `libssh2_sftp_readdir_ex()` return type. - fix `_libssh2_mbedtls_rsa_sha2_verify()` to verify if `sig_len` is large enough. - fix `_libssh2_dh_key_pair()` in `wincng.c` to return error if `group_order` input is negative. Maybe we should also reject zero? - bump `_libssh2_random()` size type `int` -> `size_t`. Add checks for WinCNG and OpenSSL to return error if requested more than they support (`ULONG_MAX`, `INT_MAX` respectively). - change `_libssh2_ntohu32()` return value `unsigned int` -> `uint32_t`. - fix `_libssh2_mbedtls_bignum_random()` to check for a negative `top` input. - size down `_libssh2_wincng_key_sha_verify()` `hashlen` to match Windows'. - fix `session_disconnect()` to limit length of `lang_len` (to 256 bytes). - fix bad syntax in an `assert()`. - add a few `const` to casts. - `while(1)` -> `for(;;)`. - add casts that didn't fit into #876. - update `docs/HACKING-CRYPTO` with new sizes. May need review for OS400QC3: /cc @monnerat @jonrumsey See warning details in the PR's individual commits. Cherry-picked from #846 Closes #879 commit 463449fb9ee7dbe5fbe71a28494579a9a6890d6d Author: Viktor Szakats Date: Sun Mar 26 09:36:13 2023 +0000 src: silence compiler warnings 2 (ZLIB interface) Silence warnings in the ZLIB interface by adding casts and changing types. See PR for individual commits. Cherry-picked from #846 Closes #878 commit 02f2700a61157ce5a264319bdb80754c92a40a24 Author: Viktor Szakats Date: Sun Mar 26 09:27:32 2023 +0000 src: silence compiler warnings 1 Most of the changes aim to silence warnings by adding casts. An assortment of other issues, mainly compiler warnings, resolved: - unreachable code fixed by using `goto` in `publickey_response_success()` in `publickey.c`. - potentially uninitialized variable in `sftp_open()`. - MSVS-specific bogus warnings with `nid_type` in `kex.c`. - check result of `kex_session_ecdh_curve_type()`. - add missing function declarations. - type changes to fit values without casts: - `cmd_len` in `scp_recv()` and `scp_send()`: `int` -> `size_t` - `Blowfish_expandstate()`, `Blowfish_expand0state()` loop counters: `uint16_t` -> `int` - `RECV_SEND_ALL()`: `int` -> `ssize_t` - `shell_quotearg()` -> `unsigned` -> `size_t` - `sig_len` in `_libssh2_mbedtls_rsa_sha2_sign()`: `unsigned` -> `size_t` - `prefs_len` in `libssh2_session_method_pref()`: `int` -> `size_t` - `firstsec` in `_libssh2_debug_low()`: `int` -> `long` - `method_len` in `libssh2_session_method_pref()`: `int` -> `size_t` - simplify `_libssh2_ntohu64()`. - fix `LIBSSH2_INT64_T_FORMAT` for MinGW. - fix gcc warning by not using a bit field for `burn_optimistic_kexinit`. - fix unused variable warning in `_libssh2_cipher_crypt()` in `libgcrypt.c`. - fix unused variables with `HAVE_DISABLED_NONBLOCKING`. - avoid const stripping with `BIO_new_mem_buf()` and OpenSSL 1.0.2 and newer. - add a missing const in `wincng.h`. - FIXME added for public: - `libssh2_channel_window_read_ex()` `read_avail` argument type. - `libssh2_base64_decode()` `datalen` argument type. - fix possible overflow in `sftp_read()`. Ref: 4552c73cd58fccb1fc49cb0f25f86619133e560f - formatting in `wincng.h`. See warning details in the PR's individual commits. Cherry-picked from #846 Closes #876 commit bd078e12bd79278037d6a805a0d9302b7dce8931 Author: Viktor Szakats Date: Fri Mar 24 03:29:46 2023 +0100 cmake: automatic exports macro tidy-up (#875) In a recent CMake update I left the original CMake EXPORTS macro unchanged (`libssh2_EXPORTS`) for compatibility. However, that macro was also recently added [1] and not present in an official release yet, so we might as well just use the new native one instead (`libssh2_shared_EXPORTS`), defined by CMake automatically. This way we don't need to define the old macro manually. CMake forms this macro from the lib's internal name as defined in `add_library()` by appending `_EXPORTS`. That target name changed from `libssh2` to `libssh2_shared` after introducing dual shared + static builds in the recent update. If we're here, add a new, stable, build-tool agnostic macro with the same effect, for non-CMake use: `LIBSSH2_EXPORTS` [1] 1f0fe7443a1ecddd320f2c693607b2afee9bbe2f (2021-10-26) Follow-up to 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1 commit c7d48443867e032edbf0f29e576a46fc1dc03804 Author: Viktor Szakats Date: Fri Mar 24 00:34:40 2023 +0100 maketgz: add .xz, .bz2, .zip source archive formats (#874) Copied from curl: https://github.com/curl/curl/blob/4528690cd51e5445df74aef8f83470a602683797/maketgz#L174-L222 [ci skip] commit dbe5e680b73d10cc64698bbbe318d23760456133 Author: Viktor Szakats Date: Thu Mar 23 23:26:20 2023 +0000 dist: delete reference to recently deleted file [ci skip] Follow-up to b8762c1003d97e109efa587bdc760ff9873949eb commit 52c8a9ba046549efcaccd99e904b47b9688248f9 Author: Viktor Szakats Date: Thu Mar 23 19:43:32 2023 +0100 cmake: separate compilation passes for shared/static (#871) Before this patch, cmake did a single compilation pass when we enabled both shared and static lib targets. This saves build time (esp. with MinGW targets and cross-compiling), but has the disadvantage that static libs built this way must have PIC enabled (offering slightly less performance) and `dllexport` enabled also, which means that executables linking the static libssh2 lib export its public symbols. To avoid these downsides, this patch separates the two passes and creates a non-PIC, non-`dllexport` static lib, even when also building the shared lib. commit 0834b9bcc85b90c78afff103f909b5a909b95e45 Author: Viktor Szakats Date: Wed Mar 22 23:09:53 2023 +0100 ci: test with OpenSSL v1.1.1 on AppVeyor (#870) Was: v1.0.2. Keep using v1.0.2 with the static-only test. To make sure we don't break support. commit 1d32ad1ced69a87395dc0bd75460d5dc7b7ba953 Author: Viktor Szakats Date: Wed Mar 22 19:43:26 2023 +0100 ci: speed up static-only build tests on AppVeyor (#868) - limit static-only build to a single platform (x64). - skip running ctest for the static-only build. - use MSVS 2013 for static-only builds. It's faster. - run static-only test before WinCNG ones. Otherwise it's often skipped due to WinCNG failures (#804). commit 9cc2e5945f0fca60f35a059e7001ad97a093c6d7 Author: Viktor Szakats Date: Wed Mar 22 16:55:32 2023 +0100 cmake: fix error with static lib off and example/tests on (#869) Regression from 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1 commit 7a039d9a7a2945c10b4622f38eeed21ba6b4ec55 Author: Viktor Szakats Date: Wed Mar 22 13:52:52 2023 +0100 ci: parallelize more (#867) commit 3b547417ef63d6416afe33158fb4b31ebef2b312 Author: Viktor Szakats Date: Wed Mar 22 11:25:03 2023 +0100 cmake/src: move build options before target definitions (#864) To allow more flexibility when defining targets. commit 61a7d45d24c7aef90bec8eb7799bfa5d7cc49c16 Author: Viktor Szakats Date: Wed Mar 22 11:23:57 2023 +0100 ci: use static+shared builds to cut number of cmake jobs (#865) With CMake builds supporting static-shared libssh2 builds in a single pass, we no longer need to run static and shared jobs separately. For the same effect it's enough to run builds with both shared and static builds enabled. Halving CI jobs. We add an extra run to test the CMake config-path without shared builds enabled. This allows to add useful jobs, e.g. MSVS 2022 or ZLIB-enabled builds for Windows, valgrind builds or other useful stuff, without stretching CI run times further. Ref: #863 commit 4e2580628dd1f8dc51ac65ac747ebcf0e93fa3d1 Author: Viktor Szakats Date: Wed Mar 22 02:47:58 2023 +0000 cmake: allow building static + shared libs in a single pass - `BUILD_SHARED_LIBS=ON` no longer disables building static lib. When set, we build the static lib with PIC enabled. For shared lib only, set `BUILD_STATIC_LIBS=OFF`. For static lib without PIC, leave this option disabled. - new setting: `BUILD_STATIC_LIBS`. `ON` by default. Force-enabled when building examples or tests (we build those in static mode always.) - fix to exclude Windows Resource from the static lib. - fix to not overwrite static lib with shared implib on Windows platforms using identical suffix for them (MSVS). By using `libssh2_imp<.ext>` implib filename. - add support for `STATIC_LIB_SUFFIX` setting to set an optional suffix (e.g. `_static`) for the static lib. (experimental, not documented). Overrides the above when set. - fix to set `dllexport` when building shared lib. - set `TrackFileAccess=false` for MSVS. For faster builds, shorter verbose logs. - tests: new test linking against shared libssh2: `test_warmup_shared` - tests: simplify 'runner' lib by merging 3 libs into a single one. - tests: drop hack from `test_keyboard_interactive_auth_info_request` build. We no longer need to compile `src/misc.c` because we always link libssh2 statically. - tests: limit `FIXTURE_WORKDIR=` to the `runner` target. TL;DR: Default behavior unchanged: static (no-PIC), no shared. Enabling shared unchanged, but now also builds a static (PIC) lib by default. Based-on: b60dca8b6450a9729670986d2899cca54ccdbb6d #547 by berney on github Fixes: #547 Fixes: #675 Closes: #863 commit b0cb0b1965cf17b32ba76ed707a58b4e895d3c60 Author: Viktor Szakats Date: Mon Mar 20 20:51:59 2023 +0000 include: silence warnings with casts in public `libssh2_sftp.h` Avoid triggering warnings in macros coming from public libssh2 headers. Cherry-picked from: #846 Closes #862 commit b13936bd6a89993cd3bf4a18317ca5bd84bb08d7 Author: Viktor Szakats Date: Mon Mar 20 15:46:12 2023 +0000 example, tests: address compiler warnings Fix or silence all C compiler warnings discovered with (or without) `PICKY_COMPILER=ON` (in CMake). This means all warnings showing up in CI (gcc, clang, MSVS 2013/2015), in local tests on macOS (clang 14) and Windows cross-builds using gcc (12) and llvm/clang (14/15). Also fix the expression `nread -= nread` in `sftp_RW_nonblock.c`. Cherry-picked from: #846 Closes #861 commit ec0a51db1f69eafa14ead6d17e6aca13075c034b Author: Viktor Szakats Date: Mon Mar 20 09:30:40 2023 +0000 openssl: require `EVP_aes_128_ctr()` support libssh2 built with OpenSSL and without its `EVP_aes_128_ctr()`, aka `HAVE_EVP_AES_128_CTR`, option are working incorrectly. This option wasn't always auto-detected by autotools up until recently (#811). Non-cmake, non-autotools build methods never enabled it automatically. OpenSSL supports this options since at least v1.0.2, which is already EOLed and considered obsolete. OpenSSL forks (LibreSSL, BoringSSL) supported it all along. In this patch we enable this option unconditionally, now requiring OpenSSL supporting this function, or one of its forks. Also modernize OpenSSL lib references to what 1.0.2 and newer versions have been using. Fixes #739 commit 5a9944e754ff23aa106cd541ce2ae91d15d55f45 Author: Viktor Szakats Date: Mon Mar 20 00:35:15 2023 +0000 wincng: fix memory leak in `_libssh2_dh_secret()` Patch-by: iruis on github Assisted-by: Marc Hörsken Bug #846, commit e3487092ef9553af67633c6747cb9ab2f86465e0. Fixes #856 Closes #858 commit 244a1ae8561644cf863e64a8334dc6cb5c64a9bf Author: Viktor Szakats Date: Sun Mar 19 20:01:48 2023 +0100 nw, os400, watcom: stop setting unused macros [ci skip] (#859) commit 4997f921eec39d5226d9eb6657c689f26397c10f Author: Viktor Szakats Date: Sun Mar 19 17:42:12 2023 +0000 cmake: fix `ENABLE_WERROR=ON` breaking auto-detections - cmake: fix compiler warnings in `CheckNonblockingSocketSupport`. detection functions. Without this, these detections fail when `ENABLE_WERROR=ON`. - cmake: disable ENABLE_WERROR for MSVC during symbol checks in `src`. CMake's built-in symbol check function `check_symbol_exists()` generate warnings with MSVC. With warnings considered errors, these detections fail permanently. Our workaround is to disable warnings-as-errors while running these checks. ``` CheckSymbolExists.c(8): warning C4054: 'type cast': from function pointer '__int64 (__cdecl *)(const char *,char **,int)' to data pointer 'int *' in `return ((int*)(&strtoll))[argc];` ``` Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46537222/job/4vg4yg333mu2lg9b - example: replace `strcasecmp()` with C89 `strcmp()`. To avoid using CMake symbol checks in `example`. Another option is to duplicate the `check_symbol_exists()` workaround from `src`, but I figure it's not worth the complexity. We use `strcasecmp()` solely to check optional command-line options for example programs, and those are fine as lower-case. Without this, these detections fail when `ENABLE_WERROR=ON`. - also delete `__function__` detection/use in `example`. To avoid the complexity for the sake of using it at a single place in of the example's error branch. Replace that use with a literal name of the function. - cmake: also use `CMakePushCheckState` functions instead of manual save/restore. Closes #857 commit de91e220813fbddf8a9301c85fdcf65ced02fa86 Author: Viktor Szakats Date: Sun Mar 19 15:51:52 2023 +0000 build: improve a test build workaround with bcrypt - cmake: extend workaround for linking a test with shared libssh2. One of the tests uses internal libssh2 functions, and with CMake it compiles `src/misc.c` directly for this. `misc.c` references bcrypt / blowfish code. This needs a workaround for build configs where libssh2 doesn't export these. Before this patch, we enabled this workaround for MSVC. In the patch we extend this to all Windows. There is no CI test for this, but gcc and llvm/clang + mingw64 builds also need it. This may well apply to other configurations (it should, as shared libs are not supposed to export internal functions), so also make it easy to enable it at a single point. [ autotools builds force-link this one test against static libssh2. ] - make `misc.c` not depend on bcrypt. By moving out our `bcrypt_pbkdf()` wrapper into `bcrypt_pbkdf.c` itself. This allows to compile `misc.c` into tests without pulling in bcrypt / blowfish functions, and simplify the above workaround. Source code uses `HAVE_BCRYPT_PBKDF`, a leftover from original bcrypt source. We never define this inside libssh2. Defining it breaks the build, and this patch doesn't change that. - make `bcrypt_pbkdf()` static. While here, make the low-level `bcrypt_pbkdf()` function static to avoid namespace pollution. Closes #855 commit 2ac44a19aa5cdd404341a3cca66d435e21fdeb0e Author: Viktor Szakats Date: Fri Mar 17 16:55:48 2023 +0100 ci: more timeout adjustments (#853) - add timeout to SSH connection wait loop in AppVeyor test prep. (2 minutes) - switch to per-step timeout for GitHub CI cmake/ctest runs. (10 minutes) ctest timeout (of 450 seconds) didn't seem to make any difference. commit c5f2efdf9d6877117e6b2434cbab41bff1b444c3 Author: Viktor Szakats Date: Fri Mar 17 09:42:10 2023 +0000 ci: set timeout to ctest and GitHub CI jobs - `ctest` shows a the default timeout '10000000' (turns out to be in seconds), cause infinite waits e.g. in case the necessary server worker is not available. CMake CI tests take approx: - GitHub / Linux : 125 seconds - AppVeyor / Windows: 300 seconds New timeouts are: 450 and 900 seconds respectively. - set timeouts for style-check, fuzz, Linux and Windows GitHub CI jobs to avoid hanging forever. Also: - move `choco install` to before_test to make builds start faster in `appveyor.yml`. - fix some yamllint `ON`/`OFF`-confusion issue by quoting these values in `appveyor.yml`. - fix indentation in `appveyor.yml`. - convert to GitHub workflows to LF line-ending. Ref: https://github.com/libssh2/libssh2/pull/655#issuecomment-1472853493 Closes #851 commit ca2e8d5b5ee8d2912be9fb9eeefd3748387e32b6 Author: Viktor Szakats Date: Fri Mar 17 00:24:35 2023 +0100 ci: update mbedTLS repo URL, delete Travis CI (#850) Last Travis CI session run on 2021-11-18. Ref: https://app.travis-ci.com/github/libssh2/libssh2 Ref: https://travis-ci.org/github/libssh2/libssh2/builds commit d0714c321a326acd394a84797d3ddc805363aa0a Author: Viktor Szakats Date: Thu Mar 16 12:43:38 2023 +0100 appveyor.yml: reorder tests to return relevant feedback earlier (#849) - build x64 first x64 is the more interesting target. Most type conversion issues are revealed here. Also more commonly used by now. - test VS 2013 earlier - test WinCNG earlier - delete reference to no longer used VS 2008 After this patch we end up starting with all Shared builds (2015, 2013, OpenSSL, WinCNG), then continue with Static ones. Shared/Static makes a minor if any difference in builds/tests compared to different VS versions of TLS backends. -- CI run times: Preparation + build takes: 8 x VS2015 4.5 mins -> total: 36 8 x VS2013 2 mins -> total: 16 Total: 52 mins with our 30 tests, it increases to: 8 x VS2015 8-10 mins -> total: 72 8 x VS2013 6- 9 mins -> total: 60 Total: 132 mins Without tests: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46475315 With tests: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46480549 commit 289b4a1c0c939ffa58a6ece22a70559ceea882d1 Author: Dan Fandrich Date: Tue Mar 14 11:18:58 2023 -0700 src: check for NULL pointer passed to _libssh2_get_string Callers should be protecting against this, but it's prudent to check here anyway. Fixes #802 Closes #848 commit f928da9f957f071ed643e215663ae6cbb6e1fbf4 Author: Viktor Szakats Date: Tue Mar 14 20:38:27 2023 +0000 appveyor.yml: choco install improvements [ci skip] - avoid outputting 4000 log lines by hiding the progress bar. Reduces log size by 5x. - decrease timeout (from the default 2700 seconds). - omit unnecessary output. Tested as part of #846 commit e96e96628bba39f868f899b2a49b529caedbc076 Author: Jakob Egger Date: Tue Mar 14 13:38:28 2023 +0100 build: update instructions for autoreconf (#847) The "convenience script" talks about the "buildconf" file, which is no longer recommended. commit 664239faa1cca1c00e3236126fb3f04debed1f2d Author: Viktor Szakats Date: Mon Mar 13 20:07:25 2023 +0100 win32: set HAVE_STRTOLL with MSVS 2013 and newer (#845) As in curl: https://github.com/curl/curl/blob/7fa6e36583b52dd8f1e639b370c9a2849be81b54/lib/config-win32.h#L221 commit 2215ee37e961b0660161a63bcb9d5ebfaa7f04e7 Author: Viktor Szakats Date: Mon Mar 13 15:27:10 2023 +0100 GNUmakefile: move HAVE_STRTOLL to libssh2_config.h [ci skip] (#844) commit 0c00d3b9550bc351204b0592b22802259be9c786 Author: Viktor Szakats Date: Mon Mar 13 12:09:46 2023 +0100 src: silence unused variable warnings (#843) commit b8762c1003d97e109efa587bdc760ff9873949eb Author: Viktor Szakats Date: Mon Mar 13 11:08:19 2023 +0000 GNUmakefile: add wolfSSL support + major rework - add wolfSSL support. - reduce size and redundant logic. - fix a bunch of small issues. - rework configuration, now with: `CC`, `AR`, `RC`, `TRIPLET`, `CFLAGS`, `CPPFLAGS`, `LDFLAGS`, `RCFLAGS`, `LIBS`, `LIBSSH2_DLL_SUFFIX`, `LIBSSH2_LDFLAGS_LIB`, `LIBSSH2_LDFLAGS_BIN` (and more). - merge examples build into the main Makefile. - relative dependency paths are now the same for building libssh2 or examples. - drop detection for obsolete OpenSSL versions (can be configure via new `OPENSSL_LIBS`). - merge dev/dist distribution zip options. - build libssh2 with `-DHAVE_STRTOLL`. - tidy-up. - build examples in static mode by default (use `DYN` to build them in shared mode). - drop forced (in non-debug mode) `-O2`. - drop Win9x support. - deprecate `ARCH` in favour of custom options and `TRIPLET`. - drop Windows resources from examples for simplicity - drop `WITH_ZLIB`. Default `ZLIB_PATH` to enable zlib support. - drop `LIBSSH2_DLL_A_SUFFIX`, use standard value `.dll` (as in `libssh2.dll.a`). - always link `bcrypt` (for LibreSSL and OpenSSL) and `crypt32` (for wolfSSL). - unhide executed build commands. - fix mbedTLS `lib` path - drop specific options to force static linking. Custom options seems a better way for this. - based on similar work made for curl: https://github.com/curl/curl/commit/a8861b6ccdd7ca35b6115588a578e36d765c9e38 Closes #842 commit 3ac32253f98a66e7e55f5657bfe259d286e33edc Author: Viktor Szakats Date: Mon Mar 13 12:04:29 2023 +0100 wincng: fix memory leak in libssh2_dh_key_pair() (#829) Fixes #722 commit c45ba4d62402038b278b6231effbd9f732a7bc39 Author: Viktor Szakats Date: Sat Mar 11 16:43:13 2023 +0100 src: C89-compliant _libssh2_debug() macro (#831) Before this patch, with debug logging disabled, libssh2 code used a variadic macro to catch `_libssh2_debug()` calls, and convert them to no-ops. In certain conditions, it used an empty inline function instead. Variadic macro is a C99 feature. It means that depending on compiler, and build settings, it littered the build log with warnings about this. The new solution uses the trick of passing the variable arg list as a single argument and pass that down to the debug function with a regular macro. When disabled, another regular C89-compatible macro converts it to a no-op. This makes inlining, C99 variadic macros and maintaining the conditions for each unnecessary and also makes the codebase compile more consistently, e.g. with forced C standards and/or picky warnings. TL;DR: It makes this feature C89-compliant. commit 509c84e3c5aa84b6fc2c905a31c3149605f5bebe Author: Viktor Szakats Date: Sat Mar 11 11:08:42 2023 +0100 openssl: fix possible compiler warning in macro condition (#839) Building with wolfSSL or pre-OpenSSL v1.1.1 triggered it. ``` ../src/openssl.h:130:5: warning: 'LIBRESSL_VERSION_NUMBER' is not defined, evaluates to 0 [-Wundef] LIBRESSL_VERSION_NUMBER >= 0x3070000fL ^ ``` Regression from 2e2812dde8c1fc9b48eca592823770ab2e601f7a commit 0621f97c7b59afb44b6a8a99a088e3103f33a699 Author: Viktor Szakats Date: Sat Mar 11 11:06:42 2023 +0100 GNUmakefile: cleanups [ci skip] (#840) - indent - sync `test/GNUmakefile` with main - delete `RANLIB` - use `else if` - use more `?=` - use ASCII-7 copyright symbol (in test) commit a2738165212ab03578d036c961b48120b801c337 Author: Viktor Szakats Date: Fri Mar 10 18:53:38 2023 +0100 win32: convert tabs to spaces [ci skip] (#838) Also strip stray newlines from `win32/rules.mk`. commit 0e8971f443a858281f68d5f374334b46dc5ad737 Author: Viktor Szakats Date: Fri Mar 10 14:06:17 2023 +0100 ci: retry choco install on appveyor (#837) Trying to mitigate occasional intermittent failures while installing docker. Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46460704/job/g3t7bro6ta6n3pk6#L52 commit f0b729f79162c949476d73fed756c25503a016d8 Author: Viktor Szakats Date: Fri Mar 10 11:08:57 2023 +0100 cmake: drop unnecessary exception for warmup build (#835) commit 0c04f44fb96def089c975563ade83f7f52240195 Author: Viktor Szakats Date: Fri Mar 10 00:56:35 2023 +0100 cmake: reflect minimum version in docs (#834) Follow-up to 505ea626b6e125b7ce15caf453b522192008a884 commit adac94af31674e9a1854480eb359f9bfd722c40e Author: Viktor Szakats Date: Fri Mar 10 00:55:37 2023 +0100 cmake: add wolfSSL support to tests (#833) wolfSSL supports building with zlib as a dependency, that's the reason for the ZLIB logic in the patch. Also add it to `docs/INSTALL_CMAKE.md` and to the help text in `src/CMakeLists.txt`. Running tests not actually tested. Follow-up to 9f217a17f6f3c2047c4a1668a5c037a75a02abfd Ref: #817 commit 40ac6b230a309d35c57aa65a8f6d7ab6654aa3d8 Author: Viktor Szakats Date: Fri Mar 10 00:53:55 2023 +0100 tests: workaround for intermittent first test failures (#832) Flakiness got continously worse these last days. It didn't seem related to recent commits. Flakiness also picked up in GitHub CI runs, something rarely seen before. Manual restart consistently fixed them. The repeating pattern was the _first_ test (`test_hostkey`) failing, with `libssh2_session_handshake failed (-13): Failed getting banner`. Failures came after a lengthy wait, suggesting a timeout. I then reversed the order of the first two tests, and it turned out that the _first_ test failed again (`test_hostkey_hash`). Also pointing to a timeout issue. Then I added a dummy test to "warm up" whatever needs warming up in the layers of CI + Docker + ssh server and their interconnects. This helped, and GitHub CI tests run without failure right for the first time. AppVeyor CI also improved a little. This patch adds a new first test called `test_warmup`, that creates a new libssh2 session, and exits with success even if that attempt failed. A stop-gap solution at best, and there is no guarantee it will continue to fix this or similar future issues, but it's also untenable to have almost every CI run fail for intermittent reasons. In some [1] cases [2] it's not the first test failing intermittently. That's a different issue, and this patch doesn't fix it. [1] #804 [2] https://ci.appveyor.com/project/libssh2org/libssh2/builds/46440828/job/8rej6cq6itg7vc4w#L500 commit ae90a35d15d97154ac0c8554bce99ebfb18ee825 Author: Viktor Szakats Date: Thu Mar 9 19:49:20 2023 +0100 cmake: detect HAVE_SNPRINTF for tests (#830) Turns out `test_keyboard_interactive_auth_info_request.c` requires `src/libssh2_priv.h`, which in turn requires a correctly set `HAVE_SNPRINTF`. Follow-up to 4cdf785cd313c3272d04c2ef7458a35d44533d8b. commit 8795d9c817250a9a57a92cf748049447c0b0375c Author: Viktor Szakats Date: Thu Mar 9 11:48:21 2023 +0100 cmake: unset forced CMAKE_C_STANDARD 90 (#822) Added in cf80f2f4b5255cc85a04ee43b27a29c678c1edb1 (on 2016-08-14), with the title "Basic dockerised test suite". It's not clear why a C standard was explicitly set, but a side-effect of this is that CMake-built binaries diverged from ones built with autotools or GNU Make (using the same compiler and configuration). Another issue is that this may introduce ABI incompatibility with binaries built with a different C standard flag, e.g. the C compiler default or one used for other components of a final app. Seems unlikely, but if our tests require this option, we should set it for the CI builds only? commit 99c1333ba7fd82f7459f8f4c0c0b62cc018a6f59 Author: Viktor Szakats Date: Thu Mar 9 10:46:40 2023 +0100 example: silence MSVS 2013 C4127 warnings (#828) commit 33b6d5f89d5328aa7677f542450cc48d825df595 Author: Viktor Szakats Date: Thu Mar 9 00:41:48 2023 +0100 cmake: reposition ws2_32 to make binutils ld work again (#827) This restores socket libs to their pre-regression positions. Without this, `ld` doesn't find `ws2_32` symbols when referenced from TLS libs. Regression from 31fb8860dbaae3e0b7d38f2a647ee527b4b2a95f commit 27318779a3a57c4a39168c4062b4e63267f9aa87 Author: Viktor Szakats Date: Wed Mar 8 22:13:09 2023 +0100 fix compiling with LIBSSH2_NO_CLEAR_MEMORY and OpenSSL (#825) Regression from a0e424a51c27cc27af611ba20d134f9a9ae35273 Fixes #824 commit 57f1d381405028272e52d73a3b8291f370f4638a Author: Viktor Szakats Date: Wed Mar 8 16:19:22 2023 +0100 snprintf: add missing prototype for local replacement (#820) Should fix these warnings with MSVS 2013 and older: `agent.c(294): warning C4013: '_libssh2_snprintf' undefined; assuming extern returning int` Follow-up to 4cdf785cd313c3272d04c2ef7458a35d44533d8b. commit 7cce783081b86cfa691376c8c7f477607b553e21 Author: Viktor Szakats Date: Wed Mar 8 16:18:44 2023 +0100 build: set _FILE_OFFSET_BITS=64 for mingw-w64 (#821) autotools builds already did auto-detect and set this mingw-specific macro, but CMake and GNU Make builds did not. This patch fixes that. Necessary for `src/scp.c`. commit 07a8b8e033b7d2dd0a98847b44c150b867d4a2a9 Author: Viktor Szakats Date: Wed Mar 8 16:12:51 2023 +0100 cmake: add os400qc3.c to SOURCES (#826) This re-syncs the list of compiled objects in cmake builds with non-cmake builds. Follow-up to 16619a8eddec35bb8582d1c334db0fc13b0817c4. commit 10c8beab1f57f62ac8fa80d6c1990ebee0748a9e Author: Viktor Szakats Date: Wed Mar 8 13:59:59 2023 +0100 build: silence bogus C4127 warnings with MSVS 2013 and earlier (#819) E.g.: `channel.c(370): warning C4127: conditional expression is constant` Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46437333/job/5rak1vcl9hue31ei#L190 commit 9ad1258f1fcca43545606953c1c3fe8c25bcbd0f Author: Viktor Szakats Date: Wed Mar 8 13:56:01 2023 +0100 cmake: use only needed socket libs when checking non-blocking sockets (#816) Based on patch by Christian Beier. Fixes #694 Closes #712 commit 19884e5055b6c65f0df93d7cc776a01c518a2f06 Author: Viktor Szakats Date: Wed Mar 8 09:36:11 2023 +0100 cmake: update openssl dll list (#818) Add OpenSSL 3 and versionless DLL names. Also modernize warning messages and variable names. Do we need the OpenSSL-Windows-specific check and the related `RUNTIME_DEPENDENCIES` feature? The list of OpenSSL DLLs was out of date for 1.5 years without anybody noticing. Keeping it fresh is a chore and copying around DLL dependencies rarely helps as much as expected. This check also results in unuseful warnings in certain build scenarios, e.g. when linking to OpenSSL statically. commit 9f217a17f6f3c2047c4a1668a5c037a75a02abfd Author: Viktor Szakats Date: Wed Mar 8 09:34:37 2023 +0100 cmake: add wolfSSL support (#817) Implement wolfSSL support for libssh2 when building with CMake. Configuration example from curl-for-win: ``` -DCRYPTO_BACKEND=wolfSSL -DWOLFSSL_LIBRARY=/path-to/wolfssl/lib/libwolfssl.a -DWOLFSSL_INCLUDE_DIR=/path-to/wolfssl/include ``` Module `cmake/Findwolfssl.cmake` copied from: https://github.com/ngtcp2/ngtcp2/blob/e4d920c4b7a350d63b6978c68b216b76faa12635/cmake/Findwolfssl.cmake via commit: https://github.com/ngtcp2/ngtcp2/commit/296396d3730b721ad97f9de22f525400f8524c0e by Stefan Eissing commit 05c7d128c8966f60ec168790432e6e76e91db9db Author: Viktor Szakats Date: Tue Mar 7 19:30:51 2023 +0100 cmake: restore non-Windows socket lib detection (#815) I mistakenly pruned some non-Windows logic, also missing the fact that our local `check_function_exists_may_need_library()` set the `NEED_*` variables. Oddly, only `src` imported this function, yet also `examples` and `tests` called it indirectly. The referenced `HAVE_SOCKET` / `HAVE_INET_ADDR` variables might be coming from an upstream CMake project? Leaving those there also, just in case. Regression from 31fb8860dbaae3e0b7d38f2a647ee527b4b2a95f commit 31fb8860dbaae3e0b7d38f2a647ee527b4b2a95f Author: Viktor Szakats Date: Tue Mar 7 15:14:22 2023 +0000 build: more fixes and tidy-up (mostly for Windows) - cmake: always link `ws2_32` on Windows. Also add it to `libssh2.pc`. Fixes #745 - agent: fix gcc compiler warning: `src/agent.c:296:35: warning: 'snprintf' output truncated before the last format character [-Wformat-truncation=]` - autotools: fix `EVP_aes_128_ctr` detection with binutils `ld` The prerequisite for a successful detection is setting `LIBS=-lbcrypt` if the chosen openssl-compatible library requires it, e.g. libressl, or quictls/openssl built with `-DUSE_BCRYPTGENRANDOM`. With llvm `lld`, detection works out of the box. With binutils `ld`, it does not. The reason is `ld`s world-famous pickiness with lib order. To fix it, we pass all custom libs before and after the TLS libs. This ugly hack makes `ld` happy and detection succeed. - agent: fix Windows-specific warning: `src/agent.c:318:10: warning: implicit conversion loses integer precision: 'LRESULT' (aka 'long long') to 'int' [-Wshorten-64-to-32]` - src: fix llvm/clang compiler warning: `src/libssh2_priv.h:987:28: warning: variadic macros are a C99 feature [-Wvariadic-macros]` - src: support `inline` with `__GNUC__` (llvm/clang and gcc), fixing: ``` src/libssh2_priv.h:990:8: warning: extension used [-Wlanguage-extension-token] static inline void ^ ``` - blowfish: support `inline` keyword with MSVC. Also switch to `__inline__` (from `__inline`) for `__GNUC__`: https://gcc.gnu.org/onlinedocs/gcc/Inline.html https://clang.llvm.org/docs/UsersManual.html#differences-between-various-standard-modes - example/test: fix MSVC compiler warnings: - `example\direct_tcpip.c(209): warning C4244: 'function': conversion from 'unsigned int' to 'u_short', possible loss of data` - `tests\session_fixture.c(96): warning C4013: 'getcwd' undefined; assuming extern returning int` - `tests\session_fixture.c(100): warning C4013: 'chdir' undefined; assuming extern returning int` - delete unused macros: - `HAVE_SOCKET` - `HAVE_INET_ADDR` - `NEED_LIB_NSL` - `NEED_LIB_SOCKET` - `HAVE_NTSTATUS_H` - `HAVE_NTDEF_H` - build: delete stale zlib/openssl version numbers from path defaults. - cmake: convert tabs to spaces, add newline at EOFs. Closes #811 commit 23a21aa86c9aa494faf1947d985156cac6ab8a71 Author: Viktor Szakats Date: Tue Mar 7 14:25:00 2023 +0000 cmake: make `test_read` runs cross-build-friendly Improve tests added in 7487dcf4b4ddae54b2a850737789b57b4251b0ae by running `test_read` commands directly. This makes external shell/batch files unnecessary, and is friendlier with cross-builds and when run from non-default shells, like MSYS2. Also extend CRYPT/MAC test error messages with the CRYPT/MAC name. External runner shell scripts kept for future use. Closes #814 commit a0e424a51c27cc27af611ba20d134f9a9ae35273 Author: Viktor Szakats Date: Tue Mar 7 14:21:46 2023 +0000 src: enable clear memory on all platforms - convert `_libssh2_explicit_zero()` to macro. This allows inlining where supported (e.g. `SecureZeroMemory()`). - replace `SecureZeroMemory()` (in `wincng.c`) and `LIBSSH2_CLEAR_MEMORY`-guarded `memset()` (in `os400qc3.c`) with `_libssh2_explicit_zero()` macro. - delete `LIBSSH2_CLEAR_MEMORY` guards, which enables secure-zeroing universally. - add `LIBSSH2_NO_CLEAR_MEMORY` option to disable secure-zeroing. - while here, delete double/triple inclusion of `misc.h`. `libssh2_priv.h` included it already. Closes #810 commit 505ea626b6e125b7ce15caf453b522192008a884 Author: Viktor Szakats Date: Tue Mar 7 14:14:07 2023 +0000 cmake: bump minimum version to 3.1 (from 2.8.12) This allows to delete some fallback code. CMake release dates: - 2014-12-15: 3.1 - 2013-10-07: 2.8.12 Closes #813 commit 4cdf785cd313c3272d04c2ef7458a35d44533d8b Author: Viktor Szakats Date: Tue Mar 7 14:06:35 2023 +0000 snprintf: unify fallback logic Before this patch, the `snprintf()` fallback logic for envs not supporting this function (i.e. Visual Studio 2013 and older) varied depending on build tool, and used different techniques in examples, tests and libssh2 itself. This patch aims to apply a common logic to libssh2 and examples/tests. - libssh2: use local `snprintf()` fallback with all build tools. We already had a local implementation, but only with CMake. Move that to the library as `_libssh2_snprintf()`, and map `snprintf()` to it when `HAVE_SNPRINTF` is not set. Also change the length type from `int` to `size_t`, and fix formatting. - set or detect `HAVE_SNPRINTF` in non-CMake builds. Detect in autotools. Keep existing logic in `win32/libssh2_config.h`. Always set for OS/400, NetWare and VMS, keeping existing behaviour. (OS/400 builds use a different local implementation) - examples/tests: drop the CMake-specific fallback logic and map `snprintf()` to `_snprintf()` for old MSVC versions, like we did before with other build tools. This is unsafe, but should be fine for these uses. - `win32/libssh2_config.h`: make it easier to read. Closes #812 commit 730c606b64f86b5899183655e8f07578a54b8f9e Author: Viktor Szakats Date: Fri Mar 3 21:33:26 2023 +0000 cmake: build fixes with OpenSSL/LibreSSL on Windows - Link `bcrypt` for newer (non-fork) OpenSSL. - Link `bcrypt` and `ws2_32` when using (non-fork) OpenSSL or LibreSSL, to allow `Looking for EVP_aes_128_ctr` detecting this feature. With the feature available, but not found by CMake, build failed with: `openssl.c:636:21: error: incompatible integer to pointer conversion assigning to 'EVP_CIPHER *' (aka 'struct evp_cipher_st *') from 'int' [-Wint-conversion]` Closes #809 commit 2addafb77b662e64248d156c71c69b91ba7b926e Author: Viktor Szakats Date: Fri Mar 3 13:30:03 2023 +0000 build fixes and improvements (mostly for Windows) - in `hostkey.c` check the result of `libssh2_sha256_init()` and `libssh2_sha512_init()` calls. This avoid the warning that we're ignoring the return values. - fix code using `int` (or `SOCKET`) for sockets. Use libssh2's dedicated `libssh2_socket_t` and `LIBSSH2_INVALID_SOCKET` instead. - fix compiler warnings due to `STATUS_*` macro redefinitions between `ntstatus.h` / `winnt.h`. Solve it by manually defining the single `STATUS` value we need from `ntstatus.h` and stop including the whole header. Fixes #733 - improve Windows UWP/WinRT builds by detecting it with code copied from the curl project. Then excluding problematic libssh2 parts according to PR by Dmitry Kostjučenko. Fixes #734 - always use `SecureZeroMemory()` on Windows. We can tweak this if not found or not inlined by a C compiler which we otherwise support. Same if it causes issues with UWP apps. Ref: https://learn.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa366877(v=vs.85) Ref: https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlsecurezeromemory - always enable `LIBSSH2_CLEAR_MEMORY` on Windows. CMake and curl-for-win builds already did that. Delete `SecureZeroMemory()` detection from autotools' WinCNG backend logic, that this setting used to depend on. TODO: Enable it for all platforms in a separate PR. TODO: For clearing buffers in WinCNG, call `_libssh2_explicit_zero()`, insead of a local function or explicit `SecureZeroMemory()`. - Makefile.inc: move `os400qc3.h` to `HEADERS`. This fixes compilation on non-unixy platforms. Recent regression. - `libssh2.rc`: replace copyright with plain ASCII, as in curl. Ref: curl/curl@1ca62bb Ref: curl/curl#7765 Ref: curl/curl#7776 - CMake fixes and improvements: - enable warnings with llvm/clang. - enable more comprehensive warnings with gcc and llvm/clang. Logic copied from curl: https://github.com/curl/curl/blob/233810bb5f6c5e7bedfc10bdd36607b958c0cfe4/CMakeLists.txt#L131-L148 - fix `Policy CMP0080` CMake warning by deleting that reference. - add `ENABLE_WERROR` (default: `OFF`) option. Ported from curl. - add `PICKY_COMPILER` (default: `ON`) option, as known from curl. It controls both the newly added picky warnings for llvm/clang and gcc, and also the pre-existing ones for MSVC. - `win32/GNUmakefile` fixes and improvements: - delete `_AMD64_` and add missing `-m64` for x64 builds under test. - add support for `ARCH=custom`. It disables hardcoded Intel 64-bit and Intel 32-bit options, allowing ARM64 builds. - add support for `LIBSSH2_RCFLAG_EXTRAS`. To pass custom options to windres, e.g. in ARM64 builds. - add support for `LIBSSH2_RC`. To override `windres`. - delete support for Metrowerks C. Last released in 2004. - `win32/libssh2_config.h`: delete unnecessary socket #includes `src/libssh2_priv.h` includes `winsock2.h` and `ws2tcpip.h` further down the line, triggered by `HAVE_WINSOCK2_H`. `mswsock.h` does not seem to be necessary anymore. Double-including these (before `windows.h`) caused compiler failures when building against BoringSSL and warnings with LibreSSL. We could work this around by passing `-DNOCRYPT`. Deleting the duplicates fixes these issues. Timeline: 2013: c910cd382dfa07fed2adaabf688af9e4a084fa1d deleted `mswsock.h` from `src/libssh2_priv.h` 2008: 8c43bc52b1e3de2c8fc7899a80aec0e98de4e2d8 added `winsock2.h` and `ws2tcpip.h` to `src/libssh2_priv.h` 2005: dc4bb1af967d2c53e90349f2f37324c622e714f5 added the now deleted #includes - delete or replace `LIBSSH2_WIN32` with `WIN32`. - replace hand-rolled `HAVE_WINDOWS_H` macro with `WIN32`. Also delete its detections/definitions. - delete unused `LIBSSH2_DARWIN` macro. - delete unused `writev()` Windows implementation There is no reference to `writev()` since 2007-02-02, commit 9d55db6501aa4e21f0858cf36cdc2ddc11b96e83. - fix a bunch of MSVC / llvm/clang / gcc compiler warnings: - `warning C4100: '...': unreferenced formal parameter` - using value of undefined PP macro `LIBSSH2DEBUG` - missing void from function definition - `if()` block missing in non-debug builds - unreferenced variable in non-debug builds - `warning: must specify at least one argument for '...' parameter of variadic macro [-Wgnu-zero-variadic-macro-arguments]` in `_libssh2_debug()` - `warning C4295: 'ciphertext' : array is too small to include a terminating null character` - `warning C4706: assignment within conditional expression` - `warning C4996: 'inet_addr': Use inet_pton() or InetPton() instead or define _WINSOCK_DEPRECATED_NO_WARNINGS to disable deprecated API warnings` By suppressning it. Would be best to use inet_pton() as suggested. On Windows this needs Vista though. - `warning C4152: nonstandard extension, function/data pointer conversion in expression` (silenced locally) - `warning C4068: unknown pragma` Ref: https://ci.appveyor.com/project/libssh2org/libssh2/builds/46354480/job/j7d0m34qgq8rag5w Closes #808 commit 7487dcf4b4ddae54b2a850737789b57b4251b0ae Author: Dan Fandrich Date: Tue Feb 28 22:21:48 2023 -0800 Add tests to check individual crypt & HMAC methods One specific crypt or hmac method is requested to be negotiated, then several MB of data is transferred. commit 5f88efdddc3abc5c779bc3c7c607b21eb118956c Author: Dan Fandrich Date: Tue Feb 28 17:01:26 2023 -0800 Add test to read lots of data over a channel Connects to the ssh server then downloads several MB of data. This tests the data transfer path as well as boundary cases in packet handling as data is split into smaller SSH blocks. commit 45d33da3c747d023a3459345066c27d055cc12f3 Author: Will Cosgrove Date: Mon Feb 27 11:46:47 2023 -0800 Disable deprecated warnings for OpenSSL 3 #805 (#806) Disable deprecated warnings (for now) when building against OpenSSL 3 for a clean build. Reported: Daniel Stenberg commit d8220ddbfff365b03da338fafdd86878ae218395 Author: Dan Fandrich Date: Wed Feb 22 14:35:49 2023 -0800 Fix a couple of warnings of errors in MSVC builds Two warnings (in tests & examples) in particular would cause problems: bad format causing invalid data output or a bad chdir due to out of scope buffer use. commit 4c9ed51f962f542b98789b15bedaaa427f4029a2 Author: Dan Fandrich Date: Wed Feb 22 13:55:44 2023 -0800 tests: Support running tests in out-of-tree builds Various files are found by referencing the srcdir environment variable in that case. Closes #801 commit 27ef3bbb254d049f33a5cc5082580263bbb25137 Author: Dan Fandrich Date: Mon Feb 20 16:29:10 2023 -0800 Improve the ssh2 example program to run a command This performs better as an example since it shows more working code, and in the simplest possible way. It also turns the program into an actually useful tool out of the box, able to run an arbitrary command (with one restriction) on a remote machine and return the response, without needing to touch the source. Closes #800 commit af1e591eeec4fbb47e1e050a562d5d5237d3c563 Author: Will Cosgrove Date: Tue Feb 14 09:13:04 2023 -0800 Add NULL session check to _libssh2_error_flags() (#796) Don't dereference null if a null session happens to make it into _libssh2_error_flags() commit eefc06f2efc541099e3c843283516a575dbfea03 Author: Dan Fandrich Date: Tue Feb 7 16:58:34 2023 -0800 Reorder AES crypt methods so stronger ones are first This make it more likely that a stronger one will be negotiated rather than a weaker variant. commit 879a2e4bf6cae37ac8c8cf40544c42f0b34d8069 Author: Dan Fandrich Date: Fri Jan 6 14:12:39 2023 -0800 CI: update uses: dependencies to the latest versions We were seeing some deprecation warning messages on some of the older ones. commit 1e1a74eb7e97b004ccad86a32c1874eb0d986d6f Author: Dan Fandrich Date: Fri Jan 6 13:48:37 2023 -0800 transport.c: Add some comments commit 16619a8eddec35bb8582d1c334db0fc13b0817c4 Author: Dan Fandrich Date: Fri Dec 30 22:22:13 2022 -0800 Add missing files to automake makefiles & build tests Many files have been added to the cmake build files but not the automake ones in recent years. Missing ones have been added so automake "make dist" will now create a usable tar ball. The integration tests using Docker are now built with automake as well (with "make check"). They are not run yet since they aren't working yet on Linux. commit e3ce906cafbb4fe1dae49b4ed0d130a2979e9337 Author: Dan Fandrich Date: Fri Dec 30 13:54:51 2022 -0800 tests: Fix gcc compile warnings These were mostly due to missing and non-ANSI prototypes. commit 6cba487395e79775482fc80dcbc4146e3b17c773 Author: Dan Fandrich Date: Thu Dec 8 18:11:54 2022 -0800 Enable trace debugging in example/ssh2 This is intended to be a test program, so debugging is likely to be useful by default. commit d4062feb3d35ac69d1c94523ab8edf2a4e42fabd Author: Dan Fandrich Date: Thu Dec 8 18:06:46 2022 -0800 Improve example/ssh2 to allow unmodified use of public key auth The previous hard-coded key file paths were not valid for normal users. Make the paths relative to the user's home directory instead so they can work out of the box. Add a banner showing what connection will be attempted to make it easier for the user to see what is being attempted. Enable trace debugging since this is designed as a test program. commit 2e2812dde8c1fc9b48eca592823770ab2e601f7a Author: Viktor Szakats Date: Tue Dec 13 22:11:13 2022 +0100 openssl.h: enable ed25519 for LibreSSL 3.7.0 (#778) This brings LibreSSL libssh2 builds on par with OpenSSL. commit 9f8e69cca0b94266c174ae13a860a02c762a3f4a Author: Dan Fandrich Date: Mon Dec 5 17:09:55 2022 -0800 configure.ac: check for sys/param.h This file is required by glibc for the test suite. commit f6694beb21518491fe9d02c56ae14a0319d79a8d Author: Viktor Szakats Date: Sat Nov 12 12:40:40 2022 +0100 tests: add option to run tests without docker (#762) via `export OPENSSH_NO_DOCKER=1`. SSH server host can be set via: `export OPENSSH_SERVER_HOST=127.0.0.1` SSH server port via existing: `export OPENSSH_SERVER_PORT=4711` This requires more work to be usable out of the box. The necessery sshd config is (partly) embedded into `tests/openssh_server/Dockerfile`. After this patch, it is possible to run tests in envs where docker is not installed or not available, by running a preconfigured, non-containerized sshd. commit 821d50dad313b53fb2782f26aec1f52f1be34fc0 Author: Michael Buckley Date: Wed Nov 9 15:56:22 2022 -0800 Skip leading \r and \n characters in banner_receive() (#769) Fixes #768 Credit: Michael Buckley commit 5c3e53f0eea017851c27c3bf5199a0a948e1c13b Author: Zenju Date: Tue Nov 8 22:55:34 2022 +0100 Fixed error handling of _libssh2_packet_requirev callers (#767) Notes: some callers of _libssh2_packet_requirev() fail to set _libssh2_error(). This creates the situation where e.g. libssh2_session_handshake() fails, but libssh2_session_last_error() confusingly returns LIBSSH2_ERROR_NONE. Credit: Zenju commit 0986fee58b002cd25bde682945b8cf692fcb6fbe Author: Will Cosgrove Date: Wed Nov 2 09:28:45 2022 -0700 Revert usage of EVP_CipherUpdate #764 #739 (#765) Revert usage of EVP_CipherUpdate from wolfSSL PR to fix #764 #739. commit 0ba6e74bec99c67c358f9fdb461c37c368479e06 Author: Will Cosgrove Date: Wed Oct 26 16:48:52 2022 -0700 Fix regression with rsa_sha2_verify #758 (#763) Fixes comparison with the result value coming from `mbedtls_rsa_pkcs1_verify`. Success is 0, not 1. commit ca818c513436728b1fac26e6cfabf9060eba7a4d Author: Marc Hoersken Date: Mon Oct 24 20:46:19 2022 +0200 CI: fix AppVeyor status failing for starting jobs commit b542466c7221eb35b23e3b0b8849cbfbda49a4f3 Author: Viktor Szakats Date: Sat Oct 22 08:50:32 2022 +0000 delete cast5 - null-cipher mapping commit f1d60b1fb39b62abd7751df30c6dcd691918468e Author: Viktor Szakats Date: Sat Oct 22 08:48:40 2022 +0000 more feature guard cleanup commit d46091b22e5f9b2c9860e954e5c7debccdb46e0a Author: Viktor Szakats Date: Sat Oct 22 08:41:51 2022 +0000 indent commit 942b94a93782e628b7a257adcbcbb518b7ef1b05 Author: Viktor Szakats Date: Sat Oct 22 01:27:24 2022 +0000 formatting commit 5387c506b4a6e5fecadf5f543a71d9a7e1ee43d7 Author: Viktor Szakats Date: Sat Oct 22 01:24:13 2022 +0000 fold long lines commit f0583d5608d4fcca4d573892caf95f50902dd431 Author: Viktor Szakats Date: Sat Oct 22 01:11:42 2022 +0000 cleanup commit c51a78657f3f9d7fde3ce1db2d6f7f370b21478c Author: Viktor Szakats Date: Sat Oct 22 01:10:25 2022 +0000 temporarily silence checksrc commit 048a6b411fccd2876c07fda278c6c37037395dd6 Author: Viktor Szakats Date: Wed Oct 19 22:20:52 2022 +0000 add mbedTLS 3.x support Make libssh2 compile cleanly with mbedTLS 3.x and later. This patch makes use of `MBEDTLS_PRIVATE()`, which is not the recommended, future-proof way to access mbedTLS data structures. This method may break with a minor upgrade, according to the authors. This is also the method used by libcurl. Also: - Fix a potentially uninitialized variable in `libssh2_mbedtls_rsa_sha2_sign()`. This happened in an error path, resulting in an unnecessary mbedTLS API call, with an uninitialized `md_type`. - Bump mbedTLS version used in CI tests to 3.2.1. Fixes #751 commit e9561dd66e8276ebba312211b6e812ae5712f278 Author: Viktor Szakats Date: Sat Oct 22 00:16:50 2022 +0000 tests: add option to enable all trace messages in fixture via `export FIXTURE_TRACE_ALL=1`. commit ea5d83d330dcc804cca347cd52f8a5bdded9b473 Author: Viktor Szakats Date: Sat Oct 22 00:11:07 2022 +0000 win32/GNUmakefile: add mbedTLS support via `export MBEDTLS_PATH=`. commit c2a7fad06b2173e7e54827daa8523797b5361262 Author: Marc Hoersken Date: Fri Oct 21 22:57:23 2022 +0200 CI: fix AppVeyor job links only working for most recent build Ref: https://github.com/curl/curl/pull/9768#issuecomment-1286675916 Reported-by: Daniel Stenberg Follow up to #754 commit 44379f4762f1d335a1f6a2f52ed15edeb060bac0 Author: Marc Hoersken Date: Thu Oct 20 20:57:21 2022 +0200 CI: add missing permission section to AppVeyor status workflow Follow up to #754 commit 94bd3d87c58820795b5ad20da21de9dd6ef50630 Author: Marc Hoersken Date: Mon Oct 17 22:00:31 2022 +0200 Remove OSSFuzz integration which was replaced with CIFuzz (#756) Confirmed-by: Max Dymond commit fb8b84bc9f8b0800e08b072c43fd11875a35875c Author: Marc Hoersken Date: Sun Oct 16 21:26:42 2022 +0200 Rename workflow file appveyor.yml to appveyor_docker.yml commit 612779b02c5aab2d964c003b1e34843e13811c27 Author: Marc Hoersken Date: Sun Oct 16 21:23:56 2022 +0200 Streamline names of CI workflow jobs commit 752d90f2175f114ebb3c49cf88c1421bc469c77c Author: Jeroen Ooms Date: Mon Sep 12 08:36:25 2022 +0200 Add CI for mingw-w64 via msys2 (#742) Credit: Jeroen Ooms commit 70a85e9c6e12467ac2cf9e0950412af849ed32b7 Author: Marc Hoersken Date: Fri Oct 7 23:45:09 2022 +0200 CI: report AppVeyor build status for each job (#754) Also give each job on AppVeyor CI a human-readable name. This aims to make job and therefore build failures more visible. commit ed439a29bb0b4d1c3f681f87ccfcd3e5a66c3ba0 Author: Michael Buckley Date: Thu Sep 29 09:05:34 2022 -0700 Support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys, FIDO (#698) Notes: Add support for sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com key exchange for FIDO auth using the OpenSSL backend. Stub API for other backends. Credit: Michael Buckley commit ef292424bb5d136f888a2d2e92460de12c143ab4 Author: Y. Yang Date: Sat Sep 24 01:41:35 2022 +0800 Fix DLL import library name (#711) Notes: Fix DLL import library name https://aur.archlinux.org/packages/mingw-w64-libssh2 https://cmake.org/cmake/help/latest/prop_tgt/IMPORT_PREFIX.html Credit: metab0t Y. Yang commit 8b3a864c5bd69a72e7b14a2d94d57dd935aace2f Author: skundu07 <36504923+skundu07@users.noreply.github.com> Date: Fri Sep 23 22:41:20 2022 +0530 Add RSA-SHA2 support for the WinCNG backend (#736) Notes: Added code to support RSA-SHA2 for WinCNG backend. Credit: skundu07 commit bd9c65d68c4152ba0726f5588b4b611410972fbc Author: Gabriel Smith Date: Fri Sep 23 13:03:56 2022 -0400 sftp: Prevent files from being skipped if the output buffer is too small (#746) Notes: LIBSSH2_ERROR_BUFFER_TOO_SMALL is returned if the buffer is too small to contain a returned directory entry. On this condition we jump to the label `end`. At this point the number of names left is decremented despite no name being returned. As suggested in #714, this commit moves the error label after the decrement of `names_left`. Fixes #714 Credit: Co-authored-by: Gabriel Smith commit 91adeae486105ae25823949eea4d36c7587043bd Author: bgermann Date: Wed Sep 21 00:29:05 2022 +0200 Drop advertisement clause on Blowfish (#747) Originally driven by https://github.com/pyca/bcrypt/issues/169, OpenBSD removed Niels Provos's BSD advertisement clause in version 7.1: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/lib/libsa/blowfish.c.diff?r1=1.1&r2=1.2 https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/lib/libsa/blowfish.h.diff?r1=1.1&r2=1.2 This enables using libssh2 in GPL software. commit 09f0ffd9fbd0fa1442b8fcb097df49eea3164db9 Author: zhaochongliu Date: Wed Sep 7 13:54:25 2022 -0400 Support building with gcc < version 8 Files: CMakeLists.txt Notes: don't use gcc arguments that don't exist in gcc versions lower than 8 if building with older gcc. Credit: zhaochongliu commit 6c59eea5a9ea77127ec0fa3d6815c8adc743dba3 Author: Miguel de Icaza Date: Tue Aug 16 12:13:51 2022 -0400 Document the obscure LIBSSH2_ERROR_BAD_USE when writing to a channel (#713) Document the obscure LIBSSH2_ERROR_BAD_USE when writing to a channel Credit: Miguel de Icaza commit 31ae48885d89b729a28dea03dcd4c730c1991c63 Author: Michael Buckley Date: Tue Aug 16 09:09:47 2022 -0700 Don't erroneously log SSH_MSG_REQUEST_FAILURE packets from keepalive (#727) Notes: When setting a ServerAliveInterval using libssh2_keepalive_config() with want_reply set to true, some servers will reply to the keep-alive requests with a single SSH_MSG_REQUEST_FAILURE packet. This is an allowed behavior in RFC 4254, section 4. Credit: Michael Buckley commit 891ee16ab62f163c8b1fb2801db863d3242578d3 Author: Ryan Kelley Date: Tue Aug 9 20:05:35 2022 -0400 Updating docs for libssh2_channel_flush_ex (#728) Notes: In #614 it was identified the docs do not accurately show how libssh2_channel_flush_ex() return value is set. I have updated the doc's to correctly show what the function is returning. Credit: Ryan Kelley commit 4b21e49d9d2db74579b18804ed1f5eeb16578b2f Author: Sandeep Bansal Date: Thu Jul 28 08:57:34 2022 -0700 Support RSA certificate authentication (#710) * Adding support for signed RSA keys and unit test Credit: Sandeep Bansal commit 7483edfada1f7e17cf8f9ac1c87ffa3d814c987e Author: Viktor Szakats Date: Wed Jun 29 18:37:33 2022 +0000 configure: add --disable-tests option commit 3adc8e908160783d28fc3f9e2676b40c3d3e938c Author: Viktor Szakats Date: Thu May 26 09:02:22 2022 +0000 cmake: do not add libssh2.rc to the static library commit 3af1f4f446f19167678e24e4471cc82847f99d1f Author: AyushiN <36621150+ANaphade@users.noreply.github.com> Date: Mon May 23 23:05:28 2022 +0530 Fixed typo #697 (#701) Credit: AyushiN commit b952674f120748174ed2c0fb93e7bd78cf355cac Author: Viktor Szakats Date: Thu May 19 18:35:16 2022 +0200 Openssl: add support for LibreSSL 3.5.x (#700) LibreSSL 3.5.0 made more structures opaque, so let's enable existing support for that when building against these LibreSSL versions. Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt Credit: Viktor Szakats commit 4b057bd2d9b4cccfbdbce861b8a47305ee147446 Author: Michael Buckley Date: Fri May 6 08:40:19 2022 -0700 Ensure KEX replies don't include extra bytes (#696) Addresses #695 Credit: Michael Buckley, reported by Harry Sintonen commit dba9ad9d3dc99ffcecc90e2b1f538b68f18e0845 Author: Zenju Date: Mon Apr 25 20:49:11 2022 +0200 Fix buffer overflow during SSH_MSG_USERAUTH_BANNER (#693) File: userauth.c Notes: This patch fixes application crashes due to heap corruption. Turns out the null terminator is written one byte outside of the allocated area. Credit: Zenju commit dd0b5b2d2b8f5ef7af826e1e1aa1d48a0442c351 Author: Will Cosgrove Date: Mon Apr 11 09:49:00 2022 -0700 Changed NULL check to avoid logic change commit 3489ee9a6fb8ceb674a4d72eeaf09b3ddfa60a2d Author: Will Cosgrove Date: Mon Apr 11 09:46:52 2022 -0700 NULL check before calling session_handshake commit b95e75823923731a06c76a3637fa3654876c8737 Author: Harry Sintonen Date: Tue Apr 5 03:00:04 2022 +0300 Fix build since openssl 1.1.0 when ECDSA and/or RIPEMD are disabled (#666) File: openssl.h Notes: In openssl 1.1.0 and later openssl decided to change some of the defines used to check if certain features are not compiled in the libraries. This updates the define checks. Credit: Harry Sintonen Co-authored-by: Harry Sintonen commit 79855b37d290c43600944e7bb9cbe80625b02d38 Author: gbaraldi Date: Mon Apr 4 20:57:10 2022 -0300 Add RSA-SHA2 support for the mbedtls backend (#688) File: mbedtls.c Notes: * Add sha2 support for RSA key upgrading to mbedTLS backend Credit: gbaraldi commit e7e1312b0cbfa643e2f8bf5f2036ce5147ed797d Author: Daniel Stenberg Date: Mon Mar 21 09:31:39 2022 +0100 misc/libssh2_copy_string: avoid malloc zero bytes Avoids the inconsistent malloc return code for malloc(0) Closes #686 commit 049003c3d6c2ad5eb323c94512c62f402579ec80 Author: Marc Hoersken Date: Wed Mar 16 03:35:35 2022 +0100 wincng: rename struct field referring to the DH private big number Closes #684 commit c2c877b70bd04157612a32bf1bcc9f09490c1af0 Author: Marc Hoersken Date: Wed Mar 16 22:54:33 2022 +0100 tests/openssh_fixture.c: print command after variable expansion commit 87d208c95d712f2bcdd2cd9f6150b2e7f393336f Author: Marc Hoersken Date: Wed Mar 16 04:29:31 2022 +0100 CI: store and reuse OpenSSH Server docker image used for tests Supersedes #588 Fixes #665 Closes #685 commit 292830abb80ff73f2b11fb750194346ff4694618 Author: Will Cosgrove Date: Sat Feb 26 10:53:14 2022 -0800 Added LibreSSL to crypto backend list commit b0b2b3112c4860ed44fdc7f0223b421fbc35b58f Author: Will Cosgrove Date: Wed Feb 23 09:20:38 2022 -0800 Added crypto backend list to template Added OS version as well commit ec7f782d7fba400fa9ffaf72c5f9bad4eca9965b Author: Will Cosgrove Date: Sat Feb 19 15:57:12 2022 -0800 Revert "Option to build both static and shared libraries (#547)" (#675) This reverts commit b60dca8b6450a9729670986d2899cca54ccdbb6d. #547 doesn't build clean anymore with the keyboard interactive changes. commit b60dca8b6450a9729670986d2899cca54ccdbb6d Author: berney Date: Sun Feb 20 10:50:48 2022 +1100 Option to build both static and shared libraries (#547) files: cmakelists.txt Notes: * Option to build both static and shared libraries when using CMake Credit: berney commit 83853f8aea0e2f739cacd491632eb7fd3d03ad2d Author: xalopp Date: Sun Feb 20 00:46:40 2022 +0100 Use modern API in userauth_keyboard_interactive() (#663) Files: userauth_kbd_packet.c, userauth_kbd_packet.h, test_keyboard_interactive_auth_info_request.c, userauth.c Notes: This refactors `SSH_MSG_USERAUTH_INFO_REQUEST` processing in `userauth_keyboard_interactive()` in order to improve robustness, correctness and readability or the code. * Refactor userauth_keyboard_interactive to use new api for packet parsing * add unit test for userauth_keyboard_interactive_parse_response() * add _libssh2_get_boolean() and _libssh2_get_byte() utility functions Credit: xalopp commit ead7000d28c986cf5c2458bf31b824000e16a4df Author: xalopp Date: Thu Feb 3 19:13:36 2022 +0100 Fix formatting in manual page (#667) Fixed formatting of `LIBSSH2_ERROR_AUTHENTICATION_FAILED` in the errors section. credit: xalopp commit 2a2aaed3b6c3c1dc25e35e11afcfb23f88a18510 Author: tihmstar Date: Thu Feb 3 19:11:36 2022 +0100 NULL terminate server_sign_algorithms string (#669) files: packet.c, libssh2_priv.h notes: * Fix heap buffer overflow in _libssh2_key_sign_algorithm When allocating `session->server_sign_algorithms` which is a `char*` is is important to also allocate space for the string-terminating null byte at the end and make sure the string is actually null terminated. Without this fix, the `strchr()` call inside the `_libssh2_key_sign_algorithm` (line 1219) function will try to parse the string and go out of buffer on the last invocation. Credit: tihmstar Co-authored-by: Will Cosgrove commit 30fc410b972e6dec87c248c0fedbff28cfa18f17 Author: Will Cosgrove Date: Tue Jan 18 11:28:13 2022 -0800 free RSA2 related memory (#664) Free `server_sign_algorithms` and `sign_algo_prefs`. commit de7a74aff24c47b2f2e9815f0a98598195d602e4 Author: Will Cosgrove Date: Fri Jan 14 11:55:18 2022 -0800 Legacy Agent support for rsa2 key upgrading/downgrading #659 (#662) Files: libssh2.h, agent.c, userauth.c Notes: Part 2 of the fix for #659. This adds rsa key downgrading for agents that don't support sha2 upgrading. It also adds better trace output for debugging/logging around key upgrading. Credit: Will Cosgrove (signed off by Michael Buckley) commit 50a1262772fd9cdbdd8f747958e42ef480aecb2b Author: Ian Hattendorf Date: Thu Jan 13 16:05:53 2022 -0700 Support rsa-sha2 agent flags (#661) File: agent.c Notes: implements rsa-sha2 flags used to tell the agent which signing algo to use. https://tools.ietf.org/id/draft-miller-ssh-agent-01.html#rfc.section.4.5.1 Credit: Ian Hattendorf commit d5ed0e6536c801884045226cbf33f3f004675458 Author: Sunil Nimmagadda Date: Wed Jun 2 21:02:55 2021 +0530 ssh: Add support for userauth banner. The new libssh2_userauth_banner API allows to get an optional userauth banner sent with SSH_MSG_USERAUTH_BANNER packet by the server. Closes #610 commit 13ad7b2f5cd67e0dc843098ce19ce8b208368c29 Author: Michael Buckley Date: Thu Jan 6 13:56:22 2022 -0800 Fix a memcmp errors in code that was changed from memmem to memcmp (#656) Notes: Fixed supported algo prefs list check when upgrading rsa keys Credit: Michael Buckley commit 17c9c1fcdf48ea033a307ce77c432f039ead4584 Author: Hayden Roche Date: Thu Jan 6 10:25:34 2022 -0800 Add support for a wolfSSL crypto backend. (#629) It uses wolfSSL's OpenSSL compatibility layer, so rather than introduce new wolfssl.h/c files, the new backend just reuses openssl.h/c. Additionally, replace EVP_Cipher() calls with EVP_CipherUpdate(), since EVP_Cipher() is not recommended. Credit: Hayden Roche commit e24a4a9d48110c3095189e9336f85fac803b9ddf Author: Bastien Durel Date: Thu Jan 6 19:06:02 2022 +0100 Runtime engine detection with libssh2_crypto_engine() (#643) File: version.c, HACKING-CRYPTO, libssh2.h, libssh2_crypto_engine.3, makefile. Notes: libssh2_crypto_engine() API to get crypto engine at runtime. Credit: Bastien Durel commit 64a555d6f5aafed504a10e5b756e85c91b1d56ce Author: Will Cosgrove Date: Thu Jan 6 09:50:58 2022 -0800 RSA SHA2 256/512 key upgrade support RFC 8332 #536 (#626) Notes: * Host Key RSA 256/512 support #536 * Client side key hash upgrading for RFC 8332 * Support for server-sig-algs, ext-info-c server messages * Customizing preferred server-sig-algs via the preference LIBSSH2_METHOD_SIGN_ALGO Credit: Anders Borum, Will Cosgrove commit 967792c89625440fe86e0e55ce84082eea9e71a6 Author: xalopp Date: Wed Jan 5 19:35:26 2022 +0100 fix: use userauth name length to check memory boundaries for userauth name, fixes #653 (#654) File: userauth.c Notes: Fixes `userauth_kybd_auth_name_len` length check Co-authored-by: Xaver Lopenstedt commit 552e20df38d443aa8ceb9c1c0cfa69121a1b2f37 Author: Daniel Stenberg Date: Fri Dec 17 17:56:29 2021 +0100 agent: handle overly large comment lengths (#651) Reported-by: Harry Sintonen commit 37ee0aa214655b63e7869d1d74ff1ec9f9818a5e Author: Daniel Stenberg Date: Fri Dec 17 17:46:29 2021 +0100 userauth: check for too large userauth_kybd_auth_name_len (#650) ... before using it. Reported-by: MarcoPoloPie Fixes #649 commit 6c662e7b17a9c3ee1f8b03b057d9c6617095dfdd Author: Daniel Stenberg Date: Fri Dec 17 16:50:20 2021 +0100 .github/SECURITY.md: fix the URL commit 1494e6c9f41457414de3ec2ef162ed22532f1379 Author: Daniel Stenberg Date: Fri Dec 17 16:48:53 2021 +0100 .github/SECURITY.md: add security policy commit 9990b38d27a63e310a94edd11e6284878a1a34f7 Author: Will Cosgrove Date: Tue Nov 30 13:21:36 2021 -0800 hostkey_method_ssh_ed25519_init() check key bounds (#645) * hostkey_method_ssh_ed25519_init() check key bounds File: hostkey.c Notes: Additional key length checking before calling _libssh2_ed25519_new_public() Credit: Will Cosgrove commit 69f3cf0bea540ba1096403ed92eaff58ed7450ad Author: Will Cosgrove Date: Thu Nov 18 10:38:32 2021 -0800 Fix error message in memory_read_privatekey #636 file: userauth.c note: fix error message credit: volund commit 3332d95396a3ad91100e62127f7a5393ff9a6555 Author: cntrump Date: Fri Nov 12 03:35:47 2021 +0800 Update maketgz for macOS (#543) File: maketgz Notes: Fix error on macOS: sed: -e: No such file or directory Credit: cntrump commit a77ca0fcd3225dbd88b4a73e765068022614f6e0 Author: Jun Tseng Date: Thu Nov 11 08:09:04 2021 +0800 CMake update minimum version to 2.8.12 (#639) File: CMakeLists.txt Notes: Following CMake's advice, Update the minimum required version. Credit: Jun Tseng commit 1a799d30ca17f30a9823914037649ecd575b0f4a Author: David Korczynski Date: Wed Oct 27 15:55:56 2021 +0100 ci: Add CIFuzz integration Notes: Add CIFuzz integration to run fuzzer using the OSS-Fuzz infrastructure at each PR. Signed-off-by: David Korczynski Closes #635 commit 1f0fe7443a1ecddd320f2c693607b2afee9bbe2f Author: Uwe L. Korn Date: Tue Oct 26 18:21:56 2021 +0200 Use libssh2_EXPORTS as an alternative to _WINDLL (#470) Files: libssh2.h Notes: `_WINDLL` is only defined when a Visual Studio CMake generator is used, `libssh2_EXPORTS` is used though for all CMake generator if a shared libssh2 library is being built. Credit: Uwe L. Korn --- .checksrc | 3 + .gitattribute | 2 - .github/ISSUE_TEMPLATE/bug_report.md | 5 +- .github/SECURITY.md | 13 + .../{appveyor.yml => appveyor_docker.yml} | 29 +- .github/workflows/appveyor_status.yml | 62 + .github/workflows/ci.yml | 686 ++++- .github/workflows/cifuzz.yml | 34 + .github/workflows/openssh_server.yml | 68 + .github/workflows/reuse.yml | 29 + .gitignore | 10 +- .reuse/dep5 | 34 + .travis.yml | 128 - CMakeLists.txt | 393 ++- COPYING | 15 +- LICENSES/BSD-2-Clause.txt | 9 + LICENSES/BSD-3-Clause.txt | 11 + LICENSES/FSFULLR.txt | 5 + LICENSES/MIT.txt | 21 + LICENSES/curl.txt | 21 + Makefile.OpenSSL.inc | 3 - Makefile.WinCNG.inc | 3 - Makefile.am | 153 +- Makefile.inc | 7 - Makefile.libgcrypt.inc | 3 - Makefile.mbedTLS.inc | 3 - Makefile.os400qc3.inc | 2 - NMakefile | 33 - README | 2 +- README.md | 4 +- RELEASE-NOTES | 222 +- acinclude.m4 | 850 ++++-- appveyor.yml | 251 +- buildconf | 6 +- ci/appveyor/docker-bridge.bat | 10 - ci/appveyor/docker-bridge.ps1 | 51 +- ci/appveyor/docker-bridge.sh | 27 + ci/checksrc.pl | 377 ++- ci/checksrc.sh | 9 +- ci/ossfuzz.sh | 29 - ci/spellcheck-words.txt | 3 + ci/spellcheck.sh | 12 + cmake/CheckFunctionExistsMayNeedLibrary.cmake | 18 +- cmake/CheckNonblockingSocketSupport.cmake | 66 +- cmake/CopyRuntimeDependencies.cmake | 11 +- cmake/FindLibgcrypt.cmake | 6 +- cmake/FindmbedTLS.cmake | 80 +- cmake/Findwolfssl.cmake | 44 + cmake/PickyWarnings.cmake | 247 ++ cmake/SocketLibraries.cmake | 64 - cmake/Toolchain-Linux-32.cmake | 42 - cmake/libssh2-config.cmake.in | 14 + cmake/max_warnings.cmake | 23 - config.rpath | 2 + configure.ac | 220 +- docs/.gitignore | 1 + docs/AUTHORS | 3 +- docs/BINDINGS | 29 - docs/BINDINGS.md | 25 + docs/CMakeLists.txt | 182 +- docs/HACKING | 13 - docs/HACKING-CRYPTO | 96 +- docs/HACKING.md | 14 + docs/INSTALL_AUTOTOOLS | 95 +- docs/INSTALL_CMAKE.md | 113 +- docs/Makefile.am | 361 +-- docs/SECURITY.md | 14 +- docs/TODO | 24 +- docs/libssh2_agent_connect.3 | 15 +- docs/libssh2_agent_disconnect.3 | 12 +- docs/libssh2_agent_free.3 | 14 +- docs/libssh2_agent_get_identity.3 | 16 +- docs/libssh2_agent_get_identity_path.3 | 10 +- docs/libssh2_agent_init.3 | 16 +- docs/libssh2_agent_list_identities.3 | 15 +- docs/libssh2_agent_set_identity_path.3 | 10 +- docs/libssh2_agent_sign.3 | 54 + docs/libssh2_agent_userauth.3 | 21 +- docs/libssh2_banner_set.3 | 28 +- docs/libssh2_base64_decode.3 | 17 +- docs/libssh2_channel_close.3 | 26 +- docs/libssh2_channel_direct_streamlocal_ex.3 | 34 + docs/libssh2_channel_direct_tcpip.3 | 10 +- docs/libssh2_channel_direct_tcpip_ex.3 | 29 +- docs/libssh2_channel_eof.3 | 8 +- docs/libssh2_channel_exec.3 | 10 +- docs/libssh2_channel_flush.3 | 10 +- docs/libssh2_channel_flush_ex.3 | 24 +- docs/libssh2_channel_flush_stderr.3 | 10 +- docs/libssh2_channel_forward_accept.3 | 7 +- docs/libssh2_channel_forward_cancel.3 | 23 +- docs/libssh2_channel_forward_listen.3 | 10 +- docs/libssh2_channel_forward_listen_ex.3 | 17 +- docs/libssh2_channel_free.3 | 21 +- docs/libssh2_channel_get_exit_signal.3 | 21 +- docs/libssh2_channel_get_exit_status.3 | 14 +- docs/libssh2_channel_handle_extended_data.3 | 18 +- docs/libssh2_channel_handle_extended_data2.3 | 26 +- docs/libssh2_channel_ignore_extended_data.3 | 13 +- docs/libssh2_channel_open_ex.3 | 36 +- docs/libssh2_channel_open_session.3 | 7 +- docs/libssh2_channel_process_startup.3 | 28 +- docs/libssh2_channel_read.3 | 11 +- docs/libssh2_channel_read_ex.3 | 23 +- docs/libssh2_channel_read_stderr.3 | 11 +- docs/libssh2_channel_receive_window_adjust.3 | 11 +- docs/libssh2_channel_receive_window_adjust2.3 | 7 +- docs/libssh2_channel_request_auth_agent.3 | 12 +- docs/libssh2_channel_request_pty.3 | 10 +- docs/libssh2_channel_request_pty_ex.3 | 33 +- docs/libssh2_channel_request_pty_size.3 | 11 +- docs/libssh2_channel_request_pty_size_ex.3 | 10 +- docs/libssh2_channel_send_eof.3 | 18 +- docs/libssh2_channel_set_blocking.3 | 10 +- docs/libssh2_channel_setenv.3 | 11 +- docs/libssh2_channel_setenv_ex.3 | 26 +- docs/libssh2_channel_shell.3 | 10 +- docs/libssh2_channel_signal_ex.3 | 32 + docs/libssh2_channel_subsystem.3 | 10 +- docs/libssh2_channel_wait_closed.3 | 11 +- docs/libssh2_channel_wait_eof.3 | 11 +- docs/libssh2_channel_window_read.3 | 10 +- docs/libssh2_channel_window_read_ex.3 | 7 +- docs/libssh2_channel_window_write.3 | 10 +- docs/libssh2_channel_window_write_ex.3 | 7 +- docs/libssh2_channel_write.3 | 10 +- docs/libssh2_channel_write_ex.3 | 23 +- docs/libssh2_channel_write_stderr.3 | 10 +- docs/libssh2_channel_x11_req.3 | 10 +- docs/libssh2_channel_x11_req_ex.3 | 33 +- docs/libssh2_crypto_engine.3 | 16 + docs/libssh2_exit.3 | 8 +- docs/libssh2_free.3 | 12 +- docs/libssh2_hostkey_hash.3 | 15 +- docs/libssh2_init.3 | 10 +- docs/libssh2_keepalive_config.3 | 16 +- docs/libssh2_keepalive_send.3 | 14 +- docs/libssh2_knownhost_add.3 | 21 +- docs/libssh2_knownhost_addc.3 | 26 +- docs/libssh2_knownhost_check.3 | 22 +- docs/libssh2_knownhost_checkp.3 | 22 +- docs/libssh2_knownhost_del.3 | 14 +- docs/libssh2_knownhost_free.3 | 12 +- docs/libssh2_knownhost_get.3 | 16 +- docs/libssh2_knownhost_init.3 | 14 +- docs/libssh2_knownhost_readfile.3 | 14 +- docs/libssh2_knownhost_readline.3 | 14 +- docs/libssh2_knownhost_writefile.3 | 15 +- docs/libssh2_knownhost_writeline.3 | 11 +- docs/libssh2_poll.3 | 9 +- docs/libssh2_poll_channel_read.3 | 9 +- docs/libssh2_publickey_add.3 | 17 +- docs/libssh2_publickey_add_ex.3 | 15 +- docs/libssh2_publickey_init.3 | 12 +- docs/libssh2_publickey_list_fetch.3 | 12 +- docs/libssh2_publickey_list_free.3 | 12 +- docs/libssh2_publickey_remove.3 | 14 +- docs/libssh2_publickey_remove_ex.3 | 12 +- docs/libssh2_publickey_shutdown.3 | 12 +- docs/libssh2_scp_recv.3 | 18 +- docs/libssh2_scp_recv2.3 | 14 +- docs/libssh2_scp_send.3 | 10 +- docs/libssh2_scp_send64.3 | 13 +- docs/libssh2_scp_send_ex.3 | 15 +- docs/libssh2_session_abstract.3 | 13 +- docs/libssh2_session_banner_get.3 | 9 +- docs/libssh2_session_banner_set.3 | 17 +- docs/libssh2_session_block_directions.3 | 8 +- docs/libssh2_session_callback_set.3 | 77 +- docs/libssh2_session_callback_set2.3 | 139 + docs/libssh2_session_disconnect.3 | 10 +- docs/libssh2_session_disconnect_ex.3 | 31 +- docs/libssh2_session_flag.3 | 8 +- docs/libssh2_session_free.3 | 12 +- docs/libssh2_session_get_blocking.3 | 13 +- docs/libssh2_session_get_read_timeout.3 | 24 + docs/libssh2_session_get_timeout.3 | 11 +- docs/libssh2_session_handshake.3 | 8 +- docs/libssh2_session_hostkey.3 | 11 +- docs/libssh2_session_init.3 | 7 +- docs/libssh2_session_init_ex.3 | 30 +- docs/libssh2_session_last_errno.3 | 11 +- docs/libssh2_session_last_error.3 | 24 +- docs/libssh2_session_method_pref.3 | 31 +- docs/libssh2_session_methods.3 | 12 +- docs/libssh2_session_set_blocking.3 | 21 +- docs/libssh2_session_set_last_error.3 | 13 +- docs/libssh2_session_set_read_timeout.3 | 25 + docs/libssh2_session_set_timeout.3 | 11 +- docs/libssh2_session_startup.3 | 19 +- docs/libssh2_session_supported_algs.3 | 29 +- docs/libssh2_sftp_close.3 | 11 +- docs/libssh2_sftp_close_handle.3 | 28 +- docs/libssh2_sftp_closedir.3 | 11 +- docs/libssh2_sftp_fsetstat.3 | 12 +- docs/libssh2_sftp_fstat.3 | 12 +- docs/libssh2_sftp_fstat_ex.3 | 24 +- docs/libssh2_sftp_fstatvfs.3 | 2 + docs/libssh2_sftp_fsync.3 | 12 +- docs/libssh2_sftp_get_channel.3 | 7 +- docs/libssh2_sftp_init.3 | 17 +- docs/libssh2_sftp_last_error.3 | 13 +- docs/libssh2_sftp_lstat.3 | 12 +- docs/libssh2_sftp_mkdir.3 | 12 +- docs/libssh2_sftp_mkdir_ex.3 | 32 +- docs/libssh2_sftp_open.3 | 12 +- docs/libssh2_sftp_open_ex.3 | 28 +- docs/libssh2_sftp_open_ex_r.3 | 77 + docs/libssh2_sftp_open_r.3 | 25 + docs/libssh2_sftp_opendir.3 | 8 +- docs/libssh2_sftp_read.3 | 26 +- docs/libssh2_sftp_readdir.3 | 13 +- docs/libssh2_sftp_readdir_ex.3 | 29 +- docs/libssh2_sftp_readlink.3 | 11 +- docs/libssh2_sftp_realpath.3 | 11 +- docs/libssh2_sftp_rename.3 | 13 +- docs/libssh2_sftp_rename_ex.3 | 59 +- docs/libssh2_sftp_rewind.3 | 11 +- docs/libssh2_sftp_rmdir.3 | 6 +- docs/libssh2_sftp_rmdir_ex.3 | 24 +- docs/libssh2_sftp_seek.3 | 21 +- docs/libssh2_sftp_seek64.3 | 16 +- docs/libssh2_sftp_setstat.3 | 12 +- docs/libssh2_sftp_shutdown.3 | 19 +- docs/libssh2_sftp_stat.3 | 12 +- docs/libssh2_sftp_stat_ex.3 | 34 +- docs/libssh2_sftp_statvfs.3 | 12 +- docs/libssh2_sftp_symlink.3 | 6 +- docs/libssh2_sftp_symlink_ex.3 | 24 +- docs/libssh2_sftp_tell.3 | 9 +- docs/libssh2_sftp_tell64.3 | 7 +- docs/libssh2_sftp_unlink.3 | 11 +- docs/libssh2_sftp_unlink_ex.3 | 30 +- docs/libssh2_sftp_write.3 | 34 +- docs/libssh2_sign_sk.3 | 87 + docs/libssh2_trace.3 | 10 +- docs/libssh2_trace_sethandler.3 | 18 +- docs/libssh2_userauth_authenticated.3 | 13 +- docs/libssh2_userauth_banner.3 | 28 +- docs/libssh2_userauth_hostbased_fromfile.3 | 15 +- docs/libssh2_userauth_hostbased_fromfile_ex.3 | 10 +- docs/libssh2_userauth_keyboard_interactive.3 | 9 +- ...libssh2_userauth_keyboard_interactive_ex.3 | 29 +- docs/libssh2_userauth_list.3 | 16 +- docs/libssh2_userauth_password.3 | 14 +- docs/libssh2_userauth_password_ex.3 | 53 +- docs/libssh2_userauth_publickey.3 | 20 +- docs/libssh2_userauth_publickey_fromfile.3 | 7 +- docs/libssh2_userauth_publickey_fromfile_ex.3 | 33 +- docs/libssh2_userauth_publickey_frommemory.3 | 34 +- docs/libssh2_userauth_publickey_sk.3 | 144 + docs/libssh2_version.3 | 16 +- docs/template.3 | 12 +- example/.gitignore | 26 +- example/CMakeLists.txt | 73 +- example/Makefile.am | 21 +- example/Makefile.inc | 28 + example/direct_tcpip.c | 307 +- example/scp.c | 135 +- example/scp_nonblock.c | 161 +- example/scp_write.c | 135 +- example/scp_write_nonblock.c | 168 +- example/sftp.c | 243 +- example/sftp_RW_nonblock.c | 237 +- example/sftp_append.c | 157 +- example/sftp_mkdir.c | 118 +- example/sftp_mkdir_nonblock.c | 121 +- example/sftp_nonblock.c | 188 +- example/sftp_write.c | 155 +- example/sftp_write_nonblock.c | 194 +- example/sftp_write_sliding.c | 203 +- example/sftpdir.c | 234 +- example/sftpdir_nonblock.c | 135 +- example/ssh2.c | 385 +-- example/ssh2_agent.c | 204 +- example/ssh2_agent_forwarding.c | 180 +- example/ssh2_echo.c | 204 +- example/ssh2_exec.c | 202 +- example/subsystem_netconf.c | 266 +- example/tcpip-forward.c | 301 +- example/x11.c | 237 +- get_ver.awk | 3 + git2news.pl | 6 +- include/libssh2.h | 468 ++- include/libssh2_publickey.h | 24 +- include/libssh2_sftp.h | 82 +- libssh2-style.el | 25 +- libssh2.pc.in | 14 +- m4/autobuild.m4 | 44 - m4/lib-ld.m4 | 8 +- m4/lib-link.m4 | 6 +- m4/lib-prefix.m4 | 2 + maketgz | 117 +- nw/GNUmakefile | 630 ---- nw/keepscreen.c | 25 - nw/nwlib.c | 304 -- nw/test/GNUmakefile | 311 -- os400/README400 | 9 +- os400/ccsid.c | 6 +- os400/include/alloca.h | 4 +- .../include/assert.h | 52 +- os400/include/stdio.h | 4 +- os400/include/sys/socket.h | 4 +- os400/initscript.sh | 10 +- os400/libssh2_ccsid.h | 4 +- os400/libssh2_config.h | 104 +- os400/libssh2rpg/libssh2.rpgle.in | 16 +- os400/libssh2rpg/libssh2_ccsid.rpgle.in | 4 +- os400/libssh2rpg/libssh2_publickey.rpgle | 4 +- os400/libssh2rpg/libssh2_sftp.rpgle | 4 +- os400/macros.h | 8 +- os400/make-include.sh | 2 + os400/make-rpg.sh | 2 + os400/make-src.sh | 6 +- os400/make.sh | 4 +- os400/os400sys.c | 4 +- src/.gitignore | 4 + src/CMakeLists.txt | 469 +-- src/Makefile.am | 40 +- src/Makefile.inc | 56 + src/NMakefile | 30 - src/agent.c | 305 +- src/agent.h | 112 - src/agent_win.c | 48 +- src/bcrypt_pbkdf.c | 53 +- src/blf.h | 89 - src/blowfish.c | 168 +- src/channel.c | 502 ++- src/channel.h | 11 +- src/comp.c | 60 +- src/comp.h | 9 +- src/crypt.c | 43 +- src/crypto.c | 19 + src/crypto.h | 136 +- src/crypto_config.h | 76 + src/global.c | 8 +- src/hostkey.c | 311 +- src/keepalive.c | 15 +- src/kex.c | 1020 ++++--- src/knownhost.c | 37 +- src/libgcrypt.c | 234 +- src/libgcrypt.h | 142 +- src/libssh2.pc.in | 17 - {win32 => src}/libssh2.rc | 27 +- src/libssh2_config_cmake.h.in | 62 +- src/libssh2_priv.h | 390 ++- src/libssh2_setup.h | 104 + src/mac.c | 82 +- src/mac.h | 14 +- src/mbedtls.c | 600 ++-- src/mbedtls.h | 336 +- src/misc.c | 415 ++- src/misc.h | 64 +- src/openssl.c | 2704 +++++++++++++---- src/openssl.h | 247 +- src/os400qc3.c | 567 ++-- src/os400qc3.h | 67 +- src/packet.c | 616 ++-- src/packet.h | 13 +- src/pem.c | 158 +- src/publickey.c | 146 +- src/scp.c | 194 +- src/session.c | 534 ++-- src/session.h | 61 +- src/sftp.c | 704 +++-- src/sftp.h | 22 +- src/transport.c | 358 ++- src/transport.h | 15 +- src/userauth.c | 1101 ++++--- src/userauth.h | 18 +- src/userauth_kbd_packet.c | 166 + src/userauth_kbd_packet.h | 45 + src/version.c | 18 +- src/wincng.c | 734 +++-- src/wincng.h | 374 +-- tests/.gitignore | 3 +- tests/CMakeLists.txt | 231 +- tests/Makefile.am | 118 +- tests/Makefile.inc | 98 + tests/cmake/CMakeLists.txt | 72 + tests/cmake/test.c | 13 + tests/cmake/test.sh | 30 + tests/etc/host | 27 - tests/etc/host.pub | 1 - tests/etc/sshd_config | 3 - tests/etc/user | 27 - tests/etc/user.pub | 1 - tests/gen_keys.sh | 80 + tests/key_ecdsa.pub | 2 +- tests/{signed_key_ecdsa => key_ecdsa_signed} | 0 ...dsa-cert.pub => key_ecdsa_signed-cert.pub} | 2 +- ...ned_key_ecdsa.pub => key_ecdsa_signed.pub} | 2 +- tests/key_ed25519 | 8 +- tests/key_ed25519.pub | 2 +- tests/key_rsa_aes256gcm | 28 + tests/key_rsa_aes256gcm.pub | 1 + tests/key_rsa_openssh.pub | 2 +- tests/key_rsa_signed | 49 + tests/key_rsa_signed-cert.pub | 1 + tests/key_rsa_signed.pub | 1 + tests/mansyntax.sh | 54 +- tests/openssh_fixture.c | 250 +- tests/openssh_fixture.h | 12 +- tests/openssh_server/.gitattributes | 3 + tests/openssh_server/Dockerfile | 79 +- tests/openssh_server/authorized_keys | 3 +- tests/openssh_server/ca_rsa | 38 + tests/openssh_server/ca_rsa.pub | 1 + tests/openssh_server/ca_user_keys.pub | 2 + tests/openssh_server/sshd_config | 4 + tests/ossfuzz/Makefile.am | 6 +- tests/ossfuzz/ossfuzz.sh | 11 +- tests/ossfuzz/ssh2_client_fuzzer.cc | 25 +- tests/ossfuzz/standaloneengine.cc | 3 +- tests/runner.c | 50 +- tests/{libssh2_config_cmake.h.in => runner.h} | 41 +- tests/session_fixture.c | 468 ++- tests/session_fixture.h | 30 +- tests/ssh2.c | 186 -- tests/ssh2.sh | 48 - tests/sshd_fixture.sh.in | 53 - tests/sshdwrap | 28 - tests/test_aa_warmup.c | 24 + tests/test_agent_forward_ok.c | 57 + tests/test_agent_forward_succeeds.c | 51 - tests/test_auth_keyboard_fail.c | 13 + tests/test_auth_keyboard_info_request.c | 331 ++ tests/test_auth_keyboard_ok.c | 13 + tests/test_auth_password_fail_password.c | 13 + tests/test_auth_password_fail_username.c | 13 + tests/test_auth_password_ok.c | 13 + tests/test_auth_pubkey_fail.c | 15 + tests/test_auth_pubkey_ok_dsa.c | 21 + tests/test_auth_pubkey_ok_ecdsa.c | 21 + tests/test_auth_pubkey_ok_ecdsa_signed.c | 22 + tests/test_auth_pubkey_ok_ed25519.c | 21 + tests/test_auth_pubkey_ok_ed25519_encrypted.c | 21 + tests/test_auth_pubkey_ok_ed25519_mem.c | 21 + tests/test_auth_pubkey_ok_rsa.c | 21 + tests/test_auth_pubkey_ok_rsa_aes256gcm.c | 22 + tests/test_auth_pubkey_ok_rsa_encrypted.c | 21 + tests/test_auth_pubkey_ok_rsa_openssh.c | 22 + tests/test_auth_pubkey_ok_rsa_signed.c | 22 + tests/test_hostkey.c | 43 +- tests/test_hostkey_hash.c | 73 +- ...teractive_auth_fails_with_wrong_response.c | 59 - ...tive_auth_succeeds_with_correct_response.c | 60 - ..._password_auth_fails_with_wrong_password.c | 36 - ..._password_auth_fails_with_wrong_username.c | 37 - ...d_auth_succeeds_with_correct_credentials.c | 42 - ...est_public_key_auth_fails_with_wrong_key.c | 37 - ...c_key_auth_succeeds_with_correct_dsa_key.c | 38 - ...key_auth_succeeds_with_correct_ecdsa_key.c | 38 - ...y_auth_succeeds_with_correct_ed25519_key.c | 38 - ...cceeds_with_correct_ed25519_key_from_mem.c | 98 - ...ceeds_with_correct_encrypted_ed25519_key.c | 39 - ..._succeeds_with_correct_encrypted_rsa_key.c | 39 - ...c_key_auth_succeeds_with_correct_rsa_key.c | 38 - ...th_succeeds_with_correct_rsa_openssh_key.c | 38 - ...h_succeeds_with_correct_signed_ecdsa_key.c | 38 - tests/test_read.c | 131 + tests/test_read_algos.test | 36 + tests/test_read_algos.txt | 18 + tests/{simple.c => test_simple.c} | 23 +- tests/test_ssh2.c | 277 ++ tests/test_sshd.test | 168 + vms/libssh2_config.h | 46 +- vms/libssh2_make_example.dcl | 70 +- vms/libssh2_make_help.dcl | 4 +- vms/libssh2_make_kit.dcl | 37 +- vms/libssh2_make_lib.dcl | 74 +- vms/man2help.c | 82 +- vms/readme.vms | 115 +- win32/.gitignore | 14 - win32/GNUmakefile | 365 --- win32/Makefile.Watcom | 190 -- win32/config.mk | 54 - win32/libssh2.dsw | 41 - win32/libssh2_config.h | 47 - win32/msvcproj.foot | 3 - win32/msvcproj.head | 256 -- win32/rules.mk | 15 - win32/test/GNUmakefile | 283 -- win32/tests.dsp | 102 - 484 files changed, 21368 insertions(+), 16113 deletions(-) create mode 100644 .checksrc delete mode 100644 .gitattribute create mode 100644 .github/SECURITY.md rename .github/workflows/{appveyor.yml => appveyor_docker.yml} (72%) create mode 100644 .github/workflows/appveyor_status.yml create mode 100644 .github/workflows/cifuzz.yml create mode 100644 .github/workflows/openssh_server.yml create mode 100644 .github/workflows/reuse.yml create mode 100644 .reuse/dep5 delete mode 100644 .travis.yml create mode 100644 LICENSES/BSD-2-Clause.txt create mode 100644 LICENSES/BSD-3-Clause.txt create mode 100644 LICENSES/FSFULLR.txt create mode 100644 LICENSES/MIT.txt create mode 100644 LICENSES/curl.txt delete mode 100644 Makefile.OpenSSL.inc delete mode 100644 Makefile.WinCNG.inc delete mode 100644 Makefile.inc delete mode 100644 Makefile.libgcrypt.inc delete mode 100644 Makefile.mbedTLS.inc delete mode 100644 Makefile.os400qc3.inc delete mode 100644 NMakefile delete mode 100644 ci/appveyor/docker-bridge.bat mode change 100644 => 100755 ci/appveyor/docker-bridge.ps1 create mode 100755 ci/appveyor/docker-bridge.sh delete mode 100755 ci/ossfuzz.sh create mode 100644 ci/spellcheck-words.txt create mode 100755 ci/spellcheck.sh create mode 100644 cmake/Findwolfssl.cmake create mode 100644 cmake/PickyWarnings.cmake delete mode 100644 cmake/SocketLibraries.cmake delete mode 100644 cmake/Toolchain-Linux-32.cmake create mode 100644 cmake/libssh2-config.cmake.in delete mode 100644 cmake/max_warnings.cmake delete mode 100644 docs/BINDINGS create mode 100644 docs/BINDINGS.md delete mode 100644 docs/HACKING create mode 100644 docs/HACKING.md create mode 100644 docs/libssh2_agent_sign.3 create mode 100644 docs/libssh2_channel_direct_streamlocal_ex.3 create mode 100644 docs/libssh2_channel_signal_ex.3 create mode 100644 docs/libssh2_crypto_engine.3 create mode 100644 docs/libssh2_session_callback_set2.3 create mode 100644 docs/libssh2_session_get_read_timeout.3 create mode 100644 docs/libssh2_session_set_read_timeout.3 create mode 100644 docs/libssh2_sftp_open_ex_r.3 create mode 100644 docs/libssh2_sftp_open_r.3 create mode 100644 docs/libssh2_sign_sk.3 create mode 100644 docs/libssh2_userauth_publickey_sk.3 create mode 100644 example/Makefile.inc delete mode 100644 m4/autobuild.m4 delete mode 100644 nw/GNUmakefile delete mode 100644 nw/keepscreen.c delete mode 100644 nw/nwlib.c delete mode 100644 nw/test/GNUmakefile rename example/libssh2_config_cmake.h.in => os400/include/assert.h (63%) create mode 100644 src/Makefile.inc delete mode 100644 src/NMakefile delete mode 100644 src/agent.h delete mode 100644 src/blf.h create mode 100644 src/crypto.c create mode 100644 src/crypto_config.h delete mode 100644 src/libssh2.pc.in rename {win32 => src}/libssh2.rc (56%) create mode 100644 src/libssh2_setup.h create mode 100644 src/userauth_kbd_packet.c create mode 100644 src/userauth_kbd_packet.h create mode 100644 tests/Makefile.inc create mode 100644 tests/cmake/CMakeLists.txt create mode 100644 tests/cmake/test.c create mode 100755 tests/cmake/test.sh delete mode 100644 tests/etc/host delete mode 100644 tests/etc/host.pub delete mode 100644 tests/etc/sshd_config delete mode 100644 tests/etc/user delete mode 100644 tests/etc/user.pub create mode 100755 tests/gen_keys.sh rename tests/{signed_key_ecdsa => key_ecdsa_signed} (100%) rename tests/{signed_key_ecdsa-cert.pub => key_ecdsa_signed-cert.pub} (97%) rename tests/{signed_key_ecdsa.pub => key_ecdsa_signed.pub} (86%) create mode 100644 tests/key_rsa_aes256gcm create mode 100644 tests/key_rsa_aes256gcm.pub create mode 100644 tests/key_rsa_signed create mode 100644 tests/key_rsa_signed-cert.pub create mode 100644 tests/key_rsa_signed.pub create mode 100644 tests/openssh_server/.gitattributes create mode 100644 tests/openssh_server/ca_rsa create mode 100644 tests/openssh_server/ca_rsa.pub create mode 100644 tests/openssh_server/ca_user_keys.pub create mode 100644 tests/openssh_server/sshd_config rename tests/{libssh2_config_cmake.h.in => runner.h} (57%) delete mode 100644 tests/ssh2.c delete mode 100755 tests/ssh2.sh delete mode 100644 tests/sshd_fixture.sh.in delete mode 100755 tests/sshdwrap create mode 100644 tests/test_aa_warmup.c create mode 100644 tests/test_agent_forward_ok.c delete mode 100644 tests/test_agent_forward_succeeds.c create mode 100644 tests/test_auth_keyboard_fail.c create mode 100644 tests/test_auth_keyboard_info_request.c create mode 100644 tests/test_auth_keyboard_ok.c create mode 100644 tests/test_auth_password_fail_password.c create mode 100644 tests/test_auth_password_fail_username.c create mode 100644 tests/test_auth_password_ok.c create mode 100644 tests/test_auth_pubkey_fail.c create mode 100644 tests/test_auth_pubkey_ok_dsa.c create mode 100644 tests/test_auth_pubkey_ok_ecdsa.c create mode 100644 tests/test_auth_pubkey_ok_ecdsa_signed.c create mode 100644 tests/test_auth_pubkey_ok_ed25519.c create mode 100644 tests/test_auth_pubkey_ok_ed25519_encrypted.c create mode 100644 tests/test_auth_pubkey_ok_ed25519_mem.c create mode 100644 tests/test_auth_pubkey_ok_rsa.c create mode 100644 tests/test_auth_pubkey_ok_rsa_aes256gcm.c create mode 100644 tests/test_auth_pubkey_ok_rsa_encrypted.c create mode 100644 tests/test_auth_pubkey_ok_rsa_openssh.c create mode 100644 tests/test_auth_pubkey_ok_rsa_signed.c delete mode 100644 tests/test_keyboard_interactive_auth_fails_with_wrong_response.c delete mode 100644 tests/test_keyboard_interactive_auth_succeeds_with_correct_response.c delete mode 100644 tests/test_password_auth_fails_with_wrong_password.c delete mode 100644 tests/test_password_auth_fails_with_wrong_username.c delete mode 100644 tests/test_password_auth_succeeds_with_correct_credentials.c delete mode 100644 tests/test_public_key_auth_fails_with_wrong_key.c delete mode 100644 tests/test_public_key_auth_succeeds_with_correct_dsa_key.c delete mode 100644 tests/test_public_key_auth_succeeds_with_correct_ecdsa_key.c delete mode 100644 tests/test_public_key_auth_succeeds_with_correct_ed25519_key.c delete mode 100644 tests/test_public_key_auth_succeeds_with_correct_ed25519_key_from_mem.c delete mode 100644 tests/test_public_key_auth_succeeds_with_correct_encrypted_ed25519_key.c delete mode 100644 tests/test_public_key_auth_succeeds_with_correct_encrypted_rsa_key.c delete mode 100644 tests/test_public_key_auth_succeeds_with_correct_rsa_key.c delete mode 100644 tests/test_public_key_auth_succeeds_with_correct_rsa_openssh_key.c delete mode 100644 tests/test_public_key_auth_succeeds_with_correct_signed_ecdsa_key.c create mode 100644 tests/test_read.c create mode 100755 tests/test_read_algos.test create mode 100644 tests/test_read_algos.txt rename tests/{simple.c => test_simple.c} (85%) create mode 100644 tests/test_ssh2.c create mode 100755 tests/test_sshd.test delete mode 100644 win32/.gitignore delete mode 100644 win32/GNUmakefile delete mode 100644 win32/Makefile.Watcom delete mode 100644 win32/config.mk delete mode 100644 win32/libssh2.dsw delete mode 100644 win32/libssh2_config.h delete mode 100644 win32/msvcproj.foot delete mode 100644 win32/msvcproj.head delete mode 100644 win32/rules.mk delete mode 100644 win32/test/GNUmakefile delete mode 100644 win32/tests.dsp diff --git a/.checksrc b/.checksrc new file mode 100644 index 0000000000..e6e578fc89 --- /dev/null +++ b/.checksrc @@ -0,0 +1,3 @@ +disable FOPENMODE +disable SNPRINTF +disable TYPEDEFSTRUCT diff --git a/.gitattribute b/.gitattribute deleted file mode 100644 index bc501446c4..0000000000 --- a/.gitattribute +++ /dev/null @@ -1,2 +0,0 @@ -win32/msvcproj.head -crlf -win32/msvcproj.foot -crlf diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index f883236e6b..c9d505eca5 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -19,8 +19,9 @@ A recipe or example code that reproduces the problem? A stack trace from a crash A clear and concise description of what you expected to happen. **Version (please complete the following information):** - - OS: [e.g. iOS] - - libssh2 version [e.g. 1.8.0] + - OS and version: [e.g. iOS, macOS, Windows, Linux (distro)] + - libssh2 version: [e.g. 1.10.0] + - crypto backend and version: [OpenSSL, mbedTLS, Libgcrypt, LibreSSL, WinCNG, OS400, wolfSSL, None] **Additional context** Add any other context about the problem here. diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000000..bc8dcc480a --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +See [SECURITY.md](https://github.com/libssh2/libssh2/blob/master/docs/SECURITY.md) for full details. + +## Reporting a Vulnerability + +If you have found or just suspect a security problem somewhere in libssh2, +email `libssh2-security@haxx.se` about it. + +**Do not submit suspected security issues in the public bug tracker!** + +We treat security issues with confidentiality until controlled and disclosed +responsibly. diff --git a/.github/workflows/appveyor.yml b/.github/workflows/appveyor_docker.yml similarity index 72% rename from .github/workflows/appveyor.yml rename to .github/workflows/appveyor_docker.yml index f0fa0eaf9e..6729ce7b89 100644 --- a/.github/workflows/appveyor.yml +++ b/.github/workflows/appveyor_docker.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2021 Marc Hoersken +# Copyright (C) Marc Hoersken # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -21,6 +21,8 @@ # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# SPDX-License-Identifier: BSD-3-Clause name: AppVeyor Docker Bridge @@ -40,6 +42,8 @@ on: ssh_privkey: required: true +permissions: {} + jobs: daemon: runs-on: ubuntu-latest @@ -48,18 +52,17 @@ jobs: - name: Setup SSH client configuration run: | cd ~ - mkdir .ssh - chmod 0700 .ssh - echo "ServerAliveInterval 45" > .ssh/config - echo "Host ${{ github.event.inputs.ssh_host }}" >> .ssh/config - echo "${{ github.event.inputs.ssh_forward }}" | sed 's/,/\n/g' | sed 's/^/\tRemoteForward /g' >> .ssh/config - chmod 0600 .ssh/config - cat .ssh/config - echo "${{ github.event.inputs.ssh_host }} ${{ github.event.inputs.ssh_hostkey }}" | sed 's/,/\n${{ github.event.inputs.ssh_host }} /g' > .ssh/known_hosts - chmod 0600 .ssh/known_hosts - cat .ssh/known_hosts - echo "${{ github.event.inputs.ssh_privkey }}" | sed 's/,/\n/g' > .ssh/id_rsa - chmod 0600 .ssh/id_rsa + mkdir -m 0700 .ssh + install -m 0600 /dev/null .ssh/config + { + echo 'ServerAliveInterval 45' + echo 'Host ${{ github.event.inputs.ssh_host }}' + echo '${{ github.event.inputs.ssh_forward }}' | sed 's/,/\n/g' | sed 's/^/ RemoteForward /g' + } | tee -a .ssh/config + install -m 0600 /dev/null .ssh/known_hosts + echo '${{ github.event.inputs.ssh_host }} ${{ github.event.inputs.ssh_hostkey }}' | sed 's/,/\n${{ github.event.inputs.ssh_host }} /g' | tee -a .ssh/known_hosts + install -m 0600 /dev/null .ssh/id_rsa + echo '${{ github.event.inputs.ssh_privkey }}' | sed 's/,/\n/g' >> .ssh/id_rsa # we sleep explicitly to allow the remote system to kill the sleep process - name: Connect to AppVeyor and sleep diff --git a/.github/workflows/appveyor_status.yml b/.github/workflows/appveyor_status.yml new file mode 100644 index 0000000000..6718ba10a1 --- /dev/null +++ b/.github/workflows/appveyor_status.yml @@ -0,0 +1,62 @@ +# Copyright (C) Marc Hoersken +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# SPDX-License-Identifier: BSD-3-Clause + +name: AppVeyor Status Report + +on: + status + +concurrency: + group: ${{ github.workflow }}-${{ github.event.sha }}-${{ github.event.target_url }} + cancel-in-progress: true + +permissions: + statuses: write + +jobs: + split: + runs-on: ubuntu-latest + if: ${{ github.event.sender.login == 'appveyor[bot]' }} + steps: + - name: Create individual AppVeyor build statuses + if: ${{ github.event.sha && github.event.target_url }} + env: + APPVEYOR_COMMIT_SHA: ${{ github.event.sha }} + APPVEYOR_TARGET_URL: ${{ github.event.target_url }} + APPVEYOR_REPOSITORY: ${{ github.event.repository.full_name }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo ${APPVEYOR_TARGET_URL} | sed 's/\/project\//\/api\/projects\//' | xargs -t -n1 curl -s | \ + jq -c '.build.jobs[] | {target_url: ($target_url + "/job/" + .jobId), + context: (.name | sub("^(Environment: )?"; "AppVeyor / ")), + state: (.status | sub("queued"; "pending") + | sub("starting"; "pending") + | sub("running"; "pending") + | sub("failed"; "failure") + | sub("cancelled"; "error")), + description: .status}' \ + --arg target_url ${APPVEYOR_TARGET_URL} | tee /dev/stderr | parallel --pipe -j 1 -N 1 \ + gh api --silent --input - repos/${APPVEYOR_REPOSITORY}/statuses/${APPVEYOR_COMMIT_SHA} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 00846b1bb4..692780fc29 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,105 +1,647 @@ +# Copyright (C) The libssh2 project and its contributors. +# +# SPDX-License-Identifier: BSD-3-Clause +# name: CI on: push: - branches: [ master ] + branches: [master] pull_request: - branches: [ master ] + branches: [master] + +permissions: {} jobs: - style-check: + check_style: + name: 'style-check' runs-on: ubuntu-latest + timeout-minutes: 5 steps: - - uses: actions/checkout@v2 - - name: Check Style + - uses: actions/checkout@v4 + - name: 'checksrc' run: ./ci/checksrc.sh - build: + + spellcheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: 'install tools' + run: pip install -U codespell + - name: 'spellcheck' + run: ./ci/spellcheck.sh + + build_integration: + name: 'integration' + runs-on: ubuntu-latest + timeout-minutes: 60 + env: + CC: clang + steps: + - uses: actions/checkout@v4 + - name: 'cmake' + run: | + sudo apt-get --quiet 2 --option Dpkg::Use-Pty=0 install libssl-dev + ./tests/cmake/test.sh + + build_linux: + name: 'linux' runs-on: ubuntu-latest + timeout-minutes: 60 strategy: fail-fast: false matrix: compiler: [gcc, clang] - address_size: [64] - crypto_backend: [OpenSSL, Libgcrypt, mbedTLS] - build_shared_libs: [OFF, ON] - enable_zlib_compression: [OFF, ON] - b: [cmake] + arch: [amd64] + crypto: [OpenSSL, wolfSSL, Libgcrypt, mbedTLS] + build: [cmake] + zlib: ['OFF', 'ON'] include: - compiler: gcc - address_size: 64 - crypto_backend: OpenSSL - build_shared_libs: OFF - enable_zlib_compression: OFF - b: configure + arch: amd64 + crypto: OpenSSL + build: autotools + zlib: 'OFF' + - compiler: clang + arch: amd64 + crypto: OpenSSL + build: autotools + zlib: 'OFF' - compiler: clang - address_size: 64 - crypto_backend: OpenSSL - build_shared_libs: OFF - enable_zlib_compression: OFF - b: configure + arch: amd64 + crypto: OpenSSL + build: autotools + zlib: 'ON' + target: 'distcheck' + - compiler: gcc + arch: i386 + crypto: mbedTLS + build: cmake + zlib: 'ON' + - compiler: gcc + arch: amd64 + crypto: BoringSSL + build: cmake + zlib: 'ON' + - compiler: gcc + arch: amd64 + crypto: OpenSSL-3-no-deprecated + build: cmake + zlib: 'ON' + - compiler: clang + arch: i386 + crypto: Libgcrypt + build: autotools + zlib: 'ON' + options: --disable-static env: CC: ${{ matrix.compiler }} - CC_FOR_BUILD: ${{ matrix.compiler }} - CRYPTO_BACKEND: ${{ matrix.crypto_backend }} - BUILD_SHARED_LIBS: ${{ matrix.build_shared_libs }} - ENABLE_ZLIB_COMPRESSION: ${{ matrix.enable_zlib_compression }} steps: - - uses: actions/checkout@v2 - - name: Install 32 Bit Dependencies - if: ${{ matrix.address_size == 32 }} - run: | - sudo dpkg --add-architecture i386 - sudo apt-get update -qq - sudo apt-get install -y gcc-multilib - sudo apt-get install -y libssl-dev:i386 libgcrypt20-dev:i386 zlib1g-dev:i386 build-essential gcc-multilib - sudo dpkg --purge --force-depends gcc-multilib - sudo dpkg --purge --force-depends libssl-dev - echo "TOOLCHAIN_OPTION=-DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-Linux-32.cmake" >> $GITHUB_ENV - - name: Install 64 Bit Dependencies - if: ${{ matrix.address_size == 64 }} - run: | - sudo apt-get install -y libssl-dev - sudo apt-get install -y libgcrypt-dev - - name: Install mbedTLS Dependencies - if: ${{ matrix.crypto_backend == 'mbedTLS' }} - run: | - MBEDTLSVER=mbedtls-2.7.0 - curl -L https://github.com/ARMmbed/mbedtls/archive/$MBEDTLSVER.tar.gz | tar -xzf - + - uses: actions/checkout@v4 + - name: 'install architecture' + if: ${{ matrix.arch != 'amd64' }} + run: | + sudo dpkg --add-architecture '${{ matrix.arch }}' + sudo apt-get --quiet 2 --option Dpkg::Use-Pty=0 update + # Workaround for https://github.com/actions/runner-images/issues/7589 + sudo apt-get --quiet 2 --option Dpkg::Use-Pty=0 install libgcc-s1:${{ matrix.arch }} + sudo apt-get --quiet 2 --option Dpkg::Use-Pty=0 install gcc-multilib build-essential zlib1g-dev:${{ matrix.arch }} + + - name: 'install packages' + run: | + [ '${{ matrix.crypto }}' = 'OpenSSL' ] && pkg='libssl-dev' + [ '${{ matrix.crypto }}' = 'wolfSSL' ] && pkg='libwolfssl-dev' + [ '${{ matrix.crypto }}' = 'Libgcrypt' ] && pkg='libgcrypt-dev' + if [ -n "${pkg}" ]; then + sudo apt-get --quiet 2 --option Dpkg::Use-Pty=0 install "${pkg}:${{ matrix.arch }}" + fi + + - name: 'install mbedTLS from source' + if: ${{ matrix.crypto == 'mbedTLS' }} + run: | + MBEDTLSVER=mbedtls-3.5.1 + curl -L https://github.com/Mbed-TLS/mbedtls/archive/$MBEDTLSVER.tar.gz | tar -xzf - cd mbedtls-$MBEDTLSVER - cmake $TOOLCHAIN_OPTION -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DCMAKE_INSTALL_PREFIX:PATH=../usr . + if [ '${{ matrix.arch }}' = 'i386' ]; then + crossoptions='-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${{ matrix.arch }}' + cflags='-m32 -mpclmul -msse2 -maes' + fi + cmake ${crossoptions} \ + "-DCMAKE_C_FLAGS=${cflags}" \ + -DENABLE_PROGRAMS=OFF \ + -DENABLE_TESTING=OFF \ + -DUSE_STATIC_MBEDTLS_LIBRARY=OFF \ + -DUSE_SHARED_MBEDTLS_LIBRARY=ON \ + -DCMAKE_INSTALL_PREFIX:PATH=$PWD/../usr make -j3 install cd .. echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/usr/lib" >> $GITHUB_ENV echo "TOOLCHAIN_OPTION=$TOOLCHAIN_OPTION -DCMAKE_PREFIX_PATH=$PWD/usr" >> $GITHUB_ENV - - name: Build with Configure - if: ${{ matrix.b == 'configure' }} + + - name: 'install BoringSSL from source' + if: ${{ matrix.crypto == 'BoringSSL' }} run: | - autoreconf -fi - ./configure --enable-debug --enable-werror - make - make check - - name: Build with CMake - if: ${{ matrix.b == 'cmake' }} - run: | - mkdir bin - cd bin - cmake $TOOLCHAIN_OPTION -DCRYPTO_BACKEND=$CRYPTO_BACKEND -DBUILD_SHARED_LIBS=$BUILD_SHARED_LIBS -DENABLE_ZLIB_COMPRESSION=$ENABLE_ZLIB_COMPRESSION .. - cmake --build . - pushd ../tests - docker build -t libssh2/openssh_server openssh_server - popd - CTEST_OUTPUT_ON_FAILURE=1 cmake --build . --target test - cmake --build . --target package - fuzzer: + BORINGSSLVER=1b7fdbd9101dedc3e0aa3fcf4ff74eacddb34ecc + mkdir boringssl + cd boringssl + curl "https://boringssl.googlesource.com/boringssl/+archive/$BORINGSSLVER.tar.gz" | tar -xzf - + cmake \ + -DOPENSSL_SMALL=ON \ + -DCMAKE_C_FLAGS=-fPIC \ + -DCMAKE_INSTALL_PREFIX:PATH=$PWD/../usr + make -j3 install + cd .. + echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/usr/lib" >> $GITHUB_ENV + echo "TOOLCHAIN_OPTION=$TOOLCHAIN_OPTION -DCMAKE_PREFIX_PATH=$PWD/usr" >> $GITHUB_ENV + + - name: 'install OpenSSL from source' + if: ${{ matrix.crypto == 'OpenSSL-3-no-deprecated' }} + run: | + OPENSSLVER=openssl-3.2.0 + curl -L https://www.openssl.org/source/$OPENSSLVER.tar.gz | tar -xzf - + cd $OPENSSLVER + ./Configure no-deprecated \ + no-apps no-docs no-tests no-makedepend \ + no-comp no-quic no-legacy --prefix=/usr + make -j3 install DESTDIR=$PWD/.. + cd .. + echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/usr/lib" >> $GITHUB_ENV + echo "TOOLCHAIN_OPTION=$TOOLCHAIN_OPTION -DCMAKE_PREFIX_PATH=$PWD/usr" >> $GITHUB_ENV + + - name: 'autotools autoreconf' + if: ${{ matrix.build == 'autotools' }} + run: autoreconf -fi + - name: 'autotools configure' + if: ${{ matrix.build == 'autotools' }} + run: | + if [ '${{ matrix.arch }}' = 'i386' ]; then + crossoptions='--host=i686-pc-linux-gnu' + export CFLAGS=-m32 + fi + mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ + ${crossoptions} ${{ matrix.options }} + + - name: 'autotools build' + if: ${{ matrix.build == 'autotools' && !matrix.target }} + run: make -C bld -j3 + - name: 'autotools tests' + if: ${{ matrix.build == 'autotools' && !matrix.target }} + timeout-minutes: 10 + run: make -C bld check VERBOSE=1 + - name: 'autotools distcheck' + if: ${{ matrix.target == 'distcheck' }} + timeout-minutes: 10 + run: make -C bld -j3 distcheck + - name: 'cmake configure' + if: ${{ matrix.build == 'cmake' }} + run: | + if [ '${{ matrix.crypto }}' = 'BoringSSL' ] || \ + [[ '${{ matrix.crypto }}' = 'OpenSSL-'* ]]; then + crypto='OpenSSL' + else + crypto='${{ matrix.crypto }}' + fi + [ '${{ matrix.arch }}' = 'i386' ] && crossoptions='-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_SYSTEM_VERSION=1 -DCMAKE_SYSTEM_PROCESSOR=${{ matrix.arch }} -DCMAKE_C_FLAGS=-m32' + cmake -B bld ${crossoptions} $TOOLCHAIN_OPTION \ + -DENABLE_WERROR=ON \ + -DCRYPTO_BACKEND=${crypto} \ + -DENABLE_ZLIB_COMPRESSION=${{ matrix.zlib }} + + - name: 'cmake build' + if: ${{ matrix.build == 'cmake' }} + run: cmake --build bld --parallel 3 --target package + - name: 'cmake tests' + if: ${{ matrix.build == 'cmake' && matrix.crypto != 'wolfSSL' }} + timeout-minutes: 10 + run: | + export OPENSSH_SERVER_IMAGE=ghcr.io/libssh2/ci_tests_openssh_server:$(git rev-parse --short=20 HEAD:tests/openssh_server) + cd bld && ctest -VV --output-on-failure + + build_linux_cross_mingw64: + name: 'linux -> mingw-w64' runs-on: ubuntu-latest + timeout-minutes: 30 strategy: fail-fast: false matrix: - compiler: [gcc, clang] + build: [autotools, cmake] + compiler: [gcc] env: - CC: ${{ matrix.compiler }} - CC_FOR_BUILD: ${{ matrix.compiler }} + TRIPLET: 'x86_64-w64-mingw32' + steps: + - uses: actions/checkout@v4 + - name: 'install packages' + run: sudo apt-get --quiet 2 --option Dpkg::Use-Pty=0 install mingw-w64 + - name: 'autotools autoreconf' + if: ${{ matrix.build == 'autotools' }} + run: autoreconf -fi + - name: 'autotools configure' + if: ${{ matrix.build == 'autotools' }} + run: mkdir bld && cd bld && ../configure --enable-werror --enable-debug --host=${TRIPLET} + - name: 'autotools build' + if: ${{ matrix.build == 'autotools' }} + run: make -C bld -j3 + - name: 'cmake configure' + if: ${{ matrix.build == 'cmake' }} + run: | + cmake -B bld \ + -DCMAKE_SYSTEM_NAME=Windows \ + -DCMAKE_C_COMPILER_TARGET=${TRIPLET} \ + -DCMAKE_C_COMPILER=${TRIPLET}-gcc \ + -DENABLE_WERROR=ON + + - name: 'cmake build' + if: ${{ matrix.build == 'cmake' }} + run: cmake --build bld --parallel 3 + + build_cygwin: + name: 'cygwin' + runs-on: windows-latest + timeout-minutes: 30 + env: + SHELLOPTS: 'igncr' + strategy: + matrix: + include: + - { build: 'automake', platform: 'x86_64', compiler: 'gcc' } + - { build: 'cmake' , platform: 'x86_64', compiler: 'gcc' } + fail-fast: false + steps: + - run: git config --global core.autocrlf input + - uses: actions/checkout@v4 + - uses: cygwin/cygwin-install-action@v4 + with: + platform: ${{ matrix.platform }} + packages: autoconf libtool ${{ matrix.build }} gcc-core gcc-g++ binutils make libssl-devel zlib-devel + site: https://mirrors.kernel.org/sourceware/cygwin/ + + - name: 'autotools' + if: ${{ matrix.build == 'automake' }} + timeout-minutes: 10 + shell: C:\cygwin\bin\bash.exe '{0}' + run: | + export PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/system32" + autoreconf -fi + mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ + --with-crypto=openssl \ + --disable-docker-tests + make -j3 + make check VERBOSE=1 + + - name: 'cmake' + if: ${{ matrix.build == 'cmake' }} + timeout-minutes: 10 + shell: C:\cygwin\bin\bash.exe '{0}' + run: | + export PATH="/usr/bin:$(cygpath ${SYSTEMROOT})/system32" + cmake -B bld \ + -DENABLE_WERROR=ON \ + -DENABLE_DEBUG_LOGGING=ON \ + -DCRYPTO_BACKEND=OpenSSL \ + -DOPENSSL_ROOT_DIR=/usr/lib \ + -DENABLE_ZLIB_COMPRESSION=ON \ + -DRUN_DOCKER_TESTS=OFF \ + -DRUN_SSHD_TESTS=OFF + cmake --build bld --parallel 3 + cd bld && ctest -VV --output-on-failure + + build_msys2: + name: 'msys2' + runs-on: windows-latest + timeout-minutes: 30 + strategy: + matrix: + include: + - { build: 'autotools', sys: msys , env: x86_64 } + - { build: 'cmake' , sys: msys , env: x86_64 } + - { build: 'autotools', sys: mingw64, env: x86_64 } + - { build: 'autotools', sys: mingw32, env: i686 } + - { build: 'autotools', sys: ucrt64, env: ucrt-x86_64 } + - { build: 'autotools', sys: clang64, env: clang-x86_64 } + - { build: 'cmake' , sys: ucrt64, env: ucrt-x86_64 } + - { build: 'cmake' , sys: clang64, env: clang-x86_64 } + - { build: 'cmake' , sys: mingw64, env: x86_64, test: 'uwp' } + - { build: 'cmake' , sys: mingw64, env: x86_64, test: 'no-options' } + fail-fast: false + steps: + - uses: actions/checkout@v4 + - uses: msys2/setup-msys2@v2 + if: ${{ matrix.sys == 'msys' }} + with: + msystem: ${{ matrix.sys }} + install: gcc ${{ matrix.build }} make openssl-devel zlib-devel + - uses: msys2/setup-msys2@v2 + if: ${{ matrix.sys != 'msys' }} + with: + msystem: ${{ matrix.sys }} + install: >- + mingw-w64-${{ matrix.env }}-cc + mingw-w64-${{ matrix.env }}-${{ matrix.build }} make + mingw-w64-${{ matrix.env }}-openssl + + - name: 'autotools autoreconf' + if: ${{ matrix.build == 'autotools' }} + shell: msys2 {0} + run: autoreconf -fi + - name: 'autotools configure' + if: ${{ matrix.build == 'autotools' }} + env: + SSHD: 'C:/Program Files/Git/usr/bin/sshd.exe' + shell: msys2 {0} + run: | + # sshd tests sometimes hang + mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ + --with-crypto=openssl \ + --disable-docker-tests \ + --disable-sshd-tests + + - name: 'autotools build' + if: ${{ matrix.build == 'autotools' }} + shell: msys2 {0} + run: make -C bld -j3 + - name: 'autotools tests' + if: ${{ matrix.build == 'autotools' }} + timeout-minutes: 10 + shell: msys2 {0} + run: make -C bld check VERBOSE=1 + - name: 'cmake configure' + if: ${{ matrix.build == 'cmake' }} + shell: msys2 {0} + run: | + if [[ '${{ matrix.env }}' = 'clang'* ]]; then + options='-DCMAKE_C_COMPILER=clang -DCMAKE_UNITY_BUILD=ON' + else + options='-DCMAKE_C_COMPILER=gcc' + fi + if [ '${{ matrix.test }}' = 'uwp' ]; then + options="${options} -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0" + pacman --noconfirm --ask 20 --noprogressbar --sync --needed 'mingw-w64-${{ matrix.env }}-winstorecompat-git' + specs="$(realpath gcc-specs-uwp)" + gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp -lwindowsappcompat/' -e 's/-lmsvcrt/-lmsvcr120_app/' > "${specs}" + cflags="-specs=${specs} -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP" + # CMake (as of v3.26.4) gets confused and applies the MSVC rc.exe command-line + # template to windres. Reset it to the windres template manually: + rcopts=' -O coff ' + elif [ '${{ matrix.test }}' = 'no-options' ]; then + options="${options} -DLIBSSH2_NO_DEPRECATED=ON" + cflags='-DLIBSSH2_NO_MD5 -DLIBSSH2_NO_MD5_PEM -DLIBSSH2_NO_HMAC_RIPEMD -DLIBSSH2_NO_DSA -DLIBSSH2_NO_AES_CBC -DLIBSSH2_NO_AES_CTR -DLIBSSH2_NO_BLOWFISH -DLIBSSH2_NO_RC4 -DLIBSSH2_NO_CAST -DLIBSSH2_NO_3DES' + else + cflags='' + rcopts='' + fi + cmake -B bld ${options} \ + "-DCMAKE_C_FLAGS=${cflags}" \ + "-DCMAKE_RC_COMPILE_OBJECT=${rcopts}" \ + -DENABLE_WERROR=ON \ + -DENABLE_DEBUG_LOGGING=ON \ + -DCRYPTO_BACKEND=OpenSSL \ + -DENABLE_ZLIB_COMPRESSION=ON \ + -DRUN_DOCKER_TESTS=OFF \ + -DRUN_SSHD_TESTS=OFF \ + -DCMAKE_VERBOSE_MAKEFILE=ON + + - name: 'cmake build' + if: ${{ matrix.build == 'cmake' }} + shell: msys2 {0} + run: cmake --build bld --parallel 3 + - name: 'cmake tests' + # UWP missing 'msvcr120_app.dll', fails with exit code 0xc0000135 + if: ${{ matrix.build == 'cmake' && matrix.test != 'uwp' }} + timeout-minutes: 10 + shell: msys2 {0} + run: cd bld && ctest -VV --output-on-failure + + build_msvc: + name: 'msvc' + runs-on: windows-latest + timeout-minutes: 30 + strategy: + matrix: + include: + - { arch: x64 , plat: windows, crypto: WinCNG , log: 'OFF', shared: 'OFF', zlib: 'OFF', unity: 'OFF' } + - { arch: x64 , plat: windows, crypto: WinCNG , log: 'ON' , shared: 'ON' , zlib: 'OFF', unity: 'OFF' } + - { arch: x64 , plat: windows, crypto: OpenSSL, log: 'OFF', shared: 'ON' , zlib: 'OFF', unity: 'OFF' } + - { arch: x64 , plat: uwp , crypto: WinCNG , log: 'OFF', shared: 'ON' , zlib: 'OFF', unity: 'OFF' } + - { arch: arm64, plat: windows, crypto: WinCNG , log: 'OFF', shared: 'ON' , zlib: 'OFF', unity: 'OFF' } + - { arch: arm64, plat: uwp , crypto: WinCNG , log: 'OFF', shared: 'ON' , zlib: 'OFF', unity: 'ON' } + - { arch: x86 , plat: windows, crypto: WinCNG , log: 'OFF', shared: 'ON' , zlib: 'OFF', unity: 'OFF' } + fail-fast: false + steps: + - uses: actions/checkout@v4 + - name: 'cmake configure' + shell: bash + run: | + archgen=${{ matrix.arch }}; [ "${archgen}" = 'x86' ] && archgen='Win32' + if [ '${{ matrix.plat }}' = 'uwp' ]; then + system='WindowsStore' + options='-DCMAKE_SYSTEM_VERSION=10.0' + else + system='Windows' + fi + cmake -B bld ${options} \ + -DCMAKE_SYSTEM_NAME=${system} \ + -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake \ + -DCMAKE_GENERATOR_PLATFORM=${archgen} \ + -DVCPKG_TARGET_TRIPLET=${{ matrix.arch }}-${{ matrix.plat }} \ + -DCMAKE_VS_GLOBALS=TrackFileAccess=false \ + -DCMAKE_UNITY_BUILD=${{ matrix.unity }} \ + -DENABLE_WERROR=ON \ + -DENABLE_DEBUG_LOGGING=${{ matrix.log }} \ + -DBUILD_SHARED_LIBS=${{ matrix.shared }} \ + -DCRYPTO_BACKEND=${{ matrix.crypto }} \ + -DENABLE_ZLIB_COMPRESSION=${{ matrix.zlib }} \ + -DRUN_DOCKER_TESTS=OFF \ + -DRUN_SSHD_TESTS=OFF + + - name: 'cmake build' + run: cmake --build bld --parallel 3 --target package --config Release + - name: 'cmake tests' + # UWP binaries require a CRT DLL that is not found. Static CRT not supported. + if: ${{ matrix.arch != 'arm64' && matrix.plat != 'uwp' }} + timeout-minutes: 10 + run: cd bld && ctest -VV -C Release --output-on-failure + + build_macos: + name: 'macOS (${{ matrix.build }}, ${{ matrix.crypto.name }})' + runs-on: macos-latest + timeout-minutes: 30 + strategy: + fail-fast: false + matrix: + build: [autotools, cmake] + crypto: + - name: 'OpenSSL 3' + install: openssl + configure: --with-crypto=openssl --with-libssl-prefix=/usr/local/opt/openssl + cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl + - name: 'OpenSSL 1.1' + install: openssl@1.1 + configure: --with-crypto=openssl --with-libssl-prefix=/usr/local/opt/openssl@1.1 + cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1 + - name: 'LibreSSL' + install: libressl + configure: --with-crypto=openssl --with-libssl-prefix=/usr/local/opt/libressl + cmake: -DCRYPTO_BACKEND=OpenSSL -DOPENSSL_ROOT_DIR=/usr/local/opt/libressl + - name: 'wolfSSL' + install: wolfssl + configure: --with-crypto=wolfssl --with-libwolfssl-prefix=/usr/local/opt/wolfssl + cmake: -DCRYPTO_BACKEND=wolfSSL + - name: 'libgcrypt' + install: libgcrypt + configure: --with-crypto=libgcrypt --with-libgcrypt-prefix=/usr/local/opt/libgcrypt + cmake: -DCRYPTO_BACKEND=Libgcrypt + - name: 'mbedTLS' + install: mbedtls + configure: --with-crypto=mbedtls --with-libmbedcrypto-prefix=/usr/local/opt/mbedtls + cmake: -DCRYPTO_BACKEND=mbedTLS -DMBEDTLS_INCLUDE_DIR=/usr/local/opt/mbedtls/include -DMBEDCRYPTO_LIBRARY=/usr/local/opt/mbedtls/lib/libmbedcrypto.a + steps: + - name: 'install packages' + run: brew install automake ${{ matrix.crypto.install }} + - uses: actions/checkout@v4 + - name: 'autotools autoreconf' + if: ${{ matrix.build == 'autotools' }} + run: autoreconf -fi + - name: 'autotools configure' + if: ${{ matrix.build == 'autotools' }} + run: | + mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ + --with-libz ${{ matrix.crypto.configure }} \ + --disable-docker-tests \ + --disable-sshd-tests + + - name: 'autotools build' + if: ${{ matrix.build == 'autotools' }} + run: make -C bld -j3 + - name: 'autotools tests' + if: ${{ matrix.build == 'autotools' }} + timeout-minutes: 10 + run: make -C bld check VERBOSE=1 + - name: 'cmake configure' + if: ${{ matrix.build == 'cmake' }} + run: | + cmake -B bld ${{ matrix.crypto.cmake }} \ + -DCMAKE_UNITY_BUILD=ON \ + -DENABLE_WERROR=ON \ + -DENABLE_DEBUG_LOGGING=ON \ + -DENABLE_ZLIB_COMPRESSION=ON \ + -DRUN_DOCKER_TESTS=OFF \ + -DRUN_SSHD_TESTS=OFF + + - name: 'cmake build' + if: ${{ matrix.build == 'cmake' }} + run: cmake --build bld --parallel 3 + - name: 'cmake tests' + if: ${{ matrix.build == 'cmake' }} + timeout-minutes: 10 + run: cd bld && ctest -VV --output-on-failure + + build_freebsd: + name: 'FreeBSD (autotools, openssl, clang, amd64)' + runs-on: macos-12 + timeout-minutes: 30 + steps: + - uses: actions/checkout@v4 + - name: 'autotools' + uses: cross-platform-actions/action@v0.21.1 + with: + operating_system: "freebsd" + version: "13.2" + architecture: "x86_64" + run: | + # https://ports.freebsd.org/ + sudo pkg install -y autoconf automake libtool + setenv CC clang + autoreconf -fi + mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ + --with-crypto=openssl \ + --disable-docker-tests + make -j3 + make check VERBOSE=1 + + build_freebsd_new: + name: 'FreeBSD 14 (autotools, openssl, clang, amd64)' + runs-on: ubuntu-22.04 + timeout-minutes: 30 + steps: + - uses: actions/checkout@v4 + - name: 'autotools' + uses: vmactions/freebsd-vm@v1 + with: + # https://ports.freebsd.org/ + prepare: pkg install -y autoconf automake libtool bash + run: | + setenv CC clang + autoreconf -fi + mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ + --with-crypto=openssl \ + --disable-docker-tests + make -j3 + make check VERBOSE=1 + + build_netbsd: + name: 'NetBSD (cmake, openssl, clang, amd64)' + runs-on: macos-12 + timeout-minutes: 30 + steps: + - uses: actions/checkout@v4 + - name: 'cmake' + uses: cross-platform-actions/action@v0.21.1 + with: + operating_system: "netbsd" + version: "9.3" + architecture: "x86_64" + run: | + # https://pkgsrc.se/ + sudo pkgin -y install cmake + cmake -B bld \ + -DENABLE_WERROR=ON \ + -DENABLE_DEBUG_LOGGING=ON \ + -DCRYPTO_BACKEND=OpenSSL \ + -DBUILD_STATIC_LIBS=OFF \ + -DRUN_DOCKER_TESTS=OFF \ + -DRUN_SSHD_TESTS=OFF + cmake --build bld --parallel 3 + + build_openbsd: + name: 'OpenBSD (cmake, libressl, clang, amd64)' + runs-on: macos-12 + timeout-minutes: 30 + steps: + - uses: actions/checkout@v4 + - name: 'cmake' + uses: cross-platform-actions/action@v0.21.1 + with: + operating_system: "openbsd" + version: "7.4" + architecture: "x86_64" + run: | + # https://openbsd.app/ + sudo pkg_add cmake + cmake -B bld \ + -DENABLE_WERROR=ON \ + -DENABLE_DEBUG_LOGGING=ON \ + -DCRYPTO_BACKEND=OpenSSL \ + -DBUILD_STATIC_LIBS=OFF \ + -DRUN_DOCKER_TESTS=OFF \ + -DRUN_SSHD_TESTS=OFF + cmake --build bld --parallel 3 + + build_omnios: + name: 'OmniOS (autotools, openssl, gcc, amd64)' + runs-on: ubuntu-22.04 + timeout-minutes: 30 steps: - - uses: actions/checkout@v2 - - name: Run Fuzzer - run: GIT_REF=$GITHUB_REF ./ci/ossfuzz.sh + - uses: actions/checkout@v4 + - name: 'autotools' + uses: vmactions/omnios-vm@v1 + with: + usesh: true + # https://pkg.omnios.org/r151048/core/en/index.shtml + prepare: pkg install build-essential libtool + run: | + autoreconf -fi + mkdir bld && cd bld && ../configure --enable-werror --enable-debug \ + --with-crypto=openssl \ + --disable-docker-tests + gmake -j3 + gmake check VERBOSE=1 diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 0000000000..5fd235236d --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,34 @@ +# Copyright (C) The libssh2 project and its contributors. +# +# SPDX-License-Identifier: BSD-3-Clause +# +name: CIFuzz +on: [pull_request] + +permissions: {} + +jobs: + Fuzzing: + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'libssh2' + dry-run: false + language: c + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'libssh2' + fuzz-seconds: 600 + dry-run: false + language: c + - name: Upload Crash + uses: actions/upload-artifact@v3 + if: ${{ failure() && steps.build.outcome == 'success' }} + with: + name: artifacts + path: ./out/artifacts diff --git a/.github/workflows/openssh_server.yml b/.github/workflows/openssh_server.yml new file mode 100644 index 0000000000..69526b2c7c --- /dev/null +++ b/.github/workflows/openssh_server.yml @@ -0,0 +1,68 @@ +# Copyright (C) Marc Hoersken +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# SPDX-License-Identifier: BSD-3-Clause + +name: OpenSSH Server Docker Image + +on: + push: + branches: [ master ] + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/checkout@v4 + + - shell: bash + id: hash + run: echo "::set-output name=hash::$(git rev-parse --short=20 HEAD:tests/openssh_server)" + + - shell: bash + id: poll + run: docker manifest inspect ghcr.io/${{ github.repository_owner }}/ci_tests_openssh_server:${{ steps.hash.outputs.hash }} + continue-on-error: true + + - uses: docker/metadata-action@v5 + id: meta + with: + images: ghcr.io/${{ github.repository_owner }}/ci_tests_openssh_server + tags: | + type=raw,value=${{ steps.hash.outputs.hash }} + if: ${{ steps.poll.outcome == 'failure' }} + + - uses: docker/build-push-action@v5 + with: + context: ./tests/openssh_server + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + if: ${{ steps.poll.outcome == 'failure' }} diff --git a/.github/workflows/reuse.yml b/.github/workflows/reuse.yml new file mode 100644 index 0000000000..562911db46 --- /dev/null +++ b/.github/workflows/reuse.yml @@ -0,0 +1,29 @@ +# Copyright (C) Daniel Stenberg +# SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. +# +# SPDX-License-Identifier: BSD-3-Clause + +name: REUSE compliance + +on: + push: + branches: + - master + - '*/ci' + pull_request: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: REUSE Compliance Check + uses: fsfe/reuse-action@v2 diff --git a/.gitignore b/.gitignore index d256f68b74..ae793d80e9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,14 @@ .deps .libs +*.a *.lib *.pdb *.dll +*.def *.exe *.obj .*.swp +*-*-* Debug Release *.exp @@ -24,8 +27,12 @@ depcomp libtool ltmain.sh missing -ssh2_sample +tap-driver.sh +test-driver +libssh2-*.tar.bz2 libssh2-*.tar.gz +libssh2-*.tar.xz +libssh2-*.zip install-sh *.o *.lo @@ -36,3 +43,4 @@ libssh2.pc TAGS *~ .DS_Store +build diff --git a/.reuse/dep5 b/.reuse/dep5 new file mode 100644 index 0000000000..8e91ab515e --- /dev/null +++ b/.reuse/dep5 @@ -0,0 +1,34 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: libssh2 +Upstream-Contact: The libssh2 team +Source: https://libssh2.org/ + +# Test data +Files: tests/ossfuzz/* tests/key_* tests/test_read_algos.txt ci/spellcheck-words.txt +Copyright: The libssh2 project and its contributors. +License: BSD-3-Clause + +# Test server +Files: tests/openssh_server/.gitattributes tests/openssh_server/authorized_keys tests/openssh_server/ca_* tests/openssh_server/ssh_* tests/openssh_server/sshd_config +Copyright: The libssh2 project and its contributors. +License: BSD-3-Clause + +# Root files +Files: NEWS README README.md RELEASE-NOTES +Copyright: The libssh2 project and its contributors. +License: BSD-3-Clause + +# Docs +Files: docs/.gitignore docs/AUTHORS docs/BINDINGS.md docs/HACKING-CRYPTO docs/HACKING.md docs/INSTALL_CMAKE.md docs/Makefile.am docs/SECURITY.md docs/TODO docs/template.3 os400/README400 +Copyright: The libssh2 project and its contributors. +License: BSD-3-Clause + +# vms files +Files: vms/libssh2_config.h vms/libssh2_make_example.dcl vms/libssh2_make_help.dcl vms/libssh2_make_kit.dcl vms/libssh2_make_lib.dcl vms/man2help.c vms/readme.vms +Copyright: The libssh2 project and its contributors. +License: BSD-3-Clause + +# dot files +Files: .checksrc .editorconfig .github/ISSUE_TEMPLATE/bug_report.md .github/SECURITY.md .github/stale.yml .gitignore example/.gitignore m4/.gitignore src/.gitignore tests/.gitignore +Copyright: The libssh2 project and its contributors. +License: BSD-3-Clause diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index ec290126ea..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright (c) 2014 Alexander Lamaison -# -# Redistribution and use in source and binary forms, -# with or without modification, are permitted provided -# that the following conditions are met: -# -# Redistributions of source code must retain the above -# copyright notice, this list of conditions and the -# following disclaimer. -# -# Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# Neither the name of the copyright holder nor the names -# of any other contributors may be used to endorse or -# promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY -# OF SUCH DAMAGE. - -sudo: required - -services: - - docker - -language: c - -compiler: - - gcc - - clang - -addons: - chrome: stable -matrix: - include: - - name: "Check style" - script: ./ci/checksrc.sh - -env: - - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=configure - - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=64 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=OpenSSL BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=Libgcrypt BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=OFF B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=OFF ENABLE_ZLIB_COMPRESSION=ON B=cmake - - ADDRESS_SIZE=32 CRYPTO_BACKEND=mbedTLS BUILD_SHARED_LIBS=ON ENABLE_ZLIB_COMPRESSION=ON B=cmake - - B=fuzzer - -before_install: - - if [ $ADDRESS_SIZE = '32' ]; then sudo dpkg --add-architecture i386; fi - - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get update -qq; fi - - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get install -y gcc-multilib; fi - - if [ $ADDRESS_SIZE = '32' ]; then sudo apt-get install -y libssl-dev:i386 libgcrypt20-dev:i386 build-essential gcc-multilib; fi - - if [ $ADDRESS_SIZE = '32' ]; then sudo dpkg --purge --force-depends gcc-multilib && sudo dpkg --purge --force-depends libssl-dev; fi - - if [ $ADDRESS_SIZE = '64' ]; then sudo apt-get install -y libssl-dev; fi - - if [ $ADDRESS_SIZE = '64' ]; then sudo apt-get install -y libgcrypt11-dev; fi - - if [ $ADDRESS_SIZE = '32' ]; then export TOOLCHAIN_OPTION="-DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-Linux-32.cmake"; fi - - if [ $CRYPTO_BACKEND = 'mbedTLS' ]; then - MBEDTLSVER=mbedtls-2.7.0; - curl -L https://github.com/ARMmbed/mbedtls/archive/$MBEDTLSVER.tar.gz | tar -xzf -; - cd mbedtls-$MBEDTLSVER; - cmake $TOOLCHAIN_OPTION -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DCMAKE_INSTALL_PREFIX:PATH=../usr .; - make -j3 install; - cd ..; - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$PWD/usr/lib; - export TOOLCHAIN_OPTION="$TOOLCHAIN_OPTION -DCMAKE_PREFIX_PATH=$PWD/usr"; - fi - -install: - -script: - - | - if [ "$B" = "configure" ]; then - autoreconf -fi - ./configure --enable-debug --enable-werror - make - make check - fi - - | - if [ "$B" = "cmake" ]; then - mkdir bin - cd tests - docker build -t libssh2/openssh_server openssh_server - cd ../bin - cmake $TOOLCHAIN_OPTION -DCRYPTO_BACKEND=$CRYPTO_BACKEND -DBUILD_SHARED_LIBS=$BUILD_SHARED_LIBS -DENABLE_ZLIB_COMPRESSION=$ENABLE_ZLIB_COMPRESSION .. && cmake --build . && CTEST_OUTPUT_ON_FAILURE=1 cmake --build . --target test && cmake --build . --target package - fi - - | - if [ "$B" = "fuzzer" ]; then - GIT_REF=$TRAVIS_COMMIT ./ci/ossfuzz.sh - fi - -# whitelist branches to avoid testing feature branches twice (as branch and as pull request) -branches: - only: - - master diff --git a/CMakeLists.txt b/CMakeLists.txt index e6c95c888c..4ac44a0a41 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,5 @@ -# Copyright (c) 2014, 2015 Alexander Lamaison +# Copyright (C) Alexander Lamaison +# Copyright (C) Viktor Szakats # # Redistribution and use in source and binary forms, # with or without modification, are permitted provided @@ -32,28 +33,38 @@ # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY # OF SUCH DAMAGE. +# +# SPDX-License-Identifier: BSD-3-Clause + +cmake_minimum_required(VERSION 3.7) +message(STATUS "Using CMake version ${CMAKE_VERSION}") -cmake_minimum_required(VERSION 2.8.11) +set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH}) + +include(CheckFunctionExists) +include(CheckSymbolExists) +include(CheckIncludeFiles) +include(CMakePushCheckState) +include(FeatureSummary) -set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake) +include(CheckFunctionExistsMayNeedLibrary) +include(CheckNonblockingSocketSupport) project(libssh2 C) -set(PROJECT_URL "https://www.libssh2.org/") -set(PROJECT_DESCRIPTION "The SSH library") -if (CMAKE_VERSION VERSION_LESS "3.1") - if (CMAKE_C_COMPILER_ID STREQUAL "GNU") - set (CMAKE_C_FLAGS "--std=gnu90 ${CMAKE_C_FLAGS}") - endif() -else() - set (CMAKE_C_STANDARD 90) -endif() +set(CMAKE_UNITY_BUILD_BATCH_SIZE 32) -option(BUILD_SHARED_LIBS "Build Shared Libraries" OFF) +option(BUILD_STATIC_LIBS "Build Static Libraries" ON) +add_feature_info("Static library" BUILD_STATIC_LIBS + "creating libssh2 static library") + +option(BUILD_SHARED_LIBS "Build Shared Libraries" ON) +add_feature_info("Shared library" BUILD_SHARED_LIBS + "creating libssh2 shared library (.so/.dll)") # Parse version -file(READ ${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h _HEADER_CONTENTS) +file(READ "${PROJECT_SOURCE_DIR}/include/libssh2.h" _HEADER_CONTENTS) string( REGEX REPLACE ".*#define LIBSSH2_VERSION[ \t]+\"([^\"]+)\".*" "\\1" LIBSSH2_VERSION "${_HEADER_CONTENTS}") @@ -71,28 +82,354 @@ if(NOT LIBSSH2_VERSION OR NOT LIBSSH2_VERSION_MAJOR MATCHES "^[0-9]+$" OR NOT LIBSSH2_VERSION_MINOR MATCHES "^[0-9]+$" OR NOT LIBSSH2_VERSION_PATCH MATCHES "^[0-9]+$") - message( - FATAL_ERROR - "Unable to parse version from" - "${CMAKE_CURRENT_SOURCE_DIR}/include/libssh2.h") + message(FATAL_ERROR "Unable to parse version from ${PROJECT_SOURCE_DIR}/include/libssh2.h") endif() include(GNUInstallDirs) install( - FILES docs/AUTHORS COPYING docs/HACKING README RELEASE-NOTES NEWS + FILES + COPYING NEWS README RELEASE-NOTES + docs/AUTHORS docs/BINDINGS.md docs/HACKING.md DESTINATION ${CMAKE_INSTALL_DOCDIR}) -include(max_warnings) -include(FeatureSummary) +include(PickyWarnings) -add_subdirectory(src) +# Add socket libraries +if(WIN32) + list(APPEND SOCKET_LIBRARIES "ws2_32") +else() + check_function_exists_may_need_library("socket" HAVE_SOCKET "socket") + if(NEED_LIB_SOCKET) + list(APPEND SOCKET_LIBRARIES "socket") + endif() + check_function_exists_may_need_library("inet_addr" HAVE_INET_ADDR "nsl") + if(NEED_LIB_NSL) + list(APPEND SOCKET_LIBRARIES "nsl") + endif() +endif() option(BUILD_EXAMPLES "Build libssh2 examples" ON) +option(BUILD_TESTING "Build libssh2 test suite" ON) + +if(NOT BUILD_STATIC_LIBS AND NOT BUILD_SHARED_LIBS) + set(BUILD_STATIC_LIBS ON) +endif() + +set(LIB_NAME "libssh2") +set(LIB_STATIC "${LIB_NAME}_static") +set(LIB_SHARED "${LIB_NAME}_shared") + +# lib flavour selected for example and test programs. +if(BUILD_SHARED_LIBS) + set(LIB_SELECTED ${LIB_SHARED}) +else() + set(LIB_SELECTED ${LIB_STATIC}) +endif() + +# Symbol hiding + +option(HIDE_SYMBOLS "Set to ON to hide all libssh2 symbols that are not officially external" ON) +mark_as_advanced(HIDE_SYMBOLS) +if(HIDE_SYMBOLS) + set(LIB_SHARED_DEFINITIONS "LIBSSH2_EXPORTS") + if(WIN32) + elseif((CMAKE_C_COMPILER_ID MATCHES "Clang") OR + (CMAKE_COMPILER_IS_GNUCC AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.0) OR + (CMAKE_C_COMPILER_ID MATCHES "Intel" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1)) + set(LIB_SHARED_C_FLAGS "-fvisibility=hidden") + set(LIBSSH2_API "__attribute__ ((__visibility__ (\"default\")))") + elseif(CMAKE_C_COMPILER_ID MATCHES "SunPro" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 8.0) + set(LIB_SHARED_C_FLAGS "-xldscope=hidden") + set(LIBSSH2_API "__global") + endif() +endif() + +# Options + +# Enable debugging logging by default if the user configured a debug build +if(CMAKE_BUILD_TYPE STREQUAL "Debug") + set(DEBUG_LOGGING_DEFAULT ON) +else() + set(DEBUG_LOGGING_DEFAULT OFF) +endif() +option(ENABLE_DEBUG_LOGGING "log execution with debug trace" ${DEBUG_LOGGING_DEFAULT}) +add_feature_info(Logging ENABLE_DEBUG_LOGGING "Logging of execution with debug trace") +if(ENABLE_DEBUG_LOGGING) + # Must be visible to the library and tests using internals + add_definitions("-DLIBSSH2DEBUG") +endif() + +option(LIBSSH2_NO_DEPRECATED "Build without deprecated APIs" OFF) +add_feature_info("Without deprecated APIs" LIBSSH2_NO_DEPRECATED "") +if(LIBSSH2_NO_DEPRECATED) + add_definitions("-DLIBSSH2_NO_DEPRECATED") +endif() + +# Auto-detection + +# Prefill values with known detection results +# Keep this synced with src/libssh2_setup.h +if(WIN32) + if(MINGW) + set(HAVE_SNPRINTF 1) + set(HAVE_UNISTD_H 1) + set(HAVE_INTTYPES_H 1) + set(HAVE_SYS_TIME_H 1) + set(HAVE_SYS_PARAM_H 1) + set(HAVE_GETTIMEOFDAY 1) + set(HAVE_STRTOLL 1) + elseif(MSVC) + set(HAVE_GETTIMEOFDAY 0) + if(NOT MSVC_VERSION LESS 1800) + set(HAVE_INTTYPES_H 1) + set(HAVE_STRTOLL 1) + else() + set(HAVE_INTTYPES_H 0) + set(HAVE_STRTOLL 0) + set(HAVE_STRTOI64 1) + endif() + if(NOT MSVC_VERSION LESS 1900) + set(HAVE_SNPRINTF 1) + else() + set(HAVE_SNPRINTF 0) + endif() + endif() +endif() + +## Platform checks +check_include_files("inttypes.h" HAVE_INTTYPES_H) +if(NOT MSVC) + check_include_files("unistd.h" HAVE_UNISTD_H) + check_include_files("sys/time.h" HAVE_SYS_TIME_H) + check_include_files("sys/param.h" HAVE_SYS_PARAM_H) # tests +endif() +if(NOT WIN32) + check_include_files("sys/select.h" HAVE_SYS_SELECT_H) + check_include_files("sys/uio.h" HAVE_SYS_UIO_H) + check_include_files("sys/socket.h" HAVE_SYS_SOCKET_H) + check_include_files("sys/ioctl.h" HAVE_SYS_IOCTL_H) + check_include_files("sys/un.h" HAVE_SYS_UN_H) + check_include_files("arpa/inet.h" HAVE_ARPA_INET_H) # example and tests + check_include_files("netinet/in.h" HAVE_NETINET_IN_H) # example and tests +endif() + +# CMake uses C syntax in check_symbol_exists() that generates a warning with +# MSVC. To not break detection with ENABLE_WERRROR, we disable it for the +# duration of these tests. +if(MSVC AND ENABLE_WERROR) + cmake_push_check_state() + set(CMAKE_REQUIRED_FLAGS "/WX-") +endif() + +if(HAVE_SYS_TIME_H) + check_symbol_exists("gettimeofday" "sys/time.h" HAVE_GETTIMEOFDAY) +else() + check_function_exists("gettimeofday" HAVE_GETTIMEOFDAY) +endif() +check_symbol_exists("strtoll" "stdlib.h" HAVE_STRTOLL) +if(NOT HAVE_STRTOLL) + # Try _strtoi64() if strtoll() is not available + check_symbol_exists("_strtoi64" "stdlib.h" HAVE_STRTOI64) +endif() +check_symbol_exists("snprintf" "stdio.h" HAVE_SNPRINTF) +if(NOT WIN32) + check_symbol_exists("explicit_bzero" "string.h" HAVE_EXPLICIT_BZERO) + check_symbol_exists("explicit_memset" "string.h" HAVE_EXPLICIT_MEMSET) + check_symbol_exists("memset_s" "string.h" HAVE_MEMSET_S) +endif() + +if(MSVC AND ENABLE_WERROR) + cmake_pop_check_state() +endif() + +if(CMAKE_SYSTEM_NAME STREQUAL "Darwin" OR + CMAKE_SYSTEM_NAME STREQUAL "Interix") + # poll() does not work on these platforms + # + # Interix: "does provide poll(), but the implementing developer must + # have been in a bad mood, because poll() only works on the /proc + # filesystem here" + # + # macOS poll() has funny behaviors, like: + # not being able to do poll on no filedescriptors (10.3?) + # not being able to poll on some files (like anything in /dev) + # not having reliable timeout support + # inconsistent return of POLLHUP where other implementations give POLLIN + message(STATUS "poll use is disabled on this platform") +elseif(NOT WIN32) + check_function_exists("poll" HAVE_POLL) +endif() +if(WIN32) + set(HAVE_SELECT 1) +else() + check_function_exists("select" HAVE_SELECT) +endif() + +# Non-blocking socket support tests. Use a separate, yet unset variable +# for the socket libraries to not link against the other configured +# dependencies which might not have been built yet. +if(NOT WIN32) + cmake_push_check_state() + set(CMAKE_REQUIRED_LIBRARIES ${SOCKET_LIBRARIES}) + check_nonblocking_socket_support() + cmake_pop_check_state() +endif() + +# Config file + +add_definitions("-DHAVE_CONFIG_H") + +configure_file("src/libssh2_config_cmake.h.in" + "${CMAKE_CURRENT_BINARY_DIR}/src/libssh2_config.h") + +## Cryptography backend choice + +set(CRYPTO_BACKEND "" CACHE STRING + "The backend to use for cryptography: OpenSSL, wolfSSL, Libgcrypt, +WinCNG, mbedTLS, or empty to try any available") + +# If the crypto backend was given, rather than searching for the first +# we are able to find, the find_package commands must abort configuration +# and report to the user. +if(CRYPTO_BACKEND) + set(SPECIFIC_CRYPTO_REQUIREMENT "REQUIRED") +endif() + +if(CRYPTO_BACKEND STREQUAL "OpenSSL" OR NOT CRYPTO_BACKEND) + + find_package(OpenSSL ${SPECIFIC_CRYPTO_REQUIREMENT}) + + if(OPENSSL_FOUND) + set(CRYPTO_BACKEND "OpenSSL") + set(CRYPTO_BACKEND_DEFINE "LIBSSH2_OPENSSL") + set(CRYPTO_BACKEND_INCLUDE_DIR ${OPENSSL_INCLUDE_DIR}) + list(APPEND LIBRARIES ${OPENSSL_LIBRARIES}) + list(APPEND LIBSSH2_PC_LIBS_PRIVATE "-lcrypto") + list(APPEND LIBSSH2_PC_REQUIRES_PRIVATE "libcrypto") + + if(WIN32) + # Statically linking to OpenSSL requires crypt32 for some Windows APIs. + # This should really be handled by FindOpenSSL.cmake. + list(APPEND LIBRARIES "crypt32" "bcrypt") + list(APPEND LIBSSH2_PC_LIBS_PRIVATE "-lcrypt32" "-lbcrypt") + + #set(CMAKE_FIND_DEBUG_MODE ON) + + find_file(DLL_LIBCRYPTO + NAMES "crypto.dll" + "libcrypto-1_1.dll" "libcrypto-1_1-x64.dll" + "libcrypto-3.dll" "libcrypto-3-x64.dll" + HINTS ${_OPENSSL_ROOT_HINTS} PATHS ${_OPENSSL_ROOT_PATHS} + PATH_SUFFIXES "bin" NO_DEFAULT_PATH) + if(DLL_LIBCRYPTO) + list(APPEND _RUNTIME_DEPENDENCIES ${DLL_LIBCRYPTO}) + message(STATUS "Found libcrypto DLL: ${DLL_LIBCRYPTO}") + else() + message(WARNING "Unable to find OpenSSL libcrypto DLL, executables may not run") + endif() + + #set(CMAKE_FIND_DEBUG_MODE OFF) + endif() + + find_package(ZLIB) + + if(ZLIB_FOUND) + list(APPEND LIBRARIES ${ZLIB_LIBRARIES}) + list(APPEND LIBSSH2_PC_LIBS_PRIVATE "-lz") + endif() + endif() +endif() + +if(CRYPTO_BACKEND STREQUAL "wolfSSL" OR NOT CRYPTO_BACKEND) + + find_package(wolfssl ${SPECIFIC_CRYPTO_REQUIREMENT}) + + if(WOLFSSL_FOUND) + set(CRYPTO_BACKEND "wolfSSL") + set(CRYPTO_BACKEND_DEFINE "LIBSSH2_WOLFSSL") + set(CRYPTO_BACKEND_INCLUDE_DIR ${WOLFSSL_INCLUDE_DIR} "${WOLFSSL_INCLUDE_DIR}/wolfssl") + list(APPEND LIBRARIES ${WOLFSSL_LIBRARIES}) + list(APPEND LIBSSH2_PC_LIBS_PRIVATE "-lwolfssl") + list(APPEND LIBSSH2_PC_REQUIRES_PRIVATE "wolfssl") + + if(WIN32) + list(APPEND LIBRARIES "crypt32") + list(APPEND LIBSSH2_PC_LIBS_PRIVATE "-lcrypt32") + endif() + + find_package(ZLIB) + + if(ZLIB_FOUND) + list(APPEND CRYPTO_BACKEND_INCLUDE_DIR ${ZLIB_INCLUDE_DIR}) # Public wolfSSL headers require zlib headers + list(APPEND LIBRARIES ${ZLIB_LIBRARIES}) + list(APPEND LIBSSH2_PC_LIBS_PRIVATE "-lz") + endif() + endif() +endif() + +if(CRYPTO_BACKEND STREQUAL "Libgcrypt" OR NOT CRYPTO_BACKEND) + + find_package(Libgcrypt ${SPECIFIC_CRYPTO_REQUIREMENT}) + + if(LIBGCRYPT_FOUND) + set(CRYPTO_BACKEND "Libgcrypt") + set(CRYPTO_BACKEND_DEFINE "LIBSSH2_LIBGCRYPT") + set(CRYPTO_BACKEND_INCLUDE_DIR ${LIBGCRYPT_INCLUDE_DIRS}) + list(APPEND LIBRARIES ${LIBGCRYPT_LIBRARIES}) + list(APPEND LIBSSH2_PC_LIBS_PRIVATE "-lgcrypt") + list(APPEND LIBSSH2_PC_REQUIRES_PRIVATE "libgcrypt") + endif() +endif() + +if(CRYPTO_BACKEND STREQUAL "mbedTLS" OR NOT CRYPTO_BACKEND) + + find_package(mbedTLS ${SPECIFIC_CRYPTO_REQUIREMENT}) + + if(MBEDTLS_FOUND) + set(CRYPTO_BACKEND "mbedTLS") + set(CRYPTO_BACKEND_DEFINE "LIBSSH2_MBEDTLS") + set(CRYPTO_BACKEND_INCLUDE_DIR ${MBEDTLS_INCLUDE_DIR}) + list(APPEND LIBRARIES ${MBEDTLS_LIBRARIES}) + list(APPEND LIBSSH2_PC_LIBS_PRIVATE "-lmbedcrypto") + link_directories(${MBEDTLS_LIBRARY_DIR}) + endif() +endif() + +# Detect platform-specific crypto-backends last: + +if(CRYPTO_BACKEND STREQUAL "WinCNG" OR NOT CRYPTO_BACKEND) + if(WIN32) + set(CRYPTO_BACKEND "WinCNG") + set(CRYPTO_BACKEND_DEFINE "LIBSSH2_WINCNG") + set(CRYPTO_BACKEND_INCLUDE_DIR "") + list(APPEND LIBRARIES "crypt32" "bcrypt") + list(APPEND LIBSSH2_PC_LIBS_PRIVATE "-lcrypt32" "-lbcrypt") + elseif(SPECIFIC_CRYPTO_REQUIREMENT STREQUAL "REQUIRED") + message(FATAL_ERROR "WinCNG not available") + endif() +endif() + +# Global functions + +# Convert GNU Make assignments into CMake ones. +function(transform_makefile_inc INPUT_FILE OUTPUT_FILE) + file(READ ${INPUT_FILE} MAKEFILE_INC_CMAKE) + + string(REGEX REPLACE "\\\\\n" "" MAKEFILE_INC_CMAKE ${MAKEFILE_INC_CMAKE}) + string(REGEX REPLACE "([A-Za-z_]+) *= *([^\n]*)" "set(\\1 \\2)" MAKEFILE_INC_CMAKE ${MAKEFILE_INC_CMAKE}) + + file(WRITE ${OUTPUT_FILE} ${MAKEFILE_INC_CMAKE}) + set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS "${INPUT_FILE}") +endfunction() + +# + +add_subdirectory(src) + if(BUILD_EXAMPLES) add_subdirectory(example) endif() -option(BUILD_TESTING "Build libssh2 test suite" ON) if(BUILD_TESTING) enable_testing() add_subdirectory(tests) @@ -100,10 +437,12 @@ endif() option(LINT "Check style while building" OFF) if(LINT) - add_custom_target(lint ALL - ./ci/checksrc.sh - WORKING_DIRECTORY ${libssh2_SOURCE_DIR}) - add_dependencies(libssh2 lint) + add_custom_target(lint ALL "./ci/checksrc.sh" WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}) + if(BUILD_STATIC_LIBS) + add_dependencies(${LIB_STATIC} lint) + else() + add_dependencies(${LIB_SHARED} lint) + endif() endif() add_subdirectory(docs) diff --git a/COPYING b/COPYING index 937ed32e3a..6eb5146840 100644 --- a/COPYING +++ b/COPYING @@ -1,11 +1,11 @@ -/* Copyright (c) 2004-2007 Sara Golemon - * Copyright (c) 2005,2006 Mikhail Gusarov - * Copyright (c) 2006-2007 The Written Word, Inc. - * Copyright (c) 2007 Eli Fant - * Copyright (c) 2009-2021 Daniel Stenberg +/* Copyright (C) 2004-2007 Sara Golemon + * Copyright (C) 2005,2006 Mikhail Gusarov + * Copyright (C) 2006-2007 The Written Word, Inc. + * Copyright (C) 2007 Eli Fant + * Copyright (C) 2009-2023 Daniel Stenberg * Copyright (C) 2008, 2009 Simon Josefsson - * Copyright (c) 2000 Markus Friedl - * Copyright (c) 2015 Microsoft Corp. + * Copyright (C) 2000 Markus Friedl + * Copyright (C) 2015 Microsoft Corp. * All rights reserved. * * Redistribution and use in source and binary forms, @@ -41,4 +41,3 @@ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY * OF SUCH DAMAGE. */ - diff --git a/LICENSES/BSD-2-Clause.txt b/LICENSES/BSD-2-Clause.txt new file mode 100644 index 0000000000..b0bed5edf6 --- /dev/null +++ b/LICENSES/BSD-2-Clause.txt @@ -0,0 +1,9 @@ +Copyright + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/LICENSES/BSD-3-Clause.txt b/LICENSES/BSD-3-Clause.txt new file mode 100644 index 0000000000..086d3992cb --- /dev/null +++ b/LICENSES/BSD-3-Clause.txt @@ -0,0 +1,11 @@ +Copyright (c) . + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/LICENSES/FSFULLR.txt b/LICENSES/FSFULLR.txt new file mode 100644 index 0000000000..2247a667f5 --- /dev/null +++ b/LICENSES/FSFULLR.txt @@ -0,0 +1,5 @@ +# Copyright Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. diff --git a/LICENSES/MIT.txt b/LICENSES/MIT.txt new file mode 100644 index 0000000000..8aa26455d2 --- /dev/null +++ b/LICENSES/MIT.txt @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) [year] [fullname] + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/LICENSES/curl.txt b/LICENSES/curl.txt new file mode 100644 index 0000000000..982fe1e869 --- /dev/null +++ b/LICENSES/curl.txt @@ -0,0 +1,21 @@ +COPYRIGHT AND PERMISSION NOTICE + +Copyright (C) Daniel Stenberg, , and many contributors. + +All rights reserved. + +Permission to use, copy, modify, and distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright +notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN +NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE +OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of a copyright holder shall not +be used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization of the copyright holder. diff --git a/Makefile.OpenSSL.inc b/Makefile.OpenSSL.inc deleted file mode 100644 index 1e4e8f0bbb..0000000000 --- a/Makefile.OpenSSL.inc +++ /dev/null @@ -1,3 +0,0 @@ -CRYPTO_CSOURCES = openssl.c -CRYPTO_HHEADERS = openssl.h -CRYPTO_LTLIBS = $(LTLIBSSL) diff --git a/Makefile.WinCNG.inc b/Makefile.WinCNG.inc deleted file mode 100644 index bbcb82bfde..0000000000 --- a/Makefile.WinCNG.inc +++ /dev/null @@ -1,3 +0,0 @@ -CRYPTO_CSOURCES = wincng.c -CRYPTO_HHEADERS = wincng.h -CRYPTO_LTLIBS = $(LTLIBBCRYPT) $(LTLIBCRYPT32) diff --git a/Makefile.am b/Makefile.am index 986441bd68..dda85965fd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,9 @@ +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause AUTOMAKE_OPTIONS = foreign nostdinc -SUBDIRS = src tests docs +SUBDIRS = src docs +SUBDIRS += tests if BUILD_EXAMPLES SUBDIRS += example endif @@ -8,44 +11,34 @@ endif pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libssh2.pc -include_HEADERS = \ - include/libssh2.h \ - include/libssh2_publickey.h \ - include/libssh2_sftp.h - -NETWAREFILES = nw/keepscreen.c \ - nw/nwlib.c \ - nw/GNUmakefile \ - nw/test/GNUmakefile - -DSP = win32/libssh2.dsp -VCPROJ = win32/libssh2.vcproj - -DISTCLEANFILES = $(DSP) - -VMSFILES = vms/libssh2_make_example.dcl vms/libssh2_make_help.dcl \ -vms/libssh2_make_kit.dcl vms/libssh2_make_lib.dcl vms/man2help.c \ -vms/readme.vms vms/libssh2_config.h - -WIN32FILES = win32/GNUmakefile win32/test/GNUmakefile \ -win32/libssh2_config.h win32/config.mk win32/rules.mk \ -win32/Makefile.Watcom win32/libssh2.dsw win32/tests.dsp $(DSP) \ -win32/msvcproj.head win32/msvcproj.foot win32/libssh2.rc - -OS400FILES = os400/README400 os400/initscript.sh os400/make.sh \ -os400/make-src.sh os400/make-rpg.sh os400/make-include.sh \ -os400/os400sys.c os400/ccsid.c \ -os400/libssh2_config.h os400/macros.h os400/libssh2_ccsid.h \ -os400/include/alloca.h os400/include/sys/socket.h os400/include/stdio.h \ -os400/libssh2rpg/libssh2.rpgle.in \ -os400/libssh2rpg/libssh2_ccsid.rpgle.in \ -os400/libssh2rpg/libssh2_publickey.rpgle \ -os400/libssh2rpg/libssh2_sftp.rpgle \ -Makefile.os400qc3.inc - -EXTRA_DIST = $(WIN32FILES) $(NETWAREFILES) get_ver.awk \ - maketgz NMakefile RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath \ - CMakeLists.txt cmake $(OS400FILES) +include_HEADERS = \ + include/libssh2.h \ + include/libssh2_publickey.h \ + include/libssh2_sftp.h + +DISTCLEANFILES = + +VMSFILES = vms/libssh2_make_example.dcl vms/libssh2_make_help.dcl \ + vms/libssh2_make_kit.dcl vms/libssh2_make_lib.dcl vms/man2help.c \ + vms/readme.vms vms/libssh2_config.h + +WIN32FILES = src/libssh2.rc + +OS400FILES = os400/README400 os400/initscript.sh os400/make.sh \ + os400/make-src.sh os400/make-rpg.sh os400/make-include.sh \ + os400/os400sys.c os400/ccsid.c \ + os400/libssh2_config.h os400/macros.h os400/libssh2_ccsid.h \ + os400/include/alloca.h os400/include/sys/socket.h os400/include/stdio.h \ + os400/include/assert.h \ + os400/libssh2rpg/libssh2.rpgle.in \ + os400/libssh2rpg/libssh2_ccsid.rpgle.in \ + os400/libssh2rpg/libssh2_publickey.rpgle \ + os400/libssh2rpg/libssh2_sftp.rpgle + +EXTRA_DIST = $(WIN32FILES) get_ver.awk \ + maketgz RELEASE-NOTES libssh2.pc.in $(VMSFILES) config.rpath \ + CMakeLists.txt cmake git2news.pl libssh2-style.el README.md $(OS400FILES) \ + buildconf ACLOCAL_AMFLAGS = -I m4 @@ -60,7 +53,7 @@ dist-hook: (distit=`find $(srcdir) -name "*.dist"`; \ for file in $$distit; do \ strip=`echo $$file | sed -e s/^$(srcdir)// -e s/\.dist//`; \ - cp $$file $(distdir)$$strip; \ + cp -p $$file $(distdir)$$strip; \ done) # Code Coverage @@ -69,86 +62,24 @@ init-coverage: make clean lcov --directory . --zerocounters -COVERAGE_CCOPTS ?= "-g --coverage" -COVERAGE_OUT ?= docs/coverage +COVERAGE_CCOPTS := "-g --coverage" +COVERAGE_OUT := docs/coverage build-coverage: make CFLAGS=$(COVERAGE_CCOPTS) check mkdir -p $(COVERAGE_OUT) lcov --directory . --output-file $(COVERAGE_OUT)/$(PACKAGE).info \ - --capture + --capture gen-coverage: genhtml --output-directory $(COVERAGE_OUT) \ - $(COVERAGE_OUT)/$(PACKAGE).info \ - --highlight --frames --legend \ - --title "$(PACKAGE_NAME)" + $(COVERAGE_OUT)/$(PACKAGE).info \ + --highlight --frames --legend \ + --title "$(PACKAGE_NAME)" coverage: init-coverage build-coverage gen-coverage -# DSP/VCPROJ generation adapted from libcurl -# only OpenSSL and WinCNG are supported with this build system -CRYPTO_CSOURCES = openssl.c wincng.c mbedtls.c -CRYPTO_HHEADERS = openssl.h wincng.h mbedtls.h -# Makefile.inc provides the CSOURCES and HHEADERS defines -include Makefile.inc - -WIN32SOURCES = $(CSOURCES) -WIN32HEADERS = $(HHEADERS) libssh2_config.h - -$(DSP): win32/msvcproj.head win32/msvcproj.foot Makefile.am - echo "creating $(DSP)" - @( (cat $(srcdir)/win32/msvcproj.head; \ - echo "# Begin Group \"Source Files\""; \ - echo ""; \ - echo "# PROP Default_Filter \"cpp;c;cxx\""; \ - win32_srcs='$(WIN32SOURCES)'; \ - sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \ - for file in $$sorted_srcs; do \ - echo "# Begin Source File"; \ - echo ""; \ - echo "SOURCE=..\\src\\"$$file; \ - echo "# End Source File"; \ - done; \ - echo "# End Group"; \ - echo "# Begin Group \"Header Files\""; \ - echo ""; \ - echo "# PROP Default_Filter \"h;hpp;hxx\""; \ - win32_hdrs='$(WIN32HEADERS)'; \ - sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \ - for file in $$sorted_hdrs; do \ - echo "# Begin Source File"; \ - echo ""; \ - if [ "$$file" = "libssh2_config.h" ]; \ - then \ - echo "SOURCE=.\\"$$file; \ - else \ - echo "SOURCE=..\\src\\"$$file; \ - fi; \ - echo "# End Source File"; \ - done; \ - echo "# End Group"; \ - cat $(srcdir)/win32/msvcproj.foot) | \ - awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ ) - -$(VCPROJ): win32/vc8proj.head win32/vc8proj.foot Makefile.am - echo "creating $(VCPROJ)" - @( (cat $(srcdir)/vc8proj.head; \ - win32_srcs='$(WIN32SOURCES)'; \ - sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \ - for file in $$sorted_srcs; do \ - echo ""; \ - done; \ - echo ""; \ - win32_hdrs='$(WIN32HEADERS)'; \ - sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \ - for file in $$sorted_hdrs; do \ - echo ""; \ - done; \ - cat $(srcdir)/vc8proj.foot) | \ - awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ ) - checksrc: - perl src/checksrc.pl -i4 -m79 -ASIZEOFNOPAREN -ASNPRINTF -ACOPYRIGHT \ - -AFOPENMODE -Wsrc/libssh2_config.h src/*.[ch] include/*.h example/*.c \ - tests/*.[ch] + perl ci/checksrc.pl -i4 -m79 \ + -Wsrc/libssh2_config.h \ + src/*.[ch] include/*.h example/*.c tests/*.[ch] diff --git a/Makefile.inc b/Makefile.inc deleted file mode 100644 index 20d2ebeeb2..0000000000 --- a/Makefile.inc +++ /dev/null @@ -1,7 +0,0 @@ -CSOURCES = channel.c comp.c crypt.c hostkey.c kex.c mac.c misc.c \ - packet.c publickey.c scp.c session.c sftp.c userauth.c transport.c \ - version.c knownhost.c agent.c $(CRYPTO_CSOURCES) pem.c keepalive.c global.c \ - blowfish.c bcrypt_pbkdf.c agent_win.c - -HHEADERS = libssh2_priv.h $(CRYPTO_HHEADERS) transport.h channel.h comp.h \ - mac.h misc.h packet.h userauth.h session.h sftp.h crypto.h blf.h agent.h diff --git a/Makefile.libgcrypt.inc b/Makefile.libgcrypt.inc deleted file mode 100644 index 0a3aae9aad..0000000000 --- a/Makefile.libgcrypt.inc +++ /dev/null @@ -1,3 +0,0 @@ -CRYPTO_CSOURCES = libgcrypt.c -CRYPTO_HHEADERS = libgcrypt.h -CRYPTO_LTLIBS = $(LTLIBGCRYPT) diff --git a/Makefile.mbedTLS.inc b/Makefile.mbedTLS.inc deleted file mode 100644 index b9f19fce1a..0000000000 --- a/Makefile.mbedTLS.inc +++ /dev/null @@ -1,3 +0,0 @@ -CRYPTO_CSOURCES = mbedtls.c -CRYPTO_HHEADERS = mbedtls.h -CRYPTO_LTLIBS = $(LTLIBMBEDCRYPTO) diff --git a/Makefile.os400qc3.inc b/Makefile.os400qc3.inc deleted file mode 100644 index e55094d9bd..0000000000 --- a/Makefile.os400qc3.inc +++ /dev/null @@ -1,2 +0,0 @@ -CRYPTO_CSOURCES = os400qc3.c -CRYPTO_HHEADERS = os400qc3.h diff --git a/NMakefile b/NMakefile deleted file mode 100644 index 07bc2ddad1..0000000000 --- a/NMakefile +++ /dev/null @@ -1,33 +0,0 @@ -!include "win32/config.mk" - -!if "$(WITH_WINCNG)" == "1" -!include "Makefile.WinCNG.inc" -!else -!include "Makefile.OpenSSL.inc" -!endif -!include "Makefile.inc" - -OBJECTS=$(CSOURCES:.c=.obj) - -# SUBDIRS=src example -SUBDIRS=src - -all-sub: win32\objects.mk - -for %D in ($(SUBDIRS)) do $(MAKE) /nologo /f %D/NMakefile BUILD=$(BUILD) SUBDIR=%D all-sub - -clean: - -rmdir 2>NUL /s/q $(TARGET) - -del 2>NUL win32\objects.mk - -real-clean vclean: clean - -del 2>NUL libssh2.dll - -del 2>NUL libssh2.exp - -del 2>NUL libssh2.ilk - -del 2>NUL libssh2.lib - -del 2>NUL *.pdb - -win32\objects.mk: Makefile.inc - @echo OBJECTS = \>$@ - @for %O in ($(OBJECTS)) do @echo $$(INTDIR)\%O \>>$@ - @echo $$(EOL)>>$@ - diff --git a/README b/README index 89639ba7d2..fca539dbbc 100644 --- a/README +++ b/README @@ -4,7 +4,7 @@ libssh2 - SSH2 library libssh2 is a library implementing the SSH2 protocol, available under the revised BSD license. -Web site: https://www.libssh2.org/ +Web site: https://libssh2.org/ Mailing list: https://lists.haxx.se/listinfo/libssh2-devel diff --git a/README.md b/README.md index caa0b6708a..9d167c0705 100644 --- a/README.md +++ b/README.md @@ -3,11 +3,11 @@ libssh2 is a library implementing the SSH2 protocol, available under the revised BSD license. -[Web site](https://www.libssh2.org/) +[Web site](https://libssh2.org/) [Mailing list](https://lists.haxx.se/listinfo/libssh2-devel) -[BSD Licensed](https://www.libssh2.org/license.html) +[BSD Licensed](https://libssh2.org/license.html) [Web site source code](https://github.com/libssh2/www) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 62064a9fe6..2d0affc039 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,62 +1,174 @@ -libssh2 1.10 +libssh2 1.11.1_DEV This release includes the following enhancements and bugfixes: - o adds agent forwarding support - o adds OpenSSH Agent support on Windows - o adds ECDSA key support using the Mbed TLS backend - o adds ECDSA cert authentication - o adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, - diffie-hellman-group18-sha512 key exchanges - o adds support for PKIX key reading when using ed25519 with OpenSSL - o adds support for EWOULDBLOCK on VMS systems - o adds support for building with OpenSSL 3 - o adds support for using FIPS mode in OpenSSL - o adds debug symbols when building with MSVC - o adds support for building on the 3DS - o adds unicode build support on Windows - o restores os400 building - o increases min, max and opt Diffie Hellman group values - o improves portiablity of the make file - o improves timeout behavior with 2FA keyboard auth - o various improvements to the Wincng backend - o fixes reading parital packet replies when using an agent - o fixes Diffie Hellman key exchange on Windows 1903+ builds - o fixes building tests with older versions of OpenSSL - o fixes possible multiple definition warnings - o fixes potential cast issues _libssh2_ecdsa_key_get_curve_type() - o fixes potential use after free if libssh2_init() is called twice - o improved linking when using Mbed TLS - o fixes call to libssh2_crypto_exit() if crypto hasn't been initialized - o fixes crash when loading public keys with no id - o fixes possible out of bounds read when exchanging keys - o fixes possible out of bounds read when reading packets - o fixes possible out of bounds read when opening an X11 connection - o fixes possible out of bounds read when ecdh host keys - o fixes possible hang when trying to read a disconnected socket - o fixes a crash when using the delayed compression option - o fixes read error with large known host entries - o fixes various warnings - o fixes various small memory leaks - o improved error handling, various detailed errors will now be reported - o builds are now using OSS-Fuzz - o builds now use autoreconf instead of a custom build script - o cmake now respects install directory - o improved CI backend - o updated HACKING-CRYPTO documentation - o use markdown file extensions - o improved unit tests +- autotools: delete `--disable-tests` option, fix CI tests (e051ae34 #1271 revert: 7483edfa) +- autotools: show the default for `hidden-symbols` option (a3f5594a #1269) +- autotools: enable `-Wunused-macros` with gcc (ecdf5199 #1262 #1227 #1224) +- autotools: fix dotless gcc and Apple clang version detections (89ccc83c #1232 #1187) +- autotools: show more clang/gcc version details (fb580161 #1230) +- autotools: avoid warnings in libtool stub code (96682bd5 #1227 #1224) +- autotools: sync warning enabler code with curl (5996fefe #1223) +- autotools: rename variable (ce5f208a #1222) +- autotools: picky warning options tidy-up (cdca8cff #1221) +- autotools: fix selecting WinCNG in cross-builds (and more) (00a3b88c #1187 #1186) +- autotools: use comma separator in `Requires.private` of `libssh2.pc` (7f83de14 #1124) +- autotools: improve libz position (c89174a7 #1077 #1075 #1013 regr: 4f0f4bff) +- autotools: skip tests requiring static lib if `--disable-static` (572c57c9 #1072 #1056 regr: 83853f8a) +- build: enable `-pedantic-errors` (3ec53f3e #1286) +- build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute (f8c45794 #1287) +- build: add `LIBSSH2_NO_DEPRECATED` option (b1414503 #1267 #1266 #1260 #1259) +- build: enable missing OpenSSF-recommended warnings, with fixes (afa6b865 #1257) +- build: enable more compiler warnings and fix them (7ecc309c #1224) +- build: picky warning updates (328a96b3 #1219) +- build: revert: respect autotools `DLL_EXPORT` in `libssh2.h` (481be044 #1141 revert: fb1195cf) +- build: stop requiring libssl from openssl (c84745e3 #1128) +- build: tidy-up `libssh2.pc.in` variable names (5720dd9f #1125) +- build: add/fix `Requires.private` packages in `libssh2.pc` (ef538069 #1123) +- checksrc: sync with curl (8cd473c9 #1272) +- checksrc: fix spelling in comment (a95d401f) +- checksrc: modernise perl file open (3d309f9b) +- checksrc: switch to dot file (d67a91aa #1052) +- ci: add FreeBSD 14 job, fix issues (46333adf #1277) +- ci: add OmniOS job, fix issues (5e0ec991) +- ci: show compiler in cross/cygwin job names (c9124088) +- ci: add OpenBSD (v7.4) job + fix build error in example (0c9a8e35 #1250) +- ci: add NetBSD (v9.3) job (65c7a7a5) +- ci: update and speed up FreeBSD job (eee4e805) +- ci: use absolute path in `CMAKE_INSTALL_PREFIX` (74948816 #1247) +- ci: boost mbedTLS build speed (236e79a1 #1245) +- ci: add BoringSSL job (cmake, gcc, amd64) (c9dd3566 #1233) +- ci: fixup FreeBSD version, bump mbedTLS (fea6664e #1217) +- ci: add FreeBSD 13.2 job (a7d2a573 #1215) +- ci: mbedTLS 3.5.0 (5e190442 #1202) +- ci: update actions, use shallow clones with appveyor (d468a33f #1199) +- ci: replace `mv` + `chmod` with `install` in `Dockerfile` (5754fed6 #1175) +- ci: set file mode early in `appveyor_docker.yml` (633db55f) +- ci: add spellcheck (codespell) (a79218d3) +- ci: add MSYS builds (autotools and cmake) (d43b8d9b #1162) +- ci: add Cygwin builds (autotools and cmake) (f1e96e73 #1161) +- ci: add mingw-w64 UWP build (1215aa5f #1155 #1147) +- ci: add missing timeout to 'autotools distcheck' step (6265ffdb) +- ci: add non-static autotools i386 build, ignore GHA updates on AppVeyor (c6e137f7 #1074 #1072) +- ci: prefer `=` operator in shell snippets (e5c03043 #1073) +- ci: drop redundant/unused vars, sync var names (ab8e95bc #1059) +- ci: add i386 Linux build (with mbedTLS) (abdf40c7 #1057 #1053) +- ci/appveyor: delete UWP job broken since Visual Studio upgrade (d0a7f1da #1275) +- ci/appveyor: YAML/PowerShell formatting, shorten variable name (06fd721f #1200) +- ci/appveyor: move to pure PowerShell (8a081fd9 #1197) +- ci/GHA: restore curly braces in `if` (36748270 #1145) +- ci/GHA: simplify `if` strings (cab3db58 #1140) +- cmake: rename picky warnings script (64d6789f #1225) +- cmake: fix multiple include of libssh2 package (932d6a32 #1216) +- cmake: show crypto backend in feature summary (20387285 #1211) +- cmake: simplify showing CMake version (fc00bdd7 #1203) +- cmake: cleanup mbedTLS version detection more (4c241d5c #1196 #1192) +- cmake: delete duplicate `include()` (30eef0a6) +- cmake: improve/fix mbedTLS detection (41594675 #1192 #1191) +- cmake: tidy-up `foreach()` syntax (4a64ca14 #1180) +- cmake: verify `libssh2_VERSION` in integration tests (a20572e9) +- cmake: show cmake versions in ci (87f5769b) +- cmake: quote more strings (e9c7d3af #1173) +- cmake: add `ExternalProject` integration test (aeaefaf6 #1171) +- cmake: add integration tests (8715c3d5 #1170) +- cmake: (re-)add aliases for `add_subdirectory()` builds (4ff64ae3 #1169) +- cmake: style tidy-up (3fa5282d #1166) +- cmake: add `LIB_NAME` variable (5453fc80 #1159) +- cmake: tidy-up concatenation in `CMAKE_MODULE_PATH` (ae7d5108 #1157) +- cmake: replace `libssh2` literals with `PROJECT_NAME` variable (72fd2595 #1152) +- cmake: fix `STREQUAL` check in error branch (42d3bf13 #1151) +- cmake: cache more config values on Windows (11a03690 #1142) +- cmake: streamline invocation (f58f77b5 #1138) +- cmake: merge `set_target_properties()` calls (a9091007 #1132) +- cmake: (re-)add zlib to `Libs.private` in `libssh2.pc` (64643018 #1131) +- cmake: use `wolfssl/options.h` for detection, like autotools (c5ec6c49 #1130) +- cmake: add openssl libs to `Libs.private` in `libssh2.pc` (5cfa59d3 #1127) +- cmake: bump minimum CMake version to v3.7.0 (9cd18f45 #1126) +- cmake: CMAKE_SOURCE_DIR -> PROJECT_SOURCE_DIR (0f396aa9 #1121) +- cmake: tidy-ups (2fc36790 #1122) +- cmake: re-add `Libssh2:libssh2` for compatibility + lowercase namespace (2da13c13 #1104 #1103) +- configure.ac: remove AB_INIT (f4f52ccc) +- copyright: remove years from copyright headers (187d89bb #1082) +- docs: replace SHA1 with SHA256 in CMake example (766bde9f) +- drop `www.` from `www.libssh2.org` (6e3e8839 #1172) +- example: use `libssh2_socket_t` in X11 example (3f60ccb7) +- example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (8d69e63d #1258 follow: 6c84a426) +- example: fix regression in `ssh2_exec.c` (279a2e57 #1106 #1105 regr: b13936bd) +- example, tests: call `WSACleanup()` for each `WSAStartup()` (94b6bad3 #1283) +- example, tests: fix/silence `-Wformat-truncation=2` gcc warnings (744e059f) +- hostkey: do not advertise ssh-rsa when SHA1 is disabled (82d1b8ff #1093 #1092) +- libssh2.h: add deprecated function warnings (9839ebe5 #1289 #1260) +- libssh2.h: add portable `LIBSSH2_SOCKET_CLOSE()` macro (28dbf016 #1278) +- libssh2.h: use `_WIN32` for Windows detection instead of rolling our own (631e7734 #1238) +- libssh2.pc: re-add & extend support for static-only libssh2 builds (624abe27 #1119 #1114) +- libssh2.pc: don't put `@LIBS@` in pc file (1209c16d) +- Makefile.am: fix `cp` to preserve attributes and timestamp (f64e6318) +- Makefile.mk: delete Windows-focused raw GNU Make build (43485579 #1204) +- man: fix double spaces and dash escaping (a3ffc422 #1210) +- man: add description to `libssh2_session_get_blocking.3` (67e39091 #1185) +- mbedtls: improve disabling `-Wredundant-decls` (ecec68a2 #1226 #1224) +- mbedtls: include `version.h` for `MBEDTLS_VERSION_NUMBER` (9d7bc253 #1095 #1094) +- mbedtls: use more `size_t` to sync up with `crypto.h` (1153ebde #1054 #1053) +- md5: allow disabling old-style encrypted private keys at build-time (eb9f9de2 #1181) +- mingw: fix printf mask for 64-bit integers (36c1e1d1 #1091 #1090) +- misc: flatten `_libssh2_explicit_zero` if tree (74e74288 #1149) +- NMakefile: delete (c515eed3 #1134 #1129) +- openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job (363dcbf4 #1243 #1235 #1207) +- openssl: make a function static, add `#ifdef` comments (efee9133 #1246 follow: 03092292) +- openssl: fix DSA code to use OpenSSL 3 API (82581941 #1244 #1207) +- openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build (487152f4 #1236 #1235 #1207) +- openssl: use non-deprecated APIs with OpenSSL 3.x (b0ab005f #1207) +- openssl: silence `-Wunused-value` warnings (bf285500 #1205) +- openssl: use automatic initialization with LibreSSL 2.7.0+ (d79047c9 #1146) +- openssl: add missing check for `LIBRESSL_VERSION_NUMBER` before use (4a42f42e #1117 #1115) +- packet: properly bounds check packet_authagent_open() (88a960a8 #1179) +- pem: fix private keys encrypted with AES-GCM methods (e87bdefa #1133) +- reuse: fix duplicate copyright warning (b9a4ed83) +- reuse: comply with 3.1 spec and 2.0.0 checker (fe6239a1 #1102 #1101 #1098) +- reuse: provide SPDX identifiers (f6aa31f4 #1084) +- scp: fix missing cast for targets without large file support (c317e06f #1060 #1057 #1002 regr: 5db836b2) +- session: add `libssh2_session_callback_set2()` (c0f69548 #1285) +- session: handle EINTR from send/recv/poll/select to try again as the error is not fatal (798ed4a7 #1058) +- src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" (d34d9258 #1291 #1290) +- src: disable `-Wsign-conversion` warnings, add option to re-enable (6e451669 #1284 #1257) +- src: fix gcc 13 `-Wconversion` warning on Darwin (8cca7b77 #1209 follow: 08354e0a) +- src: drop a redundant `#include` (1f0174d0 #1153) +- src: improve MSVC C4701 warning fix (8b924999 #1086 #1083) +- src: bump `hash_len` to `size_t` in `LIBSSH2_HOSTKEY_METHOD` (8b917d76 #1076) +- src: bump DSA and ECDSA sign `hash_len` to `size_t` (7b8e0225 #1055) +- stop using leading underscores in macro names (c6589b88 #1248) +- tests: sync port number type with the rest of codebase (eb996af8) +- tests: fall back to `$LOGNAME` for username (5326a5ce #1241 #1240) +- tests: show cmake version used in integration tests (2cd2f40e #1201) +- tests: formatting and tidy-ups (e61987a3) +- tests: replace FIXME with comments (1a99a86a) +- tests: add aes256-gcm encrypted key test (802336cf #1135 #1133) +- tests: trap signals in scripts (b2916b28 #1098) +- tests: cast to avoid `-Wchar-subscripts` with Cygwin (43df6a46 #1081 #1080) +- test_read: make it run without Docker (57e9d18e #1139) +- test_sshd.test: show sshd and test connect logs on harness failure (299c2040 #1097) +- test_sshd.test: set a safe PID directory (e8cabdcf #1089) +- test_sshd.test: minor cleanups (d29eea1d) +- tidy-up: bump casts from int to long for large C99 types in printfs (2e5a8719 #1264 #1257) +- tidy-up: `unsigned` -> `unsigned int` (b136c379) +- tidy-up: around `stdint.h` (bfa00f1b #1212) +- tidy-up: fix typo in `readme.vms` (a9a79e7a) +- tidy-up: delete duplicate word from comment (76307435) +- tidy-up: avoid exclamations, prefer single quotes, in outputs (003fb454 #1079) +- TODO: disable or drop weak algos (0b4bdc85 #1261) +- transport: fix incorrect byte offset in debug message (2388a3aa #1096) +- userauth: add a new structure to separate memory read and file read (63b4c20e) +- userauth: check whether `*key_method` is a NULL pointer instead of `key_method` (bec57c40) +- wincng: prefer `ULONG`/`DWORD` over `unsigned long` (186c1d63 #1165) +- wincng: tidy-ups (7bb669b5 #1164) +- windows: use built-in `_WIN32` macro to detect Windows (6fbc9505 #1195) This release would not have looked like this without help, code, reports and advice from friends like these: - katzer, Orgad Shaneh, mark-i-m, Zenju, axjowa, Thilo Schulz, - Etienne Samson, hlefebvre, seba30, Panos, jethrogb, Fabrice Fontaine, - Will Cosgrove, Daniel Stenberg, Michael Buckley, Wallace Souza Silva, - Romain-Geissler-1A, meierha, Tseng Jun, Thomas Klausner, Brendan Shanks, - Harry Sintonen, monnerat, Koutheir Attouchi, Marc Hörsken, yann-morin-1998, - Wez Furlong, TDi-jonesds, David Benjamin, Max Dymond, Igor Klevanets, - Viktor Szakats, Laurent Stacul, Mstrodl, Gabriel Smith, MarcT512, - Paul Capron, teottin, Tor Erik Ottinsen, Brian Inglis - - (40 contributors) + Viktor Szakats, Ren Mingshuai, Michael Buckley, Daniel Stenberg, Aaron Stone, + Brian Inglis, concussious on Github, Dan Fandrich, Haowei Hsu, + Harmen Stoppels, Harry Mallon, Jack L, Jakob Egger, João M. S. Silva, + Joel Depooter, Kai Pastor, Kenneth Davidson, mike-jumper, naddy, + Nicolas Mora, Nursan Valeyev, PewPewPew, Radek Brich, rahmanih on Github, + Steve McIntyre, Will Cosgrove, Xi Ruoyao diff --git a/acinclude.m4 b/acinclude.m4 index 2066f0ec9b..e4c25c306b 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -1,3 +1,134 @@ +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause +dnl CURL_CPP_P +dnl +dnl Check if $cpp -P should be used for extract define values due to gcc 5 +dnl splitting up strings and defines between line outputs. gcc by default +dnl (without -P) will show TEST EINVAL TEST as +dnl +dnl # 13 "conftest.c" +dnl TEST +dnl # 13 "conftest.c" 3 4 +dnl 22 +dnl # 13 "conftest.c" +dnl TEST + +AC_DEFUN([CURL_CPP_P], [ + AC_MSG_CHECKING([if cpp -P is needed]) + AC_EGREP_CPP([TEST.*TEST], [ + #include +TEST EINVAL TEST + ], [cpp=no], [cpp=yes]) + AC_MSG_RESULT([$cpp]) + + dnl we need cpp -P so check if it works then + if test "x$cpp" = "xyes"; then + AC_MSG_CHECKING([if cpp -P works]) + OLDCPPFLAGS=$CPPFLAGS + CPPFLAGS="$CPPFLAGS -P" + AC_EGREP_CPP([TEST.*TEST], [ + #include +TEST EINVAL TEST + ], [cpp_p=yes], [cpp_p=no]) + AC_MSG_RESULT([$cpp_p]) + + if test "x$cpp_p" = "xno"; then + AC_MSG_WARN([failed to figure out cpp -P alternative]) + # without -P + CPPPFLAG="" + else + # with -P + CPPPFLAG="-P" + fi + dnl restore CPPFLAGS + CPPFLAGS=$OLDCPPFLAGS + else + # without -P + CPPPFLAG="" + fi +]) + +dnl CURL_CHECK_DEF (SYMBOL, [INCLUDES], [SILENT]) +dnl ------------------------------------------------- +dnl Use the C preprocessor to find out if the given object-style symbol +dnl is defined and get its expansion. This macro will not use default +dnl includes even if no INCLUDES argument is given. This macro will run +dnl silently when invoked with three arguments. If the expansion would +dnl result in a set of double-quoted strings the returned expansion will +dnl actually be a single double-quoted string concatenating all them. + +AC_DEFUN([CURL_CHECK_DEF], [ + AC_REQUIRE([CURL_CPP_P])dnl + OLDCPPFLAGS=$CPPFLAGS + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" + AS_VAR_PUSHDEF([ac_HaveDef], [curl_cv_have_def_$1])dnl + AS_VAR_PUSHDEF([ac_Def], [curl_cv_def_$1])dnl + if test -z "$SED"; then + AC_MSG_ERROR([SED not set. Cannot continue without SED being set.]) + fi + if test -z "$GREP"; then + AC_MSG_ERROR([GREP not set. Cannot continue without GREP being set.]) + fi + ifelse($3,,[AC_MSG_CHECKING([for preprocessor definition of $1])]) + tmp_exp="" + AC_PREPROC_IFELSE([ + AC_LANG_SOURCE( +ifelse($2,,,[$2])[[ +#ifdef $1 +CURL_DEF_TOKEN $1 +#endif + ]]) + ],[ + tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \ + "$GREP" CURL_DEF_TOKEN 2>/dev/null | \ + "$SED" 's/.*CURL_DEF_TOKEN[[ ]][[ ]]*//' 2>/dev/null | \ + "$SED" 's/[["]][[ ]]*[["]]//g' 2>/dev/null` + if test -z "$tmp_exp" || test "$tmp_exp" = "$1"; then + tmp_exp="" + fi + ]) + if test -z "$tmp_exp"; then + AS_VAR_SET(ac_HaveDef, no) + ifelse($3,,[AC_MSG_RESULT([no])]) + else + AS_VAR_SET(ac_HaveDef, yes) + AS_VAR_SET(ac_Def, $tmp_exp) + ifelse($3,,[AC_MSG_RESULT([$tmp_exp])]) + fi + AS_VAR_POPDEF([ac_Def])dnl + AS_VAR_POPDEF([ac_HaveDef])dnl + CPPFLAGS=$OLDCPPFLAGS +]) + +dnl CURL_CHECK_COMPILER_CLANG +dnl ------------------------------------------------- +dnl Verify if compiler being used is clang. + +AC_DEFUN([CURL_CHECK_COMPILER_CLANG], [ + AC_BEFORE([$0],[CURL_CHECK_COMPILER_GNU_C])dnl + AC_MSG_CHECKING([if compiler is clang]) + CURL_CHECK_DEF([__clang__], [], [silent]) + if test "$curl_cv_have_def___clang__" = "yes"; then + AC_MSG_RESULT([yes]) + AC_MSG_CHECKING([if compiler is xlclang]) + CURL_CHECK_DEF([__ibmxl__], [], [silent]) + if test "$curl_cv_have_def___ibmxl__" = "yes" ; then + dnl IBM's almost-compatible clang version + AC_MSG_RESULT([yes]) + compiler_id="XLCLANG" + else + AC_MSG_RESULT([no]) + compiler_id="CLANG" + fi + flags_dbg_yes="-g" + flags_opt_all="-O -O0 -O1 -O2 -Os -O3 -O4" + flags_opt_yes="-O2" + flags_opt_off="-O0" + else + AC_MSG_RESULT([no]) + fi +]) dnl ********************************************************************** dnl CURL_DETECT_ICC ([ACTION-IF-YES]) @@ -7,146 +138,490 @@ dnl sets the $ICC variable to "yes" or "no" dnl ********************************************************************** AC_DEFUN([CURL_DETECT_ICC], [ - ICC="no" - AC_MSG_CHECKING([for icc in use]) - if test "$GCC" = "yes"; then - dnl check if this is icc acting as gcc in disguise - AC_EGREP_CPP([^__INTEL_COMPILER], [__INTEL_COMPILER], - dnl action if the text is found, this it has not been replaced by the - dnl cpp - ICC="no", - dnl the text was not found, it was replaced by the cpp - ICC="yes" - AC_MSG_RESULT([yes]) - [$1] - ) - fi - if test "$ICC" = "no"; then - # this is not ICC - AC_MSG_RESULT([no]) - fi + ICC="no" + AC_MSG_CHECKING([for icc in use]) + if test "$GCC" = "yes"; then + dnl check if this is icc acting as gcc in disguise + AC_EGREP_CPP([^__INTEL_COMPILER], [__INTEL_COMPILER], + dnl action if the text is found, this it has not been replaced by the + dnl cpp + ICC="no", + dnl the text was not found, it was replaced by the cpp + ICC="yes" + AC_MSG_RESULT([yes]) + [$1] + ) + fi + if test "$ICC" = "no"; then + # this is not ICC + AC_MSG_RESULT([no]) + fi ]) dnl We create a function for detecting which compiler we use and then set as -dnl pendantic compiler options as possible for that particular compiler. The +dnl pedantic compiler options as possible for that particular compiler. The dnl options are only used for debug-builds. AC_DEFUN([CURL_CC_DEBUG_OPTS], [ - if test "z$ICC" = "z"; then - CURL_DETECT_ICC + if test "z$CLANG" = "z"; then + CURL_CHECK_COMPILER_CLANG + if test "z$compiler_id" = "zCLANG"; then + CLANG="yes" + else + CLANG="no" fi + fi + if test "z$ICC" = "z"; then + CURL_DETECT_ICC + fi - if test "$GCC" = "yes"; then - - dnl figure out gcc version! - AC_MSG_CHECKING([gcc version]) - gccver=`$CC -dumpversion` - num1=`echo $gccver | cut -d . -f1` - num2=`echo $gccver | cut -d . -f2` - gccnum=`(expr $num1 "*" 100 + $num2) 2>/dev/null` - AC_MSG_RESULT($gccver) - - if test "$ICC" = "yes"; then - dnl this is icc, not gcc. - - dnl ICC warnings we ignore: - dnl * 269 warns on our "%Od" printf formatters for curl_off_t output: - dnl "invalid format string conversion" - dnl * 279 warns on static conditions in while expressions - dnl * 981 warns on "operands are evaluated in unspecified order" - dnl * 1418 "external definition with no prior declaration" - dnl * 1419 warns on "external declaration in primary source file" - dnl which we know and do on purpose. - - WARN="-wd279,269,981,1418,1419" - - if test "$gccnum" -gt "600"; then - dnl icc 6.0 and older doesn't have the -Wall flag - WARN="-Wall $WARN" - fi - else dnl $ICC = yes - dnl this is a set of options we believe *ALL* gcc versions support: - WARN="-W -Wall -Wwrite-strings -pedantic -Wpointer-arith -Wnested-externs -Winline -Wmissing-prototypes" - - dnl -Wcast-align is a bit too annoying on all gcc versions ;-) - - if test "$gccnum" -ge "207"; then - dnl gcc 2.7 or later - WARN="$WARN -Wmissing-declarations" - fi - - if test "$gccnum" -gt "295"; then - dnl only if the compiler is newer than 2.95 since we got lots of - dnl "`_POSIX_C_SOURCE' is not defined" in system headers with - dnl gcc 2.95.4 on FreeBSD 4.9! - WARN="$WARN -Wundef -Wno-long-long -Wsign-compare" - fi - - if test "$gccnum" -ge "296"; then - dnl gcc 2.96 or later - WARN="$WARN -Wfloat-equal" - fi - - if test "$gccnum" -gt "296"; then - dnl this option does not exist in 2.96 - WARN="$WARN -Wno-format-nonliteral" - fi - - dnl -Wunreachable-code seems totally unreliable on my gcc 3.3.2 on - dnl on i686-Linux as it gives us heaps with false positives. - dnl Also, on gcc 4.0.X it is totally unbearable and complains all - dnl over making it unusable for generic purposes. Let's not use it. - - if test "$gccnum" -ge "303"; then - dnl gcc 3.3 and later - WARN="$WARN -Wendif-labels -Wstrict-prototypes" - fi - - if test "$gccnum" -ge "304"; then - # try these on gcc 3.4 - WARN="$WARN -Wdeclaration-after-statement" - fi - - for flag in $CPPFLAGS; do - case "$flag" in - -I*) - dnl Include path, provide a -isystem option for the same dir - dnl to prevent warnings in those dirs. The -isystem was not very - dnl reliable on earlier gcc versions. - add=`echo $flag | sed 's/^-I/-isystem /g'` - WARN="$WARN $add" + if test "$CLANG" = "yes"; then + + # indentation to match curl's m4/curl-compilers.m4 + + dnl figure out clang version! + AC_MSG_CHECKING([compiler version]) + fullclangver=`$CC -v 2>&1 | grep version` + if echo $fullclangver | grep 'Apple' >/dev/null; then + appleclang=1 + else + appleclang=0 + fi + clangver=`echo $fullclangver | grep "based on LLVM " | "$SED" 's/.*(based on LLVM \(@<:@0-9@:>@*\.@<:@0-9@:>@*\).*)/\1/'` + if test -z "$clangver"; then + clangver=`echo $fullclangver | "$SED" 's/.*version \(@<:@0-9@:>@*\.@<:@0-9@:>@*\).*/\1/'` + oldapple=0 + else + oldapple=1 + fi + clangvhi=`echo $clangver | cut -d . -f1` + clangvlo=`echo $clangver | cut -d . -f2` + compiler_num=`(expr $clangvhi "*" 100 + $clangvlo) 2>/dev/null` + if test "$appleclang" = '1' && test "$oldapple" = '0'; then + dnl Starting with Xcode 7 / clang 3.7, Apple clang won't tell its upstream version + if test "$compiler_num" -ge '1300'; then compiler_num='1200' + elif test "$compiler_num" -ge '1205'; then compiler_num='1101' + elif test "$compiler_num" -ge '1204'; then compiler_num='1000' + elif test "$compiler_num" -ge '1107'; then compiler_num='900' + elif test "$compiler_num" -ge '1103'; then compiler_num='800' + elif test "$compiler_num" -ge '1003'; then compiler_num='700' + elif test "$compiler_num" -ge '1001'; then compiler_num='600' + elif test "$compiler_num" -ge '904'; then compiler_num='500' + elif test "$compiler_num" -ge '902'; then compiler_num='400' + elif test "$compiler_num" -ge '803'; then compiler_num='309' + elif test "$compiler_num" -ge '703'; then compiler_num='308' + else compiler_num='307' + fi + fi + AC_MSG_RESULT([clang '$compiler_num' (raw: '$fullclangver' / '$clangver')]) + + tmp_CFLAGS="-pedantic" + if test "$want_werror" = "yes"; then + LIBSSH2_CFLAG_EXTRAS="$LIBSSH2_CFLAG_EXTRAS -pedantic-errors" + fi + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [all extra]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [pointer-arith write-strings]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [shadow]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [inline nested-externs]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-declarations]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-prototypes]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-long-long" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [float-equal]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sign-compare]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-multichar" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [undef]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-format-nonliteral" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [endif-labels strict-prototypes]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [declaration-after-statement]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [cast-align]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-system-headers" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [shorten-64-to-32]) + # + dnl Only clang 1.1 or later + if test "$compiler_num" -ge "101"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused]) + fi + # + dnl Only clang 2.7 or later + if test "$compiler_num" -ge "207"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [address]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [attributes]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [bad-function-cast]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [conversion]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [div-by-zero format-security]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [empty-body]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-field-initializers]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-noreturn]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [old-style-definition]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [redundant-decls]) + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [switch-enum]) # Not used because this basically disallows default case + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [type-limits]) + if test "x$have_windows_h" != "xyes"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused-macros]) # Seen to clash with libtool-generated stub code + fi + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unreachable-code unused-parameter]) + fi + # + dnl Only clang 2.8 or later + if test "$compiler_num" -ge "208"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [ignored-qualifiers]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [vla]) + fi + # + dnl Only clang 2.9 or later + if test "$compiler_num" -ge "209"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sign-conversion]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-error=sign-conversion" # FIXME + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [shift-sign-overflow]) + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [padded]) # Not used because we cannot change public structs + fi + # + dnl Only clang 3.0 or later + if test "$compiler_num" -ge "300"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [language-extension-token]) + tmp_CFLAGS="$tmp_CFLAGS -Wformat=2" + fi + # + dnl Only clang 3.2 or later + if test "$compiler_num" -ge "302"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [enum-conversion]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sometimes-uninitialized]) + case $host_os in + cygwin* | mingw*) + dnl skip missing-variable-declarations warnings for cygwin and + dnl mingw because the libtool wrapper executable causes them ;; - esac - done - - fi dnl $ICC = no - - CFLAGS="$CFLAGS $WARN" - - AC_MSG_NOTICE([Added this set of compiler options: $WARN]) + *) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-variable-declarations]) + ;; + esac + fi + # + dnl Only clang 3.4 or later + if test "$compiler_num" -ge "304"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [header-guard]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused-const-variable]) + fi + # + dnl Only clang 3.5 or later + if test "$compiler_num" -ge "305"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [pragmas]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unreachable-code-break]) + fi + # + dnl Only clang 3.6 or later + if test "$compiler_num" -ge "306"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [double-promotion]) + fi + # + dnl Only clang 3.9 or later + if test "$compiler_num" -ge "309"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [comma]) + # avoid the varargs warning, fixed in 4.0 + # https://bugs.llvm.org/show_bug.cgi?id=29140 + if test "$compiler_num" -lt "400"; then + tmp_CFLAGS="$tmp_CFLAGS -Wno-varargs" + fi + fi + dnl clang 7 or later + if test "$compiler_num" -ge "700"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [assign-enum]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [extra-semi-stmt]) + fi + dnl clang 10 or later + if test "$compiler_num" -ge "1000"; then + tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough" # we have silencing markup for clang 10.0 and above only + fi + + CFLAGS="$CFLAGS $tmp_CFLAGS" + + AC_MSG_NOTICE([Added this set of compiler options: $tmp_CFLAGS]) + + elif test "$GCC" = "yes"; then + + # indentation to match curl's m4/curl-compilers.m4 + + dnl figure out gcc version! + AC_MSG_CHECKING([compiler version]) + # strip '-suffix' parts, e.g. Ubuntu Windows cross-gcc returns '10-win32' + gccver=`$CC -dumpversion | sed -E 's/-.+$//'` + gccvhi=`echo $gccver | cut -d . -f1` + if echo $gccver | grep -F "." >/dev/null; then + gccvlo=`echo $gccver | cut -d . -f2` + else + gccvlo="0" + fi + compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` + AC_MSG_RESULT([gcc '$compiler_num' (raw: '$gccver')]) + + if test "$ICC" = "yes"; then + dnl this is icc, not gcc. + + dnl ICC warnings we ignore: + dnl * 269 warns on our "%Od" printf formatters for curl_off_t output: + dnl "invalid format string conversion" + dnl * 279 warns on static conditions in while expressions + dnl * 981 warns on "operands are evaluated in unspecified order" + dnl * 1418 "external definition with no prior declaration" + dnl * 1419 warns on "external declaration in primary source file" + dnl which we know and do on purpose. + + tmp_CFLAGS="-wd279,269,981,1418,1419" + + if test "$compiler_num" -gt "600"; then + dnl icc 6.0 and older doesn't have the -Wall flag + tmp_CFLAGS="-Wall $tmp_CFLAGS" + fi + else dnl $ICC = yes + dnl this is a set of options we believe *ALL* gcc versions support: + tmp_CFLAGS="-pedantic" + if test "$want_werror" = "yes"; then + LIBSSH2_CFLAG_EXTRAS="$LIBSSH2_CFLAG_EXTRAS -pedantic-errors" + fi + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [all]) + tmp_CFLAGS="$tmp_CFLAGS -W" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [pointer-arith write-strings]) + # + dnl Only gcc 2.7 or later + if test "$compiler_num" -ge "207"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [inline nested-externs]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-declarations]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-prototypes]) + fi + # + dnl Only gcc 2.95 or later + if test "$compiler_num" -ge "295"; then + tmp_CFLAGS="$tmp_CFLAGS -Wno-long-long" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [bad-function-cast]) + fi + # + dnl Only gcc 2.96 or later + if test "$compiler_num" -ge "296"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [float-equal]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-multichar" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sign-compare]) + dnl -Wundef used only if gcc is 2.96 or later since we get + dnl lots of "`_POSIX_C_SOURCE' is not defined" in system + dnl headers with gcc 2.95.4 on FreeBSD 4.9 + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [undef]) + fi + # + dnl Only gcc 2.97 or later + if test "$compiler_num" -ge "297"; then + tmp_CFLAGS="$tmp_CFLAGS -Wno-format-nonliteral" + fi + # + dnl Only gcc 3.0 or later + if test "$compiler_num" -ge "300"; then + tmp_CFLAGS="$tmp_CFLAGS -Wno-system-headers" + dnl -Wunreachable-code seems totally unreliable on my gcc 3.3.2 on + dnl on i686-Linux as it gives us heaps with false positives. + dnl Also, on gcc 4.0.X it is totally unbearable and complains all + dnl over making it unusable for generic purposes. Let's not use it. + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused shadow]) + fi + # + dnl Only gcc 3.3 or later + if test "$compiler_num" -ge "303"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [endif-labels strict-prototypes]) + fi + # + dnl Only gcc 3.4 or later + if test "$compiler_num" -ge "304"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [declaration-after-statement]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [old-style-definition]) + fi + # + dnl Only gcc 4.0 or later + if test "$compiler_num" -ge "400"; then + tmp_CFLAGS="$tmp_CFLAGS -Wstrict-aliasing=3" + fi + # + dnl Only gcc 4.1 or later (possibly earlier) + if test "$compiler_num" -ge "401"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [attributes]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [div-by-zero format-security]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-field-initializers]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-noreturn]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unreachable-code unused-parameter]) + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [padded]) # Not used because we cannot change public structs + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [pragmas]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [redundant-decls]) + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [switch-enum]) # Not used because this basically disallows default case + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused-macros]) + fi + # + dnl Only gcc 4.2 or later + if test "$compiler_num" -ge "402"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [cast-align]) + fi + # + dnl Only gcc 4.3 or later + if test "$compiler_num" -ge "403"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [address]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [type-limits old-style-declaration]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-parameter-type empty-body]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [clobbered ignored-qualifiers]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [conversion trampolines]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sign-conversion]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-error=sign-conversion" # FIXME + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [vla]) + dnl required for -Warray-bounds, included in -Wall + tmp_CFLAGS="$tmp_CFLAGS -ftree-vrp" + fi + # + dnl Only gcc 4.5 or later + if test "$compiler_num" -ge "405"; then + dnl Only windows targets + case $host_os in + mingw*) + tmp_CFLAGS="$tmp_CFLAGS -Wno-pedantic-ms-format" + ;; + esac + fi + # + dnl Only gcc 4.6 or later + if test "$compiler_num" -ge "406"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [double-promotion]) + fi + # + dnl only gcc 4.8 or later + if test "$compiler_num" -ge "408"; then + tmp_CFLAGS="$tmp_CFLAGS -Wformat=2" + fi + # + dnl Only gcc 5 or later + if test "$compiler_num" -ge "500"; then + tmp_CFLAGS="$tmp_CFLAGS -Warray-bounds=2" + fi + # + dnl Only gcc 6 or later + if test "$compiler_num" -ge "600"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [shift-negative-value]) + tmp_CFLAGS="$tmp_CFLAGS -Wshift-overflow=2" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [null-dereference]) + tmp_CFLAGS="$tmp_CFLAGS -fdelete-null-pointer-checks" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [duplicated-cond]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused-const-variable]) + fi + # + dnl Only gcc 7 or later + if test "$compiler_num" -ge "700"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [duplicated-branches]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [restrict]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [alloc-zero]) + tmp_CFLAGS="$tmp_CFLAGS -Wformat-overflow=2" + tmp_CFLAGS="$tmp_CFLAGS -Wformat-truncation=2" + tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough" + fi + # + dnl Only gcc 10 or later + if test "$compiler_num" -ge "1000"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [arith-conversion]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [enum-conversion]) + fi + + for flag in $CPPFLAGS; do + case "$flag" in + -I*) + dnl Include path, provide a -isystem option for the same dir + dnl to prevent warnings in those dirs. The -isystem was not very + dnl reliable on earlier gcc versions. + add=`echo $flag | sed 's/^-I/-isystem /g'` + tmp_CFLAGS="$tmp_CFLAGS $add" + ;; + esac + done + + fi dnl $ICC = no + + CFLAGS="$CFLAGS $tmp_CFLAGS" + + AC_MSG_NOTICE([Added this set of compiler options: $tmp_CFLAGS]) + + else dnl $GCC = yes + + AC_MSG_NOTICE([Added no extra compiler options]) + + fi dnl $GCC = yes + + dnl strip off optimizer flags + NEWFLAGS="" + for flag in $CFLAGS; do + case "$flag" in + -O*) + dnl echo "cut off $flag" + ;; + *) + NEWFLAGS="$NEWFLAGS $flag" + ;; + esac + done + CFLAGS=$NEWFLAGS - else dnl $GCC = yes +]) dnl end of AC_DEFUN() - AC_MSG_NOTICE([Added no extra compiler options]) +dnl CURL_ADD_COMPILER_WARNINGS (WARNING-LIST, NEW-WARNINGS) +dnl ------------------------------------------------------- +dnl Contents of variable WARNING-LIST and NEW-WARNINGS are +dnl handled as whitespace separated lists of words. +dnl Add each compiler warning from NEW-WARNINGS that has not +dnl been disabled via CFLAGS to WARNING-LIST. + +AC_DEFUN([CURL_ADD_COMPILER_WARNINGS], [ + AC_REQUIRE([CURL_SHFUNC_SQUEEZE])dnl + ac_var_added_warnings="" + for warning in [$2]; do + CURL_VAR_MATCH(CFLAGS, [-Wno-$warning -W$warning]) + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + dnl squeeze whitespace out of result + [$1]="$[$1] $ac_var_added_warnings" + squeeze [$1] +]) - fi dnl $GCC = yes +dnl CURL_SHFUNC_SQUEEZE +dnl ------------------------------------------------- +dnl Declares a shell function squeeze() which removes +dnl redundant whitespace out of a shell variable. + +AC_DEFUN([CURL_SHFUNC_SQUEEZE], [ +squeeze() { + _sqz_result="" + eval _sqz_input=\[$][$]1 + for _sqz_token in $_sqz_input; do + if test -z "$_sqz_result"; then + _sqz_result="$_sqz_token" + else + _sqz_result="$_sqz_result $_sqz_token" + fi + done + eval [$]1=\$_sqz_result + return 0 +} +]) - dnl strip off optimizer flags - NEWFLAGS="" - for flag in $CFLAGS; do - case "$flag" in - -O*) - dnl echo "cut off $flag" - ;; - *) - NEWFLAGS="$NEWFLAGS $flag" - ;; - esac +dnl CURL_VAR_MATCH (VARNAME, VALUE) +dnl ------------------------------------------------- +dnl Verifies if shell variable VARNAME contains VALUE. +dnl Contents of variable VARNAME and VALUE are handled +dnl as whitespace separated lists of words. If at least +dnl one word of VALUE is present in VARNAME the match +dnl is considered positive, otherwise false. + +AC_DEFUN([CURL_VAR_MATCH], [ + ac_var_match_word="no" + for word1 in $[$1]; do + for word2 in [$2]; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi done - CFLAGS=$NEWFLAGS - -]) dnl end of AC_DEFUN() + done +]) dnl CURL_CHECK_NONBLOCKING_SOCKET dnl ------------------------------------------------- @@ -163,12 +638,12 @@ AC_DEFUN([CURL_CHECK_NONBLOCKING_SOCKET], [ AC_MSG_CHECKING([non-blocking sockets style]) - AC_TRY_COMPILE([ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ /* headers for O_NONBLOCK test */ #include #include #include -],[ +]], [[ /* try to compile O_NONBLOCK */ #if defined(sun) || defined(__sun__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) @@ -187,22 +662,22 @@ AC_DEFUN([CURL_CHECK_NONBLOCKING_SOCKET], #endif int socket; int flags = fcntl(socket, F_SETFL, flags | O_NONBLOCK); -],[ +]])],[ dnl the O_NONBLOCK test was fine nonblock="O_NONBLOCK" AC_DEFINE(HAVE_O_NONBLOCK, 1, [use O_NONBLOCK for non-blocking sockets]) ],[ dnl the code was bad, try a different program now, test 2 - AC_TRY_COMPILE([ + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ /* headers for FIONBIO test */ #include #include -],[ +]], [[ /* FIONBIO source test (old-style unix) */ int socket; int flags = ioctl(socket, FIONBIO, &flags); -],[ +]])],[ dnl FIONBIO test was good nonblock="FIONBIO" AC_DEFINE(HAVE_FIONBIO, 1, [use FIONBIO for non-blocking sockets]) @@ -210,67 +685,34 @@ AC_DEFINE(HAVE_FIONBIO, 1, [use FIONBIO for non-blocking sockets]) dnl FIONBIO test was also bad dnl the code was bad, try a different program now, test 3 - AC_TRY_COMPILE([ -/* headers for ioctlsocket test (Windows) */ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#endif -],[ -/* ioctlsocket source code */ - SOCKET sd; - unsigned long flags = 0; - sd = socket(0, 0, 0); - ioctlsocket(sd, FIONBIO, &flags); -],[ -dnl ioctlsocket test was good -nonblock="ioctlsocket" -AC_DEFINE(HAVE_IOCTLSOCKET, 1, [use ioctlsocket() for non-blocking sockets]) -],[ -dnl ioctlsocket didnt compile!, go to test 4 - - AC_TRY_LINK([ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ /* headers for IoctlSocket test (Amiga?) */ #include -],[ +]], [[ /* IoctlSocket source code */ int socket; int flags = IoctlSocket(socket, FIONBIO, (long)1); -],[ +]])],[ dnl ioctlsocket test was good nonblock="IoctlSocket" AC_DEFINE(HAVE_IOCTLSOCKET_CASE, 1, [use Ioctlsocket() for non-blocking sockets]) ],[ -dnl Ioctlsocket didnt compile, do test 5! - AC_TRY_COMPILE([ +dnl Ioctlsocket did not compile, do test 4! + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ /* headers for SO_NONBLOCK test (BeOS) */ #include -],[ +]], [[ /* SO_NONBLOCK source code */ long b = 1; int socket; int flags = setsockopt(socket, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b)); -],[ +]])],[ dnl the SO_NONBLOCK test was good nonblock="SO_NONBLOCK" AC_DEFINE(HAVE_SO_NONBLOCK, 1, [use SO_NONBLOCK for non-blocking sockets]) ],[ -dnl test 5 didnt compile! +dnl test 4 did not compile! nonblock="nada" -AC_DEFINE(HAVE_DISABLED_NONBLOCKING, 1, [disabled non-blocking sockets]) -]) -dnl end of fifth test - ]) dnl end of forth test @@ -418,22 +860,29 @@ m4_case([$1], [openssl], [ LIBSSH2_LIB_HAVE_LINKFLAGS([ssl], [crypto], [#include ], [ AC_DEFINE(LIBSSH2_OPENSSL, 1, [Use $1]) - LIBSREQUIRED="$LIBSREQUIRED${LIBSREQUIRED:+ }libssl libcrypto" - - # Not all OpenSSL have AES-CTR functions. - libssh2_save_LIBS="$LIBS" - LIBS="$LIBS $LIBSSL" - AC_CHECK_FUNCS(EVP_aes_128_ctr) - LIBS="$libssh2_save_LIBS" + LIBSSH2_PC_REQUIRES_PRIVATE="$LIBSSH2_PC_REQUIRES_PRIVATE${LIBSSH2_PC_REQUIRES_PRIVATE:+,}libcrypto" + found_crypto="$1" + found_crypto_str="OpenSSL" + ]) +], +[wolfssl], [ + if test "${with_libwolfssl_prefix+set}" = set; then + CPPFLAGS="$CPPFLAGS${CPPFLAGS:+ }-I${with_libwolfssl_prefix}/include/wolfssl" + else + AC_MSG_ERROR([When using wolfSSL, must specify prefix with --with-libwolfssl-prefix in order to find OpenSSL compatibility headers.]) + fi + LIBSSH2_LIB_HAVE_LINKFLAGS([wolfssl], [], [#include ], [ + AC_DEFINE(LIBSSH2_WOLFSSL, 1, [Use $1]) + LIBSSH2_PC_REQUIRES_PRIVATE="$LIBSSH2_PC_REQUIRES_PRIVATE${LIBSSH2_PC_REQUIRES_PRIVATE:+,}wolfssl" found_crypto="$1" - found_crypto_str="OpenSSL (AES-CTR: ${ac_cv_func_EVP_aes_128_ctr:-N/A})" ]) ], [libgcrypt], [ LIBSSH2_LIB_HAVE_LINKFLAGS([gcrypt], [], [#include ], [ AC_DEFINE(LIBSSH2_LIBGCRYPT, 1, [Use $1]) + LIBSSH2_PC_REQUIRES_PRIVATE="$LIBSSH2_PC_REQUIRES_PRIVATE${LIBSSH2_PC_REQUIRES_PRIVATE:+,}libgcrypt" found_crypto="$1" ]) ], @@ -443,29 +892,25 @@ m4_case([$1], AC_DEFINE(LIBSSH2_MBEDTLS, 1, [Use $1]) LIBS="$LIBS -lmbedcrypto" found_crypto="$1" - support_clear_memory=yes ]) ], [wincng], [ - # Look for Windows Cryptography API: Next Generation - - AC_CHECK_HEADERS([ntdef.h ntstatus.h], [], [], [#include ]) - AC_CHECK_DECLS([SecureZeroMemory], [], [], [#include ]) - - LIBSSH2_LIB_HAVE_LINKFLAGS([crypt32], [], [ - #include - #include - ]) - LIBSSH2_LIB_HAVE_LINKFLAGS([bcrypt], [], [ - #include - #include - ], [ - AC_DEFINE(LIBSSH2_WINCNG, 1, [Use $1]) - found_crypto="$1" - found_crypto_str="Windows Cryptography API: Next Generation" - support_clear_memory="$ac_cv_have_decl_SecureZeroMemory" - ]) + if test "x$have_windows_h" = "xyes"; then + # Look for Windows Cryptography API: Next Generation + + LIBS="$LIBS -lcrypt32" + + # Check necessary for old-MinGW + LIBSSH2_LIB_HAVE_LINKFLAGS([bcrypt], [], [ + #include + #include + ], [ + AC_DEFINE(LIBSSH2_WINCNG, 1, [Use $1]) + found_crypto="$1" + found_crypto_str="Windows Cryptography API: Next Generation" + ]) + fi ], ) test "$found_crypto" = "none" && @@ -486,8 +931,8 @@ AC_DEFUN([LIBSSH2_CHECK_OPTION_WERROR], [ AC_MSG_CHECKING([whether to enable compiler warnings as errors]) OPT_COMPILER_WERROR="default" AC_ARG_ENABLE(werror, -AC_HELP_STRING([--enable-werror],[Enable compiler warnings as errors]) -AC_HELP_STRING([--disable-werror],[Disable compiler warnings as errors]), +AS_HELP_STRING([--enable-werror],[Enable compiler warnings as errors]) +AS_HELP_STRING([--disable-werror],[Disable compiler warnings as errors]), OPT_COMPILER_WERROR=$enableval) case "$OPT_COMPILER_WERROR" in no) @@ -506,7 +951,6 @@ AC_HELP_STRING([--disable-werror],[Disable compiler warnings as errors]), AC_MSG_RESULT([$want_werror]) if test X"$want_werror" = Xyes; then - CFLAGS="$CFLAGS -Werror" + LIBSSH2_CFLAG_EXTRAS="$LIBSSH2_CFLAG_EXTRAS -Werror" fi ]) - diff --git a/appveyor.yml b/appveyor.yml index c2731ca2bd..2c91054f31 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,6 +1,7 @@ -# Copyright (c) 2014, Ruslan Baratov -# Copyright (c) 2014, 2016 Alexander Lamaison -# Copyright (c) 2020, 2021 Marc Hoersken +# Copyright (C) Ruslan Baratov +# Copyright (C) Alexander Lamaison +# Copyright (C) Marc Hoersken +# Copyright (C) Viktor Szakats # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -23,100 +24,204 @@ # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# SPDX-License-Identifier: BSD-3-Clause -os: Visual Studio 2015 +# https://www.appveyor.com/docs/windows-images-software/ environment: + CONFIGURATION: 'Release' + FIXTURE_XFER_COUNT: 35020 matrix: - - GENERATOR: "Visual Studio 14 2015" - BUILD_SHARED_LIBS: ON - CRYPTO_BACKEND: "OpenSSL" - - - GENERATOR: "Visual Studio 14 2015" - BUILD_SHARED_LIBS: OFF - CRYPTO_BACKEND: "OpenSSL" - - - GENERATOR: "Visual Studio 12 2013" - BUILD_SHARED_LIBS: ON - CRYPTO_BACKEND: "OpenSSL" - - - GENERATOR: "Visual Studio 12 2013" - BUILD_SHARED_LIBS: OFF - CRYPTO_BACKEND: "OpenSSL" - - - GENERATOR: "Visual Studio 14 2015" - BUILD_SHARED_LIBS: ON - CRYPTO_BACKEND: "WinCNG" - - - GENERATOR: "Visual Studio 14 2015" - BUILD_SHARED_LIBS: OFF - CRYPTO_BACKEND: "WinCNG" - - - GENERATOR: "Visual Studio 12 2013" - BUILD_SHARED_LIBS: ON - CRYPTO_BACKEND: "WinCNG" - - - GENERATOR: "Visual Studio 12 2013" - BUILD_SHARED_LIBS: OFF - CRYPTO_BACKEND: "WinCNG" - -platform: - - x86 - - x64 - -configuration: -# - Debug - - Release + - job_name: 'VS2022, OpenSSL 3, x64, Server 2019' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + GENERATOR: 'Visual Studio 17 2022' + PLATFORM: 'x64' + CRYPTO_BACKEND: 'OpenSSL' + + - job_name: 'VS2015, OpenSSL 1.1, x86, Server 2016' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2017' + GENERATOR: 'Visual Studio 14 2015' + PLATFORM: 'x86' + CRYPTO_BACKEND: 'OpenSSL' + + - job_name: 'VS2015, OpenSSL 1.1, x64, Server 2012 R2, Logging' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + GENERATOR: 'Visual Studio 14 2015' + PLATFORM: 'x64' + CRYPTO_BACKEND: 'OpenSSL' + ENABLE_DEBUG_LOGGING: 'ON' + + - job_name: 'VS2013, OpenSSL 1.1, x64, Server 2012 R2' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + GENERATOR: 'Visual Studio 12 2013' + PLATFORM: 'x64' + CRYPTO_BACKEND: 'OpenSSL' + + - job_name: 'VS2013, OpenSSL 1.1, x86, Server 2012 R2, Shared-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + GENERATOR: 'Visual Studio 12 2013' + PLATFORM: 'x86' + BUILD_STATIC_LIBS: 'OFF' + CRYPTO_BACKEND: 'OpenSSL' + + - job_name: 'VS2013, OpenSSL 1.0.2, x64, Build-only, Static-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + GENERATOR: 'Visual Studio 12 2013' + PLATFORM: 'x64' + BUILD_SHARED_LIBS: 'OFF' + CRYPTO_BACKEND: 'OpenSSL' + SKIP_CTEST: 'yes' + + - job_name: 'VS2008, WinCNG, x86, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + GENERATOR: 'Visual Studio 9 2008' + PLATFORM: 'x86' + CRYPTO_BACKEND: 'WinCNG' + SKIP_CTEST: 'yes' + + - job_name: 'VS2010, WinCNG, x64, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + GENERATOR: 'Visual Studio 10 2010' + PLATFORM: 'x64' + CRYPTO_BACKEND: 'WinCNG' + UNITY: 'ON' + SKIP_CTEST: 'yes' + + - job_name: 'VS2022, WinCNG, x64, Server 2019, Logging' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + GENERATOR: 'Visual Studio 17 2022' + PLATFORM: 'x64' + CRYPTO_BACKEND: 'WinCNG' + ENABLE_DEBUG_LOGGING: 'ON' + + - job_name: 'VS2022, WinCNG, ARM64, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + GENERATOR: 'Visual Studio 17 2022' + PLATFORM: 'ARM64' + CRYPTO_BACKEND: 'WinCNG' + + - job_name: 'VS2015, WinCNG, x86, Server 2016' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2017' + GENERATOR: 'Visual Studio 14 2015' + PLATFORM: 'x86' + CRYPTO_BACKEND: 'WinCNG' + + - job_name: 'VS2015, WinCNG, x64, Server 2012 R2' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + GENERATOR: 'Visual Studio 14 2015' + PLATFORM: 'x64' + CRYPTO_BACKEND: 'WinCNG' matrix: fast_finish: true - allow_failures: - - GENERATOR: "Visual Studio 9 2008" - platform: x64 install: # prepare local SSH server for reverse tunneling from GitHub Actions hosting our docker container - ps: | $env:OPENSSH_SERVER_PORT = Get-Random -Minimum 2000 -Maximum 2300 - [System.Environment]::SetEnvironmentVariable("OPENSSH_SERVER_PORT", $env:OPENSSH_SERVER_PORT) - - ps: .\ci\appveyor\docker-bridge.ps1 - - choco install -y docker-cli + [System.Environment]::SetEnvironmentVariable('OPENSSH_SERVER_PORT', $env:OPENSSH_SERVER_PORT) + .\ci\appveyor\docker-bridge.ps1 build_script: - - ps: if($env:PLATFORM -eq "x64") { $env:CMAKE_GEN_SUFFIX=" Win64" } - - cmake "-G%GENERATOR%%CMAKE_GEN_SUFFIX%" -DBUILD_SHARED_LIBS=%BUILD_SHARED_LIBS% -DCRYPTO_BACKEND=%CRYPTO_BACKEND% -H. -B_builds - - cmake --build _builds --config "%CONFIGURATION%" - -before_test: - ps: | - Write-Host "Waiting for SSH connection from GitHub Actions" -NoNewline - while((Get-Process -Name "sshd" -ErrorAction SilentlyContinue).Count -eq 1) { - Write-Host "." -NoNewline - Start-Sleep -Seconds 1 + $options = @('-DENABLE_WERROR=ON') + + if($env:GENERATOR -eq 'Visual Studio 17 2022') { + if($env:PLATFORM -eq 'x86') { + $options += '-A Win32' + } + else { + $options += "-A $env:PLATFORM" + } + } + elseif($env:PLATFORM -eq 'x64') { + $env:GENERATOR += ' Win64' } - if((Get-Process -Name "sshd" -ErrorAction SilentlyContinue).Count -gt 1) { - $env:DOCKER_HOST = "tcp://127.0.0.1:2375" - [System.Environment]::SetEnvironmentVariable("DOCKER_HOST", $env:DOCKER_HOST) - Write-Host "... ready!" - } else { - Write-Host "... failed!" + $options += "-G$env:GENERATOR" + + $options += "-DCRYPTO_BACKEND=$env:CRYPTO_BACKEND" + if($env:SKIP_CTEST -ne 'yes' -and $env:CRYPTO_BACKEND -eq 'OpenSSL') { + if($env:APPVEYOR_BUILD_WORKER_IMAGE -eq 'Visual Studio 2022') { + if($env:PLATFORM -eq 'x64') { + $options += '-DOPENSSL_ROOT_DIR=C:/OpenSSL-v30-Win64' + } + } + else { + if($env:PLATFORM -eq 'x64') { + $options += '-DOPENSSL_ROOT_DIR=C:/OpenSSL-v111-Win64' + } + elseif($env:PLATFORM -eq 'x86') { + $options += '-DOPENSSL_ROOT_DIR=C:/OpenSSL-v111-Win32' + } + } } + if($env:ENABLE_DEBUG_LOGGING -eq 'ON') { + $options += '-DENABLE_DEBUG_LOGGING=ON' + } + if($env:UNITY -eq 'ON') { + $options += '-DCMAKE_UNITY_BUILD=ON' + } + if($env:BUILD_STATIC_LIBS -eq 'OFF') { + $options += '-DBUILD_STATIC_LIBS=OFF' + } + if($env:BUILD_SHARED_LIBS -eq 'OFF') { + $options += '-DBUILD_SHARED_LIBS=OFF' + } + $options += '-DCMAKE_VS_GLOBALS=TrackFileAccess=false' + # FIXME: First sshd test sometimes timeouts, subsequent ones almost always fail: + # 'libssh2_session_handshake failed (-43): Failed getting banner' + $options += '-DRUN_SSHD_TESTS=OFF' + + Write-Host 'CMake options:' $options + cmake -B _builds $options + cmake --build _builds --config "$env:CONFIGURATION" + test_script: - - ps: cd _builds - - ps: ctest -VV -C $($env:CONFIGURATION) --output-on-failure + - ps: | + if($env:SKIP_CTEST -ne 'yes' -and $env:PLATFORM -ne 'ARM64') { + appveyor-retry choco install --yes --no-progress --limit-output --timeout 180 docker-cli + Write-Host 'Waiting for SSH connection from GitHub Actions' -NoNewline + $endDate = (Get-Date).AddMinutes(3) + while((Get-Process -Name 'sshd' -ErrorAction SilentlyContinue).Count -eq 1 -and (Get-Date) -lt $endDate) { + Write-Host '.' -NoNewline + Start-Sleep -Seconds 1 + } + if((Get-Process -Name 'sshd' -ErrorAction SilentlyContinue).Count -gt 1) { + $env:DOCKER_HOST = 'tcp://127.0.0.1:2375' + [System.Environment]::SetEnvironmentVariable('DOCKER_HOST', $env:DOCKER_HOST) + Write-Host '... ready.' + } + else { + Write-Host '... failed.' + } + if($env:CRYPTO_BACKEND -eq 'WinCNG') { + $env:FIXTURE_TRACE_ALL_CONNECT = '1' + } + $env:OPENSSH_SERVER_IMAGE=[string] (& bash -c "echo ghcr.io/libssh2/ci_tests_openssh_server:$(git rev-parse --short=20 HEAD:tests/openssh_server)") + cd _builds; ctest -VV -C $($env:CONFIGURATION) --output-on-failure --timeout 900 + } on_failure: - - ps: if(Test-Path _builds/CMakeFiles/CMakeOutput.log) { cat _builds/CMakeFiles/CMakeOutput.log } - - ps: if(Test-Path _builds/CMakeFiles/CMakeError.log) { cat _builds/CMakeFiles/CMakeError.log } + - ps: | + if(Test-Path _builds/CMakeFiles/CMakeConfigureLog.yaml) { cat _builds/CMakeFiles/CMakeConfigureLog.yaml } + if(Test-Path _builds/CMakeFiles/CMakeOutput.log) { cat _builds/CMakeFiles/CMakeOutput.log } + if(Test-Path _builds/CMakeFiles/CMakeError.log) { cat _builds/CMakeFiles/CMakeError.log } on_finish: - ps: | - Get-Process -Name "sleep" -ErrorAction SilentlyContinue | Stop-Process + Get-Process -Name 'sleep' -ErrorAction SilentlyContinue | Stop-Process Start-Sleep -Seconds 3 - Get-Process -Name "sshd" -ErrorAction SilentlyContinue | Stop-Process + Get-Process -Name 'sshd' -ErrorAction SilentlyContinue | Stop-Process + +skip_commits: + files: + - '.github/**/*' + +clone_depth: 10 -# whitelist branches to avoid testing feature branches twice (as branch and as pull request) +# Limit branches to avoid testing feature branches twice (as branch and as pull request) branches: - only: - - master + only: + - master diff --git a/buildconf b/buildconf index 8097193097..1072328b55 100755 --- a/buildconf +++ b/buildconf @@ -1,8 +1,10 @@ #!/bin/sh +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause echo "***" >&2 -echo "*** Do not use buildconf. Instead, just use: autoreconf -fi" >&2 -echo "*** Doing it for you now, but buildconf may disapear in the future." >&2 +echo "*** Do not use buildconf. Instead, use: autoreconf -fi" >&2 +echo "*** Doing it for you now, but buildconf may disappear in the future." >&2 echo "***" >&2 exec ${AUTORECONF:-autoreconf} -fi "${@}" diff --git a/ci/appveyor/docker-bridge.bat b/ci/appveyor/docker-bridge.bat deleted file mode 100644 index e83b285d82..0000000000 --- a/ci/appveyor/docker-bridge.bat +++ /dev/null @@ -1,10 +0,0 @@ -@echo off - -netsh interface portproxy add v4tov4 listenport=3389 listenaddress=%1 connectport=22 connectaddress=127.0.0.1 -netsh interface portproxy show all - -C:\msys64\usr\bin\sh -l -c "/usr/bin/ssh-keygen -b 2048 -t rsa -f auth -q -N '' && mkdir .ssh && mv auth.pub .ssh/authorized_keys" -C:\msys64\usr\bin\sh -l -c "/usr/bin/ssh-keygen -A" -C:\msys64\usr\bin\sh -l -c "/usr/bin/sshd" - -C:\msys64\usr\bin\sh -l -c '/usr/bin/curl -F "account=%APPVEYOR_ACCOUNT_NAME%" -F "project=%APPVEYOR_PROJECT_SLUG%" -F "buildid=%APPVEYOR_BUILD_VERSION%" -F "base=%APPVEYOR_REPO_BRANCH%" -F "hash=%APPVEYOR_REPO_COMMIT%" -F "repo=%APPVEYOR_REPO_NAME%" -F "ssh_host=%2" -F "ssh_port=%3" -F "ssh_user=`whoami`" -F "ssh_forward=127.0.0.1:%OPENSSH_SERVER_PORT% 127.0.0.1:%OPENSSH_SERVER_PORT%,127.0.0.1:2375 /var/run/docker.sock" -F "ssh_hostkey=`paste -d , /etc/ssh/ssh_host_*_key.pub`" -F "ssh_privkey=`paste -sd , auth`" -s "https://stuff.marc-hoersken.de/libssh2/dispatch.php"' diff --git a/ci/appveyor/docker-bridge.ps1 b/ci/appveyor/docker-bridge.ps1 old mode 100644 new mode 100755 index 03dbf7dd29..d7a07b5faa --- a/ci/appveyor/docker-bridge.ps1 +++ b/ci/appveyor/docker-bridge.ps1 @@ -1,22 +1,29 @@ -# Partially copied from https://github.com/appveyor/ci/blob/master/scripts/enable-rdp.ps1 - -# get current IP -$ip = (Get-NetIPAddress -AddressFamily IPv4 | Where-Object {$_.InterfaceAlias -like 'ethernet*'}).IPAddress -$port = 3389 -if($ip.StartsWith('172.24.')) { - $port = 33800 + ($ip.split('.')[2] - 16) * 256 + $ip.split('.')[3] -} elseif ($ip.StartsWith('192.168.') -or $ip.StartsWith('10.240.')) { - # new environment - behind NAT - $port = 33800 + ($ip.split('.')[2] - 0) * 256 + $ip.split('.')[3] -} elseif ($ip.StartsWith('10.0.')) { - $port = 33800 + ($ip.split('.')[2] - 0) * 256 + $ip.split('.')[3] -} - -# get external IP -$extip = (New-Object Net.WebClient).DownloadString('https://www.appveyor.com/tools/my-ip.aspx').Trim() - -# allow inbound traffic -New-NetFirewallRule -DisplayName "SSH via RDP port" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 22,3389 - -# launch remote docker daemon with reverse SSH tunnel -& .\ci\appveyor\docker-bridge.bat $ip $extip $port +#!/usr/bin/env pwsh +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause + +# Partially copied from https://github.com/appveyor/ci/blob/master/scripts/enable-rdp.ps1 + +# get current IP +$ip = (Get-NetIPAddress -AddressFamily IPv4 | Where-Object {$_.InterfaceAlias -like 'ethernet*'}).IPAddress +$port = 3389 +if($ip.StartsWith('172.24.')) { + $port = 33800 + ($ip.split('.')[2] - 16) * 256 + $ip.split('.')[3] +} +elseif($ip.StartsWith('192.168.') -or $ip.StartsWith('10.240.')) { + # new environment - behind NAT + $port = 33800 + ($ip.split('.')[2] - 0) * 256 + $ip.split('.')[3] +} +elseif($ip.StartsWith('10.0.')) { + $port = 33800 + ($ip.split('.')[2] - 0) * 256 + $ip.split('.')[3] +} + +# get external IP +$extip = (New-Object Net.WebClient).DownloadString('https://www.appveyor.com/tools/my-ip.aspx').Trim() + +# allow inbound traffic +New-NetFirewallRule -DisplayName 'SSH via RDP port' -Direction Inbound -Action Allow -Protocol TCP -LocalPort 22,3389 + +# launch remote docker daemon with reverse SSH tunnel +$scriptPath = (split-path -parent $MyInvocation.MyCommand.Definition) -replace '\\', '/' +& C:\msys64\usr\bin\sh -l -c "$scriptPath/docker-bridge.sh $ip $extip $port" diff --git a/ci/appveyor/docker-bridge.sh b/ci/appveyor/docker-bridge.sh new file mode 100755 index 0000000000..5e0a69bdea --- /dev/null +++ b/ci/appveyor/docker-bridge.sh @@ -0,0 +1,27 @@ +#!/bin/sh +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause + +set -e + +netsh interface portproxy add v4tov4 listenport=3389 listenaddress="$1" connectport=22 connectaddress=127.0.0.1 +netsh interface portproxy show all + +ssh-keygen -t ed25519 -f auth -q -N '' && mkdir .ssh && mv auth.pub .ssh/authorized_keys +ssh-keygen -A +"$(command -v sshd)" & + +curl \ + -F "account=${APPVEYOR_ACCOUNT_NAME}" \ + -F "project=${APPVEYOR_PROJECT_SLUG}" \ + -F "buildid=${APPVEYOR_BUILD_VERSION}" \ + -F "base=${APPVEYOR_REPO_BRANCH}" \ + -F "hash=${APPVEYOR_REPO_COMMIT}" \ + -F "repo=${APPVEYOR_REPO_NAME}" \ + -F "ssh_host=$2" \ + -F "ssh_port=$3" \ + -F "ssh_user=$(whoami)" \ + -F "ssh_forward=127.0.0.1:${OPENSSH_SERVER_PORT} 127.0.0.1:${OPENSSH_SERVER_PORT},127.0.0.1:2375 /var/run/docker.sock" \ + -F "ssh_hostkey=$(paste -d , /etc/ssh/ssh_host_*_key.pub)" \ + -F "ssh_privkey=$(paste -sd , auth)" \ + -s 'https://stuff.marc-hoersken.de/libssh2/dispatch.php' diff --git a/ci/checksrc.pl b/ci/checksrc.pl index 965f0bab1d..34664585c5 100755 --- a/ci/checksrc.pl +++ b/ci/checksrc.pl @@ -6,11 +6,11 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 2011 - 2018, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms -# are also available at https://curl.haxx.se/docs/copyright.html. +# are also available at https://curl.se/docs/copyright.html. # # You may opt to use, copy, modify, merge, publish, distribute and/or sell # copies of the Software, and permit persons to whom the Software is @@ -19,6 +19,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### use strict; @@ -31,14 +33,14 @@ my $swarnings = 0; my $errors = 0; my $serrors = 0; -my $suppressed; # whitelisted problems +my $suppressed; # skipped problems my $file; my $dir="."; my $wlist=""; my @alist; -my $windows_os = $^O eq 'MSWin32' || $^O eq 'msys' || $^O eq 'cygwin'; +my $windows_os = $^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys'; my $verbose; -my %whitelist; +my %skiplist; my %ignore; my %ignore_set; @@ -47,49 +49,65 @@ my %warnings_extended = ( 'COPYRIGHTYEAR' => 'copyright year incorrect', + 'STRERROR', => 'strerror() detected', + 'STDERR', => 'stderr detected', ); my %warnings = ( - 'LONGLINE' => "Line longer than $max_column", - 'TABS' => 'TAB characters not allowed', - 'TRAILINGSPACE' => 'Trailing white space on the line', - 'CPPCOMMENTS' => '// comment detected', - 'SPACEBEFOREPAREN' => 'space before an open parenthesis', - 'SPACEAFTERPAREN' => 'space after open parenthesis', - 'SPACEBEFORECLOSE' => 'space before a close parenthesis', - 'SPACEBEFORECOMMA' => 'space before a comma', - 'RETURNNOSPACE' => 'return without space', - 'COMMANOSPACE' => 'comma without following space', - 'BRACEELSE' => '} else on the same line', - 'PARENBRACE' => '){ without sufficient space', - 'SPACESEMICOLON' => 'space before semicolon', + 'ASSIGNWITHINCONDITION' => 'assignment within conditional expression', + 'ASTERISKNOSPACE' => 'pointer declared without space before asterisk', + 'ASTERISKSPACE' => 'pointer declared with space after asterisk', + 'BADCOMMAND' => 'bad !checksrc! instruction', 'BANNEDFUNC' => 'a banned function was used', - 'FOPENMODE' => 'fopen needs a macro for the mode string', + 'BANNEDPREPROC' => 'a banned symbol was used on a preprocessor line', + 'BRACEELSE' => '} else on the same line', 'BRACEPOS' => 'wrong position for an open brace', - 'INDENTATION' => 'wrong start column for code', + 'BRACEWHILE' => 'A single space between open brace and while', + 'COMMANOSPACE' => 'comma without following space', + 'COMMENTNOSPACEEND' => 'no space before */', + 'COMMENTNOSPACESTART' => 'no space following /*', 'COPYRIGHT' => 'file missing a copyright statement', - 'BADCOMMAND' => 'bad !checksrc! instruction', - 'UNUSEDIGNORE' => 'a warning ignore was not used', - 'OPENCOMMENT' => 'file ended with a /* comment still "open"', - 'ASTERISKSPACE' => 'pointer declared with space after asterisk', - 'ASTERISKNOSPACE' => 'pointer declared without space before asterisk', - 'ASSIGNWITHINCONDITION' => 'assignment within conditional expression', + 'CPPCOMMENTS' => '// comment detected', + 'DOBRACE' => 'A single space between do and open brace', + 'EMPTYLINEBRACE' => 'Empty line before the open brace', 'EQUALSNOSPACE' => 'equals sign without following space', + 'EQUALSNULL' => 'if/while comparison with == NULL', + 'EXCLAMATIONSPACE' => 'Whitespace after exclamation mark in expression', + 'FOPENMODE' => 'fopen needs a macro for the mode string', + 'INCLUDEDUP', => 'same file is included again', + 'INDENTATION' => 'wrong start column for code', + 'LONGLINE' => "Line longer than $max_column", + 'SPACEBEFORELABEL' => 'labels not at the start of the line', + 'MULTISPACE' => 'multiple spaces used when not suitable', 'NOSPACEEQUALS' => 'equals sign without preceding space', + 'NOTEQUALSZERO', => 'if/while comparison with != 0', + 'ONELINECONDITION' => 'conditional block on the same line as the if()', + 'OPENCOMMENT' => 'file ended with a /* comment still "open"', + 'PARENBRACE' => '){ without sufficient space', + 'RETURNNOSPACE' => 'return without space', 'SEMINOSPACE' => 'semicolon without following space', - 'MULTISPACE' => 'multiple spaces used when not suitable', 'SIZEOFNOPAREN' => 'use of sizeof without parentheses', 'SNPRINTF' => 'use of snprintf', + 'SPACEAFTERPAREN' => 'space after open parenthesis', + 'SPACEBEFORECLOSE' => 'space before a close parenthesis', + 'SPACEBEFORECOMMA' => 'space before a comma', + 'SPACEBEFOREPAREN' => 'space before an open parenthesis', + 'SPACESEMICOLON' => 'space before semicolon', + 'SPACESWITCHCOLON' => 'space before colon of switch label', + 'TABS' => 'TAB characters not allowed', + 'TRAILINGSPACE' => 'Trailing whitespace on the line', + 'TYPEDEFSTRUCT' => 'typedefed struct', + 'UNUSEDIGNORE' => 'a warning ignore was not used', ); -sub readwhitelist { - open(W, "<$dir/checksrc.whitelist") or return; - my @all=; +sub readskiplist { + open(my $W, '<', "$dir/checksrc.skip") or return; + my @all=<$W>; for(@all) { $windows_os ? $_ =~ s/\r?\n$// : chomp; - $whitelist{$_}=1; + $skiplist{$_}=1; } - close(W); + close($W); } # Reads the .checksrc in $dir for any extended warnings to enable locally. @@ -115,10 +133,19 @@ sub readlocalfile { } $warnings{$1} = $warnings_extended{$1}; } + elsif (/^\s*disable ([A-Z]+)$/) { + if(!defined($warnings{$1})) { + print STDERR "invalid warning specified in .checksrc: \"$1\"\n"; + next; + } + # Accept-list + push @alist, $1; + } else { die "Invalid format in $dir/.checksrc on line $i\n"; } } + close($rcfile); } sub checkwarn { @@ -131,8 +158,8 @@ sub checkwarn { # print STDERR "Dev! there's no description for $name!\n"; #} - # checksrc.whitelist - if($whitelist{$line}) { + # checksrc.skip + if($skiplist{$line}) { $nowarn = 1; } # !checksrc! controlled @@ -176,7 +203,7 @@ sub checkwarn { $file = shift @ARGV; -while(1) { +while(defined $file) { if($file =~ /-D(.*)/) { $dir = $1; @@ -217,17 +244,25 @@ sub checkwarn { print " -A[rule] Accept this violation, can be used multiple times\n"; print " -D[DIR] Directory to prepend file names\n"; print " -h Show help output\n"; - print " -W[file] Whitelist the given file - ignore all its flaws\n"; + print " -W[file] Skip the given file - ignore all its flaws\n"; print " -i Indent spaces. Default: 2\n"; print " -m Maximum line length. Default: 79\n"; print "\nDetects and warns for these problems:\n"; - for(sort keys %warnings) { - printf (" %-18s: %s\n", $_, $warnings{$_}); + my @allw = keys %warnings; + push @allw, keys %warnings_extended; + for my $w (sort @allw) { + if($warnings{$w}) { + printf (" %-18s: %s\n", $w, $warnings{$w}); + } + else { + printf (" %-18s: %s[*]\n", $w, $warnings_extended{$w}); + } } + print " [*] = disabled by default\n"; exit; } -readwhitelist(); +readskiplist(); readlocalfile(); do { @@ -344,15 +379,19 @@ sub scanfile { my $line = 1; my $prevl=""; - my $l; - open(R, "<$file") || die "failed to open $file"; + my $prevpl=""; + my $l = ""; + my $prep = 0; + my $prevp = 0; + open(my $R, '<', $file) || die "failed to open $file"; my $incomment=0; my @copyright=(); + my %includes; checksrc_clear(); # for file based ignores accept_violations(); - while() { + while(<$R>) { $windows_os ? $_ =~ s/\r?\n$// : chomp; my $l = $_; my $ol = $l; # keep the unmodified line for error reporting @@ -365,7 +404,8 @@ sub scanfile { } # check for a copyright statement and save the years - if($l =~ /\* +copyright .* \d\d\d\d/i) { + if($l =~ /\* +copyright .* (\d\d\d\d|)/i) { + my $count = 0; while($l =~ /([\d]{4})/g) { push @copyright, { year => $1, @@ -373,6 +413,16 @@ sub scanfile { col => index($l, $1), code => $l }; + $count++; + } + if(!$count) { + # year-less + push @copyright, { + year => -1, + line => $line, + col => index($l, $1), + code => $l + }; } } @@ -386,12 +436,24 @@ sub scanfile { checkwarn("TABS", $line, length($1), $file, $l, "Contains TAB character", 1); } - # detect trailing white space + # detect trailing whitespace if($l =~ /^(.*)[ \t]+\z/) { checkwarn("TRAILINGSPACE", $line, length($1), $file, $l, "Trailing whitespace"); } + # no space after comment start + if($l =~ /^(.*)\/\*\w/) { + checkwarn("COMMENTNOSPACESTART", + $line, length($1) + 2, $file, $l, + "Missing space after comment start"); + } + # no space at comment end + if($l =~ /^(.*)\w\*\//) { + checkwarn("COMMENTNOSPACEEND", + $line, length($1) + 1, $file, $l, + "Missing space end comment end"); + } # ------------------------------------------------------------ # Above this marker, the checks were done on lines *including* # comments @@ -426,16 +488,41 @@ sub scanfile { # comments # ------------------------------------------------------------ + # prev line was a preprocessor **and** ended with a backslash + if($prep && ($prevpl =~ /\\ *\z/)) { + # this is still a preprocessor line + $prep = 1; + goto preproc; + } + $prep = 0; + # crude attempt to detect // comments without too many false # positives - if($l =~ /^([^"\*]*)[^:"]\/\//) { + if($l =~ /^(([^"\*]*)[^:"]|)\/\//) { checkwarn("CPPCOMMENTS", $line, length($1), $file, $l, "\/\/ comment"); } + if($l =~ /^(\#\s*include\s+)([\">].*[>}"])/) { + my ($pre, $path) = ($1, $2); + if($includes{$path}) { + checkwarn("INCLUDEDUP", + $line, length($1), $file, $l, "duplicated include"); + } + $includes{$path} = $l; + } + + # detect and strip preprocessor directives + if($l =~ /^[ \t]*\#/) { + # preprocessor line + $prep = 1; + goto preproc; + } + my $nostr = nostrings($l); # check spaces after for/if/while/function call - if($nostr =~ /^(.*)(for|if|while| ([a-zA-Z0-9_]+)) \((.)/) { + if($nostr =~ /^(.*)(for|if|while|switch| ([a-zA-Z0-9_]+)) \((.)/) { + my ($leading, $word, $extra, $first)=($1,$2,$3,$4); if($1 =~ / *\#/) { # this is a #if, treat it differently } @@ -445,25 +532,69 @@ sub scanfile { elsif(defined $3 && $3 eq "case") { # case must have a space } - elsif($4 eq "*") { - # (* beginning makes the space OK! + elsif(($first eq "*") && ($word !~ /(for|if|while|switch)/)) { + # A "(*" beginning makes the space OK because it wants to + # allow function pointer declared } elsif($1 =~ / *typedef/) { # typedefs can use space-paren } else { - checkwarn("SPACEBEFOREPAREN", $line, length($1)+length($2), $file, $l, - "$2 with space"); + checkwarn("SPACEBEFOREPAREN", $line, length($leading)+length($word), $file, $l, + "$word with space"); } } + # check for '== NULL' in if/while conditions but not if the thing on + # the left of it is a function call + if($nostr =~ /^(.*)(if|while)(\(.*?)([!=]= NULL|NULL [!=]=)/) { + checkwarn("EQUALSNULL", $line, + length($1) + length($2) + length($3), + $file, $l, "we prefer !variable instead of \"== NULL\" comparisons"); + } - if($nostr =~ /^((.*)(if) *\()(.*)\)/) { + # check for '!= 0' in if/while conditions but not if the thing on + # the left of it is a function call + if($nostr =~ /^(.*)(if|while)(\(.*[^)]) != 0[^x]/) { + checkwarn("NOTEQUALSZERO", $line, + length($1) + length($2) + length($3), + $file, $l, "we prefer if(rc) instead of \"rc != 0\" comparisons"); + } + + # check spaces in 'do {' + if($nostr =~ /^( *)do( *)\{/ && length($2) != 1) { + checkwarn("DOBRACE", $line, length($1) + 2, $file, $l, "one space after do before brace"); + } + # check spaces in 'do {' + elsif($nostr =~ /^( *)\}( *)while/ && length($2) != 1) { + checkwarn("BRACEWHILE", $line, length($1) + 2, $file, $l, "one space between brace and while"); + } + if($nostr =~ /^((.*\s)(if) *\()(.*)\)(.*)/) { my $pos = length($1); - if($4 =~ / = /) { + my $postparen = $5; + my $cond = $4; + if($cond =~ / = /) { checkwarn("ASSIGNWITHINCONDITION", $line, $pos+1, $file, $l, "assignment within conditional expression"); } + my $temp = $cond; + $temp =~ s/\(//g; # remove open parens + my $openc = length($cond) - length($temp); + + $temp = $cond; + $temp =~ s/\)//g; # remove close parens + my $closec = length($cond) - length($temp); + my $even = $openc == $closec; + + if($l =~ / *\#/) { + # this is a #if, treat it differently + } + elsif($even && $postparen && + ($postparen !~ /^ *$/) && ($postparen !~ /^ *[,{&|\\]+/)) { + checkwarn("ONELINECONDITION", + $line, length($l)-length($postparen), $file, $l, + "conditional block on the same line"); + } } # check spaces after open parentheses if($l =~ /^(.*[a-z])\( /i) { @@ -551,16 +682,33 @@ sub scanfile { checkwarn("PARENBRACE", $line, length($1)+1, $file, $l, "missing space after close paren"); } + # check for "^{" with an empty line before it + if(($l =~ /^\{/) && ($prevl =~ /^[ \t]*\z/)) { + checkwarn("EMPTYLINEBRACE", + $line, 0, $file, $l, "empty line before open brace"); + } # check for space before the semicolon last in a line if($l =~ /^(.*[^ ].*) ;$/) { checkwarn("SPACESEMICOLON", - $line, length($1), $file, $ol, "space before last semicolon"); + $line, length($1), $file, $ol, "no space before semicolon"); + } + + # check for space before the colon in a switch label + if($l =~ /^( *(case .+|default)) :/) { + checkwarn("SPACESWITCHCOLON", + $line, length($1), $file, $ol, "no space before colon of switch label"); + } + + if($prevl !~ /\?\z/ && $l =~ /^ +([A-Za-z_][A-Za-z0-9_]*):$/ && $1 ne 'default') { + checkwarn("SPACEBEFORELABEL", + $line, length($1), $file, $ol, "no space before label"); } # scan for use of banned functions if($l =~ /^(.*\W) - (gets| + (gmtime|localtime| + gets| strtok| v?sprintf| (str|_mbs|_tcs|_wcs)n?cat| @@ -571,7 +719,30 @@ sub scanfile { $line, length($1), $file, $ol, "use of $2 is banned"); } - + if($warnings{"STRERROR"}) { + # scan for use of banned strerror. This is not a BANNEDFUNC to + # allow for individual enable/disable of this warning. + if($l =~ /^(.*\W)(strerror)\s*\(/x) { + if($1 !~ /^ *\#/) { + # skip preprocessor lines + checkwarn("STRERROR", + $line, length($1), $file, $ol, + "use of $2 is banned"); + } + } + } + if($warnings{"STDERR"}) { + # scan for use of banned stderr. This is not a BANNEDFUNC to + # allow for individual enable/disable of this warning. + if($l =~ /^([^\"-]*\W)(stderr)[^\"_]/x) { + if($1 !~ /^ *\#/) { + # skip preprocessor lines + checkwarn("STDERR", + $line, length($1), $file, $ol, + "use of $2 is banned (use tool_stderr instead)"); + } + } + } # scan for use of snprintf for curl-internals reasons if($l =~ /^(.*\W)(v?snprintf)\s*\(/x) { checkwarn("SNPRINTF", @@ -589,10 +760,9 @@ sub scanfile { } } - # check for open brace first on line but not first column - # only alert if previous line ended with a close paren and wasn't a cpp - # line - if((($prevl =~ /\)\z/) && ($prevl !~ /^ *#/)) && ($l =~ /^( +)\{/)) { + # check for open brace first on line but not first column only alert + # if previous line ended with a close paren and it wasn't a cpp line + if(($prevl =~ /\)\z/) && ($l =~ /^( +)\{/) && !$prevp) { checkwarn("BRACEPOS", $line, length($1), $file, $ol, "badly placed open brace"); } @@ -600,11 +770,10 @@ sub scanfile { # if the previous line starts with if/while/for AND ends with an open # brace, or an else statement, check that this line is indented $indent # more steps, if not a cpp line - if($prevl =~ /^( *)((if|while|for)\(.*\{|else)\z/) { + if(!$prevp && ($prevl =~ /^( *)((if|while|for)\(.*\{|else)\z/)) { my $first = length($1); - # this line has some character besides spaces - if(($l !~ /^ *#/) && ($l =~ /^( *)[^ ]/)) { + if($l =~ /^( *)[^ ]/) { my $second = length($1); my $expect = $first+$indent; if($expect != $second) { @@ -616,11 +785,37 @@ sub scanfile { } } + # if the previous line starts with if/while/for AND ends with a closed + # parenthesis and there's an equal number of open and closed + # parentheses, check that this line is indented $indent more steps, if + # not a cpp line + elsif(!$prevp && ($prevl =~ /^( *)(if|while|for)(\(.*\))\z/)) { + my $first = length($1); + my $op = $3; + my $cl = $3; + + $op =~ s/[^(]//g; + $cl =~ s/[^)]//g; + + if(length($op) == length($cl)) { + # this line has some character besides spaces + if($l =~ /^( *)[^ ]/) { + my $second = length($1); + my $expect = $first+$indent; + if($expect != $second) { + my $diff = $second - $first; + checkwarn("INDENTATION", $line, length($1), $file, $ol, + "not indented $indent steps (uses $diff)"); + } + } + } + } + # check for 'char * name' - if(($l =~ /(^.*(char|int|long|void|curl_slist|CURL|CURLM|CURLMsg|curl_httppost) *(\*+)) (\w+)/) && ($4 ne "const")) { - checkwarn("ASTERISKNOSPACE", + if(($l =~ /(^.*(char|int|long|void|CURL|CURLM|CURLMsg|[cC]url_[A-Za-z_]+|struct [a-zA-Z_]+) *(\*+)) (\w+)/) && ($4 !~ /^(const|volatile)$/)) { + checkwarn("ASTERISKSPACE", $line, length($1), $file, $ol, - "no space after declarative asterisk"); + "space after declarative asterisk"); } # check for 'char*' if(($l =~ /(^.*(char|int|long|void|curl_slist|CURL|CURLM|CURLMsg|curl_httppost|sockaddr_in|FILE)\*)/)) { @@ -675,6 +870,19 @@ sub scanfile { "no space after semicolon"); } + # typedef struct ... { + if($nostr =~ /^(.*)typedef struct.*{/) { + checkwarn("TYPEDEFSTRUCT", + $line, length($1)+1, $file, $ol, + "typedef'ed struct"); + } + + if($nostr =~ /(.*)! +(\w|\()/) { + checkwarn("EXCLAMATIONSPACE", + $line, length($1)+1, $file, $ol, + "space after exclamation mark"); + } + # check for more than one consecutive space before open brace or # question mark. Skip lines containing strings since they make it hard # due to artificially getting multiple spaces @@ -682,13 +890,25 @@ sub scanfile { $nostr =~ /^(.*(\S)) + [{?]/i) { checkwarn("MULTISPACE", $line, length($1)+1, $file, $ol, - "multiple space"); - print STDERR "L: $l\n"; - print STDERR "nostr: $nostr\n"; + "multiple spaces"); + } + preproc: + if($prep) { + # scan for use of banned symbols on a preprocessor line + if($l =~ /^(^|.*\W) + (WIN32) + (\W|$) + /x) { + checkwarn("BANNEDPREPROC", + $line, length($1), $file, $ol, + "use of $2 is banned from preprocessor lines" . + (($2 eq "WIN32") ? ", use _WIN32 instead" : "")); + } } - $line++; - $prevl = $ol; + $prevp = $prep; + $prevl = $ol if(!$prep); + $prevpl = $ol if($prep); } if(!scalar(@copyright)) { @@ -712,17 +932,22 @@ sub scanfile { # A rather more interesting, and correct, check would be to not test # only locally committed files but inspect all files wrt the year of # their last commit. Removing the `git rev-list origin/master..HEAD` - # condition below will enfore copyright year checks against the year + # condition below will enforce copyright year checks against the year # the file was last committed (and thus edited to some degree). my $commityear = undef; @copyright = sort {$$b{year} cmp $$a{year}} @copyright; - if(`git status -s -- $file` =~ /^ [MARCU]/) { + # if the file is modified, assume commit year this year + if(`git status -s -- "$file"` =~ /^ [MARCU]/) { $commityear = (localtime(time))[5] + 1900; } - elsif (`git rev-list --count origin/master..HEAD -- $file` !~ /^0/) { - my $grl = `git rev-list --max-count=1 --timestamp HEAD -- $file`; - $commityear = (localtime((split(/ /, $grl))[0]))[5] + 1900; + else { + # min-parents=1 to ignore wrong initial commit in truncated repos + my $grl = `git rev-list --max-count=1 --min-parents=1 --timestamp HEAD -- "$file"`; + if($grl) { + chomp $grl; + $commityear = (localtime((split(/ /, $grl))[0]))[5] + 1900; + } } if(defined($commityear) && scalar(@copyright) && @@ -740,7 +965,7 @@ sub scanfile { checksrc_endoffile($file); - close(R); + close($R); } diff --git a/ci/checksrc.sh b/ci/checksrc.sh index 3890815b4d..49967463cf 100755 --- a/ci/checksrc.sh +++ b/ci/checksrc.sh @@ -1,8 +1,11 @@ #!/usr/bin/env bash +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause set -e -FILES="src/*.[ch] include/*.h example/*.c tests/*.[ch]" -WHITELIST="-Wsrc/libssh2_config.h" +cd "$(dirname "$0")/.." -perl ./ci/checksrc.pl -i4 -m79 -ASIZEOFNOPAREN -ASNPRINTF -ACOPYRIGHT -AFOPENMODE $WHITELIST $FILES +perl ./ci/checksrc.pl -i4 -m79 \ + -Wsrc/libssh2_config.h \ + src/*.[ch] include/*.h example/*.c tests/*.[ch] diff --git a/ci/ossfuzz.sh b/ci/ossfuzz.sh deleted file mode 100755 index 9ca9c165d3..0000000000 --- a/ci/ossfuzz.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -set -ex - -PROJECT_NAME=libssh2 - -# Clone the oss-fuzz repository -git clone https://github.com/google/oss-fuzz.git /tmp/ossfuzz - -if [[ ! -d /tmp/ossfuzz/projects/${PROJECT_NAME} ]] -then - echo "Could not find the ${PROJECT_NAME} project in ossfuzz" - - # Exit with a success code while the libssh2 project is not expected to exist - # on oss-fuzz. - exit 0 -fi - -# Modify the oss-fuzz Dockerfile so that we're checking out the current branch in the CI system. -sed -i \ - -e "s@--depth 1@--no-checkout@" \ - -e "s@/src/libssh2@/src/libssh2 ; git -C /src/libssh2 fetch origin $GIT_REF:ci; git -C /src/libssh2 checkout ci@" \ - /tmp/ossfuzz/projects/${PROJECT_NAME}/Dockerfile - -# Try and build the fuzzers -pushd /tmp/ossfuzz -python infra/helper.py build_image --pull ${PROJECT_NAME} -python infra/helper.py build_fuzzers ${PROJECT_NAME} -popd diff --git a/ci/spellcheck-words.txt b/ci/spellcheck-words.txt new file mode 100644 index 0000000000..2f39b28074 --- /dev/null +++ b/ci/spellcheck-words.txt @@ -0,0 +1,3 @@ +gord +pase +nam diff --git a/ci/spellcheck.sh b/ci/spellcheck.sh new file mode 100755 index 0000000000..e8352b0cc6 --- /dev/null +++ b/ci/spellcheck.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause + +set -e + +cd "$(dirname "$0")/.." + +# shellcheck disable=SC2046 +codespell --skip='docs/AUTHORS' \ + --ignore-words='ci/spellcheck-words.txt' \ + $(git ls-files) diff --git a/cmake/CheckFunctionExistsMayNeedLibrary.cmake b/cmake/CheckFunctionExistsMayNeedLibrary.cmake index 8ac61abe5e..36bcd072e9 100644 --- a/cmake/CheckFunctionExistsMayNeedLibrary.cmake +++ b/cmake/CheckFunctionExistsMayNeedLibrary.cmake @@ -1,4 +1,4 @@ -# Copyright (c) 2014 Alexander Lamaison +# Copyright (C) Alexander Lamaison # # Redistribution and use in source and binary forms, # with or without modification, are permitted provided @@ -32,6 +32,8 @@ # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY # OF SUCH DAMAGE. +# +# SPDX-License-Identifier: BSD-3-Clause # - check_function_exists_maybe_need_library( [lib1 ... libn]) @@ -63,19 +65,19 @@ function(check_function_exists_may_need_library function variable) check_function_exists(${function} ${variable}) if(NOT ${variable}) - foreach(lib ${ARGN}) + foreach(lib IN LISTS ARGN) string(TOUPPER ${lib} UP_LIB) # Use new variable to prevent cache from previous step shortcircuiting # new test check_library_exists(${lib} ${function} "" HAVE_${function}_IN_${lib}) if(HAVE_${function}_IN_${lib}) - set(${variable} 1 CACHE INTERNAL - "Function ${function} found in library ${lib}") - set(NEED_LIB_${UP_LIB} 1 CACHE INTERNAL - "Need to link ${lib}") - break() + set(${variable} 1 CACHE INTERNAL + "Function ${function} found in library ${lib}") + set(NEED_LIB_${UP_LIB} 1 CACHE INTERNAL + "Need to link ${lib}") + break() endif() endforeach() endif() -endfunction() \ No newline at end of file +endfunction() diff --git a/cmake/CheckNonblockingSocketSupport.cmake b/cmake/CheckNonblockingSocketSupport.cmake index 74f4776a68..bb3229cf38 100644 --- a/cmake/CheckNonblockingSocketSupport.cmake +++ b/cmake/CheckNonblockingSocketSupport.cmake @@ -1,3 +1,5 @@ +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause include(CheckCSourceCompiles) # - check_nonblocking_socket_support() @@ -11,10 +13,8 @@ include(CheckCSourceCompiles) # method (if any): # HAVE_O_NONBLOCK # HAVE_FIONBIO -# HAVE_IOCTLSOCKET # HAVE_IOCTLSOCKET_CASE # HAVE_SO_NONBLOCK -# HAVE_DISABLED_NONBLOCKING # # The following variables may be set before calling this macro to # modify the way the check is run: @@ -47,73 +47,49 @@ macro(check_nonblocking_socket_support) #error \"O_NONBLOCK does not work on this platform\" #endif -int main() +int main(void) { - int socket; - int flags = fcntl(socket, F_SETFL, flags | O_NONBLOCK); + int socket = 0; + (void)fcntl(socket, F_SETFL, O_NONBLOCK); }" - HAVE_O_NONBLOCK) + HAVE_O_NONBLOCK) if(NOT HAVE_O_NONBLOCK) check_c_source_compiles("/* FIONBIO test (old-style unix) */ #include #include -int main() +int main(void) { - int socket; - int flags = ioctl(socket, FIONBIO, &flags); + int socket = 0; + int flags = 0; + (void)ioctl(socket, FIONBIO, &flags); }" - HAVE_FIONBIO) + HAVE_FIONBIO) if(NOT HAVE_FIONBIO) - check_c_source_compiles("/* ioctlsocket test (Windows) */ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif - -#include -#include - -int main() -{ - SOCKET sd; - unsigned long flags = 0; - sd = socket(0, 0, 0); - ioctlsocket(sd, FIONBIO, &flags); -}" - HAVE_IOCTLSOCKET) - - if(NOT HAVE_IOCTLSOCKET) - check_c_source_compiles("/* IoctlSocket test (Amiga?) */ + check_c_source_compiles("/* IoctlSocket test (Amiga?) */ #include -int main() +int main(void) { - int socket; - int flags = IoctlSocket(socket, FIONBIO, (long)1); + int socket = 0; + (void)IoctlSocket(socket, FIONBIO, (long)1); }" HAVE_IOCTLSOCKET_CASE) - if(NOT HAVE_IOCTLSOCKET_CASE) - check_c_source_compiles("/* SO_NONBLOCK test (BeOS) */ + if(NOT HAVE_IOCTLSOCKET_CASE) + check_c_source_compiles("/* SO_NONBLOCK test (BeOS) */ #include -int main() +int main(void) { long b = 1; - int socket; - int flags = setsockopt(socket, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b)); + int socket = 0; + (void)setsockopt(socket, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b)); }" HAVE_SO_NONBLOCK) - - if(NOT HAVE_SO_NONBLOCK) - # No non-blocking socket method found - set(HAVE_DISABLED_NONBLOCKING 1) - endif() - endif() endif() endif() endif() -endmacro() \ No newline at end of file +endmacro() diff --git a/cmake/CopyRuntimeDependencies.cmake b/cmake/CopyRuntimeDependencies.cmake index 083f762686..f3a72343e4 100644 --- a/cmake/CopyRuntimeDependencies.cmake +++ b/cmake/CopyRuntimeDependencies.cmake @@ -1,4 +1,4 @@ -# Copyright (c) 2014 Alexander Lamaison +# Copyright (C) Alexander Lamaison # # Redistribution and use in source and binary forms, # with or without modification, are permitted provided @@ -32,6 +32,8 @@ # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY # OF SUCH DAMAGE. +# +# SPDX-License-Identifier: BSD-3-Clause include(CMakeParseArguments) @@ -50,12 +52,11 @@ function(ADD_TARGET_TO_COPY_DEPENDENCIES) # parallel builds trying to kick off the commands at the same time add_custom_target(${COPY_TARGET}) - foreach(target ${COPY_BEFORE_TARGETS}) + foreach(target IN LISTS COPY_BEFORE_TARGETS) add_dependencies(${target} ${COPY_TARGET}) endforeach() - foreach(dependency ${COPY_DEPENDENCIES}) - + foreach(dependency IN LISTS COPY_DEPENDENCIES) add_custom_command( TARGET ${COPY_TARGET} DEPENDS ${dependency} @@ -66,7 +67,5 @@ function(ADD_TARGET_TO_COPY_DEPENDENCIES) COMMAND ${CMAKE_COMMAND} ARGS -E copy ${dependency} ${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR} VERBATIM) - endforeach() - endfunction() diff --git a/cmake/FindLibgcrypt.cmake b/cmake/FindLibgcrypt.cmake index 44a79873d6..8fbe6fff71 100644 --- a/cmake/FindLibgcrypt.cmake +++ b/cmake/FindLibgcrypt.cmake @@ -1,4 +1,4 @@ -# Copyright (c) 2014 Alexander Lamaison +# Copyright (C) Alexander Lamaison # # Redistribution and use in source and binary forms, # with or without modification, are permitted provided @@ -32,6 +32,8 @@ # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY # OF SUCH DAMAGE. +# +# SPDX-License-Identifier: BSD-3-Clause # - Try to find Libgcrypt # This will define all or none of: @@ -50,4 +52,4 @@ include(FindPackageHandleStandardArgs) find_package_handle_standard_args(Libgcrypt DEFAULT_MSG LIBGCRYPT_LIBRARY LIBGCRYPT_INCLUDE_DIR) -mark_as_advanced(LIBGCRYPT_INCLUDE_DIR LIBGCRYPT_LIBRARY) \ No newline at end of file +mark_as_advanced(LIBGCRYPT_INCLUDE_DIR LIBGCRYPT_LIBRARY) diff --git a/cmake/FindmbedTLS.cmake b/cmake/FindmbedTLS.cmake index 2f4adbc519..18c9739d78 100644 --- a/cmake/FindmbedTLS.cmake +++ b/cmake/FindmbedTLS.cmake @@ -1,64 +1,34 @@ +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause +# # - Try to find mbedTLS -# Once done this will define # -# Read-Only variables -# MBEDTLS_FOUND - system has mbedTLS +# Input variables: # MBEDTLS_INCLUDE_DIR - the mbedTLS include directory -# MBEDTLS_LIBRARY_DIR - the mbedTLS library directory -# MBEDTLS_LIBRARIES - Link these to use mbedTLS -# MBEDTLS_LIBRARY - path to mbedTLS library -# MBEDX509_LIBRARY - path to mbedTLS X.509 library # MBEDCRYPTO_LIBRARY - path to mbedTLS Crypto library +# Output variables: +# MBEDTLS_FOUND - system has mbedTLS +# MBEDTLS_LIBRARIES - link these to use mbedTLS -FIND_PATH(MBEDTLS_INCLUDE_DIR mbedtls/version.h) - -IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARIES) - # Already in cache, be silent - SET(MBEDTLS_FIND_QUIETLY TRUE) -ENDIF() - -FIND_LIBRARY(MBEDTLS_LIBRARY NAMES mbedtls libmbedtls libmbedx509) -FIND_LIBRARY(MBEDX509_LIBRARY NAMES mbedx509 libmbedx509) -FIND_LIBRARY(MBEDCRYPTO_LIBRARY NAMES mbedcrypto libmbedcrypto) +find_path(MBEDTLS_INCLUDE_DIR NAMES mbedtls/version.h) +find_library(MBEDCRYPTO_LIBRARY NAMES mbedcrypto libmbedcrypto) -IF(MBEDTLS_INCLUDE_DIR AND MBEDTLS_LIBRARY AND MBEDX509_LIBRARY AND MBEDCRYPTO_LIBRARY) - SET(MBEDTLS_FOUND TRUE) -ENDIF() +if(MBEDTLS_INCLUDE_DIR) + file(READ "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h" _mbedtls_header_1) + file(READ "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h" _mbedtls_header_2) + set(_mbedtls_regex "MBEDTLS_VERSION_STRING +\"([0-9|.]+)\"") + string(REGEX MATCH "${_mbedtls_regex}" _mbedtls_match "${_mbedtls_header_1} ${_mbedtls_header_2}") + string(REGEX REPLACE "${_mbedtls_regex}" "\\1" MBEDTLS_VERSION "${_mbedtls_match}") +endif() -IF(MBEDTLS_FOUND) - # split mbedTLS into -L and -l linker options, so we can set them for pkg-config - GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_DIR ${MBEDTLS_LIBRARY} PATH) - GET_FILENAME_COMPONENT(MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY} NAME_WE) - GET_FILENAME_COMPONENT(MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY} NAME_WE) - GET_FILENAME_COMPONENT(MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY} NAME_WE) - STRING(REGEX REPLACE "^lib" "" MBEDTLS_LIBRARY_FILE ${MBEDTLS_LIBRARY_FILE}) - STRING(REGEX REPLACE "^lib" "" MBEDX509_LIBRARY_FILE ${MBEDX509_LIBRARY_FILE}) - STRING(REGEX REPLACE "^lib" "" MBEDCRYPTO_LIBRARY_FILE ${MBEDCRYPTO_LIBRARY_FILE}) - SET(MBEDTLS_LIBRARIES "-L${MBEDTLS_LIBRARY_DIR} -l${MBEDTLS_LIBRARY_FILE} -l${MBEDX509_LIBRARY_FILE} -l${MBEDCRYPTO_LIBRARY_FILE}") +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(mbedTLS + REQUIRED_VARS MBEDTLS_INCLUDE_DIR MBEDCRYPTO_LIBRARY + VERSION_VAR MBEDTLS_VERSION) - IF(NOT MBEDTLS_FIND_QUIETLY) - MESSAGE(STATUS "Found mbedTLS:") - FILE(READ ${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h MBEDTLSCONTENT) - STRING(REGEX MATCH "MBEDTLS_VERSION_STRING +\"[0-9|.]+\"" MBEDTLSMATCH ${MBEDTLSCONTENT}) - IF (MBEDTLSMATCH) - STRING(REGEX REPLACE "MBEDTLS_VERSION_STRING +\"([0-9|.]+)\"" "\\1" MBEDTLS_VERSION ${MBEDTLSMATCH}) - MESSAGE(STATUS " version ${MBEDTLS_VERSION}") - ENDIF(MBEDTLSMATCH) - MESSAGE(STATUS " TLS: ${MBEDTLS_LIBRARY}") - MESSAGE(STATUS " X509: ${MBEDX509_LIBRARY}") - MESSAGE(STATUS " Crypto: ${MBEDCRYPTO_LIBRARY}") - ENDIF(NOT MBEDTLS_FIND_QUIETLY) -ELSE(MBEDTLS_FOUND) - IF(MBEDTLS_FIND_REQUIRED) - MESSAGE(FATAL_ERROR "Could not find mbedTLS") - ENDIF(MBEDTLS_FIND_REQUIRED) -ENDIF(MBEDTLS_FOUND) +if(MBEDTLS_FOUND) + set(MBEDTLS_LIBRARIES "${MBEDCRYPTO_LIBRARY}") + message(STATUS "Found mbedTLS libraries: ${MBEDTLS_LIBRARIES}") +endif() -MARK_AS_ADVANCED( - MBEDTLS_INCLUDE_DIR - MBEDTLS_LIBRARY_DIR - MBEDTLS_LIBRARIES - MBEDTLS_LIBRARY - MBEDX509_LIBRARY - MBEDCRYPTO_LIBRARY -) +mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDCRYPTO_LIBRARY MBEDTLS_LIBRARIES) diff --git a/cmake/Findwolfssl.cmake b/cmake/Findwolfssl.cmake new file mode 100644 index 0000000000..7418811c6d --- /dev/null +++ b/cmake/Findwolfssl.cmake @@ -0,0 +1,44 @@ +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause +# +# - Try to find wolfssl +# Once done this will define +# WOLFSSL_FOUND - System has wolfssl +# WOLFSSL_INCLUDE_DIR - The wolfssl include directories +# WOLFSSL_LIBRARIES - The libraries needed to use wolfssl + +find_package(PkgConfig QUIET) +pkg_check_modules(PC_WOLFSSL QUIET wolfssl) + +find_path(WOLFSSL_INCLUDE_DIR + NAMES wolfssl/options.h + HINTS ${PC_WOLFSSL_INCLUDE_DIRS} +) +find_library(WOLFSSL_LIBRARY + NAMES wolfssl + HINTS ${PC_WOLFSSL_LIBRARY_DIRS} +) + +if(WOLFSSL_INCLUDE_DIR) + set(_version_regex "^#define[ \t]+LIBWOLFSSL_VERSION_STRING[ \t]+\"([^\"]+)\".*") + file(STRINGS "${WOLFSSL_INCLUDE_DIR}/wolfssl/version.h" + WOLFSSL_VERSION REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" + WOLFSSL_VERSION "${WOLFSSL_VERSION}") + unset(_version_regex) +endif() + +include(FindPackageHandleStandardArgs) +# handle the QUIETLY and REQUIRED arguments and set WOLFSSL_FOUND +# to TRUE if all listed variables are TRUE and the requested version +# matches. +find_package_handle_standard_args(wolfssl REQUIRED_VARS + WOLFSSL_LIBRARY WOLFSSL_INCLUDE_DIR + VERSION_VAR WOLFSSL_VERSION) + +if(WOLFSSL_FOUND) + set(WOLFSSL_LIBRARIES ${WOLFSSL_LIBRARY}) + set(WOLFSSL_INCLUDE_DIRS ${WOLFSSL_INCLUDE_DIR}) +endif() + +mark_as_advanced(WOLFSSL_INCLUDE_DIR WOLFSSL_LIBRARY) diff --git a/cmake/PickyWarnings.cmake b/cmake/PickyWarnings.cmake new file mode 100644 index 0000000000..94feee87dc --- /dev/null +++ b/cmake/PickyWarnings.cmake @@ -0,0 +1,247 @@ +# Copyright (C) Viktor Szakats +# SPDX-License-Identifier: BSD-3-Clause + +include(CheckCCompilerFlag) + +option(ENABLE_WERROR "Turn compiler warnings into errors" OFF) +option(PICKY_COMPILER "Enable picky compiler options" ON) + +if(ENABLE_WERROR) + if(MSVC) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /WX") + else() # llvm/clang and gcc style options + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror") + endif() +endif() + +if(MSVC) + # Use the highest warning level for Visual Studio. + if(PICKY_COMPILER) + if(CMAKE_CXX_FLAGS MATCHES "[/-]W[0-4]") + string(REGEX REPLACE "[/-]W[0-4]" "/W4" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") + else() + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /W4") + endif() + if(CMAKE_C_FLAGS MATCHES "[/-]W[0-4]") + string(REGEX REPLACE "[/-]W[0-4]" "/W4" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") + else() + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W4") + endif() + endif() +elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR CMAKE_C_COMPILER_ID MATCHES "Clang") + + # https://clang.llvm.org/docs/DiagnosticsReference.html + # https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html + + if(NOT CMAKE_CXX_FLAGS MATCHES "-Wall") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall") + endif() + if(NOT CMAKE_C_FLAGS MATCHES "-Wall") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall") + endif() + + if(PICKY_COMPILER) + + # WPICKY_ENABLE = Options we want to enable as-is. + # WPICKY_DETECT = Options we want to test first and enable if available. + + # Prefer the -Wextra alias with clang. + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + set(WPICKY_ENABLE "-Wextra") + else() + set(WPICKY_ENABLE "-W") + endif() + + list(APPEND WPICKY_ENABLE + -pedantic + ) + + if(ENABLE_WERROR) + list(APPEND WPICKY_ENABLE + -pedantic-errors + ) + endif() + + # ---------------------------------- + # Add new options here, if in doubt: + # ---------------------------------- + set(WPICKY_DETECT + ) + + # Assume these options always exist with both clang and gcc. + # Require clang 3.0 / gcc 2.95 or later. + list(APPEND WPICKY_ENABLE + -Wbad-function-cast # clang 2.7 gcc 2.95 + -Wconversion # clang 2.7 gcc 2.95 + -Winline # clang 1.0 gcc 1.0 + -Wmissing-declarations # clang 1.0 gcc 2.7 + -Wmissing-prototypes # clang 1.0 gcc 1.0 + -Wnested-externs # clang 1.0 gcc 2.7 + -Wno-long-long # clang 1.0 gcc 2.95 + -Wno-multichar # clang 1.0 gcc 2.95 + -Wpointer-arith # clang 1.0 gcc 1.4 + -Wshadow # clang 1.0 gcc 2.95 + -Wsign-compare # clang 1.0 gcc 2.95 + -Wundef # clang 1.0 gcc 2.95 + -Wunused # clang 1.1 gcc 2.95 + -Wwrite-strings # clang 1.0 gcc 1.4 + ) + + # Always enable with clang, version dependent with gcc + set(WPICKY_COMMON_OLD + -Waddress # clang 2.7 gcc 4.3 + -Wattributes # clang 2.7 gcc 4.1 + -Wcast-align # clang 1.0 gcc 4.2 + -Wdeclaration-after-statement # clang 1.0 gcc 3.4 + -Wdiv-by-zero # clang 2.7 gcc 4.1 + -Wempty-body # clang 2.7 gcc 4.3 + -Wendif-labels # clang 1.0 gcc 3.3 + -Wfloat-equal # clang 1.0 gcc 2.96 (3.0) + -Wformat-security # clang 2.7 gcc 4.1 + -Wignored-qualifiers # clang 2.8 gcc 4.3 + -Wmissing-field-initializers # clang 2.7 gcc 4.1 + -Wmissing-noreturn # clang 2.7 gcc 4.1 + -Wno-format-nonliteral # clang 1.0 gcc 2.96 (3.0) + -Wno-system-headers # clang 1.0 gcc 3.0 + # -Wpadded # clang 2.9 gcc 4.1 # Not used because we cannot change public structs + -Wold-style-definition # clang 2.7 gcc 3.4 + -Wredundant-decls # clang 2.7 gcc 4.1 + -Wsign-conversion # clang 2.9 gcc 4.3 + -Wno-error=sign-conversion # FIXME + -Wstrict-prototypes # clang 1.0 gcc 3.3 + # -Wswitch-enum # clang 2.7 gcc 4.1 # Not used because this basically disallows default case + -Wtype-limits # clang 2.7 gcc 4.3 + -Wunreachable-code # clang 2.7 gcc 4.1 + -Wunused-macros # clang 2.7 gcc 4.1 + -Wunused-parameter # clang 2.7 gcc 4.1 + -Wvla # clang 2.8 gcc 4.3 + ) + + set(WPICKY_COMMON + -Wdouble-promotion # clang 3.6 gcc 4.6 appleclang 6.3 + -Wenum-conversion # clang 3.2 gcc 10.0 appleclang 4.6 g++ 11.0 + -Wpragmas # clang 3.5 gcc 4.1 appleclang 6.0 + -Wunused-const-variable # clang 3.4 gcc 6.0 appleclang 5.1 + ) + + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON_OLD} + -Wshift-sign-overflow # clang 2.9 + -Wshorten-64-to-32 # clang 1.0 + -Wlanguage-extension-token # clang 3.0 + -Wformat=2 # clang 3.0 gcc 4.8 + ) + # Enable based on compiler version + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.6) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 6.3)) + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON} + -Wunreachable-code-break # clang 3.5 appleclang 6.0 + -Wheader-guard # clang 3.4 appleclang 5.1 + -Wsometimes-uninitialized # clang 3.2 appleclang 4.6 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.9) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 8.3)) + list(APPEND WPICKY_ENABLE + -Wcomma # clang 3.9 appleclang 8.3 + -Wmissing-variable-declarations # clang 3.2 appleclang 4.6 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 7.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 10.3)) + list(APPEND WPICKY_ENABLE + -Wassign-enum # clang 7.0 appleclang 10.3 + -Wextra-semi-stmt # clang 7.0 appleclang 10.3 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 10.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 12.4)) + list(APPEND WPICKY_ENABLE + -Wimplicit-fallthrough # clang 4.0 gcc 7.0 appleclang 12.4 # we have silencing markup for clang 10.0 and above only + ) + endif() + else() # gcc + list(APPEND WPICKY_DETECT + ${WPICKY_COMMON} + ) + # Enable based on compiler version + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.3) + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON_OLD} + -Wclobbered # gcc 4.3 + -Wmissing-parameter-type # gcc 4.3 + -Wold-style-declaration # gcc 4.3 + -Wstrict-aliasing=3 # gcc 4.0 + -Wtrampolines # gcc 4.3 + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.5 AND MINGW) + list(APPEND WPICKY_ENABLE + -Wno-pedantic-ms-format # gcc 4.5 (mingw-only) + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.8) + list(APPEND WPICKY_ENABLE + -Wformat=2 # clang 3.0 gcc 4.8 + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 5.0) + list(APPEND WPICKY_ENABLE + -Warray-bounds=2 -ftree-vrp # clang 3.0 gcc 5.0 (clang default: -Warray-bounds) + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 6.0) + list(APPEND WPICKY_ENABLE + -Wduplicated-cond # gcc 6.0 + -Wnull-dereference # clang 3.0 gcc 6.0 (clang default) + -fdelete-null-pointer-checks + -Wshift-negative-value # clang 3.7 gcc 6.0 (clang default) + -Wshift-overflow=2 # clang 3.0 gcc 6.0 (clang default: -Wshift-overflow) + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 7.0) + list(APPEND WPICKY_ENABLE + -Walloc-zero # gcc 7.0 + -Wduplicated-branches # gcc 7.0 + -Wformat-overflow=2 # gcc 7.0 + -Wformat-truncation=2 # gcc 7.0 + -Wimplicit-fallthrough # clang 4.0 gcc 7.0 + -Wrestrict # gcc 7.0 + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 10.0) + list(APPEND WPICKY_ENABLE + -Warith-conversion # gcc 10.0 + ) + endif() + endif() + + # + + unset(WPICKY) + + foreach(_CCOPT IN LISTS WPICKY_ENABLE) + set(WPICKY "${WPICKY} ${_CCOPT}") + endforeach() + + foreach(_CCOPT IN LISTS WPICKY_DETECT) + # surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each new + # test result in. + string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) + # GCC only warns about unknown -Wno- options if there are also other diagnostic messages, + # so test for the positive form instead + string(REPLACE "-Wno-" "-W" _CCOPT_ON "${_CCOPT}") + check_c_compiler_flag(${_CCOPT_ON} ${_optvarname}) + if(${_optvarname}) + set(WPICKY "${WPICKY} ${_CCOPT}") + endif() + endforeach() + + message(STATUS "Picky compiler options:${WPICKY}") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${WPICKY}") + endif() +endif() diff --git a/cmake/SocketLibraries.cmake b/cmake/SocketLibraries.cmake deleted file mode 100644 index bfbbd711e3..0000000000 --- a/cmake/SocketLibraries.cmake +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright (c) 2014 Alexander Lamaison -# -# Redistribution and use in source and binary forms, -# with or without modification, are permitted provided -# that the following conditions are met: -# -# Redistributions of source code must retain the above -# copyright notice, this list of conditions and the -# following disclaimer. -# -# Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# Neither the name of the copyright holder nor the names -# of any other contributors may be used to endorse or -# promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY -# OF SUCH DAMAGE. - -# Some systems have their socket functions in a library. -# (Solaris -lsocket/-lnsl, Windows -lws2_32). This macro appends those -# libraries to the given list -macro(append_needed_socket_libraries LIBRARIES_LIST) - if(CMAKE_SYSTEM_NAME STREQUAL "Windows" AND CMAKE_SIZEOF_VOID_P EQUAL 4) - # x86 Windows uses STDCALL for these functions, so their names are mangled, - # meaning the platform checks don't work. Hardcoding these until we get - # a better solution. - set(HAVE_SOCKET 1) - set(HAVE_SELECT 1) - set(HAVE_INET_ADDR 1) - set(NEED_LIB_WS2_32 1) - else() - check_function_exists_may_need_library(socket HAVE_SOCKET socket ws2_32) - check_function_exists_may_need_library(select HAVE_SELECT ws2_32) - check_function_exists_may_need_library(inet_addr HAVE_INET_ADDR nsl ws2_32) - endif() - - if(NEED_LIB_SOCKET) - list(APPEND ${LIBRARIES_LIST} socket) - endif() - if(NEED_LIB_NSL) - list(APPEND ${LIBRARIES_LIST} nsl) - endif() - if(NEED_LIB_WS2_32) - list(APPEND ${LIBRARIES_LIST} ws2_32) - endif() - -endmacro() \ No newline at end of file diff --git a/cmake/Toolchain-Linux-32.cmake b/cmake/Toolchain-Linux-32.cmake deleted file mode 100644 index 6aad9b1e2d..0000000000 --- a/cmake/Toolchain-Linux-32.cmake +++ /dev/null @@ -1,42 +0,0 @@ -# Copyright (c) 2014 Alexander Lamaison -# -# Redistribution and use in source and binary forms, -# with or without modification, are permitted provided -# that the following conditions are met: -# -# Redistributions of source code must retain the above -# copyright notice, this list of conditions and the -# following disclaimer. -# -# Redistributions in binary form must reproduce the above -# copyright notice, this list of conditions and the following -# disclaimer in the documentation and/or other materials -# provided with the distribution. -# -# Neither the name of the copyright holder nor the names -# of any other contributors may be used to endorse or -# promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY -# OF SUCH DAMAGE. - -# Cross-compile 32-bit binary on 64-bit linux host -set(CMAKE_SYSTEM_NAME Linux) -set(CMAKE_SYSTEM_VERSION 1) -set(CMAKE_SYSTEM_PROCESSOR "i386") - -set(CMAKE_CXX_COMPILER_ARG1 "-m32") -set(CMAKE_C_COMPILER_ARG1 "-m32") \ No newline at end of file diff --git a/cmake/libssh2-config.cmake.in b/cmake/libssh2-config.cmake.in new file mode 100644 index 0000000000..27ef5ec3a4 --- /dev/null +++ b/cmake/libssh2-config.cmake.in @@ -0,0 +1,14 @@ +# Copyright (C) The libssh2 project and its contributors. +# SPDX-License-Identifier: BSD-3-Clause + +include("${CMAKE_CURRENT_LIST_DIR}/@PROJECT_NAME@-targets.cmake") + +# Alias for either shared or static library +if(NOT TARGET @PROJECT_NAME@::@LIB_NAME@) + add_library(@PROJECT_NAME@::@LIB_NAME@ ALIAS @PROJECT_NAME@::@LIB_SELECTED@) +endif() + +# Compatibility alias +if(NOT TARGET Libssh2::@LIB_NAME@) + add_library(Libssh2::@LIB_NAME@ ALIAS @PROJECT_NAME@::@LIB_SELECTED@) +endif() diff --git a/cmake/max_warnings.cmake b/cmake/max_warnings.cmake deleted file mode 100644 index b176d302d3..0000000000 --- a/cmake/max_warnings.cmake +++ /dev/null @@ -1,23 +0,0 @@ -if(MSVC) - # Use the highest warning level for visual studio. - if(CMAKE_CXX_FLAGS MATCHES "/W[0-4]") - string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") - else() - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /W4") - endif() - if(CMAKE_C_FLAGS MATCHES "/W[0-4]") - string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") - else() - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W4") - endif() - - # Disable broken warnings - add_definitions(-D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_DEPRECATE) -elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) - if(NOT CMAKE_CXX_FLAGS MATCHES "-Wall") - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall") - endif() - if(NOT CMAKE_C_FLAGS MATCHES "-Wall") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall") - endif() -endif() diff --git a/config.rpath b/config.rpath index e082db6bb5..5e39f28d82 100755 --- a/config.rpath +++ b/config.rpath @@ -24,6 +24,8 @@ # than 256 bytes, otherwise the compiler driver will dump core. The only # known workaround is to choose shorter directory names for the build # directory and/or the installation directory. +# +# SPDX-License-Identifier: FSFULLR # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). diff --git a/configure.ac b/configure.ac index b51bb4b947..2572c2d4ba 100644 --- a/configure.ac +++ b/configure.ac @@ -1,8 +1,14 @@ -# AC_PREREQ(2.57) -AC_INIT(libssh2, [-], libssh2-devel@lists.haxx.se) +# Copyright (C) The libssh2 project and its contributors. +# +# SPDX-License-Identifier: BSD-3-Clause +# + +# AC_PREREQ(2.59) +AC_INIT([libssh2],[-],[libssh2-devel@lists.haxx.se]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([src]) AC_CONFIG_HEADERS([src/libssh2_config.h]) +AC_REQUIRE_AUX_FILE([tap-driver.sh]) AM_MAINTAINER_MODE m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) @@ -16,16 +22,12 @@ if test "x$SED" = "xsed-was-not-found-by-configure"; then fi dnl figure out the libssh2 version -LIBSSH2VER=`$SED -ne 's/^#define LIBSSH2_VERSION *"\(.*\)"/\1/p' ${srcdir}/include/libssh2.h` +LIBSSH2_VERSION=`$SED -ne 's/^#define LIBSSH2_VERSION *"\(.*\)"/\1/p' ${srcdir}/include/libssh2.h` AM_INIT_AUTOMAKE AC_MSG_CHECKING([libssh2 version]) -AC_MSG_RESULT($LIBSSH2VER) - -AC_SUBST(LIBSSH2VER) +AC_MSG_RESULT($LIBSSH2_VERSION) -AB_VERSION=$LIBSSH2VER - -AB_INIT +AC_SUBST(LIBSSH2_VERSION) # Check for the OS. # Daniel's note: this should not be necessary and we need to work to @@ -33,11 +35,9 @@ AB_INIT AC_CANONICAL_HOST case "$host" in *-mingw*) - CFLAGS="$CFLAGS -DLIBSSH2_WIN32" LIBS="$LIBS -lws2_32" ;; *darwin*) - CFLAGS="$CFLAGS -DLIBSSH2_DARWIN" ;; *hpux*) ;; @@ -48,12 +48,6 @@ case "$host" in ;; esac -AC_CHECK_TYPE(long long, - [AC_DEFINE(HAVE_LONGLONG, 1, - [Define to 1 if the compiler supports the 'long long' data type.])] - longlong="yes" -) - dnl Our configure and build reentrant settings CURL_CONFIGURE_REENTRANT @@ -74,10 +68,27 @@ AC_PATH_PROGS(SSHD, [sshd], [], [$PATH$PATH_SEPARATOR/usr/libexec$PATH_SEPARATOR]dnl [/usr/sbin$PATH_SEPARATOR/usr/etc$PATH_SEPARATOR/etc]) AM_CONDITIONAL(SSHD, test -n "$SSHD") +m4_ifdef([LT_INIT], +[dnl +LT_INIT([win32-dll]) +],[dnl AC_LIBTOOL_WIN32_DLL AC_PROG_LIBTOOL +]) AC_C_BIGENDIAN +LT_LANG([Windows Resource]) + +dnl check for windows.h +case $host in + *-*-msys | *-*-cygwin* | *-*-cegcc*) + # These are POSIX-like systems using BSD-like sockets API. + ;; + *) + AC_CHECK_HEADERS([windows.h], [have_windows_h=yes], [have_windows_h=no]) + ;; +esac + dnl check for how to do large files AC_SYS_LARGEFILE @@ -85,16 +96,16 @@ AC_SYS_LARGEFILE found_crypto=none found_crypto_str="" -support_clear_memory=no crypto_errors="" m4_set_add([crypto_backends], [openssl]) m4_set_add([crypto_backends], [libgcrypt]) m4_set_add([crypto_backends], [mbedtls]) m4_set_add([crypto_backends], [wincng]) +m4_set_add([crypto_backends], [wolfssl]) AC_ARG_WITH([crypto], - AC_HELP_STRING([--with-crypto=auto|]m4_set_contents([crypto_backends], [|]), + AS_HELP_STRING([--with-crypto=auto|]m4_set_contents([crypto_backends], [|]), [Select crypto backend (default: auto)]), use_crypto=$withval, use_crypto=auto @@ -105,16 +116,16 @@ case "${use_crypto}" in m4_set_map([crypto_backends], [LIBSSH2_CHECK_CRYPTO]) ;; yes|"") - crypto_errors="No crypto backend specified!" + crypto_errors="No crypto backend specified." ;; *) - crypto_errors="Unknown crypto backend '${use_crypto}' specified!" + crypto_errors="Unknown crypto backend '${use_crypto}' specified." ;; esac if test "$found_crypto" = "none"; then crypto_errors="${crypto_errors} -Specify --with-crypto=\$backend and/or the neccessary library search prefix. +Specify --with-crypto=\$backend and/or the necessary library search prefix. Known crypto backends: auto, m4_set_contents([crypto_backends], [, ])" AS_MESSAGE([ERROR: ${crypto_errors}]) @@ -122,14 +133,10 @@ else test "$found_crypto_str" = "" && found_crypto_str="$found_crypto" fi -m4_set_foreach([crypto_backends], [backend], - [AM_CONDITIONAL(m4_toupper(backend), test "$found_crypto" = "backend")] -) - # libz AC_ARG_WITH([libz], - AC_HELP_STRING([--with-libz],[Use libz for compression]), + AS_HELP_STRING([--with-libz],[Use libz for compression]), use_libz=$withval, use_libz=auto) @@ -143,68 +150,43 @@ if test "$use_libz" != no; then AC_MSG_NOTICE([Cannot find libz, disabling compression]) found_libz="disabled; no libz found" else - libz_errors="No libz found! + libz_errors="No libz found. Try --with-libz-prefix=PATH if you know that you have it." AS_MESSAGE([ERROR: $libz_errors]) fi else AC_DEFINE(LIBSSH2_HAVE_ZLIB, 1, [Compile in zlib support]) - LIBSREQUIRED="$LIBSREQUIRED${LIBSREQUIRED:+ }zlib" + LIBSSH2_PC_REQUIRES_PRIVATE="$LIBSSH2_PC_REQUIRES_PRIVATE${LIBSSH2_PC_REQUIRES_PRIVATE:+,}zlib" found_libz="yes" fi fi -AC_SUBST(LIBSREQUIRED) +AC_SUBST(LIBSSH2_PC_REQUIRES_PRIVATE) # # Optional Settings # -AC_ARG_ENABLE(crypt-none, - AC_HELP_STRING([--enable-crypt-none],[Permit "none" cipher -- NOT RECOMMENDED]), - [AC_DEFINE(LIBSSH2_CRYPT_NONE, 1, [Enable "none" cipher -- NOT RECOMMENDED])]) - -AC_ARG_ENABLE(mac-none, - AC_HELP_STRING([--enable-mac-none],[Permit "none" MAC -- NOT RECOMMENDED]), - [AC_DEFINE(LIBSSH2_MAC_NONE, 1, [Enable "none" MAC -- NOT RECOMMENDED])]) - -AC_ARG_ENABLE(gex-new, - AC_HELP_STRING([--disable-gex-new],[Disable "new" diffie-hellman-group-exchange-sha1 method]), - [GEX_NEW=$enableval]) -if test "$GEX_NEW" != "no"; then - AC_DEFINE(LIBSSH2_DH_GEX_NEW, 1, [Enable newer diffie-hellman-group-exchange-sha1 syntax]) -fi - AC_ARG_ENABLE(clear-memory, - AC_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]), + AS_HELP_STRING([--disable-clear-memory],[Disable clearing of memory before being freed]), [CLEAR_MEMORY=$enableval]) -if test "$CLEAR_MEMORY" != "no"; then - if test "$support_clear_memory" = "yes"; then - AC_DEFINE(LIBSSH2_CLEAR_MEMORY, 1, [Enable clearing of memory before being freed]) - enable_clear_memory=yes - else - if test "$CLEAR_MEMORY" = "yes"; then - AC_MSG_ERROR([secure clearing/zeroing of memory is not supported by the selected crypto backend]) - else - AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend]) - fi - enable_clear_memory=unsupported - fi +if test "$CLEAR_MEMORY" = "no"; then + AC_DEFINE(LIBSSH2_NO_CLEAR_MEMORY, 1, [Disable clearing of memory before being freed]) + enable_clear_memory=no else - if test "$support_clear_memory" = "yes"; then - enable_clear_memory=no - else - AC_MSG_WARN([secure clearing/zeroing of memory is not supported by the selected crypto backend]) - enable_clear_memory=unsupported - fi + enable_clear_memory=yes fi +LIBSSH2_CFLAG_EXTRAS="" + +LIBSSH2_CHECK_OPTION_WERROR + dnl ************************************************************ dnl option to switch on compiler debug options dnl AC_MSG_CHECKING([whether to enable pedantic and debug compiler options]) AC_ARG_ENABLE(debug, -AC_HELP_STRING([--enable-debug],[Enable pedantic and debug options]) -AC_HELP_STRING([--disable-debug],[Disable debug options]), +AS_HELP_STRING([--enable-debug],[Enable pedantic and debug options]) +AS_HELP_STRING([--disable-debug],[Disable debug options]), [ case "$enable_debug" in no) AC_MSG_RESULT(no) @@ -225,6 +207,8 @@ AC_HELP_STRING([--disable-debug],[Disable debug options]), AC_MSG_RESULT(no) ) +AC_SUBST(LIBSSH2_CFLAG_EXTRAS) + dnl ************************************************************ dnl Enable hiding of internal symbols in library to reduce its size and dnl speed dynamic linking of applications. This currently is only supported @@ -232,8 +216,8 @@ dnl on gcc >= 4.0 and SunPro C. dnl AC_MSG_CHECKING([whether to enable hidden symbols in the library]) AC_ARG_ENABLE(hidden-symbols, -AC_HELP_STRING([--enable-hidden-symbols],[Hide internal symbols in library]) -AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibility in library]), +AS_HELP_STRING([--enable-hidden-symbols],[Hide internal symbols in library]) +AS_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibility in library (default)]), [ case "$enableval" in no) AC_MSG_RESULT(no) @@ -264,11 +248,36 @@ AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibi AC_MSG_RESULT(no) ) +dnl Build without deprecated APIs? +AC_ARG_ENABLE([deprecated], + [AS_HELP_STRING([--disable-deprecated], [Build without deprecated APIs @<:@default=no@:>@])], + [case "$enableval" in + *) + with_deprecated="no" + CPPFLAGS="$CPPFLAGS -DLIBSSH2_NO_DEPRECATED" + ;; + esac], + [with_deprecated="yes"]) + +# Run Docker tests? +AC_ARG_ENABLE([docker-tests], + [AS_HELP_STRING([--disable-docker-tests], + [Do not run tests requiring Docker])], + [run_docker_tests=no], [run_docker_tests=yes]) +AM_CONDITIONAL([RUN_DOCKER_TESTS], [test "x$run_docker_tests" != "xno"]) + +# Run sshd tests? +AC_ARG_ENABLE([sshd-tests], + [AS_HELP_STRING([--disable-sshd-tests], + [Do not run tests requiring sshd])], + [run_sshd_tests=no], [run_sshd_tests=yes]) +AM_CONDITIONAL([RUN_SSHD_TESTS], [test "x$run_sshd_tests" != "xno"]) + # Build example applications? AC_MSG_CHECKING([whether to build example applications]) AC_ARG_ENABLE([examples-build], -AC_HELP_STRING([--enable-examples-build], [Build example applications (this is the default)]) -AC_HELP_STRING([--disable-examples-build], [Do not build example applications]), +AS_HELP_STRING([--enable-examples-build], [Build example applications (this is the default)]) +AS_HELP_STRING([--disable-examples-build], [Do not build example applications]), [case "$enableval" in no | false) build_examples='no' @@ -296,21 +305,10 @@ AM_CONDITIONAL([USE_OSSFUZZ_STATIC], [test -f "$LIB_FUZZING_ENGINE"]) # Checks for header files. -# AC_HEADER_STDC -AC_CHECK_HEADERS([errno.h fcntl.h stdio.h stdlib.h unistd.h sys/uio.h]) +AC_CHECK_HEADERS([errno.h fcntl.h stdio.h unistd.h sys/param.h sys/uio.h]) AC_CHECK_HEADERS([sys/select.h sys/socket.h sys/ioctl.h sys/time.h]) AC_CHECK_HEADERS([arpa/inet.h netinet/in.h]) -AC_CHECK_HEADERS([sys/un.h], [have_sys_un_h=yes], [have_sys_un_h=no]) -AM_CONDITIONAL([HAVE_SYS_UN_H], test "x$have_sys_un_h" = xyes) - -case $host in - *-*-cygwin* | *-*-cegcc*) - # These are POSIX-like systems using BSD-like sockets API. - ;; - *) - AC_CHECK_HEADERS([windows.h winsock2.h ws2tcpip.h]) - ;; -esac +AC_CHECK_HEADERS([sys/un.h]) case $host in *darwin*|*interix*) @@ -318,7 +316,7 @@ case $host in dnl Interix: "does provide poll(), but the implementing developer must dnl have been in a bad mood, because poll() only works on the /proc dnl filesystem here" - dnl Mac OS X's poll has funny behaviors, like: + dnl macOS poll() has funny behaviors, like: dnl not being able to do poll on no fildescriptors (10.3?) dnl not being able to poll on some files (like anything in /dev) dnl not having reliable timeout support @@ -330,21 +328,21 @@ case $host in ;; esac -AC_CHECK_FUNCS(gettimeofday select strtoll memset_s) +AC_CHECK_FUNCS(gettimeofday select strtoll explicit_bzero explicit_memset memset_s snprintf) dnl Check for select() into ws2_32 for Msys/Mingw if test "$ac_cv_func_select" != "yes"; then AC_MSG_CHECKING([for select in ws2_32]) - AC_TRY_LINK([ -#ifdef HAVE_WINSOCK2_H + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#ifdef HAVE_WINDOWS_H #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif #include #endif - ],[ + ]], [[ select(0,(fd_set *)NULL,(fd_set *)NULL,(fd_set *)NULL,(struct timeval *)NULL); - ],[ + ]])],[ AC_MSG_RESULT([yes]) HAVE_SELECT="1" AC_DEFINE_UNQUOTED(HAVE_SELECT, 1, @@ -375,11 +373,44 @@ if test "$found_crypto" = "none"; then fi if test $missing_required_deps = 1; then - AC_MSG_ERROR([Required dependencies are missing!]) + AC_MSG_ERROR([Required dependencies are missing.]) fi +AM_CONDITIONAL([HAVE_WINDRES], + [test "x$have_windows_h" = "xyes" && test "x${enable_shared}" = "xyes" && test -n "${RC}"]) + +AM_CONDITIONAL([HAVE_LIB_STATIC], [test "x$enable_static" != "xno"]) + # Configure parameters -LIBSSH2_CHECK_OPTION_WERROR + +# Append crypto lib +if test "$found_crypto" = "openssl"; then + LIBS="${LIBS} ${LTLIBSSL}" +elif test "$found_crypto" = "wolfssl"; then + LIBS="${LIBS} ${LTLIBWOLFSSL}" +elif test "$found_crypto" = "libgcrypt"; then + LIBS="${LIBS} ${LTLIBGCRYPT}" +elif test "$found_crypto" = "wincng"; then + LIBS="${LIBS} ${LTLIBBCRYPT}" +elif test "$found_crypto" = "mbedtls"; then + LIBS="${LIBS} ${LTLIBMBEDCRYPTO}" +fi + +LIBS="${LIBS} ${LTLIBZ}" + +LIBSSH2_PC_LIBS_PRIVATE=$LIBS +AC_SUBST(LIBSSH2_PC_LIBS_PRIVATE) + +dnl merge the pkg-config private fields into public ones when static-only +if test "x$enable_shared" = "xyes"; then + LIBSSH2_PC_REQUIRES= + LIBSSH2_PC_LIBS= +else + LIBSSH2_PC_REQUIRES=$LIBSSH2_PC_REQUIRES_PRIVATE + LIBSSH2_PC_LIBS=$LIBSSH2_PC_LIBS_PRIVATE +fi +AC_SUBST(LIBSSH2_PC_REQUIRES) +AC_SUBST(LIBSSH2_PC_LIBS) AC_CONFIG_FILES([Makefile src/Makefile @@ -392,16 +423,19 @@ AC_OUTPUT AC_MSG_NOTICE([summary of build options: - version: ${LIBSSH2VER} + version: ${LIBSSH2_VERSION} Host type: ${host} Install prefix: ${prefix} Compiler: ${CC} Compiler flags: ${CFLAGS} Library types: Shared=${enable_shared}, Static=${enable_static} Crypto library: ${found_crypto_str} + zlib compression: ${found_libz} Clear memory: $enable_clear_memory + Deprecated APIs: $with_deprecated Debug build: $enable_debug Build examples: $build_examples + Run Docker tests: $run_docker_tests + Run sshd tests: $run_sshd_tests Path to sshd: $ac_cv_path_SSHD (only for self-tests) - zlib compression: ${found_libz} ]) diff --git a/docs/.gitignore b/docs/.gitignore index 3aed763290..6fc54d7cf0 100644 --- a/docs/.gitignore +++ b/docs/.gitignore @@ -1,3 +1,4 @@ Makefile Makefile.in +Makefile.am.cmake coverage diff --git a/docs/AUTHORS b/docs/AUTHORS index 5c7445bf13..e94299fcf6 100644 --- a/docs/AUTHORS +++ b/docs/AUTHORS @@ -1,5 +1,5 @@ libssh2 is the result of many friendly people. This list is an attempt to - mention all contributors. If we've missed anyone, tell us! + mention all contributors. If we have missed anyone, tell us! This list of names is a-z sorted. @@ -71,6 +71,7 @@ Steven Van Ingelgem TJ Saunders Tommy Lindgren Tor Arntsen +Viktor Szakats Vincent Jaulin Vincent Torri Vlad Grachov diff --git a/docs/BINDINGS b/docs/BINDINGS deleted file mode 100644 index 471f9be8c9..0000000000 --- a/docs/BINDINGS +++ /dev/null @@ -1,29 +0,0 @@ - -Creative people have written bindings or interfaces for various environments -and programming languages. Using one of these bindings allows you to take -advantage of libssh2 directly from within your favourite language. - -The bindings listed below are not part of the libssh2 distribution archives, -but must be downloaded and installed separately. - -Cocoa/Objective-C - https://github.com/karelia/libssh2_sftp-Cocoa-wrapper - -Haskell - FFI bindings - https://hackage.haskell.org/package/libssh2 - -Perl - Net::SSH2 - https://metacpan.org/pod/Net::SSH2 - -PHP - ssh2 - https://pecl.php.net/package/ssh2 - -Python - pylibssh2 - https://pypi.python.org/pypi/pylibssh2 - -Python-ctypes - - PySsh2 - https://github.com/gellule/PySsh2 - -Ruby - libssh2-ruby - https://github.com/mitchellh/libssh2-ruby diff --git a/docs/BINDINGS.md b/docs/BINDINGS.md new file mode 100644 index 0000000000..63ad1b0d34 --- /dev/null +++ b/docs/BINDINGS.md @@ -0,0 +1,25 @@ +libssh2 bindings +================ + +Creative people have written bindings or interfaces for various environments +and programming languages. Using one of these bindings allows you to take +advantage of libssh2 directly from within your favourite language. + +The bindings listed below are not part of the libssh2 distribution archives, +but must be downloaded and installed separately. + + + +[Cocoa/Objective-C](https://github.com/karelia/libssh2_sftp-Cocoa-wrapper) + +[Haskell FFI bindings](https://hackage.haskell.org/package/libssh2) + +[Perl Net::SSH2](https://metacpan.org/pod/Net::SSH2) + +[PHP ssh2](https://pecl.php.net/package/ssh2) + +[Python pylibssh2](https://pypi.python.org/pypi/pylibssh2) + +[Python-ctypes PySsh2](https://github.com/gellule/PySsh2) + +[Ruby libssh2-ruby](https://github.com/mitchellh/libssh2-ruby) diff --git a/docs/CMakeLists.txt b/docs/CMakeLists.txt index 6abf0e4989..a3af046154 100644 --- a/docs/CMakeLists.txt +++ b/docs/CMakeLists.txt @@ -1,4 +1,5 @@ -# Copyright (c) 2014 Alexander Lamaison +# Copyright (C) Alexander Lamaison +# Copyright (C) Viktor Szakats # # Redistribution and use in source and binary forms, # with or without modification, are permitted provided @@ -32,179 +33,12 @@ # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY # OF SUCH DAMAGE. +# +# SPDX-License-Identifier: BSD-3-Clause -set(MAN_PAGES - libssh2_agent_connect.3 - libssh2_agent_disconnect.3 - libssh2_agent_free.3 - libssh2_agent_get_identity.3 - libssh2_agent_get_identity_path.3 - libssh2_agent_init.3 - libssh2_agent_list_identities.3 - libssh2_agent_set_identity_path.3 - libssh2_agent_userauth.3 - libssh2_banner_set.3 - libssh2_base64_decode.3 - libssh2_channel_close.3 - libssh2_channel_direct_tcpip.3 - libssh2_channel_direct_tcpip_ex.3 - libssh2_channel_eof.3 - libssh2_channel_exec.3 - libssh2_channel_flush.3 - libssh2_channel_flush_ex.3 - libssh2_channel_flush_stderr.3 - libssh2_channel_forward_accept.3 - libssh2_channel_forward_cancel.3 - libssh2_channel_forward_listen.3 - libssh2_channel_forward_listen_ex.3 - libssh2_channel_free.3 - libssh2_channel_get_exit_signal.3 - libssh2_channel_get_exit_status.3 - libssh2_channel_handle_extended_data.3 - libssh2_channel_handle_extended_data2.3 - libssh2_channel_ignore_extended_data.3 - libssh2_channel_open_ex.3 - libssh2_channel_open_session.3 - libssh2_channel_process_startup.3 - libssh2_channel_read.3 - libssh2_channel_read_ex.3 - libssh2_channel_read_stderr.3 - libssh2_channel_receive_window_adjust.3 - libssh2_channel_receive_window_adjust2.3 - libssh2_channel_request_pty.3 - libssh2_channel_request_pty_ex.3 - libssh2_channel_request_pty_size.3 - libssh2_channel_request_pty_size_ex.3 - libssh2_channel_send_eof.3 - libssh2_channel_set_blocking.3 - libssh2_channel_setenv.3 - libssh2_channel_setenv_ex.3 - libssh2_channel_shell.3 - libssh2_channel_subsystem.3 - libssh2_channel_wait_closed.3 - libssh2_channel_wait_eof.3 - libssh2_channel_window_read.3 - libssh2_channel_window_read_ex.3 - libssh2_channel_window_write.3 - libssh2_channel_window_write_ex.3 - libssh2_channel_write.3 - libssh2_channel_write_ex.3 - libssh2_channel_write_stderr.3 - libssh2_channel_x11_req.3 - libssh2_channel_x11_req_ex.3 - libssh2_exit.3 - libssh2_free.3 - libssh2_hostkey_hash.3 - libssh2_init.3 - libssh2_keepalive_config.3 - libssh2_keepalive_send.3 - libssh2_knownhost_add.3 - libssh2_knownhost_addc.3 - libssh2_knownhost_check.3 - libssh2_knownhost_checkp.3 - libssh2_knownhost_del.3 - libssh2_knownhost_free.3 - libssh2_knownhost_get.3 - libssh2_knownhost_init.3 - libssh2_knownhost_readfile.3 - libssh2_knownhost_readline.3 - libssh2_knownhost_writefile.3 - libssh2_knownhost_writeline.3 - libssh2_poll.3 - libssh2_poll_channel_read.3 - libssh2_publickey_add.3 - libssh2_publickey_add_ex.3 - libssh2_publickey_init.3 - libssh2_publickey_list_fetch.3 - libssh2_publickey_list_free.3 - libssh2_publickey_remove.3 - libssh2_publickey_remove_ex.3 - libssh2_publickey_shutdown.3 - libssh2_scp_recv.3 - libssh2_scp_recv2.3 - libssh2_scp_send.3 - libssh2_scp_send64.3 - libssh2_scp_send_ex.3 - libssh2_session_abstract.3 - libssh2_session_banner_get.3 - libssh2_session_banner_set.3 - libssh2_session_block_directions.3 - libssh2_session_callback_set.3 - libssh2_session_disconnect.3 - libssh2_session_disconnect_ex.3 - libssh2_session_flag.3 - libssh2_session_free.3 - libssh2_session_get_blocking.3 - libssh2_session_get_timeout.3 - libssh2_session_handshake.3 - libssh2_session_hostkey.3 - libssh2_session_init.3 - libssh2_session_init_ex.3 - libssh2_session_last_errno.3 - libssh2_session_last_error.3 - libssh2_session_set_last_error.3 - libssh2_session_method_pref.3 - libssh2_session_methods.3 - libssh2_session_set_blocking.3 - libssh2_session_set_timeout.3 - libssh2_session_startup.3 - libssh2_session_supported_algs.3 - libssh2_sftp_close.3 - libssh2_sftp_close_handle.3 - libssh2_sftp_closedir.3 - libssh2_sftp_fsetstat.3 - libssh2_sftp_fstat.3 - libssh2_sftp_fstat_ex.3 - libssh2_sftp_fstatvfs.3 - libssh2_sftp_fsync.3 - libssh2_sftp_get_channel.3 - libssh2_sftp_init.3 - libssh2_sftp_last_error.3 - libssh2_sftp_lstat.3 - libssh2_sftp_mkdir.3 - libssh2_sftp_mkdir_ex.3 - libssh2_sftp_open.3 - libssh2_sftp_open_ex.3 - libssh2_sftp_opendir.3 - libssh2_sftp_read.3 - libssh2_sftp_readdir.3 - libssh2_sftp_readdir_ex.3 - libssh2_sftp_readlink.3 - libssh2_sftp_realpath.3 - libssh2_sftp_rename.3 - libssh2_sftp_rename_ex.3 - libssh2_sftp_rewind.3 - libssh2_sftp_rmdir.3 - libssh2_sftp_rmdir_ex.3 - libssh2_sftp_seek.3 - libssh2_sftp_seek64.3 - libssh2_sftp_setstat.3 - libssh2_sftp_shutdown.3 - libssh2_sftp_stat.3 - libssh2_sftp_stat_ex.3 - libssh2_sftp_statvfs.3 - libssh2_sftp_symlink.3 - libssh2_sftp_symlink_ex.3 - libssh2_sftp_tell.3 - libssh2_sftp_tell64.3 - libssh2_sftp_unlink.3 - libssh2_sftp_unlink_ex.3 - libssh2_sftp_write.3 - libssh2_trace.3 - libssh2_trace_sethandler.3 - libssh2_userauth_authenticated.3 - libssh2_userauth_hostbased_fromfile.3 - libssh2_userauth_hostbased_fromfile_ex.3 - libssh2_userauth_keyboard_interactive.3 - libssh2_userauth_keyboard_interactive_ex.3 - libssh2_userauth_list.3 - libssh2_userauth_password.3 - libssh2_userauth_password_ex.3 - libssh2_userauth_publickey.3 - libssh2_userauth_publickey_fromfile.3 - libssh2_userauth_publickey_fromfile_ex.3 - libssh2_userauth_publickey_frommemory.3 - libssh2_version.3) +transform_makefile_inc("Makefile.am" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.am.cmake") +# Get 'dist_man_MANS' variable +include("${CMAKE_CURRENT_BINARY_DIR}/Makefile.am.cmake") include(GNUInstallDirs) -install(FILES ${MAN_PAGES} DESTINATION ${CMAKE_INSTALL_MANDIR}/man3) +install(FILES ${dist_man_MANS} DESTINATION "${CMAKE_INSTALL_MANDIR}/man3") diff --git a/docs/HACKING b/docs/HACKING deleted file mode 100644 index 5da8e66c23..0000000000 --- a/docs/HACKING +++ /dev/null @@ -1,13 +0,0 @@ - -libssh2 source code style guide: - - - 4 level indent - - spaces-only (no tabs) - - open braces on the if/for line: - - if (banana) { - go_nuts(); - } - - - keep source lines shorter than 80 columns - - See libssh2-style.el for how to achieve this within Emacs diff --git a/docs/HACKING-CRYPTO b/docs/HACKING-CRYPTO index ca6316b086..bce5d215e2 100644 --- a/docs/HACKING-CRYPTO +++ b/docs/HACKING-CRYPTO @@ -31,19 +31,18 @@ LIBSSH2_LIB_HAVE_LINKFLAGS from LIBSSH2_CRYPTO_CHECK, which automatically creates and handles a --with-$newname-prefix option and sets an LTLIBNEWNAME variable on success. -0.3) Create Makefile.newname.inc in the top-level directory +0.3) Add new header to src/Makefile.inc -This must set CRYPTO_CSOURCES, CRYPTO_HHEADERS and CRYPTO_LTLIBS. -Set CRYPTO_CSOURCES and CRYPTO_HHEADERS to the new backend source files -and set CRYPTO_LTLIBS to the required library linking parameters, e.g. -$(LTLIBNEWNAME) as generated by by LIBSSH2_LIB_HAVE_LINKFLAGS. +0.4) Include new source in src/crypto.c -0.4) Add a new block in src/Makefile.am +0.5) Add a new block in configure.ac -if NEWNAME -include ../Makefile.newname.inc -endif +``` +elif test "$found_crypto" = "newname"; then + LIBS="${LIBS} ${LTLIBNEWNAME}" +``` +0.6) Add CMake detection logic to CMakeLists.txt 1) Crypto library initialization/termination. @@ -53,6 +52,10 @@ Initializes the crypto library. May be an empty macro if not needed. void libssh2_crypto_exit(void); Terminates the crypto library use. May be an empty macro if not needed. +1.1) Crypto runtime detection + +The libssh2_crypto_engine_t enum must include the new engine, and +libssh2_crypto_engine() must return it when it is built in. 2) HMAC @@ -148,7 +151,7 @@ Note: if the ctx parameter is modified by the underlying code, this procedure must be implemented as a macro to map ctx --> &ctx. int libssh2_sha256(const unsigned char *message, - unsigned long len, + size_t len, unsigned char output[SHA256_DIGEST_LENGTH]); Computes the SHA-256 signature over the given message of length len and store the result into the output buffer. @@ -193,7 +196,7 @@ Note: if the ctx parameter is modified by the underlying code, this procedure must be implemented as a macro to map ctx --> &ctx. int libssh2_sha384(const unsigned char *message, - unsigned long len, + size_t len, unsigned char output[SHA384_DIGEST_LENGTH]); Computes the SHA-384 signature over the given message of length len and store the result into the output buffer. @@ -227,7 +230,7 @@ Note: if the ctx parameter is modified by the underlying code, this procedure must be implemented as a macro to map ctx --> &ctx. int libssh2_sha512(const unsigned char *message, - unsigned long len, + size_t len, unsigned char output[SHA512_DIGEST_LENGTH]); Computes the SHA-512 signature over the given message of length len and store the result into the output buffer. @@ -389,7 +392,7 @@ _libssh2_cipher_cast5 CAST5-CBC algorithm identifier initializer. #define with constant value of type _libssh2_cipher_type(). -4.5) Tripple DES in CBC block mode. +4.5) Triple DES in CBC block mode. LIBSSH2_3DES #define as 1 if the crypto library supports TripleDES in CBC mode, else 0. If defined as 0, the rest of this section can be omitted. @@ -401,6 +404,21 @@ TripleDES-CBC algorithm identifier initializer. 5) Diffie-Hellman support. +LIBSSH2_DH_GEX_MINGROUP +The minimum Diffie-Hellman group length in bits supported by the backend. +Usually defined as 2048. + +LIBSSH2_DH_GEX_OPTGROUP +The preferred Diffie-Hellman group length in bits. Usually defined as 4096. + +LIBSSH2_DH_GEX_MAXGROUP +The maximum Diffie-Hellman group length in bits supported by the backend. +Usually defined as 8192. + +LIBSSH2_DH_MAX_MODULUS_BITS +The maximum Diffie-Hellman modulus bit count accepted from the server. This +value must be supported by the backend. Usually 16384. + 5.1) Diffie-Hellman context. _libssh2_dh_ctx Type of a Diffie-Hellman computation context. @@ -596,7 +614,7 @@ This procedure is already prototyped in crypto.h. int _libssh2_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa, LIBSSH2_SESSION *session, const char *data, - size_t data_len, + size_t data_len, unsigned const char *passphrase); Gets an RSA private key from data into a new RSA context. Must call _libssh2_init_if_needed(). @@ -605,8 +623,8 @@ This procedure is already prototyped in crypto.h. int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa, const unsigned char *sig, - unsigned long sig_len, - const unsigned char *m, unsigned long m_len); + size_t sig_len, + const unsigned char *m, size_t m_len); Verify (sig, sig_len) signature of (m, m_len) using an SHA-1 hash and the RSA context. Return 0 if OK, else -1. @@ -653,13 +671,34 @@ the allocated signature at (signature, signature_len). Signature buffer must be allocated from the given session. Returns 0 if OK, else -1. This procedure is already prototyped in crypto.h. -Note: this procedure is not used if macro _libssh2_rsa_sha1_signv() is defined. +Note: this procedure is not used if both macros _libssh2_rsa_sha2_256_signv() +and _libssh2_rsa_sha2_512_signv are defined. + +int _libssh2_rsa_sha2_256_signv(LIBSSH2_SESSION *session, + unsigned char **sig, size_t *siglen, + int count, const struct iovec vector[], + libssh2_rsa_ctx *ctx); +RSA signs the SHA-256 hash computed over the count data chunks in vector. +Signature is stored at (sig, siglen). +Signature buffer must be allocated from the given session. +Returns 0 if OK, else -1. +Note: this procedure is optional: if provided, it MUST be defined as a macro. + +int _libssh2_rsa_sha2_512_signv(LIBSSH2_SESSION *session, + unsigned char **sig, size_t *siglen, + int count, const struct iovec vector[], + libssh2_rsa_ctx *ctx); +RSA signs the SHA-512 hash computed over the count data chunks in vector. +Signature is stored at (sig, siglen). +Signature buffer must be allocated from the given session. +Returns 0 if OK, else -1. +Note: this procedure is optional: if provided, it MUST be defined as a macro. int _libssh2_rsa_sha2_verify(libssh2_rsa_ctx * rsa, size_t hash_len, const unsigned char *sig, - unsigned long sig_len, - const unsigned char *m, unsigned long m_len); + size_t sig_len, + const unsigned char *m, size_t m_len); Verify (sig, sig_len) signature of (m, m_len) using an SHA-2 hash based on hash length and the RSA context. Return 0 if OK, else -1. @@ -714,7 +753,7 @@ This procedure is already prototyped in crypto.h. int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx, const unsigned char *sig, - const unsigned char *m, unsigned long m_len); + const unsigned char *m, size_t m_len); Verify (sig, siglen) signature of (m, m_len) using an SHA-1 hash and the DSA context. Returns 0 if OK, else -1. @@ -722,7 +761,7 @@ This procedure is already prototyped in crypto.h. int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx, const unsigned char *hash, - unsigned long hash_len, unsigned char *sig); + size_t hash_len, unsigned char *sig); DSA signs the (hash, hash_len) data using SHA-1 and store the signature at sig. Returns 0 if OK, else -1. This procedure is already prototyped in crypto.h. @@ -871,7 +910,7 @@ This procedure is already prototyped in crypto.h. int _libssh2_ed25519_new_public(libssh2_ed25519_ctx **ed_ctx, LIBSSH2_SESSION *session, const unsigned char *raw_pub_key, - const uint8_t key_len); + const size_t key_len); Stores at ed_ctx a new ED25519 key context for raw public key (raw_pub_key, key_len). Return 0 if OK, else -1. @@ -924,6 +963,17 @@ In example, this is needed to preset unused structure slacks on platforms requiring it. If this is not needed, it should be defined as an empty macro. -int _libssh2_random(unsigned char *buf, int len); +int _libssh2_random(unsigned char *buf, size_t len); Store len random bytes at buf. Returns 0 if OK, else -1. + +const char * _libssh2_supported_key_sign_algorithms(LIBSSH2_SESSION *session, + unsigned char *key_method, + size_t key_method_len); + +This function is for implementing key hash upgrading as defined in RFC 8332. + +Based on the incoming key_method value, this function will return a +list of supported algorithms that can upgrade the original key method algorithm +as a comma separated list, if there is no upgrade option this function should +return NULL. diff --git a/docs/HACKING.md b/docs/HACKING.md new file mode 100644 index 0000000000..11ddbd305d --- /dev/null +++ b/docs/HACKING.md @@ -0,0 +1,14 @@ +# libssh2 source code style guide + +- 4 level indent +- spaces-only (no tabs) +- open braces on the if/for line: + + ``` + if (banana) { + go_nuts(); + } + ``` + +- keep source lines shorter than 80 columns +- See `libssh2-style.el` for how to achieve this within Emacs diff --git a/docs/INSTALL_AUTOTOOLS b/docs/INSTALL_AUTOTOOLS index a75b51814d..3e42c697e5 100644 --- a/docs/INSTALL_AUTOTOOLS +++ b/docs/INSTALL_AUTOTOOLS @@ -7,12 +7,13 @@ Software Foundation, Inc. This file is free documentation; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. +SPDX-License-Identifier: FSFULLR + When Building directly from Master ================================== If you want to build directly from the git repository, you must first -generate the configure script and Makefile using autotools. There is -a convenience script that calls all tools in the correct order. Make +generate the configure script and Makefile using autotools. Make sure that autoconf, automake and libtool are installed on your system, then execute: @@ -38,7 +39,7 @@ file `config.log' containing compiler output (useful mainly for debugging `configure'). It can also use an optional file (typically called `config.cache' -and enabled with `--cache-file=config.cache' or simply `-C') that saves +and enabled with `--cache-file=config.cache' or shortly `-C') that saves the results of its tests to speed up reconfiguring. (Caching is disabled by default to prevent problems with accidental use of stale cache files.) @@ -47,7 +48,7 @@ cache files.) to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If you are using the cache, and at -some point `config.cache' contains results you don't want to keep, you +some point `config.cache' contains results you do not want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create @@ -58,7 +59,7 @@ a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. If you're + `./configure' to configure the package for your system. If you are using `csh' on an old version of System V, you might need to type `sh ./configure' instead to prevent `csh' from trying to execute `configure' itself. @@ -149,7 +150,7 @@ is something like `gnu-as' or `x' (for the X Window System). The package recognizes. For packages that use the X Window System, `configure' can usually -find the X include and library files automatically, but if it doesn't, +find the X include and library files automatically, but if it does not, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. @@ -171,7 +172,7 @@ where SYSTEM can have one of these forms: OS KERNEL-OS See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't +`config.sub' is not included in this package, then this package does not need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should @@ -255,73 +256,33 @@ More configure options Some ./configure options deserve additional comments: - * --enable-crypt-none - - The SSH2 Transport allows for unencrypted data - transmission using the "none" cipher. Because this is - such a huge security hole, it is typically disabled on - SSH2 implementations and is disabled in libssh2 by - default as well. - - Enabling this option will allow for "none" as a - negotiable method, however it still requires that the - method be advertized by the remote end and that no - more-preferable methods are available. - - * --enable-mac-none - - The SSH2 Transport also allows implementations to - forego a message authentication code. While this is - less of a security risk than using a "none" cipher, it - is still not recommended as disabling MAC hashes - removes a layer of security. - - Enabling this option will allow for "none" as a - negotiable method, however it still requires that the - method be advertized by the remote end and that no - more-preferable methods are available. - - * --disable-gex-new - - The diffie-hellman-group-exchange-sha1 (dh-gex) key - exchange method originally defined an exchange - negotiation using packet type 30 to request a - generation pair based on a single target value. Later - refinement of dh-gex provided for range and target - values. By default libssh2 will use the newer range - method. - - If you experience trouble connecting to an old SSH - server using dh-gex, try this option to fallback on - the older more reliable method. - * --with-libgcrypt * --without-libgcrypt * --with-libgcrypt-prefix=DIR - libssh2 can use the Libgcrypt library - (https://www.gnupg.org/) for cryptographic operations. + libssh2 can use the Libgcrypt library + (https://www.gnupg.org/) for cryptographic operations. One of the cryptographic libraries is required. - Configure will attempt to locate Libgcrypt - automatically. + Configure will attempt to locate Libgcrypt + automatically. - If your installation of Libgcrypt is in another - location, specify it using --with-libgcrypt-prefix. + If your installation of Libgcrypt is in another + location, specify it using --with-libgcrypt-prefix. * --with-openssl * --without-openssl * --with-libssl-prefix=[DIR] - libssh2 can use the OpenSSL library - (https://www.openssl.org) for cryptographic operations. + libssh2 can use the OpenSSL library + (https://www.openssl.org) for cryptographic operations. One of the cryptographic libraries is required. - Configure will attempt to locate OpenSSL in the - default location. + Configure will attempt to locate OpenSSL in the + default location. - If your installation of OpenSSL is in another - location, specify it using --with-libssl-prefix. + If your installation of OpenSSL is in another + location, specify it using --with-libssl-prefix. * --with-mbedtls * --without-mbedtls @@ -341,15 +302,15 @@ Some ./configure options deserve additional comments: * --without-libz * --with-libz-prefix=[DIR] - If present, libssh2 will attempt to use the zlib - (http://www.zlib.org) for payload compression, however - zlib is not required. + If present, libssh2 will attempt to use the zlib + (https://zlib.net/) for payload compression, however + zlib is not required. - If your installation of Libz is in another location, - specify it using --with-libz-prefix. + If your installation of Libz is in another location, + specify it using --with-libz-prefix. * --enable-debug - Will make the build use more pedantic and strict compiler - options as well as enable the libssh2_trace() function (for - showing debug traces). + Will make the build use more pedantic and strict compiler + options as well as enable the libssh2_trace() function (for + showing debug traces). diff --git a/docs/INSTALL_CMAKE.md b/docs/INSTALL_CMAKE.md index c136fdcee8..146e80d4b3 100644 --- a/docs/INSTALL_CMAKE.md +++ b/docs/INSTALL_CMAKE.md @@ -6,10 +6,11 @@ Web site source code: https://github.com/libssh2/www Installation instructions are in docs/INSTALL ======= -To build libssh2 you will need CMake v2.8 or later [1] and one of the +To build libssh2 you will need CMake v3.7 or later [1] and one of the following cryptography libraries: * OpenSSL +* wolfSSL * Libgcrypt * WinCNG * mbedTLS @@ -21,8 +22,14 @@ If you are happy with the default options, make a new build directory, change to it, configure the build environment and build the project: ``` - mkdir bin - cd bin + cmake -B bld + cmake --build bld +``` + +Use this with CMake 3.12.x or older: +``` + mkdir bld + cd bld cmake .. cmake --build . ``` @@ -35,8 +42,8 @@ cryptography library available. The library binary will be put in Customising the build --------------------- -Of course, you might want to customise the build options. You can -pass the options to CMake on the command line: +You might want to customise the build options. You can pass the options +to CMake on the command line: cmake -D