X-Recipient: archive-cygwin AT delorie DOT com X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A8EAE3857828 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSW.ab.ca Authentication-Results: sourceware.org; spf=none smtp.mailfrom=brian DOT inglis AT systematicsw DOT ab DOT ca X-Authority-Analysis: v=2.4 cv=Nv6yz+RJ c=1 sm=1 tr=0 ts=60a0afc6 a=T+ovY1NZ+FAi/xYICV7Bgg==:117 a=T+ovY1NZ+FAi/xYICV7Bgg==:17 a=oeppcwj8AAAA:8 a=nzlN5NquyZt7nC4hDMIA:9 a=5n1A7qh1AjcA:10 a=EbX5vdCAct3xugfmopdr:22 From: Cygwin libssh2 Maintainer To: cygwin AT cygwin DOT com Date: Sat, 15 May 2021 23:19:28 -0600 Message-Id: Subject: [ANNOUNCEMENT] Updated: libssh2_1, libssh2-devel 1.9 X-CMAE-Envelope: MS4xfE3acxsfTdxuIsUXcTrhPF3hhdvTJeL/Hh9s2GN7NUf7MT/tIOhw0xHqyyU2Tn6kWESYa7Kc0IGmgUEU+RrMuS5S0z/SrKX+uuZFSEgEcWNbhqzKs7mO q+XSM+Z+kW09mKS++etws2rxxWmZaDBC4HIdLhdYRgTSy9MVuu6tPxcP3ywLOTl8rb7rLn95Puo5YdXhFXUR1jcORoNaWgMpXmkWNGGI01eivAP6cfXiU0uw oF/Jd5XqEybDIkscL/wjTSWlHpKGhJiFrJwvlZUST28= X-Spam-Status: No, score=0.9 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_NUMSUBJECT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: cygwin-announce AT cygwin DOT com X-Mailman-Version: 2.1.29 X-Mailer: Perl5 Mail::Internet v2.20 X-BeenThere: cygwin AT cygwin DOT com List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: cygwin AT cygwin DOT com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Cygwin" The following packages have been upgraded in the Cygwin distribution: * libssh2_1 1.9 * libssh2-devel 1.9 libssh2 is a library implementing the SSH2 protocol, supporting many features. For more information see the project home page: https://libssh2.org/ As there are many changes each release please see below or read /usr/share/doc/libssh2/RELEASE-NOTES after installation for complete details: https://libssh2.org/changes.html libssh2 1.9.0 This release includes the following enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * fixed compiling on Windows with the flag STDCALL=ON * improved building instructions * improved unit tests libssh2 1.8.2 This release includes the following bug fixes: * Fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header libssh2 1.8.1 This release includes the following bug fixes: * fixed possible integer overflow when reading a specially crafted packet * fixed possible integer overflow in userauth_keyboard_interactive with a number of extremely long prompt strings * fixed possible integer overflow if the server sent an extremely large number of keyboard prompts * fixed possible out of bounds read when processing a specially crafted packet * fixed possible integer overflow when receiving a specially crafted exit signal message channel packet * fixed possible out of bounds read when receiving a specially crafted exit status message channel packet * fixed possible zero byte allocation when reading a specially crafted SFTP packet * fixed possible out of bounds reads when processing specially crafted SFTP packets * fixed possible out of bounds reads in _libssh2_packet_require(v) libssh2 1.8.0 This release includes the following changes: * added a basic dockerised test suite * crypto: add support for the mbedTLS backend This release includes the following bugfixes: * libgcrypt: fixed a NULL pointer dereference on OOM * VMS: can't use %zd for off_t format * VMS: update vms/libssh2_config.h * windows: link with crypt32.lib * libssh2_channel_open: speeling error fixed in channel error message * msvc: fixed 14 compilation warnings * tests: HAVE_NETINET_IN_H was not defined correctly * openssl: add OpenSSL 1.1.0 compatibility * cmake: Add CLEAR_MEMORY option, analogously to that for autoconf * configure: make the --with-* options override the OpenSSL default * libssh2_wait_socket: set err_msg on errors * libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple