iibssh2: update to 1.9.0

1 files changed, 1220 insertions, 817 deletions

diff --git a/libs/libssh2/docs/NEWS b/libs/libssh2/docs/NEWS
index a9c0a3f1ba..4c7f1eacf3 100644
--- a/libs/libssh2/docs/NEWS
+++ b/libs/libssh2/docs/NEWS
@@ -1,67 +1,1260 @@
    Changelog for the libssh2 project. Generated with git2news.pl
 
-Version 1.8.2 (25 Mar 2019)
+GitHub (19 Jun 2019)
+- [Will Cosgrove brought this change]
+
+  1.9 Formatting
+
+- [Will Cosgrove brought this change]
+
+  1.9 Release notes
+
+Will Cosgrove (17 May 2019)
+- [Alexander Curtiss brought this change]
+
+  libgcrypt.c : Fixed _libssh2_rsa_sha1_sign memory leak. (#370)
+  
+  File: libgcrypt.c
+  
+  Notes : Added calls to gcry_sexp_release to free memory allocated by gcry_sexp_find_token
+  
+  Credit :
+  Reporter : beckmi
+  PR by: Alexander Curtiss
+
+- [Orivej Desh brought this change]
+
+  libssh2_priv.h : Fix musl build warning on sys/poll.h (#346)
+  
+  File : libssh2_priv.h
+  
+  Notes :
+  musl prints `redirecting incorrect #include <sys/poll.h> to <poll.h>`
+  http://git.musl-libc.org/cgit/musl/commit/include/sys/poll.h?id=54446d730cfb17c5f7bcf57f139458678f5066cc
+  
+  poll is defined by POSIX to be in poll.h:
+  http://pubs.opengroup.org/onlinepubs/7908799/xsh/poll.html
+  
+  Credit : Orivej Desh
+
+GitHub (1 May 2019)
+- [Will Cosgrove brought this change]
+
+  kex.c : additional bounds checks in diffie_hellman_sha1/256 (#361)
+  
+  Files : kex.c, misc.c, misc.h
+  
+  Notes :
+  Fixed possible out of bounds memory access when reading malformed data in diffie_hellman_sha1() and diffie_hellman_sha256().
+  
+  Added _libssh2_copy_string() to misc.c to return an allocated and filled char buffer from a string_buf offset. Removed no longer needed s var in kmdhgGPshakex_state_t.
+
+Will Cosgrove (26 Apr 2019)
+- [Tseng Jun brought this change]
+
+  sftp.c : sftp_bin2attr() Correct attrs->gid assignment (#366)
+  
+  Regression with fix for #339
+  
+  Credit : Tseng Jun
+
+- [Tseng Jun brought this change]
+
+  kex.c : Correct type cast in curve25519_sha256() (#365)
+
+GitHub (24 Apr 2019)
+- [Will Cosgrove brought this change]
+
+  transport.c : scope local total_num var (#364)
+  
+  file : transport.c
+  notes : move local `total_num` variable inside of if block to prevent scope access issues which caused #360.
+
+Will Cosgrove (24 Apr 2019)
+- [doublex brought this change]
+
+  transport.c : fixes bounds check if partial packet is read
+  
+  Files : transport.c
+  
+  Issue : #360
+  
+  Notes :
+   'p->total_num' instead of local value total_num when doing bounds check.
+  
+  Credit : Doublex
+
+GitHub (23 Apr 2019)
+- [Will Cosgrove brought this change]
+
+  Editor config file for source files (#322)
+  
+  Simple start to an editor config file when editing source files to make sure they are configured correctly.
+
+- [Will Cosgrove brought this change]
+
+  misc.c : String buffer API improvements (#332)
+  
+  Files : misc.c, hostkey.c, kex.c, misc.h, openssl.c, sftp.c
+  
+  Notes :
+  * updated _libssh2_get_bignum_bytes and _libssh2_get_string. Now pass in length as an argument instead of returning it to keep signedness correct. Now returns -1 for failure, 0 for success.
+  
+  _libssh2_check_length now returns 0 on success and -1 on failure to match the other string_buf functions. Added comment to _libssh2_check_length.
+  
+  Credit : Will Cosgrove
+
+Will Cosgrove (19 Apr 2019)
+- [doublex brought this change]
+
+  mbedtls.c : _libssh2_mbedtls_rsa_new_private_frommemory() allow private-key from memory (#359)
+  
+  File : mbedtls.c
+  
+  Notes: _libssh2_mbedtls_rsa_new_private_frommemory() fixes private-key from memory reading to by adding NULL terminator before parsing; adds passphrase support.
+  
+  Credit: doublex
+
+- [Ryan Kelley brought this change]
+
+  Session.c : banner_receive() from leaking when accessing non ssh ports (#356)
+  
+  File : session.c
+  
+  Release previous banner in banner_receive() if the session is reused after a failed connection.
+  
+  Credit : Ryan Kelley
+
+GitHub (11 Apr 2019)
+- [Will Cosgrove brought this change]
+
+  Formatting in agent.c
+  
+  Removed whitespace.
+
+- [Will Cosgrove brought this change]
+
+  Fixed formatting in agent.c
+  
+  Quiet linter around a couple if blocks and pointer.
+
+Will Cosgrove (11 Apr 2019)
+- [Zhen-Huan HWANG brought this change]
+
+  sftp.c : discard and reset oversized packet in sftp_packet_read() (#269)
+  
+  file : sftp.c
+  
+  notes : when sftp_packet_read() encounters an sftp packet which exceeds SFTP max packet size it now resets the reading state so it can continue reading.
+  
+  credit : Zhen-Huan HWANG
+
+GitHub (11 Apr 2019)
+- [Will Cosgrove brought this change]
+
+  Add agent functions libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() (#308)
+  
+  File : agent.c
+  
+  Notes :
+  Libssh2 uses the SSH_AUTH_SOCK env variable to read the system agent location. However, when using a custom agent path you have to set this value using setenv which is not thread-safe. The new functions allow for a way to set a custom agent socket path in a thread safe manor.
+
+- [Will Cosgrove brought this change]
+
+  Simplified _libssh2_check_length (#350)
+  
+  * Simplified _libssh2_check_length
+  
+  misc.c : _libssh2_check_length()
+  
+  Removed cast and improved bounds checking and format.
+  
+  Credit : Yuriy M. Kaminskiy
+
+- [Will Cosgrove brought this change]
+
+  _libssh2_check_length() : additional bounds check (#348)
+  
+  Misc.c : _libssh2_check_length()
+  
+  Ensure the requested length is less than the total length before doing the additional bounds check
 
 Daniel Stenberg (25 Mar 2019)
-- RELEASE-NOTES: version 1.8.2
+- misc: remove 'offset' from string_buf
+  
+  It isn't necessary.
+  
+  Closes #343
+
+- sftp: repair mtime from e1ead35e475
+  
+  A regression from e1ead35e4759 broke the SFTP mtime logic in
+  sftp_bin2attr
+  
+  Also simplified the _libssh2_get_u32/u64 functions slightly.
+  
+  Closes #342
+
+- session_disconnect: don't zero state, just clear the right bit
+  
+  If we clear the entire field, the freeing of data in session_free() is
+  skipped. Instead just clear the bit that risk making the code get stuck
+  in the transport functions.
+  
+  Regression from 4d66f6762ca3fc45d9.
+  
+  Reported-by: dimmaq on github
+  Fixes #338
+  Closes #340
+
+- libssh2_sftp.h: restore broken ABI
+  
+  Commit 41fbd44 changed variable sizes/types in a public struct which
+  broke the ABI, which breaks applications!
+  
+  This reverts that change.
+  
+  Closes #339
+
+- style: make includes and examples code style strict
+  
+  make travis and the makefile rule verify them too
+  
+  Closes #334
 
+GitHub (21 Mar 2019)
+- [Daniel Stenberg brought this change]
+
+  create a github issue template
+
+Daniel Stenberg (21 Mar 2019)
+- stale-bot: activated
+  
+  The stale bot will automatically mark stale issues (inactive for 90
+  days) and if still untouched after 21 more days, close them.
+  
+  See https://probot.github.io/apps/stale/
+
+- libssh2_session_supported_algs.3: fix formatting mistakes
+  
+  Reported-by: Max Horn
+  Fixes #57
+
+- [Zenju brought this change]
+
+  libssh2.h: Fix Error C2371 'ssize_t': redefinition
+  
+  Closes #331
+
+- travis: add code style check
+  
+  Closes #324
+
+- code style: unify code style
+  
+  Indent-level: 4
+  Max columns: 79
+  No spaces after if/for/while
+  Unified brace positions
+  Unified white spaces
+
+- src/checksrc.pl: code style checker
+  
+  imported as-is from curl
+
+Will Cosgrove (19 Mar 2019)
+- Merge branch 'MichaelBuckley-michaelbuckley-security-fixes'
+
+- Silence unused var warnings (#329)
+  
+  Silence warnings about unused variables in this test
+
+- Removed unneeded > 0 check
+  
+  When checking `userauth_kybd_num_prompts > 100` we don't care if it's also above zero.
+
+- [Matthew D. Fuller brought this change]
+
+  Spell OpenSS_H_ right when talking about their specific private key (#321)
+  
+  Good catch, thanks.
+
+GitHub (19 Mar 2019)
 - [Will Cosgrove brought this change]
 
-  moved MAX size declarations #330
+  Silence unused var warnings (#329)
+  
+  Silence warnings about unused variables in this test
 
+Michael Buckley (19 Mar 2019)
+- Fix more scope and printf warning errors
+
+- Silence unused variable warning
+
+GitHub (19 Mar 2019)
 - [Will Cosgrove brought this change]
 
-  Fixed misapplied patch (#327)
+  Removed unneeded > 0 check
   
-  Fixes for user auth
+  When checking `userauth_kybd_num_prompts > 100` we don't care if it's also above zero.
 
-Version 1.8.1 (14 Mar 2019)
+Will Cosgrove (19 Mar 2019)
+- [Matthew D. Fuller brought this change]
 
-Will Cosgrove (14 Mar 2019)
+  Spell OpenSS_H_ right when talking about their specific private key (#321)
+  
+  Good catch, thanks.
+
+Michael Buckley (18 Mar 2019)
+- Fix errors identified by the build process
+
+- Fix casting errors after merge
+
+GitHub (18 Mar 2019)
 - [Michael Buckley brought this change]
 
-  More 1.8.0 security fixes (#316)
+  Merge branch 'master' into michaelbuckley-security-fixes
+
+Michael Buckley (18 Mar 2019)
+- Move fallback SIZE_MAX and UINT_MAX to libssh2_priv.h
+
+- Fix type and logic issues with _libssh2_get_u64
+
+Daniel Stenberg (17 Mar 2019)
+- examples: fix various compiler warnings
+
+- lib: fix various compiler warnings
+
+- session: ignore pedantic warnings for funcpointer <=> void *
+
+- travis: add a build using configure
   
-  * Defend against possible integer overflows in comp_method_zlib_decomp.
+  Closes #320
+
+- configure: provide --enable-werror
+
+- appveyor: remove old builds that mostly cause failures
   
-  * Defend against writing beyond the end of the payload in _libssh2_transport_read().
+  ... and only run on master branch.
   
-  * Sanitize padding_length - _libssh2_transport_read(). https://libssh2.org/CVE-2019-3861.html
+  Closes #323
+
+- cmake: add two missing man pages to get installed too
   
-  This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.
+  Both libssh2_session_handshake.3 and
+  libssh2_userauth_publickey_frommemory.3 were installed by the configure
+  build already.
+  
+  Reported-by: Arfrever on github
+  Fixes #278
+
+- include/libssh2.h: warning: "_WIN64" is not defined, evaluates to 0
+  
+  We don't use #if for defines that might not be defined.
+
+- pem: //-comments are not allowed
+
+Will Cosgrove (14 Mar 2019)
+- [Daniel Stenberg brought this change]
+
+  userauth: fix "Function call argument is an uninitialized value" (#318)
+  
+  Detected by scan-build.
+
+- fixed unsigned/signed issue
+
+Daniel Stenberg (15 Mar 2019)
+- session_disconnect: clear state
   
-  * Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. https://libssh2.org/CVE-2019-3858.html
+  If authentication is started but not completed before the application
+  gives up and instead wants to shut down the session, the '->state' field
+  might still be set and thus effectively dead-lock session_disconnect.
   
-  * Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.
+  This happens because both _libssh2_transport_send() and
+  _libssh2_transport_read() refuse to do anything as long as state is set
+  without the LIBSSH2_STATE_KEX_ACTIVE bit.
   
-  * Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. https://libssh2.org/CVE-2019-3860.html
+  Reported in curl bug https://github.com/curl/curl/issues/3650
   
-  * Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). https://libssh2.org/CVE-2019-3862.html
+  Closes #310
+
+Will Cosgrove (14 Mar 2019)
+- Release notes from 1.8.1
+
+Michael Buckley (14 Mar 2019)
+- Use string_buf in sftp_init().
+
+- Guard against out-of-bounds reads in publickey.c
+
+- Guard against out-of-bounds reads in session.c
+
+- Guard against out-of-bounds reads in userauth.c
+
+- Use LIBSSH2_ERROR_BUFFER_TOO_SMALL instead of LIBSSH2_ERROR_OUT_OF_BOUNDARY in sftp.c
+
+- Additional bounds checking in sftp.c
+
+- Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). https://libssh2.org/CVE-2019-3862.html
+
+- Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. https://libssh2.org/CVE-2019-3860.html
+
+- Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.
+
+- Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. https://libssh2.org/CVE-2019-3858.html
+
+- Sanitize padding_length - _libssh2_transport_read(). https://libssh2.org/CVE-2019-3861.html
+  
+  This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.
+
+- Defend against writing beyond the end of the payload in _libssh2_transport_read().
+
+- Defend against possible integer overflows in comp_method_zlib_decomp.
 
 GitHub (14 Mar 2019)
 - [Will Cosgrove brought this change]
 
-  1.8 Security fixes (#314)
+  Security fixes (#315)
+  
+  * Bounds checks
+  
+  Fixes for CVEs
+  https://www.libssh2.org/CVE-2019-3863.html
+  https://www.libssh2.org/CVE-2019-3856.html
+  
+  * Packet length bounds check
+  
+  CVE
+  https://www.libssh2.org/CVE-2019-3855.html
+  
+  * Response length check
+  
+  CVE
+  https://www.libssh2.org/CVE-2019-3859.html
+  
+  * Bounds check
+  
+  CVE
+  https://www.libssh2.org/CVE-2019-3857.html
+  
+  * Bounds checking
+  
+  CVE
+  https://www.libssh2.org/CVE-2019-3859.html
+  
+  and additional data validation
+  
+  * Check bounds before reading into buffers
+  
+  * Bounds checking
+  
+  CVE
+  https://www.libssh2.org/CVE-2019-3859.html
+  
+  * declare SIZE_MAX and UINT_MAX if needed
+
+- [Will Cosgrove brought this change]
+
+  fixed type warnings (#309)
+
+- [Will Cosgrove brought this change]
+
+  Bumping version number for pending 1.8.1 release
+
+Will Cosgrove (4 Mar 2019)
+- [Daniel Stenberg brought this change]
+
+  _libssh2_string_buf_free: use correct free (#304)
+  
+  Use LIBSSH2_FREE() here, not free(). We allow memory function
+  replacements so free() is rarely the right choice...
+
+GitHub (26 Feb 2019)
+- [Will Cosgrove brought this change]
+
+  Fix for building against libreSSL #302
+  
+  Changed to use the check we use elsewhere.
+
+- [Will Cosgrove brought this change]
+
+  Fix for when building against LibreSSL #302
+
+Will Cosgrove (25 Feb 2019)
+- [gartens brought this change]
+
+  docs: update libssh2_hostkey_hash.3 [ci skip] (#301)
+
+GitHub (21 Feb 2019)
+- [Will Cosgrove brought this change]
+
+  fix malloc/free mismatches #296 (#297)
+
+- [Will Cosgrove brought this change]
+
+  Replaced malloc with calloc #295
+
+- [Will Cosgrove brought this change]
+
+  Abstracted OpenSSL calls out of hostkey.c (#294)
+
+- [Will Cosgrove brought this change]
+
+  Fix memory dealloc impedance mis-match #292 (#293)
+  
+  When using ed25519 host keys and a custom memory allocator.
+
+- [Will Cosgrove brought this change]
+
+  Added call to OpenSSL_add_all_digests() #288
+  
+  For OpenSSL 1.0.x we need to call OpenSSL_add_all_digests().
+
+Will Cosgrove (12 Feb 2019)
+- [Zhen-Huan HWANG brought this change]
+
+  SFTP: increase maximum packet size to 256K (#268)
+  
+  to match implementations like OpenSSH.
+
+- [Zenju brought this change]
+
+  Fix https://github.com/libssh2/libssh2/pull/271 (#284)
+
+GitHub (16 Jan 2019)
+- [Will Cosgrove brought this change]
+
+  Agent NULL check in shutdown #281
+
+Will Cosgrove (15 Jan 2019)
+- [Adrian Moran brought this change]
+
+  mbedtls: Fix leak of 12 bytes by each key exchange. (#280)
+  
+  Correctly free ducts by calling _libssh2_mbedtls_bignum_free() in dtor.
+
+- [alex-weaver brought this change]
+
+  Fix error compiling on Win32 with STDCALL=ON (#275)
+
+GitHub (8 Nov 2018)
+- [Will Cosgrove brought this change]
+
+  Allow default permissions to be used in sftp_mkdir (#271)
+  
+  Added constant LIBSSH2_SFTP_DEFAULT_MODE to use the server default permissions when making a new directory
+
+Will Cosgrove (13 Sep 2018)
+- [Giulio Benetti brought this change]
+
+  openssl: fix dereferencing ambiguity potentially causing build failure (#267)
+  
+  When dereferencing from *aes_ctr_cipher, being a pointer itself,
+  ambiguity can occur; fixed possible build errors.
+
+Viktor Szakats (12 Sep 2018)
+- win32/GNUmakefile: define HAVE_WINDOWS_H
+  
+  This macro was only used in test/example code before, now it is
+  also used in library code, but only defined automatically by
+  automake/cmake, so let's do the same for the standalone win32
+  make file.
+  
+  It'd be probably better to just rely on the built-in _WIN32 macro
+  to detect the presence of windows.h though. It's already used
+  in most of libssh2 library code. There is a 3rd, similar macro
+  named LIBSSH2_WIN32, which might also be replaced with _WIN32.
+  
+  Ref: https://github.com/libssh2/libssh2/commit/8b870ad771cbd9cd29edbb3dbb0878e950f868ab
+  Closes https://github.com/libssh2/libssh2/pull/266
+
+Marc Hoersken (2 Sep 2018)
+- Fix conditional check for HAVE_DECL_SECUREZEROMEMORY
+  
+  "Unlike the other `AC_CHECK_*S' macros, when a symbol is not declared,
+  HAVE_DECL_symbol is defined to `0' instead of leaving HAVE_DECL_symbol
+  undeclared. When you are sure that the check was performed,
+  use HAVE_DECL_symbol in #if."
+  
+  Source: autoconf documentation for AC_CHECK_DECLS.
+
+- Fix implicit declaration of function 'SecureZeroMemory'
+  
+  Include window.h in order to use SecureZeroMemory on Windows.
+
+- Fix implicit declaration of function 'free' by including stdlib.h
+
+GitHub (27 Aug 2018)
+- [Will Cosgrove brought this change]
+
+  Use malloc abstraction function in pem parse
+  
+  Fix warning on WinCNG build.
+
+- [Will Cosgrove brought this change]
+
+  Fixed possible junk memory read in sftp_stat #258
+
+- [Will Cosgrove brought this change]
+
+  removed INT64_C define (#260)
+  
+  No longer used.
+
+- [Will Cosgrove brought this change]
+
+  Added conditional around engine.h include
+
+Will Cosgrove (6 Aug 2018)
+- [Alex Crichton brought this change]
+
+  Fix OpenSSL link error with `no-engine` support (#259)
+  
+  This commit fixes linking against an OpenSSL library that was compiled with
+  `no-engine` support by bypassing the initialization routines as they won't be
+  available anyway.
+
+GitHub (2 Aug 2018)
+- [Will Cosgrove brought this change]
+
+  ED25519 Key Support #39 (#248)
+  
+  OpenSSH Key and ED25519 support #39
+  Added _libssh2_explicit_zero() to explicitly zero sensitive data in memory #120
+  
+  * ED25519 Key file support - Requires OpenSSL 1.1.1 or later
+  * OpenSSH Key format reading support - Supports RSA/DSA/ECDSA/ED25519 types
+  * New string buffer reading functions - These add build-in bounds checking and convenance methods. Used for OpenSSL PEM file reading.
+  * Added new tests for OpenSSH formatted Keys
+
+- [Will Cosgrove brought this change]
+
+  ECDSA key types are now explicit (#251)
+  
+  * ECDSA key types are now explicit
+  
+  Issue was brough up in pull request #248
+
+Will Cosgrove (2 May 2018)
+- [Jakob Egger brought this change]
+
+  Add Instructions for building from Master (#249)
+
+GitHub (27 Apr 2018)
+- [Will Cosgrove brought this change]
+
+  Initialize sb_intl #226
+
+Will Cosgrove (19 Apr 2018)
+- [doublex brought this change]
+
+  buffer overflow (valgrind) (#159)
+
+- [Brendan Shanks brought this change]
+
+  mbedTLS: Remove some C99-style intermingled variable declarations (#196)
+
+GitHub (18 Apr 2018)
+- [Will Cosgrove brought this change]
+
+  fix for #160
+
+Will Cosgrove (18 Apr 2018)
+- [doublex brought this change]
+
+  fix memory leak when using mbedtls backend (#158)
+  
+   _libssh2_bn_init_from_bin/_libssh2_bn_free would leak bignum from mbedtls_calloc().
+
+- [Brendan Shanks brought this change]
+
+  mbedTLS: Avoid multiple definition errors for context handles (#197)
+
+- [Tseng Jun brought this change]
+
+  Fix the EVP cipher meth memory leakage problem (#244)
+  
+  * Fix the EVP cipher meth memory leakage problem
+  
+  Looks good, thanks for the fixes.
+
+Marc Hörsken (31 Mar 2018)
+- [Will Cosgrove brought this change]
+
+  Added ECDSA defines for WinCNG (#245)
+  
+  Fixed missing defines preventing building using WinCNG
+
+GitHub (30 Mar 2018)
+- [Will Cosgrove brought this change]
+
+  Fix for _libssh2_rsa_new with OpenSSL 1.0.x
+  
+  missing d value assignment.
+
+Will Cosgrove (20 Mar 2018)
+- [Etienne Samson brought this change]
+
+  A collection of small fixes (#198)
+  
+  * tests: Remove if-pyramids
+  
+  * tests: Switch run_command arguments
+  
+  * tests: Make run_command a vararg function
+  
+  * tests: Xcode doesn't obey CMake's test working directory
+  
+  * openssl: move manual AES-CTR cipher into crypto init
+  
+  * cmake: Move our include dir before all other include paths
+
+GitHub (15 Mar 2018)
+- [Will Cosgrove brought this change]
+
+  Fixes incorrect indexing of KEX prefs string
+  
+  After stripping out an invalid KEX pref entry, it would incorrectly advance again leaving invalid values in the list.
+
+Viktor Szakats (13 Mar 2018)
+- tests: fix checksrc warnings
+  
+  Also:
+  * add 'static' qualifier to file-wide const buffers
+  * fix a non-ANSI C89 comment
+  * silence a mismatched fprintf() mask warning by adding a cast
+
+- cmake: recognize OpenSSL 1.1 .dll names
+  
+  Also fix some comment typos and a stray tab.
+
+- docs: update an URL [ci skip]
+
+Daniel Stenberg (12 Mar 2018)
+- docs/SECURITY: the max embargo is 14 days now
+
+Viktor Szakats (12 Mar 2018)
+- docs: spelling fixes [ci skip]
+  
+  Closes https://github.com/libssh2/libssh2/pull/222
+
+GitHub (12 Mar 2018)
+- [Will Cosgrove brought this change]
+
+  Fixed minor tabs/spacing issues
+
+- [Will Cosgrove brought this change]
+
+  Update kex.c
+
+- [Will Cosgrove brought this change]
+
+  Added basic bounds checking #206
+  
+  Basic bounds checking in ecdh_sha2_nistp()
+
+- [Will Cosgrove brought this change]
+
+  Fixed Clang warning #206
+  
+  Fixed possible garbage value for secret in an error case
+
+- [Will Cosgrove brought this change]
+
+  Fixed incorrect #if to #ifdef #206
+  
+  When checking HAVE_OPAQUE_STRUCTS.
+
+Viktor Szakats (12 Mar 2018)
+- src: suppress two checksrc warnings
+  
+  Ref: https://github.com/libssh2/libssh2/pull/235
+
+- src: address fopen() warnings, add missing copyright headers
+  
+  Ref: https://github.com/libssh2/libssh2/pull/235
+
+- src: replace sprintf() with snprintf()
+  
+  Ref: https://github.com/libssh2/libssh2/pull/235
+
+- src: fix checksrc warnings
+  
+  Use checksrc.pl from the curl project, with (for now)
+  suppressed long line warnings and indentation set to
+  4 spaces. Fixes are whitespace for the most part.
+  
+  Warning count went down from 2704 to 12.
+  
+  Also fix codespell typos, two non-ANSI C89 comments
+  and a stray tab in include/libssh2.h.
+  
+  Ref: https://github.com/libssh2/libssh2/pull/235
+
+- checksrc: add source style checker
+  
+  This is a slightly extended version of this original source
+  from the curl project:
+  https://github.com/curl/curl/blob/8b754c430b9a4c51aa606c687ee5014faf7c7b06/lib/checksrc.pl
+  
+  This version adds the following options to customize it for
+  libssh2 (plus some whitespace formatting):
+  
+  `-i<n>`  to override indentation spaces (2)
+  `-m<n>`  to override maximum line length (79)
+  
+  Command-line used to check libssh2 sources:
+  
+  $ ./checksrc.pl -i4 -m500 *.c *.h
+  
+  Closes https://github.com/libssh2/libssh2/pull/236
+
+- src: add static qualifier
+  
+  To private, const strings.
+  
+  Closes https://github.com/libssh2/libssh2/pull/237
+
+- [Will Cosgrove brought this change]
+
+  Add support for ECDSA keys and host keys (#41)
   
-  * fixed possible integer overflow in packet_length
+  This commit lands full ECDSA key support when using the OpenSSL
+  backend. Which includes:
   
-  CVE https://www.libssh2.org/CVE-2019-3861.html
+  New KEX methods:
+  ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
   
-  * fixed possible interger overflow with userauth_keyboard_interactive
+  Can now read OpenSSL formatted ECDSA key files.
   
-  CVE https://www.libssh2.org/CVE-2019-3856.html
+  Now supports known host keys of type ecdsa-sha2-nistp256.
   
-  * fixed possible out zero byte/incorrect bounds allocation
+  New curve types:
+  NID_X9_62_prime256v1, NID_secp384r1, NID_secp521r1
   
-  CVE https://www.libssh2.org/CVE-2019-3857.html
+  Default host key preferred ordering is now nistp256, nistp384,
+  nistp521, rsa, dss.
   
-  * bounds checks for response packets
+  Ref: https://github.com/libssh2/libssh2/issues/41
   
-  * fixed integer overflow in userauth_keyboard_interactive
+  Closes https://github.com/libssh2/libssh2/pull/206
+
+GitHub (15 Dec 2017)
+- [Will Cosgrove brought this change]
+
+  Fixed possible crash when decoding invalid data
+  
+  When trying to decode invalid data, it frees the buffer but doesn't nil it so the caller gets a junk memory pointer which they could potentially double free.
+
+- [Will Cosgrove brought this change]
+
+  Remove call to OpenSSL_add_all_ciphers()
+  
+  Now lives in libssh2 init() from PR #189
+
+- [Will Cosgrove brought this change]
+
+  Fixed incorrect reference to decrypted block
+  
+  Fixed incorrectly copied memory from p->buf into init instead of from the decrypted buffer block. The only reason this worked was because the crypt() function decrypts the value in-place and overwrites p->buf.  I'm working on a fork that no longer does this and exposed this bug.
+
+Will Cosgrove (20 Oct 2017)
+- [Pan brought this change]
+
+  Fix typo in crypt.c (#218)
+
+Kamil Dudka (17 Oct 2017)
+- session: avoid printing misleading debug messages
+  
+  ... while throwing LIBSSH2_ERROR_EAGAIN out of session_startup()
+  
+  If the session runs in blocking mode, LIBSSH2_ERROR_EAGAIN never reaches
+  the libssh2 API boundary and, in non-blocking mode, these messages are
+  suppressed by the condition in _libssh2_error_flags() anyway.
+  
+  Closes #211
+
+Viktor Szakats (15 Oct 2017)
+- win32/GNUmakefile: allow customizing dll suffixes
+  
+  - New `LIBSSH2_DLL_SUFFIX` envvar will add a suffix to the generated
+    libssh2 dll name. Useful to add `-x64` to 64-bit builds so that
+    it can live in the same directory as the 32-bit one. By default
+    this is empty.
+  
+  - New `LIBSSH2_DLL_A_SUFFIX` envvar to customize the suffix of the
+    generated import library (implib) for libssh2 .dll. It defaults
+    to `dll`, and it's useful to modify that to `.dll` to have the
+    standard naming scheme for mingw-built .dlls, i.e. `libssh2.dll.a`.
+  
+  Ref: https://github.com/curl/curl/commit/aaa16f80256abc1463fd9374815130a165222257
+  
+  Closes https://github.com/libssh2/libssh2/pull/215
+
+- makefile.m32: allow to override gcc, ar and ranlib
+  
+  Allow to ovverride certain build tools, making it possible to
+  use LLVM/Clang to build libssh2. The default behavior is unchanged.
+  To build with clang (as offered by MSYS2), these settings can
+  be used:
+  
+  LIBSSH2_CC=clang
+  LIBSSH2_AR=llvm-ar
+  LIBSSH2_RANLIB=llvm-ranlib
+  
+  Also adjust ranlib parameters to be compatible with LLVM/Clang's
+  ranlib tool.
+  
+  Closes https://github.com/libssh2/libssh2/pull/214
+
+GitHub (27 Sep 2017)
+- [Will Cosgrove brought this change]
+
+  Fixes out of bounds memory access (#210)
+  
+  If an invalid PEM file is read and the lines are longer than 128 characters it will go out of bounds and crash on line 91.
+
+Will Cosgrove (11 Sep 2017)
+- [Kamil Dudka brought this change]
+
+  scp: do not NUL-terminate the command for remote exec (#208)
+  
+  It breaks SCP download/upload from/to certain server implementations.
+  
+  The bug does not manifest with OpenSSH, which silently drops the NUL
+  byte (eventually with any garbage that follows the NUL byte) before
+  executing it.
+  
+  Bug: https://bugzilla.redhat.com/1489736
+
+GitHub (21 Aug 2017)
+- [Viktor Szakats brought this change]
+
+  openssl.c: remove no longer used variable (#204)
+  
+  after e378d2e30a40bd9bcee06dc3a4250f269098e200
+
+- [Will Cosgrove brought this change]
+
+  Fix for #188 (#189)
   
-  CVE https://www.libssh2.org/CVE-2019-3863.html
+  * Update openssl.c
   
-  * 1.8.1 release notes
+  * Create openssl.h
+
+Will Cosgrove (24 May 2017)
+- [Marcel Raad brought this change]
+
+  openssl: fix build with OpenSSL 1.1 API (#176)
+  
+  When building with OPENSSL_API_COMPAT=0x10100000L, OpenSSL_add_all_algorithms
+  and OpenSSL_add_all_ciphers don't exist. The corresponding functionality is
+  handled automatically with OpenSSL 1.1.
+
+- [Sune Bredahl brought this change]
+
+  Add support for SHA256 hostkey fingerprints (#180)
+  
+  Looks good, thanks!
+
+GitHub (12 May 2017)
+- [Will Cosgrove brought this change]
+
+  Fix memory leak of crypt_ctx->h using openSSL 1.1+ (#177)
+  
+  Need to use EVP_CIPHER_CTX_free instead of EVP_CIPHER_CTX_reset.
+
+Marc Hoersken (2 Mar 2017)
+- tests/openssh_server/authorized_keys: add key_rsa_encrypted.pub
+
+- tests: add simple test for passphrase-protected PEM file support
+
+- os400qc3: enable passphrase-protected PEM file support using pem.c
+
+- pem: fix indentation and replace assert after 386e012292
+
+- [Keno Fischer brought this change]
+
+  pem: add passphrase-protected PEM file support for libgcrypt and wincng
+  
+  Since they use our own PEM parser which did not support encrypted
+  PEM files, trying to use such files on these backends failed.
+  Fix that by augmenting the PEM parser to support encrypted PEM files.
+
+- [Thomas brought this change]
+
+  misc: use time constant implementation for AES CTR increment
+
+- [Thomas brought this change]
+
+  wincng: add AES CTR mode support (aes128-ctr, aes192-ctr, aes256-ctr)
+
+- [Thomas brought this change]
+
+  openssl: move shared AES-CTR code into misc
+
+Daniel Stenberg (20 Dec 2016)
+- [Alex Crichton brought this change]
+
+  kex: acknowledge error code from libssh2_dh_key_pair()
+  
+  Fixes a segfault using ssh-agent on Windows
+  
+  This commit fixes a segfault seen dereferencing a null pointer on
+  Windows when using ssh-agent. The problem ended up being that errors
+  weren't being communicated all the way through, causing null pointers to
+  be used when functions should have bailed out sooner.
+  
+  The `_libssh2_dh_key_pair` function for WinCNG was modified to propagate
+  errors, and then the two callsites in kex.c of
+  `diffie_hellman_sha{1,256}` were updated to recognize this error and
+  bail out.
+  
+  Fixes #162
+  Closes #163
+
+Alexander Lamaison (27 Nov 2016)
+- [monnerat brought this change]
+
+  Implement Diffie-Hellman computations in crypto backends. (#149)
+  
+  Not all backends feature the low level API needed to compute a Diffie-Hellman
+  secret, but some of them directly implement Diffie-Hellman support with opaque
+  private data. The later approach is now generalized and backends are
+  responsible for all Diffie Hellman computations.
+  As a side effect, procedures/macros _libssh2_bn_rand and _libssh2_bn_mod_exp
+  are no longer needed outside the backends.
+
+Peter Stuge (16 Nov 2016)
+- acinclude.m4: The mbedtls crypto backend actually requires libmbedcrypto
+  
+  Examples can't be linked with libmbedtls but need libmbedcrypto, and
+  any users of libssh2 which use libtool and libssh2.la would encounter
+  the same problem.
+  
+  This changes the mbedtls detection to search for libmbedcrypto, which
+  is the actual dependency for the backend.
+
+- acinclude.m4: Add CPPFLAGS=-I$prefix-dir/include in LIBSSH2_LIB_HAVE_LINKFLAGS
+  
+  This is absolutely neccessary for header files to be found when
+  AC_LIB_HAVE_LINKFLAGS searches for libraries.
+
+- acinclude.m4: Make saved variables in LIBSSH2_LIB_HAVE_LINKFLAGS uniform
+
+- docs/HACKING.CRYPTO: Improve documentation for autoconf build system
+
+Alexander Lamaison (16 Nov 2016)
+- [Alex Arslan brought this change]
+
+  Check for netinet/in.h in the tests cmake file (#148)
+
+- [Patrick Monnerat brought this change]
+
+  Define new Diffie-Hellman context for mbedTLS
+
+- [monnerat brought this change]
+
+  Make libssh2 work again on os400. (#118)
+  
+  * os400: minimum supported OS version is now V6R1.
+  Do not log compiler informational messages.
+  
+  * Implement crypto backend specific Diffie-Hellman computation.
+  
+  This feature is now needed on os400 because the QC3 library does not
+  implement bn_mod_exp() natively. Up to now, this function was emulated using
+  an RSA encryption, but commits ca5222ea819cc5ed797860070b4c6c1aeeb28420 and
+  7934c9ce2a029c43e3642a492d3b9e494d1542be (CVE-2016-0787) broke the emulation
+  because QC3 only supports RSA exponents up to 512 bits.
+  
+  Happily, QC3 supports a native API for Diffie-Hellman computation, with
+  opaque random value: this commit implements the use of this API and, as a
+  side effect, enables support of this feature for any other crypto backend that
+  would use it.
+  
+  A "generic" Diffie-Hellman computation internal API supports crypto backends
+  not implementing their own: this generic API uses the same functions as before.
+  
+  * Fix typos in docs/HACKING.CRYPTO.
+
+- [Peter Stuge brought this change]
+
+  acinclude.m4: Fixup OpenSSL EVP_aes_128_ctr() detection
+
+- [Peter Stuge brought this change]
+
+  configure.ac: Add --with-crypto= instead of many different --with-$backend
+  
+  The new --with-crypto option replaces the previous backend-specific
+  --with-{openssl,libgcrypt,mbedtls,wincng} options and fixes some issues.
+  
+  * libgcrypt or mbedtls would previously be used whenever found, even
+    if configure was passed --without-libgcrypt or --without-mbedtls.
+  
+  * If --with-$backend was specified then configure would not fail even
+    if that library could not be found, and would instead use whichever
+    crypto library was found first.
+  
+  The new option defaults to `auto`, which makes configure check for all
+  supported crypto libraries in turn, choosing the first one found, or
+  exiting with an error if none can be found.
+
+- [Tony Kelman brought this change]
+
+  Build mbedtls from source on Travis (#133)
+  
+  * Revert "Revert "travis: Test mbedtls too""
+  
+  This reverts commit c4c60eac5ca756333034b07dd9e0b97741493ed3.
+  
+  * travis: Build mbedtls from source on Travis
+  
+  Use TOOLCHAIN_OPTION when calling cmake on mbedtls
+  
+  * tests: only run DSA tests for non-mbedtls
+  
+  crypto backends
+
+- [Peter Stuge brought this change]
+
+  configure.ac src/Makefile.am: Remove dead AM_CONDITIONAL(OS400QC3)
+  
+  According to os400/README400 this backend can not be built
+  with configure+make, and the conditional is hard coded to false.
+
+- [Peter Stuge brought this change]
+
+  configure.ac: Add -DNDEBUG to CPPFLAGS in non-debug builds
+  
+  There are a few uses of assert() in channel.c, sftp.c and transport.c.
+
+- [Peter Stuge brought this change]
+
+  src/global.c: Fix conditional AES-CTR support
+  
+  Most of libssh2 already has conditional support for AES-CTR according to
+  the LIBSSH2_AES_CTR crypto backend #define, but global.c needed fixing.
+
+- [Peter Stuge brought this change]
+
+  src/crypto.h src/userauth.c: Fix conditional RSA support
+  
+  Most of libssh2 already has conditional support for RSA according to
+  the LIBSSH2_RSA crypto backend #define, but crypto.h and userauth.c
+  needed a few small fixes.
+
+- [Peter Stuge brought this change]
+
+  src/kex.c: Cast libssh2_sha{1,256}_update data arguments properly
+  
+  The update functions take a const unsigned char * but were called
+  with (const) char * in some places, causing unneccessary warnings.
+
+- [Peter Stuge brought this change]
+
+  docs/HACKING.CRYPTO: Fix two type typos
+
+- [Sergei Trofimovich brought this change]
+
+  acinclude.m4: fix ./configure --with-libgcrypt
+  
+  The change fixes passing of bogus gcrypt prefix.
+  Reproducible as:
+  
+      $ ./configure --with-libgcrypt
+      $ make V=1
+      ...
+      /bin/sh ../libtool  --tag=CC   --mode=link gcc  -g -O2 -Iyes/include -version-info 1:1:0 -no-undefined -export-symbols-regex '^libssh2_.*' -lgcrypt  -lz -Lyes/lib -o libssh2.la -rpath /usr/local/lib channel.lo comp.lo crypt.lo hostkey.lo kex.lo mac.lo misc.lo packet.lo publickey.lo scp.lo session.lo sftp.lo userauth.lo transport.lo version.lo knownhost.lo agent.lo libgcrypt.lo pem.lo keepalive.lo global.lo   -lgcrypt
+      ../libtool: line 7475: cd: yes/lib: No such file or directory
+      libtool:   error: cannot determine absolute directory name of 'yes/lib'
+  
+  These
+      -Iyes/include
+      -Lyes/lib
+  come from libgcrypt code autodetection:
+    if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
+       LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
+       CFLAGS="$CFLAGS -I$use_libgcrypt/include"
+  
+  I assume it's a typo to use yes/no flag as a prefix and changed
+  it to '$with_libgcrypt_prefix'.
+  
+  Reported-by: Mikhail Pukhlikov <cynede@gentoo.org>
+  Signed-off-by: Sergei Trofimovich <siarheit@google.com>
+
+- [Zenju brought this change]
+
+  libssh2_sftp_init hang: last error not set
+  
+  The problem is that the original if statement simply returns NULL, but does not set the session last error code. The consequence is that libssh2_sftp_init() also returns NULL and libssh2_session_last_errno(sshSession) == LIBSSH2_ERROR_NONE.
+  
+  In my test the LIBSSH2_ERROR_EAGAIN is coming from sftp.c row 337:
+              if(4 != sftp->partial_size_len)
+                  /* we got a short read for the length part */
+                  return LIBSSH2_ERROR_EAGAIN;
+  
+  with "partial_size_len == 0". Not sure if this is expected.
+
+- [Aidan Hobson Sayers brought this change]
+
+  docs: correctly describe channel_wait_eof
+  
+  channel_wait_eof waits for channel->remote.eof, which is set on
+  receiving a `SSH_MSG_CHANNEL_EOF` message. This message is sent
+  when a party has no more data to send on a channel.
+
+- [Zenju brought this change]
+
+  Fix MSVC 14 compilation warning (#92)
+  
+  1>  sftp.c
+  1>libssh2-files\src\sftp.c(3393): warning C4456: declaration of 'retcode' hides previous local declaration
+  1>  libssh2-files\src\sftp.c(3315): note: see declaration of 'retcode'
+
+- [Salvador Fandino brought this change]
+
+  LIBSSH2_ERROR_CHANNEL_WINDOW_FULL: add new error code
+  
+  In order to signal that the requested operation can not succeed
+  because the receiving window had been exhausted, the error code
+  LIBSSH2_ERROR_BUFFER_TOO_SMALL has been reused but I have found
+  that in certain context it may be ambigous.
+  
+  This patch introduces a new error code,
+  LIBSSH2_ERROR_CHANNEL_WINDOW_FULL, exclusive to signal that condition.
+
+- [Salvador Fandino brought this change]
+
+  channel_wait_eof: handle receive window exhaustion
+  
+  Until now, in blocking mode, if the remote receiving window is
+  exhausted this function hangs forever as data is not read and the
+  remote side just keeps waiting for the window to grow before sending
+  more data.
+  
+  This patch, makes this function check for that condition and abort
+  with an error when it happens.
+
+- [Salvador Fandino brought this change]
+
+  channel_wait_closed: don't fail when unread data is queued
+  
+  This function was calling channel_wait_eof to ensure that the EOF
+  packet has already been received, but that function also checks that
+  the read data queue is empty before reporting the EOF. That caused
+  channel_wait_closed to fail with a LIBSSH2_ERROR_INVAL when some data
+  was queued even after a successful call to libssh2_channel_wait_eof.
+  
+  This patch changes libssh2_channel_wait_closed to look directly into
+  channel->remote.eof so that both libssh2_channel_wait_eof and
+  libssh2_channel_wait_closed bahave consistently.
+
+- [Salvador Fandino brought this change]
+
+  channel_wait_eof: fix debug message
+
+Daniel Stenberg (25 Oct 2016)
+- libssh2.h: start working on 1.8.1
 
 Version 1.8.0 (25 Oct 2016)
 
@@ -4746,793 +5939,3 @@ Daniel Stenberg (24 Apr 2010)
 - libssh2_knownhost_check: Value stored to 'keylen' is never read
 
 - hostkey: fix compiler warning
-
-- remove unused variable
-
-- data types: convert more to use size_t and uint32_t
-
-- channel: variable type cleanups
-
-- cleanups: better binary packet gen, size_t fixes and PACKET_* removal
-  
-  I'll introduce a new internal function set named
-  
-   _libssh2_store_u32
-   _libssh2_store_u64
-   _libssh2_store_str
-  
-  That can be used all through the library to build binary outgoing
-  packets.  Using these instead of the current approach removes
-  hundreds of lines from the library while at the same time greatly
-  enhances readability. I've not yet fully converted everything to
-  use these functions.
-  
-  I've converted LOTS of 'unsigned long' to 'size_t' where
-  data/string lengths are dealt with internally. This is The Right
-  Thing and it will help us make the transition to our
-  size_t-polished API later on as well.
-  
-  I'm removing the PACKET_* error codes. They were originally
-  introduced as a set of separate error codes from the transport
-  layer, but having its own set of errors turned out to be very
-  awkward and they were then converted into a set of #defines that
-  simply maps them to the global libssh2 error codes instead. Now,
-  I'l take the next logical step and simply replace the PACKET_*
-  defines with the actual LIBSSH2_ERROR_* defines. It will increase
-  readability and decrease confusion.
-  
-  I also separated packet stuff into its own packet.h header file.
-
-- clarified the return code
-
-- rename libssh2_error to the correct _libssh2_error
-  
-  We reserve ^libssh2_ for public symbols and we use _libssh2 as
-  prefix for internal ones. I fixed the intendation of all these
-  edits with emacs afterwards, which then changed it slightly more
-  than just _libssh2_error() expressions but I didn't see any
-  obvious problems.
-
-- data type cleanup: made lots of code use size_t etc
-  
-  A lot of code used 'unsigned long' and the likes when it should
-  rather just use plain 'int' or use size_t for data lengths.
-
-- wait_socket: make c89 compliant and use two fd_sets for select()
-
-- sftp_readdir: always zero terminate, detail the return code
-  
-  I also added a description for the 'longentry' field which was
-  previously undocumented!
-
-- sftp_readdir: simplified and bugfixed
-  
-  This function no longer has any special purpose code for the
-  single entry case, as it was pointless.
-  
-  The previous code would overflow the buffers with an off-by-one
-  in case the file name or longentry data fields received from the
-  server were exactly as long as the buffer provided to
-  libssh2_sftp_readdir_ex.
-  
-  We now make sure that libssh2_sftp_readdir_ex() ALWAYS zero
-  terminate the buffers it fills in.
-  
-  The function no longer calls the libssh2_* function again, but
-  properly uses the internal sftp_* instead.
-
-- channel/transport: we now drain the outgoing send buffer when we ignore EAGAIN
-  
-  When we ignore the EAGAIN from the transport layer within channel_write, we
-  now drain the outgoing transport layer buffer so that remainders in that
-  won't cause any problems in the next invoke of _libssh2_transport_write()
-
-- channel_write: if data has been sent, don't return EAGAIN
-  
-  When sending data in a loop, we must not return EAGAIN if we
-  managed to send data in an earlier round. This was reported in
-  bug #126 => http://libssh2.stuge.se/ticket/126
-
-Simon Josefsson (14 Apr 2010)
-- Fix OpenSSL AES-128-CTR detection.
-  
-  Patch from Paul Howarth <paul@city-fan.org>.
-
-Daniel Stenberg (13 Apr 2010)
-- version in header file now says 1.2.6-DEV
-
-- 1.2.6: clean the RELEASE-NOTES for next release round
-
-- NEWS: add the stuff from the version 1.2.5 RELEASE-NOTES
-
-Version 1.2.5 (13 Apr 2010)
-
-Daniel Stenberg (13 Apr 2010)
-- channel_close: no longer wait for the SSH_MSG_CHANNEL_CLOSE message
-  
-  As the packet may simply not arrive we cannot have the close
-  function wait for it unconditionally.
-
-- less code duplication in the poll vs select code flows
-  
-  libssh2_keepalive_send and libssh2_session_block_directions are
-  now used outside of the #ifdef blocks.
-
-- make it C90 compliant
-
-- updated with all changes and bugs since 1.2.4
-
-- Added LIBSSH2_SFTP_S_IS***() macros and updated docs
-  
-  libssh2_sftp_fstat_ex.3 is now extended quite a lot to describe a
-  lot of the struct and the bits it uses and how to test for them.
-
-- sftp_init() deal with _libssh2_channel_write() returns short
-  
-  When _libssh2_channel_write() is asked to send off 9 bytes, the
-  code needs to deal with the situation where less than 9 bytes
-  were sent off and prepare to send the remaining piece at a later
-  time.
-
-- handle a NULL password as if it was ""
-  
-  libssh2_userauth_publickey_fromfile_ex() takes a "passphrase"
-  but didn't deal with it being set to NULL.
-
-- Reduce used window sizes by factor 10
-  
-  As reported in bug report #166 http://libssh2.stuge.se/ticket/166
-  by 'ptjm', the maximum window size must be less crazy for libssh2
-  to do better with more server implementations. I did not do any
-  testing to see how this changes raw SCP performance, but the
-  maximum window size is still almost 4MB. This also has the upside
-  that libssh2 will use less memory.
-
-Peter Stuge (28 Mar 2010)
-- Correctly clear blocking flag after sending multipart packet
-  
-  commit 7317edab61d2179febc38a2c2c4da0b951d74cbc cleared the outbound
-  blocking bit when send_existing() returned PACKET_NONE and *ret=0, as
-  opposed to before even calling send_existing(), but because *ret=1 when
-  sending parts 2..n of an existing packet, the bit would only be cleared
-  when calling libssh2_transport_write() for a new packet.
-  
-  Clear the direction flag after the final part of a packet has been sent.
-
-Daniel Stenberg (24 Mar 2010)
-- Added man page for libssh2_knownhost_addc()
-  
-  Added mention in libssh2_knownhost_add() docs that
-  libssh2_knownhost_addc() is the preferred function now.
-
-- at next soname bump remove libssh2_knownhost_add()
-
-- ignore TAGS ("make tags" makes them)
-
-- fix memory leak
-  
-  we must not assign the pointer a NULL since it keeps allocated
-  data and at least parts of an error string
-
-- fixed the pattern for avoiding the poll check
-  
-  added some comments about known problems with poll on darwin
-
-- avoid checking for poll on some systems
-  
-  darwin and interix are known to have broken poll implementations
-  so we skip the check on those and thus have them use select
-  unconditionally
-
-- ignore libssh2.dsp
-
-Simon Josefsson (23 Mar 2010)
-- Fix logic in "on-the-fly" crypto init.
-
-- Make sure keepalive is working even when poll is used.
-
-- [Paul Querna brought this change]
-
-  Use poll when available on blocking API.
-  
-  Signed-off-by: Simon Josefsson <simon@josefsson.org>
-
-Peter Stuge (20 Mar 2010)
-- Fix speling
-
-Daniel Stenberg (19 Mar 2010)
-- fix NULL dereference when window adjusting a non-existing channel
-  
-  Suyog Jadhav pointed out that when receiving a window adjust to
-  a channel not found, the code would reference a NULL pointer.
-  Now it will instead output a message about that fact.
-
-Simon Josefsson (19 Mar 2010)
-- Fix build problem.
-
-- Eat our own dog food, call libssh2_init and libssh2_exit in the examples.
-
-- Fix init/exit logic.  Add self-test of it.
-
-Daniel Stenberg (19 Mar 2010)
-- fix typo
-
-Simon Josefsson (19 Mar 2010)
-- Add man page for libssh2_init and libssh2_exit.  Fix libssh2_exit prototype.
-
-- Shorten constant a bit.  More documentation.
-
-- Fix namespace pollution.
-
-- Add global init/exit points, to do crypto initialization in one place.
-  
-  By Lars Nordin.
-
-Daniel Stenberg (14 Mar 2010)
-- libssh2 is released under the Modifed BSD license, not GPL
-
-Alexander Lamaison (14 Mar 2010)
-- Add libssh2_knownhost_addc to handle comments.
-  
-  Comments in known_hosts file were not handle properly.  They were parsed as
-  part of the key causing key matching to return a mismatch if the entry had a
-  comment.  This adds a new API function that takes an optional comment and
-  changes libssh2_knownhost_readline to parse the comment as pass it to the
-  new function.
-  
-  Fixes #164.
-
-- Fix gettimeofday to compile with Visual C++ 6.
-  
-  Reported by Steven Van Ingelgem.
-
-Simon Josefsson (10 Mar 2010)
-- Add.
-
-- keepalive.c: Fix libssh2_error usage.
-
-- Fix typo in last commit.
-
-- Tidy up build option notice.
-
-- Add entry about keep alive stuff.
-
-- Add keep-alive support.
-
-Alexander Lamaison (7 Mar 2010)
-- Untabify.
-
-- Fix memory leak in libssh2_knownhost_add.
-
-Daniel Stenberg (6 Mar 2010)
-- change 'int' to 'libssh2_socket_t' in the public API for sockets
-
-- reduce code duplication and return underlying error better
-
-- acknowledge when _libssh2_packet_requirev() returns error
-  
-  when _libssh2_packet_requirev() returns an error when waiting for
-  SSH_MSG_USERAUTH_SUCCESS or SSH_MSG_USERAUTH_FAILURE, it is an
-  error and it should be treated as such
-
-- wrap long lines
-
-- polished the phrasing in two error strings
-
-- silence picky compiler warnings
-
-- silence picky compiler warnings
-
-- removed libssh2_error()'s forth argument
-  
-  libssh2_error() no longer allocates a string and only accepts a const
-  error string. I also made a lot of functions use the construct of
-  return libssh2_error(...) instead of having one call to
-  libssh2_error() and then a separate return call. In several of those
-  cases I then also changed the former -1 return code to a more
-  detailed one - something that I think will not change behaviors
-  anywhere but it's worth keeping an eye open for any such.
-
-- repaired --enable-debug
-
-Simon Josefsson (1 Mar 2010)
-- Make ./configure output a summary of build options.
-
-Daniel Stenberg (1 Mar 2010)
-- let the err_msg in the session struct be const too
-
-Simon Josefsson (1 Mar 2010)
-- Revert #ifdef change that pulled in AES-CTR code when explicitly disabled.
-
-Daniel Stenberg (1 Mar 2010)
-- fix #ifdefs
-
-- make function match the new proto
-
-Simon Josefsson (1 Mar 2010)
-- Improve AES-CTR check.
-
-Daniel Stenberg (1 Mar 2010)
-- use const to silence a bazillion warnings
-
-Simon Josefsson (1 Mar 2010)
-- Use AES-CTR from OpenSSL when available.
-  
-  Reported by Lars Nordin <Lars.Nordin@SDlabs.se>.
-
-- Make it possible to disable DSA.
-  
-  Patch from Lars Nordin <Lars.Nordin@SDlabs.se>.
-
-Peter Stuge (1 Mar 2010)
-- Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE
-  
-  Sending SSH_MSG_CHANNEL_CLOSE without channel EOF is explicitly allowed
-  in RFC 4254, but some non-conforming servers will hang or time out when
-  the channel is closed before EOF.
-  
-  Other common clients send and receive EOF before closing, there are no
-  drawbacks, and some servers need it to work correctly.
-
-Alexander Lamaison (26 Feb 2010)
-- Style improvements to knownhost error handling.
-  
-  Made improvements as suggested by Peter Stuge: http://www.libssh2.org/mail/libssh2-devel-archive-2010-02/0161.shtml.
-
-- Call libssh2_error for every knownhost API failure.
-  
-  The libssh2 API calls should set the last error code and a message when
-  returning a failure by calling libssh2_error.  This changeset adds these
-  calls to the libssh2_knownhost_* API as well as libssh2_base64_decode.
-  
-  This change also makes libssh2_error into a function rather than a macro.
-  Its implementation is moved to misc.c.  This function returns the error
-  code passed to it allowing callers to return the error value directly
-  without duplicating the error code.
-
-- Fix LIBSSH2_ALLOC checks.
-  
-  These appear to be cut-and paste errors where the wrong variable is checked
-  for NULLness after calling LIBSSH2_ALLOC.
-
-Simon Josefsson (23 Feb 2010)
-- Silence compiler warning.
-
-- Make it portable; test uses = for string comparison (not ==).  Indent.
-
-Alexander Lamaison (22 Feb 2010)
-- libssh2_knownhost_del: fix write to freed memory.
-  
-  When removing a known host, libssh2_knownhost_del would remove the node from the linked list, free its memory and then overwrite the struct parameter (which indicated which node to remove) with 0.  However, this struct is actually allocated within the just-freed node meaning we're writing to freed memory.  This made Windows very upset.
-  
-  The fix is simply to overwrite the struct first before freeing the memory.
-
-Daniel Stenberg (21 Feb 2010)
-- show more verbose error when SCP send fails
-
-- libssh2_socket_t is done, a library-free function is needed
-
-- clarify that this frees all data associated with a session
-
-- improved error handling
-
-- add missing libssh2_error() calls
-  
-  To make sure the public API is functional and that the
-  BLOCK_ADJUST_ERRNO() macro works correctly we MUST make sure to
-  call libssh2_error() when we return errors.
-
-- fix memory leak in userauth_keyboard_interactive()
-  
-  Mr anonymous in bug #125 pointed out that the userauth_keyboard_interactive()
-  function does in fact assign the same pointer a second time to a new allocated
-  buffer without properly freeing the previous one, which caused a memory leak.
-
-- added missing error codes
-  
-  To allow the libssh2_session_last_error() function to work as
-  documented, userauth_password() now better makes sure to call
-  libssh2_error() everywhere before it returns error.
-  
-  Pointed out by mr anonymous in bug #128
-
-Peter Stuge (16 Feb 2010)
-- Fix resource and memory leaks in examples as reported by cppcheck
-  
-  Thanks to Ettl Martin for the report and patch. This fixes #132
-
-Daniel Stenberg (15 Feb 2010)
-- mention the new man pages for macros
-
-- added man pages for API macros
-  
-  all #defined macros in the public headers are considered to be part
-  of the API and I've generated individual man pages for each of them
-  to A) make it easier to figure out what each function/macro actually
-  is for so that automated lookups work better and for B) make sure we
-  have all public functions document (both macros and functions) to
-  make it easier for us to work away from all the macros in a future
-  release.
-
-- Committed the patch by Yoichi Iwaki in bug #2929647
-  
-  Committed the patch by Yoichi Iwaki in bug #2929647, which fixed a memory
-  leak when an 'outbuf' was still allocated when a session was freed.
-
-- free "outbuf" when killing a session
-  
-  Fix memoary leak: if there was an "output" still allocated when a
-  session was torn down it needs to be freed in session_free()
-  
-  Patch by Yoichi Iwaki in bug #2929647
-
-- the working version name is now 1.2.5_DEV
-
-Version 1.2.4 (13 Feb 2010)
-
-Daniel Stenberg (13 Feb 2010)
-- updated info for 1.2.4
-
-Dan Fandrich (10 Feb 2010)
-- Allow compiling with OpenSSL when AES isn't available.
-
-Peter Stuge (9 Feb 2010)
-- [Dave McCaldon brought this change]
-
-  Fix Tru64 socklen_t compile issue with example/direct_tcpip.c
-  
-  Building libssh2-1.2.3 on Tru64 fails at line 48 and 166 because socklen_t
-  isn't defined on Tru64 unless _POSIX_PII_SOCKET is defined.
-  
-  This patch updates configure.ac to add -D_POSIX_PII_SOCKET when building
-  on Tru64 platform(s).
-
-- [Dave McCaldon brought this change]
-
-  Resolve compile issues on Solaris x64 and UltraSPARC
-  
-  Solaris builds of libssh2-1.2.3 failed on both x64 and UltraSPARC
-  platforms because of two problems:
-  
-  1) src/agent.c:145 sun is a reserved word when using the SUNWspro compiler
-  2) example/direct_tcpip.c:84 INADDR_NONE is not defined
-
-Daniel Stenberg (3 Feb 2010)
-- towards 1.2.4 now
-
-Version 1.2.3 (3 Feb 2010)
-
-Daniel Stenberg (3 Feb 2010)
-- Version 1.2.3 (February 3, 2010)
-
-- fix building out of source tree by proving better include path
-  
-  when building out of source tree, we provide -I$(top_builddir)/example
-  since the libssh2_config.h gets generated in that dir
-
-Peter Stuge (1 Feb 2010)
-- [Sofian Brabez brought this change]
-
-  Replace : in hexdump with "  " (two spaces)
-
-- Detect when the forwarded connection is closed in example/direct_tcpip.c
-
-- Fix example/direct_tcpip.c to work also on WIN32
-  
-  read() and write() are no good for WIN32 sockets, use recv() and send().
-
-- Ignore libssh2_config.h.in and stamp-h2 in example/ and remove .cvsignore
-
-- Simplify WIN32 ifdefs in example/direct_tcpip.c to allow standalone compile
-
-- Always #define INVALID_SOCKET -1 in libssh2_priv.h when not on win32
-  
-  Fix broken builds since commit abd9bd0bbe631efeada1f54552c70b54e1c490c1
-  for all non-win32 platforms.
-
-- Include hmac-md5 and hmac-md5-96 only if crypto backend supports MD5
-
-- Use LIBSSH2_HOSTKEY_HASH_SHA1 instead of _MD5 in examples and tests
-  
-  MD5 support is optional and may not always be available, while SHA1 is both
-  required and recommended.
-
-- Update mailing list address in configure.ac to @cool.haxx.se
-
-- Make example/direct_tcpip.c compile for win32
-  
-  One warning from FD_SET() remains, it is also in some other examples.
-
-- Correctly check for an invalid socket in session_startup()
-
-- Small documentation fix after Dave's _USERAUTH_FAILURE improvement
-
-- [Dave McCaldon brought this change]
-
-  Handle SSH_MSG_USERAUTH_FAILURE for password and kbd-int authentication
-  
-  Neither libssh2_userauth_password_ex() nor
-  libssh2_userauth_keyboard_interactive_ex() would return a login failure
-  error if the server responded with a SSH_MSG_USERAUTH_FAILURE, instead
-  you would see whatever previous error had occurred, typically
-  LIBSSH2_ERROR_EAGAIN.
-  
-  This patch changes error code -18 to LIBSSH2_ERROR_AUTHENTICATION_FAILED
-  and makes LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED an alias for
-  LIBSSH2_ERROR_AUTHENTICATION_FAILED.  In addition, new logic in
-  userauth_password() properly handles SSH_MSG_USERAUTH_FAILURE and both
-  this function and userauth_keyboard_interactive() now properly return
-  LIBSSH2_ERROR_AUTHENTICATION_FAILED.
-
-Simon Josefsson (28 Jan 2010)
-- Fix.
-
-- Also deal with GLOBAL_REQUEST keep-alives.
-
-- Make OpenSSH-style keepalive work against libssh2 clients.
-
-Daniel Stenberg (27 Jan 2010)
-- clarified
-
-Peter Stuge (26 Jan 2010)
-- [Dave McCaldon brought this change]
-
-  Fix trace context lookup in libssh2_debug()
-  
-  The trace context is actually a bitmask so that tracing output can be
-  controlled by setting a bitmask using libssh2_trace().  However, the logic
-  in libssh2_debug() that converted the context to a string was using the
-  context value as an array index.  Because the code used a bounds check on
-  the array, there was never a danger of a crash, but you would certainly
-  either get the wrong string, or "unknown".
-  
-  This patch adds a lookup that iterates over the context strings and uses
-  it's index to check for the corresponding bit in the context.
-
-- Fix typo in RELEASE-NOTES
-
-Daniel Stenberg (20 Jan 2010)
-- updated for 1.2.3 with all the stuff I found in the log
-
-- ignore more generated files
-
-- [Dave McCaldon brought this change]
-
-  Pass user context through libssh2_trace_sethandler() to callback
-  
-  The libssh2_trace_sethandler() call allows the user to handle the output of libssh2 rather than having it written to stderr.  This patch updates libssh2_trace_sethandler() to allow a user-defined void* context value to be passed back to the output handler.
-
-- [Dave McCaldon brought this change]
-
-  Add libssh2_trace_sethandler() to the API (even more)
-
-- [Dave McCaldon brought this change]
-
-  Add libssh2_trace_sethandler() to the API
-
-- cleanup includes
-  
-  We now produce a local libssh2_config.h file in this dir for the
-  examples to use so I cleaned up the include path at the same time.
-
-- generate a libssh2_config.h in the example dir
-  
-  buildconf copies the template to example/ and configure makes sure
-  to generate a proper file from it and the direct_tcpip.c example
-  is the first one to use it - to make sure it builds fine on more
-  paltforms
-
-Simon Josefsson (13 Jan 2010)
-- Remove redundant #includes and reorder sys/types.h include.
-
-Daniel Stenberg (10 Jan 2010)
-- avoid a free(NULL)
-
-Simon Josefsson (7 Jan 2010)
-- Make it simpler to get more debug info.
-
-Daiki Ueno (1 Jan 2010)
-- Simplify the commit 63457dfa using type cast from size_t * to ulong *.
-
-Alexander Lamaison (30 Dec 2009)
-- Fixed memory leak in userauth_publickey().
-  
-  userauth_publickey_fromfile() reads the key from a
-  file using file_read_publickey() which returns two
-  allocated strings, the decoded key and the key
-  method (such as "ssh-dss").  The latter can be
-  derived from the former but returning both avoids a
-  later allocation while doing so.
-  
-  Older versions of userauth_publickey_fromfile() used
-  this method string directly but when
-  userauth_publickey() was factored out of
-  userauth_publickey_fromfile() it derived the method
-  from the key itself.  This resulted in the method
-  being allocated twice.
-  
-  This fix, which maintains the optimisation that
-  avoids an extra allocation, changes
-  userauth_publickey() so it doesn't allocate and
-  derive the method when userauth_pblc_method already
-  has a value.
-  
-  Signed-off-by: Alexander Lamaison <awl03@doc.ic.ac.uk>
-
-Daiki Ueno (25 Dec 2009)
-- Fix the return value description of libssh2_knownhost_free().
-
-- Fix compiler warnings for size_t pointers on 32-bit Windows.
-
-- Define INVALID_SOCKET and use it instead of SOCKET_BAD.
-  
-  Revert the part of previous commit that defines SOCKET_BAD library wide.
-
-- Use libssh2_socket_t in the ssh-agent stuff.
-  Define a portability macro SOCKET_BAD which means "invalid socket".
-
-- Mark/unmark connection to Pageant is open/close.
-
-- Add test to check if the socket is connected.
-
-Peter Stuge (24 Dec 2009)
-- Add libssh2.pc to top-level .gitignore
-
-- Fix publickey authentication regression
-  
-  Commit 70b199f47659a74b8778c528beccf893843e5ecb introduced a parsing
-  bug in file_read_publickey() which made the algorithm name contain an
-  extra trailing space character, breaking all publickey authentication.
-
-- Add a direct-tcpip example which shows local port forwarding
-
-- Add session parameter and LIBSSH2_TRACE_SOCKET to libssh2_trace(3) man page
-
-- Add TODO: Expose error messages sent by the server
-
-Daiki Ueno (23 Dec 2009)
-- Fix doc comments.
-
-- Add man pages for ssh-agent API.
-
-- Don't request userauthlist after authentication.
-
-Simon Josefsson (21 Dec 2009)
-- Add.
-
-- [Daiki Ueno brought this change]
-
-  Add an example to use ssh-agent API.
-  
-  Signed-off-by: Simon Josefsson <simon@josefsson.org>
-
-- [Daiki Ueno brought this change]
-
-  Add ssh-agent API.
-  
-  Signed-off-by: Simon Josefsson <simon@josefsson.org>
-
-- [Daiki Ueno brought this change]
-
-  Add callback-based API for publickey auth.
-  
-  Signed-off-by: Simon Josefsson <simon@josefsson.org>
-
-- Move examples from example/simple to example/.
-
-- Move examples from example/simple to example/.
-
-Daniel Stenberg (17 Dec 2009)
-- _libssh2_list_insert() fixed to work
-  
-  While this is code not currently in use, it is part of the generic linked
-  list code and since I found the error I thought I'd better fix it since we
-  might bring in this function into the code one day.
-
-Simon Josefsson (16 Dec 2009)
-- Silence compiler warnings.
-  
-  Based on patch by Kamil Dudka <kdudka@redhat.com> in
-  <http://www.mail-archive.com/libssh2-devel@cool.haxx.se/msg00796.html>.
-
-- [Kamil Dudka brought this change]
-
-  libgcrypt: simplify code of _libssh2_dsa_sha1_sign
-  
-  Signed-off-by: Simon Josefsson <simon@josefsson.org>
-
-- [Kamil Dudka brought this change]
-
-  libgcrypt: follow-up for ssh-dss padding fix
-  
-  Signed-off-by: Simon Josefsson <simon@josefsson.org>
-
-Dan Fandrich (15 Dec 2009)
-- Check for the right environment variable in the test app
-
-Simon Josefsson (14 Dec 2009)
-- Silence warning about unused function parameter.
-  
-  Reported by Steven Van Ingelgem <steven@vaningelgem.be>.
-
-Daniel Stenberg (10 Dec 2009)
-- avoid returning data to memory already freed
-  
-  In case of failure we must make sure that the data we return
-  doesn't point to a memory area already freed. Reported anonymously
-  in the bug report #2910103.
-
-Peter Stuge (8 Dec 2009)
-- Use LIBSSH2_TRACE_* internally and remove redundant LIBSSH2_DBG_*
-
-- Add LIBSSH2_TRACE_SOCKET context for tracing send() and recv()
-  
-  Helpful in debugging the -39 errors.
-
-- Another transport layer fix for bogus -39 (LIBSSH2_ERROR_BAD_USE) errors
-  
-  Commit 683aa0f6b52fb1014873c961709102b5006372fc made send_existing() send
-  more than just the second part of a packet when the kernel did not accept
-  the full packet, but the function still overlooked the SSH protocol
-  overhead in each packet, often 48 bytes.
-  
-  If only the last few bytes of a packet remained, then the packet would
-  erroneously be considered completely sent, and the next call to write
-  more data in the session would return a -39 error.
-
-Daniel Stenberg (6 Dec 2009)
-- move local variable to be more localized
-
-- fixed some indent mistakes
-
-Peter Stuge (6 Dec 2009)
-- Fix padding in ssh-dss signature blob encoding
-  
-  DSA signatures consist of two 160-bit integers called r and s. In ssh-dss
-  signature blobs r and s are stored directly after each other in binary
-  representation, making up a 320-bit (40 byte) string. (See RFC4253 p14.)
-  
-  The crypto wrappers in libssh2 would either pack r and s incorrectly, or
-  fail, when at least one integer was small enough to be stored in 19 bytes
-  or less.
-  
-  The patch ensures that r and s are always stored as two 160 bit numbers.
-
-- Don't always clear write direction blocking flag
-  
-  When libssh2_transport_write() is called to continue sending a
-  partially sent packet the write direction flag must not be cleared
-  until the previous packet has been completely sent, or the app would
-  hang if the packet still isn't sent completely, since select() gets
-  called by the internal blocking emulation layer in libssh2 but would
-  then not be watching the socket for writability.
-  
-  Clear the flag only once processing of previous packet data is
-  complete and a new packet is about to be prepared.
-
-Alexander Lamaison (24 Nov 2009)
-- Detabify.
-
-- [Daniel Stenberg brought this change]
-
-  Fixed memory leak in sftp_fstat().
-
-Simon Josefsson (17 Nov 2009)
-- Mark date of 1.2.2 release.
-
-- Merge branch 'master' of ssh://git.stuge.se/var/lib/git/libssh2
-
-Version 1.2.2 (16 Nov 2009)
-
-Daniel Stenberg (16 Nov 2009)
-- prepared for 1.2.2
-
-Simon Josefsson (16 Nov 2009)
-- Improve NEWS items.
-
-- Support AES-Counter ciphers.
-
-- Silence compiler warning.
-  
-  Reported by Steven Van Ingelgem <steven@vaningelgem.be>
-  in <http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2566>.