libssh2: update to 1.11

1 files changed, 214 insertions, 39 deletions

diff --git a/libs/libssh2/docs/RELEASE-NOTES b/libs/libssh2/docs/RELEASE-NOTES
index 98cb8033b6..c5f478d89d 100644
--- a/libs/libssh2/docs/RELEASE-NOTES
+++ b/libs/libssh2/docs/RELEASE-NOTES
@@ -1,44 +1,219 @@
-libssh2 1.9.0
+libssh2 1.11.1_DEV
+
+Deprecation notices:
+
+- Starting June 2024, the following algos go deprecated and will be
+  disabled in default builds (with an option to enable them):
+
+  - DSA: `ssh-dss` hostkeys.
+      You can disable it now with `-DLIBSSH2_NO_DSA`.
+      Disabled by default in OpenSSH 7.0 (2015-08-11).
+  - MD5-based MACs and hashes: `hmac-md5`, `hmac-md5-96`,
+    `LIBSSH2_HOSTKEY_HASH_MD5`
+      You can disable it now with `-DLIBSSH2_NO_MD5`.
+      Disabled by default since OpenSSH 7.2 (2016-02-29).
+  - 3DES cipher: `3des-cbc`
+      You can disable it now with `-DLIBSSH2_NO_3DES`.
+      Disabled by default since OpenSSH 7.4 (2016-12-19).
+  - RIPEMD-160 MACs: `hmac-ripemd160`, `hmac-ripemd160@openssh.com`
+      You can disable it now with `-DLIBSSH2_NO_HMAC_RIPEMD`.
+      Removed in OpenSSH 7.6 (2017-10-03).
+  - Blowfish cipher: `blowfish-cbc`
+      You can disable it now with `-DLIBSSH2_NO_BLOWFISH`.
+      Removed in OpenSSH 7.6 (2017-10-03).
+  - RC4 ciphers: `arcfour`, `arcfour128`
+      You can disable it now with `-DLIBSSH2_NO_RC4`.
+      Removed in OpenSSH 7.6 (2017-10-03).
+  - CAST cipher: `cast128-cbc`
+      You can disable it now with `-DLIBSSH2_NO_CAST`.
+      Removed in OpenSSH 7.6 (2017-10-03).
+
+- Starting January 2025, above options will be deleted from the
+  libssh2 codebase.
+
+  - Default builds will also disable support for old-style, MD5-based
+    encrypted private keys.
+    You can disable it now with `-DLIBSSH2_NO_MD5_PEM`.
 
 This release includes the following enhancements and bugfixes:
- 
- o adds ECDSA keys and host key support when using OpenSSL
- o adds ED25519 key and host key support when using OpenSSL 1.1.1
- o adds OpenSSH style key file reading
- o adds AES CTR mode support when using WinCNG
- o adds PEM passphrase protected file support for Libgcrypt and WinCNG
- o adds SHA256 hostkey fingerprint
- o adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
- o adds explicit zeroing of sensitive data in memory
- o adds additional bounds checks to network buffer reads
- o adds the ability to use the server default permissions when creating sftp directories
- o adds support for building with OpenSSL no engine flag
- o adds support for building with LibreSSL
- o increased sftp packet size to 256k
- o fixed oversized packet handling in sftp
- o fixed building with OpenSSL 1.1
- o fixed a possible crash if sftp stat gets an unexpected response
- o fixed incorrect parsing of the KEX preference string value
- o fixed conditional RSA and AES-CTR support
- o fixed a small memory leak during the key exchange process
- o fixed a possible memory leak of the ssh banner string
- o fixed various small memory leaks in the backends
- o fixed possible out of bounds read when parsing public keys from the server
- o fixed possible out of bounds read when parsing invalid PEM files
- o no longer null terminates the scp remote exec command
- o now handle errors when diffie hellman key pair generation fails
- o fixed compiling on Windows with the flag STDCALL=ON
- o improved building instructions
- o improved unit tests
- 
+
+- autotools: delete `--disable-tests` option, fix CI tests (e051ae34 #1271 revert: 7483edfa)
+- autotools: show the default for `hidden-symbols` option (a3f5594a #1269)
+- autotools: enable `-Wunused-macros` with gcc (ecdf5199 #1262 #1227 #1224)
+- autotools: fix dotless gcc and Apple clang version detections (89ccc83c #1232 #1187)
+- autotools: show more clang/gcc version details (fb580161 #1230)
+- autotools: avoid warnings in libtool stub code (96682bd5 #1227 #1224)
+- autotools: sync warning enabler code with curl (5996fefe #1223)
+- autotools: rename variable (ce5f208a #1222)
+- autotools: picky warning options tidy-up (cdca8cff #1221)
+- autotools: fix selecting WinCNG in cross-builds (and more) (00a3b88c #1187 #1186)
+- autotools: use comma separator in `Requires.private` of `libssh2.pc` (7f83de14 #1124)
+- autotools: improve libz position (c89174a7 #1077 #1075 #1013 regr: 4f0f4bff)
+- autotools: skip tests requiring static lib if `--disable-static` (572c57c9 #1072 #1056 regr: 83853f8a)
+- build: enable `-pedantic-errors` (3ec53f3e #1286)
+- build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute (f8c45794 #1287)
+- build: add `LIBSSH2_NO_DEPRECATED` option (b1414503 #1267 #1266 #1260 #1259)
+- build: enable missing OpenSSF-recommended warnings, with fixes (afa6b865 #1257)
+- build: enable more compiler warnings and fix them (7ecc309c #1224)
+- build: picky warning updates (328a96b3 #1219)
+- build: revert: respect autotools `DLL_EXPORT` in `libssh2.h` (481be044 #1141 revert: fb1195cf)
+- build: stop requiring libssl from openssl (c84745e3 #1128)
+- build: tidy-up `libssh2.pc.in` variable names (5720dd9f #1125)
+- build: add/fix `Requires.private` packages in `libssh2.pc` (ef538069 #1123)
+- checksrc: sync with curl (8cd473c9 #1272)
+- checksrc: fix spelling in comment (a95d401f)
+- checksrc: modernise perl file open (3d309f9b)
+- checksrc: switch to dot file (d67a91aa #1052)
+- ci: add FreeBSD 14 job, fix issues (46333adf #1277)
+- ci: add OmniOS job, fix issues (5e0ec991)
+- ci: show compiler in cross/cygwin job names (c9124088)
+- ci: add OpenBSD (v7.4) job + fix build error in example (0c9a8e35 #1250)
+- ci: add NetBSD (v9.3) job (65c7a7a5)
+- ci: update and speed up FreeBSD job (eee4e805)
+- ci: use absolute path in `CMAKE_INSTALL_PREFIX` (74948816 #1247)
+- ci: boost mbedTLS build speed (236e79a1 #1245)
+- ci: add BoringSSL job (cmake, gcc, amd64) (c9dd3566 #1233)
+- ci: fixup FreeBSD version, bump mbedTLS (fea6664e #1217)
+- ci: add FreeBSD 13.2 job (a7d2a573 #1215)
+- ci: mbedTLS 3.5.0 (5e190442 #1202)
+- ci: update actions, use shallow clones with appveyor (d468a33f #1199)
+- ci: replace `mv` + `chmod` with `install` in `Dockerfile` (5754fed6 #1175)
+- ci: set file mode early in `appveyor_docker.yml` (633db55f)
+- ci: add spellcheck (codespell) (a79218d3)
+- ci: add MSYS builds (autotools and cmake) (d43b8d9b #1162)
+- ci: add Cygwin builds (autotools and cmake) (f1e96e73 #1161)
+- ci: add mingw-w64 UWP build (1215aa5f #1155 #1147)
+- ci: add missing timeout to 'autotools distcheck' step (6265ffdb)
+- ci: add non-static autotools i386 build, ignore GHA updates on AppVeyor (c6e137f7 #1074 #1072)
+- ci: prefer `=` operator in shell snippets (e5c03043 #1073)
+- ci: drop redundant/unused vars, sync var names (ab8e95bc #1059)
+- ci: add i386 Linux build (with mbedTLS) (abdf40c7 #1057 #1053)
+- ci/appveyor: re-enable parallel mode (e190e5b2 #1294)
+- ci/appveyor: delete UWP job broken since Visual Studio upgrade (d0a7f1da #1275)
+- ci/appveyor: YAML/PowerShell formatting, shorten variable name (06fd721f #1200)
+- ci/appveyor: move to pure PowerShell (8a081fd9 #1197)
+- ci/GHA: review/fixup auto-cancel settings (b08cfbc9 #1292)
+- ci/GHA: restore curly braces in `if` (36748270 #1145)
+- ci/GHA: simplify `if` strings (cab3db58 #1140)
+- cmake: rename picky warnings script (64d6789f #1225)
+- cmake: fix multiple include of libssh2 package (932d6a32 #1216)
+- cmake: show crypto backend in feature summary (20387285 #1211)
+- cmake: simplify showing CMake version (fc00bdd7 #1203)
+- cmake: cleanup mbedTLS version detection more (4c241d5c #1196 #1192)
+- cmake: delete duplicate `include()` (30eef0a6)
+- cmake: improve/fix mbedTLS detection (41594675 #1192 #1191)
+- cmake: tidy-up `foreach()` syntax (4a64ca14 #1180)
+- cmake: verify `libssh2_VERSION` in integration tests (a20572e9)
+- cmake: show cmake versions in ci (87f5769b)
+- cmake: quote more strings (e9c7d3af #1173)
+- cmake: add `ExternalProject` integration test (aeaefaf6 #1171)
+- cmake: add integration tests (8715c3d5 #1170)
+- cmake: (re-)add aliases for `add_subdirectory()` builds (4ff64ae3 #1169)
+- cmake: style tidy-up (3fa5282d #1166)
+- cmake: add `LIB_NAME` variable (5453fc80 #1159)
+- cmake: tidy-up concatenation in `CMAKE_MODULE_PATH` (ae7d5108 #1157)
+- cmake: replace `libssh2` literals with `PROJECT_NAME` variable (72fd2595 #1152)
+- cmake: fix `STREQUAL` check in error branch (42d3bf13 #1151)
+- cmake: cache more config values on Windows (11a03690 #1142)
+- cmake: streamline invocation (f58f77b5 #1138)
+- cmake: merge `set_target_properties()` calls (a9091007 #1132)
+- cmake: (re-)add zlib to `Libs.private` in `libssh2.pc` (64643018 #1131)
+- cmake: use `wolfssl/options.h` for detection, like autotools (c5ec6c49 #1130)
+- cmake: add openssl libs to `Libs.private` in `libssh2.pc` (5cfa59d3 #1127)
+- cmake: bump minimum CMake version to v3.7.0 (9cd18f45 #1126)
+- cmake: CMAKE_SOURCE_DIR -> PROJECT_SOURCE_DIR (0f396aa9 #1121)
+- cmake: tidy-ups (2fc36790 #1122)
+- cmake: re-add `Libssh2:libssh2` for compatibility + lowercase namespace (2da13c13 #1104 #1103)
+- configure.ac: remove AB_INIT (f4f52ccc)
+- copyright: remove years from copyright headers (187d89bb #1082)
+- docs: replace SHA1 with SHA256 in CMake example (766bde9f)
+- drop `www.` from `www.libssh2.org` (6e3e8839 #1172)
+- example: use `libssh2_socket_t` in X11 example (3f60ccb7)
+- example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (8d69e63d #1258 follow: 6c84a426)
+- example: fix regression in `ssh2_exec.c` (279a2e57 #1106 #1105 regr: b13936bd)
+- example, tests: call `WSACleanup()` for each `WSAStartup()` (94b6bad3 #1283)
+- example, tests: fix/silence `-Wformat-truncation=2` gcc warnings (744e059f)
+- hostkey: do not advertise ssh-rsa when SHA1 is disabled (82d1b8ff #1093 #1092)
+- libssh2.h: add deprecated function warnings (9839ebe5 #1289 #1260)
+- libssh2.h: add portable `LIBSSH2_SOCKET_CLOSE()` macro (28dbf016 #1278)
+- libssh2.h: use `_WIN32` for Windows detection instead of rolling our own (631e7734 #1238)
+- libssh2.pc: re-add & extend support for static-only libssh2 builds (624abe27 #1119 #1114)
+- libssh2.pc: don't put `@LIBS@` in pc file (1209c16d)
+- mac: handle low-level errors (f64885b6 #1297)
+- Makefile.am: fix `cp` to preserve attributes and timestamp (f64e6318)
+- Makefile.mk: delete Windows-focused raw GNU Make build (43485579 #1204)
+- man: fix double spaces and dash escaping (a3ffc422 #1210)
+- man: add description to `libssh2_session_get_blocking.3` (67e39091 #1185)
+- mbedtls: improve disabling `-Wredundant-decls` (ecec68a2 #1226 #1224)
+- mbedtls: include `version.h` for `MBEDTLS_VERSION_NUMBER` (9d7bc253 #1095 #1094)
+- mbedtls: use more `size_t` to sync up with `crypto.h` (1153ebde #1054 #1053)
+- md5: allow disabling old-style encrypted private keys at build-time (eb9f9de2 #1181)
+- mingw: fix printf mask for 64-bit integers (36c1e1d1 #1091 #1090)
+- misc: flatten `_libssh2_explicit_zero` if tree (74e74288 #1149)
+- NMakefile: delete (c515eed3 #1134 #1129)
+- openssl: fix cppcheck found NULL dereferences (f2945905 #1304)
+- openssl: delete internal `read_openssh_private_key_from_memory()` (34aff5ff #1306)
+- openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job (363dcbf4 #1243 #1235 #1207)
+- openssl: make a function static, add `#ifdef` comments (efee9133 #1246 follow: 03092292)
+- openssl: fix DSA code to use OpenSSL 3 API (82581941 #1244 #1207)
+- openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build (487152f4 #1236 #1235 #1207)
+- openssl: use non-deprecated APIs with OpenSSL 3.x (b0ab005f #1207)
+- openssl: silence `-Wunused-value` warnings (bf285500 #1205)
+- openssl: use automatic initialization with LibreSSL 2.7.0+ (d79047c9 #1146)
+- openssl: add missing check for `LIBRESSL_VERSION_NUMBER` before use (4a42f42e #1117 #1115)
+- os400: maintain up to date (8457c37a #1309)
+- packet: properly bounds check packet_authagent_open() (88a960a8 #1179)
+- pem: fix private keys encrypted with AES-GCM methods (e87bdefa #1133)
+- reuse: fix duplicate copyright warning (b9a4ed83)
+- reuse: comply with 3.1 spec and 2.0.0 checker (fe6239a1 #1102 #1101 #1098)
+- reuse: provide SPDX identifiers (f6aa31f4 #1084)
+- scp: fix missing cast for targets without large file support (c317e06f #1060 #1057 #1002 regr: 5db836b2)
+- session: add `libssh2_session_callback_set2()` (c0f69548 #1285)
+- session: handle EINTR from send/recv/poll/select to try again as the error is not fatal (798ed4a7 #1058)
+- src: check hash update/final success (4718ede4 #1303 #1301)
+- src: check hash init success (2ed9eb92 #1301)
+- src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack" (d34d9258 #1291 #1290)
+- src: disable `-Wsign-conversion` warnings, add option to re-enable (6e451669 #1284 #1257)
+- src: fix gcc 13 `-Wconversion` warning on Darwin (8cca7b77 #1209 follow: 08354e0a)
+- src: drop a redundant `#include` (1f0174d0 #1153)
+- src: improve MSVC C4701 warning fix (8b924999 #1086 #1083)
+- src: bump `hash_len` to `size_t` in `LIBSSH2_HOSTKEY_METHOD` (8b917d76 #1076)
+- src: bump DSA and ECDSA sign `hash_len` to `size_t` (7b8e0225 #1055)
+- stop using leading underscores in macro names (c6589b88 #1248)
+- tests: sync port number type with the rest of codebase (eb996af8)
+- tests: fall back to `$LOGNAME` for username (5326a5ce #1241 #1240)
+- tests: show cmake version used in integration tests (2cd2f40e #1201)
+- tests: formatting and tidy-ups (e61987a3)
+- tests: replace FIXME with comments (1a99a86a)
+- tests: add aes256-gcm encrypted key test (802336cf #1135 #1133)
+- tests: trap signals in scripts (b2916b28 #1098)
+- tests: cast to avoid `-Wchar-subscripts` with Cygwin (43df6a46 #1081 #1080)
+- test_read: make it run without Docker (57e9d18e #1139)
+- test_sshd.test: show sshd and test connect logs on harness failure (299c2040 #1097)
+- test_sshd.test: set a safe PID directory (e8cabdcf #1089)
+- test_sshd.test: minor cleanups (d29eea1d)
+- tidy-up: bump casts from int to long for large C99 types in printfs (2e5a8719 #1264 #1257)
+- tidy-up: `unsigned` -> `unsigned int` (b136c379)
+- tidy-up: around `stdint.h` (bfa00f1b #1212)
+- tidy-up: fix typo in `readme.vms` (a9a79e7a)
+- tidy-up: delete duplicate word from comment (76307435)
+- tidy-up: avoid exclamations, prefer single quotes, in outputs (003fb454 #1079)
+- TODO: disable or drop weak algos (0b4bdc85 #1261)
+- transport: fix incorrect byte offset in debug message (2388a3aa #1096)
+- userauth: add a new structure to separate memory read and file read (63b4c20e)
+- userauth: check whether `*key_method` is a NULL pointer instead of `key_method` (bec57c40)
+- wincng: prefer `ULONG`/`DWORD` over `unsigned long` (186c1d63 #1165)
+- wincng: tidy-ups (7bb669b5 #1164)
+- windows: use built-in `_WIN32` macro to detect Windows (6fbc9505 #1195)
+- wolfssl: enable debug logging in wolfSSL when compiled in (76e7a68a #1310)
+
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Peter Surge, Will Cosgrove, Daniel Stenberg, Alex Arslan, Alex Crichton, 
-  Thomas Bleeker, Keno Fischer, Marc Hörsken, Marcel Raad, Viktor Szakats,
-  Kamil Dudka, Panos, Etienne Samson, Tseng Jun, Brendan Shanks, doublex,
-  Erik B, Jakob Egger, Thomas Lochmatter, alex-weaver, Adrian Moran, Zenju,
-  gartens, Matthew D. Fuller, Ryan Kelley, Zhen-Huan HWANG, Orivej Desh, 
-  Alexander Curtiss
-  
-  (29 contributors)
+  Viktor Szakats, Michael Buckley, Ren Mingshuai, Daniel Stenberg,
+  Patrick Monnerat, Aaron Stone, Brian Inglis, concussious on GitHub,
+  Dan Fandrich, Haowei Hsu, Harmen Stoppels, Harry Mallon, Jack L, Jakob Egger,
+  João M. S. Silva, Joel Depooter, Juliusz Sosinowicz, Kai Pastor,
+  Kenneth Davidson, mike-jumper, monnerat, naddy, Nicolas Mora, Nursan Valeyev,
+  Paul Howarth, PewPewPew, Radek Brich, rahmanih on GitHub, Ryan Kelley,
+  Steve McIntyre, Will Cosgrove, Xi Ruoyao