The following packages have been upgraded in the Cygwin distribution:
* libssh2_1 1.9
* libssh2-devel 1.9
libssh2 is a library implementing the SSH2 protocol, supporting many features.
For more information see the project home page:
https://libssh2.org/
As there are many changes each release please see below or read
/usr/share/doc/libssh2/RELEASE-NOTES after installation for complete
details:
https://libssh2.org/changes.html
libssh2 1.9.0
This release includes the following enhancements and bugfixes:
* adds ECDSA keys and host key support when using OpenSSL
* adds ED25519 key and host key support when using OpenSSL 1.1.1
* adds OpenSSH style key file reading
* adds AES CTR mode support when using WinCNG
* adds PEM passphrase protected file support for Libgcrypt and WinCNG
* adds SHA256 hostkey fingerprint
* adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
* adds explicit zeroing of sensitive data in memory
* adds additional bounds checks to network buffer reads
* adds the ability to use the server default permissions when creating sftp
directories
* adds support for building with OpenSSL no engine flag
* adds support for building with LibreSSL
* increased sftp packet size to 256k
* fixed oversized packet handling in sftp
* fixed building with OpenSSL 1.1
* fixed a possible crash if sftp stat gets an unexpected response
* fixed incorrect parsing of the KEX preference string value
* fixed conditional RSA and AES-CTR support
* fixed a small memory leak during the key exchange process
* fixed a possible memory leak of the ssh banner string
* fixed various small memory leaks in the backends
* fixed possible out of bounds read when parsing public keys from the server
* fixed possible out of bounds read when parsing invalid PEM files
* no longer null terminates the scp remote exec command
* now handle errors when diffie hellman key pair generation fails
* fixed compiling on Windows with the flag STDCALL=ON
* improved building instructions
* improved unit tests
libssh2 1.8.2
This release includes the following bug fixes:
* Fixed the misapplied userauth patch that broke 1.8.1
* moved the MAX size declarations from the public header
libssh2 1.8.1
This release includes the following bug fixes:
* fixed possible integer overflow when reading a specially crafted packet
* fixed possible integer overflow in userauth_keyboard_interactive with a
number of extremely long prompt strings
* fixed possible integer overflow if the server sent an extremely large number
of keyboard prompts
* fixed possible out of bounds read when processing a specially crafted packet
* fixed possible integer overflow when receiving a specially crafted exit
signal message channel packet
* fixed possible out of bounds read when receiving a specially crafted exit
status message channel packet
* fixed possible zero byte allocation when reading a specially crafted SFTP
packet
* fixed possible out of bounds reads when processing specially crafted SFTP
packets
* fixed possible out of bounds reads in _libssh2_packet_require(v)
libssh2 1.8.0
This release includes the following changes:
* added a basic dockerised test suite
* crypto: add support for the mbedTLS backend
This release includes the following bugfixes:
* libgcrypt: fixed a NULL pointer dereference on OOM
* VMS: can't use %zd for off_t format
* VMS: update vms/libssh2_config.h
* windows: link with crypt32.lib
* libssh2_channel_open: speeling error fixed in channel error message
* msvc: fixed 14 compilation warnings
* tests: HAVE_NETINET_IN_H was not defined correctly
* openssl: add OpenSSL 1.1.0 compatibility
* cmake: Add CLEAR_MEMORY option, analogously to that for autoconf
* configure: make the --with-* options override the OpenSSL default
* libssh2_wait_socket: set err_msg on errors
* libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
