o Add APIs to have libssh2 automatically send keep-alive requests. The APIs are libssh2_keepalive_config, and libssh2_keepalive_send. By Simon Josefsson. o Add global init/exit points, to do crypto initialization in one place. The APIs are libssh2_init and libssh2_exit. By Lars Nordin. * (February 15 2010) Daniel Stenberg: - Added 46 new man pages for public convenience macros. The man pages are just short redirects to the actual underlying function. The were all initially created by a script. - Committed the patch by Yoichi Iwaki in bug #2929647, which fixed a memory leak when an 'outbuf' was still allocated when a session was freed. Version 1.2.4 (February 13, 2010) o Resolve compile issues on Solaris x64 and UltraSPARC o Allow compiling with OpenSSL when AES isn't available o Fix Tru64 socklen_t compile issue with example/direct_tcpip.c Version 1.2.3 (February 3, 2010) o Added libssh2_trace_sethandler() o Added the direct_tcpip.c example o Fixed memory leak in userauth_publickey o Added support for authentication via SSH-Agent. By Daiki Ueno. o Respond to unknown SSH_MSG_GLOBAL_REQUEST/SSH_MSG_CHANNEL_REQUEST with SSH_MSG_REQUEST_FAILURE/SSH_MSG_CHANNEL_FAILURE in order to make (at least) OpenSSH server keepalive work. Before OpenSSH servers (configured with a positive ClientAliveInterval) would terminate connections against libssh2 clients because libssh2 did not respond properly to the request. By Simon Josefsson. Version 1.2.2 (November 16, 2009) * This release includes the following changes: o Fix crash when server sends an invalid SSH_MSG_IGNORE message. Reported by Bob Alexander in . By Simon Josefsson. o Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers as per RFC 4344 for libgcrypt and OpenSSL. They are now the preferred ciphers. By Simon Josefsson. o Support for the "arcfour128" cipher as per RFC 4345 for libgcrypt and OpenSSL. It is preferred over the normal "arcfour" cipher which is somewhat broken. By Simon Josefsson. o Add support for GCC visibility features. By Cristian Rodríguez. o Fix libssh2_channel_forward_accept. By Juzna. o Generate Win32 files correctly. By Peter Stuge. o Fix permission issue in ssh2 self test. By Dan Fandrich. o Use memmove instead of memcpy in one place which copies overlapping memory areas. o Cleanup hard coding of cipher modes in libgcrypt backend. By Simon. o Added man page for libssh2_knownhost_free. By Daniel. Version 1.2.1 (September 28, 2009) * This release includes the following changes: o generate and install libssh2.pc ... and the following bugfixes: o proper return codes returned from several functions o return EAGAIN internal cleanup o added knownhost.c to windows makefiles o pass private-key to OpenSSL as a filename with BIO_new_file(). o make libssh2_scp_send/recv do blocking mode correctly o libssh2_channel_wait_closed() could hang o libssh2_channel_read_ex() must return 0 when closed o added gettimeofday() function for win32 for the debug trace outputs o transport layer bug causing invalid -39 (LIBSSH2_ERROR_BAD_USE) errors o scp examples now loop correctly over libssh2_channel_write() * (August 29 2009) Daniel Stenberg: - I fixed all code to use the recently added dedicated linked list functions instead of doing the same stuff spread out all over. - I also fixed a few cases where local variables where used to keep memory but was used to keep state for re-invokes due to non-blocking situations which would lead to segfaults. Version 1.2 (August 10, 2009) ----------------------------- * (August 02 2009) Alexander Lamaison: - changed _libssh2_rsa_new_private and _libssh2_rsa_new_private so that they no longer use the OpenSSL functions that take a FILE* argument. Passing CRT-created objects across a DLL boundary causes crashes on Windows of the DLL and the client aren't linked to the exact same verison of the CRT. Now we pass the keys as strings to avoid this issue. * (May 29 2009) Daniel Stenberg: - Updated the knownhost API and there are now 9 functions, and all of them have man pages. The libssh2.h now defines HAVE_LIBSSH2_KNOWNHOST_API to ease things for applications to check for the correct release before trying to use it. * (May 23 2009) Daniel Stenberg: - Anonymous bug report #2795816 revealed that doing subsequent libssh2_sftp_init() calls on the same session failed. * (May 20 2009) Daniel Stenberg: - made libssh2_sftp_write() properly deal with huge/any sized input buffers. - fixed libssh2_channel_write_ex() to return the correct return code, and deal with sending off huge buffers better * (May 7 2009) Daniel Stenberg: - linked list code. I got a bit tired of the fact that we don't have any generic linked-list functions within libssh2 so I wrote up the first embryo for one that I use for this new functionality. The plan would then be to move all existing code that uses linked lists to use this new set. - base64 encode. I had to add a base64 encoding function which was missing in the code base so it helps to "bloat" my patch. - The knownhost API is currently: _init() - init a bundle of known hosts _add() - add a known host _del() - delete a known host _free() - free an entire bundle of known hosts _check() - check if a host+key is present in the bundle The convenience function: _parsefile() - reads a ~/.ssh/known_hosts file and add all entries to the given bundle - there's no docs other than some comments in the code/headers yet - the patch includes changes to example/simple/ssh2_exec.c that makes use of a few of these functions. Using that I've verified that the functions in fact can verify my localhost's key agains my ~/.ssh/known_hosts file * (Apr 30 2009) Daniel Stenberg: Markus posted a bug report about a bad 0-return from libssh2_channel_read: http://libssh2.haxx.se/mail/libssh2-devel-archive-2009-04/0076.shtml And it was indeed a bad loop that terminated too early due to a receveived close packet. * (Apr 14 2009) Daniel Stenberg: libssh2_poll() and libssh2_poll_channel_read() are now considered and documented deprecated and they will be removed at next soname bump. It also saves us from fixing some rather quirky bugs in libssh2_poll()... Version 1.1 (April 2, 2009) --------------------------- - (Mar 28 2009) Daniel Stenberg: Jean-Louis Charton found a memory leak in libssh2_userauth_hostbased_fromfile_ex() - (Mar 25 2009) Daniel Stenberg: * Renamed the functions in src/transport.c to be _libssh2_transport_ prefixed and introduced a transport.h header. * Fixed the blocking mode to only change behavior not the actual underlying socket mode so we now always work with non-blocking sockets. This also introduces a new rule of thumb in libssh2 code: we don't call the external function calls internally. We use the internal (non-blocking) ones! * libssh2_channel_receive_window_adjust2 was added and libssh2_channel_receive_window_adjust is now deprecated * Introduced "local" header files with prototypes etc for different parts instead of cramming everything into libssh2_priv.h. channel.h is the first. - (Mar 19 2009) Daniel Stenberg: based on a patch by "E L" we now use errno properly after recv() and send() calls (that internally are now known as _libssh2_recv() and _libssh2_send()) so that the API and more works fine on windows too! - (Mar 17 2009) Simon Josefsson: Added a Libtool -export-symbols-regex flag to reduce the number of exported symbols in shared libraries. Reported by Mikhail Gusarov. - (Mar 16 2009) Daniel Stenberg: I renamed a few man pages to match the exact name of the functions they describe. I also added template versions for the 13 functions that previously lacked man pages. While these don't contain any docs just yet, it will now be easier to add the info as the foundation is there! - (Mar 15 2009) Daniel Stenberg: * libssh2_channel_read_ex() was simplified and enhanced. It now adjusts the window less frequent and uses much larger window that now allows MUCH faster transfers. * SCP send/recv now allow file names with whitespaces etc, thanks to a patch by Heiner Steven - (Mar 13 2009) Daniel Stenberg: Cleanups, that do seem to have boosted SFTP download performance up to 300% in some tests: * cut off "_ex" from several internal function names * corrected some log outputs * simplified libssh2_channel_read_ex() and made it much faster in the process * cut out {{{ and }}} comments that were incorrect anyway * fixed sftp_packet_ask() to return the correct packet by using memcmp() and not strncmp() * fixed mkdir()'s wait for packet to use the correct request_id - it semi-worked previously because strncmp() in sftp_packet_ask() made it match far too easily. * took away the polling functionality from sftp_packet_ask() since it wasn't used - (Mar 7 2009) Olivier Hervieu pointed out a flaw in the libssh2_channel_x11_req_ex() function that made it produce a crappy random chunk of data. Peter Stuge improved the fix to not do out-of-boundary writes. I (Daniel Stenberg) replaced the snprintf() with a plain sprintf() since the size argument wasn't adding anything anyway. - (Feb 23 2009) Added libssh2_version() - (Feb 20 2009) libssh2_channel_direct_tcpip_ex() bug #1902169 fixed, which caused it to fail when called a second time. - (Feb 12 2009) Romain Bondue extended Markus Moeller fix from Feb 8, based on a previous (uncommitted) patch by Erik Brossler. It improves libssh2_channel_write_ex in blocking situations when the socket is set non- blocking. - (Feb 8 2009) Markus Moeller fixed a flaw in libssh2_channel_write_ex() that would occur on EAGAIN situations. Version 1.0 (December 26 2008) ------------------------------ - (Dec 20 2008) Based on Alexander Lamaison's patch, there's now a new function called libssh2_sftp_tell64() that returns the 64 bit file offset, as the existing libssh2_sftp_tell() only returns a size_t. - (Dec 18 2008) Markus Moeller fixed the issue also reported by Alexander Lamaison which caused SFTP reads with large buffers to fail. - Several flaws were fixed that prevented at least SFTP to work reliably - Vlad Grachov brought the new function called libssh2_session_block_directions() which returns a bitmask for what directions the connection blocks. It is to be used applications that use non-blocking sockets and when a libssh2 function returns LIBSSH2_ERROR_EAGAIN this function can be used to figure out in which direction the socket would block and thus it can wait for the socket to again be ready for communication in that direction before it calls libssh2 again. - Vincent Jaulin brought the new libssh2_channel_request_pty_size_ex() function. - Carlo Bramini fixed the build for msys+mingw. Bug #1943976. - Neil Gierman provided improved Visual Studio 2008 code in bug #1946268 - Bug #1862727 fixed libssh2_poll() to work on windows (by defining HAVE_SELECT). - Based on bug #1815692, we introduce libssh2_sftp_seek64() that allows seeking beyond the 2GB margin even on 32bit machines. - Based on a patch in bug #1878059 by Steven Ayre libssh2 now parses >2GB file sizes when downloading SCP files. - Bug #2064371 pointed out that the SSH2 banner may not use dash ('-'). Reported by Bjorn Stenborg. - Sean Peterson fixed a key re-exchange bug: http://daniel.haxx.se/projects/libssh2/mail/libssh2-devel-archive-2008-06/0002.shtml - Mike Protts filed the bug report #1908724 that identified and fixed a problem with SFTP stat on files >4GB in size. Previously it used 32bit math only. - Removed a stderr debug message that was accidentally left in (bug #1863153) - OpenSSL and libz detection changed to make cross-compiling to Mingw work. See README for parameters to use if the auto-detection does not work for you. From Simon Josefsson. - Simon Josefsson added a self-test that uses libssh2 to connect to a local sshd (only enabled if if OpenSSH is installed). Version 0.18 (November 11 2007) ------------------------------- - Various changes that improve non-blocking operations and prevent stalls. Especially noticable on Windows since libssh2 just didn't work properly non-blocking on Windows before. - Peter O'Gorman reported how a SCP transfer would hang for him, and it was fairly easy reproducable. One bug was in the transport layer, ignoring to read more data while there was data left even though it couldn't decrypt the data that was left due to it being too little... The other bug was in the channel layer, where the libssh2_channel_receive_window_adjust() function missed to set the state variables at times and thus this function would misbehave on repeated invokes. - Changed the signature of libssh2_channel_setenv_ex to add const to the "varname" parameter (Dan Fandrich) - Satish Mittal and David J Sullivan fixed an infinit recv() loop in libssh2_banner_receive() Version 0.17 (August 6 2007) ---------------------------- Changes since previous version include: o Re-indented the source code with this GNU indent setup: --braces-on-if-line --braces-after-struct-decl-line --space-after-cast --line-length 79 --comment-line-length 79 --cuddle-else --no-tabs --tab-size 8 --indent-level 4 --no-space-after-for --space-after-if --space-after-while --no-space-after-function-call-names Version 0.16 (August 6 2007) ---------------------------- Changes since previous version include: o CRLF stripping fix for PEM reading o libssh2_scp_recv() error message fix o added HACKING as an initial attempt to describe our source code format o new public defines in include/libssh2.h to allow applictions to figure out version number etc o new script (maketgz) to build releases with o updated files for building with MSVC and mingw o keyboard-interactive would always fail due to claimed memory problem o a few minor memory leaks fixed o libssh2_poll() no longer relies on C99 features o AIX 4 and 5 now supports non-blocking sockets o large file magic checks in configure o LIBSSH2_APINO was removed from the public header file This release would not have been possible without these friendly contributors: James Housley, Simon Josefsson, Dan Fandrich, Guenter Knauf and I too did some poking. (Sorry if I forgot anyone I should've mentioned here.) Of course we would have nothing without the great work by Sara Golemon that we're extending and building upon. Version 0.15 (June 15 2007) --------------------------- Added libssh2_sftp_readdir_ex() and updated LIBSSH2_APINO to 200706151200 (James Housley) Converted all of the libssh2 code to be able to work in non-blocking mode. This included some public API changes, listed below (James Housley) Changed function return values: int libssh2_session_free() int libssh2_publickey_shutdown() ssize_t libssh2_channel_read_ex() ssize_t libssh2_channel_write_ex() Added functions: libssh2_session_last_errno(), libssh2_channel_handle_extended_data2(), libssh2_channel_wait_closed(), libssh2_channel_wait_eof(), libssh2_session_set_blocking() Removed functions: libssh2_channel_readnb_ex(), libssh2_channel_writenb_ex(), libssh2_sftp_readnb(), libssh2_sftp_writenb(), libssh2_sftp_mkdirnb_ex() Added the following functions for non-blocking operations: (Daniel Stenberg) libssh2_channel_readnb_ex() libssh2_channel_writenb_ex() libssh2_sftp_readnb() libssh2_sftp_writenb() Size parameter changed from 'int' to 'unsigned int' in several public APIs. Added (a few) man pages in docs/. (Daniel Stenberg) Maximum SSH packet size is now some 35000 bytes. Private include files are now in src/ and only public headers are in include/. (Daniel Stenberg) Automake and libtool are being used (increased portability). (Daniel Stenberg) Fixed OpenSSL detection using pkg-config. (Daniel Stenberg) Simple self test added to tests/. (Simon Josefsson) Libgcrypt can now be used instead of OpenSSL if you specify --with-libgcrypt. (Simon Josefsson) Fixed a memory leak in the packet handling, and better handle out of memory situations. (Dan Fandrich) Made libssh2 build with OpenSSL 0.9.6. (Dan Fandrich) Improved portability to Solaris related to -lsocket and -lnsl. (Simon Josefsson) Clean up of README, INSTALL, NEWS, added ChangeLog. (Simon Josefsson) Improve debugging code. Avoids many #ifdef's. Improved session closing to avoid potentially truncated files on OpenSSH servers (Dan Fandrich) Made some function parameters in the API const (Dan Fandrich) Version 0.14 ------------ Plug leaks in EVP cipher init/shutdown. (Selcuk Gueney) Allow socket_fd == 0 in libssh2_session_startup(). (puudeli) Swap ordering of packet_add/packet-inspection to avoid inspect after free. (Selcuk) Swap KEX_INIT ordering, send our KEX_INIT first. Add check for oportunistic KEX_INIT packets. Burn bad guess if necessary. Fix OpenSSL detection using pkg-config. (Dan Casey) Version 0.13 ------------ Fixed channel not being marked closed when CHANNEL_CLOSE package cannot be sent. (David Robins) Fixed payload packet allocation bug when invalid packet length received. (David Robins) Fixed `make install' target for MacOSX. Add terminating NULL character to readlink()/realpath() results. BugFix#1436593: Apply build options for HPUX targets. Version 0.12 ------------ Added support for publickey subsytem (not the same as publickey auth). Fix x11_req. Multiple packet_len issues and error handling logic. (Thanks Simon Hart) Fix generation of 'e' portion of Diffie-Hellman keyset. Use appropriate order for BN_rand() rather than fixed group1-specific value. Re-fixed libssh2_sftp_rename_ex() Transport had right packet_len, but sftp layer still had extra 4 bytes. Fixed build with newer OpenSSL headers. Added extern "C" declarations to libssh2_sftp.h for C++ compatability. Version 0.11 ------------ Added libssh2_chnnale_get_exit_status() -- Mikhail Added libssh2_channel_wait_closed() -- Mikhail Added libssh2_userauth_keyboard_interactive_ex() -- Mikhail Added libssh2_channel_receive_window_adjust() to be able to increase the size of the receive window. Added queueing for small window_adjust packets to avoid unnecessary packet conversation. Fixed libssh2_sftp_rename_ex() to only send flags parameter if version >= 5 negotiated (not currently possible, but will be and might as well keep the API consistent). Version 0.10 ------------ Added developer debugging hooks. See --enable-debug-* options to ./configure Ignore extended data in the SFTP layer. With no other mechanism to deal with that data it'd just fill up and get stuck. (Re)Fixed channel_write() to provide an opportunity for window space to become available again. (Re)Fixed SFTP INIT to send the correct SFTP packet length. Fixed segfault when client and host can't agree on a hostkey/crypt/mac/comp method. (Thanks puudeli) Fixed major issue with sftp packet buffering mechanism. Using wrong blocking semantics. (No puudeli, YOU the man) Reduced busy-looping of libssh2_sftp_packet_requirev. Version 0.9 ----------- Changed blocking_read to only block as much as necessary and not an arbitrary length of time. (Thanks Felix) Fixed SFTP INIT/VERSION to exclude request_id and send correct maximum version number. Fixed SFTP to be properly BC with version 1 and 2 servers. Fixed libssh2_poll() to recognized closed sessions/channels. Fixed libssh2_channel_write_ex() to fully block when set to blocking mode. Return actual bytes written as well. (Thanks deadem) Added tests for -lm and -lsocket and add them when necessary. Added libssh2_channel_window_read_ex() and libssh2_channel_window_write_ex() for examining the ssh transport windowing states. Version 0.8 ----------- Fix potential segfault in compression/decompression. Fix compatability with older versions of OpenSSL Swapped order of none,zlib compression modes to prefer no compression by default. Added sys/uio.h for platforms (FBSD) which need it in order to define struct iovec. Added libssh2_poll() to check status of sockets/channels/listeners. Removed unnecessary inclusion of stdio.h (holdover from debugging) Version 0.7 ----------- Added libssh2_userauth_hostbased_fromfile_ex() for authenticating from hostkey. Added configure recognition for MacOSX (Darwin) (Thanks Gabe) Fixed extended data identification in libssh2_channel_read(). Fixed window adjust code. Hadn't acknowledged adjustments correctly. Removed initial_window_size requirement for sending window adjust packet. Version 0.6 ----------- Added LIBSSH2_FLAG_SIGPIPE to enable/disable SIGPIPE generated by send()/recv() calls. Default off. Added libssh2_session_flag() to set optional session flags. Collapsed exchanging_keys/newkeys/authenticated flags into single state attribute. Fix zlib compression issue when internal buffer state misses partial sync. Fix segfault when libssh2_session_methods() is called prior to session_startup(). Fixed client to server channel windowing. Pervent send queue overruns. Swapped banner send/receive order (send first, then wait for response). Version 0.5 ----------- *** BC Break *** Reimplemented libssh2_session_methods() to match libssh2_session_method_pref() style Fixed libssh2_attr2bin() (effects any setstat style call). Fixed authenticating with encrypted private key. Fixed authenticating via ssh-dss public key. Fixed KEX_INIT cookie and packet padding to use actual random data Added DESTDIR support to makefiles (Adam Gołębiowski -- I hope that character set translates right) Added libssh2_channel_forward_listen_ex(), libssh2_channel_forward_cancel(), and libssh2_channel_forward_accept(). Added ./configure option '--disable-gex-new' to allow using the older group-exchange format Added MAC methods hmac-md5 and hmac-md5-96. Version 0.4 ----------- Fixed crash when trying to free sftp_dirhandle data from a filehandle struct. Fixed leak in sftp_open_ex(), handle->handle not freed in handle_close(). Fixed leak in sftp_symlink_ex(), result for READLINK and REALPATH not freed unless there was an error. Added libssh2_banner_set(), specify an arbitrary banner to send on introduction. Version 0.3 ----------- Fixed libssh2_channel_read_ex(). Packet loop initialized BEFORE transport polled for new packets (should have been after). Fixed blocking issues in scp_send()/scp_recv(). Fixed degree of indirection in macerror callback. Changed packet read mechanism to use a fixed buffer and avoid unnecessary alloc/free calls. (especially while non-block looping) Added channel close callback. Added SFTP support (Using its own header file: libssh2_sftp.h) Version 0.2 ----------- Changed extended data ignorance mechanism: libssh2_channel_ignore_extended_data() changed to libssh2_channel_handle_extended_data() Macro introduced for backward compatability during beta phase. *** THE LIBSSH2_CHANNEL_IGNORE_EXTENDED_DATA() MACRO WILL BE REMOVED PRIOR TO 1.0 RELEASE *** libssh2_channel_handle_extended_data() may be passed one of three "ignore_mode" constants LIBSSH2_CHANNEL_EXTENDED_DATA_NONE Default behavior, queue ED packets and return them with read_ex LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE Equivalent to libssh2_channel_ignore_extended_data() IGNORE will implicitly flush the extended data stream(s) LIBSSH2_CHANNEL_EXTENDED_DATA_MERGE Calls to channel_read() will check both the standard data stream and the extended data stream(s) for the first available packet Changed libssh2_session_disconnect_ex() to return an error code when alloc fails Added libssh2_channel_flush_ex() and basic macros: ..._flush() ..._flush_stderr() flush_ex accepts either the streamid (0 for standard data, 1 for stderr) or one of the two following constants: LIBSSH2_CHANNEL_FLUSH_ALL Flush all streams LIBSSH2_CHANNEL_FLUSH_EXTENDED_DATA Flush all streams EXCEPT the standard data stream Added libssh2_session_callback_set() for setting ignore/debug/disconnect/macerror callbacks Added libssh2_session_method_pref() to selectively set methods and method preferences. Added libssh2_session_methods() to determine what methods were negotiated. Added libssh2_session_abstract() for retreiving &session->abstract Added libssh2_session_last_error() for retreiving error codes/messages Version 0.1 ----------- Initial Release: KEX methods: diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1 Hostkey methods: ssh-rsa, ssh-dss Cipher methods: aes256-cbc, rijndael-cbc@lysator.liu.se, aes192-cbc, aes128-cbc, blowfish-cbc, arcfour, cast128-cbc, 3des-cbc, none* Compression methods: zlib, none MAC methods: hmac-sha1, hmac-sha1-96, hmac-ripemd160, hmac-ripemd160@openssh.com none* *Cipher/MAC "none" is disabled by default for security purposes, Use --enable-crypt-none and/or --enable-mac-none with ./configure to enable