ssh2/NEWS
Simon Josefsson ea8babf6d1 Add.
2009-12-21 12:30:17 +01:00

677 lines
24 KiB
Plaintext

Version 1.2.3 (unreleased)
o Added support for authentication via SSH-Agent. By Daiki Ueno.
Version 1.2.2 (November 16, 2009)
* This release includes the following changes:
o Fix crash when server sends an invalid SSH_MSG_IGNORE message.
Reported by Bob Alexander <balexander@expressor-software.com> in
<http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2530>.
By Simon Josefsson.
o Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers
as per RFC 4344 for libgcrypt and OpenSSL. They are now the
preferred ciphers. By Simon Josefsson.
o Support for the "arcfour128" cipher as per RFC 4345 for libgcrypt
and OpenSSL. It is preferred over the normal "arcfour" cipher
which is somewhat broken. By Simon Josefsson.
o Add support for GCC visibility features. By Cristian Rodríguez.
o Fix libssh2_channel_forward_accept. By Juzna.
o Generate Win32 files correctly. By Peter Stuge.
o Fix permission issue in ssh2 self test. By Dan Fandrich.
o Use memmove instead of memcpy in one place which copies
overlapping memory areas.
o Cleanup hard coding of cipher modes in libgcrypt backend. By Simon.
o Added man page for libssh2_knownhost_free. By Daniel.
Version 1.2.1 (September 28, 2009)
* This release includes the following changes:
o generate and install libssh2.pc
... and the following bugfixes:
o proper return codes returned from several functions
o return EAGAIN internal cleanup
o added knownhost.c to windows makefiles
o pass private-key to OpenSSL as a filename with BIO_new_file().
o make libssh2_scp_send/recv do blocking mode correctly
o libssh2_channel_wait_closed() could hang
o libssh2_channel_read_ex() must return 0 when closed
o added gettimeofday() function for win32 for the debug trace outputs
o transport layer bug causing invalid -39 (LIBSSH2_ERROR_BAD_USE) errors
o scp examples now loop correctly over libssh2_channel_write()
* (August 29 2009) Daniel Stenberg:
- I fixed all code to use the recently added dedicated linked list functions
instead of doing the same stuff spread out all over.
- I also fixed a few cases where local variables where used to keep memory
but was used to keep state for re-invokes due to non-blocking situations
which would lead to segfaults.
Version 1.2 (August 10, 2009)
-----------------------------
* (August 02 2009) Alexander Lamaison:
- changed _libssh2_rsa_new_private and _libssh2_rsa_new_private so that they
no longer use the OpenSSL functions that take a FILE* argument. Passing
CRT-created objects across a DLL boundary causes crashes on Windows of the
DLL and the client aren't linked to the exact same verison of the CRT. Now
we pass the keys as strings to avoid this issue.
* (May 29 2009) Daniel Stenberg:
- Updated the knownhost API and there are now 9 functions, and all of them
have man pages. The libssh2.h now defines HAVE_LIBSSH2_KNOWNHOST_API to
ease things for applications to check for the correct release before trying
to use it.
* (May 23 2009) Daniel Stenberg:
- Anonymous bug report #2795816 revealed that doing subsequent
libssh2_sftp_init() calls on the same session failed.
* (May 20 2009) Daniel Stenberg:
- made libssh2_sftp_write() properly deal with huge/any sized input buffers.
- fixed libssh2_channel_write_ex() to return the correct return code, and
deal with sending off huge buffers better
* (May 7 2009) Daniel Stenberg:
- linked list code. I got a bit tired of the fact that we don't have any
generic linked-list functions within libssh2 so I wrote up the first embryo
for one that I use for this new functionality. The plan would then be to
move all existing code that uses linked lists to use this new set.
- base64 encode. I had to add a base64 encoding function which was missing
in the code base so it helps to "bloat" my patch.
- The knownhost API is currently:
_init() - init a bundle of known hosts
_add() - add a known host
_del() - delete a known host
_free() - free an entire bundle of known hosts
_check() - check if a host+key is present in the bundle
The convenience function:
_parsefile() - reads a ~/.ssh/known_hosts file and add all entries to the
given bundle
- there's no docs other than some comments in the code/headers yet
- the patch includes changes to example/simple/ssh2_exec.c that makes use of
a few of these functions. Using that I've verified that the functions in
fact can verify my localhost's key agains my ~/.ssh/known_hosts file
* (Apr 30 2009) Daniel Stenberg:
Markus posted a bug report about a bad 0-return from libssh2_channel_read:
http://libssh2.haxx.se/mail/libssh2-devel-archive-2009-04/0076.shtml
And it was indeed a bad loop that terminated too early due to a receveived
close packet.
* (Apr 14 2009) Daniel Stenberg:
libssh2_poll() and libssh2_poll_channel_read() are now considered and
documented deprecated and they will be removed at next soname bump. It also
saves us from fixing some rather quirky bugs in libssh2_poll()...
Version 1.1 (April 2, 2009)
---------------------------
- (Mar 28 2009) Daniel Stenberg:
Jean-Louis Charton found a memory leak in
libssh2_userauth_hostbased_fromfile_ex()
- (Mar 25 2009) Daniel Stenberg:
* Renamed the functions in src/transport.c to be _libssh2_transport_ prefixed
and introduced a transport.h header.
* Fixed the blocking mode to only change behavior not the actual underlying
socket mode so we now always work with non-blocking sockets. This also
introduces a new rule of thumb in libssh2 code: we don't call the
external function calls internally. We use the internal (non-blocking)
ones!
* libssh2_channel_receive_window_adjust2 was added and
libssh2_channel_receive_window_adjust is now deprecated
* Introduced "local" header files with prototypes etc for different parts
instead of cramming everything into libssh2_priv.h. channel.h is the
first.
- (Mar 19 2009) Daniel Stenberg: based on a patch by "E L" we now use errno
properly after recv() and send() calls (that internally are now known as
_libssh2_recv() and _libssh2_send()) so that the API and more works fine on
windows too!
- (Mar 17 2009) Simon Josefsson:
Added a Libtool -export-symbols-regex flag to reduce the number of
exported symbols in shared libraries. Reported by Mikhail Gusarov.
- (Mar 16 2009) Daniel Stenberg:
I renamed a few man pages to match the exact name of the functions they
describe. I also added template versions for the 13 functions that
previously lacked man pages. While these don't contain any docs just yet, it
will now be easier to add the info as the foundation is there!
- (Mar 15 2009) Daniel Stenberg:
* libssh2_channel_read_ex() was simplified and enhanced. It now adjusts the
window less frequent and uses much larger window that now allows MUCH
faster transfers.
* SCP send/recv now allow file names with whitespaces etc, thanks to a patch
by Heiner Steven
- (Mar 13 2009) Daniel Stenberg: Cleanups, that do seem to have boosted SFTP
download performance up to 300% in some tests:
* cut off "_ex" from several internal function names
* corrected some log outputs
* simplified libssh2_channel_read_ex() and made it much faster in the process
* cut out {{{ and }}} comments that were incorrect anyway
* fixed sftp_packet_ask() to return the correct packet by using memcmp() and
not strncmp()
* fixed mkdir()'s wait for packet to use the correct request_id - it
semi-worked previously because strncmp() in sftp_packet_ask() made it
match far too easily.
* took away the polling functionality from sftp_packet_ask() since it wasn't
used
- (Mar 7 2009) Olivier Hervieu pointed out a flaw in the
libssh2_channel_x11_req_ex() function that made it produce a crappy random
chunk of data. Peter Stuge improved the fix to not do out-of-boundary
writes. I (Daniel Stenberg) replaced the snprintf() with a plain sprintf()
since the size argument wasn't adding anything anyway.
- (Feb 23 2009) Added libssh2_version()
- (Feb 20 2009) libssh2_channel_direct_tcpip_ex() bug #1902169 fixed, which
caused it to fail when called a second time.
- (Feb 12 2009) Romain Bondue extended Markus Moeller fix from Feb 8, based on
a previous (uncommitted) patch by Erik Brossler. It improves
libssh2_channel_write_ex in blocking situations when the socket is set non-
blocking.
- (Feb 8 2009) Markus Moeller fixed a flaw in libssh2_channel_write_ex() that
would occur on EAGAIN situations.
Version 1.0 (December 26 2008)
------------------------------
- (Dec 20 2008) Based on Alexander Lamaison's patch, there's now a new
function called libssh2_sftp_tell64() that returns the 64 bit file offset,
as the existing libssh2_sftp_tell() only returns a size_t.
- (Dec 18 2008) Markus Moeller fixed the issue also reported by Alexander
Lamaison which caused SFTP reads with large buffers to fail.
- Several flaws were fixed that prevented at least SFTP to work reliably
- Vlad Grachov brought the new function called
libssh2_session_block_directions() which returns a bitmask for what
directions the connection blocks. It is to be used applications that use
non-blocking sockets and when a libssh2 function returns
LIBSSH2_ERROR_EAGAIN this function can be used to figure out in which
direction the socket would block and thus it can wait for the socket to
again be ready for communication in that direction before it calls libssh2
again.
- Vincent Jaulin brought the new libssh2_channel_request_pty_size_ex()
function.
- Carlo Bramini fixed the build for msys+mingw. Bug #1943976.
- Neil Gierman provided improved Visual Studio 2008 code in bug #1946268
- Bug #1862727 fixed libssh2_poll() to work on windows (by defining
HAVE_SELECT).
- Based on bug #1815692, we introduce libssh2_sftp_seek64() that allows
seeking beyond the 2GB margin even on 32bit machines.
- Based on a patch in bug #1878059 by Steven Ayre libssh2 now parses >2GB file
sizes when downloading SCP files.
- Bug #2064371 pointed out that the SSH2 banner may not use dash
('-'). Reported by Bjorn Stenborg.
- Sean Peterson fixed a key re-exchange bug:
http://daniel.haxx.se/projects/libssh2/mail/libssh2-devel-archive-2008-06/0002.shtml
- Mike Protts filed the bug report #1908724 that identified and fixed a problem
with SFTP stat on files >4GB in size. Previously it used 32bit math only.
- Removed a stderr debug message that was accidentally left in (bug #1863153)
- OpenSSL and libz detection changed to make cross-compiling to Mingw
work. See README for parameters to use if the auto-detection does
not work for you. From Simon Josefsson.
- Simon Josefsson added a self-test that uses libssh2 to connect to a
local sshd (only enabled if if OpenSSH is installed).
Version 0.18 (November 11 2007)
-------------------------------
- Various changes that improve non-blocking operations and prevent stalls.
Especially noticable on Windows since libssh2 just didn't work properly
non-blocking on Windows before.
- Peter O'Gorman reported how a SCP transfer would hang for him, and it was
fairly easy reproducable. One bug was in the transport layer, ignoring to
read more data while there was data left even though it couldn't decrypt the
data that was left due to it being too little... The other bug was in the
channel layer, where the libssh2_channel_receive_window_adjust() function
missed to set the state variables at times and thus this function would
misbehave on repeated invokes.
- Changed the signature of libssh2_channel_setenv_ex to add const to the
"varname" parameter (Dan Fandrich)
- Satish Mittal and David J Sullivan fixed an infinit recv() loop in
libssh2_banner_receive()
Version 0.17 (August 6 2007)
----------------------------
Changes since previous version include:
o Re-indented the source code with this GNU indent setup:
--braces-on-if-line
--braces-after-struct-decl-line
--space-after-cast
--line-length 79
--comment-line-length 79
--cuddle-else
--no-tabs
--tab-size 8
--indent-level 4
--no-space-after-for
--space-after-if
--space-after-while
--no-space-after-function-call-names
Version 0.16 (August 6 2007)
----------------------------
Changes since previous version include:
o CRLF stripping fix for PEM reading
o libssh2_scp_recv() error message fix
o added HACKING as an initial attempt to describe our source code format
o new public defines in include/libssh2.h to allow applictions to figure out
version number etc
o new script (maketgz) to build releases with
o updated files for building with MSVC and mingw
o keyboard-interactive would always fail due to claimed memory problem
o a few minor memory leaks fixed
o libssh2_poll() no longer relies on C99 features
o AIX 4 and 5 now supports non-blocking sockets
o large file magic checks in configure
o LIBSSH2_APINO was removed from the public header file
This release would not have been possible without these friendly contributors:
James Housley, Simon Josefsson, Dan Fandrich, Guenter Knauf and I too did
some poking. (Sorry if I forgot anyone I should've mentioned here.)
Of course we would have nothing without the great work by Sara Golemon that
we're extending and building upon.
Version 0.15 (June 15 2007)
---------------------------
Added libssh2_sftp_readdir_ex() and updated LIBSSH2_APINO to
200706151200 (James Housley)
Converted all of the libssh2 code to be able to work in non-blocking
mode. This included some public API changes, listed below (James Housley)
Changed function return values:
int libssh2_session_free()
int libssh2_publickey_shutdown()
ssize_t libssh2_channel_read_ex()
ssize_t libssh2_channel_write_ex()
Added functions:
libssh2_session_last_errno(), libssh2_channel_handle_extended_data2(),
libssh2_channel_wait_closed(), libssh2_channel_wait_eof(),
libssh2_session_set_blocking()
Removed functions:
libssh2_channel_readnb_ex(), libssh2_channel_writenb_ex(),
libssh2_sftp_readnb(), libssh2_sftp_writenb(),
libssh2_sftp_mkdirnb_ex()
Added the following functions for non-blocking operations: (Daniel Stenberg)
libssh2_channel_readnb_ex()
libssh2_channel_writenb_ex()
libssh2_sftp_readnb()
libssh2_sftp_writenb()
Size parameter changed from 'int' to 'unsigned int' in several
public APIs.
Added (a few) man pages in docs/. (Daniel Stenberg)
Maximum SSH packet size is now some 35000 bytes.
Private include files are now in src/ and only public headers are in
include/. (Daniel Stenberg)
Automake and libtool are being used (increased portability). (Daniel
Stenberg)
Fixed OpenSSL detection using pkg-config. (Daniel Stenberg)
Simple self test added to tests/. (Simon Josefsson)
Libgcrypt can now be used instead of OpenSSL if you specify
--with-libgcrypt. (Simon Josefsson)
Fixed a memory leak in the packet handling, and better handle out of
memory situations. (Dan Fandrich)
Made libssh2 build with OpenSSL 0.9.6. (Dan Fandrich)
Improved portability to Solaris related to -lsocket and
-lnsl. (Simon Josefsson)
Clean up of README, INSTALL, NEWS, added ChangeLog. (Simon
Josefsson)
Improve debugging code. Avoids many #ifdef's.
Improved session closing to avoid potentially truncated files on
OpenSSH servers (Dan Fandrich)
Made some function parameters in the API const (Dan Fandrich)
Version 0.14
------------
Plug leaks in EVP cipher init/shutdown. (Selcuk Gueney)
Allow socket_fd == 0 in libssh2_session_startup(). (puudeli)
Swap ordering of packet_add/packet-inspection to avoid inspect after
free. (Selcuk)
Swap KEX_INIT ordering, send our KEX_INIT first.
Add check for oportunistic KEX_INIT packets. Burn bad guess if necessary.
Fix OpenSSL detection using pkg-config. (Dan Casey)
Version 0.13
------------
Fixed channel not being marked closed when CHANNEL_CLOSE package cannot be
sent. (David Robins)
Fixed payload packet allocation bug when invalid packet length
received. (David Robins)
Fixed `make install' target for MacOSX.
Add terminating NULL character to readlink()/realpath() results.
BugFix#1436593: Apply build options for HPUX targets.
Version 0.12
------------
Added support for publickey subsytem (not the same as publickey auth).
Fix x11_req. Multiple packet_len issues and error handling logic.
(Thanks Simon Hart)
Fix generation of 'e' portion of Diffie-Hellman keyset.
Use appropriate order for BN_rand() rather than fixed group1-specific value.
Re-fixed libssh2_sftp_rename_ex()
Transport had right packet_len, but sftp layer still had extra 4 bytes.
Fixed build with newer OpenSSL headers.
Added extern "C" declarations to libssh2_sftp.h for C++ compatability.
Version 0.11
------------
Added libssh2_chnnale_get_exit_status() -- Mikhail
Added libssh2_channel_wait_closed() -- Mikhail
Added libssh2_userauth_keyboard_interactive_ex() -- Mikhail
Added libssh2_channel_receive_window_adjust() to be able to increase the
size of the receive window.
Added queueing for small window_adjust packets to avoid unnecessary packet
conversation.
Fixed libssh2_sftp_rename_ex() to only send flags parameter if version >= 5
negotiated (not currently possible, but will be and might as well keep the
API consistent).
Version 0.10
------------
Added developer debugging hooks. See --enable-debug-* options to ./configure
Ignore extended data in the SFTP layer. With no other mechanism to deal
with that data it'd just fill up and get stuck.
(Re)Fixed channel_write() to provide an opportunity for window space to
become available again.
(Re)Fixed SFTP INIT to send the correct SFTP packet length.
Fixed segfault when client and host can't agree on a hostkey/crypt/mac/comp
method. (Thanks puudeli)
Fixed major issue with sftp packet buffering mechanism. Using wrong
blocking semantics. (No puudeli, YOU the man)
Reduced busy-looping of libssh2_sftp_packet_requirev.
Version 0.9
-----------
Changed blocking_read to only block as much as necessary and not an
arbitrary length of time. (Thanks Felix)
Fixed SFTP INIT/VERSION to exclude request_id and send correct maximum
version number.
Fixed SFTP to be properly BC with version 1 and 2 servers.
Fixed libssh2_poll() to recognized closed sessions/channels.
Fixed libssh2_channel_write_ex() to fully block when set to blocking mode.
Return actual bytes written as well. (Thanks deadem)
Added tests for -lm and -lsocket and add them when necessary.
Added libssh2_channel_window_read_ex() and libssh2_channel_window_write_ex()
for examining the ssh transport windowing states.
Version 0.8
-----------
Fix potential segfault in compression/decompression.
Fix compatability with older versions of OpenSSL
Swapped order of none,zlib compression modes to prefer no compression by
default.
Added sys/uio.h for platforms (FBSD) which need it in order to define struct
iovec.
Added libssh2_poll() to check status of sockets/channels/listeners.
Removed unnecessary inclusion of stdio.h (holdover from debugging)
Version 0.7
-----------
Added libssh2_userauth_hostbased_fromfile_ex() for authenticating from hostkey.
Added configure recognition for MacOSX (Darwin) (Thanks Gabe)
Fixed extended data identification in libssh2_channel_read().
Fixed window adjust code. Hadn't acknowledged adjustments correctly.
Removed initial_window_size requirement for sending window adjust packet.
Version 0.6
-----------
Added LIBSSH2_FLAG_SIGPIPE to enable/disable SIGPIPE generated by
send()/recv() calls. Default off.
Added libssh2_session_flag() to set optional session flags.
Collapsed exchanging_keys/newkeys/authenticated flags into single state
attribute.
Fix zlib compression issue when internal buffer state misses partial sync.
Fix segfault when libssh2_session_methods() is called prior to
session_startup().
Fixed client to server channel windowing. Pervent send queue overruns.
Swapped banner send/receive order (send first, then wait for response).
Version 0.5
-----------
*** BC Break ***
Reimplemented libssh2_session_methods() to match
libssh2_session_method_pref() style
Fixed libssh2_attr2bin() (effects any setstat style call).
Fixed authenticating with encrypted private key.
Fixed authenticating via ssh-dss public key.
Fixed KEX_INIT cookie and packet padding to use actual random data
Added DESTDIR support to makefiles (Adam Go³êbiowski -- I hope that
character set translates right)
Added libssh2_channel_forward_listen_ex(), libssh2_channel_forward_cancel(),
and libssh2_channel_forward_accept().
Added ./configure option '--disable-gex-new' to allow using the older
group-exchange format
Added MAC methods hmac-md5 and hmac-md5-96.
Version 0.4
-----------
Fixed crash when trying to free sftp_dirhandle data from a filehandle struct.
Fixed leak in sftp_open_ex(), handle->handle not freed in handle_close().
Fixed leak in sftp_symlink_ex(), result for READLINK and REALPATH not freed unless there was an error.
Added libssh2_banner_set(), specify an arbitrary banner to send on introduction.
Version 0.3
-----------
Fixed libssh2_channel_read_ex(). Packet loop initialized BEFORE transport polled for new packets (should have been after).
Fixed blocking issues in scp_send()/scp_recv().
Fixed degree of indirection in macerror callback.
Changed packet read mechanism to use a fixed buffer and avoid unnecessary alloc/free calls. (especially while non-block looping)
Added channel close callback.
Added SFTP support (Using its own header file: libssh2_sftp.h)
Version 0.2
-----------
Changed extended data ignorance mechanism:
libssh2_channel_ignore_extended_data() changed to libssh2_channel_handle_extended_data()
Macro introduced for backward compatability during beta phase.
*** THE LIBSSH2_CHANNEL_IGNORE_EXTENDED_DATA() MACRO WILL BE REMOVED PRIOR TO 1.0 RELEASE ***
libssh2_channel_handle_extended_data() may be passed one of three "ignore_mode" constants
LIBSSH2_CHANNEL_EXTENDED_DATA_NONE Default behavior, queue ED packets and return them with read_ex
LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE Equivalent to libssh2_channel_ignore_extended_data()
IGNORE will implicitly flush the extended data stream(s)
LIBSSH2_CHANNEL_EXTENDED_DATA_MERGE Calls to channel_read() will check both the standard data stream
and the extended data stream(s) for the first available packet
Changed libssh2_session_disconnect_ex() to return an error code when alloc fails
Added libssh2_channel_flush_ex() and basic macros: ..._flush() ..._flush_stderr()
flush_ex accepts either the streamid (0 for standard data, 1 for stderr) or one of the two following constants:
LIBSSH2_CHANNEL_FLUSH_ALL Flush all streams
LIBSSH2_CHANNEL_FLUSH_EXTENDED_DATA Flush all streams EXCEPT the standard data stream
Added libssh2_session_callback_set() for setting ignore/debug/disconnect/macerror callbacks
Added libssh2_session_method_pref() to selectively set methods and method preferences.
Added libssh2_session_methods() to determine what methods were negotiated.
Added libssh2_session_abstract() for retreiving &session->abstract
Added libssh2_session_last_error() for retreiving error codes/messages
Version 0.1
-----------
Initial Release:
KEX methods: diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1
Hostkey methods: ssh-rsa, ssh-dss
Cipher methods: aes256-cbc, rijndael-cbc@lysator.liu.se, aes192-cbc, aes128-cbc, blowfish-cbc, arcfour, cast128-cbc, 3des-cbc, none*
Compression methods: zlib, none
MAC methods: hmac-sha1, hmac-sha1-96, hmac-ripemd160, hmac-ripemd160@openssh.com none*
*Cipher/MAC "none" is disabled by default for security purposes,
Use --enable-crypt-none and/or --enable-mac-none with ./configure to enable