Skip to content

Commit

Permalink
Squashed commit of the following:
Browse files Browse the repository at this point in the history
commit f0e23dae9128185d1af4345360f0bd712d593a07
Author: Viktor Szakats <[email protected]>
Date:   Sat Dec 9 21:37:39 2023 +0000

    RELEASE-NOTES: synced [ci skip]

    Closes #1279

commit d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a
Author: Michael Buckley <[email protected]>
Date:   Thu Nov 30 15:08:02 2023 -0800

    src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"

    Refs:
    https://terrapin-attack.com/
    https://seclists.org/oss-sec/2023/q4/292
    https://osv.dev/list?ecosystem=&q=CVE-2023-48795
    https://github.com/advisories/GHSA-45x7-px36-x8w8
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795

    Fixes #1290
    Closes #1291

commit c0f69548be902147ce014ffa40b8db3cf1d4b0b4
Author: Viktor Szakats <[email protected]>
Date:   Wed Dec 13 15:29:00 2023 +0000

    session: add `libssh2_session_callback_set2()`

    Add new `libssh2_session_callback_set2()` API that deprecates
    `libssh2_session_callback_set()`.

    The new implementation offers the same functionality, but accepts and
    returns a generic function pointer (of type `libssh2_cb_generic *`), as
    opposed to the old function that used data pointers (`void *`). The new
    solution thus avoids data to function (and vice versa) pointer
    conversions, which has undefined behaviour in standard C.

    About the name: It seems the `*2` suffix was used in the past for
    replacement functions for deprecated ones. Let's stick with that.
    `*_ex` was preferred for new functions that extend existing ones with
    new features.

    Closes #1285

commit 3ec53f3ea26f61cbf2e0fbbeccb852fca7f9b156
Author: Viktor Szakats <[email protected]>
Date:   Thu Dec 14 16:46:09 2023 +0000

    build: enable `-pedantic-errors`

    According to the manual, this isn't the same as `-Werror -pedantic`.
    Enable it together with `-Werror`.

    https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-pedantic-errors-1

    This option results in autotools feature detection going into crazies.
    To avoid this, we add it to `CFLAGS` late. Idea copied from curl.

    This option has an effect only with gcc 5.0 and newer as of this commit.
    Let's enable it for clang and older versions too for simplicity. Ref:
    https://github.com/curl/curl/commit/d5c0351055d5709da8f3e16c91348092fdb481aa
    https://github.com/curl/curl/pull/2747

    Closes #1286

commit f8c457943997b1f034993950e48ec19f90d2a7a1
Author: Viktor Szakats <[email protected]>
Date:   Thu Dec 14 22:54:22 2023 +0000

    build: add mingw-w64 support to `LIBSSH2_PRINTF()` attribute

    And fix the warning it detected.

    Closes #1287

commit 9839ebe5e9f2df84459dd0f71eceb1bbc3c5d5eb
Author: Viktor Szakats <[email protected]>
Date:   Sat Dec 16 12:25:51 2023 +0000

    libssh2.h: add deprecated function warnings

    With deprecated-at versions and suggested replacement function.

    It's possible to silence them by defining `LIBSSH2_DISABLE_DEPRECATION`.

    Also add depcreated-at versions to documentation, and unify wording.

    Ref: https://github.com/libssh2/libssh2/pull/1260#issuecomment-1837017987
    Closes #1289

commit fc24735f618af190823657cb75919b830d6c44cf
Author: Viktor Szakats <[email protected]>
Date:   Thu Dec 14 19:18:15 2023 +0000

    ci/spellcheck: delete redundant option [ci skip]

    `--check-hidden` not necessary when passing filenames explicitly.

    Follow-up to a79218d3a058a333bb9de14079548a3511679a04

commit 7010049969592f7c355cf062e68c18c8003ed605
Author: Viktor Szakats <[email protected]>
Date:   Thu Dec 14 20:14:55 2023 +0000

    tidy-up: add empty line for clarity [ci skip]

commit ac68fbe475e6e02f43610367fe28257a8924a4ec
Author: Viktor Szakats <[email protected]>
Date:   Wed Dec 13 06:32:54 2023 +0000

    build: FIXME `-Wsign-conversion` to be errors [ci skip]

commit 6e451669eabcc5ec1ed5c7979c96945092120e9a
Author: Viktor Szakats <[email protected]>
Date:   Wed Dec 13 01:34:35 2023 +0000

    src: disable `-Wsign-conversion` warnings, add option to re-enable

    To avoid the log noise till we fix those ~360 compiler warnings.

    Also add macro `LIBSSH2_WARN_SIGN_CONVERSION` to re-enable them.

    Follow-up to afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257

    Closes #1284

commit 0f45dafe5eb95d0d2f6c9369e9d2c69c7b7ed79c
Author: Viktor Szakats <[email protected]>
Date:   Wed Dec 13 02:41:05 2023 +0000

    cmake: fix indentation [ci skip]

commit 94b6bad3c8aa17fc852d86efa52c28c4f105531f
Author: Viktor Szakats <[email protected]>
Date:   Wed Dec 13 00:14:45 2023 +0000

    example, tests: call `WSACleanup()` for each `WSAStartup()`

    On Windows.

    Closes #1283

commit 52c382f7aae2a8bff4ce3b4b83d18dde30ea11e2
Author: Viktor Szakats <[email protected]>
Date:   Sat Dec 9 21:01:49 2023 +0000

    RELEASE-NOTES: update credits [ci skip]

    Ref: https://github.com/libssh2/libssh2/pull/1241#issuecomment-1830118584

commit b77504837cade82c004b71b74a26a8bb76c04793
Author: Viktor Szakats <[email protected]>
Date:   Sat Dec 9 19:00:31 2023 +0000

    RELEASE-NOTES: avoid splitting names, fix typo, refine order [ci skip]

commit 747862c0e2b7c1ed0650860df3f8b4e385a221f1
Author: Viktor Szakats <[email protected]>
Date:   Sat Dec 9 17:37:17 2023 +0000

    RELEASE-NOTES: synced [ci skip]

commit 28dbf01667d8b28d0d9606c9fd474553b93e67a5
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 8 02:22:48 2023 +0000

    add portable `LIBSSH2_SOCKET_CLOSE()` macro

    Add `LIBSSH2_SOCKET_CLOSE()` to the public `libssh2.h` header, for user
    code. It translates to `closesocket()` on Windows and `close()` on other
    platforms.

    Use it in example code.

    It makes them more readable by reducing the number of `_WIN32` guards.

    Closes #1278

commit 46333adfb81dabc139d7ee88e510798dd7bc61fe
Author: Viktor Szakats <[email protected]>
Date:   Thu Dec 7 20:49:34 2023 +0000

    ci: add FreeBSD 14 job, fix issues

    - install bash to fix error when running tests:
      ```
      ERROR: test_sshd.test - missing test plan
      ERROR: test_sshd.test - exited with status 127 (command not found?)
      =====================================
      [...]
      # TOTAL: 4
      # PASS:  2
      # SKIP:  0
      # XFAIL: 0
      # FAIL:  0
      # XPASS: 0
      # ERROR: 2
      [...]
      env: bash: No such file or directory
      ```
      Ref: https://github.com/libssh2/libssh2/actions/runs/7133852508/job/19427420687#step:3:3998

    - fix sshd issue when running tests:
      ```
        # sshd log:
        #  Server listening on :: port 4711.
        #  Server listening on 0.0.0.0 port 4711.
        #  Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/key_rsa.pub
        #  Authentication refused: bad ownership or modes for file /home/runner/work/libssh2/libssh2/tests/openssh_server/authorized_keys
      ```
      Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429828342#step:3:4059

    Cherry-picked from #1277
    Closes #1277

commit 5e0ec99134cf5800b70df947d04daff57b9bbc30
Author: Viktor Szakats <[email protected]>
Date:   Thu Dec 7 21:06:09 2023 +0000

    ci: add OmniOS job, fix issues

    - use GNU Make, to avoid errors:
      ```
      make: Fatal error in reader: Makefile, line 983: Badly formed macro assignment
      ```
      Ref: https://github.com/libssh2/libssh2/actions/runs/7134629175/job/19429838379#step:3:1956

      Caused by `?=` in `Makefile.am`. Fix it just in case.

      ```
      make: Fatal error in reader: Makefile, line 438: Unexpected end of line seen
      ```
      Ref: https://github.com/libssh2/libssh2/actions/runs/7135524843/job/19432451767#step:3:1966

      It's around line 43 in `Makefile.am`, reason undiscovered.

    - fix error:
      ```
      ../../src/hostkey.c:1227:44: error: pointer targets in passing argument 5 of '_libssh2_ed25519_sign' differ in signedness [-Werror=pointer-sign]
         1227 |                                  datavec[0].iov_base, datavec[0].iov_len);
              |                                  ~~~~~~~~~~^~~~~~~~~
              |                                            |
              |                                            caddr_t {aka char *}
      ```
      Ref: https://github.com/libssh2/libssh2/actions/runs/7135102832/job/19431233967#step:3:2225

      https://docs.oracle.com/cd/E36784_01/html/E36887/iovec-9s.html

    - FIXME: new `-Wsign-conversion` warnings appeared in examples:
      ```
      ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
        251 |         FD_SET(forwardsock, &fds);
            |         ^~~~~~
      ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
      ../../example/direct_tcpip.c:251:9: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
      ../../example/direct_tcpip.c:251:9: warning: conversion to 'long int' from 'long unsigned int' may change the sign of the result [-Wsign-conversion]
      ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
        259 |         if(rc && FD_ISSET(forwardsock, &fds)) {
            |                  ^~~~~~~~
      ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'libssh2_socket_t' {aka 'int'} may change the sign of the result [-Wsign-conversion]
      ../../example/direct_tcpip.c:259:18: warning: conversion to 'long unsigned int' from 'long int' may change the sign of the result [-Wsign-conversion]
      [...]
      ```
      Ref: https://github.com/libssh2/libssh2/actions/runs/7136086865/job/19433997429#step:3:3450

    Cherry-picked from #1277

commit 3f60ccb76bc825899fe9f933b9355d4ad6ca9766
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 8 01:07:57 2023 +0000

    example: use `libssh2_socket_t` in X11 example

    Cherry-picked from #1277

commit 798ed4a7e54ddb87b3ec2342a453b66cf2945bc7
Author: Aaron Stone <[email protected]>
Date:   Fri Jun 2 13:37:14 2023 -0700

    Handle EINTR from send/recv/poll/select to try again as the error is not fatal

    Integration-patches-by: Viktor Szakats
    Fixes #955
    Closes #1058

commit d0a7f1da2104ca8b15263aa143a9bc42ea2081af
Author: Viktor Szakats <[email protected]>
Date:   Wed Dec 6 11:35:22 2023 +0000

    appveyor: delete UWP job broken since Visual Studio upgrade

    Few days ago UWP job started permafailing.

    fail: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48678129/job/yb8n2pox8mfjwv6m
    good: https://ci.appveyor.com/project/libssh2org/libssh2/builds/48673013

    Other projects also affected:
    https://ci.appveyor.com/project/c-ares/c-ares/builds/48687390/job/l0fo4b0sijvqkw9r

    No related local update. Same CMake version. Same CI image.

    This seems to be the culprit, which could mean that this update broke
    CMake detection, needs a different CMake configuration on our end, or
    that this MSVC update pulled support for UWP apps:

    fail: -- The C compiler identification is MSVC 19.38.33130.0 (~ Visual Studio 2022 v17.8)
    good: -- The C compiler identification is MSVC 19.37.32825.0 (~ Visual Studio 2022 v17.7)

    If this is v17.8, release notes don't readily suggest a feature removal:
    https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.8

    So it might just be UWP accidentally broken in this release.

    Closes #1275

commit 8cd473c9303007b925d61658846a3f2bccf67735
Author: Viktor Szakats <[email protected]>
Date:   Wed Dec 6 01:10:03 2023 +0000

    checksrc: sync with curl

    Closes #1272

commit e051ae343aca7bee7f586b1ace41f6a827fa011d
Author: Viktor Szakats <[email protected]>
Date:   Tue Dec 5 23:41:39 2023 +0000

    autotools: delete `--disable-tests` option, fix CI tests

    Originally added to improve build performance by skipping building
    tests. But, there seems to be no point in this, because autotools
    doesn't build tests by default, unless explicitly invoking
    `make check`.

    Delete this option from Cygwin and FreeBSD CI tests, where it caused
    `make check` to do nothing. Tests are built now, and runtime tests are
    too, where supported.

    Also disable Docker-based tests for these, and add a missing `make -j3`
    for FreeBSD.

    Reverts 7483edfada1f7e17cf8f9ac1c87ffa3d814c987e #715

    Closes #1271

commit b1414503f51c9421557a3d4784b113a84d42c003
Author: ren mingshuai <[email protected]>
Date:   Wed Dec 6 07:14:53 2023 +0800

    build: add `LIBSSH2_NO_DEPRECATED` option (#1266)

    The following APIs have been deprecated for over 10 years and
    use `LIBSSH2_NO_DEPRECATED` to mark them as deprecated:

    libssh2_session_startup()
    libssh2_banner_set()
    libssh2_channel_receive_window_adjust()
    libssh2_channel_handle_extended_data()
    libssh2_scp_recv()

    Add these options to disable them:
    - autotools: `--disable-deprecated`
    - cmake: `-DLIBSSH2_NO_DEPRECATED=ON`
    - `CPPFLAGS`: `-DLIBSSH2_NO_DEPRECATED`

    Fixes #1259
    Replaces #1260
    Co-authored-by: Viktor Szakats
    Closes #1267

commit a3f5594a96bca6f56356c997ab463ff165360990
Author: Viktor Szakats <[email protected]>
Date:   Mon Dec 4 22:46:01 2023 +0000

    autotools: show the default for `hidden-symbols` option

    Closes #1269

commit 2e5a8719d7db495ae346ce58388f875386233300
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 19:29:28 2023 +0000

    tidy-up: bump casts from int to long for large C99 types in printfs

    Cast large integer types to avoid dealing with printf masks for
    `size_t` and other C99 types. Some of existing code used `int`
    for this, bump them to `long`.

    Ref: afa6b865604019ab27ec033294edfe3ded9ae0c0 #1257

    Closes #1264

commit afa6b865604019ab27ec033294edfe3ded9ae0c0
Author: Viktor Szakats <[email protected]>
Date:   Thu Nov 30 23:35:11 2023 +0000

    build: enable missing OpenSSF-recommended warnings, with fixes

    Ref:
    https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
    (2023-11-29)

    Enable new warnings:

    - replace `-Wno-sign-conversion` with `-Wsign-conversion`.

      Fix them in example, tests and wincng. There remain about 360 of these
      warnings in `src`. Add a TODO item for those and disable `-Werror` for
      this particular warning.

    - enable `-Wformat=2` for clang (in both cmake and autotools).

    - enable `__attribute__((format))` for `_libssh2_debug()`,
      `_libssh2_snprintf()` and in tests for `run_command()`.

      `LIBSSH2_PRINTF()` copied from `CURL_TEMP_PRINTF()` in curl.

    - enable `-Wimplicit-fallthrough`.

    - enable `-Wtrampolines`.

    Fix them:

    - src: replace obsolete fall-through-comments with
      `__attribute__((fallthrough))`.

    - wincng: fix `-Wsign-conversion` warnings.

    - tests: fix `-Wsign-conversion` warnings.

    - example: fix `-Wsign-conversion` warnings.

    - src: fix `-Wformat` issues in trace calls.

      Also, where necessary fix `int` and `unsigned char` casts to
      `unsigned int` and adjust printf format strings. These were not
      causing compiler warnings.

      Cast large types to `long` to avoid dealing with printf masks for
      `size_t` and other C99 types. Existing code often used `int` for this.
      I'll update them to `long` in an upcoming commit.

    - tests: fix `-Wformat` warning.

    - silence `-Wformat-nonliteral` warnings.

    - mbedtls: silence `-Wsign-conversion`/`-Warith-conversion`
      in external header.

    Closes #1257

commit e0a0466490dc6b669a2b2ce4f62745dea5e0b8f3
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 17:27:23 2023 +0000

    packet: whitespace fix

    Tested via #1257

commit b136c37998c152530c44672252be511ed2d4a10f
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 14:41:33 2023 +0000

    tidy-up: unsigned -> unsigned int

    In the `interval` argument of public `libssh2_keepalive_config()`.

    Tested via #1257

commit eb996af851c046d040f89caedde0e28c7a7cf84d
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 14:44:50 2023 +0000

    tests: sync port number type with the rest of codebase

    Tested via #1257

commit ecdf519911a62dc3051bb0e645defe2b56543912
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 17:02:13 2023 +0000

    autotools: enable `-Wunused-macros` with gcc

    It works with gcc without the libtool warnings seen with clang
    on Windows in 96682bd5e14c20828e18bf10ed5b4b5c7543924a #1227.

    Sync usage of of this macro with CMake and
    autotools + clang + non-Windows. Making it enabled everywhere except
    autotools + clang + Windows due to the libtool stub issue.

    Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224

    Closes #1262

commit 0b4bdc856f9e06a75e6675aad9d7f777ac3eb060
Author: Viktor Szakats <[email protected]>
Date:   Sat Dec 2 03:16:08 2023 +0000

    TODO: disable or drop weak algos [ci skip]

    Closes #1261

commit 744e059f310ab7832f6781f673474e2924d02b4e
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 03:19:04 2023 +0000

    example, tests: fix/silence `-Wformat-truncation=2` gcc warnings

    Then sync this warning option with curl.

    Seems like a false positive and/or couldn't figure how to fix it, so silence:
    ```
    example/ssh2.c:227:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
      227 |             snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
          |                                      ^~
    example/ssh2.c:227:34: note: assuming directive output of 1 byte
      227 |             snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
          |                                  ^~~~~~~
    example/ssh2.c:227:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
      227 |             snprintf(fn1, fn1sz, "%s/%s", h, pubkey);
          |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    example/ssh2.c:228:38: error: '%s' directive output may be truncated writing likely 1 or more bytes into a region of size 0 [-Werror=format-truncation=]
      228 |             snprintf(fn2, fn2sz, "%s/%s", h, privkey);
          |                                      ^~
    example/ssh2.c:228:34: note: assuming directive output of 1 byte
      228 |             snprintf(fn2, fn2sz, "%s/%s", h, privkey);
          |                                  ^~~~~~~
    example/ssh2.c:228:13: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 2
      228 |             snprintf(fn2, fn2sz, "%s/%s", h, privkey);
          |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ```
    Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205970397#step:10:98

    Fix:
    ```
    tests/openssh_fixture.c:116:38: error: ' 2>&1' directive output may be truncated writing 5 bytes into a region of size between 1 and 1024 [-Werror=format-truncation=]
    tests/openssh_fixture.c:116:11: note: 'snprintf' output between 6 and 1029 bytes into a destination of size 1024
    ```
    Ref: https://github.com/libssh2/libssh2/actions/runs/7055480458/job/19205969221#step:10:51

    Tested via #1257

commit 2e57dcb9d2c2826a3cfdad65f72e6003313eaa64
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 12:55:12 2023 +0000

    example: fix indentation follow-up

    Fix long line and fix more indentations.

    Follow-up to 9e896e1b80911a53d6aabb322e034e6ca51b6898

commit 9e896e1b80911a53d6aabb322e034e6ca51b6898
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 09:41:39 2023 +0000

    example: fix indentation

    Tested via #1257

commit 6c53815aa78daa66c4c84ee0a6caf3efa8651998
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 04:28:59 2023 +0000

    autotools: fix missed `-pedantic` and `-Wall` options for gcc

    Follow-up to 5996fefe2bad80cfba85b2569ce6ab6ef575142c #1223

    Tested via #1257

commit c9124088099627c39917e093479f2692dce6588b
Author: Viktor Szakats <[email protected]>
Date:   Fri Dec 1 04:38:16 2023 +0000

    ci: show compiler in cross/cygwin job names

    Tested via #1257

commit 4be5e33ae10431f90f9ffe0d6cba44b64dcd630e
Author: Viktor Szakats <[email protected]>
Date:   Thu Nov 30 23:54:58 2023 +0000

    mbedtls: further improve disabling `-Wredundant-decls`

    Move warning option suppression to `src/mbedtls.h` to surround the actual
    external header #includes that need it.

    Follow-up to ecec68a2c13a9c63fe8c2dc457ae785a513e157c #1226
    Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224

    Tested via #1257

commit 8d69e63db9e2e759e3f973fbbc154e2ec1528f83
Author: ren mingshuai <[email protected]>
Date:   Fri Dec 1 11:52:12 2023 +0800

    example: replace remaining libssh2_scp_recv with libssh2_scp_recv2 in output messages (#1258)

    libssh2_scp_recv is deprecated and has been replaced by libssh2_scp_recv2
    in prior commit.

    Follow-up to 6c84a426beb494980579e5c1d244ea54d3fc1a3f

commit 363dcbf449c0c7b13c6526d7af84c6f1db2691cc
Author: Viktor Szakats <[email protected]>
Date:   Fri Nov 24 23:33:22 2023 +0000

    openssl: use OpenSSL 3 HMAC API, add `no-deprecated` CI job

    - use OpenSSL 3 API when available for HMAC.
      This fixes building with OpenSSL 3 `no-deprecated` builds.

    - ensure we support pure OpenSSL 3 API by adding a CI job using
      OpenSSL 3 custom-built with `no-deprecated`.

    Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207

    Fixes #1235
    Closes #1243

commit 66108f02f0569efced1bdd6e9e8c29f2991c5b24
Author: Viktor Szakats <[email protected]>
Date:   Sun Nov 26 12:00:20 2023 +0000

    ci: restore lost comment for FreeBSD [ci skip]

    Follow-up to eee4e8055ab375c9f9061d4feb39086737f41a9c

commit 0c9a8e3590051bfb80acbb2146388c8fe883b2f8
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 25 23:47:57 2023 +0000

    ci: add OpenBSD (v7.4) job + fix build error in example

    - Use CMake, LibreSSL and clang from the base install.

    - This uncovered a build error in `example/subsystem_netconf.c`, caused
      by using the `%n` printf mask. This is a security risk and some
      systems (notably OpenBSD) disable this feature.

      Fix it by applying this patch from OpenBSD ports (from 2021-09-11):
      https://cvsweb.openbsd.org/ports/security/libssh2/patches/patch-example_subsystem_netconf_c?rev=1.1&content-type=text/x-cvsweb-markup
      https://github.com/openbsd/ports/commit/2c5b2f3e94381914a3e8ade960ce8c997ca9d6d7
      "The old code is also broken, as it passes a pointer to a variable
      of a different size (on LP64).  There is no check for truncation,
      but buf[] is 1MB in size."
      Patch-by: naddy

      ```
      /home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:252:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror]
            "]]>]]>\n%n", (int *)&len);
                     ~^
      /home/runner/work/libssh2/libssh2/example/subsystem_netconf.c:270:17: error: '%n' format specifier support is deactivated and will call abort(3) [-Werror]
            "]]>]]>\n%n", (int *)&len);
                     ~^
      2 errors generated.
      ```
      Ref: https://github.com/libssh2/libssh2/actions/runs/6991449778/job/19022024280#step:3:420

    Also made tests with arm64, but it takes consistently almost 14m to
    finish the job, vs. 2-3m for the native amd64:
    https://github.com/libssh2/libssh2/actions/runs/6991648984/job/19022440525
    https://github.com/libssh2/libssh2/actions/runs/6991551220/job/19022233651

    Cherry-picked from #1250
    Closes #1250

commit 65c7a7a55af037bcc9ee67c2f69ecdb9109ecbb1
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 25 23:43:22 2023 +0000

    ci: add NetBSD (v9.3) job

    Use CMake, OpenSSL (v1.1) and clang from the base install.

    Cherry-picked from #1250

commit eee4e8055ab375c9f9061d4feb39086737f41a9c
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 25 23:39:29 2023 +0000

    ci: update and speed up FreeBSD job

    - switch to an alternate GitHub action. This one seems (more) actively
      maintained, and runs faster:
      https://github.com/cross-platform-actions/action

    - use clang instead of gcc. clang is already present in the base
      install, saving install time and bandwidth.

    - stop installing `openssl-quictls` and use the OpenSSL (v1.1) from
      the base system.
      (I'm suspecting that quictls before this patch wasn't detected by
      the build.)
      https://wiki.freebsd.org/OpenSSL

    Cherry-picked from #1250

commit c6589b8823e9d4a282587a6a5dab831b54d412c0
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 25 11:52:00 2023 +0000

    stop using leading underscores in macro names

    Underscored macros are reserved for the compiler / standard lib / etc.
    Stop using them in user code.

    We used them as header guards in `src` and in `__FILESIZE` in `example`.

    Closes #1248

commit 7494881617223bc05aa9c94ceaa6b068e2008be2
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 25 11:03:50 2023 +0000

    ci: use absolute path in `CMAKE_INSTALL_PREFIX`

    To make the installed locations unambiguous in the build logs.

    Closes #1247

commit efee91333b7d641fbfb1ba471fb00d8161d4013c
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 25 03:49:49 2023 +0000

    openssl: make a function static, add `#ifdef` comments

    Follow-up to 03092292597ac601c3f9f0c267ecb145dda75e4e #248
    where the function was added.

    Also add comments to make `#ifdef` branches easier to follow in
    `openssl.h`.

    Closes #1246

commit 236e79a115791194368b45751e3ec9452d6d73d9
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 25 10:35:26 2023 +0000

    ci: boost mbedTLS build speed

    Build times down to 4 seconds (from 18-20).

    Closes #1245

commit 82581941d6cd91cd00cf6d8bee1b2a660864ca19
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 25 00:26:40 2023 +0000

    openssl: fix DSA code to use OpenSSL 3 API

    - fix missing `DSA` type when building for OpenSSL 3 `no-deprecated`.
    - fix fallouts after fixing the above by switching away from `DSA`
      with OpenSSL 3.

    Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207

    Closes #1244

commit d2ef66473ca6f3521eb739eceddf0cba4c44bbed
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 25 00:35:43 2023 +0000

    openssl: formatting (delete empty lines) [ci skip]

commit 5326a5ce262b0a27dbd4714dc370d85814297f55
Author: Viktor Szakats <[email protected]>
Date:   Thu Nov 23 23:00:13 2023 +0000

    tests: fall back to `$LOGNAME` for username

    If the `$USER` variable is empty, fall back to using `$LOGNAME` to
    retrieve the logged-in username.

    In POSIX, `$LOGNAME` is a mandatory variable, while `$USER` isn't, and
    on some systems it may not be set. Without this value, tests were unable
    to provide the correct username when logging into the SSH server running
    under the active user's session.

    Reported-by: Nicolas Mora
    Suggested-by: Nicolas Mora
    Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056348
    Fixes #1240
    Closes #1241

commit 631e7734c8d850cd0c8e7a27d4dc524915e20b09
Author: Viktor Szakats <[email protected]>
Date:   Tue Nov 21 20:32:12 2023 +0000

    libssh2.h: use `_WIN32` for Windows detection instead of rolling our own

    Sync up `libssh2.h` Windows detection with the libssh2 source code.

    `libssh2.h` was using `WIN32` and `LIBSSH2_WIN32` for Windows detection,
    next to the official `_WIN32`. After this patch it only uses `_WIN32`
    for this. Also, make it stop defining `LIBSSH2_WIN32`.

    There is a slight chance these break compatibility with Windows
    compilers that fail to define `_WIN32`. I'm not aware of any obsolete
    or modern compiler affected, but in case there is one, one possible
    solution is to define this macro manually.

    Closes #1238

commit 487152f4fa8bc155fc6cb8a03896947425dc0632
Author: Viktor Szakats <[email protected]>
Date:   Tue Nov 21 22:30:59 2023 +0000

    openssl: fix `EC_KEY` reference with OpenSSL 3 `no-deprecated` build

    Fixes:
    ```
    src/openssl.c:650:5: error: use of undeclared identifier 'EC_KEY'
        EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
        ^
    src/openssl.c:650:13: error: use of undeclared identifier 'ec_key'
        EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
                ^
    src/openssl.c:650:22: error: implicit declaration of function 'EC_KEY_new_by_curve_name' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
        EC_KEY *ec_key = EC_KEY_new_by_curve_name(curve);
                         ^
    src/openssl.c:650:22: note: did you mean 'EC_GROUP_new_by_curve_name'?
    ./quictls/_a64-mac-sys/usr/include/openssl/ec.h:483:11: note: 'EC_GROUP_new_by_curve_name' declared here
    EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
              ^
    In file included from ./_a64-mac-sys-bld/src/CMakeFiles/libssh2_static.dir/Unity/unity_0_c.c:19:
    In file included from src/crypto.c:10:
    src/openssl.c:652:8: error: use of undeclared identifier 'ec_key'
        if(ec_key) {
           ^
    ```
    Ref: https://github.com/curl/curl-for-win/actions/runs/6950001225/job/18909297867#step:3:4341

    Follow-up to b0ab005fe79260e6e9fe08f8d73b58dd4856943d #1207

    Bug #1235
    Closes #1236

commit 910ed9b0355cb8b9f2c71e00333426f1ee5f5bb7
Author: Viktor Szakats <[email protected]>
Date:   Tue Nov 21 23:31:22 2023 +0000

    openssl: formatting

    Sync up these lines with the other two similar occurrences in the code.

    Cherry-picked from #1236

commit b0ab005fe79260e6e9fe08f8d73b58dd4856943d
Author: Michael Buckley <[email protected]>
Date:   Tue Nov 21 09:33:01 2023 -0800

    openssl: use non-deprecated APIs with OpenSSL 3.x (#1207)

    Assisted-by: Viktor Szakats

commit c9dd3566b2247083f75e1304b7365ee9c8ed3e34
Author: Viktor Szakats <[email protected]>
Date:   Tue Nov 21 00:39:44 2023 +0000

    ci: add BoringSSL job (cmake, gcc, amd64)

    Closes #1233

commit 89ccc83c7da73e7ca3a112e350008131942b592e
Author: Viktor Szakats <[email protected]>
Date:   Mon Nov 20 02:06:37 2023 +0000

    autotools: fix dotless gcc and Apple clang version detections

    - fix parsing dotless (major-only) gcc versions.
      Follow-up to 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad #1187

    - sync gcc detection variable names with curl.

    - fix Apple clang version detection for releases between
      'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the
      version was under-detected as 3.7 llvm/clang equivalent.

    - fix Apple clang version detection for 'Apple clang version 11.0.0'
      and newer where the Apple clang version was detected, instead of its
      llvm/clang equivalent.

    - revert to show `clang` instead of `Apple clang`, because we follow it
      with an llvm/clang version number. (Apple-ness still visible in raw
      version.)

    Used this collection for Apple clang / llvm/clang translation and test
    inputs: https://gist.github.com/yamaya/2924292

    Closes #1232

commit e9017b10460857cf148f94716356907f60884a3f
Author: Viktor Szakats <[email protected]>
Date:   Mon Nov 20 01:48:17 2023 +0000

    acinclude.m4: revert accidental edit [ci skip]

    Follow-up to 8c320a93a48775b74f40415e46f84bf68b4d5ae8

commit fb58016180090a5baea21d69f0d14b07b7f01ef4
Author: Viktor Szakats <[email protected]>
Date:   Sun Nov 19 18:04:57 2023 +0000

    autotools: show more clang/gcc version details

    Also:
    - show if we detected Apple clang.
    - delete duplicate version detection for clang.

    Closes #1230

commit 8c320a93a48775b74f40415e46f84bf68b4d5ae8
Author: Viktor Szakats <[email protected]>
Date:   Sat Nov 18 16:04:19 2023 +0000

    acinclude.m4: re-sync with curl [ci skip]

commit 96682bd5e14c20828e18bf10ed5b4b5c7543924a
Author: Viktor Szakats <[email protected]>
Date:   Fri Nov 17 21:13:30 2023 +0000

    autotools: avoid warnings in libtool stub code

    Seen on Windows with clang64, in libtool-generated stub code for
    examples and tests.

    The error didn't break the CI job for some reason.

    msys2 (autotools, clang64, clang-x86_64:
    ```
    [...]
    2023-11-17T20:14:17.8639574Z ./.libs/lt-test_read.c:91:10: error: macro is not used [-Werror,-Wunused-macros]
    [...]
    2023-11-17T20:14:39.8729255Z ./.libs/lt-sftp_write_nonblock.c:91:10: error: macro is not used [-Werror,-Wunused-macros]
    [...]
    ```
    Ref: https://github.com/libssh2/libssh2/actions/runs/6908585056/job/18798193405?pr=1226#step:8:474

    Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224

    Closes #1227

commit ecec68a2c13a9c63fe8c2dc457ae785a513e157c
Author: Viktor Szakats <[email protected]>
Date:   Fri Nov 17 20:04:52 2023 +0000

    mbedtls: improve disabling `-Wredundant-decls`

    Disable these warnings specifically for the mbedTLS public headers
    and leave it on for the the rest of the code. This also fixes this
    issue for autotools. Previous solution was globally disabling this
    warning for the whole code when using mbedTLS and only with CMake.

    Follow-up to 7ecc309cd10454c54814b478c4f85d0041da6721 #1224

    Closes #1226

commit 64d6789f71aa4db25c6903c5e0180790bb12782e
Author: Viktor Szakats <[email protected]>
Date:   Thu Nov 16 14:38:44 2023 +0000

    cmake: rename picky warnings script

    To match the camel-case style used in other CMake scripts and also
    to match the name used in curl.

    Closes #1225

commit 7ecc309cd10454c54814b478c4f85d0041da6721
Author: Viktor Szakats <[email protected]>
Date:   Thu Nov 16 00:54:25 2023 +0000

    build: enable more compiler warnings and fix them

    Enable more picky compiler warnings. I've found these options in the
    nghttp3 project when implementing the CMake quick picky warning
    functionality for it.

    Fix issues found along the way:

    - wincng, mbedtls: delete duplicate function declarations.
      Most of this was due to re-#defining crypto functions to
      crypto-backend specific implementations These redefines also remapped
      the declarations in `crypto.h`, making the backend-specific
      declarations duplicates.
      This patch deletes the backend-specific declarations.

    - wincng mapped two crypto functions to the same local function.
      Also causing double declarations.
      Fix this by adding two disctinct wrappers and moving
      the common function to a static one.

    - delete unreachable `break;` statements.

    - kex: disable macros when unused.

    - agent: disable unused constants.

    - mbedtls: disable double declaration warnings because public mbedTLS
      headers trigger it. (with function `psa_set_key_domain_parameters`)

    - crypto.h: formatting.

    Ref: https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056f8bf9f/cmake/PickyWarningsC.cmake

    Closes #1224

commit 5996fefe2bad80cfba85b2569ce6ab6ef575142c
Author: Viktor Szakats <[email protected]>
Date:   Wed Nov 15 23:15:17 2023 +0000

    autotools: sync warning enabler code with curl

    Tiny changes and minor updates to bring this code closer
    to curl's `m4/curl-compilers.m4`.

    Closes #1223

commit e645fa95f361d70bf1bf014d418b89b72b7e9d8c
Author: Viktor Szakats <[email protected]>
Date:   Wed Nov 15 22:51:41 2023 +0000

    acinclude.m4: fix indentation [ci skip]

    Also match indentation of curl's `m4/curl-compilers.m4` for
    easier syncing.

commit ce5f208a556c92672a959cc7ed879dcdec5836a0
Author: Viktor Szakats <[email protected]>
Date:   Wed Nov 15 20:28:55 2023 +0000

    autotool: rename variable

    `WARN` -> `tmp_CFLAGS`

    To match curl and make syncing this code easier.

    Ref: https://github.com/curl/curl/blob/d1820768cce0e797d1f072343868ce1902170e93/m4/curl-compilers.m4#L479

    Closes #1222

commit cdca8cff886ce71fb9b8d0c56cdf9774b5a7d355
Author: Viktor Szakats <[email protected]>
Date:   Wed Nov 15 18:43:51 2023 +0000

    autotools: picky warning options tidy-up

    - sync clang warning version limits with CMake.
    - make `WARN=` vs. `CURL_ADD_COMPILER_WARNINGS()` consistent with curl
      and between clang and gcc (`WARN=` is for `no-` options in general).

    Closes #1221

commit 328a96b3daf92efc867cde2eee651c48958f31ea
Author: Viktor Szakats <[email protected]>
Date:   Wed Nov 15 00:36:55 2023 +0000

    build: picky warning updates

    - cmake, autotools: sync picky gcc warnings with curl.
    - cmake, autotools: add `-Wold-style-definition` for clang too.
    - cmake, autotools: add comment for `-Wformat-truncation=1`.
    - cmake: more precise version info for old clang options.

    Closes #1219

commit fea6664e1bbf52cb9a02fceadc81f6f56c3fd7b9
Author: Viktor Szakats <[email protected]>
Date:   Fri Nov 10 15:41:05 2023 +0000

    ci: fixup FreeBSD version, bump mbedtls

    We haven't been using the FreeBSD version. Also it turns out,
    the single version supported is 13.2 at the moment:
      https://github.com/vmactions/freebsd-vm/tree/main/conf

    Stop trying to set the version and instead rely on the action
    providing the latest supported one automatically.

    Follow-up to a7d2a573be26238cc2b55e5ff6649bbe620cb8d9

    Also:
    - add more details to the FreeBSD job description.
    - bump mbedtls version while here.

    Closes #1217

commit 932d6a32779a39aa6109e2d7aff8b2b6123df4f4
Author: Viktor Szakats <[email protected]>
Date:   Thu Nov 9 18:59:01 2023 +0000

    cmake: fix multiple include of libssh2 package

    Also extend our integration test double inclusion. It will still not
    catch this case, because that requires
    `cmake_minimum_required(VERSION 3.18)` or higher.

    Fixes:
    ```
    CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:8 (add_library):
      add_library cannot create ALIAS target "libssh2::libssh2" because another
      target with the same name already exists.
    Call Stack (most recent call first):
      CMakeLists.txt:24 (find_package)

    CMake Error at .../lib/cmake/libssh2/libssh2-config.cmake:13 (add_library):
      add_library cannot create ALIAS target "Libssh2::libssh2" because another
      target with the same name already exists.
    Call Stack (most recent call first):
      CMakeLists.txt:24 (find_package)
    ```

    Test to reproduce:
    ```cmake
    cmake_minimum_required(VERSION 3.18)  # must be 3.18 or higher

    project(test)

    find_package(libssh2 CONFIG)
    find_package(libssh2 CONFIG)  # fails

    add_executable(test main.c)
    target_link_libraries(test libssh2::libssh2)
    ```

    Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes
    Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html

    Assisted-by: Kai Pastor
    Assisted-by: Harry Mallon
    Ref: https://github.com/curl/curl/pull/11913

    Closes #1216

commit a7d2a573be26238cc2b55e5ff6649bbe620cb8d9
Author: Viktor Szakats <[email protected]>
Date:   Wed Nov 8 18:17:22 2023 +0000

    ci: add FreeBSD 13.2 job

    It runs over Linux via qemu. First two runs were (very) slow, then it
    became (much) more performant at just 2x slower than a native Linux
    build. Then got slow again, then fast again. Still seems acceptable
    for the value this adds.

    The build uses autotools and quictls.

    Successful builds:
    1. https://github.com/libssh2/libssh2/actions/runs/6802676786/job/18496286419 (13m59s, -j3)
    2. https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497243225 (11m5s, -j2)
    3. https://github.com/libssh2/libssh2/actions/runs/6803142201/job/18497785049 (3m6s, -j1)
    4. https://github.com/libssh2/libssh2/actions/runs/6803194839/job/18497962766 (3m10s, -j2)
    5. https://github.com/libssh2/libssh2/actions/runs/6803267201/job/18498208501 (3m13s)
    6. https://github.com/libssh2/libssh2/actions/runs/6803510333/job/18498993698 (15m25s)
    7. https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528571057 (3m13s)

    Similar solution exists for Solaris (over macOS via VirtualBox), but it
    hangs forever at `Waiting for text: solaris console login`:
    https://github.com/libssh2/libssh2/actions/runs/6802388128/job/18495391869#step:4:185

    Idea taken from LibreSSL.

    FIXME: Unrelated, the `distcheck` job became flaky in recent days:
    https://github.com/libssh2/libssh2/actions/runs/6802976375/job/18497256437#step:10:536
    ```
    FAIL: test_auth_pubkey_ok_rsa_aes256gcm
    ```
    https://github.com/libssh2/libssh2/actions/runs/6813602863/job/18528588933#step:10:533
    ```
    FAIL: test_read
    ```

    Closes #1215

commit b9a4ed83b4b7fbef4f95e77ff1eab850dfcbac27
Author: Viktor Szakats <[email protected]>
Date:   Wed Nov 8 03:24:09 2023 +0000

    reuse: fix duplicate copyright warning

    ```
    PendingDeprecationWarning:
    Copyright and licensing information for 'tests/openssh_server/Dockerfile'
    has been found in both 'tests/openssh_server/Dockerfile' and in the DEP5
    file located at '.reuse/dep5'. The information for these two sources has
    been aggregated. In the future this behaviour will change, and you will
    need to explicitly enable aggregation. [...]
    ```
    Ref: https://github.com/libssh2/libssh2/actions/runs/6789274955/job/18456085964#step:4:4

commit 43485579609a833827736e8205fe29956900ed74
Author: Viktor Szakats <[email protected]>
Date:   Sat Oct 28 11:36:31 2023 +0000

    Makefile.mk: delete Windows-focused raw GNU Make build

    We recommend using CMake instead. Especially in unity mode, it's faster
    and probably more familiar for most. It's also easily portable.

    (`Makefile.mk` was also portable, but in practice only usable for
    Windows. Other platforms required a manual config header.)

    Also:
    - migrate `LIBSSH2_NO_*` option CI tests to CMake.
    - make MSYS2 CMake builds verbose to show compilation options.

    Closes #1204

commit bfa00f1bd5abce93cd95055c8b71791816b3c655
Author: Viktor Szakats <[email protected]>
Date:   Mon Nov 6 12:18:25 2023 +0000

    tidy-up: around `stdint.h`

    - os400: delete unused `HAVE_STDINT_H`.

    - fuzz: delete redundant `stdint.h` use.
      `inttypes.h` is already included via `testinput.h`.

    - docs/TODO: adjust type in planned function.

    Closes #1212

commit 20387285d300c74160f655b72ad5d762ee56166b
Author: Viktor Szakats <[email protected]>
Date:   Mon Nov 6 00:41:17 2023 +0000

    cmake: show crypto backend in feature summary

    This was visible as an enabled package before this patch, but it missed
    to show WinCNG.

    Closes #1211

commit a3ffc4221d7ed4619c1e5e4557287204868e443b
Author: Viktor Szakats <[email protected]>
Date:   Fri Nov 3 11:04:22 2023 +0000

    man: fix double spaces and dash escaping

    - `-  ` -> `- `
    - `.  ` -> `. `
    - `\- ` -> `- `
    - `-1` -> `\-1`
    - fold long lines along the way

    This makes the minus sign come out as a Unicode minus sign
    (0x2212), and title separator dashes as Unicode hyphen (0x2010),
    with `groff -Tutf8` v1.23.0.

    Ref: https://lwn.net/Articles/947941/

    Closes #1210

commit 8cca7b77527861395de6278b27fa825df3b5b835
Author: Viktor Szakats <[email protected]>
Date:   Tue Oct 31 22:41:05 2023 +0000

    src: fix gcc 13 `-Wconversion` warning on Darwin

    ```
    src/session.c: In function 'libssh2_poll':
    src/session.c:1776:22: warning: conversion from 'long int' to '__darwin_suseconds_t' {aka 'int'} may change value [-Wconversion]
     1776 |         tv.tv_usec = (timeout_remaining % 1000) * 1000;
          |                      ^
    ```
    Ref: https://github.com/curl/curl-for-win/actions/runs/6711735060/job/18239768548#step:3:4368

    Follow-up to 08354e0abbe86d4cc5088d210d53531be6d8981a

    Closes #1209

commit bf285500e603b77229bbaf9a87fe7f724bb5ffaa
Author: Viktor Szakats <[email protected]>
Date:   Mon Oct 30 17:42:32 2023 +0000

    openssl: silence `-Wunused-value` warnings

    Seen with gcc 12.

    Manual: https://www.openssl.org/docs/man3.1/man3/BIO_reset.html

    ```
    ./quictls/linux-a64-musl/usr/include/openssl/bio.h:555:34: warning: value computed is not used [-Wunused-value]
      555 | # define BIO_reset(b)            (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
          |                                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ./libssh2/src/openssl.c:3518:5: note: in expansion of macro 'BIO_reset'
    ./libssh2/src/openssl.c:3884:5: note: in expansion of macro 'BIO_reset'
    ./libssh2/src/openssl.c:3995:5: note: in expansion of macro 'BIO_reset'
    ```
    Ref: https://github.com/curl/curl-for-win/actions/runs/6696392318/job/18194032712#step:3:5060

    Closes #1205

commit f64e6318f031a15d7e727d6f4864a3d2e973aab0
Author: Viktor Szakats <[email protected]>
Date:   Mon Oct 30 11:23:47 2023 +0000

    Makefile.am: fix `cp` to preserve attributes and timestamp

commit fc00bdd7f195fc6511d18d11cad2801b56c5549e
Author: Viktor Szakats <[email protected]>
Date:   Sat Oct 7 15:32:39 2023 +0000

    cmake: simplify showing CMake version

    Move it to `CMakeLists.txt`. Drop `cmake --version` commands.

    Credit to the `zlib-ng` project for the idea:
    https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078bd1399/CMakeLists.txt#L7

    Closes #1203

commit 5e19044282c219ddb1fedddd8eaba0b4c0256a95
Author: Viktor Szakats <[email protected]>
Date:   Sat Oct 7 09:19:49 2023 +0000

    ci: mbedtls 3.5.0

    v3.5.0 needs extra compiler option for i386 to avoid:
    ```
    #error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
    ```

    Closes #1202

commit 2cd2f40e37ab7e3880bc9504c6d7cda5a188fed7
Author: Viktor Szakats <[email protected]>
Date:   Sat Oct 7 09:47:58 2023 +0000

    tests: show cmake version used in integration tests

    Closes #1201

commit a9a79e7a41f2c80b487ede854ffcad90a7634e7b
Author: Viktor Szakats <[email protected]>
Date:   Tue Oct 3 13:46:01 2023 +0000

    readme.vms: fix typo [ci skip]

    Detected by codespell 2.2.6

commit 06fd721f08f058b3bb83fc5d0e1c50736b28cb26
Author: Viktor Szakats <[email protected]>
Date:   Sat Sep 30 19:03:37 2023 +0000

    appveyor: YAML/PowerShell formatting, shorten variable name

    - use single-quotes in yaml and PowerShell.

    - shorten a variable name.

    - use indentation 2 for scripts.

    - use C else-style in PowerShell.

    Closes #1200

commit d468a33f620d56f2fc67ee98cd50b9039d2ecf6e
Author: Viktor Szakats <[email protected]>
Date:   Sat Sep 30 14:58:51 2023 +0000

    ci: update actions, use shallow clones with appveyor

    - update GitHub Actions to their latest versions.

    - use shallow git clones in AppVeyor CI to save data over the wire.

    Closes #1199

commit 8a081fd98b015e4a5375bfec1c295e0b7e2e4e6c
Author: Viktor Szakats <[email protected]>
Date:   Fri Sep 29 20:07:36 2023 +0000

    appveyor: move to pure PowerShell

    - replace batch commands with PowerShell.

    - merge separate command entries into single PowerShell blocks.

    Closes #1197

commit 6fbc9505d8a4179ab6a1d44c7df9bb9af6bdc9ba
Author: Viktor Szakats <[email protected]>
Date:   Fri Sep 29 08:43:40 2023 +0000

    windows: use built-in `_WIN32` macro to detect Windows

    Instead of `WIN32`.

    The compiler defines `_WIN32`. Windows SDK headers or build env defines
    `WIN32`, or we have to take care of it. The agreement seems to be that
    `_WIN32` is the preferred practice here.

    Minor downside is that CMake uses `WIN32` and we also adopted it in
    `Makefile.mk`.

    In public libssh2 headers we stick with accepting either `_WIN32` or
    `WIN32` and define our own namespaced `LIBSSH2_WIN32` based on them.

    grepping for `WIN32` remains useful to detect Windows-specific code.

    Closes #1195

commit 4c241d5c65c754141243bebdafa900472b23b68f
Author: Viktor Szakats <[email protected]>
Date:   Fri Sep 29 09:27:34 2023 +0000

    cmake: cleanup mbedTLS version detection more

    - lowercase, underscored local variables.
    - fix `find_library()` to use the multiple names passed.
    - rely more on `find_package_handle_standard_args()`.
      Logic based on our `Findwolfssl.cmake`.
    - delete ignored/unused `MBEDTLS_LIBRARY_DIR`.
    - revert CI configuration to use `MBEDCRTYPO_LIBRARY`.
    - clarify inputs/outputs in comment header.
    - use variable for regex.
    - formatting.

    Follow-up to 41594675072c578294674230d4cf5f47fa828778 #1192

    Closes #1196

commit 30eef0a630ab3cc408f06d9b32fa19f647008df7
Author: Viktor Szakats <[email protected]>
Date:   Thu Sep 28 18:32:37 2023 +0000

    cmake: delete duplicate `include()`

commit 41594675072c578294674230d4cf5f47fa828778
Author: Viktor Szakats <[email protected]>
Date:   Thu Sep 28 13:09:36 2023 +0000

    cmake: improve/fix mbedTLS detection

    - libssh2 needs the crypto lib only, stop dealing with the rest.

    - simplify logic.

    - drop hard-wired toolchain specific options that broke with e.g. MSVC.

      Reported by: AR Visions
      Fixes #1191

    - add mbedTLS version detection for recent releases.

    - merge custom detection results display into a single line.

    - shorten mbedTLS configuration in macOS CI job.

    Used the curl mbedTLS detection logic for ideas:
    https://github.com/curl/curl/blob/a8c773845f4fdbfb09b08a6ec4b656c812568995/CMake/FindMbedTLS.cmake

    Closes #1192

commit 67e39091b2fa3b87e22895cdbdeda20e4b2403b1
Author: concussious <[email protected]>
Date:   Sat Sep 23 19:00:14 2023 -0400

    libssh2_session_get_blocking.3: Add description (#1185)

commit 00a3b88c51cdb407fbbb347a2e38c5c7d89875ad
Author: Viktor Szakats <[email protected]>
Date:   Thu Sep 21 08:14:38 2023 +0000

    autotools: fix selecting wincng in cross-builds (and more)

    - Fix explicitly selecting WinCNG in autotools cross-builds by moving
      `windows.h` header check before the WinCNG availability check.
      Follow-up to d43b8d9b0b9cd62668459fe5d582ed83aabf77e7

      Reported-by: Jack L
      Fixes #1186

    - Add Linux -> mingw-w64 cross-builds for autotools and CMake. This
      doesn't detect #1186, because that happened when explicitly specifying
      WinCNG via `--with-crypto=wincng`, but not when falling back to WinCNG
      by default.

    - autotools: fix to strip suffix from gcc version

      Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu
      may return `n-win32` (also with `-dumpfullversion`). Causing these
      errors and failing to enable picky warnings:
      ```
      ../configure: line 23845: test: : integer expression expected
      ```
      Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143

      Fix that by stripping any dash-suffix.

      gcc version detection is still half broken because we translate '10'
      to '10.10' because `cut -d. -f2` returns the first word if the
      delimiter missing.

      More possible `-dumpversion` output: `10-posix`, `10-win32`,
      `9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0`
      Ref: https://github.com/mamedev/mame/pull/9767

    Closes #1187

commit 88a960a86b9ffbabd17a4bbcf767e26514c4678e
Author: Michael Buckley <[email protected]>
Date:   Mon Aug 28 16:47:21 2023 -0700

    Properly bounds check packet_authagent_open() (#1179)

    * Properly bounds check packet_authagent_open
    * packet.c: use strlen instead of sizeof for strings
    * Make LIBSSH_CHANNEL's channel_type_len a size_t
    * packet_authagent_open: use size_t for offset

    Credit:
    Michael Buckley, signed off by Will Cosgrove

commit a790d3784eca821aeaee0b5db54cbf037780676f
Author: Viktor Szakats <[email protected]>
Date:   Mon Aug 28 23:20:53 2023 +0000

    os400qc3: move FIXME comment [ci skip]

    Follow-up to eb9f9de2c19ec67d12a444cce34bdd059fd26ddc

commit eb9f9de2c19ec67d12a444cce34bdd059fd26ddc
Author: Viktor Szakats <[email protected]>
Date:   Sat Aug 26 21:56:23 2023 +0000

    md5: allow disabling old-style encrypted private keys at build-time

    Before this patch, this happened at runtime when using an old (pre-3.0),
    FIPS-enabled OpenSSL backend.

    This patch makes it possible to disable this via the build-time option
    `LIBSSH2_NO_MD5_PEM`.

    Also:
    - make sure to exclude all MD5 internal APIs when both the above and
      `LIBSSH2_NO_MD5` are enabled.
    - fix tests to support build with`LIBSSH2_NO_MD5`, `LIBSSH2_NO_MD5_PEM`
      and `LIBSSH2_NO_3DES`.
    - add FIXME to apply this change to `os400qc3.*`.

    Old-style encrypted private keys require MD5 and they look like this:
    ```
    -----BEGIN RSA PRIVATE KEY-----
     Proc-Type: 4,ENCRYPTED
     DEK-Info: AES-128-CBC,<MD5-hex>

     <base64>
     -----END RSA PRIVATE KEY-----
    ```

    E.g.: `tests/key_rsa_encrypted`

    Ref: https://github.com/libssh2/www/issues/20
    Closes #1181

commit 4a64ca14302e5105c168de3f8f6cc0cbe27e4020
Author: Viktor Szakats <[email protected]>
Date:   Sat Aug 26 09:48:34 2023 +0000

    cmake: tidy-up `foreach()` syntax

    Use `IN LISTS` and `IN ITEMS`. This appears to be the preferred way
    within CMake's own source code and possibly improves readability.

    Fixup a side-effect of `IN LISTS`, where it retains empty values at
    the end of the list, as opposed to the syntax used before, which
    dropped it. In our case this happened with lines read from a text
    file via `file(READ)`.

    https://cmake.org/cmake/help/v3.7/command/foreach.html

    Closes #1180

commit 5754fed68644363cb25220fcf3dc86b5c376aa60
Author: Viktor Szakats <[email protected]>
Date:   Fri Aug 18 21:12:25 2023 +0000

    ci: replace `mv` + `chmod` with `install` in `Dockerfile`

    Cherry-picked from #1175
    Closes #1175

commit 633db55f50f79f5cb08d4a7f73d57f2ca57958f1
Author: Viktor Szakats <[email protected]>
Date:   Fri Aug 18 20:56:50 2023 +0000

    ci: set file mode early in `appveyor_docker.yml`

    Also:
    - replace tab with spaces in generated config file
    - formatting

    Cherry-picked from #1175

commit a79218d3a058a333bb9de14079548a3511679a04
Author: Viktor Szakats <[email protected]>
Date:   Sun Aug 20 08:26:55 2023 +0000

    ci: add spellcheck (codespell)

    Also rename a variable in `src/os400qc3.c` to avoid a false positive.

    Cherry-picked from #1175

commit a20572e9afbe53c04c84105327de68d39528ce53
Author: Viktor Szakats <[email protected]>
Date:   Tue Aug 22 16:43:16 2023 +0000

    cmake: also test for `libssh2_VERSION`

    Cherry-picked from #1175

commit 87f5769b5158a81f7a21263b507e069b48f093c2
Author: Viktor Szakats <[email protected]>
Date:   Mon Aug 21 21:27:31 2023 +0000

    cmake: show cmake versions in ci

    Cherry-picked from #1175

commit e61987a3bf5b0ba40357cd769e5a16c5257724fd
Author: Viktor Szakats <[email protected]>
Date:   Fri Aug 18 20:56:02 2023 +0000

    tests: formatting and tidy-ups

    - Dockerfile: use standard sep with `sed`
    - Dockerfile: use single quotes in shell command
    - appveyor.yml: use long-form option with `choco`
    - tests/cmake: add language to test project
    - reuse.yml: fix indentation
      ```
      $ yamllint reuse.yml
      reuse.yml
        [...]
        11:5      error    wrong indentation: expected 6 but found 4  (indentation)
        15:5      error    wrong indentation: expected 6 but found 4  (indentation)
        [...]
        27:5      error    wrong indentation: expected 6 but found 4  (indentation)
      ```

    Cherry-picked from #1175

commit 1676a178140b0c755493af78899f6d4a10b466e8
Author: Viktor Szakats <[email protected]>
Date:   Fri Aug 18 20:55:37 2023 +0000

    openssl.c: whitespace fixes

    Cherry-picked from #1175

commit a95d401f1f1fef0ac342ca1c0c23586d39999b15
Author: Viktor Szakats <[email protected]>
Date:   Sun Aug 20 00:24:59 2023 +0000

    checksrc: fix spelling in comment [ci skip]

commit e9c7d3afa0bdf3a004846324213df938b94343b2
Author: Viktor Szakats <[email protected]>
Date:   Fri Aug 18 13:20:03 2023 +0000

    cmake: quote more strings

    Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1

    Closes #1173

commit 6e3e883994eb34ecdf43c373cfac2700101a82bd
Author: Viktor Szakats <[email protected]>
Date:   Fri Aug 18 11:05:52 2023 +0000

    drop `www.` from `www.libssh2.org`

    <https://www.libssh2.org/*> is now a 301 permanent redirect to
    <https://libssh2.org/*>.

    Update all references to point directly to the new destination.

    Ref: https://github.com/libssh2/www/commit/ccf4a7de7f702a8ee17e2c697bcbef47fcf485ed

    Closes #1172

commit aeaefaf6cc5f832dd24d7c6301ea6b5ae6e11496
Author: Viktor Szakats <[email protected]>
Date:   Thu Aug 17 23:02:35 2023 +0000

    cmake: add `ExternalProject` integration test

    - via `ExternalProject_Add()`:
      https://cmake.org/cmake/help/latest/module/ExternalProject.html
      (as documented in `docs/INSTALL_CMAKE.md`)

    - also make `FetchContent` fetch from local repo instead of live master.

    Closes #1171

commit 8715c3d51b87ebe72c6eff7b1a71f4ce6c3afb9a
Author: Viktor Szakats <[email protected]>
Date:   Wed Aug 16 13:22:30 2023 +0000

    cmake: add integration tests

    Add a small project to test dependent/downstream CMake build using
    libssh2. Also added to the GHA CI, and you can also run it locally with
    `tests/cmake/test.sh`.

    Test three methods of integrating libssh2 into a project:
    - via `find_package()`:
      https://cmake.org/cmake/help/latest/command/find_package.html
    - via `add_subdirectory()`:
      https://cmake.org/cmake/help/latest/command/add_subdirectory.html
    - via `FetchContent`:
      https://cmake.org/cmake/help/latest/module/FetchContent.html

    Closes #1170

commit 4ff64ae3ca14a04c6914c45c48476a061723a872
Author: Viktor Szakats <[email protected]>
Date:   Wed Aug 16 06:38:22 2023 +0000

    cmake: (re-)add aliases for `add_subdirectory()` builds

    Add internal libssh2 library aliases to make these available for
    downstream/dependent projects building libssh2 via `add_subdirectory()`:

    - `libssh2:libssh2_static`
    - `libssh2:libssh2_shared`
    - `libssh2:libssh2` (shared, or static when not building shared)
    - `libssh2` (shared, or static when not building shared)

    Of these, `libssh2` was present in v1.10.0 and earlier releases, but
    missing from v1.11.0.

    Closes #1169

commit 8eade0c9b75dff36e7c55edde03887d95a5ec260
Author: Viktor Szakats <[email protected]>
Date:   Wed Aug 16 06:36:10 2023 +0000

    cmake: delete empty line [ci skip]

    Follow-up to 3fa5282d6284efba62dc591697e6a687152bdcb1

commit 6eda1ee4337a57cb92b831ff2647b914b52ff14a
Author: Viktor Szakats <[email protected]>
Date:   Tue Aug 15 21:58:18 2023 +0000

    cmake: reflect minimum version in docs [ci skip]

    Follow-up to 9cd18f4578baa41dfca197f60557063cad12cd59

commit 3fa5282d6284efba62dc591697e6a687152bdcb1
Author: Viktor Szakats <[email protected]>
Date:   Thu Aug 10 12:38:24 2023 +0000

    cmake: style tidy up

    - quote text literals to improve readability.
      (exceptions: `FILES` items, `add_subdirectory` names, `find_package`
      names, literal target names, version numbers, 0/1, built-in CMake
      values and CMake keywords, list items in `cmake/max_warnings.cmake`)
    - quote standalone variables that could break syntax on empty values.
    - replace `libssh2_SOURCE_DIR` with `PROJECT_SOURCE_DIR`.
    - add missing mode to `message()` call.
    - `TRUE`/`FALSE` → `ON`/`OFF`.
    - add missing default value `OFF` to `option()` for clarity.
    - unfold some lines.
    - `INSTALL_CMAKE.md` fixes and updates. Show defaults.

    Closes #1166

commit 186c1d6394a75e52ea3becd4c11a32aaa6002a52
Author: Viktor Szakats <[email protected]>
Date:   Tue Aug 15 01:36:48 2023 +0000

    wincng: prefer `ULONG`/`DWORD` over `unsigned long`

    To match with the types used by the `Crypt*()` (uses `DWORD`) and
    `BCrypt*()` (uses `ULONG`) Windows APIs.

    This patch doesn't change data width or signedness.

    Closes #1165

commit 7bb669b52adbb1d3d4e239f77544824e83f74209
Author: Viktor Szakats <[email protected]>
Date:   Mon Aug 14 23:23:06 2023 +0000

    wincng: tidy-ups

    - make `_libssh2_wincng_key_sha_verify` static.

    - prefer `unsigned long` over `size_t` in two static functions.

    - prefer `ULONG` over `DWORD` to match `BCryptImportKeyPair()`
      and `BCryptGenerateKeyPair()`.

    - add a newline.

    Closes #1164

commit d43b8d9b0b9cd62668459fe5d582ed83aabf77e7
Author: Viktor Szakats <[email protected]>
Date:   Mon Aug 14 21:57:18 2023 +0000

    ci: add MSYS builds (autotools and cmake)

    Use existing MSYS2 section and extend it with builds for the MSYS
    environment with both autotools and cmake.

    MSYS builds resemble Cygwin ones: The env is Unixy, where Windows
    headers are all available but we don't use them.

    Also:

    - extend existing autotools logic for Cygwin to skip detecting
      `windows.h` for MSYS targets too.

    - require `windows.h` for the WinCNG backend in autotools. Before this
      patch, autotools allowed selecting WinCNG on the Cygwin and MSYS
      platforms, but the builds then fell apart due to the resulting mixed
      Unixy + Windowsy environment. The general expectation for Cygwin/MSYS
      builds is not to use the Windows API directly in them.

    - stop manually selecting the `MSYS Makefiles` CMake generator for
      MSYS2-based GHA CI builds. mingw-w64 builds work fine without it, but
      it broke MSYS build which use `Unix Makefiles`. Deleting this setting
      fixes all build flavours.

    Closes #1162

commit 84912e2ed8a9e40016a1e0c381bacbba7cba52b5
Author: Viktor Szakats <[email protected]>
Date:   Mon Aug 14 23:07:21 2023 +0000

    ci: cygwin job tidy-ups

    `CMAKE_C_COMPILER=gcc` not necessary, delete it.

    Follow-up to f1e96e733fefb495bc31b07f5c2a5845ff877c9c

    Cherry-picked from #1163
    Closes #1163

commit f1e96e733fefb495bc31b07f5c2a5845ff877c9c
Author: Viktor Szakats <[email protected]>
Date:   Mon Aug 14 21:22:00 2023 +0000

    ci: add Cygwin builds (autotools and cmake)

    To avoid builds picking up non-Cygwin components coming by default with
    the CI machine, I used the solution recommended by Cygwin [1] and set
    `PATH` manually. To avoid repeating this for each step, I merged steps
    into a single one. Let us know if there is a more elegant way.

    Cygwin's Github Action uses cleartext HTTP. We upgrade this to HTTPS.

    autotools build seemed to take slightly longer than other jobs. To save
    turnaround time I disabled building tests.

    Cygwin package search: https://cygwin.com/cgi-bin2/package-grep.cgi

    [1] https://github.com/cygwin/cygwin-install-action/tree/v4#path

    Closes #1161

commit 5453fc8035b4aaad1a9bbfbeace4fac210fabde8
Author: Viktor Szakats <[email protected]>
Date:   Sun Aug 13 09:07:26 2023 +0000

    cmake: add `LIB_NAME` variable

    It holds the name `libssh2`. Mainly to document its uses, and also
    syncing up with the same variable in libcurl.

    Closes #1159

commit c705ff3f370582d4363f53826c4fcb23af7ec3b7
Author: Viktor Szakats <[email protected]>
Date:   Fri Aug 11 21:57:33 2023 +0000

    cmake: add one missed `PROJECT_NAME` variable

    Follow-up to 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c

    Closes #1158

commit ae7d51085e9e4e8c0d0ca3ded9dd7956f6f7d645
Author: Viktor Szakats <[email protected]>
Date:   Fri Aug 11 17:09:27 2023 +0000

    cmake: tidy-up concatenation in `CMAKE_MODULE_PATH`

    Former solution was appending an empty element to the array if
    `CMAKE_MODULE_PATH` was originally empty. The new syntax doesn't have
    this side-effect.

    There is no known issue caused by this. Fixing it for good measure.

    Closes #1157

commit 1215aa5f46a603ce31e8b91b11ccd273a469350a
Author: Viktor Szakats <[email protected]>
Date:   Thu Aug 10 02:33:24 2023 +0000

    ci: add mingw-w64 UWP build

    Add a CI test for Windows UWP builds using mingw-w64. Before this patch
    we had UWP builds tested with MSVC only.

    Alike existing UWP jobs, it's not possible to run the binaries due to
    the missing UWP runtime DLL:
    https://github.com/libssh2/libssh2/actions/runs/5821297010/job/15783475118#step:11:42

    We could install `winstorecompat-git` in the setup-msys2 step, but opted
    to do it manually to avoid the overhead for every matrix job.

    All this would work smoother with llvm-mingw, which features an UWP
    toolchain prefix and provides all necessary implibs by default.

    This also hit a CMake bug (with v3.26.4), where CMake gets confused and
    sets up `windres.exe` to use the MSVC rc.exe-style command-line:
    https://github.com/libssh2/libssh2/actions/runs/5819232677/job/15777236773#step:9:126

    Notice that MS "sunset" UWP in 2021:
    https://github.com/microsoft/WindowsAppSDK/discussions/1615

    If this particular CI job turns out to be not worth the maintenance
    burden or CPU time, or too much of a hack, feel free to delete it.

    Ref: https://github.com/libssh2/libssh2/pull/1147#issuecomment-1670850890
    Closes #1155

commit 72fd25958a7dc6f8e68f2b2d5d72839a2da98f9c
Author: Viktor Szakats <[email protected]>
Date:   Wed Aug 9 11:23:37 2023 +0000

    cmake: replace `libssh2` literals with `PROJECT_NAME` variable

    Where applicable.

    This also makes it more obvious which `libssh2` uses were referring
    to the pr…
  • Loading branch information
palmin committed Dec 19, 2023
1 parent 93e0f85 commit 4ee4846
Show file tree
Hide file tree
Showing 484 changed files with 21,367 additions and 16,113 deletions.
3 changes: 3 additions & 0 deletions .checksrc
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
disable FOPENMODE
disable SNPRINTF
disable TYPEDEFSTRUCT
2 changes: 0 additions & 2 deletions .gitattribute

This file was deleted.

5 changes: 3 additions & 2 deletions .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,9 @@ A recipe or example code that reproduces the problem? A stack trace from a crash
A clear and concise description of what you expected to happen.

**Version (please complete the following information):**
- OS: [e.g. iOS]
- libssh2 version [e.g. 1.8.0]
- OS and version: [e.g. iOS, macOS, Windows, Linux (distro)]
- libssh2 version: [e.g. 1.10.0]
- crypto backend and version: [OpenSSL, mbedTLS, Libgcrypt, LibreSSL, WinCNG, OS400, wolfSSL, None]

**Additional context**
Add any other context about the problem here.
13 changes: 13 additions & 0 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Security Policy

See [SECURITY.md](https://github.com/libssh2/libssh2/blob/master/docs/SECURITY.md) for full details.

## Reporting a Vulnerability

If you have found or just suspect a security problem somewhere in libssh2,
email `[email protected]` about it.

**Do not submit suspected security issues in the public bug tracker!**

We treat security issues with confidentiality until controlled and disclosed
responsibly.
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2021 Marc Hoersken
# Copyright (C) Marc Hoersken
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
Expand All @@ -21,6 +21,8 @@
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# SPDX-License-Identifier: BSD-3-Clause

name: AppVeyor Docker Bridge

Expand All @@ -40,6 +42,8 @@ on:
ssh_privkey:
required: true

permissions: {}

jobs:
daemon:
runs-on: ubuntu-latest
Expand All @@ -48,18 +52,17 @@ jobs:
- name: Setup SSH client configuration
run: |
cd ~
mkdir .ssh
chmod 0700 .ssh
echo "ServerAliveInterval 45" > .ssh/config
echo "Host ${{ github.event.inputs.ssh_host }}" >> .ssh/config
echo "${{ github.event.inputs.ssh_forward }}" | sed 's/,/\n/g' | sed 's/^/\tRemoteForward /g' >> .ssh/config
chmod 0600 .ssh/config
cat .ssh/config
echo "${{ github.event.inputs.ssh_host }} ${{ github.event.inputs.ssh_hostkey }}" | sed 's/,/\n${{ github.event.inputs.ssh_host }} /g' > .ssh/known_hosts
chmod 0600 .ssh/known_hosts
cat .ssh/known_hosts
echo "${{ github.event.inputs.ssh_privkey }}" | sed 's/,/\n/g' > .ssh/id_rsa
chmod 0600 .ssh/id_rsa
mkdir -m 0700 .ssh
install -m 0600 /dev/null .ssh/config
{
echo 'ServerAliveInterval 45'
echo 'Host ${{ github.event.inputs.ssh_host }}'
echo '${{ github.event.inputs.ssh_forward }}' | sed 's/,/\n/g' | sed 's/^/ RemoteForward /g'
} | tee -a .ssh/config
install -m 0600 /dev/null .ssh/known_hosts
echo '${{ github.event.inputs.ssh_host }} ${{ github.event.inputs.ssh_hostkey }}' | sed 's/,/\n${{ github.event.inputs.ssh_host }} /g' | tee -a .ssh/known_hosts
install -m 0600 /dev/null .ssh/id_rsa
echo '${{ github.event.inputs.ssh_privkey }}' | sed 's/,/\n/g' >> .ssh/id_rsa
# we sleep explicitly to allow the remote system to kill the sleep process
- name: Connect to AppVeyor and sleep
Expand Down
62 changes: 62 additions & 0 deletions .github/workflows/appveyor_status.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# Copyright (C) Marc Hoersken
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# SPDX-License-Identifier: BSD-3-Clause

name: AppVeyor Status Report

on:
status

concurrency:
group: ${{ github.workflow }}-${{ github.event.sha }}-${{ github.event.target_url }}
cancel-in-progress: true

permissions:
statuses: write

jobs:
split:
runs-on: ubuntu-latest
if: ${{ github.event.sender.login == 'appveyor[bot]' }}
steps:
- name: Create individual AppVeyor build statuses
if: ${{ github.event.sha && github.event.target_url }}
env:
APPVEYOR_COMMIT_SHA: ${{ github.event.sha }}
APPVEYOR_TARGET_URL: ${{ github.event.target_url }}
APPVEYOR_REPOSITORY: ${{ github.event.repository.full_name }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo ${APPVEYOR_TARGET_URL} | sed 's/\/project\//\/api\/projects\//' | xargs -t -n1 curl -s | \
jq -c '.build.jobs[] | {target_url: ($target_url + "/job/" + .jobId),
context: (.name | sub("^(Environment: )?"; "AppVeyor / ")),
state: (.status | sub("queued"; "pending")
| sub("starting"; "pending")
| sub("running"; "pending")
| sub("failed"; "failure")
| sub("cancelled"; "error")),
description: .status}' \
--arg target_url ${APPVEYOR_TARGET_URL} | tee /dev/stderr | parallel --pipe -j 1 -N 1 \
gh api --silent --input - repos/${APPVEYOR_REPOSITORY}/statuses/${APPVEYOR_COMMIT_SHA}
Loading

0 comments on commit 4ee4846

Please sign in to comment.