Tags

libssh-0.9.6

* CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with
  different key exchange mechanism
* Fix several memory leaks on error paths
* Reset pending_call_state on disconnect
* Fix handshake bug with AEAD ciphers and no HMAC overlap
* Use OPENSSL_CRYPTO_LIBRARIES in CMake
* Ignore request success and failure message if they are not expected
* Support more identity files in configuration
* Avoid setting compiler flags directly in CMake
* Support build directories with special characters
* Include stdlib.h to avoid crash in Windows
* Fix sftp_new_channel constructs an invalid object
* Fix Ninja multiple rules error
* Several tests fixes

libssh-0.9.5

* CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
* Improve handling of library initialization (T222)
* Fix parsing of subsecond times in SFTP (T219)
* Make the documentation reproducible
* Remove deprecated API usage in OpenSSL
* Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
* Define version in one place (T226)
* Prevent invalid free when using different C runtimes than OpenSSL (T229)
* Compatibility improvements to testsuite

libssh-0.8.9

* Fixed CVE-2020-1730 - Possible DoS in client and server when handling
  AES-CTR keys with OpenSSL

libssh-0.9.4

* Fixed CVE-2020-1730 - Possible DoS in client and server when handling
  AES-CTR keys with OpenSSL
* Added diffie-hellman-group14-sha256
* Fixed serveral possible memory leaks

libssh-0.8.8

* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution

libssh-0.9.3

* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer

libssh-0.9.2

  * Fixed libssh-config.cmake
  * Fixed issues with rsa algorithm negotiation (T191)
  * Fixed detection of OpenSSL ed25519 support (T197)

libssh-0.9.1

  * Added support for Ed25519 via OpenSSL
  * Added support for X25519 via OpenSSL
  * Added support for localuser in Match keyword
  * Fixed Match keyword to be case sensitive
  * Fixed compilation with LibreSSL
  * Fixed error report of channel open (T75)
  * Fixed sftp documentation (T137)
  * Fixed known_hosts parsing (T156)
  * Fixed build issue with MinGW (T157)
  * Fixed build with gcc 9 (T164)
  * Fixed deprecation issues (T165)
  * Fixed known_hosts directory creation (T166)

libssh-0.9.0

* Added support for AES-GCM
* Added improved rekeying support
* Added performance improvements
* Disabled blowfish support by default
* Fixed several ssh config parsing issues
* Added support for DH Group Exchange KEX
* Added support for Encrypt-then-MAC mode
* Added support for parsing server side configuration file
* Added support for ECDSA/Ed25519 certificates
* Added FIPS 140-2 compatibility
* Improved known_hosts parsing
* Improved documentation
* Improved OpenSSL API usage for KEX, DH, and signatures

libssh-0.8.7

* Fixed handling extension flags in the server implementation
* Fixed exporting ed25519 private keys
* Fixed corner cases for rsa-sha2 signatures
* Fixed some issues with connector

libssh-0.8.6

* Fixed compilation issues with different OpenSSL versions
* Fixed StrictHostKeyChecking in new knownhosts API
* Fixed ssh_send_keepalive() with packet filter
* Fixed possible crash with knownhosts options
* Fixed issus with rekeying
* Fixed strong ECDSA keys
* Fixed some issues with rsa-sha2 extentions
* Fixed access violation in ssh_init() (static linking)
* Fixed ssh_channel_close() handling

libssh-0.7.7

* Fixed issues with MSVC
* Fixed keyboard-interactive auth in server mode
  (regression from CVE-2018-10933)
* Fixed gssapi auth in server mode (regression from CVE-2018-10933)
* Fixed a memory leak with OpenSSL

libssh-0.8.5

* Added support to get known_hosts locations with ssh_options_get()
* Fixed preferred algorithm for known hosts negotiations
* Fixed KEX with some server implementations (e.g. Cisco)
* Fixed issues with MSVC
* Fixed keyboard-interactive auth in server mode
  (regression from CVE-2018-10933)
* Fixed gssapi auth in server mode (regression from CVE-2018-10933)
* Fixed socket fd handling with proxy command
* Fixed a memory leak with OpenSSL

libssh-0.7.6

  * Fixed CVE-2018-10933
  * Added support for OpenSSL 1.1
  * Added SHA256 support for ssh_get_publickey_hash()
  * Fixed config parsing
  * Fixed random memory corruption when importing pubkeys

libssh-0.8.4

  * Fixed CVE-2018-10933
  * Fixed building without globbing support
  * Fixed possible memory leaks
  * Avoid SIGPIPE on sockets

libssh-0.8.3

* Added support for rsa-sha2
* Added support to parse private keys in openssh container format
  (other than ed25519)
* Added support for diffie-hellman-group18-sha512 and
  diffie-hellman-group16-sha512
* Added ssh_get_fingerprint_hash()
* Added ssh_pki_export_privkey_base64()
* Added support for Match keyword in config file
* Improved performance and reduced memory footprint for sftp
* Fixed ecdsa publickey auth
* Fixed reading a closed channel
* Added support to announce posix-rename@openssh.com and
  hardlink@openssh.com in the sftp server

libssh-0.8.2

libssh-0.8.1

libssh-0.8.0

libssh-0.7.5