Skip to content

Commit 2c99a46

Browse files
artyom-poptsovartyom-poptsov
committed
NEWS: Update
1 parent 5eeac73 commit 2c99a46

File tree

1 file changed

+36
-0
lines changed

1 file changed

+36
-0
lines changed

NEWS

+36
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,30 @@ boolean type name.
3939

4040
Reported and fixed by Peter Tillemans <[email protected]> in
4141
<https://github.com/artyom-poptsov/guile-ssh/pull/43>
42+
** session-func.c: Fix compilation with libssh < 0.8.3 :BUGFIX:
43+
Guile-SSH don't try to handle missing SSH_OPTIONS_PUBLICKEY_ACCEPTED_TYPES in
44+
libssh older than 0.8.3 because it leads to compilation errors. Instead now
45+
it issues a compilation warning.
46+
** session-func.c: Add compilation warnings for missing options
47+
Now Guile-SSH issues compilation warnings for missing libssh session options.
48+
** Drop support for libssh versions older than 0.8.0 :API_CHANGE:
49+
libssh 0.7.4 was released in 2017 and libssh 0.8.0 was released back in 2018
50+
so it is quite old already. Since then some CVE were fixed, namely:
51+
- 0.8.4: CVE-2018-10933: libssh authentication bypass
52+
- 0.9.3: CVE-2019-14889: SCP: Unsanitized location leads to command execution
53+
- 0.9.4: CVE-2020-1730: Possible DoS in client and server when handling
54+
- 0.9.5: CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
55+
- 0.9.6: CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with
56+
different key exchange mechanism.
57+
58+
Also libssh introduced some new features since 0.8.0 so Guile-SSH will not
59+
probably work with libssh 0.7 anyway. Guile-SSH with libssh 0.8 should work
60+
fine (according to tests) although some new Guile-SSH API will not be
61+
available (e.g. some types of private keys are not compatible with old
62+
versions of libssh.)
63+
64+
Support for libssh version 0.8.0, 0.8.1 and 0.8.2 will be dropped in the next
65+
Guile-SSH releases.
4266
** Documentation
4367
*** doc/api-popen.texi: Improve description; update examples
4468
*** doc/api-dist.texi: Fix the description of "make-node"
@@ -51,6 +75,18 @@ be read.
5175
Don't try to use DSA key when it is disabled.
5276
*** tests/common.scm: Don't use DSA keys when DSA is not supported :BUGFIX:
5377
*** tests/session: Expand "#:config" test suite
78+
*** tests/client-server: Fix logging :BUGFIX:
79+
In test case "data transferring, remote side abruptly closed": Don't log
80+
errors into stderr, use libssh log instead. Remove "error" word from the log
81+
string as surprisingly it tricks the test framework to think that some test
82+
error has happened.
83+
*** tests/client-server: Don't use ECDSA key with older versions of libssh :BUGFIX:
84+
Now test "userauth-public-key!, success") is skipped when libssh has version
85+
older than 0.8.3.
86+
87+
Instead "userauth-public-key!, success (RSA)" test case is used for older
88+
versions of libssh.
89+
*** tests/sssh-ssshd: Don't use ECDSA keys with older versions of libssh :BUGFIX:
5490
** Examples
5591
*** examples/ssshd.scm.in (main): Bugfix: Handle deprecation of DSA :BUGFIX:
5692
*** tests/key.scm: Bugfix: Handle DSA deprecation properly :BUGFIX:

0 commit comments

Comments
 (0)