RELEASE-NOTES (3705B)
1libssh2 1.11 2 3This release includes the following enhancements and bugfixes: 4 5 o Adds support for encrypt-then-mac (ETM) MACs 6 o Adds support for AES-GCM crypto protocols 7 o Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys 8 o Adds support for RSA certificate authentication 9 o Adds FIDO support with *_sk() functions 10 o Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends 11 o Adds Agent Forwarding and libssh2_agent_sign() 12 o Adds support for Channel Signal message libssh2_channel_signal_ex() 13 o Adds support to get the user auth banner message libssh2_userauth_banner() 14 o Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, 15 AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options 16 o Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() 17 o Adds wolfSSL support to CMake file 18 o Adds mbedTLS 3.x support 19 o Adds LibreSSL 3.5 support 20 o Adds support for CMake "unity" builds 21 o Adds CMake support for building shared and static libs in a single pass 22 o Adds symbol hiding support to CMake 23 o Adds support for libssh2.rc for all build tools 24 o Adds .zip, .tar.xz and .tar.bz2 release tarballs 25 o Enables ed25519 key support for LibreSSL 3.7.0 or higher 26 o Improves OpenSSL 1.1 and 3 compatibility 27 o Now requires OpenSSL 1.0.2 or newer 28 o Now requires CMake 3.1 or newer 29 o SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs 30 o SFTP: No longer has a packet limit when reading a directory 31 o SFTP: now parses attribute extensions if they exist 32 o SFTP: no longer will busy loop if SFTP fails to initialize 33 o SFTP: now clear various errors as expected 34 o SFTP: no longer skips files if the line buffer is too small 35 o SCP: add option to not quote paths 36 o SCP: Enables 64-bit offset support unconditionally 37 o Now skips leading \r and \n characters in banner_receive() 38 o Enables secure memory zeroing with all build tools on all platforms 39 o No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive 40 o Speed up base64 encoding by 7x 41 o Assert if there is an attempt to write a value that is too large 42 o WinCNG: fix memory leak in _libssh2_dh_secret() 43 o Added protection against possible null pointer dereferences 44 o Agent now handles overly large comment lengths 45 o Now ensure KEX replies don't include extra bytes 46 o Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER 47 o Fixed possible buffer overflow in keyboard interactive code path 48 o Fixed overlapping memcpy() 49 o Fixed Windows UWP builds 50 o Fixed DLL import name 51 o Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows 52 o Support for building with gcc versions older than 8 53 o Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files 54 o Restores ANSI C89 compliance 55 o Enabled new compiler warnings and fixed/silenced them 56 o Improved error messages 57 o Now uses CIFuzz 58 o Numerous minor code improvements 59 o Improvements to CI builds 60 o Improvements to unit tests 61 o Improvements to doc files 62 o Improvements to example files 63 o Removed "old gex" build option 64 o Removed no-encryption/no-mac builds 65 o Removed support for NetWare and Watcom wmake build files 66 67This release would not have looked like this without help, code, reports and 68advice from friends like these: 69 70 Viktor Szakats, Dan Fandrich, Will Cosgrove, Daniel Stenberg, Michael Buckley, 71 Zenju, Miguel de Icaza, Nick Woodruff, Keith Dart, Anders Borum, 72 Jörgen Sigvardsson, vajdaakos, Gustavo Junior Alves, Marc Hörsken, iruis, 73 Nishit Majithia, Stefan Eissing, metab0t, Y. Yang, skundu07, Mike Harris, 74 Gabriel Smith, Leo Liu, Miguel de Icaza, Sandeep Bansal, Harry Sintonen, 75 xalopp, tihmstar, Sunil Nimmagadda