Re: 1.9.1 release + call for maintainers
Marc Hoersken in gmane.network.ssh.libssh2.devel (Mon, 22 Jun 2020 14:48:40 +0200): >Hello everyone, > >I just wanted to inform you that I am back working on libssh2 from time >to time, as can be seen on the GitHub repository. I am currently >focusing on getting WinCNG into a working state on modern Windows, then >probably add some more CI builds and then eventually will also look at >some (stale) PRs. > >Best regards, >Marc Good to know! Thanks. -- Jan ___ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Re: 1.9.1 release + call for maintainers
Hello everyone, I just wanted to inform you that I am back working on libssh2 from time to time, as can be seen on the GitHub repository. I am currently focusing on getting WinCNG into a working state on modern Windows, then probably add some more CI builds and then eventually will also look at some (stale) PRs. Best regards, Marc On 14.10.19 19:43, Will Cosgrove wrote: > Hi All, > There as been a handful of good fixes since the 1.9.0 release so I’m putting > out a call for a 1.9.1 release soon. Please test master with your projects > and get those bugs in and/or touch any PRs and issues that you’d like landed > for 1.9.1. > > Also, I’d like to see active members volunteer for a maintainer roles. Right > now it seems like I’m the only one landing anything, which isn't good for a > number of reasons. I’d like to see new active maintainers for the libgcrypt, > mbedTLS and WinCNG backends. We get PRs on these backends but there isn’t > anyone actively testing and landing those commits. If you’d like to be a > maintainer, let me or bagder know and we’ll get you added to the project. > > Thanks, > > Will > ___ > libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel ___ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Re: 1.9.1 release + call for maintainers
I would like to see pull request 420 (or something similar) merged into the next release. It's been fairly complicated to trace through the various changes to this section of code, but I believe I have figured out the sequence of changes. >From what I can tell, there was a memory leak with the OpenSSL AES-CTR ciphers. These cipher structs were created in _libssh2_openssl_crypto_init(), but never cleaned up. The leak was fixed in pull request 244, which added the _libssh2_openssl_crypto_exit() function. This change was included in the 1.9.0 release. However, that change also introduced a use-after-free bug. The function scoped static pointers in the _libssh2_EVP_aes_XXX_ctr() functions would never be reset to NULL when _libssh2_openssl_crypto_exit() is called, and therefore pointers to already freed structs would be returned from the the _libssh2_EVP_aes_XXX_ctr() functions. This leads to crashes during repeated init/cleanup cycles. The use-after-free problem was fixed in pull request 387, which was merged into master after the 1.9.0 release, so would be included in a 1.9.1 release. A crash in our application due to the use-after free bug is what made me look into this in the first place. However, that change re-introduced a similar memory leak as existed originally. The AES-CTR ciphers can now be created without being cleaned up, if the _libssh2_EVP_aes_XXX_ctr() functions are ever called outside the _libssh2_openssl_crypto_init() function. Previously, callers of these functions did not need to worry about freeing the result, as it was intended that there would only ever be one instance of each of the ciphers, and they would be cleaned up in the library shutdown. I believe that pull request 420 reinstates this behaviour. https://github.com/libssh2/libssh2/pull/244 https://github.com/libssh2/libssh2/pull/387 https://github.com/libssh2/libssh2/pull/42 Thanks, Joel ___ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Re: 1.9.1 release + call for maintainers
On Mon, 14 Oct 2019, Will Cosgrove wrote: There as been a handful of good fixes since the 1.9.0 release so I’m putting out a call for a 1.9.1 release soon. Please test master with your projects and get those bugs in and/or touch any PRs and issues that you’d like landed for 1.9.1. I propose we set a cut-off date for that not too far into the future, then set a release date too like a week later, so that we can all plan ahead. Then, whatever is in master on the release day we can ship as version 1.9.1. I'll happily volunteer to build the tarball, sign it and upload it to the site etc. -- / daniel.haxx.se___ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
1.9.1 release + call for maintainers
Hi All, There as been a handful of good fixes since the 1.9.0 release so I’m putting out a call for a 1.9.1 release soon. Please test master with your projects and get those bugs in and/or touch any PRs and issues that you’d like landed for 1.9.1. Also, I’d like to see active members volunteer for a maintainer roles. Right now it seems like I’m the only one landing anything, which isn't good for a number of reasons. I’d like to see new active maintainers for the libgcrypt, mbedTLS and WinCNG backends. We get PRs on these backends but there isn’t anyone actively testing and landing those commits. If you’d like to be a maintainer, let me or bagder know and we’ll get you added to the project. Thanks, Will ___ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel