From libssh2-devel-bounces@cool.haxx.se Fri Aug 13 14:08:31 2021 Return-Path: Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id 17DC7oqt010490; Fri, 13 Aug 2021 14:08:19 +0200 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20:0:0:0:1035]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id 17DC7mLE010481 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Fri, 13 Aug 2021 14:07:49 +0200 Received: by mail-pj1-x1035.google.com with SMTP id u13-20020a17090abb0db0290177e1d9b3f7so20343897pjr.1 for ; Fri, 13 Aug 2021 05:07:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=cFWqYHT/T4hn+rqMvumrgKAx538qLwWElHnLGJYlsmg=; b=VrIzQMoRRN1s0v5nYT3/wHU1HEifrxrxtggRmo5LQ/ABWJR3kd+j3Y9LmI8jzSOszd iHilqwt73+lobk8yEd8aVFLlSCkE+grepSgoIvA5Qp15ncExvAgHpJf9pZ1zcOTm/XzI YJuL7ApEtDOwJBAVE3v637uZSiKtScqSrhn4Yp7fLN5ybFF0FMQsDqfGX8q5qU5M7rjb JQrmNRUpJhVE4b9zXDCKRDXhLFrNi3aDyXRtmok0BosbJOB9m+4gx7WqQM8RXwRkyliD STW1ZSlS9YDrJfYQ13+l8safnlqRqJd+Swf3a/WYgzk8kV+RKAWWC8j+q0lIpSwzabO1 v9NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=cFWqYHT/T4hn+rqMvumrgKAx538qLwWElHnLGJYlsmg=; b=i+2Vbx8sTGzhCTMSoeB9A2QKVtbb1GBjPXncFNdzOmmgjsUYF3djuoXLxkaGRVsVaw 8x+jPXwhCCjy601/qZd8TfmhNu927+aPh5vR7uOd1bxUeOLTjmXV2Rtl7aQrFnnQvUxS cCi8zU4lpZ+PCrachO5iZEnfYAgH/wytgKU7EE4btjfoK+3QXb5L8s9En153fEqjkeGR 5gPAR3oYbKCM9qhmPoxGlk2XJbhqhmtlt9LWNIjW18zN21io7mfnb66MIfXKF/Bv/pTm HGvIEYdJxoSCC8+L42sohwjS7ykJjdpnq6bHCxaaifxYbJpqIY/aDlYXdHIV7Oe6Rgvb s/gA== X-Gm-Message-State: AOAM531pC50RkxKUsIgAtHMsME3rUSmJ0zfDVLBFVISaYI5k1GfC9he9 q57MomvWkBItVEDW7/Dq0+nszOHtME/isZGeZmjj90/oEzI= X-Google-Smtp-Source: ABdhPJx3GoQEs7QRRukXCJ7cxTqxghtZh2b3nQcVkUaJaJ0DMA7m5xtjMpL6ULYvP2y1c0blFXpCGG/H4qkITqiBLes= X-Received: by 2002:a17:90a:b303:: with SMTP id d3mr2312064pjr.199.1628856464537; Fri, 13 Aug 2021 05:07:44 -0700 (PDT) MIME-Version: 1.0 From: Oleg Rosowiecki Date: Fri, 13 Aug 2021 14:07:34 +0200 Message-ID: Subject: libssh2 uploads/fail with recent (?) Linux openssh/sftp-server servers To: libssh2-devel@cool.haxx.se X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Content-Type: multipart/mixed; boundary="===============0917551193==" Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" --===============0917551193== Content-Type: multipart/alternative; boundary="000000000000f579a705c96fb260" --000000000000f579a705c96fb260 Content-Type: text/plain; charset="UTF-8" Hello, I noticed a strange behavior of the libssh2 library with some (newer?) openssh/sftp servers (running on Linux systems). The files would not download and/or upload. However, a command line sftp client downloads/uploads from/to my target systems just fine. I narrowed down the problem to using one of the example tools (e.g. sftp_write.c) to see how it behaves with different server versions. On the server side, this is what happens during attempts to write: Aug 13 12:15:27 localhost sftp-server[9240]: open "..." flags WRITE,CREATE,TRUNCATE mode 0100644. or attempts to read: Aug 10 15:54:51 (none) authpriv.info sftp-server[15695]: open "root/somefile.txt" flags READ mode 010000 So, instead of just 0664 the library OR's it with 0100000. I found the relevant portion of the code: /* S_IFREG */ #define LIBSSH2_SFTP_ATTR_PFILETYPE_FILE 0100000 /* Filetype in SFTP 3 and earlier */ attrs.permissions = mode | (open_file ? LIBSSH2_SFTP_ATTR_PFILETYPE_FILE : LIBSSH2_SFTP_ATTR_PFILETYPE_DIR); I discovered this in version 1.8.0, but it seems that this code has remained there ever since. I would like to ask libssh2 developers about the following. 1. Why is this extra constant there and what purpose do those "extended mode/permissions" serve? By looking at sftp-server implementation I see that the mode parameter is applied quite literally, i.e. the mode value such as 0100644 or similar is supplied to the open(filename, flags, mode) system call. 2. I checked against Linux openssh versions: OpenSSH_8.2p1, OpenSSL 1.0.2t 10 Sep 2019 and OpenSSH_8.0p1, OpenSSL 1.1.1d FIPS 10 Sep 2019 In both instances, sftp-server fails to support this "extended mode" flag (in fact, the difference is just in a single extra bit). Is this a known problem? Is libssh2 compatible with only some versions of openssh/sftp-server? I would appreciate your help, Oleg Rosowiecki --000000000000f579a705c96fb260 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hello,

I noticed a strange b= ehavior of the libssh2 library with some (newer?) openssh/sftp servers (run= ning on Linux systems). The files would not download and/or upload. However= , a command line sftp client downloads/uploads from/to my target systems ju= st fine.

I narrowed down the problem to using one = of the example tools (e.g. sftp_write.c) to see how it behaves with differe= nt server versions.

On the server side, this is wh= at happens during attempts to write:

Aug 13 12:15:= 27 localhost sftp-server[9240]: open "..." flags WRITE,CREATE,TRU= NCATE mode 0100644.

or attempts to read:

Aug 10 15:54:51 (none)=C2=A0authpriv.info=C2=A0sftp-server= [15695]: open "root/somefile.txt" flags READ mode 010000

So, instead of just 0664 the library OR's it with 0100= 000. I found the relevant portion of the code:

/* S_IFREG */ #define LIBSSH2_SFTP_ATTR_PFILETYPE_FILE 0100000 /* Filetype in SFTP 3 and earlier */ attrs.permissions =3D mode | (open_file ? LIBSSH2_SFTP_ATTR_PFILETYPE_FILE : LIBSSH2_SFTP_ATTR_PFILETYPE_DIR);

I discovered this in version 1.8.0, but it seems that this code has rema= ined there ever since.

I would like to ask libssh2= developers about the following.

1. Why is this ex= tra constant there and what purpose do those "extended mode/permission= s" serve? By looking at sftp-server implementation I see that the mode= parameter is applied quite literally, i.e. the mode value such as 0100644 = or similar is supplied to the open(filename, flags, mode) system call.

2. I checked against Linux openssh versions:

OpenSSH_8.2p1, OpenSSL 1.0.2t=C2=A0 10 Sep 2019
a= nd
OpenSSH_8.0p1, OpenSSL 1.1.1d FIPS 10 Sep 2019

<= /div>
In both instances, sftp-server fails to support this "extend= ed mode" flag (in fact, the difference is just in a single extra bit).=

Is this a known problem? Is libssh2 compatible wi= th only some versions of openssh/sftp-server?

I wo= uld appreciate your help,
Oleg Rosowiecki
--000000000000f579a705c96fb260-- --===============0917551193== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwczovL2Nvb2wuaGF4eC5zZS9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vbGlic3No Mi1kZXZlbAo= --===============0917551193==-- From libssh2-devel-bounces@cool.haxx.se Sun Aug 29 22:46:14 2021 Return-Path: Received: from giant.haxx.se (mail [127.0.0.1]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTP id 17TKjano022035; Sun, 29 Aug 2021 22:46:02 +0200 Received: from silly.haxx.se (silly.haxx.se [IPv6:2a02:750:7:3305:0:0:0:2aa]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id 17TKjZWO022029 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 29 Aug 2021 22:45:35 +0200 Received: by silly.haxx.se (Postfix, from userid 1001) id 5F35F5F417; Sun, 29 Aug 2021 22:45:37 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by silly.haxx.se (Postfix) with ESMTP id 5DC1E7D683 for ; Sun, 29 Aug 2021 22:45:37 +0200 (CEST) Date: Sun, 29 Aug 2021 22:45:37 +0200 (CEST) From: Daniel Stenberg X-X-Sender: dast@silly To: libssh2 development Subject: RELEASE: libssh2 1.10.0 Message-ID: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) X-fromdanielhimself: yes MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="-39887073-641281609-1630269937=:8378" X-BeenThere: libssh2-devel@cool.haxx.se X-Mailman-Version: 2.1.22 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: libssh2 development Errors-To: libssh2-devel-bounces@cool.haxx.se Sender: "libssh2-devel" This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. ---39887073-641281609-1630269937=:8378 Content-Type: text/plain; format=flowed; charset=ISO-8859-15 Content-Transfer-Encoding: 8BIT Hello, I'm happy to announce that we've just packaged and shipped libssh2 1.10.0 You find it at https://libssh2.org/ This release includes the following enhancements and bugfixes: o adds agent forwarding support o adds OpenSSH Agent support on Windows o adds ECDSA key support using the Mbed TLS backend o adds ECDSA cert authentication o adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 key exchanges o adds support for PKIX key reading when using ed25519 with OpenSSL o adds support for EWOULDBLOCK on VMS systems o adds support for building with OpenSSL 3 o adds support for using FIPS mode in OpenSSL o adds debug symbols when building with MSVC o adds support for building on the 3DS o adds unicode build support on Windows o restores os400 building o increases min, max and opt Diffie Hellman group values o improves portiablity of the make file o improves timeout behavior with 2FA keyboard auth o various improvements to the Wincng backend o fixes reading parital packet replies when using an agent o fixes Diffie Hellman key exchange on Windows 1903+ builds o fixes building tests with older versions of OpenSSL o fixes possible multiple definition warnings o fixes potential cast issues _libssh2_ecdsa_key_get_curve_type() o fixes potential use after free if libssh2_init() is called twice o improved linking when using Mbed TLS o fixes call to libssh2_crypto_exit() if crypto hasn't been initialized o fixes crash when loading public keys with no id o fixes possible out of bounds read when exchanging keys o fixes possible out of bounds read when reading packets o fixes possible out of bounds read when opening an X11 connection o fixes possible out of bounds read when ecdh host keys o fixes possible hang when trying to read a disconnected socket o fixes a crash when using the delayed compression option o fixes read error with large known host entries o fixes various warnings o fixes various small memory leaks o improved error handling, various detailed errors will now be reported o builds are now using OSS-Fuzz o builds now use autoreconf instead of a custom build script o cmake now respects install directory o improved CI backend o updated HACKING-CRYPTO documentation o use markdown file extensions o improved unit tests This release would not have looked like this without help, code, reports and advice from friends like these: katzer, Orgad Shaneh, mark-i-m, Zenju, axjowa, Thilo Schulz, Etienne Samson, hlefebvre, seba30, Panos, jethrogb, Fabrice Fontaine, Will Cosgrove, Daniel Stenberg, Michael Buckley, Wallace Souza Silva, Romain-Geissler-1A, meierha, Tseng Jun, Thomas Klausner, Brendan Shanks, Harry Sintonen, monnerat, Koutheir Attouchi, Marc Hörsken, yann-morin-1998, Wez Furlong, TDi-jonesds, David Benjamin, Max Dymond, Igor Klevanets, Viktor Szakats, Laurent Stacul, Mstrodl, Gabriel Smith, MarcT512, Paul Capron, teottin, Tor Erik Ottinsen, Brian Inglis Thanks everyone! -- / daniel.haxx.se ---39887073-641281609-1630269937=:8378 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlic3NoMi1k ZXZlbCBodHRwczovL2Nvb2wuaGF4eC5zZS9jZ2ktYmluL21haWxtYW4vbGlzdGluZm8vbGlic3No Mi1kZXZlbAo= ---39887073-641281609-1630269937=:8378-- From libssh2-devel-bounces@lists.haxx.se Sun Aug 29 23:13:15 2021 Return-Path: Received: from silly.haxx.se (silly.haxx.se [159.253.31.95]) by giant.haxx.se (8.15.2/8.15.2/Debian-4) with ESMTPS id 17TLDFR0025674 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 29 Aug 2021 23:13:15 +0200 Received: from [159.253.31.95] (localhost [IPv6:::1]) by silly.haxx.se (Postfix) with ESMTP id BBC445F434; Sun, 29 Aug 2021 23:13:13 +0200 (CEST) Received: by silly.haxx.se (Postfix, from userid 1001) id 7CDBC5F41F; Sun, 29 Aug 2021 23:13:12 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by silly.haxx.se (Postfix) with ESMTP id 7C0D87D5CC for ; Sun, 29 Aug 2021 23:13:12 +0200 (CEST) Date: Sun, 29 Aug 2021 23:13:12 +0200 (CEST) X-X-Sender: dast@silly To: libssh2 development Subject: The mailing list moved! Message-ID: User-Agent: Alpine 2.21 (DEB 202 2017-01-01) X-fromdanielhimself: yes MIME-Version: 1.0 X-BeenThere: libssh2-devel@lists.haxx.se X-Mailman-Version: 2.1.29 Precedence: list List-Id: libssh2 development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Daniel Stenberg via libssh2-devel Reply-To: libssh2 development Cc: Daniel Stenberg Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: libssh2-devel-bounces@lists.haxx.se Sender: "libssh2-devel" Hi, As of now, the libssh2 mailing list is served by lists.haxx.se and not by the old host, cool.haxx.se. All subcribers have been moved over and with a little luck we can just pretent this is how it always was. Mails sent to the old address will just vanish. This move happens because the old server is being shut down. The main libssh2.org website will also make the jump to the new server within a few days but hopefully that won't be even visible to most users. Sorry for any convenience this may cause. -- / daniel.haxx.se -- libssh2-devel mailing list libssh2-devel@lists.haxx.se https://lists.haxx.se/listinfo/libssh2-devel