1.10.0

1.9.0

1.8.2

More 1.8.0 security fixes (libssh2#316)

* Defend against possible integer overflows in comp_method_zlib_decomp.

* Defend against writing beyond the end of the payload in _libssh2_transport_read().

* Sanitize padding_length - _libssh2_transport_read(). https://libssh2.org/CVE-2019-3861.html

This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.

* Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. https://libssh2.org/CVE-2019-3858.html

* Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.

* Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. https://libssh2.org/CVE-2019-3860.html

* Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). https://libssh2.org/CVE-2019-3862.html

1.8.0 release

1.7.0 release

1.6.0 release

1.5.0

RELEASE-NOTES: fixed for 1.4.3

RELEASE-NOTES: synced with 92a9f95