Andreas Schneider"Internet Bug Bounty is taking a break and is not accepting new submissions."
Killed by AI Slop.
No bug bounty for #libssh anymore.
ティージェーグレェI submitted a Pull Request to update MacPorts' libssh to 0.12.0 here:
https://github.com/macports/macports-ports/pull/31472
3 of 3 of GitHub Continuous Integration checks passed.
It's up to someone else with commit access to merge it.
I'm not the maintainer, nor am I really a user of libssh, so some things are not particularly tested (I did attempt to run "port -vst install" but tbh even "port -v install" was failing due to some weird kerberos defaults and I don't run kerberos locally, for good reasons. Also, I don't really use anything dependent upon libssh).
It was more that I was having dreams about OpenSSH and figured I should test a snapshot (no issues there, phew!) but noticed that libssh had been version bumped (more than one actually, there's also a 0.11.4 release) and there were security related issues, so it seemed worth at least submitting a Pull Request since it had apparently slipped under the maintainer's radar? The Portfile is also listed as openmaintainer, so I am guessing a little outside assistance is welcome.
Hopefully it helps some others! Doesn't do much of anything for me.
Hopefully it doesn't break anything for others; that I am less certain about.
#libssh #MacPorts #OpenSource #Security #OpenSSH
https://github.com/macports/macports-ports/pull/31472
3 of 3 of GitHub Continuous Integration checks passed.
It's up to someone else with commit access to merge it.
I'm not the maintainer, nor am I really a user of libssh, so some things are not particularly tested (I did attempt to run "port -vst install" but tbh even "port -v install" was failing due to some weird kerberos defaults and I don't run kerberos locally, for good reasons. Also, I don't really use anything dependent upon libssh).
It was more that I was having dreams about OpenSSH and figured I should test a snapshot (no issues there, phew!) but noticed that libssh had been version bumped (more than one actually, there's also a 0.11.4 release) and there were security related issues, so it seemed worth at least submitting a Pull Request since it had apparently slipped under the maintainer's radar? The Portfile is also listed as openmaintainer, so I am guessing a little outside assistance is welcome.
Hopefully it helps some others! Doesn't do much of anything for me.
Hopefully it doesn't break anything for others; that I am less certain about.
#libssh #MacPorts #OpenSource #Security #OpenSSH
The #libssh team released version 0.12.0 and 0.11.4 including security fixes. Make sure to update. libssh is a C library implementing the SSH protocol.
Highlights:
* Support for FIDO/U2F keys
* Support for hybrid key exchange mechanisms using Quantum Resistant cryptography for all backends
* Support for Ed25519 keys through PKCS#11
* Use curve25519 implementation from mbedTLS and libgcrypt
* Support for GSSAPI Key Exchange
https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/
daniel:// stenberg://I ran a quick SFTP performance test with #curl built to use #libssh 0.11.1 vs one built that uses #libssh2 1.11.1 over a 400ms latency connection.
One of them managed to perform this at 1049K/sec, the other reached only 249K/sec.
And the winner is...
libssh2
Funny detail: I sped it up for this kind of use case **fifteen years ago** and blogged about it: https://daniel.haxx.se/blog/2010/12/08/making-sftp-transfers-fast/
Making SFTP transfers fast
SFTP, the SSH File Transfer Protocol, is a misleading name. It gives you the impression that it might be something like a secure version of FTP, perhaps something like FTPS but modeled over SSH instead of SSL. But it isn't! I think a more suitable name would've been SNFS or FSSSH. That is: networked file … Continue reading Making SFTP transfers fast →
avpGuile-SSH 0.18.0 released:
https://github.com/artyom-poptsov/guile-ssh/releases/tag/v0.18.0
It seems that I fixed Guile-SSH build with libssh 0.11. The changes are on the "master" branch and will be in included in the next release.
GitHub CI job shows that everything builds fine as well. I'm using GNU Guix to test Guile-SSH against libssh 0.11, so likely if it builds on my machine this way then it builds on others. Nevertheless if you'll experience any Guile-SSH errors please report them to me.
The libssh team is proud to announce the release of libssh version 0.11.0. This latest version brings exciting new features such as better async SFTP IO, PKCS#11 provider support for OpenSSL 3.0, testing for GSSAPI authentication, and proxy jump, along with many other enhancements and features. More at: https://www.libssh.org/2024/08/08/libssh-0-11-0-release/ #libssh #ssh
#libssh had a successful summer of code. We will get two new nice features in libssh, more details:
https://www.libssh.org/2023/09/07/wrapping-up-2023-gsoc/
https://www.libssh.org/2023/09/07/wrapping-up-2023-gsoc/
Axel 🚴😷🐧🐪⌨ | #WeAreNatenom@campuscodi: A few notes and thoughts on CVE-2023-2283 in #libssh:
* libssh (libssh-4 in Debian and derivatives) ≠ libssh2 (libssh2-1 in Debian and derivatives)
* Obviously only servers using libssh to let users log in should be affected by any authentication bypass. Most libssh reverse dependencies though seem to be client-side applications.
The only potential libssh server-side reverse dependencies I found so far are:
* #cryptsetup-ssh
* #tmate-ssh-server
* maybe #cockpit-bridge
I've just bumped the copyright year in the https://libssh.org header file. #libssh is getting 20 years old this year!