Updated libssh2 packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The libssh2 packages provide a library that implements the SSH2 protocol.
The libssh2 packages have been upgraded to upstream version 1.4.2, which provides a number of bug fixes and enhancements over the previous version, including fixes for memory leaks, missing error handling, and incompatibilities in the SSH2 protocol implementation. (BZ#749873)
- With this update, several stability patches have been added to libssh2. As a result, memory leaks, buffer overruns, and null pointer problems are avoided when managing a large number of nodes.
- Previously, an insufficient data type was used for certain bit shift operations in the libssh2 code. This behavior caused the curl utility to terminate unexpectedly when downloading files larger than 2 GB over the SSH File Transfer Protocol (SFTP). With this update, the underlying code has been modified to use the correct data type and curl now works as expected in the described scenario.
- Under certain circumstances, libssh2 failed to resume an interrupted key exchange when sending a large amount of data over SSH. Moreover, further data was erroneously sent, which caused the remote site to close the connection immediately. With this update, libssh2 has been modified to properly resume the interrupted key exchange before sending any further data. As a result, the connection remains open and the data transfer proceeds as expected.
- Previously, the function for writing to a channel in libssh2 incorrectly handled error states, which, under certain circumstances, resulted in an infinite loop. The function has been fixed and the error handling now works properly.
- BZ#806862, BZ#873785
- Previously, the window size adjustment in libssh2 did not work properly, which resulted in unclosed connections when transferring huge files over SCP or SFTP, extensive memory consumption or both. The window-adjusting code has been fixed and works now properly for blocks of arbitrary size.
- Previously, libssh2 incorrectly returned the LIBSSH2_ERROR_EAGAIN error code when operating in blocking mode. The error code is used by libssh2 internally to initiate a blocking operation on a socket. The error code was, however, not properly cleared on success and leaked through the public API of libssh2. An upstream patch has been applied to clear the error code prior to initiating the blocking operation, and libssh2 no longer returns LIBSSH2_ERROR_EAGAIN when operating in blocking mode.
All users of libssh2 are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing these updated packages, all running applications using libssh2 have to be restarted for this update to take effect.