Bug#959881: libssh2-1: Please upgrade to 1.9: ECDSA and memory leaks

2021-05-08 Thread Benjamin Riefenstahl 
I did some more digging and than made a bug report with Curl upstream
here: .  This produced a
commit there that makes my test work much better.

The glibc function mallinfo still says that a couple of bytes go missing
now and than, but valgrind says it can't find anything.  I also repeated
the test 2 times and watched the memory in htop and it didn't grow,
so I will assume this is an error with mallinfo.

Thank you for your attention and your patience.

Regards, benny

Bug#959881: libssh2-1: Please upgrade to 1.9: ECDSA and memory leaks

2021-04-19 Thread Benjamin Riefenstahl 
I have just tested in a Docker container on sid and with that version
(libssh2-1 1.9.0-3) ECDSA works (makes sense when I look at the
changelog).  The memory leak is still there.

Bug#959881: libssh2-1: Please upgrade to 1.9: ECDSA and memory leaks

2020-12-07 Thread Nicolas Mora 

Hello,

On Wed, 06 May 2020 15:10:41 +0200 Benjamin Riefenstahl 
 wrote:


Scanning the changelogs of libssh2, it seems that there are important
updates for both of these problems in libssh2 in the current version
1.9.  So before investigating further, we would like to ask, when we can
expect that version to come to Debian and if there is something we can
do to help.

libssh2 1.9 has been uploaded to unstable, can you check if the problems 
are fixed now?


/Nicolas


OpenPGP_0xFE82139440BD22B9.asc
Description: application/pgp-keys


OpenPGP_signature
Description: OpenPGP digital signature

Bug#959881: libssh2-1: Please upgrade to 1.9: ECDSA and memory leaks

2020-05-06 Thread Benjamin Riefenstahl 
Package: libssh2-1
Version: 1.8.0-2.1
Severity: normal

Dear Maintainer,

We are using libcurl for SFTP in our own software.  Libcurl in turn
relies on libssl2 for this feature.  We already use libcurl for HTTP and
HTTPS, so we would like to stick with that level so we have more common
code.

We have a tool containing our code for testing.  With that we tested
support for ECDSA client keys.  This works with the OpenSSH tool "sftp",
but not with our software.  When we compare the server debug log
(OpenSSH in debug mode, level debug3) with what we get from running the
sftp tool, the authentification sequence stops earlier, before reaching
success.

We also have a unit test that runs our code in a loop and that shows
memory leaks.

Scanning the changelogs of libssh2, it seems that there are important
updates for both of these problems in libssh2 in the current version
1.9.  So before investigating further, we would like to ask, when we can
expect that version to come to Debian and if there is something we can
do to help.

Regards,
Benjamin Riefenstahl, mecom GmbH


-- System Information:
Debian Release: 10.3
  APT prefers stable-debug
  APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-8-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libssh2-1 depends on:
ii  libc62.28-10
ii  libgcrypt20  1.8.4-5
ii  zlib1g   1:1.2.11.dfsg-1

libssh2-1 recommends no packages.

libssh2-1 suggests no packages.

-- no debconf information

-- 
mecom Medien-Communikations-Gesellschaft mbH
Mittelweg 143, D 20148 Hamburg
Tel: +49 40 411332 801
Fax: +49 40 451962
http://www.mecom.de
Registergericht Hamburg, HRB 43177
Geschäftsführung: Barbara Bliefert, Norbert Schmidt-Banasch