ningfc
diff --git a/‎vendor/libssh2/Makefile.in‎
Lines changed: 13 additions & 10 deletions b/‎vendor/libssh2/Makefile.in‎
Lines changed: 13 additions & 10 deletions
diff --git a/‎vendor/libssh2/NEWS‎
Lines changed: 63 additions & 16 deletions b/‎vendor/libssh2/NEWS‎
Lines changed: 63 additions & 16 deletions
diff --git a/‎vendor/libssh2/RELEASE-NOTES‎
Lines changed: 6 additions & 25 deletions b/‎vendor/libssh2/RELEASE-NOTES‎
Lines changed: 6 additions & 25 deletions
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -174,7 +174,7 @@ am__recursive_targets = \
   $(RECURSIVE_CLEAN_TARGETS) \
   $(am__extra_recursive_targets)
 AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
-	cscope distdir dist dist-all distcheck
+	cscope distdir distdir-am dist dist-all distcheck
 am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
 # Read a list of newline-separated strings from the standard input,
 # and print each of them once, without duplicates.  Input order is
@@ -469,8 +469,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	    echo ' $(SHELL) ./config.status'; \
 	    $(SHELL) ./config.status;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \
 	esac;
 $(srcdir)/Makefile.inc $(am__empty):
 
@@ -642,7 +642,10 @@ distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 	-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	$(am__remove_distdir)
 	test -d "$(distdir)" || mkdir "$(distdir)"
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
@@ -710,7 +713,7 @@ distdir: $(DISTFILES)
 	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
 	|| chmod -R a+r "$(distdir)"
 dist-gzip: distdir
-	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
 	$(am__post_remove_distdir)
 
 dist-bzip2: distdir
@@ -736,7 +739,7 @@ dist-shar: distdir
 	@echo WARNING: "Support for shar distribution archives is" \
 	               "deprecated." >&2
 	@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
-	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
 	$(am__post_remove_distdir)
 
 dist-zip: distdir
@@ -754,7 +757,7 @@ dist dist-all:
 distcheck: dist
 	case '$(DIST_ARCHIVES)' in \
 	*.tar.gz*) \
-	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
 	*.tar.bz2*) \
 	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
 	*.tar.lz*) \
@@ -764,7 +767,7 @@ distcheck: dist
 	*.tar.Z*) \
 	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
 	*.shar.gz*) \
-	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+	  eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
 	*.zip*) \
 	  unzip $(distdir).zip ;;\
 	esac
 
@@ -1,5 +1,68 @@
    Changelog for the libssh2 project. Generated with git2news.pl
 
+Version 1.8.2 (25 Mar 2019)
+
+Daniel Stenberg (25 Mar 2019)
+- RELEASE-NOTES: version 1.8.2
+
+- [Will Cosgrove brought this change]
+
+  moved MAX size declarations #330
+
+- [Will Cosgrove brought this change]
+
+  Fixed misapplied patch (#327)
+  
+  Fixes for user auth
+
+Version 1.8.1 (14 Mar 2019)
+
+Will Cosgrove (14 Mar 2019)
+- [Michael Buckley brought this change]
+
+  More 1.8.0 security fixes (#316)
+  
+  * Defend against possible integer overflows in comp_method_zlib_decomp.
+  
+  * Defend against writing beyond the end of the payload in _libssh2_transport_read().
+  
+  * Sanitize padding_length - _libssh2_transport_read(). https://libssh2.org/CVE-2019-3861.html
+  
+  This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.
+  
+  * Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. https://libssh2.org/CVE-2019-3858.html
+  
+  * Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.
+  
+  * Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. https://libssh2.org/CVE-2019-3860.html
+  
+  * Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). https://libssh2.org/CVE-2019-3862.html
+
+GitHub (14 Mar 2019)
+- [Will Cosgrove brought this change]
+
+  1.8 Security fixes (#314)
+  
+  * fixed possible integer overflow in packet_length
+  
+  CVE https://www.libssh2.org/CVE-2019-3861.html
+  
+  * fixed possible interger overflow with userauth_keyboard_interactive
+  
+  CVE https://www.libssh2.org/CVE-2019-3856.html
+  
+  * fixed possible out zero byte/incorrect bounds allocation
+  
+  CVE https://www.libssh2.org/CVE-2019-3857.html
+  
+  * bounds checks for response packets
+  
+  * fixed integer overflow in userauth_keyboard_interactive
+  
+  CVE https://www.libssh2.org/CVE-2019-3863.html
+  
+  * 1.8.1 release notes
+
 Version 1.8.0 (25 Oct 2016)
 
 Daniel Stenberg (25 Oct 2016)
@@ -5473,19 +5536,3 @@ Simon Josefsson (16 Nov 2009)
 
   Reported by Steven Van Ingelgem <steven@vaningelgem.be>
   in <http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2566>.
-
-- Mention libssh2-style.el.
-
-- Use memmove instead of memcpy on overlapping memory areas.
-  
-  Reported by Bob Alexander <balexander@expressor-software.com> in
-  <http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2530>.
-
-- Add.
-
-- Protect against crash on too small SSH_MSG_IGNORE packets.
-  
-  Reported by Bob Alexander <balexander@expressor-software.com>
-  in <http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2530>.
-
-- add copyright line
 
@@ -1,31 +1,12 @@
-libssh2 1.8.0
-
-This release includes the following changes:
-
- o added a basic dockerised test suite
- o crypto: add support for the mbedTLS backend
+libssh2 1.8.2
 
 This release includes the following bugfixes:
 
- o libgcrypt: fixed a NULL pointer dereference on OOM
- o VMS: can't use %zd for off_t format
- o VMS: update vms/libssh2_config.h
- o windows: link with crypt32.lib
- o libssh2_channel_open: speeling error fixed in channel error message
- o msvc: fixed 14 compilation warnings
- o tests: HAVE_NETINET_IN_H was not defined correctly
- o openssl: add OpenSSL 1.1.0 compatibility
- o cmake: Add CLEAR_MEMORY option, analogously to that for autoconf
- o configure: make the --with-* options override the OpenSSL default
- o libssh2_wait_socket: set err_msg on errors
- o libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds
- 
+ o Fixed the misapplied userauth patch that broke 1.8.1
+ o moved the MAX size declarations from the public header
+
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
-  Alexander Lamaison, Antenore Gatta, Brad Harder, Charles Collicutt,
-  Craig A. Berry, Dan Fandrich, Daniel Stenberg, Kamil Dudka, Keno Fischer,
-  Taylor Holberton, Viktor Szakats, Will Cosgrove, Zenju
-  (12 contributors)
-
-        Thanks! (and sorry if I forgot to mention someone)
+  Will Cosgrove
+  (1 contributors)