The new libssh2_userauth_banner API allows to get an optional
userauth banner sent with SSH_MSG_USERAUTH_BANNER packet by the
server.

Closes  issue 610

File: agent.c
Notes: implements rsa-sha2 flags used to tell the agent which signing algo to use.
 https://tools.ietf.org/id/draft-miller-ssh-agent-01.html#rfc.section.4.5.1

Credit:
Ian Hattendorf

Files: libssh2.h, agent.c, userauth.c

Notes:
Part 2 of the fix for issue 659. This adds rsa key downgrading for agents that don't support sha2 upgrading. It also adds better trace output for debugging/logging around key upgrading.

Credit:
Will Cosgrove (signed off by Michael Buckley)

Only for windows

Free `server_sign_algorithms` and `sign_algo_prefs`.

files: packet.c, libssh2_priv.h

notes:
* Fix heap buffer overflow in _libssh2_key_sign_algorithm

When allocating `session->server_sign_algorithms` which is a `char*` is is important to also allocate space for the string-terminating null byte at the end and make sure the string is actually null terminated.

Without this fix, the `strchr()` call inside the `_libssh2_key_sign_algorithm` (line 1219) function will try to parse the string and go out of buffer on the last invocation.

Credit: tihmstar
Co-authored-by: Will Cosgrove <will@panic.com>

…e-libssh2

RSA SHA2 256/512 key upgrade support RFC 8332 #536 (#626)

- ThreadPoolImpl doesn't need to keep a pointer of context.
- Methods RunJSThreadCallbacksFromOrchestrator not used.

We want to test two scenarios:
- When libgit2 spawns threads to do the work (when doing a checkout).
- When libigt2 leverages a single thread to do the work (for example when working with submodules).

In each scenario, we'll run synchronous work inside the callbacks, where no locking is applied, so they should succeed.
We'll also run asynchronous work inside the callbacks that lock the same objects already locked. These tests should be able to run by temporary unlocking those objects until the callback ends.

This is a temporary workaround in order to avoid the lost of performance with LFS checkout.

The change is limited to the processing of callbacks from Workers that leverage threaded libgit2 functions. Basically what it does is allowing the callbacks from executorEventsQueue to be queued in jsThreadCallbackQueue without waiting for the current one to end.

It is unsafe because with threaded libgit2 functions there is a potential risk of deadlock if the callbacks need to lock an object.

This commit will be reverted when nodegit-lfs is integrated into nodegit.

Checkout leverages libgit2 threads and when applying filters it runs JS callbacks. These tests check that when running checkout on a worker thread and this is terminated, it exists gracefully without memory leaks.

Update Github Actions for node 16

To update Windows box we need to upgrade node-gyp, so we need python 3.6 in ubuntu 16.04, but last version is 3.5. This is the reason Python 3.6 is build from source.

…gression

UNSAFE Temporary workaround for LFS checkout performance regression

Since 15 March 2022 the unauthenticated git protocol on port 9418 is no longer supported in Github.
https://github.blog/2021-09-01-improving-git-protocol-security-github/

…upported-github

Skip "can clone with git" test, unauthenticated git protocol is no longer supported in Github

No longer supporting node_pre_gyp_accessKeyId & node_pre_gyp_secretAccessKey, use AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY instead to authenticate against s3

…actions

Update windows 2016 CI to 2019

Issues with mac and openssl_fips

Bring in newer packages, we're getting issues with outdated packages

Fix electron build

Add Ability to compile for arm64

- give full path to openssl package hash
- fix package download url

- replace private.ppk since github killed it
- encode private.ppk so github won't flag it again
- drop win32 sha1 rsa test since we don't a have a key that github allows this
 - update pageant because why not
 - add docs on test keys because I just had figure all this out myself

Use custom electron for non-static builds on linux and fix cross-compilation

Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 3.0.9 to 3.1.1.
- [Commits](mafintosh/tar-fs@v3.0.9...v3.1.1)

---
updated-dependencies:
- dependency-name: tar-fs
  dependency-version: 3.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

…3.1.1

Bump tar-fs from 3.0.9 to 3.1.1

add macos arm64 tests and prebuilts

Fix Alloc-Dealloc mismatches

Switch back to upstream nan version

Fixes #1962

issue template: remove redundant console.log

Added missing sshKeyMemoryNew to Cred