Merge upstream v2.15.0

.gitignore

@@ -15,4 +15,6 @@ doc/api/
 
 .history
 
-.vscode
+.vscode
+
+coverage/

CHANGELOG.md

@@ -1,7 +1,16 @@
-## [2.14.0] - 2026-03-19
-- Fixed SSH connections through bastion hosts where the target server sends its version string immediately upon connection (which is standard behavior per RFC 4253) [#141]. Thanks @shihuili1218.
-- Adds a new forwardLocalUnix() function, which is an equivalent of ssh -L localPort:remoteSocketPath [#140]. Thanks @isegal.
+## [2.15.0] - 2026-03-30
+- Updated `pointycastle` dependency to `^4.0.0` [#131]. Thanks [@vicajilau].
+- Added foundational X11 forwarding support with session x11-req API, incoming x11 channel handling, and protocol tests [#1]. Thanks [@vicajilau].
+- Exposed SSH ident configuration from `SSHClient` [#135]. Thanks [@Remulic] and [@vicajilau].
+- Propagated the underlying exception in `SSHAuthAbortError` through `reason` for better diagnostics [#133]. Thanks [@james-thorpe] and [@vicajilau].
+- Accepted `SSH-1.99-*` server banners as SSH-2 compatible during version exchange and added regression tests [#132]. Thanks [@james-thorpe] and [@vicajilau].
+- Added SSH agent forwarding support (`auth-agent-req@openssh.com`) with in-memory agent handling and RSA sign-request flag support [#139]. Thanks [@Wackymax] and [@vicajilau].
+- Normalized HTTP response line parsing in `SSHHttpClientResponse` to handle CRLF endings consistently and avoid trailing line-ending artifacts in parsed status/header fields [#145]. Thanks [@vicajilau].
+- Fixed SFTP packet encoding/decoding consistency: `SftpInitPacket.decode` now parses extension pairs correctly and `SftpExtendedReplyPacket.encode` now preserves raw payload bytes [#145]. Thanks [@vicajilau].
 
+## [2.14.0] - 2026-03-19
+- Fixed SSH connections through bastion hosts where the target server sends its version string immediately upon connection (which is standard behavior per RFC 4253) [#141]. Thanks [@shihuili1218].
+- Adds a new forwardLocalUnix() function, which is an equivalent of ssh -L localPort:remoteSocketPath [#140]. Thanks [@isegal].
 
 ## [2.13.0] - 2025-06-22
 - docs: Update NoPorts naming [#115]. [@XavierChanth].
@@ -176,8 +185,13 @@
 
 - Initial release.
 
+[#145]: https://github.com/TerminalStudio/dartssh2/pull/145
 [#141]: https://github.com/TerminalStudio/dartssh2/pull/141
 [#140]: https://github.com/TerminalStudio/dartssh2/pull/140
+[#139]: https://github.com/TerminalStudio/dartssh2/pull/139
+[#133]: https://github.com/TerminalStudio/dartssh2/pull/133
+[#132]: https://github.com/TerminalStudio/dartssh2/pull/132
+[#131]: https://github.com/TerminalStudio/dartssh2/pull/131
 [#127]: https://github.com/TerminalStudio/dartssh2/pull/127
 [#126]: https://github.com/TerminalStudio/dartssh2/pull/126
 [#125]: https://github.com/TerminalStudio/dartssh2/pull/125
@@ -202,4 +216,10 @@
 [@XavierChanth]: https://github.com/XavierChanth
 [@MarBazuz]: https://github.com/MarBazuz
 [@reinbeumer]: https://github.com/reinbeumer
-[@alexander-irion]: https://github.com/alexander-irion
+[@alexander-irion]: https://github.com/alexander-irion
+[@Remulic]: https://github.com/Remulic
+[@james-thorpe]: https://github.com/james-thorpe
+[@Wackymax]: https://github.com/Wackymax
+[@vicajilau]: https://github.com/vicajilau
+[@shihuili1218]: https://github.com/shihuili1218
+[@isegal]: https://github.com/isegal

README.md

@@ -119,6 +119,24 @@ void main() async {
 
 > `SSHSocket` is an interface and it's possible to implement your own `SSHSocket` if you want to use a different underlying transport rather than standard TCP socket. For example WebSocket or Unix domain socket.
 
+### Customize client SSH identification
+
+If your jump host or SSH gateway restricts client versions, you can customize the
+software version part of the identification string (`SSH-2.0-<ident>`):
+
+```dart
+void main() async {
+  final client = SSHClient(
+    await SSHSocket.connect('localhost', 22),
+    username: '<username>',
+    onPasswordRequest: () => '<password>',
+    ident: 'MyClient_1.0',
+  );
+}
+```
+
+`ident` defaults to `DartSSH_2.0`.
+
 ### Spawn a shell on remote host
 
 ```dart

codecov.yml

@@ -0,0 +1,19 @@
+coverage:
+  status:
+    project:
+      default:
+        target: auto
+        threshold: 5%
+        flags:
+          - unittests
+    patch:
+      default:
+        target: auto
+        threshold: 2%
+        flags:
+          - unittests
+
+comment:
+  layout: "reach,diff,flags,files"
+  behavior: default
+  require_changes: true

dart_test.yaml

@@ -0,0 +1,3 @@
+tags:
+  integration:
+    timeout: 2x

lib/dartssh2.dart

@@ -1,4 +1,5 @@
 export 'src/ssh_algorithm.dart' show SSHAlgorithms;
+export 'src/ssh_agent.dart';
 export 'src/ssh_client.dart';
 export 'src/ssh_errors.dart';
 export 'src/ssh_forward.dart';

lib/src/algorithm/ssh_mac_type.dart

@@ -57,7 +57,6 @@ class SSHMacType extends SSHAlgorithm {
     macFactory: _hmacSha512Factory,
     isEtm: true,
   );
-  // end added by Rein
 
   const SSHMacType._({
     required this.name,

lib/src/http/http_client.dart

@@ -423,8 +423,7 @@ class SSHHttpClientResponse {
     var currentChunkSize = 0;
 
     void processLine(String line, int bytesRead, LineDecoder decoder) {
-      if (finished) return;
-
+      final normalizedLine = line.trimRight();
       if (inBody) {
         if (chunked) {
           if (expectingChunkSize) {
@@ -482,7 +481,7 @@ class SSHHttpClientResponse {
           contentRead += bytesRead;
         }
       } else if (inHeader) {
-        if (line.trim().isEmpty) {
+        if (normalizedLine.trim().isEmpty) {
           inBody = true;
           // Decide body framing
           final te = headers[SSHHttpHeaders.transferEncodingHeader]
@@ -499,15 +498,17 @@ class SSHHttpClientResponse {
           }
           return;
         }
-        final separator = line.indexOf(':');
-        final name = line.substring(0, separator).toLowerCase().trim();
-        final value = line.substring(separator + 1).trim();
-        if (name == SSHHttpHeaders.transferEncodingHeader) {
-          // Allow only identity or chunked; others unsupported
-          final v = value.toLowerCase();
-          if (!(v == 'identity' || v.contains('chunked'))) {
-            throw UnsupportedError('unsupported transfer encoding: $value');
-          }
+        final separator = normalizedLine.indexOf(':');
+        if (separator <= 0) {
+          throw FormatException(
+              'Invalid header line: "$normalizedLine" - no colon separator found');
+        }
+        final name =
+            normalizedLine.substring(0, separator).toLowerCase().trim();
+        final value = normalizedLine.substring(separator + 1).trim();
+        if (name == SSHHttpHeaders.transferEncodingHeader &&
+            value.toLowerCase() != 'identity') {
+          throw UnsupportedError('only identity transfer encoding is accepted');
         }
         if (name == SSHHttpHeaders.contentLengthHeader) {
           contentLength = int.parse(value);
@@ -516,11 +517,12 @@ class SSHHttpClientResponse {
           headers[name] = [];
         }
         headers[name]!.add(value);
-      } else if (line.startsWith('HTTP/1.1') || line.startsWith('HTTP/1.0')) {
+      } else if (normalizedLine.startsWith('HTTP/1.1') ||
+          normalizedLine.startsWith('HTTP/1.0')) {
         statusCode = int.parse(
-          line.substring('HTTP/1.x '.length, 'HTTP/1.x xxx'.length),
+          normalizedLine.substring('HTTP/1.x '.length, 'HTTP/1.x xxx'.length),
         );
-        reasonPhrase = line.substring('HTTP/1.x xxx '.length);
+        reasonPhrase = normalizedLine.substring('HTTP/1.x xxx '.length);
         inHeader = true;
       } else {
         throw UnsupportedError('unsupported http response format');

lib/src/message/msg_channel.dart

@@ -578,6 +578,7 @@ abstract class SSHChannelRequestType {
   static const shell = 'shell';
   static const exec = 'exec';
   static const subsystem = 'subsystem';
+  static const authAgent = 'auth-agent-req@openssh.com';
   static const windowChange = 'window-change';
   static const xon = 'xon-xoff';
   static const signal = 'signal';

lib/src/sftp/sftp_packet.dart

@@ -60,7 +60,7 @@ class SftpInitPacket implements SftpPacket {
     reader.readUint8(); // packet type
     final version = reader.readUint32();
     final extensions = <String, String>{};
-    while (reader.isDone) {
+    while (!reader.isDone) {
       final name = reader.readUtf8();
       final value = reader.readUtf8();
       extensions[name] = value;
@@ -1031,7 +1031,7 @@ class SftpExtendedReplyPacket implements SftpResponsePacket {
     final writer = SSHMessageWriter();
     writer.writeUint8(packetType);
     writer.writeUint32(requestId);
-    writer.writeString(payload);
+    writer.writeBytes(payload);
     return writer.takeBytes();
   }