Merge upstream v2.18.0

[GT-610]

lollipopkit/flutter_server_box/issues/1193

Summary by CodeRabbit

版本 2.18.0 发布

• 修复

  • 修复了 AES-GCM 在特定密钥交换阶段出现序列号/nonce 计数重置导致的加解密异常问题。

• 破坏性变更

  • 主机密钥验证回调的指纹格式调整：由原先的 MD5 摘要改为 OpenSSH 风格 SHA256:<base64>。

• 文档

  • 更新了发布说明与版本条目内容，并整理了相关引用信息。

• 发布信息

  • 包版本号更新至 3.0.0。

[coderabbitai]

Caution

Review failed

The head commit changed during the review from 71d9156 to 05ef19b.

📝 Walkthrough

Walkthrough

将 SSHHostkeyVerifyHandler 回调的主机密钥指纹格式从 MD5 十六进制切换为 OpenSSH 风格的 SHA256:<base64>（无 padding）。在 ssh_transport.dart 中新增私有辅助函数，替换旧有计算逻辑；新增指纹单元测试与客户端集成测试；将包版本升至 3.0.0 并更新 CHANGELOG。

Changes

SSHHostkeyVerifyHandler SHA256 指纹格式 BREAKING 变更

Layer / File(s)	Summary
_hostkeyFingerprint 实现与 KEX 回复接入 lib/src/ssh_transport.dart	新增私有函数 _hostkeyFingerprint，对主机密钥计算 SHA-256 并编码为 SHA256:<base64无padding> UTF-8 字节；在 _handleMessageKexReply 中将原有的 MD5/SHA256 双重计算与调试日志替换为对该函数的单一调用。
指纹单元测试 test/src/ssh_transport_fingerprint_test.dart	新增测试文件，通过 dart:mirrors 反射调用私有 _hostkeyFingerprint 函数，验证其对固定主机密钥的输出格式为 SHA256:<base64(sha256(hostkey)) 去掉=号>。
客户端集成测试与 MAC 配置调整 test/src/ssh_client_test.dart	新增两项集成测试：验证 onVerifyHostKey 接收 SHA256: 格式指纹且 Base64 部分可解码；以及返回 false 时抛出 SSHAuthAbortError，原因为 SSHHostkeyError。同时调整 MAC 算法配置（仅指定 mac 不指定 cipher）、异常类型与握手中止断言范围。
版本号与 CHANGELOG 更新 pubspec.yaml, CHANGELOG.md	将包版本从 2.17.1 升至 3.0.0；新增 2.18.0 发行说明条目（含 AES-GCM nonce 重置修复与指纹格式 BREAKING 变更），补充 2.17.1 与 2.17.0 版本条目，并对引用定义区进行增删重排。

Possibly related issues

• Update dartssh2 to v2.18.0 to fix upstream issue flutter_server_box#1193：该下游项目请求将 dartssh2 依赖更新至 v2.18.0+，以获取本 PR 引入的 SSHHostkeyVerifyHandler 指纹格式变更（从 MD5 切换至 OpenSSH 风格 SHA256）与 AES-GCM nonce 重置修复。

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

lib/src/ssh_transport.dart (1)

29-33: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

请同步更新主机密钥指纹注释，避免回调契约误导。

当前注释仍描述为 MD5 指纹/调试日志语义，但实现已经改为将 SHA256:<base64无填充> 的 UTF-8 字节传给 onVerifyHostKey。建议在此处明确新格式，避免调用方按旧协议处理。

✏️ 建议修改

 /// Function called when host key is received.
 /// [type] is the type of the host key, for example 'ssh-rsa'.
-/// [fingerprint] is the MD5 fingerprint of the host key. The SHA256
-/// fingerprint is also logged via [printDebug] for user visibility.
+/// [fingerprint] is an OpenSSH-style fingerprint in
+/// `SHA256:<base64-without-padding>` format, encoded as UTF-8 bytes.
 Uint8List _hostkeyFingerprint(Uint8List hostkey) {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@lib/src/ssh_transport.dart` around lines 29 - 33, Update the documentation
comment for the _hostkeyFingerprint function to accurately reflect the current
implementation. The comment currently describes MD5 fingerprint and SHA256 debug
logging semantics, but the actual implementation returns SHA256 fingerprint in
the format SHA256:<base64-without-padding> as UTF-8 bytes that are passed to the
onVerifyHostKey callback. Replace the outdated comment with an accurate
description of the new format to prevent callers from misunderstanding the
callback contract.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@CHANGELOG.md`:
- Line 38: In the CHANGELOG.md file at line 38, the phrase "server initiated
re-keying" is missing hyphens and should be formatted as "server-initiated
re-keying" to match standard technical writing conventions. Add hyphens to both
"server" and "initiated" to create the compound adjective "server-initiated".

In `@pubspec.yaml`:
- Line 2: The version in pubspec.yaml is currently set to 2.18.0 (a minor
version bump), but the CHANGELOG.md documents a BREAKING CHANGE to the
SSHHostkeyVerifyHandler fingerprint format. According to semantic versioning,
breaking changes require a major version increment. Change the version field in
pubspec.yaml from 2.18.0 to 3.0.0 to properly reflect the breaking change,
ensuring downstream users understand they may encounter incompatible behavior
when upgrading.

---

Outside diff comments:
In `@lib/src/ssh_transport.dart`:
- Around line 29-33: Update the documentation comment for the
_hostkeyFingerprint function to accurately reflect the current implementation.
The comment currently describes MD5 fingerprint and SHA256 debug logging
semantics, but the actual implementation returns SHA256 fingerprint in the
format SHA256:<base64-without-padding> as UTF-8 bytes that are passed to the
onVerifyHostKey callback. Replace the outdated comment with an accurate
description of the new format to prevent callers from misunderstanding the
callback contract.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c4479e3c-c713-41cd-8d5f-dbe63b6415d5

📥 Commits

Reviewing files that changed from the base of the PR and between b464a13 and ed5e7b9.

📒 Files selected for processing (5)

• CHANGELOG.md
• lib/src/ssh_transport.dart
• pubspec.yaml
• test/src/ssh_client_test.dart
• test/src/ssh_transport_fingerprint_test.dart

📜 Review details

🧰 Additional context used

🪛 LanguageTool

CHANGELOG.md

[grammar] ~38-~38: Use a hyphen to join words.
Context: ...exander-irion]. - Add support for server initiated re-keying [#125]. Thanks [@Mar...

(QB_NEW_EN_HYPHEN)