From c32a2ee89d5962cb5473e5e2e4f41bf39a4997c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Mon, 19 Feb 2024 16:56:07 +0100
Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 jsch revision
 dae59009e2d141eb1e0503bdf7981c48

---
 .gitattributes         |  23 +++
 jsch-0.2.15.tar.gz     |   3 +
 jsch-build.xml         | 306 +++++++++++++++++++++++++++++
 jsch-junixsocket.patch |  35 ++++
 jsch-log4j.patch       |  10 +
 jsch.changes           | 425 +++++++++++++++++++++++++++++++++++++++++
 jsch.spec              | 116 +++++++++++
 7 files changed, 918 insertions(+)
 create mode 100644 .gitattributes
 create mode 100644 jsch-0.2.15.tar.gz
 create mode 100644 jsch-build.xml
 create mode 100644 jsch-junixsocket.patch
 create mode 100644 jsch-log4j.patch
 create mode 100644 jsch.changes
 create mode 100644 jsch.spec

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..fecc750
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
diff --git a/jsch-0.2.15.tar.gz b/jsch-0.2.15.tar.gz
new file mode 100644
index 0000000..610a152
--- /dev/null
+++ b/jsch-0.2.15.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:751d088eb00a2b41a4d320a23805fdbe75466ffb401b4099a8e0dd814adc9587
+size 400526
diff --git a/jsch-build.xml b/jsch-build.xml
new file mode 100644
index 0000000..cf8fc55
--- /dev/null
+++ b/jsch-build.xml
@@ -0,0 +1,306 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project name="jsch" default="package" basedir=".">
+
+  <!-- ====================================================================== -->
+  <!-- Build environment properties                                           -->
+  <!-- ====================================================================== -->
+
+  <property file="build.properties"/>
+
+  <property name="project.artifactId" value="jsch"/>
+  <property name="project.version" value="0.2.9"/>
+
+  <property name="spec.version" value="0.2"/>
+  <property name="versionWithoutMinus" value="${project.version}"/>
+
+  <property name="compiler.release" value="8"/>
+  <property name="compiler.source" value="1.${compiler.release}"/>
+  <property name="compiler.target" value="${compiler.source}"/>
+
+  <property name="build.finalName" value="jsch-${project.version}"/>
+  <property name="build.dir" value="target"/>
+  <property name="build.outputDir" value="${build.dir}/classes"/>
+  <property name="build.srcDir" value="src/main/java"/>
+  <property name="build.templateDir" value="src/main/java-templates"/>
+  <property name="build.genSrcDir" value="${build.dir}/generated-sources"/>
+  <property name="build.resourceDir" value="src/main/resources"/>
+  <property name="build.mrOutputDir" value="${build.outputDir}/META-INF/versions"/>
+  <property name="build.mrOutputDir.9" value="${build.mrOutputDir}/9"/>
+  <property name="build.mrSrcDir.9" value="src/main/java9"/>
+  <property name="build.mrOutputDir.10" value="${build.mrOutputDir}/10"/>
+  <property name="build.mrSrcDir.10" value="src/main/java10"/>
+  <property name="build.mrOutputDir.11" value="${build.mrOutputDir}/11"/>
+  <property name="build.mrSrcDir.11" value="src/main/java11"/>
+  <property name="build.mrOutputDir.15" value="${build.mrOutputDir}/15"/>
+  <property name="build.mrSrcDir.15" value="src/main/java15"/>
+  <property name="build.mrOutputDir.16" value="${build.mrOutputDir}/16"/>
+  <property name="build.mrSrcDir.16" value="src/main/java16"/>
+  <property name="reporting.outputDirectory" value="${build.dir}/site"/>
+
+  <!-- ====================================================================== -->
+  <!-- Defining classpaths                                                    -->
+  <!-- ====================================================================== -->
+
+  <path id="build.classpath">
+    <fileset dir="lib">
+      <include name="**/*.jar"/>
+    </fileset>
+  </path>
+
+  <!-- ====================================================================== -->
+  <!-- Cleaning up target                                                     -->
+  <!-- ====================================================================== -->
+
+  <target name="clean" description="Clean the output directory">
+    <delete dir="${build.dir}"/>
+  </target>
+
+  <!-- ====================================================================== -->
+  <!-- Compilation targets                                                    -->
+  <!-- ====================================================================== -->
+
+  <condition property="build9">
+    <javaversion atleast="9"/>
+  </condition>
+  
+  <condition property="build10">
+    <javaversion atleast="10"/>
+  </condition>
+  
+  <condition property="build11">
+    <javaversion atleast="11"/>
+  </condition>
+  
+  <condition property="build15">
+    <javaversion atleast="15"/>
+  </condition>
+  
+  <condition property="build16">
+    <javaversion atleast="16"/>
+  </condition>
+  
+  <target name="compile" description="Compile the code">
+    <echo>Java/JVM version: ${ant.java.version}</echo> 
+    <mkdir dir="${build.genSrcDir}"/>
+    <copy todir="${build.genSrcDir}">
+      <fileset dir="${build.templateDir}"/>
+      <filterchain>
+        <expandproperties>
+          <propertyset>
+            <propertyref name="versionWithoutMinus"/>
+          </propertyset>
+        </expandproperties>
+      </filterchain>
+    </copy>
+    <mkdir dir="${build.outputDir}"/>
+    <javac destdir="${build.outputDir}"
+           nowarn="true"
+           debug="true"
+           optimize="false"
+           deprecation="true"
+           release="${compiler.release}"
+           verbose="false"
+           fork="false">
+      <src>
+        <pathelement location="${build.srcDir}"/>
+        <pathelement location="${build.genSrcDir}"/>
+      </src>
+      <classpath refid="build.classpath"/>
+    </javac>
+    <mkdir dir="${build.mrOutputDir}"/>
+  </target>
+
+  <target name="compile9" description="Compile the overrides for Java 9+" if="build9">
+    <!-- Override classes for Java 9+ -->
+    <mkdir dir="${build.mrOutputDir.9}"/>
+    <javac destdir="${build.mrOutputDir.9}"
+           nowarn="true"
+           debug="true"
+           optimize="false"
+           deprecation="true"
+           source="${compiler.source}"
+           target="${compiler.target}"
+           verbose="false"
+           fork="false">
+      <src>
+        <pathelement location="${build.mrSrcDir.9}"/>
+      </src>
+      <exclude name="**/module-info.java"/>
+      <classpath>
+        <path refid="build.classpath"/>
+        <pathelement location="${build.outputDir}"/>
+      </classpath>
+    </javac>
+    <!-- Build module-info.class -->
+    <javac destdir="${build.mrOutputDir.9}"
+           nowarn="true"
+           debug="true"
+           optimize="false"
+           deprecation="true"
+           release="9"
+           verbose="false"
+           fork="false">
+      <src>
+        <pathelement location="${build.mrSrcDir.9}"/>
+      </src>
+      <include name="**/module-info.java"/>
+      <modulepath>
+        <path refid="build.classpath"/>
+        <pathelement location="${build.outputDir}"/>
+      </modulepath>
+    </javac>
+  </target>
+
+  <target name="compile10" description="Compile the overrides for Java 10+" if="build10">
+    <!-- Override classes for Java 10+ -->
+    <mkdir dir="${build.mrOutputDir.10}"/>
+    <javac destdir="${build.mrOutputDir.10}"
+           nowarn="true"
+           debug="true"
+           optimize="false"
+           deprecation="true"
+           source="${compiler.source}"
+           target="${compiler.target}"
+           verbose="false"
+           fork="false">
+      <src>
+        <pathelement location="${build.mrSrcDir.10}"/>
+      </src>
+      <classpath>
+        <path refid="build.classpath"/>
+        <pathelement location="${build.outputDir}"/>
+      </classpath>
+    </javac>
+  </target>
+
+  <target name="compile11" description="Compile the overrides for Java 11+" if="build11">
+    <!-- Override classes for Java 11+ -->
+    <mkdir dir="${build.mrOutputDir.11}"/>
+    <javac destdir="${build.mrOutputDir.11}"
+           nowarn="true"
+           debug="true"
+           optimize="false"
+           deprecation="true"
+           source="${compiler.source}"
+           target="${compiler.target}"
+           verbose="false"
+           fork="false">
+      <src>
+        <pathelement location="${build.mrSrcDir.11}"/>
+      </src>
+      <classpath>
+        <path refid="build.classpath"/>
+        <pathelement location="${build.outputDir}"/>
+      </classpath>
+    </javac>
+  </target>
+
+  <target name="compile15" description="Compile the overrides for Java 15+" if="build15">
+    <!-- Override classes for Java 15+ -->
+    <mkdir dir="${build.mrOutputDir.15}"/>
+    <javac destdir="${build.mrOutputDir.15}"
+           nowarn="true"
+           debug="true"
+           optimize="false"
+           deprecation="true"
+           source="${compiler.source}"
+           target="${compiler.target}"
+           verbose="false"
+           fork="false">
+      <src>
+        <pathelement location="${build.mrSrcDir.15}"/>
+      </src>
+      <classpath>
+        <path refid="build.classpath"/>
+        <pathelement location="${build.outputDir}"/>
+      </classpath>
+    </javac>
+  </target>
+
+  <target name="compile16" description="Compile the overrides for Java 16+" if="build16">
+    <!-- Override classes for Java 16+ -->
+    <mkdir dir="${build.mrOutputDir.16}"/>
+    <javac destdir="${build.mrOutputDir.16}"
+           nowarn="true"
+           debug="true"
+           optimize="false"
+           deprecation="true"
+           source="${compiler.source}"
+           target="${compiler.target}"
+           verbose="false"
+           fork="false">
+      <src>
+        <pathelement location="${build.mrSrcDir.16}"/>
+      </src>
+      <classpath>
+        <path refid="build.classpath"/>
+        <pathelement location="${build.outputDir}"/>
+      </classpath>
+    </javac>
+  </target>
+
+  <!-- ====================================================================== -->
+  <!-- Javadoc target                                                         -->
+  <!-- ====================================================================== -->
+
+  <target name="javadoc" description="Generates the Javadoc of the application">
+    <javadoc sourcepath="${build.srcDir}"
+             destdir="${reporting.outputDirectory}/apidocs"
+             access="protected"
+             source="${compiler.source}"
+             verbose="false"
+             version="true"
+             use="true"
+             author="true"
+             splitindex="false"
+             nodeprecated="false"
+             nodeprecatedlist="false"
+             notree="false"
+             noindex="false"
+             nohelp="false"
+             nonavbar="false"
+             serialwarn="false"
+             charset="ISO-8859-1"
+             linksource="false"
+             breakiterator="false">
+      <classpath refid="build.classpath"/>
+    </javadoc>
+  </target>
+
+  <!-- ====================================================================== -->
+  <!-- Package target                                                         -->
+  <!-- ====================================================================== -->
+
+  <target name="package" depends="compile,compile9,compile10,compile11,compile15,compile16" description="Package the application">
+    <jar jarfile="${build.dir}/${build.finalName}.jar"
+         compress="true"
+         index="false"
+         basedir="${build.outputDir}"
+         excludes="**/package.html">
+      <manifest>
+        <attribute name="Bundle-Description" value="JSch is a pure Java implementation of SSH2"/>
+        <attribute name="Bundle-License" value="https://github.com/mwiede/jsch/blob/master/LICENSE.JZlib.txt,https://github.com/mwiede/jsch/blob/master/LICENSE.jBCrypt.txt,https://github.com/mwiede/jsch/blob/master/LICENSE.txt"/>
+        <attribute name="Bundle-ManifestVersion" value="2"/>
+        <attribute name="Bundle-Name" value="JSch"/>
+        <attribute name="Bundle-SymbolicName" value="com.jcraft.jsch"/>
+        <attribute name="Bundle-Version" value="${project.version}"/>
+        <attribute name="Export-Package" value="com.jcraft.jsch;version=&quot;${project.version}&quot;"/>
+        <attribute name="Implementation-Title" value="JSch"/>
+        <attribute name="Implementation-Version" value="${project.version}"/>
+        <attribute name="Import-Package" value="com.sun.jna.platform.win32;resolution:=optional,com.sun.jna;resolution:=optional,javax.crypto,javax.crypto.interfaces,javax.crypto.spec,org.bouncycastle.crypto.digests;resolution:=optional,org.bouncycastle.crypto.engines;resolution:=optional,org.bouncycastle.crypto.generators;resolution:=optional,org.bouncycastle.crypto.macs;resolution:=optional,org.bouncycastle.crypto.modes;resolution:=optional,org.bouncycastle.crypto.params;resolution:=optional,org.bouncycastle.crypto.signers;resolution:=optional,org.bouncycastle.crypto;resolution:=optional,org.ietf.jgss;resolution:=optional,org.slf4j;resolution:=optional"/>
+        <attribute name="Multi-Release" value="true"/>
+        <attribute name="Require-Capability" value="osgi.ee;filter:=&quot;(&amp;(osgi.ee=JavaSE)(version=${compiler.target}))&quot;"/>
+        <attribute name="Specification-Title" value="JSch"/>
+        <attribute name="Specification-Version" value="${spec.version}"/>
+      </manifest>
+    </jar>
+  </target>
+
+  <!-- ====================================================================== -->
+  <!-- A dummy target for the package named after the type it creates         -->
+  <!-- ====================================================================== -->
+
+  <target name="jar" depends="package" description="Builds the jar for the application"/>
+
+</project>
diff --git a/jsch-junixsocket.patch b/jsch-junixsocket.patch
new file mode 100644
index 0000000..0bb1aac
--- /dev/null
+++ b/jsch-junixsocket.patch
@@ -0,0 +1,35 @@
+--- a/src/main/java/com/jcraft/jsch/SSHAgentConnector.java
++++ b/src/main/java/com/jcraft/jsch/SSHAgentConnector.java
+@@ -93,21 +93,7 @@ public class SSHAgentConnector implements AgentConnector {
+   }
+ 
+   private static USocketFactory getUSocketFactory() throws AgentProxyException {
+-    try {
+-      return new UnixDomainSocketFactory();
+-    } catch (AgentProxyException e) {
+-      try {
+-        return new JUnixSocketFactory();
+-      } catch (NoClassDefFoundError ee) {
+-        AgentProxyException eee = new AgentProxyException("junixsocket library unavailable");
+-        eee.addSuppressed(e);
+-        eee.addSuppressed(ee);
+-        throw eee;
+-      } catch (AgentProxyException ee) {
+-        ee.addSuppressed(e);
+-        throw e;
+-      }
+-    }
++    return new UnixDomainSocketFactory();
+   }
+ 
+   private static Path getSshAuthSocket() throws AgentProxyException {
+--- a/src/main/java9/module-info.java
++++ b/src/main/java9/module-info.java
+@@ -6,7 +6,6 @@ module com.jcraft.jsch {
+     requires static org.apache.logging.log4j;
+     requires static org.slf4j;
+     requires static org.bouncycastle.provider;
+-    requires static org.newsclub.net.unix;
+     requires static com.sun.jna;
+     requires static com.sun.jna.platform;
+ }
diff --git a/jsch-log4j.patch b/jsch-log4j.patch
new file mode 100644
index 0000000..08b266d
--- /dev/null
+++ b/jsch-log4j.patch
@@ -0,0 +1,10 @@
+--- a/src/main/java9/module-info.java
++++ b/src/main/java9/module-info.java
+@@ -3,7 +3,6 @@ module com.jcraft.jsch {
+ 
+     requires static java.security.jgss;
+     requires static java.logging;
+-    requires static org.apache.logging.log4j;
+     requires static org.slf4j;
+     requires static org.bouncycastle.provider;
+     requires static com.sun.jna;
diff --git a/jsch.changes b/jsch.changes
new file mode 100644
index 0000000..47a8d3f
--- /dev/null
+++ b/jsch.changes
@@ -0,0 +1,425 @@
+-------------------------------------------------------------------
+Wed Dec 20 12:47:08 UTC 2023 - Gus Kenion <gkenion@suse.com>
+
+- Upgrade to version 0.2.15, which includes fix for SSH protocol
+  vulnerability (bsc#1218134, CVE-2023-48795)
+  * Changes in 0.2.15:
+    + Address CVE-2023-48795 by adding support for new strict key
+      exchange extension
+    + Add support for ext-info-in-auth@openssh.com extension
+    + Introduce two new config options to control usage of the new
+      strict key exchange extension:
+      ~ enable_strict_kex (set to yes by default)
+      ~ require_strict_kex (set to no by default)
+      ~ If either option (or both) is enabled, then JSch will
+        attempt to use the new strict key exchange extension.
+      ~ If the require_strict_kex option is enabled and JSch detects
+        the server does not support it, then JSch will terminate the
+        connection and throw an exception.
+      ~ If the require_strict_kex option is not enabled and JSch
+        detects the server does not support it, then JSch will
+        fallback and proceed with the connection without using the
+        new extension.
+    + This gives users the ability to enable a strong security
+      posture if needed and avoid proceeding with connections to
+      potentially insecure servers.
+  * Changes in 0.2.14:
+    + #450 use Socket.connect() with a timeout that has been
+      supported since Java 1.4 instead of using old method of
+      creating a separate thread and joining to that thread with
+      timeout
+  * Changes in 0.2.13:
+    + #411 Add flush operation from Fix added is/jsch#39,
+      with new config option to allow disabling in case it causes
+      regressions.
+    + #403 add a warning when Channel.getInputStream() or
+      Channel.getExtInputStream() is called after Channel.connect().
+  * Changes in 0.2.12:
+    + Further refine previous fixes for windows line endings in PEM
+      keys
+    + #392 replace call to BigInteger.intValueExact to remain
+      compatible with android api 30
+    + Introduce JSchSessionDisconnectException to allow the
+      reasonCode to be retrieved without String parsing
+    + Introduce specific JSchException for HostKey related failures
+  * Changes in 0.2.11:
+    + update dependencies changes
+    + #369 fix multi-line PEM key parsing to work with windows line
+      endings due to regression from previous fix for #362.
+  * Changes in 0.2.10:
+    + Fix new Java 21 compiler warning: possible 'this' escape
+      before subclass is fully initialized
+    + Tweak OSGi bundle manifest to allow Log4j 3
+    + #362 fix PEM key parsing to work with windows line endings
+    + #361 guard against UIKeyboardInteractive implementations that
+      include NULL elements in the String[] returned from
+      promptKeyboardInteractive()
+    + Add a default implmentation of the deprecated decrypt() method
+      to the Identity interface that throws an
+      UnsupportedOperationException
+
+-------------------------------------------------------------------
+Sat Jun  3 11:03:46 UTC 2023 - Fridrich Strba <fstrba@suse.com>
+
+- Migrate from com.jcraft:jsch to com.github.mwiede:jsch fork
+  (bsc#1211955)
+  * Alias to the old artifact since the new one is drop-in
+    replacement
+  * Keep the old OSGi bundle symbolic name to avoid extensive
+    patching of eclipse stack
+- Upgrade to version 0.2.9
+  * Changes of 0.2.9
+    + various improvements, #295
+      ~ #293 allow UserAuthNone to be extended.
+      ~ Make JGSS module optional.
+      ~ Tweak OSGi bundle manifest:
+      ~ Avoid self-import.
+      ~ Mark JGSS as optional.
+      ~ Loosen import versions of dependencies.
+      ~ Correctly adhere to the Multi-release JAR spec by ensuring
+        all public classes under versioned directories preside over
+        classes present in the top-level directory.
+      ~ Eliminate stray System.err.println() calls.
+      ~ Change PageantConnector to use JNA's built-in support for
+        User32.SendMessage().
+    + Improve error handling in InputStream.close() for SFTP
+      channels, #331
+  * Changes of 0.2.8
+    + activate sourcecode formatting, #247
+    + build improvements, #279
+    + #287 add algorithm type information to algorithm negotiation
+      logs, #290
+    + wrap NoClassDefFoundError's for invalid private keys, #289 and
+      #290
+  * Changes of 0.2.7
+    + #265 change buffer_margin computation to be dynamic based upon
+      the MAC to allow connections that advertise small maximum
+      packet sizes.
+    + #266 fix PuTTY key parsing to work with unix line endings.
+    + Add support for ECDSA and EdDSA type PuTTY keys.
+    + #71 add support for PuTTY version 3 format keys.
+      ~ Encrypted PuTTY version 3 format keys requires Bouncy
+        Castle (bcprov-jdk18on).
+    + Eliminate KeyPairDeferred and instead change handling of
+      OpenSSH V1 type keys to be more like other KeyPair types.
+    + Be more vigilant about clearing private key data.
+    + Improve PKCS8 key handling and add support for PKCS5 2.1
+      encryption.
+    + Add support for ECDSA type PKCS8 keys.
+    + Add support for SCrypt type KDF for PKCS8 keys.
+      ~ PKCS8 keys using SCrypt requires Bouncy Castle
+        (bcprov-jdk18on).
+    + Add support for EdDSA type PKCS8 keys.
+      ~ EdDSA type PKCS8 keys requires Bouncy Castle
+        (bcprov-jdk18on).
+    + Attempt to authenticate using other signature algorithms
+      supported by the same public key.
+      ~ Allow this behavior to be disabled via
+        try_additional_pubkey_algorithms config option.
+        ° Some servers incorrectly respond with
+          SSH_MSG_USERAUTH_PK_OK to an initial auth query that they
+          don't actually support for RSA keys.
+    + Add a new config option enable_pubkey_auth_query to allow
+      skipping auth queries and proceed directly to attempting
+      full SSH_MSG_USERAUTH_REQUEST's.
+    + Add a new config option enable_auth_none to control whether
+      an initial auth request for the method none is sent to detect
+      all supported auth methods available on the server.
+  * Changes of 0.2.6
+    + Include host alias instead of the real host in messages and
+      exceptions, #257
+    + Fix missing keySize set when loading V1 RSA keys, #258
+    + Enhancement to present KeyPair.getKeyTypeString() method, #259
+  * Changes of 0.2.5
+    + Explictly free resources in Compression implementations, #241
+    + Fix integration test failures on Apple Silicon by skipping
+      OpenSSH 7.4 tests, #227
+    + generate osgi bundle manifest data for jar #248, #249
+  * Changes of 0.2.4
+    + Improved excepton handling by @norrisjeremy in #200
+  * Changes of 0.2.3
+    + #188 fix private key length checks for ssh-ed25519 and
+      ssh-ed448, #189
+  * Changes of 0.2.2
+    + setup jdk for code-ql analysis, #151
+    + misc improvements, #152
+    + Fixing Issue #131, #134
+    + Update link to bcrypt, #157
+  * Changes of 0.2.1
+    + Allow to set a Logger per JSch-instance rather than a VM-wide
+      one, #128
+    + Preliminary changes prior to Javadoc work, #126
+    + remove check to allow setting any filename encoding with any
+      server version #137, #142
+  * Changes of 0.2.0
+    + Disable RSA/SHA1 signature algorithm by default #75
+    + Add basic Logger implementations that can be optionally
+      utilized with JSch.setLogger():
+      ~ JulLogger, using java.util.logging.Logger
+      ~ JplLogger, using Java 9's JEP 264
+      ~ Log4j2Logger, using Apache Log4j 2
+      ~ Slf4jLogger, using SLF4J
+    + Fix client version to be compliant with RFC 4253 section 4.2
+      by not including minus sign characters #115
+    + Add java.util.zip based compression implementation #114
+      ~ This is based upon the CompressionJUZ implementation posted
+        to the JSch-users mailing list in 2012 by the original JSch
+        author
+      ~ The existing JZlib implementation remains the default to
+        maintain strict RFC 4253 section 6.2 compliance
+        ° To use the new implementation globally, execute
+          JSch.setConfig("zlib@openssh.com",
+          "com.jcraft.jsch.juz.Compression") +
+          JSch.setConfig("zlib", "com.jcraft.jsch.juz.Compression")
+        ° To use the new implementation per session, execute
+          session.setConfig("zlib@openssh.com",
+          "com.jcraft.jsch.juz.Compression")
+          + session.setConfig("zlib",
+          "com.jcraft.jsch.juz.Compression")
+  * Changes of 0.1.72
+    + Switch chacha20-poly1305@openssh.com algorithm to a pure
+      Bouncy Castle based implementation
+    + implement openssh config behavior to handle append, prepend
+      and removal of algorithms #104
+  * Changes of 0.1.71
+    + Address #98 by restoring JSch.VERSION
+  * Changes of 0.1.70
+    + Address #89 by fixing rare ECDSA signature validation issue
+    + Address #93 by always setting the "want reply" flag for "env"
+      type channel requests to false
+  * Changes of 0.1.69
+    + Address #83 by sending CR LF at the end of the identification
+      string
+    + Fix earlier change for #76 that failed to correctly make the
+      "Host" keyword case-insensitive
+    + Fix PageantConnector struct class visibility #86
+  * Changes of 0.1.68
+    + Added support for the rijndael-cbc@lysator.liu.se algorithm
+    + Added support for the hmac-ripemd160,
+      hmac-ripemd160@openssh.com and hmac-ripemd160-etm@openssh.com
+      algorithms using Bouncy Castle
+    + Added support for various algorithms from RFC 4253 and
+      RFC 4344 using Bouncy Castle
+      ~ cast128-cbc
+      ~ cast128-ctr
+      ~ twofish-cbc
+      ~ twofish128-cbc
+      ~ twofish128-ctr
+      ~ twofish192-cbc
+      ~ twofish192-ctr
+      ~ twofish256-cbc
+      ~ twofish256-ctr
+    + Added support for the seed-cbc@ssh.com algorithm using Bouncy
+      Castle
+  * Changes of 0.1.67
+    + Added support for the blowfish-ctr algorithm from RFC 4344
+    + Fix bug where ext-info-c was incorrectly advertised during
+      rekeying
+      ~ According to RFC 8308 section 2.1, ext-info-c should only
+        advertised during the first key exchange
+    + Address #77 by attempting to add compatibility with older
+      Bouncy Castle releases
+  * Changes of 0.1.66
+    + Added support for RFC 8308 extension negotiation and
+      server-sig-algs extension
+      ~ This support is enabled by default, but can be controlled
+        via the enable_server_sig_algs config option (or
+        jsch.enable_server_sig_algs system property)
+      ~ When enabled and a server-sig-algs message is received from
+        the server, the algorithms included by the server and also
+        present in the PubkeyAcceptedKeyTypes config option will be
+        attempted first when using publickey authentication
+      ~ Additionally if the server is detected as OpenSSH version
+        7.4, the rsa-sha2-256 and rsa-sha2-512 algorithms will be
+        added to the received server-sig-algs as a workaround for
+        OpenSSH bug 2680
+    + Added support for various algorithms supported by Tectia
+      (ssh.com):
+      ~ diffie-hellman-group14-sha224@ssh.com
+      ~ diffie-hellman-group14-sha256@ssh.com
+      ~ diffie-hellman-group15-sha256@ssh.com
+      ~ diffie-hellman-group15-sha384@ssh.com
+      ~ diffie-hellman-group16-sha384@ssh.com
+      ~ diffie-hellman-group16-sha512@ssh.com
+      ~ diffie-hellman-group18-sha512@ssh.com
+      ~ diffie-hellman-group-exchange-sha224@ssh.com
+      ~ diffie-hellman-group-exchange-sha384@ssh.com
+      ~ diffie-hellman-group-exchange-sha512@ssh.com
+      ~ hmac-sha224@ssh.com
+      ~ hmac-sha256@ssh.com
+      ~ hmac-sha256-2@ssh.com
+      ~ hmac-sha384@ssh.com
+      ~ hmac-sha512@ssh.com
+      ~ ssh-rsa-sha224@ssh.com
+      ~ ssh-rsa-sha256@ssh.com
+      ~ ssh-rsa-sha384@ssh.com
+      ~ ssh-rsa-sha512@ssh.com
+    + Added support for SHA224 to FingerprintHash
+    + Fixing #52
+    + Deprecate void setFilenameEncoding(String encoding) in favor
+      of void setFilenameEncoding(Charset encoding) in ChannelSftp
+    + Added support for rsa-sha2-256 and rsa-rsa2-512 algorithms to
+      ChannelAgentForwarding
+    + Address #65 by adding ssh-agent support derived from
+      jsch-agent-proxy
+      ~ See examples/JSchWithAgentProxy.java for simple example
+      ~ ssh-agent support requires either Java 16's JEP 380 or the
+        addition of junixsocket to classpath
+      ~ Pageant support is untested and requires the addition of JNA
+        to classpath
+    + Added support for the following algorithms with older Java
+      releases by using Bouncy Castle:
+      ~ ssh-ed25519
+      ~ ssh-ed448
+      ~ curve25519-sha256
+      ~ curve25519-sha256@libssh.org
+      ~ curve448-sha512
+      ~ chacha20-poly1305@openssh.com
+  * Changes of 0.1.65
+    + Added system properties to allow manipulation of various
+      crypto algorithms used by default
+    + Integrated JZlib, allowing use of zlib@openssh.com and zlib
+      compressions without the need to provide the JZlib jar-file
+    + Modularized the jar-file for use with Java 9 or newer
+    + Added runtime controls for the min/max/preferred sizes used
+      for diffie-hellman-group-exchange-sha256 and
+      diffie-hellman-group-exchange-sha1
+    + Renamed PubkeyAcceptedKeyTypes config to
+      PubkeyAcceptedAlgorithms to match recent changes in OpenSSH
+      (PubkeyAcceptedKeyTypes is still accepted for backward
+      compatibility)
+    + Reduced number of algorithms that are runtime checked by
+      default via CheckCiphers, CheckMacs, CheckKExes and
+      CheckSignatures to improve runtime performance
+  * Changes of 0.1.64
+    + #55 bug fix
+  * Changes of 0.1.63
+    + fix for #42
+  * Changes 0.1.62
+    + #13 reject HostKey with some servers
+    + #20 Include TestBCrypt.java unit test
+    + #21 Misc cleanup
+    + #27 Update Testcontainers to newest version to fix test
+      failures
+    + #34 NPE with openssh v1 format
+  * Changes 0.1.61
+    + Add support for chacha20-poly1305@openssh.com, ssh-ed25519,
+      ssh-ed448, curve448-sha512, diffie-hellman-group15-sha512
+      and diffie-hellman-group17-sha512.
+      This makes use of the new EdDSA feature added in Java 15's
+      JEP 339. #17
+    + added integration test for public key authentication #19
+  * Changes of 0.1.60
+    + support for openssh-v1-private-key format
+    + Fix bug with AEAD ciphers when compression is used. #15
+  * Changes of 0.1.59
+    + fixing issue #6 (originally from
+      https://sourceforge.net/p/jsch/mailman/message/36872566/)
+  * Changes of 0.1.58
+    + adds support for more algorithms, see #4
+  * Changes of 0.1.57
+    + support for rsa-sha2-256 and rsa-sha2-512. #1
+  * Changes of 0.1.56
+    + support for direct-streamlocal@openssh.com
+      (see SocketForwardingL.java)
+- Removed patches:
+  * jsch-0.1.54-sourcetarget.patch
+  * jsch-osgi-manifest.patch
+    + both problems are handled differently in the new version
+- Added patches:
+  * jsch-junixsocket.patch
+    + disable building with dependency that we don't have
+  * jsch-log4j.patch
+    + disable building with log4j support in order to avoid a
+      huge build cycle
+
+-------------------------------------------------------------------
+Sat Mar 19 21:51:39 UTC 2022 - Fridrich Strba <fstrba@suse.com>
+
+- Modified patch:
+  * jsch-0.1.54-sourcetarget.patch
+    + build with source/target levels 8
+
+-------------------------------------------------------------------
+Tue Apr  7 13:56:09 UTC 2020 - Fridrich Strba <fstrba@suse.com>
+
+- Version 0.1.55
+
+-------------------------------------------------------------------
+Tue Apr  7 13:52:31 UTC 2020 - Fridrich Strba <fstrba@suse.com>
+
+- Added patch:
+  * jsch-osgi-manifest.patch
+    + create the osgi manifest during the ant build
+    + replaces the MANIFEST.MF file
+- Miscellaneous clean-up
+
+-------------------------------------------------------------------
+Fri Sep 20 13:37:00 UTC 2019 - Fridrich Strba <fstrba@suse.com>
+
+- Remove reference to the parent from pom file, since we are not
+  building with maven
+
+-------------------------------------------------------------------
+Fri Sep  8 08:31:01 UTC 2017 - fstrba@suse.com
+
+- Added patch:
+  * jsch-0.1.54-sourcetarget.patch
+    - Specify java source and target levels to 1.6, in order to
+      allow building with jdk9
+
+-------------------------------------------------------------------
+Fri Jun  9 10:59:34 UTC 2017 - tchvatal@suse.com
+
+- Build with full java, does not compile with gcj
+
+-------------------------------------------------------------------
+Fri May 19 09:59:03 UTC 2017 - dziolkowski@suse.com
+
+- New build dependency: javapackages-local
+
+-------------------------------------------------------------------
+Sun Feb 12 21:45:09 UTC 2017 - guoyunhebrave@gmail.com
+
+- Version 0.1.54
+
+-------------------------------------------------------------------
+Wed Mar 18 09:46:14 UTC 2015 - tchvatal@suse.com
+
+- Fix build with new javapackages-tools
+
+-------------------------------------------------------------------
+Tue Jun 17 15:49:57 UTC 2014 - tchvatal@suse.com
+
+- Version bump to 0.1.51
+- Cleanup with spec-cleaner
+- Add maven and osgi things same as in Fedora.
+
+-------------------------------------------------------------------
+Mon Sep  9 11:06:06 UTC 2013 - tchvatal@suse.com
+
+- Move from jpackage-utils to javapackage-tools
+
+-------------------------------------------------------------------
+Mon May 13 06:15:53 UTC 2013 - mvyskocil@suse.com
+
+- update to 0.1.50
+  * fixes connection errors with "verify: false" when running on
+    Java 7u6 (and later).
+  * The OpenSSH config file and the key exchange method
+    "diffie-hellman-group-exchange-sha256" are now supported
+
+-------------------------------------------------------------------
+Tue Oct 16 08:39:25 UTC 2012 - mvyskocil@suse.com
+
+- update to 0.1.49
+  * Putty's private key files support
+  * hmax-sha2-256 defined in RFC6668 is supported
+  * integration with jsch-agent-proxy
+  * and many bugfixes
+
+-------------------------------------------------------------------
+Tue Apr 28 11:23:11 CEST 2009 - mvyskocil@suse.cz
+
+- Initial SUSE packaging of version 0.1.40 (from jpp5) 
+
diff --git a/jsch.spec b/jsch.spec
new file mode 100644
index 0000000..b730d28
--- /dev/null
+++ b/jsch.spec
@@ -0,0 +1,116 @@
+#
+# spec file for package jsch
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           jsch
+Version:        0.2.15
+Release:        0
+Summary:        Pure Java implementation of SSH2
+License:        BSD-3-Clause
+Group:          Development/Libraries/Java
+URL:            https://github.com/mwiede/jsch/
+Source0:        https://github.com/mwiede/%{name}/archive/refs/tags/%{name}-%{version}.tar.gz
+Source1:        %{name}-build.xml
+Patch0:         jsch-junixsocket.patch
+Patch1:         jsch-log4j.patch
+BuildRequires:  ant
+BuildRequires:  bouncycastle >= 1.77
+BuildRequires:  fdupes
+# We need this for module-info.class
+BuildRequires:  java-devel >= 9
+BuildRequires:  javapackages-local >= 6
+BuildRequires:  jna
+BuildRequires:  jna-contrib
+BuildRequires:  slf4j
+# The jar still works with Java 8
+Requires:       java >= 1.8
+BuildArch:      noarch
+
+%description
+JSch allows you to connect to an sshd server and use port forwarding,
+X11 forwarding, file transfer, etc., and you can integrate its
+functionality into your own Java programs.
+
+%package        javadoc
+Summary:        Pure Java implementation of SSH2
+Group:          Development/Libraries/Java
+
+%description    javadoc
+JSch allows you to connect to an sshd server and use port forwarding,
+X11 forwarding, file transfer, etc., and you can integrate its
+functionality into your own Java programs.
+
+%package        demo
+Summary:        Pure Java implementation of SSH2
+Group:          Development/Libraries/Java
+
+%description    demo
+JSch allows you to connect to an sshd server and use port forwarding,
+X11 forwarding, file transfer, etc., and you can integrate its
+functionality into your own Java programs.
+
+%prep
+%setup -q -n %{name}-%{name}-%{version}
+cp %{SOURCE1} build.xml
+
+# We don't have junixsocket
+%pom_remove_dep com.kohlschutter.junixsocket:
+rm -f \
+    src/main/java/com/jcraft/jsch/JUnixSocketFactory.java
+%patch0 -p1
+
+# Do not depend on log4j
+%pom_remove_dep org.apache.logging.log4j:
+rm -f \
+    src/main/java/com/jcraft/jsch/Log4j2Logger.java \
+    src/test/java/com/jcraft/jsch/Log4j2LoggerTest.java
+%patch1 -p1
+
+%build
+mkdir -p lib
+build-jar-repository -s lib jna jna-platform slf4j/api bcprov
+%{ant} jar javadoc
+
+%install
+# jars
+install -Dpm 644 target/%{name}-*.jar %{buildroot}%{_javadir}/%{name}.jar
+
+# pom
+install -d -m 755 %{buildroot}%{_mavenpomdir}
+%{mvn_install_pom} pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom
+%add_maven_depmap %{name}.pom %{name}.jar -a com.jcraft:jsch
+
+# javadoc
+install -dm 755 %{buildroot}%{_javadocdir}/%{name}
+cp -pr target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}
+%fdupes -s %{buildroot}%{_javadocdir}/%{name}
+
+# examples
+install -dm 755 %{buildroot}%{_datadir}/%{name}
+cp -pr examples/* %{buildroot}%{_datadir}/%{name}
+%fdupes -s %{buildroot}%{_datadir}/%{name}
+
+%files -f .mfiles
+%license LICENSE.txt
+
+%files javadoc
+%{_javadocdir}/%{name}
+
+%files demo
+%{_datadir}/%{name}
+
+%changelog