------------------------------------------------------------------- Mon Apr 29 12:18:36 UTC 2024 - Fridrich Strba - The binaries are compatible with java 1.8 ------------------------------------------------------------------- Wed Feb 21 10:47:53 UTC 2024 - Gus Kenion - Use %patch -P N instead of deprecated %patchN. ------------------------------------------------------------------- Wed Dec 20 12:47:08 UTC 2023 - Gus Kenion - Upgrade to version 0.2.15, which includes fix for SSH protocol vulnerability (bsc#1218134, CVE-2023-48795) * Changes in 0.2.15: + Address CVE-2023-48795 by adding support for new strict key exchange extension + Add support for ext-info-in-auth@openssh.com extension + Introduce two new config options to control usage of the new strict key exchange extension: ~ enable_strict_kex (set to yes by default) ~ require_strict_kex (set to no by default) ~ If either option (or both) is enabled, then JSch will attempt to use the new strict key exchange extension. ~ If the require_strict_kex option is enabled and JSch detects the server does not support it, then JSch will terminate the connection and throw an exception. ~ If the require_strict_kex option is not enabled and JSch detects the server does not support it, then JSch will fallback and proceed with the connection without using the new extension. + This gives users the ability to enable a strong security posture if needed and avoid proceeding with connections to potentially insecure servers. * Changes in 0.2.14: + #450 use Socket.connect() with a timeout that has been supported since Java 1.4 instead of using old method of creating a separate thread and joining to that thread with timeout * Changes in 0.2.13: + #411 Add flush operation from Fix added is/jsch#39, with new config option to allow disabling in case it causes regressions. + #403 add a warning when Channel.getInputStream() or Channel.getExtInputStream() is called after Channel.connect(). * Changes in 0.2.12: + Further refine previous fixes for windows line endings in PEM keys + #392 replace call to BigInteger.intValueExact to remain compatible with android api 30 + Introduce JSchSessionDisconnectException to allow the reasonCode to be retrieved without String parsing + Introduce specific JSchException for HostKey related failures * Changes in 0.2.11: + update dependencies changes + #369 fix multi-line PEM key parsing to work with windows line endings due to regression from previous fix for #362. * Changes in 0.2.10: + Fix new Java 21 compiler warning: possible 'this' escape before subclass is fully initialized + Tweak OSGi bundle manifest to allow Log4j 3 + #362 fix PEM key parsing to work with windows line endings + #361 guard against UIKeyboardInteractive implementations that include NULL elements in the String[] returned from promptKeyboardInteractive() + Add a default implmentation of the deprecated decrypt() method to the Identity interface that throws an UnsupportedOperationException ------------------------------------------------------------------- Sat Jun 3 11:03:46 UTC 2023 - Fridrich Strba - Migrate from com.jcraft:jsch to com.github.mwiede:jsch fork (bsc#1211955) * Alias to the old artifact since the new one is drop-in replacement * Keep the old OSGi bundle symbolic name to avoid extensive patching of eclipse stack - Upgrade to version 0.2.9 * Changes of 0.2.9 + various improvements, #295 ~ #293 allow UserAuthNone to be extended. ~ Make JGSS module optional. ~ Tweak OSGi bundle manifest: ~ Avoid self-import. ~ Mark JGSS as optional. ~ Loosen import versions of dependencies. ~ Correctly adhere to the Multi-release JAR spec by ensuring all public classes under versioned directories preside over classes present in the top-level directory. ~ Eliminate stray System.err.println() calls. ~ Change PageantConnector to use JNA's built-in support for User32.SendMessage(). + Improve error handling in InputStream.close() for SFTP channels, #331 * Changes of 0.2.8 + activate sourcecode formatting, #247 + build improvements, #279 + #287 add algorithm type information to algorithm negotiation logs, #290 + wrap NoClassDefFoundError's for invalid private keys, #289 and #290 * Changes of 0.2.7 + #265 change buffer_margin computation to be dynamic based upon the MAC to allow connections that advertise small maximum packet sizes. + #266 fix PuTTY key parsing to work with unix line endings. + Add support for ECDSA and EdDSA type PuTTY keys. + #71 add support for PuTTY version 3 format keys. ~ Encrypted PuTTY version 3 format keys requires Bouncy Castle (bcprov-jdk18on). + Eliminate KeyPairDeferred and instead change handling of OpenSSH V1 type keys to be more like other KeyPair types. + Be more vigilant about clearing private key data. + Improve PKCS8 key handling and add support for PKCS5 2.1 encryption. + Add support for ECDSA type PKCS8 keys. + Add support for SCrypt type KDF for PKCS8 keys. ~ PKCS8 keys using SCrypt requires Bouncy Castle (bcprov-jdk18on). + Add support for EdDSA type PKCS8 keys. ~ EdDSA type PKCS8 keys requires Bouncy Castle (bcprov-jdk18on). + Attempt to authenticate using other signature algorithms supported by the same public key. ~ Allow this behavior to be disabled via try_additional_pubkey_algorithms config option. ° Some servers incorrectly respond with SSH_MSG_USERAUTH_PK_OK to an initial auth query that they don't actually support for RSA keys. + Add a new config option enable_pubkey_auth_query to allow skipping auth queries and proceed directly to attempting full SSH_MSG_USERAUTH_REQUEST's. + Add a new config option enable_auth_none to control whether an initial auth request for the method none is sent to detect all supported auth methods available on the server. * Changes of 0.2.6 + Include host alias instead of the real host in messages and exceptions, #257 + Fix missing keySize set when loading V1 RSA keys, #258 + Enhancement to present KeyPair.getKeyTypeString() method, #259 * Changes of 0.2.5 + Explictly free resources in Compression implementations, #241 + Fix integration test failures on Apple Silicon by skipping OpenSSH 7.4 tests, #227 + generate osgi bundle manifest data for jar #248, #249 * Changes of 0.2.4 + Improved excepton handling by @norrisjeremy in #200 * Changes of 0.2.3 + #188 fix private key length checks for ssh-ed25519 and ssh-ed448, #189 * Changes of 0.2.2 + setup jdk for code-ql analysis, #151 + misc improvements, #152 + Fixing Issue #131, #134 + Update link to bcrypt, #157 * Changes of 0.2.1 + Allow to set a Logger per JSch-instance rather than a VM-wide one, #128 + Preliminary changes prior to Javadoc work, #126 + remove check to allow setting any filename encoding with any server version #137, #142 * Changes of 0.2.0 + Disable RSA/SHA1 signature algorithm by default #75 + Add basic Logger implementations that can be optionally utilized with JSch.setLogger(): ~ JulLogger, using java.util.logging.Logger ~ JplLogger, using Java 9's JEP 264 ~ Log4j2Logger, using Apache Log4j 2 ~ Slf4jLogger, using SLF4J + Fix client version to be compliant with RFC 4253 section 4.2 by not including minus sign characters #115 + Add java.util.zip based compression implementation #114 ~ This is based upon the CompressionJUZ implementation posted to the JSch-users mailing list in 2012 by the original JSch author ~ The existing JZlib implementation remains the default to maintain strict RFC 4253 section 6.2 compliance ° To use the new implementation globally, execute JSch.setConfig("zlib@openssh.com", "com.jcraft.jsch.juz.Compression") + JSch.setConfig("zlib", "com.jcraft.jsch.juz.Compression") ° To use the new implementation per session, execute session.setConfig("zlib@openssh.com", "com.jcraft.jsch.juz.Compression") + session.setConfig("zlib", "com.jcraft.jsch.juz.Compression") * Changes of 0.1.72 + Switch chacha20-poly1305@openssh.com algorithm to a pure Bouncy Castle based implementation + implement openssh config behavior to handle append, prepend and removal of algorithms #104 * Changes of 0.1.71 + Address #98 by restoring JSch.VERSION * Changes of 0.1.70 + Address #89 by fixing rare ECDSA signature validation issue + Address #93 by always setting the "want reply" flag for "env" type channel requests to false * Changes of 0.1.69 + Address #83 by sending CR LF at the end of the identification string + Fix earlier change for #76 that failed to correctly make the "Host" keyword case-insensitive + Fix PageantConnector struct class visibility #86 * Changes of 0.1.68 + Added support for the rijndael-cbc@lysator.liu.se algorithm + Added support for the hmac-ripemd160, hmac-ripemd160@openssh.com and hmac-ripemd160-etm@openssh.com algorithms using Bouncy Castle + Added support for various algorithms from RFC 4253 and RFC 4344 using Bouncy Castle ~ cast128-cbc ~ cast128-ctr ~ twofish-cbc ~ twofish128-cbc ~ twofish128-ctr ~ twofish192-cbc ~ twofish192-ctr ~ twofish256-cbc ~ twofish256-ctr + Added support for the seed-cbc@ssh.com algorithm using Bouncy Castle * Changes of 0.1.67 + Added support for the blowfish-ctr algorithm from RFC 4344 + Fix bug where ext-info-c was incorrectly advertised during rekeying ~ According to RFC 8308 section 2.1, ext-info-c should only advertised during the first key exchange + Address #77 by attempting to add compatibility with older Bouncy Castle releases * Changes of 0.1.66 + Added support for RFC 8308 extension negotiation and server-sig-algs extension ~ This support is enabled by default, but can be controlled via the enable_server_sig_algs config option (or jsch.enable_server_sig_algs system property) ~ When enabled and a server-sig-algs message is received from the server, the algorithms included by the server and also present in the PubkeyAcceptedKeyTypes config option will be attempted first when using publickey authentication ~ Additionally if the server is detected as OpenSSH version 7.4, the rsa-sha2-256 and rsa-sha2-512 algorithms will be added to the received server-sig-algs as a workaround for OpenSSH bug 2680 + Added support for various algorithms supported by Tectia (ssh.com): ~ diffie-hellman-group14-sha224@ssh.com ~ diffie-hellman-group14-sha256@ssh.com ~ diffie-hellman-group15-sha256@ssh.com ~ diffie-hellman-group15-sha384@ssh.com ~ diffie-hellman-group16-sha384@ssh.com ~ diffie-hellman-group16-sha512@ssh.com ~ diffie-hellman-group18-sha512@ssh.com ~ diffie-hellman-group-exchange-sha224@ssh.com ~ diffie-hellman-group-exchange-sha384@ssh.com ~ diffie-hellman-group-exchange-sha512@ssh.com ~ hmac-sha224@ssh.com ~ hmac-sha256@ssh.com ~ hmac-sha256-2@ssh.com ~ hmac-sha384@ssh.com ~ hmac-sha512@ssh.com ~ ssh-rsa-sha224@ssh.com ~ ssh-rsa-sha256@ssh.com ~ ssh-rsa-sha384@ssh.com ~ ssh-rsa-sha512@ssh.com + Added support for SHA224 to FingerprintHash + Fixing #52 + Deprecate void setFilenameEncoding(String encoding) in favor of void setFilenameEncoding(Charset encoding) in ChannelSftp + Added support for rsa-sha2-256 and rsa-rsa2-512 algorithms to ChannelAgentForwarding + Address #65 by adding ssh-agent support derived from jsch-agent-proxy ~ See examples/JSchWithAgentProxy.java for simple example ~ ssh-agent support requires either Java 16's JEP 380 or the addition of junixsocket to classpath ~ Pageant support is untested and requires the addition of JNA to classpath + Added support for the following algorithms with older Java releases by using Bouncy Castle: ~ ssh-ed25519 ~ ssh-ed448 ~ curve25519-sha256 ~ curve25519-sha256@libssh.org ~ curve448-sha512 ~ chacha20-poly1305@openssh.com * Changes of 0.1.65 + Added system properties to allow manipulation of various crypto algorithms used by default + Integrated JZlib, allowing use of zlib@openssh.com and zlib compressions without the need to provide the JZlib jar-file + Modularized the jar-file for use with Java 9 or newer + Added runtime controls for the min/max/preferred sizes used for diffie-hellman-group-exchange-sha256 and diffie-hellman-group-exchange-sha1 + Renamed PubkeyAcceptedKeyTypes config to PubkeyAcceptedAlgorithms to match recent changes in OpenSSH (PubkeyAcceptedKeyTypes is still accepted for backward compatibility) + Reduced number of algorithms that are runtime checked by default via CheckCiphers, CheckMacs, CheckKExes and CheckSignatures to improve runtime performance * Changes of 0.1.64 + #55 bug fix * Changes of 0.1.63 + fix for #42 * Changes 0.1.62 + #13 reject HostKey with some servers + #20 Include TestBCrypt.java unit test + #21 Misc cleanup + #27 Update Testcontainers to newest version to fix test failures + #34 NPE with openssh v1 format * Changes 0.1.61 + Add support for chacha20-poly1305@openssh.com, ssh-ed25519, ssh-ed448, curve448-sha512, diffie-hellman-group15-sha512 and diffie-hellman-group17-sha512. This makes use of the new EdDSA feature added in Java 15's JEP 339. #17 + added integration test for public key authentication #19 * Changes of 0.1.60 + support for openssh-v1-private-key format + Fix bug with AEAD ciphers when compression is used. #15 * Changes of 0.1.59 + fixing issue #6 (originally from https://sourceforge.net/p/jsch/mailman/message/36872566/) * Changes of 0.1.58 + adds support for more algorithms, see #4 * Changes of 0.1.57 + support for rsa-sha2-256 and rsa-sha2-512. #1 * Changes of 0.1.56 + support for direct-streamlocal@openssh.com (see SocketForwardingL.java) - Removed patches: * jsch-0.1.54-sourcetarget.patch * jsch-osgi-manifest.patch + both problems are handled differently in the new version - Added patches: * jsch-junixsocket.patch + disable building with dependency that we don't have * jsch-log4j.patch + disable building with log4j support in order to avoid a huge build cycle ------------------------------------------------------------------- Sat Mar 19 21:51:39 UTC 2022 - Fridrich Strba - Modified patch: * jsch-0.1.54-sourcetarget.patch + build with source/target levels 8 ------------------------------------------------------------------- Tue Apr 7 13:56:09 UTC 2020 - Fridrich Strba - Version 0.1.55 ------------------------------------------------------------------- Tue Apr 7 13:52:31 UTC 2020 - Fridrich Strba - Added patch: * jsch-osgi-manifest.patch + create the osgi manifest during the ant build + replaces the MANIFEST.MF file - Miscellaneous clean-up ------------------------------------------------------------------- Fri Sep 20 13:37:00 UTC 2019 - Fridrich Strba - Remove reference to the parent from pom file, since we are not building with maven ------------------------------------------------------------------- Fri Sep 8 08:31:01 UTC 2017 - fstrba@suse.com - Added patch: * jsch-0.1.54-sourcetarget.patch - Specify java source and target levels to 1.6, in order to allow building with jdk9 ------------------------------------------------------------------- Fri Jun 9 10:59:34 UTC 2017 - tchvatal@suse.com - Build with full java, does not compile with gcj ------------------------------------------------------------------- Fri May 19 09:59:03 UTC 2017 - dziolkowski@suse.com - New build dependency: javapackages-local ------------------------------------------------------------------- Sun Feb 12 21:45:09 UTC 2017 - guoyunhebrave@gmail.com - Version 0.1.54 ------------------------------------------------------------------- Wed Mar 18 09:46:14 UTC 2015 - tchvatal@suse.com - Fix build with new javapackages-tools ------------------------------------------------------------------- Tue Jun 17 15:49:57 UTC 2014 - tchvatal@suse.com - Version bump to 0.1.51 - Cleanup with spec-cleaner - Add maven and osgi things same as in Fedora. ------------------------------------------------------------------- Mon Sep 9 11:06:06 UTC 2013 - tchvatal@suse.com - Move from jpackage-utils to javapackage-tools ------------------------------------------------------------------- Mon May 13 06:15:53 UTC 2013 - mvyskocil@suse.com - update to 0.1.50 * fixes connection errors with "verify: false" when running on Java 7u6 (and later). * The OpenSSH config file and the key exchange method "diffie-hellman-group-exchange-sha256" are now supported ------------------------------------------------------------------- Tue Oct 16 08:39:25 UTC 2012 - mvyskocil@suse.com - update to 0.1.49 * Putty's private key files support * hmax-sha2-256 defined in RFC6668 is supported * integration with jsch-agent-proxy * and many bugfixes ------------------------------------------------------------------- Tue Apr 28 11:23:11 CEST 2009 - mvyskocil@suse.cz - Initial SUSE packaging of version 0.1.40 (from jpp5)