From d1162288d4e9190626b491a91e930a077c024949fc71f4fe35d8d90b1a7f4415 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 16 Nov 2022 08:44:14 +0000 Subject: [PATCH 1/4] OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-sshd?expand=0&rev=10 --- ...ependency-on-native-tomcat-APR-libra.patch | 4 +- 0002-Fix-manifest-generation.patch | 11 --- apache-sshd-2.7.0-java8.patch | 75 ------------------- apache-sshd-2.7.0-src.tar.gz | 3 - apache-sshd-2.9.2-src.tar.gz | 3 + apache-sshd.spec | 17 +++-- 6 files changed, 14 insertions(+), 99 deletions(-) delete mode 100644 0002-Fix-manifest-generation.patch delete mode 100644 apache-sshd-2.7.0-java8.patch delete mode 100644 apache-sshd-2.7.0-src.tar.gz create mode 100644 apache-sshd-2.9.2-src.tar.gz diff --git a/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch b/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch index 16dc5e1..b303f72 100644 --- a/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch +++ b/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch @@ -14,9 +14,9 @@ diff --git a/pom.xml b/pom.xml index 867ca88..7c29678 100644 --- a/pom.xml +++ b/pom.xml -@@ -406,11 +406,6 @@ +@@ -428,11 +428,6 @@ mina-core - 2.0.21 + 2.0.23 - - tomcat diff --git a/0002-Fix-manifest-generation.patch b/0002-Fix-manifest-generation.patch deleted file mode 100644 index 1de880f..0000000 --- a/0002-Fix-manifest-generation.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up ./pom.xml.fix ./pom.xml ---- ./pom.xml.fix 2021-04-20 21:32:51.749782800 -0400 -+++ ./pom.xml 2021-04-20 21:33:22.600740917 -0400 -@@ -1020,7 +1020,6 @@ - - - -- org.apache.sshd*;version="[$(version;==;${sshd.osgi.version.clean}),$(version;=+;${sshd.osgi.version.clean}))",* - *;-noimport:=true - - pom diff --git a/apache-sshd-2.7.0-java8.patch b/apache-sshd-2.7.0-java8.patch deleted file mode 100644 index 21ff9ca..0000000 --- a/apache-sshd-2.7.0-java8.patch +++ /dev/null @@ -1,75 +0,0 @@ ---- apache-sshd-2.7.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2021-07-30 09:48:59.082251041 +0200 -+++ apache-sshd-2.7.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2021-07-30 09:54:40.568508196 +0200 -@@ -353,13 +353,13 @@ - log.trace("handleReadCycleCompletion({}) read {} bytes after {} nanos at cycle={}", - this, result, System.nanoTime() - lastReadCycleStart.get(), readCyclesCounter); - } -- buffer.flip(); -+ ((java.nio.Buffer)buffer).flip(); - - IoHandler handler = getIoHandler(); - handler.messageReceived(this, bufReader); - if (!closeFuture.isClosed()) { - // re-use reference for next iteration since we finished processing it -- buffer.clear(); -+ ((java.nio.Buffer)buffer).clear(); - doReadCycle(buffer, completionHandler); - } else { - if (debugEnabled) { ---- apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/SftpRemotePathChannel.java 2021-07-30 09:48:59.150251491 +0200 -+++ apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/SftpRemotePathChannel.java 2021-07-30 09:54:40.572508221 +0200 -@@ -21,6 +21,7 @@ - - import java.io.IOException; - import java.io.StreamCorruptedException; -+import java.nio.Buffer; - import java.nio.ByteBuffer; - import java.nio.MappedByteBuffer; - import java.nio.channels.AsynchronousCloseException; -@@ -153,7 +154,7 @@ - if (read > 0) { - // reference equality on purpose - if (wrap == buffer) { -- wrap.position(wrap.position() + read); -+ ((Buffer)wrap).position(wrap.position() + read); - } else { - buffer.put(wrap.array(), wrap.arrayOffset(), read); - } -@@ -258,7 +259,7 @@ - wrap.arrayOffset() + wrap.position(), written); - // reference equality on purpose - if (wrap == buffer) { -- wrap.position(wrap.position() + written); -+ ((Buffer)wrap).position(wrap.position() + written); - } - curPos += written; - totalWritten += written; ---- apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/server/AbstractSftpSubsystemHelper.java 2021-07-30 09:48:59.150251491 +0200 -+++ apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/server/AbstractSftpSubsystemHelper.java 2021-07-30 09:55:19.804767492 +0200 -@@ -942,7 +942,7 @@ - if (remainLen < digestBuf.length) { - bb = ByteBuffer.wrap(digestBuf, 0, remainLen); - } -- bb.clear(); // prepare for next read -+ ((java.nio.Buffer)bb).clear(); // prepare for next read - - int readLen = channel.read(bb); - if (readLen < 0) { -@@ -967,7 +967,7 @@ - if (remainLen < digestBuf.length) { - bb = ByteBuffer.wrap(digestBuf, 0, remainLen); - } -- bb.clear(); // prepare for next read -+ ((java.nio.Buffer)bb).clear(); // prepare for next read - - int readLen = channel.read(bb); - if (readLen < 0) { -@@ -1101,7 +1101,7 @@ - if (remainLen < digestBuf.length) { - bb = ByteBuffer.wrap(digestBuf, 0, remainLen); - } -- bb.clear(); // prepare for next read -+ ((java.nio.Buffer)bb).clear(); // prepare for next read - - int readLen = channel.read(bb); - if (readLen < 0) { diff --git a/apache-sshd-2.7.0-src.tar.gz b/apache-sshd-2.7.0-src.tar.gz deleted file mode 100644 index 6306bf9..0000000 --- a/apache-sshd-2.7.0-src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fe3f9ca72930fd4b01e2969f32f7d2aedd9b364fd42ca124cc3384bd23de7007 -size 1535548 diff --git a/apache-sshd-2.9.2-src.tar.gz b/apache-sshd-2.9.2-src.tar.gz new file mode 100644 index 0000000..e5ba2c8 --- /dev/null +++ b/apache-sshd-2.9.2-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:aeea62247ea87213f20f6b1d6f817776d2c7493ff23fbc4a1f99e0081631c02e +size 1743627 diff --git a/apache-sshd.spec b/apache-sshd.spec index a627b9d..567b105 100644 --- a/apache-sshd.spec +++ b/apache-sshd.spec @@ -1,7 +1,7 @@ # # spec file for package apache-sshd # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: apache-sshd -Version: 2.7.0 +Version: 2.9.2 Release: 0 Summary: Apache SSHD # One file has ISC licensing: @@ -27,8 +27,6 @@ URL: https://mina.apache.org/sshd-project Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz # Avoid optional dep on tomcat native APR library Patch0: 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch -Patch1: 0002-Fix-manifest-generation.patch -Patch2: apache-sshd-2.7.0-java8.patch BuildRequires: fdupes BuildRequires: maven-local BuildRequires: mvn(junit:junit) @@ -46,6 +44,7 @@ BuildRequires: mvn(org.bouncycastle:bcpg-jdk15on) BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on) BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin) BuildRequires: mvn(org.codehaus.plexus:plexus-archiver) +BuildRequires: mvn(org.slf4j:jcl-over-slf4j) BuildRequires: mvn(org.slf4j:slf4j-api) BuildArch: noarch @@ -64,14 +63,12 @@ This package provides %{name}. # Avoid optional dep on tomcat native APR library %patch0 -p1 -%patch1 -p1 -%patch2 -p1 rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix # Avoid unnecessary dep on spring framework %pom_remove_dep :spring-framework-bom -%pom_remove_dep :testcontainers-bom sshd-sftp +%pom_remove_dep :testcontainers-bom sshd-sftp sshd-core # Build the core modules only %pom_disable_module assembly @@ -101,7 +98,11 @@ rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix %build # Can't run tests, they require ch.ethz.ganymed:ganymed-ssh2 -%{mvn_build} -f -- -Dworkspace.root.dir=$(pwd) -Dsource=8 +%{mvn_build} -f -- -Dworkspace.root.dir=$(pwd) \ +%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 9}%{!?pkg_vcmp:0} + -Dmaven.compiler.release=8 \ +%endif + -Dsource=8 %install %mvn_install From bbc26f84d002d8fa16e3b3d9ff4ea566957586785323971535faee569eb64685 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 16 Nov 2022 08:47:38 +0000 Subject: [PATCH 2/4] OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-sshd?expand=0&rev=11 --- apache-sshd.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/apache-sshd.spec b/apache-sshd.spec index 567b105..a92fc9f 100644 --- a/apache-sshd.spec +++ b/apache-sshd.spec @@ -32,13 +32,11 @@ BuildRequires: maven-local BuildRequires: mvn(junit:junit) BuildRequires: mvn(net.i2p.crypto:eddsa) BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) -BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin) BuildRequires: mvn(org.apache.maven.surefire:surefire-junit47) BuildRequires: mvn(org.apache.maven:maven-archiver) -BuildRequires: mvn(org.apache:apache-jar-resource-bundle) BuildRequires: mvn(org.apache:apache:pom:) BuildRequires: mvn(org.bouncycastle:bcpg-jdk15on) BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on) From c5e8fcc50d2df67feee31fef69347b56456d7a82b51b49bb47d95d1ffc0a78ae Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 16 Nov 2022 09:53:04 +0000 Subject: [PATCH 3/4] OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-sshd?expand=0&rev=12 --- apache-sshd-javadoc.patch | 241 ++++++++++++++++++++++++++++++++++++++ apache-sshd.spec | 3 + 2 files changed, 244 insertions(+) create mode 100644 apache-sshd-javadoc.patch diff --git a/apache-sshd-javadoc.patch b/apache-sshd-javadoc.patch new file mode 100644 index 0000000..b8c7c90 --- /dev/null +++ b/apache-sshd-javadoc.patch @@ -0,0 +1,241 @@ +--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2022-11-16 09:50:02.519293210 +0100 ++++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2022-11-16 10:29:30.819501234 +0100 +@@ -36,7 +36,7 @@ + public interface PasswordIdentityProvider { + + /** +- * An "empty" implementation of {@link PasswordIdentityProvider} that returns an empty group of passwords ++ * An "empty" implementation of {@link PasswordIdentityProvider} that returns an empty group of passwords + */ + PasswordIdentityProvider EMPTY_PASSWORDS_PROVIDER = new PasswordIdentityProvider() { + @Override +--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2022-11-16 09:50:02.523293237 +0100 ++++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2022-11-16 10:21:06.704044979 +0100 +@@ -754,7 +754,7 @@ + * @param expected The expected fingerprint if {@code null} or empty then returns a failure with the default + * fingerprint. + * @param key the {@link PublicKey} - if {@code null} then returns null. +- * @return SimpleImmutableEntry - key is success indicator, value is actual fingerprint, ++ * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint, + * {@code null} if no key. + * @see #getDefaultFingerPrintFactory() + * @see #checkFingerPrint(String, Factory, PublicKey) +@@ -768,7 +768,7 @@ + * fingerprint. + * @param f The {@link Factory} to be used to generate the default {@link Digest} for the key + * @param key the {@link PublicKey} - if {@code null} then returns null. +- * @return SimpleImmutableEntry - key is success indicator, value is actual fingerprint, ++ * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint, + * {@code null} if no key. + */ + public static SimpleImmutableEntry checkFingerPrint( +@@ -781,7 +781,7 @@ + * fingerprint. + * @param d The {@link Digest} to be used to generate the default fingerprint for the key + * @param key the {@link PublicKey} - if {@code null} then returns null. +- * @return SimpleImmutableEntry - key is success indicator, value is actual fingerprint, ++ * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint, + * {@code null} if no key. + */ + public static SimpleImmutableEntry checkFingerPrint(String expected, Digest d, PublicKey key) { +--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2022-11-16 09:50:02.523293237 +0100 ++++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2022-11-16 10:27:11.094543153 +0100 +@@ -63,9 +63,7 @@ + import org.apache.sshd.common.util.security.SecurityUtils; + + /** +- * Basic support for OpenSSH +- * key file(s) ++ * Basic support for OpenSSH key file(s) + * + * @author Apache MINA SSHD Project + */ +--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2022-11-16 09:50:02.531293291 +0100 ++++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2022-11-16 10:07:03.290271908 +0100 +@@ -64,13 +64,13 @@ + SkED25519BufferPublicKeyParser.INSTANCE)); + + /** +- * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" ++ * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" + * @return {@code true} if this key type is supported by the parser + */ + boolean isKeyTypeSupported(String keyType); + + /** +- * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" ++ * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" + * @param buffer The {@link Buffer} containing the encoded raw public key + * @return The decoded {@link PublicKey} + * @throws GeneralSecurityException If failed to generate the key +--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2022-11-16 09:50:02.527293266 +0100 ++++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2022-11-16 10:17:14.006452121 +0100 +@@ -112,10 +112,11 @@ + * @param with String to replace with + * @param max maximum number of values to replace, or -1 if no maximum + * @return the text with any replacements processed +- * @author Arnout J. Kuiper ajkuiper@wxs.nl +- * @author Magesh Umasankar +- * @author Bruce Atherton +- * @author Antoine Levy-Lambert ++ * ++ * author Arnout J. Kuiper ajkuiper@wxs.nl ++ * author Magesh Umasankar ++ * author Bruce Atherton ++ * author Antoine Levy-Lambert + */ + @SuppressWarnings("PMD.AssignmentInOperand") + public static String replace(String text, String repl, String with, int max) { +--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2022-11-16 09:50:02.531293291 +0100 ++++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2022-11-16 10:09:10.435142161 +0100 +@@ -76,7 +76,7 @@ + } + + /** +- * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it ++ * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it + * positive + * + * @param bytes {@link BigInteger} bytes +@@ -87,7 +87,7 @@ + } + + /** +- * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it ++ * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it + * positive + * + * @param bytes {@link BigInteger} bytes +--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2022-11-16 09:50:02.527293266 +0100 ++++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2022-11-16 10:28:23.527039819 +0100 +@@ -165,7 +165,7 @@ + } + + /** +- * Remove {@code Windows} domain and/or group prefix as well as "(User);" suffix ++ * Remove {@code Windows} domain and/or group prefix as well as "(User);" suffix + * + * @param user The original username - ignored if {@code null}/empty + * @return The canonical user - unchanged if {@code Unix} O/S +--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2022-11-16 09:50:02.535293319 +0100 ++++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2022-11-16 10:31:13.564205742 +0100 +@@ -119,7 +119,7 @@ + /** + * The min. key size value used for testing whether Diffie-Hellman Group Exchange is supported or not. According to + * RFC 4419 section 3: "Servers and clients SHOULD support +- * groups with a modulus length of k bits, where 1024 <= k <= 8192". ++ * groups with a modulus length of k bits, where 1024 <= k <= 8192". + * + * Note: this has been amended by RFC 8270 + */ +--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2022-11-16 09:50:02.571293565 +0100 ++++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2022-11-16 10:28:51.175229400 +0100 +@@ -23,8 +23,8 @@ + + /** + * Provides a way to implement proxied connections where some metadata about the client is sent before the actual +- * SSH protocol is executed - e.g., the PROXY +- * protocol. The implementor should use the {@code IoSession#write(Buffer)} method to send any packets with the ++ * SSH protocol is executed - e.g., the PROXY protocol. ++ * The implementor should use the {@code IoSession#write(Buffer)} method to send any packets with the + * meta-data. + * + * @author Apache MINA SSHD Project +--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2022-11-16 09:50:02.575293593 +0100 ++++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2022-11-16 10:04:31.529233186 +0100 +@@ -67,7 +67,7 @@ + + /** + * The default {@link BuiltinCiphers} setup in order of preference as specified by +- * ssh_config(5) ++ * ssh_config(5) + */ + public static final List DEFAULT_CIPHERS_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( +@@ -83,7 +83,7 @@ + + /** + * The default {@link BuiltinDHFactories} setup in order of preference as specified by +- * ssh_config(5) ++ * ssh_config(5) + */ + public static final List DEFAULT_KEX_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( +@@ -104,7 +104,7 @@ + + /** + * The default {@link BuiltinMacs} setup in order of preference as specified by +- * ssh_config(5) ++ * ssh_config(5) + */ + public static final List DEFAULT_MAC_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( +--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/channel/LocalWindow.java 2022-11-16 09:50:02.575293593 +0100 ++++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/channel/LocalWindow.java 2022-11-16 10:22:11.968492069 +0100 +@@ -51,8 +51,6 @@ + /** + * Initializes the {@link LocalWindow} with the packet and window sizes from the {@code resolver}. + * +- * @param size the initial window size +- * @param packetSize the peer's advertised maximum packet size + * @param resolver {@PropertyResolver} to access properties + */ + public void init(PropertyResolver resolver) { +--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java 2022-11-16 09:50:02.579293619 +0100 ++++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java 2022-11-16 10:49:31.567743605 +0100 +@@ -46,7 +46,7 @@ + /** + * Manages SSH message sending during a key exchange. RFC 4253 specifies that during a key exchange, no high-level + * messages are to be sent, but a receiver must be able to deal with messages "in flight" until the peer's +- * {@link SshConstants#SSH_MSG_KEX_INIT} message is received. ++ * {@link SshConstants#SSH_MSG_KEXINIT} message is received. + *

+ * Apache MINA sshd queues up high-level messages that threads try to send while a key exchange is ongoing, and sends + * them once the key exchange is done. Sending queued messages may make the peer re-trigger a new key exchange, in which +@@ -154,7 +154,7 @@ + } + + /** +- * Initializes the state for a new key exchange. {@link #allPacketsFlushed()} will be {@code false}, and a new ++ * Initializes the state for a new key exchange. kexFlushed will be {@code false}, and a new + * future to be fulfilled when all queued packets will be flushed once the key exchange is done is set. The + * currently set future from an earlier key exchange is returned. The returned future may or may not be fulfilled; + * if it isn't, there are still left-over pending packets to write from the previous key exchange, which will be +@@ -406,7 +406,7 @@ + * exchange, flushing is stopped and is to be resumed by another call to this method when the new key exchange is + * done. + * +- * @param flushDone the future obtained from {@link #getFlushedFuture()}; will be fulfilled once all pending packets ++ * @param flushDone the future obtained from {@link #terminateKeyExchange()}; will be fulfilled once all pending packets + * have been written + */ + protected void flushQueue(DefaultKeyExchangeFuture flushDone) { +--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2022-11-16 09:50:02.579293619 +0100 ++++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2022-11-16 10:02:05.032231651 +0100 +@@ -224,11 +224,11 @@ + * {@link Buffer} to the given {@link ReplyHandler}, which may execute in a different thread. + * + *

+- *
want-reply == true && replyHandler != null
++ *
want-reply == true && replyHandler != null
+ *
The returned future is fulfilled with {@code null} when the request was sent, or with an exception if the + * request could not be sent. The {@code replyHandler} is invoked once the reply is received, with the SSH reply + * code and the data received.
+- *
want-reply == true && replyHandler == null
++ *
want-reply == true && replyHandler == null
+ *
The returned future is fulfilled with an exception if the request could not be sent, or a failure reply was + * received. If a success reply was received, the future is fulfilled with the received data buffer.
+ *
want-reply == false
+--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2022-11-16 09:50:02.583293646 +0100 ++++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2022-11-16 10:33:44.345239622 +0100 +@@ -23,8 +23,7 @@ + + /** + * Provides a way to implement proxied connections where some metadata about the client is sent before the actual +- * SSH protocol is executed - e.g., the PROXY +- * protocol. ++ * SSH protocol is executed - e.g., the PROXY protocol. + * + * @author Apache MINA SSHD Project + */ diff --git a/apache-sshd.spec b/apache-sshd.spec index a92fc9f..57b8e6c 100644 --- a/apache-sshd.spec +++ b/apache-sshd.spec @@ -27,6 +27,7 @@ URL: https://mina.apache.org/sshd-project Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz # Avoid optional dep on tomcat native APR library Patch0: 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch +Patch1: apache-sshd-javadoc.patch BuildRequires: fdupes BuildRequires: maven-local BuildRequires: mvn(junit:junit) @@ -37,6 +38,7 @@ BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin) BuildRequires: mvn(org.apache.maven.surefire:surefire-junit47) BuildRequires: mvn(org.apache.maven:maven-archiver) +BuildRequires: mvn(org.apache:apache-jar-resource-bundle) BuildRequires: mvn(org.apache:apache:pom:) BuildRequires: mvn(org.bouncycastle:bcpg-jdk15on) BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on) @@ -61,6 +63,7 @@ This package provides %{name}. # Avoid optional dep on tomcat native APR library %patch0 -p1 +%patch1 -p1 rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix From 71702aeadb5bcf45290fb52062ca5453df4b617820e3241e0cc4cb27279c223d Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 16 Nov 2022 12:02:30 +0000 Subject: [PATCH 4/4] OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-sshd?expand=0&rev=13 --- apache-sshd.changes | 119 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/apache-sshd.changes b/apache-sshd.changes index 52a514d..551e598 100644 --- a/apache-sshd.changes +++ b/apache-sshd.changes @@ -1,3 +1,122 @@ +------------------------------------------------------------------- +Wed Nov 16 11:36:21 UTC 2022 - Fridrich Strba + +- Upgrade to version 2.9.2 (bsc#1205463, CVE-2022-45047) +- Changes in version 2.8.0 + * Bug + + Wrong server key algorithm choose + + Expiration of OpenSshCertificates needs to compare timestamps + as unsigned long + + SFTP Get downloads empty file from servers which supports EOF + indication after data + + skip() doesn't work properly in SftpInputStreamAsync + + OpenMode and CopyMode is not honored as expected in + version > 4 of SFTP api + + SftpTransferTest sometimes hangs (failure during rekeying) + + Race condition in KEX + + Fix the ciphers supported documentation + + Update tarLongFileMode to use POSIX + + WinsCP transfer failure to Apache SSHD Server + + Pubkey auth: keys from ssh-agent are used even if + HostConfigEntry.isIdentitiesOnly() is true + + Support RSA SHA2 signatures via SSH agent + + NOTICE: wrong copyright year range + + Wrong creationTime in writeAttrs for SFTP + + sshd-netty logs all traffic on INFO level + * New Feature + + Add support for chacha20-poly1305@openssh.com + + Parsing of ~/.ssh/config Host patterns fails with extra + whitespace + + Support generating OpenSSH client certificates + * Improvement + + Add support for curve25519-sha256@libssh.org key exchange + + OpenSSH certificates: check certificate type + + OpenSSHCertificatesTest: certificates expire in 2030 + + Display IdleTimeOut in more user-friendly format + + sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in + ChannelAsyncOutputStream constructor configurable from + outside using variable/config file + + Intercepting the server exception message from server in SSHD + client + + Implement RFC 8332 server-sig-algs on the server + + Slow performance listing huge number of files on Apache SSHD + server + + SFTP: too many LSTAT calls + + Support key constraints when adding a key to an SSH agent + + Add SFTP server side file custom attributes hook + * Task + + Make sure the project is built using a 1.8 + * Question + + UserInteraction Problem +- Changes of vesion 2.9.0 + * Bug + + Deadlock on disconnection at the end of key-exchange + + Remote port forwarding mode does not handle EOF properly + + Public key authentication: wrong signature algorithm used + (ed25519 key with ssh-rsa signature) + + Client fails window adjust above Integer.MAX_VALUE + + class loader fails to load + org.apache.sshd.common.cipher.BaseGCMCipher + + Shell is not getting closed if the command has already closed + the OutputStream it is using. + + Sometimes async write listener is not called + + Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to + SocketTimeoutException + + different host key algorithm used on rekey than used for the + initial connection + + OpenSSH certificate is not properly encoded when critical + options are included + + TCP/IP remote port forwarding with wildcard IP addresses + doesn't work with OpenSSH + + UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from + an agent + * New Feature + + Add support for Argon2 encrypted PUTTY key files + + Add support for merged inverted output and error streams of + remote process + * Improvement + + Add support for "limits@openssh.com" SFTP extension + + Support host-based pubkey authentication in the client + + Send environment variable and open subsystem at the same time + for SSH session +- Changes of version 2.9.1 + * Bug + + ClientSession.auth().verify() is terminated with timeout + + 2.9.0 release broken on Java 8 + + Infinite loop in + org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead + + Deadlock during session exit + + Race condition is logged in ChannelAsyncOutputStream +- Changes of version 2.9.2 + * Bug + + SFTP worker threads got stuck while processing PUT methods + against one specific SFTP server + + Use the maximum packet size of the communication partner + + ExplicitPortForwardingTracker does not unbind auto-allocated + one + + Default SshClient FD leak because Selector not closed + + Reading again from exhausted ChannelExec#getInvertedOut() + throws IOException instead of returning -1 + + Keeping error streams and input streams separate after + ChannelExec#setRedirectErrorStream(true) is called + + Nio2Session.shutdownOutput() should wait for writes in + progress + * Test + + Research intermittent failure in unit tests using various I/O + service factories +- Modified patch: + * 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch + + rediff to changed context +- Removed patches: + * 0002-Fix-manifest-generation.patch + + not needed any more in this version + * apache-sshd-2.7.0-java8.patch + + not needed since the Java 8 compatibility is handled by the + --release option +- Added patch: + * apache-sshd-javadoc.patch + + Fix different warnings in javadoc generation + ------------------------------------------------------------------- Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba