pool/apache-sshd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1036214 from Java:packages

Browse Source 
bsc#1205463, CVE-2022-45047

OBS-URL: https://build.opensuse.org/request/show/1036214
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache-sshd?expand=0&rev=4
This commit is contained in:
Dominique Leuenberger 2022-11-16 14:44:12 +00:00 committed by Git OBS Bridge
commit 08cc899442
8 changed files with 375 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
View File

@ -14,9 +14,9 @@ diff --git a/pom.xml b/pom.xml
index 867ca88..7c29678 100644 index 867ca88..7c29678 100644
--- a/pom.xml --- a/pom.xml
+++ b/pom.xml +++ b/pom.xml
@@ -406,11 +406,6 @@ @@ -428,11 +428,6 @@
<artifactId>mina-core</artifactId> <artifactId>mina-core</artifactId>
<version>2.0.21</version> <version>2.0.23</version>
</dependency> </dependency>
- <dependency> - <dependency>
- <groupId>tomcat</groupId> - <groupId>tomcat</groupId>

11
0002-Fix-manifest-generation.patch
View File

@ -1,11 +0,0 @@
diff -up ./pom.xml.fix ./pom.xml
--- ./pom.xml.fix 2021-04-20 21:32:51.749782800 -0400
+++ ./pom.xml 2021-04-20 21:33:22.600740917 -0400
@@ -1020,7 +1020,6 @@
</goals>
<configuration>
<instructions>
- <Import-Package>org.apache.sshd*;version="[$(version;==;${sshd.osgi.version.clean}),$(version;=+;${sshd.osgi.version.clean}))",*</Import-Package>
<Export-Package>*;-noimport:=true</Export-Package>
</instructions>
<noWarningProjectTypes>pom</noWarningProjectTypes>

75
apache-sshd-2.7.0-java8.patch
View File

@ -1,75 +0,0 @@
--- apache-sshd-2.7.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2021-07-30 09:48:59.082251041 +0200
+++ apache-sshd-2.7.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2021-07-30 09:54:40.568508196 +0200
@@ -353,13 +353,13 @@
log.trace("handleReadCycleCompletion({}) read {} bytes after {} nanos at cycle={}",
this, result, System.nanoTime() - lastReadCycleStart.get(), readCyclesCounter);
}
- buffer.flip();
+ ((java.nio.Buffer)buffer).flip();
IoHandler handler = getIoHandler();
handler.messageReceived(this, bufReader);
if (!closeFuture.isClosed()) {
// re-use reference for next iteration since we finished processing it
- buffer.clear();
+ ((java.nio.Buffer)buffer).clear();
doReadCycle(buffer, completionHandler);
} else {
if (debugEnabled) {
--- apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/SftpRemotePathChannel.java 2021-07-30 09:48:59.150251491 +0200
+++ apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/SftpRemotePathChannel.java 2021-07-30 09:54:40.572508221 +0200
@@ -21,6 +21,7 @@
import java.io.IOException;
import java.io.StreamCorruptedException;
+import java.nio.Buffer;
import java.nio.ByteBuffer;
import java.nio.MappedByteBuffer;
import java.nio.channels.AsynchronousCloseException;
@@ -153,7 +154,7 @@
if (read > 0) {
// reference equality on purpose
if (wrap == buffer) {
- wrap.position(wrap.position() + read);
+ ((Buffer)wrap).position(wrap.position() + read);
} else {
buffer.put(wrap.array(), wrap.arrayOffset(), read);
}
@@ -258,7 +259,7 @@
wrap.arrayOffset() + wrap.position(), written);
// reference equality on purpose
if (wrap == buffer) {
- wrap.position(wrap.position() + written);
+ ((Buffer)wrap).position(wrap.position() + written);
}
curPos += written;
totalWritten += written;
--- apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/server/AbstractSftpSubsystemHelper.java 2021-07-30 09:48:59.150251491 +0200
+++ apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/server/AbstractSftpSubsystemHelper.java 2021-07-30 09:55:19.804767492 +0200
@@ -942,7 +942,7 @@
if (remainLen < digestBuf.length) {
bb = ByteBuffer.wrap(digestBuf, 0, remainLen);
}
- bb.clear(); // prepare for next read
+ ((java.nio.Buffer)bb).clear(); // prepare for next read
int readLen = channel.read(bb);
if (readLen < 0) {
@@ -967,7 +967,7 @@
if (remainLen < digestBuf.length) {
bb = ByteBuffer.wrap(digestBuf, 0, remainLen);
}
- bb.clear(); // prepare for next read
+ ((java.nio.Buffer)bb).clear(); // prepare for next read
int readLen = channel.read(bb);
if (readLen < 0) {
@@ -1101,7 +1101,7 @@
if (remainLen < digestBuf.length) {
bb = ByteBuffer.wrap(digestBuf, 0, remainLen);
}
- bb.clear(); // prepare for next read
+ ((java.nio.Buffer)bb).clear(); // prepare for next read
int readLen = channel.read(bb);
if (readLen < 0) {

3
apache-sshd-2.7.0-src.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fe3f9ca72930fd4b01e2969f32f7d2aedd9b364fd42ca124cc3384bd23de7007
size 1535548

3
apache-sshd-2.9.2-src.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:aeea62247ea87213f20f6b1d6f817776d2c7493ff23fbc4a1f99e0081631c02e
size 1743627

241
apache-sshd-javadoc.patch Normal file
View File

@ -0,0 +1,241 @@
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2022-11-16 09:50:02.519293210 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2022-11-16 10:29:30.819501234 +0100
@@ -36,7 +36,7 @@
public interface PasswordIdentityProvider {
/**
- * An &quot;empty&quot implementation of {@link PasswordIdentityProvider} that returns an empty group of passwords
+ * An &quot;empty&quot; implementation of {@link PasswordIdentityProvider} that returns an empty group of passwords
*/
PasswordIdentityProvider EMPTY_PASSWORDS_PROVIDER = new PasswordIdentityProvider() {
@Override
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2022-11-16 09:50:02.523293237 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2022-11-16 10:21:06.704044979 +0100
@@ -754,7 +754,7 @@
* @param expected The expected fingerprint if {@code null} or empty then returns a failure with the default
* fingerprint.
* @param key the {@link PublicKey} - if {@code null} then returns null.
- * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
+ * @return SimpleImmutableEntry&lt;Boolean, String&gt; - key is success indicator, value is actual fingerprint,
* {@code null} if no key.
* @see #getDefaultFingerPrintFactory()
* @see #checkFingerPrint(String, Factory, PublicKey)
@@ -768,7 +768,7 @@
* fingerprint.
* @param f The {@link Factory} to be used to generate the default {@link Digest} for the key
* @param key the {@link PublicKey} - if {@code null} then returns null.
- * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
+ * @return SimpleImmutableEntry&lt;Boolean, String&gt; - key is success indicator, value is actual fingerprint,
* {@code null} if no key.
*/
public static SimpleImmutableEntry<Boolean, String> checkFingerPrint(
@@ -781,7 +781,7 @@
* fingerprint.
* @param d The {@link Digest} to be used to generate the default fingerprint for the key
* @param key the {@link PublicKey} - if {@code null} then returns null.
- * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
+ * @return SimpleImmutableEntry&lt;Boolean, String&gt; - key is success indicator, value is actual fingerprint,
* {@code null} if no key.
*/
public static SimpleImmutableEntry<Boolean, String> checkFingerPrint(String expected, Digest d, PublicKey key) {
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2022-11-16 09:50:02.523293237 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2022-11-16 10:27:11.094543153 +0100
@@ -63,9 +63,7 @@
import org.apache.sshd.common.util.security.SecurityUtils;
/**
- * Basic support for <A HREF=
- * "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?rev=1.1&content-type=text/x-cvsweb-markup">OpenSSH
- * key file(s)</A>
+ * Basic support for <A HREF="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?rev=1.1&amp;content-type=text/x-cvsweb-markup">OpenSSH key file(s)</A>
*
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
*/
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2022-11-16 09:50:02.531293291 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2022-11-16 10:07:03.290271908 +0100
@@ -64,13 +64,13 @@
SkED25519BufferPublicKeyParser.INSTANCE));
/**
- * @param keyType The key type - e.g., &quot;ssh-rsa&quot, &quot;ssh-dss&quot;
+ * @param keyType The key type - e.g., &quot;ssh-rsa&quot;, &quot;ssh-dss&quot;
* @return {@code true} if this key type is supported by the parser
*/
boolean isKeyTypeSupported(String keyType);
/**
- * @param keyType The key type - e.g., &quot;ssh-rsa&quot, &quot;ssh-dss&quot;
+ * @param keyType The key type - e.g., &quot;ssh-rsa&quot;, &quot;ssh-dss&quot;
* @param buffer The {@link Buffer} containing the encoded raw public key
* @return The decoded {@link PublicKey}
* @throws GeneralSecurityException If failed to generate the key
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2022-11-16 09:50:02.527293266 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2022-11-16 10:17:14.006452121 +0100
@@ -112,10 +112,11 @@
* @param with String to replace with
* @param max maximum number of values to replace, or <code>-1</code> if no maximum
* @return the text with any replacements processed
- * @author Arnout J. Kuiper <a href="mailto:ajkuiper@wxs.nl">ajkuiper@wxs.nl</a>
- * @author Magesh Umasankar
- * @author <a href="mailto:bruce@callenish.com">Bruce Atherton</a>
- * @author <a href="mailto:levylambert@tiscali-dsl.de">Antoine Levy-Lambert</a>
+ *
+ * author Arnout J. Kuiper <a href="mailto:ajkuiper@wxs.nl">ajkuiper@wxs.nl</a>
+ * author Magesh Umasankar
+ * author <a href="mailto:bruce@callenish.com">Bruce Atherton</a>
+ * author <a href="mailto:levylambert@tiscali-dsl.de">Antoine Levy-Lambert</a>
*/
@SuppressWarnings("PMD.AssignmentInOperand")
public static String replace(String text, String repl, String with, int max) {
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2022-11-16 09:50:02.531293291 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2022-11-16 10:09:10.435142161 +0100
@@ -76,7 +76,7 @@
}
/**
- * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it
+ * The integer is always considered to be positive, so if the first byte is &lt; 0, we pad with a zero to make it
* positive
*
* @param bytes {@link BigInteger} bytes
@@ -87,7 +87,7 @@
}
/**
- * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it
+ * The integer is always considered to be positive, so if the first byte is &lt; 0, we pad with a zero to make it
* positive
*
* @param bytes {@link BigInteger} bytes
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2022-11-16 09:50:02.527293266 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2022-11-16 10:28:23.527039819 +0100
@@ -165,7 +165,7 @@
}
/**
- * Remove {@code Windows} domain and/or group prefix as well as &quot;(User);&quot suffix
+ * Remove {@code Windows} domain and/or group prefix as well as &quot;(User);&quot; suffix
*
* @param user The original username - ignored if {@code null}/empty
* @return The canonical user - unchanged if {@code Unix} O/S
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2022-11-16 09:50:02.535293319 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2022-11-16 10:31:13.564205742 +0100
@@ -119,7 +119,7 @@
/**
* The min. key size value used for testing whether Diffie-Hellman Group Exchange is supported or not. According to
* <A HREF="https://tools.ietf.org/html/rfc4419">RFC 4419</A> section 3: &quot;Servers and clients SHOULD support
- * groups with a modulus length of k bits, where 1024 <= k <= 8192&quot;. </code>
+ * groups with a modulus length of k bits, where 1024 &lt;= k &lt;= 8192&quot;. </code>
*
* <B>Note: this has been amended by <A HREF="https://tools.ietf.org/html/rfc8270">RFC 8270</A>
*/
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2022-11-16 09:50:02.571293565 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2022-11-16 10:28:51.175229400 +0100
@@ -23,8 +23,8 @@
/**
* Provides a way to implement proxied connections where some metadata about the client is sent <U>before</U> the actual
- * SSH protocol is executed - e.g., the <A HREF=@http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY
- * protocol</A>. The implementor should use the {@code IoSession#write(Buffer)} method to send any packets with the
+ * SSH protocol is executed - e.g., the <A HREF="http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY protocol</A>.
+ * The implementor should use the {@code IoSession#write(Buffer)} method to send any packets with the
* meta-data.
*
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2022-11-16 09:50:02.575293593 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2022-11-16 10:04:31.529233186 +0100
@@ -67,7 +67,7 @@
/**
* The default {@link BuiltinCiphers} setup in order of preference as specified by
- * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</A>
+ * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&amp;sektion=5">ssh_config(5)</A>
*/
public static final List<BuiltinCiphers> DEFAULT_CIPHERS_PREFERENCE = Collections.unmodifiableList(
Arrays.asList(
@@ -83,7 +83,7 @@
/**
* The default {@link BuiltinDHFactories} setup in order of preference as specified by
- * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5"> ssh_config(5)</A>
+ * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&amp;sektion=5"> ssh_config(5)</A>
*/
public static final List<BuiltinDHFactories> DEFAULT_KEX_PREFERENCE = Collections.unmodifiableList(
Arrays.asList(
@@ -104,7 +104,7 @@
/**
* The default {@link BuiltinMacs} setup in order of preference as specified by
- * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5"> ssh_config(5)</A>
+ * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&amp;sektion=5"> ssh_config(5)</A>
*/
public static final List<BuiltinMacs> DEFAULT_MAC_PREFERENCE = Collections.unmodifiableList(
Arrays.asList(
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/channel/LocalWindow.java 2022-11-16 09:50:02.575293593 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/channel/LocalWindow.java 2022-11-16 10:22:11.968492069 +0100
@@ -51,8 +51,6 @@
/**
* Initializes the {@link LocalWindow} with the packet and window sizes from the {@code resolver}.
*
- * @param size the initial window size
- * @param packetSize the peer's advertised maximum packet size
* @param resolver {@PropertyResolver} to access properties
*/
public void init(PropertyResolver resolver) {
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java 2022-11-16 09:50:02.579293619 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java 2022-11-16 10:49:31.567743605 +0100
@@ -46,7 +46,7 @@
/**
* Manages SSH message sending during a key exchange. RFC 4253 specifies that during a key exchange, no high-level
* messages are to be sent, but a receiver must be able to deal with messages "in flight" until the peer's
- * {@link SshConstants#SSH_MSG_KEX_INIT} message is received.
+ * {@link SshConstants#SSH_MSG_KEXINIT} message is received.
* <p>
* Apache MINA sshd queues up high-level messages that threads try to send while a key exchange is ongoing, and sends
* them once the key exchange is done. Sending queued messages may make the peer re-trigger a new key exchange, in which
@@ -154,7 +154,7 @@
}
/**
- * Initializes the state for a new key exchange. {@link #allPacketsFlushed()} will be {@code false}, and a new
+ * Initializes the state for a new key exchange. <code>kexFlushed</code> will be {@code false}, and a new
* future to be fulfilled when all queued packets will be flushed once the key exchange is done is set. The
* currently set future from an earlier key exchange is returned. The returned future may or may not be fulfilled;
* if it isn't, there are still left-over pending packets to write from the previous key exchange, which will be
@@ -406,7 +406,7 @@
* exchange, flushing is stopped and is to be resumed by another call to this method when the new key exchange is
* done.
*
- * @param flushDone the future obtained from {@link #getFlushedFuture()}; will be fulfilled once all pending packets
+ * @param flushDone the future obtained from {@link #terminateKeyExchange()}; will be fulfilled once all pending packets
* have been written
*/
protected void flushQueue(DefaultKeyExchangeFuture flushDone) {
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2022-11-16 09:50:02.579293619 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2022-11-16 10:02:05.032231651 +0100
@@ -224,11 +224,11 @@
* {@link Buffer} to the given {@link ReplyHandler}, which may execute in a different thread.
*
* <dl>
- * <dt>want-reply == true && replyHandler != null</dt>
+ * <dt>want-reply == true &amp;&amp; replyHandler != null</dt>
* <dd>The returned future is fulfilled with {@code null} when the request was sent, or with an exception if the
* request could not be sent. The {@code replyHandler} is invoked once the reply is received, with the SSH reply
* code and the data received.</dd>
- * <dt>want-reply == true && replyHandler == null</dt>
+ * <dt>want-reply == true &amp;&amp; replyHandler == null</dt>
* <dd>The returned future is fulfilled with an exception if the request could not be sent, or a failure reply was
* received. If a success reply was received, the future is fulfilled with the received data buffer.</dd>
* <dt>want-reply == false</dt>
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2022-11-16 09:50:02.583293646 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2022-11-16 10:33:44.345239622 +0100
@@ -23,8 +23,7 @@
/**
* Provides a way to implement proxied connections where some metadata about the client is sent <U>before</U> the actual
- * SSH protocol is executed - e.g., the <A HREF=@http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY
- * protocol</A>.
+ * SSH protocol is executed - e.g., the <A HREF="http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY protocol</A>.
*
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
*/

119
apache-sshd.changes
View File

@ -1,3 +1,122 @@
-------------------------------------------------------------------
Wed Nov 16 11:36:21 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 2.9.2 (bsc#1205463, CVE-2022-45047)
- Changes in version 2.8.0
* Bug
+ Wrong server key algorithm choose
+ Expiration of OpenSshCertificates needs to compare timestamps
as unsigned long
+ SFTP Get downloads empty file from servers which supports EOF
indication after data
+ skip() doesn't work properly in SftpInputStreamAsync
+ OpenMode and CopyMode is not honored as expected in
version > 4 of SFTP api
+ SftpTransferTest sometimes hangs (failure during rekeying)
+ Race condition in KEX
+ Fix the ciphers supported documentation
+ Update tarLongFileMode to use POSIX
+ WinsCP transfer failure to Apache SSHD Server
+ Pubkey auth: keys from ssh-agent are used even if
HostConfigEntry.isIdentitiesOnly() is true
+ Support RSA SHA2 signatures via SSH agent
+ NOTICE: wrong copyright year range
+ Wrong creationTime in writeAttrs for SFTP
+ sshd-netty logs all traffic on INFO level
* New Feature
+ Add support for chacha20-poly1305@openssh.com
+ Parsing of ~/.ssh/config Host patterns fails with extra
whitespace
+ Support generating OpenSSH client certificates
* Improvement
+ Add support for curve25519-sha256@libssh.org key exchange
+ OpenSSH certificates: check certificate type
+ OpenSSHCertificatesTest: certificates expire in 2030
+ Display IdleTimeOut in more user-friendly format
+ sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in
ChannelAsyncOutputStream constructor configurable from
outside using variable/config file
+ Intercepting the server exception message from server in SSHD
client
+ Implement RFC 8332 server-sig-algs on the server
+ Slow performance listing huge number of files on Apache SSHD
server
+ SFTP: too many LSTAT calls
+ Support key constraints when adding a key to an SSH agent
+ Add SFTP server side file custom attributes hook
* Task
+ Make sure the project is built using a <release>1.8</release>
* Question
+ UserInteraction Problem
- Changes of vesion 2.9.0
* Bug
+ Deadlock on disconnection at the end of key-exchange
+ Remote port forwarding mode does not handle EOF properly
+ Public key authentication: wrong signature algorithm used
(ed25519 key with ssh-rsa signature)
+ Client fails window adjust above Integer.MAX_VALUE
+ class loader fails to load
org.apache.sshd.common.cipher.BaseGCMCipher
+ Shell is not getting closed if the command has already closed
the OutputStream it is using.
+ Sometimes async write listener is not called
+ Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to
SocketTimeoutException
+ different host key algorithm used on rekey than used for the
initial connection
+ OpenSSH certificate is not properly encoded when critical
options are included
+ TCP/IP remote port forwarding with wildcard IP addresses
doesn't work with OpenSSH
+ UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from
an agent
* New Feature
+ Add support for Argon2 encrypted PUTTY key files
+ Add support for merged inverted output and error streams of
remote process
* Improvement
+ Add support for "limits@openssh.com" SFTP extension
+ Support host-based pubkey authentication in the client
+ Send environment variable and open subsystem at the same time
for SSH session
- Changes of version 2.9.1
* Bug
+ ClientSession.auth().verify() is terminated with timeout
+ 2.9.0 release broken on Java 8
+ Infinite loop in
org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead
+ Deadlock during session exit
+ Race condition is logged in ChannelAsyncOutputStream
- Changes of version 2.9.2
* Bug
+ SFTP worker threads got stuck while processing PUT methods
against one specific SFTP server
+ Use the maximum packet size of the communication partner
+ ExplicitPortForwardingTracker does not unbind auto-allocated
one
+ Default SshClient FD leak because Selector not closed
+ Reading again from exhausted ChannelExec#getInvertedOut()
throws IOException instead of returning -1
+ Keeping error streams and input streams separate after
ChannelExec#setRedirectErrorStream(true) is called
+ Nio2Session.shutdownOutput() should wait for writes in
progress
* Test
+ Research intermittent failure in unit tests using various I/O
service factories
- Modified patch:
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
+ rediff to changed context
- Removed patches:
* 0002-Fix-manifest-generation.patch
+ not needed any more in this version
* apache-sshd-2.7.0-java8.patch
+ not needed since the Java 8 compatibility is handled by the
--release option
- Added patch:
* apache-sshd-javadoc.patch
+ Fix different warnings in javadoc generation
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba <fstrba@suse.com> Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba <fstrba@suse.com>

18
apache-sshd.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package apache-sshd # spec file for package apache-sshd
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: apache-sshd Name: apache-sshd
Version: 2.7.0 Version: 2.9.2
Release: 0 Release: 0
Summary: Apache SSHD Summary: Apache SSHD
# One file has ISC licensing: # One file has ISC licensing:
@ -27,14 +27,12 @@ URL: https://mina.apache.org/sshd-project
Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz
# Avoid optional dep on tomcat native APR library # Avoid optional dep on tomcat native APR library
Patch0: 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch Patch0: 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
Patch1: 0002-Fix-manifest-generation.patch Patch1: apache-sshd-javadoc.patch
Patch2: apache-sshd-2.7.0-java8.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: maven-local BuildRequires: maven-local
BuildRequires: mvn(junit:junit) BuildRequires: mvn(junit:junit)
BuildRequires: mvn(net.i2p.crypto:eddsa) BuildRequires: mvn(net.i2p.crypto:eddsa)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin)
@ -46,6 +44,7 @@ BuildRequires: mvn(org.bouncycastle:bcpg-jdk15on)
BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on) BuildRequires: mvn(org.bouncycastle:bcpkix-jdk15on)
BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin) BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
BuildRequires: mvn(org.codehaus.plexus:plexus-archiver) BuildRequires: mvn(org.codehaus.plexus:plexus-archiver)
BuildRequires: mvn(org.slf4j:jcl-over-slf4j)
BuildRequires: mvn(org.slf4j:slf4j-api) BuildRequires: mvn(org.slf4j:slf4j-api)
BuildArch: noarch BuildArch: noarch
@ -65,13 +64,12 @@ This package provides %{name}.
# Avoid optional dep on tomcat native APR library # Avoid optional dep on tomcat native APR library
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
# Avoid unnecessary dep on spring framework # Avoid unnecessary dep on spring framework
%pom_remove_dep :spring-framework-bom %pom_remove_dep :spring-framework-bom
%pom_remove_dep :testcontainers-bom sshd-sftp %pom_remove_dep :testcontainers-bom sshd-sftp sshd-core
# Build the core modules only # Build the core modules only
%pom_disable_module assembly %pom_disable_module assembly
@ -101,7 +99,11 @@ rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
%build %build
# Can't run tests, they require ch.ethz.ganymed:ganymed-ssh2 # Can't run tests, they require ch.ethz.ganymed:ganymed-ssh2
%{mvn_build} -f -- -Dworkspace.root.dir=$(pwd) -Dsource=8 %{mvn_build} -f -- -Dworkspace.root.dir=$(pwd) \
%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 9}%{!?pkg_vcmp:0}
-Dmaven.compiler.release=8 \
%endif
-Dsource=8
%install %install
%mvn_install %mvn_install