pool/apache-sshd
SHA256
8
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1140070 from Java:packages

Browse Source 
CVE-2023-48795, bsc#1218189

OBS-URL: https://build.opensuse.org/request/show/1140070
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache-sshd?expand=0&rev=7
This commit is contained in:
Ana Guerrero
2024-01-22 19:31:56 +00:00
committed by Git OBS Bridge
parent 273f958140 64a95baeb1
commit 5b03bdfbbf
5 changed files with 90 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apache-sshd-2.10.0-src.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ba816577718c66c5f1be237dc32a06aecaaca5d842aa07a8003ce1991ce190b7
size 1797781

3
apache-sshd-2.12.0-src.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e8198fd90ca8089a71547300a7a8f6e853dd5fea6095a6887f79564849e76bd8
size 1857423

98
apache-sshd-javadoc.patch
View File

@@ -1,5 +1,5 @@
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2022-11-16 09:50:02.519293210 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2022-11-16 10:29:30.819501234 +0100
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2024-01-19 22:39:38.007238345 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2024-01-19 22:39:58.550160515 +0100
@@ -36,7 +36,7 @@
public interface PasswordIdentityProvider {
@@ -9,9 +9,9 @@
*/
PasswordIdentityProvider EMPTY_PASSWORDS_PROVIDER = new PasswordIdentityProvider() {
@Override
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2022-11-16 09:50:02.523293237 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2022-11-16 10:21:06.704044979 +0100
@@ -754,7 +754,7 @@
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2024-01-19 22:39:38.013904878 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2024-01-19 22:39:58.556827049 +0100
@@ -766,7 +766,7 @@
* @param expected The expected fingerprint if {@code null} or empty then returns a failure with the default
* fingerprint.
* @param key the {@link PublicKey} - if {@code null} then returns null.
@@ -20,7 +20,7 @@
* {@code null} if no key.
* @see #getDefaultFingerPrintFactory()
* @see #checkFingerPrint(String, Factory, PublicKey)
@@ -768,7 +768,7 @@
@@ -780,7 +780,7 @@
* fingerprint.
* @param f The {@link Factory} to be used to generate the default {@link Digest} for the key
* @param key the {@link PublicKey} - if {@code null} then returns null.
@@ -29,7 +29,7 @@
* {@code null} if no key.
*/
public static SimpleImmutableEntry<Boolean, String> checkFingerPrint(
@@ -781,7 +781,7 @@
@@ -793,7 +793,7 @@
* fingerprint.
* @param d The {@link Digest} to be used to generate the default fingerprint for the key
* @param key the {@link PublicKey} - if {@code null} then returns null.
@@ -38,8 +38,8 @@
* {@code null} if no key.
*/
public static SimpleImmutableEntry<Boolean, String> checkFingerPrint(String expected, Digest d, PublicKey key) {
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2022-11-16 09:50:02.523293237 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2022-11-16 10:27:11.094543153 +0100
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2024-01-19 22:39:38.010571611 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2024-01-19 22:39:58.556827049 +0100
@@ -63,9 +63,7 @@
import org.apache.sshd.common.util.security.SecurityUtils;
@@ -51,8 +51,8 @@
*
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
*/
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2022-11-16 09:50:02.531293291 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2022-11-16 10:07:03.290271908 +0100
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2024-01-19 22:39:38.020571412 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2024-01-19 22:39:58.563493582 +0100
@@ -64,13 +64,13 @@
SkED25519BufferPublicKeyParser.INSTANCE));
@@ -69,8 +69,8 @@
* @param buffer The {@link Buffer} containing the encoded raw public key
* @return The decoded {@link PublicKey}
* @throws GeneralSecurityException If failed to generate the key
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2022-11-16 09:50:02.527293266 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2022-11-16 10:17:14.006452121 +0100
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2024-01-19 22:39:38.023904678 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2024-01-19 22:39:58.570160116 +0100
@@ -112,10 +112,11 @@
* @param with String to replace with
* @param max maximum number of values to replace, or <code>-1</code> if no maximum
@@ -87,8 +87,8 @@
*/
@SuppressWarnings("PMD.AssignmentInOperand")
public static String replace(String text, String repl, String with, int max) {
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2022-11-16 09:50:02.531293291 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2022-11-16 10:09:10.435142161 +0100
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2024-01-19 22:39:38.020571412 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2024-01-19 22:39:58.573493382 +0100
@@ -76,7 +76,7 @@
}
@@ -107,9 +107,9 @@
* positive
*
* @param bytes {@link BigInteger} bytes
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2022-11-16 09:50:02.527293266 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2022-11-16 10:28:23.527039819 +0100
@@ -165,7 +165,7 @@
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2024-01-19 22:39:38.027237945 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2024-01-19 22:39:58.580159916 +0100
@@ -334,7 +334,7 @@
}
/**
@@ -118,9 +118,9 @@
*
* @param user The original username - ignored if {@code null}/empty
* @return The canonical user - unchanged if {@code Unix} O/S
--- apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2022-11-16 09:50:02.535293319 +0100
+++ apache-sshd-2.9.2/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2022-11-16 10:31:13.564205742 +0100
@@ -119,7 +119,7 @@
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2024-01-19 22:39:38.023904678 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2024-01-19 22:39:58.580159916 +0100
@@ -120,7 +120,7 @@
/**
* The min. key size value used for testing whether Diffie-Hellman Group Exchange is supported or not. According to
* <A HREF="https://tools.ietf.org/html/rfc4419">RFC 4419</A> section 3: &quot;Servers and clients SHOULD support
@@ -129,8 +129,8 @@
*
* <B>Note: this has been amended by <A HREF="https://tools.ietf.org/html/rfc8270">RFC 8270</A>
*/
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2022-11-16 09:50:02.571293565 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2022-11-16 10:28:51.175229400 +0100
--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2024-01-19 22:39:38.050570811 +0100
+++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2024-01-19 22:39:58.580159916 +0100
@@ -23,8 +23,8 @@
/**
@@ -142,8 +142,8 @@
* meta-data.
*
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2022-11-16 09:50:02.575293593 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2022-11-16 10:04:31.529233186 +0100
--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2024-01-19 22:39:38.057237344 +0100
+++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2024-01-19 22:39:58.586826449 +0100
@@ -67,7 +67,7 @@
/**
@@ -171,48 +171,8 @@
*/
public static final List<BuiltinMacs> DEFAULT_MAC_PREFERENCE = Collections.unmodifiableList(
Arrays.asList(
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/channel/LocalWindow.java 2022-11-16 09:50:02.575293593 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/channel/LocalWindow.java 2022-11-16 10:22:11.968492069 +0100
@@ -51,8 +51,6 @@
/**
* Initializes the {@link LocalWindow} with the packet and window sizes from the {@code resolver}.
*
- * @param size the initial window size
- * @param packetSize the peer's advertised maximum packet size
* @param resolver {@PropertyResolver} to access properties
*/
public void init(PropertyResolver resolver) {
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java 2022-11-16 09:50:02.579293619 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/helpers/KeyExchangeMessageHandler.java 2022-11-16 10:49:31.567743605 +0100
@@ -46,7 +46,7 @@
/**
* Manages SSH message sending during a key exchange. RFC 4253 specifies that during a key exchange, no high-level
* messages are to be sent, but a receiver must be able to deal with messages "in flight" until the peer's
- * {@link SshConstants#SSH_MSG_KEX_INIT} message is received.
+ * {@link SshConstants#SSH_MSG_KEXINIT} message is received.
* <p>
* Apache MINA sshd queues up high-level messages that threads try to send while a key exchange is ongoing, and sends
* them once the key exchange is done. Sending queued messages may make the peer re-trigger a new key exchange, in which
@@ -154,7 +154,7 @@
}
/**
- * Initializes the state for a new key exchange. {@link #allPacketsFlushed()} will be {@code false}, and a new
+ * Initializes the state for a new key exchange. <code>kexFlushed</code> will be {@code false}, and a new
* future to be fulfilled when all queued packets will be flushed once the key exchange is done is set. The
* currently set future from an earlier key exchange is returned. The returned future may or may not be fulfilled;
* if it isn't, there are still left-over pending packets to write from the previous key exchange, which will be
@@ -406,7 +406,7 @@
* exchange, flushing is stopped and is to be resumed by another call to this method when the new key exchange is
* done.
*
- * @param flushDone the future obtained from {@link #getFlushedFuture()}; will be fulfilled once all pending packets
+ * @param flushDone the future obtained from {@link #terminateKeyExchange()}; will be fulfilled once all pending packets
* have been written
*/
protected void flushQueue(DefaultKeyExchangeFuture flushDone) {
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2022-11-16 09:50:02.579293619 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2022-11-16 10:02:05.032231651 +0100
--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2024-01-19 22:39:38.057237344 +0100
+++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2024-01-19 22:39:58.590159716 +0100
@@ -224,11 +224,11 @@
* {@link Buffer} to the given {@link ReplyHandler}, which may execute in a different thread.
*
@@ -227,8 +187,8 @@
* <dd>The returned future is fulfilled with an exception if the request could not be sent, or a failure reply was
* received. If a success reply was received, the future is fulfilled with the received data buffer.</dd>
* <dt>want-reply == false</dt>
--- apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2022-11-16 09:50:02.583293646 +0100
+++ apache-sshd-2.9.2/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2022-11-16 10:33:44.345239622 +0100
--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2024-01-19 22:39:38.060570610 +0100
+++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2024-01-19 22:39:58.593492983 +0100
@@ -23,8 +23,7 @@
/**

53
apache-sshd.changes
View File

@@ -1,3 +1,56 @@
-------------------------------------------------------------------
Fri Jan 19 22:17:57 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Updated to upstream version 2.12.0
- Changes in version 2.11.0
* Bug Fixes
+ GH-328 Added configurable timeout(s) to DefaultSftpClient
+ GH-370 Also compare file keys in ModifiableFileWatcher.
+ GH-371 Fix channel pool in SftpFileSystem.
+ GH-383 Use correct default OpenOptions in
SftpFileSystemProvider.newFileChannel().
+ GH-384 Use correct lock modes for SFTP FileChannel.lock().
+ GH-388 ScpClient: support issuing commands to a server that
uses a non-UTF-8 locale.
+ GH-398 SftpInputStreamAsync: fix reporting EOF on zero-length
reads.
+ GH-403 Work-around a bug in WS_FTP <= 12.9 SFTP clients.
+ GH-407 (Regression in 2.10.0) SFTP performance fix: override
FilterOutputStream.write(byte[], int, int).
+ GH-410 Fix a race condition to ensure SSH_MSG_CHANNEL_EOF is
always sent before SSH_MSG_CHANNEL_CLOSE.
+ GH-414 Fix error handling while flushing queued packets at end
of KEX.
+ GH-420 Fix wrong log level on closing an Nio2Session.
+ SSHD-789 Fix detection of Android O/S from system properties.
+ SSHD-1259 Consider all applicable host keys from the
known_hosts files.
+ SSHD-1310 SftpFileSystem: do not close user session.
+ SSHD-1327 ChannelAsyncOutputStream: remove write future when
done.
+ SSHD-1332 (Regression in 2.10.0) Resolve ~ in IdentityFile
file names in HostConfigEntry.
* New Features
+ SSHD-1330 Use KeepAliveHandler global request instance in
client as well
+ GH-356 Publish snapshot maven artifacts to the Apache
Snapshots maven repository.
+ Bundle sshd-contrib has support classes for the HAProxy
protocol V2.
- Changes in version 2.12.0
* Bug Fixes
+ GH-428/GH-392 SCP client fails silently when error signalled
due to missing file or lacking permissions
+ GH-434 Ignore unknown key types from agent or in OpenSSH host
keys extension
* New Features
+ GH-429 Support GIT protocol-v2
+ GH-445 OpenSSH "strict key exchange" protocol extension
(CVE-2023-48795, bsc#1218189 mitigation)
- Modified patch:
* apache-sshd-javadoc.patch
+ rediff to changed context and drop integrated hunks
-------------------------------------------------------------------
Wed Oct 11 09:03:24 UTC 2023 - Fridrich Strba <fstrba@suse.com>

8
apache-sshd.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package apache-sshd
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: apache-sshd
Version: 2.10.0
Version: 2.12.0
Release: 0
Summary: Apache SSHD
# One file has ISC licensing:
@@ -40,7 +40,7 @@ BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin)
BuildRequires: mvn(org.apache.maven.surefire:surefire-junit47)
BuildRequires: mvn(org.apache.maven:maven-archiver)
BuildRequires: mvn(org.apache:apache-jar-resource-bundle)
BuildRequires: mvn(org.apache:apache:pom:)
BuildRequires: mvn(org.apache:apache:pom:) >= 30
BuildRequires: mvn(org.bouncycastle:bcpg-jdk18on)
BuildRequires: mvn(org.bouncycastle:bcpkix-jdk18on)
BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
@@ -85,6 +85,8 @@ rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
%pom_disable_module sshd-cli
%pom_disable_module sshd-openpgp
%pom_disable_module assembly
# don't require bom that we don't package
%pom_remove_dep org.testcontainers:testcontainers-bom sshd-scp
# Disable plugins we don't need for RPM builds
%pom_remove_plugin :apache-rat-plugin