From 9abd93f3db6518fad3d0b3d367fe0fb3929bc981b17a1a1068a6a96665b0e2e7 Mon Sep 17 00:00:00 2001 From: Gus Kenion Date: Wed, 21 Feb 2024 08:15:53 +0000 Subject: [PATCH] rpm 4.20 compat OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-sshd?expand=0&rev=26 --- .gitattributes | 23 + .gitignore | 1 + ...ependency-on-native-tomcat-APR-libra.patch | 105 +++++ apache-sshd-2.12.0-src.tar.gz | 3 + apache-sshd-javadoc.patch | 201 ++++++++ apache-sshd.changes | 443 ++++++++++++++++++ apache-sshd.spec | 125 +++++ 7 files changed, 901 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch create mode 100644 apache-sshd-2.12.0-src.tar.gz create mode 100644 apache-sshd-javadoc.patch create mode 100644 apache-sshd.changes create mode 100644 apache-sshd.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch b/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch new file mode 100644 index 0000000..bcb8b0c --- /dev/null +++ b/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch @@ -0,0 +1,105 @@ +From accd3e006a05615cf6eed9369d91fbedcc4eab16 Mon Sep 17 00:00:00 2001 +From: Mat Booth +Date: Thu, 7 Mar 2019 11:27:55 +0000 +Subject: [PATCH] Avoid optional dependency on native tomcat APR library + +--- + pom.xml | 5 ----- + sshd-core/pom.xml | 6 ------ + .../sshd/agent/local/ProxyAgentFactory.java | 16 +--------------- + sshd-osgi/pom.xml | 6 ------ + 4 files changed, 1 insertion(+), 32 deletions(-) + +diff --git a/pom.xml b/pom.xml +index 867ca88..7c29678 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -434,11 +434,6 @@ + mina-core + 2.0.23 + +- +- tomcat +- tomcat-apr +- 5.5.23 +- + + + net.i2p.crypto +diff --git a/sshd-core/pom.xml b/sshd-core/pom.xml +index 6171c5c..73a43a7 100644 +--- a/sshd-core/pom.xml ++++ b/sshd-core/pom.xml +@@ -43,12 +43,6 @@ + + + +- tomcat +- tomcat-apr +- true +- +- +- + org.bouncycastle + bcpg-jdk18on + true +diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java +index ab19539..5757e68 100644 +--- a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java ++++ b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java +@@ -27,8 +27,6 @@ import java.util.concurrent.atomic.AtomicBoolean; + import org.apache.sshd.agent.SshAgent; + import org.apache.sshd.agent.SshAgentFactory; + import org.apache.sshd.agent.SshAgentServer; +-import org.apache.sshd.agent.unix.AprLibrary; +-import org.apache.sshd.agent.unix.UnixAgentFactory; + import org.apache.sshd.common.FactoryManager; + import org.apache.sshd.common.PropertyResolver; + import org.apache.sshd.common.channel.ChannelFactory; +@@ -51,9 +49,7 @@ public class ProxyAgentFactory implements SshAgentFactory { + + @Override + public List getChannelForwardingFactories(FactoryManager manager) { +- return isPreferredUnixAgent(manager) +- ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS +- : LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; ++ return LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; + } + + @Override +@@ -104,16 +100,6 @@ public class ProxyAgentFactory implements SshAgentFactory { + } + + public static boolean isPreferredUnixAgent(PropertyResolver resolver) { +- if (CoreModuleProperties.PREFER_UNIX_AGENT.getRequired(resolver)) { +- try { +- if (AprLibrary.getInstance() != null) { +- return true; +- } +- } catch (Exception ignore) { +- // ignored +- } +- } +- + return false; + } + } +diff --git a/sshd-osgi/pom.xml b/sshd-osgi/pom.xml +index 5395ceb..f456263 100644 +--- a/sshd-osgi/pom.xml ++++ b/sshd-osgi/pom.xml +@@ -81,12 +81,6 @@ + true + provided + +- +- tomcat +- tomcat-apr +- true +- provided +- + + + +-- +2.20.1 diff --git a/apache-sshd-2.12.0-src.tar.gz b/apache-sshd-2.12.0-src.tar.gz new file mode 100644 index 0000000..342ee39 --- /dev/null +++ b/apache-sshd-2.12.0-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e8198fd90ca8089a71547300a7a8f6e853dd5fea6095a6887f79564849e76bd8 +size 1857423 diff --git a/apache-sshd-javadoc.patch b/apache-sshd-javadoc.patch new file mode 100644 index 0000000..5cbde5f --- /dev/null +++ b/apache-sshd-javadoc.patch @@ -0,0 +1,201 @@ +--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2024-01-19 22:39:38.007238345 +0100 ++++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2024-01-19 22:39:58.550160515 +0100 +@@ -36,7 +36,7 @@ + public interface PasswordIdentityProvider { + + /** +- * An "empty" implementation of {@link PasswordIdentityProvider} that returns an empty group of passwords ++ * An "empty" implementation of {@link PasswordIdentityProvider} that returns an empty group of passwords + */ + PasswordIdentityProvider EMPTY_PASSWORDS_PROVIDER = new PasswordIdentityProvider() { + @Override +--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2024-01-19 22:39:38.013904878 +0100 ++++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2024-01-19 22:39:58.556827049 +0100 +@@ -766,7 +766,7 @@ + * @param expected The expected fingerprint if {@code null} or empty then returns a failure with the default + * fingerprint. + * @param key the {@link PublicKey} - if {@code null} then returns null. +- * @return SimpleImmutableEntry - key is success indicator, value is actual fingerprint, ++ * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint, + * {@code null} if no key. + * @see #getDefaultFingerPrintFactory() + * @see #checkFingerPrint(String, Factory, PublicKey) +@@ -780,7 +780,7 @@ + * fingerprint. + * @param f The {@link Factory} to be used to generate the default {@link Digest} for the key + * @param key the {@link PublicKey} - if {@code null} then returns null. +- * @return SimpleImmutableEntry - key is success indicator, value is actual fingerprint, ++ * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint, + * {@code null} if no key. + */ + public static SimpleImmutableEntry checkFingerPrint( +@@ -793,7 +793,7 @@ + * fingerprint. + * @param d The {@link Digest} to be used to generate the default fingerprint for the key + * @param key the {@link PublicKey} - if {@code null} then returns null. +- * @return SimpleImmutableEntry - key is success indicator, value is actual fingerprint, ++ * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint, + * {@code null} if no key. + */ + public static SimpleImmutableEntry checkFingerPrint(String expected, Digest d, PublicKey key) { +--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2024-01-19 22:39:38.010571611 +0100 ++++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2024-01-19 22:39:58.556827049 +0100 +@@ -63,9 +63,7 @@ + import org.apache.sshd.common.util.security.SecurityUtils; + + /** +- * Basic support for OpenSSH +- * key file(s) ++ * Basic support for OpenSSH key file(s) + * + * @author Apache MINA SSHD Project + */ +--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2024-01-19 22:39:38.020571412 +0100 ++++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2024-01-19 22:39:58.563493582 +0100 +@@ -64,13 +64,13 @@ + SkED25519BufferPublicKeyParser.INSTANCE)); + + /** +- * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" ++ * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" + * @return {@code true} if this key type is supported by the parser + */ + boolean isKeyTypeSupported(String keyType); + + /** +- * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" ++ * @param keyType The key type - e.g., "ssh-rsa", "ssh-dss" + * @param buffer The {@link Buffer} containing the encoded raw public key + * @return The decoded {@link PublicKey} + * @throws GeneralSecurityException If failed to generate the key +--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2024-01-19 22:39:38.023904678 +0100 ++++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2024-01-19 22:39:58.570160116 +0100 +@@ -112,10 +112,11 @@ + * @param with String to replace with + * @param max maximum number of values to replace, or -1 if no maximum + * @return the text with any replacements processed +- * @author Arnout J. Kuiper ajkuiper@wxs.nl +- * @author Magesh Umasankar +- * @author Bruce Atherton +- * @author Antoine Levy-Lambert ++ * ++ * author Arnout J. Kuiper ajkuiper@wxs.nl ++ * author Magesh Umasankar ++ * author Bruce Atherton ++ * author Antoine Levy-Lambert + */ + @SuppressWarnings("PMD.AssignmentInOperand") + public static String replace(String text, String repl, String with, int max) { +--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2024-01-19 22:39:38.020571412 +0100 ++++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2024-01-19 22:39:58.573493382 +0100 +@@ -76,7 +76,7 @@ + } + + /** +- * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it ++ * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it + * positive + * + * @param bytes {@link BigInteger} bytes +@@ -87,7 +87,7 @@ + } + + /** +- * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it ++ * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it + * positive + * + * @param bytes {@link BigInteger} bytes +--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2024-01-19 22:39:38.027237945 +0100 ++++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2024-01-19 22:39:58.580159916 +0100 +@@ -334,7 +334,7 @@ + } + + /** +- * Remove {@code Windows} domain and/or group prefix as well as "(User);" suffix ++ * Remove {@code Windows} domain and/or group prefix as well as "(User);" suffix + * + * @param user The original username - ignored if {@code null}/empty + * @return The canonical user - unchanged if {@code Unix} O/S +--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2024-01-19 22:39:38.023904678 +0100 ++++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2024-01-19 22:39:58.580159916 +0100 +@@ -120,7 +120,7 @@ + /** + * The min. key size value used for testing whether Diffie-Hellman Group Exchange is supported or not. According to + * RFC 4419 section 3: "Servers and clients SHOULD support +- * groups with a modulus length of k bits, where 1024 <= k <= 8192". ++ * groups with a modulus length of k bits, where 1024 <= k <= 8192". + * + * Note: this has been amended by RFC 8270 + */ +--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2024-01-19 22:39:38.050570811 +0100 ++++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2024-01-19 22:39:58.580159916 +0100 +@@ -23,8 +23,8 @@ + + /** + * Provides a way to implement proxied connections where some metadata about the client is sent before the actual +- * SSH protocol is executed - e.g., the PROXY +- * protocol. The implementor should use the {@code IoSession#write(Buffer)} method to send any packets with the ++ * SSH protocol is executed - e.g., the PROXY protocol. ++ * The implementor should use the {@code IoSession#write(Buffer)} method to send any packets with the + * meta-data. + * + * @author Apache MINA SSHD Project +--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2024-01-19 22:39:38.057237344 +0100 ++++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2024-01-19 22:39:58.586826449 +0100 +@@ -67,7 +67,7 @@ + + /** + * The default {@link BuiltinCiphers} setup in order of preference as specified by +- * ssh_config(5) ++ * ssh_config(5) + */ + public static final List DEFAULT_CIPHERS_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( +@@ -83,7 +83,7 @@ + + /** + * The default {@link BuiltinDHFactories} setup in order of preference as specified by +- * ssh_config(5) ++ * ssh_config(5) + */ + public static final List DEFAULT_KEX_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( +@@ -104,7 +104,7 @@ + + /** + * The default {@link BuiltinMacs} setup in order of preference as specified by +- * ssh_config(5) ++ * ssh_config(5) + */ + public static final List DEFAULT_MAC_PREFERENCE = Collections.unmodifiableList( + Arrays.asList( +--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2024-01-19 22:39:38.057237344 +0100 ++++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2024-01-19 22:39:58.590159716 +0100 +@@ -224,11 +224,11 @@ + * {@link Buffer} to the given {@link ReplyHandler}, which may execute in a different thread. + * + *
+- *
want-reply == true && replyHandler != null
++ *
want-reply == true && replyHandler != null
+ *
The returned future is fulfilled with {@code null} when the request was sent, or with an exception if the + * request could not be sent. The {@code replyHandler} is invoked once the reply is received, with the SSH reply + * code and the data received.
+- *
want-reply == true && replyHandler == null
++ *
want-reply == true && replyHandler == null
+ *
The returned future is fulfilled with an exception if the request could not be sent, or a failure reply was + * received. If a success reply was received, the future is fulfilled with the received data buffer.
+ *
want-reply == false
+--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2024-01-19 22:39:38.060570610 +0100 ++++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2024-01-19 22:39:58.593492983 +0100 +@@ -23,8 +23,7 @@ + + /** + * Provides a way to implement proxied connections where some metadata about the client is sent before the actual +- * SSH protocol is executed - e.g., the PROXY +- * protocol. ++ * SSH protocol is executed - e.g., the PROXY protocol. + * + * @author Apache MINA SSHD Project + */ diff --git a/apache-sshd.changes b/apache-sshd.changes new file mode 100644 index 0000000..69a297d --- /dev/null +++ b/apache-sshd.changes @@ -0,0 +1,443 @@ +------------------------------------------------------------------- +Wed Feb 21 08:15:48 UTC 2024 - Gus Kenion + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Tue Feb 20 11:07:06 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Fri Jan 19 22:17:57 UTC 2024 - Fridrich Strba + +- Updated to upstream version 2.12.0 +- Changes in version 2.11.0 + * Bug Fixes + + GH-328 Added configurable timeout(s) to DefaultSftpClient + + GH-370 Also compare file keys in ModifiableFileWatcher. + + GH-371 Fix channel pool in SftpFileSystem. + + GH-383 Use correct default OpenOptions in + SftpFileSystemProvider.newFileChannel(). + + GH-384 Use correct lock modes for SFTP FileChannel.lock(). + + GH-388 ScpClient: support issuing commands to a server that + uses a non-UTF-8 locale. + + GH-398 SftpInputStreamAsync: fix reporting EOF on zero-length + reads. + + GH-403 Work-around a bug in WS_FTP <= 12.9 SFTP clients. + + GH-407 (Regression in 2.10.0) SFTP performance fix: override + FilterOutputStream.write(byte[], int, int). + + GH-410 Fix a race condition to ensure SSH_MSG_CHANNEL_EOF is + always sent before SSH_MSG_CHANNEL_CLOSE. + + GH-414 Fix error handling while flushing queued packets at end + of KEX. + + GH-420 Fix wrong log level on closing an Nio2Session. + + SSHD-789 Fix detection of Android O/S from system properties. + + SSHD-1259 Consider all applicable host keys from the + known_hosts files. + + SSHD-1310 SftpFileSystem: do not close user session. + + SSHD-1327 ChannelAsyncOutputStream: remove write future when + done. + + SSHD-1332 (Regression in 2.10.0) Resolve ~ in IdentityFile + file names in HostConfigEntry. + * New Features + + SSHD-1330 Use KeepAliveHandler global request instance in + client as well + + GH-356 Publish snapshot maven artifacts to the Apache + Snapshots maven repository. + + Bundle sshd-contrib has support classes for the HAProxy + protocol V2. +- Changes in version 2.12.0 + * Bug Fixes + + GH-428/GH-392 SCP client fails silently when error signalled + due to missing file or lacking permissions + + GH-434 Ignore unknown key types from agent or in OpenSSH host + keys extension + * New Features + + GH-429 Support GIT protocol-v2 + + GH-445 OpenSSH "strict key exchange" protocol extension + (CVE-2023-48795, bsc#1218189 mitigation) +- Modified patch: + * apache-sshd-javadoc.patch + + rediff to changed context and drop integrated hunks + +------------------------------------------------------------------- +Wed Oct 11 09:03:24 UTC 2023 - Fridrich Strba + +- Upgrade to upstrem version 2.10.0 + * Bug + + SSHD-1295: Connection attempt not canceled when a connection + timeout occurs + + SSHD-1316: Possible OOM in ChannelPipedInputStream + + SSHD-1319: SftpRemotePathChannel.transferFrom(...) ignores + position argument + + SSHD-1324: Rooted file system can leak informations + + SSHD-1326: Failed to establish an SSH connection because the + server identifier exceeds the int range + * Improvement + + SSHD-1315: Password in clear in SSHD server's logs +- Modified patch: + * 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch + + rediff to changed context + +------------------------------------------------------------------- +Fri Feb 10 07:26:34 UTC 2023 - Fridrich Strba + +- Clean-up the spec a bit + +------------------------------------------------------------------- +Wed Nov 16 11:36:21 UTC 2022 - Fridrich Strba + +- Upgrade to version 2.9.2 (bsc#1205463, CVE-2022-45047) +- Changes in version 2.8.0 + * Bug + + Wrong server key algorithm choose + + Expiration of OpenSshCertificates needs to compare timestamps + as unsigned long + + SFTP Get downloads empty file from servers which supports EOF + indication after data + + skip() doesn't work properly in SftpInputStreamAsync + + OpenMode and CopyMode is not honored as expected in + version > 4 of SFTP api + + SftpTransferTest sometimes hangs (failure during rekeying) + + Race condition in KEX + + Fix the ciphers supported documentation + + Update tarLongFileMode to use POSIX + + WinsCP transfer failure to Apache SSHD Server + + Pubkey auth: keys from ssh-agent are used even if + HostConfigEntry.isIdentitiesOnly() is true + + Support RSA SHA2 signatures via SSH agent + + NOTICE: wrong copyright year range + + Wrong creationTime in writeAttrs for SFTP + + sshd-netty logs all traffic on INFO level + * New Feature + + Add support for chacha20-poly1305@openssh.com + + Parsing of ~/.ssh/config Host patterns fails with extra + whitespace + + Support generating OpenSSH client certificates + * Improvement + + Add support for curve25519-sha256@libssh.org key exchange + + OpenSSH certificates: check certificate type + + OpenSSHCertificatesTest: certificates expire in 2030 + + Display IdleTimeOut in more user-friendly format + + sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in + ChannelAsyncOutputStream constructor configurable from + outside using variable/config file + + Intercepting the server exception message from server in SSHD + client + + Implement RFC 8332 server-sig-algs on the server + + Slow performance listing huge number of files on Apache SSHD + server + + SFTP: too many LSTAT calls + + Support key constraints when adding a key to an SSH agent + + Add SFTP server side file custom attributes hook + * Task + + Make sure the project is built using a 1.8 + * Question + + UserInteraction Problem +- Changes of vesion 2.9.0 + * Bug + + Deadlock on disconnection at the end of key-exchange + + Remote port forwarding mode does not handle EOF properly + + Public key authentication: wrong signature algorithm used + (ed25519 key with ssh-rsa signature) + + Client fails window adjust above Integer.MAX_VALUE + + class loader fails to load + org.apache.sshd.common.cipher.BaseGCMCipher + + Shell is not getting closed if the command has already closed + the OutputStream it is using. + + Sometimes async write listener is not called + + Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to + SocketTimeoutException + + different host key algorithm used on rekey than used for the + initial connection + + OpenSSH certificate is not properly encoded when critical + options are included + + TCP/IP remote port forwarding with wildcard IP addresses + doesn't work with OpenSSH + + UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from + an agent + * New Feature + + Add support for Argon2 encrypted PUTTY key files + + Add support for merged inverted output and error streams of + remote process + * Improvement + + Add support for "limits@openssh.com" SFTP extension + + Support host-based pubkey authentication in the client + + Send environment variable and open subsystem at the same time + for SSH session +- Changes of version 2.9.1 + * Bug + + ClientSession.auth().verify() is terminated with timeout + + 2.9.0 release broken on Java 8 + + Infinite loop in + org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead + + Deadlock during session exit + + Race condition is logged in ChannelAsyncOutputStream +- Changes of version 2.9.2 + * Bug + + SFTP worker threads got stuck while processing PUT methods + against one specific SFTP server + + Use the maximum packet size of the communication partner + + ExplicitPortForwardingTracker does not unbind auto-allocated + one + + Default SshClient FD leak because Selector not closed + + Reading again from exhausted ChannelExec#getInvertedOut() + throws IOException instead of returning -1 + + Keeping error streams and input streams separate after + ChannelExec#setRedirectErrorStream(true) is called + + Nio2Session.shutdownOutput() should wait for writes in + progress + * Test + + Research intermittent failure in unit tests using various I/O + service factories +- Modified patch: + * 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch + + rediff to changed context +- Removed patches: + * 0002-Fix-manifest-generation.patch + + not needed any more in this version + * apache-sshd-2.7.0-java8.patch + + not needed since the Java 8 compatibility is handled by the + --release option +- Added patch: + * apache-sshd-javadoc.patch + + Fix different warnings in javadoc generation + +------------------------------------------------------------------- +Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba + +- Upgrade to version 2.7.0 +- Changes in version 2.5.0 + * Major code re-factoring + + Reception of an SSH_MSG_UNIMPLEMENTED response to a + SSH_MSG_GLOBAL_REQUEST is translated internally into same code + flow as if an SSH_MSH_REQUEST_FAILURE has been received - see + SSHD-968. + + Server SFTP subsystem internal code dealing with the local + files has been delegated to the SftpFileSystemAccessor in + order to allow easier hooking into the SFTP subsystem. + - Resolving a local file path for an SFTP remote one + - Reading/Writing a file's attribute(s) + - Creating files links + - Copying / Renaming / Deleting files + + SftpVersionSelector is now consulted when client sends initial + command (as well as when session is re-negotiated) + + ScpCommandFactory is also a ShellFactory that can be used to + provide a minimalistic shell that is good enough for WinSCP. + + Rework SFTP streams so that the client asks and receives as + much data as possible - see SSHD-979. + * Minor code helpers + + Handling of debug/ignore/unimplemented messages has been split + into handleXXX and doInvokeXXXMsgHandler methods where the + former validate the messages and deal with the idle timeout, + and the latter execute the actual invcation. + + Added overloaded methods that accept a java.time.Duration + specifier for timeout value. + + The argument representing the SFTP subsystem in invocations to + SftpFileSystemAccessor has been enhanced to expose as much of + the available functionality as possible. + * Behavioral changes and enhancements + + SSHD-964 - Send SSH_MSG_CHANNEL_EOF when tunnel channel being + closed. + + SSHD-967 - Extra bytes written when + SftpRemotePathChannel#transferTo is used. + + SSHD-968 - Interpret SSH_MSG_UNIMPLEMENTED response to a + heartbeat request as a liveness indicator + + SSHD-970 - transferTo function of SftpRemotePathChannel will + loop if count parameter is greater than file size + + SSHD-972 - Add support for peers using OpenSSH "security key" + key types + + SSHD-977 - Apply consistent logging policy to caught + exceptions + + SSHD-660 - Added support for server-side signed certificate + keys + + SSHD-984 - Utility method to export KeyPair in OpenSSH format + + SSHD-992 - Provide more hooks into the SFTP server subsystem + via SftpFileSystemAccessor + + SSHD-997 - Fixed OpenSSH private key decoders for RSA and + Ed25519 + + SSHD-998 - Take into account SFTP version preference when + establishing initial channel + + SSHD-989 - Read correctly ECDSA key pair from PKCS8 encoded + data + + SSHD-1009 - Provide a minimalistic shell for supporting WinSCP + SCP mode. +- Changes in version 2.5.1 + * Behavioral changes and enhancements + + SSHD-1022 NPE in SftpOutputStreamAsync#flush() if no data + written in between. +- Changes in version 2.6.0 + * Major code re-factoring + + SshServerMain uses by default an ECDSA key instead of an RSA + one. This can be overridden either by -key-type / -key-size or + -key-file command line option. + + SSHD-1034 Rename org.apache.sshd.common.ForwardingFilter to + Forwarder. + + SSHD-1035 Move property definitions to common locations. + + SSHD-1038 Refactor packages from a module into a cleaner + hierarchy. + + SSHD-1080 Rework the PacketWriter to split according to the + various semantics + + SSHD-1084 Revert the usage of asynchronous streams when + forwarding ports. + * Minor code helpers + + SSHD-1004 Using a more constant time MAC validation to + minimize timing side channel information leak. + + SSHD-1030 Added a NoneFileSystemFactory implementation + + SSHD-1042 Added more callbacks to SftpEventListener + + SSHD-1040 Make server key available after KEX completed. + + SSHD-1060 Do not store logger level in fields. + + SSHD-1064 Fixed ClientSession#executeRemoteCommand handling + of STDERR in case of exception to behave according to its + documentation + + SSHD-1076 Break down ClientUserAuthService#auth method into + several to allow for flexible override + + SSHD-1077 Added command line option to request specific SFTP + version in SftpCommandMain + + SSHD-1079 Experimental async mode on the local port forwarder + + SSHD-1086 Added SFTP aware directory scanning helper classes + + SSHD-1089 Added wrappers for one-time single session usage of + SFTP/SCP clients + + Propagate SCP file transfer ACK data to ScpTransferListener + before validating it. + * Behavioral changes and enhancements + + SSHD-506 Added support for AES-GCM ciphers. + + SSHD-954 Improve validation of DH public key values. + + SSHD-1004 Deprecate DES, RC4 and Blowfish ciphers from default + setup. + + SSHD-1004 Deprecate SHA-1 based key exchanges and signatures + from default setup. + + SSHD-1004 Deprecate MD5-based and truncated HMAC algorithms + from default setup. + + SSHD-1005 Added support for SCP remote-to-remote file transfer + + SSHD-1020 SSH connections getting closed abruptly with timeout + exceptions. + + SSHD-1026 Improve build reproductibility. + + SSHD-1028 Fix SSH_MSG_DISCONNECT: Too many concurrent + connections. + + SSHD-1032 Fix possible ArrayIndexOutOfBoundsException in + ChannelAsyncOutputStream. + + SSHD-1033 Fix simultaneous usage of dynamic and local port + forwarding. + + SSHD-1039 Fix support for some basic options in ssh/sshd cli. + + SSHD-1047 Support for SSH jumps. + + SSHD-1048 Wrap instead of rethrow IOException in Future. + + SSHD-1050 Fixed race condition in AuthFuture if exception + caught before authentication started. + + SSHD-1053 Fixed handling of certified keys authentication. + + SSHD-1056 Added support for SCP remote-to-remote directory + transfer - including '-3' option of SCP command CLI. + + SSHD-1057 Added capability to select a ShellFactory based on + the current session + use it for "WinSCP" + + SSHD-1058 Improve exception logging strategy. + + SSHD-1059 Do not send heartbeat if KEX state not DONE + + SSHD-1063 Fixed known-hosts file server key verifier matching + of same host with different ports + + SSHD-1066 Allow multiple binding to local port tunnel on + different addresses + + SSHD-1070 OutOfMemoryError when use async port forwarding + + SSHD-1100 Updated used moduli for DH group KEX + + SSHD-1102 Provide filter support for SftpDirectoryStream + + SSHD-1104 Take into account possible key type aliases when + using public key authentication + + SSHD-1107 Allow configuration of minimum DH group exchange key + size via property or programmatically + + SSHD-1108 Increased minimum default DH group exchange key size + to 2048 (but support 1024) +- Changes in version 2.7.0 + * Major code re-factoring + + SSHD-1133 Re-factored locations and names of ServerSession and + server-side ChannelSession related classes + + Moved some helper methods and classes to more natural + locations + * Minor code helpers + + SSHD-525 Added support for "posix-rename@openssh.com" SFTP + extension + + SSHD-1083 Relaxed required Nio2Connector/Acceptor required + constructor arguments + + SSHD-1085 Added CliLogger + more verbosity on SshClientMain + + SSHD-1109 Route tests JUL logging via SLF4JBridgeHandler + + SSHD-1109 Provide full slf4j logger capabilities to CliLogger + and use it in all CLI classes + + SSHD-1110 Replace Class#newInstance() calls with + Class#getDefaultConstructor().newInstance() + + SSHD-1111 Fixed SshClientCliSupport compression option + detection + + SSHD-1116 Provide SessionContext argument to + HostKeyIdentityProvider#loadHostKeys + + SSHD-1116 Provide SessionContext argument to + PasswordIdentityProvider#loadPasswords + + SSHD-1116 Provide SessionContext argument to + AuthenticationIdentitiesProvider#loadIdentities + + SSHD-1125 Added option to require immediate close of channel + in command ExitCallback invocation + + SSHD-1127 Consolidated SftpSubsystem support implementations + into SftpSubsystemConfigurator + + SSHD-1148 Generate a unique thread name for each SftpSubsystem + instance + * Behavioral changes and enhancements + + SSHD-1085 Added more notifications related to channel state + change for detecting channel closing or closed earlier. + + SSHD-1091 Renamed sshd-contrib top-level package in order to + align naming convention. + + SSHD-1097 Added more SessionListener callbacks related to the + initial version and key exchange + + SSHD-1097 Added more capability to send peer identification + via ReservedSessionMessagesHandler + + SSHD-1097 Implemented endless tarpit example in sshd-contrib + + SSHD-1109 Replace log4j with logback as the slf4j logger + implementation for tests + + SSHD-1114 Added callbacks for client-side password + authentication progress + + SSHD-1114 Added callbacks for client-side public key + authentication progress + + SSHD-1114 Added callbacks for client-side host-based + authentication progress + + SSHD-1114 Added capability for interactive password + authentication participation via UserInteraction + + SSHD-1114 Added capability for interactive key based + authentication participation via UserInteraction + + SSHD-1123 Add option to chunk data in ChannelAsyncOutputStream + if window size is smaller than packet size + + SSHD-1125 Added mechanism to throttle pending write requests + in BufferedIoOutputStream + + SSHD-1127 Added capability to register a custom receiver for + SFTP STDERR channel raw or stream data + + SSHD-1132 Added SFTP client-side support for + 'filename-charset' extension + + SSHD-1132 Added SFTP client-side support for + 'filename-translation-control' extension + + SSHD-1132 Added SFTP servder-side support for non-UTF8 + encoding of returned file names + + SSHD-1133 Added capability to specify a custom charset for + parsing incoming commands to the ScpShell + + SSHD-1133 Added capability to specify a custom charset for + returning environment variables related data from the ScpShell + + SSHD-1133 Added capability to specify a custom charset for + handling the SCP protocol textual commands and responses + + SSHD-1136 Use configuration property to decide whether to + allow fallback to DH group exchange using SHA-1 if no suitable + primes found for SHA-256 + + SSHD-1137 Added capability to override LinkOption(s) when + accessing a file/folder via SFTP + + SSHD-1147 SftpInputStreamAsync: get file size before SSH_FXP_OPEN +- Modified patches: + * 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch + * apache-sshd-2.4.0-java8.patch -> apache-sshd-2.7.0-java8.patch + + rediff to changed context +- Added patch: + * 0002-Fix-manifest-generation.patch + + do not import self + +------------------------------------------------------------------- +Thu Jul 16 21:58:44 UTC 2020 - Fridrich Strba + +- Added patch: + * apache-sshd-2.4.0-java8.patch + + restore Java 8 compatibility of bytecode generated by Java 9+ + +------------------------------------------------------------------- +Mon Jun 29 11:32:37 UTC 2020 - Fridrich Strba + +- Initial packaging of apache-sshd 2.4.0 diff --git a/apache-sshd.spec b/apache-sshd.spec new file mode 100644 index 0000000..7c236a2 --- /dev/null +++ b/apache-sshd.spec @@ -0,0 +1,125 @@ +# +# spec file for package apache-sshd +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: apache-sshd +Version: 2.12.0 +Release: 0 +Summary: Apache SSHD +# One file has ISC licensing: +# sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java +License: Apache-2.0 AND ISC +Group: Development/Libraries/Java +URL: https://mina.apache.org/sshd-project +Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz +# Avoid optional dep on tomcat native APR library +Patch0: 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch +Patch1: apache-sshd-javadoc.patch +BuildRequires: fdupes +BuildRequires: maven-local +BuildRequires: mvn(junit:junit) +BuildRequires: mvn(net.i2p.crypto:eddsa) +BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) +BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin) +BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin) +BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin) +BuildRequires: mvn(org.apache.maven.surefire:surefire-junit47) +BuildRequires: mvn(org.apache.maven:maven-archiver) +BuildRequires: mvn(org.apache:apache-jar-resource-bundle) +BuildRequires: mvn(org.apache:apache:pom:) >= 30 +BuildRequires: mvn(org.bouncycastle:bcpg-jdk18on) +BuildRequires: mvn(org.bouncycastle:bcpkix-jdk18on) +BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin) +BuildRequires: mvn(org.codehaus.plexus:plexus-archiver) +BuildRequires: mvn(org.slf4j:jcl-over-slf4j) +BuildRequires: mvn(org.slf4j:slf4j-api) +BuildArch: noarch + +%description +Apache SSHD is a 100% pure java library to support the SSH protocols on both +the client and server side. + +%package javadoc +Summary: API documentation for %{name} + +%description javadoc +This package provides %{name}. + +%prep +%setup -q + +# Avoid optional dep on tomcat native APR library +%patch -P 0 -p1 +%patch -P 1 -p1 + +rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix +%pom_remove_dep -r tomcat:tomcat-apr + +# Avoid unnecessary dep on spring framework +%pom_remove_dep :spring-framework-bom +%pom_remove_dep :testcontainers-bom sshd-sftp sshd-core + +# Build the core modules only +%pom_disable_module sshd-mina +%pom_remove_dep -r org.apache.sshd:sshd-mina +%pom_disable_module sshd-netty +%pom_disable_module sshd-ldap +%pom_disable_module sshd-git +%pom_disable_module sshd-contrib +%pom_disable_module sshd-spring-sftp +%pom_remove_dep -r org.apache.sshd:sshd-spring-sftp +%pom_disable_module sshd-cli +%pom_disable_module sshd-openpgp +%pom_disable_module assembly +# don't require bom that we don't package +%pom_remove_dep org.testcontainers:testcontainers-bom sshd-scp + +# Disable plugins we don't need for RPM builds +%pom_remove_plugin :apache-rat-plugin +%pom_remove_plugin :gmavenplus-plugin +%pom_remove_plugin :maven-checkstyle-plugin +%pom_remove_plugin :maven-enforcer-plugin +%pom_remove_plugin :maven-pmd-plugin +%pom_remove_plugin :animal-sniffer-maven-plugin +%pom_remove_plugin :impsort-maven-plugin +%pom_remove_plugin :formatter-maven-plugin . sshd-core + +# Suppress generation of uses clauses +%pom_xpath_inject "pom:configuration/pom:instructions" "<_nouses>true" . + +%pom_remove_plugin :maven-antrun-plugin sshd-osgi + +%build +# Can't run tests, they require ch.ethz.ganymed:ganymed-ssh2 +%{mvn_build} -f -- -Dworkspace.root.dir=$(pwd) \ +%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 9}%{!?pkg_vcmp:0} + -Dmaven.compiler.release=8 \ +%endif + -Dsource=8 + +%install +%mvn_install +%fdupes -s %{buildroot}%{_javadocdir} + +%files -f .mfiles +%doc CHANGES.md +%license LICENSE.txt NOTICE.txt assembly/src/main/legal/licenses/jbcrypt.txt + +%files javadoc -f .mfiles-javadoc +%license LICENSE.txt NOTICE.txt assembly/src/main/legal/licenses/jbcrypt.txt + +%changelog