pool/apache-sshd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rpm 4.20 compat

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-sshd?expand=0&rev=26
This commit is contained in:
Gus Kenion 2024-02-21 08:15:53 +00:00 committed by Git OBS Bridge
commit 9abd93f3db
7 changed files with 901 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

105
0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch Normal file
View File

@ -0,0 +1,105 @@
From accd3e006a05615cf6eed9369d91fbedcc4eab16 Mon Sep 17 00:00:00 2001
From: Mat Booth <mat.booth@redhat.com>
Date: Thu, 7 Mar 2019 11:27:55 +0000
Subject: [PATCH] Avoid optional dependency on native tomcat APR library
---
pom.xml | 5 -----
sshd-core/pom.xml | 6 ------
.../sshd/agent/local/ProxyAgentFactory.java | 16 +---------------
sshd-osgi/pom.xml | 6 ------
4 files changed, 1 insertion(+), 32 deletions(-)
diff --git a/pom.xml b/pom.xml
index 867ca88..7c29678 100644
--- a/pom.xml
+++ b/pom.xml
@@ -434,11 +434,6 @@
<artifactId>mina-core</artifactId>
<version>2.0.23</version>
</dependency>
- <dependency>
- <groupId>tomcat</groupId>
- <artifactId>tomcat-apr</artifactId>
- <version>5.5.23</version>
- </dependency>
<dependency>
<groupId>net.i2p.crypto</groupId>
diff --git a/sshd-core/pom.xml b/sshd-core/pom.xml
index 6171c5c..73a43a7 100644
--- a/sshd-core/pom.xml
+++ b/sshd-core/pom.xml
@@ -43,12 +43,6 @@
</dependency>
<dependency>
- <groupId>tomcat</groupId>
- <artifactId>tomcat-apr</artifactId>
- <optional>true</optional>
- </dependency>
-
- <dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-jdk18on</artifactId>
<optional>true</optional>
diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java
index ab19539..5757e68 100644
--- a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java
+++ b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java
@@ -27,8 +27,6 @@ import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.sshd.agent.SshAgent;
import org.apache.sshd.agent.SshAgentFactory;
import org.apache.sshd.agent.SshAgentServer;
-import org.apache.sshd.agent.unix.AprLibrary;
-import org.apache.sshd.agent.unix.UnixAgentFactory;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.PropertyResolver;
import org.apache.sshd.common.channel.ChannelFactory;
@@ -51,9 +49,7 @@ public class ProxyAgentFactory implements SshAgentFactory {
@Override
public List<ChannelFactory> getChannelForwardingFactories(FactoryManager manager) {
- return isPreferredUnixAgent(manager)
- ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS
- : LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS;
+ return LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS;
}
@Override
@@ -104,16 +100,6 @@ public class ProxyAgentFactory implements SshAgentFactory {
}
public static boolean isPreferredUnixAgent(PropertyResolver resolver) {
- if (CoreModuleProperties.PREFER_UNIX_AGENT.getRequired(resolver)) {
- try {
- if (AprLibrary.getInstance() != null) {
- return true;
- }
- } catch (Exception ignore) {
- // ignored
- }
- }
-
return false;
}
}
diff --git a/sshd-osgi/pom.xml b/sshd-osgi/pom.xml
index 5395ceb..f456263 100644
--- a/sshd-osgi/pom.xml
+++ b/sshd-osgi/pom.xml
@@ -81,12 +81,6 @@
<optional>true</optional>
<scope>provided</scope>
</dependency>
- <dependency>
- <groupId>tomcat</groupId>
- <artifactId>tomcat-apr</artifactId>
- <optional>true</optional>
- <scope>provided</scope>
- </dependency>
</dependencies>
<build>
--
2.20.1

3
apache-sshd-2.12.0-src.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e8198fd90ca8089a71547300a7a8f6e853dd5fea6095a6887f79564849e76bd8
size 1857423

201
apache-sshd-javadoc.patch Normal file
View File

@ -0,0 +1,201 @@
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2024-01-19 22:39:38.007238345 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/client/auth/password/PasswordIdentityProvider.java 2024-01-19 22:39:58.550160515 +0100
@@ -36,7 +36,7 @@
public interface PasswordIdentityProvider {
/**
- * An &quot;empty&quot implementation of {@link PasswordIdentityProvider} that returns an empty group of passwords
+ * An &quot;empty&quot; implementation of {@link PasswordIdentityProvider} that returns an empty group of passwords
*/
PasswordIdentityProvider EMPTY_PASSWORDS_PROVIDER = new PasswordIdentityProvider() {
@Override
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2024-01-19 22:39:38.013904878 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java 2024-01-19 22:39:58.556827049 +0100
@@ -766,7 +766,7 @@
* @param expected The expected fingerprint if {@code null} or empty then returns a failure with the default
* fingerprint.
* @param key the {@link PublicKey} - if {@code null} then returns null.
- * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
+ * @return SimpleImmutableEntry&lt;Boolean, String&gt; - key is success indicator, value is actual fingerprint,
* {@code null} if no key.
* @see #getDefaultFingerPrintFactory()
* @see #checkFingerPrint(String, Factory, PublicKey)
@@ -780,7 +780,7 @@
* fingerprint.
* @param f The {@link Factory} to be used to generate the default {@link Digest} for the key
* @param key the {@link PublicKey} - if {@code null} then returns null.
- * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
+ * @return SimpleImmutableEntry&lt;Boolean, String&gt; - key is success indicator, value is actual fingerprint,
* {@code null} if no key.
*/
public static SimpleImmutableEntry<Boolean, String> checkFingerPrint(
@@ -793,7 +793,7 @@
* fingerprint.
* @param d The {@link Digest} to be used to generate the default fingerprint for the key
* @param key the {@link PublicKey} - if {@code null} then returns null.
- * @return SimpleImmutableEntry<Boolean, String> - key is success indicator, value is actual fingerprint,
+ * @return SimpleImmutableEntry&lt;Boolean, String&gt; - key is success indicator, value is actual fingerprint,
* {@code null} if no key.
*/
public static SimpleImmutableEntry<Boolean, String> checkFingerPrint(String expected, Digest d, PublicKey key) {
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2024-01-19 22:39:38.010571611 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java 2024-01-19 22:39:58.556827049 +0100
@@ -63,9 +63,7 @@
import org.apache.sshd.common.util.security.SecurityUtils;
/**
- * Basic support for <A HREF=
- * "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?rev=1.1&content-type=text/x-cvsweb-markup">OpenSSH
- * key file(s)</A>
+ * Basic support for <A HREF="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?rev=1.1&amp;content-type=text/x-cvsweb-markup">OpenSSH key file(s)</A>
*
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
*/
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2024-01-19 22:39:38.020571412 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/buffer/keys/BufferPublicKeyParser.java 2024-01-19 22:39:58.563493582 +0100
@@ -64,13 +64,13 @@
SkED25519BufferPublicKeyParser.INSTANCE));
/**
- * @param keyType The key type - e.g., &quot;ssh-rsa&quot, &quot;ssh-dss&quot;
+ * @param keyType The key type - e.g., &quot;ssh-rsa&quot;, &quot;ssh-dss&quot;
* @return {@code true} if this key type is supported by the parser
*/
boolean isKeyTypeSupported(String keyType);
/**
- * @param keyType The key type - e.g., &quot;ssh-rsa&quot, &quot;ssh-dss&quot;
+ * @param keyType The key type - e.g., &quot;ssh-rsa&quot;, &quot;ssh-dss&quot;
* @param buffer The {@link Buffer} containing the encoded raw public key
* @return The decoded {@link PublicKey}
* @throws GeneralSecurityException If failed to generate the key
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2024-01-19 22:39:38.023904678 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/GenericUtils.java 2024-01-19 22:39:58.570160116 +0100
@@ -112,10 +112,11 @@
* @param with String to replace with
* @param max maximum number of values to replace, or <code>-1</code> if no maximum
* @return the text with any replacements processed
- * @author Arnout J. Kuiper <a href="mailto:ajkuiper@wxs.nl">ajkuiper@wxs.nl</a>
- * @author Magesh Umasankar
- * @author <a href="mailto:bruce@callenish.com">Bruce Atherton</a>
- * @author <a href="mailto:levylambert@tiscali-dsl.de">Antoine Levy-Lambert</a>
+ *
+ * author Arnout J. Kuiper <a href="mailto:ajkuiper@wxs.nl">ajkuiper@wxs.nl</a>
+ * author Magesh Umasankar
+ * author <a href="mailto:bruce@callenish.com">Bruce Atherton</a>
+ * author <a href="mailto:levylambert@tiscali-dsl.de">Antoine Levy-Lambert</a>
*/
@SuppressWarnings("PMD.AssignmentInOperand")
public static String replace(String text, String repl, String with, int max) {
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2024-01-19 22:39:38.020571412 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/io/der/DERWriter.java 2024-01-19 22:39:58.573493382 +0100
@@ -76,7 +76,7 @@
}
/**
- * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it
+ * The integer is always considered to be positive, so if the first byte is &lt; 0, we pad with a zero to make it
* positive
*
* @param bytes {@link BigInteger} bytes
@@ -87,7 +87,7 @@
}
/**
- * The integer is always considered to be positive, so if the first byte is < 0, we pad with a zero to make it
+ * The integer is always considered to be positive, so if the first byte is &lt; 0, we pad with a zero to make it
* positive
*
* @param bytes {@link BigInteger} bytes
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2024-01-19 22:39:38.027237945 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/OsUtils.java 2024-01-19 22:39:58.580159916 +0100
@@ -334,7 +334,7 @@
}
/**
- * Remove {@code Windows} domain and/or group prefix as well as &quot;(User);&quot suffix
+ * Remove {@code Windows} domain and/or group prefix as well as &quot;(User);&quot; suffix
*
* @param user The original username - ignored if {@code null}/empty
* @return The canonical user - unchanged if {@code Unix} O/S
--- apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2024-01-19 22:39:38.023904678 +0100
+++ apache-sshd-2.12.0/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java 2024-01-19 22:39:58.580159916 +0100
@@ -120,7 +120,7 @@
/**
* The min. key size value used for testing whether Diffie-Hellman Group Exchange is supported or not. According to
* <A HREF="https://tools.ietf.org/html/rfc4419">RFC 4419</A> section 3: &quot;Servers and clients SHOULD support
- * groups with a modulus length of k bits, where 1024 <= k <= 8192&quot;. </code>
+ * groups with a modulus length of k bits, where 1024 &lt;= k &lt;= 8192&quot;. </code>
*
* <B>Note: this has been amended by <A HREF="https://tools.ietf.org/html/rfc8270">RFC 8270</A>
*/
--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2024-01-19 22:39:38.050570811 +0100
+++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/client/session/ClientProxyConnector.java 2024-01-19 22:39:58.580159916 +0100
@@ -23,8 +23,8 @@
/**
* Provides a way to implement proxied connections where some metadata about the client is sent <U>before</U> the actual
- * SSH protocol is executed - e.g., the <A HREF=@http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY
- * protocol</A>. The implementor should use the {@code IoSession#write(Buffer)} method to send any packets with the
+ * SSH protocol is executed - e.g., the <A HREF="http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY protocol</A>.
+ * The implementor should use the {@code IoSession#write(Buffer)} method to send any packets with the
* meta-data.
*
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2024-01-19 22:39:38.057237344 +0100
+++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/BaseBuilder.java 2024-01-19 22:39:58.586826449 +0100
@@ -67,7 +67,7 @@
/**
* The default {@link BuiltinCiphers} setup in order of preference as specified by
- * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5">ssh_config(5)</A>
+ * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&amp;sektion=5">ssh_config(5)</A>
*/
public static final List<BuiltinCiphers> DEFAULT_CIPHERS_PREFERENCE = Collections.unmodifiableList(
Arrays.asList(
@@ -83,7 +83,7 @@
/**
* The default {@link BuiltinDHFactories} setup in order of preference as specified by
- * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5"> ssh_config(5)</A>
+ * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&amp;sektion=5"> ssh_config(5)</A>
*/
public static final List<BuiltinDHFactories> DEFAULT_KEX_PREFERENCE = Collections.unmodifiableList(
Arrays.asList(
@@ -104,7 +104,7 @@
/**
* The default {@link BuiltinMacs} setup in order of preference as specified by
- * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&sektion=5"> ssh_config(5)</A>
+ * <A HREF="https://www.freebsd.org/cgi/man.cgi?query=ssh_config&amp;sektion=5"> ssh_config(5)</A>
*/
public static final List<BuiltinMacs> DEFAULT_MAC_PREFERENCE = Collections.unmodifiableList(
Arrays.asList(
--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2024-01-19 22:39:38.057237344 +0100
+++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/common/session/Session.java 2024-01-19 22:39:58.590159716 +0100
@@ -224,11 +224,11 @@
* {@link Buffer} to the given {@link ReplyHandler}, which may execute in a different thread.
*
* <dl>
- * <dt>want-reply == true && replyHandler != null</dt>
+ * <dt>want-reply == true &amp;&amp; replyHandler != null</dt>
* <dd>The returned future is fulfilled with {@code null} when the request was sent, or with an exception if the
* request could not be sent. The {@code replyHandler} is invoked once the reply is received, with the SSH reply
* code and the data received.</dd>
- * <dt>want-reply == true && replyHandler == null</dt>
+ * <dt>want-reply == true &amp;&amp; replyHandler == null</dt>
* <dd>The returned future is fulfilled with an exception if the request could not be sent, or a failure reply was
* received. If a success reply was received, the future is fulfilled with the received data buffer.</dd>
* <dt>want-reply == false</dt>
--- apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2024-01-19 22:39:38.060570610 +0100
+++ apache-sshd-2.12.0/sshd-core/src/main/java/org/apache/sshd/server/session/ServerProxyAcceptor.java 2024-01-19 22:39:58.593492983 +0100
@@ -23,8 +23,7 @@
/**
* Provides a way to implement proxied connections where some metadata about the client is sent <U>before</U> the actual
- * SSH protocol is executed - e.g., the <A HREF=@http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY
- * protocol</A>.
+ * SSH protocol is executed - e.g., the <A HREF="http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt">PROXY protocol</A>.
*
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
*/

443
apache-sshd.changes Normal file
View File

@ -0,0 +1,443 @@
-------------------------------------------------------------------
Wed Feb 21 08:15:48 UTC 2024 - Gus Kenion <gus.kenion@suse.com>
- Use %patch -P N instead of deprecated %patchN.
-------------------------------------------------------------------
Tue Feb 20 11:07:06 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
-------------------------------------------------------------------
Fri Jan 19 22:17:57 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Updated to upstream version 2.12.0
- Changes in version 2.11.0
* Bug Fixes
+ GH-328 Added configurable timeout(s) to DefaultSftpClient
+ GH-370 Also compare file keys in ModifiableFileWatcher.
+ GH-371 Fix channel pool in SftpFileSystem.
+ GH-383 Use correct default OpenOptions in
SftpFileSystemProvider.newFileChannel().
+ GH-384 Use correct lock modes for SFTP FileChannel.lock().
+ GH-388 ScpClient: support issuing commands to a server that
uses a non-UTF-8 locale.
+ GH-398 SftpInputStreamAsync: fix reporting EOF on zero-length
reads.
+ GH-403 Work-around a bug in WS_FTP <= 12.9 SFTP clients.
+ GH-407 (Regression in 2.10.0) SFTP performance fix: override
FilterOutputStream.write(byte[], int, int).
+ GH-410 Fix a race condition to ensure SSH_MSG_CHANNEL_EOF is
always sent before SSH_MSG_CHANNEL_CLOSE.
+ GH-414 Fix error handling while flushing queued packets at end
of KEX.
+ GH-420 Fix wrong log level on closing an Nio2Session.
+ SSHD-789 Fix detection of Android O/S from system properties.
+ SSHD-1259 Consider all applicable host keys from the
known_hosts files.
+ SSHD-1310 SftpFileSystem: do not close user session.
+ SSHD-1327 ChannelAsyncOutputStream: remove write future when
done.
+ SSHD-1332 (Regression in 2.10.0) Resolve ~ in IdentityFile
file names in HostConfigEntry.
* New Features
+ SSHD-1330 Use KeepAliveHandler global request instance in
client as well
+ GH-356 Publish snapshot maven artifacts to the Apache
Snapshots maven repository.
+ Bundle sshd-contrib has support classes for the HAProxy
protocol V2.
- Changes in version 2.12.0
* Bug Fixes
+ GH-428/GH-392 SCP client fails silently when error signalled
due to missing file or lacking permissions
+ GH-434 Ignore unknown key types from agent or in OpenSSH host
keys extension
* New Features
+ GH-429 Support GIT protocol-v2
+ GH-445 OpenSSH "strict key exchange" protocol extension
(CVE-2023-48795, bsc#1218189 mitigation)
- Modified patch:
* apache-sshd-javadoc.patch
+ rediff to changed context and drop integrated hunks
-------------------------------------------------------------------
Wed Oct 11 09:03:24 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstrem version 2.10.0
* Bug
+ SSHD-1295: Connection attempt not canceled when a connection
timeout occurs
+ SSHD-1316: Possible OOM in ChannelPipedInputStream
+ SSHD-1319: SftpRemotePathChannel.transferFrom(...) ignores
position argument
+ SSHD-1324: Rooted file system can leak informations
+ SSHD-1326: Failed to establish an SSH connection because the
server identifier exceeds the int range
* Improvement
+ SSHD-1315: Password in clear in SSHD server's logs
- Modified patch:
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
+ rediff to changed context
-------------------------------------------------------------------
Fri Feb 10 07:26:34 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Clean-up the spec a bit
-------------------------------------------------------------------
Wed Nov 16 11:36:21 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 2.9.2 (bsc#1205463, CVE-2022-45047)
- Changes in version 2.8.0
* Bug
+ Wrong server key algorithm choose
+ Expiration of OpenSshCertificates needs to compare timestamps
as unsigned long
+ SFTP Get downloads empty file from servers which supports EOF
indication after data
+ skip() doesn't work properly in SftpInputStreamAsync
+ OpenMode and CopyMode is not honored as expected in
version > 4 of SFTP api
+ SftpTransferTest sometimes hangs (failure during rekeying)
+ Race condition in KEX
+ Fix the ciphers supported documentation
+ Update tarLongFileMode to use POSIX
+ WinsCP transfer failure to Apache SSHD Server
+ Pubkey auth: keys from ssh-agent are used even if
HostConfigEntry.isIdentitiesOnly() is true
+ Support RSA SHA2 signatures via SSH agent
+ NOTICE: wrong copyright year range
+ Wrong creationTime in writeAttrs for SFTP
+ sshd-netty logs all traffic on INFO level
* New Feature
+ Add support for chacha20-poly1305@openssh.com
+ Parsing of ~/.ssh/config Host patterns fails with extra
whitespace
+ Support generating OpenSSH client certificates
* Improvement
+ Add support for curve25519-sha256@libssh.org key exchange
+ OpenSSH certificates: check certificate type
+ OpenSSHCertificatesTest: certificates expire in 2030
+ Display IdleTimeOut in more user-friendly format
+ sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in
ChannelAsyncOutputStream constructor configurable from
outside using variable/config file
+ Intercepting the server exception message from server in SSHD
client
+ Implement RFC 8332 server-sig-algs on the server
+ Slow performance listing huge number of files on Apache SSHD
server
+ SFTP: too many LSTAT calls
+ Support key constraints when adding a key to an SSH agent
+ Add SFTP server side file custom attributes hook
* Task
+ Make sure the project is built using a <release>1.8</release>
* Question
+ UserInteraction Problem
- Changes of vesion 2.9.0
* Bug
+ Deadlock on disconnection at the end of key-exchange
+ Remote port forwarding mode does not handle EOF properly
+ Public key authentication: wrong signature algorithm used
(ed25519 key with ssh-rsa signature)
+ Client fails window adjust above Integer.MAX_VALUE
+ class loader fails to load
org.apache.sshd.common.cipher.BaseGCMCipher
+ Shell is not getting closed if the command has already closed
the OutputStream it is using.
+ Sometimes async write listener is not called
+ Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to
SocketTimeoutException
+ different host key algorithm used on rekey than used for the
initial connection
+ OpenSSH certificate is not properly encoded when critical
options are included
+ TCP/IP remote port forwarding with wildcard IP addresses
doesn't work with OpenSSH
+ UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from
an agent
* New Feature
+ Add support for Argon2 encrypted PUTTY key files
+ Add support for merged inverted output and error streams of
remote process
* Improvement
+ Add support for "limits@openssh.com" SFTP extension
+ Support host-based pubkey authentication in the client
+ Send environment variable and open subsystem at the same time
for SSH session
- Changes of version 2.9.1
* Bug
+ ClientSession.auth().verify() is terminated with timeout
+ 2.9.0 release broken on Java 8
+ Infinite loop in
org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead
+ Deadlock during session exit
+ Race condition is logged in ChannelAsyncOutputStream
- Changes of version 2.9.2
* Bug
+ SFTP worker threads got stuck while processing PUT methods
against one specific SFTP server
+ Use the maximum packet size of the communication partner
+ ExplicitPortForwardingTracker does not unbind auto-allocated
one
+ Default SshClient FD leak because Selector not closed
+ Reading again from exhausted ChannelExec#getInvertedOut()
throws IOException instead of returning -1
+ Keeping error streams and input streams separate after
ChannelExec#setRedirectErrorStream(true) is called
+ Nio2Session.shutdownOutput() should wait for writes in
progress
* Test
+ Research intermittent failure in unit tests using various I/O
service factories
- Modified patch:
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
+ rediff to changed context
- Removed patches:
* 0002-Fix-manifest-generation.patch
+ not needed any more in this version
* apache-sshd-2.7.0-java8.patch
+ not needed since the Java 8 compatibility is handled by the
--release option
- Added patch:
* apache-sshd-javadoc.patch
+ Fix different warnings in javadoc generation
-------------------------------------------------------------------
Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 2.7.0
- Changes in version 2.5.0
* Major code re-factoring
+ Reception of an SSH_MSG_UNIMPLEMENTED response to a
SSH_MSG_GLOBAL_REQUEST is translated internally into same code
flow as if an SSH_MSH_REQUEST_FAILURE has been received - see
SSHD-968.
+ Server SFTP subsystem internal code dealing with the local
files has been delegated to the SftpFileSystemAccessor in
order to allow easier hooking into the SFTP subsystem.
- Resolving a local file path for an SFTP remote one
- Reading/Writing a file's attribute(s)
- Creating files links
- Copying / Renaming / Deleting files
+ SftpVersionSelector is now consulted when client sends initial
command (as well as when session is re-negotiated)
+ ScpCommandFactory is also a ShellFactory that can be used to
provide a minimalistic shell that is good enough for WinSCP.
+ Rework SFTP streams so that the client asks and receives as
much data as possible - see SSHD-979.
* Minor code helpers
+ Handling of debug/ignore/unimplemented messages has been split
into handleXXX and doInvokeXXXMsgHandler methods where the
former validate the messages and deal with the idle timeout,
and the latter execute the actual invcation.
+ Added overloaded methods that accept a java.time.Duration
specifier for timeout value.
+ The argument representing the SFTP subsystem in invocations to
SftpFileSystemAccessor has been enhanced to expose as much of
the available functionality as possible.
* Behavioral changes and enhancements
+ SSHD-964 - Send SSH_MSG_CHANNEL_EOF when tunnel channel being
closed.
+ SSHD-967 - Extra bytes written when
SftpRemotePathChannel#transferTo is used.
+ SSHD-968 - Interpret SSH_MSG_UNIMPLEMENTED response to a
heartbeat request as a liveness indicator
+ SSHD-970 - transferTo function of SftpRemotePathChannel will
loop if count parameter is greater than file size
+ SSHD-972 - Add support for peers using OpenSSH "security key"
key types
+ SSHD-977 - Apply consistent logging policy to caught
exceptions
+ SSHD-660 - Added support for server-side signed certificate
keys
+ SSHD-984 - Utility method to export KeyPair in OpenSSH format
+ SSHD-992 - Provide more hooks into the SFTP server subsystem
via SftpFileSystemAccessor
+ SSHD-997 - Fixed OpenSSH private key decoders for RSA and
Ed25519
+ SSHD-998 - Take into account SFTP version preference when
establishing initial channel
+ SSHD-989 - Read correctly ECDSA key pair from PKCS8 encoded
data
+ SSHD-1009 - Provide a minimalistic shell for supporting WinSCP
SCP mode.
- Changes in version 2.5.1
* Behavioral changes and enhancements
+ SSHD-1022 NPE in SftpOutputStreamAsync#flush() if no data
written in between.
- Changes in version 2.6.0
* Major code re-factoring
+ SshServerMain uses by default an ECDSA key instead of an RSA
one. This can be overridden either by -key-type / -key-size or
-key-file command line option.
+ SSHD-1034 Rename org.apache.sshd.common.ForwardingFilter to
Forwarder.
+ SSHD-1035 Move property definitions to common locations.
+ SSHD-1038 Refactor packages from a module into a cleaner
hierarchy.
+ SSHD-1080 Rework the PacketWriter to split according to the
various semantics
+ SSHD-1084 Revert the usage of asynchronous streams when
forwarding ports.
* Minor code helpers
+ SSHD-1004 Using a more constant time MAC validation to
minimize timing side channel information leak.
+ SSHD-1030 Added a NoneFileSystemFactory implementation
+ SSHD-1042 Added more callbacks to SftpEventListener
+ SSHD-1040 Make server key available after KEX completed.
+ SSHD-1060 Do not store logger level in fields.
+ SSHD-1064 Fixed ClientSession#executeRemoteCommand handling
of STDERR in case of exception to behave according to its
documentation
+ SSHD-1076 Break down ClientUserAuthService#auth method into
several to allow for flexible override
+ SSHD-1077 Added command line option to request specific SFTP
version in SftpCommandMain
+ SSHD-1079 Experimental async mode on the local port forwarder
+ SSHD-1086 Added SFTP aware directory scanning helper classes
+ SSHD-1089 Added wrappers for one-time single session usage of
SFTP/SCP clients
+ Propagate SCP file transfer ACK data to ScpTransferListener
before validating it.
* Behavioral changes and enhancements
+ SSHD-506 Added support for AES-GCM ciphers.
+ SSHD-954 Improve validation of DH public key values.
+ SSHD-1004 Deprecate DES, RC4 and Blowfish ciphers from default
setup.
+ SSHD-1004 Deprecate SHA-1 based key exchanges and signatures
from default setup.
+ SSHD-1004 Deprecate MD5-based and truncated HMAC algorithms
from default setup.
+ SSHD-1005 Added support for SCP remote-to-remote file transfer
+ SSHD-1020 SSH connections getting closed abruptly with timeout
exceptions.
+ SSHD-1026 Improve build reproductibility.
+ SSHD-1028 Fix SSH_MSG_DISCONNECT: Too many concurrent
connections.
+ SSHD-1032 Fix possible ArrayIndexOutOfBoundsException in
ChannelAsyncOutputStream.
+ SSHD-1033 Fix simultaneous usage of dynamic and local port
forwarding.
+ SSHD-1039 Fix support for some basic options in ssh/sshd cli.
+ SSHD-1047 Support for SSH jumps.
+ SSHD-1048 Wrap instead of rethrow IOException in Future.
+ SSHD-1050 Fixed race condition in AuthFuture if exception
caught before authentication started.
+ SSHD-1053 Fixed handling of certified keys authentication.
+ SSHD-1056 Added support for SCP remote-to-remote directory
transfer - including '-3' option of SCP command CLI.
+ SSHD-1057 Added capability to select a ShellFactory based on
the current session + use it for "WinSCP"
+ SSHD-1058 Improve exception logging strategy.
+ SSHD-1059 Do not send heartbeat if KEX state not DONE
+ SSHD-1063 Fixed known-hosts file server key verifier matching
of same host with different ports
+ SSHD-1066 Allow multiple binding to local port tunnel on
different addresses
+ SSHD-1070 OutOfMemoryError when use async port forwarding
+ SSHD-1100 Updated used moduli for DH group KEX
+ SSHD-1102 Provide filter support for SftpDirectoryStream
+ SSHD-1104 Take into account possible key type aliases when
using public key authentication
+ SSHD-1107 Allow configuration of minimum DH group exchange key
size via property or programmatically
+ SSHD-1108 Increased minimum default DH group exchange key size
to 2048 (but support 1024)
- Changes in version 2.7.0
* Major code re-factoring
+ SSHD-1133 Re-factored locations and names of ServerSession and
server-side ChannelSession related classes
+ Moved some helper methods and classes to more natural
locations
* Minor code helpers
+ SSHD-525 Added support for "posix-rename@openssh.com" SFTP
extension
+ SSHD-1083 Relaxed required Nio2Connector/Acceptor required
constructor arguments
+ SSHD-1085 Added CliLogger + more verbosity on SshClientMain
+ SSHD-1109 Route tests JUL logging via SLF4JBridgeHandler
+ SSHD-1109 Provide full slf4j logger capabilities to CliLogger
and use it in all CLI classes
+ SSHD-1110 Replace Class#newInstance() calls with
Class#getDefaultConstructor().newInstance()
+ SSHD-1111 Fixed SshClientCliSupport compression option
detection
+ SSHD-1116 Provide SessionContext argument to
HostKeyIdentityProvider#loadHostKeys
+ SSHD-1116 Provide SessionContext argument to
PasswordIdentityProvider#loadPasswords
+ SSHD-1116 Provide SessionContext argument to
AuthenticationIdentitiesProvider#loadIdentities
+ SSHD-1125 Added option to require immediate close of channel
in command ExitCallback invocation
+ SSHD-1127 Consolidated SftpSubsystem support implementations
into SftpSubsystemConfigurator
+ SSHD-1148 Generate a unique thread name for each SftpSubsystem
instance
* Behavioral changes and enhancements
+ SSHD-1085 Added more notifications related to channel state
change for detecting channel closing or closed earlier.
+ SSHD-1091 Renamed sshd-contrib top-level package in order to
align naming convention.
+ SSHD-1097 Added more SessionListener callbacks related to the
initial version and key exchange
+ SSHD-1097 Added more capability to send peer identification
via ReservedSessionMessagesHandler
+ SSHD-1097 Implemented endless tarpit example in sshd-contrib
+ SSHD-1109 Replace log4j with logback as the slf4j logger
implementation for tests
+ SSHD-1114 Added callbacks for client-side password
authentication progress
+ SSHD-1114 Added callbacks for client-side public key
authentication progress
+ SSHD-1114 Added callbacks for client-side host-based
authentication progress
+ SSHD-1114 Added capability for interactive password
authentication participation via UserInteraction
+ SSHD-1114 Added capability for interactive key based
authentication participation via UserInteraction
+ SSHD-1123 Add option to chunk data in ChannelAsyncOutputStream
if window size is smaller than packet size
+ SSHD-1125 Added mechanism to throttle pending write requests
in BufferedIoOutputStream
+ SSHD-1127 Added capability to register a custom receiver for
SFTP STDERR channel raw or stream data
+ SSHD-1132 Added SFTP client-side support for
'filename-charset' extension
+ SSHD-1132 Added SFTP client-side support for
'filename-translation-control' extension
+ SSHD-1132 Added SFTP servder-side support for non-UTF8
encoding of returned file names
+ SSHD-1133 Added capability to specify a custom charset for
parsing incoming commands to the ScpShell
+ SSHD-1133 Added capability to specify a custom charset for
returning environment variables related data from the ScpShell
+ SSHD-1133 Added capability to specify a custom charset for
handling the SCP protocol textual commands and responses
+ SSHD-1136 Use configuration property to decide whether to
allow fallback to DH group exchange using SHA-1 if no suitable
primes found for SHA-256
+ SSHD-1137 Added capability to override LinkOption(s) when
accessing a file/folder via SFTP
+ SSHD-1147 SftpInputStreamAsync: get file size before SSH_FXP_OPEN
- Modified patches:
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
* apache-sshd-2.4.0-java8.patch -> apache-sshd-2.7.0-java8.patch
+ rediff to changed context
- Added patch:
* 0002-Fix-manifest-generation.patch
+ do not import self
-------------------------------------------------------------------
Thu Jul 16 21:58:44 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* apache-sshd-2.4.0-java8.patch
+ restore Java 8 compatibility of bytecode generated by Java 9+
-------------------------------------------------------------------
Mon Jun 29 11:32:37 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Initial packaging of apache-sshd 2.4.0

125
apache-sshd.spec Normal file
View File

@ -0,0 +1,125 @@
#
# spec file for package apache-sshd
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: apache-sshd
Version: 2.12.0
Release: 0
Summary: Apache SSHD
# One file has ISC licensing:
# sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java
License: Apache-2.0 AND ISC
Group: Development/Libraries/Java
URL: https://mina.apache.org/sshd-project
Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz
# Avoid optional dep on tomcat native APR library
Patch0: 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
Patch1: apache-sshd-javadoc.patch
BuildRequires: fdupes
BuildRequires: maven-local
BuildRequires: mvn(junit:junit)
BuildRequires: mvn(net.i2p.crypto:eddsa)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin)
BuildRequires: mvn(org.apache.maven.surefire:surefire-junit47)
BuildRequires: mvn(org.apache.maven:maven-archiver)
BuildRequires: mvn(org.apache:apache-jar-resource-bundle)
BuildRequires: mvn(org.apache:apache:pom:) >= 30
BuildRequires: mvn(org.bouncycastle:bcpg-jdk18on)
BuildRequires: mvn(org.bouncycastle:bcpkix-jdk18on)
BuildRequires: mvn(org.codehaus.mojo:build-helper-maven-plugin)
BuildRequires: mvn(org.codehaus.plexus:plexus-archiver)
BuildRequires: mvn(org.slf4j:jcl-over-slf4j)
BuildRequires: mvn(org.slf4j:slf4j-api)
BuildArch: noarch
%description
Apache SSHD is a 100% pure java library to support the SSH protocols on both
the client and server side.
%package javadoc
Summary: API documentation for %{name}
%description javadoc
This package provides %{name}.
%prep
%setup -q
# Avoid optional dep on tomcat native APR library
%patch -P 0 -p1
%patch -P 1 -p1
rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
%pom_remove_dep -r tomcat:tomcat-apr
# Avoid unnecessary dep on spring framework
%pom_remove_dep :spring-framework-bom
%pom_remove_dep :testcontainers-bom sshd-sftp sshd-core
# Build the core modules only
%pom_disable_module sshd-mina
%pom_remove_dep -r org.apache.sshd:sshd-mina
%pom_disable_module sshd-netty
%pom_disable_module sshd-ldap
%pom_disable_module sshd-git
%pom_disable_module sshd-contrib
%pom_disable_module sshd-spring-sftp
%pom_remove_dep -r org.apache.sshd:sshd-spring-sftp
%pom_disable_module sshd-cli
%pom_disable_module sshd-openpgp
%pom_disable_module assembly
# don't require bom that we don't package
%pom_remove_dep org.testcontainers:testcontainers-bom sshd-scp
# Disable plugins we don't need for RPM builds
%pom_remove_plugin :apache-rat-plugin
%pom_remove_plugin :gmavenplus-plugin
%pom_remove_plugin :maven-checkstyle-plugin
%pom_remove_plugin :maven-enforcer-plugin
%pom_remove_plugin :maven-pmd-plugin
%pom_remove_plugin :animal-sniffer-maven-plugin
%pom_remove_plugin :impsort-maven-plugin
%pom_remove_plugin :formatter-maven-plugin . sshd-core
# Suppress generation of uses clauses
%pom_xpath_inject "pom:configuration/pom:instructions" "<_nouses>true</_nouses>" .
%pom_remove_plugin :maven-antrun-plugin sshd-osgi
%build
# Can't run tests, they require ch.ethz.ganymed:ganymed-ssh2
%{mvn_build} -f -- -Dworkspace.root.dir=$(pwd) \
%if %{?pkg_vcmp:%pkg_vcmp java-devel >= 9}%{!?pkg_vcmp:0}
-Dmaven.compiler.release=8 \
%endif
-Dsource=8
%install
%mvn_install
%fdupes -s %{buildroot}%{_javadocdir}
%files -f .mfiles
%doc CHANGES.md
%license LICENSE.txt NOTICE.txt assembly/src/main/legal/licenses/jbcrypt.txt
%files javadoc -f .mfiles-javadoc
%license LICENSE.txt NOTICE.txt assembly/src/main/legal/licenses/jbcrypt.txt
%changelog