pool/apache-sshd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-sshd?expand=0&rev=7

Browse Source
This commit is contained in:
Fridrich Strba 2021-07-30 08:44:47 +00:00 committed by Git OBS Bridge
parent 100b4dd9ff
commit cb8ae90b45
7 changed files with 282 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
View File

@ -14,7 +14,7 @@ diff --git a/pom.xml b/pom.xml
index 867ca88..7c29678 100644
--- a/pom.xml
+++ b/pom.xml
@@ -397,11 +397,6 @@
@@ -406,11 +406,6 @@
<artifactId>mina-core</artifactId>
<version>2.0.21</version>
</dependency>
@ -30,19 +30,19 @@ diff --git a/sshd-core/pom.xml b/sshd-core/pom.xml
index 6171c5c..73a43a7 100644
--- a/sshd-core/pom.xml
+++ b/sshd-core/pom.xml
@@ -42,12 +42,6 @@
<version>${project.version}</version>
@@ -43,12 +43,6 @@
</dependency>
- <dependency>
<dependency>
- <groupId>tomcat</groupId>
- <artifactId>tomcat-apr</artifactId>
- <optional>true</optional>
- </dependency>
-
<dependency>
- <dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpg-jdk15on</artifactId>
<optional>true</optional>
diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java
index ab19539..5757e68 100644
--- a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java
@ -55,23 +55,23 @@ index ab19539..5757e68 100644
-import org.apache.sshd.agent.unix.UnixAgentFactory;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.PropertyResolver;
import org.apache.sshd.common.PropertyResolverUtils;
@@ -52,9 +50,7 @@ public class ProxyAgentFactory implements SshAgentFactory {
import org.apache.sshd.common.channel.ChannelFactory;
@@ -51,9 +49,7 @@ public class ProxyAgentFactory implements SshAgentFactory {
@Override
public List<ChannelFactory> getChannelForwardingFactories(FactoryManager manager) {
- return isPreferredUnixAgent(manager)
- ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS
- : LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS;
- ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS
- : LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS;
+ return LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS;
}
@Override
@@ -105,16 +101,6 @@ public class ProxyAgentFactory implements SshAgentFactory {
@@ -104,16 +100,6 @@ public class ProxyAgentFactory implements SshAgentFactory {
}
public static boolean isPreferredUnixAgent(PropertyResolver resolver) {
- if (PropertyResolverUtils.getBooleanProperty(resolver, PREFER_UNIX_AGENT, OsUtils.isUNIX())) {
- if (CoreModuleProperties.PREFER_UNIX_AGENT.getRequired(resolver)) {
- try {
- if (AprLibrary.getInstance() != null) {
- return true;

11
0002-Fix-manifest-generation.patch Normal file
View File

@ -0,0 +1,11 @@
diff -up ./pom.xml.fix ./pom.xml
--- ./pom.xml.fix 2021-04-20 21:32:51.749782800 -0400
+++ ./pom.xml 2021-04-20 21:33:22.600740917 -0400
@@ -1020,7 +1020,6 @@
</goals>
<configuration>
<instructions>
- <Import-Package>org.apache.sshd*;version="[$(version;==;${sshd.osgi.version.clean}),$(version;=+;${sshd.osgi.version.clean}))",*</Import-Package>
<Export-Package>*;-noimport:=true</Export-Package>
</instructions>
<noWarningProjectTypes>pom</noWarningProjectTypes>

3
apache-sshd-2.4.0-src.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6b4aa68359d7959316fa2c4fae9e835de6ce71bd4de30bf90d3497c7f1e92f2e
size 1372521

38
apache-sshd-2.4.0-java8.patch → apache-sshd-2.7.0-java8.patch
View File

@ -1,8 +1,8 @@
--- apache-sshd-2.4.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2020-07-16 23:25:44.981904289 +0200
+++ apache-sshd-2.4.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2020-07-16 23:49:34.043250054 +0200
@@ -362,13 +362,13 @@
if (debugEnabled) {
log.debug("handleReadCycleCompletion({}) read {} bytes", this, result);
--- apache-sshd-2.7.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2021-07-30 09:48:59.082251041 +0200
+++ apache-sshd-2.7.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2021-07-30 09:54:40.568508196 +0200
@@ -353,13 +353,13 @@
log.trace("handleReadCycleCompletion({}) read {} bytes after {} nanos at cycle={}",
this, result, System.nanoTime() - lastReadCycleStart.get(), readCyclesCounter);
}
- buffer.flip();
+ ((java.nio.Buffer)buffer).flip();
@ -16,37 +16,37 @@
doReadCycle(buffer, completionHandler);
} else {
if (debugEnabled) {
--- apache-sshd-2.4.0/sshd-sftp/src/main/java/org/apache/sshd/client/subsystem/sftp/SftpRemotePathChannel.java 2020-07-16 23:25:44.961904157 +0200
+++ apache-sshd-2.4.0/sshd-sftp/src/main/java/org/apache/sshd/client/subsystem/sftp/SftpRemotePathChannel.java 2020-07-16 23:38:16.702818800 +0200
@@ -20,6 +20,7 @@
package org.apache.sshd.client.subsystem.sftp;
--- apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/SftpRemotePathChannel.java 2021-07-30 09:48:59.150251491 +0200
+++ apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/SftpRemotePathChannel.java 2021-07-30 09:54:40.572508221 +0200
@@ -21,6 +21,7 @@
import java.io.IOException;
import java.io.StreamCorruptedException;
+import java.nio.Buffer;
import java.nio.ByteBuffer;
import java.nio.MappedByteBuffer;
import java.nio.channels.AsynchronousCloseException;
@@ -123,7 +124,7 @@
int read = sftp.read(handle, curPos, wrap.array(), wrap.arrayOffset() + wrap.position(), wrap.remaining());
@@ -153,7 +154,7 @@
if (read > 0) {
// reference equality on purpose
if (wrap == buffer) {
- wrap.position(wrap.position() + read);
+ ((Buffer)wrap).position(wrap.position() + read);
} else {
buffer.put(wrap.array(), wrap.arrayOffset(), read);
}
@@ -191,7 +192,7 @@
int written = wrap.remaining();
sftp.write(handle, curPos, wrap.array(), wrap.arrayOffset() + wrap.position(), written);
@@ -258,7 +259,7 @@
wrap.arrayOffset() + wrap.position(), written);
// reference equality on purpose
if (wrap == buffer) {
- wrap.position(wrap.position() + written);
+ ((Buffer)wrap).position(wrap.position() + written);
}
curPos += written;
totalWritten += written;
--- apache-sshd-2.4.0/sshd-sftp/src/main/java/org/apache/sshd/server/subsystem/sftp/AbstractSftpSubsystemHelper.java 2020-07-16 23:25:44.961904157 +0200
+++ apache-sshd-2.4.0/sshd-sftp/src/main/java/org/apache/sshd/server/subsystem/sftp/AbstractSftpSubsystemHelper.java 2020-07-16 23:51:17.255925762 +0200
@@ -980,7 +980,7 @@
--- apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/server/AbstractSftpSubsystemHelper.java 2021-07-30 09:48:59.150251491 +0200
+++ apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/server/AbstractSftpSubsystemHelper.java 2021-07-30 09:55:19.804767492 +0200
@@ -942,7 +942,7 @@
if (remainLen < digestBuf.length) {
bb = ByteBuffer.wrap(digestBuf, 0, remainLen);
}
@ -55,7 +55,7 @@
int readLen = channel.read(bb);
if (readLen < 0) {
@@ -1005,7 +1005,7 @@
@@ -967,7 +967,7 @@
if (remainLen < digestBuf.length) {
bb = ByteBuffer.wrap(digestBuf, 0, remainLen);
}
@ -64,7 +64,7 @@
int readLen = channel.read(bb);
if (readLen < 0) {
@@ -1140,7 +1140,7 @@
@@ -1101,7 +1101,7 @@
if (remainLen < digestBuf.length) {
bb = ByteBuffer.wrap(digestBuf, 0, remainLen);
}

3
apache-sshd-2.7.0-src.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fe3f9ca72930fd4b01e2969f32f7d2aedd9b364fd42ca124cc3384bd23de7007
size 1535548

226
apache-sshd.changes
View File

@ -1,3 +1,229 @@
-------------------------------------------------------------------
Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 2.7.0
- Changes in version 2.5.0
* Major code re-factoring
+ Reception of an SSH_MSG_UNIMPLEMENTED response to a
SSH_MSG_GLOBAL_REQUEST is translated internally into same code
flow as if an SSH_MSH_REQUEST_FAILURE has been received - see
SSHD-968.
+ Server SFTP subsystem internal code dealing with the local
files has been delegated to the SftpFileSystemAccessor in
order to allow easier hooking into the SFTP subsystem.
- Resolving a local file path for an SFTP remote one
- Reading/Writing a file's attribute(s)
- Creating files links
- Copying / Renaming / Deleting files
+ SftpVersionSelector is now consulted when client sends initial
command (as well as when session is re-negotiated)
+ ScpCommandFactory is also a ShellFactory that can be used to
provide a minimalistic shell that is good enough for WinSCP.
+ Rework SFTP streams so that the client asks and receives as
much data as possible - see SSHD-979.
* Minor code helpers
+ Handling of debug/ignore/unimplemented messages has been split
into handleXXX and doInvokeXXXMsgHandler methods where the
former validate the messages and deal with the idle timeout,
and the latter execute the actual invcation.
+ Added overloaded methods that accept a java.time.Duration
specifier for timeout value.
+ The argument representing the SFTP subsystem in invocations to
SftpFileSystemAccessor has been enhanced to expose as much of
the available functionality as possible.
* Behavioral changes and enhancements
+ SSHD-964 - Send SSH_MSG_CHANNEL_EOF when tunnel channel being
closed.
+ SSHD-967 - Extra bytes written when
SftpRemotePathChannel#transferTo is used.
+ SSHD-968 - Interpret SSH_MSG_UNIMPLEMENTED response to a
heartbeat request as a liveness indicator
+ SSHD-970 - transferTo function of SftpRemotePathChannel will
loop if count parameter is greater than file size
+ SSHD-972 - Add support for peers using OpenSSH "security key"
key types
+ SSHD-977 - Apply consistent logging policy to caught
exceptions
+ SSHD-660 - Added support for server-side signed certificate
keys
+ SSHD-984 - Utility method to export KeyPair in OpenSSH format
+ SSHD-992 - Provide more hooks into the SFTP server subsystem
via SftpFileSystemAccessor
+ SSHD-997 - Fixed OpenSSH private key decoders for RSA and
Ed25519
+ SSHD-998 - Take into account SFTP version preference when
establishing initial channel
+ SSHD-989 - Read correctly ECDSA key pair from PKCS8 encoded
data
+ SSHD-1009 - Provide a minimalistic shell for supporting WinSCP
SCP mode.
- Changes in version 2.5.1
* Behavioral changes and enhancements
+ SSHD-1022 NPE in SftpOutputStreamAsync#flush() if no data
written in between.
- Changes in version 2.6.0
* Major code re-factoring
+ SshServerMain uses by default an ECDSA key instead of an RSA
one. This can be overridden either by -key-type / -key-size or
-key-file command line option.
+ SSHD-1034 Rename org.apache.sshd.common.ForwardingFilter to
Forwarder.
+ SSHD-1035 Move property definitions to common locations.
+ SSHD-1038 Refactor packages from a module into a cleaner
hierarchy.
+ SSHD-1080 Rework the PacketWriter to split according to the
various semantics
+ SSHD-1084 Revert the usage of asynchronous streams when
forwarding ports.
* Minor code helpers
+ SSHD-1004 Using a more constant time MAC validation to
minimize timing side channel information leak.
+ SSHD-1030 Added a NoneFileSystemFactory implementation
+ SSHD-1042 Added more callbacks to SftpEventListener
+ SSHD-1040 Make server key available after KEX completed.
+ SSHD-1060 Do not store logger level in fields.
+ SSHD-1064 Fixed ClientSession#executeRemoteCommand handling
of STDERR in case of exception to behave according to its
documentation
+ SSHD-1076 Break down ClientUserAuthService#auth method into
several to allow for flexible override
+ SSHD-1077 Added command line option to request specific SFTP
version in SftpCommandMain
+ SSHD-1079 Experimental async mode on the local port forwarder
+ SSHD-1086 Added SFTP aware directory scanning helper classes
+ SSHD-1089 Added wrappers for one-time single session usage of
SFTP/SCP clients
+ Propagate SCP file transfer ACK data to ScpTransferListener
before validating it.
* Behavioral changes and enhancements
+ SSHD-506 Added support for AES-GCM ciphers.
+ SSHD-954 Improve validation of DH public key values.
+ SSHD-1004 Deprecate DES, RC4 and Blowfish ciphers from default
setup.
+ SSHD-1004 Deprecate SHA-1 based key exchanges and signatures
from default setup.
+ SSHD-1004 Deprecate MD5-based and truncated HMAC algorithms
from default setup.
+ SSHD-1005 Added support for SCP remote-to-remote file transfer
+ SSHD-1020 SSH connections getting closed abruptly with timeout
exceptions.
+ SSHD-1026 Improve build reproductibility.
+ SSHD-1028 Fix SSH_MSG_DISCONNECT: Too many concurrent
connections.
+ SSHD-1032 Fix possible ArrayIndexOutOfBoundsException in
ChannelAsyncOutputStream.
+ SSHD-1033 Fix simultaneous usage of dynamic and local port
forwarding.
+ SSHD-1039 Fix support for some basic options in ssh/sshd cli.
+ SSHD-1047 Support for SSH jumps.
+ SSHD-1048 Wrap instead of rethrow IOException in Future.
+ SSHD-1050 Fixed race condition in AuthFuture if exception
caught before authentication started.
+ SSHD-1053 Fixed handling of certified keys authentication.
+ SSHD-1056 Added support for SCP remote-to-remote directory
transfer - including '-3' option of SCP command CLI.
+ SSHD-1057 Added capability to select a ShellFactory based on
the current session + use it for "WinSCP"
+ SSHD-1058 Improve exception logging strategy.
+ SSHD-1059 Do not send heartbeat if KEX state not DONE
+ SSHD-1063 Fixed known-hosts file server key verifier matching
of same host with different ports
+ SSHD-1066 Allow multiple binding to local port tunnel on
different addresses
+ SSHD-1070 OutOfMemoryError when use async port forwarding
+ SSHD-1100 Updated used moduli for DH group KEX
+ SSHD-1102 Provide filter support for SftpDirectoryStream
+ SSHD-1104 Take into account possible key type aliases when
using public key authentication
+ SSHD-1107 Allow configuration of minimum DH group exchange key
size via property or programmatically
+ SSHD-1108 Increased minimum default DH group exchange key size
to 2048 (but support 1024)
- Changes in version 2.7.0
* Major code re-factoring
+ SSHD-1133 Re-factored locations and names of ServerSession and
server-side ChannelSession related classes
+ Moved some helper methods and classes to more natural
locations
* Minor code helpers
+ SSHD-525 Added support for "posix-rename@openssh.com" SFTP
extension
+ SSHD-1083 Relaxed required Nio2Connector/Acceptor required
constructor arguments
+ SSHD-1085 Added CliLogger + more verbosity on SshClientMain
+ SSHD-1109 Route tests JUL logging via SLF4JBridgeHandler
+ SSHD-1109 Provide full slf4j logger capabilities to CliLogger
and use it in all CLI classes
+ SSHD-1110 Replace Class#newInstance() calls with
Class#getDefaultConstructor().newInstance()
+ SSHD-1111 Fixed SshClientCliSupport compression option
detection
+ SSHD-1116 Provide SessionContext argument to
HostKeyIdentityProvider#loadHostKeys
+ SSHD-1116 Provide SessionContext argument to
PasswordIdentityProvider#loadPasswords
+ SSHD-1116 Provide SessionContext argument to
AuthenticationIdentitiesProvider#loadIdentities
+ SSHD-1125 Added option to require immediate close of channel
in command ExitCallback invocation
+ SSHD-1127 Consolidated SftpSubsystem support implementations
into SftpSubsystemConfigurator
+ SSHD-1148 Generate a unique thread name for each SftpSubsystem
instance
* Behavioral changes and enhancements
+ SSHD-1085 Added more notifications related to channel state
change for detecting channel closing or closed earlier.
+ SSHD-1091 Renamed sshd-contrib top-level package in order to
align naming convention.
+ SSHD-1097 Added more SessionListener callbacks related to the
initial version and key exchange
+ SSHD-1097 Added more capability to send peer identification
via ReservedSessionMessagesHandler
+ SSHD-1097 Implemented endless tarpit example in sshd-contrib
+ SSHD-1109 Replace log4j with logback as the slf4j logger
implementation for tests
+ SSHD-1114 Added callbacks for client-side password
authentication progress
+ SSHD-1114 Added callbacks for client-side public key
authentication progress
+ SSHD-1114 Added callbacks for client-side host-based
authentication progress
+ SSHD-1114 Added capability for interactive password
authentication participation via UserInteraction
+ SSHD-1114 Added capability for interactive key based
authentication participation via UserInteraction
+ SSHD-1123 Add option to chunk data in ChannelAsyncOutputStream
if window size is smaller than packet size
+ SSHD-1125 Added mechanism to throttle pending write requests
in BufferedIoOutputStream
+ SSHD-1127 Added capability to register a custom receiver for
SFTP STDERR channel raw or stream data
+ SSHD-1132 Added SFTP client-side support for
'filename-charset' extension
+ SSHD-1132 Added SFTP client-side support for
'filename-translation-control' extension
+ SSHD-1132 Added SFTP servder-side support for non-UTF8
encoding of returned file names
+ SSHD-1133 Added capability to specify a custom charset for
parsing incoming commands to the ScpShell
+ SSHD-1133 Added capability to specify a custom charset for
returning environment variables related data from the ScpShell
+ SSHD-1133 Added capability to specify a custom charset for
handling the SCP protocol textual commands and responses
+ SSHD-1136 Use configuration property to decide whether to
allow fallback to DH group exchange using SHA-1 if no suitable
primes found for SHA-256
+ SSHD-1137 Added capability to override LinkOption(s) when
accessing a file/folder via SFTP
+ SSHD-1147 SftpInputStreamAsync: get file size before SSH_FXP_OPEN
- Modified patches:
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
* apache-sshd-2.4.0-java8.patch -> apache-sshd-2.7.0-java8.patch
+ rediff to changed context
- Added patch:
* 0002-Fix-manifest-generation.patch
+ do not import self
-------------------------------------------------------------------
Thu Jul 16 21:58:44 UTC 2020 - Fridrich Strba <fstrba@suse.com>

17
apache-sshd.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package apache-sshd
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: apache-sshd
Version: 2.4.0
Version: 2.7.0
Release: 0
Summary: Apache SSHD
# One file has ISC licensing:
@ -27,12 +27,14 @@ URL: https://mina.apache.org/sshd-project
Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz
# Avoid optional dep on tomcat native APR library
Patch0: 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
Patch1: apache-sshd-2.4.0-java8.patch
Patch1: 0002-Fix-manifest-generation.patch
Patch2: apache-sshd-2.7.0-java8.patch
BuildRequires: fdupes
BuildRequires: maven-local
BuildRequires: mvn(junit:junit)
BuildRequires: mvn(net.i2p.crypto:eddsa)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin)
@ -59,14 +61,17 @@ This package provides %{name}.
%prep
%setup -q
%patch1 -p1
# Avoid optional dep on tomcat native APR library
%patch0 -p1
%patch1 -p1
%patch2 -p1
rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
# Avoid unnecessary dep on spring framework
%pom_remove_dep :spring-framework-bom
%pom_remove_dep :testcontainers-bom sshd-sftp
# Build the core modules only
%pom_disable_module assembly
@ -81,11 +86,13 @@ rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix
# Disable plugins we don't need for RPM builds
%pom_remove_plugin :apache-rat-plugin
%pom_remove_plugin :groovy-maven-plugin
%pom_remove_plugin :gmavenplus-plugin
%pom_remove_plugin :maven-checkstyle-plugin
%pom_remove_plugin :maven-enforcer-plugin
%pom_remove_plugin :maven-pmd-plugin
%pom_remove_plugin :animal-sniffer-maven-plugin
%pom_remove_plugin :impsort-maven-plugin
%pom_remove_plugin :formatter-maven-plugin . sshd-core
# Suppress generation of uses clauses
%pom_xpath_inject "pom:configuration/pom:instructions" "<_nouses>true</_nouses>" .