From cb8ae90b452bf693119af2e03d610e9f46dba5fb0f8711386f1c2bc46821397e Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Fri, 30 Jul 2021 08:44:47 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-sshd?expand=0&rev=7 --- ...ependency-on-native-tomcat-APR-libra.patch | 22 +- 0002-Fix-manifest-generation.patch | 11 + apache-sshd-2.4.0-src.tar.gz | 3 - ...va8.patch => apache-sshd-2.7.0-java8.patch | 38 +-- apache-sshd-2.7.0-src.tar.gz | 3 + apache-sshd.changes | 226 ++++++++++++++++++ apache-sshd.spec | 17 +- 7 files changed, 282 insertions(+), 38 deletions(-) create mode 100644 0002-Fix-manifest-generation.patch delete mode 100644 apache-sshd-2.4.0-src.tar.gz rename apache-sshd-2.4.0-java8.patch => apache-sshd-2.7.0-java8.patch (63%) create mode 100644 apache-sshd-2.7.0-src.tar.gz diff --git a/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch b/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch index da73768..16dc5e1 100644 --- a/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch +++ b/0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch @@ -14,7 +14,7 @@ diff --git a/pom.xml b/pom.xml index 867ca88..7c29678 100644 --- a/pom.xml +++ b/pom.xml -@@ -397,11 +397,6 @@ +@@ -406,11 +406,6 @@ mina-core 2.0.21 @@ -30,19 +30,19 @@ diff --git a/sshd-core/pom.xml b/sshd-core/pom.xml index 6171c5c..73a43a7 100644 --- a/sshd-core/pom.xml +++ b/sshd-core/pom.xml -@@ -42,12 +42,6 @@ - ${project.version} +@@ -43,12 +43,6 @@ -- + - tomcat - tomcat-apr - true - - - +- org.bouncycastle bcpg-jdk15on + true diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java index ab19539..5757e68 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java @@ -55,23 +55,23 @@ index ab19539..5757e68 100644 -import org.apache.sshd.agent.unix.UnixAgentFactory; import org.apache.sshd.common.FactoryManager; import org.apache.sshd.common.PropertyResolver; - import org.apache.sshd.common.PropertyResolverUtils; -@@ -52,9 +50,7 @@ public class ProxyAgentFactory implements SshAgentFactory { + import org.apache.sshd.common.channel.ChannelFactory; +@@ -51,9 +49,7 @@ public class ProxyAgentFactory implements SshAgentFactory { @Override public List getChannelForwardingFactories(FactoryManager manager) { - return isPreferredUnixAgent(manager) -- ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS -- : LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; +- ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS +- : LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; + return LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; } @Override -@@ -105,16 +101,6 @@ public class ProxyAgentFactory implements SshAgentFactory { +@@ -104,16 +100,6 @@ public class ProxyAgentFactory implements SshAgentFactory { } public static boolean isPreferredUnixAgent(PropertyResolver resolver) { -- if (PropertyResolverUtils.getBooleanProperty(resolver, PREFER_UNIX_AGENT, OsUtils.isUNIX())) { +- if (CoreModuleProperties.PREFER_UNIX_AGENT.getRequired(resolver)) { - try { - if (AprLibrary.getInstance() != null) { - return true; diff --git a/0002-Fix-manifest-generation.patch b/0002-Fix-manifest-generation.patch new file mode 100644 index 0000000..1de880f --- /dev/null +++ b/0002-Fix-manifest-generation.patch @@ -0,0 +1,11 @@ +diff -up ./pom.xml.fix ./pom.xml +--- ./pom.xml.fix 2021-04-20 21:32:51.749782800 -0400 ++++ ./pom.xml 2021-04-20 21:33:22.600740917 -0400 +@@ -1020,7 +1020,6 @@ + + + +- org.apache.sshd*;version="[$(version;==;${sshd.osgi.version.clean}),$(version;=+;${sshd.osgi.version.clean}))",* + *;-noimport:=true + + pom diff --git a/apache-sshd-2.4.0-src.tar.gz b/apache-sshd-2.4.0-src.tar.gz deleted file mode 100644 index 2ef80f3..0000000 --- a/apache-sshd-2.4.0-src.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6b4aa68359d7959316fa2c4fae9e835de6ce71bd4de30bf90d3497c7f1e92f2e -size 1372521 diff --git a/apache-sshd-2.4.0-java8.patch b/apache-sshd-2.7.0-java8.patch similarity index 63% rename from apache-sshd-2.4.0-java8.patch rename to apache-sshd-2.7.0-java8.patch index eeb8505..21ff9ca 100644 --- a/apache-sshd-2.4.0-java8.patch +++ b/apache-sshd-2.7.0-java8.patch @@ -1,8 +1,8 @@ ---- apache-sshd-2.4.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2020-07-16 23:25:44.981904289 +0200 -+++ apache-sshd-2.4.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2020-07-16 23:49:34.043250054 +0200 -@@ -362,13 +362,13 @@ - if (debugEnabled) { - log.debug("handleReadCycleCompletion({}) read {} bytes", this, result); +--- apache-sshd-2.7.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2021-07-30 09:48:59.082251041 +0200 ++++ apache-sshd-2.7.0/sshd-core/src/main/java/org/apache/sshd/common/io/nio2/Nio2Session.java 2021-07-30 09:54:40.568508196 +0200 +@@ -353,13 +353,13 @@ + log.trace("handleReadCycleCompletion({}) read {} bytes after {} nanos at cycle={}", + this, result, System.nanoTime() - lastReadCycleStart.get(), readCyclesCounter); } - buffer.flip(); + ((java.nio.Buffer)buffer).flip(); @@ -16,37 +16,37 @@ doReadCycle(buffer, completionHandler); } else { if (debugEnabled) { ---- apache-sshd-2.4.0/sshd-sftp/src/main/java/org/apache/sshd/client/subsystem/sftp/SftpRemotePathChannel.java 2020-07-16 23:25:44.961904157 +0200 -+++ apache-sshd-2.4.0/sshd-sftp/src/main/java/org/apache/sshd/client/subsystem/sftp/SftpRemotePathChannel.java 2020-07-16 23:38:16.702818800 +0200 -@@ -20,6 +20,7 @@ - package org.apache.sshd.client.subsystem.sftp; +--- apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/SftpRemotePathChannel.java 2021-07-30 09:48:59.150251491 +0200 ++++ apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/client/impl/SftpRemotePathChannel.java 2021-07-30 09:54:40.572508221 +0200 +@@ -21,6 +21,7 @@ import java.io.IOException; + import java.io.StreamCorruptedException; +import java.nio.Buffer; import java.nio.ByteBuffer; import java.nio.MappedByteBuffer; import java.nio.channels.AsynchronousCloseException; -@@ -123,7 +124,7 @@ - int read = sftp.read(handle, curPos, wrap.array(), wrap.arrayOffset() + wrap.position(), wrap.remaining()); +@@ -153,7 +154,7 @@ if (read > 0) { + // reference equality on purpose if (wrap == buffer) { - wrap.position(wrap.position() + read); + ((Buffer)wrap).position(wrap.position() + read); } else { buffer.put(wrap.array(), wrap.arrayOffset(), read); } -@@ -191,7 +192,7 @@ - int written = wrap.remaining(); - sftp.write(handle, curPos, wrap.array(), wrap.arrayOffset() + wrap.position(), written); +@@ -258,7 +259,7 @@ + wrap.arrayOffset() + wrap.position(), written); + // reference equality on purpose if (wrap == buffer) { - wrap.position(wrap.position() + written); + ((Buffer)wrap).position(wrap.position() + written); } curPos += written; totalWritten += written; ---- apache-sshd-2.4.0/sshd-sftp/src/main/java/org/apache/sshd/server/subsystem/sftp/AbstractSftpSubsystemHelper.java 2020-07-16 23:25:44.961904157 +0200 -+++ apache-sshd-2.4.0/sshd-sftp/src/main/java/org/apache/sshd/server/subsystem/sftp/AbstractSftpSubsystemHelper.java 2020-07-16 23:51:17.255925762 +0200 -@@ -980,7 +980,7 @@ +--- apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/server/AbstractSftpSubsystemHelper.java 2021-07-30 09:48:59.150251491 +0200 ++++ apache-sshd-2.7.0/sshd-sftp/src/main/java/org/apache/sshd/sftp/server/AbstractSftpSubsystemHelper.java 2021-07-30 09:55:19.804767492 +0200 +@@ -942,7 +942,7 @@ if (remainLen < digestBuf.length) { bb = ByteBuffer.wrap(digestBuf, 0, remainLen); } @@ -55,7 +55,7 @@ int readLen = channel.read(bb); if (readLen < 0) { -@@ -1005,7 +1005,7 @@ +@@ -967,7 +967,7 @@ if (remainLen < digestBuf.length) { bb = ByteBuffer.wrap(digestBuf, 0, remainLen); } @@ -64,7 +64,7 @@ int readLen = channel.read(bb); if (readLen < 0) { -@@ -1140,7 +1140,7 @@ +@@ -1101,7 +1101,7 @@ if (remainLen < digestBuf.length) { bb = ByteBuffer.wrap(digestBuf, 0, remainLen); } diff --git a/apache-sshd-2.7.0-src.tar.gz b/apache-sshd-2.7.0-src.tar.gz new file mode 100644 index 0000000..6306bf9 --- /dev/null +++ b/apache-sshd-2.7.0-src.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fe3f9ca72930fd4b01e2969f32f7d2aedd9b364fd42ca124cc3384bd23de7007 +size 1535548 diff --git a/apache-sshd.changes b/apache-sshd.changes index 43b9d53..52a514d 100644 --- a/apache-sshd.changes +++ b/apache-sshd.changes @@ -1,3 +1,229 @@ +------------------------------------------------------------------- +Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba + +- Upgrade to version 2.7.0 +- Changes in version 2.5.0 + * Major code re-factoring + + Reception of an SSH_MSG_UNIMPLEMENTED response to a + SSH_MSG_GLOBAL_REQUEST is translated internally into same code + flow as if an SSH_MSH_REQUEST_FAILURE has been received - see + SSHD-968. + + Server SFTP subsystem internal code dealing with the local + files has been delegated to the SftpFileSystemAccessor in + order to allow easier hooking into the SFTP subsystem. + - Resolving a local file path for an SFTP remote one + - Reading/Writing a file's attribute(s) + - Creating files links + - Copying / Renaming / Deleting files + + SftpVersionSelector is now consulted when client sends initial + command (as well as when session is re-negotiated) + + ScpCommandFactory is also a ShellFactory that can be used to + provide a minimalistic shell that is good enough for WinSCP. + + Rework SFTP streams so that the client asks and receives as + much data as possible - see SSHD-979. + * Minor code helpers + + Handling of debug/ignore/unimplemented messages has been split + into handleXXX and doInvokeXXXMsgHandler methods where the + former validate the messages and deal with the idle timeout, + and the latter execute the actual invcation. + + Added overloaded methods that accept a java.time.Duration + specifier for timeout value. + + The argument representing the SFTP subsystem in invocations to + SftpFileSystemAccessor has been enhanced to expose as much of + the available functionality as possible. + * Behavioral changes and enhancements + + SSHD-964 - Send SSH_MSG_CHANNEL_EOF when tunnel channel being + closed. + + SSHD-967 - Extra bytes written when + SftpRemotePathChannel#transferTo is used. + + SSHD-968 - Interpret SSH_MSG_UNIMPLEMENTED response to a + heartbeat request as a liveness indicator + + SSHD-970 - transferTo function of SftpRemotePathChannel will + loop if count parameter is greater than file size + + SSHD-972 - Add support for peers using OpenSSH "security key" + key types + + SSHD-977 - Apply consistent logging policy to caught + exceptions + + SSHD-660 - Added support for server-side signed certificate + keys + + SSHD-984 - Utility method to export KeyPair in OpenSSH format + + SSHD-992 - Provide more hooks into the SFTP server subsystem + via SftpFileSystemAccessor + + SSHD-997 - Fixed OpenSSH private key decoders for RSA and + Ed25519 + + SSHD-998 - Take into account SFTP version preference when + establishing initial channel + + SSHD-989 - Read correctly ECDSA key pair from PKCS8 encoded + data + + SSHD-1009 - Provide a minimalistic shell for supporting WinSCP + SCP mode. +- Changes in version 2.5.1 + * Behavioral changes and enhancements + + SSHD-1022 NPE in SftpOutputStreamAsync#flush() if no data + written in between. +- Changes in version 2.6.0 + * Major code re-factoring + + SshServerMain uses by default an ECDSA key instead of an RSA + one. This can be overridden either by -key-type / -key-size or + -key-file command line option. + + SSHD-1034 Rename org.apache.sshd.common.ForwardingFilter to + Forwarder. + + SSHD-1035 Move property definitions to common locations. + + SSHD-1038 Refactor packages from a module into a cleaner + hierarchy. + + SSHD-1080 Rework the PacketWriter to split according to the + various semantics + + SSHD-1084 Revert the usage of asynchronous streams when + forwarding ports. + * Minor code helpers + + SSHD-1004 Using a more constant time MAC validation to + minimize timing side channel information leak. + + SSHD-1030 Added a NoneFileSystemFactory implementation + + SSHD-1042 Added more callbacks to SftpEventListener + + SSHD-1040 Make server key available after KEX completed. + + SSHD-1060 Do not store logger level in fields. + + SSHD-1064 Fixed ClientSession#executeRemoteCommand handling + of STDERR in case of exception to behave according to its + documentation + + SSHD-1076 Break down ClientUserAuthService#auth method into + several to allow for flexible override + + SSHD-1077 Added command line option to request specific SFTP + version in SftpCommandMain + + SSHD-1079 Experimental async mode on the local port forwarder + + SSHD-1086 Added SFTP aware directory scanning helper classes + + SSHD-1089 Added wrappers for one-time single session usage of + SFTP/SCP clients + + Propagate SCP file transfer ACK data to ScpTransferListener + before validating it. + * Behavioral changes and enhancements + + SSHD-506 Added support for AES-GCM ciphers. + + SSHD-954 Improve validation of DH public key values. + + SSHD-1004 Deprecate DES, RC4 and Blowfish ciphers from default + setup. + + SSHD-1004 Deprecate SHA-1 based key exchanges and signatures + from default setup. + + SSHD-1004 Deprecate MD5-based and truncated HMAC algorithms + from default setup. + + SSHD-1005 Added support for SCP remote-to-remote file transfer + + SSHD-1020 SSH connections getting closed abruptly with timeout + exceptions. + + SSHD-1026 Improve build reproductibility. + + SSHD-1028 Fix SSH_MSG_DISCONNECT: Too many concurrent + connections. + + SSHD-1032 Fix possible ArrayIndexOutOfBoundsException in + ChannelAsyncOutputStream. + + SSHD-1033 Fix simultaneous usage of dynamic and local port + forwarding. + + SSHD-1039 Fix support for some basic options in ssh/sshd cli. + + SSHD-1047 Support for SSH jumps. + + SSHD-1048 Wrap instead of rethrow IOException in Future. + + SSHD-1050 Fixed race condition in AuthFuture if exception + caught before authentication started. + + SSHD-1053 Fixed handling of certified keys authentication. + + SSHD-1056 Added support for SCP remote-to-remote directory + transfer - including '-3' option of SCP command CLI. + + SSHD-1057 Added capability to select a ShellFactory based on + the current session + use it for "WinSCP" + + SSHD-1058 Improve exception logging strategy. + + SSHD-1059 Do not send heartbeat if KEX state not DONE + + SSHD-1063 Fixed known-hosts file server key verifier matching + of same host with different ports + + SSHD-1066 Allow multiple binding to local port tunnel on + different addresses + + SSHD-1070 OutOfMemoryError when use async port forwarding + + SSHD-1100 Updated used moduli for DH group KEX + + SSHD-1102 Provide filter support for SftpDirectoryStream + + SSHD-1104 Take into account possible key type aliases when + using public key authentication + + SSHD-1107 Allow configuration of minimum DH group exchange key + size via property or programmatically + + SSHD-1108 Increased minimum default DH group exchange key size + to 2048 (but support 1024) +- Changes in version 2.7.0 + * Major code re-factoring + + SSHD-1133 Re-factored locations and names of ServerSession and + server-side ChannelSession related classes + + Moved some helper methods and classes to more natural + locations + * Minor code helpers + + SSHD-525 Added support for "posix-rename@openssh.com" SFTP + extension + + SSHD-1083 Relaxed required Nio2Connector/Acceptor required + constructor arguments + + SSHD-1085 Added CliLogger + more verbosity on SshClientMain + + SSHD-1109 Route tests JUL logging via SLF4JBridgeHandler + + SSHD-1109 Provide full slf4j logger capabilities to CliLogger + and use it in all CLI classes + + SSHD-1110 Replace Class#newInstance() calls with + Class#getDefaultConstructor().newInstance() + + SSHD-1111 Fixed SshClientCliSupport compression option + detection + + SSHD-1116 Provide SessionContext argument to + HostKeyIdentityProvider#loadHostKeys + + SSHD-1116 Provide SessionContext argument to + PasswordIdentityProvider#loadPasswords + + SSHD-1116 Provide SessionContext argument to + AuthenticationIdentitiesProvider#loadIdentities + + SSHD-1125 Added option to require immediate close of channel + in command ExitCallback invocation + + SSHD-1127 Consolidated SftpSubsystem support implementations + into SftpSubsystemConfigurator + + SSHD-1148 Generate a unique thread name for each SftpSubsystem + instance + * Behavioral changes and enhancements + + SSHD-1085 Added more notifications related to channel state + change for detecting channel closing or closed earlier. + + SSHD-1091 Renamed sshd-contrib top-level package in order to + align naming convention. + + SSHD-1097 Added more SessionListener callbacks related to the + initial version and key exchange + + SSHD-1097 Added more capability to send peer identification + via ReservedSessionMessagesHandler + + SSHD-1097 Implemented endless tarpit example in sshd-contrib + + SSHD-1109 Replace log4j with logback as the slf4j logger + implementation for tests + + SSHD-1114 Added callbacks for client-side password + authentication progress + + SSHD-1114 Added callbacks for client-side public key + authentication progress + + SSHD-1114 Added callbacks for client-side host-based + authentication progress + + SSHD-1114 Added capability for interactive password + authentication participation via UserInteraction + + SSHD-1114 Added capability for interactive key based + authentication participation via UserInteraction + + SSHD-1123 Add option to chunk data in ChannelAsyncOutputStream + if window size is smaller than packet size + + SSHD-1125 Added mechanism to throttle pending write requests + in BufferedIoOutputStream + + SSHD-1127 Added capability to register a custom receiver for + SFTP STDERR channel raw or stream data + + SSHD-1132 Added SFTP client-side support for + 'filename-charset' extension + + SSHD-1132 Added SFTP client-side support for + 'filename-translation-control' extension + + SSHD-1132 Added SFTP servder-side support for non-UTF8 + encoding of returned file names + + SSHD-1133 Added capability to specify a custom charset for + parsing incoming commands to the ScpShell + + SSHD-1133 Added capability to specify a custom charset for + returning environment variables related data from the ScpShell + + SSHD-1133 Added capability to specify a custom charset for + handling the SCP protocol textual commands and responses + + SSHD-1136 Use configuration property to decide whether to + allow fallback to DH group exchange using SHA-1 if no suitable + primes found for SHA-256 + + SSHD-1137 Added capability to override LinkOption(s) when + accessing a file/folder via SFTP + + SSHD-1147 SftpInputStreamAsync: get file size before SSH_FXP_OPEN +- Modified patches: + * 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch + * apache-sshd-2.4.0-java8.patch -> apache-sshd-2.7.0-java8.patch + + rediff to changed context +- Added patch: + * 0002-Fix-manifest-generation.patch + + do not import self + ------------------------------------------------------------------- Thu Jul 16 21:58:44 UTC 2020 - Fridrich Strba diff --git a/apache-sshd.spec b/apache-sshd.spec index f2ccaab..a627b9d 100644 --- a/apache-sshd.spec +++ b/apache-sshd.spec @@ -1,7 +1,7 @@ # # spec file for package apache-sshd # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: apache-sshd -Version: 2.4.0 +Version: 2.7.0 Release: 0 Summary: Apache SSHD # One file has ISC licensing: @@ -27,12 +27,14 @@ URL: https://mina.apache.org/sshd-project Source0: https://archive.apache.org/dist/mina/sshd/%{version}/apache-sshd-%{version}-src.tar.gz # Avoid optional dep on tomcat native APR library Patch0: 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch -Patch1: apache-sshd-2.4.0-java8.patch +Patch1: 0002-Fix-manifest-generation.patch +Patch2: apache-sshd-2.7.0-java8.patch BuildRequires: fdupes BuildRequires: maven-local BuildRequires: mvn(junit:junit) BuildRequires: mvn(net.i2p.crypto:eddsa) BuildRequires: mvn(org.apache.felix:maven-bundle-plugin) +BuildRequires: mvn(org.apache.maven.plugins:maven-antrun-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-clean-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-dependency-plugin) BuildRequires: mvn(org.apache.maven.plugins:maven-remote-resources-plugin) @@ -59,14 +61,17 @@ This package provides %{name}. %prep %setup -q -%patch1 -p1 # Avoid optional dep on tomcat native APR library %patch0 -p1 +%patch1 -p1 +%patch2 -p1 + rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix # Avoid unnecessary dep on spring framework %pom_remove_dep :spring-framework-bom +%pom_remove_dep :testcontainers-bom sshd-sftp # Build the core modules only %pom_disable_module assembly @@ -81,11 +86,13 @@ rm -rf sshd-core/src/main/java/org/apache/sshd/agent/unix # Disable plugins we don't need for RPM builds %pom_remove_plugin :apache-rat-plugin -%pom_remove_plugin :groovy-maven-plugin +%pom_remove_plugin :gmavenplus-plugin %pom_remove_plugin :maven-checkstyle-plugin %pom_remove_plugin :maven-enforcer-plugin %pom_remove_plugin :maven-pmd-plugin %pom_remove_plugin :animal-sniffer-maven-plugin +%pom_remove_plugin :impsort-maven-plugin +%pom_remove_plugin :formatter-maven-plugin . sshd-core # Suppress generation of uses clauses %pom_xpath_inject "pom:configuration/pom:instructions" "<_nouses>true" .