forked from pool/trilead-ssh2
Accepting request 1157939 from home:gkenion:branches:Java:packages
bsc#1218198, CVE-2023-48795 OBS-URL: https://build.opensuse.org/request/show/1157939 OBS-URL: https://build.opensuse.org/package/show/Java:packages/trilead-ssh2?expand=0&rev=10
This commit is contained in:
parent
be839b8de1
commit
7a07465351
161
0001-Remove-the-dependency-on-google-tink.patch
Normal file
161
0001-Remove-the-dependency-on-google-tink.patch
Normal file
@ -0,0 +1,161 @@
|
||||
From 933d197b30e797d4b82eeef1953fd82e617f4cf0 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <fridrich.strba@bluewin.ch>
|
||||
Date: Wed, 13 Mar 2024 07:05:36 +0100
|
||||
Subject: [PATCH] Remove the dependency on google tink
|
||||
|
||||
---
|
||||
.../ssh2/crypto/dh/Curve25519Exchange.java | 85 -------------------
|
||||
.../ssh2/crypto/dh/GenericDhExchange.java | 3 -
|
||||
.../trilead/ssh2/transport/KexManager.java | 9 +-
|
||||
3 files changed, 1 insertion(+), 96 deletions(-)
|
||||
delete mode 100644 src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
|
||||
|
||||
diff --git a/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java b/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
|
||||
deleted file mode 100644
|
||||
index 01d4ab4..0000000
|
||||
--- a/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
|
||||
+++ /dev/null
|
||||
@@ -1,85 +0,0 @@
|
||||
-package com.trilead.ssh2.crypto.dh;
|
||||
-
|
||||
-import com.google.crypto.tink.subtle.X25519;
|
||||
-
|
||||
-import java.io.IOException;
|
||||
-import java.math.BigInteger;
|
||||
-import java.security.InvalidKeyException;
|
||||
-
|
||||
-/**
|
||||
- * Created by Kenny Root on 1/23/16.
|
||||
- */
|
||||
-public class Curve25519Exchange extends GenericDhExchange {
|
||||
- public static final String NAME = "curve25519-sha256";
|
||||
- public static final String ALT_NAME = "curve25519-sha256@libssh.org";
|
||||
- public static final int KEY_SIZE = 32;
|
||||
-
|
||||
- private byte[] clientPublic;
|
||||
- private byte[] clientPrivate;
|
||||
- private byte[] serverPublic;
|
||||
-
|
||||
- public Curve25519Exchange() {
|
||||
- super();
|
||||
- }
|
||||
-
|
||||
- /*
|
||||
- * Used to test known vectors.
|
||||
- */
|
||||
- public Curve25519Exchange(byte[] secret) throws InvalidKeyException {
|
||||
- if (secret.length != KEY_SIZE) {
|
||||
- throw new AssertionError("secret must be key size");
|
||||
- }
|
||||
- clientPrivate = secret.clone();
|
||||
- }
|
||||
-
|
||||
- @Override
|
||||
- public void init(String name) throws IOException {
|
||||
- if (!NAME.equals(name) && !ALT_NAME.equals(name)) {
|
||||
- throw new IOException("Invalid name " + name);
|
||||
- }
|
||||
-
|
||||
- clientPrivate = X25519.generatePrivateKey();
|
||||
- try {
|
||||
- clientPublic = X25519.publicFromPrivate(clientPrivate);
|
||||
- } catch (InvalidKeyException e) {
|
||||
- throw new IOException(e);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- @Override
|
||||
- public byte[] getE() {
|
||||
- return clientPublic.clone();
|
||||
- }
|
||||
-
|
||||
- @Override
|
||||
- protected byte[] getServerE() {
|
||||
- return serverPublic.clone();
|
||||
- }
|
||||
-
|
||||
- @Override
|
||||
- public void setF(byte[] f) throws IOException {
|
||||
- if (f.length != KEY_SIZE) {
|
||||
- throw new IOException("Server sent invalid key length " + f.length + " (expected " +
|
||||
- KEY_SIZE + ")");
|
||||
- }
|
||||
- serverPublic = f.clone();
|
||||
- try {
|
||||
- byte[] sharedSecretBytes = X25519.computeSharedSecret(clientPrivate, serverPublic);
|
||||
- int allBytes = 0;
|
||||
- for (int i = 0; i < sharedSecretBytes.length; i++) {
|
||||
- allBytes |= sharedSecretBytes[i];
|
||||
- }
|
||||
- if (allBytes == 0) {
|
||||
- throw new IOException("Invalid key computed; all zeroes");
|
||||
- }
|
||||
- sharedSecret = new BigInteger(1, sharedSecretBytes);
|
||||
- } catch (InvalidKeyException e) {
|
||||
- throw new IOException(e);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- @Override
|
||||
- public String getHashAlgo() {
|
||||
- return "SHA-256";
|
||||
- }
|
||||
-}
|
||||
diff --git a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
|
||||
index c2436e3..a63b9fd 100644
|
||||
--- a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
|
||||
+++ b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
|
||||
@@ -29,9 +29,6 @@ public abstract class GenericDhExchange
|
||||
}
|
||||
|
||||
public static GenericDhExchange getInstance(String algo) {
|
||||
- if (Curve25519Exchange.NAME.equals(algo) || Curve25519Exchange.ALT_NAME.equals(algo)) {
|
||||
- return new Curve25519Exchange();
|
||||
- }
|
||||
if (algo.startsWith("ecdh-sha2-")) {
|
||||
return new EcDhExchange();
|
||||
} else {
|
||||
diff --git a/src/com/trilead/ssh2/transport/KexManager.java b/src/com/trilead/ssh2/transport/KexManager.java
|
||||
index c2ec2b0..2c8056a 100644
|
||||
--- a/src/com/trilead/ssh2/transport/KexManager.java
|
||||
+++ b/src/com/trilead/ssh2/transport/KexManager.java
|
||||
@@ -17,7 +17,6 @@ import com.trilead.ssh2.crypto.CryptoWishList;
|
||||
import com.trilead.ssh2.crypto.KeyMaterial;
|
||||
import com.trilead.ssh2.crypto.cipher.BlockCipher;
|
||||
import com.trilead.ssh2.crypto.cipher.BlockCipherFactory;
|
||||
-import com.trilead.ssh2.crypto.dh.Curve25519Exchange;
|
||||
import com.trilead.ssh2.crypto.dh.DhGroupExchange;
|
||||
import com.trilead.ssh2.crypto.dh.GenericDhExchange;
|
||||
import com.trilead.ssh2.crypto.digest.MessageMac;
|
||||
@@ -397,8 +396,6 @@ public class KexManager implements MessageHandler
|
||||
|
||||
if ("ecdh-sha2-nistp521".equals(algo))
|
||||
continue;
|
||||
- if (Curve25519Exchange.NAME.equals(algo)||Curve25519Exchange.ALT_NAME.equals(algo))
|
||||
- continue;
|
||||
throw new IllegalArgumentException("Unknown kex algorithm '" + algo + "'");
|
||||
}
|
||||
}
|
||||
@@ -489,8 +486,6 @@ public class KexManager implements MessageHandler
|
||||
}
|
||||
|
||||
if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
|
||||
- || kxs.np.kex_algo.equals(Curve25519Exchange.NAME)
|
||||
- || kxs.np.kex_algo.equals(Curve25519Exchange.ALT_NAME)
|
||||
|| kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")
|
||||
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp521")
|
||||
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp384")
|
||||
@@ -630,9 +625,7 @@ public class KexManager implements MessageHandler
|
||||
|| kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")
|
||||
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp256")
|
||||
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp384")
|
||||
- || kxs.np.kex_algo.equals("ecdh-sha2-nistp521")
|
||||
- || kxs.np.kex_algo.equals(Curve25519Exchange.NAME)
|
||||
- || kxs.np.kex_algo.equals(Curve25519Exchange.ALT_NAME))
|
||||
+ || kxs.np.kex_algo.equals("ecdh-sha2-nistp521"))
|
||||
{
|
||||
if (kxs.state == 1)
|
||||
{
|
||||
--
|
||||
2.44.0
|
||||
|
BIN
build-217-jenkins-293.v56de4d4d3515.tar.gz
(Stored with Git LFS)
Normal file
BIN
build-217-jenkins-293.v56de4d4d3515.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
113
trilead-ssh2-build.xml
Normal file
113
trilead-ssh2-build.xml
Normal file
@ -0,0 +1,113 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<project name="trilead-ssh2" default="package" basedir=".">
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
<!-- Build environment properties -->
|
||||
<!-- ====================================================================== -->
|
||||
|
||||
<property name="project.groupId" value="org.jenkins-ci"/>
|
||||
<property name="project.artifactId" value="trilead-ssh2"/>
|
||||
<property name="project.version" value="bogusVersion"/>
|
||||
|
||||
<property name="compiler.release" value="8"/>
|
||||
<property name="compiler.source" value="1.${compiler.release}"/>
|
||||
<property name="compiler.target" value="${compiler.source}"/>
|
||||
|
||||
<property name="build.finalName" value="${project.artifactId}-${project.version}"/>
|
||||
<property name="build.dir" value="target"/>
|
||||
<property name="build.outputDir" value="${build.dir}/classes"/>
|
||||
<property name="build.srcDir" value="src"/>
|
||||
|
||||
<property name="reporting.outputDirectory" value="${build.dir}/site"/>
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
<!-- Defining classpaths -->
|
||||
<!-- ====================================================================== -->
|
||||
|
||||
<path id="build.classpath">
|
||||
<fileset dir="lib">
|
||||
<include name="**/*.jar"/>
|
||||
</fileset>
|
||||
</path>
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
<!-- Cleaning up target -->
|
||||
<!-- ====================================================================== -->
|
||||
|
||||
<target name="clean" description="Clean the output directory">
|
||||
<delete dir="${build.dir}"/>
|
||||
</target>
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
<!-- Compilation target -->
|
||||
<!-- ====================================================================== -->
|
||||
|
||||
<target name="compile" description="Compile the code">
|
||||
<mkdir dir="${build.outputDir}"/>
|
||||
<javac destdir="${build.outputDir}"
|
||||
nowarn="false"
|
||||
debug="true"
|
||||
optimize="false"
|
||||
deprecation="true"
|
||||
release="${compiler.release}"
|
||||
target="${compiler.target}"
|
||||
verbose="false"
|
||||
fork="false"
|
||||
source="${compiler.source}">
|
||||
<src>
|
||||
<pathelement location="${build.srcDir}"/>
|
||||
</src>
|
||||
<classpath refid="build.classpath"/>
|
||||
</javac>
|
||||
</target>
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
<!-- Javadoc target -->
|
||||
<!-- ====================================================================== -->
|
||||
|
||||
<target name="javadoc" description="Generates the Javadoc of the application">
|
||||
<javadoc sourcepath="${build.srcDir}"
|
||||
packagenames="*"
|
||||
destdir="${reporting.outputDirectory}/apidocs"
|
||||
access="protected"
|
||||
source="${compiler.source}"
|
||||
verbose="false"
|
||||
locale="en_US"
|
||||
version="true"
|
||||
use="true"
|
||||
author="true"
|
||||
splitindex="false"
|
||||
nodeprecated="false"
|
||||
nodeprecatedlist="false"
|
||||
notree="false"
|
||||
noindex="false"
|
||||
nohelp="false"
|
||||
nonavbar="false"
|
||||
serialwarn="false"
|
||||
charset="ISO-8859-1"
|
||||
linksource="false"
|
||||
breakiterator="false">
|
||||
<classpath refid="build.classpath"/>
|
||||
</javadoc>
|
||||
</target>
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
<!-- Package target -->
|
||||
<!-- ====================================================================== -->
|
||||
|
||||
<target name="package" depends="compile" description="Package the application">
|
||||
<jar jarfile="${build.dir}/${build.finalName}.jar"
|
||||
compress="true"
|
||||
index="false"
|
||||
basedir="${build.outputDir}"
|
||||
excludes="**/package.html"/>
|
||||
</target>
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
<!-- A dummy target for the package named after the type it creates -->
|
||||
<!-- ====================================================================== -->
|
||||
|
||||
<target name="jar" depends="package" description="Builds the jar for the application"/>
|
||||
|
||||
</project>
|
BIN
trilead-ssh2-build217-jenkins-8.tar.gz
(Stored with Git LFS)
BIN
trilead-ssh2-build217-jenkins-8.tar.gz
(Stored with Git LFS)
Binary file not shown.
@ -1,3 +1,73 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 14 09:09:47 UTC 2024 - Gus Kenion <gus.kenion@suse.com>
|
||||
|
||||
- bsc#1218198, CVE-2023-48795
|
||||
- Upgrade to version build-217-jenkins-293.v56de4d4d3515
|
||||
* Trilead ssh2 fix big integer removes leading zero (#178) @mpet
|
||||
Addresses CVE-2023-48795
|
||||
* JENKINS-72466 - : Upgrades jbcrypt dependency (#173) @andham
|
||||
- Includes changes from previous version updates:
|
||||
* build-217-jenkins-274.va_969b_d35f933
|
||||
+ JENKINS-71798 - : TimeoutService threads are left after
|
||||
closing connection (#155) @mpet
|
||||
* build-217-jenkins-255.vc65d8d1d158f
|
||||
+ Giving threads names for easier troubleshooting (#135)
|
||||
@Elisedlund-ericsson
|
||||
* build-217-jenkins-247.v708a_8b_14f4b_a
|
||||
+ Update parent POM (#123) @basil
|
||||
* build-217-jenkins-231.vda_87ca_d57ecf
|
||||
+ There is no guarantee that the plugin works with Java 8
|
||||
anymore, and it is not tested. If you still run Jenkins
|
||||
on Java 8 do not update. JENKINS-69229
|
||||
+ Removal of unnecessary protobuf-java (#104)
|
||||
@Elisedlund-ericsson
|
||||
+ fix: bump protobuff due to CVE 2021 22569 (#102)
|
||||
@kuisathaverat
|
||||
* build-217-jenkins-227.vb_d92894b_3b_65
|
||||
+ JENKINS-69018 - use constant MAX_PACKET_SIZE (#99)
|
||||
@kuisathaverat
|
||||
* build-217-jenkins-223.v546f979619d4
|
||||
+ add support for hmac-sha2-512-etm@openssh.com
|
||||
hmac-sha2-256-etm@open… (#93) @mpet
|
||||
+ Create CODEOWNERS (#95) @halkeye
|
||||
+ chore: use jenkins infra maven cd reusable workflow (#92)
|
||||
@jetersen
|
||||
* build-217-jenkins-211.vbb42cae44b18
|
||||
+ feat: enable continuous delivery workflow (#65)
|
||||
@kuisathaverat
|
||||
* trilead-ssh2-build-217-jenkins-27
|
||||
+ additional kex algorithms (#60) @mpet
|
||||
* trilead-ssh2-build-217-jenkins-26
|
||||
+ [Revert]JENKINS-62552 - Use standard crypto APIs (#57)
|
||||
@kuisathaverat
|
||||
+ feat: enable incrementals (#51) @kuisathaverat
|
||||
+ ci: grab correct incremental artifacts (#54) @kuisathaverat
|
||||
* trilead-ssh2-build-217-jenkins-25
|
||||
+ Retry userauth when multiple algs (#48) @jvz
|
||||
+ Known Issue: JENKINS-63790 causes SSH agent connections to
|
||||
fail in some configurations
|
||||
+ fix: allow to use password encrypted keys (#49)
|
||||
@kuisathaverat
|
||||
* trilead-ssh2-build-217-jenkins-23
|
||||
+ Known Issue: trilead api 1.0.9 fails clone from ssh
|
||||
repository using 3DES/MD5-encrypted private key JENKINS-63601
|
||||
* trilead-ssh2-build-217-jenkins-22
|
||||
+ JENKINS-62552 - Use standard crypto APIs (#45) @jvz
|
||||
+ Resolve several possible infinite hangings because of wait()
|
||||
(#44) @Elisedlund-ericsson
|
||||
* trilead-ssh2-build-217-jenkins-21
|
||||
+ Revert "JENKINS-62311 - Add support for RFC 8332" (#46)
|
||||
@kuisathaverat
|
||||
* trilead-ssh2-build-217-jenkins-20
|
||||
+ [SECURITY] Use HTTPS to resolve dependencies in Maven Build
|
||||
(#39) @JLLeitschuh
|
||||
+ JENKINS-62311 - Add support for RFC 8332 (#43) @jvz
|
||||
* trilead-ssh2-build-217-jenkins-19
|
||||
+ Support for port=0 which means automatically allocated port.
|
||||
(#40) @Elisedlund-ericsson
|
||||
+ JENKINS-59857 - Kerberos support updated (#38)
|
||||
@Emil-Gustafsson
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 18 16:41:59 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package trilead-ssh2
|
||||
#
|
||||
# Copyright (c) 2022 SUSE LLC
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,18 +17,25 @@
|
||||
|
||||
|
||||
%global buildver 217
|
||||
%global patchlvl 8
|
||||
%global patchlvl 293
|
||||
%global githash v56de4d4d3515
|
||||
|
||||
Name: trilead-ssh2
|
||||
Version: %{buildver}.%{patchlvl}
|
||||
Version: %{buildver}.%{patchlvl}.%{githash}
|
||||
Release: 0
|
||||
Summary: SSH-2 protocol implementation in pure Java
|
||||
License: BSD-3-Clause AND MIT
|
||||
Group: Development/Libraries/Java
|
||||
URL: https://github.com/jenkinsci/trilead-ssh2
|
||||
Source0: https://github.com/jenkinsci/%{name}/archive/%{name}-build%{buildver}-jenkins-%{patchlvl}.tar.gz
|
||||
Source0: https://github.com/jenkinsci/%{name}/archive/refs/tags/build-%{buildver}-jenkins-%{patchlvl}.%{githash}.tar.gz
|
||||
Source1: %{name}-build.xml
|
||||
Patch0: 0001-Remove-the-dependency-on-google-tink.patch
|
||||
BuildRequires: ant
|
||||
BuildRequires: ed25519-java
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: java-devel >= 1.8
|
||||
BuildRequires: javapackages-local
|
||||
BuildRequires: jbcrypt
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
@ -47,28 +54,31 @@ Group: Documentation/HTML
|
||||
API documentation for %{name}.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{name}-build%{buildver}-jenkins-%{patchlvl}
|
||||
%setup -q -n %{name}-build-%{buildver}-jenkins-%{patchlvl}.%{githash}
|
||||
%patch -P 0 -p1
|
||||
cp %{SOURCE1} build.xml
|
||||
|
||||
%pom_remove_dep :tink
|
||||
%pom_xpath_set pom:project/pom:version "build-%{buildver}-jenkins-%{patchlvl}.%{githash}"
|
||||
|
||||
%build
|
||||
mkdir -p build/classes
|
||||
javac -d build/classes -source 8 -target 8 $(find src -name \*.java | xargs)
|
||||
(cd build/classes && jar cf ../%{name}-%{version}.jar $(find . -name \*.class))
|
||||
mkdir -p build/docs
|
||||
javadoc -d build/docs -source 8 $(find src -name \*.java | xargs)
|
||||
mkdir -p lib
|
||||
build-jar-repository -s lib eddsa jbcrypt
|
||||
%{ant} package javadoc
|
||||
|
||||
%install
|
||||
# jars
|
||||
install -d -m 0755 %{buildroot}%{_javadir}
|
||||
install -m 644 build/%{name}-%{version}.jar %{buildroot}%{_javadir}/%{name}.jar
|
||||
install -m 644 target/%{name}-*.jar %{buildroot}%{_javadir}/%{name}.jar
|
||||
|
||||
# pom
|
||||
install -d -m 755 %{buildroot}%{_mavenpomdir}
|
||||
install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom
|
||||
%{mvn_install_pom} pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom
|
||||
%add_maven_depmap %{name}.pom %{name}.jar -a "org.tmatesoft.svnkit:trilead-ssh2","com.trilead:trilead-ssh2"
|
||||
|
||||
# javadoc
|
||||
install -d -m 755 %{buildroot}%{_javadocdir}/%{name}
|
||||
cp -aL build/docs/* %{buildroot}%{_javadocdir}/%{name}
|
||||
cp -aL target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}
|
||||
%fdupes -s %{buildroot}%{_javadocdir}/%{name}
|
||||
|
||||
%files -f .mfiles
|
||||
|
Loading…
Reference in New Issue
Block a user