File jsch.changes of Package jsch

-------------------------------------------------------------------
Mon Apr 29 12:18:36 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- The binaries are compatible with java 1.8

-------------------------------------------------------------------
Wed Feb 21 10:47:53 UTC 2024 - Gus Kenion <gus.kenion@suse.com>

- Use %patch -P N instead of deprecated %patchN.

-------------------------------------------------------------------
Wed Dec 20 12:47:08 UTC 2023 - Gus Kenion <gkenion@suse.com>

- Upgrade to version 0.2.15, which includes fix for SSH protocol
  vulnerability (bsc#1218134, CVE-2023-48795)
  * Changes in 0.2.15:
    + Address CVE-2023-48795 by adding support for new strict key
      exchange extension
    + Add support for ext-info-in-auth@openssh.com extension
    + Introduce two new config options to control usage of the new
      strict key exchange extension:
      ~ enable_strict_kex (set to yes by default)
      ~ require_strict_kex (set to no by default)
      ~ If either option (or both) is enabled, then JSch will
        attempt to use the new strict key exchange extension.
      ~ If the require_strict_kex option is enabled and JSch detects
        the server does not support it, then JSch will terminate the
        connection and throw an exception.
      ~ If the require_strict_kex option is not enabled and JSch
        detects the server does not support it, then JSch will
        fallback and proceed with the connection without using the
        new extension.
    + This gives users the ability to enable a strong security
      posture if needed and avoid proceeding with connections to
      potentially insecure servers.
  * Changes in 0.2.14:
    + #450 use Socket.connect() with a timeout that has been
      supported since Java 1.4 instead of using old method of
      creating a separate thread and joining to that thread with
      timeout
  * Changes in 0.2.13:
    + #411 Add flush operation from Fix added is/jsch#39,
      with new config option to allow disabling in case it causes
      regressions.
    + #403 add a warning when Channel.getInputStream() or
      Channel.getExtInputStream() is called after Channel.connect().
  * Changes in 0.2.12:
    + Further refine previous fixes for windows line endings in PEM
      keys
    + #392 replace call to BigInteger.intValueExact to remain
      compatible with android api 30
    + Introduce JSchSessionDisconnectException to allow the
      reasonCode to be retrieved without String parsing
    + Introduce specific JSchException for HostKey related failures
  * Changes in 0.2.11:
    + update dependencies changes
    + #369 fix multi-line PEM key parsing to work with windows line
      endings due to regression from previous fix for #362.
  * Changes in 0.2.10:
    + Fix new Java 21 compiler warning: possible 'this' escape
      before subclass is fully initialized
    + Tweak OSGi bundle manifest to allow Log4j 3
    + #362 fix PEM key parsing to work with windows line endings
    + #361 guard against UIKeyboardInteractive implementations that
      include NULL elements in the String[] returned from
      promptKeyboardInteractive()
    + Add a default implmentation of the deprecated decrypt() method
      to the Identity interface that throws an
      UnsupportedOperationException

-------------------------------------------------------------------
Sat Jun  3 11:03:46 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Migrate from com.jcraft:jsch to com.github.mwiede:jsch fork
  (bsc#1211955)
  * Alias to the old artifact since the new one is drop-in
    replacement
  * Keep the old OSGi bundle symbolic name to avoid extensive
    patching of eclipse stack
- Upgrade to version 0.2.9
  * Changes of 0.2.9
    + various improvements, #295
      ~ #293 allow UserAuthNone to be extended.
      ~ Make JGSS module optional.
      ~ Tweak OSGi bundle manifest:
      ~ Avoid self-import.
      ~ Mark JGSS as optional.
      ~ Loosen import versions of dependencies.
      ~ Correctly adhere to the Multi-release JAR spec by ensuring
        all public classes under versioned directories preside over
        classes present in the top-level directory.
      ~ Eliminate stray System.err.println() calls.
      ~ Change PageantConnector to use JNA's built-in support for
        User32.SendMessage().
    + Improve error handling in InputStream.close() for SFTP
      channels, #331
  * Changes of 0.2.8
    + activate sourcecode formatting, #247
    + build improvements, #279
    + #287 add algorithm type information to algorithm negotiation
      logs, #290
    + wrap NoClassDefFoundError's for invalid private keys, #289 and
      #290
  * Changes of 0.2.7
    + #265 change buffer_margin computation to be dynamic based upon
      the MAC to allow connections that advertise small maximum
      packet sizes.
    + #266 fix PuTTY key parsing to work with unix line endings.
    + Add support for ECDSA and EdDSA type PuTTY keys.
    + #71 add support for PuTTY version 3 format keys.
      ~ Encrypted PuTTY version 3 format keys requires Bouncy
        Castle (bcprov-jdk18on).
    + Eliminate KeyPairDeferred and instead change handling of
      OpenSSH V1 type keys to be more like other KeyPair types.
    + Be more vigilant about clearing private key data.
    + Improve PKCS8 key handling and add support for PKCS5 2.1
      encryption.
    + Add support for ECDSA type PKCS8 keys.
    + Add support for SCrypt type KDF for PKCS8 keys.
      ~ PKCS8 keys using SCrypt requires Bouncy Castle
        (bcprov-jdk18on).
    + Add support for EdDSA type PKCS8 keys.
      ~ EdDSA type PKCS8 keys requires Bouncy Castle
        (bcprov-jdk18on).
    + Attempt to authenticate using other signature algorithms
      supported by the same public key.
      ~ Allow this behavior to be disabled via
        try_additional_pubkey_algorithms config option.
        ° Some servers incorrectly respond with
          SSH_MSG_USERAUTH_PK_OK to an initial auth query that they
          don't actually support for RSA keys.
    + Add a new config option enable_pubkey_auth_query to allow
      skipping auth queries and proceed directly to attempting
      full SSH_MSG_USERAUTH_REQUEST's.
    + Add a new config option enable_auth_none to control whether
      an initial auth request for the method none is sent to detect
      all supported auth methods available on the server.
  * Changes of 0.2.6
    + Include host alias instead of the real host in messages and
      exceptions, #257
    + Fix missing keySize set when loading V1 RSA keys, #258
    + Enhancement to present KeyPair.getKeyTypeString() method, #259
  * Changes of 0.2.5
    + Explictly free resources in Compression implementations, #241
    + Fix integration test failures on Apple Silicon by skipping
      OpenSSH 7.4 tests, #227
    + generate osgi bundle manifest data for jar #248, #249
  * Changes of 0.2.4
    + Improved excepton handling by @norrisjeremy in #200
  * Changes of 0.2.3
    + #188 fix private key length checks for ssh-ed25519 and
      ssh-ed448, #189
  * Changes of 0.2.2
    + setup jdk for code-ql analysis, #151
    + misc improvements, #152
    + Fixing Issue #131, #134
    + Update link to bcrypt, #157
  * Changes of 0.2.1
    + Allow to set a Logger per JSch-instance rather than a VM-wide
      one, #128
    + Preliminary changes prior to Javadoc work, #126
    + remove check to allow setting any filename encoding with any
      server version #137, #142
  * Changes of 0.2.0
    + Disable RSA/SHA1 signature algorithm by default #75
    + Add basic Logger implementations that can be optionally
      utilized with JSch.setLogger():
      ~ JulLogger, using java.util.logging.Logger
      ~ JplLogger, using Java 9's JEP 264
      ~ Log4j2Logger, using Apache Log4j 2
      ~ Slf4jLogger, using SLF4J
    + Fix client version to be compliant with RFC 4253 section 4.2
      by not including minus sign characters #115
    + Add java.util.zip based compression implementation #114
      ~ This is based upon the CompressionJUZ implementation posted
        to the JSch-users mailing list in 2012 by the original JSch
        author
      ~ The existing JZlib implementation remains the default to
        maintain strict RFC 4253 section 6.2 compliance
        ° To use the new implementation globally, execute
          JSch.setConfig("zlib@openssh.com",
          "com.jcraft.jsch.juz.Compression") +
          JSch.setConfig("zlib", "com.jcraft.jsch.juz.Compression")
        ° To use the new implementation per session, execute
          session.setConfig("zlib@openssh.com",
          "com.jcraft.jsch.juz.Compression")
          + session.setConfig("zlib",
          "com.jcraft.jsch.juz.Compression")
  * Changes of 0.1.72
    + Switch chacha20-poly1305@openssh.com algorithm to a pure
      Bouncy Castle based implementation
    + implement openssh config behavior to handle append, prepend
      and removal of algorithms #104
  * Changes of 0.1.71
    + Address #98 by restoring JSch.VERSION
  * Changes of 0.1.70
    + Address #89 by fixing rare ECDSA signature validation issue
    + Address #93 by always setting the "want reply" flag for "env"
      type channel requests to false
  * Changes of 0.1.69
    + Address #83 by sending CR LF at the end of the identification
      string
    + Fix earlier change for #76 that failed to correctly make the
      "Host" keyword case-insensitive
    + Fix PageantConnector struct class visibility #86
  * Changes of 0.1.68
    + Added support for the rijndael-cbc@lysator.liu.se algorithm
    + Added support for the hmac-ripemd160,
      hmac-ripemd160@openssh.com and hmac-ripemd160-etm@openssh.com
      algorithms using Bouncy Castle
    + Added support for various algorithms from RFC 4253 and
      RFC 4344 using Bouncy Castle
      ~ cast128-cbc
      ~ cast128-ctr
      ~ twofish-cbc
      ~ twofish128-cbc
      ~ twofish128-ctr
      ~ twofish192-cbc
      ~ twofish192-ctr
      ~ twofish256-cbc
      ~ twofish256-ctr
    + Added support for the seed-cbc@ssh.com algorithm using Bouncy
      Castle
  * Changes of 0.1.67
    + Added support for the blowfish-ctr algorithm from RFC 4344
    + Fix bug where ext-info-c was incorrectly advertised during
      rekeying
      ~ According to RFC 8308 section 2.1, ext-info-c should only
        advertised during the first key exchange
    + Address #77 by attempting to add compatibility with older
      Bouncy Castle releases
  * Changes of 0.1.66
    + Added support for RFC 8308 extension negotiation and
      server-sig-algs extension
      ~ This support is enabled by default, but can be controlled
        via the enable_server_sig_algs config option (or
        jsch.enable_server_sig_algs system property)
      ~ When enabled and a server-sig-algs message is received from
        the server, the algorithms included by the server and also
        present in the PubkeyAcceptedKeyTypes config option will be
        attempted first when using publickey authentication
      ~ Additionally if the server is detected as OpenSSH version
        7.4, the rsa-sha2-256 and rsa-sha2-512 algorithms will be
        added to the received server-sig-algs as a workaround for
        OpenSSH bug 2680
    + Added support for various algorithms supported by Tectia
      (ssh.com):
      ~ diffie-hellman-group14-sha224@ssh.com
      ~ diffie-hellman-group14-sha256@ssh.com
      ~ diffie-hellman-group15-sha256@ssh.com
      ~ diffie-hellman-group15-sha384@ssh.com
      ~ diffie-hellman-group16-sha384@ssh.com
      ~ diffie-hellman-group16-sha512@ssh.com
      ~ diffie-hellman-group18-sha512@ssh.com
      ~ diffie-hellman-group-exchange-sha224@ssh.com
      ~ diffie-hellman-group-exchange-sha384@ssh.com
      ~ diffie-hellman-group-exchange-sha512@ssh.com
      ~ hmac-sha224@ssh.com
      ~ hmac-sha256@ssh.com
      ~ hmac-sha256-2@ssh.com
      ~ hmac-sha384@ssh.com
      ~ hmac-sha512@ssh.com
      ~ ssh-rsa-sha224@ssh.com
      ~ ssh-rsa-sha256@ssh.com
      ~ ssh-rsa-sha384@ssh.com
      ~ ssh-rsa-sha512@ssh.com
    + Added support for SHA224 to FingerprintHash
    + Fixing #52
    + Deprecate void setFilenameEncoding(String encoding) in favor
      of void setFilenameEncoding(Charset encoding) in ChannelSftp
    + Added support for rsa-sha2-256 and rsa-rsa2-512 algorithms to
      ChannelAgentForwarding
    + Address #65 by adding ssh-agent support derived from
      jsch-agent-proxy
      ~ See examples/JSchWithAgentProxy.java for simple example
      ~ ssh-agent support requires either Java 16's JEP 380 or the
        addition of junixsocket to classpath
      ~ Pageant support is untested and requires the addition of JNA
        to classpath
    + Added support for the following algorithms with older Java
      releases by using Bouncy Castle:
      ~ ssh-ed25519
      ~ ssh-ed448
      ~ curve25519-sha256
      ~ curve25519-sha256@libssh.org
      ~ curve448-sha512
      ~ chacha20-poly1305@openssh.com
  * Changes of 0.1.65
    + Added system properties to allow manipulation of various
      crypto algorithms used by default
    + Integrated JZlib, allowing use of zlib@openssh.com and zlib
      compressions without the need to provide the JZlib jar-file
    + Modularized the jar-file for use with Java 9 or newer
    + Added runtime controls for the min/max/preferred sizes used
      for diffie-hellman-group-exchange-sha256 and
      diffie-hellman-group-exchange-sha1
    + Renamed PubkeyAcceptedKeyTypes config to
      PubkeyAcceptedAlgorithms to match recent changes in OpenSSH
      (PubkeyAcceptedKeyTypes is still accepted for backward
      compatibility)
    + Reduced number of algorithms that are runtime checked by
      default via CheckCiphers, CheckMacs, CheckKExes and
      CheckSignatures to improve runtime performance
  * Changes of 0.1.64
    + #55 bug fix
  * Changes of 0.1.63
    + fix for #42
  * Changes 0.1.62
    + #13 reject HostKey with some servers
    + #20 Include TestBCrypt.java unit test
    + #21 Misc cleanup
    + #27 Update Testcontainers to newest version to fix test
      failures
    + #34 NPE with openssh v1 format
  * Changes 0.1.61
    + Add support for chacha20-poly1305@openssh.com, ssh-ed25519,
      ssh-ed448, curve448-sha512, diffie-hellman-group15-sha512
      and diffie-hellman-group17-sha512.
      This makes use of the new EdDSA feature added in Java 15's
      JEP 339. #17
    + added integration test for public key authentication #19
  * Changes of 0.1.60
    + support for openssh-v1-private-key format
    + Fix bug with AEAD ciphers when compression is used. #15
  * Changes of 0.1.59
    + fixing issue #6 (originally from
      https://sourceforge.net/p/jsch/mailman/message/36872566/)
  * Changes of 0.1.58
    + adds support for more algorithms, see #4
  * Changes of 0.1.57
    + support for rsa-sha2-256 and rsa-sha2-512. #1
  * Changes of 0.1.56
    + support for direct-streamlocal@openssh.com
      (see SocketForwardingL.java)
- Removed patches:
  * jsch-0.1.54-sourcetarget.patch
  * jsch-osgi-manifest.patch
    + both problems are handled differently in the new version
- Added patches:
  * jsch-junixsocket.patch
    + disable building with dependency that we don't have
  * jsch-log4j.patch
    + disable building with log4j support in order to avoid a
      huge build cycle

-------------------------------------------------------------------
Sat Mar 19 21:51:39 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Modified patch:
  * jsch-0.1.54-sourcetarget.patch
    + build with source/target levels 8

-------------------------------------------------------------------
Tue Apr  7 13:56:09 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Version 0.1.55

-------------------------------------------------------------------
Tue Apr  7 13:52:31 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * jsch-osgi-manifest.patch
    + create the osgi manifest during the ant build
    + replaces the MANIFEST.MF file
- Miscellaneous clean-up

-------------------------------------------------------------------
Fri Sep 20 13:37:00 UTC 2019 - Fridrich Strba <fstrba@suse.com>

- Remove reference to the parent from pom file, since we are not
  building with maven

-------------------------------------------------------------------
Fri Sep  8 08:31:01 UTC 2017 - fstrba@suse.com

- Added patch:
  * jsch-0.1.54-sourcetarget.patch
    - Specify java source and target levels to 1.6, in order to
      allow building with jdk9

-------------------------------------------------------------------
Fri Jun  9 10:59:34 UTC 2017 - tchvatal@suse.com

- Build with full java, does not compile with gcj

-------------------------------------------------------------------
Fri May 19 09:59:03 UTC 2017 - dziolkowski@suse.com

- New build dependency: javapackages-local

-------------------------------------------------------------------
Sun Feb 12 21:45:09 UTC 2017 - guoyunhebrave@gmail.com

- Version 0.1.54

-------------------------------------------------------------------
Wed Mar 18 09:46:14 UTC 2015 - tchvatal@suse.com

- Fix build with new javapackages-tools

-------------------------------------------------------------------
Tue Jun 17 15:49:57 UTC 2014 - tchvatal@suse.com

- Version bump to 0.1.51
- Cleanup with spec-cleaner
- Add maven and osgi things same as in Fedora.

-------------------------------------------------------------------
Mon Sep  9 11:06:06 UTC 2013 - tchvatal@suse.com

- Move from jpackage-utils to javapackage-tools

-------------------------------------------------------------------
Mon May 13 06:15:53 UTC 2013 - mvyskocil@suse.com

- update to 0.1.50
  * fixes connection errors with "verify: false" when running on
    Java 7u6 (and later).
  * The OpenSSH config file and the key exchange method
    "diffie-hellman-group-exchange-sha256" are now supported

-------------------------------------------------------------------
Tue Oct 16 08:39:25 UTC 2012 - mvyskocil@suse.com

- update to 0.1.49
  * Putty's private key files support
  * hmax-sha2-256 defined in RFC6668 is supported
  * integration with jsch-agent-proxy
  * and many bugfixes

-------------------------------------------------------------------
Tue Apr 28 11:23:11 CEST 2009 - mvyskocil@suse.cz

- Initial SUSE packaging of version 0.1.40 (from jpp5) 

openSUSE Build Service is sponsored by