File apache-sshd.changes of Package apache-sshd.32181
-------------------------------------------------------------------
Fri Jan 19 22:17:57 UTC 2024 - Fridrich Strba <fstrba@suse.com>
- Updated to upstream version 2.12.0
- Changes in version 2.11.0
* Bug Fixes
+ GH-328 Added configurable timeout(s) to DefaultSftpClient
+ GH-370 Also compare file keys in ModifiableFileWatcher.
+ GH-371 Fix channel pool in SftpFileSystem.
+ GH-383 Use correct default OpenOptions in
SftpFileSystemProvider.newFileChannel().
+ GH-384 Use correct lock modes for SFTP FileChannel.lock().
+ GH-388 ScpClient: support issuing commands to a server that
uses a non-UTF-8 locale.
+ GH-398 SftpInputStreamAsync: fix reporting EOF on zero-length
reads.
+ GH-403 Work-around a bug in WS_FTP <= 12.9 SFTP clients.
+ GH-407 (Regression in 2.10.0) SFTP performance fix: override
FilterOutputStream.write(byte[], int, int).
+ GH-410 Fix a race condition to ensure SSH_MSG_CHANNEL_EOF is
always sent before SSH_MSG_CHANNEL_CLOSE.
+ GH-414 Fix error handling while flushing queued packets at end
of KEX.
+ GH-420 Fix wrong log level on closing an Nio2Session.
+ SSHD-789 Fix detection of Android O/S from system properties.
+ SSHD-1259 Consider all applicable host keys from the
known_hosts files.
+ SSHD-1310 SftpFileSystem: do not close user session.
+ SSHD-1327 ChannelAsyncOutputStream: remove write future when
done.
+ SSHD-1332 (Regression in 2.10.0) Resolve ~ in IdentityFile
file names in HostConfigEntry.
* New Features
+ SSHD-1330 Use KeepAliveHandler global request instance in
client as well
+ GH-356 Publish snapshot maven artifacts to the Apache
Snapshots maven repository.
+ Bundle sshd-contrib has support classes for the HAProxy
protocol V2.
- Changes in version 2.12.0
* Bug Fixes
+ GH-428/GH-392 SCP client fails silently when error signalled
due to missing file or lacking permissions
+ GH-434 Ignore unknown key types from agent or in OpenSSH host
keys extension
* New Features
+ GH-429 Support GIT protocol-v2
+ GH-445 OpenSSH "strict key exchange" protocol extension
(CVE-2023-48795, bsc#1218189 mitigation)
- Modified patch:
* apache-sshd-javadoc.patch
+ rediff to changed context and drop integrated hunks
-------------------------------------------------------------------
Wed Oct 11 09:03:24 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Upgrade to upstrem version 2.10.0
* Bug
+ SSHD-1295: Connection attempt not canceled when a connection
timeout occurs
+ SSHD-1316: Possible OOM in ChannelPipedInputStream
+ SSHD-1319: SftpRemotePathChannel.transferFrom(...) ignores
position argument
+ SSHD-1324: Rooted file system can leak informations
+ SSHD-1326: Failed to establish an SSH connection because the
server identifier exceeds the int range
* Improvement
+ SSHD-1315: Password in clear in SSHD server's logs
- Modified patch:
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
+ rediff to changed context
-------------------------------------------------------------------
Fri Feb 10 07:26:34 UTC 2023 - Fridrich Strba <fstrba@suse.com>
- Clean-up the spec a bit
-------------------------------------------------------------------
Wed Nov 16 11:36:21 UTC 2022 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 2.9.2 (bsc#1205463, CVE-2022-45047)
- Changes in version 2.8.0
* Bug
+ Wrong server key algorithm choose
+ Expiration of OpenSshCertificates needs to compare timestamps
as unsigned long
+ SFTP Get downloads empty file from servers which supports EOF
indication after data
+ skip() doesn't work properly in SftpInputStreamAsync
+ OpenMode and CopyMode is not honored as expected in
version > 4 of SFTP api
+ SftpTransferTest sometimes hangs (failure during rekeying)
+ Race condition in KEX
+ Fix the ciphers supported documentation
+ Update tarLongFileMode to use POSIX
+ WinsCP transfer failure to Apache SSHD Server
+ Pubkey auth: keys from ssh-agent are used even if
HostConfigEntry.isIdentitiesOnly() is true
+ Support RSA SHA2 signatures via SSH agent
+ NOTICE: wrong copyright year range
+ Wrong creationTime in writeAttrs for SFTP
+ sshd-netty logs all traffic on INFO level
* New Feature
+ Add support for chacha20-poly1305@openssh.com
+ Parsing of ~/.ssh/config Host patterns fails with extra
whitespace
+ Support generating OpenSSH client certificates
* Improvement
+ Add support for curve25519-sha256@libssh.org key exchange
+ OpenSSH certificates: check certificate type
+ OpenSSHCertificatesTest: certificates expire in 2030
+ Display IdleTimeOut in more user-friendly format
+ sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in
ChannelAsyncOutputStream constructor configurable from
outside using variable/config file
+ Intercepting the server exception message from server in SSHD
client
+ Implement RFC 8332 server-sig-algs on the server
+ Slow performance listing huge number of files on Apache SSHD
server
+ SFTP: too many LSTAT calls
+ Support key constraints when adding a key to an SSH agent
+ Add SFTP server side file custom attributes hook
* Task
+ Make sure the project is built using a <release>1.8</release>
* Question
+ UserInteraction Problem
- Changes of vesion 2.9.0
* Bug
+ Deadlock on disconnection at the end of key-exchange
+ Remote port forwarding mode does not handle EOF properly
+ Public key authentication: wrong signature algorithm used
(ed25519 key with ssh-rsa signature)
+ Client fails window adjust above Integer.MAX_VALUE
+ class loader fails to load
org.apache.sshd.common.cipher.BaseGCMCipher
+ Shell is not getting closed if the command has already closed
the OutputStream it is using.
+ Sometimes async write listener is not called
+ Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to
SocketTimeoutException
+ different host key algorithm used on rekey than used for the
initial connection
+ OpenSSH certificate is not properly encoded when critical
options are included
+ TCP/IP remote port forwarding with wildcard IP addresses
doesn't work with OpenSSH
+ UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from
an agent
* New Feature
+ Add support for Argon2 encrypted PUTTY key files
+ Add support for merged inverted output and error streams of
remote process
* Improvement
+ Add support for "limits@openssh.com" SFTP extension
+ Support host-based pubkey authentication in the client
+ Send environment variable and open subsystem at the same time
for SSH session
- Changes of version 2.9.1
* Bug
+ ClientSession.auth().verify() is terminated with timeout
+ 2.9.0 release broken on Java 8
+ Infinite loop in
org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead
+ Deadlock during session exit
+ Race condition is logged in ChannelAsyncOutputStream
- Changes of version 2.9.2
* Bug
+ SFTP worker threads got stuck while processing PUT methods
against one specific SFTP server
+ Use the maximum packet size of the communication partner
+ ExplicitPortForwardingTracker does not unbind auto-allocated
one
+ Default SshClient FD leak because Selector not closed
+ Reading again from exhausted ChannelExec#getInvertedOut()
throws IOException instead of returning -1
+ Keeping error streams and input streams separate after
ChannelExec#setRedirectErrorStream(true) is called
+ Nio2Session.shutdownOutput() should wait for writes in
progress
* Test
+ Research intermittent failure in unit tests using various I/O
service factories
- Modified patch:
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
+ rediff to changed context
- Removed patches:
* 0002-Fix-manifest-generation.patch
+ not needed any more in this version
* apache-sshd-2.7.0-java8.patch
+ not needed since the Java 8 compatibility is handled by the
--release option
- Added patch:
* apache-sshd-javadoc.patch
+ Fix different warnings in javadoc generation
-------------------------------------------------------------------
Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Upgrade to version 2.7.0
- Changes in version 2.5.0
* Major code re-factoring
+ Reception of an SSH_MSG_UNIMPLEMENTED response to a
SSH_MSG_GLOBAL_REQUEST is translated internally into same code
flow as if an SSH_MSH_REQUEST_FAILURE has been received - see
SSHD-968.
+ Server SFTP subsystem internal code dealing with the local
files has been delegated to the SftpFileSystemAccessor in
order to allow easier hooking into the SFTP subsystem.
- Resolving a local file path for an SFTP remote one
- Reading/Writing a file's attribute(s)
- Creating files links
- Copying / Renaming / Deleting files
+ SftpVersionSelector is now consulted when client sends initial
command (as well as when session is re-negotiated)
+ ScpCommandFactory is also a ShellFactory that can be used to
provide a minimalistic shell that is good enough for WinSCP.
+ Rework SFTP streams so that the client asks and receives as
much data as possible - see SSHD-979.
* Minor code helpers
+ Handling of debug/ignore/unimplemented messages has been split
into handleXXX and doInvokeXXXMsgHandler methods where the
former validate the messages and deal with the idle timeout,
and the latter execute the actual invcation.
+ Added overloaded methods that accept a java.time.Duration
specifier for timeout value.
+ The argument representing the SFTP subsystem in invocations to
SftpFileSystemAccessor has been enhanced to expose as much of
the available functionality as possible.
* Behavioral changes and enhancements
+ SSHD-964 - Send SSH_MSG_CHANNEL_EOF when tunnel channel being
closed.
+ SSHD-967 - Extra bytes written when
SftpRemotePathChannel#transferTo is used.
+ SSHD-968 - Interpret SSH_MSG_UNIMPLEMENTED response to a
heartbeat request as a liveness indicator
+ SSHD-970 - transferTo function of SftpRemotePathChannel will
loop if count parameter is greater than file size
+ SSHD-972 - Add support for peers using OpenSSH "security key"
key types
+ SSHD-977 - Apply consistent logging policy to caught
exceptions
+ SSHD-660 - Added support for server-side signed certificate
keys
+ SSHD-984 - Utility method to export KeyPair in OpenSSH format
+ SSHD-992 - Provide more hooks into the SFTP server subsystem
via SftpFileSystemAccessor
+ SSHD-997 - Fixed OpenSSH private key decoders for RSA and
Ed25519
+ SSHD-998 - Take into account SFTP version preference when
establishing initial channel
+ SSHD-989 - Read correctly ECDSA key pair from PKCS8 encoded
data
+ SSHD-1009 - Provide a minimalistic shell for supporting WinSCP
SCP mode.
- Changes in version 2.5.1
* Behavioral changes and enhancements
+ SSHD-1022 NPE in SftpOutputStreamAsync#flush() if no data
written in between.
- Changes in version 2.6.0
* Major code re-factoring
+ SshServerMain uses by default an ECDSA key instead of an RSA
one. This can be overridden either by -key-type / -key-size or
-key-file command line option.
+ SSHD-1034 Rename org.apache.sshd.common.ForwardingFilter to
Forwarder.
+ SSHD-1035 Move property definitions to common locations.
+ SSHD-1038 Refactor packages from a module into a cleaner
hierarchy.
+ SSHD-1080 Rework the PacketWriter to split according to the
various semantics
+ SSHD-1084 Revert the usage of asynchronous streams when
forwarding ports.
* Minor code helpers
+ SSHD-1004 Using a more constant time MAC validation to
minimize timing side channel information leak.
+ SSHD-1030 Added a NoneFileSystemFactory implementation
+ SSHD-1042 Added more callbacks to SftpEventListener
+ SSHD-1040 Make server key available after KEX completed.
+ SSHD-1060 Do not store logger level in fields.
+ SSHD-1064 Fixed ClientSession#executeRemoteCommand handling
of STDERR in case of exception to behave according to its
documentation
+ SSHD-1076 Break down ClientUserAuthService#auth method into
several to allow for flexible override
+ SSHD-1077 Added command line option to request specific SFTP
version in SftpCommandMain
+ SSHD-1079 Experimental async mode on the local port forwarder
+ SSHD-1086 Added SFTP aware directory scanning helper classes
+ SSHD-1089 Added wrappers for one-time single session usage of
SFTP/SCP clients
+ Propagate SCP file transfer ACK data to ScpTransferListener
before validating it.
* Behavioral changes and enhancements
+ SSHD-506 Added support for AES-GCM ciphers.
+ SSHD-954 Improve validation of DH public key values.
+ SSHD-1004 Deprecate DES, RC4 and Blowfish ciphers from default
setup.
+ SSHD-1004 Deprecate SHA-1 based key exchanges and signatures
from default setup.
+ SSHD-1004 Deprecate MD5-based and truncated HMAC algorithms
from default setup.
+ SSHD-1005 Added support for SCP remote-to-remote file transfer
+ SSHD-1020 SSH connections getting closed abruptly with timeout
exceptions.
+ SSHD-1026 Improve build reproductibility.
+ SSHD-1028 Fix SSH_MSG_DISCONNECT: Too many concurrent
connections.
+ SSHD-1032 Fix possible ArrayIndexOutOfBoundsException in
ChannelAsyncOutputStream.
+ SSHD-1033 Fix simultaneous usage of dynamic and local port
forwarding.
+ SSHD-1039 Fix support for some basic options in ssh/sshd cli.
+ SSHD-1047 Support for SSH jumps.
+ SSHD-1048 Wrap instead of rethrow IOException in Future.
+ SSHD-1050 Fixed race condition in AuthFuture if exception
caught before authentication started.
+ SSHD-1053 Fixed handling of certified keys authentication.
+ SSHD-1056 Added support for SCP remote-to-remote directory
transfer - including '-3' option of SCP command CLI.
+ SSHD-1057 Added capability to select a ShellFactory based on
the current session + use it for "WinSCP"
+ SSHD-1058 Improve exception logging strategy.
+ SSHD-1059 Do not send heartbeat if KEX state not DONE
+ SSHD-1063 Fixed known-hosts file server key verifier matching
of same host with different ports
+ SSHD-1066 Allow multiple binding to local port tunnel on
different addresses
+ SSHD-1070 OutOfMemoryError when use async port forwarding
+ SSHD-1100 Updated used moduli for DH group KEX
+ SSHD-1102 Provide filter support for SftpDirectoryStream
+ SSHD-1104 Take into account possible key type aliases when
using public key authentication
+ SSHD-1107 Allow configuration of minimum DH group exchange key
size via property or programmatically
+ SSHD-1108 Increased minimum default DH group exchange key size
to 2048 (but support 1024)
- Changes in version 2.7.0
* Major code re-factoring
+ SSHD-1133 Re-factored locations and names of ServerSession and
server-side ChannelSession related classes
+ Moved some helper methods and classes to more natural
locations
* Minor code helpers
+ SSHD-525 Added support for "posix-rename@openssh.com" SFTP
extension
+ SSHD-1083 Relaxed required Nio2Connector/Acceptor required
constructor arguments
+ SSHD-1085 Added CliLogger + more verbosity on SshClientMain
+ SSHD-1109 Route tests JUL logging via SLF4JBridgeHandler
+ SSHD-1109 Provide full slf4j logger capabilities to CliLogger
and use it in all CLI classes
+ SSHD-1110 Replace Class#newInstance() calls with
Class#getDefaultConstructor().newInstance()
+ SSHD-1111 Fixed SshClientCliSupport compression option
detection
+ SSHD-1116 Provide SessionContext argument to
HostKeyIdentityProvider#loadHostKeys
+ SSHD-1116 Provide SessionContext argument to
PasswordIdentityProvider#loadPasswords
+ SSHD-1116 Provide SessionContext argument to
AuthenticationIdentitiesProvider#loadIdentities
+ SSHD-1125 Added option to require immediate close of channel
in command ExitCallback invocation
+ SSHD-1127 Consolidated SftpSubsystem support implementations
into SftpSubsystemConfigurator
+ SSHD-1148 Generate a unique thread name for each SftpSubsystem
instance
* Behavioral changes and enhancements
+ SSHD-1085 Added more notifications related to channel state
change for detecting channel closing or closed earlier.
+ SSHD-1091 Renamed sshd-contrib top-level package in order to
align naming convention.
+ SSHD-1097 Added more SessionListener callbacks related to the
initial version and key exchange
+ SSHD-1097 Added more capability to send peer identification
via ReservedSessionMessagesHandler
+ SSHD-1097 Implemented endless tarpit example in sshd-contrib
+ SSHD-1109 Replace log4j with logback as the slf4j logger
implementation for tests
+ SSHD-1114 Added callbacks for client-side password
authentication progress
+ SSHD-1114 Added callbacks for client-side public key
authentication progress
+ SSHD-1114 Added callbacks for client-side host-based
authentication progress
+ SSHD-1114 Added capability for interactive password
authentication participation via UserInteraction
+ SSHD-1114 Added capability for interactive key based
authentication participation via UserInteraction
+ SSHD-1123 Add option to chunk data in ChannelAsyncOutputStream
if window size is smaller than packet size
+ SSHD-1125 Added mechanism to throttle pending write requests
in BufferedIoOutputStream
+ SSHD-1127 Added capability to register a custom receiver for
SFTP STDERR channel raw or stream data
+ SSHD-1132 Added SFTP client-side support for
'filename-charset' extension
+ SSHD-1132 Added SFTP client-side support for
'filename-translation-control' extension
+ SSHD-1132 Added SFTP servder-side support for non-UTF8
encoding of returned file names
+ SSHD-1133 Added capability to specify a custom charset for
parsing incoming commands to the ScpShell
+ SSHD-1133 Added capability to specify a custom charset for
returning environment variables related data from the ScpShell
+ SSHD-1133 Added capability to specify a custom charset for
handling the SCP protocol textual commands and responses
+ SSHD-1136 Use configuration property to decide whether to
allow fallback to DH group exchange using SHA-1 if no suitable
primes found for SHA-256
+ SSHD-1137 Added capability to override LinkOption(s) when
accessing a file/folder via SFTP
+ SSHD-1147 SftpInputStreamAsync: get file size before SSH_FXP_OPEN
- Modified patches:
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
* apache-sshd-2.4.0-java8.patch -> apache-sshd-2.7.0-java8.patch
+ rediff to changed context
- Added patch:
* 0002-Fix-manifest-generation.patch
+ do not import self
-------------------------------------------------------------------
Thu Jul 16 21:58:44 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Added patch:
* apache-sshd-2.4.0-java8.patch
+ restore Java 8 compatibility of bytecode generated by Java 9+
-------------------------------------------------------------------
Mon Jun 29 11:32:37 UTC 2020 - Fridrich Strba <fstrba@suse.com>
- Initial packaging of apache-sshd 2.4.0
