File apache-sshd.changes of Package apache-sshd

Overview Repositories Revisions Requests Users Attributes Meta

File apache-sshd.changes of Package apache-sshd

-------------------------------------------------------------------
Fri Jan 19 22:17:57 UTC 2024 - Fridrich Strba <fstrba@suse.com>

- Updated to upstream version 2.12.0
- Changes in version 2.11.0
  * Bug Fixes
    + GH-328 Added configurable timeout(s) to DefaultSftpClient
    + GH-370 Also compare file keys in ModifiableFileWatcher.
    + GH-371 Fix channel pool in SftpFileSystem.
    + GH-383 Use correct default OpenOptions in
      SftpFileSystemProvider.newFileChannel().
    + GH-384 Use correct lock modes for SFTP FileChannel.lock().
    + GH-388 ScpClient: support issuing commands to a server that
      uses a non-UTF-8 locale.
    + GH-398 SftpInputStreamAsync: fix reporting EOF on zero-length
      reads.
    + GH-403 Work-around a bug in WS_FTP <= 12.9 SFTP clients.
    + GH-407 (Regression in 2.10.0) SFTP performance fix: override
      FilterOutputStream.write(byte[], int, int).
    + GH-410 Fix a race condition to ensure SSH_MSG_CHANNEL_EOF is
      always sent before SSH_MSG_CHANNEL_CLOSE.
    + GH-414 Fix error handling while flushing queued packets at end
      of KEX.
    + GH-420 Fix wrong log level on closing an Nio2Session.
    + SSHD-789 Fix detection of Android O/S from system properties.
    + SSHD-1259 Consider all applicable host keys from the
      known_hosts files.
    + SSHD-1310 SftpFileSystem: do not close user session.
    + SSHD-1327 ChannelAsyncOutputStream: remove write future when
      done.
    + SSHD-1332 (Regression in 2.10.0) Resolve ~ in IdentityFile
      file names in HostConfigEntry.
  * New Features
    + SSHD-1330 Use KeepAliveHandler global request instance in
      client as well
    + GH-356 Publish snapshot maven artifacts to the Apache
      Snapshots maven repository.
    + Bundle sshd-contrib has support classes for the HAProxy
      protocol V2.
- Changes in version 2.12.0
  * Bug Fixes
    + GH-428/GH-392 SCP client fails silently when error signalled
      due to missing file or lacking permissions
    + GH-434 Ignore unknown key types from agent or in OpenSSH host
      keys extension
  * New Features
    + GH-429 Support GIT protocol-v2
    + GH-445 OpenSSH "strict key exchange" protocol extension
      (CVE-2023-48795, bsc#1218189 mitigation)
- Modified patch:
  * apache-sshd-javadoc.patch
    + rediff to changed context and drop integrated hunks

-------------------------------------------------------------------
Wed Oct 11 09:03:24 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Upgrade to upstrem version 2.10.0
  * Bug
    + SSHD-1295: Connection attempt not canceled when a connection
      timeout occurs
    + SSHD-1316: Possible OOM in ChannelPipedInputStream
    + SSHD-1319: SftpRemotePathChannel.transferFrom(...) ignores
      position argument
    + SSHD-1324: Rooted file system can leak informations
    + SSHD-1326: Failed to establish an SSH connection because the
      server identifier exceeds the int range
  * Improvement
    + SSHD-1315: Password in clear in SSHD server's logs
- Modified patch:
  * 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
    + rediff to changed context

-------------------------------------------------------------------
Fri Feb 10 07:26:34 UTC 2023 - Fridrich Strba <fstrba@suse.com>

- Clean-up the spec a bit

-------------------------------------------------------------------
Wed Nov 16 11:36:21 UTC 2022 - Fridrich Strba <fstrba@suse.com>

- Upgrade to version 2.9.2 (bsc#1205463, CVE-2022-45047)
- Changes in version 2.8.0
  * Bug
    + Wrong server key algorithm choose
    + Expiration of OpenSshCertificates needs to compare timestamps
      as unsigned long
    + SFTP Get downloads empty file from servers which supports EOF
      indication after data
    + skip() doesn't work properly in SftpInputStreamAsync
    + OpenMode and CopyMode is not honored as expected in
      version > 4 of SFTP api
    + SftpTransferTest sometimes hangs (failure during rekeying)
    + Race condition in KEX
    + Fix the ciphers supported documentation
    + Update tarLongFileMode to use POSIX
    + WinsCP transfer failure to Apache SSHD Server
    + Pubkey auth: keys from ssh-agent are used even if
      HostConfigEntry.isIdentitiesOnly() is true
    + Support RSA SHA2 signatures via SSH agent
    + NOTICE: wrong copyright year range
    + Wrong creationTime in writeAttrs for SFTP
    + sshd-netty logs all traffic on INFO level
  * New Feature
    + Add support for chacha20-poly1305@openssh.com
    + Parsing of ~/.ssh/config Host patterns fails with extra
      whitespace
    + Support generating OpenSSH client certificates
  * Improvement
    + Add support for curve25519-sha256@libssh.org key exchange
    + OpenSSH certificates: check certificate type
    + OpenSSHCertificatesTest: certificates expire in 2030
    + Display IdleTimeOut in more user-friendly format
    + sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in
      ChannelAsyncOutputStream constructor configurable from
      outside using variable/config file
    + Intercepting the server exception message from server in SSHD
      client
    + Implement RFC 8332 server-sig-algs on the server
    + Slow performance listing huge number of files on Apache SSHD
      server
    + SFTP: too many LSTAT calls
    + Support key constraints when adding a key to an SSH agent
    + Add SFTP server side file custom attributes hook
  * Task
    + Make sure the project is built using a <release>1.8</release>
  * Question
    + UserInteraction Problem
- Changes of vesion 2.9.0
  * Bug
    + Deadlock on disconnection at the end of key-exchange
    + Remote port forwarding mode does not handle EOF properly
    + Public key authentication: wrong signature algorithm used
      (ed25519 key with ssh-rsa signature)
    + Client fails window adjust above Integer.MAX_VALUE
    + class loader fails to load
      org.apache.sshd.common.cipher.BaseGCMCipher
    + Shell is not getting closed if the command has already closed
      the OutputStream it is using.
    + Sometimes async write listener is not called
    + Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to
      SocketTimeoutException
    + different host key algorithm used on rekey than used for the
      initial connection
    + OpenSSH certificate is not properly encoded when critical
      options are included
    + TCP/IP remote port forwarding with wildcard IP addresses
      doesn't work with OpenSSH
    + UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from
      an agent
  * New Feature
    + Add support for Argon2 encrypted PUTTY key files
    + Add support for merged inverted output and error streams of
      remote process
  * Improvement
    + Add support for "limits@openssh.com" SFTP extension
    + Support host-based pubkey authentication in the client
    + Send environment variable and open subsystem at the same time
      for SSH session
- Changes of version 2.9.1
  * Bug
    + ClientSession.auth().verify() is terminated with timeout
    + 2.9.0 release broken on Java 8
    + Infinite loop in
      org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead
    + Deadlock during session exit
    + Race condition is logged in ChannelAsyncOutputStream
- Changes of version 2.9.2
  * Bug
    + SFTP worker threads got stuck while processing PUT methods
      against one specific SFTP server
    + Use the maximum packet size of the communication partner
    + ExplicitPortForwardingTracker does not unbind auto-allocated
      one
    + Default SshClient FD leak because Selector not closed
    + Reading again from exhausted ChannelExec#getInvertedOut()
      throws IOException instead of returning -1
    + Keeping error streams and input streams separate after
      ChannelExec#setRedirectErrorStream(true) is called
    + Nio2Session.shutdownOutput() should wait for writes in
      progress
  * Test
    + Research intermittent failure in unit tests using various I/O
      service factories
- Modified patch:
  * 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
    + rediff to changed context
- Removed patches:
  * 0002-Fix-manifest-generation.patch
    + not needed any more in this version
  * apache-sshd-2.7.0-java8.patch
    + not needed since the Java 8 compatibility is handled by the
      --release option
- Added patch:
  * apache-sshd-javadoc.patch
    + Fix different warnings in javadoc generation

-------------------------------------------------------------------
Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba <fstrba@suse.com>

- Upgrade to version 2.7.0
- Changes in version 2.5.0
  * Major code re-factoring
    + Reception of an SSH_MSG_UNIMPLEMENTED response to a
      SSH_MSG_GLOBAL_REQUEST is translated internally into same code
      flow as if an SSH_MSH_REQUEST_FAILURE has been received - see
      SSHD-968.
    + Server SFTP subsystem internal code dealing with the local
      files has been delegated to the SftpFileSystemAccessor in
      order to allow easier hooking into the SFTP subsystem.
      - Resolving a local file path for an SFTP remote one
      - Reading/Writing a file's attribute(s)
      - Creating files links
      - Copying / Renaming / Deleting files
    + SftpVersionSelector is now consulted when client sends initial
      command (as well as when session is re-negotiated)
    + ScpCommandFactory is also a ShellFactory that can be used to
      provide a minimalistic shell that is good enough for WinSCP.
    + Rework SFTP streams so that the client asks and receives as
      much data as possible - see SSHD-979.
  * Minor code helpers
    + Handling of debug/ignore/unimplemented messages has been split
      into handleXXX and doInvokeXXXMsgHandler methods where the
      former validate the messages and deal with the idle timeout,
      and the latter execute the actual invcation.
    + Added overloaded methods that accept a java.time.Duration
      specifier for timeout value.
    + The argument representing the SFTP subsystem in invocations to
      SftpFileSystemAccessor has been enhanced to expose as much of
      the available functionality as possible.
  * Behavioral changes and enhancements
    + SSHD-964 - Send SSH_MSG_CHANNEL_EOF when tunnel channel being
      closed.
    + SSHD-967 - Extra bytes written when
      SftpRemotePathChannel#transferTo is used.
    + SSHD-968 - Interpret SSH_MSG_UNIMPLEMENTED response to a
      heartbeat request as a liveness indicator
    + SSHD-970 - transferTo function of SftpRemotePathChannel will
      loop if count parameter is greater than file size
    + SSHD-972 - Add support for peers using OpenSSH "security key"
      key types
    + SSHD-977 - Apply consistent logging policy to caught
      exceptions
    + SSHD-660 - Added support for server-side signed certificate
      keys
    + SSHD-984 - Utility method to export KeyPair in OpenSSH format
    + SSHD-992 - Provide more hooks into the SFTP server subsystem
      via SftpFileSystemAccessor
    + SSHD-997 - Fixed OpenSSH private key decoders for RSA and
      Ed25519
    + SSHD-998 - Take into account SFTP version preference when
      establishing initial channel
    + SSHD-989 - Read correctly ECDSA key pair from PKCS8 encoded
      data
    + SSHD-1009 - Provide a minimalistic shell for supporting WinSCP
      SCP mode.
- Changes in version 2.5.1
  * Behavioral changes and enhancements
    + SSHD-1022 NPE in SftpOutputStreamAsync#flush() if no data
      written in between.
- Changes in version 2.6.0
  * Major code re-factoring
    + SshServerMain uses by default an ECDSA key instead of an RSA
      one. This can be overridden either by -key-type / -key-size or
      -key-file command line option.
    + SSHD-1034 Rename org.apache.sshd.common.ForwardingFilter to
      Forwarder.
    + SSHD-1035 Move property definitions to common locations.
    + SSHD-1038 Refactor packages from a module into a cleaner
      hierarchy.
    + SSHD-1080 Rework the PacketWriter to split according to the
      various semantics
    + SSHD-1084 Revert the usage of asynchronous streams when
      forwarding ports.
  * Minor code helpers
    + SSHD-1004 Using a more constant time MAC validation to
      minimize timing side channel information leak.
    + SSHD-1030 Added a NoneFileSystemFactory implementation
    + SSHD-1042 Added more callbacks to SftpEventListener
    + SSHD-1040 Make server key available after KEX completed.
    + SSHD-1060 Do not store logger level in fields.
    + SSHD-1064 Fixed ClientSession#executeRemoteCommand handling
      of STDERR in case of exception to behave according to its
      documentation
    + SSHD-1076 Break down ClientUserAuthService#auth method into
      several to allow for flexible override
    + SSHD-1077 Added command line option to request specific SFTP
      version in SftpCommandMain
    + SSHD-1079 Experimental async mode on the local port forwarder
    + SSHD-1086 Added SFTP aware directory scanning helper classes
    + SSHD-1089 Added wrappers for one-time single session usage of
      SFTP/SCP clients
    + Propagate SCP file transfer ACK data to ScpTransferListener
      before validating it.
  * Behavioral changes and enhancements
    + SSHD-506 Added support for AES-GCM ciphers.
    + SSHD-954 Improve validation of DH public key values.
    + SSHD-1004 Deprecate DES, RC4 and Blowfish ciphers from default
      setup.
    + SSHD-1004 Deprecate SHA-1 based key exchanges and signatures
      from default setup.
    + SSHD-1004 Deprecate MD5-based and truncated HMAC algorithms
      from default setup.
    + SSHD-1005 Added support for SCP remote-to-remote file transfer
    + SSHD-1020 SSH connections getting closed abruptly with timeout
      exceptions.
    + SSHD-1026 Improve build reproductibility.
    + SSHD-1028 Fix SSH_MSG_DISCONNECT: Too many concurrent
      connections.
    + SSHD-1032 Fix possible ArrayIndexOutOfBoundsException in
      ChannelAsyncOutputStream.
    + SSHD-1033 Fix simultaneous usage of dynamic and local port
      forwarding.
    + SSHD-1039 Fix support for some basic options in ssh/sshd cli.
    + SSHD-1047 Support for SSH jumps.
    + SSHD-1048 Wrap instead of rethrow IOException in Future.
    + SSHD-1050 Fixed race condition in AuthFuture if exception
      caught before authentication started.
    + SSHD-1053 Fixed handling of certified keys authentication.
    + SSHD-1056 Added support for SCP remote-to-remote directory
      transfer - including '-3' option of SCP command CLI.
    + SSHD-1057 Added capability to select a ShellFactory based on
      the current session + use it for "WinSCP"
    + SSHD-1058 Improve exception logging strategy.
    + SSHD-1059 Do not send heartbeat if KEX state not DONE
    + SSHD-1063 Fixed known-hosts file server key verifier matching
      of same host with different ports
    + SSHD-1066 Allow multiple binding to local port tunnel on
      different addresses
    + SSHD-1070 OutOfMemoryError when use async port forwarding
    + SSHD-1100 Updated used moduli for DH group KEX
    + SSHD-1102 Provide filter support for SftpDirectoryStream
    + SSHD-1104 Take into account possible key type aliases when
      using public key authentication
    + SSHD-1107 Allow configuration of minimum DH group exchange key
      size via property or programmatically
    + SSHD-1108 Increased minimum default DH group exchange key size
      to 2048 (but support 1024)
- Changes in version 2.7.0
  * Major code re-factoring
    + SSHD-1133 Re-factored locations and names of ServerSession and
      server-side ChannelSession related classes
    + Moved some helper methods and classes to more natural
      locations
  * Minor code helpers
    + SSHD-525 Added support for "posix-rename@openssh.com" SFTP
      extension
    + SSHD-1083 Relaxed required Nio2Connector/Acceptor required
      constructor arguments
    + SSHD-1085 Added CliLogger + more verbosity on SshClientMain
    + SSHD-1109 Route tests JUL logging via SLF4JBridgeHandler
    + SSHD-1109 Provide full slf4j logger capabilities to CliLogger
      and use it in all CLI classes
    + SSHD-1110 Replace Class#newInstance() calls with
      Class#getDefaultConstructor().newInstance()
    + SSHD-1111 Fixed SshClientCliSupport compression option
      detection
    + SSHD-1116 Provide SessionContext argument to
      HostKeyIdentityProvider#loadHostKeys
    + SSHD-1116 Provide SessionContext argument to
      PasswordIdentityProvider#loadPasswords
    + SSHD-1116 Provide SessionContext argument to
      AuthenticationIdentitiesProvider#loadIdentities
    + SSHD-1125 Added option to require immediate close of channel
      in command ExitCallback invocation
    + SSHD-1127 Consolidated SftpSubsystem support implementations
      into SftpSubsystemConfigurator
    + SSHD-1148 Generate a unique thread name for each SftpSubsystem
      instance
  * Behavioral changes and enhancements
    + SSHD-1085 Added more notifications related to channel state
      change for detecting channel closing or closed earlier.
    + SSHD-1091 Renamed sshd-contrib top-level package in order to
      align naming convention.
    + SSHD-1097 Added more SessionListener callbacks related to the
      initial version and key exchange
    + SSHD-1097 Added more capability to send peer identification
      via ReservedSessionMessagesHandler
    + SSHD-1097 Implemented endless tarpit example in sshd-contrib
    + SSHD-1109 Replace log4j with logback as the slf4j logger
      implementation for tests
    + SSHD-1114 Added callbacks for client-side password
      authentication progress
    + SSHD-1114 Added callbacks for client-side public key
      authentication progress
    + SSHD-1114 Added callbacks for client-side host-based
      authentication progress
    + SSHD-1114 Added capability for interactive password
      authentication participation via UserInteraction
    + SSHD-1114 Added capability for interactive key based
      authentication participation via UserInteraction
    + SSHD-1123 Add option to chunk data in ChannelAsyncOutputStream
      if window size is smaller than packet size
    + SSHD-1125 Added mechanism to throttle pending write requests
      in BufferedIoOutputStream
    + SSHD-1127 Added capability to register a custom receiver for
      SFTP STDERR channel raw or stream data
    + SSHD-1132 Added SFTP client-side support for
      'filename-charset' extension
    + SSHD-1132 Added SFTP client-side support for
      'filename-translation-control' extension
    + SSHD-1132 Added SFTP servder-side support for non-UTF8
      encoding of returned file names
    + SSHD-1133 Added capability to specify a custom charset for
      parsing incoming commands to the ScpShell
    + SSHD-1133 Added capability to specify a custom charset for
      returning environment variables related data from the ScpShell
    + SSHD-1133 Added capability to specify a custom charset for
      handling the SCP protocol textual commands and responses
    + SSHD-1136 Use configuration property to decide whether to
      allow fallback to DH group exchange using SHA-1 if no suitable
      primes found for SHA-256
    + SSHD-1137 Added capability to override LinkOption(s) when
      accessing a file/folder via SFTP
    + SSHD-1147 SftpInputStreamAsync: get file size before SSH_FXP_OPEN
- Modified patches:
  * 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
  * apache-sshd-2.4.0-java8.patch -> apache-sshd-2.7.0-java8.patch
    + rediff to changed context
- Added patch:
  * 0002-Fix-manifest-generation.patch
    + do not import self

-------------------------------------------------------------------
Thu Jul 16 21:58:44 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Added patch:
  * apache-sshd-2.4.0-java8.patch
    + restore Java 8 compatibility of bytecode generated by Java 9+

-------------------------------------------------------------------
Mon Jun 29 11:32:37 UTC 2020 - Fridrich Strba <fstrba@suse.com>

- Initial packaging of apache-sshd 2.4.0

Places

File apache-sshd.changes of Package apache-sshd

Places