Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apache-sshd for openSUSE:Factory checked in at 2026-06-01 18:06:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache-sshd (Old) and /work/SRC/openSUSE:Factory/.apache-sshd.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache-sshd" Mon Jun 1 18:06:52 2026 rev:13 rq:1356318 version:2.18.0 Changes: -------- --- /work/SRC/openSUSE:Factory/apache-sshd/apache-sshd.changes 2025-09-25 18:48:18.489737222 +0200 +++ /work/SRC/openSUSE:Factory/.apache-sshd.new.1937/apache-sshd.changes 2026-06-01 18:08:06.108497190 +0200 @@ -1,0 +2,54 @@ +Mon Jun 1 08:40:30 UTC 2026 - Fridrich Strba <[email protected]> + +- Update to upstream version 2.18.0 + * Bug Fixes + + GH-743 Ensure the Java ServiceLoader use a singleton + SftpFileSystemProvider + + GH-879 Close SSH channel gracefully on exception in port + forwarding + + Security: Improve handling of repository paths in sshd-git. + Resolves CVE-2026-48827, bsc#1267018 + * New Features + + GH-892 Align handling certificates without principals with + OpenSSH 10.3 + +------------------------------------------------------------------- +Mon Jun 1 08:39:20 UTC 2026 - Fridrich Strba <[email protected]> + +- Update to upstream version 2.17.1 + * Changes + + GH-875 Use Apache Parent POM 36 + +------------------------------------------------------------------- +Mon Jun 1 08:31:59 UTC 2026 - Fridrich Strba <[email protected]> + +- Update to upstream version 2.17.0 + * Bug Fixes + + GH-469, SSHD-897 Fix duplicate character echo with interactive + shells + + GH-721 SSH client: schedule session timeout checks on demand + only + + GH-807 Handle "verified" flag for sk-* keys + + GH-809 Fix server-side authentication for FIDO/U2F sk-* keys + with flags in authorized_keys + + GH-827 Don't fail on invalid known_hosts lines; log and skip + them + + GH-830 EC public keys: let Bouncy Castle generate X.509 + encodings with the curve OID as algorithm parameter + + GH-855 SFTP: use a single SftpClient per SftpFileSystem + + GH-856 Fix using ed25519 with BC-FIPS + + GH-861 SFTP client: prevent sending zero-length writes in + SftpOutputStreamAsync + + SSHD-1348 Fix zero-length SFTP reads + + SSHD-1349 Bump PMD to 7.20.0 to avoid StackOverflowError when + compiling on Java 26-ea + * New Features + + GH-814 Include a fix for CVE-2020-36843 (bsc#1239551) in + optional dependency net.i2p.crypto:eddsa:0.3.0: perform the + missing range check in Apache MINA SSHD before delegating to + the signature verification in net.i2p.crypto:eddsa:0.3.0. + This means that using net.i2p.crypto:eddsa:0.3.0 in Apache + MINA SSHD is safe despite that CVE in the dependency. + + GH-865 replace %h in HostName SSH config + +------------------------------------------------------------------- Old: ---- apache-sshd-2.16.0-src.tar.gz New: ---- apache-sshd-2.18.0-src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache-sshd.spec ++++++ --- /var/tmp/diff_new_pack.8svqRl/_old 2026-06-01 18:08:07.780566534 +0200 +++ /var/tmp/diff_new_pack.8svqRl/_new 2026-06-01 18:08:07.784566699 +0200 @@ -1,7 +1,7 @@ # # spec file for package apache-sshd # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %bcond_with extras %endif %global homedir %{_datadir}/apache-sshd -Version: 2.16.0 +Version: 2.18.0 Release: 0 Summary: Apache SSHD # One file has ISC licensing: ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.8svqRl/_old 2026-06-01 18:08:07.836568856 +0200 +++ /var/tmp/diff_new_pack.8svqRl/_new 2026-06-01 18:08:07.840569022 +0200 @@ -1,6 +1,6 @@ -mtime: 1758809382 -commit: 12a8a608f9d115f658e36f35dd965258c39151d35c2b0ee43b1d51e7e4c9e4f2 -url: https://src.opensuse.org/java-packages/apache-sshd.git -revision: 12a8a608f9d115f658e36f35dd965258c39151d35c2b0ee43b1d51e7e4c9e4f2 +mtime: 1780303389 +commit: 1af456002354ec8cebeab6fb2a724484c97b310075df147eecf8cdba4cf46818 +url: https://src.opensuse.org/java-packages/apache-sshd +revision: 1af456002354ec8cebeab6fb2a724484c97b310075df147eecf8cdba4cf46818 projectscmsync: https://src.opensuse.org/java-packages/_ObsPrj ++++++ apache-sshd-2.16.0-src.tar.gz -> apache-sshd-2.18.0-src.tar.gz ++++++ ++++ 6198 lines of diff (skipped) ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-01 10:43:09.000000000 +0200 @@ -0,0 +1 @@ +.osc
