Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package trilead-ssh2 for openSUSE:Factory
checked in at 2024-03-15 20:31:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/trilead-ssh2 (Old)
and /work/SRC/openSUSE:Factory/.trilead-ssh2.new.1905 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trilead-ssh2"
Fri Mar 15 20:31:26 2024 rev:3 rq:1157966 version:217.293.v56de4d4d3515
Changes:
--------
--- /work/SRC/openSUSE:Factory/trilead-ssh2/trilead-ssh2.changes
2022-03-28 16:59:59.492922944 +0200
+++ /work/SRC/openSUSE:Factory/.trilead-ssh2.new.1905/trilead-ssh2.changes
2024-03-15 20:32:02.273746066 +0100
@@ -1,0 +2,42 @@
+Thu Mar 14 09:09:47 UTC 2024 - Gus Kenion <gus.ken...@suse.com>
+
+- Upgrade to version build-217-jenkins-293.v56de4d4d3515
+ * Trilead ssh2 fix big integer removes leading zero
+ Addresses CVE-2023-48795, bsc#1218198
+ * JENKINS-72466 - : Upgrades jbcrypt dependency
+- Includes changes from previous version updates:
+ * JENKINS-71798 - : TimeoutService threads are left after closing
+ connection
+ * Giving threads names for easier troubleshooting
+ * Update parent POM
+ * There is no guarantee that the plugin works with Java 8 anymore,
+ and it is not tested. If you still run Jenkins on Java 8 do not
+ update. JENKINS-69229
+ * Removal of unnecessary protobuf-java
+ * fix: bump protobuff due to CVE 2021 22569
+ * JENKINS-69018 - use constant MAX_PACKET_SIZE
+ * add support for hmac-sha2-512-...@openssh.com
+ hmac-sha2-256-...@opensh.com in trilead-ssh2
+ * feat: enable continuous delivery workflow
+ * additional kex algorithms
+ * [Revert]JENKINS-62552 - Use standard crypto APIs
+ * feat: enable incrementals
+ * Retry userauth when multiple algs
+ * Known Issue: JENKINS-63790 causes SSH agent connections to fail
+ in some configurations
+ * fix: allow to use password encrypted keys
+ * Known Issue: trilead api 1.0.9 fails clone from ssh repository
+ using 3DES/MD5-encrypted private key JENKINS-63601
+ * JENKINS-62552 - Use standard crypto APIs
+ * Resolve several possible infinite hangings because of wait()
+ * Revert "JENKINS-62311 - Add support for RFC 8332"
+ * [SECURITY] Use HTTPS to resolve dependencies in Maven Build
+ * JENKINS-62311 - Add support for RFC 8332
+ * Support for port=0 which means automatically allocated port.
+ * JENKINS-59857 - Kerberos support updated
+- Added patch:
+ * 0001-Remove-the-dependency-on-google-tink.patch
+ + remove new code dependent on google tink since we don't have
+ the dependency
+
+-------------------------------------------------------------------
Old:
----
trilead-ssh2-build217-jenkins-8.tar.gz
New:
----
0001-Remove-the-dependency-on-google-tink.patch
build-217-jenkins-293.v56de4d4d3515.tar.gz
trilead-ssh2-build.xml
BETA DEBUG BEGIN:
New:- Added patch:
* 0001-Remove-the-dependency-on-google-tink.patch
+ remove new code dependent on google tink since we don't have
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ trilead-ssh2.spec ++++++
--- /var/tmp/diff_new_pack.sWWAZi/_old 2024-03-15 20:32:03.017773246 +0100
+++ /var/tmp/diff_new_pack.sWWAZi/_new 2024-03-15 20:32:03.021773393 +0100
@@ -1,7 +1,7 @@
#
# spec file for package trilead-ssh2
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,18 +17,25 @@
%global buildver 217
-%global patchlvl 8
+%global patchlvl 293
+%global githash v56de4d4d3515
+
Name: trilead-ssh2
-Version: %{buildver}.%{patchlvl}
+Version: %{buildver}.%{patchlvl}.%{githash}
Release: 0
Summary: SSH-2 protocol implementation in pure Java
License: BSD-3-Clause AND MIT
Group: Development/Libraries/Java
URL: https://github.com/jenkinsci/trilead-ssh2
-Source0:
https://github.com/jenkinsci/%{name}/archive/%{name}-build%{buildver}-jenkins-%{patchlvl}.tar.gz
+Source0:
https://github.com/jenkinsci/%{name}/archive/refs/tags/build-%{buildver}-jenkins-%{patchlvl}.%{githash}.tar.gz
+Source1: %{name}-build.xml
+Patch0: 0001-Remove-the-dependency-on-google-tink.patch
+BuildRequires: ant
+BuildRequires: ed25519-java
BuildRequires: fdupes
BuildRequires: java-devel >= 1.8
BuildRequires: javapackages-local
+BuildRequires: jbcrypt
BuildArch: noarch
%description
@@ -47,28 +54,31 @@
API documentation for %{name}.
%prep
-%setup -q -n %{name}-%{name}-build%{buildver}-jenkins-%{patchlvl}
+%setup -q -n %{name}-build-%{buildver}-jenkins-%{patchlvl}.%{githash}
+%patch -P 0 -p1
+cp %{SOURCE1} build.xml
+
+%pom_remove_dep :tink
+%pom_xpath_set pom:project/pom:version
"build-%{buildver}-jenkins-%{patchlvl}.%{githash}"
%build
-mkdir -p build/classes
-javac -d build/classes -source 8 -target 8 $(find src -name \*.java | xargs)
-(cd build/classes && jar cf ../%{name}-%{version}.jar $(find . -name
\*.class))
-mkdir -p build/docs
-javadoc -d build/docs -source 8 $(find src -name \*.java | xargs)
+mkdir -p lib
+build-jar-repository -s lib eddsa jbcrypt
+%{ant} package javadoc
%install
# jars
install -d -m 0755 %{buildroot}%{_javadir}
-install -m 644 build/%{name}-%{version}.jar %{buildroot}%{_javadir}/%{name}.jar
+install -m 644 target/%{name}-*.jar %{buildroot}%{_javadir}/%{name}.jar
# pom
install -d -m 755 %{buildroot}%{_mavenpomdir}
-install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom
+%{mvn_install_pom} pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom
%add_maven_depmap %{name}.pom %{name}.jar -a
"org.tmatesoft.svnkit:trilead-ssh2","com.trilead:trilead-ssh2"
# javadoc
install -d -m 755 %{buildroot}%{_javadocdir}/%{name}
-cp -aL build/docs/* %{buildroot}%{_javadocdir}/%{name}
+cp -aL target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}
%fdupes -s %{buildroot}%{_javadocdir}/%{name}
%files -f .mfiles
++++++ 0001-Remove-the-dependency-on-google-tink.patch ++++++
>From 933d197b30e797d4b82eeef1953fd82e617f4cf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <fridrich.st...@bluewin.ch>
Date: Wed, 13 Mar 2024 07:05:36 +0100
Subject: [PATCH] Remove the dependency on google tink
---
.../ssh2/crypto/dh/Curve25519Exchange.java | 85 -------------------
.../ssh2/crypto/dh/GenericDhExchange.java | 3 -
.../trilead/ssh2/transport/KexManager.java | 9 +-
3 files changed, 1 insertion(+), 96 deletions(-)
delete mode 100644 src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
diff --git a/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
b/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
deleted file mode 100644
index 01d4ab4..0000000
--- a/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java
+++ /dev/null
@@ -1,85 +0,0 @@
-package com.trilead.ssh2.crypto.dh;
-
-import com.google.crypto.tink.subtle.X25519;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.InvalidKeyException;
-
-/**
- * Created by Kenny Root on 1/23/16.
- */
-public class Curve25519Exchange extends GenericDhExchange {
- public static final String NAME = "curve25519-sha256";
- public static final String ALT_NAME = "curve25519-sha...@libssh.org";
- public static final int KEY_SIZE = 32;
-
- private byte[] clientPublic;
- private byte[] clientPrivate;
- private byte[] serverPublic;
-
- public Curve25519Exchange() {
- super();
- }
-
- /*
- * Used to test known vectors.
- */
- public Curve25519Exchange(byte[] secret) throws InvalidKeyException {
- if (secret.length != KEY_SIZE) {
- throw new AssertionError("secret must be key size");
- }
- clientPrivate = secret.clone();
- }
-
- @Override
- public void init(String name) throws IOException {
- if (!NAME.equals(name) && !ALT_NAME.equals(name)) {
- throw new IOException("Invalid name " + name);
- }
-
- clientPrivate = X25519.generatePrivateKey();
- try {
- clientPublic = X25519.publicFromPrivate(clientPrivate);
- } catch (InvalidKeyException e) {
- throw new IOException(e);
- }
- }
-
- @Override
- public byte[] getE() {
- return clientPublic.clone();
- }
-
- @Override
- protected byte[] getServerE() {
- return serverPublic.clone();
- }
-
- @Override
- public void setF(byte[] f) throws IOException {
- if (f.length != KEY_SIZE) {
- throw new IOException("Server sent invalid key length "
+ f.length + " (expected " +
- KEY_SIZE + ")");
- }
- serverPublic = f.clone();
- try {
- byte[] sharedSecretBytes =
X25519.computeSharedSecret(clientPrivate, serverPublic);
- int allBytes = 0;
- for (int i = 0; i < sharedSecretBytes.length; i++) {
- allBytes |= sharedSecretBytes[i];
- }
- if (allBytes == 0) {
- throw new IOException("Invalid key computed;
all zeroes");
- }
- sharedSecret = new BigInteger(1, sharedSecretBytes);
- } catch (InvalidKeyException e) {
- throw new IOException(e);
- }
- }
-
- @Override
- public String getHashAlgo() {
- return "SHA-256";
- }
-}
diff --git a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
index c2436e3..a63b9fd 100644
--- a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
+++ b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java
@@ -29,9 +29,6 @@ public abstract class GenericDhExchange
}
public static GenericDhExchange getInstance(String algo) {
- if (Curve25519Exchange.NAME.equals(algo) ||
Curve25519Exchange.ALT_NAME.equals(algo)) {
- return new Curve25519Exchange();
- }
if (algo.startsWith("ecdh-sha2-")) {
return new EcDhExchange();
} else {
diff --git a/src/com/trilead/ssh2/transport/KexManager.java
b/src/com/trilead/ssh2/transport/KexManager.java
index c2ec2b0..2c8056a 100644
--- a/src/com/trilead/ssh2/transport/KexManager.java
+++ b/src/com/trilead/ssh2/transport/KexManager.java
@@ -17,7 +17,6 @@ import com.trilead.ssh2.crypto.CryptoWishList;
import com.trilead.ssh2.crypto.KeyMaterial;
import com.trilead.ssh2.crypto.cipher.BlockCipher;
import com.trilead.ssh2.crypto.cipher.BlockCipherFactory;
-import com.trilead.ssh2.crypto.dh.Curve25519Exchange;
import com.trilead.ssh2.crypto.dh.DhGroupExchange;
import com.trilead.ssh2.crypto.dh.GenericDhExchange;
import com.trilead.ssh2.crypto.digest.MessageMac;
@@ -397,8 +396,6 @@ public class KexManager implements MessageHandler
if ("ecdh-sha2-nistp521".equals(algo))
continue;
- if
(Curve25519Exchange.NAME.equals(algo)||Curve25519Exchange.ALT_NAME.equals(algo))
- continue;
throw new IllegalArgumentException("Unknown kex
algorithm '" + algo + "'");
}
}
@@ -489,8 +486,6 @@ public class KexManager implements MessageHandler
}
if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")
- ||
kxs.np.kex_algo.equals(Curve25519Exchange.NAME)
- ||
kxs.np.kex_algo.equals(Curve25519Exchange.ALT_NAME)
||
kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")
||
kxs.np.kex_algo.equals("ecdh-sha2-nistp521")
||
kxs.np.kex_algo.equals("ecdh-sha2-nistp384")
@@ -630,9 +625,7 @@ public class KexManager implements MessageHandler
||
kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp256")
|| kxs.np.kex_algo.equals("ecdh-sha2-nistp384")
- || kxs.np.kex_algo.equals("ecdh-sha2-nistp521")
- ||
kxs.np.kex_algo.equals(Curve25519Exchange.NAME)
- ||
kxs.np.kex_algo.equals(Curve25519Exchange.ALT_NAME))
+ || kxs.np.kex_algo.equals("ecdh-sha2-nistp521"))
{
if (kxs.state == 1)
{
--
2.44.0
++++++ trilead-ssh2-build.xml ++++++
<?xml version="1.0" encoding="UTF-8"?>
<project name="trilead-ssh2" default="package" basedir=".">
<!-- ======================================================================
-->
<!-- Build environment properties
-->
<!-- ======================================================================
-->
<property name="project.groupId" value="org.jenkins-ci"/>
<property name="project.artifactId" value="trilead-ssh2"/>
<property name="project.version" value="bogusVersion"/>
<property name="compiler.release" value="8"/>
<property name="compiler.source" value="1.${compiler.release}"/>
<property name="compiler.target" value="${compiler.source}"/>
<property name="build.finalName"
value="${project.artifactId}-${project.version}"/>
<property name="build.dir" value="target"/>
<property name="build.outputDir" value="${build.dir}/classes"/>
<property name="build.srcDir" value="src"/>
<property name="reporting.outputDirectory" value="${build.dir}/site"/>
<!-- ======================================================================
-->
<!-- Defining classpaths
-->
<!-- ======================================================================
-->
<path id="build.classpath">
<fileset dir="lib">
<include name="**/*.jar"/>
</fileset>
</path>
<!-- ======================================================================
-->
<!-- Cleaning up target
-->
<!-- ======================================================================
-->
<target name="clean" description="Clean the output directory">
<delete dir="${build.dir}"/>
</target>
<!-- ======================================================================
-->
<!-- Compilation target
-->
<!-- ======================================================================
-->
<target name="compile" description="Compile the code">
<mkdir dir="${build.outputDir}"/>
<javac destdir="${build.outputDir}"
nowarn="false"
debug="true"
optimize="false"
deprecation="true"
release="${compiler.release}"
target="${compiler.target}"
verbose="false"
fork="false"
source="${compiler.source}">
<src>
<pathelement location="${build.srcDir}"/>
</src>
<classpath refid="build.classpath"/>
</javac>
</target>
<!-- ======================================================================
-->
<!-- Javadoc target
-->
<!-- ======================================================================
-->
<target name="javadoc" description="Generates the Javadoc of the application">
<javadoc sourcepath="${build.srcDir}"
packagenames="*"
destdir="${reporting.outputDirectory}/apidocs"
access="protected"
source="${compiler.source}"
verbose="false"
locale="en_US"
version="true"
use="true"
author="true"
splitindex="false"
nodeprecated="false"
nodeprecatedlist="false"
notree="false"
noindex="false"
nohelp="false"
nonavbar="false"
serialwarn="false"
charset="ISO-8859-1"
linksource="false"
breakiterator="false">
<classpath refid="build.classpath"/>
</javadoc>
</target>
<!-- ======================================================================
-->
<!-- Package target
-->
<!-- ======================================================================
-->
<target name="package" depends="compile" description="Package the
application">
<jar jarfile="${build.dir}/${build.finalName}.jar"
compress="true"
index="false"
basedir="${build.outputDir}"
excludes="**/package.html"/>
</target>
<!-- ======================================================================
-->
<!-- A dummy target for the package named after the type it creates
-->
<!-- ======================================================================
-->
<target name="jar" depends="package" description="Builds the jar for the
application"/>
</project>
