Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package trilead-ssh2 for openSUSE:Factory checked in at 2024-03-15 20:31:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/trilead-ssh2 (Old) and /work/SRC/openSUSE:Factory/.trilead-ssh2.new.1905 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "trilead-ssh2" Fri Mar 15 20:31:26 2024 rev:3 rq:1157966 version:217.293.v56de4d4d3515 Changes: -------- --- /work/SRC/openSUSE:Factory/trilead-ssh2/trilead-ssh2.changes 2022-03-28 16:59:59.492922944 +0200 +++ /work/SRC/openSUSE:Factory/.trilead-ssh2.new.1905/trilead-ssh2.changes 2024-03-15 20:32:02.273746066 +0100 @@ -1,0 +2,42 @@ +Thu Mar 14 09:09:47 UTC 2024 - Gus Kenion <gus.ken...@suse.com> + +- Upgrade to version build-217-jenkins-293.v56de4d4d3515 + * Trilead ssh2 fix big integer removes leading zero + Addresses CVE-2023-48795, bsc#1218198 + * JENKINS-72466 - : Upgrades jbcrypt dependency +- Includes changes from previous version updates: + * JENKINS-71798 - : TimeoutService threads are left after closing + connection + * Giving threads names for easier troubleshooting + * Update parent POM + * There is no guarantee that the plugin works with Java 8 anymore, + and it is not tested. If you still run Jenkins on Java 8 do not + update. JENKINS-69229 + * Removal of unnecessary protobuf-java + * fix: bump protobuff due to CVE 2021 22569 + * JENKINS-69018 - use constant MAX_PACKET_SIZE + * add support for hmac-sha2-512-...@openssh.com + hmac-sha2-256-...@opensh.com in trilead-ssh2 + * feat: enable continuous delivery workflow + * additional kex algorithms + * [Revert]JENKINS-62552 - Use standard crypto APIs + * feat: enable incrementals + * Retry userauth when multiple algs + * Known Issue: JENKINS-63790 causes SSH agent connections to fail + in some configurations + * fix: allow to use password encrypted keys + * Known Issue: trilead api 1.0.9 fails clone from ssh repository + using 3DES/MD5-encrypted private key JENKINS-63601 + * JENKINS-62552 - Use standard crypto APIs + * Resolve several possible infinite hangings because of wait() + * Revert "JENKINS-62311 - Add support for RFC 8332" + * [SECURITY] Use HTTPS to resolve dependencies in Maven Build + * JENKINS-62311 - Add support for RFC 8332 + * Support for port=0 which means automatically allocated port. + * JENKINS-59857 - Kerberos support updated +- Added patch: + * 0001-Remove-the-dependency-on-google-tink.patch + + remove new code dependent on google tink since we don't have + the dependency + +------------------------------------------------------------------- Old: ---- trilead-ssh2-build217-jenkins-8.tar.gz New: ---- 0001-Remove-the-dependency-on-google-tink.patch build-217-jenkins-293.v56de4d4d3515.tar.gz trilead-ssh2-build.xml BETA DEBUG BEGIN: New:- Added patch: * 0001-Remove-the-dependency-on-google-tink.patch + remove new code dependent on google tink since we don't have BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ trilead-ssh2.spec ++++++ --- /var/tmp/diff_new_pack.sWWAZi/_old 2024-03-15 20:32:03.017773246 +0100 +++ /var/tmp/diff_new_pack.sWWAZi/_new 2024-03-15 20:32:03.021773393 +0100 @@ -1,7 +1,7 @@ # # spec file for package trilead-ssh2 # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,18 +17,25 @@ %global buildver 217 -%global patchlvl 8 +%global patchlvl 293 +%global githash v56de4d4d3515 + Name: trilead-ssh2 -Version: %{buildver}.%{patchlvl} +Version: %{buildver}.%{patchlvl}.%{githash} Release: 0 Summary: SSH-2 protocol implementation in pure Java License: BSD-3-Clause AND MIT Group: Development/Libraries/Java URL: https://github.com/jenkinsci/trilead-ssh2 -Source0: https://github.com/jenkinsci/%{name}/archive/%{name}-build%{buildver}-jenkins-%{patchlvl}.tar.gz +Source0: https://github.com/jenkinsci/%{name}/archive/refs/tags/build-%{buildver}-jenkins-%{patchlvl}.%{githash}.tar.gz +Source1: %{name}-build.xml +Patch0: 0001-Remove-the-dependency-on-google-tink.patch +BuildRequires: ant +BuildRequires: ed25519-java BuildRequires: fdupes BuildRequires: java-devel >= 1.8 BuildRequires: javapackages-local +BuildRequires: jbcrypt BuildArch: noarch %description @@ -47,28 +54,31 @@ API documentation for %{name}. %prep -%setup -q -n %{name}-%{name}-build%{buildver}-jenkins-%{patchlvl} +%setup -q -n %{name}-build-%{buildver}-jenkins-%{patchlvl}.%{githash} +%patch -P 0 -p1 +cp %{SOURCE1} build.xml + +%pom_remove_dep :tink +%pom_xpath_set pom:project/pom:version "build-%{buildver}-jenkins-%{patchlvl}.%{githash}" %build -mkdir -p build/classes -javac -d build/classes -source 8 -target 8 $(find src -name \*.java | xargs) -(cd build/classes && jar cf ../%{name}-%{version}.jar $(find . -name \*.class)) -mkdir -p build/docs -javadoc -d build/docs -source 8 $(find src -name \*.java | xargs) +mkdir -p lib +build-jar-repository -s lib eddsa jbcrypt +%{ant} package javadoc %install # jars install -d -m 0755 %{buildroot}%{_javadir} -install -m 644 build/%{name}-%{version}.jar %{buildroot}%{_javadir}/%{name}.jar +install -m 644 target/%{name}-*.jar %{buildroot}%{_javadir}/%{name}.jar # pom install -d -m 755 %{buildroot}%{_mavenpomdir} -install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom +%{mvn_install_pom} pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom %add_maven_depmap %{name}.pom %{name}.jar -a "org.tmatesoft.svnkit:trilead-ssh2","com.trilead:trilead-ssh2" # javadoc install -d -m 755 %{buildroot}%{_javadocdir}/%{name} -cp -aL build/docs/* %{buildroot}%{_javadocdir}/%{name} +cp -aL target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name} %fdupes -s %{buildroot}%{_javadocdir}/%{name} %files -f .mfiles ++++++ 0001-Remove-the-dependency-on-google-tink.patch ++++++ >From 933d197b30e797d4b82eeef1953fd82e617f4cf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <fridrich.st...@bluewin.ch> Date: Wed, 13 Mar 2024 07:05:36 +0100 Subject: [PATCH] Remove the dependency on google tink --- .../ssh2/crypto/dh/Curve25519Exchange.java | 85 ------------------- .../ssh2/crypto/dh/GenericDhExchange.java | 3 - .../trilead/ssh2/transport/KexManager.java | 9 +- 3 files changed, 1 insertion(+), 96 deletions(-) delete mode 100644 src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java diff --git a/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java b/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java deleted file mode 100644 index 01d4ab4..0000000 --- a/src/com/trilead/ssh2/crypto/dh/Curve25519Exchange.java +++ /dev/null @@ -1,85 +0,0 @@ -package com.trilead.ssh2.crypto.dh; - -import com.google.crypto.tink.subtle.X25519; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.InvalidKeyException; - -/** - * Created by Kenny Root on 1/23/16. - */ -public class Curve25519Exchange extends GenericDhExchange { - public static final String NAME = "curve25519-sha256"; - public static final String ALT_NAME = "curve25519-sha...@libssh.org"; - public static final int KEY_SIZE = 32; - - private byte[] clientPublic; - private byte[] clientPrivate; - private byte[] serverPublic; - - public Curve25519Exchange() { - super(); - } - - /* - * Used to test known vectors. - */ - public Curve25519Exchange(byte[] secret) throws InvalidKeyException { - if (secret.length != KEY_SIZE) { - throw new AssertionError("secret must be key size"); - } - clientPrivate = secret.clone(); - } - - @Override - public void init(String name) throws IOException { - if (!NAME.equals(name) && !ALT_NAME.equals(name)) { - throw new IOException("Invalid name " + name); - } - - clientPrivate = X25519.generatePrivateKey(); - try { - clientPublic = X25519.publicFromPrivate(clientPrivate); - } catch (InvalidKeyException e) { - throw new IOException(e); - } - } - - @Override - public byte[] getE() { - return clientPublic.clone(); - } - - @Override - protected byte[] getServerE() { - return serverPublic.clone(); - } - - @Override - public void setF(byte[] f) throws IOException { - if (f.length != KEY_SIZE) { - throw new IOException("Server sent invalid key length " + f.length + " (expected " + - KEY_SIZE + ")"); - } - serverPublic = f.clone(); - try { - byte[] sharedSecretBytes = X25519.computeSharedSecret(clientPrivate, serverPublic); - int allBytes = 0; - for (int i = 0; i < sharedSecretBytes.length; i++) { - allBytes |= sharedSecretBytes[i]; - } - if (allBytes == 0) { - throw new IOException("Invalid key computed; all zeroes"); - } - sharedSecret = new BigInteger(1, sharedSecretBytes); - } catch (InvalidKeyException e) { - throw new IOException(e); - } - } - - @Override - public String getHashAlgo() { - return "SHA-256"; - } -} diff --git a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java index c2436e3..a63b9fd 100644 --- a/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java +++ b/src/com/trilead/ssh2/crypto/dh/GenericDhExchange.java @@ -29,9 +29,6 @@ public abstract class GenericDhExchange } public static GenericDhExchange getInstance(String algo) { - if (Curve25519Exchange.NAME.equals(algo) || Curve25519Exchange.ALT_NAME.equals(algo)) { - return new Curve25519Exchange(); - } if (algo.startsWith("ecdh-sha2-")) { return new EcDhExchange(); } else { diff --git a/src/com/trilead/ssh2/transport/KexManager.java b/src/com/trilead/ssh2/transport/KexManager.java index c2ec2b0..2c8056a 100644 --- a/src/com/trilead/ssh2/transport/KexManager.java +++ b/src/com/trilead/ssh2/transport/KexManager.java @@ -17,7 +17,6 @@ import com.trilead.ssh2.crypto.CryptoWishList; import com.trilead.ssh2.crypto.KeyMaterial; import com.trilead.ssh2.crypto.cipher.BlockCipher; import com.trilead.ssh2.crypto.cipher.BlockCipherFactory; -import com.trilead.ssh2.crypto.dh.Curve25519Exchange; import com.trilead.ssh2.crypto.dh.DhGroupExchange; import com.trilead.ssh2.crypto.dh.GenericDhExchange; import com.trilead.ssh2.crypto.digest.MessageMac; @@ -397,8 +396,6 @@ public class KexManager implements MessageHandler if ("ecdh-sha2-nistp521".equals(algo)) continue; - if (Curve25519Exchange.NAME.equals(algo)||Curve25519Exchange.ALT_NAME.equals(algo)) - continue; throw new IllegalArgumentException("Unknown kex algorithm '" + algo + "'"); } } @@ -489,8 +486,6 @@ public class KexManager implements MessageHandler } if (kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") - || kxs.np.kex_algo.equals(Curve25519Exchange.NAME) - || kxs.np.kex_algo.equals(Curve25519Exchange.ALT_NAME) || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || kxs.np.kex_algo.equals("ecdh-sha2-nistp521") || kxs.np.kex_algo.equals("ecdh-sha2-nistp384") @@ -630,9 +625,7 @@ public class KexManager implements MessageHandler || kxs.np.kex_algo.equals("diffie-hellman-group14-sha1") || kxs.np.kex_algo.equals("ecdh-sha2-nistp256") || kxs.np.kex_algo.equals("ecdh-sha2-nistp384") - || kxs.np.kex_algo.equals("ecdh-sha2-nistp521") - || kxs.np.kex_algo.equals(Curve25519Exchange.NAME) - || kxs.np.kex_algo.equals(Curve25519Exchange.ALT_NAME)) + || kxs.np.kex_algo.equals("ecdh-sha2-nistp521")) { if (kxs.state == 1) { -- 2.44.0 ++++++ trilead-ssh2-build.xml ++++++ <?xml version="1.0" encoding="UTF-8"?> <project name="trilead-ssh2" default="package" basedir="."> <!-- ====================================================================== --> <!-- Build environment properties --> <!-- ====================================================================== --> <property name="project.groupId" value="org.jenkins-ci"/> <property name="project.artifactId" value="trilead-ssh2"/> <property name="project.version" value="bogusVersion"/> <property name="compiler.release" value="8"/> <property name="compiler.source" value="1.${compiler.release}"/> <property name="compiler.target" value="${compiler.source}"/> <property name="build.finalName" value="${project.artifactId}-${project.version}"/> <property name="build.dir" value="target"/> <property name="build.outputDir" value="${build.dir}/classes"/> <property name="build.srcDir" value="src"/> <property name="reporting.outputDirectory" value="${build.dir}/site"/> <!-- ====================================================================== --> <!-- Defining classpaths --> <!-- ====================================================================== --> <path id="build.classpath"> <fileset dir="lib"> <include name="**/*.jar"/> </fileset> </path> <!-- ====================================================================== --> <!-- Cleaning up target --> <!-- ====================================================================== --> <target name="clean" description="Clean the output directory"> <delete dir="${build.dir}"/> </target> <!-- ====================================================================== --> <!-- Compilation target --> <!-- ====================================================================== --> <target name="compile" description="Compile the code"> <mkdir dir="${build.outputDir}"/> <javac destdir="${build.outputDir}" nowarn="false" debug="true" optimize="false" deprecation="true" release="${compiler.release}" target="${compiler.target}" verbose="false" fork="false" source="${compiler.source}"> <src> <pathelement location="${build.srcDir}"/> </src> <classpath refid="build.classpath"/> </javac> </target> <!-- ====================================================================== --> <!-- Javadoc target --> <!-- ====================================================================== --> <target name="javadoc" description="Generates the Javadoc of the application"> <javadoc sourcepath="${build.srcDir}" packagenames="*" destdir="${reporting.outputDirectory}/apidocs" access="protected" source="${compiler.source}" verbose="false" locale="en_US" version="true" use="true" author="true" splitindex="false" nodeprecated="false" nodeprecatedlist="false" notree="false" noindex="false" nohelp="false" nonavbar="false" serialwarn="false" charset="ISO-8859-1" linksource="false" breakiterator="false"> <classpath refid="build.classpath"/> </javadoc> </target> <!-- ====================================================================== --> <!-- Package target --> <!-- ====================================================================== --> <target name="package" depends="compile" description="Package the application"> <jar jarfile="${build.dir}/${build.finalName}.jar" compress="true" index="false" basedir="${build.outputDir}" excludes="**/package.html"/> </target> <!-- ====================================================================== --> <!-- A dummy target for the package named after the type it creates --> <!-- ====================================================================== --> <target name="jar" depends="package" description="Builds the jar for the application"/> </project>