File apache-sshd.changes of Package apache-sshd (Revision 58600f26cbf90ab35d128002af3dcac5)
Currently displaying revision 58600f26cbf90ab35d128002af3dcac5 , Show latest
238
1
-------------------------------------------------------------------
2
Fri Jul 30 08:13:19 UTC 2021 - Fridrich Strba <fstrba@suse.com>
3
4
- Upgrade to version 2.7.0
5
- Changes in version 2.5.0
6
* Major code re-factoring
7
+ Reception of an SSH_MSG_UNIMPLEMENTED response to a
8
SSH_MSG_GLOBAL_REQUEST is translated internally into same code
9
flow as if an SSH_MSH_REQUEST_FAILURE has been received - see
10
SSHD-968.
11
+ Server SFTP subsystem internal code dealing with the local
12
files has been delegated to the SftpFileSystemAccessor in
13
order to allow easier hooking into the SFTP subsystem.
14
- Resolving a local file path for an SFTP remote one
15
- Reading/Writing a file's attribute(s)
16
- Creating files links
17
- Copying / Renaming / Deleting files
18
+ SftpVersionSelector is now consulted when client sends initial
19
command (as well as when session is re-negotiated)
20
+ ScpCommandFactory is also a ShellFactory that can be used to
21
provide a minimalistic shell that is good enough for WinSCP.
22
+ Rework SFTP streams so that the client asks and receives as
23
much data as possible - see SSHD-979.
24
* Minor code helpers
25
+ Handling of debug/ignore/unimplemented messages has been split
26
into handleXXX and doInvokeXXXMsgHandler methods where the
27
former validate the messages and deal with the idle timeout,
28
and the latter execute the actual invcation.
29
+ Added overloaded methods that accept a java.time.Duration
30
specifier for timeout value.
31
+ The argument representing the SFTP subsystem in invocations to
32
SftpFileSystemAccessor has been enhanced to expose as much of
33
the available functionality as possible.
34
* Behavioral changes and enhancements
35
+ SSHD-964 - Send SSH_MSG_CHANNEL_EOF when tunnel channel being
36
closed.
37
+ SSHD-967 - Extra bytes written when
38
SftpRemotePathChannel#transferTo is used.
39
+ SSHD-968 - Interpret SSH_MSG_UNIMPLEMENTED response to a
40
heartbeat request as a liveness indicator
41
+ SSHD-970 - transferTo function of SftpRemotePathChannel will
42
loop if count parameter is greater than file size
43
+ SSHD-972 - Add support for peers using OpenSSH "security key"
44
key types
45
+ SSHD-977 - Apply consistent logging policy to caught
46
exceptions
47
+ SSHD-660 - Added support for server-side signed certificate
48
keys
49
+ SSHD-984 - Utility method to export KeyPair in OpenSSH format
50
+ SSHD-992 - Provide more hooks into the SFTP server subsystem
51
via SftpFileSystemAccessor
52
+ SSHD-997 - Fixed OpenSSH private key decoders for RSA and
53
Ed25519
54
+ SSHD-998 - Take into account SFTP version preference when
55
establishing initial channel
56
+ SSHD-989 - Read correctly ECDSA key pair from PKCS8 encoded
57
data
58
+ SSHD-1009 - Provide a minimalistic shell for supporting WinSCP
59
SCP mode.
60
- Changes in version 2.5.1
61
* Behavioral changes and enhancements
62
+ SSHD-1022 NPE in SftpOutputStreamAsync#flush() if no data
63
written in between.
64
- Changes in version 2.6.0
65
* Major code re-factoring
66
+ SshServerMain uses by default an ECDSA key instead of an RSA
67
one. This can be overridden either by -key-type / -key-size or
68
-key-file command line option.
69
+ SSHD-1034 Rename org.apache.sshd.common.ForwardingFilter to
70
Forwarder.
71
+ SSHD-1035 Move property definitions to common locations.
72
+ SSHD-1038 Refactor packages from a module into a cleaner
73
hierarchy.
74
+ SSHD-1080 Rework the PacketWriter to split according to the
75
various semantics
76
+ SSHD-1084 Revert the usage of asynchronous streams when
77
forwarding ports.
78
* Minor code helpers
79
+ SSHD-1004 Using a more constant time MAC validation to
80
minimize timing side channel information leak.
81
+ SSHD-1030 Added a NoneFileSystemFactory implementation
82
+ SSHD-1042 Added more callbacks to SftpEventListener
83
+ SSHD-1040 Make server key available after KEX completed.
84
+ SSHD-1060 Do not store logger level in fields.
85
+ SSHD-1064 Fixed ClientSession#executeRemoteCommand handling
86
of STDERR in case of exception to behave according to its
87
documentation
88
+ SSHD-1076 Break down ClientUserAuthService#auth method into
89
several to allow for flexible override
90
+ SSHD-1077 Added command line option to request specific SFTP
91
version in SftpCommandMain
92
+ SSHD-1079 Experimental async mode on the local port forwarder
93
+ SSHD-1086 Added SFTP aware directory scanning helper classes
94
+ SSHD-1089 Added wrappers for one-time single session usage of
95
SFTP/SCP clients
96
+ Propagate SCP file transfer ACK data to ScpTransferListener
97
before validating it.
98
* Behavioral changes and enhancements
99
+ SSHD-506 Added support for AES-GCM ciphers.
100
+ SSHD-954 Improve validation of DH public key values.
101
+ SSHD-1004 Deprecate DES, RC4 and Blowfish ciphers from default
102
setup.
103
+ SSHD-1004 Deprecate SHA-1 based key exchanges and signatures
104
from default setup.
105
+ SSHD-1004 Deprecate MD5-based and truncated HMAC algorithms
106
from default setup.
107
+ SSHD-1005 Added support for SCP remote-to-remote file transfer
108
+ SSHD-1020 SSH connections getting closed abruptly with timeout
109
exceptions.
110
+ SSHD-1026 Improve build reproductibility.
111
+ SSHD-1028 Fix SSH_MSG_DISCONNECT: Too many concurrent
112
connections.
113
+ SSHD-1032 Fix possible ArrayIndexOutOfBoundsException in
114
ChannelAsyncOutputStream.
115
+ SSHD-1033 Fix simultaneous usage of dynamic and local port
116
forwarding.
117
+ SSHD-1039 Fix support for some basic options in ssh/sshd cli.
118
+ SSHD-1047 Support for SSH jumps.
119
+ SSHD-1048 Wrap instead of rethrow IOException in Future.
120
+ SSHD-1050 Fixed race condition in AuthFuture if exception
121
caught before authentication started.
122
+ SSHD-1053 Fixed handling of certified keys authentication.
123
+ SSHD-1056 Added support for SCP remote-to-remote directory
124
transfer - including '-3' option of SCP command CLI.
125
+ SSHD-1057 Added capability to select a ShellFactory based on
126
the current session + use it for "WinSCP"
127
+ SSHD-1058 Improve exception logging strategy.
128
+ SSHD-1059 Do not send heartbeat if KEX state not DONE
129
+ SSHD-1063 Fixed known-hosts file server key verifier matching
130
of same host with different ports
131
+ SSHD-1066 Allow multiple binding to local port tunnel on
132
different addresses
133
+ SSHD-1070 OutOfMemoryError when use async port forwarding
134
+ SSHD-1100 Updated used moduli for DH group KEX
135
+ SSHD-1102 Provide filter support for SftpDirectoryStream
136
+ SSHD-1104 Take into account possible key type aliases when
137
using public key authentication
138
+ SSHD-1107 Allow configuration of minimum DH group exchange key
139
size via property or programmatically
140
+ SSHD-1108 Increased minimum default DH group exchange key size
141
to 2048 (but support 1024)
142
- Changes in version 2.7.0
143
* Major code re-factoring
144
+ SSHD-1133 Re-factored locations and names of ServerSession and
145
server-side ChannelSession related classes
146
+ Moved some helper methods and classes to more natural
147
locations
148
* Minor code helpers
149
+ SSHD-525 Added support for "posix-rename@openssh.com" SFTP
150
extension
151
+ SSHD-1083 Relaxed required Nio2Connector/Acceptor required
152
constructor arguments
153
+ SSHD-1085 Added CliLogger + more verbosity on SshClientMain
154
+ SSHD-1109 Route tests JUL logging via SLF4JBridgeHandler
155
+ SSHD-1109 Provide full slf4j logger capabilities to CliLogger
156
and use it in all CLI classes
157
+ SSHD-1110 Replace Class#newInstance() calls with
158
Class#getDefaultConstructor().newInstance()
159
+ SSHD-1111 Fixed SshClientCliSupport compression option
160
detection
161
+ SSHD-1116 Provide SessionContext argument to
162
HostKeyIdentityProvider#loadHostKeys
163
+ SSHD-1116 Provide SessionContext argument to
164
PasswordIdentityProvider#loadPasswords
165
+ SSHD-1116 Provide SessionContext argument to
166
AuthenticationIdentitiesProvider#loadIdentities
167
+ SSHD-1125 Added option to require immediate close of channel
168
in command ExitCallback invocation
169
+ SSHD-1127 Consolidated SftpSubsystem support implementations
170
into SftpSubsystemConfigurator
171
+ SSHD-1148 Generate a unique thread name for each SftpSubsystem
172
instance
173
* Behavioral changes and enhancements
174
+ SSHD-1085 Added more notifications related to channel state
175
change for detecting channel closing or closed earlier.
176
+ SSHD-1091 Renamed sshd-contrib top-level package in order to
177
align naming convention.
178
+ SSHD-1097 Added more SessionListener callbacks related to the
179
initial version and key exchange
180
+ SSHD-1097 Added more capability to send peer identification
181
via ReservedSessionMessagesHandler
182
+ SSHD-1097 Implemented endless tarpit example in sshd-contrib
183
+ SSHD-1109 Replace log4j with logback as the slf4j logger
184
implementation for tests
185
+ SSHD-1114 Added callbacks for client-side password
186
authentication progress
187
+ SSHD-1114 Added callbacks for client-side public key
188
authentication progress
189
+ SSHD-1114 Added callbacks for client-side host-based
190
authentication progress
191
+ SSHD-1114 Added capability for interactive password
192
authentication participation via UserInteraction
193
+ SSHD-1114 Added capability for interactive key based
194
authentication participation via UserInteraction
195
+ SSHD-1123 Add option to chunk data in ChannelAsyncOutputStream
196
if window size is smaller than packet size
197
+ SSHD-1125 Added mechanism to throttle pending write requests
198
in BufferedIoOutputStream
199
+ SSHD-1127 Added capability to register a custom receiver for
200
SFTP STDERR channel raw or stream data
201
+ SSHD-1132 Added SFTP client-side support for
202
'filename-charset' extension
203
+ SSHD-1132 Added SFTP client-side support for
204
'filename-translation-control' extension
205
+ SSHD-1132 Added SFTP servder-side support for non-UTF8
206
encoding of returned file names
207
+ SSHD-1133 Added capability to specify a custom charset for
208
parsing incoming commands to the ScpShell
209
+ SSHD-1133 Added capability to specify a custom charset for
210
returning environment variables related data from the ScpShell
211
+ SSHD-1133 Added capability to specify a custom charset for
212
handling the SCP protocol textual commands and responses
213
+ SSHD-1136 Use configuration property to decide whether to
214
allow fallback to DH group exchange using SHA-1 if no suitable
215
primes found for SHA-256
216
+ SSHD-1137 Added capability to override LinkOption(s) when
217
accessing a file/folder via SFTP
218
+ SSHD-1147 SftpInputStreamAsync: get file size before SSH_FXP_OPEN
219
- Modified patches:
220
* 0001-Avoid-optional-dependency-on-native-tomcat-APR-libra.patch
221
* apache-sshd-2.4.0-java8.patch -> apache-sshd-2.7.0-java8.patch
222
+ rediff to changed context
223
- Added patch:
224
* 0002-Fix-manifest-generation.patch
225
+ do not import self
226
227
-------------------------------------------------------------------
228
Thu Jul 16 21:58:44 UTC 2020 - Fridrich Strba <fstrba@suse.com>
229
230
- Added patch:
231
* apache-sshd-2.4.0-java8.patch
232
+ restore Java 8 compatibility of bytecode generated by Java 9+
233
234
-------------------------------------------------------------------
235
Mon Jun 29 11:32:37 UTC 2020 - Fridrich Strba <fstrba@suse.com>
236
237
- Initial packaging of apache-sshd 2.4.0
238