diff options
author | David Ostrovsky <david@ostrovsky.org> | 2024-01-21 09:57:40 +0100 |
---|---|---|
committer | David Ostrovsky <david@ostrovsky.org> | 2024-02-05 20:03:19 +0100 |
commit | 164321e90f924afc9610fc49d81b03f124514abc (patch) | |
tree | 1d56e68d59b648a86e5ac1d29acd4e1955db2ca8 | |
parent | 1f76898614ecb01181a698786131dae68eb074d6 (diff) |
Bump SSHD version to 2.12.0
This includes the upstream fix for CVE-2023-48795[1] ("strict KEX"
protocol extension mitigating the "Terrapin attack"[2]) in JGit.
For more details, see the release notes: [3].
[1] https://nvd.nist.gov/vuln/detail/CVE-2023-48795
[2] https://www.terrapin-attack.com/
[3] https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0
Release-Notes: Update SSHD version to 2.12.0
Change-Id: I2644f9a4dbd660a6152345a58b0eb9a1b669f8e7
-rw-r--r-- | java/com/google/gerrit/sshd/SshDaemon.java | 2 | ||||
-rw-r--r-- | tools/nongoogle.bzl | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java index cc35a32beb..af7d22bee0 100644 --- a/java/com/google/gerrit/sshd/SshDaemon.java +++ b/java/com/google/gerrit/sshd/SshDaemon.java @@ -77,6 +77,7 @@ import org.apache.sshd.common.file.nonefs.NoneFileSystemFactory; import org.apache.sshd.common.forward.DefaultForwarderFactory; import org.apache.sshd.common.future.CloseFuture; import org.apache.sshd.common.future.SshFutureListener; +import org.apache.sshd.common.global.KeepAliveHandler; import org.apache.sshd.common.io.AbstractIoServiceFactory; import org.apache.sshd.common.io.IoAcceptor; import org.apache.sshd.common.io.IoServiceFactory; @@ -109,7 +110,6 @@ import org.apache.sshd.server.auth.pubkey.UserAuthPublicKeyFactory; import org.apache.sshd.server.command.CommandFactory; import org.apache.sshd.server.forward.ForwardingFilter; import org.apache.sshd.server.global.CancelTcpipForwardHandler; -import org.apache.sshd.server.global.KeepAliveHandler; import org.apache.sshd.server.global.NoMoreSessionsHandler; import org.apache.sshd.server.global.TcpipForwardHandler; import org.apache.sshd.server.session.ServerSessionImpl; diff --git a/tools/nongoogle.bzl b/tools/nongoogle.bzl index 3ad74a86a1..19c58e2da9 100644 --- a/tools/nongoogle.bzl +++ b/tools/nongoogle.bzl @@ -67,18 +67,18 @@ def declare_nongoogle_deps(): sha1 = "cb2f351bf4463751201f43bb99865235d5ba07ca", ) - SSHD_VERS = "2.9.2" + SSHD_VERS = "2.12.0" maven_jar( name = "sshd-osgi", artifact = "org.apache.sshd:sshd-osgi:" + SSHD_VERS, - sha1 = "bac0415734519b2fe433fea196017acf7ed32660", + sha1 = "32b8de1cbb722ba75bdf9898e0c41d42af00ce57", ) maven_jar( name = "sshd-sftp", artifact = "org.apache.sshd:sshd-sftp:" + SSHD_VERS, - sha1 = "7f9089c87b3b44f19998252fd3b68637e3322920", + sha1 = "0f96f00a07b186ea62838a6a4122e8f4cad44df6", ) maven_jar( @@ -96,7 +96,7 @@ def declare_nongoogle_deps(): maven_jar( name = "sshd-mina", artifact = "org.apache.sshd:sshd-mina:" + SSHD_VERS, - sha1 = "765dced3a2b4069bb0c550e18bda057bad8de26f", + sha1 = "8b202f7d4c0d7b714fd0c93a1352af52aa031149", ) maven_jar( |