the-distro/nix-gerrit
2
1
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

gerrit: bump sshd to 2.14.0

Browse source 
This brings back support for wrapped hardware security token backed keys
without breaking connection to it via 'incorrect signature'.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
This commit is contained in:
raito 2024-12-15 17:01:47 +01:00
parent ee6f23ca13
commit 4aafb529ae
5 changed files with 66 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
default.nix
View file

@ -8,8 +8,8 @@
let
depsHashes = {
"3_10" = {
"oauth" = "sha256-LnfVTPvGDpLqAQ1QfAwFv0FA0aCg6H1WUgxVjjYTLoY=";
"metric-reporter-prometheus" = "sha256-95JXlLwyxgMPk9z/weZWCdxAabasv6hHVdPPIfFq5ks=";
"oauth" = "sha256-GukI0DN47YjRJT3WdDr+nVoj2sOJoWsmJQs4Lqhr1e8=";
"metric-reporter-prometheus" = "sha256-eKm2RJ7KO1cSh7+27iZQubkB64Sjs7+5VCXj99JKGkI=";
};
"3_11" = {
"oauth" = "sha256-Xx607OSqlRMr8mlkVhfXiqM9hWcJqx4dmpf+cm10uSA=";

6
gerrit/3_10.nix
View file

@ -38,15 +38,15 @@ in
find "$dir" -name .git -print0 | xargs -0 rm -rf
'';
});
depsHash = "sha256-Pq04IfyYnEYDbvnv3P8SDp3ONPYS8r3dipV5wwRaudM=";
depsHash = "sha256-W2lbytrDZP5PqdO+cG3LZvEP2vVj8c+XA1hnptML2uc=";
patches = [
./0001-Syntax-highlight-nix.patch
./0002-Syntax-highlight-rules.pl.patch
./0003-Add-titles-to-CLs-over-HTTP.patch
./gerrit-cl-431977-bump-sshd.patch
./gerrit-cl-431977-part-2-bump-bouncycastle.patch
# sshd: 2.14.0
./bump-sshd-to-2_14_0.patch
];
nativeBuildInputs = [

61
gerrit/bump-sshd-to-2_14_0.patch Normal file
View file

@ -0,0 +1,61 @@
From adbaba47b11683ebddd80e774b984a1c96fb5048 Mon Sep 17 00:00:00 2001
From: Nasser Grainawi <nasser.grainawi@linaro.org>
Date: Tue, 13 Aug 2024 14:01:45 -0700
Subject: [PATCH] Bump SSHD to 2.14.0
This fixes an 'incorrect signature' error when trying to use the keys
generated by SSHD during server init with an OpenSSH client.
Gerrit had downgraded to 2.12.0 from 2.13.1 due to this issue.
This also includes a few other changes since 2.13.2:
* GH-524 Performance improvements
* GH-533 Fix multi-step authentication
* GH-582 Fix filtering in NamedFactory
* GH-587 Prevent NullPointerExceptionon closed channel in NettyIoSession
* GH-590 Better support for FIPS
* GH-597 Pass on Charset in ClientSession.executeRemoteCommand()
https://github.com/apache/mina-sshd/releases/tag/sshd-2.14.0
Release-Notes: Bump SSHD to 2.14.0
Change-Id: Id71702e952f285678775000d21de15e3cbda09c5
---
tools/nongoogle.bzl | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/nongoogle.bzl b/tools/nongoogle.bzl
index 91caf313e013..39697be36465 100644
--- a/tools/nongoogle.bzl
+++ b/tools/nongoogle.bzl
@@ -137,18 +137,18 @@ def declare_nongoogle_deps():
sha1 = "cb2f351bf4463751201f43bb99865235d5ba07ca",
)
- SSHD_VERS = "2.12.0"
+ SSHD_VERS = "2.14.0"
maven_jar(
name = "sshd-osgi",
artifact = "org.apache.sshd:sshd-osgi:" + SSHD_VERS,
- sha1 = "32b8de1cbb722ba75bdf9898e0c41d42af00ce57",
+ sha1 = "6ef66228a088f8ac1383b2ff28f3102f80ebc01a",
)
maven_jar(
name = "sshd-sftp",
artifact = "org.apache.sshd:sshd-sftp:" + SSHD_VERS,
- sha1 = "0f96f00a07b186ea62838a6a4122e8f4cad44df6",
+ sha1 = "c070ac920e72023ae9ab0a3f3a866bece284b470",
)
maven_jar(
@@ -166,7 +166,7 @@ def declare_nongoogle_deps():
maven_jar(
name = "sshd-mina",
artifact = "org.apache.sshd:sshd-mina:" + SSHD_VERS,
- sha1 = "8b202f7d4c0d7b714fd0c93a1352af52aa031149",
+ sha1 = "05e1293af53a196ac3c5a4b01dd88985e8672e9e",
)
maven_jar(

40
gerrit/gerrit-cl-431977-bump-sshd.patch
View file

@ -1,40 +0,0 @@
Bump SSHD version to 2.13.1
Release-Notes: Update SSHD version to 2.13.1
Change-Id: Ib7bc185bfd9e7eda0cc04230da8bd87ee1bb2358
diff --git a/tools/nongoogle.bzl b/tools/nongoogle.bzl
index 91caf31..d9b90d8 100644
--- a/tools/nongoogle.bzl
+++ b/tools/nongoogle.bzl
@@ -137,18 +137,18 @@
sha1 = "cb2f351bf4463751201f43bb99865235d5ba07ca",
)
- SSHD_VERS = "2.12.0"
+ SSHD_VERS = "2.13.1"
maven_jar(
name = "sshd-osgi",
artifact = "org.apache.sshd:sshd-osgi:" + SSHD_VERS,
- sha1 = "32b8de1cbb722ba75bdf9898e0c41d42af00ce57",
+ sha1 = "50958cc44076749e790d7332021cff546707624c",
)
maven_jar(
name = "sshd-sftp",
artifact = "org.apache.sshd:sshd-sftp:" + SSHD_VERS,
- sha1 = "0f96f00a07b186ea62838a6a4122e8f4cad44df6",
+ sha1 = "e1b6da4ef604718e32cad59ef32618610da7a170",
)
maven_jar(
@@ -166,7 +166,7 @@
maven_jar(
name = "sshd-mina",
artifact = "org.apache.sshd:sshd-mina:" + SSHD_VERS,
- sha1 = "8b202f7d4c0d7b714fd0c93a1352af52aa031149",
+ sha1 = "ff4a9fac41a111d806f6a058d23278b0819da7ce",
)
maven_jar(

43
gerrit/gerrit-cl-431977-part-2-bump-bouncycastle.patch
View file

@ -1,43 +0,0 @@
diff --git a/tools/deps.bzl b/tools/deps.bzl
index d056483891...c7b88e94b8 100644
--- a/tools/deps.bzl
+++ b/tools/deps.bzl
@@ -21,7 +21,7 @@
GITILES_REPO = GERRIT
# When updating Bouncy Castle, also update it in bazlets.
-BC_VERS = "1.72"
+BC_VERS = "1.78.1"
HTTPCOMP_VERS = "4.5.14"
JETTY_VERS = "9.4.53.v20231009"
BYTE_BUDDY_VERSION = "1.14.9"
@@ -423,25 +423,25 @@
maven_jar(
name = "bcprov",
artifact = "org.bouncycastle:bcprov-jdk18on:" + BC_VERS,
- sha1 = "d8dc62c28a3497d29c93fee3e71c00b27dff41b4",
+ sha1 = "39e9e45359e20998eb79c1828751f94a818d25f8",
)
maven_jar(
name = "bcpg",
artifact = "org.bouncycastle:bcpg-jdk18on:" + BC_VERS,
- sha1 = "1a36a1740d07869161f6f0d01fae8d72dd1d8320",
+ sha1 = "6c8dbcec20355278ec54840e735f63db2479150e",
)
maven_jar(
name = "bcpkix",
artifact = "org.bouncycastle:bcpkix-jdk18on:" + BC_VERS,
- sha1 = "bb3fdb5162ccd5085e8d7e57fada4d8eaa571f5a",
+ sha1 = "17b3541f736df97465f87d9f5b5dfa4991b37bb3",
)
maven_jar(
name = "bcutil",
artifact = "org.bouncycastle:bcutil-jdk18on:" + BC_VERS,
- sha1 = "41f19a69ada3b06fa48781120d8bebe1ba955c77",
+ sha1 = "5353ca39fe2f148dab9ca1d637a43d0750456254",
)
maven_jar(