commit 164321e90f924afc9610fc49d81b03f124514abc
author David Ostrovsky <david@ostrovsky.org> Sun Jan 21 09:57:40 2024 +0100
committer David Ostrovsky <david@ostrovsky.org> Mon Feb 05 20:03:19 2024 +0100
tree 1d56e68d59b648a86e5ac1d29acd4e1955db2ca8
parent 1f76898614ecb01181a698786131dae68eb074d6

Bump SSHD version to 2.12.0

This includes the upstream fix for CVE-2023-48795[1] ("strict KEX"
protocol extension mitigating the "Terrapin attack"[2]) in JGit.

For more details, see the release notes: [3].

[1] https://nvd.nist.gov/vuln/detail/CVE-2023-48795
[2] https://www.terrapin-attack.com/
[3] https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.0

Release-Notes: Update SSHD version to 2.12.0
Change-Id: I2644f9a4dbd660a6152345a58b0eb9a1b669f8e7

java/com/google/gerrit/sshd/SshDaemon.java

diff --git a/java/com/google/gerrit/sshd/SshDaemon.java b/java/com/google/gerrit/sshd/SshDaemon.java
index cc35a32..af7d22b 100644
--- a/java/com/google/gerrit/sshd/SshDaemon.java
+++ b/java/com/google/gerrit/sshd/SshDaemon.java
@@ -77,6 +77,7 @@
 import org.apache.sshd.common.forward.DefaultForwarderFactory;
 import org.apache.sshd.common.future.CloseFuture;
 import org.apache.sshd.common.future.SshFutureListener;
+import org.apache.sshd.common.global.KeepAliveHandler;
 import org.apache.sshd.common.io.AbstractIoServiceFactory;
 import org.apache.sshd.common.io.IoAcceptor;
 import org.apache.sshd.common.io.IoServiceFactory;
@@ -109,7 +110,6 @@
 import org.apache.sshd.server.command.CommandFactory;
 import org.apache.sshd.server.forward.ForwardingFilter;
 import org.apache.sshd.server.global.CancelTcpipForwardHandler;
-import org.apache.sshd.server.global.KeepAliveHandler;
 import org.apache.sshd.server.global.NoMoreSessionsHandler;
 import org.apache.sshd.server.global.TcpipForwardHandler;
 import org.apache.sshd.server.session.ServerSessionImpl;

tools/nongoogle.bzl

diff --git a/tools/nongoogle.bzl b/tools/nongoogle.bzl
index 3ad74a8..19c58e2 100644
--- a/tools/nongoogle.bzl
+++ b/tools/nongoogle.bzl
@@ -67,18 +67,18 @@
         sha1 = "cb2f351bf4463751201f43bb99865235d5ba07ca",
     )
 
-    SSHD_VERS = "2.9.2"
+    SSHD_VERS = "2.12.0"
 
     maven_jar(
         name = "sshd-osgi",
         artifact = "org.apache.sshd:sshd-osgi:" + SSHD_VERS,
-        sha1 = "bac0415734519b2fe433fea196017acf7ed32660",
+        sha1 = "32b8de1cbb722ba75bdf9898e0c41d42af00ce57",
     )
 
     maven_jar(
         name = "sshd-sftp",
         artifact = "org.apache.sshd:sshd-sftp:" + SSHD_VERS,
-        sha1 = "7f9089c87b3b44f19998252fd3b68637e3322920",
+        sha1 = "0f96f00a07b186ea62838a6a4122e8f4cad44df6",
     )
 
     maven_jar(
@@ -96,7 +96,7 @@
     maven_jar(
         name = "sshd-mina",
         artifact = "org.apache.sshd:sshd-mina:" + SSHD_VERS,
-        sha1 = "765dced3a2b4069bb0c550e18bda057bad8de26f",
+        sha1 = "8b202f7d4c0d7b714fd0c93a1352af52aa031149",
     )
 
     maven_jar(