Skip to content

Commit

Permalink
Merge pull request #585 from norrisjeremy/20240624
Browse files Browse the repository at this point in the history
0.2.19 changes
  • Loading branch information
mwiede authored Jul 15, 2024
2 parents 2937d47 + 39413bc commit 1712a9e
Show file tree
Hide file tree
Showing 14 changed files with 96 additions and 51 deletions.
4 changes: 3 additions & 1 deletion .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,11 @@ updates:
directory: "/" # Location of package manifests
schedule:
interval: "weekly"
open-pull-requests-limit: 25
- package-ecosystem: "github-actions"
# Workflow files stored in the
# default location of `.github/workflows`
directory: "/"
schedule:
interval: "weekly"
interval: "weekly"
open-pull-requests-limit: 25
2 changes: 1 addition & 1 deletion .github/workflows/automerge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2
uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,18 +31,18 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup JDK
uses: actions/setup-java@v4
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: 'zulu'
java-version: '21'
check-latest: true
check-latest: true
cache: 'maven'

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -56,7 +56,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v3
uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11

# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
Expand All @@ -69,4 +69,4 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
8 changes: 4 additions & 4 deletions .github/workflows/coverity.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,15 @@ jobs:
coverity:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up build JDK
uses: actions/setup-java@v4
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: 'zulu'
java-version: '21'
check-latest: true
check-latest: true
cache: 'maven'
- uses: vapier/coverity-scan-action@v1
- uses: vapier/coverity-scan-action@2068473c7bdf8c2fb984a6a40ae76ee7facd7a85 # v1.8.0
with:
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/javadoc.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,17 +11,17 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout 🛎️
uses: actions/checkout@v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up build JDK
uses: actions/setup-java@v4
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: 'zulu'
java-version: '21'
check-latest: true
- name: Build Javadoc
run: ./mvnw -B -V -e javadoc:javadoc
- name: Deploy 🚀
uses: JamesIves/github-pages-deploy-action@v4
uses: JamesIves/github-pages-deploy-action@94f3c658273cf92fb48ef99e5fbc02bd2dc642b2 # v4.6.3
with:
folder: target/site/apidocs
target-folder: ${{github.ref_name}}
65 changes: 45 additions & 20 deletions .github/workflows/maven.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,42 +15,67 @@ on:
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
java: ['8', '11', '17', '21']
steps:
- uses: actions/checkout@v4
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Cache local Maven repository
uses: actions/cache@v4
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: ~/.m2/repository
key: ${{ runner.os }}-${{ matrix.java }}-maven-${{ hashFiles('**/pom.xml') }}
path: |
~/.m2/repository
~/.m2/wrapper
key: ${{ runner.os }}-build-maven-${{ hashFiles('**/pom.xml', '**/maven-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-${{ matrix.java }}-maven-
- name: Set up build JDK
uses: actions/setup-java@v4
${{ runner.os }}-build-maven-
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: 'zulu'
java-version: '21'
check-latest: true
- name: Build with Maven
run: ./mvnw -B -V -e -DskipTests=true package
- uses: actions/upload-artifact@v4
run: ./mvnw -B -V -e verify -DskipTests=true -DskipITs=true
- name: Archive target directory
run: tar -cf target.tar target
- name: Upload target directory archive
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: build_target
path: target.tar
test:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
java: ['8', '11', '17', '21', '22']
steps:
- name: Checkout repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Cache local Maven repository
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
name: java-${{ matrix.java }}-jars
path: |
**/target/*.jar
**/target/bom.*
if: always()
- name: Set up test JDK ${{ matrix.java }}
uses: actions/setup-java@v4
~/.m2/repository
~/.m2/wrapper
key: ${{ runner.os }}-test-${{ matrix.java }}-maven-${{ hashFiles('**/pom.xml', '**/maven-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-test-${{ matrix.java }}-maven-
- name: Set up JDK
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
with:
distribution: 'zulu'
java-version: ${{ matrix.java }}
check-latest: true
- name: Download target directory archive
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: build_target
- name: Extract target directory archive
run: tar -xf target.tar
- name: Test with Maven
run: ./mvnw -B -V -e -P coverage verify -Denforcer.skip=true -Dmaven.resources.skip=true -Dflatten.skip=true -Dmaven.main.skip=true -Dbnd.skip=true -Dassembly.skipAssembly=true -Dmaven.javadoc.skip=true -Dcyclonedx.skip=true -DskipITs=false
- uses: actions/upload-artifact@v4
run: ./mvnw -B -V -e -Pcoverage verify -Denforcer.skip=true -Dmaven.resources.skip=true -Dflatten.skip=true -Dmaven.main.skip=true -Dbnd.skip=true -Dassembly.skipAssembly=true -Dmaven.javadoc.skip=true -Dcyclonedx.skip=true -Dformatter.skip=true -Dforbiddenapis.skip=true -DskipTests=false -DskipITs=false
- name: Upload test results
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
with:
name: java-${{ matrix.java }}-testresults
path: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

# Runs a set of commands using the runners shell
- name: Release
Expand Down
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
*.geany
nb-configuration.xml
.flattened-pom.xml
target.tar

# Created by https://www.toptal.com/developers/gitignore/api/intellij+all,netbeans,eclipse,visualstudiocode,vim,emacs,macos,windows,linux,java,maven
# Edit at https://www.toptal.com/developers/gitignore?templates=intellij+all,netbeans,eclipse,visualstudiocode,vim,emacs,macos,windows,linux,java,maven
Expand Down
5 changes: 3 additions & 2 deletions .mvn/wrapper/maven-wrapper.properties
Original file line number Diff line number Diff line change
Expand Up @@ -14,5 +14,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
wrapperVersion=3.3.1
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
wrapperVersion=3.3.2
distributionType=only-script
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.8/apache-maven-3.9.8-bin.zip
4 changes: 2 additions & 2 deletions .sdkmanrc
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Enable auto-env through the sdkman_auto_env config
# Add key=value pairs of SDKs to use below
java=21.0.2-tem
maven=3.9.6
java=21.0.3-tem
maven=3.9.8
2 changes: 2 additions & 0 deletions ChangeLog.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
* [0.2.19](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.19)
* Enforce DHGEX prime modulus bit length meets configured constraints.
* [0.2.18](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.18)
* Handle negated patterns according to ssh_config(5) by @bmiddaugh in https://github.com/mwiede/jsch/pull/565
* [0.2.17](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.17)
Expand Down
17 changes: 13 additions & 4 deletions mvnw
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
# ----------------------------------------------------------------------------

# ----------------------------------------------------------------------------
# Apache Maven Wrapper startup batch script, version 3.3.1
# Apache Maven Wrapper startup batch script, version 3.3.2
#
# Optional ENV vars
# -----------------
Expand Down Expand Up @@ -97,11 +97,19 @@ die() {
exit 1
}

trim() {
# MWRAPPER-139:
# Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds.
# Needed for removing poorly interpreted newline sequences when running in more
# exotic environments such as mingw bash on Windows.
printf "%s" "${1}" | tr -d '[:space:]'
}

# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties
while IFS="=" read -r key value; do
case "${key-}" in
distributionUrl) distributionUrl="${value-}" ;;
distributionSha256Sum) distributionSha256Sum="${value-}" ;;
distributionUrl) distributionUrl=$(trim "${value-}") ;;
distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;;
esac
done <"${0%/*}/.mvn/wrapper/maven-wrapper.properties"
[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in ${0%/*}/.mvn/wrapper/maven-wrapper.properties"
Expand Down Expand Up @@ -131,7 +139,8 @@ esac
distributionUrlName="${distributionUrl##*/}"
distributionUrlNameMain="${distributionUrlName%.*}"
distributionUrlNameMain="${distributionUrlNameMain%-bin}"
MAVEN_HOME="$HOME/.m2/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")"
MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}"
MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")"

exec_maven() {
unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || :
Expand Down
5 changes: 4 additions & 1 deletion mvnw.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
@REM ----------------------------------------------------------------------------

@REM ----------------------------------------------------------------------------
@REM Apache Maven Wrapper startup batch script, version 3.3.1
@REM Apache Maven Wrapper startup batch script, version 3.3.2
@REM
@REM Optional ENV vars
@REM MVNW_REPOURL - repo url base for downloading maven distribution
Expand Down Expand Up @@ -79,6 +79,9 @@ if ($env:MVNW_REPOURL) {
$distributionUrlName = $distributionUrl -replace '^.*/',''
$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$',''
$MAVEN_HOME_PARENT = "$HOME/.m2/wrapper/dists/$distributionUrlNameMain"
if ($env:MAVEN_USER_HOME) {
$MAVEN_HOME_PARENT = "$env:MAVEN_USER_HOME/wrapper/dists/$distributionUrlNameMain"
}
$MAVEN_HOME_NAME = ([System.Security.Cryptography.MD5]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join ''
$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME"

Expand Down
14 changes: 8 additions & 6 deletions src/main/java/com/jcraft/jsch/DHGEX.java
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@

package com.jcraft.jsch;

import java.math.BigInteger;

abstract class DHGEX extends KeyExchange {

private static final int SSH_MSG_KEX_DH_GEX_GROUP = 31;
Expand Down Expand Up @@ -79,8 +81,7 @@ public void init(Session session, byte[] V_S, byte[] V_C, byte[] I_S, byte[] I_C
min = Integer.parseInt(session.getConfig("dhgex_min"));
max = Integer.parseInt(session.getConfig("dhgex_max"));
preferred = Integer.parseInt(session.getConfig("dhgex_preferred"));
if (checkInvalidSize(min) || checkInvalidSize(max) || checkInvalidSize(preferred)
|| preferred < min || max < preferred) {
if (min <= 0 || max <= 0 || preferred <= 0 || preferred < min || preferred > max) {
throw new JSchException(
"Invalid DHGEX sizes: min=" + min + " max=" + max + " preferred=" + preferred);
}
Expand Down Expand Up @@ -127,6 +128,11 @@ public boolean next(Buffer _buf) throws Exception {
p = _buf.getMPInt();
g = _buf.getMPInt();

int bits = new BigInteger(1, p).bitLength();
if (bits < min || bits > max) {
return false;
}

dh.setP(p);
dh.setG(g);
// The client responds with:
Expand Down Expand Up @@ -237,8 +243,4 @@ public boolean next(Buffer _buf) throws Exception {
public int getState() {
return state;
}

static boolean checkInvalidSize(int size) {
return (size < 1024 || size > 8192 || size % 1024 != 0);
}
}

0 comments on commit 1712a9e

Please sign in to comment.