diff options
-rw-r--r-- | .SRCINFO | 27 | ||||
-rw-r--r-- | 0000-jsch-disable-enable-ssh-rsa.patch | 73 | ||||
-rw-r--r-- | 0000b-mirth-disable-SSLv2Hello.patch | 16 | ||||
-rw-r--r-- | PKGBUILD | 33 |
4 files changed, 88 insertions, 61 deletions
@@ -1,8 +1,8 @@ # Generated by mksrcinfo v8 -# Sun Dec 18 04:39:47 UTC 2022 +# Thu Apr 27 20:27:58 UTC 2023 pkgbase = mirthconnect pkgdesc = hl7 connector by Nextgen - pkgver = 4.2.0.b2825 + pkgver = 4.3.0.b2886 pkgrel = 1 url = https://www.nextgen.com/products-and-services/integration-engine install = mirthconnect.install @@ -12,29 +12,30 @@ pkgbase = mirthconnect depends = jdk17-openjdk optdepends = mariadb: alternate database to derby optdepends = postgresql: alternate database to derby + options = !strip backup = var/lib/mirthconnect/conf/dbdrivers.xml backup = var/lib/mirthconnect/conf/log4j-cli.properties backup = var/lib/mirthconnect/conf/log4j.properties backup = var/lib/mirthconnect/conf/mirth-cli-config.properties backup = var/lib/mirthconnect/conf/mirth.properties - source = https://s3.amazonaws.com/downloads.mirthcorp.com/connect/4.2.0.b2825/mirthconnect-4.2.0.b2825-unix.tar.gz + source = https://s3.amazonaws.com/downloads.mirthcorp.com/connect/4.3.0.b2886/mirthconnect-4.3.0.b2886-unix.tar.gz source = 0000-mirth-disable-tls11.patch - source = 0000a-mirth-disable-SSLv2Hello.patch - source = https://github.com/mwiede/jsch/archive/refs/tags/jsch-0.2.5.tar.gz + source = 0000b-mirth-disable-SSLv2Hello.patch + source = https://github.com/mwiede/jsch/archive/refs/tags/jsch-0.2.8.tar.gz source = 0000-jsch-disable-md5-3des-cbc-dss-arcfour.patch source = 0000-jsch-disable-enable-ssh-rsa.patch - md5sums = 4f3c0e5eaeed724d4e740de94d8636ee + md5sums = a1df17adde65e1f8b60e7c5431fe9d9f md5sums = 426de9435b21e90df7ae044510938270 - md5sums = 1acd364394ce76740ccea30f7133720f - md5sums = f8052fb1c6236ccc1e43c467f6fc0581 + md5sums = f1b18ae896b93be65a2e9b276f12c16f + md5sums = fe9cfd419b481b805dc04c6df79d5597 md5sums = b9e1b8f9395622ba548d7fd07cfd7c26 - md5sums = 093e7997245afcf04a598f4a9fa2ee14 - sha256sums = 9ab928069ec263edf76b168739e5091cbd864971c2af1be05a845d19660fd7a0 + md5sums = 15600619ce3917f4443ddf610d553da2 + sha256sums = 22c153a199b021cdf6c75fc8e36298d955667ad36f86aa8c279fc6c758c6241e sha256sums = 4dc37b7ed9db5c9fcd74f45cd6197f6b631d74d3a30022bda6fda1c5900b7099 - sha256sums = 2bdf62155ce4a2e51f33fa27aab7f9d6f5e5ff209c9f3691db4782c1f30fee5c - sha256sums = dc1fa8ead27b464267a5b010afa4ad649f948e9a9e8cc657d65ffe9a33daa9d5 + sha256sums = 254c858572a4949c09726859d3f790d7bee535b8dbea184e4f6679d3b7c3b269 + sha256sums = 8f7640becc127d15de4981feb48dd027a6e5094fc3666ff6143ab75cd21cdafc sha256sums = f754da4581b5e390e13fc407ab9fc4cdc7f139585081929626be8569dae99ad9 - sha256sums = d1da7f180363924063cdc1f64c4fd049462f1cb02df0bf1ded2292c990e31bf2 + sha256sums = 28485f80f3a32ce73e063fb1efea9eef0df900f362ef8fae535b2f9ecb605088 pkgname = mirthconnect diff --git a/0000-jsch-disable-enable-ssh-rsa.patch b/0000-jsch-disable-enable-ssh-rsa.patch index 5fd999941d7f..948fa59c47f7 100644 --- a/0000-jsch-disable-enable-ssh-rsa.patch +++ b/0000-jsch-disable-enable-ssh-rsa.patch @@ -1,41 +1,48 @@ diff -pNaru5 a/src/main/java/com/jcraft/jsch/JSch.java b/src/main/java/com/jcraft/jsch/JSch.java ---- a/src/main/java/com/jcraft/jsch/JSch.java 2022-02-09 07:24:03.000000000 -0500 -+++ b/src/main/java/com/jcraft/jsch/JSch.java 2022-02-15 23:13:54.826589765 -0500 -@@ -40,18 +40,18 @@ public class JSch{ - */ - public static final String VERSION = Version.getVersion(); +--- a/src/main/java/com/jcraft/jsch/JSch.java 2023-03-22 02:53:15.000000000 -0400 ++++ b/src/main/java/com/jcraft/jsch/JSch.java 2023-04-27 15:42:16.981676232 -0400 +@@ -38,25 +38,25 @@ public class JSch { + public static final String VERSION = Version.getVersion(); - static Hashtable<String, String> config=new Hashtable<>(); - static{ -- config.put("kex", Util.getSystemProperty("jsch.kex", "curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256")); -- config.put("server_host_key", Util.getSystemProperty("jsch.server_host_key", "ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256")); -+ config.put("kex", Util.getSystemProperty("jsch.kex", "curve448-sha512,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1")); -+ config.put("server_host_key", Util.getSystemProperty("jsch.server_host_key", "ssh-ed448,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa")); - config.put("prefer_known_host_key_types", Util.getSystemProperty("jsch.prefer_known_host_key_types", "yes")); - config.put("enable_server_sig_algs", Util.getSystemProperty("jsch.enable_server_sig_algs", "yes")); -- config.put("cipher.s2c", Util.getSystemProperty("jsch.cipher", "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com")); -- config.put("cipher.c2s", Util.getSystemProperty("jsch.cipher", "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com")); -- config.put("mac.s2c", Util.getSystemProperty("jsch.mac", "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1")); -- config.put("mac.c2s", Util.getSystemProperty("jsch.mac", "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1")); -+ config.put("cipher.s2c", Util.getSystemProperty("jsch.cipher", "aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc")); -+ config.put("cipher.c2s", Util.getSystemProperty("jsch.cipher", "aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes192-ctr,aes192-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc")); -+ config.put("mac.s2c", Util.getSystemProperty("jsch.mac", "hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1")); -+ config.put("mac.c2s", Util.getSystemProperty("jsch.mac", "hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1")); + static Hashtable<String, String> config = new Hashtable<>(); + static { + config.put("kex", Util.getSystemProperty("jsch.kex", +- "curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256")); ++ "curve448-sha512,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1")); + config.put("server_host_key", Util.getSystemProperty("jsch.server_host_key", +- "ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256")); ++ "ssh-ed448,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa")); + config.put("prefer_known_host_key_types", + Util.getSystemProperty("jsch.prefer_known_host_key_types", "yes")); + config.put("enable_server_sig_algs", + Util.getSystemProperty("jsch.enable_server_sig_algs", "yes")); + config.put("cipher.s2c", Util.getSystemProperty("jsch.cipher", +- "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com")); ++ "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc")); + config.put("cipher.c2s", Util.getSystemProperty("jsch.cipher", +- "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com")); ++ "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc")); + config.put("mac.s2c", Util.getSystemProperty("jsch.mac", +- "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1")); ++ "hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1")); + config.put("mac.c2s", Util.getSystemProperty("jsch.mac", +- "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1")); ++ "hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1-etm@openssh.com,hmac-sha1")); config.put("compression.s2c", Util.getSystemProperty("jsch.compression", "none")); config.put("compression.c2s", Util.getSystemProperty("jsch.compression", "none")); config.put("lang.s2c", Util.getSystemProperty("jsch.lang", "")); config.put("lang.c2s", Util.getSystemProperty("jsch.lang", "")); -@@ -225,11 +225,11 @@ public class JSch{ +@@ -220,11 +220,11 @@ public class JSch { + config.put("HashKnownHosts", "no"); - config.put("StrictHostKeyChecking", "ask"); - config.put("HashKnownHosts", "no"); - - config.put("PreferredAuthentications", Util.getSystemProperty("jsch.preferred_authentications", "gssapi-with-mic,publickey,keyboard-interactive,password")); -- config.put("PubkeyAcceptedAlgorithms", Util.getSystemProperty("jsch.client_pubkey", "ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256")); -+ config.put("PubkeyAcceptedAlgorithms", Util.getSystemProperty("jsch.client_pubkey", "ssh-ed448,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa")); - - config.put("CheckCiphers", Util.getSystemProperty("jsch.check_ciphers", "chacha20-poly1305@openssh.com")); - config.put("CheckMacs", Util.getSystemProperty("jsch.check_macs", "")); - config.put("CheckKexes", Util.getSystemProperty("jsch.check_kexes", "curve25519-sha256,curve25519-sha256@libssh.org,curve448-sha512")); - config.put("CheckSignatures", Util.getSystemProperty("jsch.check_signatures", "ssh-ed25519,ssh-ed448")); + config.put("PreferredAuthentications", Util.getSystemProperty("jsch.preferred_authentications", + "gssapi-with-mic,publickey,keyboard-interactive,password")); + config.put("PubkeyAcceptedAlgorithms", Util.getSystemProperty("jsch.client_pubkey", +- "ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256")); ++ "ssh-ed448,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa")); + config.put("enable_pubkey_auth_query", + Util.getSystemProperty("jsch.enable_pubkey_auth_query", "yes")); + config.put("try_additional_pubkey_algorithms", + Util.getSystemProperty("jsch.try_additional_pubkey_algorithms", "yes")); + config.put("enable_auth_none", Util.getSystemProperty("jsch.enable_auth_none", "yes")); diff --git a/0000b-mirth-disable-SSLv2Hello.patch b/0000b-mirth-disable-SSLv2Hello.patch new file mode 100644 index 000000000000..af9f80db84dc --- /dev/null +++ b/0000b-mirth-disable-SSLv2Hello.patch @@ -0,0 +1,16 @@ +diff -pNaru5 a/conf/mirth.properties b/conf/mirth.properties +--- a/conf/mirth.properties 2023-04-27 14:36:11.926601429 -0400 ++++ b/conf/mirth.properties 2023-04-27 14:36:38.326833098 -0400 +@@ -36,11 +36,11 @@ server.url = + + http.host = 0.0.0.0 + https.host = 0.0.0.0 + + https.client.protocols = TLSv1.3,TLSv1.2 +-https.server.protocols = TLSv1.3,TLSv1.2,SSLv2Hello ++https.server.protocols = TLSv1.3,TLSv1.2 + https.ciphersuites = TLS_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_EMPTY_RENEGOTIATION_INFO_SCSV + https.ephemeraldhkeysize = 2048 + + # If set to true, the Connect REST API will require all incoming requests to contain an "X-Requested-With" header. + # This protects against Cross-Site Request Forgery (CSRF) security vulnerabilities. @@ -15,11 +15,12 @@ if :; then _jsch_oldver='0.1.55' if :; then _JVM='/usr/lib/jvm/java-17-openjdk'; _JRE='jdk17-openjdk' # needed for all functionality of JSCH-0.2.0 - _jsch_pkgver='0.2.5' + _jsch_pkgver='0.2.8' _jsch_srcdir="${_jsch_libname}-${_jsch_libname}-${_jsch_pkgver}" #_jsch_srcdir="${_jsch_libname}-${_jsch_srcdir}" _source=("https://github.com/mwiede/jsch/archive/refs/tags/${_jsch_libname}-${_jsch_pkgver}.tar.gz") makedepends+=('maven') + # optdepends+=('bcprov: AEAD cipher chacha20-poly1305') # included in Mirth else _JVM='/usr/lib/jvm/java-8-openjdk'; _JRE='jdk8-openjdk' # sufficient for JSCH-0.1.55 _jsch_pkgver='0.1.55' @@ -38,7 +39,8 @@ pkgname='mirthconnect' #pkgver='4.0.1.b293' #pkgver='4.1.0.b2777' #pkgver='4.1.1.b303' -pkgver='4.2.0.b2825' +#pkgver='4.2.0.b2825' +pkgver='4.3.0.b2886' # JSCH Updates https://github.com/mwiede/jsch/releases pkgrel='1' pkgdesc='hl7 connector by Nextgen' @@ -47,7 +49,7 @@ url='https://www.nextgen.com/products-and-services/integration-engine' _giturl='https://github.com/nextgenhealthcare/connect' license=('MPL') depends=("${_JRE}") -optdepends=( +optdepends+=( {mariadb,postgresql}': alternate database to derby' ) backup=( @@ -57,26 +59,27 @@ backup=( "${_mirthhome#/}/conf/mirth-cli-config.properties" "${_mirthhome#/}/conf/mirth.properties" ) +options=('!strip') install="${pkgname}.install" _srcdir='Mirth Connect' source=( "https://s3.amazonaws.com/downloads.mirthcorp.com/connect/${pkgver}/mirthconnect-${pkgver}-unix.tar.gz" '0000-mirth-disable-tls11.patch' - '0000a-mirth-disable-SSLv2Hello.patch' + '0000b-mirth-disable-SSLv2Hello.patch' "${_source[@]}" ) -md5sums=('4f3c0e5eaeed724d4e740de94d8636ee' +md5sums=('a1df17adde65e1f8b60e7c5431fe9d9f' '426de9435b21e90df7ae044510938270' - '1acd364394ce76740ccea30f7133720f' - 'f8052fb1c6236ccc1e43c467f6fc0581' + 'f1b18ae896b93be65a2e9b276f12c16f' + 'fe9cfd419b481b805dc04c6df79d5597' 'b9e1b8f9395622ba548d7fd07cfd7c26' - '093e7997245afcf04a598f4a9fa2ee14') -sha256sums=('9ab928069ec263edf76b168739e5091cbd864971c2af1be05a845d19660fd7a0' + '15600619ce3917f4443ddf610d553da2') +sha256sums=('22c153a199b021cdf6c75fc8e36298d955667ad36f86aa8c279fc6c758c6241e' '4dc37b7ed9db5c9fcd74f45cd6197f6b631d74d3a30022bda6fda1c5900b7099' - '2bdf62155ce4a2e51f33fa27aab7f9d6f5e5ff209c9f3691db4782c1f30fee5c' - 'dc1fa8ead27b464267a5b010afa4ad649f948e9a9e8cc657d65ffe9a33daa9d5' + '254c858572a4949c09726859d3f790d7bee535b8dbea184e4f6679d3b7c3b269' + '8f7640becc127d15de4981feb48dd027a6e5094fc3666ff6143ab75cd21cdafc' 'f754da4581b5e390e13fc407ab9fc4cdc7f139585081929626be8569dae99ad9' - 'd1da7f180363924063cdc1f64c4fd049462f1cb02df0bf1ded2292c990e31bf2') + '28485f80f3a32ce73e063fb1efea9eef0df900f362ef8fae535b2f9ecb605088') source+=( '0000-jsch-disable-md5-3des-cbc-dss-arcfour.patch' @@ -98,7 +101,7 @@ _jsch_prepare() { sed -E -e '/String VERSION/ s:".+":'"\"${_jsch_pkgver}-ArchMirth\":g" -i 'src/main/java/com/jcraft/jsch/JSch.java' fi if [ "$(vercmp "${_jsch_pkgver}" "0.2.0")" -ge 0 ]; then - #cd "${srcdir}"; cp -pr "${_jsch_srcdir}" 'a'; ln -s "${_jsch_srcdir}" 'b'; false + # pushd "${srcdir}"; cp -pr "${_jsch_srcdir}" 'a'; ln -s "${_jsch_srcdir}" 'b'; popd; false # diff -pNaru5 'a' 'b' > '0000-jsch-disable-enable-ssh-rsa.patch' patch -Nup1 -i "${srcdir}/0000-jsch-disable-enable-ssh-rsa.patch" fi @@ -189,8 +192,8 @@ prepare() { patch -Nup1 -i "${srcdir}/0000-mirth-disable-tls11.patch" elif grep -q -F -e 'SSLv2Hello' 'conf/mirth.properties'; then #cd '..'; cp -pr "${_srcdir}" 'a'; ln -s "${_srcdir}" 'b'; false - # diff -pNaru5 'a' 'b' > '0000a-mirth-disable-SSLv2Hello.patch' - patch -Nup1 -i "${srcdir}/0000a-mirth-disable-SSLv2Hello.patch" + # diff -pNaru5 'a' 'b' > '0000b-mirth-disable-SSLv2Hello.patch' + patch -Nup1 -i "${srcdir}/0000b-mirth-disable-SSLv2Hello.patch" fi _jsch_prepare |