Fix interop tests for recent regress changes

10 files changed, 116 insertions, 41 deletions

diff --git a/debian/.git-dpm b/debian/.git-dpm
index 635786aca..eb7f66c18 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-bbc5ff0a295797174b4ef3928f58969e43f5adfe
-bbc5ff0a295797174b4ef3928f58969e43f5adfe
+0c3b0631695be33f711eda233bfee3dab77d405c
+0c3b0631695be33f711eda233bfee3dab77d405c
 102062f825fb26a74295a1c089c00c4c4c76b68a
 102062f825fb26a74295a1c089c00c4c4c76b68a
 openssh_8.0p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 9ec95acb7..5c076b2ff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+openssh (1:8.0p1-2) UNRELEASED; urgency=medium
+
+  * Fix interop tests for recent regress changes.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 14 Jun 2019 12:05:23 +0100
+
 openssh (1:8.0p1-1) experimental; urgency=medium
 
   * New upstream release (https://www.openssh.com/txt/release-8.0, closes:
diff --git a/debian/patches/conch-old-privkey-format.patch b/debian/patches/conch-old-privkey-format.patch
index 40fe32898..6de8d391b 100644
--- a/debian/patches/conch-old-privkey-format.patch
+++ b/debian/patches/conch-old-privkey-format.patch
@@ -1,4 +1,4 @@
-From 9c01e0ae9889c05bfe68b2f1f1c5e5019e63ff0b Mon Sep 17 00:00:00 2001
+From 715b72009450c3448de10729817687c53554efb2 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Thu, 30 Aug 2018 00:58:56 +0100
 Subject: Work around conch interoperability failure
@@ -8,46 +8,43 @@ Twisted Conch fails to read private keys in the new format
 can be fixed in Twisted.
 
 Forwarded: not-needed
-Last-Update: 2018-08-30
+Last-Update: 2019-06-14
 
 Patch-Name: conch-old-privkey-format.patch
 ---
- regress/Makefile         |  5 +++--
+ regress/Makefile         |  2 +-
  regress/conch-ciphers.sh |  2 +-
  regress/test-exec.sh     | 12 ++++++++++++
- 3 files changed, 16 insertions(+), 3 deletions(-)
+ 3 files changed, 14 insertions(+), 2 deletions(-)
 
 diff --git a/regress/Makefile b/regress/Makefile
-index 925edf71a..6fdfcc8ca 100644
+index 781400fd0..491a3a46a 100644
 --- a/regress/Makefile
 +++ b/regress/Makefile
-@@ -110,8 +110,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
-                modpipe netcat no_identity_config \
-                pidfile putty.rsa2 ready regress.log \
-                remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub \
--               rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \
--               rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
-+               rsa1 rsa1-agent rsa1-agent.pub rsa1.pub \
-+               rsa_oldfmt rsa_oldfmt.pub \
-+               rsa_ssh2_cr.prv rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
+@@ -114,7 +114,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
+                rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
                 scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
-                sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
-                ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
+                sftp-server.sh sftp.log ssh-log-wrapper.sh \
+-               ssh-rsa_oldfmt \
++               ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \
+                ssh.log ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
+                ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
+                sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
 diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
-index 199d863a0..c7df19fd4 100644
+index 51e3b705f..fa24552b0 100644
 --- a/regress/conch-ciphers.sh
 +++ b/regress/conch-ciphers.sh
 @@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \
         rm -f ${COPY}
         # XXX the 2nd "cat" seems to be needed because of buggy FD handling
         # in conch
--       ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER  -e none \
-+       ${CONCH} --identity $OBJ/rsa_oldfmt --port $PORT --user $USER  -e none \
+-       ${CONCH} --identity $OBJ/ssh-rsa --port $PORT --user $USER -e none \
++       ${CONCH} --identity $OBJ/ssh-rsa_oldfmt --port $PORT --user $USER -e none \
             --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \
             127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
         if [ $? -ne 0 ]; then
 diff --git a/regress/test-exec.sh b/regress/test-exec.sh
-index b8e2009de..08338121b 100644
+index efde6a173..83c7d02e6 100644
 --- a/regress/test-exec.sh
 +++ b/regress/test-exec.sh
 @@ -500,6 +500,18 @@ REGRESS_INTEROP_CONCH=no
@@ -62,9 +59,9 @@ index b8e2009de..08338121b 100644
 +if test "$REGRESS_INTEROP_CONCH" = "yes" ; then
 +       # Convert rsa key to old format to work around
 +       # https://twistedmatrix.com/trac/ticket/9515
-+       cp $OBJ/rsa $OBJ/rsa_oldfmt
-+       cp $OBJ/rsa.pub $OBJ/rsa_oldfmt.pub
-+       ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null
++       cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
++       cp $OBJ/ssh-rsa.pub $OBJ/ssh-rsa_oldfmt.pub
++       ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
 +fi
  
  # If PuTTY is present and we are running a PuTTY test, prepare keys and
diff --git a/debian/patches/fix-interop-tests.patch b/debian/patches/fix-interop-tests.patch
new file mode 100644
index 000000000..04748b17b
--- /dev/null
+++ b/debian/patches/fix-interop-tests.patch
@@ -0,0 +1,71 @@
+From 440ef75890c282e75534689cd4e0d3938279b8e0 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Fri, 14 Jun 2019 11:57:15 +0100
+Subject: Fix interop tests for recent regress changes
+
+A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in
+portable) broke the PuTTY and Twisted Conch interop tests, because the
+key they want to use is now called ssh-rsa rather than rsa.  Fix them.
+
+Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=3020
+Last-Update: 2019-06-14
+
+Patch-Name: fix-interop-tests.patch
+---
+ regress/Makefile         |  5 +++--
+ regress/conch-ciphers.sh |  2 +-
+ regress/test-exec.sh     | 10 +++++-----
+ 3 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/regress/Makefile b/regress/Makefile
+index 925edf71a..781400fd0 100644
+--- a/regress/Makefile
++++ b/regress/Makefile
+@@ -113,8 +113,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
+                rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \
+                rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
+                scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
+-               sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
+-               ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
++               sftp-server.sh sftp.log ssh-log-wrapper.sh \
++               ssh-rsa_oldfmt \
++               ssh.log ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
+                ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
+                sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
+                sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
+diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
+index 199d863a0..51e3b705f 100644
+--- a/regress/conch-ciphers.sh
++++ b/regress/conch-ciphers.sh
+@@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \
+        rm -f ${COPY}
+        # XXX the 2nd "cat" seems to be needed because of buggy FD handling
+        # in conch
+-       ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER  -e none \
++       ${CONCH} --identity $OBJ/ssh-rsa --port $PORT --user $USER -e none \
+            --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \
+            127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
+        if [ $? -ne 0 ]; then
+diff --git a/regress/test-exec.sh b/regress/test-exec.sh
+index b8e2009de..efde6a173 100644
+--- a/regress/test-exec.sh
++++ b/regress/test-exec.sh
+@@ -527,13 +527,13 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
+            >> $OBJ/authorized_keys_$USER
+ 
+        # Convert rsa2 host key to PuTTY format
+-       cp $OBJ/rsa $OBJ/rsa_oldfmt
+-       ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null
+-       ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa_oldfmt > \
++       cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
++       ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
++       ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \
+            ${OBJ}/.putty/sshhostkeys
+-       ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa_oldfmt >> \
++       ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \
+            ${OBJ}/.putty/sshhostkeys
+-       rm -f $OBJ/rsa_oldfmt
++       rm -f $OBJ/ssh-rsa_oldfmt
+ 
+        # Setup proxied session
+        mkdir -p ${OBJ}/.putty/sessions
diff --git a/debian/patches/fix-utimensat-test.patch b/debian/patches/fix-utimensat-test.patch
index 799337e64..2f994aafd 100644
--- a/debian/patches/fix-utimensat-test.patch
+++ b/debian/patches/fix-utimensat-test.patch
@@ -1,4 +1,4 @@
-From bbc5ff0a295797174b4ef3928f58969e43f5adfe Mon Sep 17 00:00:00 2001
+From 0c3b0631695be33f711eda233bfee3dab77d405c Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@dtucker.net>
 Date: Fri, 7 Jun 2019 23:47:37 +1000
 Subject: Update utimensat test.
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch
index d0b02d792..623e1fff0 100644
--- a/debian/patches/revert-ipqos-defaults.patch
+++ b/debian/patches/revert-ipqos-defaults.patch
@@ -1,4 +1,4 @@
-From 7d50f9e5be88179325983a1f58c9d51bb58f025a Mon Sep 17 00:00:00 2001
+From 907bd73e8b0d031a96a0f800c0f6cef03ff1fcc4 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Mon, 8 Apr 2019 10:46:29 +0100
 Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
diff --git a/debian/patches/series b/debian/patches/series
index ba5a5ad4b..7ca779801 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -23,6 +23,7 @@ debian-config.patch
 restore-authorized_keys2.patch
 seccomp-s390-flock-ipc.patch
 seccomp-s390-ioctl-ep11-crypto.patch
+fix-interop-tests.patch
 conch-old-privkey-format.patch
 revert-ipqos-defaults.patch
 fix-utimensat-test.patch
diff --git a/regress/Makefile b/regress/Makefile
index 6fdfcc8ca..491a3a46a 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -110,12 +110,12 @@ CLEANFILES=	*.core actual agent-key.* authorized_keys_${USERNAME} \
                 modpipe netcat no_identity_config \
                 pidfile putty.rsa2 ready regress.log \
                 remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub \
-                rsa1 rsa1-agent rsa1-agent.pub rsa1.pub \
-                rsa_oldfmt rsa_oldfmt.pub \
-                rsa_ssh2_cr.prv rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
+                rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \
+                rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
                 scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
-                sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
-                ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
+                sftp-server.sh sftp.log ssh-log-wrapper.sh \
+                ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \
+                ssh.log ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
                 ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
                 sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
                 sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
index c7df19fd4..fa24552b0 100644
--- a/regress/conch-ciphers.sh
+++ b/regress/conch-ciphers.sh
@@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \
         rm -f ${COPY}
         # XXX the 2nd "cat" seems to be needed because of buggy FD handling
         # in conch
-        ${CONCH} --identity $OBJ/rsa_oldfmt --port $PORT --user $USER  -e none \
+        ${CONCH} --identity $OBJ/ssh-rsa_oldfmt --port $PORT --user $USER -e none \
             --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \
             127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
         if [ $? -ne 0 ]; then
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 08338121b..83c7d02e6 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -508,9 +508,9 @@ esac
 if test "$REGRESS_INTEROP_CONCH" = "yes" ; then
         # Convert rsa key to old format to work around
         # https://twistedmatrix.com/trac/ticket/9515
-        cp $OBJ/rsa $OBJ/rsa_oldfmt
-        cp $OBJ/rsa.pub $OBJ/rsa_oldfmt.pub
-        ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null
+        cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
+        cp $OBJ/ssh-rsa.pub $OBJ/ssh-rsa_oldfmt.pub
+        ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
 fi
 
 # If PuTTY is present and we are running a PuTTY test, prepare keys and
@@ -539,13 +539,13 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
             >> $OBJ/authorized_keys_$USER
 
         # Convert rsa2 host key to PuTTY format
-        cp $OBJ/rsa $OBJ/rsa_oldfmt
-        ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null
-        ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa_oldfmt > \
+        cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
+        ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
+        ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \
             ${OBJ}/.putty/sshhostkeys
-        ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa_oldfmt >> \
+        ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \
             ${OBJ}/.putty/sshhostkeys
-        rm -f $OBJ/rsa_oldfmt
+        rm -f $OBJ/ssh-rsa_oldfmt
 
         # Setup proxied session
         mkdir -p ${OBJ}/.putty/sessions