diff options
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/conch-old-privkey-format.patch | 43 | ||||
-rw-r--r-- | debian/patches/fix-interop-tests.patch | 71 | ||||
-rw-r--r-- | debian/patches/fix-utimensat-test.patch | 2 | ||||
-rw-r--r-- | debian/patches/revert-ipqos-defaults.patch | 2 | ||||
-rw-r--r-- | debian/patches/series | 1 |
5 files changed, 94 insertions, 25 deletions
diff --git a/debian/patches/conch-old-privkey-format.patch b/debian/patches/conch-old-privkey-format.patch index 40fe32898..6de8d391b 100644 --- a/debian/patches/conch-old-privkey-format.patch +++ b/debian/patches/conch-old-privkey-format.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 9c01e0ae9889c05bfe68b2f1f1c5e5019e63ff0b Mon Sep 17 00:00:00 2001 | 1 | From 715b72009450c3448de10729817687c53554efb2 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Thu, 30 Aug 2018 00:58:56 +0100 | 3 | Date: Thu, 30 Aug 2018 00:58:56 +0100 |
4 | Subject: Work around conch interoperability failure | 4 | Subject: Work around conch interoperability failure |
@@ -8,46 +8,43 @@ Twisted Conch fails to read private keys in the new format | |||
8 | can be fixed in Twisted. | 8 | can be fixed in Twisted. |
9 | 9 | ||
10 | Forwarded: not-needed | 10 | Forwarded: not-needed |
11 | Last-Update: 2018-08-30 | 11 | Last-Update: 2019-06-14 |
12 | 12 | ||
13 | Patch-Name: conch-old-privkey-format.patch | 13 | Patch-Name: conch-old-privkey-format.patch |
14 | --- | 14 | --- |
15 | regress/Makefile | 5 +++-- | 15 | regress/Makefile | 2 +- |
16 | regress/conch-ciphers.sh | 2 +- | 16 | regress/conch-ciphers.sh | 2 +- |
17 | regress/test-exec.sh | 12 ++++++++++++ | 17 | regress/test-exec.sh | 12 ++++++++++++ |
18 | 3 files changed, 16 insertions(+), 3 deletions(-) | 18 | 3 files changed, 14 insertions(+), 2 deletions(-) |
19 | 19 | ||
20 | diff --git a/regress/Makefile b/regress/Makefile | 20 | diff --git a/regress/Makefile b/regress/Makefile |
21 | index 925edf71a..6fdfcc8ca 100644 | 21 | index 781400fd0..491a3a46a 100644 |
22 | --- a/regress/Makefile | 22 | --- a/regress/Makefile |
23 | +++ b/regress/Makefile | 23 | +++ b/regress/Makefile |
24 | @@ -110,8 +110,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ | 24 | @@ -114,7 +114,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ |
25 | modpipe netcat no_identity_config \ | 25 | rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ |
26 | pidfile putty.rsa2 ready regress.log \ | ||
27 | remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub \ | ||
28 | - rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \ | ||
29 | - rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ | ||
30 | + rsa1 rsa1-agent rsa1-agent.pub rsa1.pub \ | ||
31 | + rsa_oldfmt rsa_oldfmt.pub \ | ||
32 | + rsa_ssh2_cr.prv rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ | ||
33 | scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ | 26 | scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ |
34 | sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ | 27 | sftp-server.sh sftp.log ssh-log-wrapper.sh \ |
35 | ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ | 28 | - ssh-rsa_oldfmt \ |
29 | + ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \ | ||
30 | ssh.log ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ | ||
31 | ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \ | ||
32 | sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \ | ||
36 | diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh | 33 | diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh |
37 | index 199d863a0..c7df19fd4 100644 | 34 | index 51e3b705f..fa24552b0 100644 |
38 | --- a/regress/conch-ciphers.sh | 35 | --- a/regress/conch-ciphers.sh |
39 | +++ b/regress/conch-ciphers.sh | 36 | +++ b/regress/conch-ciphers.sh |
40 | @@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ | 37 | @@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ |
41 | rm -f ${COPY} | 38 | rm -f ${COPY} |
42 | # XXX the 2nd "cat" seems to be needed because of buggy FD handling | 39 | # XXX the 2nd "cat" seems to be needed because of buggy FD handling |
43 | # in conch | 40 | # in conch |
44 | - ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ | 41 | - ${CONCH} --identity $OBJ/ssh-rsa --port $PORT --user $USER -e none \ |
45 | + ${CONCH} --identity $OBJ/rsa_oldfmt --port $PORT --user $USER -e none \ | 42 | + ${CONCH} --identity $OBJ/ssh-rsa_oldfmt --port $PORT --user $USER -e none \ |
46 | --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ | 43 | --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ |
47 | 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} | 44 | 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} |
48 | if [ $? -ne 0 ]; then | 45 | if [ $? -ne 0 ]; then |
49 | diff --git a/regress/test-exec.sh b/regress/test-exec.sh | 46 | diff --git a/regress/test-exec.sh b/regress/test-exec.sh |
50 | index b8e2009de..08338121b 100644 | 47 | index efde6a173..83c7d02e6 100644 |
51 | --- a/regress/test-exec.sh | 48 | --- a/regress/test-exec.sh |
52 | +++ b/regress/test-exec.sh | 49 | +++ b/regress/test-exec.sh |
53 | @@ -500,6 +500,18 @@ REGRESS_INTEROP_CONCH=no | 50 | @@ -500,6 +500,18 @@ REGRESS_INTEROP_CONCH=no |
@@ -62,9 +59,9 @@ index b8e2009de..08338121b 100644 | |||
62 | +if test "$REGRESS_INTEROP_CONCH" = "yes" ; then | 59 | +if test "$REGRESS_INTEROP_CONCH" = "yes" ; then |
63 | + # Convert rsa key to old format to work around | 60 | + # Convert rsa key to old format to work around |
64 | + # https://twistedmatrix.com/trac/ticket/9515 | 61 | + # https://twistedmatrix.com/trac/ticket/9515 |
65 | + cp $OBJ/rsa $OBJ/rsa_oldfmt | 62 | + cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt |
66 | + cp $OBJ/rsa.pub $OBJ/rsa_oldfmt.pub | 63 | + cp $OBJ/ssh-rsa.pub $OBJ/ssh-rsa_oldfmt.pub |
67 | + ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null | 64 | + ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null |
68 | +fi | 65 | +fi |
69 | 66 | ||
70 | # If PuTTY is present and we are running a PuTTY test, prepare keys and | 67 | # If PuTTY is present and we are running a PuTTY test, prepare keys and |
diff --git a/debian/patches/fix-interop-tests.patch b/debian/patches/fix-interop-tests.patch new file mode 100644 index 000000000..04748b17b --- /dev/null +++ b/debian/patches/fix-interop-tests.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | From 440ef75890c282e75534689cd4e0d3938279b8e0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Colin Watson <cjwatson@debian.org> | ||
3 | Date: Fri, 14 Jun 2019 11:57:15 +0100 | ||
4 | Subject: Fix interop tests for recent regress changes | ||
5 | |||
6 | A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in | ||
7 | portable) broke the PuTTY and Twisted Conch interop tests, because the | ||
8 | key they want to use is now called ssh-rsa rather than rsa. Fix them. | ||
9 | |||
10 | Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=3020 | ||
11 | Last-Update: 2019-06-14 | ||
12 | |||
13 | Patch-Name: fix-interop-tests.patch | ||
14 | --- | ||
15 | regress/Makefile | 5 +++-- | ||
16 | regress/conch-ciphers.sh | 2 +- | ||
17 | regress/test-exec.sh | 10 +++++----- | ||
18 | 3 files changed, 9 insertions(+), 8 deletions(-) | ||
19 | |||
20 | diff --git a/regress/Makefile b/regress/Makefile | ||
21 | index 925edf71a..781400fd0 100644 | ||
22 | --- a/regress/Makefile | ||
23 | +++ b/regress/Makefile | ||
24 | @@ -113,8 +113,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ | ||
25 | rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \ | ||
26 | rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ | ||
27 | scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ | ||
28 | - sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ | ||
29 | - ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ | ||
30 | + sftp-server.sh sftp.log ssh-log-wrapper.sh \ | ||
31 | + ssh-rsa_oldfmt \ | ||
32 | + ssh.log ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ | ||
33 | ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \ | ||
34 | sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \ | ||
35 | sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \ | ||
36 | diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh | ||
37 | index 199d863a0..51e3b705f 100644 | ||
38 | --- a/regress/conch-ciphers.sh | ||
39 | +++ b/regress/conch-ciphers.sh | ||
40 | @@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ | ||
41 | rm -f ${COPY} | ||
42 | # XXX the 2nd "cat" seems to be needed because of buggy FD handling | ||
43 | # in conch | ||
44 | - ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ | ||
45 | + ${CONCH} --identity $OBJ/ssh-rsa --port $PORT --user $USER -e none \ | ||
46 | --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ | ||
47 | 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} | ||
48 | if [ $? -ne 0 ]; then | ||
49 | diff --git a/regress/test-exec.sh b/regress/test-exec.sh | ||
50 | index b8e2009de..efde6a173 100644 | ||
51 | --- a/regress/test-exec.sh | ||
52 | +++ b/regress/test-exec.sh | ||
53 | @@ -527,13 +527,13 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then | ||
54 | >> $OBJ/authorized_keys_$USER | ||
55 | |||
56 | # Convert rsa2 host key to PuTTY format | ||
57 | - cp $OBJ/rsa $OBJ/rsa_oldfmt | ||
58 | - ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null | ||
59 | - ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa_oldfmt > \ | ||
60 | + cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt | ||
61 | + ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null | ||
62 | + ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \ | ||
63 | ${OBJ}/.putty/sshhostkeys | ||
64 | - ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa_oldfmt >> \ | ||
65 | + ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \ | ||
66 | ${OBJ}/.putty/sshhostkeys | ||
67 | - rm -f $OBJ/rsa_oldfmt | ||
68 | + rm -f $OBJ/ssh-rsa_oldfmt | ||
69 | |||
70 | # Setup proxied session | ||
71 | mkdir -p ${OBJ}/.putty/sessions | ||
diff --git a/debian/patches/fix-utimensat-test.patch b/debian/patches/fix-utimensat-test.patch index 799337e64..2f994aafd 100644 --- a/debian/patches/fix-utimensat-test.patch +++ b/debian/patches/fix-utimensat-test.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From bbc5ff0a295797174b4ef3928f58969e43f5adfe Mon Sep 17 00:00:00 2001 | 1 | From 0c3b0631695be33f711eda233bfee3dab77d405c Mon Sep 17 00:00:00 2001 |
2 | From: Darren Tucker <dtucker@dtucker.net> | 2 | From: Darren Tucker <dtucker@dtucker.net> |
3 | Date: Fri, 7 Jun 2019 23:47:37 +1000 | 3 | Date: Fri, 7 Jun 2019 23:47:37 +1000 |
4 | Subject: Update utimensat test. | 4 | Subject: Update utimensat test. |
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch index d0b02d792..623e1fff0 100644 --- a/debian/patches/revert-ipqos-defaults.patch +++ b/debian/patches/revert-ipqos-defaults.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 7d50f9e5be88179325983a1f58c9d51bb58f025a Mon Sep 17 00:00:00 2001 | 1 | From 907bd73e8b0d031a96a0f800c0f6cef03ff1fcc4 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Mon, 8 Apr 2019 10:46:29 +0100 | 3 | Date: Mon, 8 Apr 2019 10:46:29 +0100 |
4 | Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP | 4 | Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP |
diff --git a/debian/patches/series b/debian/patches/series index ba5a5ad4b..7ca779801 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -23,6 +23,7 @@ debian-config.patch | |||
23 | restore-authorized_keys2.patch | 23 | restore-authorized_keys2.patch |
24 | seccomp-s390-flock-ipc.patch | 24 | seccomp-s390-flock-ipc.patch |
25 | seccomp-s390-ioctl-ep11-crypto.patch | 25 | seccomp-s390-ioctl-ep11-crypto.patch |
26 | fix-interop-tests.patch | ||
26 | conch-old-privkey-format.patch | 27 | conch-old-privkey-format.patch |
27 | revert-ipqos-defaults.patch | 28 | revert-ipqos-defaults.patch |
28 | fix-utimensat-test.patch | 29 | fix-utimensat-test.patch |