summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/conch-old-privkey-format.patch43
-rw-r--r--debian/patches/fix-interop-tests.patch71
-rw-r--r--debian/patches/fix-utimensat-test.patch2
-rw-r--r--debian/patches/revert-ipqos-defaults.patch2
-rw-r--r--debian/patches/series1
5 files changed, 94 insertions, 25 deletions
diff --git a/debian/patches/conch-old-privkey-format.patch b/debian/patches/conch-old-privkey-format.patch
index 40fe32898..6de8d391b 100644
--- a/debian/patches/conch-old-privkey-format.patch
+++ b/debian/patches/conch-old-privkey-format.patch
@@ -1,4 +1,4 @@
1From 9c01e0ae9889c05bfe68b2f1f1c5e5019e63ff0b Mon Sep 17 00:00:00 2001 1From 715b72009450c3448de10729817687c53554efb2 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Thu, 30 Aug 2018 00:58:56 +0100 3Date: Thu, 30 Aug 2018 00:58:56 +0100
4Subject: Work around conch interoperability failure 4Subject: Work around conch interoperability failure
@@ -8,46 +8,43 @@ Twisted Conch fails to read private keys in the new format
8can be fixed in Twisted. 8can be fixed in Twisted.
9 9
10Forwarded: not-needed 10Forwarded: not-needed
11Last-Update: 2018-08-30 11Last-Update: 2019-06-14
12 12
13Patch-Name: conch-old-privkey-format.patch 13Patch-Name: conch-old-privkey-format.patch
14--- 14---
15 regress/Makefile | 5 +++-- 15 regress/Makefile | 2 +-
16 regress/conch-ciphers.sh | 2 +- 16 regress/conch-ciphers.sh | 2 +-
17 regress/test-exec.sh | 12 ++++++++++++ 17 regress/test-exec.sh | 12 ++++++++++++
18 3 files changed, 16 insertions(+), 3 deletions(-) 18 3 files changed, 14 insertions(+), 2 deletions(-)
19 19
20diff --git a/regress/Makefile b/regress/Makefile 20diff --git a/regress/Makefile b/regress/Makefile
21index 925edf71a..6fdfcc8ca 100644 21index 781400fd0..491a3a46a 100644
22--- a/regress/Makefile 22--- a/regress/Makefile
23+++ b/regress/Makefile 23+++ b/regress/Makefile
24@@ -110,8 +110,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ 24@@ -114,7 +114,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
25 modpipe netcat no_identity_config \ 25 rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
26 pidfile putty.rsa2 ready regress.log \
27 remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub \
28- rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \
29- rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
30+ rsa1 rsa1-agent rsa1-agent.pub rsa1.pub \
31+ rsa_oldfmt rsa_oldfmt.pub \
32+ rsa_ssh2_cr.prv rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
33 scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ 26 scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
34 sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ 27 sftp-server.sh sftp.log ssh-log-wrapper.sh \
35 ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ 28- ssh-rsa_oldfmt \
29+ ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \
30 ssh.log ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
31 ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
32 sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
36diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh 33diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
37index 199d863a0..c7df19fd4 100644 34index 51e3b705f..fa24552b0 100644
38--- a/regress/conch-ciphers.sh 35--- a/regress/conch-ciphers.sh
39+++ b/regress/conch-ciphers.sh 36+++ b/regress/conch-ciphers.sh
40@@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ 37@@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \
41 rm -f ${COPY} 38 rm -f ${COPY}
42 # XXX the 2nd "cat" seems to be needed because of buggy FD handling 39 # XXX the 2nd "cat" seems to be needed because of buggy FD handling
43 # in conch 40 # in conch
44- ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ 41- ${CONCH} --identity $OBJ/ssh-rsa --port $PORT --user $USER -e none \
45+ ${CONCH} --identity $OBJ/rsa_oldfmt --port $PORT --user $USER -e none \ 42+ ${CONCH} --identity $OBJ/ssh-rsa_oldfmt --port $PORT --user $USER -e none \
46 --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ 43 --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \
47 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} 44 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
48 if [ $? -ne 0 ]; then 45 if [ $? -ne 0 ]; then
49diff --git a/regress/test-exec.sh b/regress/test-exec.sh 46diff --git a/regress/test-exec.sh b/regress/test-exec.sh
50index b8e2009de..08338121b 100644 47index efde6a173..83c7d02e6 100644
51--- a/regress/test-exec.sh 48--- a/regress/test-exec.sh
52+++ b/regress/test-exec.sh 49+++ b/regress/test-exec.sh
53@@ -500,6 +500,18 @@ REGRESS_INTEROP_CONCH=no 50@@ -500,6 +500,18 @@ REGRESS_INTEROP_CONCH=no
@@ -62,9 +59,9 @@ index b8e2009de..08338121b 100644
62+if test "$REGRESS_INTEROP_CONCH" = "yes" ; then 59+if test "$REGRESS_INTEROP_CONCH" = "yes" ; then
63+ # Convert rsa key to old format to work around 60+ # Convert rsa key to old format to work around
64+ # https://twistedmatrix.com/trac/ticket/9515 61+ # https://twistedmatrix.com/trac/ticket/9515
65+ cp $OBJ/rsa $OBJ/rsa_oldfmt 62+ cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
66+ cp $OBJ/rsa.pub $OBJ/rsa_oldfmt.pub 63+ cp $OBJ/ssh-rsa.pub $OBJ/ssh-rsa_oldfmt.pub
67+ ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null 64+ ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
68+fi 65+fi
69 66
70 # If PuTTY is present and we are running a PuTTY test, prepare keys and 67 # If PuTTY is present and we are running a PuTTY test, prepare keys and
diff --git a/debian/patches/fix-interop-tests.patch b/debian/patches/fix-interop-tests.patch
new file mode 100644
index 000000000..04748b17b
--- /dev/null
+++ b/debian/patches/fix-interop-tests.patch
@@ -0,0 +1,71 @@
1From 440ef75890c282e75534689cd4e0d3938279b8e0 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org>
3Date: Fri, 14 Jun 2019 11:57:15 +0100
4Subject: Fix interop tests for recent regress changes
5
6A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in
7portable) broke the PuTTY and Twisted Conch interop tests, because the
8key they want to use is now called ssh-rsa rather than rsa. Fix them.
9
10Forwarded: https://bugzilla.mindrot.org/show_bug.cgi?id=3020
11Last-Update: 2019-06-14
12
13Patch-Name: fix-interop-tests.patch
14---
15 regress/Makefile | 5 +++--
16 regress/conch-ciphers.sh | 2 +-
17 regress/test-exec.sh | 10 +++++-----
18 3 files changed, 9 insertions(+), 8 deletions(-)
19
20diff --git a/regress/Makefile b/regress/Makefile
21index 925edf71a..781400fd0 100644
22--- a/regress/Makefile
23+++ b/regress/Makefile
24@@ -113,8 +113,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
25 rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \
26 rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
27 scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
28- sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
29- ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
30+ sftp-server.sh sftp.log ssh-log-wrapper.sh \
31+ ssh-rsa_oldfmt \
32+ ssh.log ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
33 ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
34 sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
35 sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
36diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
37index 199d863a0..51e3b705f 100644
38--- a/regress/conch-ciphers.sh
39+++ b/regress/conch-ciphers.sh
40@@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \
41 rm -f ${COPY}
42 # XXX the 2nd "cat" seems to be needed because of buggy FD handling
43 # in conch
44- ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \
45+ ${CONCH} --identity $OBJ/ssh-rsa --port $PORT --user $USER -e none \
46 --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \
47 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
48 if [ $? -ne 0 ]; then
49diff --git a/regress/test-exec.sh b/regress/test-exec.sh
50index b8e2009de..efde6a173 100644
51--- a/regress/test-exec.sh
52+++ b/regress/test-exec.sh
53@@ -527,13 +527,13 @@ if test "$REGRESS_INTEROP_PUTTY" = "yes" ; then
54 >> $OBJ/authorized_keys_$USER
55
56 # Convert rsa2 host key to PuTTY format
57- cp $OBJ/rsa $OBJ/rsa_oldfmt
58- ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null
59- ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa_oldfmt > \
60+ cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
61+ ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
62+ ${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \
63 ${OBJ}/.putty/sshhostkeys
64- ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa_oldfmt >> \
65+ ${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \
66 ${OBJ}/.putty/sshhostkeys
67- rm -f $OBJ/rsa_oldfmt
68+ rm -f $OBJ/ssh-rsa_oldfmt
69
70 # Setup proxied session
71 mkdir -p ${OBJ}/.putty/sessions
diff --git a/debian/patches/fix-utimensat-test.patch b/debian/patches/fix-utimensat-test.patch
index 799337e64..2f994aafd 100644
--- a/debian/patches/fix-utimensat-test.patch
+++ b/debian/patches/fix-utimensat-test.patch
@@ -1,4 +1,4 @@
1From bbc5ff0a295797174b4ef3928f58969e43f5adfe Mon Sep 17 00:00:00 2001 1From 0c3b0631695be33f711eda233bfee3dab77d405c Mon Sep 17 00:00:00 2001
2From: Darren Tucker <dtucker@dtucker.net> 2From: Darren Tucker <dtucker@dtucker.net>
3Date: Fri, 7 Jun 2019 23:47:37 +1000 3Date: Fri, 7 Jun 2019 23:47:37 +1000
4Subject: Update utimensat test. 4Subject: Update utimensat test.
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch
index d0b02d792..623e1fff0 100644
--- a/debian/patches/revert-ipqos-defaults.patch
+++ b/debian/patches/revert-ipqos-defaults.patch
@@ -1,4 +1,4 @@
1From 7d50f9e5be88179325983a1f58c9d51bb58f025a Mon Sep 17 00:00:00 2001 1From 907bd73e8b0d031a96a0f800c0f6cef03ff1fcc4 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Mon, 8 Apr 2019 10:46:29 +0100 3Date: Mon, 8 Apr 2019 10:46:29 +0100
4Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP 4Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
diff --git a/debian/patches/series b/debian/patches/series
index ba5a5ad4b..7ca779801 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -23,6 +23,7 @@ debian-config.patch
23restore-authorized_keys2.patch 23restore-authorized_keys2.patch
24seccomp-s390-flock-ipc.patch 24seccomp-s390-flock-ipc.patch
25seccomp-s390-ioctl-ep11-crypto.patch 25seccomp-s390-ioctl-ep11-crypto.patch
26fix-interop-tests.patch
26conch-old-privkey-format.patch 27conch-old-privkey-format.patch
27revert-ipqos-defaults.patch 28revert-ipqos-defaults.patch
28fix-utimensat-test.patch 29fix-utimensat-test.patch