make SCP/SFTP tests work with openssh-8.7p1

2021-09-16 08:44:39 +02:00 · 2021-09-16 08:44:39 +02:00 · 25f443ae12
commit 25f443ae12
parent 287da1ceec
2 changed files with 108 additions and 0 deletions
--- a/0001-curl-7.79.0-ssh-tests.patch
+++ b/0001-curl-7.79.0-ssh-tests.patch
@ -0,0 +1,101 @@
+From 3b1db8a1032f5728f7da5a1fabe8db0bec1f4574 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Wed, 15 Sep 2021 09:59:14 +0200
+Subject: [PATCH] tests/sshserver.pl: make it work with openssh-8.7p1
+
+... by not using options with no argument where an argument is required:
+
+=== Start of file tests/log/ssh_server.log
+curl_sshd_config line 6: no argument after keyword "DenyGroups"
+curl_sshd_config line 7: no argument after keyword "AllowGroups"
+curl_sshd_config line 10: Deprecated option AuthorizedKeysFile2
+curl_sshd_config line 29: Deprecated option KeyRegenerationInterval
+curl_sshd_config line 39: Deprecated option RhostsRSAAuthentication
+curl_sshd_config line 40: Deprecated option RSAAuthentication
+curl_sshd_config line 41: Deprecated option ServerKeyBits
+curl_sshd_config line 45: Deprecated option UseLogin
+curl_sshd_config line 56: no argument after keyword "AcceptEnv"
+curl_sshd_config: terminating, 3 bad configuration options
+=== End of file tests/log/ssh_server.log
+
+=== Start of file log/sftp_server.log
+curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication"
+curl_sftp_config line 34: Unsupported option "rsaauthentication"
+curl_sftp_config line 52: no argument after keyword "sendenv"
+curl_sftp_config: terminating, 1 bad configuration options
+Connection closed.
+Connection closed
+=== End of file log/sftp_server.log
+
+Closes #7724
+
+Upstream-commit: ab78d2c679dfb37b27e89f42ad050c3153fa7513
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ tests/sshserver.pl | 14 --------------
+ 1 file changed, 14 deletions(-)
+
+diff --git a/tests/sshserver.pl b/tests/sshserver.pl
+index d0952a2d8..412cab33e 100644
+--- a/tests/sshserver.pl
+++ b/tests/sshserver.pl
+@@ -428,9 +428,7 @@ if ($sshdid =~ /OpenSSH-Windows/) {
+ #  ssh daemon configuration file options we might use and version support
+ #
+ #  AFSTokenPassing                  : OpenSSH 1.2.1 and later [1]
+-#  AcceptEnv                        : OpenSSH 3.9.0 and later
+ #  AddressFamily                    : OpenSSH 4.0.0 and later
+-#  AllowGroups                      : OpenSSH 1.2.1 and later
+ #  AllowTcpForwarding               : OpenSSH 2.3.0 and later
+ #  AllowUsers                       : OpenSSH 1.2.1 and later
+ #  AuthorizedKeysFile               : OpenSSH 2.9.9 and later
+@@ -441,7 +439,6 @@ if ($sshdid =~ /OpenSSH-Windows/) {
+ #  ClientAliveCountMax              : OpenSSH 2.9.0 and later
+ #  ClientAliveInterval              : OpenSSH 2.9.0 and later
+ #  Compression                      : OpenSSH 3.3.0 and later
+-#  DenyGroups                       : OpenSSH 1.2.1 and later
+ #  DenyUsers                        : OpenSSH 1.2.1 and later
+ #  ForceCommand                     : OpenSSH 4.4.0 and later [3]
+ #  GatewayPorts                     : OpenSSH 2.1.0 and later
+@@ -534,9 +531,6 @@ if ($sshdid =~ /OpenSSH-Windows/) {
+     push @cfgarr, "AllowUsers $username";
+ }
+ 
+-push @cfgarr, 'DenyGroups';
+-push @cfgarr, 'AllowGroups';
+-push @cfgarr, '#';
+ push @cfgarr, "AuthorizedKeysFile $clipubkeyf_config";
+ push @cfgarr, "AuthorizedKeysFile2 $clipubkeyf_config";
+ push @cfgarr, "HostKey $hstprvkeyf_config";
+@@ -684,9 +678,6 @@ push @cfgarr, '#';
+ #***************************************************************************
+ # Options that might be supported or not in sshd OpenSSH 2.9.9 and later
+ #
+-if(sshd_supports_opt('AcceptEnv','')) {
+-    push @cfgarr, 'AcceptEnv';
+-}
+ if(sshd_supports_opt('AddressFamily','any')) {
+     # Address family must be specified before ListenAddress
+     splice @cfgarr, 14, 0, 'AddressFamily any';
+@@ -873,7 +864,6 @@ if ($sshdid =~ /OpenSSH-Windows/) {
+ #  RemoteForward                     : OpenSSH 1.2.1 and later [3]
+ #  RhostsRSAAuthentication           : OpenSSH 1.2.1 and later
+ #  RSAAuthentication                 : OpenSSH 1.2.1 and later
+-#  SendEnv                           : OpenSSH 3.9.0 and later
+ #  ServerAliveCountMax               : OpenSSH 3.8.0 and later
+ #  ServerAliveInterval               : OpenSSH 3.8.0 and later
+ #  SmartcardDevice                   : OpenSSH 2.9.9 and later [1][3]
+@@ -1028,10 +1018,6 @@ if((($sshid =~ /OpenSSH/) && ($sshvernum >= 370)) ||
+     push @cfgarr, 'RekeyLimit 1G';
+ }
+ 
+-if(($sshid =~ /OpenSSH/) && ($sshvernum >= 390)) {
+-    push @cfgarr, 'SendEnv';
+-}
+-
+ if((($sshid =~ /OpenSSH/) && ($sshvernum >= 380)) ||
+    (($sshid =~ /SunSSH/) && ($sshvernum >= 120))) {
+     push @cfgarr, 'ServerAliveCountMax 3';
+-- 
+2.31.1
+
--- a/curl.spec
+++ b/curl.spec
@ -10,6 +10,9 @@ Source1: https://curl.se/download/%{name}-%{version}.tar.xz.asc
 # which points to the GPG key as of April 7th 2016 of https://daniel.haxx.se/mykey.asc
 Source2: mykey.asc

+# make SCP/SFTP tests work with openssh-8.7p1
+Patch1:   0001-curl-7.79.0-ssh-tests.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch

@ -183,6 +186,7 @@ be installed.
 %setup -q

 # upstream patches
+%patch1 -p1

 # Fedora patches
 %patch101 -p1
@ -368,6 +372,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal

 %changelog
+* Thu Sep 16 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-2
+- make SCP/SFTP tests work with openssh-8.7p1
+
 * Wed Sep 15 2021 Kamil Dudka <kdudka@redhat.com> - 7.79.0-1
 - new upstream release, which fixes the following vulnerabilities
    CVE-2021-22947 - STARTTLS protocol injection via MITM