Pull more fixes to stabilize tests
This commit is contained in:
parent
dd05b5ac86
commit
842d5a7fe9
41
libssh-0.10.6-compress.patch
Normal file
41
libssh-0.10.6-compress.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From c9cfeb9b838b801c3e2bb070c3db914e81ca4e68 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Mon, 12 Aug 2024 17:49:46 +0200
|
||||
Subject: [PATCH] wrapper: Avoid asymmetric termination of gzip context
|
||||
|
||||
For some reason, both compress and decompress contexts were terminated
|
||||
with both compress and decompress end functions (if the deflateEnd worked),
|
||||
which was causing for some another unexplained reasons issues on i686
|
||||
architecture when running the torture_packet unit test.
|
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
src/wrapper.c | 8 +++-----
|
||||
1 file changed, 3 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/wrapper.c b/src/wrapper.c
|
||||
index bf949ea9..d9cf6db5 100644
|
||||
--- a/src/wrapper.c
|
||||
+++ b/src/wrapper.c
|
||||
@@ -200,14 +200,12 @@ void crypto_free(struct ssh_crypto_struct *crypto)
|
||||
SAFE_FREE(crypto->secret_hash);
|
||||
}
|
||||
#ifdef WITH_ZLIB
|
||||
- if (crypto->compress_out_ctx &&
|
||||
- (deflateEnd(crypto->compress_out_ctx) != 0)) {
|
||||
- inflateEnd(crypto->compress_out_ctx);
|
||||
+ if (crypto->compress_out_ctx) {
|
||||
+ deflateEnd(crypto->compress_out_ctx);
|
||||
}
|
||||
SAFE_FREE(crypto->compress_out_ctx);
|
||||
|
||||
- if (crypto->compress_in_ctx &&
|
||||
- (deflateEnd(crypto->compress_in_ctx) != 0)) {
|
||||
+ if (crypto->compress_in_ctx) {
|
||||
inflateEnd(crypto->compress_in_ctx);
|
||||
}
|
||||
SAFE_FREE(crypto->compress_in_ctx);
|
||||
--
|
||||
2.46.0
|
||||
|
47
libssh-0.10.6-rate-limit.patch
Normal file
47
libssh-0.10.6-rate-limit.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From 7b89ff760a2c7119916eaa8fd6a62afbd15fc3ad Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Fri, 9 Aug 2024 11:30:15 +0200
|
||||
Subject: [PATCH] test: Workaround the new OpenSSH failure rate limiting
|
||||
|
||||
The new OpenSSH rate limits the failed authentication attempts per source
|
||||
address and drops connection when the amount is reached, which is happening
|
||||
in our testsuite.
|
||||
|
||||
By whitelisting the IP address of the client on the socket wrapper,
|
||||
this allows the tests to pass.
|
||||
|
||||
https://man.openbsd.org/sshd_config.5#PerSourcePenaltyExemptList
|
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
tests/torture.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/tests/torture.c b/tests/torture.c
|
||||
index c832dfa6..ad0a7836 100644
|
||||
--- a/tests/torture.c
|
||||
+++ b/tests/torture.c
|
||||
@@ -755,6 +755,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
|
||||
"HostKeyAlgorithms " OPENSSH_KEYS "\n"
|
||||
#if OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2
|
||||
"CASignatureAlgorithms " OPENSSH_KEYS "\n"
|
||||
+#endif
|
||||
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
|
||||
+ "PerSourcePenaltyExemptList 127.0.0.21\n"
|
||||
#endif
|
||||
"Ciphers " OPENSSH_CIPHERS "\n"
|
||||
"KexAlgorithms " OPENSSH_KEX "\n"
|
||||
@@ -786,6 +789,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
|
||||
"%s\n" /* Here comes UsePam */
|
||||
"%s" /* The space for test-specific options */
|
||||
"\n"
|
||||
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
|
||||
+ "PerSourcePenaltyExemptList 127.0.0.21\n"
|
||||
+#endif
|
||||
"Ciphers "
|
||||
"aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,"
|
||||
"aes128-gcm@openssh.com,aes128-ctr,aes128-cbc"
|
||||
--
|
||||
2.46.0
|
||||
|
11
libssh.spec
11
libssh.spec
@ -27,6 +27,11 @@ Patch2: libssh-0.10.6-ipv6-hostname.patch
|
||||
# 2c918aad6763754bdffb84796b410e21f24bb7ec tests: Use /tmp for tmpdirs that contain sockets
|
||||
Patch3: libssh-0.10.6-pkcs11-provider.patch
|
||||
Patch4: libssh-0.10.6-no-engine.patch
|
||||
# 7b89ff760a2c7119916eaa8fd6a62afbd15fc3ad
|
||||
Patch5: libssh-0.10.6-rate-limit.patch
|
||||
# c9cfeb9b838b801c3e2bb070c3db914e81ca4e68
|
||||
Patch6: libssh-0.10.6-compress.patch
|
||||
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
@ -131,11 +136,7 @@ popd
|
||||
%check
|
||||
# Tests are randomly failing when run in parallel
|
||||
%global _smp_build_ncpus 1
|
||||
%ifarch i686
|
||||
# The test torture_packet fails now on i686 arch on rawhide
|
||||
%global libssh_ctest_args -E torture_packet
|
||||
%endif
|
||||
%ctest %{?libssh_ctest_args}
|
||||
%ctest
|
||||
|
||||
%files
|
||||
%doc AUTHORS BSD CHANGELOG README
|
||||
|
Loading…
Reference in New Issue
Block a user