Pull more fixes to stabilize tests
This commit is contained in:
Jakub Jelen
parent
dd05b5ac86
commit
842d5a7fe9
41
libssh-0.10.6-compress.patch
Normal file
41
libssh-0.10.6-compress.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From c9cfeb9b838b801c3e2bb070c3db914e81ca4e68 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Mon, 12 Aug 2024 17:49:46 +0200
|
||||||
|
Subject: [PATCH] wrapper: Avoid asymmetric termination of gzip context
|
||||||
|
|
||||||
|
For some reason, both compress and decompress contexts were terminated
|
||||||
|
with both compress and decompress end functions (if the deflateEnd worked),
|
||||||
|
which was causing for some another unexplained reasons issues on i686
|
||||||
|
architecture when running the torture_packet unit test.
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
---
|
||||||
|
src/wrapper.c | 8 +++-----
|
||||||
|
1 file changed, 3 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/wrapper.c b/src/wrapper.c
|
||||||
|
index bf949ea9..d9cf6db5 100644
|
||||||
|
--- a/src/wrapper.c
|
||||||
|
+++ b/src/wrapper.c
|
||||||
|
@@ -200,14 +200,12 @@ void crypto_free(struct ssh_crypto_struct *crypto)
|
||||||
|
SAFE_FREE(crypto->secret_hash);
|
||||||
|
}
|
||||||
|
#ifdef WITH_ZLIB
|
||||||
|
- if (crypto->compress_out_ctx &&
|
||||||
|
- (deflateEnd(crypto->compress_out_ctx) != 0)) {
|
||||||
|
- inflateEnd(crypto->compress_out_ctx);
|
||||||
|
+ if (crypto->compress_out_ctx) {
|
||||||
|
+ deflateEnd(crypto->compress_out_ctx);
|
||||||
|
}
|
||||||
|
SAFE_FREE(crypto->compress_out_ctx);
|
||||||
|
|
||||||
|
- if (crypto->compress_in_ctx &&
|
||||||
|
- (deflateEnd(crypto->compress_in_ctx) != 0)) {
|
||||||
|
+ if (crypto->compress_in_ctx) {
|
||||||
|
inflateEnd(crypto->compress_in_ctx);
|
||||||
|
}
|
||||||
|
SAFE_FREE(crypto->compress_in_ctx);
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
||||||
47
libssh-0.10.6-rate-limit.patch
Normal file
47
libssh-0.10.6-rate-limit.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From 7b89ff760a2c7119916eaa8fd6a62afbd15fc3ad Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Fri, 9 Aug 2024 11:30:15 +0200
|
||||||
|
Subject: [PATCH] test: Workaround the new OpenSSH failure rate limiting
|
||||||
|
|
||||||
|
The new OpenSSH rate limits the failed authentication attempts per source
|
||||||
|
address and drops connection when the amount is reached, which is happening
|
||||||
|
in our testsuite.
|
||||||
|
|
||||||
|
By whitelisting the IP address of the client on the socket wrapper,
|
||||||
|
this allows the tests to pass.
|
||||||
|
|
||||||
|
https://man.openbsd.org/sshd_config.5#PerSourcePenaltyExemptList
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
---
|
||||||
|
tests/torture.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tests/torture.c b/tests/torture.c
|
||||||
|
index c832dfa6..ad0a7836 100644
|
||||||
|
--- a/tests/torture.c
|
||||||
|
+++ b/tests/torture.c
|
||||||
|
@@ -755,6 +755,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
|
||||||
|
"HostKeyAlgorithms " OPENSSH_KEYS "\n"
|
||||||
|
#if OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2
|
||||||
|
"CASignatureAlgorithms " OPENSSH_KEYS "\n"
|
||||||
|
+#endif
|
||||||
|
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
|
||||||
|
+ "PerSourcePenaltyExemptList 127.0.0.21\n"
|
||||||
|
#endif
|
||||||
|
"Ciphers " OPENSSH_CIPHERS "\n"
|
||||||
|
"KexAlgorithms " OPENSSH_KEX "\n"
|
||||||
|
@@ -786,6 +789,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
|
||||||
|
"%s\n" /* Here comes UsePam */
|
||||||
|
"%s" /* The space for test-specific options */
|
||||||
|
"\n"
|
||||||
|
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
|
||||||
|
+ "PerSourcePenaltyExemptList 127.0.0.21\n"
|
||||||
|
+#endif
|
||||||
|
"Ciphers "
|
||||||
|
"aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,"
|
||||||
|
"aes128-gcm@openssh.com,aes128-ctr,aes128-cbc"
|
||||||
|
--
|
||||||
|
2.46.0
|
||||||
|
|
||||||
11
libssh.spec
11
libssh.spec
@ -27,6 +27,11 @@ Patch2: libssh-0.10.6-ipv6-hostname.patch
|
|||||||
# 2c918aad6763754bdffb84796b410e21f24bb7ec tests: Use /tmp for tmpdirs that contain sockets
|
# 2c918aad6763754bdffb84796b410e21f24bb7ec tests: Use /tmp for tmpdirs that contain sockets
|
||||||
Patch3: libssh-0.10.6-pkcs11-provider.patch
|
Patch3: libssh-0.10.6-pkcs11-provider.patch
|
||||||
Patch4: libssh-0.10.6-no-engine.patch
|
Patch4: libssh-0.10.6-no-engine.patch
|
||||||
|
# 7b89ff760a2c7119916eaa8fd6a62afbd15fc3ad
|
||||||
|
Patch5: libssh-0.10.6-rate-limit.patch
|
||||||
|
# c9cfeb9b838b801c3e2bb070c3db914e81ca4e68
|
||||||
|
Patch6: libssh-0.10.6-compress.patch
|
||||||
|
|
||||||
|
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
BuildRequires: gcc-c++
|
BuildRequires: gcc-c++
|
||||||
@ -131,11 +136,7 @@ popd
|
|||||||
%check
|
%check
|
||||||
# Tests are randomly failing when run in parallel
|
# Tests are randomly failing when run in parallel
|
||||||
%global _smp_build_ncpus 1
|
%global _smp_build_ncpus 1
|
||||||
%ifarch i686
|
%ctest
|
||||||
# The test torture_packet fails now on i686 arch on rawhide
|
|
||||||
%global libssh_ctest_args -E torture_packet
|
|
||||||
%endif
|
|
||||||
%ctest %{?libssh_ctest_args}
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%doc AUTHORS BSD CHANGELOG README
|
%doc AUTHORS BSD CHANGELOG README
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user