Pull more fixes to stabilize tests

This commit is contained in:
Jakub Jelen 2024-08-21 11:05:19 +02:00
parent dd05b5ac86
commit 842d5a7fe9
3 changed files with 94 additions and 5 deletions

View File

@ -0,0 +1,41 @@
From c9cfeb9b838b801c3e2bb070c3db914e81ca4e68 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Mon, 12 Aug 2024 17:49:46 +0200
Subject: [PATCH] wrapper: Avoid asymmetric termination of gzip context
For some reason, both compress and decompress contexts were terminated
with both compress and decompress end functions (if the deflateEnd worked),
which was causing for some another unexplained reasons issues on i686
architecture when running the torture_packet unit test.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/wrapper.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/src/wrapper.c b/src/wrapper.c
index bf949ea9..d9cf6db5 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -200,14 +200,12 @@ void crypto_free(struct ssh_crypto_struct *crypto)
SAFE_FREE(crypto->secret_hash);
}
#ifdef WITH_ZLIB
- if (crypto->compress_out_ctx &&
- (deflateEnd(crypto->compress_out_ctx) != 0)) {
- inflateEnd(crypto->compress_out_ctx);
+ if (crypto->compress_out_ctx) {
+ deflateEnd(crypto->compress_out_ctx);
}
SAFE_FREE(crypto->compress_out_ctx);
- if (crypto->compress_in_ctx &&
- (deflateEnd(crypto->compress_in_ctx) != 0)) {
+ if (crypto->compress_in_ctx) {
inflateEnd(crypto->compress_in_ctx);
}
SAFE_FREE(crypto->compress_in_ctx);
--
2.46.0

View File

@ -0,0 +1,47 @@
From 7b89ff760a2c7119916eaa8fd6a62afbd15fc3ad Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 9 Aug 2024 11:30:15 +0200
Subject: [PATCH] test: Workaround the new OpenSSH failure rate limiting
The new OpenSSH rate limits the failed authentication attempts per source
address and drops connection when the amount is reached, which is happening
in our testsuite.
By whitelisting the IP address of the client on the socket wrapper,
this allows the tests to pass.
https://man.openbsd.org/sshd_config.5#PerSourcePenaltyExemptList
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
tests/torture.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tests/torture.c b/tests/torture.c
index c832dfa6..ad0a7836 100644
--- a/tests/torture.c
+++ b/tests/torture.c
@@ -755,6 +755,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
"HostKeyAlgorithms " OPENSSH_KEYS "\n"
#if OPENSSH_VERSION_MAJOR == 8 && OPENSSH_VERSION_MINOR >= 2
"CASignatureAlgorithms " OPENSSH_KEYS "\n"
+#endif
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
+ "PerSourcePenaltyExemptList 127.0.0.21\n"
#endif
"Ciphers " OPENSSH_CIPHERS "\n"
"KexAlgorithms " OPENSSH_KEX "\n"
@@ -786,6 +789,9 @@ static void torture_setup_create_sshd_config(void **state, bool pam)
"%s\n" /* Here comes UsePam */
"%s" /* The space for test-specific options */
"\n"
+#if (OPENSSH_VERSION_MAJOR == 9 && OPENSSH_VERSION_MINOR >= 8) || OPENSSH_VERSION_MAJOR > 9
+ "PerSourcePenaltyExemptList 127.0.0.21\n"
+#endif
"Ciphers "
"aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,"
"aes128-gcm@openssh.com,aes128-ctr,aes128-cbc"
--
2.46.0

View File

@ -27,6 +27,11 @@ Patch2: libssh-0.10.6-ipv6-hostname.patch
# 2c918aad6763754bdffb84796b410e21f24bb7ec tests: Use /tmp for tmpdirs that contain sockets # 2c918aad6763754bdffb84796b410e21f24bb7ec tests: Use /tmp for tmpdirs that contain sockets
Patch3: libssh-0.10.6-pkcs11-provider.patch Patch3: libssh-0.10.6-pkcs11-provider.patch
Patch4: libssh-0.10.6-no-engine.patch Patch4: libssh-0.10.6-no-engine.patch
# 7b89ff760a2c7119916eaa8fd6a62afbd15fc3ad
Patch5: libssh-0.10.6-rate-limit.patch
# c9cfeb9b838b801c3e2bb070c3db914e81ca4e68
Patch6: libssh-0.10.6-compress.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -131,11 +136,7 @@ popd
%check %check
# Tests are randomly failing when run in parallel # Tests are randomly failing when run in parallel
%global _smp_build_ncpus 1 %global _smp_build_ncpus 1
%ifarch i686 %ctest
# The test torture_packet fails now on i686 arch on rawhide
%global libssh_ctest_args -E torture_packet
%endif
%ctest %{?libssh_ctest_args}
%files %files
%doc AUTHORS BSD CHANGELOG README %doc AUTHORS BSD CHANGELOG README