[OE-core] [zeus][PATCH] openssh: backport patch to fix "cert not yet valid" test

Mingde (Matthew) Zeng matthew.zeng at windriver.com
Fri Feb 21 16:54:42 UTC 2020 

>> Fixes [YOCTO #13796]
> Could you please take ownership of the bug. Its weird we both worked on
> the same issue and had a fix done about the same time.

What's weirder is that we three worked on this same issue, and it was merged to master last month.

https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/openssh?id=f0a949fe33da47fd0a587abb942ff60f0a56ed0d

>
> Ill replace my version in stable/zeus-nut with this patch.
>
> - Armin

I think it's reasonable to simply port this commit from master into zeus.

Regards,
Matthew

>>
>> Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
>> ---
>>  ...at-bozo-decided-to-use-2020-as-a-future-d.patch | 46 ++++++++++++++++++++++
>>  meta/recipes-connectivity/openssh/openssh_8.0p1.bb |  1 +
>>  2 files changed, 47 insertions(+)
>>  create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
>>
>> diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
>> new file mode 100644
>> index 0000000..e2930c3
>> --- /dev/null
>> +++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
>> @@ -0,0 +1,46 @@
>> +From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001
>> +From: "djm at openbsd.org" <djm at openbsd.org>
>> +Date: Fri, 3 Jan 2020 03:02:26 +0000
>> +Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a
>> + regress
>> +
>> +test?
>> +
>> +OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
>> +
>> +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381]
>> +
>> +[Dropped the script version and copyright year change at the top]
>> +
>> +Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
>> +---
>> + regress/cert-hostkey.sh | 2 +-
>> + regress/cert-userkey.sh | 2 +-
>> + 2 files changed, 2 insertions(+), 2 deletions(-)
>> +
>> +diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
>> +index 3ce7779..74d5a53 100644
>> +--- a/regress/cert-hostkey.sh
>> ++++ b/regress/cert-hostkey.sh
>> +@@ -248,7 +248,7 @@ test_one() {
>> + test_one "user-certificate"	failure "-n $HOSTS"
>> + test_one "empty principals"	success "-h"
>> + test_one "wrong principals"	failure "-h -n foo"
>> +-test_one "cert not yet valid"	failure "-h -V20200101:20300101"
>> ++test_one "cert not yet valid"	failure "-h -V20300101:20320101"
>> + test_one "cert expired"		failure "-h -V19800101:19900101"
>> + test_one "cert valid interval"	success "-h -V-1w:+2w"
>> + test_one "cert has constraints"	failure "-h -Oforce-command=false"
>> +diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
>> +index 6849e99..de455b8 100644
>> +--- a/regress/cert-userkey.sh
>> ++++ b/regress/cert-userkey.sh
>> +@@ -327,7 +327,7 @@ test_one() {
>> + test_one "correct principal"	success "-n ${USER}"
>> + test_one "host-certificate"	failure "-n ${USER} -h"
>> + test_one "wrong principals"	failure "-n foo"
>> +-test_one "cert not yet valid"	failure "-n ${USER} -V20200101:20300101"
>> ++test_one "cert not yet valid"	failure "-n ${USER} -V20300101:20320101"
>> + test_one "cert expired"		failure "-n ${USER} -V19800101:19900101"
>> + test_one "cert valid interval"	success "-n ${USER} -V-1w:+2w"
>> + test_one "wrong source-address"	failure "-n ${USER} -Osource-address=10.0.0.0/8"
>> diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
>> index 2ffbc9a..3d16f9d 100644
>> --- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
>> +++ b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
>> @@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
>>             file://sshd_check_keys \
>>             file://add-test-support-for-busybox.patch \
>>             file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \
>> +           file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \
>>             "
>>  SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d"
>>  SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68"


--
Mingde (Matthew) Zeng

More information about the Openembedded-core mailing list