diff --git a/0006-curl-7.43.0-effa575f.patch b/0006-curl-7.43.0-effa575f.patch new file mode 100644 index 0000000..d6c141b --- /dev/null +++ b/0006-curl-7.43.0-effa575f.patch @@ -0,0 +1,73 @@ +From d4211b7d47747af9d36796517167cce14ad5e47b Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 23 Feb 2016 10:31:52 +0100 +Subject: [PATCH] tests/sshserver.pl: use RSA instead of DSA for host auth + +DSA is no longer supported by OpenSSH 7.0, which causes all SCP/SFTP +test cases to be skipped. Using RSA for host authentication works with +both old and new versions of OpenSSH. + +Reported-by: Karlson2k + +Closes #676 + +Upstream-commit: effa575fc7f028ee71fda16209d3d81af336b730 +Signed-off-by: Kamil Dudka +--- + tests/sshhelp.pm | 4 ++-- + tests/sshserver.pl | 12 ++++++------ + 2 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/tests/sshhelp.pm b/tests/sshhelp.pm +index 914879b..6719f9f 100644 +--- a/tests/sshhelp.pm ++++ b/tests/sshhelp.pm +@@ -120,8 +120,8 @@ $sshlog = undef; # ssh client log file + $sftplog = undef; # sftp client log file + $sftpcmds = 'curl_sftp_cmds'; # sftp client commands batch file + $knownhosts = 'curl_client_knownhosts'; # ssh knownhosts file +-$hstprvkeyf = 'curl_host_dsa_key'; # host private key file +-$hstpubkeyf = 'curl_host_dsa_key.pub'; # host public key file ++$hstprvkeyf = 'curl_host_rsa_key'; # host private key file ++$hstpubkeyf = 'curl_host_rsa_key.pub'; # host public key file + $cliprvkeyf = 'curl_client_key'; # client private key file + $clipubkeyf = 'curl_client_key.pub'; # client public key file + +diff --git a/tests/sshserver.pl b/tests/sshserver.pl +index d8c2d6f..a99731a 100755 +--- a/tests/sshserver.pl ++++ b/tests/sshserver.pl +@@ -371,12 +371,12 @@ if((! -e $hstprvkeyf) || (! -s $hstprvkeyf) || + # Make sure all files are gone so ssh-keygen doesn't complain + unlink($hstprvkeyf, $hstpubkeyf, $cliprvkeyf, $clipubkeyf); + logmsg 'generating host keys...' if($verbose); +- if(system "\"$sshkeygen\" -q -t dsa -f $hstprvkeyf -C 'curl test server' -N ''") { ++ if(system "\"$sshkeygen\" -q -t rsa -f $hstprvkeyf -C 'curl test server' -N ''") { + logmsg 'Could not generate host key'; + exit 1; + } + logmsg 'generating client keys...' if($verbose); +- if(system "\"$sshkeygen\" -q -t dsa -f $cliprvkeyf -C 'curl test client' -N ''") { ++ if(system "\"$sshkeygen\" -q -t rsa -f $cliprvkeyf -C 'curl test client' -N ''") { + logmsg 'Could not generate client key'; + exit 1; + } +@@ -729,11 +729,11 @@ if(system "\"$sshd\" -t -f $sshdconfig > $sshdlog 2>&1") { + if((! -e $knownhosts) || (! -s $knownhosts)) { + logmsg 'generating ssh client known hosts file...' if($verbose); + unlink($knownhosts); +- if(open(DSAKEYFILE, "<$hstpubkeyf")) { +- my @dsahostkey = do { local $/ = ' '; }; +- if(close(DSAKEYFILE)) { ++ if(open(RSAKEYFILE, "<$hstpubkeyf")) { ++ my @rsahostkey = do { local $/ = ' '; }; ++ if(close(RSAKEYFILE)) { + if(open(KNOWNHOSTS, ">$knownhosts")) { +- print KNOWNHOSTS "$listenaddr ssh-dss $dsahostkey[1]\n"; ++ print KNOWNHOSTS "$listenaddr ssh-rsa $rsahostkey[1]\n"; + if(!close(KNOWNHOSTS)) { + $error = "Error: cannot close file $knownhosts"; + } +-- +2.5.0 + diff --git a/curl.spec b/curl.spec index 962f8bf..288ae76 100644 --- a/curl.spec +++ b/curl.spec @@ -22,6 +22,9 @@ Patch4: 0004-curl-7.43.0-CVE-2016-0755.patch # cookie: fix bug in export if any-domain cookie is present (#1311907) Patch5: 0005-curl-7.43.0-ef0fdb83.patch +# tests/sshserver.pl: use RSA instead of DSA for host auth +Patch6: 0006-curl-7.43.0-effa575f.patch + # patch making libcurl multilib ready Patch101: 0101-curl-7.32.0-multilib.patch @@ -137,6 +140,7 @@ documentation of the library, too. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # Fedora patches %patch101 -p1