Re: [PR PATCH] [Updated] dropbear: update to 2022.82.

[mtboehlke <mtboehlke@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 1247 bytes --]

There is an updated pull request by mtboehlke against master on the void-packages repository

https://github.com/mtboehlke/void-packages dropbear
https://github.com/void-linux/void-packages/pull/36692

dropbear: update to 2022.82.
<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **briefly**

<!--
#### New package
- This new package conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!-- 
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->

A patch file from https://github.com/void-linux/void-packages/pull/36692.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-dropbear-36692.patch --]
[-- Type: text/x-diff, Size: 8795 bytes --]

From b04e9326c2087a7821ae0b90e2a9a6888b9dcdd6 Mon Sep 17 00:00:00 2001
From: Mat Boehlke <mtboehlke@gmail.com>
Date: Thu, 14 Apr 2022 10:44:44 -0500
Subject: [PATCH] dropbear: update to 2022.82.

---
 .../dropbear/patches/skip-some-tests.patch    | 187 ++++++++++++++++++
 .../dropbear/patches/test-without-pip.patch   |  15 ++
 srcpkgs/dropbear/template                     |   5 +-
 3 files changed, 205 insertions(+), 2 deletions(-)
 create mode 100644 srcpkgs/dropbear/patches/skip-some-tests.patch
 create mode 100644 srcpkgs/dropbear/patches/test-without-pip.patch

diff --git a/srcpkgs/dropbear/patches/skip-some-tests.patch b/srcpkgs/dropbear/patches/skip-some-tests.patch
new file mode 100644
index 000000000000..fb1764d9f8f5
--- /dev/null
+++ b/srcpkgs/dropbear/patches/skip-some-tests.patch
@@ -0,0 +1,187 @@
+The tests in test_aslr.py and test_channels.py don't
+work from within xbps-src and are probably should not
+be run there.
+
+diff --git a/test/test_aslr.py b/test/test_aslr.py
+deleted file mode 100644
+index ec38844..0000000
+--- a/test/test_aslr.py
++++ /dev/null
+@@ -1,37 +0,0 @@
+-from pathlib import Path
+-import sys
+-
+-from test_dropbear import *
+-
+-def test_reexec(request, dropbear):
+-	"""
+-	Tests that two consecutive connections have different address layouts.
+-	This indicates that re-exec makes ASLR work
+-	"""
+-	map_script = (Path(request.node.fspath).parent / "parent_dropbear_map.py").resolve()
+-	# run within the same venv, for python deps
+-	activate = own_venv_command()
+-	cmd = f"{activate}; {map_script}"
+-	print(cmd)
+-	r = dbclient(request, cmd, capture_output=True, text=True)
+-	map1 = r.stdout.rstrip()
+-	print(r.stderr, file=sys.stderr)
+-	r.check_returncode()
+-
+-	r = dbclient(request, cmd, capture_output=True, text=True)
+-	map2 = r.stdout.rstrip()
+-	print(r.stderr, file=sys.stderr)
+-	r.check_returncode()
+-
+-	print(map1)
+-	print(map2)
+-	# expect something like
+-	# "563174d59000-563174d5d000 r--p 00000000 00:29 4242372                    /home/matt/src/dropbear/build/dropbear"
+-	assert map1.endswith('/dropbear') or map1.endswith('/dropbearmulti')
+-	a1 = map1.split()[0]
+-	a2 = map2.split()[0]
+-	print(a1)
+-	print(a2)
+-	# relocation addresses should differ
+-	assert a1 != a2
+-
+diff --git a/test/test_channels.py b/test/test_channels.py
+deleted file mode 100644
+index 9c493ad..0000000
+--- a/test/test_channels.py
++++ /dev/null
+@@ -1,134 +0,0 @@
+-from test_dropbear import *
+-import signal
+-import queue
+-import socket
+-
+-# Tests for various edge cases of SSH channels and connection service
+-
+-def test_exitcode(request, dropbear):
+-	r = dbclient(request, "exit 44")
+-	assert r.returncode == 44
+-
+-@pytest.mark.xfail(reason="Not yet implemented", strict=True)
+-def test_signal(request, dropbear):
+-	r = dbclient(request, "kill -FPE $$")
+-	assert r.returncode == -signal.SIGFPE
+-
+-@pytest.mark.parametrize("size", [0, 1, 2, 100, 5000, 200_000])
+-def test_roundtrip(request, dropbear, size):
+-	dat = os.urandom(size)
+-	r = dbclient(request, "cat", input=dat, capture_output=True)
+-	r.check_returncode()
+-	assert r.stdout == dat
+-
+-@pytest.mark.parametrize("size", [0, 1, 2, 100, 20001, 41234])
+-def test_read_pty(request, dropbear, size):
+-	# testcase for
+-	# https://bugs.openwrt.org/index.php?do=details&task_id=1814
+-	# https://github.com/mkj/dropbear/pull/85
+-	# From Yousong Zhou
+-	# Fixed Oct 2021
+-	#
+-	#$ ssh -t my.router cat /tmp/bigfile | wc
+-	#Connection to my.router closed.
+-	#  0       1   14335 <- should be 20001
+-
+-	# Write the file. No newlines etc which could confuse ptys
+-	dat = random_alnum(size)
+-	r = dbclient(request, "tmpf=`mktemp`; echo $tmpf; cat > $tmpf", input=dat, capture_output=True, text=True)
+-	tmpf = r.stdout.rstrip()
+-	r.check_returncode()
+-	# Read with a pty, this is what is being tested.
+-	# Timing/buffering is subtle, we seem to need to cat a file from disk to hit it.
+-	m, s = pty.openpty()
+-	r = dbclient(request, "-t", f"cat {tmpf}; rm {tmpf}", stdin=s, capture_output=True)
+-	r.check_returncode()
+-	assert r.stdout.decode() == dat
+-
+-@pytest.mark.parametrize("fd", [1, 2])
+-def test_bg_sleep(request, fd, dropbear):
+-	# https://lists.ucc.asn.au/pipermail/dropbear/2006q1/000362.html
+-	# Rob Landley "Is this a bug?" 24 Mar 2006
+-	# dbclient user@system "sleep 10& echo hello"
+-	#
+-	# It should return right after printing hello, but it doesn't.  It waits until
+-	# the child process exits.
+-
+-	# failure is TimeoutExpired
+-	redir = "" if fd == 1 else " >&2 "
+-	r = dbclient(request, f"sleep 10& echo hello {redir}",
+-		capture_output=True, timeout=2, text=True)
+-	r.check_returncode()
+-	st = r.stdout if fd == 1 else r.stderr
+-
+-	if fd == 2 and 'accepted unconditionally' in st:
+-		# ignore hostkey warning, a bit of a hack
+-		assert st.endswith("\n\nhello\n")
+-	else:
+-		assert st.rstrip() == "hello"
+-
+-
+-def test_idle(request, dropbear):
+-	# Idle test, -I 1 should make it return before the 2 second timeout
+-	r = dbclient(request, "-I", "1", "echo zong; sleep 10",
+-		capture_output=True, timeout=2, text=True)
+-	r.check_returncode()
+-	assert r.stdout.rstrip() == "zong"
+-
+-@pytest.mark.parametrize("size", [1, 4000, 40000])
+-def test_netcat(request, dropbear, size):
+-	opt = request.config.option
+-	if opt.remote:
+-		pytest.xfail("don't know netcat address for remote")
+-
+-	dat1 = os.urandom(size)
+-	dat2 = os.urandom(size)
+-	with HandleTcp(3344, 1, dat2) as tcp:
+-		r = dbclient(request, "-B", "localhost:3344", input=dat1, capture_output=True)
+-		r.check_returncode()
+-		assert r.stdout == dat2
+-		assert tcp.inbound() == dat1
+-
+-@pytest.mark.parametrize("size", [1, 4000, 40000])
+-@pytest.mark.parametrize("fwd_flag", "LR")
+-def test_tcpflushout(request, dropbear, size, fwd_flag):
+-	""" Tests that an opened TCP connection prevent a SSH session from being closed
+-	until that TCP connection has finished transferring
+-	"""
+-	opt = request.config.option
+-	if opt.remote:
+-		pytest.xfail("don't know address for remote")
+-
+-	dat1 = os.urandom(size)
+-	dat2 = os.urandom(size)
+-	q = queue.Queue()
+-	with HandleTcp(3344, timeout=1, response=q) as tcp:
+-
+-		r = dbclient(request, f"-{fwd_flag}", "7788:localhost:3344", "sleep 0.1; echo -n done",
+-			text=True, background=True, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL)
+-		# time to let the listener start
+-		time.sleep(0.1)
+-		# open a tcp connection
+-		c = socket.create_connection(("localhost", 7788))
+-
+-		# wait for the shell to finish. sleep a bit longer in case it exits.
+-		assert r.stdout.read(4) == "done"
+-		time.sleep(0.1)
+-
+-		# now the shell has finished, we can write on the tcp socket
+-		c.sendall(dat2)
+-		c.shutdown(socket.SHUT_WR)
+-		q.put(dat1)
+-
+-		# return a tcp response
+-		q.put(None)
+-		# check hasn't exited
+-		assert r.poll() == None
+-
+-		# read the response
+-		assert readall_socket(c) == dat1
+-		c.close()
+-		assert tcp.inbound() == dat2
+-		# check has exited, allow time for dbclient to exit
+-		time.sleep(0.1)
+-		assert r.poll() == 0
diff --git a/srcpkgs/dropbear/patches/test-without-pip.patch b/srcpkgs/dropbear/patches/test-without-pip.patch
new file mode 100644
index 000000000000..f726be40a34e
--- /dev/null
+++ b/srcpkgs/dropbear/patches/test-without-pip.patch
@@ -0,0 +1,15 @@
+diff --git a/test/Makefile.in b/test/Makefile.in
+index b2c8d43..5747310 100644
+--- a/test/Makefile.in
++++ b/test/Makefile.in
+@@ -13,9 +13,7 @@ one: venv/bin/pytest fakekey
+ fakekey:
+ 	../dropbearkey -t ecdsa -f $@
+ 
+-venv/bin/pytest: $(srcdir)/requirements.txt
++venv/bin/pytest:
+ 	python3 -m venv init venv
+-	./venv/bin/pip install --upgrade pip
+-	./venv/bin/pip install -r $(srcdir)/requirements.txt
+ 
+ .PHONY: test
diff --git a/srcpkgs/dropbear/template b/srcpkgs/dropbear/template
index 69981dcfe9e5..4fbc3c91847e 100644
--- a/srcpkgs/dropbear/template
+++ b/srcpkgs/dropbear/template
@@ -1,17 +1,18 @@
 # Template file for 'dropbear'
 pkgname=dropbear
-version=2020.81
+version=2022.82
 revision=1
 build_style=gnu-configure
 configure_args="--enable-zlib --disable-bundled-libtom"
 makedepends="zlib-devel libtommath-devel libtomcrypt-devel"
+checkdepends="python3-pytest python3-parsing python3-psutil openssh"
 short_desc="Small SSH server and client"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="MIT"
 homepage="https://matt.ucc.asn.au/dropbear/dropbear.html"
 changelog="https://matt.ucc.asn.au/dropbear/CHANGES"
 distfiles="https://matt.ucc.asn.au/${pkgname}/releases/${pkgname}-${version}.tar.bz2"
-checksum=48235d10b37775dbda59341ac0c4b239b82ad6318c31568b985730c788aac53b
+checksum=3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1
 make_dirs="/etc/dropbear 0755 root root"
 
 post_install() {