pcr: update guile-ssh

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

1 files changed, 97 insertions, 0 deletions

diff --git a/pcr/guile-ssh/guile-ssh-0.11.3-libssh-0.9-ecdsa.patch b/pcr/guile-ssh/guile-ssh-0.11.3-libssh-0.9-ecdsa.patch
new file mode 100644
index 000000000..1817c8b7f
--- /dev/null
+++ b/pcr/guile-ssh/guile-ssh-0.11.3-libssh-0.9-ecdsa.patch
@@ -0,0 +1,97 @@
+From 104d797096e966e91f777959d7cc5d8831c1a942 Mon Sep 17 00:00:00 2001
+From: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
+Date: Sun, 15 Sep 2019 21:03:07 +0300
+Subject: [PATCH] key-type.c: Add new ECDSA key types from libssh 0.9
+
+The Guile-SSH key procedures would fail when libssh 0.9 + openssl is used on
+ECDSA keys because it was missing support of new ECDSA key subtypes. This
+change fixes the library and the tests.
+
+* libguile-ssh/key-type.c: Add new ECDSA key types from libssh 0.9
+* tests/key.scm: Update tests.
+* configure.ac: Check for libssh 0.9
+---
+ configure.ac            |  8 ++++++--
+ libguile-ssh/key-type.c | 12 +++++++++++-
+ tests/key.scm           | 13 +++++++++----
+ 3 files changed, 26 insertions(+), 7 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 74271f7..99d35af 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -69,7 +69,11 @@ PKG_CHECK_MODULES([LIBSSH_0_8], [libssh >= 0.8.0],
+                                 [AC_DEFINE(HAVE_LIBSSH_0_8, 1, [Use libssh 0.8])],
+                                 [AC_DEFINE(HAVE_LIBSSH_0_8, 0, [Use libssh < 0.8])])
+ 
+-AM_CONDITIONAL(HAVE_LIBSSH_0_8, $HAVE_LIBSSH_0_8)
++PKG_CHECK_MODULES([LIBSSH_0_9], [libssh >= 0.9.0],
++                                [AC_DEFINE(HAVE_LIBSSH_0_9, 1, [Use libssh 0.9])],
++                                [AC_DEFINE(HAVE_LIBSSH_0_9, 0, [Use libssh < 0.9])])
++
++AM_CONDITIONAL(HAVE_LIBSSH_0_8, $HAVE_LIBSSH_0_8)
+ 
+ # -------------------------------------------------------------------------------
+ 
+diff --git a/libguile-ssh/key-type.c b/libguile-ssh/key-type.c
+index ab67ecd..12617ce 100644
+--- a/libguile-ssh/key-type.c
++++ b/libguile-ssh/key-type.c
+@@ -42,7 +42,17 @@ static const struct symbol_mapping key_types[] = {
+   { "dss",     SSH_KEYTYPE_DSS     },
+   { "rsa",     SSH_KEYTYPE_RSA     },
+   { "rsa1",    SSH_KEYTYPE_RSA1    },
+-  { "ecdsa",   SSH_KEYTYPE_ECDSA   },
++  { "ecdsa",   SSH_KEYTYPE_ECDSA   }, /* Deprecated in libssh 0.9 */
++
++#ifdef HAVE_LIBSSH_0_9
++  { "ecdsa-p256",        SSH_KEYTYPE_ECDSA_P256        },
++  { "ecdsa-p384",        SSH_KEYTYPE_ECDSA_P384        },
++  { "ecdsa-p521",        SSH_KEYTYPE_ECDSA_P521        },
++  { "ecdsa-p256-cert01", SSH_KEYTYPE_ECDSA_P256_CERT01 },
++  { "ecdsa-p384-cert01", SSH_KEYTYPE_ECDSA_P384_CERT01 },
++  { "ecdsa-p521-cert01", SSH_KEYTYPE_ECDSA_P521_CERT01 },
++#endif
++
+   { "ed25519", SSH_KEYTYPE_ED25519 },
+   { "unknown", SSH_KEYTYPE_UNKNOWN },
+   { NULL,      -1                  }
+diff --git a/tests/key.scm b/tests/key.scm
+index c4394b1..be31378 100644
+--- a/tests/key.scm
++++ b/tests/key.scm
+@@ -89,9 +89,11 @@
+ 
+ (test-assert-with-log "get-key-type"
+   (and (eq? 'rsa   (get-key-type *rsa-key*))
+-       (eq? 'dss   (get-key-type *dsa-key*))
++       (eq? 'dss   (get-key-type *dsa-key*)) ;))
+        (when-openssl
+-        (eq? 'ecdsa (get-key-type *ecdsa-key*)))))
++        (or (eq? 'ecdsa-p256 (get-key-type *ecdsa-key*))
++            ;; For libssh versions prior to 0.9
++            (eq? 'ecdsa (get-key-type *ecdsa-key*))))))
+ 
+ 
+ (test-assert-with-log "private-key-to-file"
+@@ -138,7 +140,9 @@
+ 
+ (when-openssl
+  (test-equal "string->public-key, ECDSA"
+-   (public-key->string (string->public-key %ecdsakey-pub-string 'ecdsa))
++   (if (string=? (cadr (string-split (get-libssh-version) #\.)) "9")
++       (public-key->string (string->public-key %ecdsakey-pub-string 'ecdsa-p256))
++       (public-key->string (string->public-key %ecdsakey-pub-string 'ecdsa)))
+    %ecdsakey-pub-string))
+ 
+ (test-assert-with-log "string->public-key, RSA, gc test"
+@@ -162,7 +166,8 @@
+        (when-openssl
+         (let ((key (make-keypair 'ecdsa 256)))
+           (and (key? key)
+-               (eq? (get-key-type key) 'ecdsa))))))
++               (or (eq? (get-key-type key) 'ecdsa) ; libssh < 0.9
++                   (eq? (get-key-type key) 'ecdsa-p256)))))))
+ 
+ ;;;
+