From 703d25e7357e3e715eda7380688e34b0343b9e58 Mon Sep 17 00:00:00 2001 From: renmingshuai Date: Mon, 28 Nov 2022 14:40:18 +0800 Subject: [PATCH] add better debugging Signed-off-by: renmingshuai --- ...rt-upstream-a-little-extra-debugging.patch | 34 ++++++++++ ...am-better-debugging-for-connect_next.patch | 66 +++++++++++++++++++ openssh.spec | 16 ++++- 3 files changed, 113 insertions(+), 3 deletions(-) create mode 100644 backport-upstream-a-little-extra-debugging.patch create mode 100644 backport-upstream-better-debugging-for-connect_next.patch diff --git a/backport-upstream-a-little-extra-debugging.patch b/backport-upstream-a-little-extra-debugging.patch new file mode 100644 index 0000000..32701d4 --- /dev/null +++ b/backport-upstream-a-little-extra-debugging.patch @@ -0,0 +1,34 @@ +From 940dc10729cb5a95b7ee82c10184e2b9621c8a1d Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 14 Sep 2022 00:13:13 +0000 +Subject: [PATCH] upstream: a little extra debugging + +OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a + +Reference:https://github.com/openssh/openssh-portable/commit/940dc10729cb5a95b7ee82c10184e2b9621c8a1d +Conflict:NA +--- + ssh-agent.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ssh-agent.c b/ssh-agent.c +index ddda4d77..0aef07eb 100644 +--- a/ssh-agent.c ++++ b/ssh-agent.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: ssh-agent.c,v 1.278 2021/04/03 06:18:41 djm Exp $ */ ++/* $OpenBSD: ssh-agent.c,v 1.291 2022/09/14 00:13:13 djm Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -845,6 +845,7 @@ process_sign_request2(SocketEntry *e) + /* Success */ + ok = 0; + send: ++ debug_f("good signature"); + notify_complete(notifier, "User presence confirmed"); + + if (ok == 0) { +-- +2.23.0 + diff --git a/backport-upstream-better-debugging-for-connect_next.patch b/backport-upstream-better-debugging-for-connect_next.patch new file mode 100644 index 0000000..7d4509b --- /dev/null +++ b/backport-upstream-better-debugging-for-connect_next.patch @@ -0,0 +1,66 @@ +From 231a346c0c67cc7ca098360f9a554fa7d4f1eddb Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Mon, 19 Sep 2022 08:49:50 +0000 +Subject: [PATCH] upstream: better debugging for connect_next() + +OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640 + +Reference:https://github.com/openssh/openssh-portable/commit/231a346c0c67cc7ca098360f9a554fa7d4f1eddb +Conflict:NA +--- + channels.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/channels.c b/channels.c +index 3ac51bac..6a78de9d 100644 +--- a/channels.c ++++ b/channels.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: channels.c,v 1.408 2021/09/14 11:04:21 mbuhl Exp $ */ ++/* $OpenBSD: channels.c,v 1.420 2022/09/19 08:49:50 djm Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -4403,13 +4403,15 @@ connect_next(struct channel_connect *cctx) + if (getnameinfo(cctx->ai->ai_addr, cctx->ai->ai_addrlen, + ntop, sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV) != 0) { +- error("connect_next: getnameinfo failed"); ++ error_f("getnameinfo failed"); + continue; + } + break; + default: + continue; + } ++ debug_f("start for host %.100s ([%.100s]:%s)", ++ cctx->host, ntop, strport); + if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype, + cctx->ai->ai_protocol)) == -1) { + if (cctx->ai->ai_next == NULL) +@@ -4422,9 +4424,8 @@ connect_next(struct channel_connect *cctx) + fatal_f("set_nonblock(%d)", sock); + if (connect(sock, cctx->ai->ai_addr, + cctx->ai->ai_addrlen) == -1 && errno != EINPROGRESS) { +- debug("connect_next: host %.100s ([%.100s]:%s): " +- "%.100s", cctx->host, ntop, strport, +- strerror(errno)); ++ debug_f("host %.100s ([%.100s]:%s): %.100s", ++ cctx->host, ntop, strport, strerror(errno)); + saved_errno = errno; + close(sock); + errno = saved_errno; +@@ -4432,8 +4433,8 @@ connect_next(struct channel_connect *cctx) + } + if (cctx->ai->ai_family != AF_UNIX) + set_nodelay(sock); +- debug("connect_next: host %.100s ([%.100s]:%s) " +- "in progress, fd=%d", cctx->host, ntop, strport, sock); ++ debug_f("connect host %.100s ([%.100s]:%s) in progress, fd=%d", ++ cctx->host, ntop, strport, sock); + cctx->ai = cctx->ai->ai_next; + return sock; + } +-- +2.23.0 + diff --git a/openssh.spec b/openssh.spec index cf4cd49..a774314 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 10 +%global openssh_release 11 Name: openssh Version: 8.8p1 @@ -90,8 +90,8 @@ Patch58: bugfix-openssh-fix-sftpserver.patch Patch59: set-sshd-config.patch Patch6001: backport-fix-possible-NULL-deref-when-built-without-FIDO.patch -Patch61: add-strict-scp-check-for-CVE-2020-15778.patch -Patch62: feature-add-SMx-support.patch +Patch61: add-strict-scp-check-for-CVE-2020-15778.patch +Patch62: feature-add-SMx-support.patch Patch63: backport-upstream-if-sshpkt-functions-fail-then-password-is-n.patch Patch64: backport-upstream-Make-sure-not-to-fclose-the-same-fd-twice-i.patch Patch65: backport-upstream-Donot-attempt-to-fprintf-a-null-identity-co.patch @@ -101,6 +101,8 @@ Patch68: backport-Don-t-leak-the-strings-allocated-by-order_h.patch Patch69: backport-Return-ERANGE-from-getcwd-if-buffer-size-is-1.patch Patch70: backport-upstream-double-free-in-error-path-from-Eusgor-via-G.patch Patch71: openssh-Add-sw64-architecture.patch +Patch72: backport-upstream-a-little-extra-debugging.patch +Patch73: backport-upstream-better-debugging-for-connect_next.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -250,6 +252,8 @@ popd %patch69 -p1 %patch70 -p1 %patch71 -p1 +%patch72 -p1 +%patch73 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 @@ -451,6 +455,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Mon Nov 28 2022 renmingshuai - 8.8p1-11 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:add better debugging + * Mon Nov 14 2022 wuzx - 8.8p1-10 - Type:feature - CVE:NA -- Gitee