From 83f98f4a17d06aed47f835d31011a07a3fba53ab Mon Sep 17 00:00:00 2001 From: shen-chenbang <1944340417@qq.com> Date: Fri, 27 Sep 2024 23:50:00 +0800 Subject: [PATCH 1/2] support clang --- openssh-9.3p1-merged-openssl-evp.patch | 4 ++-- openssh.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/openssh-9.3p1-merged-openssl-evp.patch b/openssh-9.3p1-merged-openssl-evp.patch index d8c2ca3..abb6024 100644 --- a/openssh-9.3p1-merged-openssl-evp.patch +++ b/openssh-9.3p1-merged-openssl-evp.patch @@ -317,7 +317,7 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x - digest, sizeof(digest))) != 0) + +#ifdef ENABLE_PKCS11 -+ if (is_ecdsa_pkcs11(key->ecdsa)) { ++ int is_ecdsa_pkcs11(EC_KEY *k); if (key->ecdsa != NULL && is_ecdsa_pkcs11(key->ecdsa)) { + if ((pkey = EVP_PKEY_new()) == NULL || + EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa) != 1) + return SSH_ERR_ALLOC_FAIL; @@ -923,7 +923,7 @@ diff --color -ru -x regress -x autom4te.cache -x '*.o' -x '*.lo' -x Makefile -x - ret = SSH_ERR_ALLOC_FAIL; - goto out; +#ifdef ENABLE_PKCS11 -+ if (is_rsa_pkcs11(key->rsa)) { ++ int is_rsa_pkcs11(EC_KEY *k); if (key->rsa != NULL && is_rsa_pkcs11(key->rsa)) { + if ((pkey = EVP_PKEY_new()) == NULL || + EVP_PKEY_set1_RSA(pkey, key->rsa) != 1) + return SSH_ERR_ALLOC_FAIL; diff --git a/openssh.spec b/openssh.spec index 50b2c37..70f42c3 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 5 +%global openssh_release 6 Name: openssh Version: 9.3p2 @@ -467,6 +467,9 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Tue Aug 27 2024 shenchenbang <1944340417@qq.com> - 9.3p2-6 +- Fix Supplement function definition + * Fri Jul 12 2024 renmingshuai - 9.3p2-5 - Type:CVE - CVE:CVE-2023-51384 -- Gitee From f6755851c1fb4db9cc7f109269d84e46909aeaad Mon Sep 17 00:00:00 2001 From: shen-chenbang <1944340417@qq.com> Date: Sat, 28 Sep 2024 00:04:40 +0800 Subject: [PATCH 2/2] support clang --- openssh.spec | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/openssh.spec b/openssh.spec index 70f42c3..9906406 100644 --- a/openssh.spec +++ b/openssh.spec @@ -323,15 +323,25 @@ popd %check if [ -e /sys/fs/selinux/enforce ]; then - # Store the SElinux state - cat /sys/fs/selinux/enforce > selinux.tmp - setenforce 0 + # Store the SElinux state only if the file exists + if [ -w /sys/fs/selinux/enforce ] && [ -w. ]; then + cat /sys/fs/selinux/enforce > selinux.tmp + setenforce 0 + else + echo "Insufficient permissions to handle SELinux state. Skipping modification." + fi +else + echo "SELinux is not enabled or enforce file not found. Skipping modification." fi make tests if [ -e /sys/fs/selinux/enforce ]; then - # Restore the SElinux state - cat selinux.tmp > /sys/fs/selinux/enforce - rm -rf selinux.tmp + # Restore the SElinux state only if the file exists + if [ -w /sys/fs/selinux/enforce ] && [ -f selinux.tmp ]; then + cat selinux.tmp > /sys/fs/selinux/enforce + rm -rf selinux.tmp + else + echo "Insufficient permissions or temp file not found. Skipping restoration of SELinux state." + fi fi %install -- Gitee