From cf03bd009a033f457e64537c21493e1e99a64bec Mon Sep 17 00:00:00 2001 From: bitianyuan Date: Thu, 5 Dec 2024 06:13:31 +0000 Subject: [PATCH] Set OPENSSL_BIN from OpenSSL directory Signed-off-by: bitianyuan@huawei.com (cherry picked from commit a32b5c56ce2847e49d9a8a24469ca97ce74994d7) --- ...t-OPENSSL_BIN-from-OpenSSL-directory.patch | 78 +++++++++++++++++++ openssh.spec | 10 ++- 2 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory.patch diff --git a/backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory.patch b/backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory.patch new file mode 100644 index 0000000..d6c9e33 --- /dev/null +++ b/backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory.patch @@ -0,0 +1,78 @@ +From 3c80942727444934fef8e06b2fd6ae51f1025d6d Mon Sep 17 00:00:00 2001 +From: bitianyuan +Date: Thu, 5 Dec 2024 04:41:40 +0000 +Subject: [PATCH] backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory + +--- + Makefile.in | 1 + + configure.ac | 6 ++++++ + regress/test-exec.sh | 3 ++- + 3 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/Makefile.in b/Makefile.in +index 01895a7..b26e3a2 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -736,6 +736,7 @@ tests: file-tests t-exec interop-tests unit + unit: regress-unit-binaries + BUILDDIR=`pwd`; \ + cd $(srcdir)/regress || exit $$?; \ ++ OPENSSL_BIN='@OPENSSL_BIN' \ + $(MAKE) \ + .OBJDIR="$${BUILDDIR}/regress" \ + .CURDIR="`pwd`" \ +diff --git a/configure.ac b/configure.ac +index d5a156c..0b36b5e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -119,10 +119,12 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [ + ]) + + openssl=yes ++openssl_bin=openssl + AC_ARG_WITH([openssl], + [ --without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ], + [ if test "x$withval" = "xno" ; then + openssl=no ++ openssl_bin="" + fi + ] + ) +@@ -2674,6 +2676,7 @@ AC_CHECK_FUNCS([getpgrp],[ + # Search for OpenSSL + saved_CPPFLAGS="$CPPFLAGS" + saved_LDFLAGS="$LDFLAGS" ++openssl_bin_PATH="$PATH" + AC_ARG_WITH([ssl-dir], + [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], + [ +@@ -2709,9 +2712,12 @@ AC_ARG_WITH([ssl-dir], + else + CPPFLAGS="-I${withval} ${CPPFLAGS}" + fi ++ openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps" + fi + ] + ) ++AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH]) ++AC_SUBST(OPENSSL_BIN, [${openssl_bin}]) + + AC_ARG_WITH([openssl-header-check], + [ --without-openssl-header-check Disable OpenSSL version consistency check], +diff --git a/regress/test-exec.sh b/regress/test-exec.sh +index 3e3b20e..44cf725 100644 +--- a/regress/test-exec.sh ++++ b/regress/test-exec.sh +@@ -102,7 +102,8 @@ CONCH=conch + + # Tools used by multiple tests + NC=$OBJ/netcat +-OPENSSL_BIN="${OPENSSL_BIN:-openssl}" ++# Always use the one configure tells us to, even if that's empty. ++#OPENSSL_BIN="${OPENSSL_BIN:-openssl}" + + if [ "x$TEST_SSH_SSH" != "x" ]; then + SSH="${TEST_SSH_SSH}" +-- +2.33.0 + diff --git a/openssh.spec b/openssh.spec index 73f5d25..2c9cdc7 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 32 +%global openssh_release 33 Name: openssh Version: 8.8p1 @@ -133,6 +133,7 @@ Patch103: backport-CVE-2023-48795.patch Patch104: fix-memory-leak-in-kex-exchange.patch Patch105: backport-fix-CVE-2024-6387.patch Patch106: backport-fix-CVE-2024-6409.patch +Patch107: backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -316,6 +317,7 @@ popd %patch104 -p1 %patch105 -p1 %patch106 -p1 +%patch107 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 @@ -522,6 +524,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Thu Dec 5 2024 bitianyuan - 8.8p1-33 +- Type:bugfix +- CVE: +- SUG:NA +- DESC:Set OPENSSL_BIN from OpenSSL directory + * Wed Jul 10 2024 songjuntao - 8.8p1-32 - Type:CVE - CVE:CVE-2024-6409 -- Gitee