fix test failure and always make tests

backport-Skip-scp3-test-if-there-s-no-scp-on-remote-path.patch

@@ -0,0 +1,34 @@
+From ea7ecc2c3ae39fdf5c6ad97b7bc0b47a98847f43 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Sat, 23 Jul 2022 14:36:38 +1000
+Subject: [PATCH] Skip scp3 test if there's no scp on remote path.
+
+scp -3 ends up using the scp that's in the remote path and will fail if
+one is not available.  Based on a patch from rapier at psc.edu.
+
+Reference:https://github.com/openssh/openssh-portable/commit/ea7ecc2c3ae39fdf5c6ad97b7bc0b47a98847f43
+Conflict:NA
+---
+ regress/scp3.sh | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/regress/scp3.sh b/regress/scp3.sh
+index f71b1567..47db47cd 100644
+--- a/regress/scp3.sh
++++ b/regress/scp3.sh
+@@ -9,6 +9,12 @@ COPY2=${OBJ}/copy2
+ DIR=${COPY}.dd
+ DIR2=${COPY}.dd2
+ 
++$SSH -F $OBJ/ssh_proxy somehost \
++    'IFS=":"; for i in $PATH;do [ -x "$i/scp" ] && exit 0; done; exit 1'
++if [ $? -eq 1 ]; then
++	skip "No scp on remote path."
++fi
++
+ SRC=`dirname ${SCRIPT}`
+ cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp
+ chmod 755 ${OBJ}/scp-ssh-wrapper.scp
+-- 
+2.23.0
+

openssh.spec

@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 15
+%global openssh_release 16
 
 Name:           openssh
 Version:        8.8p1
@@ -103,6 +103,9 @@ Patch72:        backport-Return-ERANGE-from-getcwd-if-buffer-size-is-1.patch
 Patch73:        backport-upstream-double-free-in-error-path-from-Eusgor-via-G.patch
 Patch74:        add-strict-scp-check-for-CVE-2020-15778.patch
 Patch75:        backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch
+Patch76:        backport-Skip-scp3-test-if-there-s-no-scp-on-remote-path.patch
+Patch77:        skip-scp-test-if-there-is-no-scp-on-remote-path-as-s.patch
+Patch78:        skip-tests-for-C-if-there-is-no-openssl-on-local-pat.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -256,6 +259,9 @@ popd
 %patch73 -p1
 %patch74 -p1
 %patch75 -p1
+%patch76 -p1
+%patch77 -p1
+%patch78 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@@ -327,10 +333,7 @@ make
 popd
 
 %check
-#to run tests use "--with check"
-%if %{?_with_check:1}%{!?_with_check:0}
 make tests
-%endif
 
 %install
 mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
@@ -457,6 +460,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Tue Jan 3 2023 renmingshuai <renmingshuai@huawei.com> - 8.8p1-16
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix test failure and always make tests
+
 * Thu Dec 29 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-15
 - Type:bugfix
 - CVE:NA

skip-scp-test-if-there-is-no-scp-on-remote-path-as-s.patch

@@ -0,0 +1,38 @@
+From e32af8efd8d36f8349761615b73cb3174e52134a Mon Sep 17 00:00:00 2001
+From: chengyechun <chengyechun1@huawei.com>
+Date: Thu, 5 Jan 2023 22:45:10 +0800
+Subject: [PATCH] skip scp test if there is no scp on remote path as scp3.sh
+ did
+
+---
+ regress/multiplex.sh | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/regress/multiplex.sh b/regress/multiplex.sh
+index 4744fa3..8ab0f59 100644
+--- a/regress/multiplex.sh
++++ b/regress/multiplex.sh
+@@ -67,11 +67,15 @@ echo "get ${DATA} ${COPY}" | \
+ test -f ${COPY}			|| fail "sftp: failed copy ${DATA}" 
+ cmp ${DATA} ${COPY}		|| fail "sftp: corrupted copy of ${DATA}"
+ 
+-rm -f ${COPY}
+-trace "scp transfer over multiplexed connection and check result"
+-${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_REGRESS_LOGFILE 2>&1
+-test -f ${COPY}			|| fail "scp: failed copy ${DATA}" 
+-cmp ${DATA} ${COPY}		|| fail "scp: corrupted copy of ${DATA}"
++$SSH -F $OBJ/ssh_proxy somehost \
++    'IFS=":"; for i in $PATH;do [ -x "$i/scp" ] && exit 0; done; exit 1'
++if [ $? -eq 0 ]; then
++	rm -f ${COPY}
++	trace "scp transfer over multiplexed connection and check result"
++	${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_REGRESS_LOGFILE 2>&1
++	test -f ${COPY}			|| fail "scp: failed copy ${DATA}" 
++	cmp ${DATA} ${COPY}		|| fail "scp: corrupted copy of ${DATA}"
++fi
+ 
+ rm -f ${COPY}
+ verbose "test $tid: forward"
+-- 
+2.23.0
+

skip-tests-for-C-if-there-is-no-openssl-on-local-pat.patch

@@ -0,0 +1,100 @@
+From a0772385f1b4086aacdc6d84a3daea4b2ef26f30 Mon Sep 17 00:00:00 2001
+From: chengyechun <chengyechun1@huawei.com>
+Date: Thu, 5 Jan 2023 23:43:22 +0800
+Subject: [PATCH] skip tests for '%C' if there is no openssl on local path
+
+---
+ regress/percent.sh                            | 24 +++++++++++----
+ ...t-if-there-is-no-openssl-on-local-pa.patch | 30 +++++++++++++++++++
+ 2 files changed, 48 insertions(+), 6 deletions(-)
+ create mode 100644 skip-percent-test-if-there-is-no-openssl-on-local-pa.patch
+
+diff --git a/regress/percent.sh b/regress/percent.sh
+index 7ed4184..9c112eb 100644
+--- a/regress/percent.sh
++++ b/regress/percent.sh
+@@ -13,6 +13,10 @@ USERID=`id -u`
+ HOST=`hostname | cut -f1 -d.`
+ HOSTNAME=`hostname`
+ 
++# Check if there is openssl in local PATH
++NOOPENSSL=0
++for i in $PATH;do [ -x "$i/openssl" ] && NOOPENSSL=1; done
++
+ # Localcommand is evaluated after connection because %T is not available
+ # until then.  Because of this we use a different method of exercising it,
+ # and we can't override the remote user otherwise authentication will fail.
+@@ -77,11 +81,14 @@ for i in matchexec localcommand remotecommand controlpath identityagent \
+ 	if [ "$i" = "$localcommand" ]; then
+ 		trial $i '%T' NONE
+ 	fi
+-	# Matches implementation in readconf.c:ssh_connection_hash()
+-	HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" |
+-	    $OPENSSL_BIN sha1 | cut -f2 -d' '`
++    # skip tests for '%C' since no openssl in local PATH
++	if [ $NOOPENSSL -eq 1 ]; then
++	    # Matches implementation in readconf.c:ssh_connection_hash()	
++        HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" |
++            $OPENSSL_BIN sha1 | cut -f2 -d' '`
++	fi
+ 	trial $i '%%' '%'
+-	trial $i '%C' $HASH
++	if [ $NOOPENSSL -eq 1 ]; then trial $i '%C' $HASH; fi
+ 	trial $i '%i' $USERID
+ 	trial $i '%h' 127.0.0.1
+ 	trial $i '%L' $HOST
+@@ -95,8 +102,13 @@ for i in matchexec localcommand remotecommand controlpath identityagent \
+ 	# containing %d for UserKnownHostsFile
+ 	if [ "$i" != "userknownhostsfile" ]; then
+ 		trial $i '%d' $HOME
+-		trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
+-		    "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
++        if [ $NOOPENSSL -eq 0 ]; then
++            trial $i '%%/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
++                "%/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
++        else
++		    trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
++		        "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
++        fi
+ 	fi
+ done
+ 
+diff --git a/skip-percent-test-if-there-is-no-openssl-on-local-pa.patch b/skip-percent-test-if-there-is-no-openssl-on-local-pa.patch
+new file mode 100644
+index 0000000..c7af5d9
+--- /dev/null
++++ b/skip-percent-test-if-there-is-no-openssl-on-local-pa.patch
+@@ -0,0 +1,30 @@
++From 1da9e48b41ab6eca157d4fa3b74490510d9006ae Mon Sep 17 00:00:00 2001
++From: chengyechun <chengyechun1@huawei.com>
++Date: Thu, 5 Jan 2023 23:43:22 +0800
++Subject: [PATCH] skip percent test if there is no openssl on local path as
++ scp3 did
++
++---
++ regress/percent.sh | 6 ++++++
++ 1 file changed, 6 insertions(+)
++
++diff --git a/regress/percent.sh b/regress/percent.sh
++index 7ed4184..08afbc8 100644
++--- a/regress/percent.sh
+++++ b/regress/percent.sh
++@@ -8,6 +8,12 @@ if [ -x "/usr/xpg4/bin/id" ]; then
++ 	export PATH
++ fi
++ 
+++NOOPENSSL=0
+++for i in $PATH;do [ -x "$i/openssl" ] && $OPENSSL=1; done
+++if [ $? -eq 0 ]; then
+++	skip "No openssl on local path."
+++fi
+++
++ USER=`id -u -n`
++ USERID=`id -u`
++ HOST=`hostname | cut -f1 -d.`
++-- 
++2.23.0
++
+-- 
+2.23.0
+