!137 backport some upstream patches

From: @renmingshuai Reviewed-by: @seuzw Signed-off-by: @seuzw
2022-11-28 07:12:01 +00:00 · 2022-11-28 07:12:01 +00:00 · bd8e74a426
commit bd8e74a426
parent ccd11f3434 e9436aafbf
3 changed files with 116 additions and 7 deletions
--- a/backport-upstream-a-little-extra-debugging.patch
+++ b/backport-upstream-a-little-extra-debugging.patch
@ -0,0 +1,34 @@
+From 940dc10729cb5a95b7ee82c10184e2b9621c8a1d Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 14 Sep 2022 00:13:13 +0000
+Subject: [PATCH] upstream: a little extra debugging
+
+OpenBSD-Commit-ID: edf1601c1d0905f6da4c713f4d9cecc7d1c0295a
+
+Reference:https://github.com/openssh/openssh-portable/commit/940dc10729cb5a95b7ee82c10184e2b9621c8a1d
+Conflict:NA
+---
+ ssh-agent.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssh-agent.c b/ssh-agent.c
+index ddda4d77..0aef07eb 100644
+--- a/ssh-agent.c
+++ b/ssh-agent.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: ssh-agent.c,v 1.278 2021/04/03 06:18:41 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.291 2022/09/14 00:13:13 djm Exp $ */
+ /*
+  * Author: Tatu Ylonen <ylo@cs.hut.fi>
+  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+@@ -845,6 +845,7 @@ process_sign_request2(SocketEntry *e)
+ 	/* Success */
+ 	ok = 0;
+  send:
+	debug_f("good signature");
+ 	notify_complete(notifier, "User presence confirmed");
+ 
+ 	if (ok == 0) {
+-- 
+2.23.0
+
--- a/backport-upstream-better-debugging-for-connect_next.patch
+++ b/backport-upstream-better-debugging-for-connect_next.patch
@ -0,0 +1,66 @@
+From 231a346c0c67cc7ca098360f9a554fa7d4f1eddb Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Mon, 19 Sep 2022 08:49:50 +0000
+Subject: [PATCH] upstream: better debugging for connect_next()
+
+OpenBSD-Commit-ID: d16a307a0711499c971807f324484ed3a6036640
+
+Reference:https://github.com/openssh/openssh-portable/commit/231a346c0c67cc7ca098360f9a554fa7d4f1eddb
+Conflict:NA
+---
+ channels.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/channels.c b/channels.c
+index 3ac51bac..6a78de9d 100644
+--- a/channels.c
+++ b/channels.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: channels.c,v 1.408 2021/09/14 11:04:21 mbuhl Exp $ */
+/* $OpenBSD: channels.c,v 1.420 2022/09/19 08:49:50 djm Exp $ */
+ /*
+  * Author: Tatu Ylonen <ylo@cs.hut.fi>
+  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+@@ -4403,13 +4403,15 @@ connect_next(struct channel_connect *cctx)
+ 			if (getnameinfo(cctx->ai->ai_addr, cctx->ai->ai_addrlen,
+ 			    ntop, sizeof(ntop), strport, sizeof(strport),
+ 			    NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+-				error("connect_next: getnameinfo failed");
+				error_f("getnameinfo failed");
+ 				continue;
+ 			}
+ 			break;
+ 		default:
+ 			continue;
+ 		}
+		debug_f("start for host %.100s ([%.100s]:%s)",
+		    cctx->host, ntop, strport);
+ 		if ((sock = socket(cctx->ai->ai_family, cctx->ai->ai_socktype,
+ 		    cctx->ai->ai_protocol)) == -1) {
+ 			if (cctx->ai->ai_next == NULL)
+@@ -4422,9 +4424,8 @@ connect_next(struct channel_connect *cctx)
+ 			fatal_f("set_nonblock(%d)", sock);
+ 		if (connect(sock, cctx->ai->ai_addr,
+ 		    cctx->ai->ai_addrlen) == -1 && errno != EINPROGRESS) {
+-			debug("connect_next: host %.100s ([%.100s]:%s): "
+-			    "%.100s", cctx->host, ntop, strport,
+-			    strerror(errno));
+			debug_f("host %.100s ([%.100s]:%s): %.100s",
+			    cctx->host, ntop, strport, strerror(errno));
+ 			saved_errno = errno;
+ 			close(sock);
+ 			errno = saved_errno;
+@@ -4432,8 +4433,8 @@ connect_next(struct channel_connect *cctx)
+ 		}
+ 		if (cctx->ai->ai_family != AF_UNIX)
+ 			set_nodelay(sock);
+-		debug("connect_next: host %.100s ([%.100s]:%s) "
+-		    "in progress, fd=%d", cctx->host, ntop, strport, sock);
+		debug_f("connect host %.100s ([%.100s]:%s) in progress, fd=%d",
+		    cctx->host, ntop, strport, sock);
+ 		cctx->ai = cctx->ai->ai_next;
+ 		return sock;
+ 	}
+-- 
+2.23.0
+
--- a/openssh.spec
+++ b/openssh.spec
@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}

 %global sshd_uid    74
-%global openssh_release 7
+%global openssh_release 8

 Name:           openssh
 Version:        8.8p1
@ -77,18 +77,19 @@ Patch46:        openssh-8.0p1-crypto-policies.patch
 Patch47:        openssh-8.0p1-openssl-evp.patch
 Patch48:        openssh-8.0p1-openssl-kdf.patch
 Patch49:        openssh-8.2p1-visibility.patch
-Patch50:	openssh-8.2p1-x11-without-ipv6.patch
-Patch51:	openssh-8.0p1-keygen-strip-doseol.patch
-Patch52:	openssh-8.0p1-preserve-pam-errors.patch
-Patch53:	openssh-8.7p1-scp-kill-switch.patch
-
+Patch50:        openssh-8.2p1-x11-without-ipv6.patch
+Patch51:        openssh-8.0p1-keygen-strip-doseol.patch
+Patch52:        openssh-8.0p1-preserve-pam-errors.patch
+Patch53:        openssh-8.7p1-scp-kill-switch.patch
 Patch54:        bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch
 Patch55:        bugfix-openssh-6.6p1-log-usepam-no.patch
 Patch56:        bugfix-openssh-add-option-check-username-splash.patch
 Patch57:        feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
 Patch58:        bugfix-openssh-fix-sftpserver.patch
 Patch59:        set-sshd-config.patch
-Patch60:	feature-add-SMx-support.patch
+Patch60:        feature-add-SMx-support.patch
+Patch61:        backport-upstream-a-little-extra-debugging.patch
+Patch62:        backport-upstream-better-debugging-for-connect_next.patch

 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@ -227,6 +228,8 @@ popd
 %patch58 -p1
 %patch59 -p1
 %patch60 -p1
+%patch61 -p1
+%patch62 -p1

 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@ -428,6 +431,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*

 %changelog
+* Mon Nov 28 2022 renmingshuai<renmingshuai@huawei.com> - 8.8p1-8
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:add better debugging
+
 * Wed Nov 2 2022 renmingshuai<renmingshuai@huawei.com> - 8.8p1-7
 - Type:requirement
 - CVE:NA