Set OPENSSL_BIN from OpenSSL directory

Signed-off-by: bitianyuan@huawei.com
2024-12-05 06:13:31 +00:00 · 2024-12-05 06:13:31 +00:00 · a32b5c56ce
commit a32b5c56ce
parent e07e332ea2
2 changed files with 87 additions and 1 deletions
--- a/backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory.patch
+++ b/backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory.patch
@ -0,0 +1,78 @@
+From 3c80942727444934fef8e06b2fd6ae51f1025d6d Mon Sep 17 00:00:00 2001
+From: bitianyuan <bitianyuan@huawei.com>
+Date: Thu, 5 Dec 2024 04:41:40 +0000
+Subject: [PATCH] backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory
+
+---
+ Makefile.in          | 1 +
+ configure.ac         | 6 ++++++
+ regress/test-exec.sh | 3 ++-
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index 01895a7..b26e3a2 100644
+--- a/Makefile.in
+++ b/Makefile.in
+@@ -736,6 +736,7 @@ tests:	file-tests t-exec interop-tests unit
+ unit: regress-unit-binaries
+ 	BUILDDIR=`pwd`; \
+ 	cd $(srcdir)/regress || exit $$?; \
+	OPENSSL_BIN='@OPENSSL_BIN' \
+ 	$(MAKE) \
+ 		.OBJDIR="$${BUILDDIR}/regress" \
+ 		.CURDIR="`pwd`" \
+diff --git a/configure.ac b/configure.ac
+index d5a156c..0b36b5e 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -119,10 +119,12 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
+ ])
+ 
+ openssl=yes
+openssl_bin=openssl
+ AC_ARG_WITH([openssl],
+ 	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
+ 	[  if test "x$withval" = "xno" ; then
+ 		openssl=no
+		openssl_bin=""
+ 	   fi
+ 	]
+ )
+@@ -2674,6 +2676,7 @@ AC_CHECK_FUNCS([getpgrp],[
+ # Search for OpenSSL
+ saved_CPPFLAGS="$CPPFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+openssl_bin_PATH="$PATH"
+ AC_ARG_WITH([ssl-dir],
+ 	[  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
+ 	[
+@@ -2709,9 +2712,12 @@ AC_ARG_WITH([ssl-dir],
+ 			else
+ 				CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ 			fi
+			openssl_bin_PATH="${PATH}${PATH_SEPARATOR}${withval}/bin${PATH_SEPARATOR}${withval}/apps"
+ 		fi
+ 	]
+ )
+AC_PATH_PROGS([openssl_bin], openssl, [], [$openssl_bin_PATH])
+AC_SUBST(OPENSSL_BIN, [${openssl_bin}])
+ 
+ AC_ARG_WITH([openssl-header-check],
+ 	[  --without-openssl-header-check Disable OpenSSL version consistency check],
+diff --git a/regress/test-exec.sh b/regress/test-exec.sh
+index 3e3b20e..44cf725 100644
+--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
+@@ -102,7 +102,8 @@ CONCH=conch
+ 
+ # Tools used by multiple tests
+ NC=$OBJ/netcat
+-OPENSSL_BIN="${OPENSSL_BIN:-openssl}"
+# Always use the one configure tells us to, even if that's empty.
+#OPENSSL_BIN="${OPENSSL_BIN:-openssl}"
+ 
+ if [ "x$TEST_SSH_SSH" != "x" ]; then
+ 	SSH="${TEST_SSH_SSH}"
+-- 
+2.33.0
+
--- a/openssh.spec
+++ b/openssh.spec
@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}

 %global sshd_uid    74
-%global openssh_release 32
+%global openssh_release 33

 Name:           openssh
 Version:        8.8p1
@ -133,6 +133,7 @@ Patch103:       backport-CVE-2023-48795.patch
 Patch104:       fix-memory-leak-in-kex-exchange.patch 
 Patch105:       backport-fix-CVE-2024-6387.patch
 Patch106:       backport-fix-CVE-2024-6409.patch
+Patch107:       backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory.patch

 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@ -316,6 +317,7 @@ popd
 %patch104 -p1
 %patch105 -p1
 %patch106 -p1
+%patch107 -p1

 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@ -522,6 +524,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*

 %changelog
+* Thu Dec 5 2024 bitianyuan<bitianyuan@huawei.com> - 8.8p1-33
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:Set OPENSSL_BIN from OpenSSL directory
+
 * Wed Jul 10 2024 songjuntao<songjuntao@kylinos.cn> - 8.8p1-32
 - Type:CVE
 - CVE:CVE-2024-6409