!178 修复DT测试用例失败问题，并使能DT

From: @renmingshuai 
Reviewed-by: @kircher 
Signed-off-by: @kircher

backport-Skip-scp3-test-if-there-s-no-scp-on-remote-path.patch

@@ -0,0 +1,34 @@
+From ea7ecc2c3ae39fdf5c6ad97b7bc0b47a98847f43 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Sat, 23 Jul 2022 14:36:38 +1000
+Subject: [PATCH] Skip scp3 test if there's no scp on remote path.
+
+scp -3 ends up using the scp that's in the remote path and will fail if
+one is not available.  Based on a patch from rapier at psc.edu.
+
+Reference:https://github.com/openssh/openssh-portable/commit/ea7ecc2c3ae39fdf5c6ad97b7bc0b47a98847f43
+Conflict:NA
+---
+ regress/scp3.sh | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/regress/scp3.sh b/regress/scp3.sh
+index f71b1567..47db47cd 100644
+--- a/regress/scp3.sh
++++ b/regress/scp3.sh
+@@ -9,6 +9,12 @@ COPY2=${OBJ}/copy2
+ DIR=${COPY}.dd
+ DIR2=${COPY}.dd2
+ 
++$SSH -F $OBJ/ssh_proxy somehost \
++    'IFS=":"; for i in $PATH;do [ -x "$i/scp" ] && exit 0; done; exit 1'
++if [ $? -eq 1 ]; then
++	skip "No scp on remote path."
++fi
++
+ SRC=`dirname ${SCRIPT}`
+ cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp
+ chmod 755 ${OBJ}/scp-ssh-wrapper.scp
+-- 
+2.23.0
+

feature-add-SMx-support.patch

@@ -20,23 +20,24 @@ FingerprintHash sm3
  kex.h                                 |   3 +
  kexecdh.c                             |  23 +-
  kexgen.c                              |   3 +
- kexsm2.c                              | 406 ++++++++++++++++++++++++++++++++++
+ kexsm2.c                              | 406 ++++++++++++++++++++++++++
  mac.c                                 |   1 +
  pathnames.h                           |   1 +
  regress/agent.sh                      |   9 +
  regress/keytype.sh                    |   2 +
+ regress/knownhosts-command.sh         |   1 +
  regress/misc/fuzz-harness/sig_fuzz.cc |   4 +
  regress/unittests/kex/test_kex.c      |   3 +
  ssh-ecdsa.c                           |   6 +-
  ssh-keygen.c                          |  12 +-
  ssh-keyscan.c                         |  12 +-
- ssh-sm2.c                             | 230 +++++++++++++++++++
+ ssh-sm2.c                             | 230 +++++++++++++++
  ssh_api.c                             |   2 +
  sshconnect2.c                         |   1 +
  sshd.c                                |   7 +
- sshkey.c                              |  62 +++++-
+ sshkey.c                              |  62 +++-
  sshkey.h                              |   9 +
- 26 files changed, 793 insertions(+), 16 deletions(-)
+ 27 files changed, 794 insertions(+), 16 deletions(-)
  create mode 100644 kexsm2.c
  create mode 100644 ssh-sm2.c
 
@@ -75,7 +76,7 @@ index 9f092f7..163b4b5 100644
  	case KEY_ECDSA_SK_CERT:
  #endif
 diff --git a/authfile.c b/authfile.c
-index d7827ed..8990137 100644
+index 666730b..dce1e84 100644
 --- a/authfile.c
 +++ b/authfile.c
 @@ -343,6 +343,7 @@ sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
@@ -686,7 +687,7 @@ index a094888..0a805ad 100644
  /*
   * Configuration file in user's home directory.  This file need not be
 diff --git a/regress/agent.sh b/regress/agent.sh
-index f187b67..38a0e97 100644
+index f187b67..42a5124 100644
 --- a/regress/agent.sh
 +++ b/regress/agent.sh
 @@ -87,9 +87,18 @@ fi
@@ -728,28 +729,40 @@ index f1c0451..2665bd6 100644
  	esac
  }
  
+diff --git a/regress/knownhosts-command.sh b/regress/knownhosts-command.sh
+index 8472ec8..7f56fb1 100644
+--- a/regress/knownhosts-command.sh
++++ b/regress/knownhosts-command.sh
+@@ -41,6 +41,7 @@ ${SSH} -F $OBJ/ssh_proxy x true && fail "ssh connect succeeded with bad exit"
+ for keytype in ${SSH_HOSTKEY_TYPES} ; do
+ 	algs=$keytype
+ 	test "x$keytype" = "xssh-dss" && continue
++	test "x$keytype" = "xsm2" && continue
+ 	test "x$keytype" = "xssh-rsa" && algs=ssh-rsa,rsa-sha2-256,rsa-sha2-512
+ 	verbose "keytype $keytype"
+ 	cat > $OBJ/knownhosts_command << _EOF
 diff --git a/regress/misc/fuzz-harness/sig_fuzz.cc b/regress/misc/fuzz-harness/sig_fuzz.cc
-index b32502b..8faad6e 100644
+index b32502b..f260692 100644
 --- a/regress/misc/fuzz-harness/sig_fuzz.cc
 +++ b/regress/misc/fuzz-harness/sig_fuzz.cc
-@@ -33,6 +33,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+@@ -30,6 +30,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+   static struct sshkey *ecdsa256 = generate_or_die(KEY_ECDSA, 256);
+   static struct sshkey *ecdsa384 = generate_or_die(KEY_ECDSA, 384);
+   static struct sshkey *ecdsa521 = generate_or_die(KEY_ECDSA, 521);
++  static struct sshkey *sm2 = generate_or_die(KEY_SM2, 256);
  #endif
    struct sshkey_sig_details *details = NULL;
    static struct sshkey *ed25519 = generate_or_die(KEY_ED25519, 0);
-+  static struct sshkey *sm2 = generate_or_die(KEY_SM2, 256);
-   static const char *data = "If everyone started announcing his nose had "
-       "run away, I don’t know how it would all end";
-   static const size_t dlen = strlen(data);
-@@ -56,6 +57,9 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+@@ -53,6 +54,9 @@ int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+   sshkey_verify(ecdsa521, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
+   sshkey_sig_details_free(details);
+   details = NULL;
++  sshkey_verify(sm2, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
++  sshkey_sig_details_free(details);
++  details = NULL;
  #endif
    sshkey_verify(ed25519, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
    sshkey_sig_details_free(details);
-+  details = NULL;
-+  sshkey_verify(sm2, sig, slen, (const u_char *)data, dlen, NULL, 0, &details);
-+  sshkey_sig_details_free(details);
-   return 0;
- }
- 
 diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
 index 3bd71a9..312e8f2 100644
 --- a/regress/unittests/kex/test_kex.c
@@ -803,7 +816,7 @@ index b036796..6697be6 100644
  		return SSH_ERR_INVALID_ARGUMENT;
  
 diff --git a/ssh-keygen.c b/ssh-keygen.c
-index e04bade..7fc616c 100644
+index b9c4dce..bd6ea16 100644
 --- a/ssh-keygen.c
 +++ b/ssh-keygen.c
 @@ -192,6 +192,7 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp)
@@ -1163,7 +1176,7 @@ index d3c6617..adc2598 100644
  #endif /* WITH_OPENSSL */
  		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
 diff --git a/sshconnect2.c b/sshconnect2.c
-index aa32ece..e90eb89 100644
+index fafc0a2..9a01f1a 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
 @@ -327,6 +327,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
@@ -1175,7 +1188,7 @@ index aa32ece..e90eb89 100644
  # ifdef GSSAPI
  	if (options.gss_keyex) {
 diff --git a/sshd.c b/sshd.c
-index b7b0c18..dd7cdee 100644
+index 8424e33..57d70fe 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -706,6 +706,7 @@ list_hostkey_types(void)
@@ -1221,7 +1234,7 @@ index b7b0c18..dd7cdee 100644
  		case KEY_ED25519:
  		case KEY_ECDSA_SK:
  		case KEY_ED25519_SK:
-@@ -2570,6 +2576,7 @@ do_ssh2_kex(struct ssh *ssh)
+@@ -2572,6 +2578,7 @@ do_ssh2_kex(struct ssh *ssh)
  	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
  # ifdef OPENSSL_HAS_ECC
  	kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
@@ -1554,5 +1567,5 @@ index 43eef5e..3b84096 100644
  
  #if !defined(WITH_OPENSSL)
 -- 
-1.8.3.1
+2.23.0
 

openssh.spec

@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 15
+%global openssh_release 16
 
 Name:           openssh
 Version:        8.8p1
@@ -105,6 +105,9 @@ Patch72:        backport-upstream-double-free-in-error-path-from-Eusgor-via-G.pa
 Patch73:        add-loongarch.patch
 Patch74:        add-strict-scp-check-for-CVE-2020-15778.patch
 Patch75:        backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch
+Patch76:        backport-Skip-scp3-test-if-there-s-no-scp-on-remote-path.patch
+Patch77:        skip-scp-test-if-there-is-no-scp-on-remote-path-as-s.patch
+Patch78:        skip-tests-for-C-if-there-is-no-openssl-on-local-pat.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -259,6 +262,9 @@ popd
 %patch73 -p1
 %patch74 -p1
 %patch75 -p1
+%patch76 -p1
+%patch77 -p1
+%patch78 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@@ -460,6 +466,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Fri Jan 06 2023 renmingshuai<renmingshuai@huawei.com> - 8.8p1-16
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:fix tests failure and enable make tests
+
 * Tue Jan 03 2023 renmingshuai<renmingshuai@huawei.com> - 8.8p1-15
 - Type:bugfix
 - CVE:NA

skip-scp-test-if-there-is-no-scp-on-remote-path-as-s.patch

@@ -0,0 +1,38 @@
+From e32af8efd8d36f8349761615b73cb3174e52134a Mon Sep 17 00:00:00 2001
+From: chengyechun <chengyechun1@huawei.com>
+Date: Thu, 5 Jan 2023 22:45:10 +0800
+Subject: [PATCH] skip scp test if there is no scp on remote path as scp3.sh
+ did
+
+---
+ regress/multiplex.sh | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/regress/multiplex.sh b/regress/multiplex.sh
+index 4744fa3..8ab0f59 100644
+--- a/regress/multiplex.sh
++++ b/regress/multiplex.sh
+@@ -67,11 +67,15 @@ echo "get ${DATA} ${COPY}" | \
+ test -f ${COPY}			|| fail "sftp: failed copy ${DATA}" 
+ cmp ${DATA} ${COPY}		|| fail "sftp: corrupted copy of ${DATA}"
+ 
+-rm -f ${COPY}
+-trace "scp transfer over multiplexed connection and check result"
+-${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_REGRESS_LOGFILE 2>&1
+-test -f ${COPY}			|| fail "scp: failed copy ${DATA}" 
+-cmp ${DATA} ${COPY}		|| fail "scp: corrupted copy of ${DATA}"
++$SSH -F $OBJ/ssh_proxy somehost \
++    'IFS=":"; for i in $PATH;do [ -x "$i/scp" ] && exit 0; done; exit 1'
++if [ $? -eq 0 ]; then
++	rm -f ${COPY}
++	trace "scp transfer over multiplexed connection and check result"
++	${SCP} -S ${SSH} -F $OBJ/ssh_config -oControlPath=$CTL otherhost:${DATA} ${COPY} >>$TEST_REGRESS_LOGFILE 2>&1
++	test -f ${COPY}			|| fail "scp: failed copy ${DATA}" 
++	cmp ${DATA} ${COPY}		|| fail "scp: corrupted copy of ${DATA}"
++fi
+ 
+ rm -f ${COPY}
+ verbose "test $tid: forward"
+-- 
+2.23.0
+

skip-tests-for-C-if-there-is-no-openssl-on-local-pat.patch

@@ -0,0 +1,100 @@
+From a0772385f1b4086aacdc6d84a3daea4b2ef26f30 Mon Sep 17 00:00:00 2001
+From: chengyechun <chengyechun1@huawei.com>
+Date: Thu, 5 Jan 2023 23:43:22 +0800
+Subject: [PATCH] skip tests for '%C' if there is no openssl on local path
+
+---
+ regress/percent.sh                            | 24 +++++++++++----
+ ...t-if-there-is-no-openssl-on-local-pa.patch | 30 +++++++++++++++++++
+ 2 files changed, 48 insertions(+), 6 deletions(-)
+ create mode 100644 skip-percent-test-if-there-is-no-openssl-on-local-pa.patch
+
+diff --git a/regress/percent.sh b/regress/percent.sh
+index 7ed4184..9c112eb 100644
+--- a/regress/percent.sh
++++ b/regress/percent.sh
+@@ -13,6 +13,10 @@ USERID=`id -u`
+ HOST=`hostname | cut -f1 -d.`
+ HOSTNAME=`hostname`
+ 
++# Check if there is openssl in local PATH
++NOOPENSSL=0
++for i in $PATH;do [ -x "$i/openssl" ] && NOOPENSSL=1; done
++
+ # Localcommand is evaluated after connection because %T is not available
+ # until then.  Because of this we use a different method of exercising it,
+ # and we can't override the remote user otherwise authentication will fail.
+@@ -77,11 +81,14 @@ for i in matchexec localcommand remotecommand controlpath identityagent \
+ 	if [ "$i" = "$localcommand" ]; then
+ 		trial $i '%T' NONE
+ 	fi
+-	# Matches implementation in readconf.c:ssh_connection_hash()
+-	HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" |
+-	    $OPENSSL_BIN sha1 | cut -f2 -d' '`
++    # skip tests for '%C' since no openssl in local PATH
++	if [ $NOOPENSSL -eq 1 ]; then
++	    # Matches implementation in readconf.c:ssh_connection_hash()	
++        HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" |
++            $OPENSSL_BIN sha1 | cut -f2 -d' '`
++	fi
+ 	trial $i '%%' '%'
+-	trial $i '%C' $HASH
++	if [ $NOOPENSSL -eq 1 ]; then trial $i '%C' $HASH; fi
+ 	trial $i '%i' $USERID
+ 	trial $i '%h' 127.0.0.1
+ 	trial $i '%L' $HOST
+@@ -95,8 +102,13 @@ for i in matchexec localcommand remotecommand controlpath identityagent \
+ 	# containing %d for UserKnownHostsFile
+ 	if [ "$i" != "userknownhostsfile" ]; then
+ 		trial $i '%d' $HOME
+-		trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
+-		    "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
++        if [ $NOOPENSSL -eq 0 ]; then
++            trial $i '%%/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
++                "%/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
++        else
++		    trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
++		        "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
++        fi
+ 	fi
+ done
+ 
+diff --git a/skip-percent-test-if-there-is-no-openssl-on-local-pa.patch b/skip-percent-test-if-there-is-no-openssl-on-local-pa.patch
+new file mode 100644
+index 0000000..c7af5d9
+--- /dev/null
++++ b/skip-percent-test-if-there-is-no-openssl-on-local-pa.patch
+@@ -0,0 +1,30 @@
++From 1da9e48b41ab6eca157d4fa3b74490510d9006ae Mon Sep 17 00:00:00 2001
++From: chengyechun <chengyechun1@huawei.com>
++Date: Thu, 5 Jan 2023 23:43:22 +0800
++Subject: [PATCH] skip percent test if there is no openssl on local path as
++ scp3 did
++
++---
++ regress/percent.sh | 6 ++++++
++ 1 file changed, 6 insertions(+)
++
++diff --git a/regress/percent.sh b/regress/percent.sh
++index 7ed4184..08afbc8 100644
++--- a/regress/percent.sh
+++++ b/regress/percent.sh
++@@ -8,6 +8,12 @@ if [ -x "/usr/xpg4/bin/id" ]; then
++ 	export PATH
++ fi
++ 
+++NOOPENSSL=0
+++for i in $PATH;do [ -x "$i/openssl" ] && $OPENSSL=1; done
+++if [ $? -eq 0 ]; then
+++	skip "No openssl on local path."
+++fi
+++
++ USER=`id -u -n`
++ USERID=`id -u`
++ HOST=`hostname | cut -f1 -d.`
++-- 
++2.23.0
++
+-- 
+2.23.0
+