diff --git a/openssh-8.7p1-openssl-log.patch b/openssh-8.7p1-openssl-log.patch new file mode 100644 index 0000000..67a56e3 --- /dev/null +++ b/openssh-8.7p1-openssl-log.patch @@ -0,0 +1,75 @@ +diff -up openssh-9.9p1/log.c.xxx openssh-9.9p1/log.c +--- openssh-9.9p1/log.c.xxx 2024-10-22 11:55:44.281939275 +0200 ++++ openssh-9.9p1/log.c 2024-10-22 11:56:16.709676267 +0200 +@@ -52,6 +52,9 @@ + + #include "log.h" + #include "match.h" ++#ifdef WITH_OPENSSL ++#include ++#endif + + static LogLevel log_level = SYSLOG_LEVEL_INFO; + static int log_on_stderr = 1; +@@ -438,6 +438,26 @@ sshlog(const char *file, const char *fun + va_end(args); + } + ++#ifdef WITH_OPENSSL ++static int ++openssl_error_print_cb(const char *str, size_t len, void *u) ++{ ++ sshlogdirect(SYSLOG_LEVEL_DEBUG1, 0, "openssl error %s", str); ++ return 0; ++} ++#endif ++ ++void ++sshlog_openssl(int r) ++{ ++#ifdef WITH_OPENSSL ++ if (r != SSH_ERR_LIBCRYPTO_ERROR) return; ++ ++ ERR_print_errors_cb(openssl_error_print_cb, NULL); ++#endif ++ return; ++} ++ + void + sshlogdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) +diff -up openssh-8.7p1/log.h.xxx openssh-8.7p1/log.h +--- openssh-8.7p1/log.h.xxx 2024-10-18 12:56:18.944971946 +0200 ++++ openssh-8.7p1/log.h 2024-10-18 13:03:38.324351416 +0200 +@@ -71,6 +71,7 @@ void cleanup_exit(int) __attribute__((n + void sshlog(const char *, const char *, int, int, + LogLevel, const char *, const char *, ...) + __attribute__((format(printf, 7, 8))); ++void sshlog_openssl(int); + void sshlogv(const char *, const char *, int, int, + LogLevel, const char *, const char *, va_list); + void sshlogdie(const char *, const char *, int, int, +diff -up openssh-8.7p1/auth2-pubkey.c.yyy openssh-8.7p1/auth2-pubkey.c +--- openssh-8.7p1/auth2-pubkey.c.yyy 2024-10-18 13:27:00.709055845 +0200 ++++ openssh-8.7p1/auth2-pubkey.c 2024-10-18 13:27:31.638784460 +0200 +@@ -131,6 +131,7 @@ userauth_pubkey(struct ssh *ssh) + goto done; + } + if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) { ++ sshlog_openssl(r); + error_fr(r, "parse key"); + goto done; + } +diff -up openssh-8.7p1/dispatch.c.yyy openssh-8.7p1/dispatch.c +--- openssh-8.7p1/dispatch.c.yyy 2024-10-18 13:27:56.349366570 +0200 ++++ openssh-8.7p1/dispatch.c 2024-10-18 13:28:17.921874757 +0200 +@@ -130,6 +130,8 @@ ssh_dispatch_run_fatal(struct ssh *ssh, + { + int r; + +- if ((r = ssh_dispatch_run(ssh, mode, done)) != 0) ++ if ((r = ssh_dispatch_run(ssh, mode, done)) != 0) { ++ sshlog_openssl(r); + sshpkt_fatal(ssh, r, "%s", __func__); ++ } + } diff --git a/openssh.spec b/openssh.spec index ef86af3..4f8087b 100644 --- a/openssh.spec +++ b/openssh.spec @@ -195,6 +195,7 @@ Patch1014: openssh-8.7p1-nohostsha1proof.patch Patch1015: openssh-9.6p1-pam-rhost.patch Patch1016: openssh-9.9p1-separate-keysign.patch Patch1017: openssh-8.7p1-redhat-help.patch +Patch1018: openssh-8.7p1-openssl-log.patch License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant Requires: /sbin/nologin @@ -377,6 +378,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0} %patch -P 1015 -p1 -b .pam-rhost %patch -P 1016 -p1 -b .sep-keysign %patch -P 1017 -p1 -b .help +%patch -P 1018 -p1 -b .openssl-log %patch -P 100 -p1 -b .coverity @@ -659,6 +661,8 @@ test -f %{sysconfig_anaconda} && \ * Fri Oct 18 2024 Dmitry Belyavskiy - 9.9p1-2 - Extra help information should not be printed if stderr is not a TTY Resolves: RHEL-63061 +- Provide details on crypto error instead of "error in libcrypto" + Resolves: RHEL-63190 * Tue Oct 15 2024 Dmitry Belyavskiy - 9.9p1-2 - Resolve memory management issues after rebase