From 2d48f44a6478caf6c2be64aefc377557dfa2b2f605f244b947a04f1311b34b10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 14 Nov 2019 15:26:26 +0000 Subject: [PATCH] Accepting request 746672 from home:elvigia:branches:network - Add openssh-8.1p1-seccomp-clock_nanosleep.patch, allow clock_nanosleep glibc master implements multiple functions using that syscall making the privsep sandbox kill the preauth process. OBS-URL: https://build.opensuse.org/request/show/746672 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=201 --- openssh-8.1p1-seccomp-clock_nanosleep.patch | 14 ++++++++++++++ openssh-askpass-gnome.spec | 2 +- openssh.changes | 7 +++++++ openssh.spec | 3 ++- 4 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 openssh-8.1p1-seccomp-clock_nanosleep.patch diff --git a/openssh-8.1p1-seccomp-clock_nanosleep.patch b/openssh-8.1p1-seccomp-clock_nanosleep.patch new file mode 100644 index 0000000..9f2bca5 --- /dev/null +++ b/openssh-8.1p1-seccomp-clock_nanosleep.patch @@ -0,0 +1,14 @@ +Index: openssh-8.1p1/sandbox-seccomp-filter.c +=================================================================== +--- openssh-8.1p1.orig/sandbox-seccomp-filter.c ++++ openssh-8.1p1/sandbox-seccomp-filter.c +@@ -248,6 +248,9 @@ static const struct sock_filter preauth_ + #ifdef __NR_nanosleep + SC_ALLOW(__NR_nanosleep), + #endif ++#ifdef __NR_clock_nanosleep ++ SC_ALLOW(__NR_clock_nanosleep), ++#endif + #ifdef __NR__newselect + SC_ALLOW(__NR__newselect), + #endif diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index eaa041b..454461a 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/openssh.changes b/openssh.changes index 9b014e4..c81379b 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Nov 8 18:05:37 UTC 2019 - Cristian Rodríguez + +- Add openssh-8.1p1-seccomp-clock_nanosleep.patch, allow clock_nanosleep + glibc master implements multiple functions using that syscall making + the privsep sandbox kill the preauth process. + ------------------------------------------------------------------- Mon Oct 14 23:58:39 UTC 2019 - Hans Petter Jansson diff --git a/openssh.spec b/openssh.spec index 64dc598..ddb8352 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -99,6 +99,7 @@ Patch32: openssh-7.7p1-IPv6_X_forwarding.patch Patch33: openssh-7.7p1-sftp_print_diagnostic_messages.patch Patch34: openssh-7.9p1-keygen-preserve-perms.patch Patch35: openssh-7.9p1-revert-new-qos-defaults.patch +Patch36: openssh-8.1p1-seccomp-clock_nanosleep.patch BuildRequires: audit-devel BuildRequires: autoconf BuildRequires: groff