diff --git a/openssh-8.1p1-seccomp-clock_nanosleep.patch b/openssh-8.1p1-seccomp-clock_nanosleep.patch new file mode 100644 index 0000000..9f2bca5 --- /dev/null +++ b/openssh-8.1p1-seccomp-clock_nanosleep.patch @@ -0,0 +1,14 @@ +Index: openssh-8.1p1/sandbox-seccomp-filter.c +=================================================================== +--- openssh-8.1p1.orig/sandbox-seccomp-filter.c ++++ openssh-8.1p1/sandbox-seccomp-filter.c +@@ -248,6 +248,9 @@ static const struct sock_filter preauth_ + #ifdef __NR_nanosleep + SC_ALLOW(__NR_nanosleep), + #endif ++#ifdef __NR_clock_nanosleep ++ SC_ALLOW(__NR_clock_nanosleep), ++#endif + #ifdef __NR__newselect + SC_ALLOW(__NR__newselect), + #endif diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index eaa041b..454461a 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/openssh.changes b/openssh.changes index 9b014e4..c81379b 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Nov 8 18:05:37 UTC 2019 - Cristian Rodríguez + +- Add openssh-8.1p1-seccomp-clock_nanosleep.patch, allow clock_nanosleep + glibc master implements multiple functions using that syscall making + the privsep sandbox kill the preauth process. + ------------------------------------------------------------------- Mon Oct 14 23:58:39 UTC 2019 - Hans Petter Jansson diff --git a/openssh.spec b/openssh.spec index 64dc598..ddb8352 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -99,6 +99,7 @@ Patch32: openssh-7.7p1-IPv6_X_forwarding.patch Patch33: openssh-7.7p1-sftp_print_diagnostic_messages.patch Patch34: openssh-7.9p1-keygen-preserve-perms.patch Patch35: openssh-7.9p1-revert-new-qos-defaults.patch +Patch36: openssh-8.1p1-seccomp-clock_nanosleep.patch BuildRequires: audit-devel BuildRequires: autoconf BuildRequires: groff