SHA256
1
0
forked from pool/openssh
Dominique Leuenberger 2020-02-18 15:18:19 +00:00 committed by Git OBS Bridge
commit 350e5efcfa
5 changed files with 61 additions and 2 deletions

View File

@ -0,0 +1,25 @@
From b110cefdfbf5a20f49b774a55062d6ded2fb6e22 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Tue, 7 Jan 2020 16:26:45 -0800
Subject: [PATCH] seccomp: Allow clock_gettime64() in sandbox.
This helps sshd accept connections on mips platforms with
upcoming glibc ( 2.31 )
---
sandbox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 3ef30c9d5..999c46c9f 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -248,6 +248,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_clock_nanosleep_time64
SC_ALLOW(__NR_clock_nanosleep_time64),
#endif
+#ifdef __NR_clock_gettime64
+ SC_ALLOW(__NR_clock_gettime64),
+#endif
#ifdef __NR__newselect
SC_ALLOW(__NR__newselect),
#endif

View File

@ -0,0 +1,24 @@
From 5af6fd5461bb709304e6979c8b7856c7af921c9e Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Mon, 16 Dec 2019 13:55:56 +1100
Subject: [PATCH] Allow clock_nanosleep_time64 in seccomp sandbox.
Needed on Linux ARM. bz#3100, patch from jjelen@redhat.com.
---
sandbox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
Index: openssh-8.1p1/sandbox-seccomp-filter.c
===================================================================
--- openssh-8.1p1.orig/sandbox-seccomp-filter.c
+++ openssh-8.1p1/sandbox-seccomp-filter.c
@@ -251,6 +251,9 @@ static const struct sock_filter preauth_
#ifdef __NR_clock_nanosleep
SC_ALLOW(__NR_clock_nanosleep),
#endif
+#ifdef __NR_clock_nanosleep_time64
+ SC_ALLOW(__NR_clock_nanosleep_time64),
+#endif
#ifdef __NR__newselect
SC_ALLOW(__NR__newselect),
#endif

View File

@ -1,7 +1,7 @@
#
# spec file for package openssh-askpass-gnome
#
# Copyright (c) 2019 SUSE LLC.
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Feb 18 14:47:36 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Add patches to fix the sandbox blocking glibc on 32bit platforms
(boo#1164061):
* openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
* openssh-8.1p1-seccomp-clock_gettime64.patch
-------------------------------------------------------------------
Fri Nov 8 18:05:37 UTC 2019 - Cristian Rodríguez <crrodriguez@opensuse.org>

View File

@ -1,7 +1,7 @@
#
# spec file for package openssh
#
# Copyright (c) 2019 SUSE LLC.
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -100,6 +100,8 @@ Patch33: openssh-7.7p1-sftp_print_diagnostic_messages.patch
Patch34: openssh-7.9p1-keygen-preserve-perms.patch
Patch35: openssh-7.9p1-revert-new-qos-defaults.patch
Patch36: openssh-8.1p1-seccomp-clock_nanosleep.patch
Patch37: openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
Patch38: openssh-8.1p1-seccomp-clock_gettime64.patch
BuildRequires: audit-devel
BuildRequires: autoconf
BuildRequires: groff