Accepting request 775238 from network

OBS-URL: https://build.opensuse.org/request/show/775238
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=137

openssh-8.1p1-seccomp-clock_gettime64.patch

@@ -0,0 +1,25 @@
+From b110cefdfbf5a20f49b774a55062d6ded2fb6e22 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 7 Jan 2020 16:26:45 -0800
+Subject: [PATCH] seccomp: Allow clock_gettime64() in sandbox.
+
+This helps sshd accept connections on mips platforms with
+upcoming glibc ( 2.31 )
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3ef30c9d5..999c46c9f 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -248,6 +248,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_clock_nanosleep_time64
+ 	SC_ALLOW(__NR_clock_nanosleep_time64),
+ #endif
++#ifdef __NR_clock_gettime64
++	SC_ALLOW(__NR_clock_gettime64),
++#endif
+ #ifdef __NR__newselect
+ 	SC_ALLOW(__NR__newselect),
+ #endif

openssh-8.1p1-seccomp-clock_nanosleep_time64.patch

@@ -0,0 +1,24 @@
+From 5af6fd5461bb709304e6979c8b7856c7af921c9e Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Mon, 16 Dec 2019 13:55:56 +1100
+Subject: [PATCH] Allow clock_nanosleep_time64 in seccomp sandbox.
+
+Needed on Linux ARM.  bz#3100, patch from jjelen@redhat.com.
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: openssh-8.1p1/sandbox-seccomp-filter.c
+===================================================================
+--- openssh-8.1p1.orig/sandbox-seccomp-filter.c
++++ openssh-8.1p1/sandbox-seccomp-filter.c
+@@ -251,6 +251,9 @@ static const struct sock_filter preauth_
+ #ifdef __NR_clock_nanosleep
+     SC_ALLOW(__NR_clock_nanosleep),
+ #endif
++#ifdef __NR_clock_nanosleep_time64
++	SC_ALLOW(__NR_clock_nanosleep_time64),
++#endif
+ #ifdef __NR__newselect
+ 	SC_ALLOW(__NR__newselect),
+ #endif

openssh-askpass-gnome.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package openssh-askpass-gnome
 #
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

openssh.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Feb 18 14:47:36 UTC 2020 - Fabian Vogt <fvogt@suse.com>
+
+- Add patches to fix the sandbox blocking glibc on 32bit platforms
+  (boo#1164061):
+  * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
+  * openssh-8.1p1-seccomp-clock_gettime64.patch
+
 -------------------------------------------------------------------
 Fri Nov  8 18:05:37 UTC 2019 - Cristian Rodríguez <crrodriguez@opensuse.org>
 

openssh.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package openssh
 #
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -100,6 +100,8 @@ Patch33:        openssh-7.7p1-sftp_print_diagnostic_messages.patch
 Patch34:        openssh-7.9p1-keygen-preserve-perms.patch
 Patch35:        openssh-7.9p1-revert-new-qos-defaults.patch
 Patch36:        openssh-8.1p1-seccomp-clock_nanosleep.patch
+Patch37:        openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
+Patch38:        openssh-8.1p1-seccomp-clock_gettime64.patch
 BuildRequires:  audit-devel
 BuildRequires:  autoconf
 BuildRequires:  groff