Accepting request 907161 from home:elvigia:branches:network

- The linux kernel has close_range(2) syscall which current glibc
  uses to implement closefrom(3) which will be then used by openssh.
  whitelist the new system call so closefrom does not fail or
  fallback to iterating proc/self/fd (openssh-whitelist-syscalls.patch)

OBS-URL: https://build.opensuse.org/request/show/907161
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=233

openssh-whitelist-syscalls.patch

@@ -1,8 +1,16 @@
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index 797a14b..02698cc 100644
 --- a/sandbox-seccomp-filter.c
 +++ b/sandbox-seccomp-filter.c
-@@ -204,6 +204,9 @@ static const struct sock_filter preauth_insns[] = {
+@@ -195,6 +195,9 @@
+ #ifdef __NR_close
+ 	SC_ALLOW(__NR_close),
+ #endif
++#ifdef __NR_close_range
++	SC_ALLOW(__NR_close_range),
++#endif
+ #ifdef __NR_exit
+ 	SC_ALLOW(__NR_exit),
+ #endif
+@@ -204,6 +207,9 @@
  #ifdef __NR_futex
  	SC_ALLOW(__NR_futex),
  #endif
@@ -12,7 +20,7 @@ index 797a14b..02698cc 100644
  #ifdef __NR_geteuid
  	SC_ALLOW(__NR_geteuid),
  #endif
-@@ -282,6 +285,9 @@ static const struct sock_filter preauth_insns[] = {
+@@ -282,6 +288,9 @@
  #ifdef __NR_pselect6
  	SC_ALLOW(__NR_pselect6),
  #endif

openssh.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jul 19 14:51:08 UTC 2021 - Cristian Rodríguez <crrodriguez@opensuse.org>
+
+- The linux kernel has close_range(2) syscall which current glibc
+  uses to implement closefrom(3) which will be then used by openssh.
+  whitelist the new system call so closefrom does not fail or
+  fallback to iterating proc/self/fd (openssh-whitelist-syscalls.patch)
+
 -------------------------------------------------------------------
 Wed Jun 23 18:32:20 UTC 2021 - Hans Petter Jansson <hpj@suse.com>