forked from pool/openssh
Antonio Larrosa
fef1b16e66
commented out). The keycat binary isn't really installed nor supported, so we can drop it, except for the code that is used by other SELinux patches, which is what I kept from that patch (boo#1229072). - Add patch submitted to upstream to fix RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (boo#1229010). * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=274
35 lines
927 B
Diff
35 lines
927 B
Diff
Index: openssh-8.8p1/sandbox-seccomp-filter.c
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/sandbox-seccomp-filter.c
|
|
+++ openssh-8.8p1/sandbox-seccomp-filter.c
|
|
@@ -201,6 +201,9 @@ static const struct sock_filter preauth_
|
|
#ifdef __NR_close
|
|
SC_ALLOW(__NR_close),
|
|
#endif
|
|
+#ifdef __NR_close_range
|
|
+ SC_ALLOW(__NR_close_range),
|
|
+#endif
|
|
#ifdef __NR_exit
|
|
SC_ALLOW(__NR_exit),
|
|
#endif
|
|
@@ -213,6 +216,9 @@ static const struct sock_filter preauth_
|
|
#ifdef __NR_futex_time64
|
|
SC_FUTEX(__NR_futex_time64),
|
|
#endif
|
|
+#ifdef __NR_futex_time64
|
|
+ SC_ALLOW(__NR_futex_time64),
|
|
+#endif
|
|
#ifdef __NR_geteuid
|
|
SC_ALLOW(__NR_geteuid),
|
|
#endif
|
|
@@ -293,6 +299,9 @@ static const struct sock_filter preauth_
|
|
#endif
|
|
#ifdef __NR_pselect6_time64
|
|
SC_ALLOW(__NR_pselect6_time64),
|
|
+#endif
|
|
+#ifdef __NR_pselect6_time64
|
|
+ SC_ALLOW(__NR_pselect6_time64),
|
|
#endif
|
|
#ifdef __NR_read
|
|
SC_ALLOW(__NR_read),
|