forked from pool/openssh
6c861e0b33
- remaining patches that were still missing since the update to 7.2p2 (FATE#319675): [openssh-7.2p2-disable_openssl_abi_check.patch] - fix forwarding with IPv6 addresses in DISPLAY (bnc#847710) [openssh-7.2p2-IPv6_X_forwarding.patch] - ignore PAM environment when using login (bsc#975865, CVE-2015-8325) [openssh-7.2p2-ignore_PAM_with_UseLogin.patch] - limit accepted password length (prevents possible DoS) (bsc#992533, CVE-2016-6515) [openssh-7.2p2-limit_password_length.patch] - Prevent user enumeration through the timing of password processing (bsc#989363, CVE-2016-6210) [openssh-7.2p2-prevent_timing_user_enumeration.patch] - Add auditing for PRNG re-seeding [openssh-7.2p2-audit_seed_prng.patch] OBS-URL: https://build.opensuse.org/request/show/433779 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=113
31 lines
748 B
Diff
31 lines
748 B
Diff
# HG changeset patch
|
|
# Parent def949a57b8101691c79ecce6366cc7ae1685b07
|
|
Allow the stat() syscall for OpenSSL re-seed patch
|
|
(which causes OpenSSL use stat() on some file)
|
|
|
|
bnc#912436
|
|
|
|
diff --git a/openssh-7.2p2/sandbox-seccomp-filter.c b/openssh-7.2p2/sandbox-seccomp-filter.c
|
|
--- a/openssh-7.2p2/sandbox-seccomp-filter.c
|
|
+++ b/openssh-7.2p2/sandbox-seccomp-filter.c
|
|
@@ -130,16 +130,19 @@ static const struct sock_filter preauth_
|
|
SC_ALLOW(brk),
|
|
#endif
|
|
#ifdef __NR_clock_gettime
|
|
SC_ALLOW(clock_gettime),
|
|
#endif
|
|
#ifdef __NR_close
|
|
SC_ALLOW(close),
|
|
#endif
|
|
+#ifdef __NR_stat
|
|
+ SC_ALLOW(stat),
|
|
+#endif
|
|
#ifdef __NR_exit
|
|
SC_ALLOW(exit),
|
|
#endif
|
|
#ifdef __NR_exit_group
|
|
SC_ALLOW(exit_group),
|
|
#endif
|
|
#ifdef __NR_getpgid
|
|
SC_ALLOW(getpgid),
|