- rel 3; allow glibc 2.31 to work with filter auto/th/openssh-8.1p1-3
authorArkadiusz Miśkiewicz <arekm@maven.pl>
Mon, 3 Feb 2020 22:00:58 +0000 (23:00 +0100)
committerArkadiusz Miśkiewicz <arekm@maven.pl>
Mon, 3 Feb 2020 22:00:58 +0000 (23:00 +0100)
openssh.spec
ossh-bug-3093.patch [new file with mode: 0644]

index 5321c057032041d69f8e717407f970ca331c69a1..e37bd98466b7e78657433779897d8482e4e7472f 100644 (file)
@@ -37,7 +37,7 @@ Summary(ru.UTF-8):    OpenSSH - свободная реализация прото
 Summary(uk.UTF-8):     OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:          openssh
 Version:       8.1p1
-Release:       2
+Release:       3
 Epoch:         2
 License:       BSD
 Group:         Applications/Networking
@@ -72,9 +72,9 @@ Patch10:      %{name}-include.patch
 Patch11:       %{name}-chroot.patch
 Patch12:       openssh-bug-2905.patch
 Patch13:       %{name}-skip-interop-tests.patch
-
 Patch14:       %{name}-bind.patch
 Patch15:       %{name}-disable_ldap.patch
+Patch16:       ossh-bug-3093.patch
 URL:           http://www.openssh.com/portable.html
 BuildRequires: %{__perl}
 %{?with_audit:BuildRequires:   audit-libs-devel}
@@ -551,6 +551,8 @@ openldap-a.
 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
 %endif
 
+%patch16 -p1
+
 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
 
diff --git a/ossh-bug-3093.patch b/ossh-bug-3093.patch
new file mode 100644 (file)
index 0000000..05a4509
--- /dev/null
@@ -0,0 +1,24 @@
+From ccd3b247d59d3bde16c3bef0ea888213fbd6da86 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Mon, 3 Feb 2020 19:40:12 +1100
+Subject: [PATCH] add clock_gettime64(2) to sandbox allowed syscalls
+
+bz3093
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 0914e48ba..f80981faf 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -188,6 +188,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_clock_gettime
+       SC_ALLOW(__NR_clock_gettime),
+ #endif
++#ifdef __NR_clock_gettime64
++      SC_ALLOW(__NR_clock_gettime64),
++#endif
+ #ifdef __NR_close
+       SC_ALLOW(__NR_close),
+ #endif
This page took 0.087921 seconds and 4 git commands to generate.