From a7e99332cc4d61c06f7566861da7950126f355a0 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Mon, 3 Feb 2020 23:00:58 +0100 Subject: [PATCH] - rel 3; allow glibc 2.31 to work with filter --- openssh.spec | 6 ++++-- ossh-bug-3093.patch | 24 ++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 ossh-bug-3093.patch diff --git a/openssh.spec b/openssh.spec index 5321c05..e37bd98 100644 --- a/openssh.spec +++ b/openssh.spec @@ -37,7 +37,7 @@ Summary(ru.UTF-8): OpenSSH - свободная реализация прото Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh Version: 8.1p1 -Release: 2 +Release: 3 Epoch: 2 License: BSD Group: Applications/Networking @@ -72,9 +72,9 @@ Patch10: %{name}-include.patch Patch11: %{name}-chroot.patch Patch12: openssh-bug-2905.patch Patch13: %{name}-skip-interop-tests.patch - Patch14: %{name}-bind.patch Patch15: %{name}-disable_ldap.patch +Patch16: ossh-bug-3093.patch URL: http://www.openssh.com/portable.html BuildRequires: %{__perl} %{?with_audit:BuildRequires: audit-libs-devel} @@ -551,6 +551,8 @@ openldap-a. %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile %endif +%patch16 -p1 + # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile* diff --git a/ossh-bug-3093.patch b/ossh-bug-3093.patch new file mode 100644 index 0000000..05a4509 --- /dev/null +++ b/ossh-bug-3093.patch @@ -0,0 +1,24 @@ +From ccd3b247d59d3bde16c3bef0ea888213fbd6da86 Mon Sep 17 00:00:00 2001 +From: Damien Miller +Date: Mon, 3 Feb 2020 19:40:12 +1100 +Subject: [PATCH] add clock_gettime64(2) to sandbox allowed syscalls + +bz3093 +--- + sandbox-seccomp-filter.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c +index 0914e48ba..f80981faf 100644 +--- a/sandbox-seccomp-filter.c ++++ b/sandbox-seccomp-filter.c +@@ -188,6 +188,9 @@ static const struct sock_filter preauth_insns[] = { + #ifdef __NR_clock_gettime + SC_ALLOW(__NR_clock_gettime), + #endif ++#ifdef __NR_clock_gettime64 ++ SC_ALLOW(__NR_clock_gettime64), ++#endif + #ifdef __NR_close + SC_ALLOW(__NR_close), + #endif -- 2.43.0