[packages/openssh] - rel 3; allow glibc 2.31 to work with filter

arekm arekm at pld-linux.org
Mon Feb 3 23:01:07 CET 2020 

commit a7e99332cc4d61c06f7566861da7950126f355a0
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Mon Feb 3 23:00:58 2020 +0100

    - rel 3; allow glibc 2.31 to work with filter

 openssh.spec        |  6 ++++--
 ossh-bug-3093.patch | 24 ++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index 5321c05..e37bd98 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -37,7 +37,7 @@ Summary(ru.UTF-8):	OpenSSH - свободная реализация прото
 Summary(uk.UTF-8):	OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:		openssh
 Version:	8.1p1
-Release:	2
+Release:	3
 Epoch:		2
 License:	BSD
 Group:		Applications/Networking
@@ -72,9 +72,9 @@ Patch10:	%{name}-include.patch
 Patch11:	%{name}-chroot.patch
 Patch12:	openssh-bug-2905.patch
 Patch13:	%{name}-skip-interop-tests.patch
-
 Patch14:	%{name}-bind.patch
 Patch15:	%{name}-disable_ldap.patch
+Patch16:	ossh-bug-3093.patch
 URL:		http://www.openssh.com/portable.html
 BuildRequires:	%{__perl}
 %{?with_audit:BuildRequires:	audit-libs-devel}
@@ -551,6 +551,8 @@ openldap-a.
 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
 %endif
 
+%patch16 -p1
+
 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
 
diff --git a/ossh-bug-3093.patch b/ossh-bug-3093.patch
new file mode 100644
index 0000000..05a4509
--- /dev/null
+++ b/ossh-bug-3093.patch
@@ -0,0 +1,24 @@
+From ccd3b247d59d3bde16c3bef0ea888213fbd6da86 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm at mindrot.org>
+Date: Mon, 3 Feb 2020 19:40:12 +1100
+Subject: [PATCH] add clock_gettime64(2) to sandbox allowed syscalls
+
+bz3093
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 0914e48ba..f80981faf 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -188,6 +188,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_clock_gettime
+ 	SC_ALLOW(__NR_clock_gettime),
+ #endif
++#ifdef __NR_clock_gettime64
++	SC_ALLOW(__NR_clock_gettime64),
++#endif
+ #ifdef __NR_close
+ 	SC_ALLOW(__NR_close),
+ #endif
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openssh.git/commitdiff/a7e99332cc4d61c06f7566861da7950126f355a0

More information about the pld-cvs-commit mailing list