[packages/openssh] - rel 4; more syscalls

arekm arekm at pld-linux.org
Mon Feb 3 23:08:21 CET 2020 

commit 3331502558bc2cdbd3d39cc4bd45fb53526bbfcb
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Mon Feb 3 23:08:10 2020 +0100

    - rel 4; more syscalls

 openssh.spec        |  2 +-
 ossh-bug-3093.patch | 40 ++++++++++++++++++++++++++++------------
 2 files changed, 29 insertions(+), 13 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index e37bd98..065eb67 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -37,7 +37,7 @@ Summary(ru.UTF-8):	OpenSSH - свободная реализация прото
 Summary(uk.UTF-8):	OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:		openssh
 Version:	8.1p1
-Release:	3
+Release:	4
 Epoch:		2
 License:	BSD
 Group:		Applications/Networking
diff --git a/ossh-bug-3093.patch b/ossh-bug-3093.patch
index 05a4509..fa33bae 100644
--- a/ossh-bug-3093.patch
+++ b/ossh-bug-3093.patch
@@ -1,18 +1,18 @@
-From ccd3b247d59d3bde16c3bef0ea888213fbd6da86 Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm at mindrot.org>
-Date: Mon, 3 Feb 2020 19:40:12 +1100
-Subject: [PATCH] add clock_gettime64(2) to sandbox allowed syscalls
-
-bz3093
----
- sandbox-seccomp-filter.c | 3 +++
- 1 file changed, 3 insertions(+)
-
 diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index 0914e48ba..f80981faf 100644
+index b5cda70b..f80981fa 100644
 --- a/sandbox-seccomp-filter.c
 +++ b/sandbox-seccomp-filter.c
-@@ -188,6 +188,9 @@ static const struct sock_filter preauth_insns[] = {
+@@ -177,6 +177,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_shmdt
+ 	SC_DENY(__NR_shmdt, EACCES),
+ #endif
++#ifdef __NR_ipc
++	SC_DENY(__NR_ipc, EACCES),
++#endif
+ 
+ 	/* Syscalls to permit */
+ #ifdef __NR_brk
+@@ -185,6 +188,9 @@ static const struct sock_filter preauth_insns[] = {
  #ifdef __NR_clock_gettime
  	SC_ALLOW(__NR_clock_gettime),
  #endif
@@ -22,3 +22,19 @@ index 0914e48ba..f80981faf 100644
  #ifdef __NR_close
  	SC_ALLOW(__NR_close),
  #endif
+@@ -242,6 +248,15 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_nanosleep
+ 	SC_ALLOW(__NR_nanosleep),
+ #endif
++#ifdef __NR_clock_nanosleep
++	SC_ALLOW(__NR_clock_nanosleep),
++#endif
++#ifdef __NR_clock_nanosleep_time64
++	SC_ALLOW(__NR_clock_nanosleep_time64),
++#endif
++#ifdef __NR_clock_gettime64
++	SC_ALLOW(__NR_clock_gettime64),
++#endif
+ #ifdef __NR__newselect
+ 	SC_ALLOW(__NR__newselect),
+ #endif
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openssh.git/commitdiff/3331502558bc2cdbd3d39cc4bd45fb53526bbfcb

More information about the pld-cvs-commit mailing list