rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Fix missing syscall in sandbox on arm (#1897712)

Browse Source
This commit is contained in:
Jakub Jelen 2020-11-19 12:29:39 +01:00
parent a048fcc3d0
commit bbe3c2e156
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
openssh-8.4p1-sandbox-seccomp.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index e0768c06..5065ae7e 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -267,6 +267,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_pselect6
SC_ALLOW(__NR_pselect6),
#endif
+#ifdef __NR_pselect6_time64
+ SC_ALLOW(__NR_pselect6_time64),
+#endif
#ifdef __NR_read
SC_ALLOW(__NR_read),
#endif

3
openssh.spec
View File

@ -197,6 +197,8 @@ Patch965: openssh-8.2p1-visibility.patch
# Do not break X11 without IPv6 # Do not break X11 without IPv6
Patch966: openssh-8.2p1-x11-without-ipv6.patch Patch966: openssh-8.2p1-x11-without-ipv6.patch
Patch967: openssh-8.4p1-ssh-copy-id.patch Patch967: openssh-8.4p1-ssh-copy-id.patch
# https://bugzilla.mindrot.org/show_bug.cgi?id=3232
Patch968: openssh-8.4p1-sandbox-seccomp.patch
License: BSD License: BSD
Requires: /sbin/nologin Requires: /sbin/nologin
@ -381,6 +383,7 @@ popd
%patch965 -p1 -b .visibility %patch965 -p1 -b .visibility
%patch966 -p1 -b .x11-ipv6 %patch966 -p1 -b .x11-ipv6
%patch967 -p1 -b .ssh-copy-id %patch967 -p1 -b .ssh-copy-id
%patch968 -p1 -b .seccomp
%patch200 -p1 -b .audit %patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race %patch201 -p1 -b .audit-race