Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2016-05-05 13:18:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh" Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2016-04-12 18:59:52.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh.changes 2016-05-05 13:18:09.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Apr 29 15:56:38 UTC 2016 - [email protected] + +- update seccomp sandbox that broke after OpenSSL update + (bsc#912436, bsc#977812) + [openssh-6.6p1-seccomp_stat.patch] + +------------------------------------------------------------------- New: ---- openssh-6.6p1-seccomp_stat.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.kHcar5/_old 2016-05-05 13:18:10.000000000 +0200 +++ /var/tmp/diff_new_pack.kHcar5/_new 2016-05-05 13:18:10.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.kHcar5/_old 2016-05-05 13:18:10.000000000 +0200 +++ /var/tmp/diff_new_pack.kHcar5/_new 2016-05-05 13:18:10.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -149,10 +149,11 @@ Patch34: openssh-6.6p1-sftp_homechroot.patch Patch35: openssh-6.6p1-sftp_force_permissions.patch Patch36: openssh-6.6p1-seccomp_getuid.patch -Patch37: openssh-6.6p1-X_forward_with_disabled_ipv6.patch -Patch38: openssh-6.6p1-fips-checks.patch -Patch39: openssh-6.6p1-ldap.patch -Patch40: CVE-2016-0777_CVE-2016-0778.patch +Patch37: openssh-6.6p1-seccomp_stat.patch +Patch38: openssh-6.6p1-X_forward_with_disabled_ipv6.patch +Patch39: openssh-6.6p1-fips-checks.patch +Patch40: openssh-6.6p1-ldap.patch +Patch41: CVE-2016-0777_CVE-2016-0778.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -228,14 +229,15 @@ %patch37 -p2 %patch38 -p2 %patch39 -p2 -%patch40 -p0 +%patch40 -p2 +%patch41 -p0 cp %{SOURCE3} %{SOURCE4} . %build # set libexec dir in the LDAP patch sed -i.libexec 's,@LIBEXECDIR@,%{_libexecdir}/ssh,' \ $( grep -Rl @LIBEXECDIR@ \ - $( grep "^+++" %{PATCH39} | sed -r 's@^.+/([^/\t ]+).*$@\1@' ) + $( grep "^+++" %{PATCH40} | sed -r 's@^.+/([^/\t ]+).*$@\1@' ) ) autoreconf -fiv ++++++ openssh-6.6p1-seccomp_stat.patch ++++++ # HG changeset patch # Parent 8c8249d4e830ade9dfa1d2294c6218bbe439cb4a Allow the stat() syscall for OpenSSL re-seed patch (which causes OpenSSL use stat() on some file) bnc#912436 diff --git a/openssh-6.6p1/sandbox-seccomp-filter.c b/openssh-6.6p1/sandbox-seccomp-filter.c --- a/openssh-6.6p1/sandbox-seccomp-filter.c +++ b/openssh-6.6p1/sandbox-seccomp-filter.c @@ -97,16 +97,17 @@ static const struct sock_filter preauth_ SC_ALLOW(gettimeofday), SC_ALLOW(clock_gettime), #ifdef __NR_time /* not defined on EABI ARM */ SC_ALLOW(time), #endif SC_ALLOW(read), SC_ALLOW(write), SC_ALLOW(close), + SC_ALLOW(stat), #ifdef __NR_shutdown /* not defined on archs that go via socketcall(2) */ SC_ALLOW(shutdown), #endif SC_ALLOW(brk), SC_ALLOW(poll), #ifdef __NR__newselect SC_ALLOW(_newselect), #else
