Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package vsftpd for openSUSE:Factory checked in at 2021-01-19 16:00:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/vsftpd (Old) and /work/SRC/openSUSE:Factory/.vsftpd.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "vsftpd" Tue Jan 19 16:00:24 2021 rev:74 rq:863668 version:3.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/vsftpd/vsftpd.changes 2020-11-15 15:24:09.747308304 +0100 +++ /work/SRC/openSUSE:Factory/.vsftpd.new.28504/vsftpd.changes 2021-01-19 16:00:26.679221281 +0100 @@ -1,0 +2,8 @@ +Thu Dec 3 11:20:20 UTC 2020 - Ismail D??nmez <[email protected]> + +- Add seccomp-fixes.patch to allow getdents64 syscall in seccomp + sandbox, fixes bsc#1179553 + Also in the same patch, fix the architecture offset from 4 to 5, + this change was documented in https://lore.kernel.org/patchwork/patch/554803/ + +------------------------------------------------------------------- New: ---- seccomp-fixes.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ vsftpd.spec ++++++ --- /var/tmp/diff_new_pack.ZVoNVr/_old 2021-01-19 16:00:27.791222962 +0100 +++ /var/tmp/diff_new_pack.ZVoNVr/_new 2021-01-19 16:00:27.795222968 +0100 @@ -87,6 +87,8 @@ Patch33: vsftpd-avoid-bogus-ssl-write.patch Patch34: 0001-Introduce-TLSv1.1-and-TLSv1.2-options.patch Patch35: 0001-When-handling-FEAT-command-check-ssl_tlsv1_1-and-ssl.patch +# PATCH-FIX-UPSTREAM https://bugzilla.suse.com/show_bug.cgi?id=1179553 +Patch36: seccomp-fixes.patch BuildRequires: libcap-devel BuildRequires: libopenssl-devel BuildRequires: pam-devel @@ -154,6 +156,7 @@ %patch33 -p1 %patch34 -p1 %patch35 -p1 +%patch36 -p1 %build %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP ++++++ seccomp-fixes.patch ++++++ Index: vsftpd-3.0.3/seccompsandbox.c =================================================================== --- vsftpd-3.0.3.orig/seccompsandbox.c +++ vsftpd-3.0.3/seccompsandbox.c @@ -18,6 +18,7 @@ #include "utility.h" #include <errno.h> +#include <stdio.h> #include <netinet/in.h> #include <netinet/tcp.h> @@ -60,6 +61,7 @@ #define kMaxSyscalls 100 +//#define DEBUG_SIGSYS #ifdef DEBUG_SIGSYS #include <signal.h> @@ -68,7 +70,10 @@ void handle_sigsys(int sig) { - (void) sig; + char str[21]; + snprintf(str, 21, "Rejected syscall %d", sig); + + die(str); } #endif @@ -443,6 +448,7 @@ seccomp_sandbox_setup_postlogin(const st allow_nr(__NR_getcwd); allow_nr(__NR_chdir); allow_nr(__NR_getdents); + allow_nr(__NR_getdents64); /* Misc */ allow_nr(__NR_umask); @@ -579,8 +585,8 @@ seccomp_sandbox_lockdown() p_filter->code = BPF_LD+BPF_W+BPF_ABS; p_filter->jt = 0; p_filter->jf = 0; - /* Offset 4 for syscall architecture. */ - p_filter->k = 4; + /* Offset 5 for syscall architecture. */ + p_filter->k = 5; p_filter++; p_filter->code = BPF_JMP+BPF_JEQ+BPF_K; p_filter->jt = 1;
