On Tue, Jan 26, 2021 at 01:44:47PM +0100, Julian Andres Klode wrote: > On Tue, Jan 26, 2021 at 12:52:52PM +0100, Aurelien Jarno wrote: > > The break hasn't been added randomly, but in response to upstream > > release notes and bug #965932. In short the openssh seccomp filters in > > buster are too narrow, and do not allow the new 64-bit syscalls needed > > for 64-bit time_t compatibility to be used.
Would it help to get those seccomp filter fixes into buster, and then we could tell people that they have to upgrade to the latest point release first? Awkward but not unprecedented I think. > An alternative solution, for openssh-server would be to avoid using the > new syscalls for 64-bit time_t compatibility I assume (forcing it to > link with older symbol versions?), Changing openssh-server in bullseye can't possibly help here, because if you've upgraded openssh-server then that will include the updated seccomp filters anyway. Changing openssh-server in buster might help, but if so it would be much simpler to take the approach above (backporting the seccomp filter fixes) rather than doing symbol versioning hacks. -- Colin Watson (he/him) [cjwat...@debian.org]
