Hello community,
here is the log from the commit of package openssh for openSUSE:Factory checked
in at 2020-02-18 16:18:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssh (Old)
and /work/SRC/openSUSE:Factory/.openssh.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh"
Tue Feb 18 16:18:19 2020 rev:137 rq:775238 version:8.1p1
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2019-11-18
20:05:39.685735390 +0100
+++ /work/SRC/openSUSE:Factory/.openssh.new.26092/openssh.changes
2020-02-18 16:18:21.148057284 +0100
@@ -1,0 +2,8 @@
+Tue Feb 18 14:47:36 UTC 2020 - Fabian Vogt <fv...@suse.com>
+
+- Add patches to fix the sandbox blocking glibc on 32bit platforms
+ (boo#1164061):
+ * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
+ * openssh-8.1p1-seccomp-clock_gettime64.patch
+
+-------------------------------------------------------------------
New:
----
openssh-8.1p1-seccomp-clock_gettime64.patch
openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssh-askpass-gnome.spec ++++++
--- /var/tmp/diff_new_pack.QIPye1/_old 2020-02-18 16:18:23.976062964 +0100
+++ /var/tmp/diff_new_pack.QIPye1/_new 2020-02-18 16:18:23.976062964 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openssh-askpass-gnome
#
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
++++++ openssh.spec ++++++
--- /var/tmp/diff_new_pack.QIPye1/_old 2020-02-18 16:18:23.992062996 +0100
+++ /var/tmp/diff_new_pack.QIPye1/_new 2020-02-18 16:18:23.996063004 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openssh
#
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -100,6 +100,8 @@
Patch34: openssh-7.9p1-keygen-preserve-perms.patch
Patch35: openssh-7.9p1-revert-new-qos-defaults.patch
Patch36: openssh-8.1p1-seccomp-clock_nanosleep.patch
+Patch37: openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
+Patch38: openssh-8.1p1-seccomp-clock_gettime64.patch
BuildRequires: audit-devel
BuildRequires: autoconf
BuildRequires: groff
++++++ openssh-8.1p1-seccomp-clock_gettime64.patch ++++++
>From b110cefdfbf5a20f49b774a55062d6ded2fb6e22 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.k...@gmail.com>
Date: Tue, 7 Jan 2020 16:26:45 -0800
Subject: [PATCH] seccomp: Allow clock_gettime64() in sandbox.
This helps sshd accept connections on mips platforms with
upcoming glibc ( 2.31 )
---
sandbox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 3ef30c9d5..999c46c9f 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -248,6 +248,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_clock_nanosleep_time64
SC_ALLOW(__NR_clock_nanosleep_time64),
#endif
+#ifdef __NR_clock_gettime64
+ SC_ALLOW(__NR_clock_gettime64),
+#endif
#ifdef __NR__newselect
SC_ALLOW(__NR__newselect),
#endif
++++++ openssh-8.1p1-seccomp-clock_nanosleep_time64.patch ++++++
>From 5af6fd5461bb709304e6979c8b7856c7af921c9e Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtuc...@dtucker.net>
Date: Mon, 16 Dec 2019 13:55:56 +1100
Subject: [PATCH] Allow clock_nanosleep_time64 in seccomp sandbox.
Needed on Linux ARM. bz#3100, patch from jje...@redhat.com.
---
sandbox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
Index: openssh-8.1p1/sandbox-seccomp-filter.c
===================================================================
--- openssh-8.1p1.orig/sandbox-seccomp-filter.c
+++ openssh-8.1p1/sandbox-seccomp-filter.c
@@ -251,6 +251,9 @@ static const struct sock_filter preauth_
#ifdef __NR_clock_nanosleep
SC_ALLOW(__NR_clock_nanosleep),
#endif
+#ifdef __NR_clock_nanosleep_time64
+ SC_ALLOW(__NR_clock_nanosleep_time64),
+#endif
#ifdef __NR__newselect
SC_ALLOW(__NR__newselect),
#endif
