summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Baumann <mail@andreasbaumann.cc>2021-02-26 17:01:35 +0100
committerAndreas Baumann <mail@andreasbaumann.cc>2021-02-26 17:01:35 +0100
commit0d71e23175d417f3cda918cf93cf0fe4a3b809d2 (patch)
tree9bc64dd4e40b9750d24f3557a3079e2cbe1a6ce3
parent9853b5edc060003475468a3831d70f6d98073891 (diff)
downloadpackages-0d71e23175d417f3cda918cf93cf0fe4a3b809d2.tar.xz
core/openssh: added seccomp fix from T2SDE (thanks Rene)
-rw-r--r--core/openssh/PKGBUILD11
-rw-r--r--core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch13
2 files changed, 20 insertions, 4 deletions
diff --git a/core/openssh/PKGBUILD b/core/openssh/PKGBUILD
index 15bba40a..d7a49aff 100644
--- a/core/openssh/PKGBUILD
+++ b/core/openssh/PKGBUILD
@@ -1,8 +1,11 @@
-# for now glibc 2.33 has been updated without libseccomp, so libseccomp
-# sandbox fails the login session in sshd
+# T2SDE patch for missing pselect6_time64 in seccomp, thanks :-)
+source+=(openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch)
+sha256sums+=(db7c0acfbed11ce4c2dbc602e8d5dfb8d46428679e96b325f564932ac2d8e14e)
+
eval "$(
- declare -f build | \
+ declare -f prepare | \
sed '
- s,./configure,./configure --with-sandbox=rlimit,g
+ /patch.*001/ a \
+ patch -p1 -i ../openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch
'
)"
diff --git a/core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch b/core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch
new file mode 100644
index 00000000..94776548
--- /dev/null
+++ b/core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch
@@ -0,0 +1,13 @@
+diff -rauN openssh-8.4p1/sandbox-seccomp-filter.c openssh-8.4p1-sandbox-seccomp-pselect6_time64-patch/sandbox-seccomp-filter.c
+--- openssh-8.4p1/sandbox-seccomp-filter.c 2020-09-27 09:25:01.000000000 +0200
++++ openssh-8.4p1-sandbox-seccomp-pselect6_time64-patch/sandbox-seccomp-filter.c 2021-02-26 16:57:02.857964436 +0100
+@@ -267,6 +267,9 @@
+ #ifdef __NR_pselect6
+ SC_ALLOW(__NR_pselect6),
+ #endif
++#ifdef __NR_pselect6_time64
++ SC_ALLOW(__NR_pselect6_time64),
++#endif
+ #ifdef __NR_read
+ SC_ALLOW(__NR_read),
+ #endif