diff options
author | Andreas Baumann <mail@andreasbaumann.cc> | 2021-02-26 17:01:35 +0100 |
---|---|---|
committer | Andreas Baumann <mail@andreasbaumann.cc> | 2021-02-26 17:01:35 +0100 |
commit | 0d71e23175d417f3cda918cf93cf0fe4a3b809d2 (patch) | |
tree | 9bc64dd4e40b9750d24f3557a3079e2cbe1a6ce3 | |
parent | 9853b5edc060003475468a3831d70f6d98073891 (diff) | |
download | packages-0d71e23175d417f3cda918cf93cf0fe4a3b809d2.tar.xz |
core/openssh: added seccomp fix from T2SDE (thanks Rene)
-rw-r--r-- | core/openssh/PKGBUILD | 11 | ||||
-rw-r--r-- | core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch | 13 |
2 files changed, 20 insertions, 4 deletions
diff --git a/core/openssh/PKGBUILD b/core/openssh/PKGBUILD index 15bba40a..d7a49aff 100644 --- a/core/openssh/PKGBUILD +++ b/core/openssh/PKGBUILD @@ -1,8 +1,11 @@ -# for now glibc 2.33 has been updated without libseccomp, so libseccomp -# sandbox fails the login session in sshd +# T2SDE patch for missing pselect6_time64 in seccomp, thanks :-) +source+=(openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch) +sha256sums+=(db7c0acfbed11ce4c2dbc602e8d5dfb8d46428679e96b325f564932ac2d8e14e) + eval "$( - declare -f build | \ + declare -f prepare | \ sed ' - s,./configure,./configure --with-sandbox=rlimit,g + /patch.*001/ a \ + patch -p1 -i ../openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch ' )" diff --git a/core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch b/core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch new file mode 100644 index 00000000..94776548 --- /dev/null +++ b/core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch @@ -0,0 +1,13 @@ +diff -rauN openssh-8.4p1/sandbox-seccomp-filter.c openssh-8.4p1-sandbox-seccomp-pselect6_time64-patch/sandbox-seccomp-filter.c +--- openssh-8.4p1/sandbox-seccomp-filter.c 2020-09-27 09:25:01.000000000 +0200 ++++ openssh-8.4p1-sandbox-seccomp-pselect6_time64-patch/sandbox-seccomp-filter.c 2021-02-26 16:57:02.857964436 +0100 +@@ -267,6 +267,9 @@ + #ifdef __NR_pselect6 + SC_ALLOW(__NR_pselect6), + #endif ++#ifdef __NR_pselect6_time64 ++ SC_ALLOW(__NR_pselect6_time64), ++#endif + #ifdef __NR_read + SC_ALLOW(__NR_read), + #endif |