From 0d71e23175d417f3cda918cf93cf0fe4a3b809d2 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Fri, 26 Feb 2021 17:01:35 +0100 Subject: core/openssh: added seccomp fix from T2SDE (thanks Rene) --- core/openssh/PKGBUILD | 11 +++++++---- .../openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch | 13 +++++++++++++ 2 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch (limited to 'core') diff --git a/core/openssh/PKGBUILD b/core/openssh/PKGBUILD index 15bba40a..d7a49aff 100644 --- a/core/openssh/PKGBUILD +++ b/core/openssh/PKGBUILD @@ -1,8 +1,11 @@ -# for now glibc 2.33 has been updated without libseccomp, so libseccomp -# sandbox fails the login session in sshd +# T2SDE patch for missing pselect6_time64 in seccomp, thanks :-) +source+=(openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch) +sha256sums+=(db7c0acfbed11ce4c2dbc602e8d5dfb8d46428679e96b325f564932ac2d8e14e) + eval "$( - declare -f build | \ + declare -f prepare | \ sed ' - s,./configure,./configure --with-sandbox=rlimit,g + /patch.*001/ a \ + patch -p1 -i ../openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch ' )" diff --git a/core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch b/core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch new file mode 100644 index 00000000..94776548 --- /dev/null +++ b/core/openssh/openssh-8.4p1-sandbox-seccomp-pselect6_time64.patch @@ -0,0 +1,13 @@ +diff -rauN openssh-8.4p1/sandbox-seccomp-filter.c openssh-8.4p1-sandbox-seccomp-pselect6_time64-patch/sandbox-seccomp-filter.c +--- openssh-8.4p1/sandbox-seccomp-filter.c 2020-09-27 09:25:01.000000000 +0200 ++++ openssh-8.4p1-sandbox-seccomp-pselect6_time64-patch/sandbox-seccomp-filter.c 2021-02-26 16:57:02.857964436 +0100 +@@ -267,6 +267,9 @@ + #ifdef __NR_pselect6 + SC_ALLOW(__NR_pselect6), + #endif ++#ifdef __NR_pselect6_time64 ++ SC_ALLOW(__NR_pselect6_time64), ++#endif + #ifdef __NR_read + SC_ALLOW(__NR_read), + #endif -- cgit v1.2.3