From bbe3c2e156cf1255a4b637ad6c6e39d5969673c6 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Thu, 19 Nov 2020 12:29:39 +0100 Subject: [PATCH] Fix missing syscall in sandbox on arm (#1897712) --- openssh-8.4p1-sandbox-seccomp.patch | 14 ++++++++++++++ openssh.spec | 3 +++ 2 files changed, 17 insertions(+) create mode 100644 openssh-8.4p1-sandbox-seccomp.patch diff --git a/openssh-8.4p1-sandbox-seccomp.patch b/openssh-8.4p1-sandbox-seccomp.patch new file mode 100644 index 0000000..ac4ee61 --- /dev/null +++ b/openssh-8.4p1-sandbox-seccomp.patch @@ -0,0 +1,14 @@ +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c +index e0768c06..5065ae7e 100644 +--- a/sandbox-seccomp-filter.c ++++ b/sandbox-seccomp-filter.c +@@ -267,6 +267,9 @@ static const struct sock_filter preauth_insns[] = { + #ifdef __NR_pselect6 + SC_ALLOW(__NR_pselect6), + #endif ++#ifdef __NR_pselect6_time64 ++ SC_ALLOW(__NR_pselect6_time64), ++#endif + #ifdef __NR_read + SC_ALLOW(__NR_read), + #endif diff --git a/openssh.spec b/openssh.spec index df39c02..a712857 100644 --- a/openssh.spec +++ b/openssh.spec @@ -197,6 +197,8 @@ Patch965: openssh-8.2p1-visibility.patch # Do not break X11 without IPv6 Patch966: openssh-8.2p1-x11-without-ipv6.patch Patch967: openssh-8.4p1-ssh-copy-id.patch +# https://bugzilla.mindrot.org/show_bug.cgi?id=3232 +Patch968: openssh-8.4p1-sandbox-seccomp.patch License: BSD Requires: /sbin/nologin @@ -381,6 +383,7 @@ popd %patch965 -p1 -b .visibility %patch966 -p1 -b .x11-ipv6 %patch967 -p1 -b .ssh-copy-id +%patch968 -p1 -b .seccomp %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race