From 496e3f824d23c74c1e671f3be446c5896f1d7531 Mon Sep 17 00:00:00 2001 From: Leah Neukirchen Date: Thu, 3 Mar 2022 20:21:44 +0100 Subject: [PATCH] openssh: fix ppoll_time64 seccomp violation on 32-bit platforms. Closes #35913. --- srcpkgs/openssh/patches/ppoll_time64.patch | 26 ++++++++++++++++++++++ srcpkgs/openssh/template | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/openssh/patches/ppoll_time64.patch diff --git a/srcpkgs/openssh/patches/ppoll_time64.patch b/srcpkgs/openssh/patches/ppoll_time64.patch new file mode 100644 index 00000000000..199361c6902 --- /dev/null +++ b/srcpkgs/openssh/patches/ppoll_time64.patch @@ -0,0 +1,26 @@ +From 284b6e5394652d519e31782e3b3cdfd7b21d1a81 Mon Sep 17 00:00:00 2001 +From: Darren Tucker +Date: Sat, 26 Feb 2022 14:06:14 +1100 +Subject: [PATCH] Allow ppoll_time64 in seccomp sandbox. + +Should fix sandbox violations on (some? at least i386 and armhf) 32bit +Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at +debian.org via bz#3396. +--- + sandbox-seccomp-filter.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c +index 2e065ba3ed..4ce80cb2a7 100644 +--- a/sandbox-seccomp-filter.c ++++ b/sandbox-seccomp-filter.c +@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = { + #ifdef __NR_ppoll + SC_ALLOW(__NR_ppoll), + #endif ++#ifdef __NR_ppoll_time64 ++ SC_ALLOW(__NR_ppoll_time64), ++#endif + #ifdef __NR_poll + SC_ALLOW(__NR_poll), + #endif diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index a67e9d69679..fe446fc131d 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh version=8.9p1 -revision=1 +revision=2 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody