Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2020-02-18 16:18:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh" Tue Feb 18 16:18:19 2020 rev:137 rq:775238 version:8.1p1 Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2019-11-18 20:05:39.685735390 +0100 +++ /work/SRC/openSUSE:Factory/.openssh.new.26092/openssh.changes 2020-02-18 16:18:21.148057284 +0100 @@ -1,0 +2,8 @@ +Tue Feb 18 14:47:36 UTC 2020 - Fabian Vogt <fv...@suse.com> + +- Add patches to fix the sandbox blocking glibc on 32bit platforms + (boo#1164061): + * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch + * openssh-8.1p1-seccomp-clock_gettime64.patch + +------------------------------------------------------------------- New: ---- openssh-8.1p1-seccomp-clock_gettime64.patch openssh-8.1p1-seccomp-clock_nanosleep_time64.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.QIPye1/_old 2020-02-18 16:18:23.976062964 +0100 +++ /var/tmp/diff_new_pack.QIPye1/_new 2020-02-18 16:18:23.976062964 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2019 SUSE LLC. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.QIPye1/_old 2020-02-18 16:18:23.992062996 +0100 +++ /var/tmp/diff_new_pack.QIPye1/_new 2020-02-18 16:18:23.996063004 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2019 SUSE LLC. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -100,6 +100,8 @@ Patch34: openssh-7.9p1-keygen-preserve-perms.patch Patch35: openssh-7.9p1-revert-new-qos-defaults.patch Patch36: openssh-8.1p1-seccomp-clock_nanosleep.patch +Patch37: openssh-8.1p1-seccomp-clock_nanosleep_time64.patch +Patch38: openssh-8.1p1-seccomp-clock_gettime64.patch BuildRequires: audit-devel BuildRequires: autoconf BuildRequires: groff ++++++ openssh-8.1p1-seccomp-clock_gettime64.patch ++++++ >From b110cefdfbf5a20f49b774a55062d6ded2fb6e22 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.k...@gmail.com> Date: Tue, 7 Jan 2020 16:26:45 -0800 Subject: [PATCH] seccomp: Allow clock_gettime64() in sandbox. This helps sshd accept connections on mips platforms with upcoming glibc ( 2.31 ) --- sandbox-seccomp-filter.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c index 3ef30c9d5..999c46c9f 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c @@ -248,6 +248,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_clock_nanosleep_time64 SC_ALLOW(__NR_clock_nanosleep_time64), #endif +#ifdef __NR_clock_gettime64 + SC_ALLOW(__NR_clock_gettime64), +#endif #ifdef __NR__newselect SC_ALLOW(__NR__newselect), #endif ++++++ openssh-8.1p1-seccomp-clock_nanosleep_time64.patch ++++++ >From 5af6fd5461bb709304e6979c8b7856c7af921c9e Mon Sep 17 00:00:00 2001 From: Darren Tucker <dtuc...@dtucker.net> Date: Mon, 16 Dec 2019 13:55:56 +1100 Subject: [PATCH] Allow clock_nanosleep_time64 in seccomp sandbox. Needed on Linux ARM. bz#3100, patch from jje...@redhat.com. --- sandbox-seccomp-filter.c | 3 +++ 1 file changed, 3 insertions(+) Index: openssh-8.1p1/sandbox-seccomp-filter.c =================================================================== --- openssh-8.1p1.orig/sandbox-seccomp-filter.c +++ openssh-8.1p1/sandbox-seccomp-filter.c @@ -251,6 +251,9 @@ static const struct sock_filter preauth_ #ifdef __NR_clock_nanosleep SC_ALLOW(__NR_clock_nanosleep), #endif +#ifdef __NR_clock_nanosleep_time64 + SC_ALLOW(__NR_clock_nanosleep_time64), +#endif #ifdef __NR__newselect SC_ALLOW(__NR__newselect), #endif