NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4ce665083a
kumquat-buildroot/package/openssh/0001-Allow-ppoll_time64-in-seccomp-sandbox.patch

33 lines
1011 B
Diff
Raw Normal View History

package/openssh: add upstream patch to add seccomp ppoll_time64 support sshd is broken on 32-bit systems because ppoll_time64 is used by the application although it is not allowed by the seccomp filter. Apply the upstream patch to fix this. Signed-off-by: John Keeping <john@metanate.com> Reviewed-by: Peter Seiderer <ps.report@gmx.net> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-03-10 15:03:50 +01:00
From 284b6e5394652d519e31782e3b3cdfd7b21d1a81 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Sat, 26 Feb 2022 14:06:14 +1100
Subject: [PATCH] Allow ppoll_time64 in seccomp sandbox.
Should fix sandbox violations on (some? at least i386 and armhf) 32bit
Linux platforms. Patch from chutzpahu at gentoo.org and cjwatson at
debian.org via bz#3396.
[Upstream: https://github.com/openssh/openssh-portable/commit/284b6e5394652d519e31782e3b3cdfd7b21d1a81.patch]
Signed-off-by: John Keeping <john@metanate.com>
---
sandbox-seccomp-filter.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index 2e065ba3..4ce80cb2 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
#ifdef __NR_ppoll
SC_ALLOW(__NR_ppoll),
#endif
+#ifdef __NR_ppoll_time64
+ SC_ALLOW(__NR_ppoll_time64),
+#endif
#ifdef __NR_poll
SC_ALLOW(__NR_poll),
#endif
--
2.35.1
Reference in New Issue Copy Permalink