All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Seiderer <ps.report@gmx.net>
To: John Keeping <john@metanate.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/openssh: backport upstream fix for 32-bit
Date: Thu, 10 Mar 2022 21:38:40 +0100	[thread overview]
Message-ID: <20220310213840.32655ec7@gmx.net> (raw)
In-Reply-To: <20220310140350.1955655-1-john@metanate.com>

Hello John,

thanks for the patch, some minor nitpicks...

Better patch subject would be:

	package/openssh: add upstream patch to add seccomp ppoll_time64 support

On Thu, 10 Mar 2022 14:03:50 +0000, John Keeping <john@metanate.com> wrote:

> sshd is broken on 32-bit systems because ppoll_time64 is used by the
> application although it is not allowed by the seccomp filter.
>
> Apply the upstream patch to fix this.

Better:

  -add upstream patch ([1] to add seccomp ppoll_time64 support

[1] https://github.com/openssh/openssh-portable/commit/284b6e5394652d519e31782e3b3cdfd7b21d1a81.patch

>
> Signed-off-by: John Keeping <john@metanate.com>
> ---
>  ...llow-ppoll_time64-in-seccomp-sandbox.patch | 31 +++++++++++++++++++
>  1 file changed, 31 insertions(+)
>  create mode 100644 package/openssh/0001-Allow-ppoll_time64-in-seccomp-sandbox.patch
>
> diff --git a/package/openssh/0001-Allow-ppoll_time64-in-seccomp-sandbox.patch b/package/openssh/0001-Allow-ppoll_time64-in-seccomp-sandbox.patch
> new file mode 100644
> index 0000000000..34b309bd9a
> --- /dev/null
> +++ b/package/openssh/0001-Allow-ppoll_time64-in-seccomp-sandbox.patch
> @@ -0,0 +1,31 @@
> +From 284b6e5394652d519e31782e3b3cdfd7b21d1a81 Mon Sep 17 00:00:00 2001
> +From: Darren Tucker <dtucker@dtucker.net>
> +Date: Sat, 26 Feb 2022 14:06:14 +1100
> +Subject: [PATCH] Allow ppoll_time64 in seccomp sandbox.
> +
> +Should fix sandbox violations on (some? at least i386 and armhf) 32bit
> +Linux platforms.  Patch from chutzpahu at gentoo.org and cjwatson at
> +debian.org via bz#3396.
> +

Missing:

[Upstream: https://github.com/openssh/openssh-portable/commit/284b6e5394652d519e31782e3b3cdfd7b21d1a81.patch]
> +Signed-off-by: John Keeping <john@metanate.com>
> +---
> + sandbox-seccomp-filter.c | 3 +++
> + 1 file changed, 3 insertions(+)
> +
> +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
> +index 2e065ba3..4ce80cb2 100644
> +--- a/sandbox-seccomp-filter.c
> ++++ b/sandbox-seccomp-filter.c
> +@@ -276,6 +276,9 @@ static const struct sock_filter preauth_insns[] = {
> + #ifdef __NR_ppoll
> + 	SC_ALLOW(__NR_ppoll),
> + #endif
> ++#ifdef __NR_ppoll_time64
> ++	SC_ALLOW(__NR_ppoll_time64),
> ++#endif
> + #ifdef __NR_poll
> + 	SC_ALLOW(__NR_poll),
> + #endif
> +--
> +2.35.1
> +

With this fixed you can add my

Reviewed-by: Peter Seiderer <ps.report@gmx.net>

Regards,
Peter

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  reply	other threads:[~2022-03-10 20:38 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-10 14:03 [Buildroot] [PATCH] package/openssh: backport upstream fix for 32-bit John Keeping
2022-03-10 20:38 ` Peter Seiderer [this message]
2022-03-10 21:03   ` Arnout Vandecappelle
2022-03-11  7:24     ` Peter Seiderer
2022-03-12 16:00       ` Arnout Vandecappelle
2022-03-12 16:24         ` Yann E. MORIN
2022-03-18  8:42 ` Peter Korsgaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220310213840.32655ec7@gmx.net \
    --to=ps.report@gmx.net \
    --cc=buildroot@buildroot.org \
    --cc=john@metanate.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.