From patchwork Fri Apr 10 19:46:29 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arne Fitzenreiter <arne_f@ipfire.org>
X-Patchwork-Id: 2928
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 48zT6X4VPsz3yBx
	for <patchwork@web04.haj.ipfire.org>; Fri, 10 Apr 2020 19:46:44 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 48zT6W6ZTXz1S5;
	Fri, 10 Apr 2020 19:46:43 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 48zT6W4YPKz2yXw;
	Fri, 10 Apr 2020 19:46:43 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 48zT6T4gtXz2xhb
 for <development@lists.ipfire.org>; Fri, 10 Apr 2020 19:46:41 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 48zT6S6461z1S5;
 Fri, 10 Apr 2020 19:46:40 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1586548001;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc; bh=jSZwpEj31hO5KlZcKS5Y/GOde0FvlObVuRimI+akxDc=;
 b=OtYWUVv4+Xtza0UH+SUHTwEzIPqQlSm9JsrPMohVxGxmeCPg19lk2HbpLOuyiRXNEVx+We
 Mw/0nYH72RsXXmDQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1586548001;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc; bh=jSZwpEj31hO5KlZcKS5Y/GOde0FvlObVuRimI+akxDc=;
 b=o+nPhtKIQ7VTl6mELP1naZcer3rmraDgn+W+ia/5QvSJJOKIPaN2r5vOum0A8JWPu6KeiN
 ilOndWnJsNOoljTzH6I16tVDC8P6doajoKwHMXZj7YGcyfprnt5rPjinQ25f8cAkDrVYqX
 A5UmmKHj4l1Nse9zJjAb8wcNfaKDU4DerO0s1aLUDk49UD3Gk5blLyWXfYxCdEs8/hicGR
 iLVoguLWFXRXoSvILhQ02t9gAFtgea7KjFxzIRNwtxqkqZkoVafMUBjLI4m609IbAO/ix2
 XUqZ/CRd8QaggyyRADWyfoHB/lENTqT9vl+aahQXgt+2HQBY3YCRFAaaCe4p1A==
From: Arne Fitzenreiter <arne_f@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] OpenSSH: fix login on i?86
Date: Fri, 10 Apr 2020 21:46:29 +0200
Message-Id: <20200410194629.17220-1-arne_f@ipfire.org>
Authentication-Results: mail01.ipfire.org;
 auth=pass smtp.mailfrom=arne_f@ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Cc: Arne Fitzenreiter <arne_f@ipfire.org>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

glibc calls clock_nanosleep_time64 syscall even if it not defined in
the headers for this arch and the seccomp filter kills the process
with because an unknown syscall.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---
 lfs/openssh                                         |  1 +
 ...SH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch | 13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch

diff --git a/lfs/openssh b/lfs/openssh
index 68a7d63cd..2f3eda74f 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && sed -i "s/lkrb5 -ldes/lkrb5/" configure
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
 	cd $(DIR_APP) && ./configure \
 		--prefix=/usr \
 		--sysconfdir=/etc/ssh \
diff --git a/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
new file mode 100644
index 000000000..5199872d9
--- /dev/null
+++ b/src/patches/OpenSSH-8.2p1_glibc-2.31_clock_nanosleep_time64.patch
@@ -0,0 +1,13 @@
+diff -Naur openssh-8.2p1.org/sandbox-seccomp-filter.c openssh-8.2p1/sandbox-seccomp-filter.c
+--- openssh-8.2p1.org/sandbox-seccomp-filter.c	2020-04-10 18:14:56.152309584 +0200
++++ openssh-8.2p1/sandbox-seccomp-filter.c	2020-04-10 21:05:45.827921765 +0200
+@@ -253,6 +253,9 @@
+ #endif
+ #ifdef __NR_clock_nanosleep_time64
+ 	SC_ALLOW(__NR_clock_nanosleep_time64),
++#else
++	/* on i586 glibc call syscall 407 which is not defined */
++	SC_ALLOW(407),
+ #endif
+ #ifdef __NR_clock_gettime64
+ 	SC_ALLOW(__NR_clock_gettime64),