Revert incorrect upstream x32 seccomp patch

5 files changed, 49 insertions, 8 deletions

diff --git a/configure.ac b/configure.ac
index 5944299fa..15fc0d653 100644
--- a/configure.ac
+++ b/configure.ac
@@ -521,8 +521,6 @@ SPP_MSG="no"
 # the --with-solaris-privs option and --with-sandbox=solaris).
 SOLARIS_PRIVS="no"
 
-AC_CHECK_SIZEOF([size_t])
-
 # Check for some target-specific stuff
 case "$host" in
 *-*-aix*)
@@ -891,10 +889,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
         case "$host" in
         x86_64-*)
                 seccomp_audit_arch=AUDIT_ARCH_X86_64
-                # X32: AMD64 instructions in 32bit address space.
-                if test "x$ac_cv_sizeof_size_t" = "x4" ; then
-                        seccomp_audit_arch=AUDIT_ARCH_I386
-                fi
                 ;;
         i*86-*)
                 seccomp_audit_arch=AUDIT_ARCH_I386
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 3942a1891..9ef08b0ae 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-3728919292c05983372954d27426f7d966813139
-3728919292c05983372954d27426f7d966813139
+67434174b3d64b352a794275f77489ebf1575849
+67434174b3d64b352a794275f77489ebf1575849
 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb
 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb
 openssh_8.4p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 4645aed69..a8702fb74 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:8.4p1-2) UNRELEASED; urgency=medium
+
+  * Revert incorrect upstream patch that claimed to fix the seccomp sandbox
+    on x32 but in fact broke it instead.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 26 Oct 2020 17:39:18 +0000
+
 openssh (1:8.4p1-1) unstable; urgency=medium
 
   * New upstream release (https://www.openssh.com/txt/release-8.4):
diff --git a/debian/patches/revert-x32-sandbox-breakage.patch b/debian/patches/revert-x32-sandbox-breakage.patch
new file mode 100644
index 000000000..32cff92d7
--- /dev/null
+++ b/debian/patches/revert-x32-sandbox-breakage.patch
@@ -0,0 +1,39 @@
+From 67434174b3d64b352a794275f77489ebf1575849 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Mon, 26 Oct 2020 17:36:22 +0000
+Subject: Revert "detect Linux/X32 systems"
+
+This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885.  The bug
+reporter wasn't actually using x32, but rather an ordinary 32-bit
+userspace on a 64-bit kernel; this patch broke the seccomp sandbox on
+the actual x32 architecture.
+
+Patch-Name: revert-x32-sandbox-breakage.patch
+---
+ configure.ac | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5944299fa..15fc0d653 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -521,8 +521,6 @@ SPP_MSG="no"
+ # the --with-solaris-privs option and --with-sandbox=solaris).
+ SOLARIS_PRIVS="no"
+ 
+-AC_CHECK_SIZEOF([size_t])
+-
+ # Check for some target-specific stuff
+ case "$host" in
+ *-*-aix*)
+@@ -891,10 +889,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+        case "$host" in
+        x86_64-*)
+                seccomp_audit_arch=AUDIT_ARCH_X86_64
+-               # X32: AMD64 instructions in 32bit address space.
+-               if test "x$ac_cv_sizeof_size_t" = "x4" ; then
+-                       seccomp_audit_arch=AUDIT_ARCH_I386
+-               fi
+                ;;
+        i*86-*)
+                seccomp_audit_arch=AUDIT_ARCH_I386
diff --git a/debian/patches/series b/debian/patches/series
index 8c1046a74..56019a479 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -23,3 +23,4 @@ debian-config.patch
 restore-authorized_keys2.patch
 conch-old-privkey-format.patch
 revert-ipqos-defaults.patch
+revert-x32-sandbox-breakage.patch