diff options
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | debian/.git-dpm | 4 | ||||
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | debian/patches/revert-x32-sandbox-breakage.patch | 39 | ||||
-rw-r--r-- | debian/patches/series | 1 |
5 files changed, 49 insertions, 8 deletions
diff --git a/configure.ac b/configure.ac index 5944299fa..15fc0d653 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -521,8 +521,6 @@ SPP_MSG="no" | |||
521 | # the --with-solaris-privs option and --with-sandbox=solaris). | 521 | # the --with-solaris-privs option and --with-sandbox=solaris). |
522 | SOLARIS_PRIVS="no" | 522 | SOLARIS_PRIVS="no" |
523 | 523 | ||
524 | AC_CHECK_SIZEOF([size_t]) | ||
525 | |||
526 | # Check for some target-specific stuff | 524 | # Check for some target-specific stuff |
527 | case "$host" in | 525 | case "$host" in |
528 | *-*-aix*) | 526 | *-*-aix*) |
@@ -891,10 +889,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | |||
891 | case "$host" in | 889 | case "$host" in |
892 | x86_64-*) | 890 | x86_64-*) |
893 | seccomp_audit_arch=AUDIT_ARCH_X86_64 | 891 | seccomp_audit_arch=AUDIT_ARCH_X86_64 |
894 | # X32: AMD64 instructions in 32bit address space. | ||
895 | if test "x$ac_cv_sizeof_size_t" = "x4" ; then | ||
896 | seccomp_audit_arch=AUDIT_ARCH_I386 | ||
897 | fi | ||
898 | ;; | 892 | ;; |
899 | i*86-*) | 893 | i*86-*) |
900 | seccomp_audit_arch=AUDIT_ARCH_I386 | 894 | seccomp_audit_arch=AUDIT_ARCH_I386 |
diff --git a/debian/.git-dpm b/debian/.git-dpm index 3942a1891..9ef08b0ae 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm | |||
@@ -1,6 +1,6 @@ | |||
1 | # see git-dpm(1) from git-dpm package | 1 | # see git-dpm(1) from git-dpm package |
2 | 3728919292c05983372954d27426f7d966813139 | 2 | 67434174b3d64b352a794275f77489ebf1575849 |
3 | 3728919292c05983372954d27426f7d966813139 | 3 | 67434174b3d64b352a794275f77489ebf1575849 |
4 | 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb | 4 | 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb |
5 | 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb | 5 | 2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb |
6 | openssh_8.4p1.orig.tar.gz | 6 | openssh_8.4p1.orig.tar.gz |
diff --git a/debian/changelog b/debian/changelog index 4645aed69..a8702fb74 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,10 @@ | |||
1 | openssh (1:8.4p1-2) UNRELEASED; urgency=medium | ||
2 | |||
3 | * Revert incorrect upstream patch that claimed to fix the seccomp sandbox | ||
4 | on x32 but in fact broke it instead. | ||
5 | |||
6 | -- Colin Watson <cjwatson@debian.org> Mon, 26 Oct 2020 17:39:18 +0000 | ||
7 | |||
1 | openssh (1:8.4p1-1) unstable; urgency=medium | 8 | openssh (1:8.4p1-1) unstable; urgency=medium |
2 | 9 | ||
3 | * New upstream release (https://www.openssh.com/txt/release-8.4): | 10 | * New upstream release (https://www.openssh.com/txt/release-8.4): |
diff --git a/debian/patches/revert-x32-sandbox-breakage.patch b/debian/patches/revert-x32-sandbox-breakage.patch new file mode 100644 index 000000000..32cff92d7 --- /dev/null +++ b/debian/patches/revert-x32-sandbox-breakage.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | From 67434174b3d64b352a794275f77489ebf1575849 Mon Sep 17 00:00:00 2001 | ||
2 | From: Colin Watson <cjwatson@debian.org> | ||
3 | Date: Mon, 26 Oct 2020 17:36:22 +0000 | ||
4 | Subject: Revert "detect Linux/X32 systems" | ||
5 | |||
6 | This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885. The bug | ||
7 | reporter wasn't actually using x32, but rather an ordinary 32-bit | ||
8 | userspace on a 64-bit kernel; this patch broke the seccomp sandbox on | ||
9 | the actual x32 architecture. | ||
10 | |||
11 | Patch-Name: revert-x32-sandbox-breakage.patch | ||
12 | --- | ||
13 | configure.ac | 6 ------ | ||
14 | 1 file changed, 6 deletions(-) | ||
15 | |||
16 | diff --git a/configure.ac b/configure.ac | ||
17 | index 5944299fa..15fc0d653 100644 | ||
18 | --- a/configure.ac | ||
19 | +++ b/configure.ac | ||
20 | @@ -521,8 +521,6 @@ SPP_MSG="no" | ||
21 | # the --with-solaris-privs option and --with-sandbox=solaris). | ||
22 | SOLARIS_PRIVS="no" | ||
23 | |||
24 | -AC_CHECK_SIZEOF([size_t]) | ||
25 | - | ||
26 | # Check for some target-specific stuff | ||
27 | case "$host" in | ||
28 | *-*-aix*) | ||
29 | @@ -891,10 +889,6 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | ||
30 | case "$host" in | ||
31 | x86_64-*) | ||
32 | seccomp_audit_arch=AUDIT_ARCH_X86_64 | ||
33 | - # X32: AMD64 instructions in 32bit address space. | ||
34 | - if test "x$ac_cv_sizeof_size_t" = "x4" ; then | ||
35 | - seccomp_audit_arch=AUDIT_ARCH_I386 | ||
36 | - fi | ||
37 | ;; | ||
38 | i*86-*) | ||
39 | seccomp_audit_arch=AUDIT_ARCH_I386 | ||
diff --git a/debian/patches/series b/debian/patches/series index 8c1046a74..56019a479 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -23,3 +23,4 @@ debian-config.patch | |||
23 | restore-authorized_keys2.patch | 23 | restore-authorized_keys2.patch |
24 | conch-old-privkey-format.patch | 24 | conch-old-privkey-format.patch |
25 | revert-ipqos-defaults.patch | 25 | revert-ipqos-defaults.patch |
26 | revert-x32-sandbox-breakage.patch | ||