Bump for glibc 2.31.

author: zer0def 2020-02-12 16:40:48 +0100
committer: zer0def 2020-02-12 16:40:48 +0100
commit: 5f180eec0b7f4beafa4717bd8ae95c3ecb5cffbd (patch)
tree: 50480fd4b061624e1d37e3ab730a8d8c8af618bb
parent: 4e08b8146f76d633e98aebd704d8ac60a4335b7f (diff)
download: aur-5f180eec0b7f4beafa4717bd8ae95c3ecb5cffbd.tar.gz
3 files changed, 107 insertions, 2 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 011fdf62fa45..cd6255b67265 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,7 +1,7 @@
 pkgbase = openssh-hpn
 	pkgdesc = A Secure SHell server/client fork with High Performance patches included
 	pkgver = 8.1p1.hpn14v20
-	pkgrel = 1
+	pkgrel = 2
 	url = https://www.psc.edu/index.php/hpn-ssh/
 	install = openssh-hpn.install
 	arch = i686
@@ -27,6 +27,7 @@ pkgbase = openssh-hpn
 	source = https://github.com/rapier1/openssh-portable/archive/hpn-8_1_P1.tar.gz
 	source = http://www.eworm.de/download/linux/openssh-tests-scp.patch
 	source = hpn-banner.patch
+	source = glibc-2.31.patch
 	source = sshdgenkeys.service
 	source = sshd@.service
 	source = sshd.service
@@ -35,6 +36,7 @@ pkgbase = openssh-hpn
 	sha256sums = e159af51f51e6f78634b9fea0b8a4fe2c9e4f98609a07e1fe815e710f104c779
 	sha256sums = 007a8888855570296c36716df18e986b7265c283e8fc8f6dfd4b3c411905fdb3
 	sha256sums = 57bb8c4800afc5314ad1f3ac24bc838f1f63c626171d3c5ad4b843bfef2391fe
+	sha256sums = 25b4a4d9e2d9d3289ef30636a30e85fa1c71dd930d5efd712cca1a01a5019f93
 	sha256sums = ff3cbdd0e59ff7dac4dc797d5c0f2b1db4117ddbb49d52f1c4f1771961903878
 	sha256sums = 69cc2abaaae0aa8071b8eac338b2df725f60ce73381843179b74eaac78ba7f1d
 	sha256sums = c5ed9fa629f8f8dbf3bae4edbad4441c36df535088553fe82695c52d7bde30aa
diff --git a/PKGBUILD b/PKGBUILD
index 505b780d152b..ecfebde6814b 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -45,7 +45,7 @@ _hpn_ver=hpn14v20
 #_pkgver="`sed -e 's/\./_/' -e 's/p/_P/' <<< ${_openssh_ver}`_new"
 _pkgver="`sed -e 's/\./_/' -e 's/p/_P/' <<< ${_openssh_ver}`"
 pkgver="${_openssh_ver}.${_hpn_ver}"
-pkgrel=1
+pkgrel=2
 pkgdesc='A Secure SHell server/client fork with High Performance patches included'
 url='https://www.psc.edu/index.php/hpn-ssh/'
 license=('custom:BSD')
@@ -63,6 +63,7 @@ source=("https://github.com/rapier1/openssh-portable/archive/hpn-${_pkgver}.tar.
         'http://www.eworm.de/download/linux/openssh-tests-scp.patch'
         #'openssl11.patch'
         'hpn-banner.patch'
+        'glibc-2.31.patch'
         'sshdgenkeys.service'
         'sshd@.service'
         'sshd.service'
@@ -76,6 +77,7 @@ sha256sums=('e159af51f51e6f78634b9fea0b8a4fe2c9e4f98609a07e1fe815e710f104c779'
             '007a8888855570296c36716df18e986b7265c283e8fc8f6dfd4b3c411905fdb3'
             #'6c6deb799fc918b4d90899d664a23b3a99e2973d61b5a2cf68e1ea9a6604ca9a'
             '57bb8c4800afc5314ad1f3ac24bc838f1f63c626171d3c5ad4b843bfef2391fe'
+            '25b4a4d9e2d9d3289ef30636a30e85fa1c71dd930d5efd712cca1a01a5019f93'
             'ff3cbdd0e59ff7dac4dc797d5c0f2b1db4117ddbb49d52f1c4f1771961903878'
             '69cc2abaaae0aa8071b8eac338b2df725f60ce73381843179b74eaac78ba7f1d'
             'c5ed9fa629f8f8dbf3bae4edbad4441c36df535088553fe82695c52d7bde30aa'
@@ -94,6 +96,7 @@ build() {
   # https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=371794f20c7eb2b88cae2619b6fa3444452aafb4
   #patch -Np1 < ${srcdir}/openssl11.patch
   patch -Np1 < ${srcdir}/hpn-banner.patch
+  patch -Np1 < ${srcdir}/glibc-2.31.patch
   autoreconf -fi
 
   ./configure \
diff --git a/glibc-2.31.patch b/glibc-2.31.patch
new file mode 100644
index 000000000000..187042870deb
--- /dev/null
+++ b/glibc-2.31.patch
@@ -0,0 +1,100 @@
+From beee0ef61866cb567b9abc23bd850f922e59e3f0 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Wed, 13 Nov 2019 23:19:35 +1100
+Subject: [PATCH] seccomp: Allow clock_nanosleep() in sandbox.
+
+seccomp: Allow clock_nanosleep() to make OpenSSH working with latest
+glibc.  Patch from Jakub Jelen <jjelen@redhat.com> via bz #3093.
+---
+ sandbox-seccomp-filter.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index b5cda70bb..96ab141f7 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -242,6 +242,12 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_nanosleep
+ 	SC_ALLOW(__NR_nanosleep),
+ #endif
++#ifdef __NR_clock_nanosleep
++	SC_ALLOW(__NR_clock_nanosleep),
++#endif
++#ifdef __NR_clock_nanosleep
++	SC_ALLOW(__NR_clock_nanosleep),
++#endif
+ #ifdef __NR__newselect
+ 	SC_ALLOW(__NR__newselect),
+ #endif
+From 69298ebfc2c066acee5d187eac8ce9f38c796630 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Wed, 13 Nov 2019 23:27:31 +1100
+Subject: [PATCH] Remove duplicate __NR_clock_nanosleep
+
+---
+ sandbox-seccomp-filter.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 96ab141f7..be2397671 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -245,9 +245,6 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_clock_nanosleep
+ 	SC_ALLOW(__NR_clock_nanosleep),
+ #endif
+-#ifdef __NR_clock_nanosleep
+-	SC_ALLOW(__NR_clock_nanosleep),
+-#endif
+ #ifdef __NR__newselect
+ 	SC_ALLOW(__NR__newselect),
+ #endif
+From 030b4c2b8029563bc8a9fd764288fde08fa2347c Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Mon, 16 Dec 2019 13:55:56 +1100
+Subject: [PATCH] Allow clock_nanosleep_time64 in seccomp sandbox.
+
+Needed on Linux ARM.  bz#3100, patch from jjelen@redhat.com.
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index be2397671..3ef30c9d5 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -245,6 +245,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_clock_nanosleep
+ 	SC_ALLOW(__NR_clock_nanosleep),
+ #endif
++#ifdef __NR_clock_nanosleep_time64
++	SC_ALLOW(__NR_clock_nanosleep_time64),
++#endif
+ #ifdef __NR__newselect
+ 	SC_ALLOW(__NR__newselect),
+ #endif
+From a991cc5ed5a7c455fefe909a30cf082011ef5dff Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Tue, 7 Jan 2020 16:26:45 -0800
+Subject: [PATCH] seccomp: Allow clock_gettime64() in sandbox.
+
+This helps sshd accept connections on mips platforms with
+upcoming glibc ( 2.31 )
+---
+ sandbox-seccomp-filter.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3ef30c9d5..999c46c9f 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -248,6 +248,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_clock_nanosleep_time64
+ 	SC_ALLOW(__NR_clock_nanosleep_time64),
+ #endif
++#ifdef __NR_clock_gettime64
++	SC_ALLOW(__NR_clock_gettime64),
++#endif
+ #ifdef __NR__newselect
+ 	SC_ALLOW(__NR__newselect),
+ #endif
author	zer0def	2020-02-12 16:40:48 +0100
committer	zer0def	2020-02-12 16:40:48 +0100
commit	5f180eec0b7f4beafa4717bd8ae95c3ecb5cffbd (patch)
tree	50480fd4b061624e1d37e3ab730a8d8c8af618bb
parent	4e08b8146f76d633e98aebd704d8ac60a4335b7f (diff)
download	aur-5f180eec0b7f4beafa4717bd8ae95c3ecb5cffbd.tar.gz