Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 644252 - net-misc/openssh-7.5_p1-r3: seccomp patch broken
Summary: net-misc/openssh-7.5_p1-r3: seccomp patch broken
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-11 20:04 UTC by jorgicio
Modified: 2018-01-12 13:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
The log (openssh-error.log,1.95 KB, text/x-log)
2018-01-11 20:04 UTC, jorgicio 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description jorgicio 2018-01-11 20:04:18 UTC 
Hi!

After migrating the profile from 13.0 to 17.0, it forces me to rebuild some packages with pie support, such as openssh.

The matter is that the seccomp patch is broken. I'll attach the log then.

Reproducible: Always
Comment 1 jorgicio 2018-01-11 20:04:52 UTC 
Created attachment 514420 [details]
The log
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2018-01-12 06:42:20 UTC 
Need more info on the patch failure, because it works fine for me.

Also there is no reason that it should fail only on the 17.0 profile.

$ eselect  profile show
Current /etc/make.profile symlink:
  default/linux/amd64/17.0/developer
$ ebuild openssh-7.5_p1-r3.ebuild prepare
 * openssh-7.5p1.tar.gz BLAKE2B SHA512 size ;-) ...                                                                                                                                   [ ok ]
 * openssh-7.4_p1-sctp.patch.xz BLAKE2B SHA512 size ;-) ...                                                                                                                           [ ok ]
 * openssh-7.5p1-hpnssh14v12.tar.xz BLAKE2B SHA512 size ;-) ...                                                                                                                       [ ok ]
 * openssh-lpk-7.5p1-0.3.14.patch.xz BLAKE2B SHA512 size ;-) ...                                                                                                                      [ ok ]
 * openssh-7.5p1+x509-10.2.diff.gz BLAKE2B SHA512 size ;-) ...                                                                                                                        [ ok ]
>>> Unpacking source...
>>> Unpacking openssh-7.5p1.tar.gz to /dev/shm/portage/net-misc/openssh-7.5_p1-r3/work
>>> Unpacking openssh-7.4_p1-sctp.patch.xz to /dev/shm/portage/net-misc/openssh-7.5_p1-r3/work
>>> Source unpacked in /dev/shm/portage/net-misc/openssh-7.5_p1-r3/work
>>> Preparing source in /dev/shm/portage/net-misc/openssh-7.5_p1-r3/work/openssh-7.5p1 ...
 * Applying openssh-7.5_p1-GSSAPI-dns.patch ...                                                                                                                                       [ ok ]
 * Applying openssh-6.7_p1-openssl-ignore-status.patch ...                                                                                                                            [ ok ]
 * Applying openssh-7.5_p1-cross-cache.patch ...                                                                                                                                      [ ok ]
 * Applying openssh-7.5_p1-CVE-2017-15906.patch ...                                                                                                                                   [ ok ]
 * Applying openssh-7.5_p1-s390-seccomp.patch ...                                                                                                                                     [ ok ]
 * Applying openssh-7.4_p1-sctp.patch ...                                                                                                                                             [ ok ]
 * Applying openssh-7.5_p1-x32-typo.patch ...                                                                                                                                         [ ok ]
 * Running eautoreconf in '/dev/shm/portage/net-misc/openssh-7.5_p1-r3/work/openssh-7.5p1' ...
 * Running autoconf --force ...                                                                                                                                                       [ ok ]
 * Running autoheader ...                                                                                                                                                             [ ok ]
 * Running elibtoolize in: openssh-7.5p1/
>>> Source prepared.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-12 12:51:24 UTC 
I can reproduce via

> USE="X X509 hpn kerberos pam pie skey ssl" ebuild openssh-7.5_p1-r3.ebuild clean prepare

Introduced via vapier's latest change: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5f421f69f9d54cb9f3137ba0bf3e3d4a67bdd68
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-01-12 13:21:23 UTC 
openssh-7.5_p1-s390-seccomp.patch clashes with openssh-7.5p1+x509-10.2.diff, i.e. USE="-* ssl X509".
Comment 5 Larry the Git Cow gentoo-dev 2018-01-12 13:31:00 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16d75c9f2126651d2d65ab9bdbd7dacfbe1065c8

commit 16d75c9f2126651d2d65ab9bdbd7dacfbe1065c8
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-01-12 13:30:34 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-01-12 13:30:34 +0000

    net-misc/openssh: Exclude s390-seccomp.patch w/ USE=X509 - already in X509 patch set
    
    Closes: https://bugs.gentoo.org/644252
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 net-misc/openssh/openssh-7.5_p1-r3.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)