openssh: Default to not using sandbox when cross compiling

backport a patch to fix sandboxing issues seen on ppc32 and also on riscv32 [1] [1] https://bugzilla.mindrot.org/show_bug.cgi?id=3398 (From OE-Core rev: 90895a627be5e8a4e4943fa9195b5553416086d3) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-01-29 21:08:42 +01:00 · 2022-03-17 15:38:45 -07:00
parent f8134d3692
commit afcbe82320
2 changed files with 34 additions and 3 deletions
--- a/meta/recipes-connectivity/openssh/openssh/0001-Default-to-not-using-sandbox-when-cross-compiling.patch
+++ b/meta/recipes-connectivity/openssh/openssh/0001-Default-to-not-using-sandbox-when-cross-compiling.patch
@@ -0,0 +1,33 @@
+From 56194e9a6043873b0ec84f9d15c6e4caca2580c8 Mon Sep 17 00:00:00 2001
+From: Darren Tucker <dtucker@dtucker.net>
+Date: Tue, 8 Mar 2022 20:04:06 +1100
+Subject: [PATCH] Default to not using sandbox when cross compiling.
+
+On most systems poll(2) does not work when the number of FDs is reduced
+with setrlimit, so assume it doesn't when cross compiling and we can't
+run the test.  bz#3398.
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Upstream-Status: Backport [https://anongit.mindrot.org/openssh.git/patch/?id=8cf5275452a950869cb90eeac7d220b01f77b12e]
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 17fb1e6..a165d08 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -3574,8 +3574,8 @@ AC_RUN_IFELSE(
+ 	 select_works_with_rlimit=yes],
+ 	[AC_MSG_RESULT([no])
+ 	 select_works_with_rlimit=no],
+-	[AC_MSG_WARN([cross compiling: assuming yes])
+-	 select_works_with_rlimit=yes]
+	[AC_MSG_WARN([cross compiling: assuming no])
+	 select_works_with_rlimit=no]
+ )
+ 
+ AC_CHECK_MEMBERS([struct pollfd.fd], [], [], [[
+-- 
+2.35.1
+
--- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
           file://sshd_check_keys \
           file://add-test-support-for-busybox.patch \
           file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \
+           file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \
           "
 SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"

@@ -77,9 +78,6 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
 # musl doesn't implement wtmp/utmp and logwtmp
 EXTRA_OECONF:append:libc-musl = " --disable-wtmp --disable-lastlog"

-# https://bugzilla.mindrot.org/show_bug.cgi?id=3398
-EXTRA_OECONF:append:powerpc = " --with-sandbox=no"
-
 # Since we do not depend on libbsd, we do not want configure to use it
 # just because it finds libutil.h.  But, specifying --disable-libutil
 # causes compile errors, so...