From c28decf4129d6b6c31f0ffa33ff986bef448526e Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Nov 27 2019 10:15:00 +0000
Subject: Unbreak the seccomp filter also on ARM (#1777054)


---

diff --git a/openssh-8.1p1-seccomp-nanosleep.patch b/openssh-8.1p1-seccomp-nanosleep.patch
index eb629bc..87f4bd4 100644
--- a/openssh-8.1p1-seccomp-nanosleep.patch
+++ b/openssh-8.1p1-seccomp-nanosleep.patch
@@ -19,3 +19,24 @@ index b5cda70b..be239767 100644
  	SC_ALLOW(__NR__newselect),
  #endif
 
+commit 500c30eaf88f26e4a74b06717fe04afec7a7516f
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Wed Nov 27 11:06:55 2019 +0100
+
+    sandbox-seccomp: Allow clock_nanosleep on ARM
+
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index be239767..3ef30c9d 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -245,6 +245,9 @@ static const struct sock_filter preauth_insns[] = {
+ #ifdef __NR_clock_nanosleep
+ 	SC_ALLOW(__NR_clock_nanosleep),
+ #endif
++#ifdef __NR_clock_nanosleep_time64
++	SC_ALLOW(__NR_clock_nanosleep_time64),
++#endif
+ #ifdef __NR__newselect
+ 	SC_ALLOW(__NR__newselect),
+ #endif
+
diff --git a/openssh.spec b/openssh.spec
index 3b411aa..66cc381 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -210,7 +210,7 @@ Patch962: openssh-8.0p1-crypto-policies.patch
 Patch963: openssh-8.0p1-openssl-evp.patch
 # Use OpenSSL KDF (#1631761)
 Patch964: openssh-8.0p1-openssl-kdf.patch
-# Unbreak seccomp filter with latest glibc (#1771946)
+# Unbreak seccomp filter with latest glibc (#1771946, #1777054)
 Patch965: openssh-8.1p1-seccomp-nanosleep.patch
 
 License: BSD