[DSE-Dev] Bug#979970: libselinux1: dependency to newer libc6 ignored by/missing for aptitude
Colin Watson
cjwatson at debian.org
Tue Jan 26 12:59:16 GMT 2021
On Tue, Jan 26, 2021 at 01:44:47PM +0100, Julian Andres Klode wrote:
> On Tue, Jan 26, 2021 at 12:52:52PM +0100, Aurelien Jarno wrote:
> > The break hasn't been added randomly, but in response to upstream
> > release notes and bug #965932. In short the openssh seccomp filters in
> > buster are too narrow, and do not allow the new 64-bit syscalls needed
> > for 64-bit time_t compatibility to be used.
Would it help to get those seccomp filter fixes into buster, and then we
could tell people that they have to upgrade to the latest point release
first? Awkward but not unprecedented I think.
> An alternative solution, for openssh-server would be to avoid using the
> new syscalls for 64-bit time_t compatibility I assume (forcing it to
> link with older symbol versions?),
Changing openssh-server in bullseye can't possibly help here, because if
you've upgraded openssh-server then that will include the updated
seccomp filters anyway. Changing openssh-server in buster might help,
but if so it would be much simpler to take the approach above
(backporting the seccomp filter fixes) rather than doing symbol
versioning hacks.
--
Colin Watson (he/him) [cjwatson at debian.org]
More information about the SELinux-devel
mailing list