commit: 33b69061f73aa4c921ecb0d3ac371484f76620b7 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Wed Feb 28 13:23:16 2018 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Wed Feb 28 13:23:36 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33b69061
net-misc/ntpsec: backport fix for seccomp + early-droproot See: https://gitlab.com/NTPsec/ntpsec/issues/460 Package-Manager: Portage-2.3.19, Repoman-2.3.6 net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch | 16 ++++++++++++++++ .../{ntpsec-1.0.0-r5.ebuild => ntpsec-1.0.0-r6.ebuild} | 4 ++++ 2 files changed, 20 insertions(+) diff --git a/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch b/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch new file mode 100644 index 00000000000..b9716569f63 --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch @@ -0,0 +1,16 @@ +This is a backport of https://gitlab.com/NTPsec/ntpsec/commit/eef92d6217da03ad2ae41e298d110bdb05031381 + +diff -Naur ntpsec-1.0.0.orig/ntpd/ntp_sandbox.c ntpsec-1.0.0/ntpd/ntp_sandbox.c +--- ntpsec-1.0.0.orig/ntpd/ntp_sandbox.c 2017-10-09 23:54:39.000000000 -0400 ++++ ntpsec-1.0.0/ntpd/ntp_sandbox.c 2018-02-28 07:31:28.381406881 -0500 +@@ -354,6 +354,10 @@ + SCMP_SYS(write), + SCMP_SYS(unlink), + ++#ifdef ENABLE_EARLY_DROPROOT ++ SCMP_SYS(getdents), ++#endif ++ + #ifdef ENABLE_DNS_LOOKUP + /* Don't comment out this block for testing. + * pthread_create blocks signals so it will crash diff --git a/net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild b/net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild similarity index 97% rename from net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild rename to net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild index 5ab45707dee..890ec4f7ebf 100644 --- a/net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild +++ b/net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild @@ -66,6 +66,10 @@ pkg_setup() { src_prepare() { default + + # See https://gitlab.com/NTPsec/ntpsec/issues/460 + eapply "${FILESDIR}"/${P}-fix-seccomp.patch + python_copy_sources }
