[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 1a2b3e289d63dcde02b806711061f3c69626f3f8 Author: Sebastian Pipping gentoo org> AuthorDate: Sun Apr 16 22:14:11 2023 + Commit: Sebastian Pipping gentoo org> CommitDate: Sun Apr 16 22:14:11 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a2b3e28 net-misc/ntpsec: Drop old Signed-off-by: Sebastian Pipping gentoo.org> net-misc/ntpsec/Manifest | 1 - .../ntpsec/files/ntpsec-1.2.1-build-notests.patch | 48 -- .../ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch| 34 - .../ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch | 116 -- .../ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch | 25 --- .../ntpsec/files/ntpsec-py3-test-clarify.patch | 34 - net-misc/ntpsec/ntpsec-1.2.1-r6.ebuild | 169 - 7 files changed, 427 deletions(-) diff --git a/net-misc/ntpsec/Manifest b/net-misc/ntpsec/Manifest index 94c516a50ffe..c72c154eed0a 100644 --- a/net-misc/ntpsec/Manifest +++ b/net-misc/ntpsec/Manifest @@ -1,2 +1 @@ -DIST ntpsec-1.2.1.tar.gz 2681237 BLAKE2B bfb2674131718dcf9f393e93d1148cfb6631591dbcce1ade91746586f261123b80b238393ac2a763fab119cd627f8eae4b006b023ad2b319e752db9eb4b04cc0 SHA512 0b8b0bda52d3025f6e9a06c00b1e0c25c595ada72b87ed0e5d3d6f77a034f557745156bc6d9a263c9876c041efffa38d42fa93ba8bfda31f67efbd842a726277 DIST ntpsec-1.2.2.tar.gz 2710329 BLAKE2B 031412d0fc7ecb5aba73501e63f8d0c416b23fe69114dd32422b03b4827e1ac9c92a4dfeb2e7d074cf6fd410d00cf86632f241dffd22987e4c03b21d21d8693a SHA512 864afb72c4bd8bc439ee06d343893cf92b3893c26c972a7bd1ff2713f0ad1f50704b6d0c6f155e6373c9747efff3ea36097a590be0d53e1a7ea7f429ba409cd1 diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch b/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch deleted file mode 100644 index dab51a97fc0a.. --- a/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 1a7bb2e3a2749bd709ea4cf10b66b6f6d05aaf9d Mon Sep 17 00:00:00 2001 -From: James Browning -Date: Sun, 10 Apr 2022 07:53:37 -0700 -Subject: [PATCH] I: NTPsec build does not repect --notests - -STR: (run the following) -- git clone https://gitlab.com/NTPsec/ntpsec -- cd ntpsec -- ./waf configure build --notests -p - -AR: NTPsec runs tests despite having a parameter telling it not to -ER: NTPsec should not run tests when it has been told not to - wscript | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/wscript b/wscript -index c1d765046..d8a20b82e 100644 a/wscript -+++ b/wscript -@@ -1131,6 +1131,7 @@ def build(ctx): - ctx.manpage(8, "ntpclients/ntpsnmpd-man.adoc") - - # Skip running unit tests on a cross compile build -+from waflib import Options - if not ctx.env.ENABLE_CROSS: - # Force re-running of tests. Same as 'waf --alltests' - if ctx.cmd == "check": -@@ -1139,6 +1140,8 @@ def build(ctx): - # Print log if -v is supplied - if verbose > 0: - ctx.add_post_fun(test_print_log) -+elif Options.options.no_tests: -+return - - # Test binaries - ctx.add_post_fun(bin_test) -@@ -1152,7 +1155,6 @@ def build(ctx): - ctx.add_post_fun(bin_test_summary) - else: - pprint("YELLOW", "Unit test runner skipped on a cross-compiled build.") --from waflib import Options - Options.options.no_tests = True - - if ctx.cmd == "build": --- -2.32.0 - diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch deleted file mode 100644 index 5b7a4e51374c.. --- a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch +++ /dev/null @@ -1,34 +0,0 @@ -https://gitlab.com/NTPsec/ntpsec/-/commit/a49d53b7fe1d -https://bugs.gentoo.org/851531 - -From: "Maciej S. Szmigiero" -Date: Sat, 11 Jun 2022 15:16:15 +0200 -Subject: [PATCH] ntpd/ntp_sandbox.c: allow readv() for glibc nscd - getaddrinfo() provider - -Otherwise, ntpd crashes from time to time with the following stack trace: -#0 0x7f5763bfac4d in readv () from /lib64/libc.so.6 -#1 0x7f5763c48b4c in __readvall () from /lib64/libc.so.6 -#2 0x7f5763c467ed in nscd_gethst_r () from /lib64/libc.so.6 -#3 0x7f5763c46c0d in __nscd_gethostbyname2_r () from /lib64/libc.so.6 -#4 0x7f5763c15a2a in gethostbyname2_r () from /lib64/libc.so.6 -#5 0x7f5763bed3ca in gaih_inet.constprop () from /lib64/libc.so.6 -#6 0x7f5763bee225 in getaddrinfo () from /lib64/libc.so.6 -#7 0x55fcf0ad6544 in open_TCP_socket () -#8 0x55fcf0ad79b4 in nts_probe () -#9 0x55fcf0ac37c4 in dns_lookup () -#10 0x7f5763b8205a in start_thread () from /lib64/libc.so.6 -#11 0x7f5763c05d1c in clone3 () from /lib64/libc.so.6 - -Signed-off-by: Maciej S. Szmigiero a/ntpd/ntp_sandbox.c -+++ b/ntpd/ntp_sandbox.c -@@ -357,6 +357,7 @@ int scmp_sc[] = { - SCMP_SYS(poll), - SCMP_SYS(pselect6), -
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 37c2b340b2370499d0e6230e4f8b50d079a7d096 Author: James Browning gmail com> AuthorDate: Tue Apr 12 11:52:09 2022 + Commit: Sam James gentoo org> CommitDate: Wed Apr 20 01:02:58 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37c2b340 net-misc/ntpsec: Try to only run tests in src_test only Since ./waf test runs all the test, this eliminates the need for the tests useflag which filled that space. Thus it's eliminated. Bug: https://bugs.gentoo.org/795522 Closes: https://bugs.gentoo.org/838109 Signed-off-by: James T Browning gmail.com> Signed-off-by: Sam James gentoo.org> .../ntpsec/files/ntpsec-1.2.1-build-notests.patch | 48 ++ .../ntpsec/files/ntpsec-py3-test-clarify.patch | 34 +++ .../{ntpsec-.ebuild => ntpsec-1.2.1-r3.ebuild} | 23 --- net-misc/ntpsec/ntpsec-.ebuild | 17 ++-- 4 files changed, 112 insertions(+), 10 deletions(-) diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch b/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch new file mode 100644 index ..dab51a97fc0a --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch @@ -0,0 +1,48 @@ +From 1a7bb2e3a2749bd709ea4cf10b66b6f6d05aaf9d Mon Sep 17 00:00:00 2001 +From: James Browning +Date: Sun, 10 Apr 2022 07:53:37 -0700 +Subject: [PATCH] I: NTPsec build does not repect --notests + +STR: (run the following) +- git clone https://gitlab.com/NTPsec/ntpsec +- cd ntpsec +- ./waf configure build --notests -p + +AR: NTPsec runs tests despite having a parameter telling it not to +ER: NTPsec should not run tests when it has been told not to +--- + wscript | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/wscript b/wscript +index c1d765046..d8a20b82e 100644 +--- a/wscript b/wscript +@@ -1131,6 +1131,7 @@ def build(ctx): + ctx.manpage(8, "ntpclients/ntpsnmpd-man.adoc") + + # Skip running unit tests on a cross compile build ++from waflib import Options + if not ctx.env.ENABLE_CROSS: + # Force re-running of tests. Same as 'waf --alltests' + if ctx.cmd == "check": +@@ -1139,6 +1140,8 @@ def build(ctx): + # Print log if -v is supplied + if verbose > 0: + ctx.add_post_fun(test_print_log) ++elif Options.options.no_tests: ++return + + # Test binaries + ctx.add_post_fun(bin_test) +@@ -1152,7 +1155,6 @@ def build(ctx): + ctx.add_post_fun(bin_test_summary) + else: + pprint("YELLOW", "Unit test runner skipped on a cross-compiled build.") +-from waflib import Options + Options.options.no_tests = True + + if ctx.cmd == "build": +-- +2.32.0 + diff --git a/net-misc/ntpsec/files/ntpsec-py3-test-clarify.patch b/net-misc/ntpsec/files/ntpsec-py3-test-clarify.patch new file mode 100644 index ..027c3df18ad2 --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-py3-test-clarify.patch @@ -0,0 +1,34 @@ +From f360741dec76a9c9d831f0b547596891ea321599 Mon Sep 17 00:00:00 2001 +From: James Browning +Date: Sun, 10 Apr 2022 16:23:34 -0700 +Subject: [PATCH] clean test output up in Python 3 + +--- + wafhelpers/test.py | 9 + + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/wafhelpers/test.py b/wafhelpers/test.py +index 9351a5675..6bba34881 100644 +--- a/wafhelpers/test.py b/wafhelpers/test.py +@@ -31,12 +31,13 @@ def test_print_log(ctx): + pprint("YELLOW", "RETURN VALUE:", retval) + print("") + +-if retval or error: ++if retval: + pprint("RED", "** ERROR **\n") + +-print(error or lines) ++print(polystr(error) or polystr(lines)) + +-if (not retval) and (not error): +-pprint("GREEN", "** LOG **\n", lines) ++else: ++pprint("GREEN", "** LOG **\n", ++ polystr(lines), polystr(error)) + + print("") +-- +2.32.0 + diff --git a/net-misc/ntpsec/ntpsec-.ebuild b/net-misc/ntpsec/ntpsec-1.2.1-r3.ebuild similarity index 88% copy from net-misc/ntpsec/ntpsec-.ebuild copy to net-misc/ntpsec/ntpsec-1.2.1-r3.ebuild index 2065ee52d6a6..f8f744dbf4a7 100644 --- a/net-misc/ntpsec/ntpsec-.ebuild +++ b/net-misc/ntpsec/ntpsec-1.2.1-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -15,7 +15,7 @@ if [[ ${PV} == ** ]]; then else SRC_URI="ftp://ftp.ntpsec.org/pub/releases/${PN}-${PV}.tar.gz"; RESTRICT="mirror" - KEYWORDS="amd64 arm arm64 ~riscv ~x86" + KEYWORDS="~amd64 ~arm ~arm64 ~riscv ~x86" fi DESCRIPTION="The NTP reference implementation, refactored" @@ -30,7 +30,7 @@ IUSE_NTPSEC_REFCLOCK=${NTPSEC_REFCLOCK[@]/#/rclock_} LICENSE="HPND MIT BSD-2 BSD CC-BY-SA-4.0" SLOT="0" -
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 41a34181245776801261388750b72b3418518fd0 Author: Sam James gentoo org> AuthorDate: Thu Apr 7 02:06:57 2022 + Commit: Sam James gentoo org> CommitDate: Thu Apr 7 02:07:09 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41a34181 net-misc/ntpsec: fix seccomp filter w/ glibc 2.35 (rseq) Closes: https://bugs.gentoo.org/833274 Signed-off-by: Sam James gentoo.org> .../ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch | 25 ++ ...psec-1.2.1-r1.ebuild => ntpsec-1.2.1-r2.ebuild} | 3 ++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch new file mode 100644 index ..155304148b1f --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch @@ -0,0 +1,25 @@ +https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1262 +https://bugs.gentoo.org/833274 + +From 75970342391b0b1fad422e6ca3dc89dd76dcf607 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Thu, 7 Apr 2022 03:02:22 +0100 +Subject: [PATCH] ntpd/ntp_sandbox.c: allow rseq for glibc-2.35 in seccomp + filter + +Fixes: https://gitlab.com/NTPsec/ntpsec/-/issues/728 +Bug: https://bugs.gentoo.org/833274 +Signed-off-by: Sam James +--- a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c +@@ -366,6 +366,9 @@ int scmp_sc[] = { + SCMP_SYS(rt_sigaction), + SCMP_SYS(rt_sigprocmask), + SCMP_SYS(rt_sigreturn), ++#ifdef __NR_rseq ++ SCMP_SYS(rseq), /* needed by glibc-2.35+ for resumable sequences */ ++#endif + SCMP_SYS(sigaction), + SCMP_SYS(sigprocmask), + SCMP_SYS(sigreturn), +GitLab diff --git a/net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild b/net-misc/ntpsec/ntpsec-1.2.1-r2.ebuild similarity index 97% rename from net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild rename to net-misc/ntpsec/ntpsec-1.2.1-r2.ebuild index 379a375aacd1..80e17ecb6cb5 100644 --- a/net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild +++ b/net-misc/ntpsec/ntpsec-1.2.1-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -60,6 +60,7 @@ DEPEND="${CDEPEND} PATCHES=( "${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch" "${FILESDIR}/${PN}-1.2.1-seccomp-rollup.patch" + "${FILESDIR}/${PN}-1.2.1-seccomp-rseq-glibc-2.35.patch" ) WAF_BINARY="${S}/waf"
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 885bd9eb1a8173fdae19461f80f312d1244acecf Author: Steve Arnold gentoo org> AuthorDate: Fri Dec 3 19:27:16 2021 + Commit: Steve Arnold gentoo org> CommitDate: Fri Dec 3 19:28:08 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=885bd9eb net-misc/ntpsec: seccomp cleanup, (really) fixes seccomp on riscv * rollup seccomp changes into single patch against 1.2.1 * remove old seccomp patches Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Steve Arnold gentoo.org> ...sec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch | 16 --- .../files/ntpsec-1.2.0-move-newfstatat.patch | 20 net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 30 -- .../files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch | 21 .../ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch | 116 + net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild | 5 +- 6 files changed, 117 insertions(+), 91 deletions(-) diff --git a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch deleted file mode 100644 index ee75d103d2e6.. --- a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c -index 4e5ceaa36c1a7b452445023e201ddb6211625c52..78ac7aea263ed3d3394b2d32e79a6836f0387434 100644 a/ntpd/ntp_sandbox.c -+++ b/ntpd/ntp_sandbox.c -@@ -428,6 +428,11 @@ int scmp_sc[] = { - /* gentoo 64-bit and 32-bit, Intel and Arm use mmap */ - SCMP_SYS(mmap), - #endif -+#if defined(__aarch64__) -+ SCMP_SYS(faccessat), -+ SCMP_SYS(newfstatat), -+ SCMP_SYS(renameat), -+#endif - #if defined(__i386__) || defined(__arm__) || defined(__powerpc__) - SCMP_SYS(_newselect), - SCMP_SYS(_llseek), diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-move-newfstatat.patch b/net-misc/ntpsec/files/ntpsec-1.2.0-move-newfstatat.patch deleted file mode 100644 index 75453c6cb5f6.. --- a/net-misc/ntpsec/files/ntpsec-1.2.0-move-newfstatat.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c -index e66faaa8c..b2af654e5 100644 a/ntpd/ntp_sandbox.c -+++ b/ntpd/ntp_sandbox.c -@@ -349,6 +349,7 @@ int scmp_sc[] = { - SCMP_SYS(lseek), - SCMP_SYS(membarrier), /* Needed on Alpine 3.11.3 */ - SCMP_SYS(munmap), -+ SCMP_SYS(newfstatat), - SCMP_SYS(open), - #ifdef __NR_openat - SCMP_SYS(openat), /* SUSE */ -@@ -451,7 +452,6 @@ int scmp_sc[] = { - #endif - #if defined(__aarch64__) - SCMP_SYS(faccessat), -- SCMP_SYS(newfstatat), - SCMP_SYS(renameat), - SCMP_SYS(linkat), - SCMP_SYS(unlinkat), diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch deleted file mode 100644 index 27dd321e2a29.. --- a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch +++ /dev/null @@ -1,30 +0,0 @@ -https://bugs.gentoo.org/705128 -https://bugs.gentoo.org/786228 a/ntpd/ntp_sandbox.c -+++ b/ntpd/ntp_sandbox.c -@@ -463,6 +463,15 @@ int scmp_sc[] = { -SCMP_SYS(send), -SCMP_SYS(stat64), - #endif -+#if defined(__arm__) -+ SCMP_SYS(statx), -+#endif -+#if defined(__riscv32__) || defined(__riscv64__) -+ SCMP_SYS(faccessat), -+#endif -+#if defined(__aarch64__) || defined(__riscv64__) -+ SCMP_SYS(syscall), -+#endif - }; -{ -for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) { a/ntpd/ntp_sandbox.c -+++ b/ntpd/ntp_sandbox.c -@@ -355,6 +355,7 @@ int scmp_sc[] = { - SCMP_SYS(openat), /* SUSE */ - #endif - SCMP_SYS(poll), -+ SCMP_SYS(pread64), - SCMP_SYS(pselect6), - SCMP_SYS(read), - SCMP_SYS(recvfrom),/* Comment this out for testing. diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch deleted file mode 100644 index 5936adaf9a49.. --- a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch +++ /dev/null @@ -1,21 +0,0 @@ -https://bugs.gentoo.org/823692 -https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1247 -https://gitlab.com/NTPsec/ntpsec/-/issues/713 - -From 170d60b7e269154fb108bb4b010ee5ee0110bf2d Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Sun, 14 Nov 2021 08:44:28 + -Subject: [PATCH] ntpd/ntp_sandbox.c: allow clone3 in seccomp filter for - glibc-2.34 - -Signed-off-by: Sam James a/ntpd/ntp_sandbox.c -+++ b/ntpd/ntp_sandbox.c -@@ -403,6 +403,7 @@ int scmp_sc[] = { - * rather than generate a trap. - */ - SCMP_SYS(clone),/* threads */ -+ SCMP_SYS(clone3), - SCMP_SYS(kill), /* generate signal */ - SCMP_SYS(madvise), - SCMP_SYS(mprotect), diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch b/net-misc/ntpsec/
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 540ea2504d870d6ff28f61b3b399d178c7ae4df8 Author: Sam James gentoo org> AuthorDate: Fri Jun 11 06:38:33 2021 + Commit: Sam James gentoo org> CommitDate: Fri Jun 11 06:38:33 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=540ea250 net-misc/ntpsec: add additional pread64 syscall patch Closes: https://bugs.gentoo.org/786228 Signed-off-by: Sam James gentoo.org> net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 11 +++ .../ntpsec/{ntpsec-1.2.0-r2.ebuild => ntpsec-1.2.0-r3.ebuild} | 1 + 2 files changed, 12 insertions(+) diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch index e4dc47f19cc..65c13189e9d 100644 --- a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch +++ b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch @@ -1,4 +1,5 @@ https://bugs.gentoo.org/705128 +https://bugs.gentoo.org/786228 --- a/ntpd/ntp_sandbox.c +++ b/ntpd/ntp_sandbox.c @@ -463,6 +463,15 @@ int scmp_sc[] = { @@ -17,3 +18,13 @@ https://bugs.gentoo.org/705128 }; { for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) { +--- a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c +@@ -355,6 +355,7 @@ int scmp_sc[] = { + SCMP_SYS(openat), /* SUSE */ + #endif + SCMP_SYS(poll), ++ SCMP_SYS(pread64), + SCMP_SYS(pselect6), + SCMP_SYS(read), + SCMP_SYS(recvfrom),/* Comment this out for testing. diff --git a/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild b/net-misc/ntpsec/ntpsec-1.2.0-r3.ebuild similarity index 99% rename from net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild rename to net-misc/ntpsec/ntpsec-1.2.0-r3.ebuild index 4a5784ca79e..9d2d01df34e 100644 --- a/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild +++ b/net-misc/ntpsec/ntpsec-1.2.0-r3.ebuild @@ -68,6 +68,7 @@ WAF_BINARY="${S}/waf" src_prepare() { default + # Remove autostripping of binaries sed -i -e '/Strip binaries/d' wscript || die if ! use libbsd ; then
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: a87107cfff01e74e3519624360dbd72a60a1fdd9 Author: Sam James gentoo org> AuthorDate: Thu Jun 10 21:09:31 2021 + Commit: Sam James gentoo org> CommitDate: Thu Jun 10 21:09:31 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a87107cf net-misc/ntpsec: add seccomp patch from upstream Closes: https://bugs.gentoo.org/786228 Closes: https://bugs.gentoo.org/705128 Signed-off-by: Sam James gentoo.org> net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 19 +++ ...{ntpsec-1.2.0-r1.ebuild => ntpsec-1.2.0-r2.ebuild} | 5 +++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch new file mode 100644 index 000..e4dc47f19cc --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch @@ -0,0 +1,19 @@ +https://bugs.gentoo.org/705128 +--- a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c +@@ -463,6 +463,15 @@ int scmp_sc[] = { +SCMP_SYS(send), +SCMP_SYS(stat64), + #endif ++#if defined(__arm__) ++ SCMP_SYS(statx), ++#endif ++#if defined(__riscv32__) ++ SCMP_SYS(faccessat), ++#endif ++#if defined(__aarch64__) ++ SCMP_SYS(syscall); ++#endif + }; +{ +for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) { diff --git a/net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild b/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild similarity index 98% rename from net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild rename to net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild index b303b583ef9..4a5784ca79e 100644 --- a/net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild +++ b/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild @@ -1,9 +1,9 @@ # Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI=7 -PYTHON_COMPAT=( python3_{6..9} ) +PYTHON_COMPAT=( python3_{7..9} ) PYTHON_REQ_USE='threads(+)' DISTUTILS_USE_SETUPTOOLS=no @@ -61,6 +61,7 @@ PATCHES=( "${FILESDIR}/${PN}-1.1.8-fix-missing-scmp_sys-on-aarch64.patch" "${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch" "${FILESDIR}/${PN}-1.2.0-move-newfstatat.patch" + "${FILESDIR}/${PN}-1.2.0-seccomp.patch" ) WAF_BINARY="${S}/waf"
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 8728d886de354b0784996f49c07f1c4ed87f59a9 Author: Michał Górny gentoo org> AuthorDate: Fri Jan 1 01:32:52 2021 + Commit: Michał Górny gentoo org> CommitDate: Fri Jan 1 01:32:52 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8728d886 net-misc/ntpsec: Remove old (py3.6) Signed-off-by: Michał Górny gentoo.org> net-misc/ntpsec/Manifest | 2 - net-misc/ntpsec/files/ntpd.service | 15 - ...-make-sure-logrotate-config-has-missingok.patch | 28 -- ...ternalize-sys_maxclock-fix-for-bug-708522.patch | 23 -- .../ntpsec-1.1.8-fix-asciidoc-version-detect.patch | 372 - net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild | 159 - net-misc/ntpsec/ntpsec-1.1.8.ebuild| 167 - 7 files changed, 766 deletions(-) diff --git a/net-misc/ntpsec/Manifest b/net-misc/ntpsec/Manifest index d0f3a234207..ce7e422fd68 100644 --- a/net-misc/ntpsec/Manifest +++ b/net-misc/ntpsec/Manifest @@ -1,3 +1 @@ -DIST ntpsec-1.1.7.tar.gz 2534524 BLAKE2B 5777ecca4ceb988632fadc0e7124530993a7758cdf335e8cd90f0ec1a8b643be89b67c0e2bf49d6d7193bf92ded138af0df4b5856c0d113f552ef22dd8a6cadf SHA512 734b12820539e655e504dd5071a58b9d1f80c0b0c3c7458c797ba7ada23d8e446751fbcbddd9832d9151a3ba9464749878db9e77e23cdd5f6215ab9e1d908ae9 -DIST ntpsec-1.1.8.tar.gz 2589363 BLAKE2B e7e11a7d980599ac598f084608160d3f6f6cf8e2aab5fb45cc15cabca30462bd03db7b9ecc140826c5d7b5e26f49b48f7f2b6043bdc2ffa1d73167347fb8123f SHA512 0920f25adf68f1b8ccd1734c5d61ba1c858cd86b342db7b5155dd9b58e538aa96aad3fd4058597f079ec3df63cb51d2900ac8e6d9c84d6f2bd4a3a22cc0c967c DIST ntpsec-1.1.9.tar.gz 2606066 BLAKE2B bbc482333c7f86936fa20751df1b427bc24be159969050caf5751e26724714bbf6491b120986563497f015c96ac9cdbdf0e999c6446a68798aff23076f631ecc SHA512 e04267aa675a5b528f3478d00329a569ecb9bbe2b6ad18697020854d2ee451bc188c4603cd5f420a08a7e3bf047d2db1301416f57f9156df23aceb1f57303b0b diff --git a/net-misc/ntpsec/files/ntpd.service b/net-misc/ntpsec/files/ntpd.service deleted file mode 100644 index a551bb7b130..000 --- a/net-misc/ntpsec/files/ntpd.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Network Time Service -After=network.target nss-lookup.target -Conflicts=systemd-timesyncd.service - -[Service] -Type=forking -PrivateTmp=true -EnvironmentFile=-/etc/conf.d/ntp -ExecStart=/usr/sbin/ntpd ${NTPD_OPTS} -Restart=always -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/net-misc/ntpsec/files/ntpsec-1.1.7-make-sure-logrotate-config-has-missingok.patch b/net-misc/ntpsec/files/ntpsec-1.1.7-make-sure-logrotate-config-has-missingok.patch deleted file mode 100644 index 4556d7a50f7..000 --- a/net-misc/ntpsec/files/ntpsec-1.1.7-make-sure-logrotate-config-has-missingok.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 252a301aba9a685b5b6df7824c576f52cc19fb81 Mon Sep 17 00:00:00 2001 -From: Stephen Arnold -Date: Fri, 8 Nov 2019 16:41:16 -0800 -Subject: [PATCH] etc/logrotate-config.ntpd: make sure it has missingok - -* note master branch does not need this, but all the releases do - -Signed-off-by: Stephen Arnold - etc/logrotate-config.ntpd | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/etc/logrotate-config.ntpd b/etc/logrotate-config.ntpd -index e5d8616bf..a49129d45 100644 a/etc/logrotate-config.ntpd -+++ b/etc/logrotate-config.ntpd -@@ -5,6 +5,8 @@ - - /var/log/ntpd.log { - monthly -+notifempty -+missingok - postrotate - /usr/bin/killall -HUP ntpd - endscript --- -2.21.0 - diff --git a/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch b/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch deleted file mode 100644 index caeaf1824cc..000 --- a/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch +++ /dev/null @@ -1,23 +0,0 @@ -From ccdd9d4b941b30fc44b301595e42809dbe48628d Mon Sep 17 00:00:00 2001 -From: James Browning -Date: Sun, 26 Jan 2020 09:58:36 -0800 -Subject: [PATCH] Externalize sys_maxclock from include/ntpd.h ... - -I think this will shut up the Fedora Rawhide runners - include/ntpd.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/include/ntpd.h b/include/ntpd.h -index c4f9b9e45..ee16678e1 100644 a/include/ntpd.h -+++ b/include/ntpd.h -@@ -369,7 +369,7 @@ extern int peer_associations; /* mobilized associations */ - * System variables are declared here.See Section 3.2 of the - * specification. - */ --int sys_maxclock; /* maximum candidates */ -+extern intsys_maxclock; /* maximum candidates */ - struct system_variables { - uint8_t sys_leap; /* system leap indicator */ - uint8_t sys_stratum;/* system stratum */ diff --git a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-asciidoc-version-detect.patch b/net-misc/ntpsec/files/ntpsec-1.1.8-
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 7f1e7fafe1ce27758f59f65282b93b1b70f3badd Author: Steve Arnold gentoo org> AuthorDate: Wed Oct 7 22:47:07 2020 + Commit: Steve Arnold gentoo org> CommitDate: Wed Oct 7 22:48:44 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f1e7faf net-misc/ntpsec: short-circuit broken asciidoctor version parsing * update doc use flag for new upstream default Closes: https://bugs.gentoo.org/746872 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Steve Arnold gentoo.org> .../ntpsec-1.1.9-remove-asciidoctor-from-config.patch | 14 ++ net-misc/ntpsec/ntpsec-1.1.9.ebuild| 9 +++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/net-misc/ntpsec/files/ntpsec-1.1.9-remove-asciidoctor-from-config.patch b/net-misc/ntpsec/files/ntpsec-1.1.9-remove-asciidoctor-from-config.patch new file mode 100644 index 000..1f483ce33fb --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.1.9-remove-asciidoctor-from-config.patch @@ -0,0 +1,14 @@ +--- a/wafhelpers/asciidoc.py 2020-10-06 20:14:47.040245129 -0700 b/wafhelpers/asciidoc.py 2020-10-06 20:17:48.100394117 -0700 +@@ -37,9 +37,9 @@ + # asciidoc versions 8.6.5-8.6.7 throw warnings for warp.adoc and versions + # < 8.6.4 have no HTML5 backend. + # asciidoc3 versions < 3.0.2 throw errors. +-adoc_list = [['asciidoctor', (1, 5, 8)], +- ['asciidoc', (8, 6, 8)], ++adoc_list = [['asciidoc', (8, 6, 8)], + ['asciidoc3', (3, 0, 2)], ++ ['asciidoctor-bad', (1, 5, 8)], + ] + for progname, asciidocminver in adoc_list: + if 'BIN_ASCIIDOC' not in ctx.env or ctx.env.BIN_ASCIIDOC == []: diff --git a/net-misc/ntpsec/ntpsec-1.1.9.ebuild b/net-misc/ntpsec/ntpsec-1.1.9.ebuild index 1af747e2e91..51381f4b16b 100644 --- a/net-misc/ntpsec/ntpsec-1.1.9.ebuild +++ b/net-misc/ntpsec/ntpsec-1.1.9.ebuild @@ -48,7 +48,7 @@ RDEPEND="${CDEPEND} acct-user/ntp " DEPEND="${CDEPEND} - app-text/asciidoc + >=app-text/asciidoc-8.6.8 dev-libs/libxslt app-text/docbook-xsl-stylesheets sys-devel/bison @@ -56,6 +56,11 @@ DEPEND="${CDEPEND} rclock_pps? ( net-misc/pps-tools ) " +PATCHES=( + "${FILESDIR}/${PN}-1.1.8-fix-missing-scmp_sys-on-aarch64.patch" + "${FILESDIR}/${P}-remove-asciidoctor-from-config.patch" +) + WAF_BINARY="${S}/waf" src_prepare() { @@ -87,7 +92,7 @@ src_configure() { --nopyo --refclock="${CLOCKSTRING}" --build-epoch="$(date +%s)" - $(use doc && echo "--enable-doc") + $(use doc || echo "--disable-doc") $(use early && echo "--enable-early-droproot") $(use gdb && echo "--enable-debug-gdb") $(use samba && echo "--enable-mssntp")
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 7c1e475b98330cf1f061309369e832500a123388 Author: Stephen Arnold gentoo org> AuthorDate: Fri Mar 13 02:48:45 2020 + Commit: Steve Arnold gentoo org> CommitDate: Fri Mar 13 02:48:45 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c1e475b net-misc/ntpsec: add upstream seccomp fix and update systemd file * closes bugs #705348 and #705128 Package-Manager: Portage-2.3.67, Repoman-2.3.17 Signed-off-by: Steve Arnold gentoo.org> net-misc/ntpsec/files/ntpd-r1.service| 5 ++--- .../ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch | 16 net-misc/ntpsec/ntpsec-1.1.8.ebuild | 3 ++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/net-misc/ntpsec/files/ntpd-r1.service b/net-misc/ntpsec/files/ntpd-r1.service index 5da473805aa..8bc16f9f634 100644 --- a/net-misc/ntpsec/files/ntpd-r1.service +++ b/net-misc/ntpsec/files/ntpd-r1.service @@ -4,10 +4,9 @@ After=network.target nss-lookup.target Conflicts=systemd-timesyncd.service [Service] -Type=forking +Type=simple PrivateTmp=true -EnvironmentFile=-/etc/conf.d/ntp -ExecStart=/usr/sbin/ntpd ${NTPD_OPTS} +ExecStart=/usr/sbin/ntpd --configfile=/etc/ntp.conf --panicgate --user=ntp:ntp --nofork # Specifying -g on the command line allows ntpd to make large adjustments to # the clock on boot. However, if Restart=yes is set, a malicious (or broken) # server could send the incorrect time, trip the panic threshold, and when diff --git a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch new file mode 100644 index 000..ee75d103d2e --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch @@ -0,0 +1,16 @@ +diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c +index 4e5ceaa36c1a7b452445023e201ddb6211625c52..78ac7aea263ed3d3394b2d32e79a6836f0387434 100644 +--- a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c +@@ -428,6 +428,11 @@ int scmp_sc[] = { + /* gentoo 64-bit and 32-bit, Intel and Arm use mmap */ + SCMP_SYS(mmap), + #endif ++#if defined(__aarch64__) ++ SCMP_SYS(faccessat), ++ SCMP_SYS(newfstatat), ++ SCMP_SYS(renameat), ++#endif + #if defined(__i386__) || defined(__arm__) || defined(__powerpc__) + SCMP_SYS(_newselect), + SCMP_SYS(_llseek), diff --git a/net-misc/ntpsec/ntpsec-1.1.8.ebuild b/net-misc/ntpsec/ntpsec-1.1.8.ebuild index 128e2a23826..d0003067a4f 100644 --- a/net-misc/ntpsec/ntpsec-1.1.8.ebuild +++ b/net-misc/ntpsec/ntpsec-1.1.8.ebuild @@ -62,7 +62,8 @@ DEPEND="${CDEPEND} WAF_BINARY="${S}/waf" -PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch" ) +PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch" + "${FILESDIR}/${P}-fix-missing-scmp_sys-on-aarch64.patch" ) src_prepare() { default
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 47924c9cc6c4597423b6147b2c246ab6438fa027 Author: Stephen Arnold gentoo org> AuthorDate: Mon Mar 9 23:54:18 2020 + Commit: Steve Arnold gentoo org> CommitDate: Tue Mar 10 00:01:50 2020 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47924c9c net-misc/ntpsec: add upstream patch and expand py3 compat * closes bugs #709258 and #710414 Package-Manager: Portage-2.3.67, Repoman-2.3.17 Signed-off-by: Steve Arnold gentoo.org> ...ternalize-sys_maxclock-fix-for-bug-708522.patch | 23 ++ net-misc/ntpsec/ntpsec-1.1.8.ebuild| 4 +++- net-misc/ntpsec/ntpsec-.ebuild | 2 +- 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch b/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch new file mode 100644 index 000..caeaf1824cc --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch @@ -0,0 +1,23 @@ +From ccdd9d4b941b30fc44b301595e42809dbe48628d Mon Sep 17 00:00:00 2001 +From: James Browning +Date: Sun, 26 Jan 2020 09:58:36 -0800 +Subject: [PATCH] Externalize sys_maxclock from include/ntpd.h ... + +I think this will shut up the Fedora Rawhide runners +--- + include/ntpd.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/ntpd.h b/include/ntpd.h +index c4f9b9e45..ee16678e1 100644 +--- a/include/ntpd.h b/include/ntpd.h +@@ -369,7 +369,7 @@ extern int peer_associations; /* mobilized associations */ + * System variables are declared here.See Section 3.2 of the + * specification. + */ +-int sys_maxclock; /* maximum candidates */ ++extern intsys_maxclock; /* maximum candidates */ + struct system_variables { + uint8_t sys_leap; /* system leap indicator */ + uint8_t sys_stratum;/* system stratum */ diff --git a/net-misc/ntpsec/ntpsec-1.1.8.ebuild b/net-misc/ntpsec/ntpsec-1.1.8.ebuild index 1316806dc69..128e2a23826 100644 --- a/net-misc/ntpsec/ntpsec-1.1.8.ebuild +++ b/net-misc/ntpsec/ntpsec-1.1.8.ebuild @@ -3,7 +3,7 @@ EAPI=6 -PYTHON_COMPAT=( python3_6 ) +PYTHON_COMPAT=( python3_{6,7,8} ) PYTHON_REQ_USE='threads(+)' inherit flag-o-matic python-r1 waf-utils systemd @@ -62,6 +62,8 @@ DEPEND="${CDEPEND} WAF_BINARY="${S}/waf" +PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch" ) + src_prepare() { default # Remove autostripping of binaries diff --git a/net-misc/ntpsec/ntpsec-.ebuild b/net-misc/ntpsec/ntpsec-.ebuild index 1316806dc69..36dc8d08088 100644 --- a/net-misc/ntpsec/ntpsec-.ebuild +++ b/net-misc/ntpsec/ntpsec-.ebuild @@ -3,7 +3,7 @@ EAPI=6 -PYTHON_COMPAT=( python3_6 ) +PYTHON_COMPAT=( python3_{6,7,8} ) PYTHON_REQ_USE='threads(+)' inherit flag-o-matic python-r1 waf-utils systemd
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: def2c6ace829ce9e98c8963802a0b3baf916ac72 Author: Thomas Deutschmann gentoo org> AuthorDate: Sat Oct 26 17:49:47 2019 + Commit: Thomas Deutschmann gentoo org> CommitDate: Sat Oct 26 17:50:54 2019 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=def2c6ac net-misc/ntpsec: update unit file to avoid CVE-2015-5300 Bug: https://bugs.gentoo.org/697024 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann gentoo.org> net-misc/ntpsec/files/ntpd-r1.service | 19 +++ .../{ntpsec-1.1.7.ebuild => ntpsec-1.1.7-r1.ebuild} | 2 +- net-misc/ntpsec/ntpsec-.ebuild| 2 +- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/net-misc/ntpsec/files/ntpd-r1.service b/net-misc/ntpsec/files/ntpd-r1.service new file mode 100644 index 000..5da473805aa --- /dev/null +++ b/net-misc/ntpsec/files/ntpd-r1.service @@ -0,0 +1,19 @@ +[Unit] +Description=Network Time Service +After=network.target nss-lookup.target +Conflicts=systemd-timesyncd.service + +[Service] +Type=forking +PrivateTmp=true +EnvironmentFile=-/etc/conf.d/ntp +ExecStart=/usr/sbin/ntpd ${NTPD_OPTS} +# Specifying -g on the command line allows ntpd to make large adjustments to +# the clock on boot. However, if Restart=yes is set, a malicious (or broken) +# server could send the incorrect time, trip the panic threshold, and when +# ntpd restarts, serve it the incorrect time (which would be accepted). +Restart=no +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/net-misc/ntpsec/ntpsec-1.1.7.ebuild b/net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild similarity index 98% rename from net-misc/ntpsec/ntpsec-1.1.7.ebuild rename to net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild index e5bf13be3be..d6b4b305459 100644 --- a/net-misc/ntpsec/ntpsec-1.1.7.ebuild +++ b/net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild @@ -132,7 +132,7 @@ src_install() { newconfd "${FILESDIR}"/ntpd.confd ntp # Install the systemd unit file - systemd_newunit "${FILESDIR}"/ntpd.service ntpd.service + systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service # Prepare a directory for the ntp.drift file mkdir -pv "${ED}"/var/lib/ntp diff --git a/net-misc/ntpsec/ntpsec-.ebuild b/net-misc/ntpsec/ntpsec-.ebuild index 7cc6f74f6d3..050f701b387 100644 --- a/net-misc/ntpsec/ntpsec-.ebuild +++ b/net-misc/ntpsec/ntpsec-.ebuild @@ -131,7 +131,7 @@ src_install() { newconfd "${FILESDIR}"/ntpd.confd ntp # Install the systemd unit file - systemd_newunit "${FILESDIR}"/ntpd.service ntpd.service + systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service # Prepare a directory for the ntp.drift file mkdir -pv "${ED}"/var/lib/ntp
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 33b69061f73aa4c921ecb0d3ac371484f76620b7 Author: Anthony G. Basile gentoo org> AuthorDate: Wed Feb 28 13:23:16 2018 + Commit: Anthony G. Basile gentoo org> CommitDate: Wed Feb 28 13:23:36 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33b69061 net-misc/ntpsec: backport fix for seccomp + early-droproot See: https://gitlab.com/NTPsec/ntpsec/issues/460 Package-Manager: Portage-2.3.19, Repoman-2.3.6 net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch | 16 .../{ntpsec-1.0.0-r5.ebuild => ntpsec-1.0.0-r6.ebuild} | 4 2 files changed, 20 insertions(+) diff --git a/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch b/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch new file mode 100644 index 000..b9716569f63 --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch @@ -0,0 +1,16 @@ +This is a backport of https://gitlab.com/NTPsec/ntpsec/commit/eef92d6217da03ad2ae41e298d110bdb05031381 + +diff -Naur ntpsec-1.0.0.orig/ntpd/ntp_sandbox.c ntpsec-1.0.0/ntpd/ntp_sandbox.c +--- ntpsec-1.0.0.orig/ntpd/ntp_sandbox.c 2017-10-09 23:54:39.0 -0400 ntpsec-1.0.0/ntpd/ntp_sandbox.c2018-02-28 07:31:28.381406881 -0500 +@@ -354,6 +354,10 @@ + SCMP_SYS(write), + SCMP_SYS(unlink), + ++#ifdef ENABLE_EARLY_DROPROOT ++ SCMP_SYS(getdents), ++#endif ++ + #ifdef ENABLE_DNS_LOOKUP + /* Don't comment out this block for testing. + * pthread_create blocks signals so it will crash diff --git a/net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild b/net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild similarity index 97% rename from net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild rename to net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild index 5ab45707dee..890ec4f7ebf 100644 --- a/net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild +++ b/net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild @@ -66,6 +66,10 @@ pkg_setup() { src_prepare() { default + + # See https://gitlab.com/NTPsec/ntpsec/issues/460 + eapply "${FILESDIR}"/${P}-fix-seccomp.patch + python_copy_sources }