[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 1a2b3e289d63dcde02b806711061f3c69626f3f8
Author: Sebastian Pipping gentoo org>
AuthorDate: Sun Apr 16 22:14:11 2023 +
Commit: Sebastian Pipping gentoo org>
CommitDate: Sun Apr 16 22:14:11 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a2b3e28
net-misc/ntpsec: Drop old
Signed-off-by: Sebastian Pipping gentoo.org>
net-misc/ntpsec/Manifest | 1 -
.../ntpsec/files/ntpsec-1.2.1-build-notests.patch | 48 --
.../ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch| 34 -
.../ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch | 116 --
.../ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch | 25 ---
.../ntpsec/files/ntpsec-py3-test-clarify.patch | 34 -
net-misc/ntpsec/ntpsec-1.2.1-r6.ebuild | 169 -
7 files changed, 427 deletions(-)
diff --git a/net-misc/ntpsec/Manifest b/net-misc/ntpsec/Manifest
index 94c516a50ffe..c72c154eed0a 100644
--- a/net-misc/ntpsec/Manifest
+++ b/net-misc/ntpsec/Manifest
@@ -1,2 +1 @@
-DIST ntpsec-1.2.1.tar.gz 2681237 BLAKE2B
bfb2674131718dcf9f393e93d1148cfb6631591dbcce1ade91746586f261123b80b238393ac2a763fab119cd627f8eae4b006b023ad2b319e752db9eb4b04cc0
SHA512
0b8b0bda52d3025f6e9a06c00b1e0c25c595ada72b87ed0e5d3d6f77a034f557745156bc6d9a263c9876c041efffa38d42fa93ba8bfda31f67efbd842a726277
DIST ntpsec-1.2.2.tar.gz 2710329 BLAKE2B
031412d0fc7ecb5aba73501e63f8d0c416b23fe69114dd32422b03b4827e1ac9c92a4dfeb2e7d074cf6fd410d00cf86632f241dffd22987e4c03b21d21d8693a
SHA512
864afb72c4bd8bc439ee06d343893cf92b3893c26c972a7bd1ff2713f0ad1f50704b6d0c6f155e6373c9747efff3ea36097a590be0d53e1a7ea7f429ba409cd1
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch
b/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch
deleted file mode 100644
index dab51a97fc0a..
--- a/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 1a7bb2e3a2749bd709ea4cf10b66b6f6d05aaf9d Mon Sep 17 00:00:00 2001
-From: James Browning
-Date: Sun, 10 Apr 2022 07:53:37 -0700
-Subject: [PATCH] I: NTPsec build does not repect --notests
-
-STR: (run the following)
-- git clone https://gitlab.com/NTPsec/ntpsec
-- cd ntpsec
-- ./waf configure build --notests -p
-
-AR: NTPsec runs tests despite having a parameter telling it not to
-ER: NTPsec should not run tests when it has been told not to
- wscript | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/wscript b/wscript
-index c1d765046..d8a20b82e 100644
a/wscript
-+++ b/wscript
-@@ -1131,6 +1131,7 @@ def build(ctx):
- ctx.manpage(8, "ntpclients/ntpsnmpd-man.adoc")
-
- # Skip running unit tests on a cross compile build
-+from waflib import Options
- if not ctx.env.ENABLE_CROSS:
- # Force re-running of tests. Same as 'waf --alltests'
- if ctx.cmd == "check":
-@@ -1139,6 +1140,8 @@ def build(ctx):
- # Print log if -v is supplied
- if verbose > 0:
- ctx.add_post_fun(test_print_log)
-+elif Options.options.no_tests:
-+return
-
- # Test binaries
- ctx.add_post_fun(bin_test)
-@@ -1152,7 +1155,6 @@ def build(ctx):
- ctx.add_post_fun(bin_test_summary)
- else:
- pprint("YELLOW", "Unit test runner skipped on a cross-compiled
build.")
--from waflib import Options
- Options.options.no_tests = True
-
- if ctx.cmd == "build":
---
-2.32.0
-
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch
b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch
deleted file mode 100644
index 5b7a4e51374c..
--- a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://gitlab.com/NTPsec/ntpsec/-/commit/a49d53b7fe1d
-https://bugs.gentoo.org/851531
-
-From: "Maciej S. Szmigiero"
-Date: Sat, 11 Jun 2022 15:16:15 +0200
-Subject: [PATCH] ntpd/ntp_sandbox.c: allow readv() for glibc nscd
- getaddrinfo() provider
-
-Otherwise, ntpd crashes from time to time with the following stack trace:
-#0 0x7f5763bfac4d in readv () from /lib64/libc.so.6
-#1 0x7f5763c48b4c in __readvall () from /lib64/libc.so.6
-#2 0x7f5763c467ed in nscd_gethst_r () from /lib64/libc.so.6
-#3 0x7f5763c46c0d in __nscd_gethostbyname2_r () from /lib64/libc.so.6
-#4 0x7f5763c15a2a in gethostbyname2_r () from /lib64/libc.so.6
-#5 0x7f5763bed3ca in gaih_inet.constprop () from /lib64/libc.so.6
-#6 0x7f5763bee225 in getaddrinfo () from /lib64/libc.so.6
-#7 0x55fcf0ad6544 in open_TCP_socket ()
-#8 0x55fcf0ad79b4 in nts_probe ()
-#9 0x55fcf0ac37c4 in dns_lookup ()
-#10 0x7f5763b8205a in start_thread () from /lib64/libc.so.6
-#11 0x7f5763c05d1c in clone3 () from /lib64/libc.so.6
-
-Signed-off-by: Maciej S. Szmigiero
a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -357,6 +357,7 @@ int scmp_sc[] = {
- SCMP_SYS(poll),
- SCMP_SYS(pselect6),
-
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 37c2b340b2370499d0e6230e4f8b50d079a7d096
Author: James Browning gmail com>
AuthorDate: Tue Apr 12 11:52:09 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Apr 20 01:02:58 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37c2b340
net-misc/ntpsec: Try to only run tests in src_test only
Since ./waf test runs all the test, this eliminates the need for
the tests useflag which filled that space. Thus it's eliminated.
Bug: https://bugs.gentoo.org/795522
Closes: https://bugs.gentoo.org/838109
Signed-off-by: James T Browning gmail.com>
Signed-off-by: Sam James gentoo.org>
.../ntpsec/files/ntpsec-1.2.1-build-notests.patch | 48 ++
.../ntpsec/files/ntpsec-py3-test-clarify.patch | 34 +++
.../{ntpsec-.ebuild => ntpsec-1.2.1-r3.ebuild} | 23 ---
net-misc/ntpsec/ntpsec-.ebuild | 17 ++--
4 files changed, 112 insertions(+), 10 deletions(-)
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch
b/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch
new file mode 100644
index ..dab51a97fc0a
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-1.2.1-build-notests.patch
@@ -0,0 +1,48 @@
+From 1a7bb2e3a2749bd709ea4cf10b66b6f6d05aaf9d Mon Sep 17 00:00:00 2001
+From: James Browning
+Date: Sun, 10 Apr 2022 07:53:37 -0700
+Subject: [PATCH] I: NTPsec build does not repect --notests
+
+STR: (run the following)
+- git clone https://gitlab.com/NTPsec/ntpsec
+- cd ntpsec
+- ./waf configure build --notests -p
+
+AR: NTPsec runs tests despite having a parameter telling it not to
+ER: NTPsec should not run tests when it has been told not to
+---
+ wscript | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wscript b/wscript
+index c1d765046..d8a20b82e 100644
+--- a/wscript
b/wscript
+@@ -1131,6 +1131,7 @@ def build(ctx):
+ ctx.manpage(8, "ntpclients/ntpsnmpd-man.adoc")
+
+ # Skip running unit tests on a cross compile build
++from waflib import Options
+ if not ctx.env.ENABLE_CROSS:
+ # Force re-running of tests. Same as 'waf --alltests'
+ if ctx.cmd == "check":
+@@ -1139,6 +1140,8 @@ def build(ctx):
+ # Print log if -v is supplied
+ if verbose > 0:
+ ctx.add_post_fun(test_print_log)
++elif Options.options.no_tests:
++return
+
+ # Test binaries
+ ctx.add_post_fun(bin_test)
+@@ -1152,7 +1155,6 @@ def build(ctx):
+ ctx.add_post_fun(bin_test_summary)
+ else:
+ pprint("YELLOW", "Unit test runner skipped on a cross-compiled
build.")
+-from waflib import Options
+ Options.options.no_tests = True
+
+ if ctx.cmd == "build":
+--
+2.32.0
+
diff --git a/net-misc/ntpsec/files/ntpsec-py3-test-clarify.patch
b/net-misc/ntpsec/files/ntpsec-py3-test-clarify.patch
new file mode 100644
index ..027c3df18ad2
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-py3-test-clarify.patch
@@ -0,0 +1,34 @@
+From f360741dec76a9c9d831f0b547596891ea321599 Mon Sep 17 00:00:00 2001
+From: James Browning
+Date: Sun, 10 Apr 2022 16:23:34 -0700
+Subject: [PATCH] clean test output up in Python 3
+
+---
+ wafhelpers/test.py | 9 +
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/wafhelpers/test.py b/wafhelpers/test.py
+index 9351a5675..6bba34881 100644
+--- a/wafhelpers/test.py
b/wafhelpers/test.py
+@@ -31,12 +31,13 @@ def test_print_log(ctx):
+ pprint("YELLOW", "RETURN VALUE:", retval)
+ print("")
+
+-if retval or error:
++if retval:
+ pprint("RED", "** ERROR **\n")
+
+-print(error or lines)
++print(polystr(error) or polystr(lines))
+
+-if (not retval) and (not error):
+-pprint("GREEN", "** LOG **\n", lines)
++else:
++pprint("GREEN", "** LOG **\n",
++ polystr(lines), polystr(error))
+
+ print("")
+--
+2.32.0
+
diff --git a/net-misc/ntpsec/ntpsec-.ebuild
b/net-misc/ntpsec/ntpsec-1.2.1-r3.ebuild
similarity index 88%
copy from net-misc/ntpsec/ntpsec-.ebuild
copy to net-misc/ntpsec/ntpsec-1.2.1-r3.ebuild
index 2065ee52d6a6..f8f744dbf4a7 100644
--- a/net-misc/ntpsec/ntpsec-.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.2.1-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -15,7 +15,7 @@ if [[ ${PV} == ** ]]; then
else
SRC_URI="ftp://ftp.ntpsec.org/pub/releases/${PN}-${PV}.tar.gz";
RESTRICT="mirror"
- KEYWORDS="amd64 arm arm64 ~riscv ~x86"
+ KEYWORDS="~amd64 ~arm ~arm64 ~riscv ~x86"
fi
DESCRIPTION="The NTP reference implementation, refactored"
@@ -30,7 +30,7 @@ IUSE_NTPSEC_REFCLOCK=${NTPSEC_REFCLOCK[@]/#/rclock_}
LICENSE="HPND MIT BSD-2 BSD CC-BY-SA-4.0"
SLOT="0"
-
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 41a34181245776801261388750b72b3418518fd0
Author: Sam James gentoo org>
AuthorDate: Thu Apr 7 02:06:57 2022 +
Commit: Sam James gentoo org>
CommitDate: Thu Apr 7 02:07:09 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41a34181
net-misc/ntpsec: fix seccomp filter w/ glibc 2.35 (rseq)
Closes: https://bugs.gentoo.org/833274
Signed-off-by: Sam James gentoo.org>
.../ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch | 25 ++
...psec-1.2.1-r1.ebuild => ntpsec-1.2.1-r2.ebuild} | 3 ++-
2 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch
b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch
new file mode 100644
index ..155304148b1f
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rseq-glibc-2.35.patch
@@ -0,0 +1,25 @@
+https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1262
+https://bugs.gentoo.org/833274
+
+From 75970342391b0b1fad422e6ca3dc89dd76dcf607 Mon Sep 17 00:00:00 2001
+From: Sam James
+Date: Thu, 7 Apr 2022 03:02:22 +0100
+Subject: [PATCH] ntpd/ntp_sandbox.c: allow rseq for glibc-2.35 in seccomp
+ filter
+
+Fixes: https://gitlab.com/NTPsec/ntpsec/-/issues/728
+Bug: https://bugs.gentoo.org/833274
+Signed-off-by: Sam James
+--- a/ntpd/ntp_sandbox.c
b/ntpd/ntp_sandbox.c
+@@ -366,6 +366,9 @@ int scmp_sc[] = {
+ SCMP_SYS(rt_sigaction),
+ SCMP_SYS(rt_sigprocmask),
+ SCMP_SYS(rt_sigreturn),
++#ifdef __NR_rseq
++ SCMP_SYS(rseq), /* needed by glibc-2.35+ for resumable
sequences */
++#endif
+ SCMP_SYS(sigaction),
+ SCMP_SYS(sigprocmask),
+ SCMP_SYS(sigreturn),
+GitLab
diff --git a/net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild
b/net-misc/ntpsec/ntpsec-1.2.1-r2.ebuild
similarity index 97%
rename from net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild
rename to net-misc/ntpsec/ntpsec-1.2.1-r2.ebuild
index 379a375aacd1..80e17ecb6cb5 100644
--- a/net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.2.1-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
@@ -60,6 +60,7 @@ DEPEND="${CDEPEND}
PATCHES=(
"${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch"
"${FILESDIR}/${PN}-1.2.1-seccomp-rollup.patch"
+ "${FILESDIR}/${PN}-1.2.1-seccomp-rseq-glibc-2.35.patch"
)
WAF_BINARY="${S}/waf"
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 885bd9eb1a8173fdae19461f80f312d1244acecf
Author: Steve Arnold gentoo org>
AuthorDate: Fri Dec 3 19:27:16 2021 +
Commit: Steve Arnold gentoo org>
CommitDate: Fri Dec 3 19:28:08 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=885bd9eb
net-misc/ntpsec: seccomp cleanup, (really) fixes seccomp on riscv
* rollup seccomp changes into single patch against 1.2.1
* remove old seccomp patches
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Steve Arnold gentoo.org>
...sec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch | 16 ---
.../files/ntpsec-1.2.0-move-newfstatat.patch | 20
net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 30 --
.../files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch | 21
.../ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch | 116 +
net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild | 5 +-
6 files changed, 117 insertions(+), 91 deletions(-)
diff --git
a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
deleted file mode 100644
index ee75d103d2e6..
--- a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
-index
4e5ceaa36c1a7b452445023e201ddb6211625c52..78ac7aea263ed3d3394b2d32e79a6836f0387434
100644
a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -428,6 +428,11 @@ int scmp_sc[] = {
- /* gentoo 64-bit and 32-bit, Intel and Arm use mmap */
- SCMP_SYS(mmap),
- #endif
-+#if defined(__aarch64__)
-+ SCMP_SYS(faccessat),
-+ SCMP_SYS(newfstatat),
-+ SCMP_SYS(renameat),
-+#endif
- #if defined(__i386__) || defined(__arm__) || defined(__powerpc__)
- SCMP_SYS(_newselect),
- SCMP_SYS(_llseek),
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-move-newfstatat.patch
b/net-misc/ntpsec/files/ntpsec-1.2.0-move-newfstatat.patch
deleted file mode 100644
index 75453c6cb5f6..
--- a/net-misc/ntpsec/files/ntpsec-1.2.0-move-newfstatat.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
-index e66faaa8c..b2af654e5 100644
a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -349,6 +349,7 @@ int scmp_sc[] = {
- SCMP_SYS(lseek),
- SCMP_SYS(membarrier), /* Needed on Alpine 3.11.3 */
- SCMP_SYS(munmap),
-+ SCMP_SYS(newfstatat),
- SCMP_SYS(open),
- #ifdef __NR_openat
- SCMP_SYS(openat), /* SUSE */
-@@ -451,7 +452,6 @@ int scmp_sc[] = {
- #endif
- #if defined(__aarch64__)
- SCMP_SYS(faccessat),
-- SCMP_SYS(newfstatat),
- SCMP_SYS(renameat),
- SCMP_SYS(linkat),
- SCMP_SYS(unlinkat),
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
deleted file mode 100644
index 27dd321e2a29..
--- a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-https://bugs.gentoo.org/705128
-https://bugs.gentoo.org/786228
a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -463,6 +463,15 @@ int scmp_sc[] = {
-SCMP_SYS(send),
-SCMP_SYS(stat64),
- #endif
-+#if defined(__arm__)
-+ SCMP_SYS(statx),
-+#endif
-+#if defined(__riscv32__) || defined(__riscv64__)
-+ SCMP_SYS(faccessat),
-+#endif
-+#if defined(__aarch64__) || defined(__riscv64__)
-+ SCMP_SYS(syscall),
-+#endif
- };
-{
-for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) {
a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -355,6 +355,7 @@ int scmp_sc[] = {
- SCMP_SYS(openat), /* SUSE */
- #endif
- SCMP_SYS(poll),
-+ SCMP_SYS(pread64),
- SCMP_SYS(pselect6),
- SCMP_SYS(read),
- SCMP_SYS(recvfrom),/* Comment this out for testing.
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch
b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch
deleted file mode 100644
index 5936adaf9a49..
--- a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://bugs.gentoo.org/823692
-https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1247
-https://gitlab.com/NTPsec/ntpsec/-/issues/713
-
-From 170d60b7e269154fb108bb4b010ee5ee0110bf2d Mon Sep 17 00:00:00 2001
-From: Sam James
-Date: Sun, 14 Nov 2021 08:44:28 +
-Subject: [PATCH] ntpd/ntp_sandbox.c: allow clone3 in seccomp filter for
- glibc-2.34
-
-Signed-off-by: Sam James
a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -403,6 +403,7 @@ int scmp_sc[] = {
- * rather than generate a trap.
- */
- SCMP_SYS(clone),/* threads */
-+ SCMP_SYS(clone3),
- SCMP_SYS(kill), /* generate signal */
- SCMP_SYS(madvise),
- SCMP_SYS(mprotect),
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch
b/net-misc/ntpsec/
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 540ea2504d870d6ff28f61b3b399d178c7ae4df8
Author: Sam James gentoo org>
AuthorDate: Fri Jun 11 06:38:33 2021 +
Commit: Sam James gentoo org>
CommitDate: Fri Jun 11 06:38:33 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=540ea250
net-misc/ntpsec: add additional pread64 syscall patch
Closes: https://bugs.gentoo.org/786228
Signed-off-by: Sam James gentoo.org>
net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 11 +++
.../ntpsec/{ntpsec-1.2.0-r2.ebuild => ntpsec-1.2.0-r3.ebuild} | 1 +
2 files changed, 12 insertions(+)
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
index e4dc47f19cc..65c13189e9d 100644
--- a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
+++ b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
@@ -1,4 +1,5 @@
https://bugs.gentoo.org/705128
+https://bugs.gentoo.org/786228
--- a/ntpd/ntp_sandbox.c
+++ b/ntpd/ntp_sandbox.c
@@ -463,6 +463,15 @@ int scmp_sc[] = {
@@ -17,3 +18,13 @@ https://bugs.gentoo.org/705128
};
{
for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) {
+--- a/ntpd/ntp_sandbox.c
b/ntpd/ntp_sandbox.c
+@@ -355,6 +355,7 @@ int scmp_sc[] = {
+ SCMP_SYS(openat), /* SUSE */
+ #endif
+ SCMP_SYS(poll),
++ SCMP_SYS(pread64),
+ SCMP_SYS(pselect6),
+ SCMP_SYS(read),
+ SCMP_SYS(recvfrom),/* Comment this out for testing.
diff --git a/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild
b/net-misc/ntpsec/ntpsec-1.2.0-r3.ebuild
similarity index 99%
rename from net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild
rename to net-misc/ntpsec/ntpsec-1.2.0-r3.ebuild
index 4a5784ca79e..9d2d01df34e 100644
--- a/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.2.0-r3.ebuild
@@ -68,6 +68,7 @@ WAF_BINARY="${S}/waf"
src_prepare() {
default
+
# Remove autostripping of binaries
sed -i -e '/Strip binaries/d' wscript || die
if ! use libbsd ; then
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: a87107cfff01e74e3519624360dbd72a60a1fdd9
Author: Sam James gentoo org>
AuthorDate: Thu Jun 10 21:09:31 2021 +
Commit: Sam James gentoo org>
CommitDate: Thu Jun 10 21:09:31 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a87107cf
net-misc/ntpsec: add seccomp patch from upstream
Closes: https://bugs.gentoo.org/786228
Closes: https://bugs.gentoo.org/705128
Signed-off-by: Sam James gentoo.org>
net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 19 +++
...{ntpsec-1.2.0-r1.ebuild => ntpsec-1.2.0-r2.ebuild} | 5 +++--
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
new file mode 100644
index 000..e4dc47f19cc
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
@@ -0,0 +1,19 @@
+https://bugs.gentoo.org/705128
+--- a/ntpd/ntp_sandbox.c
b/ntpd/ntp_sandbox.c
+@@ -463,6 +463,15 @@ int scmp_sc[] = {
+SCMP_SYS(send),
+SCMP_SYS(stat64),
+ #endif
++#if defined(__arm__)
++ SCMP_SYS(statx),
++#endif
++#if defined(__riscv32__)
++ SCMP_SYS(faccessat),
++#endif
++#if defined(__aarch64__)
++ SCMP_SYS(syscall);
++#endif
+ };
+{
+for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) {
diff --git a/net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild
b/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild
similarity index 98%
rename from net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild
rename to net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild
index b303b583ef9..4a5784ca79e 100644
--- a/net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild
@@ -1,9 +1,9 @@
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=6
+EAPI=7
-PYTHON_COMPAT=( python3_{6..9} )
+PYTHON_COMPAT=( python3_{7..9} )
PYTHON_REQ_USE='threads(+)'
DISTUTILS_USE_SETUPTOOLS=no
@@ -61,6 +61,7 @@ PATCHES=(
"${FILESDIR}/${PN}-1.1.8-fix-missing-scmp_sys-on-aarch64.patch"
"${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch"
"${FILESDIR}/${PN}-1.2.0-move-newfstatat.patch"
+ "${FILESDIR}/${PN}-1.2.0-seccomp.patch"
)
WAF_BINARY="${S}/waf"
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 8728d886de354b0784996f49c07f1c4ed87f59a9
Author: Michał Górny gentoo org>
AuthorDate: Fri Jan 1 01:32:52 2021 +
Commit: Michał Górny gentoo org>
CommitDate: Fri Jan 1 01:32:52 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8728d886
net-misc/ntpsec: Remove old (py3.6)
Signed-off-by: Michał Górny gentoo.org>
net-misc/ntpsec/Manifest | 2 -
net-misc/ntpsec/files/ntpd.service | 15 -
...-make-sure-logrotate-config-has-missingok.patch | 28 --
...ternalize-sys_maxclock-fix-for-bug-708522.patch | 23 --
.../ntpsec-1.1.8-fix-asciidoc-version-detect.patch | 372 -
net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild | 159 -
net-misc/ntpsec/ntpsec-1.1.8.ebuild| 167 -
7 files changed, 766 deletions(-)
diff --git a/net-misc/ntpsec/Manifest b/net-misc/ntpsec/Manifest
index d0f3a234207..ce7e422fd68 100644
--- a/net-misc/ntpsec/Manifest
+++ b/net-misc/ntpsec/Manifest
@@ -1,3 +1 @@
-DIST ntpsec-1.1.7.tar.gz 2534524 BLAKE2B
5777ecca4ceb988632fadc0e7124530993a7758cdf335e8cd90f0ec1a8b643be89b67c0e2bf49d6d7193bf92ded138af0df4b5856c0d113f552ef22dd8a6cadf
SHA512
734b12820539e655e504dd5071a58b9d1f80c0b0c3c7458c797ba7ada23d8e446751fbcbddd9832d9151a3ba9464749878db9e77e23cdd5f6215ab9e1d908ae9
-DIST ntpsec-1.1.8.tar.gz 2589363 BLAKE2B
e7e11a7d980599ac598f084608160d3f6f6cf8e2aab5fb45cc15cabca30462bd03db7b9ecc140826c5d7b5e26f49b48f7f2b6043bdc2ffa1d73167347fb8123f
SHA512
0920f25adf68f1b8ccd1734c5d61ba1c858cd86b342db7b5155dd9b58e538aa96aad3fd4058597f079ec3df63cb51d2900ac8e6d9c84d6f2bd4a3a22cc0c967c
DIST ntpsec-1.1.9.tar.gz 2606066 BLAKE2B
bbc482333c7f86936fa20751df1b427bc24be159969050caf5751e26724714bbf6491b120986563497f015c96ac9cdbdf0e999c6446a68798aff23076f631ecc
SHA512
e04267aa675a5b528f3478d00329a569ecb9bbe2b6ad18697020854d2ee451bc188c4603cd5f420a08a7e3bf047d2db1301416f57f9156df23aceb1f57303b0b
diff --git a/net-misc/ntpsec/files/ntpd.service
b/net-misc/ntpsec/files/ntpd.service
deleted file mode 100644
index a551bb7b130..000
--- a/net-misc/ntpsec/files/ntpd.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Network Time Service
-After=network.target nss-lookup.target
-Conflicts=systemd-timesyncd.service
-
-[Service]
-Type=forking
-PrivateTmp=true
-EnvironmentFile=-/etc/conf.d/ntp
-ExecStart=/usr/sbin/ntpd ${NTPD_OPTS}
-Restart=always
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
diff --git
a/net-misc/ntpsec/files/ntpsec-1.1.7-make-sure-logrotate-config-has-missingok.patch
b/net-misc/ntpsec/files/ntpsec-1.1.7-make-sure-logrotate-config-has-missingok.patch
deleted file mode 100644
index 4556d7a50f7..000
---
a/net-misc/ntpsec/files/ntpsec-1.1.7-make-sure-logrotate-config-has-missingok.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 252a301aba9a685b5b6df7824c576f52cc19fb81 Mon Sep 17 00:00:00 2001
-From: Stephen Arnold
-Date: Fri, 8 Nov 2019 16:41:16 -0800
-Subject: [PATCH] etc/logrotate-config.ntpd: make sure it has missingok
-
-* note master branch does not need this, but all the releases do
-
-Signed-off-by: Stephen Arnold
- etc/logrotate-config.ntpd | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/etc/logrotate-config.ntpd b/etc/logrotate-config.ntpd
-index e5d8616bf..a49129d45 100644
a/etc/logrotate-config.ntpd
-+++ b/etc/logrotate-config.ntpd
-@@ -5,6 +5,8 @@
-
- /var/log/ntpd.log {
- monthly
-+notifempty
-+missingok
- postrotate
- /usr/bin/killall -HUP ntpd
- endscript
---
-2.21.0
-
diff --git
a/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch
b/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch
deleted file mode 100644
index caeaf1824cc..000
---
a/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From ccdd9d4b941b30fc44b301595e42809dbe48628d Mon Sep 17 00:00:00 2001
-From: James Browning
-Date: Sun, 26 Jan 2020 09:58:36 -0800
-Subject: [PATCH] Externalize sys_maxclock from include/ntpd.h ...
-
-I think this will shut up the Fedora Rawhide runners
- include/ntpd.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/include/ntpd.h b/include/ntpd.h
-index c4f9b9e45..ee16678e1 100644
a/include/ntpd.h
-+++ b/include/ntpd.h
-@@ -369,7 +369,7 @@ extern int peer_associations; /* mobilized
associations */
- * System variables are declared here.See Section 3.2 of the
- * specification.
- */
--int sys_maxclock; /* maximum candidates */
-+extern intsys_maxclock; /* maximum candidates */
- struct system_variables {
- uint8_t sys_leap; /* system leap indicator */
- uint8_t sys_stratum;/* system stratum */
diff --git
a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-asciidoc-version-detect.patch
b/net-misc/ntpsec/files/ntpsec-1.1.8-
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 7f1e7fafe1ce27758f59f65282b93b1b70f3badd
Author: Steve Arnold gentoo org>
AuthorDate: Wed Oct 7 22:47:07 2020 +
Commit: Steve Arnold gentoo org>
CommitDate: Wed Oct 7 22:48:44 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f1e7faf
net-misc/ntpsec: short-circuit broken asciidoctor version parsing
* update doc use flag for new upstream default
Closes: https://bugs.gentoo.org/746872
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Steve Arnold gentoo.org>
.../ntpsec-1.1.9-remove-asciidoctor-from-config.patch | 14 ++
net-misc/ntpsec/ntpsec-1.1.9.ebuild| 9 +++--
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git
a/net-misc/ntpsec/files/ntpsec-1.1.9-remove-asciidoctor-from-config.patch
b/net-misc/ntpsec/files/ntpsec-1.1.9-remove-asciidoctor-from-config.patch
new file mode 100644
index 000..1f483ce33fb
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-1.1.9-remove-asciidoctor-from-config.patch
@@ -0,0 +1,14 @@
+--- a/wafhelpers/asciidoc.py 2020-10-06 20:14:47.040245129 -0700
b/wafhelpers/asciidoc.py 2020-10-06 20:17:48.100394117 -0700
+@@ -37,9 +37,9 @@
+ # asciidoc versions 8.6.5-8.6.7 throw warnings for warp.adoc and versions
+ # < 8.6.4 have no HTML5 backend.
+ # asciidoc3 versions < 3.0.2 throw errors.
+-adoc_list = [['asciidoctor', (1, 5, 8)],
+- ['asciidoc', (8, 6, 8)],
++adoc_list = [['asciidoc', (8, 6, 8)],
+ ['asciidoc3', (3, 0, 2)],
++ ['asciidoctor-bad', (1, 5, 8)],
+ ]
+ for progname, asciidocminver in adoc_list:
+ if 'BIN_ASCIIDOC' not in ctx.env or ctx.env.BIN_ASCIIDOC == []:
diff --git a/net-misc/ntpsec/ntpsec-1.1.9.ebuild
b/net-misc/ntpsec/ntpsec-1.1.9.ebuild
index 1af747e2e91..51381f4b16b 100644
--- a/net-misc/ntpsec/ntpsec-1.1.9.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.1.9.ebuild
@@ -48,7 +48,7 @@ RDEPEND="${CDEPEND}
acct-user/ntp
"
DEPEND="${CDEPEND}
- app-text/asciidoc
+ >=app-text/asciidoc-8.6.8
dev-libs/libxslt
app-text/docbook-xsl-stylesheets
sys-devel/bison
@@ -56,6 +56,11 @@ DEPEND="${CDEPEND}
rclock_pps? ( net-misc/pps-tools )
"
+PATCHES=(
+ "${FILESDIR}/${PN}-1.1.8-fix-missing-scmp_sys-on-aarch64.patch"
+ "${FILESDIR}/${P}-remove-asciidoctor-from-config.patch"
+)
+
WAF_BINARY="${S}/waf"
src_prepare() {
@@ -87,7 +92,7 @@ src_configure() {
--nopyo
--refclock="${CLOCKSTRING}"
--build-epoch="$(date +%s)"
- $(use doc && echo "--enable-doc")
+ $(use doc || echo "--disable-doc")
$(use early && echo "--enable-early-droproot")
$(use gdb && echo "--enable-debug-gdb")
$(use samba && echo "--enable-mssntp")
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 7c1e475b98330cf1f061309369e832500a123388
Author: Stephen Arnold gentoo org>
AuthorDate: Fri Mar 13 02:48:45 2020 +
Commit: Steve Arnold gentoo org>
CommitDate: Fri Mar 13 02:48:45 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c1e475b
net-misc/ntpsec: add upstream seccomp fix and update systemd file
* closes bugs #705348 and #705128
Package-Manager: Portage-2.3.67, Repoman-2.3.17
Signed-off-by: Steve Arnold gentoo.org>
net-misc/ntpsec/files/ntpd-r1.service| 5 ++---
.../ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch | 16
net-misc/ntpsec/ntpsec-1.1.8.ebuild | 3 ++-
3 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/net-misc/ntpsec/files/ntpd-r1.service
b/net-misc/ntpsec/files/ntpd-r1.service
index 5da473805aa..8bc16f9f634 100644
--- a/net-misc/ntpsec/files/ntpd-r1.service
+++ b/net-misc/ntpsec/files/ntpd-r1.service
@@ -4,10 +4,9 @@ After=network.target nss-lookup.target
Conflicts=systemd-timesyncd.service
[Service]
-Type=forking
+Type=simple
PrivateTmp=true
-EnvironmentFile=-/etc/conf.d/ntp
-ExecStart=/usr/sbin/ntpd ${NTPD_OPTS}
+ExecStart=/usr/sbin/ntpd --configfile=/etc/ntp.conf --panicgate --user=ntp:ntp
--nofork
# Specifying -g on the command line allows ntpd to make large adjustments to
# the clock on boot. However, if Restart=yes is set, a malicious (or broken)
# server could send the incorrect time, trip the panic threshold, and when
diff --git
a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
new file mode 100644
index 000..ee75d103d2e
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
@@ -0,0 +1,16 @@
+diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
+index
4e5ceaa36c1a7b452445023e201ddb6211625c52..78ac7aea263ed3d3394b2d32e79a6836f0387434
100644
+--- a/ntpd/ntp_sandbox.c
b/ntpd/ntp_sandbox.c
+@@ -428,6 +428,11 @@ int scmp_sc[] = {
+ /* gentoo 64-bit and 32-bit, Intel and Arm use mmap */
+ SCMP_SYS(mmap),
+ #endif
++#if defined(__aarch64__)
++ SCMP_SYS(faccessat),
++ SCMP_SYS(newfstatat),
++ SCMP_SYS(renameat),
++#endif
+ #if defined(__i386__) || defined(__arm__) || defined(__powerpc__)
+ SCMP_SYS(_newselect),
+ SCMP_SYS(_llseek),
diff --git a/net-misc/ntpsec/ntpsec-1.1.8.ebuild
b/net-misc/ntpsec/ntpsec-1.1.8.ebuild
index 128e2a23826..d0003067a4f 100644
--- a/net-misc/ntpsec/ntpsec-1.1.8.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.1.8.ebuild
@@ -62,7 +62,8 @@ DEPEND="${CDEPEND}
WAF_BINARY="${S}/waf"
-PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch"
)
+PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch"
+ "${FILESDIR}/${P}-fix-missing-scmp_sys-on-aarch64.patch" )
src_prepare() {
default
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 47924c9cc6c4597423b6147b2c246ab6438fa027
Author: Stephen Arnold gentoo org>
AuthorDate: Mon Mar 9 23:54:18 2020 +
Commit: Steve Arnold gentoo org>
CommitDate: Tue Mar 10 00:01:50 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47924c9c
net-misc/ntpsec: add upstream patch and expand py3 compat
* closes bugs #709258 and #710414
Package-Manager: Portage-2.3.67, Repoman-2.3.17
Signed-off-by: Steve Arnold gentoo.org>
...ternalize-sys_maxclock-fix-for-bug-708522.patch | 23 ++
net-misc/ntpsec/ntpsec-1.1.8.ebuild| 4 +++-
net-misc/ntpsec/ntpsec-.ebuild | 2 +-
3 files changed, 27 insertions(+), 2 deletions(-)
diff --git
a/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch
b/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch
new file mode 100644
index 000..caeaf1824cc
--- /dev/null
+++
b/net-misc/ntpsec/files/ntpsec-1.1.8-externalize-sys_maxclock-fix-for-bug-708522.patch
@@ -0,0 +1,23 @@
+From ccdd9d4b941b30fc44b301595e42809dbe48628d Mon Sep 17 00:00:00 2001
+From: James Browning
+Date: Sun, 26 Jan 2020 09:58:36 -0800
+Subject: [PATCH] Externalize sys_maxclock from include/ntpd.h ...
+
+I think this will shut up the Fedora Rawhide runners
+---
+ include/ntpd.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/ntpd.h b/include/ntpd.h
+index c4f9b9e45..ee16678e1 100644
+--- a/include/ntpd.h
b/include/ntpd.h
+@@ -369,7 +369,7 @@ extern int peer_associations; /* mobilized
associations */
+ * System variables are declared here.See Section 3.2 of the
+ * specification.
+ */
+-int sys_maxclock; /* maximum candidates */
++extern intsys_maxclock; /* maximum candidates */
+ struct system_variables {
+ uint8_t sys_leap; /* system leap indicator */
+ uint8_t sys_stratum;/* system stratum */
diff --git a/net-misc/ntpsec/ntpsec-1.1.8.ebuild
b/net-misc/ntpsec/ntpsec-1.1.8.ebuild
index 1316806dc69..128e2a23826 100644
--- a/net-misc/ntpsec/ntpsec-1.1.8.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.1.8.ebuild
@@ -3,7 +3,7 @@
EAPI=6
-PYTHON_COMPAT=( python3_6 )
+PYTHON_COMPAT=( python3_{6,7,8} )
PYTHON_REQ_USE='threads(+)'
inherit flag-o-matic python-r1 waf-utils systemd
@@ -62,6 +62,8 @@ DEPEND="${CDEPEND}
WAF_BINARY="${S}/waf"
+PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch"
)
+
src_prepare() {
default
# Remove autostripping of binaries
diff --git a/net-misc/ntpsec/ntpsec-.ebuild
b/net-misc/ntpsec/ntpsec-.ebuild
index 1316806dc69..36dc8d08088 100644
--- a/net-misc/ntpsec/ntpsec-.ebuild
+++ b/net-misc/ntpsec/ntpsec-.ebuild
@@ -3,7 +3,7 @@
EAPI=6
-PYTHON_COMPAT=( python3_6 )
+PYTHON_COMPAT=( python3_{6,7,8} )
PYTHON_REQ_USE='threads(+)'
inherit flag-o-matic python-r1 waf-utils systemd
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: def2c6ace829ce9e98c8963802a0b3baf916ac72
Author: Thomas Deutschmann gentoo org>
AuthorDate: Sat Oct 26 17:49:47 2019 +
Commit: Thomas Deutschmann gentoo org>
CommitDate: Sat Oct 26 17:50:54 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=def2c6ac
net-misc/ntpsec: update unit file to avoid CVE-2015-5300
Bug: https://bugs.gentoo.org/697024
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann gentoo.org>
net-misc/ntpsec/files/ntpd-r1.service | 19 +++
.../{ntpsec-1.1.7.ebuild => ntpsec-1.1.7-r1.ebuild} | 2 +-
net-misc/ntpsec/ntpsec-.ebuild| 2 +-
3 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/net-misc/ntpsec/files/ntpd-r1.service
b/net-misc/ntpsec/files/ntpd-r1.service
new file mode 100644
index 000..5da473805aa
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpd-r1.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Network Time Service
+After=network.target nss-lookup.target
+Conflicts=systemd-timesyncd.service
+
+[Service]
+Type=forking
+PrivateTmp=true
+EnvironmentFile=-/etc/conf.d/ntp
+ExecStart=/usr/sbin/ntpd ${NTPD_OPTS}
+# Specifying -g on the command line allows ntpd to make large adjustments to
+# the clock on boot. However, if Restart=yes is set, a malicious (or broken)
+# server could send the incorrect time, trip the panic threshold, and when
+# ntpd restarts, serve it the incorrect time (which would be accepted).
+Restart=no
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-misc/ntpsec/ntpsec-1.1.7.ebuild
b/net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild
similarity index 98%
rename from net-misc/ntpsec/ntpsec-1.1.7.ebuild
rename to net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild
index e5bf13be3be..d6b4b305459 100644
--- a/net-misc/ntpsec/ntpsec-1.1.7.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild
@@ -132,7 +132,7 @@ src_install() {
newconfd "${FILESDIR}"/ntpd.confd ntp
# Install the systemd unit file
- systemd_newunit "${FILESDIR}"/ntpd.service ntpd.service
+ systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service
# Prepare a directory for the ntp.drift file
mkdir -pv "${ED}"/var/lib/ntp
diff --git a/net-misc/ntpsec/ntpsec-.ebuild
b/net-misc/ntpsec/ntpsec-.ebuild
index 7cc6f74f6d3..050f701b387 100644
--- a/net-misc/ntpsec/ntpsec-.ebuild
+++ b/net-misc/ntpsec/ntpsec-.ebuild
@@ -131,7 +131,7 @@ src_install() {
newconfd "${FILESDIR}"/ntpd.confd ntp
# Install the systemd unit file
- systemd_newunit "${FILESDIR}"/ntpd.service ntpd.service
+ systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service
# Prepare a directory for the ntp.drift file
mkdir -pv "${ED}"/var/lib/ntp
[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
commit: 33b69061f73aa4c921ecb0d3ac371484f76620b7
Author: Anthony G. Basile gentoo org>
AuthorDate: Wed Feb 28 13:23:16 2018 +
Commit: Anthony G. Basile gentoo org>
CommitDate: Wed Feb 28 13:23:36 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33b69061
net-misc/ntpsec: backport fix for seccomp + early-droproot
See: https://gitlab.com/NTPsec/ntpsec/issues/460
Package-Manager: Portage-2.3.19, Repoman-2.3.6
net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch | 16
.../{ntpsec-1.0.0-r5.ebuild => ntpsec-1.0.0-r6.ebuild} | 4
2 files changed, 20 insertions(+)
diff --git a/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch
b/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch
new file mode 100644
index 000..b9716569f63
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch
@@ -0,0 +1,16 @@
+This is a backport of
https://gitlab.com/NTPsec/ntpsec/commit/eef92d6217da03ad2ae41e298d110bdb05031381
+
+diff -Naur ntpsec-1.0.0.orig/ntpd/ntp_sandbox.c ntpsec-1.0.0/ntpd/ntp_sandbox.c
+--- ntpsec-1.0.0.orig/ntpd/ntp_sandbox.c 2017-10-09 23:54:39.0
-0400
ntpsec-1.0.0/ntpd/ntp_sandbox.c2018-02-28 07:31:28.381406881 -0500
+@@ -354,6 +354,10 @@
+ SCMP_SYS(write),
+ SCMP_SYS(unlink),
+
++#ifdef ENABLE_EARLY_DROPROOT
++ SCMP_SYS(getdents),
++#endif
++
+ #ifdef ENABLE_DNS_LOOKUP
+ /* Don't comment out this block for testing.
+ * pthread_create blocks signals so it will crash
diff --git a/net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild
b/net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild
similarity index 97%
rename from net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild
rename to net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild
index 5ab45707dee..890ec4f7ebf 100644
--- a/net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild
@@ -66,6 +66,10 @@ pkg_setup() {
src_prepare() {
default
+
+ # See https://gitlab.com/NTPsec/ntpsec/issues/460
+ eapply "${FILESDIR}"/${P}-fix-seccomp.patch
+
python_copy_sources
}
