diff options
| author |   Stephen Arnold <nerdboy@gentoo.org> | 2020-03-12 19:48:45 -0700 |
|---|---|---|
| committer | Stephen Arnold <nerdboy@gentoo.org> | 2020-03-12 19:48:45 -0700 |
| commit | 7c1e475b98330cf1f061309369e832500a123388 (patch) | |
| tree | 0d57acbb4e25f76c3a474f27f15f565b39bf03ba | |
| parent | dev-lang/mmix: tweak for gcc-10 (diff) | |
| download | gentoo-7c1e475b98330cf1f061309369e832500a123388.tar.gz gentoo-7c1e475b98330cf1f061309369e832500a123388.tar.bz2 gentoo-7c1e475b98330cf1f061309369e832500a123388.zip | |
net-misc/ntpsec: add upstream seccomp fix and update systemd file
* closes bugs #705348 and #705128
Package-Manager: Portage-2.3.67, Repoman-2.3.17
Signed-off-by: Steve Arnold <nerdboy@gentoo.org>
| -rw-r--r-- | net-misc/ntpsec/files/ntpd-r1.service | 5 | ||||
| -rw-r--r-- | net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch | 16 | ||||
| -rw-r--r-- | net-misc/ntpsec/ntpsec-1.1.8.ebuild | 3 |
3 files changed, 20 insertions, 4 deletions
diff --git a/net-misc/ntpsec/files/ntpd-r1.service b/net-misc/ntpsec/files/ntpd-r1.service index 5da473805aa0..8bc16f9f634a 100644 --- a/net-misc/ntpsec/files/ntpd-r1.service +++ b/net-misc/ntpsec/files/ntpd-r1.service @@ -4,10 +4,9 @@ After=network.target nss-lookup.target Conflicts=systemd-timesyncd.service [Service] -Type=forking +Type=simple PrivateTmp=true -EnvironmentFile=-/etc/conf.d/ntp -ExecStart=/usr/sbin/ntpd ${NTPD_OPTS} +ExecStart=/usr/sbin/ntpd --configfile=/etc/ntp.conf --panicgate --user=ntp:ntp --nofork # Specifying -g on the command line allows ntpd to make large adjustments to # the clock on boot. However, if Restart=yes is set, a malicious (or broken) # server could send the incorrect time, trip the panic threshold, and when diff --git a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch new file mode 100644 index 000000000000..ee75d103d2e6 --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch @@ -0,0 +1,16 @@ +diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c +index 4e5ceaa36c1a7b452445023e201ddb6211625c52..78ac7aea263ed3d3394b2d32e79a6836f0387434 100644 +--- a/ntpd/ntp_sandbox.c ++++ b/ntpd/ntp_sandbox.c +@@ -428,6 +428,11 @@ int scmp_sc[] = { + /* gentoo 64-bit and 32-bit, Intel and Arm use mmap */ + SCMP_SYS(mmap), + #endif ++#if defined(__aarch64__) ++ SCMP_SYS(faccessat), ++ SCMP_SYS(newfstatat), ++ SCMP_SYS(renameat), ++#endif + #if defined(__i386__) || defined(__arm__) || defined(__powerpc__) + SCMP_SYS(_newselect), + SCMP_SYS(_llseek), diff --git a/net-misc/ntpsec/ntpsec-1.1.8.ebuild b/net-misc/ntpsec/ntpsec-1.1.8.ebuild index 128e2a23826c..d0003067a4f7 100644 --- a/net-misc/ntpsec/ntpsec-1.1.8.ebuild +++ b/net-misc/ntpsec/ntpsec-1.1.8.ebuild @@ -62,7 +62,8 @@ DEPEND="${CDEPEND} WAF_BINARY="${S}/waf" -PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch" ) +PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch" + "${FILESDIR}/${P}-fix-missing-scmp_sys-on-aarch64.patch" ) src_prepare() { default |