Gentoo Archives: gentoo-commits

From: Steve Arnold <nerdboy@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/
Date: Fri, 03 Dec 2021 19:28:22
Message-Id: 1638559688.885bd9eb1a8173fdae19461f80f312d1244acecf.nerdboy@gentoo
1 commit: 885bd9eb1a8173fdae19461f80f312d1244acecf
2 Author: Steve Arnold <nerdboy <AT> gentoo <DOT> org>
3 AuthorDate: Fri Dec 3 19:27:16 2021 +0000
4 Commit: Steve Arnold <nerdboy <AT> gentoo <DOT> org>
5 CommitDate: Fri Dec 3 19:28:08 2021 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=885bd9eb
7
8 net-misc/ntpsec: seccomp cleanup, (really) fixes seccomp on riscv
9
10 * rollup seccomp changes into single patch against 1.2.1
11 * remove old seccomp patches
12
13 Package-Manager: Portage-3.0.20, Repoman-3.0.3
14 Signed-off-by: Steve Arnold <nerdboy <AT> gentoo.org>
15
16 ...sec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch | 16 ---
17 .../files/ntpsec-1.2.0-move-newfstatat.patch | 20 ----
18 net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 30 ------
19 .../files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch | 21 ----
20 .../ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch | 116 +++++++++++++++++++++
21 net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild | 5 +-
22 6 files changed, 117 insertions(+), 91 deletions(-)
23
24 diff --git a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
25 deleted file mode 100644
26 index ee75d103d2e6..000000000000
27 --- a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
28 +++ /dev/null
29 @@ -1,16 +0,0 @@
30 -diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
31 -index 4e5ceaa36c1a7b452445023e201ddb6211625c52..78ac7aea263ed3d3394b2d32e79a6836f0387434 100644
32 ---- a/ntpd/ntp_sandbox.c
33 -+++ b/ntpd/ntp_sandbox.c
34 -@@ -428,6 +428,11 @@ int scmp_sc[] = {
35 - /* gentoo 64-bit and 32-bit, Intel and Arm use mmap */
36 - SCMP_SYS(mmap),
37 - #endif
38 -+#if defined(__aarch64__)
39 -+ SCMP_SYS(faccessat),
40 -+ SCMP_SYS(newfstatat),
41 -+ SCMP_SYS(renameat),
42 -+#endif
43 - #if defined(__i386__) || defined(__arm__) || defined(__powerpc__)
44 - SCMP_SYS(_newselect),
45 - SCMP_SYS(_llseek),
46
47 diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-move-newfstatat.patch b/net-misc/ntpsec/files/ntpsec-1.2.0-move-newfstatat.patch
48 deleted file mode 100644
49 index 75453c6cb5f6..000000000000
50 --- a/net-misc/ntpsec/files/ntpsec-1.2.0-move-newfstatat.patch
51 +++ /dev/null
52 @@ -1,20 +0,0 @@
53 -diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
54 -index e66faaa8c..b2af654e5 100644
55 ---- a/ntpd/ntp_sandbox.c
56 -+++ b/ntpd/ntp_sandbox.c
57 -@@ -349,6 +349,7 @@ int scmp_sc[] = {
58 - SCMP_SYS(lseek),
59 - SCMP_SYS(membarrier), /* Needed on Alpine 3.11.3 */
60 - SCMP_SYS(munmap),
61 -+ SCMP_SYS(newfstatat),
62 - SCMP_SYS(open),
63 - #ifdef __NR_openat
64 - SCMP_SYS(openat), /* SUSE */
65 -@@ -451,7 +452,6 @@ int scmp_sc[] = {
66 - #endif
67 - #if defined(__aarch64__)
68 - SCMP_SYS(faccessat),
69 -- SCMP_SYS(newfstatat),
70 - SCMP_SYS(renameat),
71 - SCMP_SYS(linkat),
72 - SCMP_SYS(unlinkat),
73
74 diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
75 deleted file mode 100644
76 index 27dd321e2a29..000000000000
77 --- a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch
78 +++ /dev/null
79 @@ -1,30 +0,0 @@
80 -https://bugs.gentoo.org/705128
81 -https://bugs.gentoo.org/786228
82 ---- a/ntpd/ntp_sandbox.c
83 -+++ b/ntpd/ntp_sandbox.c
84 -@@ -463,6 +463,15 @@ int scmp_sc[] = {
85 - SCMP_SYS(send),
86 - SCMP_SYS(stat64),
87 - #endif
88 -+#if defined(__arm__)
89 -+ SCMP_SYS(statx),
90 -+#endif
91 -+#if defined(__riscv32__) || defined(__riscv64__)
92 -+ SCMP_SYS(faccessat),
93 -+#endif
94 -+#if defined(__aarch64__) || defined(__riscv64__)
95 -+ SCMP_SYS(syscall),
96 -+#endif
97 - };
98 - {
99 - for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) {
100 ---- a/ntpd/ntp_sandbox.c
101 -+++ b/ntpd/ntp_sandbox.c
102 -@@ -355,6 +355,7 @@ int scmp_sc[] = {
103 - SCMP_SYS(openat), /* SUSE */
104 - #endif
105 - SCMP_SYS(poll),
106 -+ SCMP_SYS(pread64),
107 - SCMP_SYS(pselect6),
108 - SCMP_SYS(read),
109 - SCMP_SYS(recvfrom), /* Comment this out for testing.
110
111 diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch
112 deleted file mode 100644
113 index 5936adaf9a49..000000000000
114 --- a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-glibc-2-3-4.patch
115 +++ /dev/null
116 @@ -1,21 +0,0 @@
117 -https://bugs.gentoo.org/823692
118 -https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1247
119 -https://gitlab.com/NTPsec/ntpsec/-/issues/713
120 -
121 -From 170d60b7e269154fb108bb4b010ee5ee0110bf2d Mon Sep 17 00:00:00 2001
122 -From: Sam James <sam@g.o>
123 -Date: Sun, 14 Nov 2021 08:44:28 +0000
124 -Subject: [PATCH] ntpd/ntp_sandbox.c: allow clone3 in seccomp filter for
125 - glibc-2.34
126 -
127 -Signed-off-by: Sam James <sam@g.o>
128 ---- a/ntpd/ntp_sandbox.c
129 -+++ b/ntpd/ntp_sandbox.c
130 -@@ -403,6 +403,7 @@ int scmp_sc[] = {
131 - * rather than generate a trap.
132 - */
133 - SCMP_SYS(clone), /* threads */
134 -+ SCMP_SYS(clone3),
135 - SCMP_SYS(kill), /* generate signal */
136 - SCMP_SYS(madvise),
137 - SCMP_SYS(mprotect),
138
139 diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch
140 new file mode 100644
141 index 000000000000..c9ba3760cce6
142 --- /dev/null
143 +++ b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-rollup.patch
144 @@ -0,0 +1,116 @@
145 +From 9a13c2bd472786472360f1a6465d8a808f6b8311 Mon Sep 17 00:00:00 2001
146 +From: Stephen L Arnold <nerdboy@g.o>
147 +Date: Thu, 2 Dec 2021 20:16:18 -0800
148 +Subject: [PATCH] ntpd/ntp_sandbox.c: seccomp rollup patch for arm, arm64,
149 + riscv, all
150 +
151 +* add renameat2, move newfstatat and faccessat, remove arch dups
152 +* rollup previous patches, remove cruft
153 +* includes riscv fixes, previous bugs:
154 + https://bugs.gentoo.org/705128
155 + https://bugs.gentoo.org/786228
156 + https://bugs.gentoo.org/823692
157 + https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1247
158 + https://gitlab.com/NTPsec/ntpsec/-/issues/713
159 +
160 +Signed-off-by: Stephen L Arnold <nerdboy@g.o>
161 +---
162 + ntpd/ntp_sandbox.c | 27 +++++++++++++++++++--------
163 + 1 file changed, 19 insertions(+), 8 deletions(-)
164 +
165 +diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
166 +index e66faaa8c..04eaa003a 100644
167 +--- a/ntpd/ntp_sandbox.c
168 ++++ b/ntpd/ntp_sandbox.c
169 +@@ -306,8 +306,8 @@ int scmp_sc[] = {
170 + #endif
171 + #endif /* ENABLE_EARLY_DROPROOT */
172 +
173 +- SCMP_SYS(accept),
174 +- SCMP_SYS(access),
175 ++ SCMP_SYS(accept),
176 ++ SCMP_SYS(access),
177 + SCMP_SYS(adjtimex),
178 + SCMP_SYS(bind),
179 + SCMP_SYS(brk),
180 +@@ -319,6 +319,9 @@ int scmp_sc[] = {
181 + SCMP_SYS(connect),
182 + SCMP_SYS(exit),
183 + SCMP_SYS(exit_group),
184 ++#ifdef __NR_faccessat
185 ++ SCMP_SYS(faccessat), /* riscv and aarch64 */
186 ++#endif
187 + SCMP_SYS(fcntl),
188 + SCMP_SYS(fstat),
189 + SCMP_SYS(fsync),
190 +@@ -349,11 +352,13 @@ int scmp_sc[] = {
191 + SCMP_SYS(lseek),
192 + SCMP_SYS(membarrier), /* Needed on Alpine 3.11.3 */
193 + SCMP_SYS(munmap),
194 ++ SCMP_SYS(newfstatat), /* riscv and aarch64 */
195 + SCMP_SYS(open),
196 + #ifdef __NR_openat
197 + SCMP_SYS(openat), /* SUSE */
198 + #endif
199 + SCMP_SYS(poll),
200 ++ SCMP_SYS(pread64),
201 + SCMP_SYS(pselect6),
202 + SCMP_SYS(read),
203 + SCMP_SYS(recvfrom), /* Comment this out for testing.
204 +@@ -362,6 +367,9 @@ int scmp_sc[] = {
205 + */
206 + SCMP_SYS(recvmsg),
207 + SCMP_SYS(rename),
208 ++#ifdef __NR_renameat2
209 ++ SCMP_SYS(renameat2), /* riscv */
210 ++#endif
211 + SCMP_SYS(rt_sigaction),
212 + SCMP_SYS(rt_sigprocmask),
213 + SCMP_SYS(rt_sigreturn),
214 +@@ -401,6 +409,7 @@ int scmp_sc[] = {
215 + * rather than generate a trap.
216 + */
217 + SCMP_SYS(clone), /* threads */
218 ++ SCMP_SYS(clone3),
219 + SCMP_SYS(kill), /* generate signal */
220 + SCMP_SYS(madvise),
221 + SCMP_SYS(mprotect),
222 +@@ -415,9 +424,9 @@ int scmp_sc[] = {
223 + SCMP_SYS(nanosleep),
224 + #endif
225 + #ifdef CLOCK_SHM
226 +- SCMP_SYS(shmget),
227 +- SCMP_SYS(shmat),
228 +- SCMP_SYS(shmdt),
229 ++ SCMP_SYS(shmget),
230 ++ SCMP_SYS(shmat),
231 ++ SCMP_SYS(shmdt),
232 + #endif
233 +
234 + SCMP_SYS(fcntl64),
235 +@@ -450,10 +459,9 @@ int scmp_sc[] = {
236 + SCMP_SYS(mmap),
237 + #endif
238 + #if defined(__aarch64__)
239 +- SCMP_SYS(faccessat),
240 +- SCMP_SYS(newfstatat),
241 +- SCMP_SYS(renameat),
242 + SCMP_SYS(linkat),
243 ++ SCMP_SYS(renameat),
244 ++ SCMP_SYS(syscall),
245 + SCMP_SYS(unlinkat),
246 + #endif
247 + #if defined(__i386__) || defined(__arm__) || defined(__powerpc__)
248 +@@ -463,6 +471,9 @@ int scmp_sc[] = {
249 + SCMP_SYS(send),
250 + SCMP_SYS(stat64),
251 + #endif
252 ++#if defined(__arm__)
253 ++ SCMP_SYS(statx),
254 ++#endif
255 + };
256 + {
257 + for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) {
258 +--
259 +2.32.0
260 +
261
262 diff --git a/net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild b/net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild
263 index 7e9d34caf33b..8835c7ccfcfb 100644
264 --- a/net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild
265 +++ b/net-misc/ntpsec/ntpsec-1.2.1-r1.ebuild
266 @@ -58,11 +58,8 @@ DEPEND="${CDEPEND}
267 "
268
269 PATCHES=(
270 - "${FILESDIR}/${PN}-1.1.8-fix-missing-scmp_sys-on-aarch64.patch"
271 "${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch"
272 - "${FILESDIR}/${PN}-1.2.0-move-newfstatat.patch"
273 - "${FILESDIR}/${PN}-1.2.0-seccomp.patch"
274 - "${FILESDIR}/${PN}-1.2.1-seccomp-glibc-2-3-4.patch"
275 + "${FILESDIR}/${PN}-1.2.1-seccomp-rollup.patch"
276 )
277
278 WAF_BINARY="${S}/waf"