[packages/chrony] - rel 2; glibc related fixes
arekm
arekm at pld-linux.org
Thu Apr 23 14:54:31 CEST 2020
commit 518bb5ef6e58c8fc721cec9a86cb1a45375251d9
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Apr 23 14:54:24 2020 +0200
- rel 2; glibc related fixes
allow-clock_adjtime.patch | 26 ++++++++++++++++++++++++++
chrony.spec | 14 ++++++++++++--
fix-seccomp-build.patch | 13 +++++++++++++
3 files changed, 51 insertions(+), 2 deletions(-)
---
diff --git a/chrony.spec b/chrony.spec
index cebf1bc..b0984ea 100644
--- a/chrony.spec
+++ b/chrony.spec
@@ -3,7 +3,7 @@
Summary: An NTP client/server
Name: chrony
Version: 3.5
-Release: 1
+Release: 2
License: GPL v2
Group: Daemons
Source0: http://download.tuxfamily.org/chrony/%{name}-%{version}.tar.gz
@@ -13,10 +13,13 @@ Source2: %{name}.keys
Source3: %{name}d.sysconfig
Source4: %{name}d.init
Source5: %{name}.logrotate
+Patch0: allow-clock_adjtime.patch
+Patch1: fix-seccomp-build.patch
URL: http://chrony.tuxfamily.org/
BuildRequires: asciidoc
BuildRequires: bison
BuildRequires: libcap-devel
+BuildRequires: libseccomp-devel
BuildRequires: nettle-devel >= %{nettle_ver}
BuildRequires: nss-devel
BuildRequires: readline-devel
@@ -50,6 +53,8 @@ in permanently connected environments.
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
%build
# NOTE: It is not autoconf generated configre
@@ -57,10 +62,15 @@ CC="%{__cc}" \
CFLAGS="%{rpmcflags} -Wmissing-prototypes -Wall" \
CPPFLAGS="%{rpmcppflags}" \
./configure \
+ --enable-ntp-signd \
+ --enable-scfilter \
--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir} \
--docdir=%{_docdir} \
- --without-editline \
+ --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \
+ --with-hwclockfile=%{_sysconfdir}/adjtime \
+ --with-sendmail=%{_sbindir}/sendmail \
+ --without-editline
%{__make} getdate all docs \
ADOC=asciidoc
diff --git a/allow-clock_adjtime.patch b/allow-clock_adjtime.patch
new file mode 100644
index 0000000..2fa3bac
--- /dev/null
+++ b/allow-clock_adjtime.patch
@@ -0,0 +1,26 @@
+From 0cf506c92967c84f9ed83ba9e1be946a7fda6425 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar at redhat.com>
+Date: Mon, 2 Dec 2019 12:47:13 +0100
+Subject: sys_linux: allow clock_adjtime in seccomp filter
+
+The adjtimex() function in glibc was switched to the clock_adjtime
+system call.
+
+diff --git a/sys_linux.c b/sys_linux.c
+index 63eb8f1..fcf89c2 100644
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level)
+ {
+ const int syscalls[] = {
+ /* Clock */
+- SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday),
+- SCMP_SYS(settimeofday), SCMP_SYS(time),
++ SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime),
++ SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time),
+ /* Process */
+ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid),
+ SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn),
+--
+cgit v0.10.2
+
diff --git a/fix-seccomp-build.patch b/fix-seccomp-build.patch
new file mode 100644
index 0000000..6888e7e
--- /dev/null
+++ b/fix-seccomp-build.patch
@@ -0,0 +1,13 @@
+diff --git a/sys_linux.c b/sys_linux.c
+index 898dc7a7f75..fcd334ecf03 100644
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -503,7 +503,7 @@ SYS_Linux_EnableSystemCallFilter(int level)
+ SCMP_SYS(socketcall),
+ /* General I/O */
+ SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe),
+- SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read),
++ SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(pselect6), SCMP_SYS(read),
+ SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write),
+ /* Miscellaneous */
+ SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname),
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/chrony.git/commitdiff/518bb5ef6e58c8fc721cec9a86cb1a45375251d9
More information about the pld-cvs-commit
mailing list