From 518bb5ef6e58c8fc721cec9a86cb1a45375251d9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Thu, 23 Apr 2020 14:54:24 +0200 Subject: [PATCH] - rel 2; glibc related fixes --- allow-clock_adjtime.patch | 26 ++++++++++++++++++++++++++ chrony.spec | 14 ++++++++++++-- fix-seccomp-build.patch | 13 +++++++++++++ 3 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 allow-clock_adjtime.patch create mode 100644 fix-seccomp-build.patch diff --git a/allow-clock_adjtime.patch b/allow-clock_adjtime.patch new file mode 100644 index 0000000..2fa3bac --- /dev/null +++ b/allow-clock_adjtime.patch @@ -0,0 +1,26 @@ +From 0cf506c92967c84f9ed83ba9e1be946a7fda6425 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Mon, 2 Dec 2019 12:47:13 +0100 +Subject: sys_linux: allow clock_adjtime in seccomp filter + +The adjtimex() function in glibc was switched to the clock_adjtime +system call. + +diff --git a/sys_linux.c b/sys_linux.c +index 63eb8f1..fcf89c2 100644 +--- a/sys_linux.c ++++ b/sys_linux.c +@@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level) + { + const int syscalls[] = { + /* Clock */ +- SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday), +- SCMP_SYS(settimeofday), SCMP_SYS(time), ++ SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), ++ SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), + /* Process */ + SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), + SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), +-- +cgit v0.10.2 + diff --git a/chrony.spec b/chrony.spec index cebf1bc..b0984ea 100644 --- a/chrony.spec +++ b/chrony.spec @@ -3,7 +3,7 @@ Summary: An NTP client/server Name: chrony Version: 3.5 -Release: 1 +Release: 2 License: GPL v2 Group: Daemons Source0: http://download.tuxfamily.org/chrony/%{name}-%{version}.tar.gz @@ -13,10 +13,13 @@ Source2: %{name}.keys Source3: %{name}d.sysconfig Source4: %{name}d.init Source5: %{name}.logrotate +Patch0: allow-clock_adjtime.patch +Patch1: fix-seccomp-build.patch URL: http://chrony.tuxfamily.org/ BuildRequires: asciidoc BuildRequires: bison BuildRequires: libcap-devel +BuildRequires: libseccomp-devel BuildRequires: nettle-devel >= %{nettle_ver} BuildRequires: nss-devel BuildRequires: readline-devel @@ -50,6 +53,8 @@ in permanently connected environments. %prep %setup -q +%patch0 -p1 +%patch1 -p1 %build # NOTE: It is not autoconf generated configre @@ -57,10 +62,15 @@ CC="%{__cc}" \ CFLAGS="%{rpmcflags} -Wmissing-prototypes -Wall" \ CPPFLAGS="%{rpmcppflags}" \ ./configure \ + --enable-ntp-signd \ + --enable-scfilter \ --prefix=%{_prefix} \ --sysconfdir=%{_sysconfdir} \ --docdir=%{_docdir} \ - --without-editline \ + --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \ + --with-hwclockfile=%{_sysconfdir}/adjtime \ + --with-sendmail=%{_sbindir}/sendmail \ + --without-editline %{__make} getdate all docs \ ADOC=asciidoc diff --git a/fix-seccomp-build.patch b/fix-seccomp-build.patch new file mode 100644 index 0000000..6888e7e --- /dev/null +++ b/fix-seccomp-build.patch @@ -0,0 +1,13 @@ +diff --git a/sys_linux.c b/sys_linux.c +index 898dc7a7f75..fcd334ecf03 100644 +--- a/sys_linux.c ++++ b/sys_linux.c +@@ -503,7 +503,7 @@ SYS_Linux_EnableSystemCallFilter(int level) + SCMP_SYS(socketcall), + /* General I/O */ + SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe), +- SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read), ++ SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(pselect6), SCMP_SYS(read), + SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write), + /* Miscellaneous */ + SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname), -- 2.44.0