[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/, net-misc/ntpsec/files/

[Steve Arnold]

commit:     7c1e475b98330cf1f061309369e832500a123388
Author:     Stephen Arnold <nerdboy <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 13 02:48:45 2020 +0000
Commit:     Steve Arnold <nerdboy <AT> gentoo <DOT> org>
CommitDate: Fri Mar 13 02:48:45 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7c1e475b

net-misc/ntpsec: add upstream seccomp fix and update systemd file

* closes bugs #705348 and #705128

Package-Manager: Portage-2.3.67, Repoman-2.3.17
Signed-off-by: Steve Arnold <nerdboy <AT> gentoo.org>

 net-misc/ntpsec/files/ntpd-r1.service                    |  5 ++---
 .../ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch   | 16 ++++++++++++++++
 net-misc/ntpsec/ntpsec-1.1.8.ebuild                      |  3 ++-
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/net-misc/ntpsec/files/ntpd-r1.service 
b/net-misc/ntpsec/files/ntpd-r1.service
index 5da473805aa..8bc16f9f634 100644
--- a/net-misc/ntpsec/files/ntpd-r1.service
+++ b/net-misc/ntpsec/files/ntpd-r1.service
@@ -4,10 +4,9 @@ After=network.target nss-lookup.target
 Conflicts=systemd-timesyncd.service
 
 [Service]
-Type=forking
+Type=simple
 PrivateTmp=true
-EnvironmentFile=-/etc/conf.d/ntp
-ExecStart=/usr/sbin/ntpd ${NTPD_OPTS}
+ExecStart=/usr/sbin/ntpd --configfile=/etc/ntp.conf --panicgate --user=ntp:ntp 
--nofork
 # Specifying -g on the command line allows ntpd to make large adjustments to
 # the clock on boot.  However, if Restart=yes is set, a malicious (or broken)
 # server could send the incorrect time, trip the panic threshold, and when

diff --git 
a/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch 
b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
new file mode 100644
index 00000000000..ee75d103d2e
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch
@@ -0,0 +1,16 @@
+diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
+index 
4e5ceaa36c1a7b452445023e201ddb6211625c52..78ac7aea263ed3d3394b2d32e79a6836f0387434
 100644
+--- a/ntpd/ntp_sandbox.c
++++ b/ntpd/ntp_sandbox.c
+@@ -428,6 +428,11 @@ int scmp_sc[] = {
+       /* gentoo 64-bit and 32-bit, Intel and Arm use mmap */
+       SCMP_SYS(mmap),
+ #endif
++#if defined(__aarch64__)
++      SCMP_SYS(faccessat),
++      SCMP_SYS(newfstatat),
++      SCMP_SYS(renameat),
++#endif
+ #if defined(__i386__) || defined(__arm__) || defined(__powerpc__)
+       SCMP_SYS(_newselect),
+       SCMP_SYS(_llseek),

diff --git a/net-misc/ntpsec/ntpsec-1.1.8.ebuild 
b/net-misc/ntpsec/ntpsec-1.1.8.ebuild
index 128e2a23826..d0003067a4f 100644
--- a/net-misc/ntpsec/ntpsec-1.1.8.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.1.8.ebuild
@@ -62,7 +62,8 @@ DEPEND="${CDEPEND}
 
 WAF_BINARY="${S}/waf"
 
-PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch" 
)
+PATCHES=( "${FILESDIR}/${P}-externalize-sys_maxclock-fix-for-bug-708522.patch"
+       "${FILESDIR}/${P}-fix-missing-scmp_sys-on-aarch64.patch" )
 
 src_prepare() {
        default