Joachim F
bb771e0405
Merge pull request #24573 from ambrop72/ntpd-fix
...
ntpd: Add patch to allow getpid syscall in seccomp filter.
2017-04-06 11:06:13 +01:00
Jörg Thalheim
500818b997
ntp: 4.2.8p9 -> 4.2.8p10; fix 10 medium/4 low CVEs
...
http://nwtime.org/network-time-foundation-publishes-ntp-4-2-8-p10/
2017-04-02 23:06:43 +02:00
Ambroz Bizjak
35e0eea053
ntpd: Allow additional syscalls in seccomp filter.
...
Fixes issue #21136 .
The problem is that the seccomp system call filter configured by ntpd did not
include some system calls that were apparently needed. For example the
program hanged in getpid just after the filter was installed:
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument)
seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=41, filter=0x5620d7f0bd90}) = 0
getpid() = ?
I do not know exactly why this is a problem on NixOS only, perhaps we have getpid
caching disabled.
The fcntl and setsockopt system calls also had to be added.
2017-04-02 21:44:06 +02:00
Tuomas Tynkkynen
2d679dbe74
ntp: Don't use seccomp on non-x86
...
It only has the allowed system call numbers defined for i386 and x86_64
so it fails to build otherwise.
2016-11-26 20:38:17 +02:00
Franz Pletz
009e37d277
ntp: fix ntp-wait script, depends on perl
2016-11-21 23:25:21 +01:00
Franz Pletz
67fd21a170
ntp: use seccomp on linux
2016-11-21 23:11:05 +01:00
Franz Pletz
db66a95e5b
ntp: 4.2.8p8 -> 4.2.8p9
...
Includes fixes for 10 CVEs and contains other fixes.
See http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se .
2016-11-21 22:49:02 +01:00
Robin Gloster
5185bc1773
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-07-15 14:41:01 +00:00
Franz Pletz
bdf4c0d21f
ntp: 4.2.8p6 -> 4.2.8p8 (security)
...
Fixes CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956.
2016-07-10 10:48:11 +02:00
Franz Pletz
aff1f4ab94
Use general hardening flag toggle lists
...
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster
3b4765c9e5
Merge remote-tracking branch 'upstream/master' into hardened-stdenv
2016-02-28 16:32:57 +00:00
Franz Pletz
c691b6a858
ntp: 4.2.8p4 -> 4.2.8p6 (multiple CVEs)
...
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
2016-02-27 16:34:02 +01:00
Robin Gloster
631c09bbe5
checksec: clean up
2016-02-26 17:26:03 +00:00
Tobias Geerinckx-Rice
32d40f0f98
Remove no longer (or never) referenced patches
...
55 files changed, 6041 deletions. Tested with `nix-build -A tarball`.
2016-01-24 02:02:21 +01:00
koral
f510253de3
ntp: 4.2.8p3 -> 4.2.8p4
2015-11-08 13:44:11 +00:00
Mathnerd314
43b388fbd6
ntp: 4.2.8p2 -> 4.2.8p3
2015-09-05 18:35:45 -06:00
William A. Kennington III
bcbda5d95b
ntp: Refactor and add signing support
2015-04-25 21:27:53 -07:00
William A. Kennington III
458c8381e0
ntp: 4.2.8 -> 4.2.8p2
2015-04-08 14:07:26 -07:00
Eelco Dolstra
782440310d
ntp: Don't depend on openssl, don't install docs
2014-12-28 19:38:45 +01:00
Vladimír Čunát
0fbc5ddadb
ntp: security update, and use libcrypto
...
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
The package would no longer build without libcrypto,
and it wouldn't find it without pkgconfig.
I checked that Debian and Arch do use openssl as a dependency,
so it's probably not so bad a thing to have.
CC maintainer @edolstra .
2014-12-25 12:30:53 +01:00
Eelco Dolstra
d451d12128
ntp: Update to 4.2.6p5
2014-02-03 23:44:11 +01:00
Lluís Batlle i Rossell
74ef91cfae
Updating ntp
...
svn path=/nixpkgs/trunk/; revision=30290
2011-11-07 15:07:19 +00:00
Eelco Dolstra
4e94575014
* NTP updated to 4.2.6p2.
...
svn path=/nixpkgs/trunk/; revision=24118
2010-10-06 16:02:44 +00:00
Lluís Batlle i Rossell
5cbd244265
Updating ntp.
...
svn path=/nixpkgs/trunk/; revision=18916
2009-12-12 19:48:12 +00:00
Eelco Dolstra
6556756115
* ntp 4.2.4p7.
...
svn path=/nixpkgs/trunk/; revision=15828
2009-06-02 19:35:26 +00:00
Eelco Dolstra
5a594ea219
* Updated ntp.
...
svn path=/nixpkgs/trunk/; revision=14798
2009-03-31 09:26:20 +00:00
Eelco Dolstra
0548c19dbe
* NTP 4.2.4p5 (and the old url was broken).
...
svn path=/nixpkgs/trunk/; revision=12883
2008-09-18 21:15:14 +00:00
Eelco Dolstra
e55c2246ff
* ntp 4.2.4p4.
...
svn path=/nixpkgs/trunk/; revision=10217
2008-01-18 13:20:04 +00:00
Eelco Dolstra
8f4d8573c0
* Fix a bunch of URLs.
...
svn path=/nixpkgs/trunk/; revision=9292
2007-09-11 10:15:07 +00:00
Armijn Hemel
403d766a59
new version
...
svn path=/nixpkgs/trunk/; revision=7528
2007-01-01 18:49:23 +00:00
Armijn Hemel
6b8b7566fb
location moved
...
svn path=/nixpkgs/trunk/; revision=7527
2007-01-01 16:16:54 +00:00
Eelco Dolstra
d96ee92a8c
* Purity.
...
svn path=/nixpkgs/trunk/; revision=7465
2006-12-22 22:16:06 +00:00
Eelco Dolstra
33db7f3dd3
* Build ntpd with capabilities support.
...
svn path=/nixpkgs/trunk/; revision=7462
2006-12-22 19:22:57 +00:00
Eelco Dolstra
000b1f4cd6
* NTP daemon.
...
svn path=/nixpkgs/trunk/; revision=7459
2006-12-21 22:23:17 +00:00