3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

31 commits

Author SHA1 Message Date
Ambroz Bizjak 35e0eea053 ntpd: Allow additional syscalls in seccomp filter.
Fixes issue #21136.

The problem is that the seccomp system call filter configured by ntpd did not
include some system calls that were apparently needed. For example the
program hanged in getpid just after the filter was installed:

prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)  = 0
seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument)
seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=41, filter=0x5620d7f0bd90}) = 0
getpid()                                = ?

I do not know exactly why this is a problem on NixOS only, perhaps we have getpid
caching disabled.

The fcntl and setsockopt system calls also had to be added.
2017-04-02 21:44:06 +02:00
Tuomas Tynkkynen 2d679dbe74 ntp: Don't use seccomp on non-x86
It only has the allowed system call numbers defined for i386 and x86_64
so it fails to build otherwise.
2016-11-26 20:38:17 +02:00
Franz Pletz 009e37d277
ntp: fix ntp-wait script, depends on perl 2016-11-21 23:25:21 +01:00
Franz Pletz 67fd21a170
ntp: use seccomp on linux 2016-11-21 23:11:05 +01:00
Franz Pletz db66a95e5b
ntp: 4.2.8p8 -> 4.2.8p9
Includes fixes for 10 CVEs and contains other fixes.

See http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se.
2016-11-21 22:49:02 +01:00
Robin Gloster 5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Franz Pletz bdf4c0d21f ntp: 4.2.8p6 -> 4.2.8p8 (security)
Fixes CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956.
2016-07-10 10:48:11 +02:00
Franz Pletz aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster 3b4765c9e5 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-28 16:32:57 +00:00
Franz Pletz c691b6a858 ntp: 4.2.8p4 -> 4.2.8p6 (multiple CVEs)
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
2016-02-27 16:34:02 +01:00
Robin Gloster 631c09bbe5 checksec: clean up 2016-02-26 17:26:03 +00:00
koral f510253de3 ntp: 4.2.8p3 -> 4.2.8p4 2015-11-08 13:44:11 +00:00
Mathnerd314 43b388fbd6 ntp: 4.2.8p2 -> 4.2.8p3 2015-09-05 18:35:45 -06:00
William A. Kennington III bcbda5d95b ntp: Refactor and add signing support 2015-04-25 21:27:53 -07:00
William A. Kennington III 458c8381e0 ntp: 4.2.8 -> 4.2.8p2 2015-04-08 14:07:26 -07:00
Eelco Dolstra 782440310d ntp: Don't depend on openssl, don't install docs 2014-12-28 19:38:45 +01:00
Vladimír Čunát 0fbc5ddadb ntp: security update, and use libcrypto
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

The package would no longer build without libcrypto,
and it wouldn't find it without pkgconfig.
I checked that Debian and Arch do use openssl as a dependency,
so it's probably not so bad a thing to have.

CC maintainer @edolstra.
2014-12-25 12:30:53 +01:00
Eelco Dolstra d451d12128 ntp: Update to 4.2.6p5 2014-02-03 23:44:11 +01:00
Lluís Batlle i Rossell 74ef91cfae Updating ntp
svn path=/nixpkgs/trunk/; revision=30290
2011-11-07 15:07:19 +00:00
Eelco Dolstra 4e94575014 * NTP updated to 4.2.6p2.
svn path=/nixpkgs/trunk/; revision=24118
2010-10-06 16:02:44 +00:00
Lluís Batlle i Rossell 5cbd244265 Updating ntp.
svn path=/nixpkgs/trunk/; revision=18916
2009-12-12 19:48:12 +00:00
Eelco Dolstra 6556756115 * ntp 4.2.4p7.
svn path=/nixpkgs/trunk/; revision=15828
2009-06-02 19:35:26 +00:00
Eelco Dolstra 5a594ea219 * Updated ntp.
svn path=/nixpkgs/trunk/; revision=14798
2009-03-31 09:26:20 +00:00
Eelco Dolstra 0548c19dbe * NTP 4.2.4p5 (and the old url was broken).
svn path=/nixpkgs/trunk/; revision=12883
2008-09-18 21:15:14 +00:00
Eelco Dolstra e55c2246ff * ntp 4.2.4p4.
svn path=/nixpkgs/trunk/; revision=10217
2008-01-18 13:20:04 +00:00
Eelco Dolstra 8f4d8573c0 * Fix a bunch of URLs.
svn path=/nixpkgs/trunk/; revision=9292
2007-09-11 10:15:07 +00:00
Armijn Hemel 403d766a59 new version
svn path=/nixpkgs/trunk/; revision=7528
2007-01-01 18:49:23 +00:00
Armijn Hemel 6b8b7566fb location moved
svn path=/nixpkgs/trunk/; revision=7527
2007-01-01 16:16:54 +00:00
Eelco Dolstra d96ee92a8c * Purity.
svn path=/nixpkgs/trunk/; revision=7465
2006-12-22 22:16:06 +00:00
Eelco Dolstra 33db7f3dd3 * Build ntpd with capabilities support.
svn path=/nixpkgs/trunk/; revision=7462
2006-12-22 19:22:57 +00:00
Eelco Dolstra 000b1f4cd6 * NTP daemon.
svn path=/nixpkgs/trunk/; revision=7459
2006-12-21 22:23:17 +00:00