net-misc/ntpsec: backport fix for seccomp + early-droproot

See: https://gitlab.com/NTPsec/ntpsec/issues/460
Package-Manager: Portage-2.3.19, Repoman-2.3.6

2 files changed, 20 insertions, 0 deletions

diff --git a/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch b/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch
new file mode 100644
index 000000000000..b9716569f631
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-1.0.0-fix-seccomp.patch
@@ -0,0 +1,16 @@
+This is a backport of https://gitlab.com/NTPsec/ntpsec/commit/eef92d6217da03ad2ae41e298d110bdb05031381
+
+diff -Naur ntpsec-1.0.0.orig/ntpd/ntp_sandbox.c ntpsec-1.0.0/ntpd/ntp_sandbox.c
+--- ntpsec-1.0.0.orig/ntpd/ntp_sandbox.c	2017-10-09 23:54:39.000000000 -0400
++++ ntpsec-1.0.0/ntpd/ntp_sandbox.c	2018-02-28 07:31:28.381406881 -0500
+@@ -354,6 +354,10 @@
+ 	SCMP_SYS(write),
+         SCMP_SYS(unlink),
+ 
++#ifdef ENABLE_EARLY_DROPROOT
++	SCMP_SYS(getdents),
++#endif
++
+ #ifdef ENABLE_DNS_LOOKUP
+ /* Don't comment out this block for testing.
+  * pthread_create blocks signals so it will crash
diff --git a/net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild b/net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild
index 5ab45707dee9..890ec4f7ebf4 100644
--- a/net-misc/ntpsec/ntpsec-1.0.0-r5.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.0.0-r6.ebuild
@@ -66,6 +66,10 @@ pkg_setup() {
 
 src_prepare() {
 	default
+
+	# See https://gitlab.com/NTPsec/ntpsec/issues/460
+	eapply "${FILESDIR}"/${P}-fix-seccomp.patch
+
 	python_copy_sources
 }