Commit Graph

38 Commits

Author SHA1 Message Date
Richard Marko
91575dd285 pps-tools: init at 1.0.2, enable for chrony, gpsd, ntp (#42889) 2018-07-04 11:28:07 +00:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
Michael Bishop
f115afa5d5 ntp: fix a missed syscall in seccomp
ntpd uses openat to adjust the drift file, which it only does after a few hours of uptime
2018-06-11 07:40:26 -03:00
R. RyanTM
81a0a3b39c ntp: 4.2.8p10 -> 4.2.8p11 (#40661)
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/ntp/versions.

These checks were done:

- built on NixOS
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/calc_tickadj passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntp-wait passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntptrace passed the binary check.
- Warning: no invocation of /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/update-leap had a zero exit code or showed the expected version
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/sntp passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntpd passed the binary check.
- Warning: no invocation of /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntpdate had a zero exit code or showed the expected version
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntpdc passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntpq passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntp-keygen passed the binary check.
- Warning: no invocation of /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntptime had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/tickadj had a zero exit code or showed the expected version
- 8 of 12 passed binary check by having a zero exit code.
- 0 of 12 passed binary check by having the new version present in output.
- found 4.2.8p11 with grep in /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11
- directory tree listing: https://gist.github.com/643849ae077bac0514537c8aa923dd6d
- du listing: https://gist.github.com/1b2abf7cee80b022945ff72be1eb7070
2018-05-18 01:08:47 +02:00
Joachim F
bb771e0405 Merge pull request #24573 from ambrop72/ntpd-fix
ntpd: Add patch to allow getpid syscall in seccomp filter.
2017-04-06 11:06:13 +01:00
Jörg Thalheim
500818b997
ntp: 4.2.8p9 -> 4.2.8p10; fix 10 medium/4 low CVEs
http://nwtime.org/network-time-foundation-publishes-ntp-4-2-8-p10/
2017-04-02 23:06:43 +02:00
Ambroz Bizjak
35e0eea053 ntpd: Allow additional syscalls in seccomp filter.
Fixes issue #21136.

The problem is that the seccomp system call filter configured by ntpd did not
include some system calls that were apparently needed. For example the
program hanged in getpid just after the filter was installed:

prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)  = 0
seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument)
seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=41, filter=0x5620d7f0bd90}) = 0
getpid()                                = ?

I do not know exactly why this is a problem on NixOS only, perhaps we have getpid
caching disabled.

The fcntl and setsockopt system calls also had to be added.
2017-04-02 21:44:06 +02:00
Tuomas Tynkkynen
2d679dbe74 ntp: Don't use seccomp on non-x86
It only has the allowed system call numbers defined for i386 and x86_64
so it fails to build otherwise.
2016-11-26 20:38:17 +02:00
Franz Pletz
009e37d277
ntp: fix ntp-wait script, depends on perl 2016-11-21 23:25:21 +01:00
Franz Pletz
67fd21a170
ntp: use seccomp on linux 2016-11-21 23:11:05 +01:00
Franz Pletz
db66a95e5b
ntp: 4.2.8p8 -> 4.2.8p9
Includes fixes for 10 CVEs and contains other fixes.

See http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se.
2016-11-21 22:49:02 +01:00
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Franz Pletz
bdf4c0d21f ntp: 4.2.8p6 -> 4.2.8p8 (security)
Fixes CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956.
2016-07-10 10:48:11 +02:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster
3b4765c9e5 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-28 16:32:57 +00:00
Franz Pletz
c691b6a858 ntp: 4.2.8p4 -> 4.2.8p6 (multiple CVEs)
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
2016-02-27 16:34:02 +01:00
Robin Gloster
631c09bbe5 checksec: clean up 2016-02-26 17:26:03 +00:00
Tobias Geerinckx-Rice
32d40f0f98 Remove no longer (or never) referenced patches
55 files changed, 6041 deletions. Tested with `nix-build -A tarball`.
2016-01-24 02:02:21 +01:00
koral
f510253de3 ntp: 4.2.8p3 -> 4.2.8p4 2015-11-08 13:44:11 +00:00
Mathnerd314
43b388fbd6 ntp: 4.2.8p2 -> 4.2.8p3 2015-09-05 18:35:45 -06:00
William A. Kennington III
bcbda5d95b ntp: Refactor and add signing support 2015-04-25 21:27:53 -07:00
William A. Kennington III
458c8381e0 ntp: 4.2.8 -> 4.2.8p2 2015-04-08 14:07:26 -07:00
Eelco Dolstra
782440310d ntp: Don't depend on openssl, don't install docs 2014-12-28 19:38:45 +01:00
Vladimír Čunát
0fbc5ddadb ntp: security update, and use libcrypto
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

The package would no longer build without libcrypto,
and it wouldn't find it without pkgconfig.
I checked that Debian and Arch do use openssl as a dependency,
so it's probably not so bad a thing to have.

CC maintainer @edolstra.
2014-12-25 12:30:53 +01:00
Eelco Dolstra
d451d12128 ntp: Update to 4.2.6p5 2014-02-03 23:44:11 +01:00
Lluís Batlle i Rossell
74ef91cfae Updating ntp
svn path=/nixpkgs/trunk/; revision=30290
2011-11-07 15:07:19 +00:00
Eelco Dolstra
4e94575014 * NTP updated to 4.2.6p2.
svn path=/nixpkgs/trunk/; revision=24118
2010-10-06 16:02:44 +00:00
Lluís Batlle i Rossell
5cbd244265 Updating ntp.
svn path=/nixpkgs/trunk/; revision=18916
2009-12-12 19:48:12 +00:00
Eelco Dolstra
6556756115 * ntp 4.2.4p7.
svn path=/nixpkgs/trunk/; revision=15828
2009-06-02 19:35:26 +00:00
Eelco Dolstra
5a594ea219 * Updated ntp.
svn path=/nixpkgs/trunk/; revision=14798
2009-03-31 09:26:20 +00:00
Eelco Dolstra
0548c19dbe * NTP 4.2.4p5 (and the old url was broken).
svn path=/nixpkgs/trunk/; revision=12883
2008-09-18 21:15:14 +00:00
Eelco Dolstra
e55c2246ff * ntp 4.2.4p4.
svn path=/nixpkgs/trunk/; revision=10217
2008-01-18 13:20:04 +00:00
Eelco Dolstra
8f4d8573c0 * Fix a bunch of URLs.
svn path=/nixpkgs/trunk/; revision=9292
2007-09-11 10:15:07 +00:00
Armijn Hemel
403d766a59 new version
svn path=/nixpkgs/trunk/; revision=7528
2007-01-01 18:49:23 +00:00
Armijn Hemel
6b8b7566fb location moved
svn path=/nixpkgs/trunk/; revision=7527
2007-01-01 16:16:54 +00:00
Eelco Dolstra
d96ee92a8c * Purity.
svn path=/nixpkgs/trunk/; revision=7465
2006-12-22 22:16:06 +00:00
Eelco Dolstra
33db7f3dd3 * Build ntpd with capabilities support.
svn path=/nixpkgs/trunk/; revision=7462
2006-12-22 19:22:57 +00:00
Eelco Dolstra
000b1f4cd6 * NTP daemon.
svn path=/nixpkgs/trunk/; revision=7459
2006-12-21 22:23:17 +00:00