03be1adb bumped libseccomp to 2.4.2, which has this note in the
changelog:
"Stop defining __NR_x values for syscalls that don't exist,
libseccomp now uses __SNR_x internally"
This change means that invalid syscalls for Linux that aren't defined in
glibc will no longer work. In this unlucky case, 'chrony' was trying to
reference the syscall number for 'ppoll', which doesn't exist. Fixing
this is easy with a simple patch.
This also includes another patch from upstream, which allows
clock_adjtime in the seccomp filter list. This is a robustness measure
for future glibc versions that use clock_adjutime inside adjtimex().
Signed-off-by: Austin Seipp <aseipp@pobox.com>
There ver very many conflicts, basically all due to
name -> pname+version. Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job. There might be some fallback to these
conflicts, but I believe it should be minimal.
Hydra nixpkgs: ?compare=1538299
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/chrony/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3/bin/chronyc --help’ got 0 exit code
- ran ‘/nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3/bin/chronyc help’ got 0 exit code
- ran ‘/nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3/bin/chronyd -h’ got 0 exit code
- ran ‘/nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3/bin/chronyd --help’ got 0 exit code
- found 3.3 with grep in /nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3
- directory tree listing: https://gist.github.com/60dede830d6efc2bf29be2b4983e4c97
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow