Created build for tlsdate as alternative to NTPD

patches/tlsdate-void/libressl-no-sslv3.patch

@@ -0,0 +1,57 @@
+--- src/tlsdate.c.orig	2016-03-30 23:41:39.121031885 +0200
++++ src/tlsdate.c	2016-03-30 23:41:49.442032351 +0200
+@@ -88,7 +88,7 @@
+            " [-n|--dont-set-clock]\n"
+            " [-H|--host] [hostname|ip]\n"
+            " [-p|--port] [port number]\n"
+-           " [-P|--protocol] [sslv23|sslv3|tlsv1]\n"
++           " [-P|--protocol] [sslv23|tlsv1]\n"
+            " [-C|--certcontainer] [dirname|filename]\n"
+            " [-v|--verbose]\n"
+            " [-V|--showtime] [human|raw]\n"
+--- man/tlsdate.1.orig	2016-03-30 23:42:18.100033647 +0200
++++ man/tlsdate.1	2016-03-30 23:42:35.659034441 +0200
+@@ -5,7 +5,7 @@
+ .SH NAME
+ tlsdate \- secure parasitic rdate replacement
+ .SH SYNOPSIS
+-.B tlsdate [\-hnvVstlw] [\-H [hostname]] [\-p [port]] [\-P [sslv23|sslv3|tlsv1]] \
++.B tlsdate [\-hnvVstlw] [\-H [hostname]] [\-p [port]] [\-P [sslv23|tlsv1]] \
+ [\-\-certdir [dirname]] [\-x [\-\-proxy] proxy\-type://proxyhost:proxyport]
+ .SH DESCRIPTION
+ .B tlsdate
+@@ -30,7 +30,7 @@
+ Do not set the system clock to the time of the remote server
+ .IP "\-p | \-\-port [port]"
+ Set remote port (default: '443')
+-.IP "\-P | \-\-protocol [sslv23|sslv3|tlsv1]"
++.IP "\-P | \-\-protocol [sslv23|tlsv1]"
+ Set protocol to use when communicating with server (default: 'tlsv1')
+ .IP "\-C | \-\-certdir [dirname]"
+ Set the local directory where certificates are located
+--- src/tlsdate-helper-plan9.c.orig	2016-03-30 23:43:12.577036110 +0200
++++ src/tlsdate-helper-plan9.c	2016-03-30 23:43:32.403037006 +0200
+@@ -978,10 +978,6 @@
+   {
+     verb ("V: using SSLv23_client_method()\n");
+     ctx = SSL_CTX_new(SSLv23_client_method());
+-  } else if (0 == strcmp("sslv3", protocol))
+-  {
+-    verb ("V: using SSLv3_client_method()\n");
+-    ctx = SSL_CTX_new(SSLv3_client_method());
+   } else if (0 == strcmp("tlsv1", protocol))
+   {
+     verb ("V: using TLSv1_client_method()\n");
+--- src/tlsdate-helper.c.orig	2016-03-30 23:33:02.056008510 +0200
++++ src/tlsdate-helper.c	2016-03-30 23:34:46.400013227 +0200
+@@ -1133,10 +1133,6 @@
+   {
+     verb ("V: using SSLv23_client_method()");
+     ctx = SSL_CTX_new(SSLv23_client_method());
+-  } else if (0 == strcmp("sslv3", protocol))
+-  {
+-    verb ("V: using SSLv3_client_method()");
+-    ctx = SSL_CTX_new(SSLv3_client_method());
+   } else if (0 == strcmp("tlsv1", protocol))
+   {
+     verb ("V: using TLSv1_client_method()");

patches/tlsdate-void/libressl-sslstate.patch

@@ -0,0 +1,11 @@
+--- src/tlsdate-helper.c.orig
++++ src/tlsdate-helper.c
+@@ -374,7 +374,7 @@
+ openssl_time_callback (const SSL* ssl, int where, int ret)
+ {
+   if (where == SSL_CB_CONNECT_LOOP &&
+-      (ssl->state == SSL3_ST_CR_SRVR_HELLO_A || ssl->state == SSL3_ST_CR_SRVR_HELLO_B))
++      (SSL_state(ssl) == SSL3_ST_CR_SRVR_HELLO_A || SSL_state(ssl) == SSL3_ST_CR_SRVR_HELLO_B))
+   {
+     // XXX TODO: If we want to trust the remote system for time,
+     // can we just read that time out of the remote system and if the

patches/tlsdate-void/sandbox.patch

@@ -0,0 +1,27 @@
+--- src/seccomp.c.orig	2018-12-20 16:56:30.070932156 +0100
++++ src/seccomp.c	2018-12-20 16:57:19.849670660 +0100
+@@ -43,6 +43,14 @@
+ #  define SECCOMP_AUDIT_ARCH AUDIT_ARCH_I386
+ #elif defined(__x86_64__)
+ #  define SECCOMP_AUDIT_ARCH AUDIT_ARCH_X86_64
++#elif defined(__aarch64__)
++#  define SECCOMP_AUDIT_ARCH AUDIT_ARCH_AARCH64
++#elif defined(__powerpc64__) && defined(__LITTLE_ENDIAN__)
++#  define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64LE
++#elif defined(__powerpc64__)
++#  define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC64
++#elif defined(__powerpc__)
++#  define SECCOMP_AUDIT_ARCH AUDIT_ARCH_PPC
+ #elif defined(__arm__)
+ # ifndef EM_ARM
+ #   define EM_ARM 40
+@@ -87,7 +89,9 @@
+     SC_ALLOW (exit_group),
+     SC_ALLOW (exit),
+ 
++#ifdef __NR_open
+     SC_DENY (open, EINVAL),
++#endif
+     SC_DENY (fcntl, EINVAL),
+     SC_DENY (fstat, EINVAL),
+ #ifdef __NR_mmap