From: "Lars Wendler" <polynomial-c@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/ntp/files/, net-misc/ntp/
Date: Fri, 20 Oct 2017 09:05:24 +0000 (UTC) [thread overview]
Message-ID: <1508490320.6d5d02e1341ffa76de4b26a6963d99699afba0c6.polynomial-c@gentoo> (raw)
commit: 6d5d02e1341ffa76de4b26a6963d99699afba0c6
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 20 09:05:20 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Oct 20 09:05:20 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d5d02e1
net-misc/ntp: Security cleanup (bug #613550).
Package-Manager: Portage-2.3.12, Repoman-2.3.3
net-misc/ntp/Manifest | 2 -
...ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch | 236 ---------------------
net-misc/ntp/ntp-4.2.8_p9.ebuild | 136 ------------
3 files changed, 374 deletions(-)
diff --git a/net-misc/ntp/Manifest b/net-misc/ntp/Manifest
index 00a743f21e4..f77d8f8a95f 100644
--- a/net-misc/ntp/Manifest
+++ b/net-misc/ntp/Manifest
@@ -1,4 +1,2 @@
DIST ntp-4.2.8p10-manpages.tar.xz 25004 SHA256 7d968a7e68e0ce26c56635e452468b3583e2cb8bfcf558127c753c62e31d7007 SHA512 5b31a1429484ad30a35c8fa38157190a66b0983b5bf1a802c0817613901b5e0644941a3f4d5b660fcfe4ca04968766a5981331a6f9353316e7de953e55c33a09 WHIRLPOOL 6f5d593be7003fa9212364c0409f7e1ae7adcd6d1134c6db5bfb92fbbeb181495c3d484ff73bdfe55f231bb323e286ef4e1eb2ba588fcf3acd360ac8bf53b259
DIST ntp-4.2.8p10.tar.gz 6998648 SHA256 ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f SHA512 67e01ab533c3dfabb0bdd3ced848bdd239980bde28fdb2791d167b7e9690ab3b3759e1bd99e9fddcce03ddef4cd63a47eb85941bb127ceb79b7ecff22cce9c05 WHIRLPOOL 7a72762d349591808c0f3d4686bbb2fbf60a0915769e77140414795892d6929feb0aae30cf2f2ea1febd3c4fecb9d3d62401e1f66033bb2dc57e3245f41708c8
-DIST ntp-4.2.8p9-manpages.tar.xz 24988 SHA256 a7814373e7ceb73a9e426b2e60a9966b6d053f145fd0253bbccf407af9f7ad3f SHA512 23ba80c540d12e78012a448348b94ccb68d0a8078e2e6fe05be58d89aa5e6e31ee8d686920c0f841ad12eade84a081e393885760fdf81bad5c30c76006df0094 WHIRLPOOL 49259ef4bade074bbcb5d87dd21bd93538a3a17405a42e483d10168fd609f908b59c86c73b01d2db2e683ff43fa0fdc0cdf297bfcc452d223dcb78bcef3f46c3
-DIST ntp-4.2.8p9.tar.gz 7231884 SHA256 b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72 SHA512 ffd9e34060210d1cfb8ca0d89f2577df1c5fbe3ba63c620cdadc3ccc3c9d07f518783c6b91e57bffc77b08f449fdbab12faf226672ebd2dde5a0b4a783322a04 WHIRLPOOL ea96b106fd06f2b536394ad2a3dcc2a973aa0cec96140a292bc13b6ceb4159208a59b9c51936240c8a44fa7b2caa4be60d07d3c53066ce8588b0561bef64c070
diff --git a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch b/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch
deleted file mode 100644
index 5166e5f9a1d..00000000000
--- a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch
+++ /dev/null
@@ -1,236 +0,0 @@
-Fix building with libressl or without SSL.
-
-Origin: http://bugs.ntp.org/attachment.cgi?id=1481
-
-LibreSSL fix from Joe Kappus (https://bugs.gentoo.org/show_bug.cgi?id=600668#c2)
-
-diff -Nru a/include/ntp_md5.h b/include/ntp_md5.h
---- a/include/ntp_md5.h 2016-11-23 08:35:18.248130387 +0100
-+++ b/include/ntp_md5.h 2016-11-23 08:35:18.248130387 +0100
-@@ -8,6 +8,7 @@
-
- #ifdef OPENSSL
- # include "openssl/evp.h"
-+# include "libssl_compat.h"
- #else /* !OPENSSL follows */
- /*
- * Provide OpenSSL-alike MD5 API if we're not using OpenSSL
-@@ -23,6 +24,9 @@
- # endif
-
- typedef MD5_CTX EVP_MD_CTX;
-+
-+# define EVP_MD_CTX_free(c) free(c)
-+# define EVP_MD_CTX_new() calloc(1, sizeof(MD5_CTX))
- # define EVP_get_digestbynid(t) NULL
- # define EVP_md5() NULL
- # define EVP_MD_CTX_init(c)
-diff -Nru a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c
---- a/libntp/a_md5encrypt.c 2016-11-23 08:35:18.248130387 +0100
-+++ b/libntp/a_md5encrypt.c 2016-11-23 08:35:18.248130387 +0100
-@@ -11,7 +11,6 @@
- #include "ntp.h"
- #include "ntp_md5.h" /* provides OpenSSL digest API */
- #include "isc/string.h"
--#include "libssl_compat.h"
- /*
- * MD5authencrypt - generate message digest
- *
-diff -Nru a/libntp/libssl_compat.c b/libntp/libssl_compat.c
---- a/libntp/libssl_compat.c 2016-11-23 08:35:18.248130387 +0100
-+++ b/libntp/libssl_compat.c 2016-11-23 08:35:18.248130387 +0100
-@@ -15,15 +15,18 @@
- * ---------------------------------------------------------------------
- */
- #include "config.h"
--
--#include <string.h>
--#include <openssl/bn.h>
--#include <openssl/evp.h>
--
- #include "ntp_types.h"
-
- /* ----------------------------------------------------------------- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#ifdef OPENSSL
-+# include <string.h>
-+# include <openssl/bn.h>
-+# include <openssl/evp.h>
-+#endif
-+/* ----------------------------------------------------------------- */
-+
-+/* ----------------------------------------------------------------- */
-+#if defined(OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER)
- /* ----------------------------------------------------------------- */
-
- #include "libssl_compat.h"
-@@ -325,7 +328,7 @@
- }
-
- /* ----------------------------------------------------------------- */
--#else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */
-+#else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
- /* ----------------------------------------------------------------- */
-
- NONEMPTY_TRANSLATION_UNIT
-diff -Nru a/ntpd/ntp_control.c b/ntpd/ntp_control.c
---- a/ntpd/ntp_control.c 2016-11-23 08:35:18.256130015 +0100
-+++ b/ntpd/ntp_control.c 2016-11-23 08:35:18.260129828 +0100
-@@ -33,8 +33,6 @@
- # include "ntp_syscall.h"
- #endif
-
--#include "libssl_compat.h"
--
- /*
- * Structure to hold request procedure information
- */
-@@ -1653,8 +1651,10 @@
- }
-
- /*
-- * ctl_putcal - write a decoded calendar data into the response
-+ * ctl_putcal - write a decoded calendar data into the response.
-+ * only used with AUTOKEY currently, so compiled conditional
- */
-+#ifdef AUTOKEY
- static void
- ctl_putcal(
- const char *tag,
-@@ -1678,6 +1678,7 @@
-
- return;
- }
-+#endif
-
- /*
- * ctl_putfs - write a decoded filestamp into the response
-@@ -1838,7 +1839,7 @@
- char * oplim;
- char * iptr;
- char * iplim;
-- char * past_eq;
-+ char * past_eq = NULL;
-
- optr = output;
- oplim = output + sizeof(output);
-diff -Nru a/ntpd/ntp_io.c b/ntpd/ntp_io.c
---- a/ntpd/ntp_io.c 2016-11-23 08:35:18.268129456 +0100
-+++ b/ntpd/ntp_io.c 2016-11-23 08:35:18.272129269 +0100
-@@ -516,13 +516,17 @@
- /*
- * function to dump the contents of the interface structure
- * for debugging use only.
-+ * We face a dilemma here -- sockets are FDs under POSIX and
-+ * actually HANDLES under Windows. So we use '%lld' as format
-+ * and cast the value to 'long long'; this should not hurt
-+ * with UNIX-like systems and does not truncate values on Win64.
- */
- void
- interface_dump(const endpt *itf)
- {
- printf("Dumping interface: %p\n", itf);
-- printf("fd = %d\n", itf->fd);
-- printf("bfd = %d\n", itf->bfd);
-+ printf("fd = %lld\n", (long long)itf->fd);
-+ printf("bfd = %lld\n", (long long)itf->bfd);
- printf("sin = %s,\n", stoa(&itf->sin));
- sockaddr_dump(&itf->sin);
- printf("bcast = %s,\n", stoa(&itf->bcast));
-@@ -570,11 +574,11 @@
- static void
- print_interface(const endpt *iface, const char *pfx, const char *sfx)
- {
-- printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s",
-+ printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s",
- pfx,
- iface->ifnum,
-- iface->fd,
-- iface->bfd,
-+ (long long)iface->fd,
-+ (long long)iface->bfd,
- iface->name,
- iface->flags,
- iface->ifindex,
-diff -Nru a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
---- a/ntpd/ntp_proto.c 2016-11-23 08:35:18.280128897 +0100
-+++ b/ntpd/ntp_proto.c 2016-11-23 08:35:18.284128711 +0100
-@@ -4054,7 +4054,7 @@
- ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,
- peer->keynumber));
- #else /* !AUTOKEY follows */
-- DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %d\n",
-+ DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu\n",
- current_time, peer->dstadr ?
- ntoa(&peer->dstadr->sin) : "-",
- ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen));
-diff -Nru a/ports/winnt/ntpd/ntp_iocompletionport.c b/ports/winnt/ntpd/ntp_iocompletionport.c
---- a/ports/winnt/ntpd/ntp_iocompletionport.c 2016-11-23 08:35:18.288128524 +0100
-+++ b/ports/winnt/ntpd/ntp_iocompletionport.c 2016-11-23 08:35:18.288128524 +0100
-@@ -1391,8 +1391,7 @@
- goto fail;
- }
-
-- ;
-- if ( ! (rio->ioreg_ctx = iopad = iohpCreate(rio))) {
-+ if (NULL == (rio->ioreg_ctx = iopad = iohpCreate(rio))) {
- msyslog(LOG_ERR, "%s: Failed to create shared lock",
- msgh);
- goto fail;
-@@ -1401,13 +1400,13 @@
- iopad->riofd = rio->fd;
- iopad->rsrc.rio = rio;
-
-- if (!(rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {
-+ if (NULL == (rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {
- msyslog(LOG_ERR, "%s: Failed to allocate device context",
- msgh);
- goto fail;
- }
-
-- if ( ! (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {
-+ if (NULL == (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {
- msyslog(LOG_ERR, "%: Failed to allocate IO context",
- msgh);
- goto fail;
-@@ -1594,7 +1593,6 @@
- static const char * const msg =
- "OnSocketSend: send to socket failed";
-
-- IoHndPad_T * iopad = NULL;
- endpt * ep = NULL;
- int rc;
-
-@@ -1662,7 +1660,7 @@
-
- INSIST(hndIOCPLPort && hMainRpcDone);
- if (iopad)
-- iocpl_notify(iopad, OnInterfaceDetach, -1);
-+ iocpl_notify(iopad, OnInterfaceDetach, (UINT_PTR)-1);
- }
-
- /* --------------------------------------------------------------------
-diff -Nru a/sntp/crypto.c b/sntp/crypto.c
---- a/sntp/crypto.c 2016-11-23 08:35:18.288128524 +0100
-+++ b/sntp/crypto.c 2016-11-23 08:35:18.288128524 +0100
-@@ -2,7 +2,7 @@
- #include "crypto.h"
- #include <ctype.h>
- #include "isc/string.h"
--#include "libssl_compat.h"
-+#include "ntp_md5.h"
-
- struct key *key_ptr;
- size_t key_cnt = 0;
-diff -urN ntp-4.2.8p9/include/libssl_compat.h ntp-4.2.8p9_fixed/include/libssl_compat.h
---- a/include/libssl_compat.h 2016-11-21 07:28:40.000000000 -0500
-+++ b/include/libssl_compat.h 2016-11-23 12:10:33.014148604 -0500
-@@ -25,7 +25,7 @@
- #include "openssl/rsa.h"
-
- /* ----------------------------------------------------------------- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER)
- /* ----------------------------------------------------------------- */
-
- # include <openssl/objects.h>
diff --git a/net-misc/ntp/ntp-4.2.8_p9.ebuild b/net-misc/ntp/ntp-4.2.8_p9.ebuild
deleted file mode 100644
index 4ff1b7a2eb3..00000000000
--- a/net-misc/ntp/ntp-4.2.8_p9.ebuild
+++ /dev/null
@@ -1,136 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-inherit eutils toolchain-funcs flag-o-matic user systemd
-
-MY_P=${P/_p/p}
-DESCRIPTION="Network Time Protocol suite/programs"
-HOMEPAGE="http://www.ntp.org/"
-SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz
- https://dev.gentoo.org/~polynomial-c/${MY_P}-manpages.tar.xz"
-
-LICENSE="HPND BSD ISC"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~m68k-mint"
-IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf"
-
-CDEPEND="readline? ( >=sys-libs/readline-4.1:0= )
- >=dev-libs/libevent-2.0.9:=[threads?]
- kernel_linux? ( caps? ( sys-libs/libcap ) )
- zeroconf? ( net-dns/avahi[mdnsresponder-compat] )
- !openntpd? ( !net-misc/openntpd )
- snmp? ( net-analyzer/net-snmp )
- ssl? (
- !libressl? ( dev-libs/openssl:0= )
- libressl? ( dev-libs/libressl )
- )
- parse-clocks? ( net-misc/pps-tools )"
-DEPEND="${CDEPEND}
- virtual/pkgconfig"
-RDEPEND="${CDEPEND}
- selinux? ( sec-policy/selinux-ntp )
- vim-syntax? ( app-vim/ntp-syntax )"
-PDEPEND="openntpd? ( net-misc/openntpd )"
-
-S=${WORKDIR}/${MY_P}
-
-PATCHES=(
- "${FILESDIR}"/${PN}-4.2.8-ipc-caps.patch #533966
- "${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922
- "${FILESDIR}"/${P}-fix-build-wo-ssl-or-libressl.patch
-)
-
-pkg_setup() {
- enewgroup ntp 123
- enewuser ntp 123 -1 /dev/null ntp
-}
-
-src_prepare() {
- epatch "${PATCHES[@]}"
- append-cppflags -D_GNU_SOURCE #264109
- # Make sure every build uses the same install layout. #539092
- find sntp/loc/ -type f '!' -name legacy -delete || die
- # Disable pointless checks.
- touch .checkChangeLog .gcc-warning FRC.html html/.datecheck
-}
-
-src_configure() {
- # avoid libmd5/libelf
- export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no
- export ac_cv_lib_elf_nlist=no
- # blah, no real configure options #176333
- export ac_cv_header_dns_sd_h=$(usex zeroconf)
- export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h}
- # Increase the default memlimit from 32MiB to 128MiB. #533232
- econf \
- --with-lineeditlibs=readline,edit,editline \
- --with-yielding-select \
- --disable-local-libevent \
- --docdir='$(datarootdir)'/doc/${PF} \
- --htmldir='$(docdir)/html' \
- --with-memlock=256 \
- $(use_enable caps linuxcaps) \
- $(use_enable parse-clocks) \
- $(use_enable ipv6) \
- $(use_enable debug debugging) \
- $(use_with readline lineeditlibs readline) \
- $(use_enable samba ntp-signd) \
- $(use_with snmp ntpsnmpd) \
- $(use_with ssl crypto) \
- $(use_enable threads thread-support)
-}
-
-src_install() {
- default
- # move ntpd/ntpdate to sbin #66671
- dodir /usr/sbin
- mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin"
-
- dodoc INSTALL WHERE-TO-START
- doman "${WORKDIR}"/man/*.[58]
-
- insinto /etc
- doins "${FILESDIR}"/ntp.conf
- use ipv6 || sed -i '/^restrict .*::1/d' "${ED}"/etc/ntp.conf #524726
- newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd
- newconfd "${FILESDIR}"/ntpd.confd ntpd
- newinitd "${FILESDIR}"/ntp-client.rc ntp-client
- newconfd "${FILESDIR}"/ntp-client.confd ntp-client
- newinitd "${FILESDIR}"/sntp.rc sntp
- newconfd "${FILESDIR}"/sntp.confd sntp
- if ! use caps ; then
- sed -i "s|-u ntp:ntp||" "${ED}"/etc/conf.d/ntpd || die
- fi
- sed -i "s:/usr/bin:/usr/sbin:" "${ED}"/etc/init.d/ntpd || die
-
- keepdir /var/lib/ntp
- use prefix || fowners ntp:ntp /var/lib/ntp
-
- if use openntpd ; then
- cd "${ED}"
- rm usr/sbin/ntpd || die
- rm -r var/lib
- rm etc/{conf,init}.d/ntpd
- rm usr/share/man/*/ntpd.8 || die
- else
- systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service
- use caps && sed -i '/ExecStart/ s|$| -u ntp:ntp|' "${ED}"/usr/lib/systemd/system/ntpd.service
- systemd_enable_ntpunit 60-ntpd ntpd.service
- fi
-
- systemd_newunit "${FILESDIR}"/ntpdate.service-r1 ntpdate.service
- systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf
- systemd_newunit "${FILESDIR}"/sntp.service-r2 sntp.service
- systemd_install_serviced "${FILESDIR}"/sntp.service.conf
-}
-
-pkg_postinst() {
- if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then
- eerror "The notrust option was found in your /etc/ntp.conf!"
- ewarn "If your ntpd starts sending out weird responses,"
- ewarn "then make sure you have keys properly setup and see"
- ewarn "https://bugs.gentoo.org/41827"
- fi
-}
next reply other threads:[~2017-10-20 9:05 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-20 9:05 Lars Wendler [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-11-25 7:05 [gentoo-commits] repo/gentoo:master commit in: net-misc/ntp/files/, net-misc/ntp/ Sam James
2022-11-24 11:27 Sam James
2022-03-17 21:31 Sam James
2021-05-03 18:46 Sam James
2021-01-06 23:23 Andreas K. Hüttel
2019-10-10 22:35 Sergei Trofimovich
2019-08-27 18:50 Craig Andrews
2017-05-07 7:27 Thomas Deutschmann
2017-03-31 0:13 Patrick McLean
2017-03-22 18:52 Patrick McLean
2017-01-27 22:15 Robin H. Johnson
2016-11-28 22:44 Thomas Deutschmann
2016-04-27 8:21 Lars Wendler
2015-10-25 1:07 Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1508490320.6d5d02e1341ffa76de4b26a6963d99699afba0c6.polynomial-c@gentoo \
--to=polynomial-c@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox