From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 13C57138334 for ; Sat, 16 Mar 2019 17:31:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 282AAE0971; Sat, 16 Mar 2019 17:31:40 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id E5B13E0971 for ; Sat, 16 Mar 2019 17:31:39 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8C813335C97 for ; Sat, 16 Mar 2019 17:31:38 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 36690559 for ; Sat, 16 Mar 2019 17:31:37 +0000 (UTC) From: "Mikle Kolyada" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Mikle Kolyada" Message-ID: <1552757495.63f16f7b92948ad2a4ee00d2c068d4a90d7c0417.zlogene@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/ntp/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-misc/ntp/Manifest net-misc/ntp/ntp-4.2.8_p12-r1.ebuild net-misc/ntp/ntp-4.2.8_p12.ebuild X-VCS-Directories: net-misc/ntp/ X-VCS-Committer: zlogene X-VCS-Committer-Name: Mikle Kolyada X-VCS-Revision: 63f16f7b92948ad2a4ee00d2c068d4a90d7c0417 X-VCS-Branch: master Date: Sat, 16 Mar 2019 17:31:37 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: c2515371-4234-4574-b9d8-206410cf0c1f X-Archives-Hash: 5a0f6356193db72115146bcf47774f69 commit: 63f16f7b92948ad2a4ee00d2c068d4a90d7c0417 Author: Mikle Kolyada gentoo org> AuthorDate: Sat Mar 16 17:31:21 2019 +0000 Commit: Mikle Kolyada gentoo org> CommitDate: Sat Mar 16 17:31:35 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=63f16f7b net-misc/ntp: Security cleanup Signed-off-by: Mikle Kolyada gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 net-misc/ntp/Manifest | 2 - net-misc/ntp/ntp-4.2.8_p12-r1.ebuild | 146 ----------------------------------- net-misc/ntp/ntp-4.2.8_p12.ebuild | 146 ----------------------------------- 3 files changed, 294 deletions(-) diff --git a/net-misc/ntp/Manifest b/net-misc/ntp/Manifest index 2c98bbff51a..171e56db1a1 100644 --- a/net-misc/ntp/Manifest +++ b/net-misc/ntp/Manifest @@ -1,4 +1,2 @@ -DIST ntp-4.2.8p12-manpages.tar.xz 25700 BLAKE2B 0a84908556e997bdd08a78cd04f7f38a32a8441138f31d0adf7fefc380da79e509bea4a8bc67154501e359638f4edcab561d14cbdd1d573473bd2ea5a14f0c48 SHA512 e6df0099b9f62db63d200702267276ee094e8d00b20a67d2181f3f32fe6b871c49ac2eedbc2186b3255c919820c05eac528718b80afe7ed7ed7654b55c361f7c -DIST ntp-4.2.8p12.tar.gz 7079642 BLAKE2B d7d7817afaf9f94bf230951901b7531aff03c0828eecd40ca6fcc836ffd081387837afee44978742b507a9bee58788022fe9556733e8861dcc37d63f5637b3d1 SHA512 5382dcd1bb7feca8f28fc650f68892cb53f9364ebeb3780754cfbe71b1602057fdfd6eb27956afe79014a435624d77e2648d9e07f4d86ce7a98f5a4438d08310 DIST ntp-4.2.8p13-manpages.tar.xz 25700 BLAKE2B 47076474529146f6fd375e20c52188f1ba04959ce3752c952e60e9b48c8ac129346fdf5c315e012556422d16b7d6c223722812a56a11a98463044d2b16fcf0f0 SHA512 824832c1a8685fcd196db679cf4b87c89d577cea5251fda7c3dfee00e888d64de76df99e8cf4b0d20056e3d539b3f46a260c6ce22339aa79b915427741030da2 DIST ntp-4.2.8p13.tar.gz 6949363 BLAKE2B b503153d8413e6ba174970bbddca59d237442e8ec29e082cedfea6523b0b7aaf2919dc219d816e02c8d3aa486beeaf5ca08b314a8b4c587333034447e1391ea0 SHA512 afbdbb8a37b8f4040a8a6939a3a85ad0350d359c153c297b32b8a013c7b7061fd925fa3e6e103671c5901e169156e22497813c654195ba50f890a7170b2f2075 diff --git a/net-misc/ntp/ntp-4.2.8_p12-r1.ebuild b/net-misc/ntp/ntp-4.2.8_p12-r1.ebuild deleted file mode 100644 index 72de82eb89b..00000000000 --- a/net-misc/ntp/ntp-4.2.8_p12-r1.ebuild +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit autotools toolchain-funcs flag-o-matic user systemd - -MY_P=${P/_p/p} -DESCRIPTION="Network Time Protocol suite/programs" -HOMEPAGE="http://www.ntp.org/" -SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz - https://dev.gentoo.org/~polynomial-c/${MY_P}-manpages.tar.xz" - -LICENSE="HPND BSD ISC" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~m68k-mint" -IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf" - -CDEPEND="readline? ( >=sys-libs/readline-4.1:0= ) - >=dev-libs/libevent-2.0.9:=[threads?] - kernel_linux? ( caps? ( sys-libs/libcap ) ) - zeroconf? ( net-dns/avahi[mdnsresponder-compat] ) - snmp? ( net-analyzer/net-snmp ) - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - parse-clocks? ( net-misc/pps-tools )" -DEPEND="${CDEPEND} - virtual/pkgconfig" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-ntp ) - vim-syntax? ( app-vim/ntp-syntax ) - !net-misc/ntpsec - !openntpd? ( !net-misc/openntpd ) -" -PDEPEND="openntpd? ( net-misc/openntpd )" - -S="${WORKDIR}/${MY_P}" - -PATCHES=( - "${FILESDIR}"/${PN}-4.2.8-ipc-caps.patch #533966 - "${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922 - "${FILESDIR}"/${PN}-4.2.8_p10-fix-build-wo-ssl-or-libressl.patch - "${FILESDIR}"/${PN}-4.2.8_p12-libressl-2.8.patch -) - -pkg_setup() { - enewgroup ntp 123 - enewuser ntp 123 -1 /dev/null ntp -} - -src_prepare() { - default - append-cppflags -D_GNU_SOURCE #264109 - # Make sure every build uses the same install layout. #539092 - find sntp/loc/ -type f '!' -name legacy -delete || die - eautoreconf #622754 - # Disable pointless checks. - touch .checkChangeLog .gcc-warning FRC.html html/.datecheck -} - -src_configure() { - # avoid libmd5/libelf - export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no - export ac_cv_lib_elf_nlist=no - # blah, no real configure options #176333 - export ac_cv_header_dns_sd_h=$(usex zeroconf) - export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h} - # Increase the default memlimit from 32MiB to 128MiB. #533232 - local myeconfargs=( - --with-lineeditlibs=readline,edit,editline - --with-yielding-select - --disable-local-libevent - --docdir='$(datarootdir)'/doc/${PF} - --htmldir='$(docdir)/html' - --with-memlock=256 - $(use_enable caps linuxcaps) - $(use_enable parse-clocks) - $(use_enable ipv6) - $(use_enable debug debugging) - $(use_with readline lineeditlibs readline) - $(use_enable samba ntp-signd) - $(use_with snmp ntpsnmpd) - $(use_with ssl crypto) - $(use_enable threads thread-support) - ) - econf "${myeconfargs[@]}" -} - -src_install() { - default - # move ntpd/ntpdate to sbin #66671 - dodir /usr/sbin - mv "${ED%/}"/usr/bin/{ntpd,ntpdate} "${ED%/}"/usr/sbin/ || die "move to sbin" - - dodoc INSTALL WHERE-TO-START - doman "${WORKDIR}"/man/*.[58] - - insinto /etc - doins "${FILESDIR}"/ntp.conf - use ipv6 || sed -i '/^restrict .*::1/d' "${ED%/}"/etc/ntp.conf #524726 - newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd - newconfd "${FILESDIR}"/ntpd.confd ntpd - newinitd "${FILESDIR}"/ntp-client.rc ntp-client - newconfd "${FILESDIR}"/ntp-client.confd ntp-client - newinitd "${FILESDIR}"/sntp.rc sntp - newconfd "${FILESDIR}"/sntp.confd sntp - if ! use caps ; then - sed -i "s|-u ntp:ntp||" "${ED%/}"/etc/conf.d/ntpd || die - fi - sed -i "s:/usr/bin:/usr/sbin:" "${ED%/}"/etc/init.d/ntpd || die - - keepdir /var/lib/ntp - use prefix || fowners ntp:ntp /var/lib/ntp - - if use openntpd ; then - cd "${ED}" || die - rm usr/sbin/ntpd || die - rm -r var/lib || die - rm etc/{conf,init}.d/ntpd || die - rm usr/share/man/*/ntpd.8 || die - else - systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service - if use caps ; then - sed -i '/ExecStart/ s|$| -u ntp:ntp|' \ - "${D%/}$(systemd_get_systemunitdir)"/ntpd.service \ - || die - fi - systemd_enable_ntpunit 60-ntpd ntpd.service - fi - - systemd_newunit "${FILESDIR}"/ntpdate.service-r1 ntpdate.service - systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf - systemd_newunit "${FILESDIR}"/sntp.service-r2 sntp.service - systemd_install_serviced "${FILESDIR}"/sntp.service.conf -} - -pkg_postinst() { - if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then - eerror "The notrust option was found in your /etc/ntp.conf!" - ewarn "If your ntpd starts sending out weird responses," - ewarn "then make sure you have keys properly setup and see" - ewarn "https://bugs.gentoo.org/41827" - fi -} diff --git a/net-misc/ntp/ntp-4.2.8_p12.ebuild b/net-misc/ntp/ntp-4.2.8_p12.ebuild deleted file mode 100644 index eb032edec7a..00000000000 --- a/net-misc/ntp/ntp-4.2.8_p12.ebuild +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit autotools toolchain-funcs flag-o-matic user systemd - -MY_P=${P/_p/p} -DESCRIPTION="Network Time Protocol suite/programs" -HOMEPAGE="http://www.ntp.org/" -SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz - https://dev.gentoo.org/~polynomial-c/${MY_P}-manpages.tar.xz" - -LICENSE="HPND BSD ISC" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~m68k-mint" -IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf" - -CDEPEND="readline? ( >=sys-libs/readline-4.1:0= ) - >=dev-libs/libevent-2.0.9:=[threads?] - kernel_linux? ( caps? ( sys-libs/libcap ) ) - zeroconf? ( net-dns/avahi[mdnsresponder-compat] ) - snmp? ( net-analyzer/net-snmp ) - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl ) - ) - parse-clocks? ( net-misc/pps-tools )" -DEPEND="${CDEPEND} - virtual/pkgconfig" -RDEPEND="${CDEPEND} - selinux? ( sec-policy/selinux-ntp ) - vim-syntax? ( app-vim/ntp-syntax ) - !net-misc/ntpsec - !openntpd? ( !net-misc/openntpd ) -" -PDEPEND="openntpd? ( net-misc/openntpd )" - -S="${WORKDIR}/${MY_P}" - -PATCHES=( - "${FILESDIR}"/${PN}-4.2.8-ipc-caps.patch #533966 - "${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922 - "${FILESDIR}"/${PN}-4.2.8_p10-fix-build-wo-ssl-or-libressl.patch - "${FILESDIR}"/${PN}-4.2.8_p12-libressl-2.8.patch -) - -pkg_setup() { - enewgroup ntp 123 - enewuser ntp 123 -1 /dev/null ntp -} - -src_prepare() { - default - append-cppflags -D_GNU_SOURCE #264109 - # Make sure every build uses the same install layout. #539092 - find sntp/loc/ -type f '!' -name legacy -delete || die - eautoreconf #622754 - # Disable pointless checks. - touch .checkChangeLog .gcc-warning FRC.html html/.datecheck -} - -src_configure() { - # avoid libmd5/libelf - export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no - export ac_cv_lib_elf_nlist=no - # blah, no real configure options #176333 - export ac_cv_header_dns_sd_h=$(usex zeroconf) - export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h} - # Increase the default memlimit from 32MiB to 128MiB. #533232 - local myeconfargs=( - --with-lineeditlibs=readline,edit,editline - --with-yielding-select - --disable-local-libevent - --docdir='$(datarootdir)'/doc/${PF} - --htmldir='$(docdir)/html' - --with-memlock=256 - $(use_enable caps linuxcaps) - $(use_enable parse-clocks) - $(use_enable ipv6) - $(use_enable debug debugging) - $(use_with readline lineeditlibs readline) - $(use_enable samba ntp-signd) - $(use_with snmp ntpsnmpd) - $(use_with ssl crypto) - $(use_enable threads thread-support) - ) - econf "${myeconfargs[@]}" -} - -src_install() { - default - # move ntpd/ntpdate to sbin #66671 - dodir /usr/sbin - mv "${ED%/}"/usr/bin/{ntpd,ntpdate} "${ED%/}"/usr/sbin/ || die "move to sbin" - - dodoc INSTALL WHERE-TO-START - doman "${WORKDIR}"/man/*.[58] - - insinto /etc - doins "${FILESDIR}"/ntp.conf - use ipv6 || sed -i '/^restrict .*::1/d' "${ED%/}"/etc/ntp.conf #524726 - newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd - newconfd "${FILESDIR}"/ntpd.confd ntpd - newinitd "${FILESDIR}"/ntp-client.rc ntp-client - newconfd "${FILESDIR}"/ntp-client.confd ntp-client - newinitd "${FILESDIR}"/sntp.rc sntp - newconfd "${FILESDIR}"/sntp.confd sntp - if ! use caps ; then - sed -i "s|-u ntp:ntp||" "${ED%/}"/etc/conf.d/ntpd || die - fi - sed -i "s:/usr/bin:/usr/sbin:" "${ED%/}"/etc/init.d/ntpd || die - - keepdir /var/lib/ntp - use prefix || fowners ntp:ntp /var/lib/ntp - - if use openntpd ; then - cd "${ED}" || die - rm usr/sbin/ntpd || die - rm -r var/lib || die - rm etc/{conf,init}.d/ntpd || die - rm usr/share/man/*/ntpd.8 || die - else - systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service - if use caps ; then - sed -i '/ExecStart/ s|$| -u ntp:ntp|' \ - "${D%/}$(systemd_get_systemunitdir)"/ntpd.service \ - || die - fi - systemd_enable_ntpunit 60-ntpd ntpd.service - fi - - systemd_newunit "${FILESDIR}"/ntpdate.service-r1 ntpdate.service - systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf - systemd_newunit "${FILESDIR}"/sntp.service-r2 sntp.service - systemd_install_serviced "${FILESDIR}"/sntp.service.conf -} - -pkg_postinst() { - if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then - eerror "The notrust option was found in your /etc/ntp.conf!" - ewarn "If your ntpd starts sending out weird responses," - ewarn "then make sure you have keys properly setup and see" - ewarn "https://bugs.gentoo.org/41827" - fi -}