1 |
robbat2 14/01/01 23:59:55 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: ntp-4.2.6_p5-r10.ebuild |
5 |
Log: |
6 |
Secure default configuration (approved by NTP upstream per IRC): by default deny all non-time queries so that monlist-based NTP reflection attacks are blocked; Rate-limit queries and issue KoD for limit-exceeded; Ensure IPv6 localhost is allowed as it is used by default. |
7 |
|
8 |
(Portage version: 2.2.7/cvs/Linux x86_64, unsigned Manifest commit) |
9 |
|
10 |
Revision Changes Path |
11 |
1.203 net-misc/ntp/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ChangeLog?rev=1.203&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ChangeLog?rev=1.203&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ChangeLog?r1=1.202&r2=1.203 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v |
20 |
retrieving revision 1.202 |
21 |
retrieving revision 1.203 |
22 |
diff -p -w -b -B -u -u -r1.202 -r1.203 |
23 |
--- ChangeLog 24 Dec 2013 11:01:52 -0000 1.202 |
24 |
+++ ChangeLog 1 Jan 2014 23:59:55 -0000 1.203 |
25 |
@@ -1,6 +1,15 @@ |
26 |
# ChangeLog for net-misc/ntp |
27 |
-# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v 1.202 2013/12/24 11:01:52 vapier Exp $ |
29 |
+# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
30 |
+# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v 1.203 2014/01/01 23:59:55 robbat2 Exp $ |
31 |
+ |
32 |
+*ntp-4.2.6_p5-r10 (01 Jan 2014) |
33 |
+ |
34 |
+ 01 Jan 2014; Robin H. Johnson <robbat2@g.o> +ntp-4.2.6_p5-r10.ebuild, |
35 |
+ files/ntp.conf: |
36 |
+ Secure default configuration (approved by NTP upstream per IRC): by default |
37 |
+ deny all non-time queries so that monlist-based NTP reflection attacks are |
38 |
+ blocked; Rate-limit queries and issue KoD for limit-exceeded; Ensure IPv6 |
39 |
+ localhost is allowed as it is used by default. |
40 |
|
41 |
24 Dec 2013; Mike Frysinger <vapier@g.o> files/ntp-client.confd, |
42 |
files/ntp-client.rc: |
43 |
|
44 |
|
45 |
|
46 |
1.1 net-misc/ntp/ntp-4.2.6_p5-r10.ebuild |
47 |
|
48 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ntp-4.2.6_p5-r10.ebuild?rev=1.1&view=markup |
49 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ntp-4.2.6_p5-r10.ebuild?rev=1.1&content-type=text/plain |
50 |
|
51 |
Index: ntp-4.2.6_p5-r10.ebuild |
52 |
=================================================================== |
53 |
# Copyright 1999-2014 Gentoo Foundation |
54 |
# Distributed under the terms of the GNU General Public License v2 |
55 |
# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ntp-4.2.6_p5-r10.ebuild,v 1.1 2014/01/01 23:59:55 robbat2 Exp $ |
56 |
|
57 |
EAPI="4" |
58 |
|
59 |
inherit eutils toolchain-funcs flag-o-matic user systemd |
60 |
|
61 |
MY_P=${P/_p/p} |
62 |
DESCRIPTION="Network Time Protocol suite/programs" |
63 |
HOMEPAGE="http://www.ntp.org/" |
64 |
SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz |
65 |
mirror://gentoo/${MY_P}-manpages.tar.bz2" |
66 |
|
67 |
LICENSE="HPND BSD ISC" |
68 |
SLOT="0" |
69 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux ~m68k-mint" |
70 |
IUSE="caps debug ipv6 openntpd parse-clocks samba selinux snmp ssl vim-syntax zeroconf" |
71 |
|
72 |
DEPEND=">=sys-libs/ncurses-5.2 |
73 |
>=sys-libs/readline-4.1 |
74 |
kernel_linux? ( caps? ( sys-libs/libcap ) ) |
75 |
zeroconf? ( net-dns/avahi[mdnsresponder-compat] ) |
76 |
!openntpd? ( !net-misc/openntpd ) |
77 |
snmp? ( net-analyzer/net-snmp ) |
78 |
ssl? ( dev-libs/openssl ) |
79 |
selinux? ( sec-policy/selinux-ntp ) |
80 |
parse-clocks? ( net-misc/pps-tools )" |
81 |
RDEPEND="${DEPEND} |
82 |
vim-syntax? ( app-vim/ntp-syntax )" |
83 |
PDEPEND="openntpd? ( net-misc/openntpd )" |
84 |
|
85 |
S=${WORKDIR}/${MY_P} |
86 |
|
87 |
pkg_setup() { |
88 |
enewgroup ntp 123 |
89 |
enewuser ntp 123 -1 /dev/null ntp |
90 |
} |
91 |
|
92 |
src_prepare() { |
93 |
epatch "${FILESDIR}"/${PN}-4.2.4_p5-adjtimex.patch #254030 |
94 |
epatch "${FILESDIR}"/${PN}-4.2.4_p7-nano.patch #270483 |
95 |
append-cppflags -D_GNU_SOURCE #264109 |
96 |
} |
97 |
|
98 |
src_configure() { |
99 |
# avoid libmd5/libelf |
100 |
export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no |
101 |
export ac_cv_lib_elf_nlist=no |
102 |
# blah, no real configure options #176333 |
103 |
export ac_cv_header_dns_sd_h=$(usex zeroconf) |
104 |
export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h} |
105 |
econf \ |
106 |
--with-lineeditlibs=readline,edit,editline \ |
107 |
$(use_enable caps linuxcaps) \ |
108 |
$(use_enable parse-clocks) \ |
109 |
$(use_enable ipv6) \ |
110 |
$(use_enable debug debugging) \ |
111 |
$(use_enable samba ntp-signd) \ |
112 |
$(use_with snmp ntpsnmpd) \ |
113 |
$(use_with ssl crypto) |
114 |
} |
115 |
|
116 |
src_install() { |
117 |
default |
118 |
# move ntpd/ntpdate to sbin #66671 |
119 |
dodir /usr/sbin |
120 |
mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin" |
121 |
|
122 |
dodoc INSTALL WHERE-TO-START |
123 |
doman "${WORKDIR}"/man/*.[58] |
124 |
dohtml -r html/* |
125 |
|
126 |
insinto /usr/share/ntp |
127 |
doins "${FILESDIR}"/ntp.conf |
128 |
cp -r scripts/* "${ED}"/usr/share/ntp/ || die |
129 |
use prefix || fperms -R go-w /usr/share/ntp |
130 |
find "${ED}"/usr/share/ntp \ |
131 |
'(' \ |
132 |
-name '*.in' -o \ |
133 |
-name 'Makefile*' -o \ |
134 |
-name support \ |
135 |
')' \ |
136 |
-exec rm -r {} \; |
137 |
|
138 |
insinto /etc |
139 |
doins "${FILESDIR}"/ntp.conf |
140 |
newinitd "${FILESDIR}"/ntpd.rc ntpd |
141 |
newconfd "${FILESDIR}"/ntpd.confd ntpd |
142 |
newinitd "${FILESDIR}"/ntp-client.rc ntp-client |
143 |
newconfd "${FILESDIR}"/ntp-client.confd ntp-client |
144 |
newinitd "${FILESDIR}"/sntp.rc sntp |
145 |
newconfd "${FILESDIR}"/sntp.confd sntp |
146 |
if ! use caps ; then |
147 |
sed -i "s|-u ntp:ntp||" "${ED}"/etc/conf.d/ntpd || die |
148 |
fi |
149 |
sed -i "s:/usr/bin:/usr/sbin:" "${ED}"/etc/init.d/ntpd || die |
150 |
|
151 |
keepdir /var/lib/ntp |
152 |
use prefix || fowners ntp:ntp /var/lib/ntp |
153 |
|
154 |
if use openntpd ; then |
155 |
cd "${ED}" |
156 |
rm usr/sbin/ntpd || die |
157 |
rm -r var/lib |
158 |
rm etc/{conf,init}.d/ntpd |
159 |
rm usr/share/man/*/ntpd.8 || die |
160 |
else |
161 |
systemd_newunit "${FILESDIR}"/ntpd.service-r1 ntpd.service |
162 |
systemd_enable_ntpunit 60-ntpd ntpd.service |
163 |
fi |
164 |
|
165 |
systemd_dounit "${FILESDIR}"/ntpdate.service |
166 |
systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf |
167 |
systemd_dounit "${FILESDIR}"/sntp.service |
168 |
systemd_install_serviced "${FILESDIR}"/sntp.service.conf |
169 |
} |
170 |
|
171 |
pkg_postinst() { |
172 |
ewarn "You can find an example /etc/ntp.conf in /usr/share/ntp/" |
173 |
ewarn "Review /etc/ntp.conf to setup server info." |
174 |
ewarn "Review /etc/conf.d/ntpd to setup init.d info." |
175 |
echo |
176 |
elog "The way ntp sets and maintains your system time has changed." |
177 |
elog "Now you can use /etc/init.d/ntp-client to set your time at" |
178 |
elog "boot while you can use /etc/init.d/ntpd to maintain your time" |
179 |
elog "while your machine runs" |
180 |
if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then |
181 |
echo |
182 |
eerror "The notrust option was found in your /etc/ntp.conf!" |
183 |
ewarn "If your ntpd starts sending out weird responses," |
184 |
ewarn "then make sure you have keys properly setup and see" |
185 |
ewarn "http://bugs.gentoo.org/41827" |
186 |
fi |
187 |
} |