[gentoo-commits] repo/gentoo:master commit in: net-misc/ntp/files/, net-misc/ntp/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-misc/ntp/files/, net-misc/ntp/
Date:	Fri, 20 Oct 2017 09:05:28
Message-Id:	`1508490320.6d5d02e1341ffa76de4b26a6963d99699afba0c6.polynomial-c@gentoo`

1

commit:     6d5d02e1341ffa76de4b26a6963d99699afba0c6

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Fri Oct 20 09:05:20 2017 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Fri Oct 20 09:05:20 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d5d02e1

7

8

net-misc/ntp: Security cleanup (bug #613550).

9

10

Package-Manager: Portage-2.3.12, Repoman-2.3.3

11

12

 net-misc/ntp/Manifest                              |   2 -

13

 ...ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch | 236 ---------------------

14

 net-misc/ntp/ntp-4.2.8_p9.ebuild                   | 136 ------------

15

 3 files changed, 374 deletions(-)

16

17

diff --git a/net-misc/ntp/Manifest b/net-misc/ntp/Manifest

18

index 00a743f21e4..f77d8f8a95f 100644

19

--- a/net-misc/ntp/Manifest

20

+++ b/net-misc/ntp/Manifest

21

@@ -1,4 +1,2 @@

22

 DIST ntp-4.2.8p10-manpages.tar.xz 25004 SHA256 7d968a7e68e0ce26c56635e452468b3583e2cb8bfcf558127c753c62e31d7007 SHA512 5b31a1429484ad30a35c8fa38157190a66b0983b5bf1a802c0817613901b5e0644941a3f4d5b660fcfe4ca04968766a5981331a6f9353316e7de953e55c33a09 WHIRLPOOL 6f5d593be7003fa9212364c0409f7e1ae7adcd6d1134c6db5bfb92fbbeb181495c3d484ff73bdfe55f231bb323e286ef4e1eb2ba588fcf3acd360ac8bf53b259

23

 DIST ntp-4.2.8p10.tar.gz 6998648 SHA256 ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f SHA512 67e01ab533c3dfabb0bdd3ced848bdd239980bde28fdb2791d167b7e9690ab3b3759e1bd99e9fddcce03ddef4cd63a47eb85941bb127ceb79b7ecff22cce9c05 WHIRLPOOL 7a72762d349591808c0f3d4686bbb2fbf60a0915769e77140414795892d6929feb0aae30cf2f2ea1febd3c4fecb9d3d62401e1f66033bb2dc57e3245f41708c8

24

-DIST ntp-4.2.8p9-manpages.tar.xz 24988 SHA256 a7814373e7ceb73a9e426b2e60a9966b6d053f145fd0253bbccf407af9f7ad3f SHA512 23ba80c540d12e78012a448348b94ccb68d0a8078e2e6fe05be58d89aa5e6e31ee8d686920c0f841ad12eade84a081e393885760fdf81bad5c30c76006df0094 WHIRLPOOL 49259ef4bade074bbcb5d87dd21bd93538a3a17405a42e483d10168fd609f908b59c86c73b01d2db2e683ff43fa0fdc0cdf297bfcc452d223dcb78bcef3f46c3

25

-DIST ntp-4.2.8p9.tar.gz 7231884 SHA256 b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72 SHA512 ffd9e34060210d1cfb8ca0d89f2577df1c5fbe3ba63c620cdadc3ccc3c9d07f518783c6b91e57bffc77b08f449fdbab12faf226672ebd2dde5a0b4a783322a04 WHIRLPOOL ea96b106fd06f2b536394ad2a3dcc2a973aa0cec96140a292bc13b6ceb4159208a59b9c51936240c8a44fa7b2caa4be60d07d3c53066ce8588b0561bef64c070

26

27

diff --git a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch b/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch

28

deleted file mode 100644

29

index 5166e5f9a1d..00000000000

30

--- a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch

31

+++ /dev/null

32

@@ -1,236 +0,0 @@

33

-Fix building with libressl or without SSL.

34

-

35

-Origin: http://bugs.ntp.org/attachment.cgi?id=1481

36

-

37

-LibreSSL fix from Joe Kappus (https://bugs.gentoo.org/show_bug.cgi?id=600668#c2)

38

-

39

-diff -Nru a/include/ntp_md5.h b/include/ntp_md5.h

40

---- a/include/ntp_md5.h	2016-11-23 08:35:18.248130387 +0100

41

-+++ b/include/ntp_md5.h	2016-11-23 08:35:18.248130387 +0100

42

-@@ -8,6 +8,7 @@

43

-

44

- #ifdef OPENSSL

45

- # include "openssl/evp.h"

46

-+# include "libssl_compat.h"

47

- #else	/* !OPENSSL follows */

48

- /*

49

-  * Provide OpenSSL-alike MD5 API if we're not using OpenSSL

50

-@@ -23,6 +24,9 @@

51

- # endif

52

-

53

-   typedef MD5_CTX			EVP_MD_CTX;

54

-+

55

-+# define EVP_MD_CTX_free(c)		free(c)

56

-+# define EVP_MD_CTX_new()		calloc(1, sizeof(MD5_CTX))

57

- # define EVP_get_digestbynid(t)		NULL

58

- # define EVP_md5()			NULL

59

- # define EVP_MD_CTX_init(c)

60

-diff -Nru a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c

61

---- a/libntp/a_md5encrypt.c	2016-11-23 08:35:18.248130387 +0100

62

-+++ b/libntp/a_md5encrypt.c	2016-11-23 08:35:18.248130387 +0100

63

-@@ -11,7 +11,6 @@

64

- #include "ntp.h"

65

- #include "ntp_md5.h"	/* provides OpenSSL digest API */

66

- #include "isc/string.h"

67

--#include "libssl_compat.h"

68

- /*

69

-  * MD5authencrypt - generate message digest

70

-  *

71

-diff -Nru a/libntp/libssl_compat.c b/libntp/libssl_compat.c

72

---- a/libntp/libssl_compat.c	2016-11-23 08:35:18.248130387 +0100

73

-+++ b/libntp/libssl_compat.c	2016-11-23 08:35:18.248130387 +0100

74

-@@ -15,15 +15,18 @@

75

-  * ---------------------------------------------------------------------

76

-  */

77

- #include "config.h"

78

--

79

--#include <string.h>

80

--#include <openssl/bn.h>

81

--#include <openssl/evp.h>

82

--

83

- #include "ntp_types.h"

84

-

85

- /* ----------------------------------------------------------------- */

86

--#if OPENSSL_VERSION_NUMBER < 0x10100000L

87

-+#ifdef OPENSSL

88

-+# include <string.h>

89

-+# include <openssl/bn.h>

90

-+# include <openssl/evp.h>

91

-+#endif

92

-+/* ----------------------------------------------------------------- */

93

-+

94

-+/* ----------------------------------------------------------------- */

95

-+#if defined(OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER)

96

- /* ----------------------------------------------------------------- */

97

-

98

- #include "libssl_compat.h"

99

-@@ -325,7 +328,7 @@

100

- }

101

-

102

- /* ----------------------------------------------------------------- */

103

--#else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */

104

-+#else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */

105

- /* ----------------------------------------------------------------- */

106

-

107

- NONEMPTY_TRANSLATION_UNIT

108

-diff -Nru a/ntpd/ntp_control.c b/ntpd/ntp_control.c

109

---- a/ntpd/ntp_control.c	2016-11-23 08:35:18.256130015 +0100

110

-+++ b/ntpd/ntp_control.c	2016-11-23 08:35:18.260129828 +0100

111

-@@ -33,8 +33,6 @@

112

- # include "ntp_syscall.h"

113

- #endif

114

-

115

--#include "libssl_compat.h"

116

--

117

- /*

118

-  * Structure to hold request procedure information

119

-  */

120

-@@ -1653,8 +1651,10 @@

121

- }

122

-

123

- /*

124

-- * ctl_putcal - write a decoded calendar data into the response

125

-+ * ctl_putcal - write a decoded calendar data into the response.

126

-+ * only used with AUTOKEY currently, so compiled conditional

127

-  */

128

-+#ifdef AUTOKEY

129

- static void

130

- ctl_putcal(

131

- 	const char *tag,

132

-@@ -1678,6 +1678,7 @@

133

-

134

- 	return;

135

- }

136

-+#endif

137

-

138

- /*

139

-  * ctl_putfs - write a decoded filestamp into the response

140

-@@ -1838,7 +1839,7 @@

141

- 	char *	oplim;

142

- 	char *	iptr;

143

- 	char *	iplim;

144

--	char *	past_eq;

145

-+	char *	past_eq = NULL;

146

-

147

- 	optr = output;

148

- 	oplim = output + sizeof(output);

149

-diff -Nru a/ntpd/ntp_io.c b/ntpd/ntp_io.c

150

---- a/ntpd/ntp_io.c	2016-11-23 08:35:18.268129456 +0100

151

-+++ b/ntpd/ntp_io.c	2016-11-23 08:35:18.272129269 +0100

152

-@@ -516,13 +516,17 @@

153

- /*

154

-  * function to dump the contents of the interface structure

155

-  * for debugging use only.

156

-+ * We face a dilemma here -- sockets are FDs under POSIX and

157

-+ * actually HANDLES under Windows. So we use '%lld' as format

158

-+ * and cast the value to 'long long'; this should not hurt

159

-+ * with UNIX-like systems and does not truncate values on Win64.

160

-  */

161

- void

162

- interface_dump(const endpt *itf)

163

- {

164

- 	printf("Dumping interface: %p\n", itf);

165

--	printf("fd = %d\n", itf->fd);

166

--	printf("bfd = %d\n", itf->bfd);

167

-+	printf("fd = %lld\n", (long long)itf->fd);

168

-+	printf("bfd = %lld\n", (long long)itf->bfd);

169

- 	printf("sin = %s,\n", stoa(&itf->sin));

170

- 	sockaddr_dump(&itf->sin);

171

- 	printf("bcast = %s,\n", stoa(&itf->bcast));

172

-@@ -570,11 +574,11 @@

173

- static void

174

- print_interface(const endpt *iface, const char *pfx, const char *sfx)

175

- {

176

--	printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s",

177

-+	printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s",

178

- 	       pfx,

179

- 	       iface->ifnum,

180

--	       iface->fd,

181

--	       iface->bfd,

182

-+	       (long long)iface->fd,

183

-+	       (long long)iface->bfd,

184

- 	       iface->name,

185

- 	       iface->flags,

186

- 	       iface->ifindex,

187

-diff -Nru a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c

188

---- a/ntpd/ntp_proto.c	2016-11-23 08:35:18.280128897 +0100

189

-+++ b/ntpd/ntp_proto.c	2016-11-23 08:35:18.284128711 +0100

190

-@@ -4054,7 +4054,7 @@

191

- 		    ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,

192

- 		    peer->keynumber));

193

- #else	/* !AUTOKEY follows */

194

--	DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %d\n",

195

-+	DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu\n",

196

- 		    current_time, peer->dstadr ?

197

- 		    ntoa(&peer->dstadr->sin) : "-",

198

- 		    ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen));

199

-diff -Nru a/ports/winnt/ntpd/ntp_iocompletionport.c b/ports/winnt/ntpd/ntp_iocompletionport.c

200

---- a/ports/winnt/ntpd/ntp_iocompletionport.c	2016-11-23 08:35:18.288128524 +0100

201

-+++ b/ports/winnt/ntpd/ntp_iocompletionport.c	2016-11-23 08:35:18.288128524 +0100

202

-@@ -1391,8 +1391,7 @@

203

- 		goto fail;

204

- 	}

205

-

206

--	;

207

--	if ( ! (rio->ioreg_ctx = iopad = iohpCreate(rio))) {

208

-+	if (NULL == (rio->ioreg_ctx = iopad = iohpCreate(rio))) {

209

- 		msyslog(LOG_ERR, "%s: Failed to create shared lock",

210

- 			msgh);

211

- 		goto fail;

212

-@@ -1401,13 +1400,13 @@

213

- 	iopad->riofd      = rio->fd;

214

- 	iopad->rsrc.rio   = rio;

215

-

216

--	if (!(rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {

217

-+	if (NULL == (rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {

218

- 		msyslog(LOG_ERR, "%s: Failed to allocate device context",

219

- 			msgh);

220

- 		goto fail;

221

- 	}

222

-

223

--	if ( ! (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {

224

-+	if (NULL == (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {

225

- 		msyslog(LOG_ERR, "%: Failed to allocate IO context",

226

- 			msgh);

227

- 		goto fail;

228

-@@ -1594,7 +1593,6 @@

229

- 	static const char * const msg =

230

- 		"OnSocketSend: send to socket failed";

231

-

232

--	IoHndPad_T *	iopad	= NULL;

233

- 	endpt *		ep	= NULL;

234

- 	int		rc;

235

-

236

-@@ -1662,7 +1660,7 @@

237

-

238

- 	INSIST(hndIOCPLPort && hMainRpcDone);

239

- 	if (iopad)

240

--		iocpl_notify(iopad, OnInterfaceDetach, -1);

241

-+		iocpl_notify(iopad, OnInterfaceDetach, (UINT_PTR)-1);

242

- }

243

-

244

- /* --------------------------------------------------------------------

245

-diff -Nru a/sntp/crypto.c b/sntp/crypto.c

246

---- a/sntp/crypto.c	2016-11-23 08:35:18.288128524 +0100

247

-+++ b/sntp/crypto.c	2016-11-23 08:35:18.288128524 +0100

248

-@@ -2,7 +2,7 @@

249

- #include "crypto.h"

250

- #include <ctype.h>

251

- #include "isc/string.h"

252

--#include "libssl_compat.h"

253

-+#include "ntp_md5.h"

254

-

255

- struct key *key_ptr;

256

- size_t key_cnt = 0;

257

-diff -urN ntp-4.2.8p9/include/libssl_compat.h ntp-4.2.8p9_fixed/include/libssl_compat.h

258

---- a/include/libssl_compat.h	2016-11-21 07:28:40.000000000 -0500

259

-+++ b/include/libssl_compat.h	2016-11-23 12:10:33.014148604 -0500

260

-@@ -25,7 +25,7 @@

261

- #include "openssl/rsa.h"

262

-

263

- /* ----------------------------------------------------------------- */

264

--#if OPENSSL_VERSION_NUMBER < 0x10100000L

265

-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER)

266

- /* ----------------------------------------------------------------- */

267

-

268

- # include <openssl/objects.h>

269

270

diff --git a/net-misc/ntp/ntp-4.2.8_p9.ebuild b/net-misc/ntp/ntp-4.2.8_p9.ebuild

271

deleted file mode 100644

272

index 4ff1b7a2eb3..00000000000

273

--- a/net-misc/ntp/ntp-4.2.8_p9.ebuild

274

+++ /dev/null

275

@@ -1,136 +0,0 @@

276

-# Copyright 1999-2017 Gentoo Foundation

277

-# Distributed under the terms of the GNU General Public License v2

278

-

279

-EAPI="5"

280

-

281

-inherit eutils toolchain-funcs flag-o-matic user systemd

282

-

283

-MY_P=${P/_p/p}

284

-DESCRIPTION="Network Time Protocol suite/programs"

285

-HOMEPAGE="http://www.ntp.org/"

286

-SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz

287

-	https://dev.gentoo.org/~polynomial-c/${MY_P}-manpages.tar.xz"

288

-

289

-LICENSE="HPND BSD ISC"

290

-SLOT="0"

291

-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~m68k-mint"

292

-IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf"

293

-

294

-CDEPEND="readline? ( >=sys-libs/readline-4.1:0= )

295

-	>=dev-libs/libevent-2.0.9:=[threads?]

296

-	kernel_linux? ( caps? ( sys-libs/libcap ) )

297

-	zeroconf? ( net-dns/avahi[mdnsresponder-compat] )

298

-	!openntpd? ( !net-misc/openntpd )

299

-	snmp? ( net-analyzer/net-snmp )

300

-	ssl? (

301

-		!libressl? ( dev-libs/openssl:0= )

302

-		libressl? ( dev-libs/libressl )

303

-	)

304

-	parse-clocks? ( net-misc/pps-tools )"

305

-DEPEND="${CDEPEND}

306

-	virtual/pkgconfig"

307

-RDEPEND="${CDEPEND}

308

-	selinux? ( sec-policy/selinux-ntp )

309

-	vim-syntax? ( app-vim/ntp-syntax )"

310

-PDEPEND="openntpd? ( net-misc/openntpd )"

311

-

312

-S=${WORKDIR}/${MY_P}

313

-

314

-PATCHES=(

315

-	"${FILESDIR}"/${PN}-4.2.8-ipc-caps.patch #533966

316

-	"${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922

317

-	"${FILESDIR}"/${P}-fix-build-wo-ssl-or-libressl.patch

318

-)

319

-

320

-pkg_setup() {

321

-	enewgroup ntp 123

322

-	enewuser ntp 123 -1 /dev/null ntp

323

-}

324

-

325

-src_prepare() {

326

-	epatch "${PATCHES[@]}"

327

-	append-cppflags -D_GNU_SOURCE #264109

328

-	# Make sure every build uses the same install layout. #539092

329

-	find sntp/loc/ -type f '!' -name legacy -delete || die

330

-	# Disable pointless checks.

331

-	touch .checkChangeLog .gcc-warning FRC.html html/.datecheck

332

-}

333

-

334

-src_configure() {

335

-	# avoid libmd5/libelf

336

-	export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no

337

-	export ac_cv_lib_elf_nlist=no

338

-	# blah, no real configure options #176333

339

-	export ac_cv_header_dns_sd_h=$(usex zeroconf)

340

-	export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h}

341

-	# Increase the default memlimit from 32MiB to 128MiB.  #533232

342

-	econf \

343

-		--with-lineeditlibs=readline,edit,editline \

344

-		--with-yielding-select \

345

-		--disable-local-libevent \

346

-		--docdir='$(datarootdir)'/doc/${PF} \

347

-		--htmldir='$(docdir)/html' \

348

-		--with-memlock=256 \

349

-		$(use_enable caps linuxcaps) \

350

-		$(use_enable parse-clocks) \

351

-		$(use_enable ipv6) \

352

-		$(use_enable debug debugging) \

353

-		$(use_with readline lineeditlibs readline) \

354

-		$(use_enable samba ntp-signd) \

355

-		$(use_with snmp ntpsnmpd) \

356

-		$(use_with ssl crypto) \

357

-		$(use_enable threads thread-support)

358

-}

359

-

360

-src_install() {

361

-	default

362

-	# move ntpd/ntpdate to sbin #66671

363

-	dodir /usr/sbin

364

-	mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin"

365

-

366

-	dodoc INSTALL WHERE-TO-START

367

-	doman "${WORKDIR}"/man/*.[58]

368

-

369

-	insinto /etc

370

-	doins "${FILESDIR}"/ntp.conf

371

-	use ipv6 || sed -i '/^restrict .*::1/d' "${ED}"/etc/ntp.conf #524726

372

-	newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd

373

-	newconfd "${FILESDIR}"/ntpd.confd ntpd

374

-	newinitd "${FILESDIR}"/ntp-client.rc ntp-client

375

-	newconfd "${FILESDIR}"/ntp-client.confd ntp-client

376

-	newinitd "${FILESDIR}"/sntp.rc sntp

377

-	newconfd "${FILESDIR}"/sntp.confd sntp

378

-	if ! use caps ; then

379

-		sed -i "s|-u ntp:ntp||" "${ED}"/etc/conf.d/ntpd || die

380

-	fi

381

-	sed -i "s:/usr/bin:/usr/sbin:" "${ED}"/etc/init.d/ntpd || die

382

-

383

-	keepdir /var/lib/ntp

384

-	use prefix || fowners ntp:ntp /var/lib/ntp

385

-

386

-	if use openntpd ; then

387

-		cd "${ED}"

388

-		rm usr/sbin/ntpd || die

389

-		rm -r var/lib

390

-		rm etc/{conf,init}.d/ntpd

391

-		rm usr/share/man/*/ntpd.8 || die

392

-	else

393

-		systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service

394

-		use caps && sed -i '/ExecStart/ s|$| -u ntp:ntp|' "${ED}"/usr/lib/systemd/system/ntpd.service

395

-		systemd_enable_ntpunit 60-ntpd ntpd.service

396

-	fi

397

-

398

-	systemd_newunit "${FILESDIR}"/ntpdate.service-r1 ntpdate.service

399

-	systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf

400

-	systemd_newunit "${FILESDIR}"/sntp.service-r2 sntp.service

401

-	systemd_install_serviced "${FILESDIR}"/sntp.service.conf

402

-}

403

-

404

-pkg_postinst() {

405

-	if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then

406

-		eerror "The notrust option was found in your /etc/ntp.conf!"

407

-		ewarn "If your ntpd starts sending out weird responses,"

408

-		ewarn "then make sure you have keys properly setup and see"

409

-		ewarn "https://bugs.gentoo.org/41827"

410

-	fi

411

-}

1	commit: 6d5d02e1341ffa76de4b26a6963d99699afba0c6
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Fri Oct 20 09:05:20 2017 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Fri Oct 20 09:05:20 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d5d02e1
7
8	net-misc/ntp: Security cleanup (bug #613550).
9
10	Package-Manager: Portage-2.3.12, Repoman-2.3.3
11
12	net-misc/ntp/Manifest \| 2 -
13	...ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch \| 236 ---------------------
14	net-misc/ntp/ntp-4.2.8_p9.ebuild \| 136 ------------
15	3 files changed, 374 deletions(-)
16
17	diff --git a/net-misc/ntp/Manifest b/net-misc/ntp/Manifest
18	index 00a743f21e4..f77d8f8a95f 100644
19	--- a/net-misc/ntp/Manifest
20	+++ b/net-misc/ntp/Manifest
21	@@ -1,4 +1,2 @@
22	DIST ntp-4.2.8p10-manpages.tar.xz 25004 SHA256 7d968a7e68e0ce26c56635e452468b3583e2cb8bfcf558127c753c62e31d7007 SHA512 5b31a1429484ad30a35c8fa38157190a66b0983b5bf1a802c0817613901b5e0644941a3f4d5b660fcfe4ca04968766a5981331a6f9353316e7de953e55c33a09 WHIRLPOOL 6f5d593be7003fa9212364c0409f7e1ae7adcd6d1134c6db5bfb92fbbeb181495c3d484ff73bdfe55f231bb323e286ef4e1eb2ba588fcf3acd360ac8bf53b259
23	DIST ntp-4.2.8p10.tar.gz 6998648 SHA256 ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f SHA512 67e01ab533c3dfabb0bdd3ced848bdd239980bde28fdb2791d167b7e9690ab3b3759e1bd99e9fddcce03ddef4cd63a47eb85941bb127ceb79b7ecff22cce9c05 WHIRLPOOL 7a72762d349591808c0f3d4686bbb2fbf60a0915769e77140414795892d6929feb0aae30cf2f2ea1febd3c4fecb9d3d62401e1f66033bb2dc57e3245f41708c8
24	-DIST ntp-4.2.8p9-manpages.tar.xz 24988 SHA256 a7814373e7ceb73a9e426b2e60a9966b6d053f145fd0253bbccf407af9f7ad3f SHA512 23ba80c540d12e78012a448348b94ccb68d0a8078e2e6fe05be58d89aa5e6e31ee8d686920c0f841ad12eade84a081e393885760fdf81bad5c30c76006df0094 WHIRLPOOL 49259ef4bade074bbcb5d87dd21bd93538a3a17405a42e483d10168fd609f908b59c86c73b01d2db2e683ff43fa0fdc0cdf297bfcc452d223dcb78bcef3f46c3
25	-DIST ntp-4.2.8p9.tar.gz 7231884 SHA256 b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72 SHA512 ffd9e34060210d1cfb8ca0d89f2577df1c5fbe3ba63c620cdadc3ccc3c9d07f518783c6b91e57bffc77b08f449fdbab12faf226672ebd2dde5a0b4a783322a04 WHIRLPOOL ea96b106fd06f2b536394ad2a3dcc2a973aa0cec96140a292bc13b6ceb4159208a59b9c51936240c8a44fa7b2caa4be60d07d3c53066ce8588b0561bef64c070
26
27	diff --git a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch b/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch
28	deleted file mode 100644
29	index 5166e5f9a1d..00000000000
30	--- a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch
31	+++ /dev/null
32	@@ -1,236 +0,0 @@
33	-Fix building with libressl or without SSL.
34	-
35	-Origin: http://bugs.ntp.org/attachment.cgi?id=1481
36	-
37	-LibreSSL fix from Joe Kappus (https://bugs.gentoo.org/show_bug.cgi?id=600668#c2)
38	-
39	-diff -Nru a/include/ntp_md5.h b/include/ntp_md5.h
40	---- a/include/ntp_md5.h 2016-11-23 08:35:18.248130387 +0100
41	-+++ b/include/ntp_md5.h 2016-11-23 08:35:18.248130387 +0100
42	-@@ -8,6 +8,7 @@
43	-
44	- #ifdef OPENSSL
45	- # include "openssl/evp.h"
46	-+# include "libssl_compat.h"
47	- #else /* !OPENSSL follows */
48	- /*
49	- * Provide OpenSSL-alike MD5 API if we're not using OpenSSL
50	-@@ -23,6 +24,9 @@
51	- # endif
52	-
53	- typedef MD5_CTX EVP_MD_CTX;
54	-+
55	-+# define EVP_MD_CTX_free(c) free(c)
56	-+# define EVP_MD_CTX_new() calloc(1, sizeof(MD5_CTX))
57	- # define EVP_get_digestbynid(t) NULL
58	- # define EVP_md5() NULL
59	- # define EVP_MD_CTX_init(c)
60	-diff -Nru a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c
61	---- a/libntp/a_md5encrypt.c 2016-11-23 08:35:18.248130387 +0100
62	-+++ b/libntp/a_md5encrypt.c 2016-11-23 08:35:18.248130387 +0100
63	-@@ -11,7 +11,6 @@
64	- #include "ntp.h"
65	- #include "ntp_md5.h" /* provides OpenSSL digest API */
66	- #include "isc/string.h"
67	--#include "libssl_compat.h"
68	- /*
69	- * MD5authencrypt - generate message digest
70	- *
71	-diff -Nru a/libntp/libssl_compat.c b/libntp/libssl_compat.c
72	---- a/libntp/libssl_compat.c 2016-11-23 08:35:18.248130387 +0100
73	-+++ b/libntp/libssl_compat.c 2016-11-23 08:35:18.248130387 +0100
74	-@@ -15,15 +15,18 @@
75	- * ---------------------------------------------------------------------
76	- */
77	- #include "config.h"
78	--
79	--#include <string.h>
80	--#include <openssl/bn.h>
81	--#include <openssl/evp.h>
82	--
83	- #include "ntp_types.h"
84	-
85	- /* ----------------------------------------------------------------- */
86	--#if OPENSSL_VERSION_NUMBER < 0x10100000L
87	-+#ifdef OPENSSL
88	-+# include <string.h>
89	-+# include <openssl/bn.h>
90	-+# include <openssl/evp.h>
91	-+#endif
92	-+/* ----------------------------------------------------------------- */
93	-+
94	-+/* ----------------------------------------------------------------- */
95	-+#if defined(OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined LIBRESSL_VERSION_NUMBER)
96	- /* ----------------------------------------------------------------- */
97	-
98	- #include "libssl_compat.h"
99	-@@ -325,7 +328,7 @@
100	- }
101	-
102	- /* ----------------------------------------------------------------- */
103	--#else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */
104	-+#else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
105	- /* ----------------------------------------------------------------- */
106	-
107	- NONEMPTY_TRANSLATION_UNIT
108	-diff -Nru a/ntpd/ntp_control.c b/ntpd/ntp_control.c
109	---- a/ntpd/ntp_control.c 2016-11-23 08:35:18.256130015 +0100
110	-+++ b/ntpd/ntp_control.c 2016-11-23 08:35:18.260129828 +0100
111	-@@ -33,8 +33,6 @@
112	- # include "ntp_syscall.h"
113	- #endif
114	-
115	--#include "libssl_compat.h"
116	--
117	- /*
118	- * Structure to hold request procedure information
119	- */
120	-@@ -1653,8 +1651,10 @@
121	- }
122	-
123	- /*
124	-- * ctl_putcal - write a decoded calendar data into the response
125	-+ * ctl_putcal - write a decoded calendar data into the response.
126	-+ * only used with AUTOKEY currently, so compiled conditional
127	- */
128	-+#ifdef AUTOKEY
129	- static void
130	- ctl_putcal(
131	- const char *tag,
132	-@@ -1678,6 +1678,7 @@
133	-
134	- return;
135	- }
136	-+#endif
137	-
138	- /*
139	- * ctl_putfs - write a decoded filestamp into the response
140	-@@ -1838,7 +1839,7 @@
141	- char * oplim;
142	- char * iptr;
143	- char * iplim;
144	-- char * past_eq;
145	-+ char * past_eq = NULL;
146	-
147	- optr = output;
148	- oplim = output + sizeof(output);
149	-diff -Nru a/ntpd/ntp_io.c b/ntpd/ntp_io.c
150	---- a/ntpd/ntp_io.c 2016-11-23 08:35:18.268129456 +0100
151	-+++ b/ntpd/ntp_io.c 2016-11-23 08:35:18.272129269 +0100
152	-@@ -516,13 +516,17 @@
153	- /*
154	- * function to dump the contents of the interface structure
155	- * for debugging use only.
156	-+ * We face a dilemma here -- sockets are FDs under POSIX and
157	-+ * actually HANDLES under Windows. So we use '%lld' as format
158	-+ * and cast the value to 'long long'; this should not hurt
159	-+ * with UNIX-like systems and does not truncate values on Win64.
160	- */
161	- void
162	- interface_dump(const endpt *itf)
163	- {
164	- printf("Dumping interface: %p\n", itf);
165	-- printf("fd = %d\n", itf->fd);
166	-- printf("bfd = %d\n", itf->bfd);
167	-+ printf("fd = %lld\n", (long long)itf->fd);
168	-+ printf("bfd = %lld\n", (long long)itf->bfd);
169	- printf("sin = %s,\n", stoa(&itf->sin));
170	- sockaddr_dump(&itf->sin);
171	- printf("bcast = %s,\n", stoa(&itf->bcast));
172	-@@ -570,11 +574,11 @@
173	- static void
174	- print_interface(const endpt iface, const char pfx, const char *sfx)
175	- {
176	-- printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s",
177	-+ printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s",
178	- pfx,
179	- iface->ifnum,
180	-- iface->fd,
181	-- iface->bfd,
182	-+ (long long)iface->fd,
183	-+ (long long)iface->bfd,
184	- iface->name,
185	- iface->flags,
186	- iface->ifindex,
187	-diff -Nru a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
188	---- a/ntpd/ntp_proto.c 2016-11-23 08:35:18.280128897 +0100
189	-+++ b/ntpd/ntp_proto.c 2016-11-23 08:35:18.284128711 +0100
190	-@@ -4054,7 +4054,7 @@
191	- ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,
192	- peer->keynumber));
193	- #else /* !AUTOKEY follows */
194	-- DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %d\n",
195	-+ DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu\n",
196	- current_time, peer->dstadr ?
197	- ntoa(&peer->dstadr->sin) : "-",
198	- ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen));
199	-diff -Nru a/ports/winnt/ntpd/ntp_iocompletionport.c b/ports/winnt/ntpd/ntp_iocompletionport.c
200	---- a/ports/winnt/ntpd/ntp_iocompletionport.c 2016-11-23 08:35:18.288128524 +0100
201	-+++ b/ports/winnt/ntpd/ntp_iocompletionport.c 2016-11-23 08:35:18.288128524 +0100
202	-@@ -1391,8 +1391,7 @@
203	- goto fail;
204	- }
205	-
206	-- ;
207	-- if ( ! (rio->ioreg_ctx = iopad = iohpCreate(rio))) {
208	-+ if (NULL == (rio->ioreg_ctx = iopad = iohpCreate(rio))) {
209	- msyslog(LOG_ERR, "%s: Failed to create shared lock",
210	- msgh);
211	- goto fail;
212	-@@ -1401,13 +1400,13 @@
213	- iopad->riofd = rio->fd;
214	- iopad->rsrc.rio = rio;
215	-
216	-- if (!(rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {
217	-+ if (NULL == (rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {
218	- msyslog(LOG_ERR, "%s: Failed to allocate device context",
219	- msgh);
220	- goto fail;
221	- }
222	-
223	-- if ( ! (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {
224	-+ if (NULL == (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {
225	- msyslog(LOG_ERR, "%: Failed to allocate IO context",
226	- msgh);
227	- goto fail;
228	-@@ -1594,7 +1593,6 @@
229	- static const char * const msg =
230	- "OnSocketSend: send to socket failed";
231	-
232	-- IoHndPad_T * iopad = NULL;
233	- endpt * ep = NULL;
234	- int rc;
235	-
236	-@@ -1662,7 +1660,7 @@
237	-
238	- INSIST(hndIOCPLPort && hMainRpcDone);
239	- if (iopad)
240	-- iocpl_notify(iopad, OnInterfaceDetach, -1);
241	-+ iocpl_notify(iopad, OnInterfaceDetach, (UINT_PTR)-1);
242	- }
243	-
244	- /* --------------------------------------------------------------------
245	-diff -Nru a/sntp/crypto.c b/sntp/crypto.c
246	---- a/sntp/crypto.c 2016-11-23 08:35:18.288128524 +0100
247	-+++ b/sntp/crypto.c 2016-11-23 08:35:18.288128524 +0100
248	-@@ -2,7 +2,7 @@
249	- #include "crypto.h"
250	- #include <ctype.h>
251	- #include "isc/string.h"
252	--#include "libssl_compat.h"
253	-+#include "ntp_md5.h"
254	-
255	- struct key *key_ptr;
256	- size_t key_cnt = 0;
257	-diff -urN ntp-4.2.8p9/include/libssl_compat.h ntp-4.2.8p9_fixed/include/libssl_compat.h
258	---- a/include/libssl_compat.h 2016-11-21 07:28:40.000000000 -0500
259	-+++ b/include/libssl_compat.h 2016-11-23 12:10:33.014148604 -0500
260	-@@ -25,7 +25,7 @@
261	- #include "openssl/rsa.h"
262	-
263	- /* ----------------------------------------------------------------- */
264	--#if OPENSSL_VERSION_NUMBER < 0x10100000L
265	-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined LIBRESSL_VERSION_NUMBER)
266	- /* ----------------------------------------------------------------- */
267	-
268	- # include <openssl/objects.h>
269
270	diff --git a/net-misc/ntp/ntp-4.2.8_p9.ebuild b/net-misc/ntp/ntp-4.2.8_p9.ebuild
271	deleted file mode 100644
272	index 4ff1b7a2eb3..00000000000
273	--- a/net-misc/ntp/ntp-4.2.8_p9.ebuild
274	+++ /dev/null
275	@@ -1,136 +0,0 @@
276	-# Copyright 1999-2017 Gentoo Foundation
277	-# Distributed under the terms of the GNU General Public License v2
278	-
279	-EAPI="5"
280	-
281	-inherit eutils toolchain-funcs flag-o-matic user systemd
282	-
283	-MY_P=${P/_p/p}
284	-DESCRIPTION="Network Time Protocol suite/programs"
285	-HOMEPAGE="http://www.ntp.org/"
286	-SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz
287	- https://dev.gentoo.org/~polynomial-c/${MY_P}-manpages.tar.xz"
288	-
289	-LICENSE="HPND BSD ISC"
290	-SLOT="0"
291	-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~m68k-mint"
292	-IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf"
293	-
294	-CDEPEND="readline? ( >=sys-libs/readline-4.1:0= )
295	- >=dev-libs/libevent-2.0.9:=[threads?]
296	- kernel_linux? ( caps? ( sys-libs/libcap ) )
297	- zeroconf? ( net-dns/avahi[mdnsresponder-compat] )
298	- !openntpd? ( !net-misc/openntpd )
299	- snmp? ( net-analyzer/net-snmp )
300	- ssl? (
301	- !libressl? ( dev-libs/openssl:0= )
302	- libressl? ( dev-libs/libressl )
303	- )
304	- parse-clocks? ( net-misc/pps-tools )"
305	-DEPEND="${CDEPEND}
306	- virtual/pkgconfig"
307	-RDEPEND="${CDEPEND}
308	- selinux? ( sec-policy/selinux-ntp )
309	- vim-syntax? ( app-vim/ntp-syntax )"
310	-PDEPEND="openntpd? ( net-misc/openntpd )"
311	-
312	-S=${WORKDIR}/${MY_P}
313	-
314	-PATCHES=(
315	- "${FILESDIR}"/${PN}-4.2.8-ipc-caps.patch #533966
316	- "${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922
317	- "${FILESDIR}"/${P}-fix-build-wo-ssl-or-libressl.patch
318	-)
319	-
320	-pkg_setup() {
321	- enewgroup ntp 123
322	- enewuser ntp 123 -1 /dev/null ntp
323	-}
324	-
325	-src_prepare() {
326	- epatch "${PATCHES[@]}"
327	- append-cppflags -D_GNU_SOURCE #264109
328	- # Make sure every build uses the same install layout. #539092
329	- find sntp/loc/ -type f '!' -name legacy -delete \|\| die
330	- # Disable pointless checks.
331	- touch .checkChangeLog .gcc-warning FRC.html html/.datecheck
332	-}
333	-
334	-src_configure() {
335	- # avoid libmd5/libelf
336	- export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no
337	- export ac_cv_lib_elf_nlist=no
338	- # blah, no real configure options #176333
339	- export ac_cv_header_dns_sd_h=$(usex zeroconf)
340	- export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h}
341	- # Increase the default memlimit from 32MiB to 128MiB. #533232
342	- econf \
343	- --with-lineeditlibs=readline,edit,editline \
344	- --with-yielding-select \
345	- --disable-local-libevent \
346	- --docdir='$(datarootdir)'/doc/${PF} \
347	- --htmldir='$(docdir)/html' \
348	- --with-memlock=256 \
349	- $(use_enable caps linuxcaps) \
350	- $(use_enable parse-clocks) \
351	- $(use_enable ipv6) \
352	- $(use_enable debug debugging) \
353	- $(use_with readline lineeditlibs readline) \
354	- $(use_enable samba ntp-signd) \
355	- $(use_with snmp ntpsnmpd) \
356	- $(use_with ssl crypto) \
357	- $(use_enable threads thread-support)
358	-}
359	-
360	-src_install() {
361	- default
362	- # move ntpd/ntpdate to sbin #66671
363	- dodir /usr/sbin
364	- mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ \|\| die "move to sbin"
365	-
366	- dodoc INSTALL WHERE-TO-START
367	- doman "${WORKDIR}"/man/*.[58]
368	-
369	- insinto /etc
370	- doins "${FILESDIR}"/ntp.conf
371	- use ipv6 \|\| sed -i '/^restrict .*::1/d' "${ED}"/etc/ntp.conf #524726
372	- newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd
373	- newconfd "${FILESDIR}"/ntpd.confd ntpd
374	- newinitd "${FILESDIR}"/ntp-client.rc ntp-client
375	- newconfd "${FILESDIR}"/ntp-client.confd ntp-client
376	- newinitd "${FILESDIR}"/sntp.rc sntp
377	- newconfd "${FILESDIR}"/sntp.confd sntp
378	- if ! use caps ; then
379	- sed -i "s\|-u ntp:ntp\|\|" "${ED}"/etc/conf.d/ntpd \|\| die
380	- fi
381	- sed -i "s:/usr/bin:/usr/sbin:" "${ED}"/etc/init.d/ntpd \|\| die
382	-
383	- keepdir /var/lib/ntp
384	- use prefix \|\| fowners ntp:ntp /var/lib/ntp
385	-
386	- if use openntpd ; then
387	- cd "${ED}"
388	- rm usr/sbin/ntpd \|\| die
389	- rm -r var/lib
390	- rm etc/{conf,init}.d/ntpd
391	- rm usr/share/man/*/ntpd.8 \|\| die
392	- else
393	- systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service
394	- use caps && sed -i '/ExecStart/ s\|$\| -u ntp:ntp\|' "${ED}"/usr/lib/systemd/system/ntpd.service
395	- systemd_enable_ntpunit 60-ntpd ntpd.service
396	- fi
397	-
398	- systemd_newunit "${FILESDIR}"/ntpdate.service-r1 ntpdate.service
399	- systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf
400	- systemd_newunit "${FILESDIR}"/sntp.service-r2 sntp.service
401	- systemd_install_serviced "${FILESDIR}"/sntp.service.conf
402	-}
403	-
404	-pkg_postinst() {
405	- if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then
406	- eerror "The notrust option was found in your /etc/ntp.conf!"
407	- ewarn "If your ntpd starts sending out weird responses,"
408	- ewarn "then make sure you have keys properly setup and see"
409	- ewarn "https://bugs.gentoo.org/41827"
410	- fi
411	-}

Gentoo Archives: gentoo-commits