commit: 2c65d47e903eb2c2b3792563530b12b2321bdc38 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Mon Jul 27 18:56:04 2020 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Mon Jul 27 19:02:30 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c65d47e
net-misc/ntp: Security cleanup Bug: https://bugs.gentoo.org/729458 Package-Manager: Portage-3.0.1, Repoman-2.3.23 Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org> net-misc/ntp/Manifest | 2 - .../ntp/files/ntp-4.2.8-gcc10-fno-common.patch | 22 ---- net-misc/ntp/ntp-4.2.8_p14-r2.ebuild | 145 --------------------- 3 files changed, 169 deletions(-) diff --git a/net-misc/ntp/Manifest b/net-misc/ntp/Manifest index 745c406ddbe..c61825354c7 100644 --- a/net-misc/ntp/Manifest +++ b/net-misc/ntp/Manifest @@ -1,4 +1,2 @@ -DIST ntp-4.2.8p14-manpages.tar.xz 25720 BLAKE2B fbb7342729155be6863962136a779b338a5a24be5ba95893260c4308e48afc7364630da726d19077a50a607c3a1ac545b76fa6250ac21d18ed08a345624cd65c SHA512 6efeef479b24841dca1db09fbb6e8469cb32ecb3f84f55ac38cc1dbe5fe6354a0842649755bcf7e2cc6151c05d65ffa5445f1fc34a003f6d3df08ec9dbcbe6d1 -DIST ntp-4.2.8p14.tar.gz 7007263 BLAKE2B addcf94b58ea1938914115b662b4aa071586f1ff2cb66823c85fa92d4097c8fe5ce8583a7fae6dd4f7d8ff433348f1eff740bbeb210a1c08d322fc9076a84847 SHA512 b0183b4b2f2c6ea0a49d0aca1fa28a7b5cd21e20696a2f633f5afa37c4ea2c59fa7769af82a55c626db49b9eb5a531608710dc1977c4d518583577ef95940ae8 DIST ntp-4.2.8p15-manpages.tar.xz 25700 BLAKE2B 6a225bc19dcebee31cb8e0d621963863d567a882655b57be8b65a16f9d3dd138787c7c6b9ff08853306f2e9b11d65cb76e3215cc5b2262a91c411d437974fc18 SHA512 21721550864b4e7e91bf20ca894109253439b737799dfc803e1496b3454199f34646f40e0156c08a39d5914e5a92f35908cec0245e1e2627c75c0e64939ba028 DIST ntp-4.2.8p15.tar.gz 7015970 BLAKE2B 5697d6623d79686f9ca9ad907172bf942383067d1e9817117d20db042e9f7410644f236f1a0d77ab6bf6ec468476e12ea65b494a28f0dd8674bf08fc8875cfef SHA512 f5ad765e45fc302263dd40e94c287698fd235b94f3684e49f1d5d09d7d8bdd6b8c0fb96ecdabffea3d233e1e79b3c9687b76dc204ba76bad3f554682f4a97794 diff --git a/net-misc/ntp/files/ntp-4.2.8-gcc10-fno-common.patch b/net-misc/ntp/files/ntp-4.2.8-gcc10-fno-common.patch deleted file mode 100644 index d2ed719d8ff..00000000000 --- a/net-misc/ntp/files/ntp-4.2.8-gcc10-fno-common.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- ntp-4.2.8p14/include/ntp_config.h.psl -+++ ntp-4.2.8p14/include/ntp_config.h -@@ -280,7 +280,7 @@ typedef struct settrap_parms_tag { - * Poll Skew List - */ - --psl_item psl[17-3+1]; /* values for polls 3-17 */ -+extern psl_item psl[17-3+1]; /* values for polls 3-17 */ - /* To simplify the runtime code we */ - /* don't want to have to special-case */ - /* dealing with a default */ ---- ntp-4.2.8p14/ntpd/ntp_config.c.psl -+++ ntp-4.2.8p14/ntpd/ntp_config.c -@@ -202,6 +202,8 @@ int cryptosw; /* crypto command called - - extern char *stats_drift_file; /* name of the driftfile */ - -+psl_item psl[17-3+1]; /* values for polls 3-17 */ -+ - #ifdef BC_LIST_FRAMEWORK_NOT_YET_USED - /* - * backwards compatibility flags diff --git a/net-misc/ntp/ntp-4.2.8_p14-r2.ebuild b/net-misc/ntp/ntp-4.2.8_p14-r2.ebuild deleted file mode 100644 index 2b72249e997..00000000000 --- a/net-misc/ntp/ntp-4.2.8_p14-r2.ebuild +++ /dev/null @@ -1,145 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools toolchain-funcs flag-o-matic systemd - -MY_P=${P/_p/p} -DESCRIPTION="Network Time Protocol suite/programs" -HOMEPAGE="http://www.ntp.org/"; -SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz - https://dev.gentoo.org/~polynomial-c/${MY_P}-manpages.tar.xz"; - -LICENSE="HPND BSD ISC" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux ~m68k-mint" -IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf" - -COMMON_DEPEND="readline? ( >=sys-libs/readline-4.1:0= ) - >=dev-libs/libevent-2.0.9:=[threads?] - kernel_linux? ( caps? ( sys-libs/libcap ) ) - zeroconf? ( net-dns/avahi[mdnsresponder-compat] ) - snmp? ( net-analyzer/net-snmp ) - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:0= ) - ) - parse-clocks? ( net-misc/pps-tools )" -BDEPEND="virtual/pkgconfig - acct-group/ntp - acct-user/ntp" -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND} - acct-group/ntp - acct-user/ntp - selinux? ( sec-policy/selinux-ntp ) - vim-syntax? ( app-vim/ntp-syntax ) - !net-misc/ntpsec - !openntpd? ( !net-misc/openntpd ) -" -PDEPEND="openntpd? ( net-misc/openntpd )" - -S="${WORKDIR}/${MY_P}" - -PATCHES=( - "${FILESDIR}"/${PN}-4.2.8-ipc-caps.patch #533966 - "${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922 - "${FILESDIR}"/${PN}-4.2.8_p10-fix-build-wo-ssl-or-libressl.patch - "${FILESDIR}"/${PN}-4.2.8_p12-libressl-2.8.patch - "${FILESDIR}"/${PN}-4.2.8_p14-add_cap_ipc_lock.patch #711530 - "${FILESDIR}"/${PN}-4.2.8-gcc10-fno-common.patch -) - -src_prepare() { - default - append-cppflags -D_GNU_SOURCE #264109 - # Make sure every build uses the same install layout. #539092 - find sntp/loc/ -type f '!' -name legacy -delete || die - eautoreconf #622754 - # Disable pointless checks. - touch .checkChangeLog .gcc-warning FRC.html html/.datecheck -} - -src_configure() { - # avoid libmd5/libelf - export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no - export ac_cv_lib_elf_nlist=no - # blah, no real configure options #176333 - export ac_cv_header_dns_sd_h=$(usex zeroconf) - export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h} - # Increase the default memlimit from 32MiB to 128MiB. #533232 - local myeconfargs=( - --with-lineeditlibs=readline,edit,editline - --with-yielding-select - --disable-local-libevent - --with-memlock=256 - $(use_enable caps linuxcaps) - $(use_enable parse-clocks) - $(use_enable ipv6) - $(use_enable debug debugging) - $(use_with readline lineeditlibs readline) - $(use_enable samba ntp-signd) - $(use_with snmp ntpsnmpd) - $(use_with ssl crypto) - $(use_enable threads thread-support) - ) - econf "${myeconfargs[@]}" -} - -src_install() { - default - # move ntpd/ntpdate to sbin #66671 - dodir /usr/sbin - mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin" - - dodoc INSTALL WHERE-TO-START - doman "${WORKDIR}"/man/*.[58] - - insinto /etc - doins "${FILESDIR}"/ntp.conf - use ipv6 || sed -i '/^restrict .*::1/d' "${ED}"/etc/ntp.conf #524726 - newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd - newconfd "${FILESDIR}"/ntpd.confd ntpd - newinitd "${FILESDIR}"/ntp-client.rc ntp-client - newconfd "${FILESDIR}"/ntp-client.confd ntp-client - newinitd "${FILESDIR}"/sntp.rc sntp - newconfd "${FILESDIR}"/sntp.confd sntp - if ! use caps ; then - sed -i "s|-u ntp:ntp||" "${ED}"/etc/conf.d/ntpd || die - fi - sed -i "s:/usr/bin:/usr/sbin:" "${ED}"/etc/init.d/ntpd || die - - keepdir /var/lib/ntp - use prefix || fowners ntp:ntp /var/lib/ntp - - if use openntpd ; then - cd "${ED}" || die - rm usr/sbin/ntpd || die - rm -r var/lib || die - rm etc/{conf,init}.d/ntpd || die - rm usr/share/man/*/ntpd.8 || die - else - systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service - if use caps ; then - sed -i '/ExecStart/ s|$| -u ntp:ntp|' \ - "${D}$(systemd_get_systemunitdir)"/ntpd.service \ - || die - fi - systemd_enable_ntpunit 60-ntpd ntpd.service - fi - - systemd_newunit "${FILESDIR}"/ntpdate.service-r2 ntpdate.service - systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf - systemd_newunit "${FILESDIR}"/sntp.service-r3 sntp.service - systemd_install_serviced "${FILESDIR}"/sntp.service.conf -} - -pkg_postinst() { - if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then - eerror "The notrust option was found in your /etc/ntp.conf!" - ewarn "If your ntpd starts sending out weird responses," - ewarn "then make sure you have keys properly setup and see" - ewarn "https://bugs.gentoo.org/41827"; - fi -}
