net-misc/ntp: Security cleanup (bug #613550).

Package-Manager: Portage-2.3.12, Repoman-2.3.3
author: Lars Wendler <polynomial-c@gentoo.org> 2017-10-20 11:05:20 +0200
committer: Lars Wendler <polynomial-c@gentoo.org> 2017-10-20 11:05:20 +0200
commit: 6d5d02e1341ffa76de4b26a6963d99699afba0c6 (patch)
tree: b40cac060fef32c00912c267c15fd4d20fe87984 /net-misc/ntp
parent: dev-perl/DBIx-Class-UserStamp: Fix missing test dep on DBD-SQLite (diff)
download: gentoo-6d5d02e1341ffa76de4b26a6963d99699afba0c6.tar.gz
gentoo-6d5d02e1341ffa76de4b26a6963d99699afba0c6.tar.bz2
gentoo-6d5d02e1341ffa76de4b26a6963d99699afba0c6.zip
3 files changed, 0 insertions, 374 deletions
diff --git a/net-misc/ntp/Manifest b/net-misc/ntp/Manifest
index 00a743f21e41..f77d8f8a95f1 100644
--- a/net-misc/ntp/Manifest
+++ b/net-misc/ntp/Manifest
@@ -1,4 +1,2 @@
 DIST ntp-4.2.8p10-manpages.tar.xz 25004 SHA256 7d968a7e68e0ce26c56635e452468b3583e2cb8bfcf558127c753c62e31d7007 SHA512 5b31a1429484ad30a35c8fa38157190a66b0983b5bf1a802c0817613901b5e0644941a3f4d5b660fcfe4ca04968766a5981331a6f9353316e7de953e55c33a09 WHIRLPOOL 6f5d593be7003fa9212364c0409f7e1ae7adcd6d1134c6db5bfb92fbbeb181495c3d484ff73bdfe55f231bb323e286ef4e1eb2ba588fcf3acd360ac8bf53b259
 DIST ntp-4.2.8p10.tar.gz 6998648 SHA256 ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f SHA512 67e01ab533c3dfabb0bdd3ced848bdd239980bde28fdb2791d167b7e9690ab3b3759e1bd99e9fddcce03ddef4cd63a47eb85941bb127ceb79b7ecff22cce9c05 WHIRLPOOL 7a72762d349591808c0f3d4686bbb2fbf60a0915769e77140414795892d6929feb0aae30cf2f2ea1febd3c4fecb9d3d62401e1f66033bb2dc57e3245f41708c8
-DIST ntp-4.2.8p9-manpages.tar.xz 24988 SHA256 a7814373e7ceb73a9e426b2e60a9966b6d053f145fd0253bbccf407af9f7ad3f SHA512 23ba80c540d12e78012a448348b94ccb68d0a8078e2e6fe05be58d89aa5e6e31ee8d686920c0f841ad12eade84a081e393885760fdf81bad5c30c76006df0094 WHIRLPOOL 49259ef4bade074bbcb5d87dd21bd93538a3a17405a42e483d10168fd609f908b59c86c73b01d2db2e683ff43fa0fdc0cdf297bfcc452d223dcb78bcef3f46c3
-DIST ntp-4.2.8p9.tar.gz 7231884 SHA256 b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72 SHA512 ffd9e34060210d1cfb8ca0d89f2577df1c5fbe3ba63c620cdadc3ccc3c9d07f518783c6b91e57bffc77b08f449fdbab12faf226672ebd2dde5a0b4a783322a04 WHIRLPOOL ea96b106fd06f2b536394ad2a3dcc2a973aa0cec96140a292bc13b6ceb4159208a59b9c51936240c8a44fa7b2caa4be60d07d3c53066ce8588b0561bef64c070
diff --git a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch b/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch
deleted file mode 100644
index 5166e5f9a1d0..000000000000
--- a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch
+++ /dev/null
@@ -1,236 +0,0 @@
-Fix building with libressl or without SSL.
-
-Origin: http://bugs.ntp.org/attachment.cgi?id=1481
-
-LibreSSL fix from Joe Kappus (https://bugs.gentoo.org/show_bug.cgi?id=600668#c2)
-
-diff -Nru a/include/ntp_md5.h b/include/ntp_md5.h
---- a/include/ntp_md5.h	2016-11-23 08:35:18.248130387 +0100
-+++ b/include/ntp_md5.h	2016-11-23 08:35:18.248130387 +0100
-@@ -8,6 +8,7 @@
- 
- #ifdef OPENSSL
- # include "openssl/evp.h"
-+# include "libssl_compat.h"
- #else	/* !OPENSSL follows */
- /*
-  * Provide OpenSSL-alike MD5 API if we're not using OpenSSL
-@@ -23,6 +24,9 @@
- # endif
- 
-   typedef MD5_CTX			EVP_MD_CTX;
-+
-+# define EVP_MD_CTX_free(c)		free(c)
-+# define EVP_MD_CTX_new()		calloc(1, sizeof(MD5_CTX))
- # define EVP_get_digestbynid(t)		NULL
- # define EVP_md5()			NULL
- # define EVP_MD_CTX_init(c)
-diff -Nru a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c
---- a/libntp/a_md5encrypt.c	2016-11-23 08:35:18.248130387 +0100
-+++ b/libntp/a_md5encrypt.c	2016-11-23 08:35:18.248130387 +0100
-@@ -11,7 +11,6 @@
- #include "ntp.h"
- #include "ntp_md5.h"	/* provides OpenSSL digest API */
- #include "isc/string.h"
--#include "libssl_compat.h"
- /*
-  * MD5authencrypt - generate message digest
-  *
-diff -Nru a/libntp/libssl_compat.c b/libntp/libssl_compat.c
---- a/libntp/libssl_compat.c	2016-11-23 08:35:18.248130387 +0100
-+++ b/libntp/libssl_compat.c	2016-11-23 08:35:18.248130387 +0100
-@@ -15,15 +15,18 @@
-  * ---------------------------------------------------------------------
-  */
- #include "config.h"
--
--#include <string.h>
--#include <openssl/bn.h>
--#include <openssl/evp.h>
--
- #include "ntp_types.h"
- 
- /* ----------------------------------------------------------------- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#ifdef OPENSSL
-+# include <string.h>
-+# include <openssl/bn.h>
-+# include <openssl/evp.h>
-+#endif
-+/* ----------------------------------------------------------------- */
-+
-+/* ----------------------------------------------------------------- */
-+#if defined(OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER)
- /* ----------------------------------------------------------------- */
- 
- #include "libssl_compat.h"
-@@ -325,7 +328,7 @@
- }
- 
- /* ----------------------------------------------------------------- */
--#else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */
-+#else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
- /* ----------------------------------------------------------------- */
- 
- NONEMPTY_TRANSLATION_UNIT
-diff -Nru a/ntpd/ntp_control.c b/ntpd/ntp_control.c
---- a/ntpd/ntp_control.c	2016-11-23 08:35:18.256130015 +0100
-+++ b/ntpd/ntp_control.c	2016-11-23 08:35:18.260129828 +0100
-@@ -33,8 +33,6 @@
- # include "ntp_syscall.h"
- #endif
- 
--#include "libssl_compat.h"
--
- /*
-  * Structure to hold request procedure information
-  */
-@@ -1653,8 +1651,10 @@
- }
- 
- /*
-- * ctl_putcal - write a decoded calendar data into the response
-+ * ctl_putcal - write a decoded calendar data into the response.
-+ * only used with AUTOKEY currently, so compiled conditional
-  */
-+#ifdef AUTOKEY
- static void
- ctl_putcal(
- 	const char *tag,
-@@ -1678,6 +1678,7 @@
- 
- 	return;
- }
-+#endif
- 
- /*
-  * ctl_putfs - write a decoded filestamp into the response
-@@ -1838,7 +1839,7 @@
- 	char *	oplim;
- 	char *	iptr;
- 	char *	iplim;
--	char *	past_eq;
-+	char *	past_eq = NULL;
- 
- 	optr = output;
- 	oplim = output + sizeof(output);
-diff -Nru a/ntpd/ntp_io.c b/ntpd/ntp_io.c
---- a/ntpd/ntp_io.c	2016-11-23 08:35:18.268129456 +0100
-+++ b/ntpd/ntp_io.c	2016-11-23 08:35:18.272129269 +0100
-@@ -516,13 +516,17 @@
- /*
-  * function to dump the contents of the interface structure
-  * for debugging use only.
-+ * We face a dilemma here -- sockets are FDs under POSIX and
-+ * actually HANDLES under Windows. So we use '%lld' as format
-+ * and cast the value to 'long long'; this should not hurt
-+ * with UNIX-like systems and does not truncate values on Win64.
-  */
- void
- interface_dump(const endpt *itf)
- {
- 	printf("Dumping interface: %p\n", itf);
--	printf("fd = %d\n", itf->fd);
--	printf("bfd = %d\n", itf->bfd);
-+	printf("fd = %lld\n", (long long)itf->fd);
-+	printf("bfd = %lld\n", (long long)itf->bfd);
- 	printf("sin = %s,\n", stoa(&itf->sin));
- 	sockaddr_dump(&itf->sin);
- 	printf("bcast = %s,\n", stoa(&itf->bcast));
-@@ -570,11 +574,11 @@
- static void
- print_interface(const endpt *iface, const char *pfx, const char *sfx)
- {
--	printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s",
-+	printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s",
- 	       pfx,
- 	       iface->ifnum,
--	       iface->fd,
--	       iface->bfd,
-+	       (long long)iface->fd,
-+	       (long long)iface->bfd,
- 	       iface->name,
- 	       iface->flags,
- 	       iface->ifindex,
-diff -Nru a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
---- a/ntpd/ntp_proto.c	2016-11-23 08:35:18.280128897 +0100
-+++ b/ntpd/ntp_proto.c	2016-11-23 08:35:18.284128711 +0100
-@@ -4054,7 +4054,7 @@
- 		    ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,
- 		    peer->keynumber));
- #else	/* !AUTOKEY follows */
--	DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %d\n",
-+	DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu\n",
- 		    current_time, peer->dstadr ?
- 		    ntoa(&peer->dstadr->sin) : "-",
- 		    ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen));
-diff -Nru a/ports/winnt/ntpd/ntp_iocompletionport.c b/ports/winnt/ntpd/ntp_iocompletionport.c
---- a/ports/winnt/ntpd/ntp_iocompletionport.c	2016-11-23 08:35:18.288128524 +0100
-+++ b/ports/winnt/ntpd/ntp_iocompletionport.c	2016-11-23 08:35:18.288128524 +0100
-@@ -1391,8 +1391,7 @@
- 		goto fail;
- 	}
- 
--	;
--	if ( ! (rio->ioreg_ctx = iopad = iohpCreate(rio))) {
-+	if (NULL == (rio->ioreg_ctx = iopad = iohpCreate(rio))) {
- 		msyslog(LOG_ERR, "%s: Failed to create shared lock",
- 			msgh);
- 		goto fail;
-@@ -1401,13 +1400,13 @@
- 	iopad->riofd      = rio->fd;
- 	iopad->rsrc.rio   = rio;
- 
--	if (!(rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {
-+	if (NULL == (rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {
- 		msyslog(LOG_ERR, "%s: Failed to allocate device context",
- 			msgh);
- 		goto fail;
- 	}
- 
--	if ( ! (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {
-+	if (NULL == (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {
- 		msyslog(LOG_ERR, "%: Failed to allocate IO context",
- 			msgh);
- 		goto fail;
-@@ -1594,7 +1593,6 @@
- 	static const char * const msg =
- 		"OnSocketSend: send to socket failed";
- 
--	IoHndPad_T *	iopad	= NULL;
- 	endpt *		ep	= NULL;
- 	int		rc;
- 
-@@ -1662,7 +1660,7 @@
- 
- 	INSIST(hndIOCPLPort && hMainRpcDone);
- 	if (iopad)
--		iocpl_notify(iopad, OnInterfaceDetach, -1);
-+		iocpl_notify(iopad, OnInterfaceDetach, (UINT_PTR)-1);
- }
- 
- /* --------------------------------------------------------------------
-diff -Nru a/sntp/crypto.c b/sntp/crypto.c
---- a/sntp/crypto.c	2016-11-23 08:35:18.288128524 +0100
-+++ b/sntp/crypto.c	2016-11-23 08:35:18.288128524 +0100
-@@ -2,7 +2,7 @@
- #include "crypto.h"
- #include <ctype.h>
- #include "isc/string.h"
--#include "libssl_compat.h"
-+#include "ntp_md5.h"
- 
- struct key *key_ptr;
- size_t key_cnt = 0;
-diff -urN ntp-4.2.8p9/include/libssl_compat.h ntp-4.2.8p9_fixed/include/libssl_compat.h
---- a/include/libssl_compat.h	2016-11-21 07:28:40.000000000 -0500
-+++ b/include/libssl_compat.h	2016-11-23 12:10:33.014148604 -0500
-@@ -25,7 +25,7 @@
- #include "openssl/rsa.h"
- 
- /* ----------------------------------------------------------------- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER)
- /* ----------------------------------------------------------------- */
- 
- # include <openssl/objects.h>
diff --git a/net-misc/ntp/ntp-4.2.8_p9.ebuild b/net-misc/ntp/ntp-4.2.8_p9.ebuild
deleted file mode 100644
index 4ff1b7a2eb34..000000000000
--- a/net-misc/ntp/ntp-4.2.8_p9.ebuild
+++ /dev/null
@@ -1,136 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-inherit eutils toolchain-funcs flag-o-matic user systemd
-
-MY_P=${P/_p/p}
-DESCRIPTION="Network Time Protocol suite/programs"
-HOMEPAGE="http://www.ntp.org/"
-SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz
-	https://dev.gentoo.org/~polynomial-c/${MY_P}-manpages.tar.xz"
-
-LICENSE="HPND BSD ISC"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~m68k-mint"
-IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf"
-
-CDEPEND="readline? ( >=sys-libs/readline-4.1:0= )
-	>=dev-libs/libevent-2.0.9:=[threads?]
-	kernel_linux? ( caps? ( sys-libs/libcap ) )
-	zeroconf? ( net-dns/avahi[mdnsresponder-compat] )
-	!openntpd? ( !net-misc/openntpd )
-	snmp? ( net-analyzer/net-snmp )
-	ssl? (
-		!libressl? ( dev-libs/openssl:0= )
-		libressl? ( dev-libs/libressl )
-	)
-	parse-clocks? ( net-misc/pps-tools )"
-DEPEND="${CDEPEND}
-	virtual/pkgconfig"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-ntp )
-	vim-syntax? ( app-vim/ntp-syntax )"
-PDEPEND="openntpd? ( net-misc/openntpd )"
-
-S=${WORKDIR}/${MY_P}
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-4.2.8-ipc-caps.patch #533966
-	"${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922
-	"${FILESDIR}"/${P}-fix-build-wo-ssl-or-libressl.patch
-)
-
-pkg_setup() {
-	enewgroup ntp 123
-	enewuser ntp 123 -1 /dev/null ntp
-}
-
-src_prepare() {
-	epatch "${PATCHES[@]}"
-	append-cppflags -D_GNU_SOURCE #264109
-	# Make sure every build uses the same install layout. #539092
-	find sntp/loc/ -type f '!' -name legacy -delete || die
-	# Disable pointless checks.
-	touch .checkChangeLog .gcc-warning FRC.html html/.datecheck
-}
-
-src_configure() {
-	# avoid libmd5/libelf
-	export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no
-	export ac_cv_lib_elf_nlist=no
-	# blah, no real configure options #176333
-	export ac_cv_header_dns_sd_h=$(usex zeroconf)
-	export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h}
-	# Increase the default memlimit from 32MiB to 128MiB.  #533232
-	econf \
-		--with-lineeditlibs=readline,edit,editline \
-		--with-yielding-select \
-		--disable-local-libevent \
-		--docdir='$(datarootdir)'/doc/${PF} \
-		--htmldir='$(docdir)/html' \
-		--with-memlock=256 \
-		$(use_enable caps linuxcaps) \
-		$(use_enable parse-clocks) \
-		$(use_enable ipv6) \
-		$(use_enable debug debugging) \
-		$(use_with readline lineeditlibs readline) \
-		$(use_enable samba ntp-signd) \
-		$(use_with snmp ntpsnmpd) \
-		$(use_with ssl crypto) \
-		$(use_enable threads thread-support)
-}
-
-src_install() {
-	default
-	# move ntpd/ntpdate to sbin #66671
-	dodir /usr/sbin
-	mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin"
-
-	dodoc INSTALL WHERE-TO-START
-	doman "${WORKDIR}"/man/*.[58]
-
-	insinto /etc
-	doins "${FILESDIR}"/ntp.conf
-	use ipv6 || sed -i '/^restrict .*::1/d' "${ED}"/etc/ntp.conf #524726
-	newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd
-	newconfd "${FILESDIR}"/ntpd.confd ntpd
-	newinitd "${FILESDIR}"/ntp-client.rc ntp-client
-	newconfd "${FILESDIR}"/ntp-client.confd ntp-client
-	newinitd "${FILESDIR}"/sntp.rc sntp
-	newconfd "${FILESDIR}"/sntp.confd sntp
-	if ! use caps ; then
-		sed -i "s|-u ntp:ntp||" "${ED}"/etc/conf.d/ntpd || die
-	fi
-	sed -i "s:/usr/bin:/usr/sbin:" "${ED}"/etc/init.d/ntpd || die
-
-	keepdir /var/lib/ntp
-	use prefix || fowners ntp:ntp /var/lib/ntp
-
-	if use openntpd ; then
-		cd "${ED}"
-		rm usr/sbin/ntpd || die
-		rm -r var/lib
-		rm etc/{conf,init}.d/ntpd
-		rm usr/share/man/*/ntpd.8 || die
-	else
-		systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service
-		use caps && sed -i '/ExecStart/ s|$| -u ntp:ntp|' "${ED}"/usr/lib/systemd/system/ntpd.service
-		systemd_enable_ntpunit 60-ntpd ntpd.service
-	fi
-
-	systemd_newunit "${FILESDIR}"/ntpdate.service-r1 ntpdate.service
-	systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf
-	systemd_newunit "${FILESDIR}"/sntp.service-r2 sntp.service
-	systemd_install_serviced "${FILESDIR}"/sntp.service.conf
-}
-
-pkg_postinst() {
-	if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then
-		eerror "The notrust option was found in your /etc/ntp.conf!"
-		ewarn "If your ntpd starts sending out weird responses,"
-		ewarn "then make sure you have keys properly setup and see"
-		ewarn "https://bugs.gentoo.org/41827"
-	fi
-}
author	Lars Wendler <polynomial-c@gentoo.org>	2017-10-20 11:05:20 +0200
committer	Lars Wendler <polynomial-c@gentoo.org>	2017-10-20 11:05:20 +0200
commit	6d5d02e1341ffa76de4b26a6963d99699afba0c6 (patch)
tree	b40cac060fef32c00912c267c15fd4d20fe87984 /net-misc/ntp
parent	dev-perl/DBIx-Class-UserStamp: Fix missing test dep on DBD-SQLite (diff)
download	gentoo-6d5d02e1341ffa76de4b26a6963d99699afba0c6.tar.gz gentoo-6d5d02e1341ffa76de4b26a6963d99699afba0c6.tar.bz2 gentoo-6d5d02e1341ffa76de4b26a6963d99699afba0c6.zip