From 66e3c190a8b2905ee2868e86f9c62e123826213c Mon Sep 17 00:00:00 2001 From: Lars Wendler Date: Mon, 21 Nov 2016 22:09:19 +0100 Subject: net-misc/ntp: Security bump to version 4.2.8_p9 (bug #600430). Package-Manager: portage-2.3.2 --- net-misc/ntp/Manifest | 2 + net-misc/ntp/ntp-4.2.8_p9.ebuild | 136 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 138 insertions(+) create mode 100644 net-misc/ntp/ntp-4.2.8_p9.ebuild (limited to 'net-misc') diff --git a/net-misc/ntp/Manifest b/net-misc/ntp/Manifest index 1b50bf8011cb..45d0062f6fd5 100644 --- a/net-misc/ntp/Manifest +++ b/net-misc/ntp/Manifest @@ -1,2 +1,4 @@ DIST ntp-4.2.8p8-manpages.tar.xz 24992 SHA256 d1c349c970280b2bdb8ba197b1229c0c909a59782b76f3d650a9d2663e8a4d36 SHA512 1a2b71d66ee9e6f03bfbb8f2c4ab1ed30cb2a5a0673e9769749569aa55e8994bacbef399c4b67da265a9673195618df63d84eafbeb37bef30aea302ab99653ef WHIRLPOOL ec62bc2d01c2494727e385fab4dd40581e69806e5ee7b97dd8cb30c44331386c96650358ff09414536d4b74b8178b0e85a3c436673282f228200b9df863c1890 DIST ntp-4.2.8p8.tar.gz 7205710 SHA256 2ab3d0b5f0456e6311dda1cc27ab75da108762773a19e46abd938bd9407b97ee SHA512 253675667f78ad8855e961d02f6a120b68b75233c18ddb92cb6c9510fb3847f1672d0d6f93ad1eb11b14e3bdf78fdbc1458e516d906b763e8599490da6a4f225 WHIRLPOOL cc054a550e59b44428989a183978ea59c7f1bc2ed9514e7d1cf82127f3188f73edb3521ee5b215438368a3c22b8cae09a78174e943195ddd752f0571335adb9e +DIST ntp-4.2.8p9-manpages.tar.xz 24988 SHA256 a7814373e7ceb73a9e426b2e60a9966b6d053f145fd0253bbccf407af9f7ad3f SHA512 23ba80c540d12e78012a448348b94ccb68d0a8078e2e6fe05be58d89aa5e6e31ee8d686920c0f841ad12eade84a081e393885760fdf81bad5c30c76006df0094 WHIRLPOOL 49259ef4bade074bbcb5d87dd21bd93538a3a17405a42e483d10168fd609f908b59c86c73b01d2db2e683ff43fa0fdc0cdf297bfcc452d223dcb78bcef3f46c3 +DIST ntp-4.2.8p9.tar.gz 7231884 SHA256 b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72 SHA512 ffd9e34060210d1cfb8ca0d89f2577df1c5fbe3ba63c620cdadc3ccc3c9d07f518783c6b91e57bffc77b08f449fdbab12faf226672ebd2dde5a0b4a783322a04 WHIRLPOOL ea96b106fd06f2b536394ad2a3dcc2a973aa0cec96140a292bc13b6ceb4159208a59b9c51936240c8a44fa7b2caa4be60d07d3c53066ce8588b0561bef64c070 diff --git a/net-misc/ntp/ntp-4.2.8_p9.ebuild b/net-misc/ntp/ntp-4.2.8_p9.ebuild new file mode 100644 index 000000000000..6a3eab4817fb --- /dev/null +++ b/net-misc/ntp/ntp-4.2.8_p9.ebuild @@ -0,0 +1,136 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" + +inherit eutils toolchain-funcs flag-o-matic user systemd + +MY_P=${P/_p/p} +DESCRIPTION="Network Time Protocol suite/programs" +HOMEPAGE="http://www.ntp.org/" +SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz + https://dev.gentoo.org/~polynomial-c/${MY_P}-manpages.tar.xz" + +LICENSE="HPND BSD ISC" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux ~m68k-mint" +IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf" + +CDEPEND="readline? ( >=sys-libs/readline-4.1:0= ) + >=dev-libs/libevent-2.0.9[threads?] + kernel_linux? ( caps? ( sys-libs/libcap ) ) + zeroconf? ( net-dns/avahi[mdnsresponder-compat] ) + !openntpd? ( !net-misc/openntpd ) + snmp? ( net-analyzer/net-snmp ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl ) + ) + parse-clocks? ( net-misc/pps-tools )" +DEPEND="${CDEPEND} + virtual/pkgconfig" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-ntp ) + vim-syntax? ( app-vim/ntp-syntax )" +PDEPEND="openntpd? ( net-misc/openntpd )" + +S=${WORKDIR}/${MY_P} + +PATCHES=( + "${FILESDIR}"/${PN}-4.2.8-ipc-caps.patch #533966 + "${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922 +) + +pkg_setup() { + enewgroup ntp 123 + enewuser ntp 123 -1 /dev/null ntp +} + +src_prepare() { + epatch "${PATCHES[@]}" + append-cppflags -D_GNU_SOURCE #264109 + # Make sure every build uses the same install layout. #539092 + find sntp/loc/ -type f '!' -name legacy -delete || die + # Disable pointless checks. + touch .checkChangeLog .gcc-warning FRC.html html/.datecheck +} + +src_configure() { + # avoid libmd5/libelf + export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no + export ac_cv_lib_elf_nlist=no + # blah, no real configure options #176333 + export ac_cv_header_dns_sd_h=$(usex zeroconf) + export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h} + # Increase the default memlimit from 32MiB to 128MiB. #533232 + econf \ + --with-lineeditlibs=readline,edit,editline \ + --with-yielding-select \ + --disable-local-libevent \ + --docdir='$(datarootdir)'/doc/${PF} \ + --htmldir='$(docdir)/html' \ + --with-memlock=256 \ + $(use_enable caps linuxcaps) \ + $(use_enable parse-clocks) \ + $(use_enable ipv6) \ + $(use_enable debug debugging) \ + $(use_with readline lineeditlibs readline) \ + $(use_enable samba ntp-signd) \ + $(use_with snmp ntpsnmpd) \ + $(use_with ssl crypto) \ + $(use_enable threads thread-support) +} + +src_install() { + default + # move ntpd/ntpdate to sbin #66671 + dodir /usr/sbin + mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin" + + dodoc INSTALL WHERE-TO-START + doman "${WORKDIR}"/man/*.[58] + + insinto /etc + doins "${FILESDIR}"/ntp.conf + use ipv6 || sed -i '/^restrict .*::1/d' "${ED}"/etc/ntp.conf #524726 + newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd + newconfd "${FILESDIR}"/ntpd.confd ntpd + newinitd "${FILESDIR}"/ntp-client.rc ntp-client + newconfd "${FILESDIR}"/ntp-client.confd ntp-client + newinitd "${FILESDIR}"/sntp.rc sntp + newconfd "${FILESDIR}"/sntp.confd sntp + if ! use caps ; then + sed -i "s|-u ntp:ntp||" "${ED}"/etc/conf.d/ntpd || die + fi + sed -i "s:/usr/bin:/usr/sbin:" "${ED}"/etc/init.d/ntpd || die + + keepdir /var/lib/ntp + use prefix || fowners ntp:ntp /var/lib/ntp + + if use openntpd ; then + cd "${ED}" + rm usr/sbin/ntpd || die + rm -r var/lib + rm etc/{conf,init}.d/ntpd + rm usr/share/man/*/ntpd.8 || die + else + systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service + use caps && sed -i '/ExecStart/ s|$| -u ntp:ntp|' "${ED}"/usr/lib/systemd/system/ntpd.service + systemd_enable_ntpunit 60-ntpd ntpd.service + fi + + systemd_newunit "${FILESDIR}"/ntpdate.service-r1 ntpdate.service + systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf + systemd_newunit "${FILESDIR}"/sntp.service-r2 sntp.service + systemd_install_serviced "${FILESDIR}"/sntp.service.conf +} + +pkg_postinst() { + if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then + eerror "The notrust option was found in your /etc/ntp.conf!" + ewarn "If your ntpd starts sending out weird responses," + ewarn "then make sure you have keys properly setup and see" + ewarn "https://bugs.gentoo.org/41827" + fi +} -- cgit v1.2.3-65-gdbad