Revision bump (bug #290881).

(Portage version: 2.2_rc57/cvs/Linux i686, RepoMan options: --force)
author: Jeroen Roovers <jer@gentoo.org> 2009-12-10 15:08:41 +0000
committer: Jeroen Roovers <jer@gentoo.org> 2009-12-10 15:08:41 +0000
commit: fc30d79f3a1c1919d3af6228b8fca6ce05d6e985 (patch)
tree: 36e66e13985106ff34f1456cc90dad777652c3e6 /net-misc/ntp
parent: x86 stable, bug 292455 (diff)
download: gentoo-2-fc30d79f3a1c1919d3af6228b8fca6ce05d6e985.tar.gz
gentoo-2-fc30d79f3a1c1919d3af6228b8fca6ce05d6e985.tar.bz2
gentoo-2-fc30d79f3a1c1919d3af6228b8fca6ce05d6e985.zip
3 files changed, 185 insertions, 1 deletions
diff --git a/net-misc/ntp/ChangeLog b/net-misc/ntp/ChangeLog
index 5bd503c70b1b..d9b0fb35ce36 100644
--- a/net-misc/ntp/ChangeLog
+++ b/net-misc/ntp/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-misc/ntp
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v 1.151 2009/08/28 21:24:01 betelgeuse Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v 1.152 2009/12/10 15:08:41 jer Exp $
+
+*ntp-4.2.4_p7-r1 (10 Dec 2009)
+
+  10 Dec 2009; Jeroen Roovers <jer@gentoo.org> +ntp-4.2.4_p7-r1.ebuild,
+  +files/ntp-4.2.4_p7-CVE-2009-3563.patch:
+  Revision bump (bug #290881).
 
   28 Aug 2009; Petteri Räty <betelgeuse@gentoo.org> ntp-4.2.4_p6.ebuild,
   ntp-4.2.4_p7.ebuild:
diff --git a/net-misc/ntp/files/ntp-4.2.4_p7-CVE-2009-3563.patch b/net-misc/ntp/files/ntp-4.2.4_p7-CVE-2009-3563.patch
new file mode 100644
index 000000000000..7fdcc336693f
--- /dev/null
+++ b/net-misc/ntp/files/ntp-4.2.4_p7-CVE-2009-3563.patch
@@ -0,0 +1,56 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2009/10/07 01:33:22+00:00 davehart@shiny.ad.hartbrothers.com
+#   [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
+#
+# ChangeLog
+#   2009/10/07 01:33:21+00:00 davehart@shiny.ad.hartbrothers.com +4 -0
+#   [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
+#
+# ntpd/ntp_request.c
+#   2009/10/07 01:33:21+00:00 davehart@shiny.ad.hartbrothers.com +9 -2
+#   [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
+#
+Index: ntp-4.2.4p7/ChangeLog
+===================================================================
+--- ntp-4.2.4p7.orig/ChangeLog
++++ ntp-4.2.4p7/ChangeLog
+@@ -1,4 +1,8 @@
+ ---
++
++* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563.
++
++---
+ (4.2.4p7) 2009/05/18 Released by Harlan Stenn <stenn@ntp.org>
+ 
+ * [Sec 1151] Remote exploit if autokey is enabled - CVE-2009-1252.
+Index: ntp-4.2.4p7/ntpd/ntp_request.c
+===================================================================
+--- ntp-4.2.4p7.orig/ntpd/ntp_request.c
++++ ntp-4.2.4p7/ntpd/ntp_request.c
+@@ -409,6 +409,7 @@ process_private(
+ 	int mod_okay
+ 	)
+ {
++	static u_long quiet_until;
+ 	struct req_pkt *inpkt;
+ 	struct req_pkt_tail *tailinpkt;
+ 	struct sockaddr_storage *srcadr;
+@@ -444,8 +445,14 @@ process_private(
+ 	    || (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0)
+ 	    || (++ec, rbufp->recv_length < REQ_LEN_HDR)
+ 		) {
+-		msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr));
+-		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
++		NLOG(NLOG_SYSEVENT)
++			if (current_time >= quiet_until) {
++				msyslog(LOG_ERR,
++					"process_private: drop test %d"
++					" failed, pkt from %s",
++					ec, stoa(srcadr));
++				quiet_until = current_time + 60;
++			}
+ 		return;
+ 	}
+ 
diff --git a/net-misc/ntp/ntp-4.2.4_p7-r1.ebuild b/net-misc/ntp/ntp-4.2.4_p7-r1.ebuild
new file mode 100644
index 000000000000..515ba37d80fd
--- /dev/null
+++ b/net-misc/ntp/ntp-4.2.4_p7-r1.ebuild
@@ -0,0 +1,122 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ntp-4.2.4_p7-r1.ebuild,v 1.1 2009/12/10 15:08:41 jer Exp $
+
+EAPI="2"
+
+inherit eutils toolchain-funcs flag-o-matic
+
+MY_P=${P/_p/p}
+DESCRIPTION="Network Time Protocol suite/programs"
+HOMEPAGE="http://www.ntp.org/"
+SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz
+	mirror://gentoo/${MY_P}-manpages.tar.bz2"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="caps debug ipv6 openntpd parse-clocks selinux ssl vim-syntax zeroconf"
+
+DEPEND=">=sys-libs/ncurses-5.2
+	>=sys-libs/readline-4.1
+	kernel_linux? ( caps? ( sys-libs/libcap ) )
+	zeroconf? ( || ( net-dns/avahi[mdnsresponder-compat] net-misc/mDNSResponder ) )
+	!openntpd? ( !net-misc/openntpd )
+	ssl? ( dev-libs/openssl )
+	selinux? ( sec-policy/selinux-ntp )"
+RDEPEND="${DEPEND}
+	vim-syntax? ( app-vim/ntp-syntax )"
+PDEPEND="openntpd? ( net-misc/openntpd )"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	enewgroup ntp 123
+	enewuser ntp 123 -1 /dev/null ntp
+}
+
+src_prepare() {
+	# Needs to be ported ...
+	#epatch "${FILESDIR}"/4.2.0.20040617-hostname.patch
+	epatch "${FILESDIR}"/${PN}-4.2.4_p5-adjtimex.patch #254030
+	epatch "${FILESDIR}"/${PN}-4.2.4_p7-nano.patch #270483
+	epatch "${FILESDIR}"/${PN}-4.2.4_p7-CVE-2009-3563.patch #290881
+	append-cppflags -D_GNU_SOURCE #264109
+}
+
+src_configure() {
+	# avoid libmd5/libelf
+	export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no
+	export ac_cv_lib_elf_nlist=no
+	# blah, no real configure options #176333
+	export ac_cv_header_dns_sd_h=$(use zeroconf && echo yes || echo no)
+	export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h}
+	econf \
+		$(use_enable caps linuxcaps) \
+		$(use_enable parse-clocks) \
+		$(use_enable ipv6) \
+		$(use_enable debug debugging) \
+		$(use_with ssl crypto) \
+		|| die
+}
+
+src_install() {
+	emake install DESTDIR="${D}" || die "install failed"
+	# move ntpd/ntpdate to sbin #66671
+	dodir /usr/sbin
+	mv "${D}"/usr/bin/{ntpd,ntpdate} "${D}"/usr/sbin/ || die "move to sbin"
+
+	dodoc ChangeLog INSTALL NEWS README TODO WHERE-TO-START
+	doman "${WORKDIR}"/man/*.[58]
+	dohtml -r html/*
+
+	insinto /usr/share/ntp
+	doins "${FILESDIR}"/ntp.conf
+	cp -r scripts/* "${D}"/usr/share/ntp/ || die
+	fperms -R go-w /usr/share/ntp
+	find "${D}"/usr/share/ntp \
+		'(' \
+		-name '*.in' -o \
+		-name 'Makefile*' -o \
+		-name support \
+		')' \
+		-exec rm -r {} \;
+
+	insinto /etc
+	doins "${FILESDIR}"/ntp.conf
+	newinitd "${FILESDIR}"/ntpd.rc ntpd
+	newconfd "${FILESDIR}"/ntpd.confd ntpd
+	newinitd "${FILESDIR}"/ntp-client.rc ntp-client
+	newconfd "${FILESDIR}"/ntp-client.confd ntp-client
+	use caps || dosed "s|-u ntp:ntp||" /etc/conf.d/ntpd
+	dosed "s:/usr/bin:/usr/sbin:" /etc/init.d/ntpd
+
+	keepdir /var/lib/ntp
+	fowners ntp:ntp /var/lib/ntp
+
+	if use openntpd ; then
+		cd "${D}"
+		rm usr/sbin/ntpd || die
+		rm -r var/lib
+		rm etc/{conf,init}.d/ntpd
+		rm usr/share/man/*/ntpd.8 || die
+	fi
+}
+
+pkg_postinst() {
+	ewarn "You can find an example /etc/ntp.conf in /usr/share/ntp/"
+	ewarn "Review /etc/ntp.conf to setup server info."
+	ewarn "Review /etc/conf.d/ntpd to setup init.d info."
+	echo
+	elog "The way ntp sets and maintains your system time has changed."
+	elog "Now you can use /etc/init.d/ntp-client to set your time at"
+	elog "boot while you can use /etc/init.d/ntpd to maintain your time"
+	elog "while your machine runs"
+	if grep -qs '^[^#].*notrust' "${ROOT}"/etc/ntp.conf ; then
+		echo
+		eerror "The notrust option was found in your /etc/ntp.conf!"
+		ewarn "If your ntpd starts sending out weird responses,"
+		ewarn "then make sure you have keys properly setup and see"
+		ewarn "http://bugs.gentoo.org/41827"
+	fi
+}
author	Jeroen Roovers <jer@gentoo.org>	2009-12-10 15:08:41 +0000
committer	Jeroen Roovers <jer@gentoo.org>	2009-12-10 15:08:41 +0000
commit	fc30d79f3a1c1919d3af6228b8fca6ce05d6e985 (patch)
tree	36e66e13985106ff34f1456cc90dad777652c3e6 /net-misc/ntp
parent	x86 stable, bug 292455 (diff)
download	gentoo-2-fc30d79f3a1c1919d3af6228b8fca6ce05d6e985.tar.gz gentoo-2-fc30d79f3a1c1919d3af6228b8fca6ce05d6e985.tar.bz2 gentoo-2-fc30d79f3a1c1919d3af6228b8fca6ce05d6e985.zip