diff options
author | Mike Frysinger <vapier@gentoo.org> | 2005-08-25 22:10:40 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2005-08-25 22:10:40 +0000 |
commit | d248db1bd4b9b4d8e96d1d0ddb5dafe401d1f908 (patch) | |
tree | 9f774ff32e3badfa431e6fac83f0d5c8e06fbf15 /net-misc/ntp | |
parent | Version bump to 2.0.8; sparc support by gustavoz. 2.0.7 stable on x86. (diff) | |
download | gentoo-2-d248db1bd4b9b4d8e96d1d0ddb5dafe401d1f908.tar.gz gentoo-2-d248db1bd4b9b4d8e96d1d0ddb5dafe401d1f908.tar.bz2 gentoo-2-d248db1bd4b9b4d8e96d1d0ddb5dafe401d1f908.zip |
Fix security issue where ntpd assigns the wrong group #103719.
(Portage version: 2.0.51.22-r2)
Diffstat (limited to 'net-misc/ntp')
-rw-r--r-- | net-misc/ntp/ChangeLog | 10 | ||||
-rw-r--r-- | net-misc/ntp/files/digest-ntp-4.2.0.20040617-r3 | 2 | ||||
-rw-r--r-- | net-misc/ntp/files/digest-ntp-4.2.0.20050303-r1 | 2 | ||||
-rw-r--r-- | net-misc/ntp/files/ntp-4.2.0-ntpd-using-wrong-group.patch | 14 | ||||
-rw-r--r-- | net-misc/ntp/ntp-4.2.0-r2.ebuild | 25 | ||||
-rw-r--r-- | net-misc/ntp/ntp-4.2.0.20040617-r3.ebuild | 148 | ||||
-rw-r--r-- | net-misc/ntp/ntp-4.2.0.20050303-r1.ebuild | 147 |
7 files changed, 335 insertions, 13 deletions
diff --git a/net-misc/ntp/ChangeLog b/net-misc/ntp/ChangeLog index 1c25c6b65b85..30a7533ebf97 100644 --- a/net-misc/ntp/ChangeLog +++ b/net-misc/ntp/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for net-misc/ntp # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v 1.67 2005/08/20 04:10:15 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v 1.68 2005/08/25 22:10:40 vapier Exp $ + +*ntp-4.2.0.20050303-r1 (25 Aug 2005) +*ntp-4.2.0.20040617-r3 (25 Aug 2005) + + 25 Aug 2005; Mike Frysinger <vapier@gentoo.org> + +files/ntp-4.2.0-ntpd-using-wrong-group.patch, ntp-4.2.0-r2.ebuild, + +ntp-4.2.0.20040617-r3.ebuild, +ntp-4.2.0.20050303-r1.ebuild: + Fix security issue where ntpd assigns the wrong group #103719. 20 Aug 2005; Mike Frysinger <vapier@gentoo.org> files/ntpd.rc: Pass --exec to ssd when stopping so we kill the right process #82859 by diff --git a/net-misc/ntp/files/digest-ntp-4.2.0.20040617-r3 b/net-misc/ntp/files/digest-ntp-4.2.0.20040617-r3 new file mode 100644 index 000000000000..1fec3109247e --- /dev/null +++ b/net-misc/ntp/files/digest-ntp-4.2.0.20040617-r3 @@ -0,0 +1,2 @@ +MD5 d0554ae42164bcda990e6318648a7c58 ntp-stable-4.2.0a-20040617.tar.gz 2435648 +MD5 0f2d809eb4a360dd4479b00cfd95bc4e ntp-stable-4.2.0a-20040617-manpages.tar.bz2 25346 diff --git a/net-misc/ntp/files/digest-ntp-4.2.0.20050303-r1 b/net-misc/ntp/files/digest-ntp-4.2.0.20050303-r1 new file mode 100644 index 000000000000..60bb48950e2c --- /dev/null +++ b/net-misc/ntp/files/digest-ntp-4.2.0.20050303-r1 @@ -0,0 +1,2 @@ +MD5 20b8d0616b637b8584147db39a754326 ntp-stable-4.2.0a-20050303.tar.gz 2446073 +MD5 d3a5a6185ef5ed71d2fa8e06598fc28f ntp-stable-4.2.0a-20050303-manpages.tar.bz2 25360 diff --git a/net-misc/ntp/files/ntp-4.2.0-ntpd-using-wrong-group.patch b/net-misc/ntp/files/ntp-4.2.0-ntpd-using-wrong-group.patch new file mode 100644 index 000000000000..c5865753858f --- /dev/null +++ b/net-misc/ntp/files/ntp-4.2.0-ntpd-using-wrong-group.patch @@ -0,0 +1,14 @@ +http://bugs.gentoo.org/103719 +https://ntp.isc.org/bugs/show_bug.cgi?id=392 + +--- ntpd/ntpd.c ++++ ntpd/ntpd.c +@@ -881,7 +881,7 @@ + } else { + getgroup: + if ((gr = getgrnam(group)) != NULL) { +- sw_gid = pw->pw_gid; ++ sw_gid = gr->gr_gid; + } else { + errno = 0; + msyslog(LOG_ERR, "Cannot find group `%s'", group); diff --git a/net-misc/ntp/ntp-4.2.0-r2.ebuild b/net-misc/ntp/ntp-4.2.0-r2.ebuild index 21e16872b79f..b637edc5fd7b 100644 --- a/net-misc/ntp/ntp-4.2.0-r2.ebuild +++ b/net-misc/ntp/ntp-4.2.0-r2.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ntp-4.2.0-r2.ebuild,v 1.24 2005/07/20 22:38:40 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ntp-4.2.0-r2.ebuild,v 1.25 2005/08/25 22:10:40 vapier Exp $ inherit eutils flag-o-matic gnuconfig @@ -36,13 +36,14 @@ hax_bitkeeper() { src_unpack() { unpack ${A} - cd ${S} + cd "${S}" - use alpha && epatch ${FILESDIR}/ntp-4.1.1b-syscall-libc.patch + use alpha && epatch "${FILESDIR}"/ntp-4.1.1b-syscall-libc.patch - epatch ${FILESDIR}/${PV}-ntpdate-quiet.patch - epatch ${FILESDIR}/${PV}-linux-config-phone.patch #13001 - epatch ${FILESDIR}/${PV}-droproot.patch + epatch "${FILESDIR}"/${PV}-ntpdate-quiet.patch + epatch "${FILESDIR}"/${PV}-linux-config-phone.patch #13001 + epatch "${FILESDIR}"/${PV}-droproot.patch + epatch "${FILESDIR}"/ntp-4.2.0-ntpd-using-wrong-group.patch #103719 sed -i "s:-Wpointer-arith::" configure.in # needed in order to make files with right ver info #30220 @@ -90,7 +91,7 @@ src_install() { dohtml -r html/* insinto /usr/share/ntp - doins ${FILESDIR}/ntp.conf + doins "${FILESDIR}"/ntp.conf rm -rf `find scripts/ \ -name '*.in' -o \ -name 'Makefile*' -o \ @@ -99,13 +100,13 @@ src_install() { cp -r scripts/* ${D}/usr/share/ntp/ chmod -R go-w ${D}/usr/share/ntp - [ ! -e ${ROOT}/etc/ntp.conf ] && insinto /etc && doins ${FILESDIR}/ntp.conf + [ ! -e ${ROOT}/etc/ntp.conf ] && insinto /etc && doins "${FILESDIR}"/ntp.conf exeinto /etc/init.d - newexe ${FILESDIR}/ntpd.rc ntpd - newexe ${FILESDIR}/ntp-client.rc ntp-client + newexe "${FILESDIR}"/ntpd.rc ntpd + newexe "${FILESDIR}"/ntp-client.rc ntp-client insinto /etc/conf.d - newins ${FILESDIR}/ntpd.confd ntpd - newins ${FILESDIR}/ntp-client.confd ntp-client + newins "${FILESDIR}"/ntpd.confd ntpd + newins "${FILESDIR}"/ntp-client.confd ntp-client use nodroproot && dosed "s|-u ntp:ntp||" /etc/conf.d/ntpd dodir /var/lib/ntp diff --git a/net-misc/ntp/ntp-4.2.0.20040617-r3.ebuild b/net-misc/ntp/ntp-4.2.0.20040617-r3.ebuild new file mode 100644 index 000000000000..74c5f34478ed --- /dev/null +++ b/net-misc/ntp/ntp-4.2.0.20040617-r3.ebuild @@ -0,0 +1,148 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ntp-4.2.0.20040617-r3.ebuild,v 1.1 2005/08/25 22:10:40 vapier Exp $ + +inherit eutils + +MY_P=${PN}-stable-${PV:0:5}a-${PV:6} +DESCRIPTION="Network Time Protocol suite/programs" +HOMEPAGE="http://www.ntp.org/" +SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/snapshots/ntp-stable/${PV:6:4}/${PV:10:2}/${MY_P}.tar.gz + mirror://gentoo/${MY_P}-manpages.tar.bz2" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 sparc x86" +IUSE="parse-clocks nodroproot selinux ssl ipv6 openntpd debug" + +RDEPEND=">=sys-libs/ncurses-5.2 + >=sys-libs/readline-4.1 + kernel_linux? ( !nodroproot? ( sys-libs/libcap ) ) + !openntpd? ( !net-misc/openntpd ) + ssl? ( dev-libs/openssl ) + selinux? ( sec-policy/selinux-ntp )" +DEPEND="${RDEPEND} + >=sys-apps/portage-2.0.51" +PDEPEND="openntpd? ( net-misc/openntpd )" + +S=${WORKDIR}/${MY_P} + +hax_bitkeeper() { + # the makefiles have support for bk ... + # basically we have to do this or bk will try to write + # to files in /opt/bitkeeper causing sandbox violations ;( + mkdir "${T}"/fakebin + echo "#!/bin/sh"$'\n'"exit 1" > "${T}"/fakebin/bk + chmod a+x "${T}"/fakebin/bk + export PATH="${T}/fakebin:${PATH}" +} + +pkg_setup() { + enewgroup ntp 123 + enewuser ntp 123 -1 /dev/null ntp +} + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}"/ntp-4.1.1b-syscall-libc.patch + epatch "${FILESDIR}"/4.2.0-linux-config-phone.patch #13001 + epatch "${FILESDIR}"/${PV}-hostname.patch + epatch "${FILESDIR}"/${PV}-errno-fix.patch + epatch "${FILESDIR}"/${PV}-ipv6-fixes.patch + epatch "${FILESDIR}"/${PV}-debug-fix.patch + epatch "${FILESDIR}"/${PV}-freebsd.patch + epatch "${FILESDIR}"/ntp-4.2.0-gcc4.patch + epatch "${FILESDIR}"/ntp-4.2.0-ntpd-using-wrong-group.patch #103719 + + sed -i \ + -e 's:md5\.h:touch_not_my_md5:g' \ + -e 's:-Wpointer-arith::' \ + -e 's:-lelf:-la_doe_a_deer_a_female_deer:g' \ + -e 's:-lmd5:-li_dont_want_no_stinkin_md5:g' \ + configure || die "sed failed" +} + +src_compile() { + hax_bitkeeper + econf \ + $(use_enable !nodroproot linuxcaps) \ + $(use_enable parse-clocks) \ + $(use_enable ipv6) \ + $(use_enable debug debugging) \ + $(use_with ssl crypto) \ + || die + emake || die +} + +src_install() { + hax_bitkeeper + make install DESTDIR="${D}" || die + # move ntpd/ntpdate to sbin #66671 + dodir /usr/sbin + mv "${D}"/usr/bin/{ntpd,ntpdate} "${D}"/usr/sbin/ || die "move to sbin" + + dodoc ChangeLog INSTALL NEWS README TODO WHERE-TO-START + doman "${WORKDIR}"/man/*.1 + dohtml -r html/* + + insinto /usr/share/ntp + doins "${FILESDIR}"/ntp.conf + cp -r scripts/* "${D}"/usr/share/ntp/ + chmod -R go-w "${D}"/usr/share/ntp + find "${D}"/usr/share/ntp \ + '(' \ + -name '*.in' -o \ + -name 'Makefile*' -o \ + -name 'rc[12]' -o \ + -name support \ + ')' \ + -exec rm -r {} \; + + insinto /etc + doins "${FILESDIR}"/ntp.conf + newinitd "${FILESDIR}"/ntpd.rc ntpd + newconfd "${FILESDIR}"/ntpd.confd ntpd + newinitd "${FILESDIR}"/ntp-client.rc ntp-client + newconfd "${FILESDIR}"/ntp-client.confd ntp-client + use nodroproot && dosed "s|-u ntp:ntp||" /etc/conf.d/ntpd + dosed "s:-Q::" /etc/conf.d/ntp-client # no longer needed + dosed "s:/usr/bin:/usr/sbin:" /etc/init.d/ntpd + + dodir /var/lib/ntp + fowners ntp:ntp /var/lib/ntp + touch "${D}"/var/lib/ntp/ntp.drift + fowners ntp:ntp /var/lib/ntp/ntp.drift + + if use openntpd ; then + cd "${D}" + rm usr/sbin/ntpd + rm -r var/lib + rm etc/{conf,init}.d/ntpd + fi +} + +pkg_preinst() { + if [[ -e ${ROOT}/etc/ntp.conf ]] ; then + rm -f "${D}"/etc/ntp.conf + fi +} + +pkg_postinst() { + ewarn "You can find an example /etc/ntp.conf in /usr/share/ntp/" + ewarn "Review /etc/ntp.conf to setup server info." + ewarn "Review /etc/conf.d/ntpd to setup init.d info." + echo + einfo "The way ntp sets and maintains your system time has changed." + einfo "Now you can use /etc/init.d/ntp-client to set your time at" + einfo "boot while you can use /etc/init.d/ntpd to maintain your time" + einfo "while your machine runs" + if [[ -n $(egrep '^[^#].*notrust' "${ROOT}"/etc/ntp.conf) ]] ; then + echo + eerror "The notrust option was found in your /etc/ntp.conf!" + ewarn "If your ntpd starts sending out weird responses," + ewarn "then make sure you have keys properly setup and see" + ewarn "http://bugs.gentoo.org/41827" + fi +} diff --git a/net-misc/ntp/ntp-4.2.0.20050303-r1.ebuild b/net-misc/ntp/ntp-4.2.0.20050303-r1.ebuild new file mode 100644 index 000000000000..73d285d764f4 --- /dev/null +++ b/net-misc/ntp/ntp-4.2.0.20050303-r1.ebuild @@ -0,0 +1,147 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ntp-4.2.0.20050303-r1.ebuild,v 1.1 2005/08/25 22:10:40 vapier Exp $ + +inherit eutils + +MY_P=${PN}-stable-${PV:0:5}a-${PV:6} +DESCRIPTION="Network Time Protocol suite/programs" +HOMEPAGE="http://www.ntp.org/" +SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/snapshots/ntp-stable/${PV:6:4}/${PV:10:2}/${MY_P}.tar.gz + mirror://gentoo/${MY_P}-manpages.tar.bz2" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" +IUSE="parse-clocks nodroproot selinux ssl ipv6 openntpd debug" + +RDEPEND=">=sys-libs/ncurses-5.2 + >=sys-libs/readline-4.1 + kernel_linux? ( !nodroproot? ( sys-libs/libcap ) ) + !openntpd? ( !net-misc/openntpd ) + ssl? ( dev-libs/openssl ) + selinux? ( sec-policy/selinux-ntp )" +DEPEND="${RDEPEND} + >=sys-apps/portage-2.0.51" +PDEPEND="openntpd? ( net-misc/openntpd )" + +S=${WORKDIR}/${MY_P} + +hax_bitkeeper() { + # the makefiles have support for bk ... + # basically we have to do this or bk will try to write + # to files in /opt/bitkeeper causing sandbox violations ;( + mkdir "${T}"/fakebin + echo "#!/bin/sh"$'\n'"exit 1" > "${T}"/fakebin/bk + chmod a+x "${T}"/fakebin/bk + export PATH="${T}/fakebin:${PATH}" +} + +pkg_setup() { + enewgroup ntp 123 + enewuser ntp 123 -1 /dev/null ntp +} + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}"/4.2.0-linux-config-phone.patch #13001 + epatch "${FILESDIR}"/4.2.0.20040617-hostname.patch + epatch "${FILESDIR}"/4.2.0.20040617-errno-fix.patch + epatch "${FILESDIR}"/4.2.0.20040617-debug-fix.patch + epatch "${FILESDIR}"/4.2.0.20040617-freebsd.patch + epatch "${FILESDIR}"/ntp-4.2.0-gcc4.patch + epatch "${FILESDIR}"/ntp-4.2.0.20050303-rlimit-memlock.patch #99713 + epatch "${FILESDIR}"/ntp-4.2.0-ntpd-using-wrong-group.patch #103719 + + sed -i \ + -e 's:md5\.h:touch_not_my_md5:g' \ + -e 's:-Wpointer-arith::' \ + -e 's:-lelf:-la_doe_a_deer_a_female_deer:g' \ + -e 's:-lmd5:-li_dont_want_no_stinkin_md5:g' \ + configure || die "sed failed" +} + +src_compile() { + hax_bitkeeper + econf \ + $(use_enable !nodroproot linuxcaps) \ + $(use_enable parse-clocks) \ + $(use_enable ipv6) \ + $(use_enable debug debugging) \ + $(use_with ssl crypto) \ + || die + emake || die +} + +src_install() { + hax_bitkeeper + make install DESTDIR="${D}" || die "install failed" + # move ntpd/ntpdate to sbin #66671 + dodir /usr/sbin + mv "${D}"/usr/bin/{ntpd,ntpdate} "${D}"/usr/sbin/ || die "move to sbin" + + dodoc ChangeLog INSTALL NEWS README TODO WHERE-TO-START + doman "${WORKDIR}"/man/*.1 + dohtml -r html/* + + insinto /usr/share/ntp + doins "${FILESDIR}"/ntp.conf + cp -r scripts/* "${D}"/usr/share/ntp/ + chmod -R go-w "${D}"/usr/share/ntp + find "${D}"/usr/share/ntp \ + '(' \ + -name '*.in' -o \ + -name 'Makefile*' -o \ + -name 'rc[12]' -o \ + -name support \ + ')' \ + -exec rm -r {} \; + + insinto /etc + doins "${FILESDIR}"/ntp.conf + newinitd "${FILESDIR}"/ntpd.rc ntpd + newconfd "${FILESDIR}"/ntpd.confd ntpd + newinitd "${FILESDIR}"/ntp-client.rc ntp-client + newconfd "${FILESDIR}"/ntp-client.confd ntp-client + use nodroproot && dosed "s|-u ntp:ntp||" /etc/conf.d/ntpd + dosed "s:-Q::" /etc/conf.d/ntp-client # no longer needed + dosed "s:/usr/bin:/usr/sbin:" /etc/init.d/ntpd + + dodir /var/lib/ntp + fowners ntp:ntp /var/lib/ntp + touch "${D}"/var/lib/ntp/ntp.drift + fowners ntp:ntp /var/lib/ntp/ntp.drift + + if use openntpd ; then + cd "${D}" + rm usr/sbin/ntpd + rm -r var/lib + rm etc/{conf,init}.d/ntpd + fi +} + +pkg_preinst() { + if [[ -e ${ROOT}/etc/ntp.conf ]] ; then + rm -f "${D}"/etc/ntp.conf + fi +} + +pkg_postinst() { + ewarn "You can find an example /etc/ntp.conf in /usr/share/ntp/" + ewarn "Review /etc/ntp.conf to setup server info." + ewarn "Review /etc/conf.d/ntpd to setup init.d info." + echo + einfo "The way ntp sets and maintains your system time has changed." + einfo "Now you can use /etc/init.d/ntp-client to set your time at" + einfo "boot while you can use /etc/init.d/ntpd to maintain your time" + einfo "while your machine runs" + if [[ -n $(egrep '^[^#].*notrust' "${ROOT}"/etc/ntp.conf) ]] ; then + echo + eerror "The notrust option was found in your /etc/ntp.conf!" + ewarn "If your ntpd starts sending out weird responses," + ewarn "then make sure you have keys properly setup and see" + ewarn "http://bugs.gentoo.org/41827" + fi +} |