diff --git a/net/openntpd/Makefile b/net/openntpd/Makefile index b64398e6a6ce..228b8994517e 100644 --- a/net/openntpd/Makefile +++ b/net/openntpd/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.41 2015/02/16 11:03:20 jperkin Exp $ +# $NetBSD: Makefile,v 1.42 2015/07/03 12:31:12 wiz Exp $ -DISTNAME= openntpd-5.7p3 +DISTNAME= openntpd-5.7p4 CATEGORIES= net MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenNTPD/} @@ -14,17 +14,16 @@ CONFLICTS+= ntp-[0-9]* GNU_CONFIGURE= yes CONFIGURE_ARGS+= --localstatedir=${VARBASE} CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} -CONFIGURE_ARGS+= --with-privsep-path=path=${VARBASE}/chroot/ntpd SUBST_CLASSES+= ntpd_m SUBST_STAGE.ntpd_m= pre-build -SUBST_FILES.ntpd_m= ntpd.8 ntpctl.8 +SUBST_FILES.ntpd_m= src/ntpd.8 src/ntpctl.8 SUBST_SED.ntpd_m+= -e 's,/var/db/,${VARBASE}/db/openntpd/,g' SUBST_SED.ntpd_m+= -e 's,/var/run/,${VARBASE}/run/,g' SUBST_CLASSES+= ntpd_h SUBST_STAGE.ntpd_h= pre-build -SUBST_FILES.ntpd_h= ntpd.h +SUBST_FILES.ntpd_h= src/ntpd.h SUBST_SED.ntpd_h+= -e 's,/db/ntpd.drift,/db/openntpd/ntpd.drift,g' EGDIR= ${PREFIX}/share/examples/openntpd @@ -43,11 +42,11 @@ AUTO_MKDIRS= yes INSTALLATION_DIRS+= sbin ${PKGMANDIR}/man5 ${PKGMANDIR}/man8 ${EGDIR} do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/ntpd ${DESTDIR}${PREFIX}/sbin/ntpd + ${INSTALL_PROGRAM} ${WRKSRC}/src/ntpd ${DESTDIR}${PREFIX}/sbin/ntpd ln ${DESTDIR}${PREFIX}/sbin/ntpd ${DESTDIR}${PREFIX}/sbin/ntpctl - ${INSTALL_MAN} ${WRKSRC}/ntpd.8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/ntpd.8 - ${INSTALL_MAN} ${WRKSRC}/ntpctl.8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/ntpctl.8 - ${INSTALL_MAN} ${WRKSRC}/ntpd.conf.5 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/ntpd.conf.5 + ${INSTALL_MAN} ${WRKSRC}/src/ntpd.8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/ntpd.8 + ${INSTALL_MAN} ${WRKSRC}/src/ntpctl.8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/ntpctl.8 + ${INSTALL_MAN} ${WRKSRC}/src/ntpd.conf.5 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man5/ntpd.conf.5 ${INSTALL_DATA} ${WRKSRC}/ntpd.conf ${DESTDIR}${EGDIR}/ntpd.conf .include "../../mk/bsd.pkg.mk" diff --git a/net/openntpd/distinfo b/net/openntpd/distinfo index 415e47044330..1f3d3fbbb1ae 100644 --- a/net/openntpd/distinfo +++ b/net/openntpd/distinfo @@ -1,5 +1,8 @@ -$NetBSD: distinfo,v 1.9 2015/02/01 01:47:27 wiz Exp $ +$NetBSD: distinfo,v 1.10 2015/07/03 12:31:12 wiz Exp $ -SHA1 (openntpd-5.7p3.tar.gz) = 02ad9ae80f2dfd6cfbcc642d35f73093d167a067 -RMD160 (openntpd-5.7p3.tar.gz) = 7996771b7041add8f8c3233f30b9dfaab027eb7b -Size (openntpd-5.7p3.tar.gz) = 409734 bytes +SHA1 (openntpd-5.7p4.tar.gz) = ba885dc7cf599161b351cd90af2af175071e3a9d +RMD160 (openntpd-5.7p4.tar.gz) = d99d0058ce67272e5dff3cd945f0beaaf564591c +Size (openntpd-5.7p4.tar.gz) = 427900 bytes +SHA1 (patch-src_config.c) = baffc96d29a1d4c8482add8a2f89e7c42bbacf96 +SHA1 (patch-src_ntp.c) = 12fa52fae73f97ed6f49794ef964519ac70ddc5c +SHA1 (patch-src_ntpd.conf.5) = c5ca38a046ad68f1997c0d8b5aaa6cee171b17b1 diff --git a/net/openntpd/patches/patch-src_config.c b/net/openntpd/patches/patch-src_config.c new file mode 100644 index 000000000000..c76fc123ab38 --- /dev/null +++ b/net/openntpd/patches/patch-src_config.c @@ -0,0 +1,17 @@ +$NetBSD: patch-src_config.c,v 1.1 2015/07/03 12:31:12 wiz Exp $ + +Abort if configuration specifies tls constraints and ntpd not compiled with +tls support; accepted upstream. + +--- src/config.c.orig 2015-03-25 01:18:56.000000000 +0000 ++++ src/config.c +@@ -218,6 +218,9 @@ new_constraint(void) + fatal("new_constraint calloc"); + p->id = ++constraint_maxid; + ++#ifndef HAVE_LIBTLS ++ fatal("constraint configured without libtls support"); ++#endif + return (p); + } + diff --git a/net/openntpd/patches/patch-src_ntp.c b/net/openntpd/patches/patch-src_ntp.c new file mode 100644 index 000000000000..808cd2ef272f --- /dev/null +++ b/net/openntpd/patches/patch-src_ntp.c @@ -0,0 +1,22 @@ +$NetBSD: patch-src_ntp.c,v 1.1 2015/07/03 12:31:12 wiz Exp $ + +Abort if configuration specifies tls constraints and ntpd not compiled with +tls support; accepted upstream. + +--- src/ntp.c.orig 2015-03-12 02:15:36.000000000 +0000 ++++ src/ntp.c +@@ -110,12 +110,14 @@ ntp_main(int pipe_prnt[2], int fd_ctl, s + return (pid); + } + ++#ifdef HAVE_LIBTLS + tls_init(); + + /* Verification will be turned off if CA is not found */ + if ((conf->ca = tls_load_file(CONSTRAINT_CA, + &conf->ca_len, NULL)) == NULL) + log_warnx("constraint certificate verification turned off"); ++#endif + + /* in this case the parent didn't init logging and didn't daemonize */ + if (nconf->settime && !nconf->debug) { diff --git a/net/openntpd/patches/patch-src_ntpd.conf.5 b/net/openntpd/patches/patch-src_ntpd.conf.5 new file mode 100644 index 000000000000..d34c8618a4f8 --- /dev/null +++ b/net/openntpd/patches/patch-src_ntpd.conf.5 @@ -0,0 +1,21 @@ +$NetBSD: patch-src_ntpd.conf.5,v 1.1 2015/07/03 12:31:12 wiz Exp $ + +Abort if configuration specifies tls constraints and ntpd not compiled with +tls support; accepted upstream. + +--- src/ntpd.conf.5.orig 2015-03-25 01:18:56.000000000 +0000 ++++ src/ntpd.conf.5 +@@ -192,8 +192,11 @@ thereby reducing the impact of unauthent + .Sq Man-In-The-Middle + attacks. + Received NTP packets with time information falling outside of a range +-near the constraint will be discarded and such NTP servers +-will be marked as invalid. ++near the constraint will be discarded and such NTP servers will be marked as ++invalid. Contraints are only available if ++.Xr ntpd 8 ++has been compiled with libtls support. Configuring a constraint without libtls ++support will result in a fatal error. + .Bl -tag -width Ds + .It Ic constraint from Ar url + Specify the URL, IP address or the hostname of an HTTPS server to