diff options
author | Cy Schubert <cy@FreeBSD.org> | 2020-03-05 06:21:11 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2020-03-05 06:21:11 +0000 |
commit | 085d4c9c985e165e1b8d2b53825fd4e7180915dc (patch) | |
tree | 3facf58d6a8f2f74b35d86b481ea05779bb4c9c9 | |
parent | 2dea593305001cf2bd1b82ceeaa0d8e9f4415b0b (diff) | |
download | ports-085d4c9c985e165e1b8d2b53825fd4e7180915dc.tar.gz ports-085d4c9c985e165e1b8d2b53825fd4e7180915dc.zip |
MFH: r527800
Update ntp-4.2.8p13 --> 4.2.8p14.
The advisory can be found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele
No CVEs have been documented yet.
Security: http://support.ntp.org/bin/view/Main/NtpBug3610
http://support.ntp.org/bin/view/Main/NtpBug3596
http://support.ntp.org/bin/view/Main/NtpBug3592
Approved by: portmgr (joneum)
Notes
Notes:
svn path=/branches/2020Q1/; revision=527806
-rw-r--r-- | net/ntp/Makefile | 3 | ||||
-rw-r--r-- | net/ntp/distinfo | 6 | ||||
-rw-r--r-- | net/ntp/files/patch-include_libssl__compat.h | 11 | ||||
-rw-r--r-- | net/ntp/files/patch-ntpd__ntp.conf.html | 8 | ||||
-rw-r--r-- | net/ntp/files/patch-ntpd_ntpd.c | 48 |
5 files changed, 8 insertions, 68 deletions
diff --git a/net/ntp/Makefile b/net/ntp/Makefile index 61ba49a81630..0e2d9aa38583 100644 --- a/net/ntp/Makefile +++ b/net/ntp/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= ntp -PORTVERSION= 4.2.8p13 -PORTREVISION= 6 +PORTVERSION= 4.2.8p14 CATEGORIES= net MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \ http://archive.ntp.org/ntp4/ntp-4.2/ \ diff --git a/net/ntp/distinfo b/net/ntp/distinfo index 56e32517f8b5..6106b99e2e02 100644 --- a/net/ntp/distinfo +++ b/net/ntp/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1550804538 -SHA256 (ntp-4.2.8p13.tar.gz) = 288772cecfcd9a53694ffab108d1825a31ba77f3a8466b0401baeca3bc232a38 -SIZE (ntp-4.2.8p13.tar.gz) = 6949363 +TIMESTAMP = 1583329796 +SHA256 (ntp-4.2.8p14.tar.gz) = 1960e4f081f6aafd108d721bc3ab15f9e8dfd08dc08339aa95bca9d2545e4eb7 +SIZE (ntp-4.2.8p14.tar.gz) = 7007263 diff --git a/net/ntp/files/patch-include_libssl__compat.h b/net/ntp/files/patch-include_libssl__compat.h deleted file mode 100644 index 7e03c01c4a67..000000000000 --- a/net/ntp/files/patch-include_libssl__compat.h +++ /dev/null @@ -1,11 +0,0 @@ ---- include/libssl_compat.h.orig 2016-11-21 12:28:40 UTC -+++ include/libssl_compat.h -@@ -25,7 +25,7 @@ - #include "openssl/rsa.h" - - /* ----------------------------------------------------------------- */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* ----------------------------------------------------------------- */ - - # include <openssl/objects.h> diff --git a/net/ntp/files/patch-ntpd__ntp.conf.html b/net/ntp/files/patch-ntpd__ntp.conf.html index 4cf5e80be202..181851987f15 100644 --- a/net/ntp/files/patch-ntpd__ntp.conf.html +++ b/net/ntp/files/patch-ntpd__ntp.conf.html @@ -1,5 +1,5 @@ ---- ntpd/ntp.conf.html.orig 2019-02-20 09:56:39.000000000 -0800 -+++ ntpd/ntp.conf.html 2019-12-04 07:10:45.833804000 -0800 +--- ntpd/ntp.conf.html.orig 2020-03-03 17:40:59.000000000 -0800 ++++ ntpd/ntp.conf.html 2020-03-04 06:05:59.693497000 -0800 @@ -280,7 +280,7 @@ <dt><code>pool</code></dt> <dd><p>For type s addresses, this command mobilizes a persistent @@ -9,12 +9,12 @@ remote server, but the remote server can never be synchronized to the local clock. </p></dd> -@@ -3094,7 +3094,7 @@ +@@ -3120,7 +3120,7 @@ when dropping root (the <code>-i</code> option). -The default is 32 megabytes on non-Linux machines, and -1 under Linux. -+The default -1. ++The default is -1. -1 means "do not lock the process into memory". 0 means "lock whatever memory the process wants into memory". </p></dd> diff --git a/net/ntp/files/patch-ntpd_ntpd.c b/net/ntp/files/patch-ntpd_ntpd.c deleted file mode 100644 index 2554aa96126a..000000000000 --- a/net/ntp/files/patch-ntpd_ntpd.c +++ /dev/null @@ -1,48 +0,0 @@ ---- ntpd/ntpd.c.orig 2019-02-20 09:21:44.000000000 -0800 -+++ ntpd/ntpd.c 2019-11-15 08:03:34.800596000 -0800 -@@ -138,6 +138,17 @@ - # include <seccomp.h> - #endif /* LIBSECCOMP and KERN_SECCOMP */ - -+#ifdef __FreeBSD__ -+#include <sys/procctl.h> -+#ifndef PROC_STACKGAP_CTL -+/* -+ * Even if we compile on an older system we can still run on a newer one. -+ */ -+#define PROC_STACKGAP_CTL 17 -+#define PROC_STACKGAP_DISABLE 0x0002 -+#endif -+#endif -+ - #ifdef HAVE_DNSREGISTRATION - # include <dns_sd.h> - DNSServiceRef mdns; -@@ -402,6 +413,18 @@ - char *argv[] - ) - { -+#ifdef __FreeBSD__ -+ { -+ /* -+ * We Must disable ASLR stack gap on FreeBSD to avoid a -+ * segfault. See PR/241421 and PR/241960. -+ */ -+ int aslr_var = PROC_STACKGAP_DISABLE; -+ -+ pid_t my_pid = getpid(); -+ procctl(P_PID, my_pid, PROC_STACKGAP_CTL, &aslr_var); -+ } -+#endif - return ntpdmain(argc, argv); - } - #endif /* !SYS_WINNT */ -@@ -999,7 +1022,7 @@ - # if defined(HAVE_MLOCKALL) - # ifdef HAVE_SETRLIMIT - ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k"); --# ifdef RLIMIT_MEMLOCK -+# if defined(RLIMIT_MEMLOCK) && defined(DFLT_RLIMIT_MEMLOCK) && DFLT_RLIMIT_MEMLOCK != -1 - /* - * The default RLIMIT_MEMLOCK is very low on Linux systems. - * Unless we increase this limit malloc calls are likely to |