[Midnightbsd-cvs] mports [23662] trunk/net/ntp: reroll patchset

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Mon Jul 23 17:17:58 EDT 2018 

Revision: 23662
          http://svnweb.midnightbsd.org/mports/?rev=23662
Author:   laffer1
Date:     2018-07-23 17:17:57 -0400 (Mon, 23 Jul 2018)
Log Message:
-----------
reroll patchset

Modified Paths:
--------------
    trunk/net/ntp/Makefile

Added Paths:
-----------
    trunk/net/ntp/files/patch-ntpd_ntpd.c
    trunk/net/ntp/files/patch-sntp_m4_ntp__libntp.m4

Modified: trunk/net/ntp/Makefile
===================================================================
--- trunk/net/ntp/Makefile	2018-07-23 21:07:47 UTC (rev 23661)
+++ trunk/net/ntp/Makefile	2018-07-23 21:17:57 UTC (rev 23662)
@@ -2,7 +2,7 @@
 
 PORTNAME=	ntp
 PORTVERSION=	4.2.8p11
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	net ipv6
 MASTER_SITES=	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \
 		http://archive.ntp.org/ntp4/ntp-4.2/ \

Added: trunk/net/ntp/files/patch-ntpd_ntpd.c
===================================================================
--- trunk/net/ntp/files/patch-ntpd_ntpd.c	                        (rev 0)
+++ trunk/net/ntp/files/patch-ntpd_ntpd.c	2018-07-23 21:17:57 UTC (rev 23662)
@@ -0,0 +1,45 @@
+--- ntpd/ntpd.c.orig	2018-02-27 15:15:48 UTC
++++ ntpd/ntpd.c
+@@ -123,6 +123,9 @@
+ #if defined(HAVE_PRIV_H) && defined(HAVE_SOLARIS_PRIVS)
+ # include <priv.h>
+ #endif /* HAVE_PRIV_H */
++#if defined(HAVE_TRUSTEDBSD_MAC)
++# include <sys/mac.h>
++#endif /* HAVE_TRUSTEDBSD_MAC */
+ #endif /* HAVE_DROPROOT */
+ 
+ #if defined (LIBSECCOMP) && (KERN_SECCOMP)
+@@ -634,7 +637,12 @@ ntpdmain(
+ 	/* MPE lacks the concept of root */
+ # if defined(HAVE_GETUID) && !defined(MPE)
+ 	uid = getuid();
+-	if (uid && !HAVE_OPT( SAVECONFIGQUIT )) {
++	if (uid && !HAVE_OPT( SAVECONFIGQUIT )
++#  if defined(HAVE_TRUSTEDBSD_MAC)
++	    /* We can run as non-root if the mac_ntpd policy is enabled. */
++	    && mac_is_present("ntpd") != 1
++#  endif
++	    ) {
+ 		msyslog_term = TRUE;
+ 		msyslog(LOG_ERR,
+ 			"must be run as root, not uid %ld", (long)uid);
+@@ -1082,7 +1090,17 @@ getgroup:
+ 			exit (-1);
+ 		}
+ 
+-#  if !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS)
++#  if defined(HAVE_TRUSTEDBSD_MAC)
++		/*
++		 * To manipulate system time and (re-)bind to NTP_PORT as needed
++		 * following interface changes, we must either run as uid 0 or
++		 * the mac_ntpd policy module must be enabled.
++		 */
++		if (sw_uid != 0 && mac_is_present("ntpd") != 1) {
++			msyslog(LOG_ERR, "Need MAC 'ntpd' policy enabled to drop root privileges");
++			exit (-1);
++		}
++#  elif !defined(HAVE_LINUX_CAPABILITIES) && !defined(HAVE_SOLARIS_PRIVS)
+ 		/*
+ 		 * for now assume that the privilege to bind to privileged ports
+ 		 * is associated with running with uid 0 - should be refined on


Property changes on: trunk/net/ntp/files/patch-ntpd_ntpd.c
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: trunk/net/ntp/files/patch-sntp_m4_ntp__libntp.m4
===================================================================
--- trunk/net/ntp/files/patch-sntp_m4_ntp__libntp.m4	                        (rev 0)
+++ trunk/net/ntp/files/patch-sntp_m4_ntp__libntp.m4	2018-07-23 21:17:57 UTC (rev 23662)
@@ -0,0 +1,32 @@
+--- sntp/m4/ntp_libntp.m4.orig	2017-02-01 09:47:13 UTC
++++ sntp/m4/ntp_libntp.m4
+@@ -693,7 +693,28 @@ esac
+ 
+ AC_MSG_RESULT([$ntp_have_solarisprivs])
+ 
+-case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in
++AC_CHECK_HEADERS([sys/mac.h])
++
++AC_ARG_ENABLE(
++    [trustedbsd_mac],
++    [AS_HELP_STRING(
++	[--enable-trustedbsd-mac],
++	[- Use TrustedBSD MAC policy for non-root clock control]
++    )],
++    [ntp_use_trustedbsd_mac=$enableval]
++)
++
++AC_MSG_CHECKING([if we should use TrustedBSD MAC privileges])
++
++case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in
++ yesyes)
++    AC_DEFINE([HAVE_TRUSTEDBSD_MAC], [1],
++	[Are TrustedBSD MAC policy privileges available?])
++esac
++
++AC_MSG_RESULT([$ntp_use_trustedbsd_mac])
++
++case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in
+  *yes*)
+     AC_DEFINE([HAVE_DROPROOT], [1],
+ 	[Can we drop root privileges?])


Property changes on: trunk/net/ntp/files/patch-sntp_m4_ntp__libntp.m4
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property

More information about the Midnightbsd-cvs mailing list