net-misc/ntp: Security cleanup (bug #613550).

Package-Manager: Portage-2.3.12, Repoman-2.3.3

1 files changed, 0 insertions, 236 deletions

diff --git a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch b/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch
deleted file mode 100644
index 5166e5f9a1d0..000000000000
--- a/net-misc/ntp/files/ntp-4.2.8_p9-fix-build-wo-ssl-or-libressl.patch
+++ /dev/null
@@ -1,236 +0,0 @@
-Fix building with libressl or without SSL.
-
-Origin: http://bugs.ntp.org/attachment.cgi?id=1481
-
-LibreSSL fix from Joe Kappus (https://bugs.gentoo.org/show_bug.cgi?id=600668#c2)
-
-diff -Nru a/include/ntp_md5.h b/include/ntp_md5.h
---- a/include/ntp_md5.h	2016-11-23 08:35:18.248130387 +0100
-+++ b/include/ntp_md5.h	2016-11-23 08:35:18.248130387 +0100
-@@ -8,6 +8,7 @@
- 
- #ifdef OPENSSL
- # include "openssl/evp.h"
-+# include "libssl_compat.h"
- #else	/* !OPENSSL follows */
- /*
-  * Provide OpenSSL-alike MD5 API if we're not using OpenSSL
-@@ -23,6 +24,9 @@
- # endif
- 
-   typedef MD5_CTX			EVP_MD_CTX;
-+
-+# define EVP_MD_CTX_free(c)		free(c)
-+# define EVP_MD_CTX_new()		calloc(1, sizeof(MD5_CTX))
- # define EVP_get_digestbynid(t)		NULL
- # define EVP_md5()			NULL
- # define EVP_MD_CTX_init(c)
-diff -Nru a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c
---- a/libntp/a_md5encrypt.c	2016-11-23 08:35:18.248130387 +0100
-+++ b/libntp/a_md5encrypt.c	2016-11-23 08:35:18.248130387 +0100
-@@ -11,7 +11,6 @@
- #include "ntp.h"
- #include "ntp_md5.h"	/* provides OpenSSL digest API */
- #include "isc/string.h"
--#include "libssl_compat.h"
- /*
-  * MD5authencrypt - generate message digest
-  *
-diff -Nru a/libntp/libssl_compat.c b/libntp/libssl_compat.c
---- a/libntp/libssl_compat.c	2016-11-23 08:35:18.248130387 +0100
-+++ b/libntp/libssl_compat.c	2016-11-23 08:35:18.248130387 +0100
-@@ -15,15 +15,18 @@
-  * ---------------------------------------------------------------------
-  */
- #include "config.h"
--
--#include <string.h>
--#include <openssl/bn.h>
--#include <openssl/evp.h>
--
- #include "ntp_types.h"
- 
- /* ----------------------------------------------------------------- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#ifdef OPENSSL
-+# include <string.h>
-+# include <openssl/bn.h>
-+# include <openssl/evp.h>
-+#endif
-+/* ----------------------------------------------------------------- */
-+
-+/* ----------------------------------------------------------------- */
-+#if defined(OPENSSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER)
- /* ----------------------------------------------------------------- */
- 
- #include "libssl_compat.h"
-@@ -325,7 +328,7 @@
- }
- 
- /* ----------------------------------------------------------------- */
--#else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */
-+#else /* OPENSSL && OPENSSL_VERSION_NUMBER >= v1.1.0 */
- /* ----------------------------------------------------------------- */
- 
- NONEMPTY_TRANSLATION_UNIT
-diff -Nru a/ntpd/ntp_control.c b/ntpd/ntp_control.c
---- a/ntpd/ntp_control.c	2016-11-23 08:35:18.256130015 +0100
-+++ b/ntpd/ntp_control.c	2016-11-23 08:35:18.260129828 +0100
-@@ -33,8 +33,6 @@
- # include "ntp_syscall.h"
- #endif
- 
--#include "libssl_compat.h"
--
- /*
-  * Structure to hold request procedure information
-  */
-@@ -1653,8 +1651,10 @@
- }
- 
- /*
-- * ctl_putcal - write a decoded calendar data into the response
-+ * ctl_putcal - write a decoded calendar data into the response.
-+ * only used with AUTOKEY currently, so compiled conditional
-  */
-+#ifdef AUTOKEY
- static void
- ctl_putcal(
- 	const char *tag,
-@@ -1678,6 +1678,7 @@
- 
- 	return;
- }
-+#endif
- 
- /*
-  * ctl_putfs - write a decoded filestamp into the response
-@@ -1838,7 +1839,7 @@
- 	char *	oplim;
- 	char *	iptr;
- 	char *	iplim;
--	char *	past_eq;
-+	char *	past_eq = NULL;
- 
- 	optr = output;
- 	oplim = output + sizeof(output);
-diff -Nru a/ntpd/ntp_io.c b/ntpd/ntp_io.c
---- a/ntpd/ntp_io.c	2016-11-23 08:35:18.268129456 +0100
-+++ b/ntpd/ntp_io.c	2016-11-23 08:35:18.272129269 +0100
-@@ -516,13 +516,17 @@
- /*
-  * function to dump the contents of the interface structure
-  * for debugging use only.
-+ * We face a dilemma here -- sockets are FDs under POSIX and
-+ * actually HANDLES under Windows. So we use '%lld' as format
-+ * and cast the value to 'long long'; this should not hurt
-+ * with UNIX-like systems and does not truncate values on Win64.
-  */
- void
- interface_dump(const endpt *itf)
- {
- 	printf("Dumping interface: %p\n", itf);
--	printf("fd = %d\n", itf->fd);
--	printf("bfd = %d\n", itf->bfd);
-+	printf("fd = %lld\n", (long long)itf->fd);
-+	printf("bfd = %lld\n", (long long)itf->bfd);
- 	printf("sin = %s,\n", stoa(&itf->sin));
- 	sockaddr_dump(&itf->sin);
- 	printf("bcast = %s,\n", stoa(&itf->bcast));
-@@ -570,11 +574,11 @@
- static void
- print_interface(const endpt *iface, const char *pfx, const char *sfx)
- {
--	printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s",
-+	printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s",
- 	       pfx,
- 	       iface->ifnum,
--	       iface->fd,
--	       iface->bfd,
-+	       (long long)iface->fd,
-+	       (long long)iface->bfd,
- 	       iface->name,
- 	       iface->flags,
- 	       iface->ifindex,
-diff -Nru a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c
---- a/ntpd/ntp_proto.c	2016-11-23 08:35:18.280128897 +0100
-+++ b/ntpd/ntp_proto.c	2016-11-23 08:35:18.284128711 +0100
-@@ -4054,7 +4054,7 @@
- 		    ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,
- 		    peer->keynumber));
- #else	/* !AUTOKEY follows */
--	DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %d\n",
-+	DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu\n",
- 		    current_time, peer->dstadr ?
- 		    ntoa(&peer->dstadr->sin) : "-",
- 		    ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen));
-diff -Nru a/ports/winnt/ntpd/ntp_iocompletionport.c b/ports/winnt/ntpd/ntp_iocompletionport.c
---- a/ports/winnt/ntpd/ntp_iocompletionport.c	2016-11-23 08:35:18.288128524 +0100
-+++ b/ports/winnt/ntpd/ntp_iocompletionport.c	2016-11-23 08:35:18.288128524 +0100
-@@ -1391,8 +1391,7 @@
- 		goto fail;
- 	}
- 
--	;
--	if ( ! (rio->ioreg_ctx = iopad = iohpCreate(rio))) {
-+	if (NULL == (rio->ioreg_ctx = iopad = iohpCreate(rio))) {
- 		msyslog(LOG_ERR, "%s: Failed to create shared lock",
- 			msgh);
- 		goto fail;
-@@ -1401,13 +1400,13 @@
- 	iopad->riofd      = rio->fd;
- 	iopad->rsrc.rio   = rio;
- 
--	if (!(rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {
-+	if (NULL == (rio->device_ctx = DevCtxAttach(serial_devctx(h)))) {
- 		msyslog(LOG_ERR, "%s: Failed to allocate device context",
- 			msgh);
- 		goto fail;
- 	}
- 
--	if ( ! (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {
-+	if (NULL == (lpo = IoCtxAlloc(iopad, rio->device_ctx))) {
- 		msyslog(LOG_ERR, "%: Failed to allocate IO context",
- 			msgh);
- 		goto fail;
-@@ -1594,7 +1593,6 @@
- 	static const char * const msg =
- 		"OnSocketSend: send to socket failed";
- 
--	IoHndPad_T *	iopad	= NULL;
- 	endpt *		ep	= NULL;
- 	int		rc;
- 
-@@ -1662,7 +1660,7 @@
- 
- 	INSIST(hndIOCPLPort && hMainRpcDone);
- 	if (iopad)
--		iocpl_notify(iopad, OnInterfaceDetach, -1);
-+		iocpl_notify(iopad, OnInterfaceDetach, (UINT_PTR)-1);
- }
- 
- /* --------------------------------------------------------------------
-diff -Nru a/sntp/crypto.c b/sntp/crypto.c
---- a/sntp/crypto.c	2016-11-23 08:35:18.288128524 +0100
-+++ b/sntp/crypto.c	2016-11-23 08:35:18.288128524 +0100
-@@ -2,7 +2,7 @@
- #include "crypto.h"
- #include <ctype.h>
- #include "isc/string.h"
--#include "libssl_compat.h"
-+#include "ntp_md5.h"
- 
- struct key *key_ptr;
- size_t key_cnt = 0;
-diff -urN ntp-4.2.8p9/include/libssl_compat.h ntp-4.2.8p9_fixed/include/libssl_compat.h
---- a/include/libssl_compat.h	2016-11-21 07:28:40.000000000 -0500
-+++ b/include/libssl_compat.h	2016-11-23 12:10:33.014148604 -0500
-@@ -25,7 +25,7 @@
- #include "openssl/rsa.h"
- 
- /* ----------------------------------------------------------------- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER)
- /* ----------------------------------------------------------------- */
- 
- # include <openssl/objects.h>