Pullup ticket #4215 - requested by hannken

net/chrony: security update Revisions pulled up: - net/chrony/Makefile 1.29 - net/chrony/PLIST 1.5 - net/chrony/distinfo 1.8 - net/chrony/files/chronyd.sh 1.5 - net/chrony/patches/patch-aa 1.5 - net/chrony/patches/patch-ab 1.5 - net/chrony/patches/patch-ac 1.5 - net/chrony/patches/patch-ad 1.4 - net/chrony/patches/patch-ae 1.5 - net/chrony/patches/patch-af 1.4 - net/chrony/patches/patch-ag 1.4 --- Module Name: pkgsrc Committed By: hannken Date: Fri Aug 16 08:30:20 UTC 2013 Modified Files: pkgsrc/net/chrony: Makefile PLIST distinfo pkgsrc/net/chrony/files: chronyd.sh pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae patch-af Added Files: pkgsrc/net/chrony/patches: patch-ag Log Message: Update chrony to version 1.29. For a full list of changes since 1.24 see file NEWS in the distfile. Security fixes since 1.24: * Fix crash when processing crafted commands (CVE-2012-4502) (possible with IP addresses allowed by cmdallow and localhost) * Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) Reviewed by: Joerg Sonnenberger <joerg%netbsd.org@localhost>
author: tron <tron> 2013-08-21 12:59:44 +0000
committer: tron <tron> 2013-08-21 12:59:44 +0000
commit: affff3497f106c90421f8a56486e63e8565c8df2 (patch)
tree: f218258544f3de84295024151c1ec45d174cc3c7
parent: 4a4c51bfbe7be910936fe4fc6aa306e194e3caa1 (diff)
download: pkgsrc-affff3497f106c90421f8a56486e63e8565c8df2.tar.gz
11 files changed, 132 insertions, 99 deletions
diff --git a/net/chrony/Makefile b/net/chrony/Makefile
index d65421a9424..c5c4006041b 100644
--- a/net/chrony/Makefile
+++ b/net/chrony/Makefile
@@ -1,36 +1,37 @@
-# $NetBSD: Makefile,v 1.27 2012/10/23 17:18:14 asau Exp $
+# $NetBSD: Makefile,v 1.27.6.1 2013/08/21 12:59:44 tron Exp $
 
-DISTNAME=	chrony-1.24
+DISTNAME=	chrony-1.29
 CATEGORIES=	net
 MASTER_SITES=	http://download.tuxfamily.org/chrony/
 
 MAINTAINER=	hannken@NetBSD.org
 HOMEPAGE=	http://chrony.tuxfamily.org/
 COMMENT=	Daemon for maintaining the accuracy of computer clocks
+LICENSE=	gnu-gpl-v2
 
 USE_TOOLS+=		gmake
 HAS_CONFIGURE=		YES
 BUILD_DEFS+=		VARBASE
-CONFIGURE_ARGS+=	--prefix=${PREFIX:Q}
-CONFIGURE_ARGS+=	--mandir=${PREFIX:Q}/${PKGMANDIR:Q}
-CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR:Q}
+CONFIGURE_ARGS+=	--prefix=${PREFIX}
+CONFIGURE_ARGS+=	--mandir=${PREFIX}/${PKGMANDIR}
+CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
+CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
 AUTO_MKDIRS=		yes
 
+OWN_DIRS=		${VARBASE}/lib/chrony
+
 EGDIR=			${PREFIX}/share/examples/chrony
 EGFILES=		chrony.conf.example chrony.keys.example
 RCD_SCRIPTS=		chronyd
 
 SUBST_CLASSES+=		paths
-SUBST_FILES.paths=	${EGFILES:S/^/examples\//} conf.c chrony.conf.5 \
-			chronyd.8
-SUBST_SED.paths+=	-e 's,@PREFIX@,${PREFIX},g'
+SUBST_FILES.paths=	${EGFILES:S/^/examples\//} conf.c
 SUBST_SED.paths+=	-e 's,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR},g'
 SUBST_SED.paths+=	-e 's,@VARBASE@,${VARBASE},g'
 SUBST_STAGE.paths=	post-patch
 
 post-install:
-	${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
-	for file in ${EGFILES}; do				\
+	set -e; for file in ${EGFILES}; do			\
 		${INSTALL_DATA} ${WRKSRC}/examples/$${file}	\
 			${DESTDIR}${EGDIR}/$${file};		\
 	done
diff --git a/net/chrony/PLIST b/net/chrony/PLIST
index 39cd34d4bc5..41ff898db44 100644
--- a/net/chrony/PLIST
+++ b/net/chrony/PLIST
@@ -1,13 +1,13 @@
-@comment $NetBSD: PLIST,v 1.4 2009/06/14 18:09:23 joerg Exp $
+@comment $NetBSD: PLIST,v 1.4.34.1 2013/08/21 12:59:44 tron Exp $
 bin/chronyc
-share/doc/chrony/COPYING
-share/doc/chrony/README
-share/doc/chrony/chrony.txt
-share/examples/chrony/chrony.conf.example
-share/examples/chrony/chrony.keys.example
 man/man1/chrony.1
 man/man1/chronyc.1
 man/man5/chrony.conf.5
 man/man8/chronyd.8
 sbin/chronyd
+share/doc/chrony/COPYING
+share/doc/chrony/README
+share/doc/chrony/chrony.txt
+share/examples/chrony/chrony.conf.example
+share/examples/chrony/chrony.keys.example
 share/examples/rc.d/chronyd
diff --git a/net/chrony/distinfo b/net/chrony/distinfo
index 29a52a2e6d3..f65077b26a0 100644
--- a/net/chrony/distinfo
+++ b/net/chrony/distinfo
@@ -1,11 +1,12 @@
-$NetBSD: distinfo,v 1.7 2010/02/26 09:27:43 hannken Exp $
+$NetBSD: distinfo,v 1.7.28.1 2013/08/21 12:59:44 tron Exp $
 
-SHA1 (chrony-1.24.tar.gz) = 6e17d7b8cdd3508751713bd2279202b75643e268
-RMD160 (chrony-1.24.tar.gz) = a393c3f51d99a24a1aefd1653575de5a6c642191
-Size (chrony-1.24.tar.gz) = 364311 bytes
-SHA1 (patch-aa) = 1fe34e98bcdf70686e3e38bf88bfdbbe9f27b42d
-SHA1 (patch-ab) = efec09e45ea46c7f700a507a565e27a3d9c38f78
-SHA1 (patch-ac) = e6676efc4151b394451b7de64d44351789892561
-SHA1 (patch-ad) = 621626000457731ac89778d41200e9046a4edb25
-SHA1 (patch-ae) = a1efbc23807fa74c5393946400fa2565af12e7c5
-SHA1 (patch-af) = 3d09c0aba56bdce704a923ae7c15673cdb6a7489
+SHA1 (chrony-1.29.tar.gz) = 442fb7d62a6f23bf1057864a3dbdfa55e1b6eb35
+RMD160 (chrony-1.29.tar.gz) = 53518efdd90c4695005d7cc929077985f16887d7
+Size (chrony-1.29.tar.gz) = 392880 bytes
+SHA1 (patch-aa) = c28f5b7ff6c3ebc67b68d574c1b10bd54334b6a3
+SHA1 (patch-ab) = 1af7c5699147d4c05165c4e1f90bf127814511ce
+SHA1 (patch-ac) = 5830215f11573ca88541f661fffb17365e7d206c
+SHA1 (patch-ad) = df47df974995f9f947b731a4812fb7633fd874a4
+SHA1 (patch-ae) = 133e90d0614ef5961305b952d9a7a4047a2edcc7
+SHA1 (patch-af) = 43c5e0f14aa8a980af83ba4ea5691705a4738064
+SHA1 (patch-ag) = 165daaab8507cca8b29a61af576711c0ec05a3a6
diff --git a/net/chrony/files/chronyd.sh b/net/chrony/files/chronyd.sh
index 578a5c5b981..3715618e9df 100644
--- a/net/chrony/files/chronyd.sh
+++ b/net/chrony/files/chronyd.sh
@@ -1,6 +1,6 @@
 #!@RCD_SCRIPTS_SHELL@
 #
-# $NetBSD: chronyd.sh,v 1.4 2002/09/23 07:04:39 grant Exp $
+# $NetBSD: chronyd.sh,v 1.4.84.1 2013/08/21 12:59:44 tron Exp $
 #
 # PROVIDE: chronyd
 # REQUIRE: DAEMON
@@ -9,7 +9,7 @@
 
 name="chronyd"
 command="@PREFIX@/sbin/${name}"
-pidfile="/var/run/${name}.pid"
+pidfile="@VARBASE@/run/${name}.pid"
 required_files="@PKG_SYSCONFDIR@/chrony.conf"
 extra_commands="online offline"
 online_cmd="chronyd_online"
diff --git a/net/chrony/patches/patch-aa b/net/chrony/patches/patch-aa
index 122ab232570..ca6e0dbd0b4 100644
--- a/net/chrony/patches/patch-aa
+++ b/net/chrony/patches/patch-aa
@@ -1,17 +1,22 @@
-$NetBSD: patch-aa,v 1.4 2010/02/26 09:27:43 hannken Exp $
+$NetBSD: patch-aa,v 1.4.28.1 2013/08/21 12:59:44 tron Exp $
 
---- Makefile.in.orig	2010-02-04 13:07:19.000000000 +0100
+Adapt install target for pkgsrc.
+
+--- Makefile.in.orig	2013-08-08 13:58:07.000000000 +0000
 +++ Makefile.in
-@@ -104,31 +104,14 @@
+@@ -93,35 +93,17 @@ getdate :
+ # seem to vary between systems.
  
  install: chronyd chronyc
+-	[ -d $(DESTDIR)$(SYSCONFDIR) ] || mkdir -p $(DESTDIR)$(SYSCONFDIR)
 -	[ -d $(DESTDIR)$(SBINDIR) ] || mkdir -p $(DESTDIR)$(SBINDIR)
 -	[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
- 	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
+-	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
 -	[ -d $(DESTDIR)$(MANDIR)/man1 ] || mkdir -p $(DESTDIR)$(MANDIR)/man1
 -	[ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
 -	[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
--	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
+ 	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
+ 	[ -d $(DESTDIR)$(CHRONYVARDIR) ] || mkdir -p $(DESTDIR)$(CHRONYVARDIR)
 -	if [ -f $(DESTDIR)$(SBINDIR)/chronyd ]; then rm -f $(DESTDIR)$(SBINDIR)/chronyd ; fi
 -	if [ -f $(DESTDIR)$(BINDIR)/chronyc ]; then rm -f $(DESTDIR)$(BINDIR)/chronyc ; fi
 -	cp chronyd $(DESTDIR)$(SBINDIR)/chronyd
@@ -43,3 +48,4 @@ $NetBSD: patch-aa,v 1.4 2010/02/26 09:27:43 hannken Exp $
 +	$(BSD_INSTALL_MAN) chrony.conf.5 $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
  
  %.o : %.c
+ 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
diff --git a/net/chrony/patches/patch-ab b/net/chrony/patches/patch-ab
index 7a264530e09..6038e927475 100644
--- a/net/chrony/patches/patch-ab
+++ b/net/chrony/patches/patch-ab
@@ -1,28 +1,34 @@
-$NetBSD: patch-ab,v 1.4 2010/02/26 09:27:43 hannken Exp $
+$NetBSD: patch-ab,v 1.4.28.1 2013/08/21 12:59:44 tron Exp $
 
---- chrony.conf.5.orig	2010-02-04 13:07:19.000000000 +0100
-+++ chrony.conf.5
-@@ -4,5 +4,5 @@
+The ctype functions work on integers.
+
+--- cmdparse.c.orig	2013-08-08 13:58:07.000000000 +0000
++++ cmdparse.c
+@@ -203,7 +203,7 @@ CPS_NormalizeLine(char *line)
+ 
+   /* Remove white-space at beginning and replace white-spaces with space char */
+   for (p = q = line; *p; p++) {
+-    if (isspace(*p)) {
++    if (isspace((unsigned char)(*p))) {
+       if (!space)
+         *q++ = ' ';
+       space = 1;
+@@ -233,15 +233,15 @@ CPS_SplitWord(char *line)
+   char *p = line, *q = line;
  
- .SH SYNOPSIS
--.B /etc/chrony.conf
-+.B @PKG_SYSCONFDIR@/chrony.conf
+   /* Skip white-space before the word */
+-  while (*q && isspace(*q))
++  while (*q && isspace((unsigned char)(*q)))
+     q++;
  
- .SH DESCRIPTION
-@@ -13,5 +13,5 @@
- Assuming that you have found some servers, you need to set up a
- configuration file to run \fIchrony\fR.  The (compiled-in) default location
--for this file is \fB/etc/chrony.conf\fR.  Assuming that your ntp servers
-+for this file is \fB@PKG_SYSCONFDIR@/chrony.conf\fR.  Assuming that your ntp servers
- are called `a.b.c' and `d.e.f', your \fBchrony.conf\fR file could contain
- as a minimum
-@@ -30,7 +30,7 @@
-      server d.e.f
-      server g.h.i
--     keyfile /etc/chrony.keys
-+     keyfile @PKG_SYSCONFDIR@/chrony.keys
-      commandkey 1
--     driftfile /etc/chrony.drift
-+     driftfile @VARBASE@/db/chrony.drift
+   /* Move the word to the beginning */
+-  while (*q && !isspace(*q))
++  while (*q && !isspace((unsigned char)(*q)))
+     *p++ = *q++;
  
+   /* Find the next word */
+-  while (*q && isspace(*q))
++  while (*q && isspace((unsigned char)(*q)))
+     q++;
  
+   *p = '\0';
diff --git a/net/chrony/patches/patch-ac b/net/chrony/patches/patch-ac
index 6f650b69daf..29fb28864e4 100644
--- a/net/chrony/patches/patch-ac
+++ b/net/chrony/patches/patch-ac
@@ -1,29 +1,14 @@
-$NetBSD: patch-ac,v 1.4 2010/02/26 09:27:43 hannken Exp $
+$NetBSD: patch-ac,v 1.4.28.1 2013/08/21 12:59:44 tron Exp $
 
---- chronyd.8.orig	2010-02-04 13:07:19.000000000 +0100
-+++ chronyd.8
-@@ -25,8 +25,8 @@
- 
- If \fBchronyd\fR has been installed to its default location
--\fI/usr/local/sbin/chronyd\fR, starting it is simply a matter of entering the
-+\fI@PREFIX@/sbin/chronyd\fR, starting it is simply a matter of entering the
- command:
- 
--\fI/usr/local/sbin/chronyd\fR
-+\fI@PREFIX@/sbin/chronyd\fR
- 
- Information messages and warnings will be logged to syslog.
-@@ -53,5 +53,5 @@
- \fB\-f\fR \fIconf-file\fR
- This option can be used to specify an alternate location for the
--configuration file (default \fI/etc/chrony.conf\fR).
-+configuration file (default \fI@PKG_SYSCONFDIR@/chrony.conf\fR).
- .TP
- .B \-r
-@@ -103,5 +103,5 @@
+Remove unused variable.
+
+--- sys_netbsd.c.orig	2013-08-08 13:58:07.000000000 +0000
++++ sys_netbsd.c
+@@ -281,7 +281,6 @@ SYS_NetBSD_Initialise(void)
+   };
  
- .SH FILES
--\fI/etc/chrony.conf\fR
-+\fI@PKG_SYSCONFDIR@/chrony.conf\fR
+   kvm_t *kt;
+-  FILE *fp;
  
- .SH VERSION
+   kt = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL);
+   if (!kt) {
diff --git a/net/chrony/patches/patch-ad b/net/chrony/patches/patch-ad
index 6c56dda2cbb..29227986856 100644
--- a/net/chrony/patches/patch-ad
+++ b/net/chrony/patches/patch-ad
@@ -1,11 +1,15 @@
-$NetBSD: patch-ad,v 1.3 2010/02/26 09:27:43 hannken Exp $
+$NetBSD: patch-ad,v 1.3.28.1 2013/08/21 12:59:44 tron Exp $
 
---- conf.c.orig	2010-02-04 13:07:19.000000000 +0100
+Prepare for SUBST, not processed by configure.
+
+--- conf.c.orig	2013-08-08 13:58:07.000000000 +0000
 +++ conf.c
-@@ -177,5 +177,5 @@
+@@ -197,7 +197,7 @@ static IPAddr bind_cmd_address4, bind_cm
+ 
  /* Filename to use for storing pid of running chronyd, to prevent multiple
   * chronyds being started. */
 -static char *pidfile = "/var/run/chronyd.pid";
 +static char *pidfile = "@VARBASE@/run/chronyd.pid";
  
- /* Boolean for whether the Linux HZ value has been overridden, and the
+ /* Temperature sensor, update interval and compensation coefficients */
+ static char *tempcomp_file = NULL;
diff --git a/net/chrony/patches/patch-ae b/net/chrony/patches/patch-ae
index 5483daf8d79..fe03a883a6a 100644
--- a/net/chrony/patches/patch-ae
+++ b/net/chrony/patches/patch-ae
@@ -1,32 +1,42 @@
-$NetBSD: patch-ae,v 1.4 2010/02/26 09:27:43 hannken Exp $
+$NetBSD: patch-ae,v 1.4.28.1 2013/08/21 12:59:44 tron Exp $
 
---- examples/chrony.conf.example.orig	2010-02-04 13:07:19.000000000 +0100
-+++ examples/chrony.conf.example	2010-02-26 09:06:48.000000000 +0100
-@@ -2,5 +2,5 @@
+Prepare for SUBST, not processed by configure.
+
+--- examples/chrony.conf.example.orig	2013-08-08 13:58:07.000000000 +0000
++++ examples/chrony.conf.example
+@@ -1,7 +1,7 @@
+ #######################################################################
  #
  # This is an example chrony configuration file.  You should copy it to
 -# /etc/chrony.conf after uncommenting and editing the options that you
 +# @PKG_SYSCONFDIR@/chrony.conf after uncommenting and editing the options that you
  # want to enable.  The more obscure options are not included.  Refer
  # to the documentation for these.
-@@ -90,5 +90,5 @@
+ #
+@@ -89,7 +89,7 @@
+ # immediately so that it doesn't gain or lose any more time.  You
  # generally want this, so it is uncommented.
  
--driftfile /etc/chrony.drift
-+driftfile @VARBASE@/db/chrony.drift
+-driftfile /var/lib/chrony/drift
++driftfile @VARBASE@/lib/chrony/chrony.drift
  
  # If you want to use the program called chronyc to configure aspects of
-@@ -99,5 +99,5 @@
+ # chronyd's operation once it is running (e.g. tell it the Internet link
+@@ -98,7 +98,7 @@ driftfile /var/lib/chrony/drift
+ # exchanges between cooperating machines.)  Again, this option is
  # assumed by default.
  
 -keyfile /etc/chrony.keys
 +keyfile @PKG_SYSCONFDIR@/chrony.keys
  
  # Tell chronyd which numbered key in the file is used as the password
-@@ -130,5 +130,5 @@
+ # for chronyc. (You can pick any integer up to 2**32-1.  '1' is just a
+@@ -129,7 +129,7 @@ commandkey 1
+ # still running and bail out.  If you want to change the path to the PID
  # file, uncomment this line and edit it.  The default path is shown.
  
 -! pidfile /var/run/chronyd.pid
 +! pidfile @VARBASE@/run/chronyd.pid
  
  #######################################################################
+ ### INITIAL CLOCK CORRECTION
diff --git a/net/chrony/patches/patch-af b/net/chrony/patches/patch-af
index 29096a7338d..ef9fad0b56f 100644
--- a/net/chrony/patches/patch-af
+++ b/net/chrony/patches/patch-af
@@ -1,9 +1,14 @@
-$NetBSD: patch-af,v 1.3 2006/01/08 13:27:53 joerg Exp $
+$NetBSD: patch-af,v 1.3.64.1 2013/08/21 12:59:44 tron Exp $
 
---- examples/chrony.keys.example.orig	2002-01-31 01:00:08.000000000 +0100
+Prepare for SUBST, not processed by configure.
+
+--- examples/chrony.keys.example.orig	2013-08-08 13:58:07.000000000 +0000
 +++ examples/chrony.keys.example
-@@ -3,3 +3,3 @@
+@@ -1,6 +1,6 @@
+ #######################################################################
  #
 -# This is an example chrony keys file.  You should copy it to /etc/chrony.keys
 +# This is an example chrony keys file.  You should copy it to @PKG_SYSCONFDIR@/chrony.keys
- # after editing it to set up the key(s) you want to use.  In most situations,
+ # after editing it to set up the key(s) you want to use.  It should be readable
+ # only by root or the user chronyd drops the root privileges to.  In most
+ # situations, you will require a single key (the 'commandkey') so that you can
diff --git a/net/chrony/patches/patch-ag b/net/chrony/patches/patch-ag
new file mode 100644
index 00000000000..65f35dd0011
--- /dev/null
+++ b/net/chrony/patches/patch-ag
@@ -0,0 +1,15 @@
+$NetBSD: patch-ag,v 1.3.8.1 2013/08/21 12:59:44 tron Exp $
+
+The ctype functions work on integers.
+
+--- getdate.c.orig	2013-08-08 13:58:07.000000000 +0000
++++ getdate.c
+@@ -2547,7 +2547,7 @@ LookupWord (buff)
+   /* Make it lowercase. */
+   for (p = buff; *p; p++)
+     if (ISUPPER ((unsigned char) *p))
+-      *p = tolower (*p);
++      *p = tolower ((unsigned char)(*p));
+ 
+   if (strcmp (buff, "am") == 0 || strcmp (buff, "a.m.") == 0)
+     {
author	tron <tron>	2013-08-21 12:59:44 +0000
committer	tron <tron>	2013-08-21 12:59:44 +0000
commit	affff3497f106c90421f8a56486e63e8565c8df2 (patch)
tree	f218258544f3de84295024151c1ec45d174cc3c7
parent	4a4c51bfbe7be910936fe4fc6aa306e194e3caa1 (diff)
download	pkgsrc-affff3497f106c90421f8a56486e63e8565c8df2.tar.gz