[gentoo-commits] gentoo-x86 commit in net-misc/openntpd/files: openntpd-5.7_p4-nolibtls.patch

Tue, 26 May 2015 07:38:49 -0700 

ottxor      15/05/26 14:38:12

  Added:                openntpd-5.7_p4-nolibtls.patch
  Log:
  version bump (bug #545468)
  
  (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 
C2000586)

Revision  Changes    Path
1.1                  net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch?rev=1.1&content-type=text/plain

Index: openntpd-5.7_p4-nolibtls.patch
===================================================================
diff -u -r openntpd-5.7p4-orig/src/config.c openntpd-5.7p4/src/config.c
--- openntpd-5.7p4-orig/src/config.c    2015-03-24 18:18:56.000000000 -0700
+++ openntpd-5.7p4/src/config.c 2015-05-25 16:48:59.000000000 -0700
@@ -218,6 +218,9 @@
                fatal("new_constraint calloc");
        p->id = ++constraint_maxid;
 
+#ifndef HAVE_LIBTLS
+       fatal("constraint configured without libtls support");
+#endif
        return (p);
 }
 
diff -u -r openntpd-5.7p4-orig/src/ntp.c openntpd-5.7p4/src/ntp.c
--- openntpd-5.7p4-orig/src/ntp.c       2015-03-11 19:15:36.000000000 -0700
+++ openntpd-5.7p4/src/ntp.c    2015-05-25 16:48:59.000000000 -0700
@@ -110,12 +110,14 @@
                return (pid);
        }
 
+#ifdef HAVE_LIBTLS
        tls_init();
 
        /* Verification will be turned off if CA is not found */
        if ((conf->ca = tls_load_file(CONSTRAINT_CA,
            &conf->ca_len, NULL)) == NULL)
                log_warnx("constraint certificate verification turned off");
+#endif
 
        /* in this case the parent didn't init logging and didn't daemonize */
        if (nconf->settime && !nconf->debug) {
diff -u -r openntpd-5.7p4-orig/src/ntpd.conf.5 openntpd-5.7p4/src/ntpd.conf.5
--- openntpd-5.7p4-orig/src/ntpd.conf.5 2015-03-24 18:18:56.000000000 -0700
+++ openntpd-5.7p4/src/ntpd.conf.5      2015-05-25 16:48:59.000000000 -0700
@@ -192,8 +192,11 @@
 .Sq Man-In-The-Middle
 attacks.
 Received NTP packets with time information falling outside of a range
-near the constraint will be discarded and such NTP servers
-will be marked as invalid.
+near the constraint will be discarded and such NTP servers will be marked as
+invalid. Contraints are only available if
+.Xr ntpd 8
+has been compiled with libtls support. Configuring a constraint without libtls
+support will result in a fatal error.
 .Bl -tag -width Ds
 .It Ic constraint from Ar url
 Specify the URL, IP address or the hostname of an HTTPS server to
Only in openntpd-5.7p4/src: ntpd.conf.5.orig

Reply via email to