Revision bump. Added a patch (based on the one from www.ecsirt.net) that allows to override the hostname used in autokey authentication. Another patch for a drop-root issue that comes up when using autokey. And the last patch (from upstream) fixes some ipv6 issues.

Package-Manager: portage-2.0.51.21-r1

4 files changed, 210 insertions, 0 deletions

diff --git a/net-misc/ntp/files/4.2.0.20040617-errno-fix.patch b/net-misc/ntp/files/4.2.0.20040617-errno-fix.patch
new file mode 100644
index 000000000000..2c6fbdae2bc4
--- /dev/null
+++ b/net-misc/ntp/files/4.2.0.20040617-errno-fix.patch
@@ -0,0 +1,23 @@
+diff -Nur ntp-stable-4.2.0a-20040617/ntpd/ntp_io.c ntp-stable-4.2.0a-20040617-errno-fix/ntpd/ntp_io.c
+--- ntp-stable-4.2.0a-20040617/ntpd/ntp_io.c	2004-05-25 11:02:24.000000000 +0000
++++ ntp-stable-4.2.0a-20040617-errno-fix/ntpd/ntp_io.c	2005-05-06 15:35:23.433595492 +0000
+@@ -1795,16 +1795,16 @@
+ 				   sizeof(rb->recv_space), 0,
+ 				   (struct sockaddr *)&rb->recv_srcadr,
+ 				   &fromlen);
+-	if (rb->recv_length == 0
++	if (rb->recv_length == 0 || rb->recv_length == -1 && (0
+ #ifdef EWOULDBLOCK
+ 		 || errno==EWOULDBLOCK
+ #endif
+ #ifdef EAGAIN
+ 		 || errno==EAGAIN
+ #endif
+-		 ) {
++		)) {
+ 		freerecvbuf(rb);
+-	    continue;
++		continue;
+ 	}
+ 	else if (rb->recv_length < 0)
+ 	{
diff --git a/net-misc/ntp/files/4.2.0.20040617-hostname.patch b/net-misc/ntp/files/4.2.0.20040617-hostname.patch
new file mode 100644
index 000000000000..443a57e1b30d
--- /dev/null
+++ b/net-misc/ntp/files/4.2.0.20040617-hostname.patch
@@ -0,0 +1,98 @@
+diff -Nur ntp-stable-4.2.0a-20040617/html/authopt.html ntp-stable-4.2.0a-20040617-hostname/html/authopt.html
+--- ntp-stable-4.2.0a-20040617/html/authopt.html	2004-05-25 11:02:21.000000000 +0000
++++ ntp-stable-4.2.0a-20040617-hostname/html/authopt.html	2005-05-06 15:17:14.273461874 +0000
+@@ -89,6 +89,8 @@
+                 <dt><tt>sign <i>file</i></tt>
+                 <dd>Specifies the location of the optional sign key file. This overrides the link <tt>ntpkey_sign_<i>hostname</i></tt> in the keys directory. If this file is not found, the host key is also the sign key.
+             </dl>
++            <dt><tt>hostname <i>hostname</i></tt>
++            <dd>This command specifies a hostname to use instead of the hostname returned by <tt>gethostname()</tt>. Setting this affects all the filenames for cryptographic data as well as the hostname transmitted to other systems. Single filenames can still be overridden by options to the <tt>crypto</tt> command. The hostname has to be between 4 and 128 characters long.
+             <dt><tt>keys <i>keyfile</i></tt>
+             <dd>Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option.
+             <dt><tt>keysdir <i>path</i></tt>
+diff -Nur ntp-stable-4.2.0a-20040617/html/keygen.html ntp-stable-4.2.0a-20040617-hostname/html/keygen.html
+--- ntp-stable-4.2.0a-20040617/html/keygen.html	2004-02-25 05:57:40.000000000 +0000
++++ ntp-stable-4.2.0a-20040617-hostname/html/keygen.html	2005-05-06 15:18:57.423173962 +0000
+@@ -36,6 +36,7 @@
+         <p>This program generates cryptographic data files used by the NTPv4 authentication and identification schemes. It generates MD5 key files used in symmetric key cryptography. In addition, if the OpenSSL software library has been installed, it generates keys, certificate and identity files used in public key cryptography. These files are used for cookie encryption, digital signature and challenge/response identification algorithms compatible with the Internet standard security infrastructure.</p>
+         <p>All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. By default, files are not encrypted. The <tt>-p <i>password</i></tt> option specifies the write password and <tt>-q <i>password</i></tt> option the read password for previously encrypted files. The <tt>ntp-keygen</tt> program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.</p>
+         <p>The <tt>ntpd</tt> configuration command <tt>crypto pw <i>password</i></tt> specifies the read password for previously encrypted files. The daemon expires on the spot if the password is missing or incorrect. For convenience, if a file has been previously encrypted, the default read password is the name of the host running the program. If the previous write password is specified as the host name, these files can be read by that host with no explicit password.</p>
++        <p>The <tt>ntpd</tt> daemon requires hostnames to be between 4 and 128 chars in length. If you do not have set your hostname to a fully qualified domain name, and your hostname is shorter than 4 characters, you need to specify a hostname in the config file that is long enough. This can be done via the <tt>hostname</tt> command. This command is also useful, if the name you want to give your time server (e.g. time.domain.org) is different from the machines hostname. If you specifiy an alternate hostname, the keys and certificates need to have matching names in the subject and issuer fields. This can be done with the <tt>-s</tt> and <tt>-i</tt> options of <tt>ntp-keygen</tt>.</p>
+         <p>File names begin with the prefix <tt>ntpkey_</tt> and end with the postfix <tt><i>_hostname.filestamp</i></tt>, where <tt><i>hostname</i></tt> is the owner name, usually the string returned by the Unix <tt>gethostname()</tt> routine, and <tt><i>filestamp</i></tt> is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a <tt>rm ntpkey*</tt> command or all files generated at a specific time can be removed by a <tt>rm *<i>filestamp</i></tt> command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.</p>
+         <p>All files are installed by default in the keys directory <tt>/usr/local/etc</tt>, which is normally in a shared filesystem in NFS-mounted networks. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
+         <p>Normally, files containing private values, including the host key, sign key and identification parameters, are permitted root read/write-only; while others containing public values are permitted world readable. Alternatively, files containing private values can be encrypted and these files permitted world readable, which simplifies maintenance in shared file systems. Since uniqueness is insured by the hostname and file name extensions, the files for a NFS server and dependent clients can all be installed in the same shared directory.</p>
+diff -Nur ntp-stable-4.2.0a-20040617/include/ntp_config.h ntp-stable-4.2.0a-20040617-hostname/include/ntp_config.h
+--- ntp-stable-4.2.0a-20040617/include/ntp_config.h	2004-02-25 05:57:55.000000000 +0000
++++ ntp-stable-4.2.0a-20040617-hostname/include/ntp_config.h	2005-05-06 15:29:27.108952247 +0000
+@@ -59,6 +59,7 @@
+ #define CONFIG_CDELAY		38
+ #ifdef OPENSSL
+ #define CONFIG_CRYPTO		39
++#define CONFIG_HOSTNAME		40
+ #endif /* OPENSSL */
+ 
+ /*
+diff -Nur ntp-stable-4.2.0a-20040617/ntpd/ntp_config.c ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_config.c
+--- ntp-stable-4.2.0a-20040617/ntpd/ntp_config.c	2004-05-25 11:02:24.000000000 +0000
++++ ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_config.c	2005-05-06 15:32:56.319973120 +0000
+@@ -75,6 +75,9 @@
+ 	{ "enable",		CONFIG_ENABLE },
+ 	{ "filegen",		CONFIG_FILEGEN },
+ 	{ "fudge",		CONFIG_FUDGE },
++#ifdef OPENSSL
++	{ "hostname",		CONFIG_HOSTNAME },
++#endif /* OPENSSL */
+ 	{ "includefile",	CONFIG_INCLUDEFILE },
+ 	{ "keys",		CONFIG_KEYS },
+ 	{ "keysdir",		CONFIG_KEYSDIR },
+@@ -1760,6 +1763,18 @@
+ 			}
+ 			break;
+ 
++#ifdef OPENSSL
++		    case CONFIG_HOSTNAME:
++			if (ntokens != 2) {
++				syslog(LOG_ERR, "Invalid value for hostname command in config");
++				continue;
++			}
++			int namlen = min(strlen(tokens[1]) + 1, MAXFILENAME);
++			sys_hostname = emalloc(namlen);
++			strncpy(sys_hostname, tokens[1], namlen);
++			break;
++#endif /* OPENSSL */
++
+ 		}
+ 	}
+ 	if (fp[0])
+diff -Nur ntp-stable-4.2.0a-20040617/ntpd/ntp_crypto.c ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_crypto.c
+--- ntp-stable-4.2.0a-20040617/ntpd/ntp_crypto.c	2004-05-25 11:02:24.000000000 +0000
++++ ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_crypto.c	2005-05-06 15:31:37.729859128 +0000
+@@ -3752,10 +3752,12 @@
+ 	if (!crypto_flags)
+ 		return;
+ 
+-	gethostname(filename, MAXFILENAME);
+-	bytes = strlen(filename) + 1;
+-	sys_hostname = emalloc(bytes);
+-	memcpy(sys_hostname, filename, bytes);
++	if (sys_hostname == NULL) {
++		gethostname(filename, MAXFILENAME);
++		bytes = strlen(filename) + 1;
++		sys_hostname = emalloc(bytes);
++		memcpy(sys_hostname, filename, bytes);
++	}
+ 	if (passwd == NULL)
+ 		passwd = sys_hostname;
+ 	memset(&hostval, 0, sizeof(hostval));
+diff -Nur ntp-stable-4.2.0a-20040617/ntpd/ntp_proto.c ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_proto.c
+--- ntp-stable-4.2.0a-20040617/ntpd/ntp_proto.c	2004-05-25 11:02:24.000000000 +0000
++++ ntp-stable-4.2.0a-20040617-hostname/ntpd/ntp_proto.c	2005-05-06 15:30:40.095842376 +0000
+@@ -63,7 +63,7 @@
+ int	peer_ntpdate;		/* active peers in ntpdate mode */
+ int	sys_survivors;		/* truest of the truechimers */
+ #ifdef OPENSSL
+-char	*sys_hostname;		/* gethostname() name */
++char	*sys_hostname = NULL;	/* gethostname() name */
+ #endif /* OPENSSL */
+ 
+ /*
diff --git a/net-misc/ntp/files/4.2.0.20040617-ipv6-fixes.patch b/net-misc/ntp/files/4.2.0.20040617-ipv6-fixes.patch
new file mode 100644
index 000000000000..95969b62e537
--- /dev/null
+++ b/net-misc/ntp/files/4.2.0.20040617-ipv6-fixes.patch
@@ -0,0 +1,87 @@
+diff -Nur ntp-stable-4.2.0a-20040617/ntpdate/ntpdate.c ntp-stable-4.2.0a-20050303/ntpdate/ntpdate.c
+--- ntp-stable-4.2.0a-20040617/ntpdate/ntpdate.c	2004-05-25 13:02:25.000000000 +0200
++++ ntp-stable-4.2.0a-20050303/ntpdate/ntpdate.c	2005-03-03 12:01:15.000000000 +0100
+@@ -1321,6 +1321,30 @@
+ }
+ 
+ 
++/*
++ * is_unreachable - check to see if we have a route to given destination
++ *		    (non-blocking).
++ */
++static int
++is_reachable (struct sockaddr_storage *dst)
++{
++	SOCKET sockfd;
++
++	sockfd = socket(dst->ss_family, SOCK_DGRAM, 0);
++	if (sockfd == -1) {
++		return 0;
++	}
++
++	if(connect(sockfd, (struct sockaddr *)dst, SOCKLEN(dst))) {
++		closesocket(sockfd);
++		return 0;
++	}
++	closesocket(sockfd);
++	return 1;
++}
++
++
++
+ /* XXX ELIMINATE: merge BIG slew into adj_systime in lib/systime.c */
+ /*
+  * addserver - determine a server's address and allocate a new structure
+@@ -1333,7 +1357,7 @@
+ {
+ 	register struct server *server;
+ 	/* Address infos structure to store result of getaddrinfo */
+-	struct addrinfo *addrResult;
++	struct addrinfo *addrResult, *ptr;
+ 	/* Address infos structure to store hints for getaddrinfo */
+ 	struct addrinfo hints;
+ 	/* Error variable for getaddrinfo */
+@@ -1364,22 +1388,28 @@
+ 	}
+ #endif
+ 
+-	server = (struct server *)emalloc(sizeof(struct server));
+-	memset((char *)server, 0, sizeof(struct server));
+-
+-	/* For now we only get the first returned server of the addrinfo list */
+-	memset(&(server->srcadr), 0, sizeof(struct sockaddr_storage));
+-	memcpy(&(server->srcadr), addrResult->ai_addr, addrResult->ai_addrlen);
+-	server->event_time = ++sys_numservers;
+-	if (sys_servers == NULL)
+-		sys_servers = server;
+-	else {
+-		struct server *sp;
+-
+-		for (sp = sys_servers; sp->next_server != NULL;
+-		     sp = sp->next_server) ;
+-		sp->next_server = server;
++	/* We must get all returned server in case the first one fails */
++	for (ptr = addrResult; ptr != NULL; ptr = ptr->ai_next) {
++		if (is_reachable ((struct sockaddr_storage *)ptr->ai_addr)) {
++			server = (struct server *)emalloc(sizeof(struct server));
++			memset((char *)server, 0, sizeof(struct server));
++
++			memset(&(server->srcadr), 0, sizeof(struct sockaddr_storage));
++			memcpy(&(server->srcadr), ptr->ai_addr, ptr->ai_addrlen);
++			server->event_time = ++sys_numservers;
++			if (sys_servers == NULL)
++				sys_servers = server;
++			else {
++				struct server *sp;
++
++				for (sp = sys_servers; sp->next_server != NULL;
++				     sp = sp->next_server) ;
++				sp->next_server = server;
++			}
++		}
+ 	}
++
++	freeaddrinfo(addrResult);
+ }
+ 
+ 
diff --git a/net-misc/ntp/files/digest-ntp-4.2.0.20040617-r1 b/net-misc/ntp/files/digest-ntp-4.2.0.20040617-r1
new file mode 100644
index 000000000000..1fec3109247e
--- /dev/null
+++ b/net-misc/ntp/files/digest-ntp-4.2.0.20040617-r1
@@ -0,0 +1,2 @@
+MD5 d0554ae42164bcda990e6318648a7c58 ntp-stable-4.2.0a-20040617.tar.gz 2435648
+MD5 0f2d809eb4a360dd4479b00cfd95bc4e ntp-stable-4.2.0a-20040617-manpages.tar.bz2 25346