SECURITY:

fix gid confusion when starting ntpd with -u groupname CAN-2005-2496
2006-01-24 19:58:58 +00:00 · 2006-01-24 19:58:58 +00:00 · 3fcc829ef4
commit 3fcc829ef4
parent a28bbba028
5 changed files with 33 additions and 26 deletions
--- a/net/ntp/Makefile
+++ b/net/ntp/Makefile
@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.31 2005/03/08 04:16:42 danh Exp $
+# $OpenBSD: Makefile,v 1.32 2006/01/24 19:58:58 sturm Exp $

 COMMENT=	"network time protocol implementation"
 COMMENT-doc=	"network time protocol documentation"

 NTP_VERSION=	4.2.0a
 DISTNAME=	ntp-stable-${NTP_VERSION}-20050303
-PKGNAME=	ntp-${NTP_VERSION}p1
+PKGNAME=	ntp-${NTP_VERSION}p2
 PKGNAME-doc=	ntp-doc-${NTP_VERSION}p1
 CATEGORIES=	net
 MASTER_SITES=	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/snapshots/ntp-stable/2005/03/ \
--- a/net/ntp/patches/patch-configure_in
+++ b/net/ntp/patches/patch-configure_in
@ -1,6 +1,6 @@
-$OpenBSD: patch-configure_in,v 1.4 2004/06/05 04:54:53 danh Exp $
--- configure.in.orig	2004-05-25 07:02:21.000000000 -0400
-+++ configure.in	2004-06-04 09:39:53.000000000 -0400
+$OpenBSD: patch-configure_in,v 1.5 2006/01/24 19:58:58 sturm Exp $
+--- configure.in.orig	Tue May 25 13:02:21 2004
+++ configure.in	Tue Jan 24 20:52:52 2006
@@ -768,6 +768,7 @@ case "$host" in
  *-pc-cygwin*)
     ;;
@ -9,12 +9,12 @@ $OpenBSD: patch-configure_in,v 1.4 2004/06/05 04:54:53 danh Exp $
     ;;
 esac
 AC_CHECK_FUNCS(hstrerror)
-@@ -788,6 +789,8 @@ case "$host" in
+@@ -787,6 +788,8 @@ case "$host" in
+     ;;
  *-*-irix[[45]]*)
     # Just a stub in "old" Irix.  Idiots.
-     ;;
-+ *-*-openbsd*)
 +    ;;
+ *-*-openbsd*)
+     ;;
  *-*-qnx*)
     # Apparently there but not working in QNX.  Idiots?
-     ;;
--- a/net/ntp/patches/patch-ntpd_ntpd_c
+++ b/net/ntp/patches/patch-ntpd_ntpd_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-ntpd_ntpd_c,v 1.1.1.1 2004/06/05 04:34:19 danh Exp $
--- ntpd/ntpd.c.orig	2004-02-25 00:58:13.000000000 -0500
-+++ ntpd/ntpd.c	2004-06-04 09:39:45.000000000 -0400
+$OpenBSD: patch-ntpd_ntpd_c,v 1.2 2006/01/24 19:58:58 sturm Exp $
+--- ntpd/ntpd.c.orig	Wed Feb 25 06:58:13 2004
+++ ntpd/ntpd.c	Tue Jan 24 20:53:43 2006
@@ -399,11 +399,16 @@ ntpdmain(
 	}
 #endif
@ -19,3 +19,12 @@ $OpenBSD: patch-ntpd_ntpd_c,v 1.1.1.1 2004/06/05 04:34:19 danh Exp $
 		if (uid)
 		{
 			msyslog(LOG_ERR, "ntpd: must be run as root, not uid %ld", (long)uid);
+@@ -881,7 +886,7 @@ getuser:	
+ 			} else {
+ getgroup:	
+ 				if ((gr = getgrnam(group)) != NULL) {
+-					sw_gid = pw->pw_gid;
+					sw_gid = gr->gr_gid;
+ 				} else {
+ 					errno = 0;
+ 					msyslog(LOG_ERR, "Cannot find group `%s'", group);
--- a/net/ntp/patches/patch-ntpdate_ntpdate_c
+++ b/net/ntp/patches/patch-ntpdate_ntpdate_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-ntpdate_ntpdate_c,v 1.1.1.1 2004/06/05 04:34:19 danh Exp $
--- ntpdate/ntpdate.c.orig	2004-05-25 07:02:25.000000000 -0400
-+++ ntpdate/ntpdate.c	2004-06-04 09:49:44.000000000 -0400
+$OpenBSD: patch-ntpdate_ntpdate_c,v 1.2 2006/01/24 19:58:58 sturm Exp $
+--- ntpdate/ntpdate.c.orig	Thu Mar  3 12:01:15 2005
+++ ntpdate/ntpdate.c	Tue Jan 24 20:52:44 2006
@@ -10,17 +10,6 @@
 #include <netinfo/ni.h>
 #endif
@ -19,7 +19,7 @@ $OpenBSD: patch-ntpdate_ntpdate_c,v 1.1.1.1 2004/06/05 04:34:19 danh Exp $
 #ifdef HAVE_UNISTD_H
 # include <unistd.h>
 #endif
-@@ -45,9 +34,23 @@
+@@ -45,8 +34,22 @@
 #ifdef HAVE_SYS_RESOURCE_H
 # include <sys/resource.h>
 #endif /* HAVE_SYS_RESOURCE_H */
@ -28,7 +28,7 @@ $OpenBSD: patch-ntpdate_ntpdate_c,v 1.1.1.1 2004/06/05 04:34:19 danh Exp $
 +#endif /* HAVE_NETINET_IN_H */
 
 #include <arpa/inet.h>
- 
+
 +#include "ntp_machine.h"
 +#include "ntp_fp.h"
 +#include "ntp.h"
@ -39,7 +39,6 @@ $OpenBSD: patch-ntpdate_ntpdate_c,v 1.1.1.1 2004/06/05 04:34:19 danh Exp $
 +#include "ntp_syslog.h"
 +#include "ntp_select.h"
 +#include "ntp_stdlib.h"
-+
+ 
 #ifdef __QNXNTO__
 # include "adjtime.h"
- #endif
--- a/net/ntp/patches/patch-ntpdc_ntpdc_ops_c
+++ b/net/ntp/patches/patch-ntpdc_ntpdc_ops_c
@ -1,7 +1,7 @@
-$OpenBSD: patch-ntpdc_ntpdc_ops_c,v 1.1.1.1 2004/06/05 04:34:19 danh Exp $
--- ntpdc/ntpdc_ops.c.orig	2004-05-25 07:02:25.000000000 -0400
-+++ ntpdc/ntpdc_ops.c	2004-06-04 09:51:19.000000000 -0400
-@@ -9,22 +9,22 @@
+$OpenBSD: patch-ntpdc_ntpdc_ops_c,v 1.2 2006/01/24 19:58:58 sturm Exp $
+--- ntpdc/ntpdc_ops.c.orig	Tue May 25 13:02:25 2004
+++ ntpdc/ntpdc_ops.c	Tue Jan 24 20:52:44 2006
+@@ -9,21 +9,21 @@
 #include <stdio.h>
 #include <stddef.h>
 
@ -21,12 +21,11 @@ $OpenBSD: patch-ntpdc_ntpdc_ops_c,v 1.1.1.1 2004/06/05 04:34:19 danh Exp $
 #endif
 
 #include <arpa/inet.h>
- 
+
 +#include "ntpdc.h"
 +#include "ntp_control.h"
 +#include "ntp_refclock.h"
 +#include "ntp_stdlib.h"
-+
+ 
 /*
  * Declarations for command handlers in here
-  */