summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2019-10-26 19:49:47 +0200
committerThomas Deutschmann <whissi@gentoo.org>2019-10-26 19:50:54 +0200
commitdef2c6ace829ce9e98c8963802a0b3baf916ac72 (patch)
treedcd11221a916fc4b0b9a0bd19a0f295c93190b8b
parentsys-apps/systemd: revbump for static-libs support (diff)
downloadgentoo-def2c6ace829ce9e98c8963802a0b3baf916ac72.tar.gz
gentoo-def2c6ace829ce9e98c8963802a0b3baf916ac72.tar.bz2
gentoo-def2c6ace829ce9e98c8963802a0b3baf916ac72.zip
net-misc/ntpsec: update unit file to avoid CVE-2015-5300
Bug: https://bugs.gentoo.org/697024 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
-rw-r--r--net-misc/ntpsec/files/ntpd-r1.service19
-rw-r--r--net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild (renamed from net-misc/ntpsec/ntpsec-1.1.7.ebuild)2
-rw-r--r--net-misc/ntpsec/ntpsec-9999.ebuild2
3 files changed, 21 insertions, 2 deletions
diff --git a/net-misc/ntpsec/files/ntpd-r1.service b/net-misc/ntpsec/files/ntpd-r1.service
new file mode 100644
index 000000000000..5da473805aa0
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpd-r1.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Network Time Service
+After=network.target nss-lookup.target
+Conflicts=systemd-timesyncd.service
+
+[Service]
+Type=forking
+PrivateTmp=true
+EnvironmentFile=-/etc/conf.d/ntp
+ExecStart=/usr/sbin/ntpd ${NTPD_OPTS}
+# Specifying -g on the command line allows ntpd to make large adjustments to
+# the clock on boot. However, if Restart=yes is set, a malicious (or broken)
+# server could send the incorrect time, trip the panic threshold, and when
+# ntpd restarts, serve it the incorrect time (which would be accepted).
+Restart=no
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-misc/ntpsec/ntpsec-1.1.7.ebuild b/net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild
index e5bf13be3bed..d6b4b3054594 100644
--- a/net-misc/ntpsec/ntpsec-1.1.7.ebuild
+++ b/net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild
@@ -132,7 +132,7 @@ src_install() {
newconfd "${FILESDIR}"/ntpd.confd ntp
# Install the systemd unit file
- systemd_newunit "${FILESDIR}"/ntpd.service ntpd.service
+ systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service
# Prepare a directory for the ntp.drift file
mkdir -pv "${ED}"/var/lib/ntp
diff --git a/net-misc/ntpsec/ntpsec-9999.ebuild b/net-misc/ntpsec/ntpsec-9999.ebuild
index 7cc6f74f6d34..050f701b387d 100644
--- a/net-misc/ntpsec/ntpsec-9999.ebuild
+++ b/net-misc/ntpsec/ntpsec-9999.ebuild
@@ -131,7 +131,7 @@ src_install() {
newconfd "${FILESDIR}"/ntpd.confd ntp
# Install the systemd unit file
- systemd_newunit "${FILESDIR}"/ntpd.service ntpd.service
+ systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service
# Prepare a directory for the ntp.drift file
mkdir -pv "${ED}"/var/lib/ntp