diff options
author | Thomas Deutschmann <whissi@gentoo.org> | 2019-10-26 19:49:47 +0200 |
---|---|---|
committer | Thomas Deutschmann <whissi@gentoo.org> | 2019-10-26 19:50:54 +0200 |
commit | def2c6ace829ce9e98c8963802a0b3baf916ac72 (patch) | |
tree | dcd11221a916fc4b0b9a0bd19a0f295c93190b8b | |
parent | sys-apps/systemd: revbump for static-libs support (diff) | |
download | gentoo-def2c6ace829ce9e98c8963802a0b3baf916ac72.tar.gz gentoo-def2c6ace829ce9e98c8963802a0b3baf916ac72.tar.bz2 gentoo-def2c6ace829ce9e98c8963802a0b3baf916ac72.zip |
net-misc/ntpsec: update unit file to avoid CVE-2015-5300
Bug: https://bugs.gentoo.org/697024
Package-Manager: Portage-2.3.78, Repoman-2.3.17
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
-rw-r--r-- | net-misc/ntpsec/files/ntpd-r1.service | 19 | ||||
-rw-r--r-- | net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild (renamed from net-misc/ntpsec/ntpsec-1.1.7.ebuild) | 2 | ||||
-rw-r--r-- | net-misc/ntpsec/ntpsec-9999.ebuild | 2 |
3 files changed, 21 insertions, 2 deletions
diff --git a/net-misc/ntpsec/files/ntpd-r1.service b/net-misc/ntpsec/files/ntpd-r1.service new file mode 100644 index 000000000000..5da473805aa0 --- /dev/null +++ b/net-misc/ntpsec/files/ntpd-r1.service @@ -0,0 +1,19 @@ +[Unit] +Description=Network Time Service +After=network.target nss-lookup.target +Conflicts=systemd-timesyncd.service + +[Service] +Type=forking +PrivateTmp=true +EnvironmentFile=-/etc/conf.d/ntp +ExecStart=/usr/sbin/ntpd ${NTPD_OPTS} +# Specifying -g on the command line allows ntpd to make large adjustments to +# the clock on boot. However, if Restart=yes is set, a malicious (or broken) +# server could send the incorrect time, trip the panic threshold, and when +# ntpd restarts, serve it the incorrect time (which would be accepted). +Restart=no +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/net-misc/ntpsec/ntpsec-1.1.7.ebuild b/net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild index e5bf13be3bed..d6b4b3054594 100644 --- a/net-misc/ntpsec/ntpsec-1.1.7.ebuild +++ b/net-misc/ntpsec/ntpsec-1.1.7-r1.ebuild @@ -132,7 +132,7 @@ src_install() { newconfd "${FILESDIR}"/ntpd.confd ntp # Install the systemd unit file - systemd_newunit "${FILESDIR}"/ntpd.service ntpd.service + systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service # Prepare a directory for the ntp.drift file mkdir -pv "${ED}"/var/lib/ntp diff --git a/net-misc/ntpsec/ntpsec-9999.ebuild b/net-misc/ntpsec/ntpsec-9999.ebuild index 7cc6f74f6d34..050f701b387d 100644 --- a/net-misc/ntpsec/ntpsec-9999.ebuild +++ b/net-misc/ntpsec/ntpsec-9999.ebuild @@ -131,7 +131,7 @@ src_install() { newconfd "${FILESDIR}"/ntpd.confd ntp # Install the systemd unit file - systemd_newunit "${FILESDIR}"/ntpd.service ntpd.service + systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service # Prepare a directory for the ntp.drift file mkdir -pv "${ED}"/var/lib/ntp |