summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch')
-rw-r--r--net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch49
1 files changed, 49 insertions, 0 deletions
diff --git a/net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch b/net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch
new file mode 100644
index 000000000000..85a7c72949f2
--- /dev/null
+++ b/net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch
@@ -0,0 +1,49 @@
+diff -u -r openntpd-5.7p4-orig/src/config.c openntpd-5.7p4/src/config.c
+--- openntpd-5.7p4-orig/src/config.c 2015-03-24 18:18:56.000000000 -0700
++++ openntpd-5.7p4/src/config.c 2015-05-25 16:48:59.000000000 -0700
+@@ -218,6 +218,9 @@
+ fatal("new_constraint calloc");
+ p->id = ++constraint_maxid;
+
++#ifndef HAVE_LIBTLS
++ fatal("constraint configured without libtls support");
++#endif
+ return (p);
+ }
+
+diff -u -r openntpd-5.7p4-orig/src/ntp.c openntpd-5.7p4/src/ntp.c
+--- openntpd-5.7p4-orig/src/ntp.c 2015-03-11 19:15:36.000000000 -0700
++++ openntpd-5.7p4/src/ntp.c 2015-05-25 16:48:59.000000000 -0700
+@@ -110,12 +110,14 @@
+ return (pid);
+ }
+
++#ifdef HAVE_LIBTLS
+ tls_init();
+
+ /* Verification will be turned off if CA is not found */
+ if ((conf->ca = tls_load_file(CONSTRAINT_CA,
+ &conf->ca_len, NULL)) == NULL)
+ log_warnx("constraint certificate verification turned off");
++#endif
+
+ /* in this case the parent didn't init logging and didn't daemonize */
+ if (nconf->settime && !nconf->debug) {
+diff -u -r openntpd-5.7p4-orig/src/ntpd.conf.5 openntpd-5.7p4/src/ntpd.conf.5
+--- openntpd-5.7p4-orig/src/ntpd.conf.5 2015-03-24 18:18:56.000000000 -0700
++++ openntpd-5.7p4/src/ntpd.conf.5 2015-05-25 16:48:59.000000000 -0700
+@@ -192,8 +192,11 @@
+ .Sq Man-In-The-Middle
+ attacks.
+ Received NTP packets with time information falling outside of a range
+-near the constraint will be discarded and such NTP servers
+-will be marked as invalid.
++near the constraint will be discarded and such NTP servers will be marked as
++invalid. Contraints are only available if
++.Xr ntpd 8
++has been compiled with libtls support. Configuring a constraint without libtls
++support will result in a fatal error.
+ .Bl -tag -width Ds
+ .It Ic constraint from Ar url
+ Specify the URL, IP address or the hostname of an HTTPS server to
+Only in openntpd-5.7p4/src: ntpd.conf.5.orig