diff options
Diffstat (limited to 'net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch')
-rw-r--r-- | net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch b/net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch new file mode 100644 index 000000000000..85a7c72949f2 --- /dev/null +++ b/net-misc/openntpd/files/openntpd-5.7_p4-nolibtls.patch @@ -0,0 +1,49 @@ +diff -u -r openntpd-5.7p4-orig/src/config.c openntpd-5.7p4/src/config.c +--- openntpd-5.7p4-orig/src/config.c 2015-03-24 18:18:56.000000000 -0700 ++++ openntpd-5.7p4/src/config.c 2015-05-25 16:48:59.000000000 -0700 +@@ -218,6 +218,9 @@ + fatal("new_constraint calloc"); + p->id = ++constraint_maxid; + ++#ifndef HAVE_LIBTLS ++ fatal("constraint configured without libtls support"); ++#endif + return (p); + } + +diff -u -r openntpd-5.7p4-orig/src/ntp.c openntpd-5.7p4/src/ntp.c +--- openntpd-5.7p4-orig/src/ntp.c 2015-03-11 19:15:36.000000000 -0700 ++++ openntpd-5.7p4/src/ntp.c 2015-05-25 16:48:59.000000000 -0700 +@@ -110,12 +110,14 @@ + return (pid); + } + ++#ifdef HAVE_LIBTLS + tls_init(); + + /* Verification will be turned off if CA is not found */ + if ((conf->ca = tls_load_file(CONSTRAINT_CA, + &conf->ca_len, NULL)) == NULL) + log_warnx("constraint certificate verification turned off"); ++#endif + + /* in this case the parent didn't init logging and didn't daemonize */ + if (nconf->settime && !nconf->debug) { +diff -u -r openntpd-5.7p4-orig/src/ntpd.conf.5 openntpd-5.7p4/src/ntpd.conf.5 +--- openntpd-5.7p4-orig/src/ntpd.conf.5 2015-03-24 18:18:56.000000000 -0700 ++++ openntpd-5.7p4/src/ntpd.conf.5 2015-05-25 16:48:59.000000000 -0700 +@@ -192,8 +192,11 @@ + .Sq Man-In-The-Middle + attacks. + Received NTP packets with time information falling outside of a range +-near the constraint will be discarded and such NTP servers +-will be marked as invalid. ++near the constraint will be discarded and such NTP servers will be marked as ++invalid. Contraints are only available if ++.Xr ntpd 8 ++has been compiled with libtls support. Configuring a constraint without libtls ++support will result in a fatal error. + .Bl -tag -width Ds + .It Ic constraint from Ar url + Specify the URL, IP address or the hostname of an HTTPS server to +Only in openntpd-5.7p4/src: ntpd.conf.5.orig |