From 24a38f5b2b4670e7a4e3a550c261348a993efe03 Mon Sep 17 00:00:00 2001
From: Michael Marineau <michael.marineau@coreos.com>
Date: Fri, 19 Dec 2014 16:58:04 -0800
Subject: [PATCH] ntp: bump to 4.2.8, includes important security fixes

This release includes some important security updates:
http://www.kb.cert.org/vuls/id/852879

Also, support for the ntpdc client in ntpd has been removed upstream.
The ntpq client must be used instead.
---
 .../coreos-overlay/net-misc/ntp/Manifest      |   1 +
 .../net-misc/ntp/ntp-4.2.8.ebuild             | 109 ++++++++++++++++++
 2 files changed, 110 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8.ebuild

diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/Manifest b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/Manifest
index a7e9a07383..60fbe376a4 100644
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/Manifest
@@ -1,2 +1,3 @@
 DIST ntp-4.2.6p5-manpages.tar.bz2 47874 SHA256 f49203cba2301ce27a53113a6e22d844b258114604f2c9ee1371833babc70f9c SHA512 57d4b8fc4482a41c6595418ebff1a861d4bd7ee175b13cf5580a5915749a096b3a906ca8ddf9fc9c57ead783df22b7b9326b51bbab9cd8340576413bee3e7f84 WHIRLPOOL 83c2d95fe953ab2cd7729bc03d89e44a2de85cb68b4ec72c123a034846866aebf7b83eeb4e45add6aa1443f2de83bfbb1ecdbb437534d827d1e1a4a08f91cfd4
 DIST ntp-4.2.6p5.tar.gz 4202539 SHA256 d6ab8371f9d31e594eb6922823d5ccd03dcc4e9d84b0e23ea25ac1405432f91c SHA512 8d76fc7e92b2ea6dd5031e6030a7aba4ff6fb3e19d3bc0153852509861be5d0960e70604814163caedb81f8315a451d78371f99634a50b55cfe1cbd2c69e3046 WHIRLPOOL 9943706ad02e377cb38d65caed6f675d37db7aa53dd86319b17405791494bf11244ac933867516cca9438947202b595b6606088a8aaa436655f9eeb8d078b77e
+DIST ntp-4.2.8.tar.gz 6750364 SHA256 2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee SHA512 d69ed02e57c66d5c57616bb5e4be0d58e7410dd27ea96acaed6e8b63726a37cd22ae73e8bdff089abbe8e19bcd8bee05733ab362249018fc495fcedc71aa3a44 WHIRLPOOL 4bfe1222c250425e3fc229649d1d4ae11fa6a32eb03f9d15b95575ee31171761321730c83d6e283551fc89647370a86791ec1c262c49826b31106d4317fb64e1
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8.ebuild
new file mode 100644
index 0000000000..20856690da
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8.ebuild
@@ -0,0 +1,109 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ntp-4.2.6_p5-r10.ebuild,v 1.15 2014/11/02 09:09:15 swift Exp $
+
+EAPI="4"
+
+inherit eutils toolchain-funcs flag-o-matic user systemd
+
+MY_P=${P/_p/p}
+DESCRIPTION="Network Time Protocol suite/programs"
+HOMEPAGE="http://www.ntp.org/"
+SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz"
+
+LICENSE="HPND BSD ISC"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux ~m68k-mint"
+IUSE="caps debug doc examples ipv6 openntpd parse-clocks samba selinux snmp ssl vim-syntax zeroconf"
+
+CDEPEND=">=sys-libs/ncurses-5.2
+	>=sys-libs/readline-4.1
+	>=dev-libs/libevent-2.0.9
+	kernel_linux? ( caps? ( sys-libs/libcap ) )
+	zeroconf? ( net-dns/avahi[mdnsresponder-compat] )
+	!openntpd? ( !net-misc/openntpd )
+	snmp? ( net-analyzer/net-snmp )
+	ssl? ( dev-libs/openssl )
+	parse-clocks? ( net-misc/pps-tools )"
+DEPEND="${CDEPEND}
+	dev-util/pkgconfig"
+RDEPEND="${CDEPEND}
+	selinux? ( sec-policy/selinux-ntp )
+	vim-syntax? ( app-vim/ntp-syntax )"
+PDEPEND="openntpd? ( net-misc/openntpd )"
+
+S=${WORKDIR}/${MY_P}
+
+pkg_setup() {
+	enewgroup ntp 123
+	enewuser ntp 123 -1 /dev/null ntp
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-4.2.4_p7-nano.patch #270483
+	append-cppflags -D_GNU_SOURCE #264109
+}
+
+src_configure() {
+	# avoid libmd5/libelf
+	export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no
+	export ac_cv_lib_elf_nlist=no
+	# blah, no real configure options #176333
+	export ac_cv_header_dns_sd_h=$(usex zeroconf)
+	export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h}
+	econf \
+		--with-lineeditlibs=readline,edit,editline \
+		--with-yielding-select \
+		--disable-local-libevent \
+		$(use_enable caps linuxcaps) \
+		$(use_enable parse-clocks) \
+		$(use_enable ipv6) \
+		$(use_enable debug debugging) \
+		$(use_enable samba ntp-signd) \
+		$(use_with snmp ntpsnmpd) \
+		$(use_with ssl crypto)
+}
+
+src_install() {
+	default
+	# move ntpd/ntpdate to sbin #66671
+	dodir /usr/sbin
+	mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin"
+
+	dodoc INSTALL WHERE-TO-START
+	use doc && dohtml -r html/*
+
+	insinto /usr/share/ntp
+	doins "${FILESDIR}"/ntp.conf
+	if use examples; then
+		cp -r scripts/* "${ED}"/usr/share/ntp/ || die
+		use prefix || fperms -R go-w /usr/share/ntp
+		find "${ED}"/usr/share/ntp \
+			'(' \
+			-name '*.in' -o \
+			-name 'Makefile*' -o \
+			-name support \
+			')' \
+			-exec rm -r {} \;
+	fi
+
+	keepdir /var/lib/ntp
+	use prefix || fowners ntp:ntp /var/lib/ntp
+	systemd_newtmpfilesd "${FILESDIR}"/ntp.tmpfiles ntp.conf
+
+	if use openntpd ; then
+		cd "${ED}"
+		rm usr/sbin/ntpd || die
+		rm -r var/lib
+		rm usr/share/man/*/ntpd.8 || die
+	else
+		systemd_dounit "${FILESDIR}"/ntpd.service
+		use caps && sed -i '/ExecStart/ s|$| -u ntp:ntp|' \
+			"${ED}/$(systemd_get_unitdir)/ntpd.service"
+		systemd_enable_ntpunit 60-ntpd ntpd.service
+		systemd_enable_service multi-user.target ntpd.service
+	fi
+
+	systemd_dounit "${FILESDIR}"/ntpdate.service
+	systemd_dounit "${FILESDIR}"/sntp.service
+}