Date: Fri, 18 Feb 2022 21:02:11 GMT From: Cy Schubert <cy@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: c2a26c7a01c7 - main - net/ntp: Restore previous behaviour Message-ID: <202202182102.21IL2BVA075989@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=c2a26c7a01c70722c50c0958fa2860633ced64c9 commit c2a26c7a01c70722c50c0958fa2860633ced64c9 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-02-18 20:45:07 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-02-18 21:01:48 +0000 net/ntp: Restore previous behaviour Restore ntp to prior to the ASLR mitigations applied. When ASLR and subsequently PIE were committed to the FreeBSD kernel, ntpd would segfault due to insufficient stack. This was because stack gap was not taken into account by applications requesting stack and/or memory limits. (BTW, this problem also affected firefox and thunderbird.) This subsequently caused disabling of rlimit memlock, which could not be avoided under the previous implementation of ASLR: Cannot set RLIMIT_MEMLOCK: Operation not permitted Since then a number of improvments to ASLR stack gap implementation have rendered the mitigations unnecessary. The mitigations initially developed here at FreeBSD were subsequently upstreamed (noticed by the folks at nwtime.org and automatically upstreamed). The mitigations have been reversed in the base system. This patch reverses the ASLR mitigations in the port as well. PR: 262031 Reported by: p5B2E9A8F@t-online.de --- net/ntp/Makefile | 2 +- net/ntp/files/patch-ntpd_ntpd.c | 54 +++++++++++++++++++++++++++++------------ 2 files changed, 40 insertions(+), 16 deletions(-) diff --git a/net/ntp/Makefile b/net/ntp/Makefile index de084df97545..4999d46ff4cc 100644 --- a/net/ntp/Makefile +++ b/net/ntp/Makefile @@ -2,7 +2,7 @@ PORTNAME= ntp PORTVERSION= 4.2.8p15 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= net MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \ http://archive.ntp.org/ntp4/ntp-4.2/ \ diff --git a/net/ntp/files/patch-ntpd_ntpd.c b/net/ntp/files/patch-ntpd_ntpd.c index 477f570f93b6..9cd041eccd42 100644 --- a/net/ntp/files/patch-ntpd_ntpd.c +++ b/net/ntp/files/patch-ntpd_ntpd.c @@ -1,24 +1,48 @@ --- ntpd/ntpd.c.orig 2020-06-23 02:17:48.000000000 -0700 -+++ ntpd/ntpd.c 2022-01-26 10:14:00.828563000 -0800 -@@ -145,7 +145,9 @@ ++++ ntpd/ntpd.c 2022-02-18 12:02:30.547638000 -0800 +@@ -145,17 +145,6 @@ # include <seccomp.h> #endif /* LIBSECCOMP and KERN_SECCOMP */ -#ifdef __FreeBSD__ -+#if defined(__FreeBSD_version) && \ -+ ((__FreeBSD_version > 1400000 && __FreeBSD_version < 1400038) || \ -+ __FreeBSD_version < 1300524) - #include <sys/procctl.h> - #ifndef PROC_STACKGAP_CTL - /* -@@ -438,7 +440,9 @@ +-#include <sys/procctl.h> +-#ifndef PROC_STACKGAP_CTL +-/* +- * Even if we compile on an older system we can still run on a newer one. +- */ +-#define PROC_STACKGAP_CTL 17 +-#define PROC_STACKGAP_DISABLE 0x0002 +-#endif +-#endif +- + #ifdef HAVE_DNSREGISTRATION + # include <dns_sd.h> + DNSServiceRef mdns; +@@ -438,18 +427,6 @@ char *argv[] ) { -# ifdef __FreeBSD__ -+# if defined(__FreeBSD_version) && \ -+ ((__FreeBSD_version > 1400000 && __FreeBSD_version < 1400038) || \ -+ __FreeBSD_version < 1300524) - { - /* - * We Must disable ASLR stack gap on FreeBSD to avoid a +- { +- /* +- * We Must disable ASLR stack gap on FreeBSD to avoid a +- * segfault. See PR/241421 and PR/241960. +- */ +- int aslr_var = PROC_STACKGAP_DISABLE; +- +- pid_t my_pid = getpid(); +- procctl(P_PID, my_pid, PROC_STACKGAP_CTL, &aslr_var); +- } +-# endif + return ntpdmain(argc, argv); + } + #endif /* !SYS_WINNT */ +@@ -1058,7 +1035,7 @@ + # if defined(HAVE_MLOCKALL) + # ifdef HAVE_SETRLIMIT + ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k"); +-# ifdef RLIMIT_MEMLOCK ++# if defined(RLIMIT_MEMLOCK) && defined(DFLT_RLIMIT_MEMLOCK) && DFLT_RLIMIT_MEMLOCK != -1 + /* + * The default RLIMIT_MEMLOCK is very low on Linux systems. + * Unless we increase this limit malloc calls are likely to
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202202182102.21IL2BVA075989>