From nobody Fri Feb 18 21:02:11 2022 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 02A4819D59C0; Fri, 18 Feb 2022 21:02:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4K0kfC3SS3z4vnV; Fri, 18 Feb 2022 21:02:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645218131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UtgFJ9CN9xiEHkZUt2v5ifjwc8xkLS5XJ+kjhOMeaDQ=; b=gBN+ezuznNcZe3XTp+BvLtsn8qu9cD4CqPbeepgoUHlcFyFKlnUd6eS/HU765HM8NZF94n T8/FO4vFe4sFdEoMt1JnUaOFkB1E6b+BmyoOc7QQ/mdI/t2CXsyzPEQ47rlc8sztFUFay1 YlanI6pCid9XIamyHwSRhperskfLhJS8/WD2vT7GToNNIFLDMcXe/WmDy7ATFt+Ytr2WAQ rOXjiT8dsCNAQY20Y4MduOSfYOenjbzwvzCt8CmLWJEoBSi28fuXqMFSSFqeFWtGyJeoYD TgQsC1/lzFyN5Ebij+rCeqiBR+IBhXKEjJskB3o/vrU3yyKPU61ClpbXusyCtA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 38A0D246B3; Fri, 18 Feb 2022 21:02:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21IL2B4i075990; Fri, 18 Feb 2022 21:02:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21IL2BVA075989; Fri, 18 Feb 2022 21:02:11 GMT (envelope-from git) Date: Fri, 18 Feb 2022 21:02:11 GMT Message-Id: <202202182102.21IL2BVA075989@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Cy Schubert Subject: git: c2a26c7a01c7 - main - net/ntp: Restore previous behaviour List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c2a26c7a01c70722c50c0958fa2860633ced64c9 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1645218131; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UtgFJ9CN9xiEHkZUt2v5ifjwc8xkLS5XJ+kjhOMeaDQ=; b=wQ+bq+GHuswTyHTIK5M9i2qWghgLyTspMoftuOTDqkRP1niBZyc1Ma7tuITdeIb1ZegcHy n9i95iioCGZayep0vEfCbvhEfFJsLPJ91qqzKmTG/81etnr/RHhWVEq3mkTYpRRuRoLLGE Gdg0OvnIZ6WsY6qS76xLhbfdOegOu3MjH89mjXcpLFmLl5eULcIwZosIoJsklmeq7v83w2 OAtkyN08IbEYhR2wj3xu70DuDpIG6TKXfzIY1cv3QRw+BhDVz8CzK/+vFt43MRp7IZblS5 cQCZVMnT2yns1O/a533QtuuTdOfp3iJaEhAz1e414GWGNszO38AnfymHIQsEkw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1645218131; a=rsa-sha256; cv=none; b=IstnWHAtwTOFAoqPWsU2BI2D2vQvz3fy5i3uyo/4/kUTINDaI6moxeKBUki5qkLW4Fw7Uy 4zxyehWL3yrkhsrfXTfOkxhURvQb2cT118DSHDRi/tDsu9FswS2louATDw22dl2IGctVaa Onm/SZAwBsKKumgS18MS1+vbn4Jd7gyg0x9+dzy9yph8zlV90gnBUhwxcucpOMzVUBvI/e i9EpHi/gWJ+RF5FKIivEZT64RYwfi7DecwNOyh7pkK8EQHM9naR4oIBolgH+zVJLUTSezu 1t/47KiJchFTWPw5Fuo3AFwAjyHeGJXHs7ODN9y/3g2UquKl9GybqN388z9bGA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/ports/commit/?id=c2a26c7a01c70722c50c0958fa2860633ced64c9 commit c2a26c7a01c70722c50c0958fa2860633ced64c9 Author: Cy Schubert AuthorDate: 2022-02-18 20:45:07 +0000 Commit: Cy Schubert CommitDate: 2022-02-18 21:01:48 +0000 net/ntp: Restore previous behaviour Restore ntp to prior to the ASLR mitigations applied. When ASLR and subsequently PIE were committed to the FreeBSD kernel, ntpd would segfault due to insufficient stack. This was because stack gap was not taken into account by applications requesting stack and/or memory limits. (BTW, this problem also affected firefox and thunderbird.) This subsequently caused disabling of rlimit memlock, which could not be avoided under the previous implementation of ASLR: Cannot set RLIMIT_MEMLOCK: Operation not permitted Since then a number of improvments to ASLR stack gap implementation have rendered the mitigations unnecessary. The mitigations initially developed here at FreeBSD were subsequently upstreamed (noticed by the folks at nwtime.org and automatically upstreamed). The mitigations have been reversed in the base system. This patch reverses the ASLR mitigations in the port as well. PR: 262031 Reported by: p5B2E9A8F@t-online.de --- net/ntp/Makefile | 2 +- net/ntp/files/patch-ntpd_ntpd.c | 54 +++++++++++++++++++++++++++++------------ 2 files changed, 40 insertions(+), 16 deletions(-) diff --git a/net/ntp/Makefile b/net/ntp/Makefile index de084df97545..4999d46ff4cc 100644 --- a/net/ntp/Makefile +++ b/net/ntp/Makefile @@ -2,7 +2,7 @@ PORTNAME= ntp PORTVERSION= 4.2.8p15 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= net MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \ http://archive.ntp.org/ntp4/ntp-4.2/ \ diff --git a/net/ntp/files/patch-ntpd_ntpd.c b/net/ntp/files/patch-ntpd_ntpd.c index 477f570f93b6..9cd041eccd42 100644 --- a/net/ntp/files/patch-ntpd_ntpd.c +++ b/net/ntp/files/patch-ntpd_ntpd.c @@ -1,24 +1,48 @@ --- ntpd/ntpd.c.orig 2020-06-23 02:17:48.000000000 -0700 -+++ ntpd/ntpd.c 2022-01-26 10:14:00.828563000 -0800 -@@ -145,7 +145,9 @@ ++++ ntpd/ntpd.c 2022-02-18 12:02:30.547638000 -0800 +@@ -145,17 +145,6 @@ # include #endif /* LIBSECCOMP and KERN_SECCOMP */ -#ifdef __FreeBSD__ -+#if defined(__FreeBSD_version) && \ -+ ((__FreeBSD_version > 1400000 && __FreeBSD_version < 1400038) || \ -+ __FreeBSD_version < 1300524) - #include - #ifndef PROC_STACKGAP_CTL - /* -@@ -438,7 +440,9 @@ +-#include +-#ifndef PROC_STACKGAP_CTL +-/* +- * Even if we compile on an older system we can still run on a newer one. +- */ +-#define PROC_STACKGAP_CTL 17 +-#define PROC_STACKGAP_DISABLE 0x0002 +-#endif +-#endif +- + #ifdef HAVE_DNSREGISTRATION + # include + DNSServiceRef mdns; +@@ -438,18 +427,6 @@ char *argv[] ) { -# ifdef __FreeBSD__ -+# if defined(__FreeBSD_version) && \ -+ ((__FreeBSD_version > 1400000 && __FreeBSD_version < 1400038) || \ -+ __FreeBSD_version < 1300524) - { - /* - * We Must disable ASLR stack gap on FreeBSD to avoid a +- { +- /* +- * We Must disable ASLR stack gap on FreeBSD to avoid a +- * segfault. See PR/241421 and PR/241960. +- */ +- int aslr_var = PROC_STACKGAP_DISABLE; +- +- pid_t my_pid = getpid(); +- procctl(P_PID, my_pid, PROC_STACKGAP_CTL, &aslr_var); +- } +-# endif + return ntpdmain(argc, argv); + } + #endif /* !SYS_WINNT */ +@@ -1058,7 +1035,7 @@ + # if defined(HAVE_MLOCKALL) + # ifdef HAVE_SETRLIMIT + ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k"); +-# ifdef RLIMIT_MEMLOCK ++# if defined(RLIMIT_MEMLOCK) && defined(DFLT_RLIMIT_MEMLOCK) && DFLT_RLIMIT_MEMLOCK != -1 + /* + * The default RLIMIT_MEMLOCK is very low on Linux systems. + * Unless we increase this limit malloc calls are likely to