ntp: Update from 4.2.8 to 4.2.8p1 (6 vulnerability fixes)
This commit is contained in:
parent
22c055b2f1
commit
1a531a35c3
|
@ -1,168 +0,0 @@
|
|||
Fix ntp-keygen build without OpenSSL
|
||||
|
||||
Patch borrowed from Gentoo, originally from upstream
|
||||
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
||||
Upstream-Status: Backport
|
||||
|
||||
Upstream commit:
|
||||
http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg
|
||||
Gentoo bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=533238
|
||||
|
||||
Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
|
||||
Index: ntp-4.2.8/Makefile.am
|
||||
===================================================================
|
||||
--- ntp-4.2.8.orig/Makefile.am
|
||||
+++ ntp-4.2.8/Makefile.am
|
||||
@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib
|
||||
|
||||
NULL =
|
||||
|
||||
+# moved sntp first to get libtool and libevent built.
|
||||
+
|
||||
SUBDIRS = \
|
||||
+ sntp \
|
||||
scripts \
|
||||
include \
|
||||
libntp \
|
||||
@@ -17,7 +20,6 @@ SUBDIRS = \
|
||||
clockstuff \
|
||||
kernel \
|
||||
util \
|
||||
- sntp \
|
||||
tests \
|
||||
$(NULL)
|
||||
|
||||
@@ -64,7 +66,6 @@ BUILT_SOURCES = \
|
||||
.gcc-warning \
|
||||
'libtool \
|
||||
html/.datecheck \
|
||||
- sntp/built-sources-only \
|
||||
$(srcdir)/COPYRIGHT \
|
||||
$(srcdir)/.checkChangeLog \
|
||||
$(NULL)
|
||||
Index: ntp-4.2.8/configure.ac
|
||||
===================================================================
|
||||
--- ntp-4.2.8.orig/configure.ac
|
||||
+++ ntp-4.2.8/configure.ac
|
||||
@@ -102,7 +102,7 @@ esac
|
||||
enable_nls=no
|
||||
LIBOPTS_CHECK_NOBUILD([sntp/libopts])
|
||||
|
||||
-NTP_ENABLE_LOCAL_LIBEVENT
|
||||
+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent])
|
||||
|
||||
NTP_LIBNTP
|
||||
|
||||
@@ -771,6 +771,10 @@ esac
|
||||
|
||||
####
|
||||
|
||||
+AC_CHECK_FUNCS([arc4random_buf])
|
||||
+
|
||||
+####
|
||||
+
|
||||
saved_LIBS="$LIBS"
|
||||
LIBS="$LIBS $LDADD_LIBNTP"
|
||||
AC_CHECK_FUNCS([daemon])
|
||||
Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c
|
||||
===================================================================
|
||||
--- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c
|
||||
+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c
|
||||
@@ -24,6 +24,21 @@
|
||||
int crypto_rand_init = 0;
|
||||
#endif
|
||||
|
||||
+#ifndef HAVE_ARC4RANDOM_BUF
|
||||
+static void
|
||||
+arc4random_buf(void *buf, size_t nbytes);
|
||||
+
|
||||
+void
|
||||
+evutil_secure_rng_get_bytes(void *buf, size_t nbytes);
|
||||
+
|
||||
+static void
|
||||
+arc4random_buf(void *buf, size_t nbytes)
|
||||
+{
|
||||
+ evutil_secure_rng_get_bytes(buf, nbytes);
|
||||
+ return;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* As of late 2014, here's how we plan to provide cryptographic-quality
|
||||
* random numbers:
|
||||
Index: ntp-4.2.8/sntp/configure.ac
|
||||
===================================================================
|
||||
--- ntp-4.2.8.orig/sntp/configure.ac
|
||||
+++ ntp-4.2.8/sntp/configure.ac
|
||||
@@ -97,11 +97,14 @@ esac
|
||||
enable_nls=no
|
||||
LIBOPTS_CHECK
|
||||
|
||||
-AM_COND_IF(
|
||||
- [BUILD_SNTP],
|
||||
- [NTP_LIBEVENT_CHECK],
|
||||
- [NTP_LIBEVENT_CHECK_NOBUILD]
|
||||
-)
|
||||
+# From when we only used libevent for sntp:
|
||||
+#AM_COND_IF(
|
||||
+# [BUILD_SNTP],
|
||||
+# [NTP_LIBEVENT_CHECK],
|
||||
+# [NTP_LIBEVENT_CHECK_NOBUILD]
|
||||
+#)
|
||||
+
|
||||
+NTP_LIBEVENT_CHECK([2])
|
||||
|
||||
# Checks for libraries.
|
||||
|
||||
Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4
|
||||
===================================================================
|
||||
--- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4
|
||||
+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4
|
||||
@@ -1,4 +1,25 @@
|
||||
-dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*-
|
||||
+# SYNOPSIS -*- Autoconf -*-
|
||||
+#
|
||||
+# NTP_ENABLE_LOCAL_LIBEVENT
|
||||
+# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]])
|
||||
+# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]])
|
||||
+#
|
||||
+# DESCRIPTION
|
||||
+#
|
||||
+# AUTHOR
|
||||
+#
|
||||
+# Harlan Stenn
|
||||
+#
|
||||
+# LICENSE
|
||||
+#
|
||||
+# This file is Copyright (c) 2014 Network Time Foundation
|
||||
+#
|
||||
+# Copying and distribution of this file, with or without modification, are
|
||||
+# permitted in any medium without royalty provided the copyright notice,
|
||||
+# author attribution and this notice are preserved. This file is offered
|
||||
+# as-is, without any warranty.
|
||||
+
|
||||
+dnl NTP_ENABLE_LOCAL_LIBEVENT
|
||||
dnl
|
||||
dnl Provide only the --enable-local-libevent command-line option.
|
||||
dnl
|
||||
@@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar
|
||||
dnl but DO NOT invoke DIR/configure if we are going to use our bundled
|
||||
dnl version. This may be the case for nested packages.
|
||||
dnl
|
||||
-dnl provide --enable-local-libevent .
|
||||
+dnl provides --enable-local-libevent .
|
||||
dnl
|
||||
dnl Examples:
|
||||
dnl
|
||||
Index: ntp-4.2.8/util/Makefile.am
|
||||
===================================================================
|
||||
--- ntp-4.2.8.orig/util/Makefile.am
|
||||
+++ ntp-4.2.8/util/Makefile.am
|
||||
@@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP)
|
||||
LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS)
|
||||
tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM)
|
||||
ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a
|
||||
+ntp_keygen_LDADD += $(LDADD_LIBEVENT)
|
||||
ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM)
|
||||
ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h
|
||||
|
|
@ -1,157 +0,0 @@
|
|||
SUMMARY = "Network Time Protocol daemon and utilities"
|
||||
DESCRIPTION = "The Network Time Protocol (NTP) is used to \
|
||||
synchronize the time of a computer client or server to \
|
||||
another server or reference time source, such as a radio \
|
||||
or satellite receiver or modem."
|
||||
HOMEPAGE = "http://support.ntp.org"
|
||||
SECTION = "console/network"
|
||||
LICENSE = "NTP"
|
||||
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ebe123f74017224947c78d472407c10f"
|
||||
|
||||
DEPENDS = "libevent"
|
||||
|
||||
SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \
|
||||
file://ntp-4.2.4_p6-nano.patch \
|
||||
file://ntpd \
|
||||
file://ntp.conf \
|
||||
file://ntpdate \
|
||||
file://ntpdate.default \
|
||||
file://ntpdate.service \
|
||||
file://ntpd.service \
|
||||
file://sntp.service \
|
||||
file://sntp \
|
||||
file://ntpd.list \
|
||||
file://ntp-4.2.8-ntp-keygen-no-openssl.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "6972a626be6150db8cfbd0b63d8719e7"
|
||||
SRC_URI[sha256sum] = "2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee"
|
||||
|
||||
inherit autotools update-rc.d useradd systemd pkgconfig
|
||||
|
||||
# The ac_cv_header_readline_history is to stop ntpdc depending on either
|
||||
# readline or curses
|
||||
EXTRA_OECONF += "--with-net-snmp-config=no \
|
||||
--without-ntpsnmpd \
|
||||
ac_cv_header_readline_history_h=no \
|
||||
--with-yielding_select=yes \
|
||||
--with-locfile=redhat \
|
||||
--enable-ATOM \
|
||||
"
|
||||
CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED"
|
||||
|
||||
USERADD_PACKAGES = "${PN}"
|
||||
NTP_USER_HOME ?= "/var/lib/ntp"
|
||||
USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \
|
||||
--no-create-home \
|
||||
--shell /bin/false --user-group ntp"
|
||||
|
||||
# NB: debug is default-enabled by NTP; keep it default-enabled here.
|
||||
PACKAGECONFIG ??= "cap debug"
|
||||
PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \
|
||||
--with-openssl-incdir=${STAGING_INCDIR} \
|
||||
--with-crypto, \
|
||||
--without-openssl --without-crypto, \
|
||||
openssl"
|
||||
PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap"
|
||||
PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline"
|
||||
PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging"
|
||||
|
||||
do_install_append() {
|
||||
install -d ${D}${sysconfdir}/init.d
|
||||
install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir}
|
||||
install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d
|
||||
install -d ${D}${bindir}
|
||||
install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync
|
||||
|
||||
install -m 755 -d ${D}${NTP_USER_HOME}
|
||||
chown ntp:ntp ${D}${NTP_USER_HOME}
|
||||
|
||||
# Fix hardcoded paths in scripts
|
||||
sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
|
||||
sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
|
||||
sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
|
||||
sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
|
||||
sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync
|
||||
sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace
|
||||
sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace
|
||||
sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait
|
||||
sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait
|
||||
sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj
|
||||
sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj
|
||||
|
||||
install -d ${D}/${sysconfdir}/default
|
||||
install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate
|
||||
install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/
|
||||
|
||||
install -d ${D}/${sysconfdir}/network/if-up.d
|
||||
ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d
|
||||
|
||||
install -d ${D}${systemd_unitdir}/system
|
||||
install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/
|
||||
install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/
|
||||
install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/
|
||||
|
||||
install -d ${D}${systemd_unitdir}/ntp-units.d
|
||||
install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list
|
||||
}
|
||||
|
||||
PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils"
|
||||
# NOTE: you don't need ntpdate, use "ntpd -q -g -x"
|
||||
|
||||
# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms
|
||||
# with wonky clocks (e.g. OpenSlug)
|
||||
RDEPENDS_${PN} = "${PN}-tickadj"
|
||||
# Handle move from bin to utils package
|
||||
RPROVIDES_${PN}-utils = "${PN}-bin"
|
||||
RREPLACES_${PN}-utils = "${PN}-bin"
|
||||
RCONFLICTS_${PN}-utils = "${PN}-bin"
|
||||
|
||||
SYSTEMD_PACKAGES = "${PN} ntpdate sntp"
|
||||
SYSTEMD_SERVICE_${PN} = "ntpd.service"
|
||||
SYSTEMD_SERVICE_ntpdate = "ntpdate.service"
|
||||
SYSTEMD_SERVICE_sntp = "sntp.service"
|
||||
|
||||
RPROVIDES_${PN} += "${PN}-systemd"
|
||||
RREPLACES_${PN} += "${PN}-systemd"
|
||||
RCONFLICTS_${PN} += "${PN}-systemd"
|
||||
|
||||
RPROVIDES_ntpdate += "ntpdate-systemd"
|
||||
RREPLACES_ntpdate += "ntpdate-systemd"
|
||||
RCONFLICTS_ntpdate += "ntpdate-systemd"
|
||||
|
||||
RSUGGESTS_${PN} = "iana-etc"
|
||||
|
||||
FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \
|
||||
${NTP_USER_HOME} \
|
||||
${systemd_unitdir}/ntp-units.d/60-ntpd.list \
|
||||
"
|
||||
FILES_${PN}-tickadj = "${sbindir}/tickadj"
|
||||
FILES_${PN}-utils = "${sbindir} ${datadir}/ntp/lib"
|
||||
RDEPENDS_${PN}-utils += "perl"
|
||||
FILES_ntpdate = "${sbindir}/ntpdate \
|
||||
${sysconfdir}/network/if-up.d/ntpdate-sync \
|
||||
${bindir}/ntpdate-sync \
|
||||
${sysconfdir}/default/ntpdate \
|
||||
${systemd_unitdir}/system/ntpdate.service \
|
||||
"
|
||||
FILES_sntp = "${sbindir}/sntp \
|
||||
${sysconfdir}/default/sntp \
|
||||
${systemd_unitdir}/system/sntp.service \
|
||||
"
|
||||
|
||||
CONFFILES_${PN} = "${sysconfdir}/ntp.conf"
|
||||
CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate"
|
||||
|
||||
INITSCRIPT_NAME = "ntpd"
|
||||
# No dependencies, so just go in at the standard level (20)
|
||||
INITSCRIPT_PARAMS = "defaults"
|
||||
|
||||
pkg_postinst_ntpdate() {
|
||||
if ! grep -q -s ntpdate $D/var/spool/cron/root; then
|
||||
echo "adding crontab"
|
||||
test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron
|
||||
echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root
|
||||
fi
|
||||
}
|
||||
|
Loading…
Reference in New Issue