ntp: Update from 4.2.8 to 4.2.8p1 (6 vulnerability fixes)

2015-02-23 20:26:11 +01:00 · 2015-02-23 20:26:11 +01:00 · 1a531a35c3
parent 22c055b2f1
commit 1a531a35c3
2 changed files with 0 additions and 325 deletions
--- a/recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch
+++ b/recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch
@ -1,168 +0,0 @@
-Fix ntp-keygen build without OpenSSL
-
-Patch borrowed from Gentoo, originally from upstream
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-Upstream-Status: Backport
-
-Upstream commit:
-http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg
-Gentoo bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=533238
-
-Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
-Index: ntp-4.2.8/Makefile.am
-===================================================================
--- ntp-4.2.8.orig/Makefile.am
-+++ ntp-4.2.8/Makefile.am
-@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib
- 
- NULL =
- 
-+# moved sntp first to get libtool and libevent built.
-+
- SUBDIRS =		\
-+	sntp		\
- 	scripts		\
- 	include		\
- 	libntp		\
-@@ -17,7 +20,6 @@ SUBDIRS =		\
- 	clockstuff	\
- 	kernel		\
- 	util		\
-	sntp		\
- 	tests		\
- 	$(NULL)
- 
-@@ -64,7 +66,6 @@ BUILT_SOURCES =				\
- 	.gcc-warning			\
- 	'libtool				\
- 	html/.datecheck			\
-	sntp/built-sources-only		\
- 	$(srcdir)/COPYRIGHT		\
- 	$(srcdir)/.checkChangeLog	\
- 	$(NULL)
-Index: ntp-4.2.8/configure.ac
-===================================================================
--- ntp-4.2.8.orig/configure.ac
-+++ ntp-4.2.8/configure.ac
-@@ -102,7 +102,7 @@ esac
- enable_nls=no
- LIBOPTS_CHECK_NOBUILD([sntp/libopts])
- 
-NTP_ENABLE_LOCAL_LIBEVENT
-+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent])
- 
- NTP_LIBNTP
- 
-@@ -771,6 +771,10 @@ esac
- 
- #### 
- 
-+AC_CHECK_FUNCS([arc4random_buf])
-+
-+#### 
-+
- saved_LIBS="$LIBS"
- LIBS="$LIBS $LDADD_LIBNTP"
- AC_CHECK_FUNCS([daemon])
-Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c
-===================================================================
--- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c
-+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c
-@@ -24,6 +24,21 @@
- int crypto_rand_init = 0;
- #endif
- 
-+#ifndef HAVE_ARC4RANDOM_BUF
-+static void
-+arc4random_buf(void *buf, size_t nbytes);
-+
-+void
-+evutil_secure_rng_get_bytes(void *buf, size_t nbytes);
-+
-+static void
-+arc4random_buf(void *buf, size_t nbytes)
-+{
-+	evutil_secure_rng_get_bytes(buf, nbytes);
-+	return;
-+}
-+#endif
-+
- /*
-  * As of late 2014, here's how we plan to provide cryptographic-quality
-  * random numbers:
-Index: ntp-4.2.8/sntp/configure.ac
-===================================================================
--- ntp-4.2.8.orig/sntp/configure.ac
-+++ ntp-4.2.8/sntp/configure.ac
-@@ -97,11 +97,14 @@ esac
- enable_nls=no
- LIBOPTS_CHECK
- 
-AM_COND_IF(
-    [BUILD_SNTP],
-    [NTP_LIBEVENT_CHECK],
-    [NTP_LIBEVENT_CHECK_NOBUILD]
-)
-+# From when we only used libevent for sntp:
-+#AM_COND_IF(
-+#    [BUILD_SNTP],
-+#    [NTP_LIBEVENT_CHECK],
-+#    [NTP_LIBEVENT_CHECK_NOBUILD]
-+#)
-+
-+NTP_LIBEVENT_CHECK([2])
- 
- # Checks for libraries.
- 
-Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4
-===================================================================
--- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4
-+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4
-@@ -1,4 +1,25 @@
-dnl NTP_ENABLE_LOCAL_LIBEVENT				     -*- Autoconf -*-
-+# SYNOPSIS						-*- Autoconf -*-
-+#
-+#  NTP_ENABLE_LOCAL_LIBEVENT
-+#  NTP_LIBEVENT_CHECK([MINVERSION [, DIR]])
-+#  NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]])
-+#
-+# DESCRIPTION
-+#
-+# AUTHOR
-+#
-+#  Harlan Stenn
-+#
-+# LICENSE
-+#
-+#  This file is Copyright (c) 2014 Network Time Foundation
-+# 
-+#  Copying and distribution of this file, with or without modification, are
-+#  permitted in any medium without royalty provided the copyright notice,
-+#  author attribution and this notice are preserved.  This file is offered
-+#  as-is, without any warranty.
-+
-+dnl NTP_ENABLE_LOCAL_LIBEVENT
- dnl
- dnl Provide only the --enable-local-libevent command-line option.
- dnl
-@@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar
- dnl but DO NOT invoke DIR/configure if we are going to use our bundled
- dnl version.  This may be the case for nested packages.
- dnl
-dnl provide --enable-local-libevent .
-+dnl provides --enable-local-libevent .
- dnl
- dnl Examples:
- dnl
-Index: ntp-4.2.8/util/Makefile.am
-===================================================================
--- ntp-4.2.8.orig/util/Makefile.am
-+++ ntp-4.2.8/util/Makefile.am
-@@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP)
- LDADD=		../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS)
- tg2_LDADD=	../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM)
- ntp_keygen_LDADD  = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a
-+ntp_keygen_LDADD += $(LDADD_LIBEVENT)
- ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM)
- ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h
- 
--- a/recipes-bsp/ntp/ntp_4.2.8.bb
+++ b/recipes-bsp/ntp/ntp_4.2.8.bb
@ -1,157 +0,0 @@
-SUMMARY = "Network Time Protocol daemon and utilities"
-DESCRIPTION = "The Network Time Protocol (NTP) is used to \
-synchronize the time of a computer client or server to \
-another server or reference time source, such as a radio \
-or satellite receiver or modem."
-HOMEPAGE = "http://support.ntp.org"
-SECTION = "console/network"
-LICENSE = "NTP"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ebe123f74017224947c78d472407c10f"
-
-DEPENDS = "libevent"
-
-SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \
-           file://ntp-4.2.4_p6-nano.patch \
-           file://ntpd \
-           file://ntp.conf \
-           file://ntpdate \
-           file://ntpdate.default \
-           file://ntpdate.service \
-           file://ntpd.service \
-           file://sntp.service \
-           file://sntp \
-           file://ntpd.list \
-           file://ntp-4.2.8-ntp-keygen-no-openssl.patch \
-"
-
-SRC_URI[md5sum] = "6972a626be6150db8cfbd0b63d8719e7"
-SRC_URI[sha256sum] = "2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee"
-
-inherit autotools update-rc.d useradd systemd pkgconfig
-
-# The ac_cv_header_readline_history is to stop ntpdc depending on either
-# readline or curses
-EXTRA_OECONF += "--with-net-snmp-config=no \
-                 --without-ntpsnmpd \
-                 ac_cv_header_readline_history_h=no \
-                 --with-yielding_select=yes \
-                 --with-locfile=redhat \
-		 --enable-ATOM \
-                 "
-CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED"
-
-USERADD_PACKAGES = "${PN}"
-NTP_USER_HOME ?= "/var/lib/ntp"
-USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \
-                       --no-create-home \
-                       --shell /bin/false --user-group ntp"
-
-# NB: debug is default-enabled by NTP; keep it default-enabled here.
-PACKAGECONFIG ??= "cap debug"
-PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \
-                          --with-openssl-incdir=${STAGING_INCDIR} \
-                          --with-crypto, \
-                          --without-openssl --without-crypto, \
-                          openssl"
-PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap"
-PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline"
-PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging"
-
-do_install_append() {
-    install -d ${D}${sysconfdir}/init.d
-    install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir}
-    install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d
-    install -d ${D}${bindir}
-    install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync
-
-    install -m 755 -d ${D}${NTP_USER_HOME}
-    chown ntp:ntp ${D}${NTP_USER_HOME}
-
-    # Fix hardcoded paths in scripts
-    sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
-    sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
-    sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
-    sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
-    sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync
-    sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace
-    sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace
-    sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait
-    sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait
-    sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj
-    sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj
-
-    install -d ${D}/${sysconfdir}/default
-    install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate
-    install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/
-
-    install -d ${D}/${sysconfdir}/network/if-up.d
-    ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d
-
-    install -d ${D}${systemd_unitdir}/system
-    install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/
-    install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/
-    install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/
-
-    install -d ${D}${systemd_unitdir}/ntp-units.d
-    install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list
-}
-
-PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils"
-# NOTE: you don't need ntpdate, use "ntpd -q -g -x"
-
-# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms
-# with wonky clocks (e.g. OpenSlug)
-RDEPENDS_${PN} = "${PN}-tickadj"
-# Handle move from bin to utils package
-RPROVIDES_${PN}-utils = "${PN}-bin"
-RREPLACES_${PN}-utils = "${PN}-bin"
-RCONFLICTS_${PN}-utils = "${PN}-bin"
-
-SYSTEMD_PACKAGES = "${PN} ntpdate sntp"
-SYSTEMD_SERVICE_${PN} = "ntpd.service"
-SYSTEMD_SERVICE_ntpdate = "ntpdate.service"
-SYSTEMD_SERVICE_sntp = "sntp.service"
-
-RPROVIDES_${PN} += "${PN}-systemd"
-RREPLACES_${PN} += "${PN}-systemd"
-RCONFLICTS_${PN} += "${PN}-systemd"
-
-RPROVIDES_ntpdate += "ntpdate-systemd"
-RREPLACES_ntpdate += "ntpdate-systemd"
-RCONFLICTS_ntpdate += "ntpdate-systemd"
-
-RSUGGESTS_${PN} = "iana-etc"
-
-FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \
-    ${NTP_USER_HOME} \
-    ${systemd_unitdir}/ntp-units.d/60-ntpd.list \
-"
-FILES_${PN}-tickadj = "${sbindir}/tickadj"
-FILES_${PN}-utils = "${sbindir} ${datadir}/ntp/lib"
-RDEPENDS_${PN}-utils += "perl"
-FILES_ntpdate = "${sbindir}/ntpdate \
-    ${sysconfdir}/network/if-up.d/ntpdate-sync \
-    ${bindir}/ntpdate-sync \
-    ${sysconfdir}/default/ntpdate \
-    ${systemd_unitdir}/system/ntpdate.service \
-"
-FILES_sntp = "${sbindir}/sntp \
-              ${sysconfdir}/default/sntp \
-              ${systemd_unitdir}/system/sntp.service \
-             "
-
-CONFFILES_${PN} = "${sysconfdir}/ntp.conf"
-CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate"
-
-INITSCRIPT_NAME = "ntpd"
-# No dependencies, so just go in at the standard level (20)
-INITSCRIPT_PARAMS = "defaults"
-
-pkg_postinst_ntpdate() {
-    if ! grep -q -s ntpdate $D/var/spool/cron/root; then
-        echo "adding crontab"
-        test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron
-        echo "30 * * * *    ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root
-    fi
-}
-