From 1a531a35c30f8260253cf631d6cdfb0db681271c Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Mon, 23 Feb 2015 20:26:11 +0100 Subject: [PATCH] ntp: Update from 4.2.8 to 4.2.8p1 (6 vulnerability fixes) --- .../ntp-4.2.8-ntp-keygen-no-openssl.patch | 168 ------------------ recipes-bsp/ntp/ntp_4.2.8.bb | 157 ---------------- 2 files changed, 325 deletions(-) delete mode 100644 recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch delete mode 100644 recipes-bsp/ntp/ntp_4.2.8.bb diff --git a/recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch b/recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch deleted file mode 100644 index 9b9af63..0000000 --- a/recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch +++ /dev/null @@ -1,168 +0,0 @@ -Fix ntp-keygen build without OpenSSL - -Patch borrowed from Gentoo, originally from upstream -Signed-off-by: Paul Eggleton -Upstream-Status: Backport - -Upstream commit: -http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg -Gentoo bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=533238 - -Signed-off-by: Markos Chandras -Index: ntp-4.2.8/Makefile.am -=================================================================== ---- ntp-4.2.8.orig/Makefile.am -+++ ntp-4.2.8/Makefile.am -@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib - - NULL = - -+# moved sntp first to get libtool and libevent built. -+ - SUBDIRS = \ -+ sntp \ - scripts \ - include \ - libntp \ -@@ -17,7 +20,6 @@ SUBDIRS = \ - clockstuff \ - kernel \ - util \ -- sntp \ - tests \ - $(NULL) - -@@ -64,7 +66,6 @@ BUILT_SOURCES = \ - .gcc-warning \ - 'libtool \ - html/.datecheck \ -- sntp/built-sources-only \ - $(srcdir)/COPYRIGHT \ - $(srcdir)/.checkChangeLog \ - $(NULL) -Index: ntp-4.2.8/configure.ac -=================================================================== ---- ntp-4.2.8.orig/configure.ac -+++ ntp-4.2.8/configure.ac -@@ -102,7 +102,7 @@ esac - enable_nls=no - LIBOPTS_CHECK_NOBUILD([sntp/libopts]) - --NTP_ENABLE_LOCAL_LIBEVENT -+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent]) - - NTP_LIBNTP - -@@ -771,6 +771,10 @@ esac - - #### - -+AC_CHECK_FUNCS([arc4random_buf]) -+ -+#### -+ - saved_LIBS="$LIBS" - LIBS="$LIBS $LDADD_LIBNTP" - AC_CHECK_FUNCS([daemon]) -Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c -=================================================================== ---- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c -+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c -@@ -24,6 +24,21 @@ - int crypto_rand_init = 0; - #endif - -+#ifndef HAVE_ARC4RANDOM_BUF -+static void -+arc4random_buf(void *buf, size_t nbytes); -+ -+void -+evutil_secure_rng_get_bytes(void *buf, size_t nbytes); -+ -+static void -+arc4random_buf(void *buf, size_t nbytes) -+{ -+ evutil_secure_rng_get_bytes(buf, nbytes); -+ return; -+} -+#endif -+ - /* - * As of late 2014, here's how we plan to provide cryptographic-quality - * random numbers: -Index: ntp-4.2.8/sntp/configure.ac -=================================================================== ---- ntp-4.2.8.orig/sntp/configure.ac -+++ ntp-4.2.8/sntp/configure.ac -@@ -97,11 +97,14 @@ esac - enable_nls=no - LIBOPTS_CHECK - --AM_COND_IF( -- [BUILD_SNTP], -- [NTP_LIBEVENT_CHECK], -- [NTP_LIBEVENT_CHECK_NOBUILD] --) -+# From when we only used libevent for sntp: -+#AM_COND_IF( -+# [BUILD_SNTP], -+# [NTP_LIBEVENT_CHECK], -+# [NTP_LIBEVENT_CHECK_NOBUILD] -+#) -+ -+NTP_LIBEVENT_CHECK([2]) - - # Checks for libraries. - -Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4 -=================================================================== ---- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4 -+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4 -@@ -1,4 +1,25 @@ --dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*- -+# SYNOPSIS -*- Autoconf -*- -+# -+# NTP_ENABLE_LOCAL_LIBEVENT -+# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]]) -+# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]]) -+# -+# DESCRIPTION -+# -+# AUTHOR -+# -+# Harlan Stenn -+# -+# LICENSE -+# -+# This file is Copyright (c) 2014 Network Time Foundation -+# -+# Copying and distribution of this file, with or without modification, are -+# permitted in any medium without royalty provided the copyright notice, -+# author attribution and this notice are preserved. This file is offered -+# as-is, without any warranty. -+ -+dnl NTP_ENABLE_LOCAL_LIBEVENT - dnl - dnl Provide only the --enable-local-libevent command-line option. - dnl -@@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar - dnl but DO NOT invoke DIR/configure if we are going to use our bundled - dnl version. This may be the case for nested packages. - dnl --dnl provide --enable-local-libevent . -+dnl provides --enable-local-libevent . - dnl - dnl Examples: - dnl -Index: ntp-4.2.8/util/Makefile.am -=================================================================== ---- ntp-4.2.8.orig/util/Makefile.am -+++ ntp-4.2.8/util/Makefile.am -@@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP) - LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) - tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) - ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a -+ntp_keygen_LDADD += $(LDADD_LIBEVENT) - ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM) - ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h - diff --git a/recipes-bsp/ntp/ntp_4.2.8.bb b/recipes-bsp/ntp/ntp_4.2.8.bb deleted file mode 100644 index 66e2574..0000000 --- a/recipes-bsp/ntp/ntp_4.2.8.bb +++ /dev/null @@ -1,157 +0,0 @@ -SUMMARY = "Network Time Protocol daemon and utilities" -DESCRIPTION = "The Network Time Protocol (NTP) is used to \ -synchronize the time of a computer client or server to \ -another server or reference time source, such as a radio \ -or satellite receiver or modem." -HOMEPAGE = "http://support.ntp.org" -SECTION = "console/network" -LICENSE = "NTP" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ebe123f74017224947c78d472407c10f" - -DEPENDS = "libevent" - -SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \ - file://ntp-4.2.4_p6-nano.patch \ - file://ntpd \ - file://ntp.conf \ - file://ntpdate \ - file://ntpdate.default \ - file://ntpdate.service \ - file://ntpd.service \ - file://sntp.service \ - file://sntp \ - file://ntpd.list \ - file://ntp-4.2.8-ntp-keygen-no-openssl.patch \ -" - -SRC_URI[md5sum] = "6972a626be6150db8cfbd0b63d8719e7" -SRC_URI[sha256sum] = "2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee" - -inherit autotools update-rc.d useradd systemd pkgconfig - -# The ac_cv_header_readline_history is to stop ntpdc depending on either -# readline or curses -EXTRA_OECONF += "--with-net-snmp-config=no \ - --without-ntpsnmpd \ - ac_cv_header_readline_history_h=no \ - --with-yielding_select=yes \ - --with-locfile=redhat \ - --enable-ATOM \ - " -CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED" - -USERADD_PACKAGES = "${PN}" -NTP_USER_HOME ?= "/var/lib/ntp" -USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \ - --no-create-home \ - --shell /bin/false --user-group ntp" - -# NB: debug is default-enabled by NTP; keep it default-enabled here. -PACKAGECONFIG ??= "cap debug" -PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \ - --with-openssl-incdir=${STAGING_INCDIR} \ - --with-crypto, \ - --without-openssl --without-crypto, \ - openssl" -PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap" -PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline" -PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging" - -do_install_append() { - install -d ${D}${sysconfdir}/init.d - install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} - install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d - install -d ${D}${bindir} - install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync - - install -m 755 -d ${D}${NTP_USER_HOME} - chown ntp:ntp ${D}${NTP_USER_HOME} - - # Fix hardcoded paths in scripts - sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync - sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace - sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace - sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait - sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait - sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj - sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj - - install -d ${D}/${sysconfdir}/default - install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate - install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ - - install -d ${D}/${sysconfdir}/network/if-up.d - ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d - - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/ - - install -d ${D}${systemd_unitdir}/ntp-units.d - install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list -} - -PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils" -# NOTE: you don't need ntpdate, use "ntpd -q -g -x" - -# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms -# with wonky clocks (e.g. OpenSlug) -RDEPENDS_${PN} = "${PN}-tickadj" -# Handle move from bin to utils package -RPROVIDES_${PN}-utils = "${PN}-bin" -RREPLACES_${PN}-utils = "${PN}-bin" -RCONFLICTS_${PN}-utils = "${PN}-bin" - -SYSTEMD_PACKAGES = "${PN} ntpdate sntp" -SYSTEMD_SERVICE_${PN} = "ntpd.service" -SYSTEMD_SERVICE_ntpdate = "ntpdate.service" -SYSTEMD_SERVICE_sntp = "sntp.service" - -RPROVIDES_${PN} += "${PN}-systemd" -RREPLACES_${PN} += "${PN}-systemd" -RCONFLICTS_${PN} += "${PN}-systemd" - -RPROVIDES_ntpdate += "ntpdate-systemd" -RREPLACES_ntpdate += "ntpdate-systemd" -RCONFLICTS_ntpdate += "ntpdate-systemd" - -RSUGGESTS_${PN} = "iana-etc" - -FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \ - ${NTP_USER_HOME} \ - ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ -" -FILES_${PN}-tickadj = "${sbindir}/tickadj" -FILES_${PN}-utils = "${sbindir} ${datadir}/ntp/lib" -RDEPENDS_${PN}-utils += "perl" -FILES_ntpdate = "${sbindir}/ntpdate \ - ${sysconfdir}/network/if-up.d/ntpdate-sync \ - ${bindir}/ntpdate-sync \ - ${sysconfdir}/default/ntpdate \ - ${systemd_unitdir}/system/ntpdate.service \ -" -FILES_sntp = "${sbindir}/sntp \ - ${sysconfdir}/default/sntp \ - ${systemd_unitdir}/system/sntp.service \ - " - -CONFFILES_${PN} = "${sysconfdir}/ntp.conf" -CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate" - -INITSCRIPT_NAME = "ntpd" -# No dependencies, so just go in at the standard level (20) -INITSCRIPT_PARAMS = "defaults" - -pkg_postinst_ntpdate() { - if ! grep -q -s ntpdate $D/var/spool/cron/root; then - echo "adding crontab" - test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron - echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root - fi -} -