ntp: Update from 4.2.8 to 4.2.8p1 (6 vulnerability fixes)
This commit is contained in:
parent
22c055b2f1
commit
1a531a35c3
|
@ -1,168 +0,0 @@
|
||||||
Fix ntp-keygen build without OpenSSL
|
|
||||||
|
|
||||||
Patch borrowed from Gentoo, originally from upstream
|
|
||||||
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
||||||
Upstream-Status: Backport
|
|
||||||
|
|
||||||
Upstream commit:
|
|
||||||
http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg
|
|
||||||
Gentoo bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=533238
|
|
||||||
|
|
||||||
Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
|
|
||||||
Index: ntp-4.2.8/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- ntp-4.2.8.orig/Makefile.am
|
|
||||||
+++ ntp-4.2.8/Makefile.am
|
|
||||||
@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib
|
|
||||||
|
|
||||||
NULL =
|
|
||||||
|
|
||||||
+# moved sntp first to get libtool and libevent built.
|
|
||||||
+
|
|
||||||
SUBDIRS = \
|
|
||||||
+ sntp \
|
|
||||||
scripts \
|
|
||||||
include \
|
|
||||||
libntp \
|
|
||||||
@@ -17,7 +20,6 @@ SUBDIRS = \
|
|
||||||
clockstuff \
|
|
||||||
kernel \
|
|
||||||
util \
|
|
||||||
- sntp \
|
|
||||||
tests \
|
|
||||||
$(NULL)
|
|
||||||
|
|
||||||
@@ -64,7 +66,6 @@ BUILT_SOURCES = \
|
|
||||||
.gcc-warning \
|
|
||||||
'libtool \
|
|
||||||
html/.datecheck \
|
|
||||||
- sntp/built-sources-only \
|
|
||||||
$(srcdir)/COPYRIGHT \
|
|
||||||
$(srcdir)/.checkChangeLog \
|
|
||||||
$(NULL)
|
|
||||||
Index: ntp-4.2.8/configure.ac
|
|
||||||
===================================================================
|
|
||||||
--- ntp-4.2.8.orig/configure.ac
|
|
||||||
+++ ntp-4.2.8/configure.ac
|
|
||||||
@@ -102,7 +102,7 @@ esac
|
|
||||||
enable_nls=no
|
|
||||||
LIBOPTS_CHECK_NOBUILD([sntp/libopts])
|
|
||||||
|
|
||||||
-NTP_ENABLE_LOCAL_LIBEVENT
|
|
||||||
+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent])
|
|
||||||
|
|
||||||
NTP_LIBNTP
|
|
||||||
|
|
||||||
@@ -771,6 +771,10 @@ esac
|
|
||||||
|
|
||||||
####
|
|
||||||
|
|
||||||
+AC_CHECK_FUNCS([arc4random_buf])
|
|
||||||
+
|
|
||||||
+####
|
|
||||||
+
|
|
||||||
saved_LIBS="$LIBS"
|
|
||||||
LIBS="$LIBS $LDADD_LIBNTP"
|
|
||||||
AC_CHECK_FUNCS([daemon])
|
|
||||||
Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c
|
|
||||||
===================================================================
|
|
||||||
--- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c
|
|
||||||
+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c
|
|
||||||
@@ -24,6 +24,21 @@
|
|
||||||
int crypto_rand_init = 0;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#ifndef HAVE_ARC4RANDOM_BUF
|
|
||||||
+static void
|
|
||||||
+arc4random_buf(void *buf, size_t nbytes);
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+evutil_secure_rng_get_bytes(void *buf, size_t nbytes);
|
|
||||||
+
|
|
||||||
+static void
|
|
||||||
+arc4random_buf(void *buf, size_t nbytes)
|
|
||||||
+{
|
|
||||||
+ evutil_secure_rng_get_bytes(buf, nbytes);
|
|
||||||
+ return;
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* As of late 2014, here's how we plan to provide cryptographic-quality
|
|
||||||
* random numbers:
|
|
||||||
Index: ntp-4.2.8/sntp/configure.ac
|
|
||||||
===================================================================
|
|
||||||
--- ntp-4.2.8.orig/sntp/configure.ac
|
|
||||||
+++ ntp-4.2.8/sntp/configure.ac
|
|
||||||
@@ -97,11 +97,14 @@ esac
|
|
||||||
enable_nls=no
|
|
||||||
LIBOPTS_CHECK
|
|
||||||
|
|
||||||
-AM_COND_IF(
|
|
||||||
- [BUILD_SNTP],
|
|
||||||
- [NTP_LIBEVENT_CHECK],
|
|
||||||
- [NTP_LIBEVENT_CHECK_NOBUILD]
|
|
||||||
-)
|
|
||||||
+# From when we only used libevent for sntp:
|
|
||||||
+#AM_COND_IF(
|
|
||||||
+# [BUILD_SNTP],
|
|
||||||
+# [NTP_LIBEVENT_CHECK],
|
|
||||||
+# [NTP_LIBEVENT_CHECK_NOBUILD]
|
|
||||||
+#)
|
|
||||||
+
|
|
||||||
+NTP_LIBEVENT_CHECK([2])
|
|
||||||
|
|
||||||
# Checks for libraries.
|
|
||||||
|
|
||||||
Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4
|
|
||||||
===================================================================
|
|
||||||
--- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4
|
|
||||||
+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4
|
|
||||||
@@ -1,4 +1,25 @@
|
|
||||||
-dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*-
|
|
||||||
+# SYNOPSIS -*- Autoconf -*-
|
|
||||||
+#
|
|
||||||
+# NTP_ENABLE_LOCAL_LIBEVENT
|
|
||||||
+# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]])
|
|
||||||
+# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]])
|
|
||||||
+#
|
|
||||||
+# DESCRIPTION
|
|
||||||
+#
|
|
||||||
+# AUTHOR
|
|
||||||
+#
|
|
||||||
+# Harlan Stenn
|
|
||||||
+#
|
|
||||||
+# LICENSE
|
|
||||||
+#
|
|
||||||
+# This file is Copyright (c) 2014 Network Time Foundation
|
|
||||||
+#
|
|
||||||
+# Copying and distribution of this file, with or without modification, are
|
|
||||||
+# permitted in any medium without royalty provided the copyright notice,
|
|
||||||
+# author attribution and this notice are preserved. This file is offered
|
|
||||||
+# as-is, without any warranty.
|
|
||||||
+
|
|
||||||
+dnl NTP_ENABLE_LOCAL_LIBEVENT
|
|
||||||
dnl
|
|
||||||
dnl Provide only the --enable-local-libevent command-line option.
|
|
||||||
dnl
|
|
||||||
@@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar
|
|
||||||
dnl but DO NOT invoke DIR/configure if we are going to use our bundled
|
|
||||||
dnl version. This may be the case for nested packages.
|
|
||||||
dnl
|
|
||||||
-dnl provide --enable-local-libevent .
|
|
||||||
+dnl provides --enable-local-libevent .
|
|
||||||
dnl
|
|
||||||
dnl Examples:
|
|
||||||
dnl
|
|
||||||
Index: ntp-4.2.8/util/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- ntp-4.2.8.orig/util/Makefile.am
|
|
||||||
+++ ntp-4.2.8/util/Makefile.am
|
|
||||||
@@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP)
|
|
||||||
LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS)
|
|
||||||
tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM)
|
|
||||||
ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a
|
|
||||||
+ntp_keygen_LDADD += $(LDADD_LIBEVENT)
|
|
||||||
ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM)
|
|
||||||
ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h
|
|
||||||
|
|
|
@ -1,157 +0,0 @@
|
||||||
SUMMARY = "Network Time Protocol daemon and utilities"
|
|
||||||
DESCRIPTION = "The Network Time Protocol (NTP) is used to \
|
|
||||||
synchronize the time of a computer client or server to \
|
|
||||||
another server or reference time source, such as a radio \
|
|
||||||
or satellite receiver or modem."
|
|
||||||
HOMEPAGE = "http://support.ntp.org"
|
|
||||||
SECTION = "console/network"
|
|
||||||
LICENSE = "NTP"
|
|
||||||
LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ebe123f74017224947c78d472407c10f"
|
|
||||||
|
|
||||||
DEPENDS = "libevent"
|
|
||||||
|
|
||||||
SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \
|
|
||||||
file://ntp-4.2.4_p6-nano.patch \
|
|
||||||
file://ntpd \
|
|
||||||
file://ntp.conf \
|
|
||||||
file://ntpdate \
|
|
||||||
file://ntpdate.default \
|
|
||||||
file://ntpdate.service \
|
|
||||||
file://ntpd.service \
|
|
||||||
file://sntp.service \
|
|
||||||
file://sntp \
|
|
||||||
file://ntpd.list \
|
|
||||||
file://ntp-4.2.8-ntp-keygen-no-openssl.patch \
|
|
||||||
"
|
|
||||||
|
|
||||||
SRC_URI[md5sum] = "6972a626be6150db8cfbd0b63d8719e7"
|
|
||||||
SRC_URI[sha256sum] = "2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee"
|
|
||||||
|
|
||||||
inherit autotools update-rc.d useradd systemd pkgconfig
|
|
||||||
|
|
||||||
# The ac_cv_header_readline_history is to stop ntpdc depending on either
|
|
||||||
# readline or curses
|
|
||||||
EXTRA_OECONF += "--with-net-snmp-config=no \
|
|
||||||
--without-ntpsnmpd \
|
|
||||||
ac_cv_header_readline_history_h=no \
|
|
||||||
--with-yielding_select=yes \
|
|
||||||
--with-locfile=redhat \
|
|
||||||
--enable-ATOM \
|
|
||||||
"
|
|
||||||
CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED"
|
|
||||||
|
|
||||||
USERADD_PACKAGES = "${PN}"
|
|
||||||
NTP_USER_HOME ?= "/var/lib/ntp"
|
|
||||||
USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \
|
|
||||||
--no-create-home \
|
|
||||||
--shell /bin/false --user-group ntp"
|
|
||||||
|
|
||||||
# NB: debug is default-enabled by NTP; keep it default-enabled here.
|
|
||||||
PACKAGECONFIG ??= "cap debug"
|
|
||||||
PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \
|
|
||||||
--with-openssl-incdir=${STAGING_INCDIR} \
|
|
||||||
--with-crypto, \
|
|
||||||
--without-openssl --without-crypto, \
|
|
||||||
openssl"
|
|
||||||
PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap"
|
|
||||||
PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline"
|
|
||||||
PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging"
|
|
||||||
|
|
||||||
do_install_append() {
|
|
||||||
install -d ${D}${sysconfdir}/init.d
|
|
||||||
install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir}
|
|
||||||
install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d
|
|
||||||
install -d ${D}${bindir}
|
|
||||||
install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync
|
|
||||||
|
|
||||||
install -m 755 -d ${D}${NTP_USER_HOME}
|
|
||||||
chown ntp:ntp ${D}${NTP_USER_HOME}
|
|
||||||
|
|
||||||
# Fix hardcoded paths in scripts
|
|
||||||
sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
|
|
||||||
sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
|
|
||||||
sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
|
|
||||||
sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
|
|
||||||
sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync
|
|
||||||
sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace
|
|
||||||
sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace
|
|
||||||
sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait
|
|
||||||
sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait
|
|
||||||
sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj
|
|
||||||
sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj
|
|
||||||
|
|
||||||
install -d ${D}/${sysconfdir}/default
|
|
||||||
install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate
|
|
||||||
install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/
|
|
||||||
|
|
||||||
install -d ${D}/${sysconfdir}/network/if-up.d
|
|
||||||
ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d
|
|
||||||
|
|
||||||
install -d ${D}${systemd_unitdir}/system
|
|
||||||
install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/
|
|
||||||
install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/
|
|
||||||
install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/
|
|
||||||
|
|
||||||
install -d ${D}${systemd_unitdir}/ntp-units.d
|
|
||||||
install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list
|
|
||||||
}
|
|
||||||
|
|
||||||
PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils"
|
|
||||||
# NOTE: you don't need ntpdate, use "ntpd -q -g -x"
|
|
||||||
|
|
||||||
# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms
|
|
||||||
# with wonky clocks (e.g. OpenSlug)
|
|
||||||
RDEPENDS_${PN} = "${PN}-tickadj"
|
|
||||||
# Handle move from bin to utils package
|
|
||||||
RPROVIDES_${PN}-utils = "${PN}-bin"
|
|
||||||
RREPLACES_${PN}-utils = "${PN}-bin"
|
|
||||||
RCONFLICTS_${PN}-utils = "${PN}-bin"
|
|
||||||
|
|
||||||
SYSTEMD_PACKAGES = "${PN} ntpdate sntp"
|
|
||||||
SYSTEMD_SERVICE_${PN} = "ntpd.service"
|
|
||||||
SYSTEMD_SERVICE_ntpdate = "ntpdate.service"
|
|
||||||
SYSTEMD_SERVICE_sntp = "sntp.service"
|
|
||||||
|
|
||||||
RPROVIDES_${PN} += "${PN}-systemd"
|
|
||||||
RREPLACES_${PN} += "${PN}-systemd"
|
|
||||||
RCONFLICTS_${PN} += "${PN}-systemd"
|
|
||||||
|
|
||||||
RPROVIDES_ntpdate += "ntpdate-systemd"
|
|
||||||
RREPLACES_ntpdate += "ntpdate-systemd"
|
|
||||||
RCONFLICTS_ntpdate += "ntpdate-systemd"
|
|
||||||
|
|
||||||
RSUGGESTS_${PN} = "iana-etc"
|
|
||||||
|
|
||||||
FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \
|
|
||||||
${NTP_USER_HOME} \
|
|
||||||
${systemd_unitdir}/ntp-units.d/60-ntpd.list \
|
|
||||||
"
|
|
||||||
FILES_${PN}-tickadj = "${sbindir}/tickadj"
|
|
||||||
FILES_${PN}-utils = "${sbindir} ${datadir}/ntp/lib"
|
|
||||||
RDEPENDS_${PN}-utils += "perl"
|
|
||||||
FILES_ntpdate = "${sbindir}/ntpdate \
|
|
||||||
${sysconfdir}/network/if-up.d/ntpdate-sync \
|
|
||||||
${bindir}/ntpdate-sync \
|
|
||||||
${sysconfdir}/default/ntpdate \
|
|
||||||
${systemd_unitdir}/system/ntpdate.service \
|
|
||||||
"
|
|
||||||
FILES_sntp = "${sbindir}/sntp \
|
|
||||||
${sysconfdir}/default/sntp \
|
|
||||||
${systemd_unitdir}/system/sntp.service \
|
|
||||||
"
|
|
||||||
|
|
||||||
CONFFILES_${PN} = "${sysconfdir}/ntp.conf"
|
|
||||||
CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate"
|
|
||||||
|
|
||||||
INITSCRIPT_NAME = "ntpd"
|
|
||||||
# No dependencies, so just go in at the standard level (20)
|
|
||||||
INITSCRIPT_PARAMS = "defaults"
|
|
||||||
|
|
||||||
pkg_postinst_ntpdate() {
|
|
||||||
if ! grep -q -s ntpdate $D/var/spool/cron/root; then
|
|
||||||
echo "adding crontab"
|
|
||||||
test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron
|
|
||||||
echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue