]> git.pld-linux.org Git - packages/ntp.git/commitdiff
- partial 4.2.8 update; FC patches need updates. SECURITY RELEASE, fixes
authorArkadiusz Miśkiewicz <arekm@maven.pl>
Fri, 19 Dec 2014 17:14:14 +0000 (18:14 +0100)
committerArkadiusz Miśkiewicz <arekm@maven.pl>
Fri, 19 Dec 2014 17:14:14 +0000 (18:14 +0100)
critical bugs, including remote execution:   CVE-2014-9293,
CVE-2014-9294, CVE-2014-9295, CVE-2014-9296.

ntp-build.patch [new file with mode: 0644]
ntp-format-security.patch [deleted file]
ntp-no_libelf.patch
ntp-time.patch [deleted file]
ntp.spec

diff --git a/ntp-build.patch b/ntp-build.patch
new file mode 100644 (file)
index 0000000..614724c
--- /dev/null
@@ -0,0 +1,28 @@
+--- ntp-4.2.8/sntp/sntp-opts.h~        2014-12-19 17:52:37.000000000 +0100
++++ ntp-4.2.8/sntp/sntp-opts.h 2014-12-19 17:52:53.564675157 +0100
+@@ -35,6 +35,12 @@
+  *  representations about the suitability this software for any purpose. It
+  *  is provided "as is" without express or implied warranty.
+  */
++
++
++
++#include <sysexits.h>
++
++
+ /**
+  *  This file contains the programmatic interface to the Automated
+  *  Options generated for the sntp program.
+--- ntp-4.2.8/sntp/main.c~     2014-12-19 12:56:54.000000000 +0100
++++ ntp-4.2.8/sntp/main.c      2014-12-19 17:55:10.928020260 +0100
+@@ -1,5 +1,10 @@
+ #include <config.h>
++
++
++#include <sysexits.h>
++
++
+ #include <event2/util.h>
+ #include <event2/event.h>
diff --git a/ntp-format-security.patch b/ntp-format-security.patch
deleted file mode 100644 (file)
index e5944b4..0000000
+++ /dev/null
@@ -1,66 +0,0 @@
-diff -ur ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c
---- ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c    2010-12-25 09:40:34.000000000 +0000
-+++ ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c        2012-10-22 11:34:15.000000000 +0100
-@@ -159,7 +159,7 @@
-                               break;
-               }
-               if (iter->bufsize >= IFCONF_BUFSIZE_MAX) {
--                      UNEXPECTED_ERROR(__FILE__, __LINE__,
-+                      UNEXPECTED_ERROR(__FILE__, __LINE__, "%s",
-                                        isc_msgcat_get(isc_msgcat,
-                                                       ISC_MSGSET_IFITERIOCTL,
-                                                       ISC_MSG_BUFFERMAX,
-diff -ur ntp-4.2.6p5/ntpd/ntp_config.c ntp-4.2.6p5.new/ntpd/ntp_config.c
---- ntp-4.2.6p5/ntpd/ntp_config.c      2012-10-22 11:43:38.000000000 +0100
-+++ ntp-4.2.6p5.new/ntpd/ntp_config.c  2012-10-22 11:38:02.000000000 +0100
-@@ -2334,7 +2334,7 @@
-               if ((RES_MSSNTP & flags) && !warned_signd) {
-                       warned_signd = 1;
-                       fprintf(stderr, "%s\n", signd_warning);
--                      msyslog(LOG_WARNING, signd_warning);
-+                      msyslog(LOG_WARNING, "%s", signd_warning);
-               }
-       }
- }
-diff -ur ntp-4.2.6p5/ntpd/ntp_control.c ntp-4.2.6p5.new/ntpd/ntp_control.c
---- ntp-4.2.6p5/ntpd/ntp_control.c     2011-12-09 02:00:53.000000000 +0000
-+++ ntp-4.2.6p5.new/ntpd/ntp_control.c 2012-10-22 11:37:11.000000000 +0100
-@@ -2962,7 +2962,7 @@
-                           " %s", str);
-               }
-               NLOG(NLOG_SYSEVENT)
--                  msyslog(LOG_INFO, statstr);
-+                  msyslog(LOG_INFO, "%s", statstr);
-       } else {
-               /*
-@@ -2994,7 +2994,7 @@
-                           " %s", str);
-               }
-               NLOG(NLOG_PEEREVENT)
--                  msyslog(LOG_INFO, statstr);
-+                  msyslog(LOG_INFO, "%s", statstr);
-       }
-       record_proto_stats(statstr);
- #if DEBUG
-diff -ur ntp-4.2.6p5/ntpd/ntpd.c ntp-4.2.6p5.new/ntpd/ntpd.c
---- ntp-4.2.6p5/ntpd/ntpd.c    2012-10-22 11:43:38.000000000 +0100
-+++ ntp-4.2.6p5.new/ntpd/ntpd.c        2012-10-22 11:39:33.000000000 +0100
-@@ -1242,7 +1242,7 @@
-       msyslog(LOG_ERR, "%s:%d: fatal error:", file, line);
-       vsnprintf(errbuf, sizeof(errbuf), format, args);
--      msyslog(LOG_ERR, errbuf);
-+      msyslog(LOG_ERR, "%s", errbuf);
-       msyslog(LOG_ERR, "exiting (due to fatal error in library)");
-       abort();
-@@ -1264,7 +1264,7 @@
-       msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line);
-       vsnprintf(errbuf, sizeof(errbuf), format, args);
--      msyslog(LOG_ERR, errbuf);
-+      msyslog(LOG_ERR, "%s", errbuf);
-       if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS)
-       {
index 6740ad4ecd6b5f15ec6ec27559d545242ec3b621..8e4bbfdbb084ccae73b89979cf639af6f1ea1f69 100644 (file)
@@ -1,15 +1,14 @@
-diff -ur ntp-4.1.1a.orig/configure.ac ntp-4.1.1a/configure.ac
---- ntp-4.1.1a.orig/configure.ac       Thu Mar 28 23:42:00 2002
-+++ ntp-4.1.1a/configure.ac    Thu Nov 21 11:56:41 2002
-@@ -687,9 +687,9 @@
-  yes)
-     ;;
-  *)
--    AC_CHECK_LIB([elf], [nlist])      dnl Only needed for tickadj...
-+    #AC_CHECK_LIB([elf], [nlist])     dnl Only needed for tickadj...
-     dnl AC_CHECK_LIB(kvm, main, , , -lelf)
--    AC_CHECK_LIB([kvm], [main])               dnl We already know about -lelf here...
-+    #AC_CHECK_LIB([kvm], [main])              dnl We already know about -lelf here...
-     AC_CHECK_LIB([ld], [nlist])
-     AC_CHECK_LIB([mld], [nlist])
+--- ntp-4.2.8/configure.ac~    2014-12-19 12:56:53.000000000 +0100
++++ ntp-4.2.8/configure.ac     2014-12-19 17:04:09.696796977 +0100
+@@ -422,9 +422,9 @@
+     # nlist stuff is only needed for tickadj.
+     saved_LIBS="$LIBS"
+     LIBS=
+-    AC_SEARCH_LIBS([nlist], [elf ld mld])
++    #AC_SEARCH_LIBS([nlist], [elf ld mld])
+     # XXX ac_cv_search_nlist will be 'none required', 'no', or '-l...'
+-    AC_SEARCH_LIBS([kvm_open], [kvm]) dnl We already know about -lelf here...
++    #AC_SEARCH_LIBS([kvm_open], [kvm])        dnl We already know about -lelf here...
+     # XXX ac_cv_search_kvm_open will be 'none required', 'no', or '-l...'
      AC_CHECK_HEADERS([nlist.h sys/var.h])
+     case "$ac_cv_header_nlist_h" in
diff --git a/ntp-time.patch b/ntp-time.patch
deleted file mode 100644 (file)
index f74eb22..0000000
+++ /dev/null
@@ -1,44 +0,0 @@
---- ./libntp/machines.c        Mon Nov  8 04:29:32 1999
-+++ ./libntp/machines.c.sz     Sun Apr  1 14:08:28 2001
-@@ -4,6 +4,8 @@
-  *
-  */
-+#include <time.h>
-+
- #ifdef HAVE_CONFIG_H
- #include "config.h"
- #endif
---- ./ntpd/ntp_timer.c Tue Jul  4 20:45:35 2000
-+++ ./ntpd/ntp_timer.c.sz      Sun Apr  1 14:10:28 2001
-@@ -1,6 +1,8 @@
- /*
-  * ntp_timer.c - event timer support routines
-  */
-+#include <time.h>
-+
- #ifdef HAVE_CONFIG_H
- # include <config.h>
- #endif
---- ./ntpdate/ntpdate.c        Wed May  3 07:25:26 2000
-+++ ./ntpdate/ntpdate.c.sz     Sun Apr  1 14:10:47 2001
-@@ -2,6 +2,8 @@
-  * ntpdate - set the time of day by polling one or more NTP servers
-  */
-+#include <time.h>
-+
- #ifdef HAVE_CONFIG_H
- # include <config.h>
- #endif
---- ./ntpdate/ntptimeset.c     Sun May 14 02:53:57 2000
-+++ ./ntpdate/ntptimeset.c.sz  Sun Apr  1 14:11:39 2001
-@@ -117,6 +117,8 @@
-  *
-  */
-+#include <time.h>
-+
- #ifdef HAVE_CONFIG_H
- # include <config.h>
- #endif
index 58e8e8ad42d77a26aa6e2b807d97299ecc8b6ab7..81e00844a80d39617081fd4a21d107f7f2a25cfa 100644 (file)
--- a/ntp.spec
+++ b/ntp.spec
@@ -1,6 +1,7 @@
 # TODO:
 # - enable and package ntpdsim?
 # - net-snmp-ntpd needs initscript
+# - update FC patches
 #
 # Conditional build:
 %bcond_without avahi  # disable DNS-SD support via Avahi
@@ -10,12 +11,12 @@ Summary:    Network Time Protocol utilities
 Summary(pl.UTF-8):     Narzędzia do synchronizacji czasu (Network Time Protocol)
 Summary(pt_BR.UTF-8):  Network Time Protocol versão 4
 Name:          ntp
-Version:       4.2.6p5
-Release:       11
+Version:       4.2.8
+Release:       0.1
 License:       distributable
 Group:         Networking/Daemons
 Source0:       http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/%{name}-%{version}.tar.gz
-# Source0-md5: 00df80a84ec9528fcfb09498075525bc
+# Source0-md5: 6972a626be6150db8cfbd0b63d8719e7
 Source1:       %{name}.conf
 Source2:       %{name}.keys
 Source3:       %{name}d.init
@@ -31,12 +32,11 @@ Source11:   %{name}d.service
 Source12:      %{name}date.service
 Source13:      http://www.ietf.org/timezones/data/leap-seconds.list
 # Source13-md5:        e99a84cf28b14c77fba76c05565604ac
-Patch0:                %{name}-time.patch
+Patch0:                %{name}-build.patch
 Patch1:                %{name}-no_libelf.patch
 Patch2:                %{name}-ipv6.patch
 Patch3:                %{name}-nano.patch
 Patch4:                %{name}-no_avahi.patch
-Patch5:                %{name}-format-security.patch
 # FC patches + 100
 Patch101:      %{name}-4.2.6p1-sleep.patch
 Patch102:      %{name}-4.2.6p1-droproot.patch
@@ -53,10 +53,13 @@ Patch112:   %{name}-4.2.6p3-broadcastdelay.patch
 Patch113:      %{name}-4.2.6p3-delaycalib.patch
 URL:           http://www.ntp.org/
 BuildRequires: autoconf
+BuildRequires: autogen-devel
 BuildRequires: automake
 %{?with_avahi:BuildRequires:   avahi-compat-libdns_sd-devel}
 BuildRequires: libcap-devel
+BuildRequires: libevent-devel
 BuildRequires: libnl-devel
+BuildRequires: libseccomp-devel
 BuildRequires: libtool
 BuildRequires: net-snmp-devel
 BuildRequires: openssl-devel >= 0.9.7d
@@ -249,34 +252,35 @@ Este pacote contém documentação adicional sobre o NTP versão 4.
 %patch2 -p1
 %patch3 -p1
 %{!?with_avahi:%patch4 -p1}
-%patch5 -p1
 
 ## FC patches
-%patch101 -p1
-%patch102 -p1
-%patch103 -p1
-%patch104 -p1
-%patch105 -p1
-%patch106 -p1
-%patch107 -p1
-%patch108 -p1
-%patch109 -p1
-%patch110 -p1
-%patch111 -p1
-%patch112 -p1
-%patch113 -p1
+#%patch101 -p1
+#%patch102 -p1
+#%patch103 -p1
+#%patch104 -p1
+#%patch105 -p1
+#%patch106 -p1
+#%patch107 -p1
+#%patch108 -p1
+#%patch109 -p1
+#%patch110 -p1
+#%patch111 -p1
+#%patch112 -p1
+#%patch113 -p1
 
 echo 'AM_CONDITIONAL([NEED_LIBOPTS], false)' >> configure.ac
 echo 'AM_CONDITIONAL([NEED_LIBOPTS], false)' >> sntp/configure.ac
 
+rm sntp/m4/{lt*,libtool}.m4 sntp/libevent/m4/{lt*,libtool}.m4
+
 %build
 %{__libtoolize}
-%{__aclocal} -I m4 -I sntp/libopts/m4
+%{__aclocal} -I sntp/m4 -I sntp/libopts/m4 -I sntp/libevent/m4
 %{__autoconf}
 %{__automake}
 cd sntp
 %{__libtoolize}
-%{__aclocal} -I ../m4 -I libopts/m4
+%{__aclocal} -I libopts/m4 -I libevent/m4
 %{__autoconf}
 %{__automake}
 cd ..
@@ -286,10 +290,13 @@ CPPFLAGS="%{rpmcppflags} -I/usr/include/readline"
        --with-binsubdir=sbin \
        --enable-linuxcaps \
        --enable-getifaddrs \
+       --enable-libseccomp \
        --enable-ipv6 \
        --enable-ntp-signd \
        --with-lineeditlibs=readline \
-       --with-crypto=openssl
+       --with-crypto=openssl \
+       --disable-local-libopts \
+       --disable-local-libevent
 
 %{__make}
 
@@ -339,6 +346,8 @@ EOF
 install -d $RPM_BUILD_ROOT%{mibdir}
 cp -p ntpsnmpd/ntpv4-mib.mib $RPM_BUILD_ROOT%{mibdir}
 
+rm -rf $RPM_BUILD_ROOT%{_docdir}/ntp4
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
This page took 0.190639 seconds and 4 git commands to generate.