[packages/ntp] - partial 4.2.8 update; FC patches need updates. SECURITY RELEASE, fixes critical bugs, including re
arekm
arekm at pld-linux.org
Fri Dec 19 18:17:05 CET 2014
commit 6e00857dbc0c8b6886386a7d86b7c64284aaa84f
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Fri Dec 19 18:14:14 2014 +0100
- partial 4.2.8 update; FC patches need updates. SECURITY RELEASE, fixes
critical bugs, including remote execution: CVE-2014-9293,
CVE-2014-9294, CVE-2014-9295, CVE-2014-9296.
ntp-build.patch | 28 ++++++++++++++++++++
ntp-format-security.patch | 66 -----------------------------------------------
ntp-no_libelf.patch | 27 ++++++++++---------
ntp-time.patch | 44 -------------------------------
ntp.spec | 53 +++++++++++++++++++++----------------
5 files changed, 72 insertions(+), 146 deletions(-)
---
diff --git a/ntp.spec b/ntp.spec
index 58e8e8a..81e0084 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -1,6 +1,7 @@
# TODO:
# - enable and package ntpdsim?
# - net-snmp-ntpd needs initscript
+# - update FC patches
#
# Conditional build:
%bcond_without avahi # disable DNS-SD support via Avahi
@@ -10,12 +11,12 @@ Summary: Network Time Protocol utilities
Summary(pl.UTF-8): Narzędzia do synchronizacji czasu (Network Time Protocol)
Summary(pt_BR.UTF-8): Network Time Protocol versão 4
Name: ntp
-Version: 4.2.6p5
-Release: 11
+Version: 4.2.8
+Release: 0.1
License: distributable
Group: Networking/Daemons
Source0: http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/%{name}-%{version}.tar.gz
-# Source0-md5: 00df80a84ec9528fcfb09498075525bc
+# Source0-md5: 6972a626be6150db8cfbd0b63d8719e7
Source1: %{name}.conf
Source2: %{name}.keys
Source3: %{name}d.init
@@ -31,12 +32,11 @@ Source11: %{name}d.service
Source12: %{name}date.service
Source13: http://www.ietf.org/timezones/data/leap-seconds.list
# Source13-md5: e99a84cf28b14c77fba76c05565604ac
-Patch0: %{name}-time.patch
+Patch0: %{name}-build.patch
Patch1: %{name}-no_libelf.patch
Patch2: %{name}-ipv6.patch
Patch3: %{name}-nano.patch
Patch4: %{name}-no_avahi.patch
-Patch5: %{name}-format-security.patch
# FC patches + 100
Patch101: %{name}-4.2.6p1-sleep.patch
Patch102: %{name}-4.2.6p1-droproot.patch
@@ -53,10 +53,13 @@ Patch112: %{name}-4.2.6p3-broadcastdelay.patch
Patch113: %{name}-4.2.6p3-delaycalib.patch
URL: http://www.ntp.org/
BuildRequires: autoconf
+BuildRequires: autogen-devel
BuildRequires: automake
%{?with_avahi:BuildRequires: avahi-compat-libdns_sd-devel}
BuildRequires: libcap-devel
+BuildRequires: libevent-devel
BuildRequires: libnl-devel
+BuildRequires: libseccomp-devel
BuildRequires: libtool
BuildRequires: net-snmp-devel
BuildRequires: openssl-devel >= 0.9.7d
@@ -249,34 +252,35 @@ Este pacote contém documentação adicional sobre o NTP versão 4.
%patch2 -p1
%patch3 -p1
%{!?with_avahi:%patch4 -p1}
-%patch5 -p1
## FC patches
-%patch101 -p1
-%patch102 -p1
-%patch103 -p1
-%patch104 -p1
-%patch105 -p1
-%patch106 -p1
-%patch107 -p1
-%patch108 -p1
-%patch109 -p1
-%patch110 -p1
-%patch111 -p1
-%patch112 -p1
-%patch113 -p1
+#%patch101 -p1
+#%patch102 -p1
+#%patch103 -p1
+#%patch104 -p1
+#%patch105 -p1
+#%patch106 -p1
+#%patch107 -p1
+#%patch108 -p1
+#%patch109 -p1
+#%patch110 -p1
+#%patch111 -p1
+#%patch112 -p1
+#%patch113 -p1
echo 'AM_CONDITIONAL([NEED_LIBOPTS], false)' >> configure.ac
echo 'AM_CONDITIONAL([NEED_LIBOPTS], false)' >> sntp/configure.ac
+rm sntp/m4/{lt*,libtool}.m4 sntp/libevent/m4/{lt*,libtool}.m4
+
%build
%{__libtoolize}
-%{__aclocal} -I m4 -I sntp/libopts/m4
+%{__aclocal} -I sntp/m4 -I sntp/libopts/m4 -I sntp/libevent/m4
%{__autoconf}
%{__automake}
cd sntp
%{__libtoolize}
-%{__aclocal} -I ../m4 -I libopts/m4
+%{__aclocal} -I libopts/m4 -I libevent/m4
%{__autoconf}
%{__automake}
cd ..
@@ -286,10 +290,13 @@ CPPFLAGS="%{rpmcppflags} -I/usr/include/readline"
--with-binsubdir=sbin \
--enable-linuxcaps \
--enable-getifaddrs \
+ --enable-libseccomp \
--enable-ipv6 \
--enable-ntp-signd \
--with-lineeditlibs=readline \
- --with-crypto=openssl
+ --with-crypto=openssl \
+ --disable-local-libopts \
+ --disable-local-libevent
%{__make}
@@ -339,6 +346,8 @@ EOF
install -d $RPM_BUILD_ROOT%{mibdir}
cp -p ntpsnmpd/ntpv4-mib.mib $RPM_BUILD_ROOT%{mibdir}
+rm -rf $RPM_BUILD_ROOT%{_docdir}/ntp4
+
%clean
rm -rf $RPM_BUILD_ROOT
diff --git a/ntp-build.patch b/ntp-build.patch
new file mode 100644
index 0000000..614724c
--- /dev/null
+++ b/ntp-build.patch
@@ -0,0 +1,28 @@
+--- ntp-4.2.8/sntp/sntp-opts.h~ 2014-12-19 17:52:37.000000000 +0100
++++ ntp-4.2.8/sntp/sntp-opts.h 2014-12-19 17:52:53.564675157 +0100
+@@ -35,6 +35,12 @@
+ * representations about the suitability this software for any purpose. It
+ * is provided "as is" without express or implied warranty.
+ */
++
++
++
++#include <sysexits.h>
++
++
+ /**
+ * This file contains the programmatic interface to the Automated
+ * Options generated for the sntp program.
+--- ntp-4.2.8/sntp/main.c~ 2014-12-19 12:56:54.000000000 +0100
++++ ntp-4.2.8/sntp/main.c 2014-12-19 17:55:10.928020260 +0100
+@@ -1,5 +1,10 @@
+ #include <config.h>
+
++
++
++#include <sysexits.h>
++
++
+ #include <event2/util.h>
+ #include <event2/event.h>
+
diff --git a/ntp-format-security.patch b/ntp-format-security.patch
deleted file mode 100644
index e5944b4..0000000
--- a/ntp-format-security.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-diff -ur ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c
---- ntp-4.2.6p5/lib/isc/unix/ifiter_ioctl.c 2010-12-25 09:40:34.000000000 +0000
-+++ ntp-4.2.6p5.new/lib/isc/unix/ifiter_ioctl.c 2012-10-22 11:34:15.000000000 +0100
-@@ -159,7 +159,7 @@
- break;
- }
- if (iter->bufsize >= IFCONF_BUFSIZE_MAX) {
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-+ UNEXPECTED_ERROR(__FILE__, __LINE__, "%s",
- isc_msgcat_get(isc_msgcat,
- ISC_MSGSET_IFITERIOCTL,
- ISC_MSG_BUFFERMAX,
-diff -ur ntp-4.2.6p5/ntpd/ntp_config.c ntp-4.2.6p5.new/ntpd/ntp_config.c
---- ntp-4.2.6p5/ntpd/ntp_config.c 2012-10-22 11:43:38.000000000 +0100
-+++ ntp-4.2.6p5.new/ntpd/ntp_config.c 2012-10-22 11:38:02.000000000 +0100
-@@ -2334,7 +2334,7 @@
- if ((RES_MSSNTP & flags) && !warned_signd) {
- warned_signd = 1;
- fprintf(stderr, "%s\n", signd_warning);
-- msyslog(LOG_WARNING, signd_warning);
-+ msyslog(LOG_WARNING, "%s", signd_warning);
- }
- }
- }
-diff -ur ntp-4.2.6p5/ntpd/ntp_control.c ntp-4.2.6p5.new/ntpd/ntp_control.c
---- ntp-4.2.6p5/ntpd/ntp_control.c 2011-12-09 02:00:53.000000000 +0000
-+++ ntp-4.2.6p5.new/ntpd/ntp_control.c 2012-10-22 11:37:11.000000000 +0100
-@@ -2962,7 +2962,7 @@
- " %s", str);
- }
- NLOG(NLOG_SYSEVENT)
-- msyslog(LOG_INFO, statstr);
-+ msyslog(LOG_INFO, "%s", statstr);
- } else {
-
- /*
-@@ -2994,7 +2994,7 @@
- " %s", str);
- }
- NLOG(NLOG_PEEREVENT)
-- msyslog(LOG_INFO, statstr);
-+ msyslog(LOG_INFO, "%s", statstr);
- }
- record_proto_stats(statstr);
- #if DEBUG
-diff -ur ntp-4.2.6p5/ntpd/ntpd.c ntp-4.2.6p5.new/ntpd/ntpd.c
---- ntp-4.2.6p5/ntpd/ntpd.c 2012-10-22 11:43:38.000000000 +0100
-+++ ntp-4.2.6p5.new/ntpd/ntpd.c 2012-10-22 11:39:33.000000000 +0100
-@@ -1242,7 +1242,7 @@
-
- msyslog(LOG_ERR, "%s:%d: fatal error:", file, line);
- vsnprintf(errbuf, sizeof(errbuf), format, args);
-- msyslog(LOG_ERR, errbuf);
-+ msyslog(LOG_ERR, "%s", errbuf);
- msyslog(LOG_ERR, "exiting (due to fatal error in library)");
-
- abort();
-@@ -1264,7 +1264,7 @@
-
- msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line);
- vsnprintf(errbuf, sizeof(errbuf), format, args);
-- msyslog(LOG_ERR, errbuf);
-+ msyslog(LOG_ERR, "%s", errbuf);
-
- if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS)
- {
diff --git a/ntp-no_libelf.patch b/ntp-no_libelf.patch
index 6740ad4..8e4bbfd 100644
--- a/ntp-no_libelf.patch
+++ b/ntp-no_libelf.patch
@@ -1,15 +1,14 @@
-diff -ur ntp-4.1.1a.orig/configure.ac ntp-4.1.1a/configure.ac
---- ntp-4.1.1a.orig/configure.ac Thu Mar 28 23:42:00 2002
-+++ ntp-4.1.1a/configure.ac Thu Nov 21 11:56:41 2002
-@@ -687,9 +687,9 @@
- yes)
- ;;
- *)
-- AC_CHECK_LIB([elf], [nlist]) dnl Only needed for tickadj...
-+ #AC_CHECK_LIB([elf], [nlist]) dnl Only needed for tickadj...
- dnl AC_CHECK_LIB(kvm, main, , , -lelf)
-- AC_CHECK_LIB([kvm], [main]) dnl We already know about -lelf here...
-+ #AC_CHECK_LIB([kvm], [main]) dnl We already know about -lelf here...
- AC_CHECK_LIB([ld], [nlist])
- AC_CHECK_LIB([mld], [nlist])
+--- ntp-4.2.8/configure.ac~ 2014-12-19 12:56:53.000000000 +0100
++++ ntp-4.2.8/configure.ac 2014-12-19 17:04:09.696796977 +0100
+@@ -422,9 +422,9 @@
+ # nlist stuff is only needed for tickadj.
+ saved_LIBS="$LIBS"
+ LIBS=
+- AC_SEARCH_LIBS([nlist], [elf ld mld])
++ #AC_SEARCH_LIBS([nlist], [elf ld mld])
+ # XXX ac_cv_search_nlist will be 'none required', 'no', or '-l...'
+- AC_SEARCH_LIBS([kvm_open], [kvm]) dnl We already know about -lelf here...
++ #AC_SEARCH_LIBS([kvm_open], [kvm]) dnl We already know about -lelf here...
+ # XXX ac_cv_search_kvm_open will be 'none required', 'no', or '-l...'
AC_CHECK_HEADERS([nlist.h sys/var.h])
+ case "$ac_cv_header_nlist_h" in
diff --git a/ntp-time.patch b/ntp-time.patch
deleted file mode 100644
index f74eb22..0000000
--- a/ntp-time.patch
+++ /dev/null
@@ -1,44 +0,0 @@
---- ./libntp/machines.c Mon Nov 8 04:29:32 1999
-+++ ./libntp/machines.c.sz Sun Apr 1 14:08:28 2001
-@@ -4,6 +4,8 @@
- *
- */
-
-+#include <time.h>
-+
- #ifdef HAVE_CONFIG_H
- #include "config.h"
- #endif
---- ./ntpd/ntp_timer.c Tue Jul 4 20:45:35 2000
-+++ ./ntpd/ntp_timer.c.sz Sun Apr 1 14:10:28 2001
-@@ -1,6 +1,8 @@
- /*
- * ntp_timer.c - event timer support routines
- */
-+#include <time.h>
-+
- #ifdef HAVE_CONFIG_H
- # include <config.h>
- #endif
---- ./ntpdate/ntpdate.c Wed May 3 07:25:26 2000
-+++ ./ntpdate/ntpdate.c.sz Sun Apr 1 14:10:47 2001
-@@ -2,6 +2,8 @@
- * ntpdate - set the time of day by polling one or more NTP servers
- */
-
-+#include <time.h>
-+
- #ifdef HAVE_CONFIG_H
- # include <config.h>
- #endif
---- ./ntpdate/ntptimeset.c Sun May 14 02:53:57 2000
-+++ ./ntpdate/ntptimeset.c.sz Sun Apr 1 14:11:39 2001
-@@ -117,6 +117,8 @@
- *
- */
-
-+#include <time.h>
-+
- #ifdef HAVE_CONFIG_H
- # include <config.h>
- #endif
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/ntp.git/commitdiff/6e00857dbc0c8b6886386a7d86b7c64284aaa84f
More information about the pld-cvs-commit
mailing list