NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ntp: security bump to version 4.2.8p1

Browse Source 
Fixes:

CVE-2014-9297 - vallen is not validated in several places in ntp_crypto.c,
leading to a potential information leak or possibly a crash

CVE-2014-9298 - ::1 can be spoofed on some OSes (including "some versions" of
Linux), so ACLs based on IPv6 ::1 addresses can be bypassed

Drop a patch applied upstream, along with its accompanied AUTORECONF.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Baruch Siach 2015-02-10 14:46:37 +02:00 committed by Peter Korsgaard
parent c41229af06
commit 67b845fcc9
4 changed files with 3 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

153
package/ntp/0001-fix-ntp-keygen-without-openssl.patch
View File

@ -1,153 +0,0 @@
Fix build breakage without openssl.
From upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
diff -Nura ntp-4.2.8.orig/configure.ac ntp-4.2.8/configure.ac
--- ntp-4.2.8.orig/configure.ac 2014-12-22 10:16:10.449311393 -0300
+++ ntp-4.2.8/configure.ac 2014-12-22 10:17:30.757215905 -0300
@@ -102,7 +102,7 @@
enable_nls=no
LIBOPTS_CHECK_NOBUILD([sntp/libopts])
-NTP_ENABLE_LOCAL_LIBEVENT
+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent])
NTP_LIBNTP
@@ -771,6 +771,10 @@
####
+AC_CHECK_FUNCS([arc4random_buf])
+
+####
+
saved_LIBS="$LIBS"
LIBS="$LIBS $LDADD_LIBNTP"
AC_CHECK_FUNCS([daemon])
diff -Nura ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c ntp-4.2.8/libntp/ntp_crypto_rnd.c
--- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c 2014-12-22 10:16:10.430301237 -0300
+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c 2014-12-22 10:18:04.921468163 -0300
@@ -24,6 +24,21 @@
int crypto_rand_init = 0;
#endif
+#ifndef HAVE_ARC4RANDOM_BUF
+static void
+arc4random_buf(void *buf, size_t nbytes);
+
+void
+evutil_secure_rng_get_bytes(void *buf, size_t nbytes);
+
+static void
+arc4random_buf(void *buf, size_t nbytes)
+{
+ evutil_secure_rng_get_bytes(buf, nbytes);
+ return;
+}
+#endif
+
/*
* As of late 2014, here's how we plan to provide cryptographic-quality
* random numbers:
diff -Nura ntp-4.2.8.orig/Makefile.am ntp-4.2.8/Makefile.am
--- ntp-4.2.8.orig/Makefile.am 2014-12-22 10:16:10.441307117 -0300
+++ ntp-4.2.8/Makefile.am 2014-12-22 10:16:49.403122474 -0300
@@ -3,6 +3,7 @@
NULL =
SUBDIRS = \
+ sntp \
scripts \
include \
libntp \
@@ -17,7 +18,6 @@
clockstuff \
kernel \
util \
- sntp \
tests \
$(NULL)
@@ -64,7 +64,6 @@
.gcc-warning \
libtool \
html/.datecheck \
- sntp/built-sources-only \
$(srcdir)/COPYRIGHT \
$(srcdir)/.checkChangeLog \
$(NULL)
diff -Nura ntp-4.2.8.orig/sntp/configure.ac ntp-4.2.8/sntp/configure.ac
--- ntp-4.2.8.orig/sntp/configure.ac 2014-12-22 10:16:10.428300168 -0300
+++ ntp-4.2.8/sntp/configure.ac 2014-12-22 10:24:11.238172928 -0300
@@ -97,11 +97,14 @@
enable_nls=no
LIBOPTS_CHECK
-AM_COND_IF(
- [BUILD_SNTP],
- [NTP_LIBEVENT_CHECK],
- [NTP_LIBEVENT_CHECK_NOBUILD]
-)
+# From when we only used libevent for sntp:
+#AM_COND_IF(
+# [BUILD_SNTP],
+# [NTP_LIBEVENT_CHECK],
+# [NTP_LIBEVENT_CHECK_NOBUILD]
+#)
+
+NTP_LIBEVENT_CHECK([2])
# Checks for libraries.
diff -Nura ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4 ntp-4.2.8/sntp/m4/ntp_libevent.m4
--- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4 2014-12-22 10:16:10.417294288 -0300
+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4 2014-12-22 10:20:31.757915561 -0300
@@ -1,4 +1,25 @@
-dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*-
+# SYNOPSIS -*- Autoconf -*-
+#
+# NTP_ENABLE_LOCAL_LIBEVENT
+# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]])
+# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]])
+#
+# DESCRIPTION
+#
+# AUTHOR
+#
+# Harlan Stenn
+#
+# LICENSE
+#
+# This file is Copyright (c) 2014 Network Time Foundation
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice,
+# author attribution and this notice are preserved. This file is offered
+# as-is, without any warranty.
+
+dnl NTP_ENABLE_LOCAL_LIBEVENT
dnl
dnl Provide only the --enable-local-libevent command-line option.
dnl
@@ -29,7 +50,7 @@
dnl but DO NOT invoke DIR/configure if we are going to use our bundled
dnl version. This may be the case for nested packages.
dnl
-dnl provide --enable-local-libevent .
+dnl provides --enable-local-libevent .
dnl
dnl Examples:
dnl
diff -Nura ntp-4.2.8.orig/util/Makefile.am ntp-4.2.8/util/Makefile.am
--- ntp-4.2.8.orig/util/Makefile.am 2014-12-22 10:16:10.435303910 -0300
+++ ntp-4.2.8/util/Makefile.am 2014-12-22 10:21:02.500339706 -0300
@@ -19,6 +19,7 @@
LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS)
tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM)
ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a
+ntp_keygen_LDADD += $(LDADD_LIBEVENT)
ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM)
ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h

0
package/ntp/0002-nano.patch → package/ntp/0001-nano.patch
View File

4
package/ntp/ntp.hash
View File

@ -1,2 +1,2 @@
# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8.tar.gz.md5
md5 6972a626be6150db8cfbd0b63d8719e7 ntp-4.2.8.tar.gz
# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p1.tar.gz.md5
md5 65d8cdfae4722226fbe29863477641ed ntp-4.2.8p1.tar.gz

4
package/ntp/ntp.mk
View File

@ -5,11 +5,9 @@
################################################################################
NTP_VERSION_MAJOR = 4.2
NTP_VERSION = $(NTP_VERSION_MAJOR).8
NTP_VERSION = $(NTP_VERSION_MAJOR).8p1
NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
NTP_DEPENDENCIES = host-pkgconf libevent
# For 0001-fix-ntp-keygen-without-openssl.patch
NTP_AUTORECONF = YES
NTP_LICENSE = ntp license
NTP_LICENSE_FILES = COPYRIGHT
NTP_CONF_ENV = ac_cv_lib_md5_MD5Init=no