diff --git a/package/ntp/0003-fix-md5update.patch b/package/ntp/0003-fix-md5update.patch new file mode 100644 index 0000000000..62bfef0fbb --- /dev/null +++ b/package/ntp/0003-fix-md5update.patch @@ -0,0 +1,209 @@ +Fix build with -Wincompatible-pointer-types -Werror + +Upstream: https://people.nwtime.org/hart/ntp-stable-3928-29.tar.gz + +Ported fix from updated tarball provided by upstream: +https://bugs.ntp.org/show_bug.cgi?id=3929#c9 + +Signed-off-by: Bernd Kuhls + +diff -uNr ntp-4.2.8p18.orig/include/ntp_md5.h ntp-4.2.8p18/include/ntp_md5.h +--- ntp-4.2.8p18.orig/include/ntp_md5.h 2024-05-07 13:21:16.000000000 +0200 ++++ ntp-4.2.8p18/include/ntp_md5.h 2024-07-24 01:26:46.000000000 +0200 +@@ -1,56 +1,73 @@ + /* + * ntp_md5.h: deal with md5.h headers + * +- * Use the system MD5 if available, otherwise libisc's. ++ * Use the system MD5 if available, otherwise use libisc's. ++ * Yes, MD5 has been deprecated. Nevertheless, ntpd IPv6 refid ++ * calculation uses MD5 to derive a 32-bit refid from a 128-bit ++ * IPv6 address. This use is retained to avoid breaking loop ++ * detection that would be triggered by such change, and because ++ * we are not depending on cryptographic strength for such use. + */ + #ifndef NTP_MD5_H + #define NTP_MD5_H + + /* Use the system MD5 or fall back on libisc's */ +-# if defined HAVE_MD5_H && defined HAVE_MD5INIT +-# include +-# else +-# include "isc/md5.h" +- typedef isc_md5_t MD5_CTX; +-# define MD5_DIGEST_LENGTH ISC_MD5_DIGESTLENGTH +-# define MD5Init(c) isc_md5_init(c) +-# define MD5Update(c, p, s) isc_md5_update(c, (const void *)p, s) +-# define MD5Final(d, c) isc_md5_final((c), (d)) /* swapped */ +-# endif +- +-# define KEY_TYPE_MD5 NID_md5 ++#if defined HAVE_MD5_H && defined HAVE_MD5INIT ++# include ++# define ntp_md5_init(c) MD5Init(c) ++# define ntp_md5_update(c, p, s) MD5Update(c, (const void *)(p), s) ++# define ntp_md5_final(d, c) MD5Final(d, c) ++#else ++# include "isc/md5.h" ++typedef isc_md5_t MD5_CTX; ++# define MD5_DIGEST_LENGTH ISC_MD5_DIGESTLENGTH ++# define ntp_md5_init(c) isc_md5_init(c) ++# define ntp_md5_update(c, p, s) isc_md5_update(c, (const void *)(p), s) ++# define ntp_md5_final(d, c) isc_md5_final((c), (d)) /* swapped */ ++#endif + + #ifdef OPENSSL + # include + # include "libssl_compat.h" + # ifdef HAVE_OPENSSL_CMAC_H + # include +-# define CMAC "AES128CMAC" +-# define AES_128_KEY_SIZE 16 +-# endif /*HAVE_OPENSSL_CMAC_H*/ ++# define CMAC "AES128CMAC" ++# define AES_128_KEY_SIZE 16 ++# endif + #else /* !OPENSSL follows */ + /* +- * Provide OpenSSL-alike MD5 API if we're not using OpenSSL ++ * Provide OpenSSL-alike MD5 API if we're not using OpenSSL. Most of this ++ * is used only by sntp when building it --without-crypto. + */ + +- typedef MD5_CTX EVP_MD_CTX; ++typedef MD5_CTX EVP_MD_CTX; + + # define NID_md5 4 /* from openssl/objects.h */ + # define EVP_MAX_MD_SIZE MD5_DIGEST_LENGTH ++ ++/* ++ * The following is used only by sntp configured --without-crypto as ntpd ++ * now uses explicit MD5 functions for MD5 uses which remain even where MD5 ++ * is unavailable in OpenSSL, such as FIPS OpenSSL. Note that FIPS may be ++ * available in the build environment but not at runtime, as is the case ++ * with packaged NTP binaries. ++ * The remaining uses of MD5 are IPv6 refids and mode 6 nonces. ntpd does ++ * go through OpenSSL when using MD5 for symmetric authentication. ++ */ + # define EVP_MD_CTX_free(c) free(c) + # define EVP_MD_CTX_new() calloc(1, sizeof(MD5_CTX)) + # define EVP_get_digestbynid(t) NULL + # define EVP_md5() NULL + # define EVP_MD_CTX_init(c) + # define EVP_MD_CTX_set_flags(c, f) +-# define EVP_DigestInit(c, dt) (MD5Init(c), 1) +-# define EVP_DigestInit_ex(c, dt, i) (MD5Init(c), 1) +-# define EVP_DigestUpdate(c, p, s) MD5Update(c, (const void *)(p), \ +- s) +-# define EVP_DigestFinal(c, d, pdl) \ +- do { \ +- MD5Final((d), (c)); \ +- *(pdl) = MD5_LENGTH; \ +- } while (0) +-# endif /* !OPENSSL */ ++# define EVP_DigestInit(c, dt) (ntp_md5_init(c), 1) ++# define EVP_DigestUpdate(c, p, s) ntp_md5_update(c, p, s) ++# define EVP_DigestFinal(c, d, pdl) \ ++ do { \ ++ ntp_md5_final((d), (c)); \ ++ *(pdl) = MD5_LENGTH; \ ++ } while (FALSE) ++ ++#endif /* OPENSSL */ ++ + #endif /* NTP_MD5_H */ +diff -uNr ntp-4.2.8p18.orig/libntp/a_md5encrypt.c ntp-4.2.8p18/libntp/a_md5encrypt.c +--- ntp-4.2.8p18.orig/libntp/a_md5encrypt.c 2024-05-07 13:21:31.000000000 +0200 ++++ ntp-4.2.8p18/libntp/a_md5encrypt.c 2024-07-24 01:26:46.000000000 +0200 +@@ -56,7 +56,7 @@ + static MD5_CTX md5_ctx; + + DEBUG_INSIST(NID_md5 == nid); +- MD5Init(&md5_ctx); ++ ntp_md5_init(&md5_ctx); + + return &md5_ctx; + #else +@@ -171,10 +171,10 @@ + if (digest->len < MD5_LENGTH) { + msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 buf too small."); + } else { +- MD5Init(ctx); +- MD5Update(ctx, (const void *)key->buf, key->len); +- MD5Update(ctx, (const void *)msg->buf, msg->len); +- MD5Final(digest->buf, ctx); ++ ntp_md5_init(ctx); ++ ntp_md5_update(ctx, key->buf, key->len); ++ ntp_md5_update(ctx, msg->buf, msg->len); ++ ntp_md5_final(digest->buf, ctx); + retlen = MD5_LENGTH; + } + } else { +@@ -279,9 +279,9 @@ + return (NSRCADR(addr)); + } + /* MD5 is not used for authentication here. */ +- MD5Init(&md5_ctx); +- MD5Update(&md5_ctx, (void *)&SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr))); +- MD5Final(u.digest, &md5_ctx); ++ ntp_md5_init(&md5_ctx); ++ ntp_md5_update(&md5_ctx, &SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr))); ++ ntp_md5_final(u.digest, &md5_ctx); + #ifdef WORDS_BIGENDIAN + u.addr_refid = BYTESWAP32(u.addr_refid); + #endif +diff -uNr ntp-4.2.8p18.orig/libntp/authreadkeys.c ntp-4.2.8p18/libntp/authreadkeys.c +--- ntp-4.2.8p18.orig/libntp/authreadkeys.c 2024-05-07 13:21:20.000000000 +0200 ++++ ntp-4.2.8p18/libntp/authreadkeys.c 2024-07-24 01:26:46.000000000 +0200 +@@ -240,7 +240,7 @@ + keyno); + keytype = 0; + } else { +- keytype = KEY_TYPE_MD5; ++ keytype = NID_md5; + } + #endif /* !OPENSSL */ + +diff -uNr ntp-4.2.8p18.orig/ntpd/ntp_control.c ntp-4.2.8p18/ntpd/ntp_control.c +--- ntp-4.2.8p18.orig/ntpd/ntp_control.c 2024-05-07 13:21:15.000000000 +0200 ++++ ntp-4.2.8p18/ntpd/ntp_control.c 2024-07-24 01:26:46.000000000 +0200 +@@ -3663,18 +3663,18 @@ + last_salt_update = current_time; + } + +- MD5Init(&ctx); +- MD5Update(&ctx, salt, sizeof(salt)); +- MD5Update(&ctx, &ts_i, sizeof(ts_i)); +- MD5Update(&ctx, &ts_f, sizeof(ts_f)); ++ ntp_md5_init(&ctx); ++ ntp_md5_update(&ctx, salt, sizeof(salt)); ++ ntp_md5_update(&ctx, &ts_i, sizeof(ts_i)); ++ ntp_md5_update(&ctx, &ts_f, sizeof(ts_f)); + if (IS_IPV4(addr)) { +- MD5Update(&ctx, &SOCK_ADDR4(addr), sizeof(SOCK_ADDR4(addr))); ++ ntp_md5_update(&ctx, &SOCK_ADDR4(addr), sizeof(SOCK_ADDR4(addr))); + } else { +- MD5Update(&ctx, &SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr))); ++ ntp_md5_update(&ctx, &SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr))); + } +- MD5Update(&ctx, &NSRCPORT(addr), sizeof(NSRCPORT(addr))); +- MD5Update(&ctx, salt, sizeof(salt)); +- MD5Final(d.digest, &ctx); ++ ntp_md5_update(&ctx, &NSRCPORT(addr), sizeof(NSRCPORT(addr))); ++ ntp_md5_update(&ctx, salt, sizeof(salt)); ++ ntp_md5_final(d.digest, &ctx); + + return d.extract; + } +diff -uNr ntp-4.2.8p18.orig/ntpd/ntp_crypto.c ntp-4.2.8p18/ntpd/ntp_crypto.c +--- ntp-4.2.8p18.orig/ntpd/ntp_crypto.c 2024-05-07 13:21:32.000000000 +0200 ++++ ntp-4.2.8p18/ntpd/ntp_crypto.c 2024-07-24 01:26:46.000000000 +0200 +@@ -150,7 +150,7 @@ + * Global cryptodata in host byte order + */ + u_int32 crypto_flags = 0x0; /* status word */ +-int crypto_nid = KEY_TYPE_MD5; /* digest nid */ ++int crypto_nid = NID_md5; /* digest nid */ + char *sys_hostname = NULL; + char *sys_groupname = NULL; + static char *host_filename = NULL; /* host file name */