5d5c9a8dcb
Fixes: CVE-2014-9293 - ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities). CVE-2014-9294 - The ntp-keygen utility generated weak MD5 keys with insufficient entropy. CVE-2014-9295 - ntpd had several buffer overflows (both on the stack and in the data section), allowing remote authenticated attackers to crash ntpd or potentially execute arbitrary code. CVE-2014-9296 - The general packet processing function in ntpd did not handle an error case correctly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
154 lines
4.2 KiB
Diff
154 lines
4.2 KiB
Diff
Fix build breakage without openssl.
|
|
From upstream: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg
|
|
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
|
|
|
diff -Nura ntp-4.2.8.orig/configure.ac ntp-4.2.8/configure.ac
|
|
--- ntp-4.2.8.orig/configure.ac 2014-12-22 10:16:10.449311393 -0300
|
|
+++ ntp-4.2.8/configure.ac 2014-12-22 10:17:30.757215905 -0300
|
|
@@ -102,7 +102,7 @@
|
|
enable_nls=no
|
|
LIBOPTS_CHECK_NOBUILD([sntp/libopts])
|
|
|
|
-NTP_ENABLE_LOCAL_LIBEVENT
|
|
+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent])
|
|
|
|
NTP_LIBNTP
|
|
|
|
@@ -771,6 +771,10 @@
|
|
|
|
####
|
|
|
|
+AC_CHECK_FUNCS([arc4random_buf])
|
|
+
|
|
+####
|
|
+
|
|
saved_LIBS="$LIBS"
|
|
LIBS="$LIBS $LDADD_LIBNTP"
|
|
AC_CHECK_FUNCS([daemon])
|
|
diff -Nura ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c ntp-4.2.8/libntp/ntp_crypto_rnd.c
|
|
--- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c 2014-12-22 10:16:10.430301237 -0300
|
|
+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c 2014-12-22 10:18:04.921468163 -0300
|
|
@@ -24,6 +24,21 @@
|
|
int crypto_rand_init = 0;
|
|
#endif
|
|
|
|
+#ifndef HAVE_ARC4RANDOM_BUF
|
|
+static void
|
|
+arc4random_buf(void *buf, size_t nbytes);
|
|
+
|
|
+void
|
|
+evutil_secure_rng_get_bytes(void *buf, size_t nbytes);
|
|
+
|
|
+static void
|
|
+arc4random_buf(void *buf, size_t nbytes)
|
|
+{
|
|
+ evutil_secure_rng_get_bytes(buf, nbytes);
|
|
+ return;
|
|
+}
|
|
+#endif
|
|
+
|
|
/*
|
|
* As of late 2014, here's how we plan to provide cryptographic-quality
|
|
* random numbers:
|
|
diff -Nura ntp-4.2.8.orig/Makefile.am ntp-4.2.8/Makefile.am
|
|
--- ntp-4.2.8.orig/Makefile.am 2014-12-22 10:16:10.441307117 -0300
|
|
+++ ntp-4.2.8/Makefile.am 2014-12-22 10:16:49.403122474 -0300
|
|
@@ -3,6 +3,7 @@
|
|
NULL =
|
|
|
|
SUBDIRS = \
|
|
+ sntp \
|
|
scripts \
|
|
include \
|
|
libntp \
|
|
@@ -17,7 +18,6 @@
|
|
clockstuff \
|
|
kernel \
|
|
util \
|
|
- sntp \
|
|
tests \
|
|
$(NULL)
|
|
|
|
@@ -64,7 +64,6 @@
|
|
.gcc-warning \
|
|
libtool \
|
|
html/.datecheck \
|
|
- sntp/built-sources-only \
|
|
$(srcdir)/COPYRIGHT \
|
|
$(srcdir)/.checkChangeLog \
|
|
$(NULL)
|
|
diff -Nura ntp-4.2.8.orig/sntp/configure.ac ntp-4.2.8/sntp/configure.ac
|
|
--- ntp-4.2.8.orig/sntp/configure.ac 2014-12-22 10:16:10.428300168 -0300
|
|
+++ ntp-4.2.8/sntp/configure.ac 2014-12-22 10:24:11.238172928 -0300
|
|
@@ -97,11 +97,14 @@
|
|
enable_nls=no
|
|
LIBOPTS_CHECK
|
|
|
|
-AM_COND_IF(
|
|
- [BUILD_SNTP],
|
|
- [NTP_LIBEVENT_CHECK],
|
|
- [NTP_LIBEVENT_CHECK_NOBUILD]
|
|
-)
|
|
+# From when we only used libevent for sntp:
|
|
+#AM_COND_IF(
|
|
+# [BUILD_SNTP],
|
|
+# [NTP_LIBEVENT_CHECK],
|
|
+# [NTP_LIBEVENT_CHECK_NOBUILD]
|
|
+#)
|
|
+
|
|
+NTP_LIBEVENT_CHECK([2])
|
|
|
|
# Checks for libraries.
|
|
|
|
diff -Nura ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4 ntp-4.2.8/sntp/m4/ntp_libevent.m4
|
|
--- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4 2014-12-22 10:16:10.417294288 -0300
|
|
+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4 2014-12-22 10:20:31.757915561 -0300
|
|
@@ -1,4 +1,25 @@
|
|
-dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*-
|
|
+# SYNOPSIS -*- Autoconf -*-
|
|
+#
|
|
+# NTP_ENABLE_LOCAL_LIBEVENT
|
|
+# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]])
|
|
+# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]])
|
|
+#
|
|
+# DESCRIPTION
|
|
+#
|
|
+# AUTHOR
|
|
+#
|
|
+# Harlan Stenn
|
|
+#
|
|
+# LICENSE
|
|
+#
|
|
+# This file is Copyright (c) 2014 Network Time Foundation
|
|
+#
|
|
+# Copying and distribution of this file, with or without modification, are
|
|
+# permitted in any medium without royalty provided the copyright notice,
|
|
+# author attribution and this notice are preserved. This file is offered
|
|
+# as-is, without any warranty.
|
|
+
|
|
+dnl NTP_ENABLE_LOCAL_LIBEVENT
|
|
dnl
|
|
dnl Provide only the --enable-local-libevent command-line option.
|
|
dnl
|
|
@@ -29,7 +50,7 @@
|
|
dnl but DO NOT invoke DIR/configure if we are going to use our bundled
|
|
dnl version. This may be the case for nested packages.
|
|
dnl
|
|
-dnl provide --enable-local-libevent .
|
|
+dnl provides --enable-local-libevent .
|
|
dnl
|
|
dnl Examples:
|
|
dnl
|
|
diff -Nura ntp-4.2.8.orig/util/Makefile.am ntp-4.2.8/util/Makefile.am
|
|
--- ntp-4.2.8.orig/util/Makefile.am 2014-12-22 10:16:10.435303910 -0300
|
|
+++ ntp-4.2.8/util/Makefile.am 2014-12-22 10:21:02.500339706 -0300
|
|
@@ -19,6 +19,7 @@
|
|
LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS)
|
|
tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM)
|
|
ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a
|
|
+ntp_keygen_LDADD += $(LDADD_LIBEVENT)
|
|
ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM)
|
|
ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h
|
|
|