NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
700f65462e
kumquat-buildroot/package/ntp/ntp.mk
Sébastien Szymanski cee522be2c package/ntp: security bump to version 4.2.8p14 
"This release fixes three security issues in ntpd and provides 46
bugfixes and addresses 4 other issues." [1]

NONE: Sec 3610: process_control() should bail earlier on short packets.

MEDIUM: Sec 3596: Unauthenticated ntpd may be susceptible to IPv4 spoof
attack from highly predictable transmit timestamps.

MEDIUM: Sec 3592: DoS Attack on unauthenticated client.
The fix for https://bugs.ntp.org/3445 introduced a bug whereby a system that
is running ntp-4.2.8p12 (possibly earlier) or p13 that only has one
unauthenticated time source can be attacked in a way that causes the
victim's next poll to its source to be delayed, for as long as the attack is
maintained.

[1] http://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele

The copyright year has changed in the COPYRIGHT file, so adjust the hash to
match and adjust the spacing to match recent agreements:

@@ -3,7 +3,7 @@

    jpg "Clone me," says Dolly sheepishly.

-   Last update: 2-Jan-2017 11:58 UTC
+   Last update: 4-Feb-2020 23:47 UTC
      __________________________________________________________________

    The following copyright notice applies to all files collectively called
@@ -32,7 +32,7 @@
    Burnicki is:
 ***********************************************************************
 *                                                                     *
-* Copyright (c) Network Time Foundation 2011-2017                     *
+* Copyright (c) Network Time Foundation 2011-2020                     *
 *                                                                     *
 * All Rights Reserved                                                 *
 *                                                                     *

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
[Peter: clarify security impact, document COPYRIGHT change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 9daf7483e9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-04-08 14:51:35 +02:00

120 lines
3.4 KiB
Makefile
Raw Blame History

################################################################################
#
# ntp
#
################################################################################
NTP_VERSION_MAJOR = 4.2
NTP_VERSION = $(NTP_VERSION_MAJOR).8p14
NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
NTP_DEPENDENCIES = host-pkgconf libevent
NTP_LICENSE = NTP
NTP_LICENSE_FILES = COPYRIGHT
NTP_CONF_ENV = ac_cv_lib_md5_MD5Init=no POSIX_SHELL=/bin/sh
NTP_CONF_OPTS = \
--with-shared \
--program-transform-name=s,,, \
--disable-tickadj \
--disable-debugging \
--with-yielding-select=yes \
--disable-local-libevent
# 0002-ntp-syscalls-fallback.patch
NTP_AUTORECONF = YES
ifeq ($(BR2_PACKAGE_OPENSSL),y)
NTP_CONF_OPTS += --with-crypto --enable-openssl-random
NTP_DEPENDENCIES += openssl
else
NTP_CONF_OPTS += --without-crypto --disable-openssl-random
endif
ifeq ($(BR2_TOOLCHAIN_HAS_SSP),y)
NTP_CONF_OPTS += --with-hardenfile=linux
else
NTP_CONF_OPTS += --with-hardenfile=default
endif
ifeq ($(BR2_PACKAGE_LIBCAP),y)
NTP_CONF_OPTS += --enable-linuxcaps
NTP_DEPENDENCIES += libcap
else
NTP_CONF_OPTS += --disable-linuxcaps
endif
ifeq ($(BR2_PACKAGE_LIBEDIT),y)
NTP_CONF_OPTS += --with-lineeditlibs=edit
NTP_DEPENDENCIES += libedit
else
NTP_CONF_OPTS += --without-lineeditlibs
endif
ifeq ($(BR2_PACKAGE_NTP_NTPSNMPD),y)
NTP_CONF_OPTS += \
--with-net-snmp-config=$(STAGING_DIR)/usr/bin/net-snmp-config
NTP_DEPENDENCIES += netsnmp
else
NTP_CONF_OPTS += --without-ntpsnmpd
endif
ifeq ($(BR2_PACKAGE_NTP_NTPD_ATOM_PPS),y)
NTP_CONF_OPTS += --enable-ATOM
NTP_DEPENDENCIES += pps-tools
else
NTP_CONF_OPTS += --disable-ATOM
endif
ifeq ($(BR2_PACKAGE_NTP_NTP_SHM_CLK),y)
NTP_CONF_OPTS += --enable-SHM
else
NTP_CONF_OPTS += --disable-SHM
endif
ifeq ($(BR2_PACKAGE_NTP_SNTP),y)
NTP_CONF_OPTS += --with-sntp
else
NTP_CONF_OPTS += --without-sntp
endif
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTP_KEYGEN) += util/ntp-keygen
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTP_WAIT) += scripts/ntp-wait/ntp-wait
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTPDATE) += ntpdate/ntpdate
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTPDC) += ntpdc/ntpdc
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTPQ) += ntpq/ntpq
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTPSNMPD) += ntpsnmpd/ntpsnmpd
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTPTIME) += util/ntptime
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_NTPTRACE) += scripts/ntptrace/ntptrace
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_SNTP) += sntp/sntp
NTP_INSTALL_FILES_$(BR2_PACKAGE_NTP_TICKADJ) += util/tickadj
define NTP_INSTALL_TARGET_CMDS
$(if $(BR2_PACKAGE_NTP_NTPD), install -m 755 $(@D)/ntpd/ntpd $(TARGET_DIR)/usr/sbin/ntpd)
test -z "$(NTP_INSTALL_FILES_y)" || install -m 755 $(addprefix $(@D)/,$(NTP_INSTALL_FILES_y)) $(TARGET_DIR)/usr/bin/
$(INSTALL) -m 644 package/ntp/ntpd.etc.conf $(TARGET_DIR)/etc/ntp.conf
endef
# This script will step the time if there is a large difference
# before ntpd takes over the necessary slew adjustments
ifeq ($(BR2_PACKAGE_NTP_SNTP),y)
define NTP_INSTALL_INIT_SYSV_SNTP
$(INSTALL) -D -m 755 package/ntp/S48sntp $(TARGET_DIR)/etc/init.d/S48sntp
endef
endif
ifeq ($(BR2_PACKAGE_NTP_NTPD),y)
define NTP_INSTALL_INIT_SYSV_NTPD
$(INSTALL) -D -m 755 package/ntp/S49ntp $(TARGET_DIR)/etc/init.d/S49ntp
endef
define NTP_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 644 package/ntp/ntpd.service $(TARGET_DIR)/usr/lib/systemd/system/ntpd.service
endef
endif
define NTP_INSTALL_INIT_SYSV
$(NTP_INSTALL_INIT_SYSV_NTPD)
$(NTP_INSTALL_INIT_SYSV_SNTP)
endef
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink