ntp: update to 4.2.8.p10

LICENSE_FILE md5 changed do to copyright date change. NTF's NTP Project is releasing ntp-4.2.8p10, which addresses: 6 MEDIUM severity vulnerabilities (1 is about the Windows PPSAPI DLL) 5 LOW severity vulnerabilities (2 are in the Windows Installer) 4 Informational-level vulnerabilities 15 other non-security fixes and improvements All of the security issues in this release are listed in VU#633849. ntp-4.2.8p10 was released on 21 March 2017. Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via Malformed Config (Pentest report 01.2017) Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Pentest report 01.2017) Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Pentest report 01.2017) Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value (Pentest report 01.2017) Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Pentest report 01.2017) Sec 3384 / CVE-2017-6455 / VU#325339: NTP-01-009 NTP: Windows: Privileged execution of User Library code (Pentest report 01.2017) Sec 3383 / CVE-2017-6452 / VU#325339: NTP-01-008 NTP: Windows Installer: Stack Buffer Overflow from Command Line (Pentest report 01.2017) Sec 3382 / CVE-2017-6459 / VU#325339: NTP-01-007 NTP: Windows Installer: Data Structure terminated insufficiently (Pentest report 01.2017) Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code (Pentest report 01.2017) Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Pentest report 01.2017) Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Pentest report 01.2017) Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf() in mx4200_send() (Pentest report 01.2017) Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq when fetching reslist (Pentest report 01.2017) Sec 3376: NTP-01-001 Makefile does not enforce Security Flags (Pentest report 01.2017) Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: Armin Kuster <akuster@mvista.com> 2017-03-24 09:22:55 -0700
committer: Joe MacDonald <joe_macdonald@mentor.com> 2017-04-25 10:24:47 -0400
commit: 01511d4cdedb696486f29d328a0289694661448d (patch)
tree: 94c8a034ac1f7a71744f942683383e4d63af1a43 /meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb
parent: 529b1e660fe6d2ea896ed83d4fe9d9def2a75dd4 (diff)
download: meta-openembedded-01511d4cdedb696486f29d328a0289694661448d.tar.gz
1 files changed, 170 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb
new file mode 100644
index 000000000..719c60b97
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb
@@ -0,0 +1,170 @@
+SUMMARY = "Network Time Protocol daemon and utilities"
+DESCRIPTION = "The Network Time Protocol (NTP) is used to \
+synchronize the time of a computer client or server to \
+another server or reference time source, such as a radio \
+or satellite receiver or modem."
+HOMEPAGE = "http://support.ntp.org"
+SECTION = "net"
+LICENSE = "NTP"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=e877a1d567a6a58996d2b66e3e387003"
+DEPENDS = "libevent"
+SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \
+           file://ntp-4.2.4_p6-nano.patch \
+           file://ntpd \
+           file://ntp.conf \
+           file://ntpdate \
+           file://ntpdate.default \
+           file://ntpdate.service \
+           file://ntpd.service \
+           file://sntp.service \
+           file://sntp \
+           file://ntpd.list \
+"
+SRC_URI[md5sum] = "745384ed0dedb3f66b33fe84d66466f9"
+SRC_URI[sha256sum] = "ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f"
+inherit autotools update-rc.d useradd systemd pkgconfig
+# The ac_cv_header_readline_history is to stop ntpdc depending on either
+# readline or curses
+EXTRA_OECONF += "--with-net-snmp-config=no \
+                 --without-ntpsnmpd \
+                 ac_cv_header_readline_history_h=no \
+                 --with-yielding_select=yes \
+                 --with-locfile=redhat \
+                 --without-rpath \
+                 "
+CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED"
+USERADD_PACKAGES = "${PN}"
+NTP_USER_HOME ?= "/var/lib/ntp"
+USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \
+                       --no-create-home \
+                       --shell /bin/false --user-group ntp"
+# NB: debug is default-enabled by NTP; keep it default-enabled here.
+PACKAGECONFIG ??= "cap debug refclocks openssl \
+    ${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
+"
+PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \
+                          --with-openssl-incdir=${STAGING_INCDIR} \
+                          --with-crypto, \
+                          --without-openssl --without-crypto, \
+                          openssl"
+PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap"
+PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline"
+PACKAGECONFIG[refclocks] = "--enable-all-clocks,--disable-all-clocks,pps-tools"
+PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging"
+PACKAGECONFIG[mdns] = "ac_cv_header_dns_sd_h=yes,ac_cv_header_dns_sd_h=no,mdns"
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+do_install_append() {
+    install -d ${D}${sysconfdir}/init.d
+    install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir}
+    install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d
+    install -d ${D}${bindir}
+    install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync
+    install -m 755 -d ${D}${NTP_USER_HOME}
+    chown ntp:ntp ${D}${NTP_USER_HOME}
+    # Fix hardcoded paths in scripts
+    sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
+    sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
+    sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
+    sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
+    sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync
+    sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace
+    sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace
+    sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait
+    sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait
+    sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj
+    sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj
+    install -d ${D}/${sysconfdir}/default
+    install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate
+    install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/
+    install -d ${D}/${sysconfdir}/network/if-up.d
+    ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/
+    install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/
+    install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/
+    install -d ${D}${systemd_unitdir}/ntp-units.d
+    install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list
+    # Remove an empty libexecdir.
+    rmdir --ignore-fail-on-non-empty ${D}${libexecdir}
+}
+PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils"
+# NOTE: you don't need ntpdate, use "ntpd -q -g -x"
+# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms
+# with wonky clocks (e.g. OpenSlug)
+RDEPENDS_${PN} = "${PN}-tickadj"
+# Handle move from bin to utils package
+RPROVIDES_${PN}-utils = "${PN}-bin"
+RREPLACES_${PN}-utils = "${PN}-bin"
+RCONFLICTS_${PN}-utils = "${PN}-bin"
+SYSTEMD_PACKAGES = "${PN} ntpdate sntp"
+SYSTEMD_SERVICE_${PN} = "ntpd.service"
+SYSTEMD_SERVICE_ntpdate = "ntpdate.service"
+SYSTEMD_SERVICE_sntp = "sntp.service"
+RPROVIDES_${PN} += "${PN}-systemd"
+RREPLACES_${PN} += "${PN}-systemd"
+RCONFLICTS_${PN} += "${PN}-systemd"
+RPROVIDES_ntpdate += "ntpdate-systemd"
+RREPLACES_ntpdate += "ntpdate-systemd"
+RCONFLICTS_ntpdate += "ntpdate-systemd"
+RSUGGESTS_${PN} = "iana-etc"
+FILES_${PN} = "${sbindir}/ntpd.ntp ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \
+    ${NTP_USER_HOME} \
+    ${systemd_unitdir}/ntp-units.d/60-ntpd.list ${libexecdir}\
+"
+FILES_${PN}-tickadj = "${sbindir}/tickadj"
+FILES_${PN}-utils = "${sbindir} ${datadir}/ntp/lib"
+RDEPENDS_${PN}-utils += "perl"
+FILES_ntpdate = "${sbindir}/ntpdate \
+    ${sysconfdir}/network/if-up.d/ntpdate-sync \
+    ${bindir}/ntpdate-sync \
+    ${sysconfdir}/default/ntpdate \
+    ${systemd_unitdir}/system/ntpdate.service \
+"
+FILES_sntp = "${sbindir}/sntp \
+              ${sysconfdir}/default/sntp \
+              ${systemd_unitdir}/system/sntp.service \
+             "
+CONFFILES_${PN} = "${sysconfdir}/ntp.conf"
+CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate"
+INITSCRIPT_NAME = "ntpd"
+# No dependencies, so just go in at the standard level (20)
+INITSCRIPT_PARAMS = "defaults"
+pkg_postinst_ntpdate() {
+    if ! grep -q -s ntpdate $D/var/spool/cron/root; then
+        echo "adding crontab"
+        test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron
+        echo "30 * * * *    ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root
+    fi
+}
+inherit update-alternatives
+ALTERNATIVE_PRIORITY = "100"
+ALTERNATIVE_${PN} = "ntpd"
+ALTERNATIVE_LINK_NAME[ntpd] = "${sbindir}/ntpd"
author	Armin Kuster <akuster@mvista.com>	2017-03-24 09:22:55 -0700
committer	Joe MacDonald <joe_macdonald@mentor.com>	2017-04-25 10:24:47 -0400
commit	01511d4cdedb696486f29d328a0289694661448d (patch)
tree	94c8a034ac1f7a71744f942683383e4d63af1a43 /meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb
parent	529b1e660fe6d2ea896ed83d4fe9d9def2a75dd4 (diff)
download	meta-openembedded-01511d4cdedb696486f29d328a0289694661448d.tar.gz

diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb new file mode 100644 index 000000000..719c60b97 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p10.bb
@@ -0,0 +1,170 @@
	1	SUMMARY = "Network Time Protocol daemon and utilities"
	2	DESCRIPTION = "The Network Time Protocol (NTP) is used to \
	3	synchronize the time of a computer client or server to \
	4	another server or reference time source, such as a radio \
	5	or satellite receiver or modem."
	6	HOMEPAGE = "http://support.ntp.org"
	7	SECTION = "net"
	8	LICENSE = "NTP"
	9	LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=e877a1d567a6a58996d2b66e3e387003"
	10
	11	DEPENDS = "libevent"
	12
	13	SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \
	14	file://ntp-4.2.4_p6-nano.patch \
	15	file://ntpd \
	16	file://ntp.conf \
	17	file://ntpdate \
	18	file://ntpdate.default \
	19	file://ntpdate.service \
	20	file://ntpd.service \
	21	file://sntp.service \
	22	file://sntp \
	23	file://ntpd.list \
	24	"
	25
	26	SRC_URI[md5sum] = "745384ed0dedb3f66b33fe84d66466f9"
	27	SRC_URI[sha256sum] = "ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f"
	28
	29	inherit autotools update-rc.d useradd systemd pkgconfig
	30
	31	# The ac_cv_header_readline_history is to stop ntpdc depending on either
	32	# readline or curses
	33	EXTRA_OECONF += "--with-net-snmp-config=no \
	34	--without-ntpsnmpd \
	35	ac_cv_header_readline_history_h=no \
	36	--with-yielding_select=yes \
	37	--with-locfile=redhat \
	38	--without-rpath \
	39	"
	40	CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED"
	41
	42	USERADD_PACKAGES = "${PN}"
	43	NTP_USER_HOME ?= "/var/lib/ntp"
	44	USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \
	45	--no-create-home \
	46	--shell /bin/false --user-group ntp"
	47
	48	# NB: debug is default-enabled by NTP; keep it default-enabled here.
	49	PACKAGECONFIG ??= "cap debug refclocks openssl \
	50	${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} \
	51	"
	52	PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \
	53	--with-openssl-incdir=${STAGING_INCDIR} \
	54	--with-crypto, \
	55	--without-openssl --without-crypto, \
	56	openssl"
	57	PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap"
	58	PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline"
	59	PACKAGECONFIG[refclocks] = "--enable-all-clocks,--disable-all-clocks,pps-tools"
	60	PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging"
	61	PACKAGECONFIG[mdns] = "ac_cv_header_dns_sd_h=yes,ac_cv_header_dns_sd_h=no,mdns"
	62	PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
	63
	64	do_install_append() {
	65	install -d ${D}${sysconfdir}/init.d
	66	install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir}
	67	install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d
	68	install -d ${D}${bindir}
	69	install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync
	70
	71	install -m 755 -d ${D}${NTP_USER_HOME}
	72	chown ntp:ntp ${D}${NTP_USER_HOME}
	73
	74	# Fix hardcoded paths in scripts
	75	sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
	76	sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
	77	sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
	78	sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
	79	sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync
	80	sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace
	81	sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace
	82	sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait
	83	sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait
	84	sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj
	85	sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj
	86
	87	install -d ${D}/${sysconfdir}/default
	88	install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate
	89	install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/
	90
	91	install -d ${D}/${sysconfdir}/network/if-up.d
	92	ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d
	93
	94	install -d ${D}${systemd_unitdir}/system
	95	install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/
	96	install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/
	97	install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/
	98
	99	install -d ${D}${systemd_unitdir}/ntp-units.d
	100	install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list
	101
	102	# Remove an empty libexecdir.
	103	rmdir --ignore-fail-on-non-empty ${D}${libexecdir}
	104	}
	105
	106	PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils"
	107	# NOTE: you don't need ntpdate, use "ntpd -q -g -x"
	108
	109	# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms
	110	# with wonky clocks (e.g. OpenSlug)
	111	RDEPENDS_${PN} = "${PN}-tickadj"
	112	# Handle move from bin to utils package
	113	RPROVIDES_${PN}-utils = "${PN}-bin"
	114	RREPLACES_${PN}-utils = "${PN}-bin"
	115	RCONFLICTS_${PN}-utils = "${PN}-bin"
	116
	117	SYSTEMD_PACKAGES = "${PN} ntpdate sntp"
	118	SYSTEMD_SERVICE_${PN} = "ntpd.service"
	119	SYSTEMD_SERVICE_ntpdate = "ntpdate.service"
	120	SYSTEMD_SERVICE_sntp = "sntp.service"
	121
	122	RPROVIDES_${PN} += "${PN}-systemd"
	123	RREPLACES_${PN} += "${PN}-systemd"
	124	RCONFLICTS_${PN} += "${PN}-systemd"
	125
	126	RPROVIDES_ntpdate += "ntpdate-systemd"
	127	RREPLACES_ntpdate += "ntpdate-systemd"
	128	RCONFLICTS_ntpdate += "ntpdate-systemd"
	129
	130	RSUGGESTS_${PN} = "iana-etc"
	131
	132	FILES_${PN} = "${sbindir}/ntpd.ntp ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \
	133	${NTP_USER_HOME} \
	134	${systemd_unitdir}/ntp-units.d/60-ntpd.list ${libexecdir}\
	135	"
	136	FILES_${PN}-tickadj = "${sbindir}/tickadj"
	137	FILES_${PN}-utils = "${sbindir} ${datadir}/ntp/lib"
	138	RDEPENDS_${PN}-utils += "perl"
	139	FILES_ntpdate = "${sbindir}/ntpdate \
	140	${sysconfdir}/network/if-up.d/ntpdate-sync \
	141	${bindir}/ntpdate-sync \
	142	${sysconfdir}/default/ntpdate \
	143	${systemd_unitdir}/system/ntpdate.service \
	144	"
	145	FILES_sntp = "${sbindir}/sntp \
	146	${sysconfdir}/default/sntp \
	147	${systemd_unitdir}/system/sntp.service \
	148	"
	149
	150	CONFFILES_${PN} = "${sysconfdir}/ntp.conf"
	151	CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate"
	152
	153	INITSCRIPT_NAME = "ntpd"
	154	# No dependencies, so just go in at the standard level (20)
	155	INITSCRIPT_PARAMS = "defaults"
	156
	157	pkg_postinst_ntpdate() {
	158	if ! grep -q -s ntpdate $D/var/spool/cron/root; then
	159	echo "adding crontab"
	160	test -d $D/var/spool/cron \|\| mkdir -p $D/var/spool/cron
	161	echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root
	162	fi
	163	}
	164
	165	inherit update-alternatives
	166
	167	ALTERNATIVE_PRIORITY = "100"
	168
	169	ALTERNATIVE_${PN} = "ntpd"
	170	ALTERNATIVE_LINK_NAME[ntpd] = "${sbindir}/ntpd"