summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/ntp
diff options
context:
space:
mode:
Diffstat (limited to 'meta-networking/recipes-support/ntp')
-rw-r--r--meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch112
-rw-r--r--meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch17
-rw-r--r--meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9293.patch43
-rw-r--r--meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9294.patch128
-rw-r--r--meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9295.patch113
-rw-r--r--meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9296.patch21
-rw-r--r--meta-networking/recipes-support/ntp/files/ntp-keygen_no_openssl.patch108
-rw-r--r--meta-networking/recipes-support/ntp/files/ntp.conf17
-rwxr-xr-xmeta-networking/recipes-support/ntp/files/ntpd84
-rwxr-xr-xmeta-networking/recipes-support/ntp/files/ntpdate54
-rw-r--r--meta-networking/recipes-support/ntp/files/ntpdate.default7
-rw-r--r--meta-networking/recipes-support/ntp/files/openssl-check.patch59
-rw-r--r--meta-networking/recipes-support/ntp/files/tickadj.c.patch32
-rw-r--r--meta-networking/recipes-support/ntp/ntp.inc158
-rw-r--r--meta-networking/recipes-support/ntp/ntp/ntpd.list1
-rw-r--r--meta-networking/recipes-support/ntp/ntp/ntpd.service11
-rw-r--r--meta-networking/recipes-support/ntp/ntp/ntpdate.service11
-rw-r--r--meta-networking/recipes-support/ntp/ntp/sntp1
-rw-r--r--meta-networking/recipes-support/ntp/ntp/sntp.service11
-rw-r--r--meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb6
20 files changed, 994 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch b/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch
new file mode 100644
index 000000000..ddcb044e6
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch
@@ -0,0 +1,112 @@
1ntp: fix CVE-2013-5211
2
3Upstream-status: Backport
4
5The monlist feature in ntp_request.c in ntpd in NTP before
64.2.7p26 allows remote attackers to cause a denial of service
7(traffic amplification) via forged (1) REQ_MON_GETLIST or
8(2) REQ_MON_GETLIST_1 requests, as exploited in the wild
9in December 2013.
10
11Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
12
13--- a/ntpd/ntp_request.c
14+++ b/ntpd/ntp_request.c
15@@ -1912,44 +1912,11 @@ mon_getlist_0(
16 struct req_pkt *inpkt
17 )
18 {
19- register struct info_monitor *im;
20- register struct mon_data *md;
21- extern struct mon_data mon_mru_list;
22- extern int mon_enabled;
23-
24 #ifdef DEBUG
25 if (debug > 2)
26 printf("wants monitor 0 list\n");
27 #endif
28- if (!mon_enabled) {
29- req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
30- return;
31- }
32- im = (struct info_monitor *)prepare_pkt(srcadr, inter, inpkt,
33- v6sizeof(struct info_monitor));
34- for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0;
35- md = md->mru_next) {
36- im->lasttime = htonl((u_int32)((current_time -
37- md->firsttime) / md->count));
38- im->firsttime = htonl((u_int32)(current_time - md->lasttime));
39- im->restr = htonl((u_int32)md->flags);
40- im->count = htonl((u_int32)(md->count));
41- if (IS_IPV6(&md->rmtadr)) {
42- if (!client_v6_capable)
43- continue;
44- im->addr6 = SOCK_ADDR6(&md->rmtadr);
45- im->v6_flag = 1;
46- } else {
47- im->addr = NSRCADR(&md->rmtadr);
48- if (client_v6_capable)
49- im->v6_flag = 0;
50- }
51- im->port = md->rmtport;
52- im->mode = md->mode;
53- im->version = md->version;
54- im = (struct info_monitor *)more_pkt();
55- }
56- flush_pkt();
57+ req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
58 }
59
60 /*
61@@ -1962,50 +1929,7 @@ mon_getlist_1(
62 struct req_pkt *inpkt
63 )
64 {
65- register struct info_monitor_1 *im;
66- register struct mon_data *md;
67- extern struct mon_data mon_mru_list;
68- extern int mon_enabled;
69-
70- if (!mon_enabled) {
71- req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
72- return;
73- }
74- im = (struct info_monitor_1 *)prepare_pkt(srcadr, inter, inpkt,
75- v6sizeof(struct info_monitor_1));
76- for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0;
77- md = md->mru_next) {
78- im->lasttime = htonl((u_int32)((current_time -
79- md->firsttime) / md->count));
80- im->firsttime = htonl((u_int32)(current_time - md->lasttime));
81- im->restr = htonl((u_int32)md->flags);
82- im->count = htonl((u_int32)md->count);
83- if (IS_IPV6(&md->rmtadr)) {
84- if (!client_v6_capable)
85- continue;
86- im->addr6 = SOCK_ADDR6(&md->rmtadr);
87- im->v6_flag = 1;
88- im->daddr6 = SOCK_ADDR6(&md->interface->sin);
89- } else {
90- im->addr = NSRCADR(&md->rmtadr);
91- if (client_v6_capable)
92- im->v6_flag = 0;
93- if (MDF_BCAST == md->cast_flags)
94- im->daddr = NSRCADR(&md->interface->bcast);
95- else if (md->cast_flags) {
96- im->daddr = NSRCADR(&md->interface->sin);
97- if (!im->daddr)
98- im->daddr = NSRCADR(&md->interface->bcast);
99- } else
100- im->daddr = 4;
101- }
102- im->flags = htonl(md->cast_flags);
103- im->port = md->rmtport;
104- im->mode = md->mode;
105- im->version = md->version;
106- im = (struct info_monitor_1 *)more_pkt();
107- }
108- flush_pkt();
109+ req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
110 }
111
112 /*
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch
new file mode 100644
index 000000000..cb1e2f734
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch
@@ -0,0 +1,17 @@
1--- a/include/ntp_syscall.h.orig 2009-05-19 16:44:55.048156467 -0400
2+++ b/include/ntp_syscall.h 2009-05-19 16:46:19.293323686 -0400
3@@ -14,6 +14,14 @@
4 # include <sys/timex.h>
5 #endif
6
7+#if defined(ADJ_NANO) && !defined(MOD_NANO)
8+#define MOD_NANO ADJ_NANO
9+#endif
10+
11+#if defined(ADJ_TAI) && !defined(MOD_TAI)
12+#define MOD_TAI ADJ_TAI
13+#endif
14+
15 #ifndef NTP_SYSCALLS_LIBC
16 #ifdef NTP_SYSCALLS_STD
17 # define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t))
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9293.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9293.patch
new file mode 100644
index 000000000..667b705ea
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9293.patch
@@ -0,0 +1,43 @@
1CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
2
3Upstream-Status: Backport [Debian]
4
5Signed-off-by: Armin Kuster <akuster808@gmail.com>
6
7Index: git/ntpd/ntp_config.c
8===================================================================
9--- git.orig/ntpd/ntp_config.c 2014-12-20 18:45:45.232872120 +0100
10+++ git/ntpd/ntp_config.c 2014-12-20 18:45:47.672921968 +0100
11@@ -1866,13 +1866,16 @@
12 req_hashlen = digest_len;
13 #endif
14 } else {
15- int rankey;
16+ unsigned char rankey[16];
17+
18+ if (ntp_crypto_random_buf(rankey, sizeof (rankey))) {
19+ msyslog(LOG_ERR, "ntp_crypto_random_buf() failed.");
20+ exit(1);
21+ }
22
23- rankey = ntp_random();
24 req_keytype = NID_md5;
25 req_hashlen = 16;
26- MD5auth_setkey(req_keyid, req_keytype,
27- (u_char *)&rankey, sizeof(rankey));
28+ MD5auth_setkey(req_keyid, req_keytype, rankey, sizeof(rankey));
29 authtrust(req_keyid, 1);
30 }
31
32Index: git/ntpd/ntpd.c
33===================================================================
34--- git.orig/ntpd/ntpd.c 2014-12-20 18:45:45.232872120 +0100
35+++ git/ntpd/ntpd.c 2014-12-20 18:45:47.672921968 +0100
36@@ -597,6 +597,7 @@
37 get_systime(&now);
38
39 ntp_srandom((int)(now.l_i * now.l_uf));
40+ ntp_crypto_srandom();
41
42 #if !defined(VMS)
43 # ifndef NODETACH
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9294.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9294.patch
new file mode 100644
index 000000000..67e532b9d
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9294.patch
@@ -0,0 +1,128 @@
1CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
2
3Upstream-Status: Backport [Debian]
4
5Signed-off-by: Armin Kuster <akuster808@gmail.com>
6
7Index: ntp-4.2.6p5/include/ntp_random.h
8===================================================================
9--- ntp-4.2.6p5.orig/include/ntp_random.h
10+++ ntp-4.2.6p5/include/ntp_random.h
11@@ -1,6 +1,9 @@
12
13 #include <ntp_types.h>
14
15+void ntp_crypto_srandom(void);
16+int ntp_crypto_random_buf(void *buf, size_t nbytes);
17+
18 long ntp_random (void);
19 void ntp_srandom (unsigned long);
20 void ntp_srandomdev (void);
21Index: ntp-4.2.6p5/libntp/ntp_random.c
22===================================================================
23--- ntp-4.2.6p5.orig/libntp/ntp_random.c
24+++ ntp-4.2.6p5/libntp/ntp_random.c
25@@ -481,3 +481,74 @@ ntp_random( void )
26 }
27 return(i);
28 }
29+
30+/*
31+ * Crypto-quality random number functions
32+ *
33+ * Author: Harlan Stenn, 2014
34+ *
35+ * This file is Copyright (c) 2014 by Network Time Foundation.
36+ * BSD terms apply: see the file COPYRIGHT in the distribution root for details.
37+ */
38+
39+#ifdef OPENSSL
40+#include <openssl/err.h>
41+#include <openssl/rand.h>
42+
43+int crypto_rand_init = 0;
44+#endif
45+
46+/*
47+ * ntp_crypto_srandom:
48+ *
49+ * Initialize the random number generator, if needed by the underlying
50+ * crypto random number generation mechanism.
51+ */
52+
53+void
54+ntp_crypto_srandom(
55+ void
56+ )
57+{
58+#ifdef OPENSSL
59+ if (!crypto_rand_init) {
60+ RAND_poll();
61+ crypto_rand_init = 1;
62+ }
63+#else
64+ /* No initialization needed for arc4random() */
65+#endif
66+}
67+
68+/*
69+ * ntp_crypto_random_buf:
70+ *
71+ * Returns 0 on success, -1 on error.
72+ */
73+int
74+ntp_crypto_random_buf(
75+ void *buf,
76+ size_t nbytes
77+ )
78+{
79+#ifdef OPENSSL
80+ int rc;
81+
82+ rc = RAND_bytes(buf, nbytes);
83+ if (1 != rc) {
84+ unsigned long err;
85+ char *err_str;
86+
87+ err = ERR_get_error();
88+ err_str = ERR_error_string(err, NULL);
89+ /* XXX: Log the error */
90+
91+ return -1;
92+ }
93+ return 0;
94+#else
95+ arc4random_buf(buf, nbytes);
96+ return 0;
97+#endif
98+}
99+
100Index: ntp-4.2.6p5/util/ntp-keygen.c
101===================================================================
102--- ntp-4.2.6p5.orig/util/ntp-keygen.c
103+++ ntp-4.2.6p5/util/ntp-keygen.c
104@@ -261,6 +261,8 @@ main(
105 ssl_check_version();
106 #endif /* OPENSSL */
107
108+ ntp_crypto_srandom();
109+
110 /*
111 * Process options, initialize host name and timestamp.
112 */
113@@ -727,7 +729,14 @@ gen_md5(
114 int temp;
115
116 while (1) {
117- temp = ntp_random() & 0xff;
118+ int rc;
119+
120+ rc = ntp_crypto_random_buf(&temp, 1);
121+ if (-1 == rc) {
122+ fprintf(stderr, "ntp_crypto_random_buf() failed.\n");
123+ exit (-1);
124+ }
125+ temp &= 0xff;
126 if (temp == '#')
127 continue;
128
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9295.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9295.patch
new file mode 100644
index 000000000..6143f26e9
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9295.patch
@@ -0,0 +1,113 @@
1CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets
2
3Upstream-Status: Backport [Debian]
4
5Signed-off-by: Armin Kuster <akuster808@gmail.com>
6
72014-12-12 11:06:03+00:00, stenn@psp-fb1.ntp.org +12 -3
8 [Sec 2667] buffer overflow in crypto_recv()
92014-12-12 11:13:40+00:00, stenn@psp-fb1.ntp.org +16 -1
10 [Sec 2668] buffer overflow in ctl_putdata()
112014-12-12 11:19:37+00:00, stenn@psp-fb1.ntp.org +14 -0
12 [Sec 2669] buffer overflow in configure()
13
14Index: git/ntpd/ntp_crypto.c
15===================================================================
16--- git.orig/ntpd/ntp_crypto.c 2014-12-20 18:45:44.208851199 +0100
17+++ git/ntpd/ntp_crypto.c 2014-12-20 18:45:56.425100776 +0100
18@@ -789,15 +789,24 @@
19 * errors.
20 */
21 if (vallen == (u_int)EVP_PKEY_size(host_pkey)) {
22+ u_int32 *cookiebuf = malloc(
23+ RSA_size(host_pkey->pkey.rsa));
24+ if (!cookiebuf) {
25+ rval = XEVNT_CKY;
26+ break;
27+ }
28+
29 if (RSA_private_decrypt(vallen,
30 (u_char *)ep->pkt,
31- (u_char *)&temp32,
32+ (u_char *)cookiebuf,
33 host_pkey->pkey.rsa,
34- RSA_PKCS1_OAEP_PADDING) <= 0) {
35+ RSA_PKCS1_OAEP_PADDING) != 4) {
36 rval = XEVNT_CKY;
37+ free(cookiebuf);
38 break;
39 } else {
40- cookie = ntohl(temp32);
41+ cookie = ntohl(*cookiebuf);
42+ free(cookiebuf);
43 }
44 } else {
45 rval = XEVNT_CKY;
46Index: git/ntpd/ntp_control.c
47===================================================================
48--- git.orig/ntpd/ntp_control.c 2014-12-20 18:45:44.208851199 +0100
49+++ git/ntpd/ntp_control.c 2014-12-20 18:45:56.429100859 +0100
50@@ -486,6 +486,10 @@
51 static char *reqpt;
52 static char *reqend;
53
54+#ifndef MIN
55+#define MIN(a, b) (((a) <= (b)) ? (a) : (b))
56+#endif
57+
58 /*
59 * init_control - initialize request data
60 */
61@@ -995,6 +999,7 @@
62 )
63 {
64 int overhead;
65+ unsigned int currentlen;
66
67 overhead = 0;
68 if (!bin) {
69@@ -1018,12 +1023,22 @@
70 /*
71 * Save room for trailing junk
72 */
73- if (dlen + overhead + datapt > dataend) {
74+ while (dlen + overhead + datapt > dataend) {
75 /*
76 * Not enough room in this one, flush it out.
77 */
78+ currentlen = MIN(dlen, dataend - datapt);
79+
80+ memcpy(datapt, dp, currentlen);
81+
82+ datapt += currentlen;
83+ dp += currentlen;
84+ dlen -= currentlen;
85+ datalinelen += currentlen;
86+
87 ctl_flushpkt(CTL_MORE);
88 }
89+
90 memmove((char *)datapt, dp, (unsigned)dlen);
91 datapt += dlen;
92 datalinelen += dlen;
93@@ -2492,6 +2507,20 @@
94
95 /* Initialize the remote config buffer */
96 data_count = reqend - reqpt;
97+
98+ if (data_count > sizeof(remote_config.buffer) - 2) {
99+ snprintf(remote_config.err_msg,
100+ sizeof(remote_config.err_msg),
101+ "runtime configuration failed: request too long");
102+ ctl_putdata(remote_config.err_msg,
103+ strlen(remote_config.err_msg), 0);
104+ ctl_flushpkt(0);
105+ msyslog(LOG_NOTICE,
106+ "runtime config from %s rejected: request too long",
107+ stoa(&rbufp->recv_srcadr));
108+ return;
109+ }
110+
111 memcpy(remote_config.buffer, reqpt, data_count);
112 if (data_count > 0
113 && '\n' != remote_config.buffer[data_count - 1])
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9296.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9296.patch
new file mode 100644
index 000000000..a85f65d2a
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9296.patch
@@ -0,0 +1,21 @@
1CVE-2014-9296 ntp: receive() missing return on error
2
3Upstream-Status: Backport [Debian]
4
5Signed-off-by: Armin Kuster <akuster808@gmail.com>
6
72014-12-12 11:24:22+00:00, stenn@psp-fb1.ntp.org +1 -0
8 [Sec 2670] Missing return; from error clause
9
10Index: git/ntpd/ntp_proto.c
11===================================================================
12--- git.orig/ntpd/ntp_proto.c 2014-12-20 18:45:42.760821618 +0100
13+++ git/ntpd/ntp_proto.c 2014-12-20 18:46:00.153176945 +0100
14@@ -947,6 +947,7 @@
15 fast_xmit(rbufp, MODE_ACTIVE, 0,
16 restrict_mask);
17 sys_restricted++;
18+ return;
19 }
20 }
21
diff --git a/meta-networking/recipes-support/ntp/files/ntp-keygen_no_openssl.patch b/meta-networking/recipes-support/ntp/files/ntp-keygen_no_openssl.patch
new file mode 100644
index 000000000..f576e2ee8
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntp-keygen_no_openssl.patch
@@ -0,0 +1,108 @@
1Fix ntp-keygen build without OpenSSL
2
3Patch borrowed from Gentoo, originally from upstream
4Added --enable-libenvent to config since this version
5does not have local libevent support but we need the
6functions from the lib.
7
8Signed-off-by: Armin Kuster <akuster808@gmail.com>
9
10Upstream-Status: Backport
11
12Upstream commit:
13http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg
14Gentoo bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=533238
15
16Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
17
18Index: ntp-4.2.6p5/libntp/ntp_random.c
19===================================================================
20--- ntp-4.2.6p5.orig/libntp/ntp_random.c
21+++ ntp-4.2.6p5/libntp/ntp_random.c
22@@ -498,6 +498,21 @@ ntp_random( void )
23 int crypto_rand_init = 0;
24 #endif
25
26+#ifndef HAVE_ARC4RANDOM_BUF
27+static void
28+arc4random_buf(void *buf, size_t nbytes);
29+
30+void
31+evutil_secure_rng_get_bytes(void *buf, size_t nbytes);
32+
33+static void
34+arc4random_buf(void *buf, size_t nbytes)
35+{
36+ evutil_secure_rng_get_bytes(buf, nbytes);
37+ return;
38+}
39+#endif
40+
41 /*
42 * ntp_crypto_srandom:
43 *
44Index: ntp-4.2.6p5/util/Makefile.am
45===================================================================
46--- ntp-4.2.6p5.orig/util/Makefile.am
47+++ ntp-4.2.6p5/util/Makefile.am
48@@ -21,6 +21,7 @@ AM_CPPFLAGS= -I$(top_srcdir)/include -I$
49 LDADD= ../libntp/libntp.a
50 ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h
51 ntp_keygen_LDADD= version.o $(LIBOPTS_LDADD) ../libntp/libntp.a @LCRYPTO@
52+ntp_keygen_LDADD += $(LDADD_LIBEVENT)
53
54 ETAGS_ARGS= Makefile.am
55 #EXTRA_DIST= README TAGS
56Index: ntp-4.2.6p5/configure.ac
57===================================================================
58--- ntp-4.2.6p5.orig/configure.ac
59+++ ntp-4.2.6p5/configure.ac
60@@ -376,6 +376,8 @@ AC_CHECK_FUNC([openlog], ,
61 AC_SEARCH_LIBS([MD5Init], [md5 md])
62 AC_CHECK_FUNCS(MD5Init)
63
64+AC_CHECK_FUNC([arc4random_buf])
65+
66 NTP_LINEEDITLIBS
67
68 dnl Digital UNIX V4.0 and Solaris 7 have POSIX.1c functions in -lrt
69@@ -5205,6 +5207,39 @@ AC_MSG_RESULT([$ntp_use_dev_clockctl])
70
71 AC_CHECK_HEADERS([sys/capability.h sys/prctl.h])
72
73+AC_MSG_CHECKING([if we have libevent capabilities (libevent)])
74+
75+case "$ac_cv_header_event2_event-config_h" in
76+ yes)
77+ case "$host" in
78+ *) ntp_have_linuxcaps=yes
79+ ;;
80+ esac
81+ ;;
82+ *)
83+ ntp_have_linuxcaps=no
84+ ;;
85+esac
86+
87+AC_ARG_ENABLE(
88+ [libevent],
89+ [AS_HELP_STRING(
90+ [--enable-libevent],
91+ [+ Use libevent capabilities for arc4random]
92+ )],
93+ [ntp_have_libevent=$enableval]
94+)
95+
96+AC_MSG_RESULT([$ntp_have_libevent])
97+
98+case "$ntp_have_libevent" in
99+ yes)
100+ AC_DEFINE([HAVE_LIBEVENT], [1],
101+ [Do we have libevent capabilities?])
102+ LIBS="$LIBS -levent"
103+esac
104+
105+
106 AC_MSG_CHECKING([if we have linux capabilities (libcap)])
107
108 case "$ac_cv_header_sys_capability_h$ac_cv_header_sys_prctl_h" in
diff --git a/meta-networking/recipes-support/ntp/files/ntp.conf b/meta-networking/recipes-support/ntp/files/ntp.conf
new file mode 100644
index 000000000..676e18645
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntp.conf
@@ -0,0 +1,17 @@
1# This is the most basic ntp configuration file
2# The driftfile must remain in a place specific to this
3# machine - it records the machine specific clock error
4driftfile /var/lib/ntp/drift
5# This should be a server that is close (in IP terms)
6# to the machine. Add other servers as required.
7# Unless you un-comment the line below ntpd will sync
8# only against the local system clock.
9#
10# server time.server.example.com
11#
12# Using local hardware clock as fallback
13# Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself
14server 127.127.1.0
15fudge 127.127.1.0 stratum 14
16# Defining a default security setting
17restrict default
diff --git a/meta-networking/recipes-support/ntp/files/ntpd b/meta-networking/recipes-support/ntp/files/ntpd
new file mode 100755
index 000000000..d1b9c4907
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntpd
@@ -0,0 +1,84 @@
1#! /bin/sh
2
3### BEGIN INIT INFO
4# Provides: ntp
5# Required-Start: $network $remote_fs $syslog
6# Required-Stop: $network $remote_fs $syslog
7# Default-Start: 2 3 4 5
8# Default-Stop:
9# Short-Description: Start NTP daemon
10### END INIT INFO
11
12PATH=/sbin:/bin:/usr/bin:/usr/sbin
13
14DAEMON=/usr/sbin/ntpd
15PIDFILE=/var/run/ntpd.pid
16
17# ntpd init.d script for ntpdc from ntp.isc.org
18test -x $DAEMON -a -r /etc/ntp.conf || exit 0
19
20# rcS contains TICKADJ
21test -r /etc/default/rcS && . /etc/default/rcS
22
23# Source function library.
24. /etc/init.d/functions
25
26# Functions to do individual actions
27settick(){
28 # If TICKADJ is set we *must* adjust it before we start, because the
29 # driftfile relies on the correct setting
30 test -n "$TICKADJ" -a -x /usr/sbin/tickadj && {
31 echo -n "Setting tick to $TICKADJ: "
32 /usr/sbin/tickadj "$TICKADJ"
33 echo "done"
34 }
35}
36startdaemon(){
37 # The -g option allows ntpd to step the time to correct it just
38 # once. The daemon will exit if the clock drifts too much after
39 # this. If ntpd seems to disappear after a while assume TICKADJ
40 # above is set to a totally incorrect value.
41 echo -n "Starting ntpd: "
42 start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -u ntp:ntp -p $PIDFILE "$@"
43 echo "done"
44}
45stopdaemon(){
46 echo -n "Stopping ntpd: "
47 start-stop-daemon --stop --quiet --oknodo -p $PIDFILE
48 echo "done"
49}
50
51case "$1" in
52 start)
53 settick
54 startdaemon -g
55 ;;
56 stop)
57 stopdaemon
58 ;;
59 force-reload)
60 stopdaemon
61 settick
62 startdaemon -g
63 ;;
64 restart)
65 # Don't reset the tick here
66 stopdaemon
67 startdaemon -g
68 ;;
69 reload)
70 # Must do this by hand, but don't do -g
71 stopdaemon
72 startdaemon
73 ;;
74 status)
75 status /usr/sbin/ntpd;
76 exit $?
77 ;;
78 *)
79 echo "Usage: ntpd { start | stop | status | restart | reload }" >&2
80 exit 1
81 ;;
82esac
83
84exit 0
diff --git a/meta-networking/recipes-support/ntp/files/ntpdate b/meta-networking/recipes-support/ntp/files/ntpdate
new file mode 100755
index 000000000..17b64d133
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntpdate
@@ -0,0 +1,54 @@
1#!/bin/sh
2
3PATH=/sbin:/bin:/usr/bin:/usr/sbin
4
5test -x /usr/sbin/ntpdate || exit 0
6
7if test -f /etc/default/ntpdate ; then
8. /etc/default/ntpdate
9fi
10
11if [ "$NTPSERVERS" = "" ] ; then
12 if [ "$METHOD" = "" -a "$1" != "silent" ] ; then
13 echo "Please set NTPSERVERS in /etc/default/ntpdate"
14 exit 1
15 else
16 exit 0
17 fi
18fi
19
20# This is a heuristic: The idea is that if a static interface is brought
21# up, that is a major event, and we can put in some extra effort to fix
22# the system time. Feel free to change this, especially if you regularly
23# bring up new network interfaces.
24if [ "$METHOD" = static ]; then
25 OPTS="-b"
26fi
27
28if [ "$METHOD" = loopback ]; then
29 exit 0
30fi
31
32(
33
34LOCKFILE=/var/lock/ntpdate
35
36# Avoid running more than one at a time
37if [ -x /usr/bin/lockfile-create ]; then
38 lockfile-create $LOCKFILE
39 lockfile-touch $LOCKFILE &
40 LOCKTOUCHPID="$!"
41fi
42
43if /usr/sbin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then
44 if [ "$UPDATE_HWCLOCK" = "yes" ]; then
45 hwclock --systohc || :
46 fi
47fi
48
49if [ -x /usr/bin/lockfile-create ] ; then
50 kill $LOCKTOUCHPID
51 lockfile-remove $LOCKFILE
52fi
53
54) &
diff --git a/meta-networking/recipes-support/ntp/files/ntpdate.default b/meta-networking/recipes-support/ntp/files/ntpdate.default
new file mode 100644
index 000000000..486b6e07d
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/ntpdate.default
@@ -0,0 +1,7 @@
1# Configuration script used by ntpdate-sync script
2
3NTPSERVERS=""
4
5# Set to "yes" to write time to hardware clock on success
6UPDATE_HWCLOCK="no"
7
diff --git a/meta-networking/recipes-support/ntp/files/openssl-check.patch b/meta-networking/recipes-support/ntp/files/openssl-check.patch
new file mode 100644
index 000000000..8b4a6733c
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/openssl-check.patch
@@ -0,0 +1,59 @@
1Hack OpenSSL check to work when libssl and libcrypto aren't in same dir
2
3Upstream-Status: Inappropriate [config]
4
5Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
6---
7 configure | 4 ++--
8 m4/ntp_openssl.m4 | 4 ++--
9 sntp/configure | 4 ++--
10 3 files changed, 6 insertions(+), 6 deletions(-)
11
12diff --git a/configure b/configure
13index aae2c01..6a3c15e 100755
14--- a/configure
15+++ b/configure
16@@ -22868,8 +22868,8 @@ case "$ans" in
17 test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break
18 ;;
19 *)
20- test -f $i/libcrypto.so -a -f $i/libssl.so && break
21- test -f $i/libcrypto.a -a -f $i/libssl.a && break
22+ test -f $i/libssl.so && break
23+ test -f $i/libssl.a && break
24 ;;
25 esac
26 done
27diff --git a/m4/ntp_openssl.m4 b/m4/ntp_openssl.m4
28index 7d9f477..67bdd55 100644
29--- a/m4/ntp_openssl.m4
30+++ b/m4/ntp_openssl.m4
31@@ -41,8 +41,8 @@ case "$ans" in
32 test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break
33 ;;
34 *)
35- test -f $i/libcrypto.so -a -f $i/libssl.so && break
36- test -f $i/libcrypto.a -a -f $i/libssl.a && break
37+ test -f $i/libssl.so && break
38+ test -f $i/libssl.a && break
39 ;;
40 esac
41 done
42diff --git a/sntp/configure b/sntp/configure
43index 7782c29..55e82d9 100755
44--- a/sntp/configure
45+++ b/sntp/configure
46@@ -14810,8 +14810,8 @@ case "$ans" in
47 test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break
48 ;;
49 *)
50- test -f $i/libcrypto.so -a -f $i/libssl.so && break
51- test -f $i/libcrypto.a -a -f $i/libssl.a && break
52+ test -f $i/libssl.so && break
53+ test -f $i/libssl.a && break
54 ;;
55 esac
56 done
57--
581.7.1
59
diff --git a/meta-networking/recipes-support/ntp/files/tickadj.c.patch b/meta-networking/recipes-support/ntp/files/tickadj.c.patch
new file mode 100644
index 000000000..9ef9de9e1
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/files/tickadj.c.patch
@@ -0,0 +1,32 @@
1Index: ntp-4.2.2p3-r0/ntp-4.2.2p3/util/tickadj.c
2===================================================================
3--- ntp-4.2.2p3/util/tickadj.c 2004-02-25 06:58:33.000000000 +0100
4+++ ntp-4.2.2p3/util/tickadj.c 2007-07-07 01:00:54.000000000 +0200
5@@ -21,7 +21,8 @@
6 # include <unistd.h>
7 #endif /* HAVE_UNISTD_H */
8
9-#ifdef HAVE___ADJTIMEX /* Linux */
10+/* proper handling here has been moved to upstream ntp bugzilla */
11+#ifdef linux
12
13 #include <sys/timex.h>
14 struct timex txc;
15@@ -91,7 +92,7 @@
16 }
17
18 if (!errflg) {
19- if (__adjtimex(&txc) < 0)
20+ if (adjtimex(&txc) < 0)
21 perror("adjtimex");
22 else if (!quiet)
23 printf("tick = %ld\ntick_adj = %d\n",
24@@ -146,7 +147,7 @@
25 #endif
26 }
27
28- if (__adjtimex(&txc) < 0)
29+ if (adjtimex(&txc) < 0)
30 {
31 perror("adjtimex");
32 }
diff --git a/meta-networking/recipes-support/ntp/ntp.inc b/meta-networking/recipes-support/ntp/ntp.inc
new file mode 100644
index 000000000..ab7bd9c53
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp.inc
@@ -0,0 +1,158 @@
1SUMMARY = "Network Time Protocol daemon and utilities"
2DESCRIPTION = "The Network Time Protocol (NTP) is used to \
3synchronize the time of a computer client or server to \
4another server or reference time source, such as a radio \
5or satellite receiver or modem."
6HOMEPAGE = "http://support.ntp.org"
7SECTION = "console/network"
8LICENSE = "NTP"
9LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=fea4b50c33b18c2194b4b1c9ca512670"
10
11DEPENDS = "pps-tools"
12
13INC_PR = "r6"
14
15SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \
16 file://tickadj.c.patch \
17 file://ntp-4.2.4_p6-nano.patch \
18 file://openssl-check.patch \
19 file://ntpd \
20 file://ntp.conf \
21 file://ntpdate \
22 file://ntpdate.default \
23 file://ntpdate.service \
24 file://ntpd.service \
25 file://sntp.service \
26 file://sntp \
27 file://ntpd.list \
28 file://CVE-2013-5211.patch \
29 file://ntp-4.2.6p5-cve-2014-9293.patch \
30 file://ntp-4.2.6p5-cve-2014-9294.patch \
31 file://ntp-4.2.6p5-cve-2014-9295.patch \
32 file://ntp-4.2.6p5-cve-2014-9296.patch \
33 file://ntp-keygen_no_openssl.patch \
34"
35
36inherit autotools update-rc.d useradd systemd
37
38# The ac_cv_header_readline_history is to stop ntpdc depending on either
39# readline or curses
40EXTRA_OECONF += "--with-net-snmp-config=no \
41 --without-ntpsnmpd \
42 ac_cv_header_readline_history_h=no \
43 --with-binsubdir=sbin"
44
45CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED"
46
47USERADD_PACKAGES = "${PN}"
48NTP_USER_HOME ?= "/var/lib/ntp"
49USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \
50 --no-create-home \
51 --shell /bin/false --user-group ntp"
52
53# NB: debug is default-enabled by NTP; keep it default-enabled here.
54PACKAGECONFIG ??= "event cap debug"
55PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \
56 --with-openssl-incdir=${STAGING_INCDIR} \
57 --with-crypto, \
58 --without-openssl --without-crypto, \
59 openssl"
60PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap"
61PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline"
62PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging"
63PACKAGECONFIG[event] = "--enable-libevent,--disable-libevent, libevent"
64
65do_install_append() {
66 install -d ${D}${sysconfdir}/init.d
67 install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir}
68 install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d
69 install -d ${D}${bindir}
70 install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync
71
72 install -m 755 -d ${D}${NTP_USER_HOME}
73 chown ntp:ntp ${D}${NTP_USER_HOME}
74
75 # Fix hardcoded paths in scripts
76 sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
77 sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
78 sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
79 sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync
80 sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync
81 sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace
82 sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace
83 sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait
84 sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait
85
86 install -d ${D}/${sysconfdir}/default
87 install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate
88 install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/
89
90 install -d ${D}/${sysconfdir}/network/if-up.d
91 ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d
92
93 install -d ${D}${systemd_unitdir}/system
94 install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/
95 install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/
96 install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/
97
98 install -d ${D}${systemd_unitdir}/ntp-units.d
99 install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list
100}
101
102PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils"
103# NOTE: you don't need ntpdate, use "ntpd -q -g -x"
104
105# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms
106# with wonky clocks (e.g. OpenSlug)
107RDEPENDS_${PN} = "${PN}-tickadj libbsd"
108# Handle move from bin to utils package
109RPROVIDES_${PN}-utils = "${PN}-bin"
110RREPLACES_${PN}-utils = "${PN}-bin"
111RCONFLICTS_${PN}-utils = "${PN}-bin"
112
113SYSTEMD_PACKAGES = "${PN} ntpdate sntp"
114SYSTEMD_SERVICE_${PN} = "ntpd.service"
115SYSTEMD_SERVICE_ntpdate = "ntpdate.service"
116SYSTEMD_SERVICE_sntp = "sntp.service"
117
118RPROVIDES_${PN} += "${PN}-systemd"
119RREPLACES_${PN} += "${PN}-systemd"
120RCONFLICTS_${PN} += "${PN}-systemd"
121
122RPROVIDES_ntpdate += "ntpdate-systemd"
123RREPLACES_ntpdate += "ntpdate-systemd"
124RCONFLICTS_ntpdate += "ntpdate-systemd"
125
126RSUGGESTS_${PN} = "iana-etc"
127
128FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \
129 ${NTP_USER_HOME} \
130 ${systemd_unitdir}/ntp-units.d/60-ntpd.list \
131"
132FILES_${PN}-tickadj = "${sbindir}/tickadj"
133FILES_${PN}-utils = "${sbindir}"
134FILES_ntpdate = "${sbindir}/ntpdate \
135 ${sysconfdir}/network/if-up.d/ntpdate-sync \
136 ${bindir}/ntpdate-sync \
137 ${sysconfdir}/default/ntpdate \
138 ${systemd_unitdir}/system/ntpdate.service \
139"
140FILES_sntp = "${sbindir}/sntp \
141 ${sysconfdir}/default/sntp \
142 "
143
144CONFFILES_${PN} = "${sysconfdir}/ntp.conf"
145CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate"
146
147INITSCRIPT_NAME = "ntpd"
148# No dependencies, so just go in at the standard level (20)
149INITSCRIPT_PARAMS = "defaults"
150
151pkg_postinst_ntpdate() {
152 if ! grep -q -s ntpdate $D/var/spool/cron/root; then
153 echo "adding crontab"
154 test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron
155 echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root
156 fi
157}
158
diff --git a/meta-networking/recipes-support/ntp/ntp/ntpd.list b/meta-networking/recipes-support/ntp/ntp/ntpd.list
new file mode 100644
index 000000000..d1fe6b7e2
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp/ntpd.list
@@ -0,0 +1 @@
ntpd.service
diff --git a/meta-networking/recipes-support/ntp/ntp/ntpd.service b/meta-networking/recipes-support/ntp/ntp/ntpd.service
new file mode 100644
index 000000000..b7c426864
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp/ntpd.service
@@ -0,0 +1,11 @@
1[Unit]
2Description=Network Time Service
3After=network.target
4
5[Service]
6Type=forking
7PIDFile=/run/ntpd.pid
8ExecStart=/usr/sbin/ntpd -p /run/ntpd.pid -g
9
10[Install]
11WantedBy=multi-user.target
diff --git a/meta-networking/recipes-support/ntp/ntp/ntpdate.service b/meta-networking/recipes-support/ntp/ntp/ntpdate.service
new file mode 100644
index 000000000..10cbd70f9
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp/ntpdate.service
@@ -0,0 +1,11 @@
1[Unit]
2Description=Network Time Service (one-shot ntpdate mode)
3Before=ntpd.service
4
5[Service]
6Type=oneshot
7ExecStart=/usr/bin/ntpdate-sync silent
8RemainAfterExit=yes
9
10[Install]
11WantedBy=multi-user.target
diff --git a/meta-networking/recipes-support/ntp/ntp/sntp b/meta-networking/recipes-support/ntp/ntp/sntp
new file mode 100644
index 000000000..f8c5895b7
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp/sntp
@@ -0,0 +1 @@
NTPSERVER="ntpserver.example.org"
diff --git a/meta-networking/recipes-support/ntp/ntp/sntp.service b/meta-networking/recipes-support/ntp/ntp/sntp.service
new file mode 100644
index 000000000..4898b8a70
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp/sntp.service
@@ -0,0 +1,11 @@
1[Unit]
2Description=Simple Network Time Service Client
3After=network.target
4
5[Service]
6Type=oneshot
7EnvironmentFile=-/etc/default/sntp
8ExecStart=/usr/sbin/sntp -s $NTPSERVER
9
10[Install]
11WantedBy=multi-user.target
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb b/meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb
new file mode 100644
index 000000000..588a1b03c
--- /dev/null
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb
@@ -0,0 +1,6 @@
1require ntp.inc
2
3PR = "${INC_PR}.0"
4
5SRC_URI[md5sum] = "00df80a84ec9528fcfb09498075525bc"
6SRC_URI[sha256sum] = "d6ab8371f9d31e594eb6922823d5ccd03dcc4e9d84b0e23ea25ac1405432f91c"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-07 23:00:54 +0000