Update ntp to 4.2.8p10.
CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464 Adapt OpenSSL #ifdef for LibreSSL. Fix regression tests, prevent them from crashing. OK deraadt@
This commit is contained in:
parent
e5c02553bd
commit
f36e4f7d4d
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: Makefile,v 1.71 2016/12/14 20:05:37 naddy Exp $
|
||||
# $OpenBSD: Makefile,v 1.72 2017/03/27 11:33:40 bluhm Exp $
|
||||
|
||||
COMMENT= Network Time Protocol reference implementation
|
||||
|
||||
@ -6,7 +6,7 @@ COMMENT= Network Time Protocol reference implementation
|
||||
# to confuse with the ports system's 'pN' convention, so convert it to
|
||||
# 'pl' for local use.
|
||||
|
||||
VERSION= 4.2.8p9
|
||||
VERSION= 4.2.8p10
|
||||
DISTNAME= ntp-${VERSION}
|
||||
PKGNAME= ntp-${VERSION:S/p/pl/}
|
||||
CATEGORIES= net
|
||||
@ -43,8 +43,11 @@ post-extract:
|
||||
@touch ${WRKDIR}/timestamp
|
||||
@find ${WRKSRC} -type f -print0 | xargs -0 touch -r ${WRKDIR}/timestamp
|
||||
|
||||
# patch-sntp_tests_packetProcessing_c triggers a ruby script to regenerate
|
||||
# run-packetProcessing.c. Avoid ruby, run file does not change anyway.
|
||||
post-patch:
|
||||
cp ${WRKSRC}/sntp/loc/freebsd ${WRKSRC}/sntp/loc/openbsd
|
||||
touch ${WRKSRC}/sntp/tests/run-packetProcessing.c
|
||||
|
||||
post-install:
|
||||
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ntp
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (ntp-4.2.8p9.tar.gz) = tyQod3jhusYltEcyfJhR7t7wIFF6NUViXp9lKpDzC3I=
|
||||
SIZE (ntp-4.2.8p9.tar.gz) = 7231884
|
||||
SHA256 (ntp-4.2.8p10.tar.gz) = 3dI2bmQhm576D3Q44GgA0Ns5SsXIjhPBe3DQ3N+ZuZ8=
|
||||
SIZE (ntp-4.2.8p10.tar.gz) = 6998648
|
||||
|
@ -1,8 +1,8 @@
|
||||
$OpenBSD: patch-include_libssl_compat_h,v 1.1 2016/12/14 20:05:37 naddy Exp $
|
||||
--- include/libssl_compat.h.orig Mon Nov 21 13:28:40 2016
|
||||
+++ include/libssl_compat.h Wed Dec 14 00:01:48 2016
|
||||
@@ -25,7 +25,7 @@
|
||||
#include "openssl/rsa.h"
|
||||
$OpenBSD: patch-include_libssl_compat_h,v 1.2 2017/03/27 11:33:40 bluhm Exp $
|
||||
--- include/libssl_compat.h.orig Thu Mar 23 19:36:53 2017
|
||||
+++ include/libssl_compat.h Thu Mar 23 19:58:13 2017
|
||||
@@ -37,7 +37,7 @@
|
||||
#endif
|
||||
|
||||
/* ----------------------------------------------------------------- */
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
|
21
net/ntp/patches/patch-include_ssl_applink_c
Normal file
21
net/ntp/patches/patch-include_ssl_applink_c
Normal file
@ -0,0 +1,21 @@
|
||||
$OpenBSD: patch-include_ssl_applink_c,v 1.1 2017/03/27 11:33:40 bluhm Exp $
|
||||
--- include/ssl_applink.c.orig Thu Mar 23 21:54:28 2017
|
||||
+++ include/ssl_applink.c Thu Mar 23 21:55:47 2017
|
||||
@@ -14,7 +14,7 @@
|
||||
# include "msvc_ssl_autolib.h"
|
||||
# endif
|
||||
# endif
|
||||
-# if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
# include <openssl/applink.c>
|
||||
# endif
|
||||
# ifdef _MSC_VER
|
||||
@@ -41,7 +41,7 @@ void ssl_applink(void);
|
||||
void
|
||||
ssl_applink(void)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && ! defined(LIBRESSL_VERSION_NUMBER)
|
||||
# ifdef WRAP_DBG_MALLOC
|
||||
CRYPTO_set_mem_functions(wrap_dbg_malloc, wrap_dbg_realloc, wrap_dbg_free_ex);
|
||||
# else
|
@ -1,12 +1,12 @@
|
||||
$OpenBSD: patch-libntp_libssl_compat_c,v 1.1 2016/12/14 20:05:37 naddy Exp $
|
||||
--- libntp/libssl_compat.c.orig Mon Nov 21 13:28:40 2016
|
||||
+++ libntp/libssl_compat.c Wed Dec 14 00:02:37 2016
|
||||
@@ -23,7 +23,7 @@
|
||||
#include "ntp_types.h"
|
||||
$OpenBSD: patch-libntp_libssl_compat_c,v 1.2 2017/03/27 11:33:40 bluhm Exp $
|
||||
--- libntp/libssl_compat.c.orig Thu Mar 23 19:36:53 2017
|
||||
+++ libntp/libssl_compat.c Thu Mar 23 21:47:42 2017
|
||||
@@ -26,7 +26,7 @@
|
||||
/* ----------------------------------------------------------------- */
|
||||
|
||||
/* ----------------------------------------------------------------- */
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
-#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
/* ----------------------------------------------------------------- */
|
||||
|
||||
#include "libssl_compat.h"
|
||||
|
12
net/ntp/patches/patch-libntp_ssl_init_c
Normal file
12
net/ntp/patches/patch-libntp_ssl_init_c
Normal file
@ -0,0 +1,12 @@
|
||||
$OpenBSD: patch-libntp_ssl_init_c,v 1.3 2017/03/27 11:33:40 bluhm Exp $
|
||||
--- libntp/ssl_init.c.orig Thu Mar 23 21:54:28 2017
|
||||
+++ libntp/ssl_init.c Thu Mar 23 21:56:59 2017
|
||||
@@ -21,7 +21,7 @@
|
||||
|
||||
int ssl_init_done;
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
static void
|
||||
atexit_ssl_cleanup(void)
|
12
net/ntp/patches/patch-ports_winnt_include_msvc_ssl_autolib_h
Normal file
12
net/ntp/patches/patch-ports_winnt_include_msvc_ssl_autolib_h
Normal file
@ -0,0 +1,12 @@
|
||||
$OpenBSD: patch-ports_winnt_include_msvc_ssl_autolib_h,v 1.1 2017/03/27 11:33:40 bluhm Exp $
|
||||
--- ports/winnt/include/msvc_ssl_autolib.h.orig Thu Mar 23 22:03:03 2017
|
||||
+++ ports/winnt/include/msvc_ssl_autolib.h Thu Mar 23 22:17:23 2017
|
||||
@@ -85,7 +85,7 @@
|
||||
* request in the object file, depending on the SSL version and the
|
||||
* build variant.
|
||||
*/
|
||||
-# if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L && ! defined(LIBRESSL_VERSION_NUMBER)
|
||||
# pragma comment(lib, "libcrypto" LTAG_SIZE LTAG_RTLIB LTAG_DEBUG ".lib")
|
||||
# else
|
||||
# pragma comment(lib, "libeay32" LTAG_RTLIB LTAG_DEBUG ".lib")
|
21
net/ntp/patches/patch-sntp_libevent_test_regress_ssl_c
Normal file
21
net/ntp/patches/patch-sntp_libevent_test_regress_ssl_c
Normal file
@ -0,0 +1,21 @@
|
||||
$OpenBSD: patch-sntp_libevent_test_regress_ssl_c,v 1.1 2017/03/27 11:33:40 bluhm Exp $
|
||||
--- sntp/libevent/test/regress_ssl.c.orig Thu Mar 23 21:54:28 2017
|
||||
+++ sntp/libevent/test/regress_ssl.c Thu Mar 23 21:59:01 2017
|
||||
@@ -61,7 +61,7 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define OpenSSL_version_num SSLeay
|
||||
#endif /* OPENSSL_VERSION_NUMBER */
|
||||
|
||||
@@ -130,7 +130,7 @@ getcert(void)
|
||||
X509_set_subject_name(x509, name);
|
||||
X509_set_issuer_name(x509, name);
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
X509_time_adj(X509_get_notBefore(x509), 0, &now);
|
||||
now += 3600;
|
||||
X509_time_adj(X509_get_notAfter(x509), 0, &now);
|
15
net/ntp/patches/patch-sntp_tests_packetProcessing_c
Normal file
15
net/ntp/patches/patch-sntp_tests_packetProcessing_c
Normal file
@ -0,0 +1,15 @@
|
||||
$OpenBSD: patch-sntp_tests_packetProcessing_c,v 1.1 2017/03/27 11:33:40 bluhm Exp $
|
||||
|
||||
https://bugs.ntp.org/show_bug.cgi?id=3398
|
||||
|
||||
--- sntp/tests/packetProcessing.c.orig Thu Mar 23 22:30:58 2017
|
||||
+++ sntp/tests/packetProcessing.c Thu Mar 23 22:42:11 2017
|
||||
@@ -76,7 +76,7 @@ PrepareAuthenticationTest(
|
||||
key_ptr->next = NULL;
|
||||
key_ptr->key_id = key_id;
|
||||
key_ptr->key_len = key_len;
|
||||
- memcpy(key_ptr->type, "MD5", 3);
|
||||
+ strlcpy(key_ptr->type, "MD5", sizeof(key_ptr->type));
|
||||
|
||||
TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq));
|
||||
|
12
net/ntp/patches/patch-util_ntp-keygen_c
Normal file
12
net/ntp/patches/patch-util_ntp-keygen_c
Normal file
@ -0,0 +1,12 @@
|
||||
$OpenBSD: patch-util_ntp-keygen_c,v 1.1 2017/03/27 11:33:40 bluhm Exp $
|
||||
--- util/ntp-keygen.c.orig Thu Mar 23 21:54:28 2017
|
||||
+++ util/ntp-keygen.c Thu Mar 23 21:59:33 2017
|
||||
@@ -474,7 +474,7 @@ main(
|
||||
/*
|
||||
* Seed random number generator and grow weeds.
|
||||
*/
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
ERR_load_crypto_strings();
|
||||
OpenSSL_add_all_algorithms();
|
||||
#endif /* OPENSSL_VERSION_NUMBER */
|
Loading…
Reference in New Issue
Block a user