Update ntp to 4.2.8p10.

CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455, CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464 Adapt OpenSSL #ifdef for LibreSSL. Fix regression tests, prevent them from crashing. OK deraadt@
2017-03-27 11:33:40 +00:00 · 2017-03-27 11:33:40 +00:00 · f36e4f7d4d
commit f36e4f7d4d
parent e5c02553bd
10 changed files with 112 additions and 16 deletions
--- a/net/ntp/Makefile
+++ b/net/ntp/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.71 2016/12/14 20:05:37 naddy Exp $
+# $OpenBSD: Makefile,v 1.72 2017/03/27 11:33:40 bluhm Exp $

 COMMENT=	Network Time Protocol reference implementation

@ -6,7 +6,7 @@ COMMENT=	Network Time Protocol reference implementation
 # to confuse with the ports system's 'pN' convention, so convert it to
 # 'pl' for local use.

-VERSION=	4.2.8p9
+VERSION=	4.2.8p10
 DISTNAME=	ntp-${VERSION}
 PKGNAME=	ntp-${VERSION:S/p/pl/}
 CATEGORIES=	net
@ -43,8 +43,11 @@ post-extract:
 	@touch ${WRKDIR}/timestamp
 	@find ${WRKSRC} -type f -print0 | xargs -0 touch -r ${WRKDIR}/timestamp

+# patch-sntp_tests_packetProcessing_c triggers a ruby script to regenerate
+# run-packetProcessing.c.  Avoid ruby, run file does not change anyway.
 post-patch:
 	cp ${WRKSRC}/sntp/loc/freebsd ${WRKSRC}/sntp/loc/openbsd
+	touch ${WRKSRC}/sntp/tests/run-packetProcessing.c

 post-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ntp
--- a/net/ntp/distinfo
+++ b/net/ntp/distinfo
@ -1,2 +1,2 @@
-SHA256 (ntp-4.2.8p9.tar.gz) = tyQod3jhusYltEcyfJhR7t7wIFF6NUViXp9lKpDzC3I=
-SIZE (ntp-4.2.8p9.tar.gz) = 7231884
+SHA256 (ntp-4.2.8p10.tar.gz) = 3dI2bmQhm576D3Q44GgA0Ns5SsXIjhPBe3DQ3N+ZuZ8=
+SIZE (ntp-4.2.8p10.tar.gz) = 6998648
--- a/net/ntp/patches/patch-include_libssl_compat_h
+++ b/net/ntp/patches/patch-include_libssl_compat_h
@ -1,8 +1,8 @@
-$OpenBSD: patch-include_libssl_compat_h,v 1.1 2016/12/14 20:05:37 naddy Exp $
--- include/libssl_compat.h.orig	Mon Nov 21 13:28:40 2016
-+++ include/libssl_compat.h	Wed Dec 14 00:01:48 2016
-@@ -25,7 +25,7 @@
- #include "openssl/rsa.h"
+$OpenBSD: patch-include_libssl_compat_h,v 1.2 2017/03/27 11:33:40 bluhm Exp $
+--- include/libssl_compat.h.orig	Thu Mar 23 19:36:53 2017
+++ include/libssl_compat.h	Thu Mar 23 19:58:13 2017
+@@ -37,7 +37,7 @@
+ #endif
 
 /* ----------------------------------------------------------------- */
 -#if OPENSSL_VERSION_NUMBER < 0x10100000L
--- a/net/ntp/patches/patch-include_ssl_applink_c
+++ b/net/ntp/patches/patch-include_ssl_applink_c
@ -0,0 +1,21 @@
+$OpenBSD: patch-include_ssl_applink_c,v 1.1 2017/03/27 11:33:40 bluhm Exp $
+--- include/ssl_applink.c.orig	Thu Mar 23 21:54:28 2017
+++ include/ssl_applink.c	Thu Mar 23 21:55:47 2017
+@@ -14,7 +14,7 @@
+ #   include "msvc_ssl_autolib.h"
+ #  endif
+ # endif
+-# if OPENSSL_VERSION_NUMBER < 0x10100000L
+# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #  include <openssl/applink.c>
+ # endif
+ # ifdef _MSC_VER
+@@ -41,7 +41,7 @@ void ssl_applink(void);
+ void
+ ssl_applink(void)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && ! defined(LIBRESSL_VERSION_NUMBER)
+ #   ifdef WRAP_DBG_MALLOC
+ 	CRYPTO_set_mem_functions(wrap_dbg_malloc, wrap_dbg_realloc, wrap_dbg_free_ex);
+ #   else
--- a/net/ntp/patches/patch-libntp_libssl_compat_c
+++ b/net/ntp/patches/patch-libntp_libssl_compat_c
@ -1,12 +1,12 @@
-$OpenBSD: patch-libntp_libssl_compat_c,v 1.1 2016/12/14 20:05:37 naddy Exp $
--- libntp/libssl_compat.c.orig	Mon Nov 21 13:28:40 2016
-+++ libntp/libssl_compat.c	Wed Dec 14 00:02:37 2016
-@@ -23,7 +23,7 @@
- #include "ntp_types.h"
+$OpenBSD: patch-libntp_libssl_compat_c,v 1.2 2017/03/27 11:33:40 bluhm Exp $
+--- libntp/libssl_compat.c.orig	Thu Mar 23 19:36:53 2017
+++ libntp/libssl_compat.c	Thu Mar 23 21:47:42 2017
+@@ -26,7 +26,7 @@
+ /* ----------------------------------------------------------------- */
 
 /* ----------------------------------------------------------------- */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+-#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 /* ----------------------------------------------------------------- */
 
 #include "libssl_compat.h"
--- a/net/ntp/patches/patch-libntp_ssl_init_c
+++ b/net/ntp/patches/patch-libntp_ssl_init_c
@ -0,0 +1,12 @@
+$OpenBSD: patch-libntp_ssl_init_c,v 1.3 2017/03/27 11:33:40 bluhm Exp $
+--- libntp/ssl_init.c.orig	Thu Mar 23 21:54:28 2017
+++ libntp/ssl_init.c	Thu Mar 23 21:56:59 2017
+@@ -21,7 +21,7 @@
+ 
+ int ssl_init_done;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ static void
+ atexit_ssl_cleanup(void)
--- a/net/ntp/patches/patch-ports_winnt_include_msvc_ssl_autolib_h
+++ b/net/ntp/patches/patch-ports_winnt_include_msvc_ssl_autolib_h
@ -0,0 +1,12 @@
+$OpenBSD: patch-ports_winnt_include_msvc_ssl_autolib_h,v 1.1 2017/03/27 11:33:40 bluhm Exp $
+--- ports/winnt/include/msvc_ssl_autolib.h.orig	Thu Mar 23 22:03:03 2017
+++ ports/winnt/include/msvc_ssl_autolib.h	Thu Mar 23 22:17:23 2017
+@@ -85,7 +85,7 @@
+  * request in the object file, depending on the SSL version and the
+  * build variant.
+  */
+-# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L && ! defined(LIBRESSL_VERSION_NUMBER)
+ #  pragma comment(lib, "libcrypto" LTAG_SIZE LTAG_RTLIB LTAG_DEBUG ".lib")
+ # else
+ #  pragma comment(lib, "libeay32" LTAG_RTLIB LTAG_DEBUG ".lib")
--- a/net/ntp/patches/patch-sntp_libevent_test_regress_ssl_c
+++ b/net/ntp/patches/patch-sntp_libevent_test_regress_ssl_c
@ -0,0 +1,21 @@
+$OpenBSD: patch-sntp_libevent_test_regress_ssl_c,v 1.1 2017/03/27 11:33:40 bluhm Exp $
+--- sntp/libevent/test/regress_ssl.c.orig	Thu Mar 23 21:54:28 2017
+++ sntp/libevent/test/regress_ssl.c	Thu Mar 23 21:59:01 2017
+@@ -61,7 +61,7 @@
+ 
+ #include <string.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define OpenSSL_version_num SSLeay
+ #endif /* OPENSSL_VERSION_NUMBER */
+ 
+@@ -130,7 +130,7 @@ getcert(void)
+ 	X509_set_subject_name(x509, name);
+ 	X509_set_issuer_name(x509, name);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	X509_time_adj(X509_get_notBefore(x509), 0, &now);
+ 	now += 3600;
+ 	X509_time_adj(X509_get_notAfter(x509), 0, &now);
--- a/net/ntp/patches/patch-sntp_tests_packetProcessing_c
+++ b/net/ntp/patches/patch-sntp_tests_packetProcessing_c
@ -0,0 +1,15 @@
+$OpenBSD: patch-sntp_tests_packetProcessing_c,v 1.1 2017/03/27 11:33:40 bluhm Exp $
+
+https://bugs.ntp.org/show_bug.cgi?id=3398
+
+--- sntp/tests/packetProcessing.c.orig	Thu Mar 23 22:30:58 2017
+++ sntp/tests/packetProcessing.c	Thu Mar 23 22:42:11 2017
+@@ -76,7 +76,7 @@ PrepareAuthenticationTest(
+ 	key_ptr->next = NULL;
+ 	key_ptr->key_id = key_id;
+ 	key_ptr->key_len = key_len;
+-	memcpy(key_ptr->type, "MD5", 3);
+	strlcpy(key_ptr->type, "MD5", sizeof(key_ptr->type));
+ 
+ 	TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq));
+ 
--- a/net/ntp/patches/patch-util_ntp-keygen_c
+++ b/net/ntp/patches/patch-util_ntp-keygen_c
@ -0,0 +1,12 @@
+$OpenBSD: patch-util_ntp-keygen_c,v 1.1 2017/03/27 11:33:40 bluhm Exp $
+--- util/ntp-keygen.c.orig	Thu Mar 23 21:54:28 2017
+++ util/ntp-keygen.c	Thu Mar 23 21:59:33 2017
+@@ -474,7 +474,7 @@ main(
+ 	/*
+ 	 * Seed random number generator and grow weeds.
+ 	 */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_algorithms();
+ #endif /* OPENSSL_VERSION_NUMBER */