Hi,
Update ntp to 4.2.8p10. This fixes:
CVE-2016-9042, CVE-2017-6451, CVE-2017-6452, CVE-2017-6455,
CVE-2017-6458, CVE-2017-6459, CVE-2017-6460, CVE-2017-6462,
CVE-2017-6463, CVE-2017-6464
They introduced a bunch of #ifdef OPENSSL_VERSION_NUMBER < 0x10100000L,
I have added a defined(LIBRESSL_VERSION_NUMBER) to all of them.
One patch is to prevent their regression tests from dumping core,
then they pass.
ok?
bluhm
Index: net/ntp/Makefile
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/net/ntp/Makefile,v
retrieving revision 1.71
diff -u -p -r1.71 Makefile
--- net/ntp/Makefile 14 Dec 2016 20:05:37 -0000 1.71
+++ net/ntp/Makefile 23 Mar 2017 21:56:24 -0000
@@ -6,7 +6,7 @@ COMMENT= Network Time Protocol reference
# to confuse with the ports system's 'pN' convention, so convert it to
# 'pl' for local use.
-VERSION= 4.2.8p9
+VERSION= 4.2.8p10
DISTNAME= ntp-${VERSION}
PKGNAME= ntp-${VERSION:S/p/pl/}
CATEGORIES= net
@@ -43,8 +43,11 @@ post-extract:
@touch ${WRKDIR}/timestamp
@find ${WRKSRC} -type f -print0 | xargs -0 touch -r ${WRKDIR}/timestamp
+# patch-sntp_tests_packetProcessing_c triggers a ruby script to regenerate
+# run-packetProcessing.c. Avoid ruby, run file does not change anyway.
post-patch:
cp ${WRKSRC}/sntp/loc/freebsd ${WRKSRC}/sntp/loc/openbsd
+ touch ${WRKSRC}/sntp/tests/run-packetProcessing.c
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ntp
Index: net/ntp/distinfo
===================================================================
RCS file: /data/mirror/openbsd/cvs/ports/net/ntp/distinfo,v
retrieving revision 1.23
diff -u -p -r1.23 distinfo
--- net/ntp/distinfo 14 Dec 2016 20:05:37 -0000 1.23
+++ net/ntp/distinfo 23 Mar 2017 18:36:52 -0000
@@ -1,2 +1,2 @@
-SHA256 (ntp-4.2.8p9.tar.gz) = tyQod3jhusYltEcyfJhR7t7wIFF6NUViXp9lKpDzC3I=
-SIZE (ntp-4.2.8p9.tar.gz) = 7231884
+SHA256 (ntp-4.2.8p10.tar.gz) = 3dI2bmQhm576D3Q44GgA0Ns5SsXIjhPBe3DQ3N+ZuZ8=
+SIZE (ntp-4.2.8p10.tar.gz) = 6998648
Index: net/ntp/patches/patch-include_libssl_compat_h
===================================================================
RCS file:
/data/mirror/openbsd/cvs/ports/net/ntp/patches/patch-include_libssl_compat_h,v
retrieving revision 1.1
diff -u -p -r1.1 patch-include_libssl_compat_h
--- net/ntp/patches/patch-include_libssl_compat_h 14 Dec 2016 20:05:37
-0000 1.1
+++ net/ntp/patches/patch-include_libssl_compat_h 23 Mar 2017 20:47:57
-0000
@@ -1,8 +1,8 @@
$OpenBSD: patch-include_libssl_compat_h,v 1.1 2016/12/14 20:05:37 naddy Exp $
---- include/libssl_compat.h.orig Mon Nov 21 13:28:40 2016
-+++ include/libssl_compat.h Wed Dec 14 00:01:48 2016
-@@ -25,7 +25,7 @@
- #include "openssl/rsa.h"
+--- include/libssl_compat.h.orig Thu Mar 23 19:36:53 2017
++++ include/libssl_compat.h Thu Mar 23 19:58:13 2017
+@@ -37,7 +37,7 @@
+ #endif
/* ----------------------------------------------------------------- */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
Index: net/ntp/patches/patch-include_ssl_applink_c
===================================================================
RCS file: net/ntp/patches/patch-include_ssl_applink_c
diff -N net/ntp/patches/patch-include_ssl_applink_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/ntp/patches/patch-include_ssl_applink_c 23 Mar 2017 20:55:56 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- include/ssl_applink.c.orig Thu Mar 23 21:54:28 2017
++++ include/ssl_applink.c Thu Mar 23 21:55:47 2017
+@@ -14,7 +14,7 @@
+ # include "msvc_ssl_autolib.h"
+ # endif
+ # endif
+-# if OPENSSL_VERSION_NUMBER < 0x10100000L
++# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ # include <openssl/applink.c>
+ # endif
+ # ifdef _MSC_VER
+@@ -41,7 +41,7 @@ void ssl_applink(void);
+ void
+ ssl_applink(void)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !
defined(LIBRESSL_VERSION_NUMBER)
+ # ifdef WRAP_DBG_MALLOC
+ CRYPTO_set_mem_functions(wrap_dbg_malloc, wrap_dbg_realloc,
wrap_dbg_free_ex);
+ # else
Index: net/ntp/patches/patch-libntp_libssl_compat_c
===================================================================
RCS file:
/data/mirror/openbsd/cvs/ports/net/ntp/patches/patch-libntp_libssl_compat_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-libntp_libssl_compat_c
--- net/ntp/patches/patch-libntp_libssl_compat_c 14 Dec 2016 20:05:37
-0000 1.1
+++ net/ntp/patches/patch-libntp_libssl_compat_c 23 Mar 2017 20:48:00
-0000
@@ -1,12 +1,12 @@
$OpenBSD: patch-libntp_libssl_compat_c,v 1.1 2016/12/14 20:05:37 naddy Exp $
---- libntp/libssl_compat.c.orig Mon Nov 21 13:28:40 2016
-+++ libntp/libssl_compat.c Wed Dec 14 00:02:37 2016
-@@ -23,7 +23,7 @@
- #include "ntp_types.h"
+--- libntp/libssl_compat.c.orig Thu Mar 23 19:36:53 2017
++++ libntp/libssl_compat.c Thu Mar 23 21:47:42 2017
+@@ -26,7 +26,7 @@
+ /* ----------------------------------------------------------------- */
/* ----------------------------------------------------------------- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+-#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
++#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L ||
defined(LIBRESSL_VERSION_NUMBER)
/* ----------------------------------------------------------------- */
#include "libssl_compat.h"
Index: net/ntp/patches/patch-libntp_ssl_init_c
===================================================================
RCS file: net/ntp/patches/patch-libntp_ssl_init_c
diff -N net/ntp/patches/patch-libntp_ssl_init_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/ntp/patches/patch-libntp_ssl_init_c 23 Mar 2017 20:59:47 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- libntp/ssl_init.c.orig Thu Mar 23 21:54:28 2017
++++ libntp/ssl_init.c Thu Mar 23 21:56:59 2017
+@@ -21,7 +21,7 @@
+
+ int ssl_init_done;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+ static void
+ atexit_ssl_cleanup(void)
Index: net/ntp/patches/patch-ports_winnt_include_msvc_ssl_autolib_h
===================================================================
RCS file: net/ntp/patches/patch-ports_winnt_include_msvc_ssl_autolib_h
diff -N net/ntp/patches/patch-ports_winnt_include_msvc_ssl_autolib_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/ntp/patches/patch-ports_winnt_include_msvc_ssl_autolib_h 23 Mar
2017 21:17:34 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- ports/winnt/include/msvc_ssl_autolib.h.orig Thu Mar 23 22:03:03 2017
++++ ports/winnt/include/msvc_ssl_autolib.h Thu Mar 23 22:17:23 2017
+@@ -85,7 +85,7 @@
+ * request in the object file, depending on the SSL version and the
+ * build variant.
+ */
+-# if OPENSSL_VERSION_NUMBER >= 0x10100000L
++# if OPENSSL_VERSION_NUMBER >= 0x10100000L && !
defined(LIBRESSL_VERSION_NUMBER)
+ # pragma comment(lib, "libcrypto" LTAG_SIZE LTAG_RTLIB LTAG_DEBUG ".lib")
+ # else
+ # pragma comment(lib, "libeay32" LTAG_RTLIB LTAG_DEBUG ".lib")
Index: net/ntp/patches/patch-sntp_libevent_test_regress_ssl_c
===================================================================
RCS file: net/ntp/patches/patch-sntp_libevent_test_regress_ssl_c
diff -N net/ntp/patches/patch-sntp_libevent_test_regress_ssl_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/ntp/patches/patch-sntp_libevent_test_regress_ssl_c 23 Mar 2017
20:59:43 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- sntp/libevent/test/regress_ssl.c.orig Thu Mar 23 21:54:28 2017
++++ sntp/libevent/test/regress_ssl.c Thu Mar 23 21:59:01 2017
+@@ -61,7 +61,7 @@
+
+ #include <string.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define OpenSSL_version_num SSLeay
+ #endif /* OPENSSL_VERSION_NUMBER */
+
+@@ -130,7 +130,7 @@ getcert(void)
+ X509_set_subject_name(x509, name);
+ X509_set_issuer_name(x509, name);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ X509_time_adj(X509_get_notBefore(x509), 0, &now);
+ now += 3600;
+ X509_time_adj(X509_get_notAfter(x509), 0, &now);
Index: net/ntp/patches/patch-sntp_tests_packetProcessing_c
===================================================================
RCS file: net/ntp/patches/patch-sntp_tests_packetProcessing_c
diff -N net/ntp/patches/patch-sntp_tests_packetProcessing_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/ntp/patches/patch-sntp_tests_packetProcessing_c 23 Mar 2017 21:42:26
-0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- sntp/tests/packetProcessing.c.orig Thu Mar 23 22:30:58 2017
++++ sntp/tests/packetProcessing.c Thu Mar 23 22:42:11 2017
+@@ -76,7 +76,7 @@ PrepareAuthenticationTest(
+ key_ptr->next = NULL;
+ key_ptr->key_id = key_id;
+ key_ptr->key_len = key_len;
+- memcpy(key_ptr->type, "MD5", 3);
++ strlcpy(key_ptr->type, "MD5", sizeof(key_ptr->type));
+
+ TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq));
+
Index: net/ntp/patches/patch-util_ntp-keygen_c
===================================================================
RCS file: net/ntp/patches/patch-util_ntp-keygen_c
diff -N net/ntp/patches/patch-util_ntp-keygen_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ net/ntp/patches/patch-util_ntp-keygen_c 23 Mar 2017 20:59:45 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- util/ntp-keygen.c.orig Thu Mar 23 21:54:28 2017
++++ util/ntp-keygen.c Thu Mar 23 21:59:33 2017
+@@ -474,7 +474,7 @@ main(
+ /*
+ * Seed random number generator and grow weeds.
+ */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ #endif /* OPENSSL_VERSION_NUMBER */
