rpms/ntp/devel ntp-4.2.4p7-bcast.patch, NONE, 1.1 ntp-4.2.4p7-daemonpll.patch, NONE, 1.1 ntp-4.2.4p7-gettime.patch, NONE, 1.1 ntp-4.2.4p7-ipv6.patch, NONE, 1.1 ntp-4.2.4p7-minpoll.patch, NONE, 1.1 ntp-4.2.4p7-mlock.patch, NONE, 1.1 ntp-4.2.4p7-nano.patch, NONE, 1.1 ntp-4.2.4p7-nosntp.patch, NONE, 1.1 ntp-4.2.4p7-stamode.patch, NONE, 1.1 .cvsignore, 1.28, 1.29 ntp.spec, 1.88, 1.89 sources, 1.29, 1.30 ntp-4.2.4p2-nosntp.patch, 1.1, NONE ntp-4.2.4p4-gettime.patch, 1.1, NONE ntp-4.2.4p4-ipv6.patch, 1.1, NONE ntp-4.2.4p5-bcast.patch, 1.1, NONE ntp-4.2.4p5-retryres.patch, 1.1, NONE ntp-4.2.4p6-mlock.patch, 1.1, NONE ntp-4.2.4p6-ntpqsprintf.patch, 1.1, NONE
Miroslav Lichvar
mlichvar at fedoraproject.org
Tue May 19 14:45:47 UTC 2009
Author: mlichvar
Update of /cvs/pkgs/rpms/ntp/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18331
Modified Files:
.cvsignore ntp.spec sources
Added Files:
ntp-4.2.4p7-bcast.patch ntp-4.2.4p7-daemonpll.patch
ntp-4.2.4p7-gettime.patch ntp-4.2.4p7-ipv6.patch
ntp-4.2.4p7-minpoll.patch ntp-4.2.4p7-mlock.patch
ntp-4.2.4p7-nano.patch ntp-4.2.4p7-nosntp.patch
ntp-4.2.4p7-stamode.patch
Removed Files:
ntp-4.2.4p2-nosntp.patch ntp-4.2.4p4-gettime.patch
ntp-4.2.4p4-ipv6.patch ntp-4.2.4p5-bcast.patch
ntp-4.2.4p5-retryres.patch ntp-4.2.4p6-mlock.patch
ntp-4.2.4p6-ntpqsprintf.patch
Log Message:
- update to 4.2.4p7 (CVE-2009-1252)
- improve PLL response when kernel discipline is disabled
- don't log STA_MODE changes
- enable nanokernel support
- allow minpoll 3
- increase memlock limit
- move html documentation to -doc subpackage (#492444)
ntp-4.2.4p7-bcast.patch:
--- NEW FILE ntp-4.2.4p7-bcast.patch ---
diff -up ntp-4.2.4p7/ntpd/ntp_io.c.bcast ntp-4.2.4p7/ntpd/ntp_io.c
--- ntp-4.2.4p7/ntpd/ntp_io.c.bcast 2009-05-18 16:53:05.000000000 +0200
+++ ntp-4.2.4p7/ntpd/ntp_io.c 2009-05-18 16:54:19.000000000 +0200
@@ -150,6 +150,8 @@ int ninterfaces; /* Total number of in
volatile int disable_dynamic_updates; /* when set to != 0 dynamic updates won't happen */
+static int pktinfo_status = 0; /* is IP_PKTINFO on wildipv4 iface enabled? */
+
#ifdef REFCLOCK
/*
* Refclock stuff. We keep a chain of structures with data concerning
@@ -1611,6 +1613,18 @@ set_reuseaddr(int flag) {
#endif /* ! SO_EXCLUSIVEADDRUSE */
}
+static void
+set_pktinfo(int flag)
+{
+ if (wildipv4 == NULL)
+ return;
+ if (setsockopt(wildipv4->fd, SOL_IP, IP_PKTINFO, &flag, sizeof (flag))) {
+ if (debug > 1)
+ printf("setsockopt(IP_PKTINFO) failed: %s\n", strerror(errno));
+ } else
+ pktinfo_status = flag;
+}
+
/*
* This is just a wrapper around an internal function so we can
* make other changes as necessary later on
@@ -2027,6 +2041,7 @@ io_setbclient(void)
#else
netsyslog(LOG_ERR, "io_setbclient: Broadcast Client disabled by build");
#endif
+ set_pktinfo(1);
}
/*
@@ -2049,6 +2064,7 @@ io_unsetbclient(void)
continue;
lstatus = socket_broadcast_disable(interf, &interf->sin);
}
+ set_pktinfo(0);
}
/*
@@ -2957,7 +2973,8 @@ read_network_packet(SOCKET fd, struct in
#ifdef HAVE_TIMESTAMP
struct msghdr msghdr;
struct iovec iovec;
- char control[TIMESTAMP_CTLMSGBUF_SIZE]; /* pick up control messages */
+ char control[sizeof (struct cmsghdr) * 2 + sizeof (struct timeval) +
+ sizeof (struct in_pktinfo) + 32]; /* pick up control messages */
#endif
/*
@@ -2969,7 +2986,7 @@ read_network_packet(SOCKET fd, struct in
rb = get_free_recv_buffer();
- if (rb == NULL || itf->ignore_packets == ISC_TRUE)
+ if (rb == NULL || (itf->ignore_packets == ISC_TRUE && !(pktinfo_status && itf == wildipv4)))
{
char buf[RX_BUFF_SIZE];
struct sockaddr_storage from;
@@ -3031,6 +3048,34 @@ read_network_packet(SOCKET fd, struct in
return (buflen);
}
+ if (pktinfo_status && itf->ignore_packets == ISC_TRUE && itf == wildipv4) {
+ /* check for broadcast on 255.255.255.255, exception allowed on wildipv4 */
+ struct cmsghdr *cmsg;
+ struct in_pktinfo *pktinfo = NULL;
+
+ if ((cmsg = CMSG_FIRSTHDR(&msghdr)))
+ do {
+ if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_PKTINFO)
+ pktinfo = (struct in_pktinfo *) CMSG_DATA(cmsg);
+ } while ((cmsg = CMSG_NXTHDR(&msghdr, cmsg)));
+ if (pktinfo && pktinfo->ipi_addr.s_addr == INADDR_BROADCAST) {
+#ifdef DEBUG
+ if (debug > 3) {
+ printf("INADDR_BROADCAST\n");
+ }
+#endif
+ } else {
+#ifdef DEBUG
+ if (debug > 3)
+ printf("%s on (%lu) fd=%d from %s\n", "ignore",
+ free_recvbuffs(), fd, stoa(&rb->recv_srcadr));
+#endif
+ packets_ignored++;
+ freerecvbuf(rb);
+ return (buflen);
+ }
+ }
+
#ifdef DEBUG
if (debug > 2) {
if(rb->recv_srcadr.ss_family == AF_INET)
diff -up ntp-4.2.4p7/ntpd/ntp_peer.c.bcast ntp-4.2.4p7/ntpd/ntp_peer.c
--- ntp-4.2.4p7/ntpd/ntp_peer.c.bcast 2008-08-10 13:02:40.000000000 +0200
+++ ntp-4.2.4p7/ntpd/ntp_peer.c 2009-05-18 16:53:05.000000000 +0200
@@ -709,7 +709,8 @@ select_peerinterface(struct peer *peer,
* as our (network) source address would be undefined and
* crypto will not work without knowing the own transmit address
*/
- if (interface != NULL && interface->flags & INT_WILDCARD)
+ if (interface != NULL && interface->flags & INT_WILDCARD &&
+ !(cast_flags & MDF_BCAST))
#ifdef SYS_WINNT
if ( !accept_wildcard_if_for_winnt )
#endif
ntp-4.2.4p7-daemonpll.patch:
--- NEW FILE ntp-4.2.4p7-daemonpll.patch ---
diff -up ntp-4.2.4p7/ntpd/ntp_loopfilter.c.daemonpll ntp-4.2.4p7/ntpd/ntp_loopfilter.c
--- ntp-4.2.4p7/ntpd/ntp_loopfilter.c.daemonpll 2009-05-18 18:13:31.000000000 +0200
+++ ntp-4.2.4p7/ntpd/ntp_loopfilter.c 2009-05-18 18:18:13.000000000 +0200
@@ -489,10 +489,9 @@ local_clock(
/*
* For the PLL the integration interval
* (numerator) is the minimum of the update
- * interval and poll interval. This allows
- * oversampling, but not undersampling.
+ * interval and Allan intercept.
*/
- etemp = min(mu, (u_long)ULOGTOD(sys_poll));
+ etemp = min(mu, allan_xpt);
dtemp = 4 * CLOCK_PLL * ULOGTOD(sys_poll);
plladj = fp_offset * etemp / (dtemp * dtemp);
rstclock(S_SYNC, peer->epoch, fp_offset);
ntp-4.2.4p7-gettime.patch:
--- NEW FILE ntp-4.2.4p7-gettime.patch ---
diff -up ntp-4.2.4p7/configure.gettime ntp-4.2.4p7/configure
--- ntp-4.2.4p7/configure.gettime 2009-05-18 18:59:37.000000000 +0200
+++ ntp-4.2.4p7/configure 2009-05-18 19:19:33.000000000 +0200
@@ -36117,6 +36117,10 @@ case "$host" in
for ac_func in clock_gettime clock_settime
do
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ continue
as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
echo "$as_me:$LINENO: checking for $ac_func" >&5
echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
ntp-4.2.4p7-ipv6.patch:
--- NEW FILE ntp-4.2.4p7-ipv6.patch ---
diff -up ntp-4.2.4p7/configure.ipv6 ntp-4.2.4p7/configure
--- ntp-4.2.4p7/configure.ipv6 2009-05-18 17:18:31.000000000 +0200
+++ ntp-4.2.4p7/configure 2009-05-18 17:22:37.000000000 +0200
@@ -46206,15 +46206,19 @@ cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
+;
$isc_netinetin6_hack
$isc_netinet6in6_hack
+;
int
main ()
{
+;
struct in6_pktinfo xyzzy;
ntp-4.2.4p7-minpoll.patch:
--- NEW FILE ntp-4.2.4p7-minpoll.patch ---
diff -up ntp-4.2.4p7/html/confopt.html.minpoll ntp-4.2.4p7/html/confopt.html
--- ntp-4.2.4p7/html/confopt.html.minpoll 2009-05-19 14:23:01.000000000 +0200
+++ ntp-4.2.4p7/html/confopt.html 2009-05-19 14:27:27.000000000 +0200
@@ -56,7 +56,7 @@
<dd>When the server is unreachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s; however, the spacing between the first and second packets can be changed with the <a href="miscopt.html"><tt>calldelay</tt></a> command to allow additional time for a modem or ISDN call to complete. This option is valid with only the <tt>server</tt> command and is a recommended option with this command.<dt><tt>key</tt> <i><tt>key</tt></i>
<dd>All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified <i><tt>key</tt></i> identifier with values from 1 to 65534, inclusive. The default is to include no encryption field. This option is valid with all commands.<dt><tt>minpoll <i>minpoll</i></tt><br>
<tt>maxpoll <i>maxpoll</i></tt>
- <dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36.4 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 4 (16 s). These option are valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>noselect</tt>
+ <dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36.4 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s). These option are valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>noselect</tt>
<dd>Marks the server as unused, except for display purposes. The server is discarded by the selection algorithm. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>preempt</tt>
<dd>Specifies the association as preemptable rather than the default persistent. This option is valied only with the <tt>server</tt> command.<dt><tt>prefer</tt>
<dd>Marks the server as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page for further information. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>true</tt>
diff -up ntp-4.2.4p7/include/ntp.h.minpoll ntp-4.2.4p7/include/ntp.h
--- ntp-4.2.4p7/include/ntp.h.minpoll 2008-08-10 13:02:42.000000000 +0200
+++ ntp-4.2.4p7/include/ntp.h 2009-05-19 14:23:01.000000000 +0200
@@ -104,7 +104,7 @@ typedef char s_char;
* Poll interval parameters
*/
#define NTP_UNREACH 24 /* poll unreach threshold */
-#define NTP_MINPOLL 4 /* log2 min poll interval (16 s) */
+#define NTP_MINPOLL 3 /* log2 min poll interval (8 s) */
#define NTP_MINDPOLL 6 /* log2 default min poll (64 s) */
#define NTP_MAXDPOLL 10 /* log2 default max poll (~17 m) */
#define NTP_MAXPOLL 17 /* log2 max poll interval (~36 h) */
diff -up ntp-4.2.4p7/ntpd/ntp_loopfilter.c.minpoll ntp-4.2.4p7/ntpd/ntp_loopfilter.c
--- ntp-4.2.4p7/ntpd/ntp_loopfilter.c.minpoll 2009-05-19 14:23:01.000000000 +0200
+++ ntp-4.2.4p7/ntpd/ntp_loopfilter.c 2009-05-19 14:23:01.000000000 +0200
@@ -404,7 +404,7 @@ local_clock(
fp_offset);
reinit_timer();
tc_counter = 0;
- sys_poll = NTP_MINPOLL;
+ sys_poll = NTP_MINPOLL + 1;
sys_tai = 0;
clock_jitter = LOGTOD(sys_precision);
rval = 2;
ntp-4.2.4p7-mlock.patch:
--- NEW FILE ntp-4.2.4p7-mlock.patch ---
diff -up ntp-4.2.4p7/html/ntpd.html.mlock ntp-4.2.4p7/html/ntpd.html
--- ntp-4.2.4p7/html/ntpd.html.mlock 2009-05-19 16:05:30.000000000 +0200
+++ ntp-4.2.4p7/html/ntpd.html 2009-05-19 16:05:30.000000000 +0200
@@ -34,7 +34,7 @@
</ul>
<hr>
<h4 id="synop">Synopsis</h4>
- <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
+ <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
<h4 id="descr">Description</h4>
<p>The <tt>ntpd</tt> program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. <tt>ntpd</tt> does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.</p>
<h4 id="op">How NTP Operates</h4>
@@ -96,6 +96,8 @@
<dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
<dt><tt>-L</tt>
<dd>Do not listen to virtual IPs. The default is to listen.
+ <dt><tt>-m</tt>
+ <dd>Lock memory.
<dt><tt>-n</tt>
<dd>Don't fork.
<dt><tt>-N</tt>
diff -up ntp-4.2.4p7/ntpd/ntpd-opts.c.mlock ntp-4.2.4p7/ntpd/ntpd-opts.c
--- ntp-4.2.4p7/ntpd/ntpd-opts.c.mlock 2009-05-18 10:56:02.000000000 +0200
+++ ntp-4.2.4p7/ntpd/ntpd-opts.c 2009-05-19 16:05:30.000000000 +0200
@@ -264,6 +264,15 @@ tSCC zNice_Name[] = "ni
#define NICE_FLAGS (OPTST_DISABLED)
/*
+ * Mlock option description:
+ */
+tSCC zMlockText[] =
+ "Lock memory";
+tSCC zMlock_NAME[] = "MLOCK";
+tSCC zMlock_Name[] = "mlock";
+#define MLOCK_FLAGS (OPTST_DISABLED)
+
+/*
* Pidfile option description:
*/
tSCC zPidfileText[] =
@@ -789,6 +798,18 @@ static tOptDesc optDesc[ OPTION_CT ] = {
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT
#endif
+ { /* entry idx, value */ 29, VALUE_OPT_MLOCK,
+ /* equiv idx, value */ 29, VALUE_OPT_MLOCK,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ MLOCK_FLAGS, 0,
+ /* last opt argumnt */ { NULL },
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ zMlockText, zMlock_NAME, zMlock_Name,
+ /* disablement strs */ NULL, NULL },
+
{ /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
/* equiv idx value */ NO_EQUIVALENT, 0,
/* equivalenced to */ NO_EQUIVALENT,
@@ -881,7 +902,7 @@ tOptions ntpdOptions = {
NO_EQUIVALENT /* index of '-#' option */,
NO_EQUIVALENT /* index of default opt */
},
- 32 /* full option count */, 29 /* user option count */
+ 33 /* full option count */, 30 /* user option count */
};
/*
diff -up ntp-4.2.4p7/ntpd/ntpd-opts.h.mlock ntp-4.2.4p7/ntpd/ntpd-opts.h
--- ntp-4.2.4p7/ntpd/ntpd-opts.h.mlock 2009-05-18 10:56:02.000000000 +0200
+++ ntp-4.2.4p7/ntpd/ntpd-opts.h 2009-05-19 16:05:30.000000000 +0200
@@ -81,12 +81,13 @@ typedef enum {
INDEX_OPT_VAR = 26,
INDEX_OPT_DVAR = 27,
INDEX_OPT_SLEW = 28,
- INDEX_OPT_VERSION = 29,
- INDEX_OPT_HELP = 30,
- INDEX_OPT_MORE_HELP = 31
+ INDEX_OPT_MLOCK = 29,
+ INDEX_OPT_VERSION = 30,
+ INDEX_OPT_HELP = 31,
+ INDEX_OPT_MORE_HELP = 32
} teOptIndex;
-#define OPTION_CT 32
+#define OPTION_CT 33
#define NTPD_VERSION "4.2.4p7"
#define NTPD_FULL_VERSION "ntpd - NTP daemon program - Ver. 4.2.4p7"
@@ -179,6 +180,10 @@ typedef enum {
# warning undefining MODIFYMMTIMER due to option name conflict
# undef MODIFYMMTIMER
# endif
+# ifdef MLOCK
+# warning undefining MLOCK due to option name conflict
+# undef MLOCK
+# endif
# ifdef NOFORK
# warning undefining NOFORK due to option name conflict
# undef NOFORK
@@ -248,6 +253,7 @@ typedef enum {
# undef LOGFILE
# undef NOVIRTUALIPS
# undef MODIFYMMTIMER
+# undef MLOCK
# undef NOFORK
# undef NICE
# undef PIDFILE
@@ -290,6 +296,7 @@ typedef enum {
#ifdef SYS_WINNT
#define VALUE_OPT_MODIFYMMTIMER 'M'
#endif /* SYS_WINNT */
+#define VALUE_OPT_MLOCK 'm'
#define VALUE_OPT_NOFORK 'n'
#define VALUE_OPT_NICE 'N'
#define VALUE_OPT_PIDFILE 'p'
diff -up ntp-4.2.4p7/ntpd/ntpd.c.mlock ntp-4.2.4p7/ntpd/ntpd.c
--- ntp-4.2.4p7/ntpd/ntpd.c.mlock 2009-05-19 16:05:30.000000000 +0200
+++ ntp-4.2.4p7/ntpd/ntpd.c 2009-05-19 16:06:02.000000000 +0200
@@ -691,7 +691,8 @@ ntpdmain(
}
#endif
-#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE)
+#if defined(MCL_CURRENT) && defined(MCL_FUTURE)
+ if (HAVE_OPT( MLOCK )) {
# ifdef HAVE_SETRLIMIT
/*
* Set the stack limit to something smaller, so that we don't lock a lot
@@ -717,7 +718,7 @@ ntpdmain(
* fail if we drop root privlege. To be useful the value
* has to be larger than the largest ntpd resident set size.
*/
- rl.rlim_cur = rl.rlim_max = 32*1024*1024;
+ rl.rlim_cur = rl.rlim_max = 64*1024*1024;
if (setrlimit(RLIMIT_MEMLOCK, &rl) == -1) {
msyslog(LOG_ERR, "Cannot set RLIMIT_MEMLOCK: %m");
}
@@ -729,6 +730,7 @@ ntpdmain(
*/
if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0)
msyslog(LOG_ERR, "mlockall(): %m");
+ }
#else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
# ifdef HAVE_PLOCK
# ifdef PROCLOCK
ntp-4.2.4p7-nano.patch:
--- NEW FILE ntp-4.2.4p7-nano.patch ---
diff -up ntp-4.2.4p7/include/ntp_syscall.h.nano ntp-4.2.4p7/include/ntp_syscall.h
--- ntp-4.2.4p7/include/ntp_syscall.h.nano 2009-05-19 10:26:49.000000000 +0200
+++ ntp-4.2.4p7/include/ntp_syscall.h 2009-05-19 10:28:05.000000000 +0200
@@ -14,6 +14,14 @@
# include <sys/timex.h>
#endif
+#if defined(ADJ_NANO) && !defined(MOD_NANO)
+#define MOD_NANO ADJ_NANO
+#endif
+
+#if defined(ADJ_TAI) && !defined(MOD_TAI)
+#define MOD_TAI ADJ_TAI
+#endif
+
#ifndef STA_MODE
#define STA_MODE 0x4000 /* mode (0 = PLL, 1 = FLL) (ro) */
#endif
ntp-4.2.4p7-nosntp.patch:
--- NEW FILE ntp-4.2.4p7-nosntp.patch ---
diff -up ntp-4.2.4p7/Makefile.in.nosntp ntp-4.2.4p7/Makefile.in
--- ntp-4.2.4p7/Makefile.in.nosntp 2009-05-18 10:44:06.000000000 +0200
+++ ntp-4.2.4p7/Makefile.in 2009-05-18 16:49:15.000000000 +0200
@@ -207,7 +207,7 @@ ACLOCAL_AMFLAGS = -I m4 -I libopts/m4
NULL =
SUBDIRS = $(am__append_1) scripts include ElectricFence @ARLIB_DIR@ \
libntp libparse ntpd ntpdate ntpdc ntpq parseutil adjtimed \
- clockstuff kernel sntp util $(NULL)
+ clockstuff kernel util $(NULL)
DIST_SUBDIRS = \
scripts \
include \
@@ -224,7 +224,6 @@ DIST_SUBDIRS = \
adjtimed \
clockstuff \
kernel \
- sntp \
util \
$(NULL)
diff -up ntp-4.2.4p7/configure.nosntp ntp-4.2.4p7/configure
--- ntp-4.2.4p7/configure.nosntp 2009-05-18 10:44:23.000000000 +0200
+++ ntp-4.2.4p7/configure 2009-05-18 16:49:41.000000000 +0200
@@ -459,7 +459,7 @@ ac_includes_default="\
#endif"
ac_subdirs_all="$ac_subdirs_all arlib"
-ac_subdirs_all="$ac_subdirs_all sntp"
+ac_subdirs_all="$ac_subdirs_all"
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA CYGPATH_W PACKAGE VERSION ACLOCAL AUTOCONF AUTOMAKE AUTOHEADER MAKEINFO install_sh STRIP ac_ct_STRIP INSTALL_STRIP_PROGRAM mkdir_p AWK SET_MAKE am__leading_dot AMTAR am__tar am__untar build build_cpu build_vendor build_os host host_cpu host_vendor host_os CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT DEPDIR am__include am__quote AMDEP_TRUE AMDEP_FALSE AMDEPBACKSLASH CCDEPMODE am__fastdepCC_TRUE am__fastdepCC_FALSE CPP EGREP LIBOPTS_DIR INSTALL_LIBOPTS_TRUE INSTALL_LIBOPTS_FALSE NEED_LIBOPTS_TRUE NEED_LIBOPTS_FALSE LIBOPTS_LDADD LIBOPTS_CFLAGS BINSUBDIR subdirs ARLIB_DIR LN_S ECHO AR ac_ct_A
R RANLIB ac_ct_RANLIB LIBTOOL PATH_SH PATH_PERL READLINE_LIBS U ANSI2KNR HAVE_INLINE LIBPARSE MAKE_LIBPARSE MAKE_LIBPARSE_KERNEL MAKE_CHECK_Y2K OPENSSL OPENSSL_INC OPENSSL_LIB LCRYPTO EF_PROGS EF_LIBS MAKE_CHECK_LAYOUT TESTDCF DCFD MAKE_PARSEKMODULE PROPDELAY CHUTEST CLKTEST MAKE_ADJTIMED MAKE_NTPTIME MAKE_TICKADJ MAKE_TIMETRIM MAKE_LIBNTPSIM MAKE_NTPDSIM LSCF LIBOBJS LTLIBOBJS'
ac_subst_files=''
@@ -46708,7 +46708,7 @@ _ACEOF
-subdirs="$subdirs sntp"
+subdirs="$subdirs"
cat >confcache <<\_ACEOF
ntp-4.2.4p7-stamode.patch:
--- NEW FILE ntp-4.2.4p7-stamode.patch ---
diff -up ntp-4.2.4p7/include/ntp_syscall.h.stamode ntp-4.2.4p7/include/ntp_syscall.h
--- ntp-4.2.4p7/include/ntp_syscall.h.stamode 2004-02-25 06:57:56.000000000 +0100
+++ ntp-4.2.4p7/include/ntp_syscall.h 2009-05-19 10:21:34.000000000 +0200
@@ -14,6 +14,10 @@
# include <sys/timex.h>
#endif
+#ifndef STA_MODE
+#define STA_MODE 0x4000 /* mode (0 = PLL, 1 = FLL) (ro) */
+#endif
+
#ifndef NTP_SYSCALLS_LIBC
#ifdef NTP_SYSCALLS_STD
# define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t))
diff -up ntp-4.2.4p7/ntpd/ntp_loopfilter.c.stamode ntp-4.2.4p7/ntpd/ntp_loopfilter.c
--- ntp-4.2.4p7/ntpd/ntp_loopfilter.c.stamode 2009-05-19 10:20:03.000000000 +0200
+++ ntp-4.2.4p7/ntpd/ntp_loopfilter.c 2009-05-19 10:25:22.000000000 +0200
@@ -644,7 +644,7 @@ local_clock(
"kernel time sync error %04x", ntv.status);
ntv.status &= ~(STA_PPSFREQ | STA_PPSTIME);
} else {
- if ((ntv.status ^ pll_status) & ~STA_FLL)
+ if ((ntv.status ^ pll_status) & ~(STA_FLL | STA_MODE))
NLOG(NLOG_SYNCEVENT | NLOG_SYSEVENT)
msyslog(LOG_NOTICE,
"kernel time sync status change %04x",
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/.cvsignore,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -p -r1.28 -r1.29
--- .cvsignore 12 Jan 2009 13:53:46 -0000 1.28
+++ .cvsignore 19 May 2009 14:45:44 -0000 1.29
@@ -1,2 +1,2 @@
ntpstat-0.2.tgz
-ntp-4.2.4p6.tar.gz
+ntp-4.2.4p7.tar.gz
Index: ntp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntp.spec,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -p -r1.88 -r1.89
--- ntp.spec 20 Apr 2009 11:44:54 -0000 1.88
+++ ntp.spec 19 May 2009 14:45:46 -0000 1.89
@@ -1,7 +1,7 @@
Summary: The NTP daemon and utilities
Name: ntp
-Version: 4.2.4p6
-Release: 4%{?dist}
+Version: 4.2.4p7
+Release: 1%{?dist}
# primary license (COPYRIGHT) : MIT
# ElectricFence/ (not used) : GPLv2
# kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -42,15 +42,21 @@ Source10: ntp.dhclient
# ntpbz #628, #1073
Patch1: ntp-4.2.4p4-kernel.patch
+# add support for dropping root to ntpdate
Patch2: ntp-4.2.4p0-droproot.patch
# ntpbz #812
Patch3: ntp-4.2.4-groups.patch
+# ntpbz #1170
+Patch4: ntp-4.2.4p7-daemonpll.patch
+# link ntpd with -ffast-math on ia64
Patch5: ntp-4.2.4-linkfastmath.patch
+# ntpbz #1134
Patch6: ntp-4.2.4p2-tentative.patch
# ntpbz #897
Patch7: ntp-4.2.4p2-noseed.patch
# ntpbz #830
Patch8: ntp-4.2.4p4-multilisten.patch
+# fix script used to generate man pages
Patch9: ntp-4.2.4-html2man.patch
# ntpbz #898
Patch10: ntp-4.2.4p5-htmldoc.patch
@@ -61,31 +67,37 @@ Patch12: ntp-4.2.4-sprintf.patch
# drop this and switch to libedit in 4.2.6
Patch13: ntp-4.2.4p4-bsdadv.patch
# add option -m to lock memory
-Patch14: ntp-4.2.4p6-mlock.patch
+Patch14: ntp-4.2.4p7-mlock.patch
# fixed in 4.2.5
Patch15: ntp-4.2.4p2-clockselect.patch
# don't build sntp
-Patch16: ntp-4.2.4p2-nosntp.patch
+Patch16: ntp-4.2.4p7-nosntp.patch
# ntpbz #802
Patch17: ntp-4.2.4p5-sleep.patch
# ntpbz #779, #823
-Patch18: ntp-4.2.4p5-bcast.patch
+Patch18: ntp-4.2.4p7-bcast.patch
# ntpbz #759
Patch19: ntp-4.2.4p0-retcode.patch
# ntpbz #397
Patch20: ntp-4.2.4p2-noif.patch
-Patch21: ntp-4.2.4p4-ipv6.patch
+# force IPv6 support
+Patch21: ntp-4.2.4p7-ipv6.patch
+# align buffer for control messages
Patch22: ntp-4.2.4p4-cmsgalign.patch
-Patch23: ntp-4.2.4p4-gettime.patch
+# force use of clock_gettime
+Patch23: ntp-4.2.4p7-gettime.patch
+# reload resolv.conf after failure in name resolution
Patch24: ntp-4.2.4p4-resinit.patch
# ntpbz #992
Patch25: ntp-4.2.4p5-rtnetlink.patch
-# remove when #460561 is fixed
-Patch26: ntp-4.2.4p5-retryres.patch
+# don't log STA_MODE (PLL/FLL) changes
+Patch26: ntp-4.2.4p7-stamode.patch
# ntpbz #808
Patch27: ntp-4.2.4p5-driftonexit.patch
-# ntpbz #1144
-Patch28: ntp-4.2.4p6-ntpqsprintf.patch
+# add missing nanokernel macros
+Patch28: ntp-4.2.4p7-nano.patch
+# allow minpoll 3 as in 4.2.5
+Patch29: ntp-4.2.4p7-minpoll.patch
URL: http://www.ntp.org
Requires(post): /sbin/chkconfig
@@ -104,7 +116,8 @@ time with another reference time source.
to query and configure the ntpd daemon.
Perl scripts ntp-wait and ntptrace are in the ntp-perl package and
-the ntpdate program is in the ntpdate package.
+the ntpdate program is in the ntpdate package. The documentation is
+in the ntp-doc package.
%package perl
Summary: NTP utilities written in perl
@@ -126,12 +139,22 @@ Requires(preun): /sbin/chkconfig /sbin/s
ntpdate is a program for retrieving the date and time from
NTP servers.
+%package doc
+Summary: NTP documentation
+Group: Documentation
+Requires: %{name} = %{version}-%{release}
+%description doc
+This package contains NTP documentation in HTML format.
+
+%define ntpdocdir %{_datadir}/doc/%{name}-%{version}
+
%prep
%setup -q -a 5
%patch1 -p1 -b .kernel
%patch2 -p1 -b .droproot
%patch3 -p1 -b .groups
+%patch4 -p1 -b .daemonpll
%patch6 -p1 -b .tentative
%patch7 -p1 -b .noseed
%patch8 -p1 -b .multilisten
@@ -150,9 +173,10 @@ NTP servers.
%patch22 -p1 -b .cmsgalign
%patch24 -p1 -b .resinit
%patch25 -p1 -b .rtnetlink
-%patch26 -p1 -b .retryres
+%patch26 -p1 -b .stamode
%patch27 -p1 -b .driftonexit
-%patch28 -p1 -b .ntpqsprintf
+%patch28 -p1 -b .nano
+%patch29 -p1 -b .minpoll
# clock_gettime needs -lrt
sed -i.gettime 's|^LIBS = @LIBS@|& -lrt|' ntp{d,q,dc,date}/Makefile.in
@@ -219,11 +243,14 @@ popd
sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' $RPM_BUILD_ROOT%{_mandir}/man8/*.8
cp -r html/man/man[58] $RPM_BUILD_ROOT%{_mandir}
+mkdir -p $RPM_BUILD_ROOT%{ntpdocdir}
+cp -p COPYRIGHT ChangeLog NEWS $RPM_BUILD_ROOT%{ntpdocdir}
+
# prepare html documentation
find html | egrep '\.(html|css|txt|jpg|gif)$' | grep -v '/build/\|sntp' | \
- cpio -pmd htmldoc
-find htmldoc -type f | xargs chmod 644
-find htmldoc -type d | xargs chmod 755
+ cpio -pmd $RPM_BUILD_ROOT%{ntpdocdir}
+find $RPM_BUILD_ROOT%{ntpdocdir} -type f | xargs chmod 644
+find $RPM_BUILD_ROOT%{ntpdocdir} -type d | xargs chmod 755
pushd $RPM_BUILD_ROOT
mkdir -p .%{_sysconfdir}/{ntp/crypto,sysconfig,dhcp/dhclient.d} .%{_initrddir}
@@ -279,7 +306,10 @@ fi
%files
%defattr(-,root,root)
-%doc htmldoc/html/* COPYRIGHT ChangeLog NEWS TODO
+%dir %{ntpdocdir}
+%{ntpdocdir}/COPYRIGHT
+%{ntpdocdir}/ChangeLog
+%{ntpdocdir}/NEWS
%{_sbindir}/ntp-keygen
%{_sbindir}/ntpd
%{_sbindir}/ntpdc
@@ -321,7 +351,20 @@ fi
%{_sbindir}/ntpdate
%{_mandir}/man8/ntpdate.8*
+%files doc
+%defattr(-,root,root)
+%{ntpdocdir}/html
+
%changelog
+* Tue May 19 2009 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p7-1
+- update to 4.2.4p7 (CVE-2009-1252)
+- improve PLL response when kernel discipline is disabled
+- don't log STA_MODE changes
+- enable nanokernel support
+- allow minpoll 3
+- increase memlock limit
+- move html documentation to -doc subpackage (#492444)
+
* Mon Apr 20 2009 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p6-4
- don't restart ntpd in dhclient script with every renewal
- fix buffer overflow in ntpq (#490617)
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/sources,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -p -r1.29 -r1.30
--- sources 12 Jan 2009 13:53:46 -0000 1.29
+++ sources 19 May 2009 14:45:47 -0000 1.30
@@ -1,2 +1,2 @@
6b2bedefe2e7c63ea52609b222022121 ntpstat-0.2.tgz
-1961c2c12b66b9046d5df37d0a41b181 ntp-4.2.4p6.tar.gz
+8c19ff62ed4f7d64f8e2aa59cb11f364 ntp-4.2.4p7.tar.gz
--- ntp-4.2.4p2-nosntp.patch DELETED ---
--- ntp-4.2.4p4-gettime.patch DELETED ---
--- ntp-4.2.4p4-ipv6.patch DELETED ---
--- ntp-4.2.4p5-bcast.patch DELETED ---
--- ntp-4.2.4p5-retryres.patch DELETED ---
--- ntp-4.2.4p6-mlock.patch DELETED ---
--- ntp-4.2.4p6-ntpqsprintf.patch DELETED ---
More information about the fedora-extras-commits
mailing list