[Buildroot] [V2 1/1] ntp: security bump to verserion 4.2.8p9

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Adam Duskett <aduskett@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [V2 1/1] ntp: security bump to verserion 4.2.8p9
Date: Mon,  6 Feb 2017 09:12:25 -0500	[thread overview]
Message-ID: <20170206141225.2311-1-aduskett@codeblue.com> (raw)

This version of ntp fixes several vulnerabilities.

CVE-2016-9311
CVE-2016-9310
CVE-2016-7427
CVE-2016-7428
CVE-2016-9312
CVE-2016-7431
CVE-2016-7434
CVE-2016-7429
CVE-2016-7426
CVE-2016-7433

http://www.kb.cert.org/vuls/id/633847

In addition, libssl_compat.h is now included in many files, which
references openssl/evp.h, openssl/dsa.h, and openssl/rsa.h.
Even if a you pass --disable-ssl as a configuration option, these
files are now required.

As such, I have also added openssl as a dependency, and it is now
automatically selected when you select ntp.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
v1 -> v2:
  - Changed subject to indicate a security bump. (suggested by Baruch)
  - Removed check to see if openssl is enabled (suggested by Baruch)
  - Added the option --with-crypto to the configuration options by default. 

 package/ntp/Config.in |  1 +
 package/ntp/ntp.hash  |  6 +++---
 package/ntp/ntp.mk    | 15 +++++----------
 3 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/package/ntp/Config.in b/package/ntp/Config.in
index 8ce9a5b..1af02db 100644
--- a/package/ntp/Config.in
+++ b/package/ntp/Config.in
@@ -1,6 +1,7 @@
 config BR2_PACKAGE_NTP
 	bool "ntp"
 	select BR2_PACKAGE_LIBEVENT
+	select BR2_PACKAGE_OPENSSL
 	help
 	  Network Time Protocol suite/programs.
 	  Provides things like ntpd, ntpdate, ntpq, etc...
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index 2a1155b..c6838d8 100644
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,4 +1,4 @@
-# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p8.tar.gz.md5
-md5	4a8636260435b230636f053ffd070e34	ntp-4.2.8p8.tar.gz
+# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p9.tar.gz.md5
+md5	857452b05f5f2e033786f77ade1974ed	ntp-4.2.8p9.tar.gz
 # Calculated based on the hash above
-sha256	2ab3d0b5f0456e6311dda1cc27ab75da108762773a19e46abd938bd9407b97ee	ntp-4.2.8p8.tar.gz
+sha256	b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72	ntp-4.2.8p9.tar.gz
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index 7f9e0d6..45e2a64 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,9 +5,9 @@
 ################################################################################
 
 NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p8
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p9
 NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
-NTP_DEPENDENCIES = host-pkgconf libevent $(if $(BR2_PACKAGE_BUSYBOX),busybox)
+NTP_DEPENDENCIES = host-pkgconf libevent openssl $(if $(BR2_PACKAGE_BUSYBOX),busybox)
 NTP_LICENSE = ntp license
 NTP_LICENSE_FILES = COPYRIGHT
 NTP_CONF_ENV = ac_cv_lib_md5_MD5Init=no
@@ -17,17 +17,12 @@ NTP_CONF_OPTS = \
 	--disable-tickadj \
 	--disable-debugging \
 	--with-yielding-select=yes \
-	--disable-local-libevent
+	--disable-local-libevent \
+	--with-crypto
+
 # 0002-ntp-syscalls-fallback.patch
 NTP_AUTORECONF = YES
 
-ifeq ($(BR2_PACKAGE_OPENSSL),y)
-NTP_CONF_OPTS += --with-crypto
-NTP_DEPENDENCIES += openssl
-else
-NTP_CONF_OPTS += --without-crypto --disable-openssl-random
-endif
-
 ifeq ($(BR2_PACKAGE_LIBCAP),y)
 NTP_CONF_OPTS += --enable-linuxcaps
 NTP_DEPENDENCIES += libcap
-- 
2.9.3

next             reply	other threads:[~2017-02-06 14:12 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-06 14:12 Adam Duskett [this message]
2017-02-06 14:58 ` [Buildroot] [V2 1/1] ntp: security bump to verserion 4.2.8p9 Thomas Petazzoni
     [not found]   ` <1486393216.2005.19.camel@codeblue.com>
2017-02-06 15:02     ` Thomas Petazzoni
2017-02-06 15:23       ` Arnout Vandecappelle
2017-02-06 21:18         ` Adam Duskett
2017-02-07 14:28           ` Peter Korsgaard
2017-02-07 14:29 ` Peter Korsgaard
2017-11-07 17:26 ` Thomas Petazzoni
2017-11-07 21:15   ` Adam Duskett

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8ce9a5b dfblob:1af02db dfblob:2a1155b dfblob:c6838d8
dfblob:7f9e0d6 dfblob:45e2a64 )
 OR (
bs:"[Buildroot] [V2 1/1] ntp: security bump to verserion 4.2.8p9" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170206141225.2311-1-aduskett@codeblue.com \
    --to=aduskett@gmail.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.