[PATCH 0/7] Fido-next

[PATCH 0/7] Fido-next

[Armin Kuster]

Please consider these update for Fido

The following changes since commit 763de0599bd61eae1c122782b03e12b66319a2f1:

  ruby: explicitly disable dtrace support (2015-10-14 21:17:27 +0200)

are available in the git repository at:

  git://github.com/akuster/meta-openembedded akuster/fido-next
  https://github.com/akuster/meta-openembedded/tree/akuster/fido-next

Li xin (1):
  ntp: upgrade 4.2.8p2 -> 4.2.8p3

Martin Jansa (1):
  nautilus3: Fix build with B != S

Roy Li (3):
  mariadb: Security Advisory -CVE-2015-2305
  ipsec-tools: Security Advisory - CVE-2015-4047
  ntp: uprev to 4.2.8p2

Tim Orling (1):
  vlc: fix for libtool error

Tudor Florea (1):
  fuse: fix for CVE-2015-3202 Privilege Escalation

 ...fix_exec_environment_for_mount_and_umount.patch |  63 ++++++++
 .../recipes-support/fuse/fuse_2.9.3.bb             |   1 +
 .../recipes-gnome/nautilus/nautilus3_3.2.1.bb      |   2 +-
 meta-multimedia/recipes-multimedia/vlc/vlc.inc     |   2 +-
 .../ipsec-tools/fix-CVE-2015-4047.patch            |  36 +++++
 .../ipsec-tools/ipsec-tools_0.8.2.bb               |   1 +
 .../ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch  | 168 ---------------------
 .../ntp/{ntp_4.2.8.bb => ntp_4.2.8p3.bb}           |   7 +-
 meta-oe/recipes-support/mysql/mariadb.inc          |   1 +
 .../mysql/mariadb/fix-CVE-2015-2305.patch          |  43 ++++++
 10 files changed, 150 insertions(+), 174 deletions(-)
 create mode 100644 meta-filesystems/recipes-support/fuse/files/001-fix_exec_environment_for_mount_and_umount.patch
 create mode 100644 meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
 delete mode 100644 meta-networking/recipes-support/ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch
 rename meta-networking/recipes-support/ntp/{ntp_4.2.8.bb => ntp_4.2.8p3.bb} (95%)
 create mode 100644 meta-oe/recipes-support/mysql/mariadb/fix-CVE-2015-2305.patch

-- 
1.9.1

[PATCH 1/7] mariadb: Security Advisory -CVE-2015-2305

[Armin Kuster]

From: Roy Li <rongqing.li@windriver.com>

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2305

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Conflicts:
	meta-oe/recipes-support/mysql/mariadb.inc
	removed ref to patch fix-a-building-failure.patch
---
 meta-oe/recipes-support/mysql/mariadb.inc          |  1 +
 .../mysql/mariadb/fix-CVE-2015-2305.patch          | 43 ++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 meta-oe/recipes-support/mysql/mariadb/fix-CVE-2015-2305.patch

diff --git a/meta-oe/recipes-support/mysql/mariadb.inc b/meta-oe/recipes-support/mysql/mariadb.inc
index f385bfc..34c59fe 100644
--- a/meta-oe/recipes-support/mysql/mariadb.inc
+++ b/meta-oe/recipes-support/mysql/mariadb.inc
@@ -11,6 +11,7 @@ SRC_URI = "http://mirror.stshosting.co.uk/mariadb/mariadb-${PV}/source/mariadb-$
            file://my.cnf \
            file://mysqld.service \
            file://configure.cmake-fix-valgrind.patch \
+           file://fix-CVE-2015-2305.patch \
           "
 
 SRC_URI[md5sum] = "d2415efc6a6d73d7a58f3c79bb42f2e8"
diff --git a/meta-oe/recipes-support/mysql/mariadb/fix-CVE-2015-2305.patch b/meta-oe/recipes-support/mysql/mariadb/fix-CVE-2015-2305.patch
new file mode 100644
index 0000000..2d1b467
--- /dev/null
+++ b/meta-oe/recipes-support/mysql/mariadb/fix-CVE-2015-2305.patch
@@ -0,0 +1,43 @@
+From f5c1d00a9ceb61acfe038dcf2ec0236c2939328c Mon Sep 17 00:00:00 2001
+From: Roy Li <rongqing.li@windriver.com>
+Date: Mon, 1 Jun 2015 15:31:48 +0800
+Subject: [PATCH] From 70bc2965604b6b8aaf260049e64c708dddf85334 Mon Sep 17
+ 00:00:00 2001 From: Gary Houston <ghouston@arglist.com> Date: Wed, 25 Feb
+ 2015 13:29:03 +1100 Subject: [PATCH] Bug fix for integer overflow in regcomp
+ for excessively long  pattern strings. CERT Vulnerability Note VU#695940.
+ Found by Guido Vranken.
+
+Upsteam-Status: Backport
+
+https://bugzilla.suse.com/attachment.cgi?id=627001
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ regex/regcomp.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/regex/regcomp.c b/regex/regcomp.c
+index abc1817..31e57c1 100644
+--- a/regex/regcomp.c
++++ b/regex/regcomp.c
+@@ -138,7 +138,16 @@ struct cclass cclasses[CCLASS_LAST+1]= {
+ 							(NC-1)*sizeof(cat_t));
+ 	if (g == NULL)
+ 		return(REG_ESPACE);
+-	p->ssize = (long) (len/(size_t)2*(size_t)3 + (size_t)1); /* ugh */
++	{
++	  /* Patched for CERT Vulnerability Note VU#695940, Feb 2015. */
++	  size_t new_ssize = len/(size_t)2*(size_t)3 + (size_t)1; /* ugh */
++	  if (new_ssize < len || new_ssize > LONG_MAX / sizeof(sop)) {
++	    free((char *) g);
++	    return REG_INVARG;
++	  }
++	  p->ssize = new_ssize;
++	}
++
+ 	p->strip = (sop *)malloc(p->ssize * sizeof(sop));
+ 	p->slen = 0;
+ 	if (p->strip == NULL) {
+-- 
+1.9.1
+
-- 
1.9.1

[PATCH 2/7] ipsec-tools: Security Advisory - CVE-2015-4047

[Armin Kuster]

From: Roy Li <rongqing.li@windriver.com>

This fixed the CVE-2015-4047:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../ipsec-tools/fix-CVE-2015-4047.patch            | 36 ++++++++++++++++++++++
 .../ipsec-tools/ipsec-tools_0.8.2.bb               |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch

diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
new file mode 100644
index 0000000..5286376
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/fix-CVE-2015-4047.patch
@@ -0,0 +1,36 @@
+[PATCH] fix CVE-2015-4047
+
+Upstream-Status: Backport
+
+http://www.openwall.com/lists/oss-security/2015/05/20/1
+
+racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause
+a denial of service (NULL pointer dereference and IKE daemon crash) via
+a series of crafted UDP requests.
+
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
+
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ src/racoon/gssapi.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/racoon/gssapi.c b/src/racoon/gssapi.c
+index e64b201..1ad3b42 100644
+--- a/src/racoon/gssapi.c
++++ b/src/racoon/gssapi.c
+@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
+ 	gss_name_t princ, canon_princ;
+ 	OM_uint32 maj_stat, min_stat;
+ 
++	if (iph1->rmconf == NULL) {
++	        plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
++	        return -1;
++	}
++
+ 	gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
+ 	if (gps == NULL) {
+ 		plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");
+-- 
+1.9.1
+
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
index 9704b13..574f159 100644
--- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
@@ -18,6 +18,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
            file://racoon.conf.sample \
            file://racoon.conf \
            file://racoon.service \
+           file://fix-CVE-2015-4047.patch \
           "
 SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
 SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"
-- 
1.9.1

[PATCH 3/7] fuse: fix for CVE-2015-3202 Privilege Escalation

[Armin Kuster]

From: Tudor Florea <tudor.florea@enea.com>

fusermount in FUSE before 2.9.3-15 does not properly clear the environment before
invoking (1) mount or (2) umount as root, which allows local users to write
to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is
used by mount's debugging feature.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3202
http://www.openwall.com/lists/oss-security/2015/05/21/9

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 ...fix_exec_environment_for_mount_and_umount.patch | 63 ++++++++++++++++++++++
 .../recipes-support/fuse/fuse_2.9.3.bb             |  1 +
 2 files changed, 64 insertions(+)
 create mode 100644 meta-filesystems/recipes-support/fuse/files/001-fix_exec_environment_for_mount_and_umount.patch

diff --git a/meta-filesystems/recipes-support/fuse/files/001-fix_exec_environment_for_mount_and_umount.patch b/meta-filesystems/recipes-support/fuse/files/001-fix_exec_environment_for_mount_and_umount.patch
new file mode 100644
index 0000000..8332bfb
--- /dev/null
+++ b/meta-filesystems/recipes-support/fuse/files/001-fix_exec_environment_for_mount_and_umount.patch
@@ -0,0 +1,63 @@
+From cfe13b7a217075ae741c018da50cd600e5330de2 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@suse.cz>
+Date: Fri, 22 May 2015 10:58:43 +0200
+Subject: [PATCH] libfuse: fix exec environment for mount and umount
+
+Found by Tavis Ormandy (CVE-2015-3202).
+
+Upstream-Status: Submitted
+Signed-off-by: Tudor Florea <tudor.florea@enea.com>
+
+---
+--- a/lib/mount_util.c
++++ b/lib/mount_util.c
+@@ -95,10 +95,12 @@ static int add_mount(const char *prognam
+ 		goto out_restore;
+ 	}
+ 	if (res == 0) {
++		char *env = NULL;
++
+ 		sigprocmask(SIG_SETMASK, &oldmask, NULL);
+ 		setuid(geteuid());
+-		execl("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
+-		      "-f", "-t", type, "-o", opts, fsname, mnt, NULL);
++		execle("/bin/mount", "/bin/mount", "--no-canonicalize", "-i",
++		       "-f", "-t", type, "-o", opts, fsname, mnt, NULL, &env);
+ 		fprintf(stderr, "%s: failed to execute /bin/mount: %s\n",
+ 			progname, strerror(errno));
+ 		exit(1);
+@@ -146,10 +148,17 @@ static int exec_umount(const char *progn
+ 		goto out_restore;
+ 	}
+ 	if (res == 0) {
++		char *env = NULL;
++
+ 		sigprocmask(SIG_SETMASK, &oldmask, NULL);
+ 		setuid(geteuid());
+-		execl("/bin/umount", "/bin/umount", "-i", rel_mnt,
+-		      lazy ? "-l" : NULL, NULL);
++		if (lazy) {
++			execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
++			       "-l", NULL, &env);
++		} else {
++			execle("/bin/umount", "/bin/umount", "-i", rel_mnt,
++			       NULL, &env);
++		}
+ 		fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
+ 			progname, strerror(errno));
+ 		exit(1);
+@@ -205,10 +214,12 @@ static int remove_mount(const char *prog
+ 		goto out_restore;
+ 	}
+ 	if (res == 0) {
++		char *env = NULL;
++
+ 		sigprocmask(SIG_SETMASK, &oldmask, NULL);
+ 		setuid(geteuid());
+-		execl("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
+-		      "--fake", mnt, NULL);
++		execle("/bin/umount", "/bin/umount", "--no-canonicalize", "-i",
++		       "--fake", mnt, NULL, &env);
+ 		fprintf(stderr, "%s: failed to execute /bin/umount: %s\n",
+ 			progname, strerror(errno));
+ 		exit(1);
diff --git a/meta-filesystems/recipes-support/fuse/fuse_2.9.3.bb b/meta-filesystems/recipes-support/fuse/fuse_2.9.3.bb
index 60fea87..2e2f7a1 100644
--- a/meta-filesystems/recipes-support/fuse/fuse_2.9.3.bb
+++ b/meta-filesystems/recipes-support/fuse/fuse_2.9.3.bb
@@ -13,6 +13,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 SRC_URI = "${SOURCEFORGE_MIRROR}/fuse/fuse-${PV}.tar.gz \
            file://gold-unversioned-symbol.patch \
            file://aarch64.patch \
+           file://001-fix_exec_environment_for_mount_and_umount.patch \
 "
 SRC_URI[md5sum] = "33cae22ca50311446400daf8a6255c6a"
 SRC_URI[sha256sum] = "0beb83eaf2c5e50730fc553406ef124d77bc02c64854631bdfc86bfd6437391c"
-- 
1.9.1

[PATCH 4/7] nautilus3: Fix build with B != S

[Armin Kuster]

From: Martin Jansa <Martin.Jansa@gmail.com>

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-gnome/recipes-gnome/nautilus/nautilus3_3.2.1.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-gnome/recipes-gnome/nautilus/nautilus3_3.2.1.bb b/meta-gnome/recipes-gnome/nautilus/nautilus3_3.2.1.bb
index 1acf8d3..c8ebf4f 100644
--- a/meta-gnome/recipes-gnome/nautilus/nautilus3_3.2.1.bb
+++ b/meta-gnome/recipes-gnome/nautilus/nautilus3_3.2.1.bb
@@ -27,7 +27,7 @@ EXTRA_OECONF = " --disable-gtk-doc  --disable-update-mimedb --enable-nst-extensi
 export SYSROOT = "${STAGING_DIR_HOST}"
 
 do_configure() {
-    sed -i -e /docs/d Makefile.am
+    sed -i -e /docs/d ${S}/Makefile.am
     autotools_do_configure
 }
 
-- 
1.9.1

[PATCH 5/7] vlc: fix for libtool error

[Armin Kuster]

From: Tim Orling <ticotimo@gmail.com>

Changes since v1:
  typo caught by Andreas Oberritter

Patch recommended by:
  Rafaël Carré funman@videolan.org

Signed-off-by: Tim Orling <TicoTimo@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-multimedia/recipes-multimedia/vlc/vlc.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-multimedia/recipes-multimedia/vlc/vlc.inc b/meta-multimedia/recipes-multimedia/vlc/vlc.inc
index 0362f39..ecf0d90 100644
--- a/meta-multimedia/recipes-multimedia/vlc/vlc.inc
+++ b/meta-multimedia/recipes-multimedia/vlc/vlc.inc
@@ -61,7 +61,7 @@ do_configure_prepend() {
 
 do_configure_append() {
     sed -i -e s:'$(MOC) $(DEFS) $(CPPFLAGS)':'$(MOC) $(DEFS)'\ -I${B}/include\ -DSYS_LINUX:g ${B}/modules/gui/qt4/Makefile
-    sed -i -e s:'${top_builddir_slash}libtool':${TARGET_SYS}-libtool:g ${B}/doltlibtool
+    sed -i -e s:'${top_builddir_slash}libtool':'${top_builddir_slash}'${TARGET_SYS}-libtool:g ${B}/doltlibtool
 }
 
 # This recipe packages vlc as a library as well, so qt4 dependencies
-- 
1.9.1

[PATCH 6/7] ntp: uprev to 4.2.8p2

[Armin Kuster]

From: Roy Li <rongqing.li@windriver.com>

ntp 4.2.8p2 has more CVE fixes, like CVE-2015-1799, CVE-2015-1798;
and remove ntp-4.2.8-ntp-keygen-no-openssl.patch which 4.2.8p2 has integrated

4.2.8.p1 included CVE-2014-9297, CVE-2014-9298 (ak).

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch  | 168 ---------------------
 .../ntp/{ntp_4.2.8.bb => ntp_4.2.8p2.bb}           |   7 +-
 2 files changed, 3 insertions(+), 172 deletions(-)
 delete mode 100644 meta-networking/recipes-support/ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch
 rename meta-networking/recipes-support/ntp/{ntp_4.2.8.bb => ntp_4.2.8p2.bb} (95%)

diff --git a/meta-networking/recipes-support/ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch b/meta-networking/recipes-support/ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch
deleted file mode 100644
index 9b9af63..0000000
--- a/meta-networking/recipes-support/ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-Fix ntp-keygen build without OpenSSL
-
-Patch borrowed from Gentoo, originally from upstream
-Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
-Upstream-Status: Backport
-
-Upstream commit:
-http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg
-Gentoo bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=533238
-
-Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
-Index: ntp-4.2.8/Makefile.am
-===================================================================
---- ntp-4.2.8.orig/Makefile.am
-+++ ntp-4.2.8/Makefile.am
-@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib
- 
- NULL =
- 
-+# moved sntp first to get libtool and libevent built.
-+
- SUBDIRS =		\
-+	sntp		\
- 	scripts		\
- 	include		\
- 	libntp		\
-@@ -17,7 +20,6 @@ SUBDIRS =		\
- 	clockstuff	\
- 	kernel		\
- 	util		\
--	sntp		\
- 	tests		\
- 	$(NULL)
- 
-@@ -64,7 +66,6 @@ BUILT_SOURCES =				\
- 	.gcc-warning			\
- 	'libtool				\
- 	html/.datecheck			\
--	sntp/built-sources-only		\
- 	$(srcdir)/COPYRIGHT		\
- 	$(srcdir)/.checkChangeLog	\
- 	$(NULL)
-Index: ntp-4.2.8/configure.ac
-===================================================================
---- ntp-4.2.8.orig/configure.ac
-+++ ntp-4.2.8/configure.ac
-@@ -102,7 +102,7 @@ esac
- enable_nls=no
- LIBOPTS_CHECK_NOBUILD([sntp/libopts])
- 
--NTP_ENABLE_LOCAL_LIBEVENT
-+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent])
- 
- NTP_LIBNTP
- 
-@@ -771,6 +771,10 @@ esac
- 
- #### 
- 
-+AC_CHECK_FUNCS([arc4random_buf])
-+
-+#### 
-+
- saved_LIBS="$LIBS"
- LIBS="$LIBS $LDADD_LIBNTP"
- AC_CHECK_FUNCS([daemon])
-Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c
-===================================================================
---- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c
-+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c
-@@ -24,6 +24,21 @@
- int crypto_rand_init = 0;
- #endif
- 
-+#ifndef HAVE_ARC4RANDOM_BUF
-+static void
-+arc4random_buf(void *buf, size_t nbytes);
-+
-+void
-+evutil_secure_rng_get_bytes(void *buf, size_t nbytes);
-+
-+static void
-+arc4random_buf(void *buf, size_t nbytes)
-+{
-+	evutil_secure_rng_get_bytes(buf, nbytes);
-+	return;
-+}
-+#endif
-+
- /*
-  * As of late 2014, here's how we plan to provide cryptographic-quality
-  * random numbers:
-Index: ntp-4.2.8/sntp/configure.ac
-===================================================================
---- ntp-4.2.8.orig/sntp/configure.ac
-+++ ntp-4.2.8/sntp/configure.ac
-@@ -97,11 +97,14 @@ esac
- enable_nls=no
- LIBOPTS_CHECK
- 
--AM_COND_IF(
--    [BUILD_SNTP],
--    [NTP_LIBEVENT_CHECK],
--    [NTP_LIBEVENT_CHECK_NOBUILD]
--)
-+# From when we only used libevent for sntp:
-+#AM_COND_IF(
-+#    [BUILD_SNTP],
-+#    [NTP_LIBEVENT_CHECK],
-+#    [NTP_LIBEVENT_CHECK_NOBUILD]
-+#)
-+
-+NTP_LIBEVENT_CHECK([2])
- 
- # Checks for libraries.
- 
-Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4
-===================================================================
---- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4
-+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4
-@@ -1,4 +1,25 @@
--dnl NTP_ENABLE_LOCAL_LIBEVENT				     -*- Autoconf -*-
-+# SYNOPSIS						-*- Autoconf -*-
-+#
-+#  NTP_ENABLE_LOCAL_LIBEVENT
-+#  NTP_LIBEVENT_CHECK([MINVERSION [, DIR]])
-+#  NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]])
-+#
-+# DESCRIPTION
-+#
-+# AUTHOR
-+#
-+#  Harlan Stenn
-+#
-+# LICENSE
-+#
-+#  This file is Copyright (c) 2014 Network Time Foundation
-+# 
-+#  Copying and distribution of this file, with or without modification, are
-+#  permitted in any medium without royalty provided the copyright notice,
-+#  author attribution and this notice are preserved.  This file is offered
-+#  as-is, without any warranty.
-+
-+dnl NTP_ENABLE_LOCAL_LIBEVENT
- dnl
- dnl Provide only the --enable-local-libevent command-line option.
- dnl
-@@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar
- dnl but DO NOT invoke DIR/configure if we are going to use our bundled
- dnl version.  This may be the case for nested packages.
- dnl
--dnl provide --enable-local-libevent .
-+dnl provides --enable-local-libevent .
- dnl
- dnl Examples:
- dnl
-Index: ntp-4.2.8/util/Makefile.am
-===================================================================
---- ntp-4.2.8.orig/util/Makefile.am
-+++ ntp-4.2.8/util/Makefile.am
-@@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP)
- LDADD=		../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS)
- tg2_LDADD=	../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM)
- ntp_keygen_LDADD  = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a
-+ntp_keygen_LDADD += $(LDADD_LIBEVENT)
- ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM)
- ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h
- 
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p2.bb
similarity index 95%
rename from meta-networking/recipes-support/ntp/ntp_4.2.8.bb
rename to meta-networking/recipes-support/ntp/ntp_4.2.8p2.bb
index e802ee7..693bdbb 100644
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p2.bb
@@ -6,7 +6,7 @@ or satellite receiver or modem."
 HOMEPAGE = "http://support.ntp.org"
 SECTION = "console/network"
 LICENSE = "NTP"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ebe123f74017224947c78d472407c10f"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=f41fedb22dffefcbfafecc85b0f79cfa"
 
 DEPENDS = "pps-tools libevent"
 
@@ -21,11 +21,10 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
            file://sntp.service \
            file://sntp \
            file://ntpd.list \
-           file://ntp-4.2.8-ntp-keygen-no-openssl.patch \
 "
 
-SRC_URI[md5sum] = "6972a626be6150db8cfbd0b63d8719e7"
-SRC_URI[sha256sum] = "2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee"
+SRC_URI[md5sum] = "fa37049383316322d060ec9061ac23a9"
+SRC_URI[sha256sum] = "0d69bc0e95caad43ea04fdad410e756bae1a71e67b1c2bd799b76b55e04c9b31"
 
 inherit autotools update-rc.d useradd systemd pkgconfig
 
-- 
1.9.1

[PATCH 7/7] ntp: upgrade 4.2.8p2 -> 4.2.8p3

[Armin Kuster]

From: Li xin <lixin.fnst@cn.fujitsu.com>

4.2.8p3 fixed CVE-2015-5146 and Bugs.

Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../recipes-support/ntp/{ntp_4.2.8p2.bb => ntp_4.2.8p3.bb}            | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta-networking/recipes-support/ntp/{ntp_4.2.8p2.bb => ntp_4.2.8p3.bb} (97%)

diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8p2.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8p3.bb
similarity index 97%
rename from meta-networking/recipes-support/ntp/ntp_4.2.8p2.bb
rename to meta-networking/recipes-support/ntp/ntp_4.2.8p3.bb
index 693bdbb..2c1345a 100644
--- a/meta-networking/recipes-support/ntp/ntp_4.2.8p2.bb
+++ b/meta-networking/recipes-support/ntp/ntp_4.2.8p3.bb
@@ -23,8 +23,8 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
            file://ntpd.list \
 "
 
-SRC_URI[md5sum] = "fa37049383316322d060ec9061ac23a9"
-SRC_URI[sha256sum] = "0d69bc0e95caad43ea04fdad410e756bae1a71e67b1c2bd799b76b55e04c9b31"
+SRC_URI[md5sum] = "b98b0cbb72f6df04608e1dd5f313808b"
+SRC_URI[sha256sum] = "818ca4f2ed6ca845b1c5ec43f5e6ad905eaa0fc0aab2d509ed6b962a37fbf38f"
 
 inherit autotools update-rc.d useradd systemd pkgconfig
 
-- 
1.9.1