[Buildroot] [V2 1/1] ntp: security bump to verserion 4.2.8p9

Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Adam Duskett <aduskett@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [V2 1/1] ntp: security bump to verserion 4.2.8p9
Date: Mon,  6 Feb 2017 09:12:25 -0500	[thread overview]
Message-ID: <20170206141225.2311-1-aduskett@codeblue.com> (raw)

This version of ntp fixes several vulnerabilities.

CVE-2016-9311
CVE-2016-9310
CVE-2016-7427
CVE-2016-7428
CVE-2016-9312
CVE-2016-7431
CVE-2016-7434
CVE-2016-7429
CVE-2016-7426
CVE-2016-7433

http://www.kb.cert.org/vuls/id/633847

In addition, libssl_compat.h is now included in many files, which
references openssl/evp.h, openssl/dsa.h, and openssl/rsa.h.
Even if a you pass --disable-ssl as a configuration option, these
files are now required.

As such, I have also added openssl as a dependency, and it is now
automatically selected when you select ntp.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
---
v1 -> v2:
  - Changed subject to indicate a security bump. (suggested by Baruch)
  - Removed check to see if openssl is enabled (suggested by Baruch)
  - Added the option --with-crypto to the configuration options by default. 

 package/ntp/Config.in |  1 +
 package/ntp/ntp.hash  |  6 +++---
 package/ntp/ntp.mk    | 15 +++++----------
 3 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/package/ntp/Config.in b/package/ntp/Config.in
index 8ce9a5b..1af02db 100644
--- a/package/ntp/Config.in
+++ b/package/ntp/Config.in
@@ -1,6 +1,7 @@
 config BR2_PACKAGE_NTP
 	bool "ntp"
 	select BR2_PACKAGE_LIBEVENT
+	select BR2_PACKAGE_OPENSSL
 	help
 	  Network Time Protocol suite/programs.
 	  Provides things like ntpd, ntpdate, ntpq, etc...
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index 2a1155b..c6838d8 100644
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,4 +1,4 @@
-# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p8.tar.gz.md5
-md5	4a8636260435b230636f053ffd070e34	ntp-4.2.8p8.tar.gz
+# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p9.tar.gz.md5
+md5	857452b05f5f2e033786f77ade1974ed	ntp-4.2.8p9.tar.gz
 # Calculated based on the hash above
-sha256	2ab3d0b5f0456e6311dda1cc27ab75da108762773a19e46abd938bd9407b97ee	ntp-4.2.8p8.tar.gz
+sha256	b724287778e1bac625b447327c9851eedef020517a3545625e9f652a90f30b72	ntp-4.2.8p9.tar.gz
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index 7f9e0d6..45e2a64 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,9 +5,9 @@
 ################################################################################
 
 NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p8
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p9
 NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
-NTP_DEPENDENCIES = host-pkgconf libevent $(if $(BR2_PACKAGE_BUSYBOX),busybox)
+NTP_DEPENDENCIES = host-pkgconf libevent openssl $(if $(BR2_PACKAGE_BUSYBOX),busybox)
 NTP_LICENSE = ntp license
 NTP_LICENSE_FILES = COPYRIGHT
 NTP_CONF_ENV = ac_cv_lib_md5_MD5Init=no
@@ -17,17 +17,12 @@ NTP_CONF_OPTS = \
 	--disable-tickadj \
 	--disable-debugging \
 	--with-yielding-select=yes \
-	--disable-local-libevent
+	--disable-local-libevent \
+	--with-crypto
+
 # 0002-ntp-syscalls-fallback.patch
 NTP_AUTORECONF = YES
 
-ifeq ($(BR2_PACKAGE_OPENSSL),y)
-NTP_CONF_OPTS += --with-crypto
-NTP_DEPENDENCIES += openssl
-else
-NTP_CONF_OPTS += --without-crypto --disable-openssl-random
-endif
-
 ifeq ($(BR2_PACKAGE_LIBCAP),y)
 NTP_CONF_OPTS += --enable-linuxcaps
 NTP_DEPENDENCIES += libcap
-- 
2.9.3

next             reply	other threads:[~2017-02-06 14:12 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-06 14:12 Adam Duskett [this message]
2017-02-06 14:58 ` [Buildroot] [V2 1/1] ntp: security bump to verserion 4.2.8p9 Thomas Petazzoni
     [not found]   ` <1486393216.2005.19.camel@codeblue.com>
2017-02-06 15:02     ` Thomas Petazzoni
2017-02-06 15:23       ` Arnout Vandecappelle
2017-02-06 21:18         ` Adam Duskett
2017-02-07 14:28           ` Peter Korsgaard
2017-02-07 14:29 ` Peter Korsgaard
2017-11-07 17:26 ` Thomas Petazzoni
2017-11-07 21:15   ` Adam Duskett

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8ce9a5b dfblob:1af02db dfblob:2a1155b dfblob:c6838d8
dfblob:7f9e0d6 dfblob:45e2a64 )
 OR (
bs:"[Buildroot] [V2 1/1] ntp: security bump to verserion 4.2.8p9" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170206141225.2311-1-aduskett@codeblue.com \
    --to=aduskett@gmail.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox