ntp: Update to version 4.2.8p17

Message ID 20230628175952.3268723-1-adolf.belka@ipfire.org
State Staged
Commit 89d5a7b29fa1fca76bf84cb8e1b27960d9d18f75
Headers
Series ntp: Update to version 4.2.8p17 |

Commit Message

Adolf Belka June 28, 2023, 5:59 p.m. UTC
  - Update from version 4.2.8p15 to 4.2.8p17
- Update of rootfile not required
- Tested out on vm testbed. Time correctly updated every hour and pakfire was able to
   download and install various addons without any problems indicating that the time
   is working correctly.
- patch to enable build with glibc-2.34 no longer needed. ntp updated to work correctly
   with glibc-2.34 but IPFire running with version 2.37. Version 2.4.8p17 built without
   any problems without the patch.
- Changelog
    4.2.8p17 2023/06/06 Released by Harlan Stenn <stenn@ntp.org>
	* [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at
	             event_sync.  Reported by Edward McGuire.  <hart@ntp.org>
	* [Bug 3822] ntpd significantly delays first poll of servers specified by name.
	             <hart@ntp.org>  Miroslav Lichvar identified regression in 4.2.8p16.
	* [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with
	             4.2.8p15 or earlier.  Reported by Matt Nordhoff, thanks to
		     Miroslav Lichvar and Matt for rapid testing and identifying the
		     problem. <hart@ntp.org>
	* Add tests/libntp/digests.c to catch regressions reading keys file or with
	  symmetric authentication digest output.
    4.2.8p16 2023/05/31 Released by Harlan Stenn <stenn@ntp.org>
	* [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
	* [Sec 3807] praecis_parse() in the Palisade refclock driver has a
	             hypothetical input buffer overflow. Reported by ... stenn@
	* [Sec 3806] libntp/mstolfp.c needs bounds checking <perlinger@ntp.org>
	  - solved numerically instead of using string manipulation
	* [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled.
	             <stenn@ntp.org>
	* [Bug 3819] Updated libopts/Makefile.am was missing NTP_HARD_* values. <stenn@>
	* [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
	* [Bug 3814] First poll delay of new or cleared associations miscalculated.
	             <hart@ntp.org>
	* [Bug 3802] ntp-keygen -I default identity modulus bits too small for
	             OpenSSL 3.  Reported by rmsh1216@163.com <hart@ntp.org>
	* [Bug 3801] gpsdjson refclock gps_open() device name mishandled. <hart@ntp.org>
	* [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
	* [Bug 3799] Enable libopts noreturn compiler advice for MSC. <hart@ntp.org>
	* [Bug 3797] Windows getaddrinfo w/AI_ADDRCONFIG fails for localhost when
	             disconnected, breaking ntpq and ntpdc. <hart@ntp.org>
	* [Bug 3795] pollskewlist documentation uses | when it shouldn't.
	  - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
	* [Bug 3793] Wrong variable type passed to record_raw_stats(). <hart@ntp.org>
	  - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
	* [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
	* [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
	             <hart@ntp.org>
	* [Bug 3781] log "Unable to listen for broadcasts" for IPv4 <hart@ntp.org>
	* [Bug 3774] mode 6 packets corrupted in rawstats file <hart@ntp.org>
	  - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
	* [Bug 3758] Provide a 'device' config statement for refclocks <perlinger@ntp.org>
	* [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
	* [Bug 3741] 4.2.8p15 can't build with glibc 2.34 <perlinger@ntp.org>
	* [Bug 3725] Make copyright of clk_wharton.c compatible with Debian.
	             Philippe De Muyter <phdm@macqel.be>
	* [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
	  - openssl applink needed again for openSSL-1.1.1
	* [Bug 3719] configure.ac checks for closefrom() and getdtablesize() missing.
	             Reported by Brian Utterback, broken in 2010 by <hart@ntp.org>
	* [Bug 3699] Problems handling drift file and restoring previous drifts <perlinger@ntp.org>
	  - command line options override config statements where applicable
	  - make initial frequency settings idempotent and reversible
	  - make sure kernel PLL gets a recovered drift componsation
	* [Bug 3695] Fix memory leak with ntpq on Windows Server 2019 <perlinger@ntp.org>
	* [Bug 3694] NMEA refclock seems to unnecessarily require location in messages
	  - misleading title; essentially a request to ignore the receiver status.
	    Added a mode bit for this. <perlinger@ntp.org>
	* [Bug 3693] Improvement of error handling key lengths <perlinger@ntp.org>
	  - original patch by Richard Schmidt, with mods & unit test fixes
	* [Bug 3692] /dev/gpsN requirement prevents KPPS <perlinger@ntp.org>
	  - implement/wrap 'realpath()' to resolve symlinks in device names
	* [Bug 3691] Buffer Overflow reading GPSD output
	  - original patch by matt<ntpbr@mattcorallo.com>
	  - increased max PDU size to 4k to avoid truncation
	* [Bug 3690] newline in ntp clock variable (parse) <perlinger@ntp.org>
	  - patch by Frank Kardel
	* [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
	  - ntp{q,dc} now use the same password processing as ntpd does in the key
	    file, so having a binary secret >= 11 bytes is possible for all keys.
	    (This is a different approach to the problem than suggested)
	* [Bug 3688] GCC 10 build errors in testsuite <perlinger@ntp.org>
	* [Bug 3687] ntp_crypto_rand RNG status not known <perlinger@ntp.org>
	  - patch by Gerry Garvey
	* [Bug 3682] Fixes for warnings when compiled without OpenSSL <perlinger@ntp.org>
	  - original patch by Gerry Garvey
	* [Bug 3677] additional peer events not decoded in associations listing <perlinger@ntp.org>
	  - original patch by Gerry Garvey
	* [Bug 3676] compiler warnings (CMAC, interrupt_buf, typo, fallthrough)
	  - applied patches by Gerry Garvey
	* [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage
	* [Bug 3674] ntpq command 'execute only' using '~' prefix <perlinger@ntp.org>
	  - idea+patch by Gerry Garvey
	* [Bug 3672] fix biased selection in median cut <perlinger@ntp.org>
	* [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
	  - follow-up: fix inverted sense in check, reset shortfall counter
	* [Bug 3660] Revert 4.2.8p15 change to manycast. <hart@ntp.org>
	* [Bug 3640] document "discard monitor" and fix the code. <hart@ntp.org>
	  - fixed bug identified by Edward McGuire <perlinger@ntp.org>
	* [Bug 3626] (SNTP) UTC offset calculation needs dst flag <perlinger@ntp.org>
	  - applied patch by Gerry Garvey
	* [Bug 3428] ntpd spinning consuming CPU on Linux router with full table.
	             Reported by Israel G. Lugo. <hart@ntp.org>
	* [Bug 3103] libopts zsave_warn format string too few arguments <bkorb@gnu.org>
	* [Bug 2990] multicastclient incorrectly causes bind to broadcast address.
	             Integrated patch from Brian Utterback. <hart@ntp.org>
	* [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
	* [Bug 2410] syslog an error message on panic exceeded. <brian.utterback@oracle.com>
	* Use correct rounding in mstolfp(). perlinger/hart
	* M_ADDF should use u_int32.  <hart@ntp.org>
	* Only define tv_fmt_libbuf() if we will use it. <stenn@ntp.org>
	* Use recv_buffer instead of the longer recv_space.X_recv_buffer. hart/stenn
	* Make sure the value returned by refid_str() prints cleanly. <stenn@ntp.org>
	* If DEBUG is enabled, the startup banner now says that debug assertions
	  are in force and that ntpd will abort if any are violated. <stenn@ntp.org>
	* syslog valid incoming KoDs.  <stenn@ntp.org>
	* Rename a poorly-named variable.  <stenn@ntp.org>
	* Disable "embedded NUL in string" messages in libopts, when we can. <stenn@>
	* Use https in the AC_INIT URLs in configure.ac.  <stenn@ntp.org>
	* Implement NTP_FUNC_REALPATH.  <stenn@ntp.org>
	* Lose a gmake construct in ntpd/Makefile.am.  <stenn@ntp.org>
	* upgrade to: autogen-5.18.16
	* upgrade to: libopts-42.1.17
	* upgrade to: autoconf-2.71
	* upgrade to: automake-1.16.15
	* Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
	* Support OpenSSL-3.0

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/ntp                                       |  7 ++---
 ...tp-4.2.8p15-build-fix-for-glibc-2.34.patch | 29 -------------------
 2 files changed, 3 insertions(+), 33 deletions(-)
 delete mode 100644 src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch
  

Comments

Peter Müller July 1, 2023, 6:59 p.m. UTC | #1
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>

> - Update from version 4.2.8p15 to 4.2.8p17
> - Update of rootfile not required
> - Tested out on vm testbed. Time correctly updated every hour and pakfire was able to
>    download and install various addons without any problems indicating that the time
>    is working correctly.
> - patch to enable build with glibc-2.34 no longer needed. ntp updated to work correctly
>    with glibc-2.34 but IPFire running with version 2.37. Version 2.4.8p17 built without
>    any problems without the patch.
> - Changelog
>     4.2.8p17 2023/06/06 Released by Harlan Stenn <stenn@ntp.org>
> 	* [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at
> 	             event_sync.  Reported by Edward McGuire.  <hart@ntp.org>
> 	* [Bug 3822] ntpd significantly delays first poll of servers specified by name.
> 	             <hart@ntp.org>  Miroslav Lichvar identified regression in 4.2.8p16.
> 	* [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with
> 	             4.2.8p15 or earlier.  Reported by Matt Nordhoff, thanks to
> 		     Miroslav Lichvar and Matt for rapid testing and identifying the
> 		     problem. <hart@ntp.org>
> 	* Add tests/libntp/digests.c to catch regressions reading keys file or with
> 	  symmetric authentication digest output.
>     4.2.8p16 2023/05/31 Released by Harlan Stenn <stenn@ntp.org>
> 	* [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
> 	* [Sec 3807] praecis_parse() in the Palisade refclock driver has a
> 	             hypothetical input buffer overflow. Reported by ... stenn@
> 	* [Sec 3806] libntp/mstolfp.c needs bounds checking <perlinger@ntp.org>
> 	  - solved numerically instead of using string manipulation
> 	* [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled.
> 	             <stenn@ntp.org>
> 	* [Bug 3819] Updated libopts/Makefile.am was missing NTP_HARD_* values. <stenn@>
> 	* [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
> 	* [Bug 3814] First poll delay of new or cleared associations miscalculated.
> 	             <hart@ntp.org>
> 	* [Bug 3802] ntp-keygen -I default identity modulus bits too small for
> 	             OpenSSL 3.  Reported by rmsh1216@163.com <hart@ntp.org>
> 	* [Bug 3801] gpsdjson refclock gps_open() device name mishandled. <hart@ntp.org>
> 	* [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
> 	* [Bug 3799] Enable libopts noreturn compiler advice for MSC. <hart@ntp.org>
> 	* [Bug 3797] Windows getaddrinfo w/AI_ADDRCONFIG fails for localhost when
> 	             disconnected, breaking ntpq and ntpdc. <hart@ntp.org>
> 	* [Bug 3795] pollskewlist documentation uses | when it shouldn't.
> 	  - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
> 	* [Bug 3793] Wrong variable type passed to record_raw_stats(). <hart@ntp.org>
> 	  - Report and patch by Yuezhen LUAN <wei6410@sina.com>.
> 	* [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
> 	* [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
> 	             <hart@ntp.org>
> 	* [Bug 3781] log "Unable to listen for broadcasts" for IPv4 <hart@ntp.org>
> 	* [Bug 3774] mode 6 packets corrupted in rawstats file <hart@ntp.org>
> 	  - Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
> 	* [Bug 3758] Provide a 'device' config statement for refclocks <perlinger@ntp.org>
> 	* [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
> 	* [Bug 3741] 4.2.8p15 can't build with glibc 2.34 <perlinger@ntp.org>
> 	* [Bug 3725] Make copyright of clk_wharton.c compatible with Debian.
> 	             Philippe De Muyter <phdm@macqel.be>
> 	* [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
> 	  - openssl applink needed again for openSSL-1.1.1
> 	* [Bug 3719] configure.ac checks for closefrom() and getdtablesize() missing.
> 	             Reported by Brian Utterback, broken in 2010 by <hart@ntp.org>
> 	* [Bug 3699] Problems handling drift file and restoring previous drifts <perlinger@ntp.org>
> 	  - command line options override config statements where applicable
> 	  - make initial frequency settings idempotent and reversible
> 	  - make sure kernel PLL gets a recovered drift componsation
> 	* [Bug 3695] Fix memory leak with ntpq on Windows Server 2019 <perlinger@ntp.org>
> 	* [Bug 3694] NMEA refclock seems to unnecessarily require location in messages
> 	  - misleading title; essentially a request to ignore the receiver status.
> 	    Added a mode bit for this. <perlinger@ntp.org>
> 	* [Bug 3693] Improvement of error handling key lengths <perlinger@ntp.org>
> 	  - original patch by Richard Schmidt, with mods & unit test fixes
> 	* [Bug 3692] /dev/gpsN requirement prevents KPPS <perlinger@ntp.org>
> 	  - implement/wrap 'realpath()' to resolve symlinks in device names
> 	* [Bug 3691] Buffer Overflow reading GPSD output
> 	  - original patch by matt<ntpbr@mattcorallo.com>
> 	  - increased max PDU size to 4k to avoid truncation
> 	* [Bug 3690] newline in ntp clock variable (parse) <perlinger@ntp.org>
> 	  - patch by Frank Kardel
> 	* [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
> 	  - ntp{q,dc} now use the same password processing as ntpd does in the key
> 	    file, so having a binary secret >= 11 bytes is possible for all keys.
> 	    (This is a different approach to the problem than suggested)
> 	* [Bug 3688] GCC 10 build errors in testsuite <perlinger@ntp.org>
> 	* [Bug 3687] ntp_crypto_rand RNG status not known <perlinger@ntp.org>
> 	  - patch by Gerry Garvey
> 	* [Bug 3682] Fixes for warnings when compiled without OpenSSL <perlinger@ntp.org>
> 	  - original patch by Gerry Garvey
> 	* [Bug 3677] additional peer events not decoded in associations listing <perlinger@ntp.org>
> 	  - original patch by Gerry Garvey
> 	* [Bug 3676] compiler warnings (CMAC, interrupt_buf, typo, fallthrough)
> 	  - applied patches by Gerry Garvey
> 	* [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage
> 	* [Bug 3674] ntpq command 'execute only' using '~' prefix <perlinger@ntp.org>
> 	  - idea+patch by Gerry Garvey
> 	* [Bug 3672] fix biased selection in median cut <perlinger@ntp.org>
> 	* [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
> 	  - follow-up: fix inverted sense in check, reset shortfall counter
> 	* [Bug 3660] Revert 4.2.8p15 change to manycast. <hart@ntp.org>
> 	* [Bug 3640] document "discard monitor" and fix the code. <hart@ntp.org>
> 	  - fixed bug identified by Edward McGuire <perlinger@ntp.org>
> 	* [Bug 3626] (SNTP) UTC offset calculation needs dst flag <perlinger@ntp.org>
> 	  - applied patch by Gerry Garvey
> 	* [Bug 3428] ntpd spinning consuming CPU on Linux router with full table.
> 	             Reported by Israel G. Lugo. <hart@ntp.org>
> 	* [Bug 3103] libopts zsave_warn format string too few arguments <bkorb@gnu.org>
> 	* [Bug 2990] multicastclient incorrectly causes bind to broadcast address.
> 	             Integrated patch from Brian Utterback. <hart@ntp.org>
> 	* [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
> 	* [Bug 2410] syslog an error message on panic exceeded. <brian.utterback@oracle.com>
> 	* Use correct rounding in mstolfp(). perlinger/hart
> 	* M_ADDF should use u_int32.  <hart@ntp.org>
> 	* Only define tv_fmt_libbuf() if we will use it. <stenn@ntp.org>
> 	* Use recv_buffer instead of the longer recv_space.X_recv_buffer. hart/stenn
> 	* Make sure the value returned by refid_str() prints cleanly. <stenn@ntp.org>
> 	* If DEBUG is enabled, the startup banner now says that debug assertions
> 	  are in force and that ntpd will abort if any are violated. <stenn@ntp.org>
> 	* syslog valid incoming KoDs.  <stenn@ntp.org>
> 	* Rename a poorly-named variable.  <stenn@ntp.org>
> 	* Disable "embedded NUL in string" messages in libopts, when we can. <stenn@>
> 	* Use https in the AC_INIT URLs in configure.ac.  <stenn@ntp.org>
> 	* Implement NTP_FUNC_REALPATH.  <stenn@ntp.org>
> 	* Lose a gmake construct in ntpd/Makefile.am.  <stenn@ntp.org>
> 	* upgrade to: autogen-5.18.16
> 	* upgrade to: libopts-42.1.17
> 	* upgrade to: autoconf-2.71
> 	* upgrade to: automake-1.16.15
> 	* Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
> 	* Support OpenSSL-3.0
> 
> Tested-by: Adolf Belka <adolf.belka@ipfire.org>
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
>  lfs/ntp                                       |  7 ++---
>  ...tp-4.2.8p15-build-fix-for-glibc-2.34.patch | 29 -------------------
>  2 files changed, 3 insertions(+), 33 deletions(-)
>  delete mode 100644 src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch
> 
> diff --git a/lfs/ntp b/lfs/ntp
> index 241a21e1c..aadfbd0c1 100644
> --- a/lfs/ntp
> +++ b/lfs/ntp
> @@ -1,7 +1,7 @@
>  ###############################################################################
>  #                                                                             #
>  # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
> +# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
>  #                                                                             #
>  # This program is free software: you can redistribute it and/or modify        #
>  # it under the terms of the GNU General Public License as published by        #
> @@ -24,7 +24,7 @@
>  
>  include Config
>  
> -VER        = 4.2.8p15
> +VER        = 4.2.8p17
>  
>  THISAPP    = ntp-$(VER)
>  DL_FILE    = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
>  
>  $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>  
> -$(DL_FILE)_BLAKE2 = 5697d6623d79686f9ca9ad907172bf942383067d1e9817117d20db042e9f7410644f236f1a0d77ab6bf6ec468476e12ea65b494a28f0dd8674bf08fc8875cfef
> +$(DL_FILE)_BLAKE2 = 5c0e90a234cdeab76e7443b42dfd5a0c3c78693a11bdb0fa21c8def91adbdf9b9871498df9d211509632812a9107501da3470104122e9621577541ffd6cd1ab6
>  
>  install : $(TARGET)
>  
> @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) :
>  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
>  	@$(PREBUILD)
>  	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
> -	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch
>  	$(UPDATE_AUTOMAKE)
>  	cd $(DIR_APP) && \
>  		./configure \
> diff --git a/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch b/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch
> deleted file mode 100644
> index 442fe7828..000000000
> --- a/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch
> +++ /dev/null
> @@ -1,29 +0,0 @@
> -From 082a504cfcc046c3d8adaae1164268bc94e5108a Mon Sep 17 00:00:00 2001
> -From: Khem Raj <raj.khem@gmail.com>
> -Date: Sat, 31 Jul 2021 10:51:41 -0700
> -Subject: [PATCH] libntp: Do not use PTHREAD_STACK_MIN on glibc
> -In glibc 2.34+ PTHREAD_STACK_MIN is not a compile-time constant which
> -could mean different stack sizes at runtime on different architectures
> -and it also causes compile failure. Default glibc thread stack size
> -or 64Kb set by ntp should be good in glibc these days.
> -Upstream-Status: Pending
> -Signed-off-by: Khem Raj <raj.khem@gmail.com>
> ----
> - libntp/work_thread.c | 2 +-
> - 1 file changed, 1 insertion(+), 1 deletion(-)
> -diff --git a/libntp/work_thread.c b/libntp/work_thread.c
> -index 03a5647..3ddd751 100644
> ---- a/libntp/work_thread.c
> -+++ b/libntp/work_thread.c
> -@@ -41,7 +41,7 @@
> - #ifndef THREAD_MINSTACKSIZE
> - # define THREAD_MINSTACKSIZE	(64U * 1024)
> - #endif
> --#ifndef __sun
> -+#if !defined(__sun) && !defined(__GLIBC__)
> - #if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN
> - # undef THREAD_MINSTACKSIZE
> - # define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN
> --- 
> -2.32.0
> -
  

Patch

diff --git a/lfs/ntp b/lfs/ntp
index 241a21e1c..aadfbd0c1 100644
--- a/lfs/ntp
+++ b/lfs/ntp
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2020  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 4.2.8p15
+VER        = 4.2.8p17
 
 THISAPP    = ntp-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 5697d6623d79686f9ca9ad907172bf942383067d1e9817117d20db042e9f7410644f236f1a0d77ab6bf6ec468476e12ea65b494a28f0dd8674bf08fc8875cfef
+$(DL_FILE)_BLAKE2 = 5c0e90a234cdeab76e7443b42dfd5a0c3c78693a11bdb0fa21c8def91adbdf9b9871498df9d211509632812a9107501da3470104122e9621577541ffd6cd1ab6
 
 install : $(TARGET)
 
@@ -70,7 +70,6 @@  $(subst %,%_BLAKE2,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch
 	$(UPDATE_AUTOMAKE)
 	cd $(DIR_APP) && \
 		./configure \
diff --git a/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch b/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch
deleted file mode 100644
index 442fe7828..000000000
--- a/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch
+++ /dev/null
@@ -1,29 +0,0 @@ 
-From 082a504cfcc046c3d8adaae1164268bc94e5108a Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 31 Jul 2021 10:51:41 -0700
-Subject: [PATCH] libntp: Do not use PTHREAD_STACK_MIN on glibc
-In glibc 2.34+ PTHREAD_STACK_MIN is not a compile-time constant which
-could mean different stack sizes at runtime on different architectures
-and it also causes compile failure. Default glibc thread stack size
-or 64Kb set by ntp should be good in glibc these days.
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libntp/work_thread.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/libntp/work_thread.c b/libntp/work_thread.c
-index 03a5647..3ddd751 100644
---- a/libntp/work_thread.c
-+++ b/libntp/work_thread.c
-@@ -41,7 +41,7 @@
- #ifndef THREAD_MINSTACKSIZE
- # define THREAD_MINSTACKSIZE	(64U * 1024)
- #endif
--#ifndef __sun
-+#if !defined(__sun) && !defined(__GLIBC__)
- #if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN
- # undef THREAD_MINSTACKSIZE
- # define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN
--- 
-2.32.0
-