From patchwork Wed Jun 28 17:59:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6961 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Qrq9Z2nWTz3wmQ for ; Wed, 28 Jun 2023 18:00:02 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4Qrq9W4HTVz1db; Wed, 28 Jun 2023 17:59:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Qrq9W0s34z2xR4; Wed, 28 Jun 2023 17:59:59 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Qrq9S6gX7z2xR4 for ; Wed, 28 Jun 2023 17:59:56 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4Qrq9R2yvYzmc; Wed, 28 Jun 2023 17:59:55 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1687975195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oL+4+ac1h+S/ZBRfEoI1ojDGaVambUf71tr4VSUWKBM=; b=IXHn+p+DPUg0/lFh1arbqoFg/UD/xdxcuyJCe0fDS/kY3/9dtkBfkzs5EUFm7yZz3/RH+1 C9pZa2P/Qp2SSeDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1687975195; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oL+4+ac1h+S/ZBRfEoI1ojDGaVambUf71tr4VSUWKBM=; b=dL9OYlR9WF7QreQHWQqn4C5y57GY0Z6THJxxdctX+YP2Ppbw7bavuaeuRLlRp/Y+Q58eRt dZPvQrzwn4pzWPGtPubYIuQY/IC4uiO4P6/J70ro0aV6TiBhQjNoDBMJYf9ttBbDdF0M9s 7X0gVOwuwOQcm9dF3xQVaUJYQts7BeIIRuG5dZKVK62MYT5DtazisO1w3w8B0NUvIFKwEK ZzPS40Gmev3J+O3C/ghH8ic0b2MpSYSHfZzICdFeDJ407Y5E22YTLFfXcxLwfPPpUlNgbH swl2nTU5UIE6NXKKKLZW80VV0yISz7I0pQRl9uH+dpeo2m2Jw8n3YWNOfq723A== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] ntp: Update to version 4.2.8p17 Date: Wed, 28 Jun 2023 19:59:52 +0200 Message-ID: <20230628175952.3268723-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 4.2.8p15 to 4.2.8p17 - Update of rootfile not required - Tested out on vm testbed. Time correctly updated every hour and pakfire was able to download and install various addons without any problems indicating that the time is working correctly. - patch to enable build with glibc-2.34 no longer needed. ntp updated to work correctly with glibc-2.34 but IPFire running with version 2.37. Version 2.4.8p17 built without any problems without the patch. - Changelog 4.2.8p17 2023/06/06 Released by Harlan Stenn * [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at event_sync. Reported by Edward McGuire. * [Bug 3822] ntpd significantly delays first poll of servers specified by name. Miroslav Lichvar identified regression in 4.2.8p16. * [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with 4.2.8p15 or earlier. Reported by Matt Nordhoff, thanks to Miroslav Lichvar and Matt for rapid testing and identifying the problem. * Add tests/libntp/digests.c to catch regressions reading keys file or with symmetric authentication digest output. 4.2.8p16 2023/05/31 Released by Harlan Stenn * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date * [Sec 3807] praecis_parse() in the Palisade refclock driver has a hypothetical input buffer overflow. Reported by ... stenn@ * [Sec 3806] libntp/mstolfp.c needs bounds checking - solved numerically instead of using string manipulation * [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled. * [Bug 3819] Updated libopts/Makefile.am was missing NTP_HARD_* values. * [Bug 3817] Bounds-check "tos floor" configuration. * [Bug 3814] First poll delay of new or cleared associations miscalculated. * [Bug 3802] ntp-keygen -I default identity modulus bits too small for OpenSSL 3. Reported by rmsh1216@163.com * [Bug 3801] gpsdjson refclock gps_open() device name mishandled. * [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. * [Bug 3799] Enable libopts noreturn compiler advice for MSC. * [Bug 3797] Windows getaddrinfo w/AI_ADDRCONFIG fails for localhost when disconnected, breaking ntpq and ntpdc. * [Bug 3795] pollskewlist documentation uses | when it shouldn't. - ntp.conf manual page and miscopt.html corrections. * [Bug 3793] Wrong variable type passed to record_raw_stats(). - Report and patch by Yuezhen LUAN . * [Bug 3786] Timer starvation on high-load Windows ntpd. * [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded. * [Bug 3781] log "Unable to listen for broadcasts" for IPv4 * [Bug 3774] mode 6 packets corrupted in rawstats file - Reported by Edward McGuire, fix identified by . * [Bug 3758] Provide a 'device' config statement for refclocks * [Bug 3757] Improve handling of Linux-PPS in NTPD * [Bug 3741] 4.2.8p15 can't build with glibc 2.34 * [Bug 3725] Make copyright of clk_wharton.c compatible with Debian. Philippe De Muyter * [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows - openssl applink needed again for openSSL-1.1.1 * [Bug 3719] configure.ac checks for closefrom() and getdtablesize() missing. Reported by Brian Utterback, broken in 2010 by * [Bug 3699] Problems handling drift file and restoring previous drifts - command line options override config statements where applicable - make initial frequency settings idempotent and reversible - make sure kernel PLL gets a recovered drift componsation * [Bug 3695] Fix memory leak with ntpq on Windows Server 2019 * [Bug 3694] NMEA refclock seems to unnecessarily require location in messages - misleading title; essentially a request to ignore the receiver status. Added a mode bit for this. * [Bug 3693] Improvement of error handling key lengths - original patch by Richard Schmidt, with mods & unit test fixes * [Bug 3692] /dev/gpsN requirement prevents KPPS - implement/wrap 'realpath()' to resolve symlinks in device names * [Bug 3691] Buffer Overflow reading GPSD output - original patch by matt - increased max PDU size to 4k to avoid truncation * [Bug 3690] newline in ntp clock variable (parse) - patch by Frank Kardel * [Bug 3689] Extension for MD5, SHA-1 and other keys - ntp{q,dc} now use the same password processing as ntpd does in the key file, so having a binary secret >= 11 bytes is possible for all keys. (This is a different approach to the problem than suggested) * [Bug 3688] GCC 10 build errors in testsuite * [Bug 3687] ntp_crypto_rand RNG status not known - patch by Gerry Garvey * [Bug 3682] Fixes for warnings when compiled without OpenSSL - original patch by Gerry Garvey * [Bug 3677] additional peer events not decoded in associations listing - original patch by Gerry Garvey * [Bug 3676] compiler warnings (CMAC, interrupt_buf, typo, fallthrough) - applied patches by Gerry Garvey * [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage * [Bug 3674] ntpq command 'execute only' using '~' prefix - idea+patch by Gerry Garvey * [Bug 3672] fix biased selection in median cut * [Bug 3666] avoid unlimited receive buffer allocation - follow-up: fix inverted sense in check, reset shortfall counter * [Bug 3660] Revert 4.2.8p15 change to manycast. * [Bug 3640] document "discard monitor" and fix the code. - fixed bug identified by Edward McGuire * [Bug 3626] (SNTP) UTC offset calculation needs dst flag - applied patch by Gerry Garvey * [Bug 3428] ntpd spinning consuming CPU on Linux router with full table. Reported by Israel G. Lugo. * [Bug 3103] libopts zsave_warn format string too few arguments * [Bug 2990] multicastclient incorrectly causes bind to broadcast address. Integrated patch from Brian Utterback. * [Bug 2525] Turn on automake subdir-objects across the project. * [Bug 2410] syslog an error message on panic exceeded. * Use correct rounding in mstolfp(). perlinger/hart * M_ADDF should use u_int32. * Only define tv_fmt_libbuf() if we will use it. * Use recv_buffer instead of the longer recv_space.X_recv_buffer. hart/stenn * Make sure the value returned by refid_str() prints cleanly. * If DEBUG is enabled, the startup banner now says that debug assertions are in force and that ntpd will abort if any are violated. * syslog valid incoming KoDs. * Rename a poorly-named variable. * Disable "embedded NUL in string" messages in libopts, when we can. * Use https in the AC_INIT URLs in configure.ac. * Implement NTP_FUNC_REALPATH. * Lose a gmake construct in ntpd/Makefile.am. * upgrade to: autogen-5.18.16 * upgrade to: libopts-42.1.17 * upgrade to: autoconf-2.71 * upgrade to: automake-1.16.15 * Upgrade to libevent-2.1.12-stable * Support OpenSSL-3.0 Tested-by: Adolf Belka Signed-off-by: Adolf Belka Reviewed-by: Peter Müller --- lfs/ntp | 7 ++--- ...tp-4.2.8p15-build-fix-for-glibc-2.34.patch | 29 ------------------- 2 files changed, 3 insertions(+), 33 deletions(-) delete mode 100644 src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch diff --git a/lfs/ntp b/lfs/ntp index 241a21e1c..aadfbd0c1 100644 --- a/lfs/ntp +++ b/lfs/ntp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2020 IPFire Team # +# Copyright (C) 2007-2023 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.2.8p15 +VER = 4.2.8p17 THISAPP = ntp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 5697d6623d79686f9ca9ad907172bf942383067d1e9817117d20db042e9f7410644f236f1a0d77ab6bf6ec468476e12ea65b494a28f0dd8674bf08fc8875cfef +$(DL_FILE)_BLAKE2 = 5c0e90a234cdeab76e7443b42dfd5a0c3c78693a11bdb0fa21c8def91adbdf9b9871498df9d211509632812a9107501da3470104122e9621577541ffd6cd1ab6 install : $(TARGET) @@ -70,7 +70,6 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch $(UPDATE_AUTOMAKE) cd $(DIR_APP) && \ ./configure \ diff --git a/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch b/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch deleted file mode 100644 index 442fe7828..000000000 --- a/src/patches/ntp-4.2.8p15-build-fix-for-glibc-2.34.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 082a504cfcc046c3d8adaae1164268bc94e5108a Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Sat, 31 Jul 2021 10:51:41 -0700 -Subject: [PATCH] libntp: Do not use PTHREAD_STACK_MIN on glibc -In glibc 2.34+ PTHREAD_STACK_MIN is not a compile-time constant which -could mean different stack sizes at runtime on different architectures -and it also causes compile failure. Default glibc thread stack size -or 64Kb set by ntp should be good in glibc these days. -Upstream-Status: Pending -Signed-off-by: Khem Raj ---- - libntp/work_thread.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/libntp/work_thread.c b/libntp/work_thread.c -index 03a5647..3ddd751 100644 ---- a/libntp/work_thread.c -+++ b/libntp/work_thread.c -@@ -41,7 +41,7 @@ - #ifndef THREAD_MINSTACKSIZE - # define THREAD_MINSTACKSIZE (64U * 1024) - #endif --#ifndef __sun -+#if !defined(__sun) && !defined(__GLIBC__) - #if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN - # undef THREAD_MINSTACKSIZE - # define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN --- -2.32.0 -