From patchwork Tue Jun 18 10:48:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7886 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4W3Nm92wpFz3wxG for ; Tue, 18 Jun 2024 10:49:13 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4W3Nm43Gxxz3tL; Tue, 18 Jun 2024 10:49:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4W3Nm3578dz33GB; Tue, 18 Jun 2024 10:49:07 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4W3Nm12jV7z30BS for ; Tue, 18 Jun 2024 10:49:05 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4W3Nm05lCKz128; Tue, 18 Jun 2024 10:49:04 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1718707744; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=knFjpszHa3lWcvBlecEfUu9g90CfvF/iELgZFYbb6dQ=; b=59aESOqQbp2MTOGnxXm5dWIAhh1K9lbEVjdJFzuOb8SJVZTKijJVgTI2DsPnWtb70e0xK6 j4BX7pAQ7OMwVpBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1718707744; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=knFjpszHa3lWcvBlecEfUu9g90CfvF/iELgZFYbb6dQ=; b=txP2J9mk+w24tPHTSGp8mVLSiWK34THVYVylW3TgpJCdduAzE2vMdDUyKUhp7vm4fDEcSv IOU5JtvY3v5ABVsn5zP43A/47Quhq5CrJnYhGKr07ArWzjdpf/Br/AKsBcs8q4oC26GSpz /oS72uGo0DdRKqOk2VvaSrKewR+kwWA365zxv1hv6rOSahLpu7SUhBideZfyg73jiRZnOA 4inPlIT2vZXrrgfFBKWotlbkiLMNeBRTSo52hdRTC0c5FbTMFLoS+F4vFnAIRZTkEb6Ojq ZH9V5yeWPDo4rpp5pUQsom3/OuscHhH9uEiDpQ2PHPaoADKyNoFrS/+KxF6GpQ== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] ntp: Update to version 4.2.8p18 Date: Tue, 18 Jun 2024 12:48:54 +0200 Message-ID: <20240618104858.3386879-2-adolf.belka@ipfire.org> In-Reply-To: <20240618104858.3386879-1-adolf.belka@ipfire.org> References: <20240618104858.3386879-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: PFO3TWIIRWNVPWPIYPKMK5TXLDUGHLGE X-Message-ID-Hash: PFO3TWIIRWNVPWPIYPKMK5TXLDUGHLGE X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 4.2.8p17 to 4.2.8p18 - Update of rootile - Changelog 4.2.8p18 (Harlan Stenn , 2024 May 24) Focus: Bug fixes Severity: Recommended This release: - changes crypto (OpenSSL or compatible) detection and default build behavior. Previously, crypto was supported if available unless the --without-crypto option was given to configure. With this release, the prior behavior of falling back to a crypto-free build if usable libcrypto was not found has changed to instead cause configure to fail with an error. The --without-crypto option must be explicitly provided if you want a build that does not use libcrypto functionality. - Fixes 40 bugs - Includes 40 other improvements Details below: * [Bug 3918] Tweak openssl header/library handling. * [Bug 3914] Spurious "Unexpected origin timestamp" logged after time stepped. * [Bug 3913] Avoid duplicate IPv6 link-local manycast associations. * [Bug 3912] Avoid rare math errors in ntptrace. * [Bug 3910] Memory leak using openssl-3 * [Bug 3909] Do not select multicast local address for unicast peer. * [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe. * [Bug 3901] LIB_GETBUF isn't thread-safe. * [Bug 3900] fast_xmit() selects wrong local addr responding to mcast on Windows. * [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient creates duplicate associations. * [Bug 3872] Ignore restrict mask for hostname. * [Bug 3871] 4.2.8p17 build without hopf6021 refclock enabled fails. Reported by Hans Mayer. Moved NONEMPTY_TRANSLATION_UNIT declaration from ntp_types.h to config.h. * [Bug 3870] Server drops client packets with ppoll < 4. * [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs. Reported by PoolMUC@web.de. * [Bug 3868] Cannot restrict a pool peer. Thanks to Edward McGuire for tracking down the deficiency. * [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian. * [Bug 3859] Use NotifyIpInterfaceChange on Windows ntpd. * [Bug 3856] Enable Edit & Continue debugging with Visual Studio. * [Bug 3855] ntpq lacks an equivalent to ntpdc's delrestrict. * [Bug 3854] ntpd 4.2.8p17 corrupts rawstats file with space in refid. * [Bug 3853] Clean up warnings with modern compilers. * [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as intended. * [Bug 3851] Drop pool server when no local address can reach it. * [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid. * [Bug 3849] ntpd --wait-sync times out. * [Bug 3847] SSL detection in configure should run-test if runpath is needed. * [Bug 3846] Use -Wno-format-truncation by default. * [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access. * [Bug 3842] Windows ntpd PPSAPI DLL load failure crashes. * [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat Need to remove --Wformat-security when removing -Wformat to silence numerous libopts warnings. * [Bug 3837] NULL pointer deref crash when ntpd deletes last interface. Reported by renmingshuai. Correct UNLINK_EXPR_SLIST() when the list is empty. * [Bug 3835] NTP_HARD_*FLAGS not used by libevent tearoff. * [Bug 3831] pollskewlist zeroed on runtime configuration. * [Bug 3830] configure libevent check intersperses output with answer. * [Bug 3828] BK should ignore a git repo in the same directory. * [Bug 3827] Fix build in case CLOCK_HOPF6021 or CLOCK_WHARTON_400A is disabled. * [Bug 3825] Don't touch HTML files unless building inside a BK repo. Fix the script checkHtmlFileDates. * [Bug 3756] Improve OpenSSL library/header detection. * [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. * [Bug 2734] TEST3 prevents initial interleave sync. Fix from * Log failures to allocate receive buffers. * Remove extraneous */ from libparse/ieee754io.c * Fix .datecheck target line in Makefile.am. * Update the copyright year. * Update ntp.conf documentation to add "delrestrict" and correct information about KoD rate limiting. * html/clockopt.html cleanup. * util/lsf-times - added. * Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c. * Provide ntpd thread names to debugger on Windows. * Remove dead code libntp/numtohost.c and its unit tests. * Remove class A, B, C IPv4 distinctions in netof(). * Use @configure_input@ in various *.in files to include a comment that the file is generated from another pointing to the *.in. * Correct underquoting, indents in ntp_facilitynames.m4. * Clean up a few warnings seen building with older gcc. * Fix build on older FreeBSD lacking sys/procctl.h. * Disable [Bug 3627] workaround on newer FreeBSD which has the kernel fix that makes it unnecessary, re-enabling ASLR stack gap. * Use NONEMPTY_COMPILATION_UNIT in more conditionally-compiled files. * Remove useless pointer to Windows Help from system error messages. * Avoid newlines within Windows error messages. * Ensure unique association IDs if wrapped. * Simplify calc_addr_distance(). * Clamp min/maxpoll in edge cases in newpeer(). * Quiet local addr change logging when unpeering. * Correct missing arg for %s printf specifier in send_blocking_resp_internal(). * Suppress OpenSSL 3 deprecation warning clutter. * Correct OpenSSL usage in Autokey code to avoid warnings about discarding const qualifiers with OpenSSL 3. * Display KoD refid as text in recently added message. * Avoid running checkHtmlFileDates script repeatedly when no html/*.html files have changed. * Abort configure if --enable-crypto-rand given & unavailable. * Add configure --enable-verbose-ssl to trace SSL detection. * Add build test coverage for --disable-saveconfig to flock-build script. * Remove deprecated configure --with-arlib option. * Remove configure support for ISC UNIX ca. 1998. * Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files to NTP_LIBNTP. * Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. * Eliminate [v]snprintf redefinition warnings on macOS. * Fix clang 14 cast increases alignment warning on Linux. * Move ENABLE_CMAC to ntp_openssl.m4, reviving sntp/tests CMAC unit tests. * Use NTP_HARD_CPPFLAGS in libopts tearoff. * wire in --enable-build-framework-help Signed-off-by: Adolf Belka --- config/rootfiles/common/ntp | 3 +-- lfs/ntp | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/ntp b/config/rootfiles/common/ntp index fd1262e9b..7ca3ed1e7 100644 --- a/config/rootfiles/common/ntp +++ b/config/rootfiles/common/ntp @@ -10,7 +10,6 @@ usr/bin/ntpd usr/bin/ntpdate usr/bin/ntpdc usr/bin/ntpq -#usr/bin/ntpsnmpd usr/bin/ntptime usr/bin/ntptrace usr/bin/sntp @@ -18,6 +17,7 @@ usr/bin/tickadj usr/bin/update-leap #usr/share/doc/ntp #usr/share/doc/ntp/html +#usr/share/doc/ntp/html/.datecheck #usr/share/doc/ntp/html/access.html #usr/share/doc/ntp/html/accopt.html #usr/share/doc/ntp/html/assoc.html @@ -277,7 +277,6 @@ usr/bin/update-leap #usr/share/man/man1/ntpdc.1 #usr/share/man/man1/ntpq.1 #usr/share/man/man1/ntptrace.1 -#usr/share/man/man1/ntpsnmpd.1 #usr/share/man/man1/sntp.1 #usr/share/man/man1/update-leap.1 #usr/share/man/man5/ntp.conf.5 diff --git a/lfs/ntp b/lfs/ntp index aadfbd0c1..2d746c78f 100644 --- a/lfs/ntp +++ b/lfs/ntp @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 4.2.8p17 +VER = 4.2.8p18 THISAPP = ntp-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 5c0e90a234cdeab76e7443b42dfd5a0c3c78693a11bdb0fa21c8def91adbdf9b9871498df9d211509632812a9107501da3470104122e9621577541ffd6cd1ab6 +$(DL_FILE)_BLAKE2 = 9a7bb767d2d8ae3a7224542df7978f8289cbdf28488c5e4dce4c549cdd1063259f69548898a352c0463ce83c4725bfd7c7dbf673ee3b74e490d7b1275760497c install : $(TARGET)