Security update: net/ntp 4.2.8p6

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Security update: net/ntp 4.2.8p6

Christian Weisgerber
Security update for net/ntp to 4.2.8p6.  This addresses numerous
security issues.
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

As far as I can tell, the problem fixed by the ssl_init.c patch
only concerns the regression test itself and doesn't appear in
actual protocol code.  The Makefile dependencies want to regenerate
run-ssl_init.c with ruby(1), but since nothing would change in that
file, we can short-ciruit this.

OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/ntp/Makefile,v
retrieving revision 1.67
diff -u -p -r1.67 Makefile
--- Makefile 10 Nov 2015 18:33:02 -0000 1.67
+++ Makefile 2 Feb 2016 20:54:34 -0000
@@ -6,7 +6,7 @@ COMMENT= Network Time Protocol reference
 # to confuse with the ports system's 'pN' convention, so convert it to
 # 'pl' for local use.
 
-VERSION= 4.2.8p4
+VERSION= 4.2.8p6
 DISTNAME= ntp-${VERSION}
 PKGNAME= ntp-${VERSION:S/p/pl/}
 CATEGORIES= net
@@ -39,6 +39,8 @@ LIB_DEPENDS= devel/libevent2
 
 post-patch:
  cp ${WRKSRC}/sntp/loc/freebsd ${WRKSRC}/sntp/loc/openbsd
+# short-circuit regeneration after patching ssl_init.c
+ touch ${WRKSRC}/tests/libntp/run-ssl_init.c
 
 post-install:
  ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ntp
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/ntp/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo 10 Nov 2015 18:33:02 -0000 1.19
+++ distinfo 2 Feb 2016 20:54:34 -0000
@@ -1,2 +1,2 @@
-SHA256 (ntp-4.2.8p4.tar.gz) = DWlhVyVI0sSvlvWPdj4irGIPWv73FzhN3DF6DjZc/bk=
-SIZE (ntp-4.2.8p4.tar.gz) = 7104852
+SHA256 (ntp-4.2.8p6.tar.gz) = WD0OHFc6zjCpxq++oPxSyunIyRbbwVwCbkhaDdpLoEg=
+SIZE (ntp-4.2.8p6.tar.gz) = 7152557
Index: patches/patch-tests_libntp_ssl_init_c
===================================================================
RCS file: patches/patch-tests_libntp_ssl_init_c
diff -N patches/patch-tests_libntp_ssl_init_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-tests_libntp_ssl_init_c 2 Feb 2016 20:54:34 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- tests/libntp/ssl_init.c.orig Wed Jan 20 09:56:48 2016
++++ tests/libntp/ssl_init.c Tue Feb  2 21:38:07 2016
+@@ -43,7 +43,7 @@ test_SHA1KeyTypeWithDigestLength(void) {
+ size_t digestLength;
+ size_t expected = TEST_SHA1_DIGEST_LENGTH;
+
+- TEST_ASSERT_EQUAL(NID_sha, keytype_from_text("SHA", &digestLength));
++ TEST_ASSERT_EQUAL(NID_sha1, keytype_from_text("SHA1", &digestLength));
+ TEST_ASSERT_EQUAL(expected, digestLength);
+ /* OPENSSL */
+ #else
+@@ -62,7 +62,7 @@ test_MD5KeyName(void) {
+ void
+ test_SHA1KeyName(void) {
+ #ifdef OPENSSL
+- TEST_ASSERT_EQUAL_STRING("SHA", keytype_name(NID_sha));
++ TEST_ASSERT_EQUAL_STRING("SHA1", keytype_name(NID_sha1));
+ #else
+ TEST_IGNORE_MESSAGE("Skipping because OPENSSL isn't defined");
+ #endif /* OPENSSL */
--
Christian "naddy" Weisgerber                          [hidden email]