This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 4579e6806acab5ccde4a16686569936b018ce9e3 (commit) via 6cd485c8929f8a529326bcf711890520a772531d (commit) via b62ccb4eb66b007cc4f82c57c4e2106e5b39e290 (commit) via 30e7e32c50186dbe630179bc37ef69a389a4f2d7 (commit) via 08748e57d48d8a1f09bd8a6d76f23c48b844060c (commit) via 46481a44dab16acc5f0fc7d5566b038448d4b237 (commit) via 858366befe6c92acf300b8c4c8d465ebe12f7711 (commit) from 4f3d5107d7f1f8a459538262afe0078f1f9189fc (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 4579e6806acab5ccde4a16686569936b018ce9e3 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Dec 22 17:29:35 2014 +0100
ntp: Update to 4.2.8
CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets CVE-2014-9296 ntp: receive() missing return on error
commit 6cd485c8929f8a529326bcf711890520a772531d Merge: b62ccb4 858366b Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Dec 10 14:19:52 2014 +0100
Merge remote-tracking branch 'stevee/plymouth-update'
commit b62ccb4eb66b007cc4f82c57c4e2106e5b39e290 Merge: 30e7e32 46481a4 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Dec 10 14:19:17 2014 +0100
Merge remote-tracking branch 'stevee/grub2-fix'
commit 30e7e32c50186dbe630179bc37ef69a389a4f2d7 Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Dec 10 14:17:06 2014 +0100
kernel: Add patch to make RT5592 chipsets more stable
Reduces massive power consumption which makes the module and USB bus very unstable.
From: http://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=e71475c13afeef652ae94a545...
commit 08748e57d48d8a1f09bd8a6d76f23c48b844060c Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Dec 10 14:16:30 2014 +0100
ddns: New package (version 005)
commit 46481a44dab16acc5f0fc7d5566b038448d4b237 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 7 15:47:17 2014 +0100
grub: Disable hardening for grub-script-check binary.
This binary requires the following disabled PaX flags: * PAGEEXEC * MPROTECT * RANDEXEC * EMUTRAMP
If one of these flags in enabled the binary will crash during the execution of "grub-mkconfig" and the grub configuration file cannot be updated.
commit 858366befe6c92acf300b8c4c8d465ebe12f7711 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Dec 7 15:42:24 2014 +0100
plymouth: Update to 0.9.0.
-----------------------------------------------------------------------
Summary of changes: ddns/ddns.nm | 57 +++ grub/grub.nm | 5 +- kernel/kernel.nm | 2 +- ...linux-3.14.25-rt5592_no_special_txop_init.patch | 13 + ntp/ntp.nm | 40 +- ntp/patches/ntp-4.2.4p7-getprecision.patch | 12 - ntp/patches/ntp-4.2.6p1-cmsgalign.patch | 14 - ntp/patches/ntp-4.2.6p1-linkfastmath.patch | 12 - ntp/patches/ntp-4.2.6p1-logdefault.patch | 12 - ntp/patches/ntp-4.2.6p1-retcode.patch | 12 - ntp/patches/ntp-4.2.6p1-sleep.patch | 495 --------------------- ntp/patches/ntp-4.2.6p2-multiopts.patch | 21 - ntp/patches/ntp-4.2.6p3-bcast.patch | 93 ---- ntp/patches/ntp-4.2.6p3-broadcastdelay.patch | 31 -- ntp/patches/ntp-4.2.6p4-droproot.patch | 207 --------- ntp/patches/ntp-4.2.6p4-htmldoc.patch | 76 ---- ntp/patches/ntp-4.2.6p4-mlock.patch | 140 ------ ntp/patches/ntp-4.2.6p4-rtnetlink.patch | 15 - ntp/patches/ntp-4.2.6p5-delaycalib.patch | 12 - ntp/patches/ntp-4.2.6p5-fipsmd5.patch | 47 -- ...ymouth-0.9.0-everything-is-better-in-red.patch} | 12 +- plymouth/plymouth-update-initrd | 2 - plymouth/plymouth.nm | 29 +- 23 files changed, 91 insertions(+), 1268 deletions(-) create mode 100644 ddns/ddns.nm create mode 100644 kernel/patches/linux-3.14.25-rt5592_no_special_txop_init.patch delete mode 100644 ntp/patches/ntp-4.2.4p7-getprecision.patch delete mode 100644 ntp/patches/ntp-4.2.6p1-cmsgalign.patch delete mode 100644 ntp/patches/ntp-4.2.6p1-linkfastmath.patch delete mode 100644 ntp/patches/ntp-4.2.6p1-logdefault.patch delete mode 100644 ntp/patches/ntp-4.2.6p1-retcode.patch delete mode 100644 ntp/patches/ntp-4.2.6p1-sleep.patch delete mode 100644 ntp/patches/ntp-4.2.6p2-multiopts.patch delete mode 100644 ntp/patches/ntp-4.2.6p3-bcast.patch delete mode 100644 ntp/patches/ntp-4.2.6p3-broadcastdelay.patch delete mode 100644 ntp/patches/ntp-4.2.6p4-droproot.patch delete mode 100644 ntp/patches/ntp-4.2.6p4-htmldoc.patch delete mode 100644 ntp/patches/ntp-4.2.6p4-mlock.patch delete mode 100644 ntp/patches/ntp-4.2.6p4-rtnetlink.patch delete mode 100644 ntp/patches/ntp-4.2.6p5-delaycalib.patch delete mode 100644 ntp/patches/ntp-4.2.6p5-fipsmd5.patch rename plymouth/patches/{plymouth-0.8.0-everything-is-better-in-red.patch => plymouth-0.9.0-everything-is-better-in-red.patch} (52%) delete mode 100644 plymouth/plymouth-update-initrd
Difference in files: diff --git a/ddns/ddns.nm b/ddns/ddns.nm new file mode 100644 index 0000000..cf5f94f --- /dev/null +++ b/ddns/ddns.nm @@ -0,0 +1,57 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = ddns +version = 005 +release = 1 +arch = noarch + +groups = System/Tools +url = http://www.ipfire.org +license = GPLv3 +summary = A python based dynamic DNS updater. + +description + ddns is a simple, extensible, cross-distribution, cross-platform dynamic DNS updater + written in Python. +end + +source_dl = http://source.ipfire.org/releases/ddns/ +sources = %{thisapp}.tar.xz + +build + requires + autoconf + automake + gettext-devel + intltool + m4 + end + + configure_options += \ + --prefix=%{prefix} \ + --sysconfdir=%{sysconfdir} + + prepare_cmds + ./autogen.sh + end + + install_cmds + # Ship an empty configuration file. + touch %{BUILDROOT}%{sysconfdir}/%{name}/ddns.conf + end +end + +packages + package %{name} + recommends + %{bindir}/nsupdate + end + + configfiles + %{sysconfdir}/%{name}/ddns.conf + end + end +end diff --git a/grub/grub.nm b/grub/grub.nm index 59893e2..b109a2a 100644 --- a/grub/grub.nm +++ b/grub/grub.nm @@ -5,7 +5,7 @@
name = grub version = 2.00 -release = 4 +release = 5 sup_arches = x86_64 i686
groups = System/Boot @@ -97,6 +97,9 @@ build paxctl -mpes \ %{BUILDROOT}%{sbindir}/grub-bios-setup \ %{BUILDROOT}%{sbindir}/grub-probe + + paxctl -mpex \ + %{BUILDROOT}%{bindir}/grub-script-check end
debuginfo_strict_build_id = false diff --git a/kernel/kernel.nm b/kernel/kernel.nm index 9ad7578..eec42b0 100644 --- a/kernel/kernel.nm +++ b/kernel/kernel.nm @@ -5,7 +5,7 @@
name = kernel version = 3.17.4 -release = 1 +release = 2 thisapp = linux-%{version}
maintainer = Arne Fitzenreiter arne.fitzenreiter@ipfire.org diff --git a/kernel/patches/linux-3.14.25-rt5592_no_special_txop_init.patch b/kernel/patches/linux-3.14.25-rt5592_no_special_txop_init.patch new file mode 100644 index 0000000..fe30c9e --- /dev/null +++ b/kernel/patches/linux-3.14.25-rt5592_no_special_txop_init.patch @@ -0,0 +1,13 @@ +diff -Naur linux-3.14.25.org/drivers/net/wireless/rt2x00/rt2800lib.c linux-3.14.25/drivers/net/wireless/rt2x00/rt2800lib.c +--- linux-3.14.25.org/drivers/net/wireless/rt2x00/rt2800lib.c 2014-11-21 18:23:44.000000000 +0100 ++++ linux-3.14.25/drivers/net/wireless/rt2x00/rt2800lib.c 2014-12-03 11:30:58.813355413 +0100 +@@ -4847,7 +4847,8 @@ + rt2x00_set_field32(®, TXOP_CTRL_CFG_EXT_CWMIN, 0); + rt2800_register_write(rt2x00dev, TXOP_CTRL_CFG, reg); + +- reg = rt2x00_rt(rt2x00dev, RT5592) ? 0x00000082 : 0x00000002; ++// reg = rt2x00_rt(rt2x00dev, RT5592) ? 0x00000082 : 0x00000002; ++ reg = 0x00000002; + rt2800_register_write(rt2x00dev, TXOP_HLDR_ET, reg); + + rt2800_register_read(rt2x00dev, TX_RTS_CFG, ®); diff --git a/ntp/ntp.nm b/ntp/ntp.nm index 9c8bb56..ba72e62 100644 --- a/ntp/ntp.nm +++ b/ntp/ntp.nm @@ -4,9 +4,9 @@ ###############################################################################
name = ntp -version = %{ver_major}.6p5 +version = %{ver_major}.8 ver_major = 4.2 -release = 2 +release = 1
groups = System/Daemons url = http://www.ntp.org/ @@ -61,9 +61,6 @@ build
make ${PARALLELISMFLAGS}
- sed -i 's|$ntpq = "ntpq"|$ntpq = "%{sbindir}/ntpq"|' scripts/ntptrace - sed -i 's|ntpq -c |%{sbindir}/ntpq -c |' scripts/ntp-wait - # Build ntpstat. make -C ntpstat-0.2 end @@ -191,39 +188,6 @@ packages end end
- package %{name}-perl - summary = NTP utilities written in Perl. - description - This package contains Perl scripts ntp-wait and ntptrace. - end - groups = Applications/System - - requires - %{name} = %{thisver} - end - - files - %{sbindir}/ntp-wait - %{sbindir}/ntptrace - %{mandir}/man8/ntp-wait.8* - %{mandir}/man8/ntptrace.8* - %{unitdir}/ntp-wait.service - end - - script preun - systemctl --no-reload disable ntp-wait.service >/dev/null 2>&1 || : - systemctl stop ntp-wait.service >/dev/null 2>&1 || : - end - - script postun - systemctl daemon-reload >/dev/null 2>&1 || : - end - - script postup - systemctl daemon-reload >/dev/null 2>&1 || : - end - end - package %{name}-devel template DEVEL end diff --git a/ntp/patches/ntp-4.2.4p7-getprecision.patch b/ntp/patches/ntp-4.2.4p7-getprecision.patch deleted file mode 100644 index ecf6def..0000000 --- a/ntp/patches/ntp-4.2.4p7-getprecision.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ntp-4.2.4p7/ntpd/ntp_proto.c.getprecision ntp-4.2.4p7/ntpd/ntp_proto.c ---- ntp-4.2.4p7/ntpd/ntp_proto.c.getprecision 2009-09-29 14:16:22.000000000 +0200 -+++ ntp-4.2.4p7/ntpd/ntp_proto.c 2009-09-29 14:18:13.000000000 +0200 -@@ -3099,7 +3099,7 @@ peer_unfit( - /* - * Find the precision of this particular machine - */ --#define MINSTEP 100e-9 /* minimum clock increment (s) */ -+#define MINSTEP 10e-9 /* minimum clock increment (s) */ - #define MAXSTEP 20e-3 /* maximum clock increment (s) */ - #define MINLOOPS 5 /* minimum number of step samples */ - diff --git a/ntp/patches/ntp-4.2.6p1-cmsgalign.patch b/ntp/patches/ntp-4.2.6p1-cmsgalign.patch deleted file mode 100644 index 0e4b8cc..0000000 --- a/ntp/patches/ntp-4.2.6p1-cmsgalign.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up ntp-4.2.6p1/ntpd/ntp_io.c.cmsgalign ntp-4.2.6p1/ntpd/ntp_io.c ---- ntp-4.2.6p1/ntpd/ntp_io.c.cmsgalign 2010-03-04 18:28:53.000000000 +0100 -+++ ntp-4.2.6p1/ntpd/ntp_io.c 2010-03-04 18:30:34.000000000 +0100 -@@ -3194,8 +3194,8 @@ read_network_packet( - msghdr.msg_namelen = fromlen; - msghdr.msg_iov = &iovec; - msghdr.msg_iovlen = 1; -- msghdr.msg_control = (void *)&control; -- msghdr.msg_controllen = sizeof(control); -+ msghdr.msg_control = (void *)((long)(control + 7) & -8); /* align to 8 bytes */ -+ msghdr.msg_controllen = sizeof(control) - 8; - msghdr.msg_flags = 0; - rb->recv_length = recvmsg(fd, &msghdr, 0); - #endif diff --git a/ntp/patches/ntp-4.2.6p1-linkfastmath.patch b/ntp/patches/ntp-4.2.6p1-linkfastmath.patch deleted file mode 100644 index 5a859d3..0000000 --- a/ntp/patches/ntp-4.2.6p1-linkfastmath.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ntp-4.2.6p1/ntpd/Makefile.in.linkfastmath ntp-4.2.6p1/ntpd/Makefile.in ---- ntp-4.2.6p1/ntpd/Makefile.in.linkfastmath 2010-02-09 11:19:25.000000000 +0100 -+++ ntp-4.2.6p1/ntpd/Makefile.in 2010-03-03 16:57:40.000000000 +0100 -@@ -365,7 +365,7 @@ man_MANS = $(srcdir)/ntpd.1 - # sqrt ntp_control.o - # floor refclock_wwv.o - # which are (usually) provided by -lm. --ntpd_LDADD = $(LDADD) $(LIBOPTS_LDADD) ../libntp/libntp.a -lm @LCRYPTO@ @LSCF@ -+ntpd_LDADD = $(LDADD) $(LIBOPTS_LDADD) ../libntp/libntp.a -lm -ffast-math @LCRYPTO@ @LSCF@ - ntpdsim_LDADD = $(LDADD) $(LIBOPTS_LDADD) ../libntp/libntpsim.a -lm @LCRYPTO@ @LSCF@ - ntpdsim_CFLAGS = $(CFLAGS) -DSIM - check_y2k_LDADD = $(LDADD) ../libntp/libntp.a diff --git a/ntp/patches/ntp-4.2.6p1-logdefault.patch b/ntp/patches/ntp-4.2.6p1-logdefault.patch deleted file mode 100644 index ae816b7..0000000 --- a/ntp/patches/ntp-4.2.6p1-logdefault.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ntp-4.2.6p1/ntpd/ntp_config.c.logdefault ntp-4.2.6p1/ntpd/ntp_config.c ---- ntp-4.2.6p1/ntpd/ntp_config.c.logdefault 2010-01-24 11:01:45.000000000 +0100 -+++ ntp-4.2.6p1/ntpd/ntp_config.c 2010-03-09 17:44:09.000000000 +0100 -@@ -3794,7 +3794,7 @@ getconfig( - - #endif /* SYS_WINNT */ - res_fp = NULL; -- ntp_syslogmask = NLOG_SYNCMASK; /* set more via logconfig */ -+ ntp_syslogmask = NLOG_SYNCMASK | NLOG_EVENT | NLOG_STATUS; /* set more via logconfig */ - - /* - * install a non default variable with this daemon version diff --git a/ntp/patches/ntp-4.2.6p1-retcode.patch b/ntp/patches/ntp-4.2.6p1-retcode.patch deleted file mode 100644 index 6d676d2..0000000 --- a/ntp/patches/ntp-4.2.6p1-retcode.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ntp-4.2.6p1/ntpd/ntp_proto.c.retcode ntp-4.2.6p1/ntpd/ntp_proto.c ---- ntp-4.2.6p1/ntpd/ntp_proto.c.retcode 2009-12-09 08:36:36.000000000 +0100 -+++ ntp-4.2.6p1/ntpd/ntp_proto.c 2010-03-03 16:06:00.000000000 +0100 -@@ -269,7 +269,7 @@ transmit( - "ntpd: no servers found"); - printf( - "ntpd: no servers found\n"); -- exit (0); -+ exit (1); - } - } - } diff --git a/ntp/patches/ntp-4.2.6p1-sleep.patch b/ntp/patches/ntp-4.2.6p1-sleep.patch deleted file mode 100644 index 577ef26..0000000 --- a/ntp/patches/ntp-4.2.6p1-sleep.patch +++ /dev/null @@ -1,495 +0,0 @@ -diff -up ntp-4.2.6p1/include/ntp_refclock.h.sleep ntp-4.2.6p1/include/ntp_refclock.h ---- ntp-4.2.6p1/include/ntp_refclock.h.sleep 2009-12-09 08:36:35.000000000 +0100 -+++ ntp-4.2.6p1/include/ntp_refclock.h 2010-03-10 19:27:46.000000000 +0100 -@@ -260,6 +260,7 @@ extern void refclock_control (sockaddr_u - struct refclockstat *); - extern int refclock_open (char *, u_int, u_int); - extern int refclock_setup (int, u_int, u_int); -+extern int refclock_timer_needed (struct peer *); - extern void refclock_timer (struct peer *); - extern void refclock_transmit (struct peer *); - extern int refclock_ioctl (int, u_int); -diff -up ntp-4.2.6p1/include/ntp_stdlib.h.sleep ntp-4.2.6p1/include/ntp_stdlib.h ---- ntp-4.2.6p1/include/ntp_stdlib.h.sleep 2009-12-09 08:36:35.000000000 +0100 -+++ ntp-4.2.6p1/include/ntp_stdlib.h 2010-03-10 19:27:46.000000000 +0100 -@@ -116,6 +116,7 @@ extern const char * FindConfig (const ch - extern void signal_no_reset (int, RETSIGTYPE (*func)(int)); - - extern void getauthkeys (const char *); -+extern int auth_agekeys_needed (void); - extern void auth_agekeys (void); - extern void rereadkeys (void); - -diff -up ntp-4.2.6p1/include/ntpd.h.sleep ntp-4.2.6p1/include/ntpd.h ---- ntp-4.2.6p1/include/ntpd.h.sleep 2009-12-09 08:36:35.000000000 +0100 -+++ ntp-4.2.6p1/include/ntpd.h 2010-03-10 19:27:46.000000000 +0100 -@@ -112,8 +112,10 @@ extern void block_io_and_alarm (void); - /* ntp_loopfilter.c */ - extern void init_loopfilter(void); - extern int local_clock(struct peer *, double); --extern void adj_host_clock(void); -+extern int adj_host_clock_needed(void); -+extern void adj_host_clock(int); - extern void loop_config(int, double); -+extern int huffpuff_enabled(void); - extern void huffpuff(void); - extern u_long sys_clocktime; - extern u_int sys_tai; -@@ -219,6 +221,8 @@ extern void hack_restrict (int, sockaddr - /* ntp_timer.c */ - extern void init_timer (void); - extern void reinit_timer (void); -+extern double get_timeout (l_fp *); -+extern int timer_elapsed (l_fp, int); - extern void timer (void); - extern void timer_clr_stats (void); - extern void timer_interfacetimeout (u_long); -diff -up ntp-4.2.6p1/libntp/authkeys.c.sleep ntp-4.2.6p1/libntp/authkeys.c ---- ntp-4.2.6p1/libntp/authkeys.c.sleep 2009-12-09 08:36:35.000000000 +0100 -+++ ntp-4.2.6p1/libntp/authkeys.c 2010-03-10 19:27:46.000000000 +0100 -@@ -445,6 +445,25 @@ auth_delkeys(void) - } - } - -+int -+auth_agekeys_needed(void) { -+ struct savekey *sk; -+ int i; -+ -+ if (authnumkeys > 20) -+ return 1; -+ -+ for (i = 0; i < HASHSIZE; i++) { -+ sk = key_hash[i]; -+ while (sk != 0) { -+ if (sk->lifetime > 0) -+ return 1; -+ sk = sk->next; -+ } -+ } -+ return 0; -+} -+ - /* - * auth_agekeys - delete keys whose lifetimes have expired - */ -diff -up ntp-4.2.6p1/ntpd/ntp_loopfilter.c.sleep ntp-4.2.6p1/ntpd/ntp_loopfilter.c ---- ntp-4.2.6p1/ntpd/ntp_loopfilter.c.sleep 2009-12-09 08:36:36.000000000 +0100 -+++ ntp-4.2.6p1/ntpd/ntp_loopfilter.c 2010-03-10 19:27:46.000000000 +0100 -@@ -677,6 +677,13 @@ local_clock( - #endif /* LOCKCLOCK */ - } - -+int -+adj_host_clock_needed(void) -+{ -+ return !(!ntp_enable || mode_ntpdate || (pll_control && -+ kern_enable)); -+} -+ - - /* - * adj_host_clock - Called once every second to update the local clock. -@@ -686,7 +693,7 @@ local_clock( - */ - void - adj_host_clock( -- void -+ int time_elapsed - ) - { - double adjustment; -@@ -698,7 +705,7 @@ adj_host_clock( - * since the poll interval can exceed one day, the old test - * would be counterproductive. - */ -- sys_rootdisp += clock_phi; -+ sys_rootdisp += clock_phi * time_elapsed; - - #ifndef LOCKCLOCK - /* -@@ -819,6 +826,12 @@ set_freq( - #endif /* KERNEL_PLL */ - } - -+int -+huffpuff_enabled(void) -+{ -+ return sys_huffpuff != NULL; -+} -+ - /* - * huff-n'-puff filter - */ -diff -up ntp-4.2.6p1/ntpd/ntp_refclock.c.sleep ntp-4.2.6p1/ntpd/ntp_refclock.c ---- ntp-4.2.6p1/ntpd/ntp_refclock.c.sleep 2009-12-09 08:36:36.000000000 +0100 -+++ ntp-4.2.6p1/ntpd/ntp_refclock.c 2010-03-10 19:27:46.000000000 +0100 -@@ -268,6 +268,21 @@ refclock_unpeer( - } - - -+int -+refclock_timer_needed( -+ struct peer *peer /* peer structure pointer */ -+ ) -+{ -+ u_char clktype; -+ int unit; -+ -+ clktype = peer->refclktype; -+ unit = peer->refclkunit; -+ if (refclock_conf[clktype]->clock_timer != noentry) -+ return 1; -+ return 0; -+} -+ - /* - * refclock_timer - called once per second for housekeeping. - */ -diff -up ntp-4.2.6p1/ntpd/ntp_timer.c.sleep ntp-4.2.6p1/ntpd/ntp_timer.c ---- ntp-4.2.6p1/ntpd/ntp_timer.c.sleep 2009-12-09 08:36:35.000000000 +0100 -+++ ntp-4.2.6p1/ntpd/ntp_timer.c 2010-03-11 15:23:59.000000000 +0100 -@@ -56,7 +56,6 @@ static u_long adjust_timer; /* second ti - static u_long stats_timer; /* stats timer */ - static u_long huffpuff_timer; /* huff-n'-puff timer */ - u_long leapsec; /* leapseconds countdown */ --l_fp sys_time; /* current system time */ - #ifdef OPENSSL - static u_long revoke_timer; /* keys revoke timer */ - static u_long keys_timer; /* session key timer */ -@@ -74,6 +73,12 @@ volatile u_long alarm_overflow; - #define DAY (24 * HOUR) - - u_long current_time; /* seconds since startup */ -+l_fp timer_base; -+int time_elapsed; -+ -+#define TIMEOUT_TS_SIZE 2 -+l_fp timeout_ts[TIMEOUT_TS_SIZE]; -+unsigned int timeout_ts_index; - - /* - * Stats. Number of overflows and number of calls to transmit(). -@@ -110,6 +115,8 @@ static RETSIGTYPE alarming (int); - void - reinit_timer(void) - { -+ get_systime(&timer_base); -+#if 0 - #if !defined(SYS_WINNT) && !defined(VMS) - # if defined(HAVE_TIMER_CREATE) && defined(HAVE_TIMER_SETTIME) - timer_gettime(ntpd_timerid, &itimer); -@@ -143,6 +150,7 @@ reinit_timer(void) - setitimer(ITIMER_REAL, &itimer, (struct itimerval *)0); - # endif - # endif /* VMS */ -+#endif - } - - /* -@@ -165,6 +173,12 @@ init_timer(void) - timer_xmtcalls = 0; - timer_timereset = 0; - -+ get_systime(&timer_base); -+ -+ for (timeout_ts_index = 0; timeout_ts_index < TIMEOUT_TS_SIZE; timeout_ts_index++) -+ L_CLR(&timeout_ts[timeout_ts_index]); -+ timeout_ts_index = 0; -+#if 0 - #if !defined(SYS_WINNT) - /* - * Set up the alarm interrupt. The first comes 2**EVENT_TIMEOUT -@@ -226,6 +240,7 @@ init_timer(void) - } - - #endif /* SYS_WINNT */ -+#endif - } - - #if defined(SYS_WINNT) -@@ -236,6 +251,104 @@ get_timer_handle(void) - } - #endif - -+double -+get_timeout(l_fp *now) -+{ -+ register struct peer *peer, *next_peer; -+ u_int n; -+ double r; -+ int next; -+ l_fp ts; -+ -+ ts = *now; -+ L_SUB(&ts, &timeout_ts[timeout_ts_index]); -+ timeout_ts[timeout_ts_index] = *now; -+ timeout_ts_index = (timeout_ts_index + 1) % TIMEOUT_TS_SIZE; -+ -+ /* don't waste CPU time if called too frequently */ -+ if (ts.l_ui == 0) { -+ next = 1; -+ goto finish; -+ } -+ -+ next = current_time + HOUR; -+ -+ if (adj_host_clock_needed()) { -+ next = 1; -+ goto finish; -+ } -+ for (n = 0; n < NTP_HASH_SIZE; n++) { -+ for (peer = peer_hash[n]; peer != 0; peer = next_peer) { -+ next_peer = peer->next; -+#ifdef REFCLOCK -+ if (peer->flags & FLAG_REFCLOCK && refclock_timer_needed(peer)) { -+ next = 1; -+ goto finish; -+ } -+#endif /* REFCLOCK */ -+ if (peer->action) -+ next = min(next, peer->nextaction); -+ next = min(next, peer->nextdate); -+ } -+ } -+ -+ if (leapsec > 0) -+ next = min(next, leapsec); -+ -+ if (huffpuff_enabled()) -+ next = min(next, huffpuff_timer); -+ -+#ifdef OPENSSL -+ if (auth_agekeys_needed()) -+ next = min(next, keys_timer); -+ if (sys_leap != LEAP_NOTINSYNC) -+ next = min(next, revoke_timer); -+#endif /* OPENSSL */ -+ -+ if (interface_interval) -+ next = min(next, interface_timer); -+ -+ next = min(next, stats_timer); -+ -+ next -= current_time; -+ if (next <= 0) -+ next = 1; -+finish: -+ ts = timer_base; -+ ts.l_ui += next; -+ L_SUB(&ts, now); -+ LFPTOD(&ts, r); -+#ifdef DEBUG -+ DPRINTF(2, ("timer: timeout %f\n", r)); -+#endif -+ -+ return r; -+} -+ -+int -+timer_elapsed(l_fp now, int timeout) -+{ -+ int elapsed; -+ -+ L_SUB(&now, &timer_base); -+ elapsed = now.l_i; -+ if (elapsed < 0 || elapsed > timeout + 10) { -+#ifdef DEBUG -+ DPRINTF(2, ("timer: unexpected time jump\n")); -+#endif -+ elapsed = 0; -+ reinit_timer(); -+ -+ } -+ timer_base.l_ui += elapsed; -+ time_elapsed += elapsed; -+ current_time += elapsed; -+#ifdef DEBUG -+ DPRINTF(2, ("timer: time elapsed %d\n", time_elapsed)); -+#endif -+ return time_elapsed; -+} -+ - /* - * timer - event timer - */ -@@ -251,11 +364,9 @@ timer(void) - * kiss-o'-deatch function and implement the association - * polling function.. - */ -- current_time++; -- get_systime(&sys_time); - if (adjust_timer <= current_time) { -- adjust_timer += 1; -- adj_host_clock(); -+ adjust_timer += time_elapsed; -+ adj_host_clock(time_elapsed); - #ifdef REFCLOCK - for (n = 0; n < NTP_HASH_SIZE; n++) { - for (peer = peer_hash[n]; peer != 0; peer = next_peer) { -@@ -286,7 +397,7 @@ timer(void) - * 128 s or less. - */ - if (peer->throttle > 0) -- peer->throttle--; -+ peer->throttle -= min(peer->throttle, time_elapsed); - if (peer->nextdate <= current_time) { - #ifdef REFCLOCK - if (peer->flags & FLAG_REFCLOCK) -@@ -333,7 +444,7 @@ timer(void) - * set. - */ - if (leapsec > 0) { -- leapsec--; -+ leapsec -= min(leapsec, time_elapsed); - if (leapsec == 0) { - sys_leap = LEAP_NOWARNING; - sys_tai = leap_tai; -@@ -398,11 +509,15 @@ timer(void) - * Finally, write hourly stats. - */ - if (stats_timer <= current_time) { -+ l_fp sys_time; -+ get_systime(&sys_time); - stats_timer += HOUR; - write_stats(); - if (sys_tai != 0 && sys_time.l_ui > leap_expire) - report_event(EVNT_LEAPVAL, NULL, NULL); - } -+ -+ time_elapsed = 0; - } - - -diff -up ntp-4.2.6p1/ntpd/ntpd.c.sleep ntp-4.2.6p1/ntpd/ntpd.c ---- ntp-4.2.6p1/ntpd/ntpd.c.sleep 2010-03-10 19:27:46.000000000 +0100 -+++ ntp-4.2.6p1/ntpd/ntpd.c 2010-03-10 19:27:46.000000000 +0100 -@@ -195,8 +195,6 @@ extern const char *Version; - - char const *progname; - --int was_alarmed; -- - #ifdef DECL_SYSCALL - /* - * We put this here, since the argument profile is syscall-specific -@@ -1033,7 +1031,7 @@ getgroup: - #else /* normal I/O */ - - BLOCK_IO_AND_ALARM(); -- was_alarmed = 0; -+ - for (;;) - { - # if !defined(HAVE_SIGNALED_IO) -@@ -1041,42 +1039,39 @@ getgroup: - extern int maxactivefd; - - fd_set rdfdes; -- int nfound; --# endif -+ int nfound, time_elapsed; - -- if (alarm_flag) /* alarmed? */ -- { -- was_alarmed = 1; -- alarm_flag = 0; -- } -+ time_elapsed = 0; -+# endif - -- if (!was_alarmed && has_full_recv_buffer() == ISC_FALSE) -+ if (has_full_recv_buffer() == ISC_FALSE) - { - /* - * Nothing to do. Wait for something. - */ - # ifndef HAVE_SIGNALED_IO -+ double timeout; -+ - rdfdes = activefds; --# if defined(VMS) || defined(SYS_VXWORKS) -- /* make select() wake up after one second */ -- { -- struct timeval t1; -+ get_systime(&now); -+ timeout = get_timeout(&now); - -- t1.tv_sec = 1; t1.tv_usec = 0; -+ if (timeout > 0.0) { -+ struct timeval t1; -+ -+ t1.tv_sec = timeout; -+ t1.tv_usec = (timeout - t1.tv_sec) * 1000000; - nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0, - (fd_set *)0, &t1); -- } --# else -- nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0, -- (fd_set *)0, (struct timeval *)0); --# endif /* VMS */ -- if (nfound > 0) -- { -- l_fp ts; -+ get_systime(&now); -+ } else -+ nfound = 0; - -- get_systime(&ts); -+ time_elapsed = timer_elapsed(now, timeout); - -- (void)input_handler(&ts); -+ if (nfound > 0) -+ { -+ (void)input_handler(&now); - } - else if (nfound == -1 && errno != EINTR) - msyslog(LOG_ERR, "select() error: %m"); -@@ -1085,17 +1080,13 @@ getgroup: - msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound); - # endif /* DEBUG */ - # else /* HAVE_SIGNALED_IO */ -+# error not supported by sleep patch - - wait_for_signal(); - # endif /* HAVE_SIGNALED_IO */ -- if (alarm_flag) /* alarmed? */ -- { -- was_alarmed = 1; -- alarm_flag = 0; -- } - } - -- if (was_alarmed) -+ if (time_elapsed > 0) - { - UNBLOCK_IO_AND_ALARM(); - /* -@@ -1103,7 +1094,6 @@ getgroup: - * to process expiry. - */ - timer(); -- was_alarmed = 0; - BLOCK_IO_AND_ALARM(); - } - -@@ -1121,19 +1111,8 @@ getgroup: - rbuf = get_full_recv_buffer(); - while (rbuf != NULL) - { -- if (alarm_flag) -- { -- was_alarmed = 1; -- alarm_flag = 0; -- } - UNBLOCK_IO_AND_ALARM(); - -- if (was_alarmed) -- { /* avoid timer starvation during lengthy I/O handling */ -- timer(); -- was_alarmed = 0; -- } -- - /* - * Call the data procedure to handle each received - * packet. diff --git a/ntp/patches/ntp-4.2.6p2-multiopts.patch b/ntp/patches/ntp-4.2.6p2-multiopts.patch deleted file mode 100644 index c4ea459..0000000 --- a/ntp/patches/ntp-4.2.6p2-multiopts.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up ntp-4.2.6p2/ntpd/ntpd-opts.c.multiopts ntp-4.2.6p2/ntpd/ntpd-opts.c ---- ntp-4.2.6p2/ntpd/ntpd-opts.c.multiopts 2010-09-15 17:37:10.000000000 +0200 -+++ ntp-4.2.6p2/ntpd/ntpd-opts.c 2010-10-01 13:28:49.000000000 +0200 -@@ -755,7 +755,7 @@ static tOptDesc optDesc[ OPTION_CT ] = { - { /* entry idx, value */ 18, VALUE_OPT_PIDFILE, - /* equiv idx, value */ 18, VALUE_OPT_PIDFILE, - /* equivalenced to */ NO_EQUIVALENT, -- /* min, max, act ct */ 0, 1, 0, -+ /* min, max, act ct */ 0, 2, 0, - /* opt state flags */ PIDFILE_FLAGS, 0, - /* last opt argumnt */ { NULL }, - /* arg list/cookie */ NULL, -@@ -839,7 +839,7 @@ static tOptDesc optDesc[ OPTION_CT ] = { - { /* entry idx, value */ 25, VALUE_OPT_USER, - /* equiv idx, value */ 25, VALUE_OPT_USER, - /* equivalenced to */ NO_EQUIVALENT, -- /* min, max, act ct */ 0, 1, 0, -+ /* min, max, act ct */ 0, 2, 0, - /* opt state flags */ USER_FLAGS, 0, - /* last opt argumnt */ { NULL }, - /* arg list/cookie */ NULL, diff --git a/ntp/patches/ntp-4.2.6p3-bcast.patch b/ntp/patches/ntp-4.2.6p3-bcast.patch deleted file mode 100644 index 57581f3..0000000 --- a/ntp/patches/ntp-4.2.6p3-bcast.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff -up ntp-4.2.6p3/ntpd/ntp_io.c.bcast ntp-4.2.6p3/ntpd/ntp_io.c ---- ntp-4.2.6p3/ntpd/ntp_io.c.bcast 2010-12-25 10:40:36.000000000 +0100 -+++ ntp-4.2.6p3/ntpd/ntp_io.c 2011-01-05 17:46:13.820049150 +0100 -@@ -151,6 +151,8 @@ int ninterfaces; /* Total number of in - - int disable_dynamic_updates; /* scan interfaces once only */ - -+static int pktinfo_status = 0; /* is IP_PKTINFO on wildipv4 iface enabled? */ -+ - #ifdef REFCLOCK - /* - * Refclock stuff. We keep a chain of structures with data concerning -@@ -2254,6 +2256,17 @@ set_reuseaddr( - #endif /* ! SO_EXCLUSIVEADDRUSE */ - } - -+static void -+set_pktinfo(int flag) -+{ -+ if (wildipv4 == NULL) -+ return; -+ if (setsockopt(wildipv4->fd, SOL_IP, IP_PKTINFO, &flag, sizeof (flag))) { -+ msyslog(LOG_ERR, "set_pktinfo: setsockopt(IP_PKTINFO, %s) failed: %m", flag ? "on" : "off"); -+ } else -+ pktinfo_status = flag; -+} -+ - /* - * This is just a wrapper around an internal function so we can - * make other changes as necessary later on -@@ -2659,6 +2672,7 @@ io_setbclient(void) - } - } - set_reuseaddr(0); -+ set_pktinfo(1); - if (nif > 0) - DPRINTF(1, ("io_setbclient: Opened broadcast clients\n")); - else if (!nif) -@@ -2685,6 +2699,7 @@ io_unsetbclient(void) - continue; - socket_broadcast_disable(ep, &ep->sin); - } -+ set_pktinfo(0); - } - - /* -@@ -3392,7 +3407,8 @@ read_network_packet( - #ifdef HAVE_TIMESTAMP - struct msghdr msghdr; - struct iovec iovec; -- char control[TIMESTAMP_CTLMSGBUF_SIZE]; -+ char control[sizeof (struct cmsghdr) * 2 + sizeof (struct timeval) + -+ sizeof (struct in_pktinfo) + 32]; - #endif - - /* -@@ -3403,7 +3419,7 @@ read_network_packet( - */ - - rb = get_free_recv_buffer(); -- if (NULL == rb || itf->ignore_packets) { -+ if (NULL == rb || (itf->ignore_packets && !(pktinfo_status && itf == wildipv4))) { - char buf[RX_BUFF_SIZE]; - sockaddr_u from; - -@@ -3463,6 +3479,27 @@ read_network_packet( - return (buflen); - } - -+ if (pktinfo_status && itf->ignore_packets && itf == wildipv4) { -+ /* check for broadcast on 255.255.255.255, exception allowed on wildipv4 */ -+ struct cmsghdr *cmsg; -+ struct in_pktinfo *pktinfo = NULL; -+ -+ if ((cmsg = CMSG_FIRSTHDR(&msghdr))) -+ do { -+ if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_PKTINFO) -+ pktinfo = (struct in_pktinfo *) CMSG_DATA(cmsg); -+ } while ((cmsg = CMSG_NXTHDR(&msghdr, cmsg))); -+ if (pktinfo && pktinfo->ipi_addr.s_addr == INADDR_BROADCAST) { -+ DPRINTF(4, ("INADDR_BROADCAST\n")); -+ } else { -+ DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", "ignore", -+ free_recvbuffs(), fd, stoa(&rb->recv_srcadr))); -+ packets_ignored++; -+ freerecvbuf(rb); -+ return (buflen); -+ } -+ } -+ - DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", - fd, buflen, stoa(&rb->recv_srcadr))); - diff --git a/ntp/patches/ntp-4.2.6p3-broadcastdelay.patch b/ntp/patches/ntp-4.2.6p3-broadcastdelay.patch deleted file mode 100644 index f9c1929..0000000 --- a/ntp/patches/ntp-4.2.6p3-broadcastdelay.patch +++ /dev/null @@ -1,31 +0,0 @@ -==== ntpd/ntp_proto.c ==== -2010-10-22 01:55:45-04:00, stenn@deacon.udel.edu +2 -5 - [Bug 1670] Fix peer->bias and broadcastdelay - ---- 1.307/ntpd/ntp_proto.c 2010-10-11 21:06:05 -07:00 -+++ 1.308/ntpd/ntp_proto.c 2010-10-21 22:55:45 -07:00 -@@ -929,7 +929,6 @@ receive( - - } else { - peer->delay = sys_bdelay; -- peer->bias = -sys_bdelay / 2.; - } - break; - } -@@ -1570,7 +1569,6 @@ process_packet( - p_del = fabs(t21 - t34); - p_offset = (t21 + t34) / 2.; - } -- p_offset += peer->bias; - p_disp = LOGTOD(sys_precision) + LOGTOD(peer->precision) + - clock_phi * p_del; - -@@ -1647,7 +1645,7 @@ process_packet( - /* - * That was awesome. Now hand off to the clock filter. - */ -- clock_filter(peer, p_offset, p_del, p_disp); -+ clock_filter(peer, p_offset + peer->bias, p_del, p_disp); - - /* - * If we are in broadcast calibrate mode, return to broadcast diff --git a/ntp/patches/ntp-4.2.6p4-droproot.patch b/ntp/patches/ntp-4.2.6p4-droproot.patch deleted file mode 100644 index 1d953d1..0000000 --- a/ntp/patches/ntp-4.2.6p4-droproot.patch +++ /dev/null @@ -1,207 +0,0 @@ -diff -up ntp-4.2.6p4/html/ntpdate.html.droproot ntp-4.2.6p4/html/ntpdate.html ---- ntp-4.2.6p4/html/ntpdate.html.droproot 2011-07-11 04:18:25.000000000 +0200 -+++ ntp-4.2.6p4/html/ntpdate.html 2011-10-05 15:47:29.643634928 +0200 -@@ -18,7 +18,7 @@ - <hr> - <p>Disclaimer: The functionality of this program is now available in the <tt>ntpd</tt> program. See the <tt>-q</tt> command line option in the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page. After a suitable period of mourning, the <tt>ntpdate</tt> program is to be retired from this distribution</p> - <h4>Synopsis</h4> -- <tt>ntpdate [ -46bBdqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] <i>server</i> [ ... ]</tt> -+ <tt>ntpdate [ -46bBdqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt> - <h4>Description</h4> - <p><tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.</p> - <p><tt>ntpdate</tt> can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon <tt>ntpd</tt>. It is also possible to run <tt>ntpdate</tt> from a <tt>cron</tt> script. However, it is important to note that <tt>ntpdate</tt> with contrived <tt>cron</tt> scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since <tt>ntpdate</tt> does not discipline the host clock frequency as does <tt>ntpd</tt>, the accuracy using <tt>ntpdate</tt> is limited.</p> -@@ -58,6 +58,10 @@ - <dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports. - <dt><tt>-<i>v</i></tt> - <dd>Be verbose. This option will cause <tt>ntpdate</tt>'s version identification string to be logged. -+ <dt><tt>-U <i>user_name</i></tt></dt> -+ <dd>ntpdate process drops root privileges and changes user ID to -+ <i>user_name</i> and group ID to the primary group of -+ <i>server_user</i>. - </dl> - <h4>Diagnostics</h4> - <tt>ntpdate</tt>'s exit status is zero if it finds a server and updates the clock, and nonzero otherwise. -diff -up ntp-4.2.6p4/ntpdate/ntpdate.c.droproot ntp-4.2.6p4/ntpdate/ntpdate.c ---- ntp-4.2.6p4/ntpdate/ntpdate.c.droproot 2011-05-25 07:06:09.000000000 +0200 -+++ ntp-4.2.6p4/ntpdate/ntpdate.c 2011-10-05 15:45:39.570555972 +0200 -@@ -49,6 +49,12 @@ - - #include <arpa/inet.h> - -+/* Linux capabilities */ -+#include <sys/capability.h> -+#include <sys/prctl.h> -+#include <pwd.h> -+#include <grp.h> -+ - #ifdef SYS_VXWORKS - # include "ioLib.h" - # include "sockLib.h" -@@ -153,6 +159,11 @@ int simple_query = 0; - int unpriv_port = 0; - - /* -+ * Use capabilities to drop privileges and switch uids -+ */ -+char *server_user; -+ -+/* - * Program name. - */ - char *progname; -@@ -294,6 +305,88 @@ void clear_globals() - static ni_namelist *getnetinfoservers (void); - #endif - -+/* This patch is adapted (copied) from Chris Wings drop root patch -+ * for xntpd. -+ */ -+void drop_root(uid_t server_uid, gid_t server_gid) -+{ -+ cap_t caps; -+ -+ if (prctl(PR_SET_KEEPCAPS, 1)) { -+ if (syslogit) { -+ msyslog(LOG_ERR, "prctl(PR_SET_KEEPCAPS, 1) failed"); -+ } -+ else { -+ fprintf(stderr, "prctl(PR_SET_KEEPCAPS, 1) failed.\n"); -+ } -+ exit(1); -+ } -+ -+ if ( setgroups(0, NULL) == -1 ) { -+ if (syslogit) { -+ msyslog(LOG_ERR, "setgroups failed."); -+ } -+ else { -+ fprintf(stderr, "setgroups failed.\n"); -+ } -+ exit(1); -+ } -+ -+ if ( setegid(server_gid) == -1 || seteuid(server_uid) == -1 ) { -+ if (syslogit) { -+ msyslog(LOG_ERR, "setegid/seteuid to uid=%d/gid=%d failed.", server_uid, -+ server_gid); -+ } -+ else { -+ fprintf(stderr, "setegid/seteuid to uid=%d/gid=%d failed.\n", server_uid, -+ server_gid); -+ } -+ exit(1); -+ } -+ -+ caps = cap_from_text("cap_sys_time=epi"); -+ if (caps == NULL) { -+ if (syslogit) { -+ msyslog(LOG_ERR, "cap_from_text failed."); -+ } -+ else { -+ fprintf(stderr, "cap_from_text failed.\n"); -+ } -+ exit(1); -+ } -+ -+ if (cap_set_proc(caps) == -1) { -+ if (syslogit) { -+ msyslog(LOG_ERR, "cap_set_proc failed."); -+ } -+ else { -+ fprintf(stderr, "cap_set_proc failed.\n"); -+ } -+ exit(1); -+ } -+ -+ /* Try to free the memory from cap_from_text */ -+ cap_free( caps ); -+ -+ if ( setregid(server_gid, server_gid) == -1 || -+ setreuid(server_uid, server_uid) == -1 ) { -+ if (syslogit) { -+ msyslog(LOG_ERR, "setregid/setreuid to uid=%d/gid=%d failed.", -+ server_uid, server_gid); -+ } -+ else { -+ fprintf(stderr, "setregid/setreuid to uid=%d/gid=%d failed.\n", -+ server_uid, server_gid); -+ } -+ exit(1); -+ } -+ -+ if (syslogit) { -+ msyslog(LOG_DEBUG, "running as uid(%d)/gid(%d) euid(%d)/egid(%d).", -+ getuid(), getgid(), geteuid(), getegid()); -+ } -+} -+ - /* - * Main program. Initialize us and loop waiting for I/O and/or - * timer expiries. -@@ -341,6 +434,8 @@ ntpdatemain ( - - init_lib(); /* sets up ipv4_works, ipv6_works */ - -+ server_user = NULL; -+ - /* Check to see if we have IPv6. Otherwise default to IPv4 */ - if (!ipv6_works) - ai_fam_templ = AF_INET; -@@ -352,7 +447,7 @@ ntpdatemain ( - /* - * Decode argument list - */ -- while ((c = ntp_getopt(argc, argv, "46a:bBde:k:o:p:qst:uv")) != EOF) -+ while ((c = ntp_getopt(argc, argv, "46a:bBde:k:o:p:qst:uvU:")) != EOF) - switch (c) - { - case '4': -@@ -429,6 +524,14 @@ ntpdatemain ( - case 'u': - unpriv_port = 1; - break; -+ case 'U': -+ if (ntp_optarg) { -+ server_user = strdup(ntp_optarg); -+ } -+ else { -+ ++errflg; -+ } -+ break; - case '?': - ++errflg; - break; -@@ -438,7 +541,7 @@ ntpdatemain ( - - if (errflg) { - (void) fprintf(stderr, -- "usage: %s [-46bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-t timeo] server ...\n", -+ "usage: %s [-46bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-t timeo] [-U username] server ...\n", - progname); - exit(2); - } -@@ -544,6 +647,24 @@ ntpdatemain ( - initializing = 0; - was_alarmed = 0; - -+ if (server_user) { -+ struct passwd *pwd = NULL; -+ -+ /* Lookup server_user uid/gid before chroot/chdir */ -+ pwd = getpwnam( server_user ); -+ if ( pwd == NULL ) { -+ if (syslogit) { -+ msyslog(LOG_ERR, "Failed to lookup user '%s'.", server_user); -+ } -+ else { -+ fprintf(stderr, "Failed to lookup user '%s'.\n", server_user); -+ } -+ exit(1); -+ } -+ drop_root(pwd->pw_uid, pwd->pw_gid); -+ } -+ -+ - while (complete_servers < sys_numservers) { - #ifdef HAVE_POLL_H - struct pollfd* rdfdes; diff --git a/ntp/patches/ntp-4.2.6p4-htmldoc.patch b/ntp/patches/ntp-4.2.6p4-htmldoc.patch deleted file mode 100644 index 2b2dab7..0000000 --- a/ntp/patches/ntp-4.2.6p4-htmldoc.patch +++ /dev/null @@ -1,76 +0,0 @@ -diff -up ntp-4.2.6p4/html/authopt.html.htmldoc ntp-4.2.6p4/html/authopt.html ---- ntp-4.2.6p4/html/authopt.html.htmldoc 2011-07-11 04:18:25.000000000 +0200 -+++ ntp-4.2.6p4/html/authopt.html 2011-10-05 17:30:09.463244610 +0200 -@@ -364,7 +364,7 @@ UTC</p> - are left unspecified, the default names are used as described below. Unless - the complete path and name of the file are specified, the location of a file - is relative to the keys directory specified in the <tt>keysdir</tt> configuration -- command or default <tt>/usr/local/etc</tt>. Following are the options.</dd> -+ command or default <tt>/etc/ntp/crypto</tt>. Following are the options.</dd> - - <dd><dl> - -@@ -396,7 +396,7 @@ UTC</p> - <dd>Specifies the complete path to the MD5 key file containing the keys and key IDs used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option. Note that the directory path for Autokey media is specified by the <tt>keysdir</tt> command.</dd> - - <dt id="keysdir"><tt>keysdir <i>path</i></tt>K</dt> --<dd>This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd> -+<dd>This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is <tt>/etc/ntp/crypto</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd> - - <dt id="requestkey"><tt>requestkey <i>keyid</i></tt></dt> - <dd>Specifies the key ID to use with the -diff -up ntp-4.2.6p4/html/keygen.html.htmldoc ntp-4.2.6p4/html/keygen.html ---- ntp-4.2.6p4/html/keygen.html.htmldoc 2011-07-11 04:18:26.000000000 +0200 -+++ ntp-4.2.6p4/html/keygen.html 2011-10-05 17:30:09.463244610 +0200 -@@ -206,7 +206,6 @@ - <p>All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the OpenSSL library routines. If a site supports <tt>ssh</tt>, it is very likely that means to do this are already available. The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the <tt>ntp-keygen</tt> program or <tt>ntpd</tt> daemon.</p> - - <p>The OpenSSL library looks for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library looks for the <tt>.rnd</tt> file in the user home directory. Since both the <tt>ntp-keygen</tt> program and <tt>ntpd</tt> daemon must run as root, the logical place to put this file is in <tt>/.rnd</tt> or <tt>/root/.rnd</tt>. If the file is not available or cannot be written, the program exits with a message to the system log.</p> --<p>On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the <tt>randfile</tt> subcommand or the <tt>RANDFILE</tt> environment variable is ignored.</p> - - <h4 id="priv">Cryptographic Data Files</h4> - -diff -up ntp-4.2.6p4/html/ntpd.html.htmldoc ntp-4.2.6p4/html/ntpd.html ---- ntp-4.2.6p4/html/ntpd.html.htmldoc 2011-07-11 04:18:26.000000000 +0200 -+++ ntp-4.2.6p4/html/ntpd.html 2011-10-05 17:34:07.545384008 +0200 -@@ -214,14 +214,14 @@ - </tr> - <tr> - <td width="30%">statistics path</td> -- <td width="30%"><tt>/var/NTP</tt></td> -+ <td width="30%"><tt>/var/log/ntpstats/</tt></td> - <td width="20%"><tt>-s</tt></td> - <td width="20%"><tt>statsdir</tt></td> - </tr> - <tr> - <td width="30%">keys path</td> -- <td width="30%"><tt>/usr/local/etc</tt></td> -- <td width="20%"><tt>-k</tt></td> -+ <td width="30%"><tt>/etc/ntp/crypto</tt></td> -+ <td width="20%"><tt>none</tt></td> - <td width="20%"><tt>keysdir</tt></td> - </tr> - </table> -diff -up ntp-4.2.6p4/html/ntpdate.html.htmldoc ntp-4.2.6p4/html/ntpdate.html ---- ntp-4.2.6p4/html/ntpdate.html.htmldoc 2011-10-05 17:30:09.438244595 +0200 -+++ ntp-4.2.6p4/html/ntpdate.html 2011-10-05 17:36:24.195463971 +0200 -@@ -43,7 +43,7 @@ - <dt><tt>-e <i>authdelay</i></tt> - <dd>Specify the processing delay to perform an authentication function as the value <i>authdelay</i>, in seconds and fraction (see <tt>ntpd</tt> for details). This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping on very slow CPU's. - <dt><tt>-k <i>keyfile</i></tt> -- <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp.keys</tt>. This file should be in the format described in <tt>ntpd</tt>. -+ <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp/keys</tt>. This file should be in the format described in <tt>ntpd</tt>. - <dt><tt>-o <i>version</i></tt> - <dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 4. This allows <tt>ntpdate</tt> to be used with older NTP versions. - <dt><tt>-p <i>samples</i></tt> -@@ -66,7 +66,7 @@ - <h4>Diagnostics</h4> - <tt>ntpdate</tt>'s exit status is zero if it finds a server and updates the clock, and nonzero otherwise. - <h4>Files</h4> -- <tt>/etc/ntp.keys</tt> - encryption keys used by <tt>ntpdate</tt>. -+ <tt>/etc/ntp/keys</tt> - encryption keys used by <tt>ntpdate</tt>. - <h4>Bugs</h4> - The slew adjustment is actually 50% larger than the measured offset, since this (it is argued) will tend to keep a badly drifting clock more accurate. This is probably not a good idea and may cause a troubling hunt for some values of the kernel variables <tt>tick</tt> and <tt>tickadj</tt>. - <hr> -diff -up ntp-4.2.6p4/html/ntpdc.html.htmldoc ntp-4.2.6p4/html/ntpdc.html -diff -up ntp-4.2.6p4/html/ntpq.html.htmldoc ntp-4.2.6p4/html/ntpq.html diff --git a/ntp/patches/ntp-4.2.6p4-mlock.patch b/ntp/patches/ntp-4.2.6p4-mlock.patch deleted file mode 100644 index 354f7d5..0000000 --- a/ntp/patches/ntp-4.2.6p4-mlock.patch +++ /dev/null @@ -1,140 +0,0 @@ -diff -up ntp-4.2.6p4/html/ntpd.html.mlock ntp-4.2.6p4/html/ntpd.html ---- ntp-4.2.6p4/html/ntpd.html.mlock 2011-10-06 13:08:50.897274352 +0200 -+++ ntp-4.2.6p4/html/ntpd.html 2011-10-06 13:08:50.909274362 +0200 -@@ -32,7 +32,7 @@ - </ul> - <hr> - <h4 id="synop">Synopsis</h4> -- <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt> -+ <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt> - <h4 id="descr">Description</h4> - <p>The <tt>ntpd</tt> program is an operating system daemon that synchronises the system clock with remote NTP time servers or local reference clocks. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. The program can operate in any of several modes, as described on the <a href="assoc.html">Association Management</a> page, and with both symmetric key and public key cryptography, as described on the <a href="manyopt.html">Authentication Options</a> page.</p> - <p>The <tt>ntpd</tt> program ordinarily requires a configuration file as desccribe on the Configuration Commands and Options collection above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment. Further details are on the <a href="manyopt.html">Automatic Server Discovery</a> page.</p> -@@ -123,6 +123,8 @@ - <dd>Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please consider using the configuration file <a href="miscopt.html#interface">interface</a> command, which is more versatile.</dd> - <dt><tt>-M</tt></dt> - <dd>Raise scheduler precision to its maximum (1 msec) using timeBeginPeriod. (Windows only)</dd> -+ <dt><tt>-m</tt> -+ <dd>Lock memory. - <dt><tt>-n</tt></dt> - <dd>Don't fork.</dd> - <dt><tt>-N</tt></dt> -diff -up ntp-4.2.6p4/ntpd/ntpd-opts.c.mlock ntp-4.2.6p4/ntpd/ntpd-opts.c ---- ntp-4.2.6p4/ntpd/ntpd-opts.c.mlock 2011-09-23 05:36:04.000000000 +0200 -+++ ntp-4.2.6p4/ntpd/ntpd-opts.c 2011-10-06 13:10:54.082360146 +0200 -@@ -276,6 +276,15 @@ static char const zNice_Name[] - #define NICE_FLAGS (OPTST_DISABLED) - - /* -+ * Mlock option description: -+ */ -+static char const zMlockText[] = -+ "Lock memory"; -+static char const zMlock_NAME[] = "MLOCK"; -+static char const zMlock_Name[] = "mlock"; -+#define MLOCK_FLAGS (OPTST_DISABLED) -+ -+/* - * Pidfile option description: - */ - static char const zPidfileText[] = -@@ -903,6 +912,18 @@ static tOptDesc optDesc[OPTION_CT] = { - /* desc, NAME, name */ zPccfreqText, zPccfreq_NAME, zPccfreq_Name, - /* disablement strs */ NULL, NULL }, - -+ { /* entry idx, value */ 32, VALUE_OPT_MLOCK, -+ /* equiv idx, value */ 32, VALUE_OPT_MLOCK, -+ /* equivalenced to */ NO_EQUIVALENT, -+ /* min, max, act ct */ 0, 1, 0, -+ /* opt state flags */ MLOCK_FLAGS, 0, -+ /* last opt argumnt */ { NULL }, -+ /* arg list/cookie */ NULL, -+ /* must/cannot opts */ NULL, NULL, -+ /* option proc */ NULL, -+ /* desc, NAME, name */ zMlockText, zMlock_NAME, zMlock_Name, -+ /* disablement strs */ NULL, NULL }, -+ - { /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION, - /* equiv idx value */ NO_EQUIVALENT, 0, - /* equivalenced to */ NO_EQUIVALENT, -@@ -1018,7 +1039,7 @@ tOptions ntpdOptions = { - NO_EQUIVALENT, /* '-#' option index */ - NO_EQUIVALENT /* index of default opt */ - }, -- 35 /* full option count */, 32 /* user option count */, -+ 36 /* full option count */, 33 /* user option count */, - ntpd_full_usage, ntpd_short_usage, - NULL, NULL, - PKGDATADIR, ntpd_packager_info -diff -up ntp-4.2.6p4/ntpd/ntpd-opts.h.mlock ntp-4.2.6p4/ntpd/ntpd-opts.h ---- ntp-4.2.6p4/ntpd/ntpd-opts.h.mlock 2011-09-23 05:36:04.000000000 +0200 -+++ ntp-4.2.6p4/ntpd/ntpd-opts.h 2011-10-06 13:08:50.910274363 +0200 -@@ -81,6 +81,7 @@ typedef enum { -- INDEX_OPT_VERSION = 32, -- INDEX_OPT_HELP = 33, -- INDEX_OPT_MORE_HELP = 34 -+ INDEX_OPT_MLOCK = 32, -+ INDEX_OPT_VERSION = 33, -+ INDEX_OPT_HELP = 34, -+ INDEX_OPT_MORE_HELP = 35 - } teOptIndex; - --#define OPTION_CT 35 -+#define OPTION_CT 36 -@@ -187,6 +188,10 @@ typedef enum { - # warning undefining MODIFYMMTIMER due to option name conflict - # undef MODIFYMMTIMER - # endif -+# ifdef MLOCK -+# warning undefining MLOCK due to option name conflict -+# undef MLOCK -+# endif - # ifdef NOFORK - # warning undefining NOFORK due to option name conflict - # undef NOFORK -@@ -268,6 +273,7 @@ typedef enum { - # undef LOGFILE - # undef NOVIRTUALIPS - # undef MODIFYMMTIMER -+# undef MLOCK - # undef NOFORK - # undef NICE - # undef PIDFILE -@@ -306,6 +312,7 @@ typedef enum { - #define VALUE_OPT_LOGFILE 'l' - #define VALUE_OPT_NOVIRTUALIPS 'L' - #define VALUE_OPT_MODIFYMMTIMER 'M' -+#define VALUE_OPT_MLOCK 'm' - #define VALUE_OPT_NOFORK 'n' - #define VALUE_OPT_NICE 'N' - #define VALUE_OPT_PIDFILE 'p' -diff -up ntp-4.2.6p4/ntpd/ntpd.c.mlock ntp-4.2.6p4/ntpd/ntpd.c ---- ntp-4.2.6p4/ntpd/ntpd.c.mlock 2011-10-06 13:08:50.869274334 +0200 -+++ ntp-4.2.6p4/ntpd/ntpd.c 2011-10-06 13:08:50.911274363 +0200 -@@ -723,7 +723,8 @@ ntpdmain( - } - #endif - --#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE) -+#if defined(MCL_CURRENT) && defined(MCL_FUTURE) -+ if (HAVE_OPT( MLOCK )) { - # ifdef HAVE_SETRLIMIT - /* - * Set the stack limit to something smaller, so that we don't lock a lot -@@ -749,7 +750,7 @@ ntpdmain( - * fail if we drop root privlege. To be useful the value - * has to be larger than the largest ntpd resident set size. - */ -- rl.rlim_cur = rl.rlim_max = 32*1024*1024; -+ rl.rlim_cur = rl.rlim_max = 64*1024*1024; - if (setrlimit(RLIMIT_MEMLOCK, &rl) == -1) { - msyslog(LOG_ERR, "Cannot set RLIMIT_MEMLOCK: %m"); - } -@@ -761,6 +762,7 @@ ntpdmain( - */ - if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0) - msyslog(LOG_ERR, "mlockall(): %m"); -+ } - #else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */ - # ifdef HAVE_PLOCK - # ifdef PROCLOCK diff --git a/ntp/patches/ntp-4.2.6p4-rtnetlink.patch b/ntp/patches/ntp-4.2.6p4-rtnetlink.patch deleted file mode 100644 index 06d2e87..0000000 --- a/ntp/patches/ntp-4.2.6p4-rtnetlink.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up ntp-4.2.6p4/ntpd/ntp_io.c.rtnetlink ntp-4.2.6p4/ntpd/ntp_io.c ---- ntp-4.2.6p4/ntpd/ntp_io.c.rtnetlink 2011-10-05 15:49:17.061711033 +0200 -+++ ntp-4.2.6p4/ntpd/ntp_io.c 2011-10-05 15:49:17.074711042 +0200 -@@ -4549,10 +4549,7 @@ init_async_notifications() - #ifdef HAVE_RTNETLINK - memset(&sa, 0, sizeof(sa)); - sa.nl_family = PF_NETLINK; -- sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR -- | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE -- | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE -- | RTMGRP_IPV6_MROUTE; -+ sa.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR; - if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { - msyslog(LOG_ERR, - "bind failed on routing socket (%m) - using polled interface update"); diff --git a/ntp/patches/ntp-4.2.6p5-delaycalib.patch b/ntp/patches/ntp-4.2.6p5-delaycalib.patch deleted file mode 100644 index 7e9a310..0000000 --- a/ntp/patches/ntp-4.2.6p5-delaycalib.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.delaycalib ntp-4.2.6p5/ntpd/ntp_proto.c ---- ntp-4.2.6p5/ntpd/ntp_proto.c.delaycalib 2012-02-28 15:57:57.000000000 +0100 -+++ ntp-4.2.6p5/ntpd/ntp_proto.c 2012-02-28 16:01:30.080135978 +0100 -@@ -1514,7 +1514,7 @@ process_packet( - */ - if (FLAG_BC_VOL & peer->flags) { - peer->flags &= ~FLAG_BC_VOL; -- peer->delay = (peer->offset - p_offset) * 2; -+ peer->delay = fabs(peer->offset - p_offset) * 2; - } - p_del = peer->delay; - p_offset += p_del / 2; diff --git a/ntp/patches/ntp-4.2.6p5-fipsmd5.patch b/ntp/patches/ntp-4.2.6p5-fipsmd5.patch deleted file mode 100644 index b6d8889..0000000 --- a/ntp/patches/ntp-4.2.6p5-fipsmd5.patch +++ /dev/null @@ -1,47 +0,0 @@ -diff -up ntp-4.2.6p5/libntp/a_md5encrypt.c.fipsmd5 ntp-4.2.6p5/libntp/a_md5encrypt.c ---- ntp-4.2.6p5/libntp/a_md5encrypt.c.fipsmd5 2011-12-01 03:55:17.000000000 +0100 -+++ ntp-4.2.6p5/libntp/a_md5encrypt.c 2012-10-24 16:24:04.972358878 +0200 -@@ -38,7 +38,11 @@ MD5authencrypt( - * was creaded. - */ - INIT_SSL(); -- EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); -+ if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) { -+ msyslog(LOG_ERR, -+ "MAC encrypt: digest init failed"); -+ return (0); -+ } - EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen); - EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); - EVP_DigestFinal(&ctx, digest, &len); -@@ -71,7 +75,11 @@ MD5authdecrypt( - * was created. - */ - INIT_SSL(); -- EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); -+ if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) { -+ msyslog(LOG_ERR, -+ "MAC decrypt: digest init failed"); -+ return (0); -+ } - EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen); - EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); - EVP_DigestFinal(&ctx, digest, &len); -@@ -101,7 +109,16 @@ addr2refid(sockaddr_u *addr) - return (NSRCADR(addr)); - - INIT_SSL(); -- EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5)); -+ EVP_MD_CTX_init(&ctx); -+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW -+ /* MD5 is not used as a crypto hash here. */ -+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -+#endif -+ if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) { -+ msyslog(LOG_ERR, -+ "MD5 init failed"); -+ exit(1); -+ } - EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr), - sizeof(struct in6_addr)); - EVP_DigestFinal(&ctx, digest, &len); diff --git a/plymouth/patches/plymouth-0.8.0-everything-is-better-in-red.patch b/plymouth/patches/plymouth-0.8.0-everything-is-better-in-red.patch deleted file mode 100644 index 7dba9f7..0000000 --- a/plymouth/patches/plymouth-0.8.0-everything-is-better-in-red.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up plymouth-0.8.0/src/plugins/splash/text/plugin.c.red plymouth-0.8.0/src/plugins/splash/text/plugin.c ---- plymouth-0.8.0/src/plugins/splash/text/plugin.c.red 2009-11-19 14:40:24.000000000 -0500 -+++ plymouth-0.8.0/src/plugins/splash/text/plugin.c 2009-11-19 14:41:40.000000000 -0500 -@@ -184,10 +184,10 @@ view_start_animation (view_t *view) - 0xffffff); - ply_terminal_set_color_hex_value (terminal, - PLY_TERMINAL_COLOR_BLUE, -- 0x0073B3); -+ 0xCC0A00); - ply_terminal_set_color_hex_value (terminal, - PLY_TERMINAL_COLOR_BROWN, -- 0x00457E); -+ 0x880400); - - ply_text_display_set_background_color (view->display, - PLY_TERMINAL_COLOR_BLACK); diff --git a/plymouth/patches/plymouth-0.9.0-everything-is-better-in-red.patch b/plymouth/patches/plymouth-0.9.0-everything-is-better-in-red.patch new file mode 100644 index 0000000..f2981ca --- /dev/null +++ b/plymouth/patches/plymouth-0.9.0-everything-is-better-in-red.patch @@ -0,0 +1,16 @@ +diff -Nur plymouth-0.9.0_orig/src/plugins/splash/text/plugin.c plymouth-0.9.0/src/plugins/splash/text/plugin.c +--- plymouth-0.9.0_orig/src/plugins/splash/text/plugin.c 2014-04-21 17:18:19.000000000 +0200 ++++ plymouth-0.9.0/src/plugins/splash/text/plugin.c 2014-12-07 14:57:09.344789424 +0100 +@@ -177,10 +177,10 @@ + 0xffffff); + ply_terminal_set_color_hex_value (terminal, + PLY_TERMINAL_COLOR_BLUE, +- 0x3465a4); ++ 0xCC0A00); + ply_terminal_set_color_hex_value (terminal, + PLY_TERMINAL_COLOR_BROWN, +- 0x979a9b); ++ 0x880400); + + ply_text_display_set_background_color (view->display, + PLY_TERMINAL_COLOR_BLACK); diff --git a/plymouth/plymouth-update-initrd b/plymouth/plymouth-update-initrd deleted file mode 100644 index c07b561..0000000 --- a/plymouth/plymouth-update-initrd +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -/sbin/new-kernel-pkg --package kernel --mkinitrd --dracut --depmod --install $(uname -r) diff --git a/plymouth/plymouth.nm b/plymouth/plymouth.nm index cbecf07..257aef6 100644 --- a/plymouth/plymouth.nm +++ b/plymouth/plymouth.nm @@ -4,7 +4,7 @@ ###############################################################################
name = plymouth -version = 0.8.8 +version = 0.9.0 release = 1
groups = System/Base @@ -27,23 +27,14 @@ build autoconf automake cairo-devel + docbook-xsl glib2-devel pkgconfig(libdrm) - pkgconfig(libdrm_radeon) - pkgconfig(libdrm_nouveau) libpng-devel + libudev-devel pango-devel end
- enable_libdrm_intel = 0 - - if "%{DISTRO_PLATFORM}" == "x86" - enable_libdrm_intel = 1 - requires += pkgconfig(libdrm_intel) - end - - CFLAGS += -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include - configure_options += \ --libexecdir=/usr/lib \ --disable-libkms \ @@ -60,10 +51,6 @@ build --without-rhgb-compat-link \ --without-log-viewer
- if "%{enable_libdrm_intel}" == "0" - configure_options += --disable-libdrm_intel - end - prepare_cmds autoreconf -vfi end @@ -80,10 +67,10 @@ build cp -vf %{DIR_SOURCE}/boot-duration \ %{BUILDROOT}%{localstatedir}/lib/plymouth
- # Override plymouth-update-initrd to work dracut or mkinitrd - cp -vf %{DIR_SOURCE}/plymouth-update-initrd \ - %{BUILDROOT}/usr/lib/plymouth/plymouth-update-initrd - chmod 755 %{BUILDROOT}/usr/lib/plymouth/plymouth-update-initrd + # The "glow" theme isn't quite ready for primetime, so drop it. + rm -rvf %{BUILDROOT}%{datadir}/plymouth/themes/glow + rm -rvf %{BUILDROOT}%{datadir}/plymouth/glow/ + rm -rvf %{BUILDROOT}%{libdir}/plymouth/glow.so end end
@@ -277,7 +264,7 @@ packages end
script postun - if [ "$(%{sbindir}/plymouth-set-default-theme)" = %{theme_name}" ]; then + if [ "$(%{sbindir}/plymouth-set-default-theme)" = "%{theme_name}" ]; then %{sbindir}/plymouth-set-default-theme --reset /usr/lib/plymouth/plymouth-generate-initrd fi
hooks/post-receive -- IPFire 3.x development tree