rpms/ntp/F-7 ntp-4.2.4p2-loopback.patch, NONE, 1.1 ntp-4.2.4p2-noseed.patch, NONE, 1.1 ntp-4.2.4p2-tentative.patch, NONE, 1.1 ntp-4.2.4p0-sleep.patch, 1.1, 1.2 ntp.spec, 1.68, 1.69 ntpd.init, 1.25, 1.26
Miroslav Lichvar (mlichvar)
fedora-extras-commits at redhat.com
Mon Aug 13 13:06:48 UTC 2007
Author: mlichvar
Update of /cvs/pkgs/rpms/ntp/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15191
Modified Files:
ntp-4.2.4p0-sleep.patch ntp.spec ntpd.init
Added Files:
ntp-4.2.4p2-loopback.patch ntp-4.2.4p2-noseed.patch
ntp-4.2.4p2-tentative.patch
Log Message:
- allow loopback to share non-loopback address (#249226)
- require readline >= 5.2-3 (#250917)
- ignore tentative addresses (#246297)
- improve init script (#247003)
- fix sleep patch
- don't use randfile if /dev/urandom is used by OpenSSL
- package more doc files
ntp-4.2.4p2-loopback.patch:
--- NEW FILE ntp-4.2.4p2-loopback.patch ---
--- ntp-4.2.4p2/ntpd/ntp_io.c.loopback 2007-08-08 12:38:16.000000000 +0200
+++ ntp-4.2.4p2/ntpd/ntp_io.c 2007-08-08 12:39:13.000000000 +0200
@@ -3195,7 +3195,7 @@ findinterface(
{
struct interface *interface;
- interface = findlocalinterface(addr, INT_LOOPBACK|INT_WILDCARD);
+ interface = findlocalinterface(addr, INT_WILDCARD);
if (interface == NULL)
{
ntp-4.2.4p2-noseed.patch:
--- NEW FILE ntp-4.2.4p2-noseed.patch ---
--- ntp-4.2.4p2/html/keygen.html.noseed 2007-07-18 16:03:45.000000000 +0200
+++ ntp-4.2.4p2/html/keygen.html 2007-07-18 16:03:33.000000000 +0200
@@ -102,6 +102,7 @@
<p>All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the library routines. The OpenSSL library uses a designated random seed file for this purpose. The file must be available when starting the NTP daemon and <tt>ntp-keygen</tt> program. If a site supports OpenSSL or its companion OpenSSH, it is very likely that means to do this are already available.</p>
<p>It is important to understand that entropy must be evolved for each generation, for otherwise the random number sequence would be predictable. Various means dependent on external events, such as keystroke intervals, can be used to do this and some systems have built-in entropy sources. Suitable means are described in the OpenSSL software documentation, but are outside the scope of this page.</p>
<p>The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the NTP daemon or the <tt>ntp-keygen</tt> program. The NTP daemon will first look for the file using the path specified by the <tt>randfile</tt> subcommand of the <tt>crypto</tt> configuration command. If not specified in this way, or when starting the <tt>ntp-keygen</tt> program, the OpenSSL library will look for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library will look for the <tt>.rnd</tt> file in the user home directory. If the file is not available or cannot be written, the daemon exits with a message to the system log and the program exits with a suitable error message.</p>
+ <p>On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the <tt>randfile</tt> subcommand or the <tt>RANDFILE</tt> environment variable is ignored.</p>
<h4 id="priv">Cryptographic Data Files</h4>
<p>All other file formats begin with two lines. The first contains the file name, including the generated host name and filestamp. The second contains the datestamp in conventional Unix <tt>date</tt> format. Lines beginning with <tt>#</tt> are considered comments and ignored by the <i><tt>ntp-keygen </tt></i>program and <tt>ntpd</tt> daemon. Cryptographic values are encoded first using ASN.1 rules, then encrypted if necessary, and finally written PEM-encoded printable ASCII format preceded and followed by MIME content identifier lines.</p>
<p id="symkey">The format of the symmetric keys file is somewhat different than the other files in the interest of backward compatibility. Since DES-CBC is deprecated in NTPv4, the only key format of interest is MD5 alphanumeric strings. Following hte heard the keys are entered one per line in the format</p>
--- ntp-4.2.4p2/util/ntp-keygen.c.noseed 2007-06-20 13:03:23.000000000 +0200
+++ ntp-4.2.4p2/util/ntp-keygen.c 2007-07-18 16:03:45.000000000 +0200
@@ -362,20 +362,24 @@ main(
*/
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
- if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) {
- fprintf(stderr, "RAND_file_name %s\n",
- ERR_error_string(ERR_get_error(), NULL));
- return (-1);
- }
- temp = RAND_load_file(pathbuf, -1);
- if (temp == 0) {
+
+ /* But only if openssl doesn't use /dev/urandom */
+ if (RAND_status() != 1) {
+ if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) {
+ fprintf(stderr, "RAND_file_name %s\n",
+ ERR_error_string(ERR_get_error(), NULL));
+ return (-1);
+ }
+ temp = RAND_load_file(pathbuf, -1);
+ if (temp == 0) {
+ fprintf(stderr,
+ "RAND_load_file %s not found or empty\n", pathbuf);
+ return (-1);
+ }
fprintf(stderr,
- "RAND_load_file %s not found or empty\n", pathbuf);
- return (-1);
+ "Random seed file %s %u bytes\n", pathbuf, temp);
+ RAND_add(&epoch, sizeof(epoch), 4.0);
}
- fprintf(stderr,
- "Random seed file %s %u bytes\n", pathbuf, temp);
- RAND_add(&epoch, sizeof(epoch), 4.0);
#endif
/*
--- ntp-4.2.4p2/ntpd/ntp_crypto.c.noseed 2006-12-28 13:03:28.000000000 +0100
+++ ntp-4.2.4p2/ntpd/ntp_crypto.c 2007-07-18 16:03:45.000000000 +0200
@@ -3878,6 +3878,9 @@ crypto_setup(void)
memset(&pubkey, 0, sizeof(pubkey));
memset(&tai_leap, 0, sizeof(tai_leap));
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+
/*
* Load required random seed file and seed the random number
* generator. Be default, it is found in the user home
@@ -3885,40 +3888,49 @@ crypto_setup(void)
* depending on the system. Wiggle the contents a bit and write
* it back so the sequence does not repeat when we next restart.
*/
- ERR_load_crypto_strings();
- if (rand_file == NULL) {
- if ((RAND_file_name(filename, MAXFILENAME)) != NULL) {
+
+ /* But only if openssl doesn't use /dev/urandom */
+ if (RAND_status() != 1) {
+ if (rand_file == NULL) {
+ if ((RAND_file_name(filename, MAXFILENAME)) != NULL) {
+ rand_file = emalloc(strlen(filename) + 1);
+ strcpy(rand_file, filename);
+ }
+ } else if (*rand_file != '/') {
+ snprintf(filename, MAXFILENAME, "%s/%s", keysdir,
+ rand_file);
+ free(rand_file);
rand_file = emalloc(strlen(filename) + 1);
strcpy(rand_file, filename);
}
- } else if (*rand_file != '/') {
- snprintf(filename, MAXFILENAME, "%s/%s", keysdir,
- rand_file);
- free(rand_file);
- rand_file = emalloc(strlen(filename) + 1);
- strcpy(rand_file, filename);
- }
- if (rand_file == NULL) {
- msyslog(LOG_ERR,
- "crypto_setup: random seed file not specified");
- exit (-1);
- }
- if ((bytes = RAND_load_file(rand_file, -1)) == 0) {
- msyslog(LOG_ERR,
- "crypto_setup: random seed file %s not found\n",
- rand_file);
- exit (-1);
- }
- get_systime(&seed);
- RAND_seed(&seed, sizeof(l_fp));
- RAND_write_file(rand_file);
- OpenSSL_add_all_algorithms();
+ if (rand_file == NULL) {
+ msyslog(LOG_ERR,
+ "crypto_setup: random seed file not specified");
+ exit (-1);
+ }
+ if ((bytes = RAND_load_file(rand_file, -1)) == 0) {
+ msyslog(LOG_ERR,
+ "crypto_setup: random seed file %s not found\n",
+ rand_file);
+ exit (-1);
+ }
+ get_systime(&seed);
+ RAND_seed(&seed, sizeof(l_fp));
+ RAND_write_file(rand_file);
#ifdef DEBUG
- if (debug)
- printf(
- "crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
- SSLeay(), rand_file, bytes);
+ if (debug)
+ printf(
+ "crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
+ SSLeay(), rand_file, bytes);
#endif
+ } else {
+#ifdef DEBUG
+ if (debug)
+ printf(
+ "crypto_setup: OpenSSL version %lx seeding not required\n",
+ SSLeay());
+#endif
+ }
/*
* Load required host key from file "ntpkey_host_<hostname>". It
ntp-4.2.4p2-tentative.patch:
--- NEW FILE ntp-4.2.4p2-tentative.patch ---
--- ntp-4.2.4p2/libisc/ifiter_ioctl.c.tentative 2006-12-28 13:03:07.000000000 +0100
+++ ntp-4.2.4p2/libisc/ifiter_ioctl.c 2007-07-16 13:04:15.000000000 +0200
@@ -94,6 +94,7 @@ struct isc_interfaceiter {
#include <sys/socket.h>
#endif
+#include <linux/rtnetlink.h>
/*
* Size of buffer for SIOCGLIFCONF, in bytes. We assume no sane system
@@ -516,6 +517,9 @@ linux_if_inet6_current(isc_interfaceiter
if ((ifreq.ifr_flags & IFF_MULTICAST) != 0)
iter->current.flags |= INTERFACE_F_MULTICAST;
#endif
+ /* ignore tentative address */
+ if (flags & IFA_F_TENTATIVE)
+ iter->current.flags &= ~INTERFACE_F_UP;
/*
* enable_multicast_if() requires scopeid for setsockopt,
ntp-4.2.4p0-sleep.patch:
Index: ntp-4.2.4p0-sleep.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-7/ntp-4.2.4p0-sleep.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ntp-4.2.4p0-sleep.patch 9 May 2007 16:45:01 -0000 1.1
+++ ntp-4.2.4p0-sleep.patch 13 Aug 2007 13:06:41 -0000 1.2
@@ -140,7 +140,7 @@
+
+ for (ts_last_index = 0; ts_last_index < TS_LAST_SIZE; ts_last_index++)
+ L_CLR(&ts_last[ts_last_index]);
-+ time_elapsed = 0;
++ time_elapsed = ts_last_index = 0;
+
for (;;)
{
Index: ntp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-7/ntp.spec,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- ntp.spec 21 Jun 2007 10:45:49 -0000 1.68
+++ ntp.spec 13 Aug 2007 13:06:41 -0000 1.69
@@ -3,7 +3,7 @@
Summary: Synchronizes system time using the Network Time Protocol (NTP)
Name: ntp
Version: 4.2.4p2
-Release: 1%{?dist}
+Release: 2%{?dist}
License: distributable
Group: System Environment/Daemons
Source0: http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-%{version}.tar.gz
@@ -21,11 +21,14 @@
Patch3: ntp-4.2.4-groups.patch
Patch4: ntp-4.1.1c-rc3-authkey.patch
Patch5: ntp-4.2.4-linkfastmath.patch
+Patch6: ntp-4.2.4p2-tentative.patch
+Patch7: ntp-4.2.4p2-noseed.patch
Patch8: ntp-4.2.4p2-multilisten.patch
Patch9: ntp-4.2.4-html2man.patch
Patch10: ntp-4.2.4-htmldoc.patch
Patch11: ntp-stable-4.2.0a-20050816-keyfile.patch
Patch12: ntp-4.2.4-sprintf.patch
+Patch13: ntp-4.2.4p2-loopback.patch
Patch14: ntp-4.2.4p2-mlock.patch
Patch17: ntp-4.2.4p0-sleep.patch
Patch18: ntp-4.2.4p0-bcast.patch
@@ -36,6 +39,8 @@
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): /sbin/service
+# Require libreadline linked with libtinfo
+Requires: readline >= 5.2-3
BuildRequires: libcap-devel openssl-devel readline-devel perl-HTML-Parser
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -57,11 +62,14 @@
%patch2 -p1 -b .droproot
%patch3 -p1 -b .groups
%patch4 -p1 -b .authkey
+%patch6 -p1 -b .tentative
+%patch7 -p1 -b .noseed
%patch8 -p1 -b .multilisten
%patch9 -p1 -b .html2man
%patch10 -p1 -b .htmldoc
%patch11 -p1 -b .keyfile
%patch12 -p1 -b .sprintf
+%patch13 -p1 -b .loopback
%patch14 -p1 -b .mlock
%patch17 -p1 -b .sleep
%patch18 -p1 -b .bcast
@@ -154,7 +162,7 @@
%files
%defattr(-,root,root)
-%doc htmldoc/html/* NEWS TODO
+%doc htmldoc/html/* COPYRIGHT ChangeLog NEWS TODO
%{_sbindir}/ntp-wait
%{_sbindir}/ntptrace
%{_sbindir}/ntp-keygen
@@ -178,6 +186,15 @@
%changelog
+* Mon Aug 13 2007 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p2-2.fc7
+- allow loopback to share non-loopback address (#249226)
+- require readline >= 5.2-3 (#250917)
+- ignore tentative addresses (#246297)
+- improve init script (#247003)
+- fix sleep patch
+- don't use randfile if /dev/urandom is used by OpenSSL
+- package more doc files
+
* Thu Jun 21 2007 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p2-1
- update to 4.2.4p2
Index: ntpd.init
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-7/ntpd.init,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- ntpd.init 22 May 2007 15:30:33 -0000 1.25
+++ ntpd.init 13 Aug 2007 13:06:41 -0000 1.26
@@ -9,6 +9,19 @@
# a computer client or server to another server or reference time source, \
# such as a radio or satellite receiver or modem.
+### BEGIN INIT INFO
+# Provides: ntpd
+# Required-Start: $network $local_fs $remote_fs
+# Required-Stop: $network $local_fs $remote_fs
+# Should-Start: $syslog $named
+# Should-Stop: $syslog $named
+# Short-Description: start and stop ntpd
+# Description: ntpd is the NTPv4 daemon. The Network Time Protocol (NTP)
+# is used to synchronize the time of a computer client or
+# server to another server or reference time source, such
+# as a radio or satellite receiver or modem.
+### END INIT INFO
+
# Source function library.
. /etc/init.d/functions
@@ -19,13 +32,11 @@
. /etc/sysconfig/ntpd
fi
+prog=ntpd
+lockfile=/var/lock/subsys/$prog
ntpconf=/etc/ntp.conf
ntpstep=/etc/ntp/step-tickers
-
-RETVAL=0
-prog="ntpd"
-
sync_hwclock() {
ARC=0
SRM=0
@@ -73,8 +84,6 @@
esac
done
- [ -x /usr/sbin/ntpd -a -f $ntpconf ] || exit 0
-
tickers=''
if [ -s "$ntpstep" ]; then
tickers=$(sed 's/#.*//' $ntpstep)
@@ -92,6 +101,8 @@
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 1
+ [ -x /usr/sbin/ntpd ] || exit 5
+
readconf;
if [ -n "$dostep" ]; then
@@ -112,19 +123,19 @@
fi
# Start daemons.
echo -n $"Starting $prog: "
- daemon ntpd $OPTIONS
+ daemon $prog $OPTIONS
RETVAL=$?
echo
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ntpd
+ [ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
stop() {
echo -n $"Shutting down $prog: "
- killproc ntpd
+ killproc $prog
RETVAL=$?
echo
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ntpd
+ [ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}
@@ -132,29 +143,27 @@
case "$1" in
start)
start
- ;;
+ ;;
stop)
stop
- ;;
+ ;;
status)
- status ntpd
- RETVAL=$?
+ status $prog
;;
- restart|reload)
+ restart|force-reload)
stop
start
- RETVAL=$?
;;
- condrestart)
- if [ -f /var/lock/subsys/ntpd ]; then
+ try-restart|condrestart)
+ if status $prog > /dev/null; then
stop
start
- RETVAL=$?
fi
;;
+ reload)
+ exit 3
+ ;;
*)
- echo $"Usage: $0 {start|stop|restart|condrestart|status}"
- RETVAL=3
+ echo $"Usage: $0 {start|stop|status|restart|try-restart|force-reload}"
+ exit 2
esac
-
-exit $RETVAL
More information about the fedora-extras-commits
mailing list