rpms/ntp/F-7 ntp-4.2.4p2-loopback.patch, NONE, 1.1 ntp-4.2.4p2-noseed.patch, NONE, 1.1 ntp-4.2.4p2-tentative.patch, NONE, 1.1 ntp-4.2.4p0-sleep.patch, 1.1, 1.2 ntp.spec, 1.68, 1.69 ntpd.init, 1.25, 1.26

Mon Aug 13 13:06:48 UTC 2007

Author: mlichvar

Update of /cvs/pkgs/rpms/ntp/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15191

Modified Files:
	ntp-4.2.4p0-sleep.patch ntp.spec ntpd.init 
Added Files:
	ntp-4.2.4p2-loopback.patch ntp-4.2.4p2-noseed.patch 
	ntp-4.2.4p2-tentative.patch 
Log Message:
- allow loopback to share non-loopback address (#249226)
- require readline >= 5.2-3 (#250917)
- ignore tentative addresses (#246297)
- improve init script (#247003)
- fix sleep patch
- don't use randfile if /dev/urandom is used by OpenSSL
- package more doc files


ntp-4.2.4p2-loopback.patch:

--- NEW FILE ntp-4.2.4p2-loopback.patch ---
--- ntp-4.2.4p2/ntpd/ntp_io.c.loopback	2007-08-08 12:38:16.000000000 +0200
+++ ntp-4.2.4p2/ntpd/ntp_io.c	2007-08-08 12:39:13.000000000 +0200
@@ -3195,7 +3195,7 @@ findinterface(
 {
 	struct interface *interface;
 	
-	interface = findlocalinterface(addr, INT_LOOPBACK|INT_WILDCARD);
+	interface = findlocalinterface(addr, INT_WILDCARD);
 
 	if (interface == NULL)
 	{

ntp-4.2.4p2-noseed.patch:

--- NEW FILE ntp-4.2.4p2-noseed.patch ---
--- ntp-4.2.4p2/html/keygen.html.noseed	2007-07-18 16:03:45.000000000 +0200
+++ ntp-4.2.4p2/html/keygen.html	2007-07-18 16:03:33.000000000 +0200
@@ -102,6 +102,7 @@
 		<p>All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the library routines. The OpenSSL library uses a designated random seed file for this purpose. The file must be available when starting the NTP daemon and <tt>ntp-keygen</tt> program. If a site supports OpenSSL or its companion OpenSSH, it is very likely that means to do this are already available.</p>
 		<p>It is important to understand that entropy must be evolved for each generation, for otherwise the random number sequence would be predictable. Various means dependent on external events, such as keystroke intervals, can be used to do this and some systems have built-in entropy sources. Suitable means are described in the OpenSSL software documentation, but are outside the scope of this page.</p>
 		<p>The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the NTP daemon or the <tt>ntp-keygen</tt> program. The NTP daemon will first look for the file using the path specified by the <tt>randfile</tt> subcommand of the <tt>crypto</tt> configuration command. If not specified in this way, or when starting the <tt>ntp-keygen</tt> program, the OpenSSL library will look for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library will look for the <tt>.rnd</tt> file in the user home directory. If the file is not available or cannot be written, the daemon exits with a message to the system log and the program exits with a suitable error message.</p>
+		<p>On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the <tt>randfile</tt> subcommand or the <tt>RANDFILE</tt> environment variable is ignored.</p>
 		<h4 id="priv">Cryptographic Data Files</h4>
 		<p>All other file formats begin with two lines. The first contains the file name, including the generated host name and filestamp. The second contains the datestamp in conventional Unix <tt>date</tt> format. Lines beginning with <tt>#</tt> are considered comments and ignored by the <i><tt>ntp-keygen </tt></i>program and <tt>ntpd</tt> daemon. Cryptographic values are encoded first using ASN.1 rules, then encrypted if necessary, and finally written PEM-encoded printable ASCII format preceded and followed by MIME content identifier lines.</p>
 		<p id="symkey">The format of the symmetric keys file is somewhat different than the other files in the interest of backward compatibility. Since DES-CBC is deprecated in NTPv4, the only key format of interest is MD5 alphanumeric strings. Following hte heard the keys are entered one per line in the format</p>
--- ntp-4.2.4p2/util/ntp-keygen.c.noseed	2007-06-20 13:03:23.000000000 +0200
+++ ntp-4.2.4p2/util/ntp-keygen.c	2007-07-18 16:03:45.000000000 +0200
@@ -362,20 +362,24 @@ main(
 	 */
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
-	if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) {
-		fprintf(stderr, "RAND_file_name %s\n",
-		    ERR_error_string(ERR_get_error(), NULL));
-		return (-1);
-	}
-	temp = RAND_load_file(pathbuf, -1);
-	if (temp == 0) {
+
+	/* But only if openssl doesn't use /dev/urandom */
+	if (RAND_status() != 1) {
+		if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) {
+			fprintf(stderr, "RAND_file_name %s\n",
+			    ERR_error_string(ERR_get_error(), NULL));
+			return (-1);
+		}
+		temp = RAND_load_file(pathbuf, -1);
+		if (temp == 0) {
+			fprintf(stderr,
+			    "RAND_load_file %s not found or empty\n", pathbuf);
+			return (-1);
+		}
 		fprintf(stderr,
-		    "RAND_load_file %s not found or empty\n", pathbuf);
-		return (-1);
+		    "Random seed file %s %u bytes\n", pathbuf, temp);
+		RAND_add(&epoch, sizeof(epoch), 4.0);
 	}
-	fprintf(stderr,
-	    "Random seed file %s %u bytes\n", pathbuf, temp);
-	RAND_add(&epoch, sizeof(epoch), 4.0);
 #endif
 
 	/*
--- ntp-4.2.4p2/ntpd/ntp_crypto.c.noseed	2006-12-28 13:03:28.000000000 +0100
+++ ntp-4.2.4p2/ntpd/ntp_crypto.c	2007-07-18 16:03:45.000000000 +0200
@@ -3878,6 +3878,9 @@ crypto_setup(void)
 	memset(&pubkey, 0, sizeof(pubkey));
 	memset(&tai_leap, 0, sizeof(tai_leap));
 
+	ERR_load_crypto_strings();
+	OpenSSL_add_all_algorithms();
+
 	/*
 	 * Load required random seed file and seed the random number
 	 * generator. Be default, it is found in the user home
@@ -3885,40 +3888,49 @@ crypto_setup(void)
 	 * depending on the system. Wiggle the contents a bit and write
 	 * it back so the sequence does not repeat when we next restart.
 	 */
-	ERR_load_crypto_strings();
-	if (rand_file == NULL) {
-		if ((RAND_file_name(filename, MAXFILENAME)) != NULL) {
+
+	/* But only if openssl doesn't use /dev/urandom */
+	if (RAND_status() != 1) {
+		if (rand_file == NULL) {
+			if ((RAND_file_name(filename, MAXFILENAME)) != NULL) {
+				rand_file = emalloc(strlen(filename) + 1);
+				strcpy(rand_file, filename);
+			}
+		} else if (*rand_file != '/') {
+			snprintf(filename, MAXFILENAME, "%s/%s", keysdir,
+					rand_file);
+			free(rand_file);
 			rand_file = emalloc(strlen(filename) + 1);
 			strcpy(rand_file, filename);
 		}
-	} else if (*rand_file != '/') {
-		snprintf(filename, MAXFILENAME, "%s/%s", keysdir,
-		    rand_file);
-		free(rand_file);
-		rand_file = emalloc(strlen(filename) + 1);
-		strcpy(rand_file, filename);
-	}
-	if (rand_file == NULL) {
-		msyslog(LOG_ERR,
-		    "crypto_setup: random seed file not specified");
-		exit (-1);
-	}
-	if ((bytes = RAND_load_file(rand_file, -1)) == 0) {
-		msyslog(LOG_ERR,
-		    "crypto_setup: random seed file %s not found\n",
-		    rand_file);
-		exit (-1);
-	}
-	get_systime(&seed);
-	RAND_seed(&seed, sizeof(l_fp));
-	RAND_write_file(rand_file);
-	OpenSSL_add_all_algorithms();
+		if (rand_file == NULL) {
+			msyslog(LOG_ERR,
+				"crypto_setup: random seed file not specified");
+			exit (-1);
+		}
+		if ((bytes = RAND_load_file(rand_file, -1)) == 0) {
+			msyslog(LOG_ERR,
+				"crypto_setup: random seed file %s not found\n",
+				rand_file);
+			exit (-1);
+		}
+		get_systime(&seed);
+		RAND_seed(&seed, sizeof(l_fp));
+		RAND_write_file(rand_file);
 #ifdef DEBUG
-	if (debug)
-		printf(
-		    "crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
-		    SSLeay(), rand_file, bytes);
+		if (debug)
+			printf(
+				"crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
+				SSLeay(), rand_file, bytes);
 #endif
+	} else {
+#ifdef DEBUG
+		if (debug)
+			printf(
+				"crypto_setup: OpenSSL version %lx seeding not required\n",
+				SSLeay());
+#endif
+	}
 
 	/*
 	 * Load required host key from file "ntpkey_host_<hostname>". It

ntp-4.2.4p2-tentative.patch:

--- NEW FILE ntp-4.2.4p2-tentative.patch ---
--- ntp-4.2.4p2/libisc/ifiter_ioctl.c.tentative	2006-12-28 13:03:07.000000000 +0100
+++ ntp-4.2.4p2/libisc/ifiter_ioctl.c	2007-07-16 13:04:15.000000000 +0200
@@ -94,6 +94,7 @@ struct isc_interfaceiter {
 #include <sys/socket.h>
 #endif
 
+#include <linux/rtnetlink.h>
 
 /*
  * Size of buffer for SIOCGLIFCONF, in bytes.  We assume no sane system
@@ -516,6 +517,9 @@ linux_if_inet6_current(isc_interfaceiter
 	if ((ifreq.ifr_flags & IFF_MULTICAST) != 0)
 		iter->current.flags |= INTERFACE_F_MULTICAST;
 #endif
+	/* ignore tentative address */
+	if (flags & IFA_F_TENTATIVE)
+		iter->current.flags &= ~INTERFACE_F_UP;
 
 	/*
 	 * enable_multicast_if() requires scopeid for setsockopt,

ntp-4.2.4p0-sleep.patch:

Index: ntp-4.2.4p0-sleep.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-7/ntp-4.2.4p0-sleep.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ntp-4.2.4p0-sleep.patch	9 May 2007 16:45:01 -0000	1.1
+++ ntp-4.2.4p0-sleep.patch	13 Aug 2007 13:06:41 -0000	1.2
@@ -140,7 +140,7 @@
 +
 +	for (ts_last_index = 0; ts_last_index < TS_LAST_SIZE; ts_last_index++)
 +		L_CLR(&ts_last[ts_last_index]);
-+	time_elapsed = 0;
++	time_elapsed = ts_last_index = 0;
 +
  	for (;;)
  	{


Index: ntp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-7/ntp.spec,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- ntp.spec	21 Jun 2007 10:45:49 -0000	1.68
+++ ntp.spec	13 Aug 2007 13:06:41 -0000	1.69
@@ -3,7 +3,7 @@
 Summary: Synchronizes system time using the Network Time Protocol (NTP)
 Name: ntp
 Version: 4.2.4p2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: distributable
 Group: System Environment/Daemons
 Source0: http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-%{version}.tar.gz
@@ -21,11 +21,14 @@
 Patch3: ntp-4.2.4-groups.patch
 Patch4: ntp-4.1.1c-rc3-authkey.patch
 Patch5: ntp-4.2.4-linkfastmath.patch
+Patch6: ntp-4.2.4p2-tentative.patch
+Patch7: ntp-4.2.4p2-noseed.patch
 Patch8: ntp-4.2.4p2-multilisten.patch
 Patch9: ntp-4.2.4-html2man.patch
 Patch10: ntp-4.2.4-htmldoc.patch
 Patch11: ntp-stable-4.2.0a-20050816-keyfile.patch
 Patch12: ntp-4.2.4-sprintf.patch
+Patch13: ntp-4.2.4p2-loopback.patch
 Patch14: ntp-4.2.4p2-mlock.patch
 Patch17: ntp-4.2.4p0-sleep.patch
 Patch18: ntp-4.2.4p0-bcast.patch
@@ -36,6 +39,8 @@
 Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/chkconfig /sbin/service
 Requires(postun): /sbin/service
+# Require libreadline linked with libtinfo
+Requires: readline >= 5.2-3
 BuildRequires: libcap-devel openssl-devel readline-devel perl-HTML-Parser
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -57,11 +62,14 @@
 %patch2 -p1 -b .droproot
 %patch3 -p1 -b .groups
 %patch4 -p1 -b .authkey
+%patch6 -p1 -b .tentative
+%patch7 -p1 -b .noseed
 %patch8 -p1 -b .multilisten
 %patch9 -p1 -b .html2man
 %patch10 -p1 -b .htmldoc
 %patch11 -p1 -b .keyfile
 %patch12 -p1 -b .sprintf
+%patch13 -p1 -b .loopback
 %patch14 -p1 -b .mlock
 %patch17 -p1 -b .sleep
 %patch18 -p1 -b .bcast
@@ -154,7 +162,7 @@
 
 %files
 %defattr(-,root,root)
-%doc htmldoc/html/* NEWS TODO 
+%doc htmldoc/html/* COPYRIGHT ChangeLog NEWS TODO 
 %{_sbindir}/ntp-wait
 %{_sbindir}/ntptrace
 %{_sbindir}/ntp-keygen
@@ -178,6 +186,15 @@
 
 
 %changelog
+* Mon Aug 13 2007 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p2-2.fc7
+- allow loopback to share non-loopback address (#249226)
+- require readline >= 5.2-3 (#250917)
+- ignore tentative addresses (#246297)
+- improve init script (#247003)
+- fix sleep patch
+- don't use randfile if /dev/urandom is used by OpenSSL
+- package more doc files
+
 * Thu Jun 21 2007 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p2-1
 - update to 4.2.4p2
 


Index: ntpd.init
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-7/ntpd.init,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- ntpd.init	22 May 2007 15:30:33 -0000	1.25
+++ ntpd.init	13 Aug 2007 13:06:41 -0000	1.26
@@ -9,6 +9,19 @@
 # a computer client or server to another server or reference time source, \
 # such as a radio or satellite receiver or modem.
 
+### BEGIN INIT INFO
+# Provides: ntpd
+# Required-Start: $network $local_fs $remote_fs
+# Required-Stop: $network $local_fs $remote_fs
+# Should-Start: $syslog $named
+# Should-Stop: $syslog $named
+# Short-Description: start and stop ntpd
+# Description: ntpd is the NTPv4 daemon. The Network Time Protocol (NTP)
+#              is used to synchronize the time of a computer client or
+#              server to another server or reference time source, such
+#              as a radio or satellite receiver or modem.
+### END INIT INFO
+
 # Source function library.
 . /etc/init.d/functions
 
@@ -19,13 +32,11 @@
         . /etc/sysconfig/ntpd
 fi
 
+prog=ntpd
+lockfile=/var/lock/subsys/$prog
 ntpconf=/etc/ntp.conf
 ntpstep=/etc/ntp/step-tickers
 
-
-RETVAL=0
-prog="ntpd"
-
 sync_hwclock() {
 	ARC=0
 	SRM=0
@@ -73,8 +84,6 @@
 	  esac
 	done
 
-	[ -x /usr/sbin/ntpd -a -f $ntpconf ] || exit 0
-
 	tickers=''
 	if [ -s "$ntpstep" ]; then
 	    tickers=$(sed 's/#.*//' $ntpstep)
@@ -92,6 +101,8 @@
 	# Check that networking is up.
 	[ "$NETWORKING" = "no" ] && exit 1
 
+	[ -x /usr/sbin/ntpd ] || exit 5
+
 	readconf;
 
 	if [ -n "$dostep" ]; then
@@ -112,19 +123,19 @@
 	fi
         # Start daemons.
         echo -n $"Starting $prog: "
-        daemon ntpd $OPTIONS
+        daemon $prog $OPTIONS
 	RETVAL=$?
         echo
-        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ntpd
+	[ $RETVAL -eq 0 ] && touch $lockfile
 	return $RETVAL
 }
 
 stop() {
         echo -n $"Shutting down $prog: "
-	killproc ntpd
+	killproc $prog
 	RETVAL=$?
         echo
-        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ntpd
+	[ $RETVAL -eq 0 ] && rm -f $lockfile
 	return $RETVAL
 }
 
@@ -132,29 +143,27 @@
 case "$1" in
   start)
 	start
-        ;;
+	;;
   stop)
 	stop
-        ;;
+	;;
   status)
-	status ntpd
-	RETVAL=$?
+	status $prog
 	;;
-  restart|reload)
+  restart|force-reload)
 	stop
 	start
-	RETVAL=$?
 	;;
-  condrestart)
-	if [ -f /var/lock/subsys/ntpd ]; then
+  try-restart|condrestart)
+	if status $prog > /dev/null; then
 	    stop
 	    start
-	    RETVAL=$?
 	fi
 	;;
+  reload)
+	exit 3
+	;;
   *)
-        echo $"Usage: $0 {start|stop|restart|condrestart|status}"
-        RETVAL=3
+	echo $"Usage: $0 {start|stop|status|restart|try-restart|force-reload}"
+	exit 2
 esac
-
-exit $RETVAL


