diff --git a/.ntp.metadata b/.ntp.metadata new file mode 100644 index 0000000..22a7085 --- /dev/null +++ b/.ntp.metadata @@ -0,0 +1,2 @@ +9b6baf20b5943651a6bf8d6cf9a78e318573b541 SOURCES/ntpstat-0.2.tgz +4a5353a4791b6f4315a66c28d504ec6c7926b192 SOURCES/ntp-4.2.6p5.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/ntp-4.2.4p7-getprecision.patch b/SOURCES/ntp-4.2.4p7-getprecision.patch new file mode 100644 index 0000000..ecf6def --- /dev/null +++ b/SOURCES/ntp-4.2.4p7-getprecision.patch @@ -0,0 +1,12 @@ +diff -up ntp-4.2.4p7/ntpd/ntp_proto.c.getprecision ntp-4.2.4p7/ntpd/ntp_proto.c +--- ntp-4.2.4p7/ntpd/ntp_proto.c.getprecision 2009-09-29 14:16:22.000000000 +0200 ++++ ntp-4.2.4p7/ntpd/ntp_proto.c 2009-09-29 14:18:13.000000000 +0200 +@@ -3099,7 +3099,7 @@ peer_unfit( + /* + * Find the precision of this particular machine + */ +-#define MINSTEP 100e-9 /* minimum clock increment (s) */ ++#define MINSTEP 10e-9 /* minimum clock increment (s) */ + #define MAXSTEP 20e-3 /* maximum clock increment (s) */ + #define MINLOOPS 5 /* minimum number of step samples */ + diff --git a/SOURCES/ntp-4.2.6p1-cmsgalign.patch b/SOURCES/ntp-4.2.6p1-cmsgalign.patch new file mode 100644 index 0000000..0e4b8cc --- /dev/null +++ b/SOURCES/ntp-4.2.6p1-cmsgalign.patch @@ -0,0 +1,14 @@ +diff -up ntp-4.2.6p1/ntpd/ntp_io.c.cmsgalign ntp-4.2.6p1/ntpd/ntp_io.c +--- ntp-4.2.6p1/ntpd/ntp_io.c.cmsgalign 2010-03-04 18:28:53.000000000 +0100 ++++ ntp-4.2.6p1/ntpd/ntp_io.c 2010-03-04 18:30:34.000000000 +0100 +@@ -3194,8 +3194,8 @@ read_network_packet( + msghdr.msg_namelen = fromlen; + msghdr.msg_iov = &iovec; + msghdr.msg_iovlen = 1; +- msghdr.msg_control = (void *)&control; +- msghdr.msg_controllen = sizeof(control); ++ msghdr.msg_control = (void *)((long)(control + 7) & -8); /* align to 8 bytes */ ++ msghdr.msg_controllen = sizeof(control) - 8; + msghdr.msg_flags = 0; + rb->recv_length = recvmsg(fd, &msghdr, 0); + #endif diff --git a/SOURCES/ntp-4.2.6p1-linkfastmath.patch b/SOURCES/ntp-4.2.6p1-linkfastmath.patch new file mode 100644 index 0000000..5a859d3 --- /dev/null +++ b/SOURCES/ntp-4.2.6p1-linkfastmath.patch @@ -0,0 +1,12 @@ +diff -up ntp-4.2.6p1/ntpd/Makefile.in.linkfastmath ntp-4.2.6p1/ntpd/Makefile.in +--- ntp-4.2.6p1/ntpd/Makefile.in.linkfastmath 2010-02-09 11:19:25.000000000 +0100 ++++ ntp-4.2.6p1/ntpd/Makefile.in 2010-03-03 16:57:40.000000000 +0100 +@@ -365,7 +365,7 @@ man_MANS = $(srcdir)/ntpd.1 + # sqrt ntp_control.o + # floor refclock_wwv.o + # which are (usually) provided by -lm. +-ntpd_LDADD = $(LDADD) $(LIBOPTS_LDADD) ../libntp/libntp.a -lm @LCRYPTO@ @LSCF@ ++ntpd_LDADD = $(LDADD) $(LIBOPTS_LDADD) ../libntp/libntp.a -lm -ffast-math @LCRYPTO@ @LSCF@ + ntpdsim_LDADD = $(LDADD) $(LIBOPTS_LDADD) ../libntp/libntpsim.a -lm @LCRYPTO@ @LSCF@ + ntpdsim_CFLAGS = $(CFLAGS) -DSIM + check_y2k_LDADD = $(LDADD) ../libntp/libntp.a diff --git a/SOURCES/ntp-4.2.6p1-logdefault.patch b/SOURCES/ntp-4.2.6p1-logdefault.patch new file mode 100644 index 0000000..ae816b7 --- /dev/null +++ b/SOURCES/ntp-4.2.6p1-logdefault.patch @@ -0,0 +1,12 @@ +diff -up ntp-4.2.6p1/ntpd/ntp_config.c.logdefault ntp-4.2.6p1/ntpd/ntp_config.c +--- ntp-4.2.6p1/ntpd/ntp_config.c.logdefault 2010-01-24 11:01:45.000000000 +0100 ++++ ntp-4.2.6p1/ntpd/ntp_config.c 2010-03-09 17:44:09.000000000 +0100 +@@ -3794,7 +3794,7 @@ getconfig( + + #endif /* SYS_WINNT */ + res_fp = NULL; +- ntp_syslogmask = NLOG_SYNCMASK; /* set more via logconfig */ ++ ntp_syslogmask = NLOG_SYNCMASK | NLOG_EVENT | NLOG_STATUS; /* set more via logconfig */ + + /* + * install a non default variable with this daemon version diff --git a/SOURCES/ntp-4.2.6p1-retcode.patch b/SOURCES/ntp-4.2.6p1-retcode.patch new file mode 100644 index 0000000..6d676d2 --- /dev/null +++ b/SOURCES/ntp-4.2.6p1-retcode.patch @@ -0,0 +1,12 @@ +diff -up ntp-4.2.6p1/ntpd/ntp_proto.c.retcode ntp-4.2.6p1/ntpd/ntp_proto.c +--- ntp-4.2.6p1/ntpd/ntp_proto.c.retcode 2009-12-09 08:36:36.000000000 +0100 ++++ ntp-4.2.6p1/ntpd/ntp_proto.c 2010-03-03 16:06:00.000000000 +0100 +@@ -269,7 +269,7 @@ transmit( + "ntpd: no servers found"); + printf( + "ntpd: no servers found\n"); +- exit (0); ++ exit (1); + } + } + } diff --git a/SOURCES/ntp-4.2.6p1-sleep.patch b/SOURCES/ntp-4.2.6p1-sleep.patch new file mode 100644 index 0000000..577ef26 --- /dev/null +++ b/SOURCES/ntp-4.2.6p1-sleep.patch @@ -0,0 +1,495 @@ +diff -up ntp-4.2.6p1/include/ntp_refclock.h.sleep ntp-4.2.6p1/include/ntp_refclock.h +--- ntp-4.2.6p1/include/ntp_refclock.h.sleep 2009-12-09 08:36:35.000000000 +0100 ++++ ntp-4.2.6p1/include/ntp_refclock.h 2010-03-10 19:27:46.000000000 +0100 +@@ -260,6 +260,7 @@ extern void refclock_control (sockaddr_u + struct refclockstat *); + extern int refclock_open (char *, u_int, u_int); + extern int refclock_setup (int, u_int, u_int); ++extern int refclock_timer_needed (struct peer *); + extern void refclock_timer (struct peer *); + extern void refclock_transmit (struct peer *); + extern int refclock_ioctl (int, u_int); +diff -up ntp-4.2.6p1/include/ntp_stdlib.h.sleep ntp-4.2.6p1/include/ntp_stdlib.h +--- ntp-4.2.6p1/include/ntp_stdlib.h.sleep 2009-12-09 08:36:35.000000000 +0100 ++++ ntp-4.2.6p1/include/ntp_stdlib.h 2010-03-10 19:27:46.000000000 +0100 +@@ -116,6 +116,7 @@ extern const char * FindConfig (const ch + extern void signal_no_reset (int, RETSIGTYPE (*func)(int)); + + extern void getauthkeys (const char *); ++extern int auth_agekeys_needed (void); + extern void auth_agekeys (void); + extern void rereadkeys (void); + +diff -up ntp-4.2.6p1/include/ntpd.h.sleep ntp-4.2.6p1/include/ntpd.h +--- ntp-4.2.6p1/include/ntpd.h.sleep 2009-12-09 08:36:35.000000000 +0100 ++++ ntp-4.2.6p1/include/ntpd.h 2010-03-10 19:27:46.000000000 +0100 +@@ -112,8 +112,10 @@ extern void block_io_and_alarm (void); + /* ntp_loopfilter.c */ + extern void init_loopfilter(void); + extern int local_clock(struct peer *, double); +-extern void adj_host_clock(void); ++extern int adj_host_clock_needed(void); ++extern void adj_host_clock(int); + extern void loop_config(int, double); ++extern int huffpuff_enabled(void); + extern void huffpuff(void); + extern u_long sys_clocktime; + extern u_int sys_tai; +@@ -219,6 +221,8 @@ extern void hack_restrict (int, sockaddr + /* ntp_timer.c */ + extern void init_timer (void); + extern void reinit_timer (void); ++extern double get_timeout (l_fp *); ++extern int timer_elapsed (l_fp, int); + extern void timer (void); + extern void timer_clr_stats (void); + extern void timer_interfacetimeout (u_long); +diff -up ntp-4.2.6p1/libntp/authkeys.c.sleep ntp-4.2.6p1/libntp/authkeys.c +--- ntp-4.2.6p1/libntp/authkeys.c.sleep 2009-12-09 08:36:35.000000000 +0100 ++++ ntp-4.2.6p1/libntp/authkeys.c 2010-03-10 19:27:46.000000000 +0100 +@@ -445,6 +445,25 @@ auth_delkeys(void) + } + } + ++int ++auth_agekeys_needed(void) { ++ struct savekey *sk; ++ int i; ++ ++ if (authnumkeys > 20) ++ return 1; ++ ++ for (i = 0; i < HASHSIZE; i++) { ++ sk = key_hash[i]; ++ while (sk != 0) { ++ if (sk->lifetime > 0) ++ return 1; ++ sk = sk->next; ++ } ++ } ++ return 0; ++} ++ + /* + * auth_agekeys - delete keys whose lifetimes have expired + */ +diff -up ntp-4.2.6p1/ntpd/ntp_loopfilter.c.sleep ntp-4.2.6p1/ntpd/ntp_loopfilter.c +--- ntp-4.2.6p1/ntpd/ntp_loopfilter.c.sleep 2009-12-09 08:36:36.000000000 +0100 ++++ ntp-4.2.6p1/ntpd/ntp_loopfilter.c 2010-03-10 19:27:46.000000000 +0100 +@@ -677,6 +677,13 @@ local_clock( + #endif /* LOCKCLOCK */ + } + ++int ++adj_host_clock_needed(void) ++{ ++ return !(!ntp_enable || mode_ntpdate || (pll_control && ++ kern_enable)); ++} ++ + + /* + * adj_host_clock - Called once every second to update the local clock. +@@ -686,7 +693,7 @@ local_clock( + */ + void + adj_host_clock( +- void ++ int time_elapsed + ) + { + double adjustment; +@@ -698,7 +705,7 @@ adj_host_clock( + * since the poll interval can exceed one day, the old test + * would be counterproductive. + */ +- sys_rootdisp += clock_phi; ++ sys_rootdisp += clock_phi * time_elapsed; + + #ifndef LOCKCLOCK + /* +@@ -819,6 +826,12 @@ set_freq( + #endif /* KERNEL_PLL */ + } + ++int ++huffpuff_enabled(void) ++{ ++ return sys_huffpuff != NULL; ++} ++ + /* + * huff-n'-puff filter + */ +diff -up ntp-4.2.6p1/ntpd/ntp_refclock.c.sleep ntp-4.2.6p1/ntpd/ntp_refclock.c +--- ntp-4.2.6p1/ntpd/ntp_refclock.c.sleep 2009-12-09 08:36:36.000000000 +0100 ++++ ntp-4.2.6p1/ntpd/ntp_refclock.c 2010-03-10 19:27:46.000000000 +0100 +@@ -268,6 +268,21 @@ refclock_unpeer( + } + + ++int ++refclock_timer_needed( ++ struct peer *peer /* peer structure pointer */ ++ ) ++{ ++ u_char clktype; ++ int unit; ++ ++ clktype = peer->refclktype; ++ unit = peer->refclkunit; ++ if (refclock_conf[clktype]->clock_timer != noentry) ++ return 1; ++ return 0; ++} ++ + /* + * refclock_timer - called once per second for housekeeping. + */ +diff -up ntp-4.2.6p1/ntpd/ntp_timer.c.sleep ntp-4.2.6p1/ntpd/ntp_timer.c +--- ntp-4.2.6p1/ntpd/ntp_timer.c.sleep 2009-12-09 08:36:35.000000000 +0100 ++++ ntp-4.2.6p1/ntpd/ntp_timer.c 2010-03-11 15:23:59.000000000 +0100 +@@ -56,7 +56,6 @@ static u_long adjust_timer; /* second ti + static u_long stats_timer; /* stats timer */ + static u_long huffpuff_timer; /* huff-n'-puff timer */ + u_long leapsec; /* leapseconds countdown */ +-l_fp sys_time; /* current system time */ + #ifdef OPENSSL + static u_long revoke_timer; /* keys revoke timer */ + static u_long keys_timer; /* session key timer */ +@@ -74,6 +73,12 @@ volatile u_long alarm_overflow; + #define DAY (24 * HOUR) + + u_long current_time; /* seconds since startup */ ++l_fp timer_base; ++int time_elapsed; ++ ++#define TIMEOUT_TS_SIZE 2 ++l_fp timeout_ts[TIMEOUT_TS_SIZE]; ++unsigned int timeout_ts_index; + + /* + * Stats. Number of overflows and number of calls to transmit(). +@@ -110,6 +115,8 @@ static RETSIGTYPE alarming (int); + void + reinit_timer(void) + { ++ get_systime(&timer_base); ++#if 0 + #if !defined(SYS_WINNT) && !defined(VMS) + # if defined(HAVE_TIMER_CREATE) && defined(HAVE_TIMER_SETTIME) + timer_gettime(ntpd_timerid, &itimer); +@@ -143,6 +150,7 @@ reinit_timer(void) + setitimer(ITIMER_REAL, &itimer, (struct itimerval *)0); + # endif + # endif /* VMS */ ++#endif + } + + /* +@@ -165,6 +173,12 @@ init_timer(void) + timer_xmtcalls = 0; + timer_timereset = 0; + ++ get_systime(&timer_base); ++ ++ for (timeout_ts_index = 0; timeout_ts_index < TIMEOUT_TS_SIZE; timeout_ts_index++) ++ L_CLR(&timeout_ts[timeout_ts_index]); ++ timeout_ts_index = 0; ++#if 0 + #if !defined(SYS_WINNT) + /* + * Set up the alarm interrupt. The first comes 2**EVENT_TIMEOUT +@@ -226,6 +240,7 @@ init_timer(void) + } + + #endif /* SYS_WINNT */ ++#endif + } + + #if defined(SYS_WINNT) +@@ -236,6 +251,104 @@ get_timer_handle(void) + } + #endif + ++double ++get_timeout(l_fp *now) ++{ ++ register struct peer *peer, *next_peer; ++ u_int n; ++ double r; ++ int next; ++ l_fp ts; ++ ++ ts = *now; ++ L_SUB(&ts, &timeout_ts[timeout_ts_index]); ++ timeout_ts[timeout_ts_index] = *now; ++ timeout_ts_index = (timeout_ts_index + 1) % TIMEOUT_TS_SIZE; ++ ++ /* don't waste CPU time if called too frequently */ ++ if (ts.l_ui == 0) { ++ next = 1; ++ goto finish; ++ } ++ ++ next = current_time + HOUR; ++ ++ if (adj_host_clock_needed()) { ++ next = 1; ++ goto finish; ++ } ++ for (n = 0; n < NTP_HASH_SIZE; n++) { ++ for (peer = peer_hash[n]; peer != 0; peer = next_peer) { ++ next_peer = peer->next; ++#ifdef REFCLOCK ++ if (peer->flags & FLAG_REFCLOCK && refclock_timer_needed(peer)) { ++ next = 1; ++ goto finish; ++ } ++#endif /* REFCLOCK */ ++ if (peer->action) ++ next = min(next, peer->nextaction); ++ next = min(next, peer->nextdate); ++ } ++ } ++ ++ if (leapsec > 0) ++ next = min(next, leapsec); ++ ++ if (huffpuff_enabled()) ++ next = min(next, huffpuff_timer); ++ ++#ifdef OPENSSL ++ if (auth_agekeys_needed()) ++ next = min(next, keys_timer); ++ if (sys_leap != LEAP_NOTINSYNC) ++ next = min(next, revoke_timer); ++#endif /* OPENSSL */ ++ ++ if (interface_interval) ++ next = min(next, interface_timer); ++ ++ next = min(next, stats_timer); ++ ++ next -= current_time; ++ if (next <= 0) ++ next = 1; ++finish: ++ ts = timer_base; ++ ts.l_ui += next; ++ L_SUB(&ts, now); ++ LFPTOD(&ts, r); ++#ifdef DEBUG ++ DPRINTF(2, ("timer: timeout %f\n", r)); ++#endif ++ ++ return r; ++} ++ ++int ++timer_elapsed(l_fp now, int timeout) ++{ ++ int elapsed; ++ ++ L_SUB(&now, &timer_base); ++ elapsed = now.l_i; ++ if (elapsed < 0 || elapsed > timeout + 10) { ++#ifdef DEBUG ++ DPRINTF(2, ("timer: unexpected time jump\n")); ++#endif ++ elapsed = 0; ++ reinit_timer(); ++ ++ } ++ timer_base.l_ui += elapsed; ++ time_elapsed += elapsed; ++ current_time += elapsed; ++#ifdef DEBUG ++ DPRINTF(2, ("timer: time elapsed %d\n", time_elapsed)); ++#endif ++ return time_elapsed; ++} ++ + /* + * timer - event timer + */ +@@ -251,11 +364,9 @@ timer(void) + * kiss-o'-deatch function and implement the association + * polling function.. + */ +- current_time++; +- get_systime(&sys_time); + if (adjust_timer <= current_time) { +- adjust_timer += 1; +- adj_host_clock(); ++ adjust_timer += time_elapsed; ++ adj_host_clock(time_elapsed); + #ifdef REFCLOCK + for (n = 0; n < NTP_HASH_SIZE; n++) { + for (peer = peer_hash[n]; peer != 0; peer = next_peer) { +@@ -286,7 +397,7 @@ timer(void) + * 128 s or less. + */ + if (peer->throttle > 0) +- peer->throttle--; ++ peer->throttle -= min(peer->throttle, time_elapsed); + if (peer->nextdate <= current_time) { + #ifdef REFCLOCK + if (peer->flags & FLAG_REFCLOCK) +@@ -333,7 +444,7 @@ timer(void) + * set. + */ + if (leapsec > 0) { +- leapsec--; ++ leapsec -= min(leapsec, time_elapsed); + if (leapsec == 0) { + sys_leap = LEAP_NOWARNING; + sys_tai = leap_tai; +@@ -398,11 +509,15 @@ timer(void) + * Finally, write hourly stats. + */ + if (stats_timer <= current_time) { ++ l_fp sys_time; ++ get_systime(&sys_time); + stats_timer += HOUR; + write_stats(); + if (sys_tai != 0 && sys_time.l_ui > leap_expire) + report_event(EVNT_LEAPVAL, NULL, NULL); + } ++ ++ time_elapsed = 0; + } + + +diff -up ntp-4.2.6p1/ntpd/ntpd.c.sleep ntp-4.2.6p1/ntpd/ntpd.c +--- ntp-4.2.6p1/ntpd/ntpd.c.sleep 2010-03-10 19:27:46.000000000 +0100 ++++ ntp-4.2.6p1/ntpd/ntpd.c 2010-03-10 19:27:46.000000000 +0100 +@@ -195,8 +195,6 @@ extern const char *Version; + + char const *progname; + +-int was_alarmed; +- + #ifdef DECL_SYSCALL + /* + * We put this here, since the argument profile is syscall-specific +@@ -1033,7 +1031,7 @@ getgroup: + #else /* normal I/O */ + + BLOCK_IO_AND_ALARM(); +- was_alarmed = 0; ++ + for (;;) + { + # if !defined(HAVE_SIGNALED_IO) +@@ -1041,42 +1039,39 @@ getgroup: + extern int maxactivefd; + + fd_set rdfdes; +- int nfound; +-# endif ++ int nfound, time_elapsed; + +- if (alarm_flag) /* alarmed? */ +- { +- was_alarmed = 1; +- alarm_flag = 0; +- } ++ time_elapsed = 0; ++# endif + +- if (!was_alarmed && has_full_recv_buffer() == ISC_FALSE) ++ if (has_full_recv_buffer() == ISC_FALSE) + { + /* + * Nothing to do. Wait for something. + */ + # ifndef HAVE_SIGNALED_IO ++ double timeout; ++ + rdfdes = activefds; +-# if defined(VMS) || defined(SYS_VXWORKS) +- /* make select() wake up after one second */ +- { +- struct timeval t1; ++ get_systime(&now); ++ timeout = get_timeout(&now); + +- t1.tv_sec = 1; t1.tv_usec = 0; ++ if (timeout > 0.0) { ++ struct timeval t1; ++ ++ t1.tv_sec = timeout; ++ t1.tv_usec = (timeout - t1.tv_sec) * 1000000; + nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0, + (fd_set *)0, &t1); +- } +-# else +- nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0, +- (fd_set *)0, (struct timeval *)0); +-# endif /* VMS */ +- if (nfound > 0) +- { +- l_fp ts; ++ get_systime(&now); ++ } else ++ nfound = 0; + +- get_systime(&ts); ++ time_elapsed = timer_elapsed(now, timeout); + +- (void)input_handler(&ts); ++ if (nfound > 0) ++ { ++ (void)input_handler(&now); + } + else if (nfound == -1 && errno != EINTR) + msyslog(LOG_ERR, "select() error: %m"); +@@ -1085,17 +1080,13 @@ getgroup: + msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound); + # endif /* DEBUG */ + # else /* HAVE_SIGNALED_IO */ ++# error not supported by sleep patch + + wait_for_signal(); + # endif /* HAVE_SIGNALED_IO */ +- if (alarm_flag) /* alarmed? */ +- { +- was_alarmed = 1; +- alarm_flag = 0; +- } + } + +- if (was_alarmed) ++ if (time_elapsed > 0) + { + UNBLOCK_IO_AND_ALARM(); + /* +@@ -1103,7 +1094,6 @@ getgroup: + * to process expiry. + */ + timer(); +- was_alarmed = 0; + BLOCK_IO_AND_ALARM(); + } + +@@ -1121,19 +1111,8 @@ getgroup: + rbuf = get_full_recv_buffer(); + while (rbuf != NULL) + { +- if (alarm_flag) +- { +- was_alarmed = 1; +- alarm_flag = 0; +- } + UNBLOCK_IO_AND_ALARM(); + +- if (was_alarmed) +- { /* avoid timer starvation during lengthy I/O handling */ +- timer(); +- was_alarmed = 0; +- } +- + /* + * Call the data procedure to handle each received + * packet. diff --git a/SOURCES/ntp-4.2.6p3-bcast.patch b/SOURCES/ntp-4.2.6p3-bcast.patch new file mode 100644 index 0000000..57581f3 --- /dev/null +++ b/SOURCES/ntp-4.2.6p3-bcast.patch @@ -0,0 +1,93 @@ +diff -up ntp-4.2.6p3/ntpd/ntp_io.c.bcast ntp-4.2.6p3/ntpd/ntp_io.c +--- ntp-4.2.6p3/ntpd/ntp_io.c.bcast 2010-12-25 10:40:36.000000000 +0100 ++++ ntp-4.2.6p3/ntpd/ntp_io.c 2011-01-05 17:46:13.820049150 +0100 +@@ -151,6 +151,8 @@ int ninterfaces; /* Total number of in + + int disable_dynamic_updates; /* scan interfaces once only */ + ++static int pktinfo_status = 0; /* is IP_PKTINFO on wildipv4 iface enabled? */ ++ + #ifdef REFCLOCK + /* + * Refclock stuff. We keep a chain of structures with data concerning +@@ -2254,6 +2256,17 @@ set_reuseaddr( + #endif /* ! SO_EXCLUSIVEADDRUSE */ + } + ++static void ++set_pktinfo(int flag) ++{ ++ if (wildipv4 == NULL) ++ return; ++ if (setsockopt(wildipv4->fd, SOL_IP, IP_PKTINFO, &flag, sizeof (flag))) { ++ msyslog(LOG_ERR, "set_pktinfo: setsockopt(IP_PKTINFO, %s) failed: %m", flag ? "on" : "off"); ++ } else ++ pktinfo_status = flag; ++} ++ + /* + * This is just a wrapper around an internal function so we can + * make other changes as necessary later on +@@ -2659,6 +2672,7 @@ io_setbclient(void) + } + } + set_reuseaddr(0); ++ set_pktinfo(1); + if (nif > 0) + DPRINTF(1, ("io_setbclient: Opened broadcast clients\n")); + else if (!nif) +@@ -2685,6 +2699,7 @@ io_unsetbclient(void) + continue; + socket_broadcast_disable(ep, &ep->sin); + } ++ set_pktinfo(0); + } + + /* +@@ -3392,7 +3407,8 @@ read_network_packet( + #ifdef HAVE_TIMESTAMP + struct msghdr msghdr; + struct iovec iovec; +- char control[TIMESTAMP_CTLMSGBUF_SIZE]; ++ char control[sizeof (struct cmsghdr) * 2 + sizeof (struct timeval) + ++ sizeof (struct in_pktinfo) + 32]; + #endif + + /* +@@ -3403,7 +3419,7 @@ read_network_packet( + */ + + rb = get_free_recv_buffer(); +- if (NULL == rb || itf->ignore_packets) { ++ if (NULL == rb || (itf->ignore_packets && !(pktinfo_status && itf == wildipv4))) { + char buf[RX_BUFF_SIZE]; + sockaddr_u from; + +@@ -3463,6 +3479,27 @@ read_network_packet( + return (buflen); + } + ++ if (pktinfo_status && itf->ignore_packets && itf == wildipv4) { ++ /* check for broadcast on 255.255.255.255, exception allowed on wildipv4 */ ++ struct cmsghdr *cmsg; ++ struct in_pktinfo *pktinfo = NULL; ++ ++ if ((cmsg = CMSG_FIRSTHDR(&msghdr))) ++ do { ++ if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_PKTINFO) ++ pktinfo = (struct in_pktinfo *) CMSG_DATA(cmsg); ++ } while ((cmsg = CMSG_NXTHDR(&msghdr, cmsg))); ++ if (pktinfo && pktinfo->ipi_addr.s_addr == INADDR_BROADCAST) { ++ DPRINTF(4, ("INADDR_BROADCAST\n")); ++ } else { ++ DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", "ignore", ++ free_recvbuffs(), fd, stoa(&rb->recv_srcadr))); ++ packets_ignored++; ++ freerecvbuf(rb); ++ return (buflen); ++ } ++ } ++ + DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n", + fd, buflen, stoa(&rb->recv_srcadr))); + diff --git a/SOURCES/ntp-4.2.6p3-broadcastdelay.patch b/SOURCES/ntp-4.2.6p3-broadcastdelay.patch new file mode 100644 index 0000000..f9c1929 --- /dev/null +++ b/SOURCES/ntp-4.2.6p3-broadcastdelay.patch @@ -0,0 +1,31 @@ +==== ntpd/ntp_proto.c ==== +2010-10-22 01:55:45-04:00, stenn@deacon.udel.edu +2 -5 + [Bug 1670] Fix peer->bias and broadcastdelay + +--- 1.307/ntpd/ntp_proto.c 2010-10-11 21:06:05 -07:00 ++++ 1.308/ntpd/ntp_proto.c 2010-10-21 22:55:45 -07:00 +@@ -929,7 +929,6 @@ receive( + + } else { + peer->delay = sys_bdelay; +- peer->bias = -sys_bdelay / 2.; + } + break; + } +@@ -1570,7 +1569,6 @@ process_packet( + p_del = fabs(t21 - t34); + p_offset = (t21 + t34) / 2.; + } +- p_offset += peer->bias; + p_disp = LOGTOD(sys_precision) + LOGTOD(peer->precision) + + clock_phi * p_del; + +@@ -1647,7 +1645,7 @@ process_packet( + /* + * That was awesome. Now hand off to the clock filter. + */ +- clock_filter(peer, p_offset, p_del, p_disp); ++ clock_filter(peer, p_offset + peer->bias, p_del, p_disp); + + /* + * If we are in broadcast calibrate mode, return to broadcast diff --git a/SOURCES/ntp-4.2.6p4-droproot.patch b/SOURCES/ntp-4.2.6p4-droproot.patch new file mode 100644 index 0000000..1d953d1 --- /dev/null +++ b/SOURCES/ntp-4.2.6p4-droproot.patch @@ -0,0 +1,207 @@ +diff -up ntp-4.2.6p4/html/ntpdate.html.droproot ntp-4.2.6p4/html/ntpdate.html +--- ntp-4.2.6p4/html/ntpdate.html.droproot 2011-07-11 04:18:25.000000000 +0200 ++++ ntp-4.2.6p4/html/ntpdate.html 2011-10-05 15:47:29.643634928 +0200 +@@ -18,7 +18,7 @@ +
+

Disclaimer: The functionality of this program is now available in the ntpd program. See the -q command line option in the ntpd - Network Time Protocol (NTP) daemon page. After a suitable period of mourning, the ntpdate program is to be retired from this distribution

+

Synopsis

+- ntpdate [ -46bBdqsuv ] [ -a key ] [ -e authdelay ] [ -k keyfile ] [ -o version ] [ -p samples ] [ -t timeout ] server [ ... ] ++ ntpdate [ -46bBdqsuv ] [ -a key ] [ -e authdelay ] [ -k keyfile ] [ -o version ] [ -p samples ] [ -t timeout ] [ -U user_name ] server [ ... ] +

Description

+

ntpdate sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the server arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of ntpdate depends on the number of servers, the number of polls each time it is run and the interval between runs.

+

ntpdate can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon ntpd. It is also possible to run ntpdate from a cron script. However, it is important to note that ntpdate with contrived cron scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since ntpdate does not discipline the host clock frequency as does ntpd, the accuracy using ntpdate is limited.

+@@ -58,6 +58,10 @@ +
Direct ntpdate to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the -d option always uses unprivileged ports. +
-v +
Be verbose. This option will cause ntpdate's version identification string to be logged. ++
-U user_name
++
ntpdate process drops root privileges and changes user ID to ++ user_name and group ID to the primary group of ++ server_user. + +

Diagnostics

+ ntpdate's exit status is zero if it finds a server and updates the clock, and nonzero otherwise. +diff -up ntp-4.2.6p4/ntpdate/ntpdate.c.droproot ntp-4.2.6p4/ntpdate/ntpdate.c +--- ntp-4.2.6p4/ntpdate/ntpdate.c.droproot 2011-05-25 07:06:09.000000000 +0200 ++++ ntp-4.2.6p4/ntpdate/ntpdate.c 2011-10-05 15:45:39.570555972 +0200 +@@ -49,6 +49,12 @@ + + #include + ++/* Linux capabilities */ ++#include ++#include ++#include ++#include ++ + #ifdef SYS_VXWORKS + # include "ioLib.h" + # include "sockLib.h" +@@ -153,6 +159,11 @@ int simple_query = 0; + int unpriv_port = 0; + + /* ++ * Use capabilities to drop privileges and switch uids ++ */ ++char *server_user; ++ ++/* + * Program name. + */ + char *progname; +@@ -294,6 +305,88 @@ void clear_globals() + static ni_namelist *getnetinfoservers (void); + #endif + ++/* This patch is adapted (copied) from Chris Wings drop root patch ++ * for xntpd. ++ */ ++void drop_root(uid_t server_uid, gid_t server_gid) ++{ ++ cap_t caps; ++ ++ if (prctl(PR_SET_KEEPCAPS, 1)) { ++ if (syslogit) { ++ msyslog(LOG_ERR, "prctl(PR_SET_KEEPCAPS, 1) failed"); ++ } ++ else { ++ fprintf(stderr, "prctl(PR_SET_KEEPCAPS, 1) failed.\n"); ++ } ++ exit(1); ++ } ++ ++ if ( setgroups(0, NULL) == -1 ) { ++ if (syslogit) { ++ msyslog(LOG_ERR, "setgroups failed."); ++ } ++ else { ++ fprintf(stderr, "setgroups failed.\n"); ++ } ++ exit(1); ++ } ++ ++ if ( setegid(server_gid) == -1 || seteuid(server_uid) == -1 ) { ++ if (syslogit) { ++ msyslog(LOG_ERR, "setegid/seteuid to uid=%d/gid=%d failed.", server_uid, ++ server_gid); ++ } ++ else { ++ fprintf(stderr, "setegid/seteuid to uid=%d/gid=%d failed.\n", server_uid, ++ server_gid); ++ } ++ exit(1); ++ } ++ ++ caps = cap_from_text("cap_sys_time=epi"); ++ if (caps == NULL) { ++ if (syslogit) { ++ msyslog(LOG_ERR, "cap_from_text failed."); ++ } ++ else { ++ fprintf(stderr, "cap_from_text failed.\n"); ++ } ++ exit(1); ++ } ++ ++ if (cap_set_proc(caps) == -1) { ++ if (syslogit) { ++ msyslog(LOG_ERR, "cap_set_proc failed."); ++ } ++ else { ++ fprintf(stderr, "cap_set_proc failed.\n"); ++ } ++ exit(1); ++ } ++ ++ /* Try to free the memory from cap_from_text */ ++ cap_free( caps ); ++ ++ if ( setregid(server_gid, server_gid) == -1 || ++ setreuid(server_uid, server_uid) == -1 ) { ++ if (syslogit) { ++ msyslog(LOG_ERR, "setregid/setreuid to uid=%d/gid=%d failed.", ++ server_uid, server_gid); ++ } ++ else { ++ fprintf(stderr, "setregid/setreuid to uid=%d/gid=%d failed.\n", ++ server_uid, server_gid); ++ } ++ exit(1); ++ } ++ ++ if (syslogit) { ++ msyslog(LOG_DEBUG, "running as uid(%d)/gid(%d) euid(%d)/egid(%d).", ++ getuid(), getgid(), geteuid(), getegid()); ++ } ++} ++ + /* + * Main program. Initialize us and loop waiting for I/O and/or + * timer expiries. +@@ -341,6 +434,8 @@ ntpdatemain ( + + init_lib(); /* sets up ipv4_works, ipv6_works */ + ++ server_user = NULL; ++ + /* Check to see if we have IPv6. Otherwise default to IPv4 */ + if (!ipv6_works) + ai_fam_templ = AF_INET; +@@ -352,7 +447,7 @@ ntpdatemain ( + /* + * Decode argument list + */ +- while ((c = ntp_getopt(argc, argv, "46a:bBde:k:o:p:qst:uv")) != EOF) ++ while ((c = ntp_getopt(argc, argv, "46a:bBde:k:o:p:qst:uvU:")) != EOF) + switch (c) + { + case '4': +@@ -429,6 +524,14 @@ ntpdatemain ( + case 'u': + unpriv_port = 1; + break; ++ case 'U': ++ if (ntp_optarg) { ++ server_user = strdup(ntp_optarg); ++ } ++ else { ++ ++errflg; ++ } ++ break; + case '?': + ++errflg; + break; +@@ -438,7 +541,7 @@ ntpdatemain ( + + if (errflg) { + (void) fprintf(stderr, +- "usage: %s [-46bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-t timeo] server ...\n", ++ "usage: %s [-46bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-t timeo] [-U username] server ...\n", + progname); + exit(2); + } +@@ -544,6 +647,24 @@ ntpdatemain ( + initializing = 0; + was_alarmed = 0; + ++ if (server_user) { ++ struct passwd *pwd = NULL; ++ ++ /* Lookup server_user uid/gid before chroot/chdir */ ++ pwd = getpwnam( server_user ); ++ if ( pwd == NULL ) { ++ if (syslogit) { ++ msyslog(LOG_ERR, "Failed to lookup user '%s'.", server_user); ++ } ++ else { ++ fprintf(stderr, "Failed to lookup user '%s'.\n", server_user); ++ } ++ exit(1); ++ } ++ drop_root(pwd->pw_uid, pwd->pw_gid); ++ } ++ ++ + while (complete_servers < sys_numservers) { + #ifdef HAVE_POLL_H + struct pollfd* rdfdes; diff --git a/SOURCES/ntp-4.2.6p4-htmldoc.patch b/SOURCES/ntp-4.2.6p4-htmldoc.patch new file mode 100644 index 0000000..561dae7 --- /dev/null +++ b/SOURCES/ntp-4.2.6p4-htmldoc.patch @@ -0,0 +1,131 @@ +diff -up ntp-4.2.6p5/html/authopt.html.htmldoc ntp-4.2.6p5/html/authopt.html +--- ntp-4.2.6p5/html/authopt.html.htmldoc 2011-07-11 04:18:25.000000000 +0200 ++++ ntp-4.2.6p5/html/authopt.html 2013-03-28 18:04:38.581260191 +0100 +@@ -364,7 +364,7 @@ UTC

+ are left unspecified, the default names are used as described below. Unless + the complete path and name of the file are specified, the location of a file + is relative to the keys directory specified in the keysdir configuration +- command or default /usr/local/etc. Following are the options.
++ command or default /etc/ntp/crypto. Following are the options. + +
+ +@@ -396,7 +396,7 @@ UTC

+
Specifies the complete path to the MD5 key file containing the keys and key IDs used by ntpd, ntpq and ntpdc when operating with symmetric key cryptography. This is the same operation as the -k command line option. Note that the directory path for Autokey media is specified by the keysdir command.
+ +
keysdir pathK
+-
This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is /usr/local/etc/. Note that the path for the symmetric keys file is specified by the keys command.
++
This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is /etc/ntp/crypto. Note that the path for the symmetric keys file is specified by the keys command.
+ +
requestkey keyid
+
Specifies the key ID to use with the +diff -up ntp-4.2.6p5/html/keygen.html.htmldoc ntp-4.2.6p5/html/keygen.html +--- ntp-4.2.6p5/html/keygen.html.htmldoc 2011-07-11 04:18:26.000000000 +0200 ++++ ntp-4.2.6p5/html/keygen.html 2013-03-28 18:04:38.581260191 +0100 +@@ -206,7 +206,6 @@ +

All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the OpenSSL library routines. If a site supports ssh, it is very likely that means to do this are already available. The entropy seed used by the OpenSSL library is contained in a file, usually called .rnd, which must be available when starting the ntp-keygen program or ntpd daemon.

+ +

The OpenSSL library looks for the file using the path specified by the RANDFILE environment variable in the user home directory, whether root or some other user. If the RANDFILE environment variable is not present, the library looks for the .rnd file in the user home directory. Since both the ntp-keygen program and ntpd daemon must run as root, the logical place to put this file is in /.rnd or /root/.rnd. If the file is not available or cannot be written, the program exits with a message to the system log.

+-

On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the randfile subcommand or the RANDFILE environment variable is ignored.

+ +

Cryptographic Data Files

+ +diff -up ntp-4.2.6p5/html/ntpd.html.htmldoc ntp-4.2.6p5/html/ntpd.html +--- ntp-4.2.6p5/html/ntpd.html.htmldoc 2011-07-11 04:18:26.000000000 +0200 ++++ ntp-4.2.6p5/html/ntpd.html 2013-03-28 18:05:21.174228349 +0100 +@@ -143,26 +143,8 @@ +
Specify a user, and optionally a group, to switch to. This option is only available if the OS supports running the server without full root privileges. Currently, this option is supported under NetBSD (configure with --enable-clockctl) and Linux (configure with --enable-linuxcaps).
+
-U interface update interval
+
Number of seconds to wait between interface list scans to pick up new and delete network interface. Set to 0 to disable dynamic interface list updating. The default is to scan every 5 minutes.
+-
-v variable
+-
-V variable
+-
Add a system variable listed by default.
+
-x
+
Normally, the time is slewed if the offset is less than the step threshold, which is 128 ms by default, and stepped if above the threshold. This option sets the threshold to 600 s, which is well within the accuracy window to set the clock manually. Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s, each second of adjustment requires an amortization interval of 2000 s. Thus, an adjustment as much as 600 s will take almost 14 days to complete. This option can be used with the -g and -q options. See the tinker command for other options. Note: The kernel time discipline is disabled with this option.
+-
--pccfreq frequency
+-
Substitute processor cycle counter for QueryPerformanceCounter unconditionally +- using the given frequency (in Hz). --pccfreq can be used on systems +- which do not use the PCC to implement QueryPerformanceCounter +- and have a fixed PCC frequency. The frequency specified must +- be accurate within 0.5 percent. --usepcc is equivalent on many systems and should +- be tried first, as it does not require determining the frequency +- of the processor cycle counter. For x86-compatible processors, the PCC is +- also referred to as RDTSC, which is the assembly-language instruction to retrieve +- the current value.  (Windows only)
+-
--usepcc
+-
Substitute processor cycle counter for QueryPerformanceCounter if they +- appear equivalent. This option should be used only if the PCC +- frequency is fixed. Power-saving functionality on many laptops varies the +- PCC frequency. (Windows only)
+
+

The Configuration File

+

Ordinarily, ntpd reads the ntp.conf configuration file at startup in order to determine the synchronization sources and operating modes. It is also possible to specify a working, although limited, configuration entirely on the command line, obviating the need for a configuration file. This may be particularly useful when the local host is to be configured as a broadcast client, with servers determined by listening to broadcasts at run time.

+@@ -214,14 +196,14 @@ + + + statistics path +- /var/NTP ++ /var/log/ntpstats/ + -s + statsdir + + + keys path +- /usr/local/etc +- -k ++ /etc/ntp/crypto ++ none + keysdir + + +diff -up ntp-4.2.6p5/html/ntpdate.html.htmldoc ntp-4.2.6p5/html/ntpdate.html +--- ntp-4.2.6p5/html/ntpdate.html.htmldoc 2013-03-28 18:04:38.556260210 +0100 ++++ ntp-4.2.6p5/html/ntpdate.html 2013-03-28 18:04:38.582260190 +0100 +@@ -43,7 +43,7 @@ +
-e authdelay +
Specify the processing delay to perform an authentication function as the value authdelay, in seconds and fraction (see ntpd for details). This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping on very slow CPU's. +
-k keyfile +-
Specify the path for the authentication key file as the string keyfile. The default is /etc/ntp.keys. This file should be in the format described in ntpd. ++
Specify the path for the authentication key file as the string keyfile. The default is /etc/ntp/keys. This file should be in the format described in ntpd. +
-o version +
Specify the NTP version for outgoing packets as the integer version, which can be 1 or 2. The default is 4. This allows ntpdate to be used with older NTP versions. +
-p samples +@@ -66,7 +66,7 @@ +

Diagnostics

+ ntpdate's exit status is zero if it finds a server and updates the clock, and nonzero otherwise. +

Files

+- /etc/ntp.keys - encryption keys used by ntpdate. ++ /etc/ntp/keys - encryption keys used by ntpdate. +

Bugs

+ The slew adjustment is actually 50% larger than the measured offset, since this (it is argued) will tend to keep a badly drifting clock more accurate. This is probably not a good idea and may cause a troubling hunt for some values of the kernel variables tick and tickadj.  +
+diff -up ntp-4.2.6p5/html/ntptime.html.htmldoc ntp-4.2.6p5/html/ntptime.html +--- ntp-4.2.6p5/html/ntptime.html.htmldoc 2009-12-09 08:36:36.000000000 +0100 ++++ ntp-4.2.6p5/html/ntptime.html 2013-03-28 18:13:56.921842773 +0100 +@@ -17,7 +17,7 @@ +
+
+

Synopsis

+- ntptime [ -chr ] [ -e est_error ] [ -f frequency ] [ -m max_error ] [ -o offset ] [ -s status ] [ -t time_constant] ++ ntptime [ -MNchr ] [ -e est_error ] [ -f frequency ] [ -m max_error ] [ -o offset ] [ -s status ] [ -t time_constant] [ -T tai_offset ] +

Description

+

This program is useful only with special kernels described in the A Kernel Model for Precision Timekeeping page. It reads and displays time-related kernel variables using the ntp_gettime() system call. A similar display can be obtained using the ntpdc program and kerninfo command.

+

Options

+@@ -40,9 +40,15 @@ +
Specify clock status. Better know what you are doing. +
-t time_constant +
Specify time constant, an integer in the range 0-10. ++
-M ++
Switch to microsecond mode. ++
-N ++
Switch to nanosecond mode. ++
-T tai_offset ++
Set TAI offset. + +
+ + + +- +\ No newline at end of file ++ diff --git a/SOURCES/ntp-4.2.6p4-rtnetlink.patch b/SOURCES/ntp-4.2.6p4-rtnetlink.patch new file mode 100644 index 0000000..06d2e87 --- /dev/null +++ b/SOURCES/ntp-4.2.6p4-rtnetlink.patch @@ -0,0 +1,15 @@ +diff -up ntp-4.2.6p4/ntpd/ntp_io.c.rtnetlink ntp-4.2.6p4/ntpd/ntp_io.c +--- ntp-4.2.6p4/ntpd/ntp_io.c.rtnetlink 2011-10-05 15:49:17.061711033 +0200 ++++ ntp-4.2.6p4/ntpd/ntp_io.c 2011-10-05 15:49:17.074711042 +0200 +@@ -4549,10 +4549,7 @@ init_async_notifications() + #ifdef HAVE_RTNETLINK + memset(&sa, 0, sizeof(sa)); + sa.nl_family = PF_NETLINK; +- sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR +- | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE +- | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE +- | RTMGRP_IPV6_MROUTE; ++ sa.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR; + if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { + msyslog(LOG_ERR, + "bind failed on routing socket (%m) - using polled interface update"); diff --git a/SOURCES/ntp-4.2.6p5-delaycalib.patch b/SOURCES/ntp-4.2.6p5-delaycalib.patch new file mode 100644 index 0000000..7e9a310 --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-delaycalib.patch @@ -0,0 +1,12 @@ +diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.delaycalib ntp-4.2.6p5/ntpd/ntp_proto.c +--- ntp-4.2.6p5/ntpd/ntp_proto.c.delaycalib 2012-02-28 15:57:57.000000000 +0100 ++++ ntp-4.2.6p5/ntpd/ntp_proto.c 2012-02-28 16:01:30.080135978 +0100 +@@ -1514,7 +1514,7 @@ process_packet( + */ + if (FLAG_BC_VOL & peer->flags) { + peer->flags &= ~FLAG_BC_VOL; +- peer->delay = (peer->offset - p_offset) * 2; ++ peer->delay = fabs(peer->offset - p_offset) * 2; + } + p_del = peer->delay; + p_offset += p_del / 2; diff --git a/SOURCES/ntp-4.2.6p5-fipsmd5.patch b/SOURCES/ntp-4.2.6p5-fipsmd5.patch new file mode 100644 index 0000000..b6d8889 --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-fipsmd5.patch @@ -0,0 +1,47 @@ +diff -up ntp-4.2.6p5/libntp/a_md5encrypt.c.fipsmd5 ntp-4.2.6p5/libntp/a_md5encrypt.c +--- ntp-4.2.6p5/libntp/a_md5encrypt.c.fipsmd5 2011-12-01 03:55:17.000000000 +0100 ++++ ntp-4.2.6p5/libntp/a_md5encrypt.c 2012-10-24 16:24:04.972358878 +0200 +@@ -38,7 +38,11 @@ MD5authencrypt( + * was creaded. + */ + INIT_SSL(); +- EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); ++ if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) { ++ msyslog(LOG_ERR, ++ "MAC encrypt: digest init failed"); ++ return (0); ++ } + EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen); + EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); + EVP_DigestFinal(&ctx, digest, &len); +@@ -71,7 +75,11 @@ MD5authdecrypt( + * was created. + */ + INIT_SSL(); +- EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); ++ if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) { ++ msyslog(LOG_ERR, ++ "MAC decrypt: digest init failed"); ++ return (0); ++ } + EVP_DigestUpdate(&ctx, key, (u_int)cache_keylen); + EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); + EVP_DigestFinal(&ctx, digest, &len); +@@ -101,7 +109,16 @@ addr2refid(sockaddr_u *addr) + return (NSRCADR(addr)); + + INIT_SSL(); +- EVP_DigestInit(&ctx, EVP_get_digestbynid(NID_md5)); ++ EVP_MD_CTX_init(&ctx); ++#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW ++ /* MD5 is not used as a crypto hash here. */ ++ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); ++#endif ++ if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) { ++ msyslog(LOG_ERR, ++ "MD5 init failed"); ++ exit(1); ++ } + EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr), + sizeof(struct in6_addr)); + EVP_DigestFinal(&ctx, digest, &len); diff --git a/SOURCES/ntp-4.2.6p5-hexpw.patch b/SOURCES/ntp-4.2.6p5-hexpw.patch new file mode 100644 index 0000000..6e603c4 --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-hexpw.patch @@ -0,0 +1,236 @@ +diff -up ntp-4.2.6p5/include/ntp_stdlib.h.hexpw ntp-4.2.6p5/include/ntp_stdlib.h +--- ntp-4.2.6p5/include/ntp_stdlib.h.hexpw 2012-11-20 14:43:14.001139737 +0100 ++++ ntp-4.2.6p5/include/ntp_stdlib.h 2012-11-20 14:43:14.047139771 +0100 +@@ -66,7 +66,8 @@ extern int authhavekey (keyid_t); + extern int authistrusted (keyid_t); + extern int authreadkeys (const char *); + extern void authtrust (keyid_t, u_long); +-extern int authusekey (keyid_t, int, const u_char *); ++extern int authusekey (keyid_t, int, const char *); ++extern int authdecodekey (const char *, u_char *, int); + + extern u_long calyearstart (u_long); + extern const char *clockname (int); +diff -up ntp-4.2.6p5/libntp/authreadkeys.c.hexpw ntp-4.2.6p5/libntp/authreadkeys.c +--- ntp-4.2.6p5/libntp/authreadkeys.c.hexpw 2009-12-09 08:36:36.000000000 +0100 ++++ ntp-4.2.6p5/libntp/authreadkeys.c 2012-11-20 14:43:14.047139771 +0100 +@@ -3,7 +3,6 @@ + */ + #include + #include +-#include + + #include "ntp_fp.h" + #include "ntp.h" +@@ -77,7 +76,6 @@ authreadkeys( + char buf[512]; /* lots of room for line */ + u_char keystr[20]; + int len; +- int j; + + /* + * Open file. Complain and return if it can't be opened. +@@ -162,10 +160,7 @@ authreadkeys( + #endif /* OPENSSL */ + + /* +- * Finally, get key and insert it. If it is longer than 20 +- * characters, it is a binary string encoded in hex; +- * otherwise, it is a text string of printable ASCII +- * characters. ++ * Finally, get key and insert it. + */ + token = nexttok(&line); + if (token == NULL) { +@@ -173,31 +168,15 @@ authreadkeys( + "authreadkeys: no key for key %d", keyno); + continue; + } +- len = strlen(token); +- if (len <= 20) { +- MD5auth_setkey(keyno, keytype, (u_char *)token, len); +- } else { +- char hex[] = "0123456789abcdef"; +- u_char temp; +- char *ptr; +- int jlim; +- +- jlim = min(len, 2 * sizeof(keystr)); +- for (j = 0; j < jlim; j++) { +- ptr = strchr(hex, tolower(token[j])); +- if (ptr == NULL) { +- msyslog(LOG_ERR, +- "authreadkeys: invalid hex digit for key %d", keyno); +- continue; +- } +- temp = (u_char)(ptr - hex); +- if (j & 1) +- keystr[j / 2] |= temp; +- else +- keystr[j / 2] = temp << 4; +- } +- MD5auth_setkey(keyno, keytype, keystr, jlim / 2); ++ ++ len = authdecodekey(token, keystr, sizeof (keystr)); ++ if (!len) { ++ msyslog(LOG_ERR, ++ "authreadkeys: could not decode key %d", keyno); ++ continue; + } ++ ++ MD5auth_setkey(keyno, keytype, keystr, len); + } + fclose(fp); + return (1); +diff -up ntp-4.2.6p5/libntp/authusekey.c.hexpw ntp-4.2.6p5/libntp/authusekey.c +--- ntp-4.2.6p5/libntp/authusekey.c.hexpw 2009-12-09 08:36:37.000000000 +0100 ++++ ntp-4.2.6p5/libntp/authusekey.c 2012-11-20 14:43:14.048139771 +0100 +@@ -7,6 +7,7 @@ + #include "ntp_types.h" + #include "ntp_string.h" + #include "ntp_stdlib.h" ++#include "ntp.h" + + /* + * Types of ascii representations for keys. "Standard" means a 64 bit +@@ -19,17 +20,62 @@ int + authusekey( + keyid_t keyno, + int keytype, +- const u_char *str ++ const char *str + ) + { +- const u_char *cp; + int len; ++ u_char key[20]; + +- cp = str; +- len = strlen((const char *)cp); +- if (len == 0) ++ len = authdecodekey(str, key, sizeof(key)); ++ if (!len) + return 0; + +- MD5auth_setkey(keyno, keytype, str, (int)strlen((const char *)str)); ++ MD5auth_setkey(keyno, keytype, key, len); + return 1; + } ++ ++/* ++ * authdecodekey - decode binary or ASCII key from string ++ * ++ * Returns the length of the parsed key, zero if invalid. ++ */ ++int ++authdecodekey( ++ const char *str, ++ u_char *key, ++ int max_length ++ ) ++{ ++ int len; ++ ++ /* ++ * If the string is longer than 20 characters, it is ++ * a binary string encoded in hex; otherwise, it is ++ * a text string of printable ASCII characters. ++ */ ++ len = strlen(str); ++ ++ if (len <= 20) { ++ len = min(len, max_length); ++ memcpy(key, str, len); ++ } else { ++ char hex[] = "0123456789abcdef"; ++ u_char temp; ++ char *ptr; ++ int j; ++ ++ len = min(len / 2, max_length); ++ for (j = 0; j < len * 2; j++) { ++ ptr = strchr(hex, tolower(str[j])); ++ if (ptr == NULL) ++ return 0; ++ temp = (u_char)(ptr - hex); ++ if (j & 1) ++ key[j / 2] |= temp; ++ else ++ key[j / 2] = temp << 4; ++ } ++ } ++ ++ return len; ++} +diff -up ntp-4.2.6p5/ntpdc/ntpdc.c.hexpw ntp-4.2.6p5/ntpdc/ntpdc.c +--- ntp-4.2.6p5/ntpdc/ntpdc.c.hexpw 2011-12-25 00:27:15.000000000 +0100 ++++ ntp-4.2.6p5/ntpdc/ntpdc.c 2012-11-20 14:43:14.048139771 +0100 +@@ -942,12 +942,10 @@ sendrequest( + } + if (!authistrusted(info_auth_keyid)) { + pass = getpass_keytype(info_auth_keytype); +- if ('\0' == pass[0]) { ++ if (!authusekey(info_auth_keyid, info_auth_keytype, pass)) { + fprintf(stderr, "Invalid password\n"); + return 1; + } +- authusekey(info_auth_keyid, info_auth_keytype, +- (u_char *)pass); + authtrust(info_auth_keyid, 1); + } + qpkt.auth_seq = AUTH_SEQ(1, 0); +@@ -1825,16 +1823,21 @@ passwd( + } + } + if (!interactive) { +- authusekey(info_auth_keyid, info_auth_keytype, +- (u_char *)pcmd->argval[0].string); ++ if (!authusekey(info_auth_keyid, info_auth_keytype, ++ pcmd->argval[0].string)) { ++ fprintf(fp, "Invalid password\n"); ++ return; ++ } + authtrust(info_auth_keyid, 1); + } else { + pass = getpass_keytype(info_auth_keytype); + if (*pass == '\0') + (void) fprintf(fp, "Password unchanged\n"); + else { +- authusekey(info_auth_keyid, info_auth_keytype, +- (u_char *)pass); ++ if (!authusekey(info_auth_keyid, info_auth_keytype, pass)) { ++ fprintf(fp, "Invalid password\n"); ++ return; ++ } + authtrust(info_auth_keyid, 1); + } + } +diff -up ntp-4.2.6p5/ntpq/ntpq.c.hexpw ntp-4.2.6p5/ntpq/ntpq.c +--- ntp-4.2.6p5/ntpq/ntpq.c.hexpw 2011-12-25 00:27:15.000000000 +0100 ++++ ntp-4.2.6p5/ntpq/ntpq.c 2012-11-20 14:43:14.049139771 +0100 +@@ -1276,12 +1276,10 @@ sendrequest( + } + if (!authistrusted(info_auth_keyid)) { + pass = getpass_keytype(info_auth_keytype); +- if ('\0' == pass[0]) { ++ if (!authusekey(info_auth_keyid, info_auth_keytype, pass)) { + fprintf(stderr, "Invalid password\n"); + return 1; + } +- authusekey(info_auth_keyid, info_auth_keytype, +- (u_char *)pass); + authtrust(info_auth_keyid, 1); + } + +@@ -2498,7 +2496,10 @@ passwd( + return; + } + } +- authusekey(info_auth_keyid, info_auth_keytype, (u_char *)pass); ++ if (!authusekey(info_auth_keyid, info_auth_keytype, pass)) { ++ fprintf(fp, "Invalid password\n"); ++ return; ++ } + authtrust(info_auth_keyid, 1); + } + diff --git a/SOURCES/ntp-4.2.6p5-identlen.patch b/SOURCES/ntp-4.2.6p5-identlen.patch new file mode 100644 index 0000000..e9691aa --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-identlen.patch @@ -0,0 +1,58 @@ +diff -up ntp-4.2.6p5/html/keygen.html.identlen ntp-4.2.6p5/html/keygen.html +--- ntp-4.2.6p5/html/keygen.html.identlen 2012-12-05 11:43:46.666828864 +0100 ++++ ntp-4.2.6p5/html/keygen.html 2012-12-05 12:00:45.331085982 +0100 +@@ -43,7 +43,7 @@ + +

Synopsis

+ +-

ntp-keygen [ -deGHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA ++

ntp-keygen [ -deGHIMPT ] [ -b modulus ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA + | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ + -i group ] + [ -m modulus ] [ -p passwd2 ] [ -q passwd1 ] [ -S +@@ -140,6 +140,8 @@ +

Command Line Options

+ +
++
-b modulus
++
Set the modulus for generating identity keys to modulus bits. The modulus defaults to 256, but can be set from 256 (32 octets) to 2048 (256 octets). Use the larger moduli with caution, as this can consume considerable computing resources and increases the size of authenticated packets.
+ +
-c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ]
+
Select certificate and message digest/signature encryption scheme. Note that +diff -up ntp-4.2.6p5/util/ntp-keygen-opts.def.identlen ntp-4.2.6p5/util/ntp-keygen-opts.def +--- ntp-4.2.6p5/util/ntp-keygen-opts.def.identlen 2009-12-09 08:36:35.000000000 +0100 ++++ ntp-4.2.6p5/util/ntp-keygen-opts.def 2012-12-05 12:03:17.991124514 +0100 +@@ -16,6 +16,19 @@ include = '#include '; + #include version.def + + flag = { ++ value = b; ++ name = imbits; ++ arg-type = number; ++ arg-name = imbits; ++ arg-range = '256->2048'; ++ ifdef = OPENSSL; ++ descrip = "identity modulus bits"; ++ doc = <<- _EndOfDoc_ ++ The number of bits in the identity modulus. The default is 256. ++ _EndOfDoc_; ++}; ++ ++flag = { + value = c; + name = certificate; + arg-type = string; +diff -up ntp-4.2.6p5/util/ntp-keygen.c.identlen ntp-4.2.6p5/util/ntp-keygen.c +--- ntp-4.2.6p5/util/ntp-keygen.c.identlen 2011-12-25 00:27:16.000000000 +0100 ++++ ntp-4.2.6p5/util/ntp-keygen.c 2012-12-05 12:03:43.318130907 +0100 +@@ -318,6 +318,10 @@ main( + mvpar++; + nkeys = OPT_VALUE_MV_KEYS; + } ++ ++ if (HAVE_OPT( IMBITS )) ++ modulus2 = OPT_VALUE_IMBITS; ++ + if (HAVE_OPT( MODULUS )) + modulus = OPT_VALUE_MODULUS; + diff --git a/SOURCES/ntp-4.2.6p5-mlock.patch b/SOURCES/ntp-4.2.6p5-mlock.patch new file mode 100644 index 0000000..b91da26 --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-mlock.patch @@ -0,0 +1,69 @@ +diff -up ntp-4.2.6p5/html/ntpd.html.mlock ntp-4.2.6p5/html/ntpd.html +--- ntp-4.2.6p5/html/ntpd.html.mlock 2012-11-23 14:58:15.401693701 +0100 ++++ ntp-4.2.6p5/html/ntpd.html 2012-11-23 14:58:15.415693714 +0100 +@@ -32,7 +32,7 @@ + +
+

Synopsis

+- ntpd [ -46aAbdDgLnNqx ] [ -c conffile ] [ -f driftfile ] [ -i jaildir ] [ -I iface ] [ -k keyfile ] [ -l logfile ] [ -p pidfile ] [ -P priority ] [ -r broadcastdelay ] [ -s statsdir ] [ -t key ] [ -u user[:group] ] [ -U interface_update_interval ] [ -v variable ] [ -V variable ] ++ ntpd [ -46aAbdDgLmnNqx ] [ -c conffile ] [ -f driftfile ] [ -i jaildir ] [ -I iface ] [ -k keyfile ] [ -l logfile ] [ -p pidfile ] [ -P priority ] [ -r broadcastdelay ] [ -s statsdir ] [ -t key ] [ -u user[:group] ] [ -U interface_update_interval ] [ -v variable ] [ -V variable ] +

Description

+

The ntpd program is an operating system daemon that synchronises the system clock with remote NTP time servers or local reference clocks. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. The program can operate in any of several modes, as described on the Association Management page, and with both symmetric key and public key cryptography, as described on the Authentication Options page.

+

The ntpd program ordinarily requires a configuration file as desccribe on the Configuration Commands and Options collection above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment. Further details are on the Automatic Server Discovery page.

+@@ -123,6 +123,8 @@ +
Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please consider using the configuration file interface command, which is more versatile.
+
-M
+
Raise scheduler precision to its maximum (1 msec) using timeBeginPeriod. (Windows only)
++
-m ++
Lock memory. +
-n
+
Don't fork.
+
-N
+diff -up ntp-4.2.6p5/ntpd/ntpd.c.mlock ntp-4.2.6p5/ntpd/ntpd.c +--- ntp-4.2.6p5/ntpd/ntpd.c.mlock 2012-11-23 14:58:15.369693666 +0100 ++++ ntp-4.2.6p5/ntpd/ntpd.c 2012-11-23 14:58:15.416693715 +0100 +@@ -723,7 +723,8 @@ ntpdmain( + } + #endif + +-#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE) ++#if defined(MCL_CURRENT) && defined(MCL_FUTURE) ++ if (HAVE_OPT( MLOCK )) { + # ifdef HAVE_SETRLIMIT + /* + * Set the stack limit to something smaller, so that we don't lock a lot +@@ -749,7 +750,7 @@ ntpdmain( + * fail if we drop root privlege. To be useful the value + * has to be larger than the largest ntpd resident set size. + */ +- rl.rlim_cur = rl.rlim_max = 32*1024*1024; ++ rl.rlim_cur = rl.rlim_max = 64*1024*1024; + if (setrlimit(RLIMIT_MEMLOCK, &rl) == -1) { + msyslog(LOG_ERR, "Cannot set RLIMIT_MEMLOCK: %m"); + } +@@ -761,6 +762,7 @@ ntpdmain( + */ + if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0) + msyslog(LOG_ERR, "mlockall(): %m"); ++ } + #else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */ + # ifdef HAVE_PLOCK + # ifdef PROCLOCK +diff -up ntp-4.2.6p5/ntpd/ntpdbase-opts.def.mlock ntp-4.2.6p5/ntpd/ntpdbase-opts.def +--- ntp-4.2.6p5/ntpd/ntpdbase-opts.def.mlock 2009-12-09 08:36:35.000000000 +0100 ++++ ntp-4.2.6p5/ntpd/ntpdbase-opts.def 2012-11-23 15:07:16.960261421 +0100 +@@ -226,6 +226,14 @@ flag = { + }; + + flag = { ++ name = mlock; ++ value = m; ++ descrip = "Lock memory"; ++ doc = <<- _EndOfDoc_ ++ _EndOfDoc_; ++}; ++ ++flag = { + ifdef = SYS_WINNT; + name = modifymmtimer; + value = M; diff --git a/SOURCES/ntp-4.2.6p5-multiopts.patch b/SOURCES/ntp-4.2.6p5-multiopts.patch new file mode 100644 index 0000000..6311152 --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-multiopts.patch @@ -0,0 +1,19 @@ +diff -up ntp-4.2.6p5/ntpd/ntpdbase-opts.def.multiopts ntp-4.2.6p5/ntpd/ntpdbase-opts.def +--- ntp-4.2.6p5/ntpd/ntpdbase-opts.def.multiopts 2009-12-09 08:36:35.000000000 +0100 ++++ ntp-4.2.6p5/ntpd/ntpdbase-opts.def 2012-11-23 14:54:49.132477448 +0100 +@@ -259,6 +259,7 @@ flag = { + flag = { + name = pidfile; + value = p; ++ max = 2; + arg-type = string; + descrip = "path to the PID file"; + doc = <<- _EndOfDoc_ +@@ -355,6 +356,7 @@ flag = { + ifdef = HAVE_DROPROOT; + name = user; + value = u; ++ max = 2; + arg-type = string; + descrip = "Run as userid (or userid:groupid)"; + omitted-usage = "built without --enable-clockctl or --enable-linuxcaps"; diff --git a/SOURCES/ntp-4.2.6p5-noservres.patch b/SOURCES/ntp-4.2.6p5-noservres.patch new file mode 100644 index 0000000..1f579ce --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-noservres.patch @@ -0,0 +1,12 @@ +diff -up ntp-4.2.6p5/libntp/decodenetnum.c.noservres ntp-4.2.6p5/libntp/decodenetnum.c +--- ntp-4.2.6p5/libntp/decodenetnum.c.noservres 2011-08-04 06:13:43.000000000 +0200 ++++ ntp-4.2.6p5/libntp/decodenetnum.c 2013-03-28 18:38:49.239727130 +0100 +@@ -70,7 +70,7 @@ decodenetnum( + } + ZERO(hints); + hints.ai_flags = Z_AI_NUMERICHOST; +- err = getaddrinfo(cp, "ntp", &hints, &ai); ++ err = getaddrinfo(cp, NULL, &hints, &ai); + if (err != 0) + return 0; + NTP_INSIST(ai->ai_addrlen <= sizeof(*netnum)); diff --git a/SOURCES/ntp-4.2.6p5-pwcipher.patch b/SOURCES/ntp-4.2.6p5-pwcipher.patch new file mode 100644 index 0000000..683fbc2 --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-pwcipher.patch @@ -0,0 +1,258 @@ +diff -up ntp-4.2.6p5/html/keygen.html.pwcipher ntp-4.2.6p5/html/keygen.html +--- ntp-4.2.6p5/html/keygen.html.pwcipher 2012-11-23 13:57:26.178868018 +0100 ++++ ntp-4.2.6p5/html/keygen.html 2012-11-23 14:44:50.952850361 +0100 +@@ -44,8 +44,8 @@ +

Synopsis

+ +

ntp-keygen [ -deGHIMPT ] [ -b modulus ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA +- | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ +- -i group ] ++ | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] ++ [ -C cipher ] [ -i group ] + [ -m modulus ] [ -p passwd2 ] [ -q passwd1 ] [ -S + [ RSA | DSA ] ] [ -s host ] [ -V nkeys ]

+ +@@ -148,6 +148,9 @@ + compatibility with FIPS 140-2 is required, either the DSA-SHA or DSA-SHA1 scheme + must be used.
+ ++
-C cipher ++
Select the cipher which is used to encrypt the files containing private keys. The default is three-key triple DES in CBC mode, equivalent to "-C des-ede3-cbc". The openssl tool lists ciphers available in "openssl -h" output.
++ +
-d
+
Enable debugging. This option displays the cryptographic data produced for eye-friendly billboards.
+ +@@ -215,7 +218,7 @@ + +

All files begin with two nonencrypted lines. The first line contains the file name in the format ntpkey_key_host.fstamp. The second line contains the datestamp in conventional Unix date format. Lines beginning with # are ignored.

+ +-

The remainder of the file contains cryptographic data encoded first using ASN.1 rules, then encrypted using the DES-CBC algorithm and given password and finally written in PEM-encoded printable ASCII text preceded and followed by MIME content identifier lines.

++

The remainder of the file contains cryptographic data encoded first using ASN.1 rules, then encrypted using the cipher selected with -C and given password and finally written in PEM-encoded printable ASCII text preceded and followed by MIME content identifier lines.

+ +

The format of the symmetric keys file is somewhat different than the other files in the interest of backward compatibility. Since DES-CBC is deprecated in NTPv4, the only key format of interest is MD5 alphanumeric strings. Following the header the keys are entered one per line in the format

+ +@@ -237,4 +240,4 @@ + + + +- +\ No newline at end of file ++ +diff -up ntp-4.2.6p5/util/ntp-keygen-opts.def.pwcipher ntp-4.2.6p5/util/ntp-keygen-opts.def +--- ntp-4.2.6p5/util/ntp-keygen-opts.def.pwcipher 2009-12-09 08:36:35.000000000 +0100 ++++ ntp-4.2.6p5/util/ntp-keygen-opts.def 2012-11-23 13:57:26.211868051 +0100 +@@ -34,6 +34,21 @@ flag = { + _EndOfDoc_; + }; + ++flag = { ++ value = C; ++ name = cipher; ++ arg-type = string; ++ arg-name = cipher; ++ ifdef = OPENSSL; ++ descrip = "privatekey cipher"; ++ doc = <<- _EndOfDoc_ ++ Select the cipher which is used to encrypt the files containing ++ private keys. The default is three-key triple DES in CBC mode, ++ equivalent to "-C des-ede3-cbc". The openssl tool lists ciphers ++ available in "openssl -h" output. ++ _EndOfDoc_; ++}; ++ + #include debug-opt.def + + flag = { +@@ -134,7 +149,7 @@ flag = { + descrip = "output private password"; + doc = <<- _EndOfDoc_ + Encrypt generated files containing private data with the specified +- password and the DES-CBC algorithm. ++ password and the cipher selected with -C/--cipher. + _EndOfDoc_; + }; + +diff -up ntp-4.2.6p5/util/ntp-keygen.c.pwcipher ntp-4.2.6p5/util/ntp-keygen.c +--- ntp-4.2.6p5/util/ntp-keygen.c.pwcipher 2012-11-23 13:57:26.202868041 +0100 ++++ ntp-4.2.6p5/util/ntp-keygen.c 2012-11-23 13:57:26.212868052 +0100 +@@ -169,6 +169,7 @@ char *passwd1 = NULL; /* input private k + char *passwd2 = NULL; /* output private key password */ + #ifdef OPENSSL + long d0, d1, d2, d3; /* callback counters */ ++const EVP_CIPHER * cipher = NULL; + #endif /* OPENSSL */ + + #ifdef SYS_WINNT +@@ -236,6 +237,7 @@ main( + const EVP_MD *ectx; /* EVP digest */ + char pathbuf[MAXFILENAME + 1]; + const char *scheme = NULL; /* digest/signature scheme */ ++ const char *ciphername = NULL; /* to encrypt priv. key */ + char *exten = NULL; /* private extension */ + char *grpkey = NULL; /* identity extension */ + int nid; /* X509 digest/signature scheme */ +@@ -322,6 +324,9 @@ main( + if (HAVE_OPT( CERTIFICATE )) + scheme = OPT_ARG( CERTIFICATE ); + ++ if (HAVE_OPT( CIPHER )) ++ ciphername = OPT_ARG( CIPHER ); ++ + if (HAVE_OPT( SUBJECT_NAME )) + hostname = strdup(OPT_ARG( SUBJECT_NAME )); + +@@ -418,6 +423,13 @@ main( + } + if (scheme == NULL) + scheme = "RSA-MD5"; ++ if (ciphername == NULL) ++ ciphername = "des-ede3-cbc"; ++ cipher = EVP_get_cipherbyname(ciphername); ++ if (cipher == NULL) { ++ fprintf(stderr, "Unknown cipher %s\n", ciphername); ++ exit(-1); ++ } + if (groupname == NULL) + groupname = hostname; + fprintf(stderr, "Using host %s group %s\n", hostname, +@@ -520,9 +532,9 @@ main( + BN_copy(rsa->q, BN_value_one()); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(pkey, rsa); +- PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, +- NULL); +- fclose(stdout); ++ PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, ++ NULL, NULL); ++ fflush(stdout); + if (debug) + RSA_print_fp(stderr, rsa, 0); + } +@@ -542,9 +554,9 @@ main( + rsa = pkey_gqkey->pkey.rsa; + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(pkey, rsa); +- PEM_write_PrivateKey(stdout, pkey, +- EVP_des_cbc(), NULL, 0, NULL, passwd2); +- fclose(stdout); ++ PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, ++ NULL, passwd2); ++ fflush(stdout); + if (debug) + RSA_print_fp(stderr, rsa, 0); + } +@@ -584,9 +596,9 @@ main( + BN_copy(dsa->priv_key, BN_value_one()); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey, dsa); +- PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, +- NULL); +- fclose(stdout); ++ PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, ++ NULL, NULL); ++ fflush(stdout); + if (debug) + DSA_print_fp(stderr, dsa, 0); + } +@@ -607,9 +619,9 @@ main( + dsa = pkey_iffkey->pkey.dsa; + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey, dsa); +- PEM_write_PrivateKey(stdout, pkey, EVP_des_cbc(), NULL, +- 0, NULL, passwd2); +- fclose(stdout); ++ PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, ++ NULL, passwd2); ++ fflush(stdout); + if (debug) + DSA_print_fp(stderr, dsa, 0); + } +@@ -645,9 +657,9 @@ main( + fprintf(stdout, "# %s\n# %s\n", filename, + ctime(&epoch)); + pkey = pkey_mvpar[2]; +- PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, +- NULL); +- fclose(stdout); ++ PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, ++ NULL, NULL); ++ fflush(stdout); + if (debug) + DSA_print_fp(stderr, pkey->pkey.dsa, 0); + } +@@ -664,9 +676,9 @@ main( + fprintf(stdout, "# %s\n# %s\n", filename, + ctime(&epoch)); + pkey = pkey_mvpar[1]; +- PEM_write_PrivateKey(stdout, pkey, EVP_des_cbc(), NULL, +- 0, NULL, passwd2); +- fclose(stdout); ++ PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, ++ NULL, passwd2); ++ fflush(stdout); + if (debug) + DSA_print_fp(stderr, pkey->pkey.dsa, 0); + } +@@ -886,7 +898,7 @@ gen_rsa( + str = fheader("RSAhost", id, hostname); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(pkey, rsa); +- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, ++ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, + passwd1); + fclose(str); + if (debug) +@@ -941,7 +953,7 @@ gen_dsa( + str = fheader("DSAsign", id, hostname); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey, dsa); +- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, ++ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, + passwd1); + fclose(str); + if (debug) +@@ -1108,7 +1120,7 @@ gen_iffkey( + str = fheader("IFFkey", id, groupname); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey, dsa); +- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, ++ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, + passwd1); + fclose(str); + if (debug) +@@ -1305,7 +1317,7 @@ gen_gqkey( + str = fheader("GQkey", id, groupname); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(pkey, rsa); +- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, ++ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, + passwd1); + fclose(str); + if (debug) +@@ -1710,7 +1722,7 @@ gen_mvkey( + BN_copy(dsa->pub_key, b); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey, dsa); +- PEM_write_PrivateKey(str, pkey, EVP_des_cbc(), NULL, 0, NULL, ++ PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, + passwd1); + evpars[i++] = pkey; + if (debug) +@@ -1736,7 +1748,7 @@ gen_mvkey( + dsa2->pub_key = BN_dup(ghat); + pkey1 = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(pkey1, dsa2); +- PEM_write_PrivateKey(str, pkey1, EVP_des_cbc(), NULL, 0, NULL, ++ PEM_write_PKCS8PrivateKey(str, pkey1, cipher, NULL, 0, NULL, + passwd1); + evpars[i++] = pkey1; + if (debug) +@@ -1762,7 +1774,7 @@ gen_mvkey( + sdsa->pub_key = BN_dup(xhat[j]); + pkey1 = EVP_PKEY_new(); + EVP_PKEY_set1_DSA(pkey1, sdsa); +- PEM_write_PrivateKey(str, pkey1, EVP_des_cbc(), NULL, 0, ++ PEM_write_PKCS8PrivateKey(str, pkey1, cipher, NULL, 0, + NULL, passwd1); + evpars[i++] = pkey1; + if (debug) diff --git a/SOURCES/ntp-4.2.6p5-updatebclient.patch b/SOURCES/ntp-4.2.6p5-updatebclient.patch new file mode 100644 index 0000000..bc740e9 --- /dev/null +++ b/SOURCES/ntp-4.2.6p5-updatebclient.patch @@ -0,0 +1,23 @@ +diff -up ntp-4.2.6p5/ntpd/ntp_io.c.updatebclient ntp-4.2.6p5/ntpd/ntp_io.c +--- ntp-4.2.6p5/ntpd/ntp_io.c.updatebclient 2012-11-20 15:54:23.516362641 +0100 ++++ ntp-4.2.6p5/ntpd/ntp_io.c 2012-11-20 15:55:05.464364038 +0100 +@@ -2044,6 +2044,9 @@ update_interfaces( + msyslog(LOG_INFO, "peers refreshed"); + } + ++ if (sys_bclient) ++ io_setbclient(); ++ + return new_interface_found; + } + +@@ -2678,9 +2681,6 @@ io_setbclient(void) + set_pktinfo(1); + if (nif > 0) + DPRINTF(1, ("io_setbclient: Opened broadcast clients\n")); +- else if (!nif) +- msyslog(LOG_ERR, +- "Unable to listen for broadcasts, no broadcast interfaces available"); + #else + msyslog(LOG_ERR, + "io_setbclient: Broadcast Client disabled by build"); diff --git a/SOURCES/ntp-wait.service b/SOURCES/ntp-wait.service new file mode 100644 index 0000000..8d67e13 --- /dev/null +++ b/SOURCES/ntp-wait.service @@ -0,0 +1,14 @@ +[Unit] +Description=Wait for ntpd to synchronize system clock +After=ntpd.service +Requires=ntpd.service +Before=time-sync.target +Wants=time-sync.target + +[Service] +Type=oneshot +ExecStart=/usr/sbin/ntp-wait +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/ntp.conf b/SOURCES/ntp.conf new file mode 100644 index 0000000..baa57b3 --- /dev/null +++ b/SOURCES/ntp.conf @@ -0,0 +1,53 @@ +# For more information about this file, see the man pages +# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5). + +driftfile VARNTP/drift + +# Permit time synchronization with our time source, but do not +# permit the source to query or modify the service on this system. +restrict default kod nomodify notrap nopeer noquery +restrict -6 default kod nomodify notrap nopeer noquery + +# Permit all access over the loopback interface. This could +# be tightened as well, but to do so would effect some of +# the administrative functions. +restrict 127.0.0.1 +restrict -6 ::1 + +# Hosts on local network are less restricted. +#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +server 0.VENDORZONE.pool.ntp.org iburst +server 1.VENDORZONE.pool.ntp.org iburst +server 2.VENDORZONE.pool.ntp.org iburst +server 3.VENDORZONE.pool.ntp.org iburst + +#broadcast 192.168.1.255 autokey # broadcast server +#broadcastclient # broadcast client +#broadcast 224.0.1.1 autokey # multicast server +#multicastclient 224.0.1.1 # multicast client +#manycastserver 239.255.254.254 # manycast server +#manycastclient 239.255.254.254 autokey # manycast client + +# Enable public key cryptography. +#crypto + +includefile ETCNTP/crypto/pw + +# Key file containing the keys and key identifiers used when operating +# with symmetric key cryptography. +keys ETCNTP/keys + +# Specify the key identifiers which are trusted. +#trustedkey 4 8 42 + +# Specify the key identifier to use with the ntpdc utility. +#requestkey 8 + +# Specify the key identifier to use with the ntpq utility. +#controlkey 8 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats diff --git a/SOURCES/ntp.cryptopw b/SOURCES/ntp.cryptopw new file mode 100644 index 0000000..7e96fc2 --- /dev/null +++ b/SOURCES/ntp.cryptopw @@ -0,0 +1,5 @@ +# This file is included from /etc/ntp.conf. It specifies the password used to +# decrypt files containing private keys and identity parameters. The password +# is required only if the files have been encrypted. +# +#crypto pw apassword diff --git a/SOURCES/ntp.dhclient b/SOURCES/ntp.dhclient new file mode 100755 index 0000000..1cc9f43 --- /dev/null +++ b/SOURCES/ntp.dhclient @@ -0,0 +1,63 @@ +#!/bin/bash +# +# ntp.sh: dhclient-script plugin for NTP settings, +# place in /etc/dhcp/dhclient.d and 'chmod +x ntp.sh' to enable +# +# Copyright (C) 2008 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Author(s): David Cantrell +# Miroslav Lichvar +# + +CONF=/etc/ntp.conf +SAVECONF=${SAVEDIR}/${CONF##*/}.predhclient.${interface} + +ntp_replace_conf() { + echo "$1" | diff -q ${CONF} - > /dev/null 2>&1 + if [ $? -eq 1 ]; then + echo "$1" > ${CONF} + restorecon ${CONF} >/dev/null 2>&1 + systemctl try-restart ntpd.service > /dev/null 2>&1 || + service ntpd condrestart > /dev/null 2>&1 + fi +} + +ntp_config() { + if [ ! "${PEERNTP}" = "no" ] && [ -n "${new_ntp_servers}" ] && + [ -e ${CONF} ] && [ -d ${SAVEDIR} ]; then + local conf=$(grep -v '^server .* # added by /sbin/dhclient-script$' < ${CONF}) + local unique_servers=$(comm -23 \ + <(for s in ${new_ntp_servers}; do echo $s; done | sort -u) \ + <(echo "$conf" | awk '$1=="peer"||$1=="server"{print $2}' | sort -u)) + + conf=$(echo "$conf" + for s in ${unique_servers}; do + echo "server ${s} ${NTPSERVERARGS} # added by /sbin/dhclient-script" + done) + + [ -f ${SAVECONF} ] || touch ${SAVECONF} + ntp_replace_conf "$conf" + fi +} + +ntp_restore() { + if [ -e ${CONF} ] && [ -f ${SAVECONF} ]; then + local conf=$(grep -v '^server .* # added by /sbin/dhclient-script$' < ${CONF}) + + ntp_replace_conf "$conf" + rm -f ${SAVECONF} + fi +} diff --git a/SOURCES/ntp.keys b/SOURCES/ntp.keys new file mode 100644 index 0000000..80ab8c4 --- /dev/null +++ b/SOURCES/ntp.keys @@ -0,0 +1,3 @@ +# For more information about this file, see the man page ntp_auth(5). +# +# id type key diff --git a/SOURCES/ntp.step-tickers b/SOURCES/ntp.step-tickers new file mode 100644 index 0000000..8b4b1fd --- /dev/null +++ b/SOURCES/ntp.step-tickers @@ -0,0 +1,3 @@ +# List of NTP servers used by the ntpdate service. + +0.VENDORZONE.pool.ntp.org diff --git a/SOURCES/ntpd.service b/SOURCES/ntpd.service new file mode 100644 index 0000000..1084545 --- /dev/null +++ b/SOURCES/ntpd.service @@ -0,0 +1,12 @@ +[Unit] +Description=Network Time Service +After=syslog.target ntpdate.service sntp.service + +[Service] +Type=forking +EnvironmentFile=-/etc/sysconfig/ntpd +ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/ntpd.sysconfig b/SOURCES/ntpd.sysconfig new file mode 100644 index 0000000..49394c7 --- /dev/null +++ b/SOURCES/ntpd.sysconfig @@ -0,0 +1,2 @@ +# Command line options for ntpd +OPTIONS="-g" diff --git a/SOURCES/ntpdate.service b/SOURCES/ntpdate.service new file mode 100644 index 0000000..038b293 --- /dev/null +++ b/SOURCES/ntpdate.service @@ -0,0 +1,13 @@ +[Unit] +Description=Set time via NTP +After=syslog.target network.target nss-lookup.target +Before=time-sync.target +Wants=time-sync.target + +[Service] +Type=oneshot +ExecStart=/usr/libexec/ntpdate-wrapper +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/ntpdate.sysconfig b/SOURCES/ntpdate.sysconfig new file mode 100644 index 0000000..2502779 --- /dev/null +++ b/SOURCES/ntpdate.sysconfig @@ -0,0 +1,8 @@ +# Options for ntpdate +OPTIONS="-p 2" + +# Number of retries before giving up +RETRIES=2 + +# Set to 'yes' to sync hw clock after successful ntpdate +SYNC_HWCLOCK=no diff --git a/SOURCES/ntpdate.wrapper b/SOURCES/ntpdate.wrapper new file mode 100755 index 0000000..5baeab0 --- /dev/null +++ b/SOURCES/ntpdate.wrapper @@ -0,0 +1,36 @@ +#!/bin/bash + +ntpconf=/etc/ntp.conf +ntpstep=/etc/ntp/step-tickers + +[ "$EUID" != "0" ] && exit 4 +[ -x /usr/sbin/ntpdate ] || exit 5 +[ -f /etc/sysconfig/ntpdate ] || exit 6 +. /etc/sysconfig/ntpdate + +[ -f $ntpstep ] && tickers=$(sed 's/#.*//' $ntpstep) || tickers= + +if ! echo "$tickers" | grep -qi '[a-z0-9]' && [ -f $ntpconf ]; then + # the step-tickers file doesn't specify a server, + # use servers from ntp.conf instead + tickers=$(awk '$1=="peer"||$1=="server"{print $2}' $ntpconf | \ + grep -Ev '127\.127\.[0-9]+\.[0-9]+') +fi + +if ! echo "$tickers" | grep -qi '[a-z0-9]'; then + echo "NTP server not specified in $ntpstep or $ntpconf" + exit 6 +fi + +[ -z "$RETRIES" ] && RETRIES=2 +retry=0 +while true; do + /usr/sbin/ntpdate -U ntp -s -b $OPTIONS $tickers &> /dev/null + RETVAL=$? + [ $RETVAL -eq 0 ] || [ $retry -ge "$RETRIES" ] && break + sleep $[10 * (1 << $retry)] + retry=$[$retry + 1] +done + +[ $RETVAL -eq 0 ] && [ "$SYNC_HWCLOCK" = "yes" ] && /sbin/hwclock --systohc +exit $RETVAL diff --git a/SOURCES/ntpstat-0.2-clksrc.patch b/SOURCES/ntpstat-0.2-clksrc.patch new file mode 100644 index 0000000..c427f1f --- /dev/null +++ b/SOURCES/ntpstat-0.2-clksrc.patch @@ -0,0 +1,12 @@ +diff -up ntp-4.2.4p7/ntpstat-0.2/ntpstat.c.ntpstat ntp-4.2.4p7/ntpstat-0.2/ntpstat.c +--- ntp-4.2.4p7/ntpstat-0.2/ntpstat.c.ntpstat 2002-06-10 08:02:12.000000000 +0200 ++++ ntp-4.2.4p7/ntpstat-0.2/ntpstat.c 2009-07-20 12:22:35.000000000 +0200 +@@ -187,7 +187,7 @@ int main (void) { + else + printf("unknown source"); + +- if (!strncmp(clksrcname[clksrc],clksrcname[6],sizeof(clksrcname[6]))) { ++ if (clksrc == 6) { + // source of sync is another NTP server so check the IP address + strncpy(buff, ntpmsg.payload, sizeof(buff)); + if ((newstr = strstr (buff, REFID))) { diff --git a/SOURCES/ntpstat-0.2-errorbit.patch b/SOURCES/ntpstat-0.2-errorbit.patch new file mode 100644 index 0000000..06e9342 --- /dev/null +++ b/SOURCES/ntpstat-0.2-errorbit.patch @@ -0,0 +1,32 @@ +diff -up ntp-4.2.6p4/ntpstat-0.2/ntpstat.c.errorbit ntp-4.2.6p4/ntpstat-0.2/ntpstat.c +--- ntp-4.2.6p4/ntpstat-0.2/ntpstat.c.errorbit 2011-10-06 13:41:38.591669772 +0200 ++++ ntp-4.2.6p4/ntpstat-0.2/ntpstat.c 2011-10-06 16:50:01.708315811 +0200 +@@ -104,6 +104,7 @@ int main (void) { + FD_ZERO(&fds); + + inet_aton("127.0.0.1", &address); ++ memset(&sock, 0, sizeof (sock));; + sock.sin_family = AF_INET; + sock.sin_addr = address; + sock.sin_port = htons(NTP_PORT); +@@ -159,15 +160,18 @@ int main (void) { + die ("return data appears to be invalid based on status word"); + } + +- if (!(ntpmsg.byte2 | EMASK)) { ++ if (ntpmsg.byte2 & EMASK) { + fprintf (stderr,"status byte2 is %02x\n", ntpmsg.byte2 ); + die ("error bit is set in reply"); + } + +- if (!(ntpmsg.byte2 | MMASK)) { ++ /* ignore the more bit */ ++#if 0 ++ if (ntpmsg.byte2 & MMASK) { + fprintf (stderr,"status byte2 is %02x\n", ntpmsg.byte2 ); + fprintf (stderr,"More bit unexpected in reply"); + } ++#endif + + /* if the leap indicator (LI), which is the two most significant bits + in status byte1, are both one, then the clock is not synchronised. */ diff --git a/SOURCES/ntpstat-0.2-maxerror.patch b/SOURCES/ntpstat-0.2-maxerror.patch new file mode 100644 index 0000000..f8ab750 --- /dev/null +++ b/SOURCES/ntpstat-0.2-maxerror.patch @@ -0,0 +1,38 @@ +diff -up ntp-4.2.6p1/ntpstat-0.2/ntpstat.c.maxerror ntp-4.2.6p1/ntpstat-0.2/ntpstat.c +--- ntp-4.2.6p1/ntpstat-0.2/ntpstat.c.maxerror 2010-05-03 11:37:49.000000000 +0200 ++++ ntp-4.2.6p1/ntpstat-0.2/ntpstat.c 2010-05-03 12:20:08.000000000 +0200 +@@ -89,7 +89,9 @@ int main (void) { + "modem"}; /* 9 */ + char *newstr; + char *dispstr; ++ char *delaystr; + const char DISP[] = "rootdisp="; ++ const char DELAY[] = "rootdelay="; + const char STRATUM[] = "stratum="; + const char POLL[] = "tc="; + const char REFID[] = "refid="; +@@ -235,16 +237,19 @@ int main (void) { + /* Set the position of the start of the string to + "rootdispersion=" part of the string. */ + strncpy(buff, ntpmsg.payload, sizeof(buff)); +- if ((newstr = strstr (buff, DISP))) { +- newstr += sizeof(DISP) - 1; +- dispstr = strtok(newstr,"."); ++ if ((dispstr = strstr (buff, DISP)) && (delaystr = strstr (buff, DELAY))) { ++ dispstr += sizeof(DISP) - 1; ++ dispstr = strtok(dispstr,","); ++ delaystr += sizeof(DELAY) - 1; ++ delaystr = strtok(delaystr,","); + + /* Check the resultant string is of a reasonable length */ +- if ((strlen (dispstr) == 0) || (strlen (dispstr) > 4)) { ++ if ((strlen (dispstr) == 0) || (strlen (dispstr) > 10) || ++ (strlen (delaystr) == 0) || (strlen (delaystr) > 10)) { + printf ("accuracy unreadable\n"); + } + else { +- printf(" time correct to within %s ms\n",dispstr); ++ printf(" time correct to within %.0f ms\n", atof(dispstr) + atof(delaystr) / 2.0); + } + } else { + rc=1; diff --git a/SOURCES/ntpstat-0.2-multipacket.patch b/SOURCES/ntpstat-0.2-multipacket.patch new file mode 100644 index 0000000..ca21257 --- /dev/null +++ b/SOURCES/ntpstat-0.2-multipacket.patch @@ -0,0 +1,12 @@ +diff -up ntp-4.2.4p7/ntpstat-0.2/ntpstat.c.ntpstat ntp-4.2.4p7/ntpstat-0.2/ntpstat.c +--- ntp-4.2.4p7/ntpstat-0.2/ntpstat.c.ntpstat 2002-06-10 08:02:12.000000000 +0200 ++++ ntp-4.2.4p7/ntpstat-0.2/ntpstat.c 2009-07-20 12:22:35.000000000 +0200 +@@ -151,7 +151,7 @@ int main (void) { + /* For the reply message to be valid, the first byte should be as sent, + and the second byte should be the same, with the response bit set */ + byte1ok = ((ntpmsg.byte1&0x3F) == B1VAL); +- byte2ok = (ntpmsg.byte2 == (B2VAL|RMASK)); ++ byte2ok = ((ntpmsg.byte2 & ~MMASK) == (B2VAL|RMASK)); + if (!(byte1ok && byte2ok)) { + fprintf (stderr,"status word is 0x%02x%02x\n", ntpmsg.byte1,ntpmsg.byte2 ); + die ("return data appears to be invalid based on status word"); diff --git a/SOURCES/ntpstat-0.2-sysvars.patch b/SOURCES/ntpstat-0.2-sysvars.patch new file mode 100644 index 0000000..3f641a9 --- /dev/null +++ b/SOURCES/ntpstat-0.2-sysvars.patch @@ -0,0 +1,15 @@ +diff -up ntp-4.2.6p1/ntpstat-0.2/ntpstat.c.sysvars ntp-4.2.6p1/ntpstat-0.2/ntpstat.c +--- ntp-4.2.6p1/ntpstat-0.2/ntpstat.c.sysvars 2010-05-03 11:27:47.000000000 +0200 ++++ ntp-4.2.6p1/ntpstat-0.2/ntpstat.c 2010-05-03 11:32:56.000000000 +0200 +@@ -89,9 +89,9 @@ int main (void) { + "modem"}; /* 9 */ + char *newstr; + char *dispstr; +- const char DISP[] = "rootdispersion="; ++ const char DISP[] = "rootdisp="; + const char STRATUM[] = "stratum="; +- const char POLL[] = "poll="; ++ const char POLL[] = "tc="; + const char REFID[] = "refid="; + + /* initialise timeout value */ diff --git a/SOURCES/sntp.service b/SOURCES/sntp.service new file mode 100644 index 0000000..70ff227 --- /dev/null +++ b/SOURCES/sntp.service @@ -0,0 +1,14 @@ +[Unit] +Description=Set time via SNTP +After=syslog.target network.target NetworkManager-wait-online.service nss-lookup.target +Before=time-sync.target +Wants=time-sync.target + +[Service] +Type=oneshot +EnvironmentFile=/etc/sysconfig/sntp +ExecStart=/usr/sbin/sntp $OPTIONS +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/sntp.sysconfig b/SOURCES/sntp.sysconfig new file mode 100644 index 0000000..1bf1c01 --- /dev/null +++ b/SOURCES/sntp.sysconfig @@ -0,0 +1,2 @@ +# Options for sntp +OPTIONS="-s 0.VENDORZONE.pool.ntp.org" diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec new file mode 100644 index 0000000..57276a6 --- /dev/null +++ b/SPECS/ntp.spec @@ -0,0 +1,1150 @@ +Summary: The NTP daemon and utilities +Name: ntp +Version: 4.2.6p5 +Release: 14%{?dist} +# primary license (COPYRIGHT) : MIT +# ElectricFence/ (not used) : GPLv2 +# kernel/sys/ppsclock.h (not used) : BSD with advertising +# include/ntif.h (not used) : BSD +# include/rsa_md5.h : BSD with advertising +# include/ntp_rfc2553.h : BSD with advertising +# lib/isc/commandline.c (not used) : BSD with advertising +# lib/isc/inet_aton.c (not used) : BSD with advertising +# lib/isc/strtoul.c (not used) : BSD with advertising +# lib/isc/unix/file.c : BSD with advertising +# lib/isc/inet_aton.c (not used) : BSD with advertising +# libntp/mktime.c : BSD with advertising +# libntp/ntp_random.c : BSD with advertising +# libntp/memmove.c : BSD with advertising +# libntp/ntp_rfc2553.c : BSD with advertising +# libntp/adjtimex.c (not used) : BSD +# libparse/ : BSD +# ntpd/refclock_jjy.c: MIT +# ntpd/refclock_oncore.c : BEERWARE License (aka, Public Domain) +# ntpd/refclock_palisade.c : BSD with advertising +# ntpd/refclock_jupiter.c : BSD with advertising +# ntpd/refclock_mx4200.c : BSD with advertising +# ntpd/refclock_palisade.h : BSD with advertising +# ntpstat-0.2/ : GPLv2 +# sntp/libopts/ (not used) : BSD or GPLv3+ +# util/ansi2knr.c (not used) : GPL+ +License: (MIT and BSD and BSD with advertising) and GPLv2 +Group: System Environment/Daemons +Source0: http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-%{version}.tar.gz +Source1: ntp.conf +Source2: ntp.keys +Source4: ntpd.sysconfig +# http://people.redhat.com/rkeech/#ntpstat +Source5: ntpstat-0.2.tgz +Source6: ntp.step-tickers +Source7: ntpdate.wrapper +Source8: ntp.cryptopw +Source9: ntpdate.sysconfig +Source10: ntp.dhclient +Source12: ntpd.service +Source13: ntpdate.service +Source14: ntp-wait.service +Source15: sntp.service +Source16: sntp.sysconfig + +# ntpbz #802 +Patch1: ntp-4.2.6p1-sleep.patch +# add support for dropping root to ntpdate +Patch2: ntp-4.2.6p4-droproot.patch +# ntpbz #779 +Patch3: ntp-4.2.6p3-bcast.patch +# align buffer for control messages +Patch4: ntp-4.2.6p1-cmsgalign.patch +# link ntpd with -ffast-math on ia64 +Patch5: ntp-4.2.6p1-linkfastmath.patch +# ntpbz #2294 +Patch6: ntp-4.2.6p5-fipsmd5.patch +# ntpbz #759 +Patch7: ntp-4.2.6p1-retcode.patch +# ntpbz #992 +Patch8: ntp-4.2.6p4-rtnetlink.patch +# ntpbz #2309 +Patch9: ntp-4.2.6p5-hexpw.patch +# ntpbz #898 +Patch10: ntp-4.2.6p4-htmldoc.patch +# ntpbz #1402 +Patch11: ntp-4.2.6p5-updatebclient.patch +# fix precision calculation on fast CPUs +Patch12: ntp-4.2.4p7-getprecision.patch +# ntpbz #1408 +Patch13: ntp-4.2.6p1-logdefault.patch +# add option -m to lock memory +Patch14: ntp-4.2.6p5-mlock.patch +# allow -u and -p options to be used twice (#639101) +Patch15: ntp-4.2.6p5-multiopts.patch +# ntpbz #2040 +Patch16: ntp-4.2.6p5-identlen.patch +# ntpbz #1670 +Patch17: ntp-4.2.6p3-broadcastdelay.patch +# ntpbz #1671 +Patch18: ntp-4.2.6p5-delaycalib.patch +# ntpbz #2019 +Patch19: ntp-4.2.6p5-pwcipher.patch +# ntpbz #2320 +Patch20: ntp-4.2.6p5-noservres.patch + +# handle unknown clock types +Patch50: ntpstat-0.2-clksrc.patch +# process first packet in multipacket response +Patch51: ntpstat-0.2-multipacket.patch +# use current system variable names +Patch52: ntpstat-0.2-sysvars.patch +# print synchronization distance instead of dispersion +Patch53: ntpstat-0.2-maxerror.patch +# fix error bit checking +Patch54: ntpstat-0.2-errorbit.patch + +URL: http://www.ntp.org +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +Requires: ntpdate = %{version}-%{release} +BuildRequires: libcap-devel openssl-devel libedit-devel perl-HTML-Parser +BuildRequires: pps-tools-devel autogen autogen-libopts-devel systemd-units + +%description +The Network Time Protocol (NTP) is used to synchronize a computer's +time with another reference time source. This package includes ntpd +(a daemon which continuously adjusts system time) and utilities used +to query and configure the ntpd daemon. + +Perl scripts ntp-wait and ntptrace are in the ntp-perl package, +ntpdate is in the ntpdate package and sntp is in the sntp package. +The documentation is in the ntp-doc package. + +%package perl +Summary: NTP utilities written in Perl +Group: Applications/System +Requires: %{name} = %{version}-%{release} +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units +# perl introduced in 4.2.4p4-7 +Obsoletes: %{name} < 4.2.4p4-7 +BuildArch: noarch +%description perl +This package contains Perl scripts ntp-wait and ntptrace. + +%package -n ntpdate +Summary: Utility to set the date and time via NTP +Group: Applications/System +Requires(pre): shadow-utils +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +%description -n ntpdate +ntpdate is a program for retrieving the date and time from +NTP servers. + +%package -n sntp +Summary: Standard Simple Network Time Protocol program +Group: Applications/System +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +%description -n sntp +sntp can be used as a SNTP client to query a NTP or SNTP server and either +display the time or set the local system's time (given suitable privilege). +It can be run as an interactive command or in a cron job. + +%package doc +Summary: NTP documentation +Group: Documentation +Requires: %{name} = %{version}-%{release} +BuildArch: noarch +%description doc +This package contains NTP documentation in HTML format. + +%global ntpdocdir %{_datadir}/doc/%{name}-%{version} + +# pool.ntp.org vendor zone which will be used in ntp.conf +%if 0%{!?vendorzone:1} +%{?fedora: %global vendorzone fedora.} +%{?rhel: %global vendorzone rhel.} +%endif + +%prep +%setup -q -a 5 + +%patch1 -p1 -b .sleep +%patch2 -p1 -b .droproot +%patch3 -p1 -b .bcast +%patch4 -p1 -b .cmsgalign +%ifarch ia64 +%patch5 -p1 -b .linkfastmath +%endif +%patch6 -p1 -b .fipsmd5 +%patch7 -p1 -b .retcode +%patch8 -p1 -b .rtnetlink +%patch9 -p1 -b .hexpw +%patch10 -p1 -b .htmldoc +%patch11 -p1 -b .updatebclient +%patch12 -p1 -b .getprecision +%patch13 -p1 -b .logdefault +%patch14 -p1 -b .mlock +%patch15 -p1 -b .multiopts +%patch16 -p1 -b .identlen +%patch17 -p1 -b .broadcastdelay +%patch18 -p1 -b .delaycalib +%patch19 -p1 -b .pwcipher +%patch20 -p1 -b .noservres + +# ntpstat patches +%patch50 -p1 -b .clksrc +%patch51 -p1 -b .multipacket +%patch52 -p1 -b .sysvars +%patch53 -p1 -b .maxerror +%patch54 -p1 -b .errorbit + +# set default path to sntp KoD database +sed -i 's|/var/db/ntp-kod|%{_localstatedir}/lib/sntp-kod|' sntp/{sntp.1,main.c} + +# fix line terminators +sed -i 's|\r||g' html/scripts/{footer.txt,style.css} + +for f in COPYRIGHT ChangeLog; do + iconv -f iso8859-1 -t utf8 -o ${f}{_,} && touch -r ${f}{,_} && mv -f ${f}{_,} +done + +# don't regenerate texinfo files as it breaks build with _smp_mflags +touch ntpd/ntpd-opts.texi util/ntp-keygen-opts.texi + +# autogen fails to regenerate man pages (#958908), but they won't be used anyway +touch ntpd/ntpd.1 util/ntp-keygen.1 + +%build +sed -i 's|$CFLAGS -Wstrict-overflow|$CFLAGS|' configure sntp/configure +export CFLAGS="$RPM_OPT_FLAGS -fPIE -fno-strict-aliasing -fno-strict-overflow" +export LDFLAGS="-pie -Wl,-z,relro,-z,now" +%configure \ + --sysconfdir=%{_sysconfdir}/ntp/crypto \ + --with-openssl-libdir=%{_libdir} \ + --without-ntpsnmpd \ + --enable-all-clocks --enable-parse-clocks \ + --enable-ntp-signd=%{_localstatedir}/run/ntp_signd \ + --disable-local-libopts +echo '#define KEYFILE "%{_sysconfdir}/ntp/keys"' >> ntpdate/ntpdate.h +echo '#define NTP_VAR "%{_localstatedir}/log/ntpstats/"' >> config.h + +make %{?_smp_mflags} + +sed -i 's|$ntpq = "ntpq"|$ntpq = "%{_sbindir}/ntpq"|' scripts/ntptrace +sed -i 's|ntpq -c |%{_sbindir}/ntpq -c |' scripts/ntp-wait + +pushd html +../scripts/html2man +# remove adjacent blank lines +sed -i 's/^[\t\ ]*$//;/./,/^$/!d' man/man*/*.[58] +popd + +make -C ntpstat-0.2 CFLAGS="$CFLAGS" + +%install +make DESTDIR=$RPM_BUILD_ROOT bindir=%{_sbindir} install + +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man{5,8} +sed -i 's/sntp\.1/sntp\.8/' $RPM_BUILD_ROOT%{_mandir}/man1/sntp.1 +mv $RPM_BUILD_ROOT%{_mandir}/man{1/sntp.1,8/sntp.8} +rm -rf $RPM_BUILD_ROOT%{_mandir}/man1 + +pushd ntpstat-0.2 +mkdir -p $RPM_BUILD_ROOT%{_bindir} +install -m 755 ntpstat $RPM_BUILD_ROOT%{_bindir} +install -m 644 ntpstat.1 $RPM_BUILD_ROOT%{_mandir}/man8/ntpstat.8 +popd + +# fix section numbers +sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' $RPM_BUILD_ROOT%{_mandir}/man8/*.8 +cp -r html/man/man[58] $RPM_BUILD_ROOT%{_mandir} + +mkdir -p $RPM_BUILD_ROOT%{ntpdocdir} +cp -p COPYRIGHT ChangeLog NEWS $RPM_BUILD_ROOT%{ntpdocdir} + +# prepare html documentation +find html | grep -E '\.(html|css|txt|jpg|gif)$' | grep -v '/build/\|sntp' | \ + cpio -pmd $RPM_BUILD_ROOT%{ntpdocdir} +find $RPM_BUILD_ROOT%{ntpdocdir} -type f | xargs chmod 644 +find $RPM_BUILD_ROOT%{ntpdocdir} -type d | xargs chmod 755 + +pushd $RPM_BUILD_ROOT +mkdir -p .%{_sysconfdir}/{ntp/crypto,sysconfig,dhcp/dhclient.d} .%{_libexecdir} +mkdir -p .%{_localstatedir}/{lib/ntp,log/ntpstats} .%{_unitdir} +touch .%{_localstatedir}/lib/{ntp/drift,sntp-kod} +sed -e 's|VENDORZONE\.|%{vendorzone}|' \ + -e 's|ETCNTP|%{_sysconfdir}/ntp|' \ + -e 's|VARNTP|%{_localstatedir}/lib/ntp|' \ + < %{SOURCE1} > .%{_sysconfdir}/ntp.conf +touch -r %{SOURCE1} .%{_sysconfdir}/ntp.conf +install -p -m600 %{SOURCE2} .%{_sysconfdir}/ntp/keys +install -p -m755 %{SOURCE7} .%{_libexecdir}/ntpdate-wrapper +install -p -m644 %{SOURCE4} .%{_sysconfdir}/sysconfig/ntpd +install -p -m644 %{SOURCE9} .%{_sysconfdir}/sysconfig/ntpdate +sed -e 's|VENDORZONE\.|%{vendorzone}|' \ + < %{SOURCE6} > .%{_sysconfdir}/ntp/step-tickers +touch -r %{SOURCE6} .%{_sysconfdir}/ntp/step-tickers +sed -e 's|VENDORZONE\.|%{vendorzone}|' \ + < %{SOURCE16} > .%{_sysconfdir}/sysconfig/sntp +touch -r %{SOURCE16} .%{_sysconfdir}/sysconfig/sntp +install -p -m600 %{SOURCE8} .%{_sysconfdir}/ntp/crypto/pw +install -p -m755 %{SOURCE10} .%{_sysconfdir}/dhcp/dhclient.d/ntp.sh +install -p -m644 %{SOURCE12} .%{_unitdir}/ntpd.service +install -p -m644 %{SOURCE13} .%{_unitdir}/ntpdate.service +install -p -m644 %{SOURCE14} .%{_unitdir}/ntp-wait.service +install -p -m644 %{SOURCE15} .%{_unitdir}/sntp.service + +mkdir .%{_prefix}/lib/systemd/ntp-units.d +echo 'ntpd.service' > .%{_prefix}/lib/systemd/ntp-units.d/60-ntpd.list + +popd + +%pre -n ntpdate +/usr/sbin/groupadd -g 38 ntp 2> /dev/null || : +/usr/sbin/useradd -u 38 -g 38 -s /sbin/nologin -M -r -d %{_sysconfdir}/ntp ntp 2>/dev/null || : + +%post +%systemd_post ntpd.service + +%post -n ntpdate +%systemd_post ntpdate.service + +%post -n sntp +%systemd_post sntp.service + +%post perl +%systemd_post ntp-wait.service + +%preun +%systemd_preun ntpd.service + +%preun -n ntpdate +%systemd_preun ntpdate.service + +%preun -n sntp +%systemd_preun sntp.service + +%preun perl +%systemd_preun ntp-wait.service + +%postun +%systemd_postun_with_restart ntpd.service + +%postun -n ntpdate +%systemd_postun + +%postun -n sntp +%systemd_postun + +%postun perl +%systemd_postun + +%files +%dir %{ntpdocdir} +%{ntpdocdir}/COPYRIGHT +%{ntpdocdir}/ChangeLog +%{ntpdocdir}/NEWS +%{_sbindir}/ntp-keygen +%{_sbindir}/ntpd +%{_sbindir}/ntpdc +%{_sbindir}/ntpq +%{_sbindir}/ntptime +%{_sbindir}/tickadj +%config(noreplace) %{_sysconfdir}/sysconfig/ntpd +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ntp.conf +%dir %attr(750,root,ntp) %{_sysconfdir}/ntp/crypto +%config(noreplace) %{_sysconfdir}/ntp/crypto/pw +%dir %{_sysconfdir}/dhcp/dhclient.d +%{_sysconfdir}/dhcp/dhclient.d/ntp.sh +%dir %attr(-,ntp,ntp) %{_localstatedir}/lib/ntp +%ghost %attr(644,ntp,ntp) %{_localstatedir}/lib/ntp/drift +%dir %attr(-,ntp,ntp) %{_localstatedir}/log/ntpstats +%{_bindir}/ntpstat +%{_mandir}/man5/*.5* +%{_mandir}/man8/ntp-keygen.8* +%{_mandir}/man8/ntpd.8* +%{_mandir}/man8/ntpdc.8* +%{_mandir}/man8/ntpq.8* +%{_mandir}/man8/ntpstat.8* +%{_mandir}/man8/ntptime.8* +%{_mandir}/man8/tickadj.8* +%{_prefix}/lib/systemd/ntp-units.d/*.list +%{_unitdir}/ntpd.service + +%files perl +%{_sbindir}/ntp-wait +%{_sbindir}/ntptrace +%{_mandir}/man8/ntp-wait.8* +%{_mandir}/man8/ntptrace.8* +%{_unitdir}/ntp-wait.service + +%files -n ntpdate +%doc COPYRIGHT +%config(noreplace) %{_sysconfdir}/sysconfig/ntpdate +%dir %{_sysconfdir}/ntp +%config(noreplace) %{_sysconfdir}/ntp/keys +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ntp/step-tickers +%{_libexecdir}/ntpdate-wrapper +%{_sbindir}/ntpdate +%{_mandir}/man8/ntpdate.8* +%{_unitdir}/ntpdate.service + +%files -n sntp +%doc sntp/COPYRIGHT +%config(noreplace) %{_sysconfdir}/sysconfig/sntp +%{_sbindir}/sntp +%{_mandir}/man8/sntp.8* +%ghost %{_localstatedir}/lib/sntp-kod +%{_unitdir}/sntp.service + +%files doc +%{ntpdocdir}/html + +%changelog +* Fri Oct 04 2013 Miroslav Lichvar 4.2.6p5-14 +- remove ControlGroup in ntpd service (#999980) +- don't build ntpsnmpd (#1015435) + +* Mon Jul 15 2013 Miroslav Lichvar 4.2.6p5-13 +- ignore duplicate servers from dhclient +- don't use -Wstrict-overflow with -fno-strict-overflow +- buildrequire systemd-units +- remove pie test + +* Thu May 02 2013 Miroslav Lichvar 4.2.6p5-12 +- workaround failing autogen +- move files from /lib +- don't own ntp-units.d directory +- drop old systemd scriptlets +- fix dates in changelog + +* Tue Apr 02 2013 Miroslav Lichvar 4.2.6p5-11 +- avoid rereading /etc/services (#768804) +- remove ntp-wait dependency from ntpd service (#906753) +- add missing and remove unrecognized options in documentation +- update comments in some config files + +* Thu Feb 14 2013 Fedora Release Engineering - 4.2.6p5-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Jan 04 2013 Miroslav Lichvar 4.2.6p5-9 +- compile with -fno-strict-overflow + +* Wed Dec 05 2012 Miroslav Lichvar 4.2.6p5-8 +- add option to set identity modulus size in ntp-keygen + +* Fri Nov 23 2012 Miroslav Lichvar 4.2.6p5-7 +- allow selection of cipher for private key files +- set identity modulus size in ntp-keygen +- create sntp subpackage +- add sntp service +- use system libopts +- add Wants=ntp-wait.service to ntpd service +- don't fail when /etc/sysconfig/ntpd is missing +- modify mlock and multiopts patches to use autogen +- make perl subpackage noarch + +* Tue Nov 20 2012 Miroslav Lichvar 4.2.6p5-6 +- bind broadcast client to new interfaces (#722690) +- decode hex encoded passwords in ntpq/ntpdc +- remove sample MD5 keys from default keys config + +* Wed Oct 24 2012 Miroslav Lichvar 4.2.6p5-5 +- fix crash in FIPS mode (#839280) +- use systemd macros if available (#850235) +- remove obsolete macros + +* Tue Aug 07 2012 Miroslav Lichvar 4.2.6p5-4 +- start ntpdate service after nss-lookup.target (#837486) +- update systemd-timedated integration (#846077) + +* Fri Jul 20 2012 Fedora Release Engineering - 4.2.6p5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Apr 27 2012 Miroslav Lichvar 4.2.6p5-2 +- update service file for systemd-timedated-ntp target (#816495) +- allow service to set realtime scheduler (#810801) +- drop comment enabling local driver in default config + +* Tue Feb 28 2012 Miroslav Lichvar 4.2.6p5-1 +- update to 4.2.6p5 +- switch service type to forking + +* Tue Feb 07 2012 Miroslav Lichvar 4.2.6p4-3 +- add default servers to step-tickers (#772389) +- enable PrivateTmp in ntpd service (#782520) + +* Fri Jan 13 2012 Fedora Release Engineering - 4.2.6p4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Oct 06 2011 Miroslav Lichvar 4.2.6p4-1 +- update to 4.2.6p4 +- buildrequire pps-tools-devel +- fix errors in ntpstat found by coverity + +* Sun Aug 14 2011 Rex Dieter - 4.2.6p3-5.1 +- Rebuilt for rpm (#728707) + +* Wed Jul 20 2011 Miroslav Lichvar 4.2.6p3-5 +- drop SysV init scripts (#697526, #714705) +- add ntp-wait service + +* Fri May 06 2011 Bill Nottingham 4.2.6p3-4 +- fix systemd scriplets to properly handle upgrades + +* Wed Apr 06 2011 Miroslav Lichvar 4.2.6p3-3 +- pull in time-sync.target from ntpdate.service (Lennart Poettering) +- link with -Wl,-z,relro,-z,now options +- fix typo in ntpq man page (#664525) + +* Tue Feb 08 2011 Fedora Release Engineering - 4.2.6p3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Jan 07 2011 Miroslav Lichvar 4.2.6p3-1 +- update to 4.2.6p3 + +* Thu Nov 25 2010 Miroslav Lichvar 4.2.6p3-0.1.rc10 +- update to 4.2.6p3-RC10 +- fix system peer unmarking when unreachable +- fix broadcastdelay option +- fix automatic broadcast delay calibration +- fix ntp-keygen -V crash +- avoid unnecessary timeout in ntpdate +- drop nano patch +- convert ChangeLog to UTF-8 + +* Fri Oct 01 2010 Miroslav Lichvar 4.2.6p2-7 +- allow -u and -p options to be used twice (#639101) + +* Wed Sep 29 2010 jkeating - 4.2.6p2-6 +- Rebuilt for gcc bug 634757 + +* Wed Sep 15 2010 Miroslav Lichvar 4.2.6p2-5 +- remove systemctl dependency for now +- suppress chkconfig output in %%post (#629285) +- generate ntp_decode(5) man page (#632300) + +* Fri Aug 27 2010 Miroslav Lichvar 4.2.6p2-4 +- fix default ntpdate sysconfig options (#445229) + +* Thu Aug 26 2010 Miroslav Lichvar 4.2.6p2-3 +- update ntpdate service (#627395) + +* Mon Aug 23 2010 Miroslav Lichvar 4.2.6p2-2 +- add support for systemd (#617328) +- retry few times in ntpdate init script before giving up (#445229) +- add fourth pool server to default ntp.conf and use iburst + +* Tue Jul 13 2010 Miroslav Lichvar 4.2.6p2-1 +- update to 4.2.6p2 +- add COPYRIGHT to ntpdate subpackage + +* Thu May 13 2010 Miroslav Lichvar 4.2.6p1-2 +- update ntpstat to use current system variable names (#588067) +- print synchronization distance instead of dispersion in ntpstat +- clarify ntpd -q description + +* Mon Apr 12 2010 Miroslav Lichvar 4.2.6p1-1 +- update to 4.2.6p1 + +* Fri Mar 19 2010 Miroslav Lichvar 4.2.6p1-0.1.rc5 +- update to 4.2.6p1-RC5 +- support NTPSERVERARGS variable in dhclient script (#558110) +- don't use deprecated egrep (#548182) +- don't verify ntp.conf (#481151) +- compile with PPS API support +- include new sntp + +* Wed Dec 09 2009 Miroslav Lichvar 4.2.4p8-1 +- update to 4.2.4p8 (#545557, CVE-2009-3563) + +* Wed Oct 21 2009 Miroslav Lichvar 4.2.4p7-7 +- add ntp-wait man page (#526161) +- fix init scripts (#527987) + +* Tue Sep 29 2009 Miroslav Lichvar 4.2.4p7-6 +- generate tickadj man page (#526161) +- fix precision calculation on fast CPUs + +* Fri Aug 21 2009 Tomas Mraz - 4.2.4p7-5 +- rebuilt with new openssl + +* Sat Jul 25 2009 Fedora Release Engineering - 4.2.4p7-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jul 21 2009 Miroslav Lichvar 4.2.4p7-3 +- handle system time jumps better +- don't wake up every second for refclocks without timer +- don't crash in ntpstat when unknown clock type is received (#505564) +- make ntpstat process first packet in multipacket response +- switch to editline +- set pool.ntp.org vendor zone in spec (#512711) +- compile with -fno-strict-aliasing + +* Thu May 28 2009 Miroslav Lichvar 4.2.4p7-2 +- fix frequency calculation when starting with no drift file +- reduce phase adjustments beyond Allan intercept in daemon PLL + +* Tue May 19 2009 Miroslav Lichvar 4.2.4p7-1 +- update to 4.2.4p7 (CVE-2009-1252) +- improve PLL response when kernel discipline is disabled +- don't log STA_MODE changes +- enable nanokernel support +- allow minpoll 3 +- increase memlock limit +- move html documentation to -doc subpackage (#492444) + +* Mon Apr 20 2009 Miroslav Lichvar 4.2.4p6-4 +- don't restart ntpd in dhclient script with every renewal +- fix buffer overflow in ntpq (#490617) +- check status in condrestart (#481261) +- don't crash when compiled with HAVE_TIMER_CREATE (#486217) + +* Wed Feb 25 2009 Fedora Release Engineering - 4.2.4p6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Jan 16 2009 Miroslav Lichvar 4.2.4p6-2 +- rebuild for new openssl + +* Wed Jan 14 2009 Miroslav Lichvar 4.2.4p6-1 +- update to 4.2.4p6 (CVE-2009-0021) +- include dhclient script (David Cantrell) +- convert COPYRIGHT to UTF-8 + +* Wed Oct 08 2008 Miroslav Lichvar 4.2.4p5-2 +- retry failed name resolution few times before giving up (#460561) +- don't write drift file upon exit +- run ntpq with full path in ntp-wait script + +* Fri Aug 29 2008 Miroslav Lichvar 4.2.4p5-1 +- update to 4.2.4p5 +- add support for fast interface updates + +* Mon Jul 28 2008 Miroslav Lichvar 4.2.4p4-7 +- reload resolv.conf after temporary failure in name resolution (#456743) +- use clock_gettime +- make subpackages for perl scripts and ntpdate (#452097, #456116) + +* Mon Apr 07 2008 Miroslav Lichvar 4.2.4p4-6 +- don't use /etc/sysconfig/clock in ntpdate init script + +* Mon Mar 10 2008 Miroslav Lichvar 4.2.4p4-5 +- fix building IPv6 support with new glibc-headers (#436713) +- avoid unaligned memory access (#435301) +- fix receiving broadcasts on 255.255.255.255 + +* Fri Feb 29 2008 Miroslav Lichvar 4.2.4p4-4 +- reset kernel frequency when -x option is used +- create separate init script for ntpdate +- add note about paths and exit codes to ntpd man page + +* Tue Feb 19 2008 Fedora Release Engineering - 4.2.4p4-3 +- Autorebuild for GCC 4.3 + +* Wed Dec 05 2007 Miroslav Lichvar 4.2.4p4-2 +- rebuild for openssl bump + +* Fri Oct 26 2007 Miroslav Lichvar 4.2.4p4-1 +- update to 4.2.4p4 +- fix default NTP version for outgoing packets in ntpdate man page + (#245408) +- replace BSD with advertising code in ntpdc and ntpq + +* Mon Sep 24 2007 Miroslav Lichvar 4.2.4p2-6 +- require perl (#274771) +- don't fail when starting with no interfaces (#300371) + +* Tue Aug 21 2007 Miroslav Lichvar 4.2.4p2-5 +- avoid use of uninitialized floating-point values in clock_select +- update license tag (Tom "spot" Callaway) +- drop sntp, MSNTP license is non-free + +* Mon Aug 13 2007 Miroslav Lichvar 4.2.4p2-4 +- allow loopback to share non-loopback address (#249226) +- require readline >= 5.2-3 (#250917) + +* Wed Jul 25 2007 Jesse Keating - 4.2.4p2-3 +- Rebuild for RH #249435 + +* Tue Jul 24 2007 Miroslav Lichvar 4.2.4p2-2 +- ignore tentative addresses (#246297) +- improve init script (#247003) +- fix sleep patch +- ease Autokey setup (#139673) + - change default keysdir to /etc/ntp/crypto + - set crypto password in /etc/ntp/crypto/pw + - don't use randfile if /dev/urandom is used by OpenSSL +- change default statsdir to /var/log/ntpstats/, use statistics type + as default filename +- package more doc files + +* Thu Jun 21 2007 Miroslav Lichvar 4.2.4p2-1 +- update to 4.2.4p2 + +* Tue May 22 2007 Miroslav Lichvar 4.2.4p0-3 +- fix interface updates with -I or -L option (#240254) +- accept multiple -I options +- fix broadcast client/server to accept/allow sending + broadcasts on 255.255.255.255 (#226958) +- fix return codes in init script (#240120) +- exit with nonzero code if ntpd -q did not set clock (#240134) +- drop revert452 patch, fixed in kernel 2.6.19 +- make with _smp_mflags + +* Wed May 09 2007 Miroslav Lichvar 4.2.4p0-2 +- compile with crypto support on 64bit architectures (#239576) +- update sleep patch + +* Wed Mar 07 2007 Miroslav Lichvar 4.2.4p0-1 +- update to 4.2.4p0 +- fix init script + - don't add second -g to ntpd options (#228424) + - update getopts + - skip all refclocks when parsing ntp.conf +- spec cleanup + +* Mon Jan 29 2007 Miroslav Lichvar 4.2.4-4 +- don't wake up every second (#204748) +- add option to enable memory locking (#195617) +- fix broadcast client +- use option values in ntp-keygen +- improve man pages + +* Tue Jan 23 2007 Miroslav Lichvar 4.2.4-3 +- disable autoopts option preset mechanisms for ntpd +- document -I option of ntpd +- generate makewhatis friendly man pages + +* Mon Jan 08 2007 Miroslav Lichvar 4.2.4-1 +- update to 4.2.4 (#146884) +- don't use local clock in default config +- autogenerate man pages from HTML +- clean up spec a bit + +* Wed Nov 22 2006 Miroslav Lichvar 4.2.2p4-2 +- pass additional options to ntpdate (#202204) + +* Tue Nov 21 2006 Miroslav Lichvar 4.2.2p4-1 +- update to 4.2.2p4 +- fix buffer overflow in WWV Audio driver (#216309) +- don't mark init script as config + +* Fri Aug 18 2006 Miroslav Lichvar 4.2.2p1-3 +- use adjtime when offset is more than 0.5s (#154625) + +* Mon Jul 24 2006 Miroslav Lichvar 4.2.2p1-2 +- link ntpd with -ffast-math on ia64 (#147980) + +* Tue Jul 18 2006 Miroslav Lichvar 4.2.2p1-1 +- update to 4.2.2p1 +- add more examples to ntp.conf + +* Thu Jul 06 2006 Miroslav Lichvar 4.2.2-3 +- fix manycast support in ntpdate (#194329) +- reply to manycast requests with null refid +- enable mlockall (#195617) +- correct threshold value in ntpdate manpage + +* Wed Jun 14 2006 Miroslav Lichvar 4.2.2-2 +- update initscript, ntp.conf, man pages +- package sntp + +* Mon Jun 12 2006 Miroslav Lichvar 4.2.2-1 +- update to ntp-4.2.2 +- drop drift file upgrade script +- use proper CFLAGS for ntpstat + +* Thu May 11 2006 Miroslav Lichvar - 4.2.0.a.20050816-14 +- modify ntp.conf, change default restrict, remove broadcastdelay, + use fedora.pool.ntp.org (#189667) +- don't install drift file +- remove unsupported options from ntptrace manpage (#137717) +- fix default paths in manpages for ntp-keygen and ntpdate + +* Fri Apr 07 2006 Miroslav Lichvar - 4.2.0.a.20050816-13 +- add option to sync hwclock after ntpdate (#179571) + +* Fri Mar 31 2006 Miroslav Lichvar - 4.2.0.a.20050816-12 +- fix initscript: + - replace -U with -u in getopts (#187003) + - don't pass group to ntpdate -U argument and ignore -i in options (#142926) + - set ntpconf for -c + - remove -p 8 from ntpdate arguments + - don't call ntpdate when step-tickers doesn't contain anything useful + and -x isn't in options +- fix default keyfile for ntpdate (#183196) + +* Thu Feb 23 2006 Miroslav Lichvar - 4.2.0.a.20050816-11 +- update man pages (#153195, #162856) +- drop C-Frame-121, vsnprintf, minusTi and loconly patch +- prevent segfault when loopback interface is not configured (#159056) +- spec cleanup + +* Fri Feb 10 2006 Jesse Keating - 4.2.0.a.20050816-10.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 4.2.0.a.20050816-10.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Nov 9 2005 Petr Raszyk 4.2.0.a.20050816-10 +- ntpd does not submit his local clock (if there is no peer). + ntpdate->ntpd #163862 , Patch13: ntp-stable-4.2.0a-20050816-loconly.patch + +* Wed Nov 2 2005 Petr Raszyk 4.2.0.a.20050816-9 +- Wrong parameter -T -i +- Patch ntp-stable-4.2.0a-20050816-minusTi.patch + +* Mon Oct 31 2005 Petr Raszyk 4.2.0.a.20050816-3 +- A similar patch as ntp-4.0.99j-vsnprintf.patch in FEDORA CORE 4 +- (current patch is ntp-stable-4.2.0a-20050816-vsnprintf.patch) + +* Tue Sep 27 2005 Petr Raszyk 4.2.0.a.20050816-2 +- Fix fails on upgrade, if ntpd is disabled (#166773) +- A cosmetic patch. There are some comments and braces '{' '}' added. +- One unprintable character was converted to octal-form . +- It can be removed anytime (conversion of the cvs-projets for C-Frame 121, +- (auto-debug, auto-trace for cfr-printnet server). + +* Thu Aug 25 2005 Jindrich Novy 4.2.0.a.20050816-1 +- update to the latest stable 4.2.0.a.20050816 +- drop upstreamed .gcc4, .vsnprintf patches +- remove obsolete .autofoo patch +- make patch numbering less chaotic +- don't package backup for .droproot patch + +* Thu Apr 14 2005 Jiri Ryska 4.2.0.a.20040617-8 +- fixed gid setting when ntpd started with -u flag (#147743) + +* Tue Mar 08 2005 Jiri Ryska 4.2.0.a.20040617-7 +- removed -Werror +- patched for gcc4 and rebuilt + +* Wed Jan 12 2005 Tim Waugh - 4.2.0.a.20040617-6 +- Rebuilt for new readline. + +* Mon Dec 13 2004 Harald Hoyer - 4.2.0.a.20040617-5 +- patched ntp to build with -D_FORTIFYSOURCE=2 -Wall -Wextra -Werror + +* Mon Oct 11 2004 Harald Hoyer - 4.2.0.a.20040617-4 +- removed firewall hole punching from the initscript; rely on iptables + ESTABLISHED,RELATED or manual firewall configuration + +* Fri Oct 8 2004 Harald Hoyer - 4.2.0.a.20040617-3 +- improved postsection +- BuildRequires readline-devel +- PreReq grep + +* Thu Sep 30 2004 Harald Hoyer - 4.2.0.a.20040617-2 +- set pool.ntp.org as the default timeserver pool + +* Mon Sep 13 2004 Harald Hoyer - 4.2.0.a.20040617-1 +- version ntp-stable-4.2.0a-20040617 + +* Tue Aug 17 2004 Harald Hoyer - 4.2.0.a.20040616-4 +- added ntp-4.2.0-sbinpath.patch (bug 130536) + +* Tue Aug 17 2004 Harald Hoyer - 4.2.0.a.20040616-3 +- added ntp-stable-4.2.0a-20040616-groups.patch (bug 130112) + +* Thu Jul 29 2004 Harald Hoyer - 4.2.0.a.20040616-2 +- take chroot in account (bug 127252) + +* Fri Jul 23 2004 Harald Hoyer - 4.2.0.a.20040616-1 +- new version ntp-stable-4.2.0a-20040616 +- removed most patches + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Thu Mar 11 2004 Harald Hoyer - 4.2.0-7 +- ntpgenkey fixed (117378) +- fixed initscript to call ntpdate with -U (117894) + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Jan 28 2004 Harald Hoyer - 4.2.0-5 +- readded ntp-wait and ntptrace +- new filter-requires to prevent perl dependency + +* Mon Jan 26 2004 Harald Hoyer 4.2.0-4 +- added autofoo patch + +* Tue Oct 28 2003 Harald Hoyer 4.2.0-3 +- removed libmd5 dependency +- removed perl dependency + +* Tue Oct 28 2003 Harald Hoyer 4.2.0-2 +- fixed initscript to use new FW chain name + +* Mon Oct 27 2003 Harald Hoyer 4.2.0-1 +- 4.2.0 +- added PIE + +* Thu Sep 11 2003 Harald Hoyer 4.1.2-4 +- changed ntp.conf driftfile path #104207 + +* Fri Aug 29 2003 Florian La Roche +- also build as non-root + +* Thu Aug 28 2003 Harald Hoyer 0:4.1.2-2 +- added ntpstat +- added manpages + +* Tue Jul 01 2003 Harald Hoyer 0:4.1.2-1.rc3.5 +- move driftfile to /var + +* Tue Jul 01 2003 Harald Hoyer 0:4.1.2-1.rc3.4 +- make a seperate directory for drift +- security fix, patch ntp-4.1.1c-rc3-authkey.patch #96927 + +* Wed Jun 18 2003 Harald Hoyer 0:4.1.2-1.rc3.3 +- %%{_sysconfdir}/ntp/drift.TEMP needs to be writable by ntp #97754 +- no duplicate fw entries #97624 + +* Wed Jun 18 2003 Harald Hoyer 0:4.1.2-1.rc3.2 +- changed permissions of config files + +* Tue Jun 17 2003 Harald Hoyer 0:4.1.2-1.rc3.1 +- updated to rc3 + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Thu May 22 2003 Harald Hoyer 0:4.1.2-0.rc2.2 +- corrected pid file name in %%{_sysconfdir}/sysconfig/ntpd + +* Mon Apr 28 2003 Harald Hoyer 0:4.1.2-0.rc2.1 +- update to 4.1.1rc2 + +* Tue Feb 25 2003 Harald Hoyer 0:4.1.2-0.rc1.3 +- better awk for timeservers #85090, #82713, #82714 + +* Thu Feb 13 2003 Harald Hoyer 0:4.1.2-0.rc1.2 +- added loopfilter patch, -x should work now! +- removed slew warning + +* Mon Feb 10 2003 Harald Hoyer 1:4.1.1-2 +- ok, messed up with the versions... added epoch :( + +* Fri Feb 07 2003 Harald Hoyer 4.1.1-1 +- going back to stable 4.1.1 with the limit patch +- added limit patch +- added slew warning + +* Thu Jan 30 2003 Harald Hoyer 4.1.73-2 +- removed exit on ntpdate fail, better add '-g' option + +* Wed Jan 29 2003 Harald Hoyer 4.1.73-1 +- update to version 4.1.73 +- removed most of the patches +- limit ntp_adjtime parameters + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Wed Nov 20 2002 Harald Hoyer 4.1.1b-1 +- updated to version 4.1.1b +- improved initscript - use ntpdate on -x +- improved initscript - open firewall only for timeservers +- ntp-4.1.1a-adjtime.patch removed (already in source) +- ntp-4.1.1a-mfp.patch removed (already in source) +- ntp-4.0.99j-vsnprintf.patch removed (already in source) + +* Tue Nov 19 2002 Harald Hoyer 4.1.1a-12 +- added adjtime patch #75558 + +* Wed Nov 13 2002 Harald Hoyer +- more ntpd.init service description #77715 + +* Mon Nov 11 2002 Harald Hoyer +- ntp-4.1.1a-mfp.patch fixes #77086 + +* Sat Aug 31 2002 Florian La Roche +- add option -n to initscript to avoid DNS lookups #72756 + +* Fri Aug 23 2002 Jeremy Katz +- service should fail to start ntpd if running ntpdate fails + +* Tue Aug 20 2002 Harald Hoyer +- added two more 'echo's in the initscript + +* Thu Aug 15 2002 Harald Hoyer +- added firewall opener in initscript + +* Tue Jul 23 2002 Harald Hoyer +- removed libelf dependency +- removed stripping + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Tue Jun 11 2002 Harald Hoyer 4.1.1a-3 +- refixed #46464 +- another genkeys/snprintf bugfix + +* Wed May 22 2002 Harald Hoyer 4.1.1a-1 +- update to version 4.1.1a + +* Mon Apr 08 2002 Harald Hoyer 4.1.1-1 +- update to 4.1.1 (changes are minimal) +- more examples in default configuration + +* Tue Apr 02 2002 Harald Hoyer 4.1.0b-6 +- more secure default configuration (#62238) + +* Mon Jan 28 2002 Harald Hoyer 4.1.0b-5 +- more regex magic for the grep (#57837) + +* Mon Jan 28 2002 Harald Hoyer 4.1.0b-4 +- created drift with dummy value #58294 +- grep for timeservers in ntp.conf also for ntpdate #57837 +- check return value of ntpdate #58836 + +* Wed Jan 09 2002 Tim Powers 4.1.0b-3 +- automated rebuild + +* Tue Jan 08 2002 Harald Hoyer 4.1.0b-2 +- added --enable-all-clocks --enable-parse-clocks (#57761) + +* Thu Dec 13 2001 Harald Hoyer 4.1.0b-1 +- bumped version +- fixed #57391, #44580 +- set startup position to 58 after named + +* Wed Sep 05 2001 Harald Hoyer 4.1.0-4 +- fixed #53184 + +* Tue Sep 04 2001 Harald Hoyer 4.1.0-3 +- fixed #53089 /bin/nologin -> /sbin/nologin + +* Fri Aug 31 2001 Harald Hoyer 4.1.0-2 +- fixed #50247 thx to + +* Thu Aug 30 2001 Harald Hoyer 4.1.0-1 +- wow, how stupid can a man be ;).. fixed #50698 +- updated to 4.1.0 (changes are small and in non-critical regions) + +* Wed Aug 29 2001 Harald Hoyer 4.0.99mrc2-5 +- really, really :) fixed #52763, #50698 and #50526 + +* Mon Aug 27 2001 Tim Powers 4.0.99mrc2-4 +- rebuilt against newer libcap +- Copyright -> license + +* Wed Jul 25 2001 Harald Hoyer 4.0.99mrc2-3 +- integrated droproot patch (#35653) +- removed librt and libreadline dependency + +* Sat Jul 7 2001 Tim Powers +- don't build build sgid root dirs + +* Mon Jun 18 2001 Harald Hoyer +- new snapshot +- removed typos and security patch (already there) +- commented multicastclient in config file + +* Thu Jun 07 2001 Florian La Roche +- call libtoolize to compile on newer archs + +* Mon Apr 9 2001 Preston Brown +- remove ghost files make RHN happy +- modify initscript to match accordingly + +* Fri Apr 6 2001 Pekka Savola +- Add the remote root exploit patch (based on ntp-hackers). +- Enhance droproot patch (more documentation, etc.) +- Tweak the droproot patch to include sys/prctl.h, not linux/prctl.h +(implicit declarations) +- Remote groupdel commands, shouldn't be needed. +- Removed -Wcast-qual and -Wconversion due to excessive warnings (hackish). +- Make ntp compilable with both glibc 2.1 and 2.2.x (very dirty hack) +- Add %%{_sysconfdir}/sysconfig/ntpd which drops root privs by default + +* Thu Apr 5 2001 Preston Brown +- security patch for ntpd + +* Mon Mar 26 2001 Preston Brown +- don't run configure macro twice (#32804) + +* Sun Mar 25 2001 Pekka Savola +- require/buildprereq libcap/libcap-devel +- use 'ntp' user, tune the pre/post scripts, %%files +- add $OPTIONS to the init script + +* Tue Mar 20 2001 Jarno Huuskonen +- droproot/caps patch +- add ntpd user in pre +- make %%{_sysconfdir}/ntp ntpd writable + +* Mon Mar 5 2001 Preston Brown +- allow comments in %%{_sysconfdir}/ntp/step-tickers file (#28786). +- need patch0 (glibc patch) on ia64 too + +* Tue Feb 13 2001 Florian La Roche +- also set prog=ntpd in initscript + +* Tue Feb 13 2001 Florian La Roche +- use "$prog" instead of "$0" for the init script + +* Thu Feb 8 2001 Preston Brown +- i18n-neutral .init script (#26525) + +* Tue Feb 6 2001 Preston Brown +- use gethostbyname on addresses in %%{_sysconfdir}/ntp.conf for ntptime command (#26250) + +* Mon Feb 5 2001 Preston Brown +- start earlier and stop later (#23530) + +* Mon Feb 5 2001 Bernhard Rosenkraenzer +- i18nize init script (#26078) + +* Sat Jan 6 2001 Jeff Johnson +- typo in ntp.conf (#23173). + +* Mon Dec 11 2000 Karsten Hopp +- rebuilt to fix permissions of /usr/share/doc/ntp-xxx + +* Thu Nov 2 2000 Jeff Johnson +- correct mis-spellings in ntpq.htm (#20007). + +* Thu Oct 19 2000 Jeff Johnson +- add %%ghost %%{_sysconfdir}/ntp/drift (#15222). + +* Wed Oct 18 2000 Jeff Johnson +- comment out default values for keys, warn about starting with -A (#19316). +- take out -A from ntpd startup as well. +- update to 4.0.99k. + +* Wed Aug 23 2000 Jeff Johnson +- use vsnprintf rather than vsprintf (#16676). + +* Mon Aug 14 2000 Jeff Johnson +- remove Conflicts: so that the installer is happy. + +* Tue Jul 25 2000 Jeff Johnson +- workaround glibc-2.1.90 lossage for now. + +* Thu Jul 20 2000 Bill Nottingham +- move initscript back + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Mon Jun 26 2000 Preston Brown +- move and update init script, update post/preun/postun scripts + +* Wed Jun 21 2000 Preston Brown +- noreplace ntp.conf,keys files + +* Mon Jun 12 2000 Jeff Johnson +- Create 4.0.99j package. +- FHS packaging.