diff --git a/Makefile b/Makefile index 019b73c..4104509 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ -NAME := ${REPO_NAME} +NAME := ntpsec SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$$$d/Makefile.common ] ; then if [ -f $$$$d/CVS/Root -a -w $$$$d/Makefile.common ] ; then cd $$$$d ; cvs -Q update ; fi ; echo "$$$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) diff --git a/change-this-to-the-package-name.spec b/change-this-to-the-package-name.spec deleted file mode 100644 index 663f08c..0000000 --- a/change-this-to-the-package-name.spec +++ /dev/null @@ -1,55 +0,0 @@ -%define name ${REPO_NAME} -%define version 1.0 -%define release 1 -Summary: This is what ${REPO_NAME} does. -Name: %{name} -Version: %{version} -Release: %{release}%{?dist} -Source: %{name}-%{version}.tar.gz -License: GNU GPL version 2 -Group: SMEserver/addon -BuildRoot: %{_tmppath}/%{name}-buildroot -Prefix: %{_prefix} -BuildArchitectures: noarch -BuildRequires: e-smith-devtools -Requires: e-smith-release >= 10.0 -AutoReqProv: no - -%description -${REPO_DESCRIPTION} - -%changelog -* Day MMMM DD YYYY 1.0-1.sme -- Initial code - create RPM [SME:99999] - -%prep - -%setup -q - -%build -perl createlinks - -%install -rm -rf $$RPM_BUILD_ROOT -(cd root ; find . -depth -print | cpio -dump $$RPM_BUILD_ROOT) -rm -f %{name}-%{version}-filelist -/sbin/e-smith/genfilelist $$RPM_BUILD_ROOT \ -> %{name}-%{version}-filelist -#echo "%doc COPYING" >> %{name}-%{version}-filelist -#--dir 'attr(755,user,grp)' \ -#--file 'attr(755,root,root)' \ - -%clean -cd .. -rm -rf %{name}-%{version} - -%pre - -%preun - -%post - -%postun -#uninstall -%files -f %{name}-%{version}-filelist -%defattr(-,root,root) diff --git a/ntp.conf b/ntp.conf new file mode 100644 index 0000000..8b7066b --- /dev/null +++ b/ntp.conf @@ -0,0 +1,21 @@ +# For more information about this file, see the ntp.conf(5) man page. + +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (https://www.pool.ntp.org/join.html). +pool 2.VENDORZONE.pool.ntp.org iburst + +# Reduce the maximum number of servers used from the pool. +tos maxclock 5 + +# Record the frequency of the system clock. +driftfile VARNTP/drift + +# Disable configuration and monitoring access by default. +restrict default nomodify noquery + +# Enable all access for localhost. +restrict 127.0.0.1 +restrict ::1 + +# Enable writing of statistics records. +#statistics clockstats cryptostats loopstats peerstats diff --git a/ntpsec-1.2.2a.tar.gz b/ntpsec-1.2.2a.tar.gz new file mode 100644 index 0000000..4e9d862 --- /dev/null +++ b/ntpsec-1.2.2a.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e0ce93af222a0a9860e6f5a51aadba9bb5ca601d80b2aea118a62f0a3226950e +size 2710790 diff --git a/ntpsec-1.2.2a.tar.gz.asc b/ntpsec-1.2.2a.tar.gz.asc new file mode 100644 index 0000000..a080c37 --- /dev/null +++ b/ntpsec-1.2.2a.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE5XI10idkEp+k8vTRf1JgjtDknXYFAmTLLB0ACgkQf1JgjtDk +nXYjaQ//TbtOrQjqcLH41mj1odw4BmXx1Ryns7mrgYBrP76lpAHKucJx2Pm/8pp0 +MMuuF2UZ4jQesKK8mUYbFub4JIjF9BQxczbptt7YSYGROJFFbHKP6TktxBQbfpEs +whkk/RrMouid88FZRkbASlWDjzBEHLl0IibJRYkyd4jE2EgPne482IFGTqK47GWt +figGpGSQ0GKRKhj6MqoHUXkpi6G1TNVxLQNvo477rV7INXW9LDgPEE97Tj0pQzGB +BVS5t87HHeG8rdwV8+90mT3dfwNBvxgt4pycPet/HHhAbZsmyl8F2dhiXHPF/4ol +ZYlFsS+9NUo7qUSgpuZSmigiIDvsMk7quG4OYkfpCob3WHgzwOS48o5idDorSe1o +dApFDaU3MEE5gab9v77Lv7R8Q6ksCcqMcMZNnT2hyJ4Mss7lvL8q2Ma3TXx0QJ9A +iaRunLGP1hI9cJCFe226gm2Ur4Bejn5sd/QbrP9uOxtW2jvjnNnIYLRuDp2ewZhP +DbKQj9+UgcE1nXWiUcEXhVkb4FfvWqpfIKH67BakRcl7vK0w7qskb1acAuHaiFgX +H/Qg9tR3imB0ALkNH+SFjOdPh0rL14+tbP7k0+bpD0K97WMt53rvddOuYxQ+1e2a +N+Kq7koCnB+rDyNeIdkvVg9D7gL7qmjZ5BGaNV1/2BT0NKmp/Yg= +=LLcg +-----END PGP SIGNATURE----- diff --git a/ntpsec-weakkeys.patch b/ntpsec-weakkeys.patch new file mode 100644 index 0000000..7d63b2f --- /dev/null +++ b/ntpsec-weakkeys.patch @@ -0,0 +1,36 @@ +diff -up ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys ntpsec-1.2.1/libntp/authreadkeys.c +--- ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys 2021-06-07 06:03:11.000000000 +0200 ++++ ntpsec-1.2.1/libntp/authreadkeys.c 2021-06-17 12:19:41.555693047 +0200 +@@ -249,6 +249,7 @@ authreadkeys( + char namebuf[NAMEBUFSIZE]; + size_t len; + int keys = 0; ++ char * hashchr = NULL; + + /* + * Open file. Complain and return if it can't be opened. +@@ -348,7 +349,7 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re + continue; + } + +- ++ hashchr = strchr(line, '#'); + + /* + * Finally, get key and insert it. +@@ -364,6 +365,15 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re + } + len = strlen(token); + if (len <= 20) { /* Bug 2537 */ ++ /* Detect weak keys generated by ntpkeygen ++ (CVE-2021-22212). False positives are possible. */ ++ if (token + len == hashchr) { ++ msyslog(LOG_ERR, ++ "AUTH: authreadkeys: key %u is followed by '#' (CVE-2021-22212)", ++ keyno); ++ exit(1); ++ } ++ + len = check_key_length(keyno, type, name, upcased, len); + check_mac_length(keyno, type, name, upcased); + auth_setkey(keyno, type, name, (uint8_t *)token, len); diff --git a/ntpsec.gpg.pub.asc b/ntpsec.gpg.pub.asc new file mode 100644 index 0000000..8d3661e --- /dev/null +++ b/ntpsec.gpg.pub.asc @@ -0,0 +1,134 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFcPDLMBEACenOnM3H3AGmqlVD2PUW8mH4SmtkPFyCDg4UiWu7TQCO86W7ha +3H4tA77UpEpbfoCh3RrScgEDhQpFpjfKjxq3pg+nbPZlfId3dWsk01QeyE/JYL7A +eUmDsR2trjnhVqjXAHHzEi2G7Mvf/xfuwvJaFN9f7l0rpm3kypuE1hsEByo4qydj +vXkL3MEp08j3Id+fQK3sJZCfj7wyvjE6URC8UJYxMkf/lrxBWpiDTAfTrrYGofdu +B+DywyH39Bh9vVGm+B5xLIuEkcBVE6etqzzhApB7GZsnEaJrlxqvtAf2egQk75Vg +cYuLX9xR4I58Sve5ztAahO6FoquETMlOtFx8pEbAARWmCnO9OyQU8tJDpsDnIBSS +ocDggJ5oKaNqd8rKgzKFk+qNXQnTpzyI4QKnHu48AKOdeJ+3Wsuhq4Nm/foSLxe3 +16e2CVSVRmiHdAr71tZZPTiSfsDWRPppnVnP1zUEUwhZjcHOOxB5hz+Z/YA5GIMl +kvXdLLvOhgsPyvnaAsgM0jw8z2ugc9TdhxEchBnP1sw6nZKZ72a9HPSReashrBiD +VTDM2yjHPP+0i6Cgl6iZLKTbl4pcLVj4uDgQIG+PNBfUPjW4CJjrFv7sBevRRSHi +SyODtvZzxnqCpRFG2cGkY6OQEdhZwEJIKHXjOkxZ0WOwh3k3OnS2pwKbIwARAQAB +tC9OVFBzZWMgU2VjdXJpdHkgUmVwb3J0aW5nIDxzZWN1cml0eUBudHBzZWMub3Jn +PokCVgQTAQgAQAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAFiEE2j/fd0zH +D6ZHKexFBdmzcUd8dSgFAl9757wFCRs43gkACgkQBdmzcUd8dSjJRBAAnpoiqeT/ +D64HUOEPAlc5apNgMnGt6PFRWIrUTN9v2cXeDJWQ7DCIdlqV0rhHwRT3WL6aZY5i +igu1FTun8bsV9hSCCQ7BveTIZFAMg+4bsjDBANNvteT/329Am1cSrlGzK6U5HVHU +nNZhP2PrVsqg9OVIF/u3lkO8AJjYBvp8Jlvvbl2MOcojAR7DqTslmCZaacjA9zuI +JJ6L+V56KU+l9xvO6A8XOoi8xPdxS11seZiMRODuKYC4AAdkBmcNKZVuOWqTQfxn +txEkaI5Q3t+kivkZiclqYVojkVCm77IQI3+23w1YikW1EJJ6lf9MNzrq9DMG0A4B +hopZ8mslazvOBMydq9wtpbXL7bZV3+a9wV+KQdIQhb0go7DaSfOxzW/+QyTL8dCd +khmip4o/eOLuteoIBODHZE84vBU8zCZACbgjE4nSGNIit091PBN91izhWUvBD7FX +tra69i4JoRW2sV3KZy1zsBMJ+ptULtfHD1A46Ss8fEYaRgZASXvmSrpH0hL8uA2O +OxcHb5Vo8+O4Ofx47SrD7Lf06cw/pIfd5acQ/Td3pJj8SxYECqVtjOIuusOVawEx +MXtaSMTQagoGmc16O7yvASibnArQxKbX6LACzEV5o3V12ZS3HT6yVSU3MN3xgsdb +pA7O1bPEwz4zsQIhI+DvHBVlvDD0yikTWluJAj8EEwEIACkFAlcPDLMCGwMFCQWj +moAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRAF2bNxR3x1KCISEACHp8Ut +Rx2ZRQ3KyBQnNF6k+RD4T9k4dQPomve8P3rWKEY373Q7jMAFp+UGerNgTIyGpus0 +UKzswrLyeSOT3lvA5nU66r95IPqpWeYBy4o1lgSDq/xdAINkRozw2CpzsUdg+APU +WbiddKfqlcDaHOfyWT9Vo83YLX+o1FZkWE5+7Y2hIfiI5cuLYpRhCoOGVJlSHBOR +0ihIlF9n1PACo+dd6q4++Kyw47I+OCGx2qxuWS25CrxWEupjSivQvw8DuD9VWQMa +03sUKUUQ9MSDrt+soAUYrsShttAfy6UKTIY+inDA+e6b150qzJZ4PbMsChNAHhUA +76lHqO1mrAISNi+vbMnXOshGQrs70svbgxYibHi636eyn1yivQND8nadVPbQQwPX +6plKbqup4XVntT7idH5ZA99Ny7WXpRzbJ0yL/Jc1YRrZ1t5QeNYrhLld/IjN1rsp +MS0OlQeIGMvidhCR8DEsDjQJ405QAwgwiAaum5DBiiQ12U8eAqgpF89OVca+Q3bt +15mCNUkBF4fj7hJwbKRtqmHBi8b6I3x+dXqcl0hma6M+n7wc9sbN/fR/m0OHSV/U +66ywRKu47199p3Yj0etSP39tgWxiUdhvx0tdbOeGA1RygXNjLTsTOa5EBHuKetWW +4WAOgM2uYqgotTAUNjalFZbkz2AM94hMQWGrqokCHAQQAQgABgUCVw8NmgAKCRBz +IpFyYszB5d+2EACbTkI7XkF7wBI7pzEf8avOhwg0qKA3slX7oYqrnkaaCSMISllF +m7U2tPTOJJQOtno4NfmURcvdMg3ozyYUeeBj+yUEYhM5PGm9j47pzcCkf8/2R9Mp +Z4oOCo9pKOuoWATG2wVMZEGh5aNs3Sq/f11ao9RSYEv1pxgy8dFBUQ+43v7WBImC +WyU/jHWmPqewLOADzESZRriMGfaSXs1BbCfggmiV+EHe1RhbXCzdPDCIQugDTg+Z +9kHrn44TTKXJJ3Fhord+klIwO06iR7poz8EO4ZiDqK1t2QBwtVAsUPd/RbO0lSuG +QJ0OYDHF/6W3DJn1leGZ+4ozDWmrQEObt8ciVOYf+qPws/4qEdsw5E2r3ZsofBYC +j4zqqJntZm4+3d98zpLIbZ/KdUAKPuDLZzxPbcvPXDM5RNUvFnnEjz6NJMcRP2CS +UBxugndmqGQm5xXZ8DBNcfH73WtHyWedlxUaS/uY4VzvW+nA5OJLV/BvDzKTwdq4 +T4IrGX2Fevg/Sl8PUWHeUlNyFMBa6c3gB90MjkznQFwPTX9WsEXkAIYSJSEdg+aH +nhGiQXAuETTqaEEiW76jtS6l8cJ5aFNXQa4GW5cZckJTlUHvkv8RTrTW8BUjgeAq +azzQbTYDnhwEJms1pPASHPF4LXpmauffJ4qcKAsPTIfYSFptMMxRxn2JKokCHAQQ +AQgABgUCVw8OCwAKCRAqfD42zCgtvsLKD/9ssv6W4gj9O5DZf+ISfo+7AdrwmjN8 +ppvhy/699I3duGevKKQS7UEHY+Sjmf9YVWRzI1AGvJsjUsb/Btfa8zNijtP3PH6v +eTtlFOVeNP6OAjcUVgePBgHgMqu17m+EGGReH7a8ruBl7Z6wzIU60qHX27hPbZHm +12W6X+EF7/+QevVurVdVYG3gzFM7J7Zbh05RWq0JUVimRk5zadrHRam+5yxPGsx1 +Hf5lzR2XIRoFxNzBh8eN9ilpbQ37GidTEyD4fOt3MKIEBGr1pFBnFc+ivxBsAMAI +7a2bkku1v15d84zyjEAAgE17/AmYtqH2EIzMZ7I8a/sOIdLfaULT8uxr73yivC7Y +nGMPamL4KMmo0XHj/TjXop4nWIP4rma8G+yPYlk8PMpEHVyQZLcG1mtFmQKMtWSe +jiZfVNtcYzAVbrC1t0wF9b5x8VfJACVwV8JkGV8CwfabqEzouIq1dh9Sm793bwG4 +LKd+W0DP5+QSYacpCEkgPeq4jVVZ+SEN+bCstEJwxW1WJ1p3rIBIGESpX+NKFAGl +Hl8i1fhrJ1foZr9Gx4L94GKrU4zgmB457I/t1k9iRpYVDfICgY5sy6ZHcrkhLiOZ +hr199QWHv33Bd7u3Y5pqoLamA3bjPZEJk82p7ywMas0z4sg2kdzol7iC5OjBjySv +gRFclkrSfKK9VrkCDQRXDwyzARAA0XTbXJBhJMaAOFvPWaw+dThy4RDlvV3hHiNJ +9uIIROYnmiu4W6t+jrZsJ3WWdJqNggY+XLnwVyRXWbmFXf8qViStoBfs62cDzmYn +dsfnl5ZcRdqrHJ+ErdblYU1Sc2WdnfoJQY49VaSLNJMDvU9gRdC9dVdI9Z2YR+m7 +RNXNZbqtxdDMgMFZYBq3jdWNkutpQA9PKwco4qGpQdsWLpyGXZRHF6iz63WRWhAe +YhLftUvoTXCISN+WTSuT4tC0pDfDfcdX7ber5icVg7Uh4aizFTenS4jlsbkE1I93 +oZCaPN3t8gah+iiCkIRVYpd0jy6RpZXIHLvRrgmdpZZ59Bkg3Xi4WtggJ5jg0wc8 +csC545M0wXlgktQN8w9RibR0woJoPUkh/dWiyXU/eEsQ84G1iMBHUGBDJ9g/vu/d +nqhRiu/A+jx2JbeYuxvR1MmL6WXJmQ8eHdJvnUQiS9nRqb8xQeSxoZlrBNw1QULk +11fFMy0h3adOX3KXbnqZsPUvCkt5P3UyEJSQ4lnN5K/Acbd/5toENeB2kq1hLdJk +HthrblnfkNtefY1fPHKtp56UqsuUcaLUpvLijUntR4PSwAbhDNKXKdLJroSNV0Wr +rOH1Rn64apQlrPw0ZwUdIdjXQFCxdMsagL2TgwuULmYjQUP/noX0c4bmglqmcKel +KrROdCEAEQEAAYkCNgQYAQgAIAIbDBYhBNo/33dMxw+mRynsRQXZs3FHfHUoBQJf +e+dGAAoJEAXZs3FHfHUoEq8P/35SlCVQIwWv9x7Bg3rpJR1WO5VDX//+UWWP5i2+ +fF8LGgkwNNno63VSSsJmla8A6IAT5pAisixCJuXJrQ2RWUiVgCOvUIOgczQFuv83 +T+mnbFh6Y9Ic9Ag4p5sLRDiwofceB+lNIOlmjAdg1KhFbBEczyRWqho5khfKSsxM +OtJ1LhcGwEhWF3DeHjJgGdb1SuAwpxiLpa/DgASLYXhEFfayYxlT4la+SkpGJXzK +gEZ7vc5GB0FKAD0/Jz9Yq1fBoR0j6pyEhqa4p1okUTP8YxsNHmw9gUcwLqs44JS/ +AhTJ1pghdha0m3h4pUV7k1LpqXbCqKPl+edwNLotN9I7WlfcEJuBAudP46f9mq29 +N0cp3ATUmuZsioPkr+u+LDK7uSylAJaJ3wG+RSGjTiV4N/AlN6W4syT8PAT/cfjW +sdboKD0Df8lVx/PUHsmeLc1vfNoawo7KwjNVaksBiXvGrXgMhTs3Koub5rMpyMB8 +OXsFGPwho62yr6euMW1zrxmlobaR5Fv3QWmANTk6HpqVmKLEDy1xDsp54sw9sQqx +lRrxt4NqZeaCZuuBwyn+pu5icIo01rguWU2P3r8WEbgbWh+JgGHvowTQEVz7jJVg +yTduFzQLtAuskrz81gZ0Tmy8PnD2D2JRylXSmDwKeShFeV6r1eWBjmk25LlnpQ40 +TR4EmQINBF977m0BEAC8mpXeJ4uuAXsNOaunJVk6bP0D+P4SazaxTVTu6p3c68LN +4F2zaxeVuagmf5Yk8u42EwwKfuhoaqX79n/hZYKRoZLsm1S6l+0jJFLVoUkUegXl +oUdifxFSSXzZB2f06xVVDb7HS9KMdxL/26i9X893hwsNuOqRP3e5kFZFQSXbLuYn +pFPrXhb/PVoJyEqb/iIvYsMgNMbKEN3bn6NBdq5FLy7T0Rr2v9U9yOqrWDvxMk1b +WhmhoPeMkVOI6YBXckb3T4l7CH2I7N3PHBegv5m5zQ2zblSKrCzbKMe9mZ4yejXI +u7tNA9ZRXPt+aLaaOC7pFZ+/skBqKVMn3y8X3dR7J6NulPxTP2sHpPYZ4RXuv0E4 +6WLgeoh08c4+VIyo5SCUoYJC1Sa6Fb/w7L48ZvkKACABrK+HZuaFNjn6ECWVpXqw +aYfTMItm70MY9wcxzw70ugnUOja+YVrQv/qyBWtRgMKTIs+wz7EEpIepqe3C2WBq +VJbTNXsGCi7O4KjKPyYbEGbTyh3BhyZA0btwvxqStlszrXXWkLInodfUt5DmVrqt +qFKO8DQ0fTVhFTBxZ0nDpinSbNWjCx0FIm9fVf3QYT+dmirXbyqAGgvchpx67ar2 +Fzr71+jVdV1N57WGepteIeHhhT1XwuS0G5PMF1/yRbl3b8JsaQeoOKi9Us9aSwAR +AQABtC9OVFBzZWMgU2VjdXJpdHkgUmVwb3J0aW5nIDxzZWN1cml0eUBudHBzZWMu +b3JnPokCUwQTAQoAPhYhBOVyNdInZBKfpPL00X9SYI7Q5J12BQJfe+5tAhsDBQkJ +ZgGABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEH9SYI7Q5J12L9cP+PuM4Dgr +dizgNupWj7/szlv4FKeq10MNu1wM9+XByzp4OEnkgvJK5qm9O+/AvkwIsmh5G1qQ +OnbvrhhNlUWzlBJ9McubUQYXQBUPiwS82QavGKhDW99IlV856+qpPhN30oQsqC0o +U00V+NT7rQ9BU0CTgTfgdJ3CktIzjoQpUwXK8PwL3hd6cs7Z7n709RNrcP0omWHf +CHc6FAHy5gH7p+vL+4raziuXS8ScKh2bY11NA0GhJ240ryRXKd1znv1wUdv9AwwG +lfiqWtq8r1YQNKIik2slrkD8aIze0rw6JgKskc0vFpDV9iHkfw1pD3sX1W9TRID9 +nWqT9PLaVYDvInN4T+mPEnp4jFgp7B4mmr138GGtJFyTyzgcpvJv0oDsRxshBkEF +MF3YYn5f6ZX3OZBlzclUH9yoNEnAn+GjaeZTW4V0qwjmnZD5g0OpVP1ljrxWlhAE +v6D5yj7RIhg7Xdau/hlYZ83onRYT3isO5QDK9SGIKT2B2cclBzEuBhRXCxnF5uzL ++ilpxUWx/0Xi8kOd1QBbfXMVCDkGSKIZQ1MatGFYQ7uGNnTNdbShTW15uXOmliC0 +kAchHHMT9rQ7i8tTe+ChgmRZ2pOdB77LyegHJ6Vp0FEH0ri4Qec2Qm6rV/nqaWTS +GBFMncN0nu9LDJZS/S5Fdn1909Ze9sJM8YK5Ag0EX3vubQEQANseMvfX3Bxqdp2r +BQOm4Pq8jYiRqlrUi8obgKwA6VC5IuyK+xyXd5O7Grq08DHMug1hxVsyBblTFe6m +mmlZWrCX91441golgCGsgmGK52y37XOXEk5K7I9kHako+8xbFB4pwJqGICqTCu03 +XJsCHNrLYWB1x36FEEC80B5Riusp++i4sQPa5Bl1p+z5C8LNme0OLbDtRRNpNXDN +q2r0GczT8uNIW5bTqXGqnv/MHnfQvcUHlapjVbsOMFFtbdrGyGPvKnwhjYg7xeeW +IZ1id4uIfZrpm567Pailaf+bRkUVfY6tsoody/S8/4pY+XVr5DX+2Wd5rK9EGSj8 +CEy1JBTXKJ5AJa9sq2PGTzyXwA9/CgUhRRkqjyK7k1nqT6n/mD/uz2jMZIeodRes +xl3BChnp3rs+zxb0I5kI6Kpu0zcjrMf/qA6eJciBmv9XlQwE9xG8tkzI1HB7rtds +PFVYAP5byM387l/bX+Uev+RSSa8ZUI5HcNkiXY0MuljsTEok4f8Vl6cWjrXcZVJj ++Grgo6x0pcRMwJAOODWZxlHAxelt9x3nKDdfO/pmRYx1/sx5MtgJs0Zht+xevksa +vypPitSKjwGoDylvkGLc+d3+iKv6yrT4Nil6uxnSIsHhWW3GG4xWyDiy3vzwnlDj +RnD3rZv8ntfhkq4JvaGdHpJD71tdABEBAAGJAjwEGAEKACYWIQTlcjXSJ2QSn6Ty +9NF/UmCO0OSddgUCX3vubQIbDAUJCWYBgAAKCRB/UmCO0OSddleREACpajO7uKng +tyYE+laputykGlYeReE0Hih4hL9om6hmkiYN1GSWP1i1g7Ce71pEZfT7Sm+O3xl2 +IU/GMUZz5etQk9wGgPKkRA5fEwq1KRJ1sXNBzSNKt8bvYa05BODWz4mAFsQYIiEZ +RNMvvsSwg3O/cvDk6xH0Yp9fIZcMG2nbk+ktQlkd7SYwSbrvpenmv90b9diW4LUn +zLBH6DmRdL+28PXUnbuZ4gbko8+8p8kU/ITNAh9dgTmiGDc8IiGmxPiSir2bnJiz +k9mXyHub7yipMbgvRBra+oQMIibSk9SQA4qNNUiDGdYPRKZKL3yNyOTsb4F+qpql +m2/HHqVXH9vcFYAFDjUkKXPikfoQGMvWf1v4Db9eNMKHS45Q2UgFTXNC0C+rwXxZ +ouzdruGeBE5p733wBo3f8yNFabifPZr7nfvdb/+Z+TLMGRGXyH1hjR3eLjUjuF9p +uIbfcoKjKgxsYDx/f74WKarH5qTZsbVzFoQHtCSKCKdMGS2JgzAr9pU3FSRjnTSO +pRFr64n6/qGZ+0e0OjIAzgpDI9vDw8z2p20FNUlvLqfI4IaPrnpu9+msJLneC/Hz +RlJoPBgR/KzCo65yKT0DBBWw/w1fMD0GidwJRnHy5EvF8oha6SaOQ/EhL7rT01lF ++z7an3UhBdX8UAhjgSOt3rzVZiNxyp5N0w== +=9YTT +-----END PGP PUBLIC KEY BLOCK----- diff --git a/ntpsec.spec b/ntpsec.spec new file mode 100644 index 0000000..e273f9f --- /dev/null +++ b/ntpsec.spec @@ -0,0 +1,289 @@ +Name: ntpsec +Version: 1.2.2a +Release: 2%{?dist} +Summary: NTP daemon and utilities + +# Primary license: MIT (NTP variant) +# attic/ntpdate: BSD +# include/{ascii,binio,ieee754io}.h: BSD +# include/{ntp_assert,isc_*.h}: ISC +# include/mbg_gps166.h: BSD +# include/ntp_{debug,endian,filegen}.h: BSD +# include/nts*.h: BSD +# include/parse*.h: BSD +# include/trimble.h: BSD +# libaes_siv: ASL 2.0 +# libntp/emalloc.c: ISC +# libntp/ntp_{c,endian,random}.c: BSD +# libntp/pymodule*: BSD +# libntp/python_compatibility.h: BSD +# libntp/strl_obsd.c: ISC +# libparse: BSD +# ntpclients: BSD +# ntpd/ntp_config.c: BSD +# ntpd/ntp_dns.c: BSD +# ntpd/ntp_filegen.c: BSD +# ntpd/ntp_parser.y: BSD +# ntpd/ntp_sandbox.c: BSD +# ntpd/ntp_scanner.*: BSD +# ntpd/nts*.c: BSD +# ntpd/refclock_generic.c: BSD +# ntpd/refclock_jjy.c: BSD +# ntpd/refclock_oncore.c: Beerware (public domain) +# ntpd/refclock_trimble.c: BSD with advertising +# ntpfrob: BSD +# pylib: BSD +License: MIT and BSD and BSD with advertising and ISC and ASL 2.0 +URL: https://www.ntpsec.org/ +Source0: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz +Source1: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz.asc +Source2: https://ftp.ntpsec.org/pub/releases/ntpsec.gpg.pub.asc +Source3: ntp.conf + +# Detect weak keys generated by ntpkeygen (CVE-2021-22212) +Patch1: ntpsec-weakkeys.patch + +BuildRequires: bison +BuildRequires: gcc +BuildRequires: gnupg2 +BuildRequires: libbsd-devel +BuildRequires: libcap-devel +BuildRequires: m4 +BuildRequires: openssl-devel +BuildRequires: pps-tools-devel +BuildRequires: python3-devel +BuildRequires: rubygem-asciidoctor +BuildRequires: systemd +BuildRequires: waf + +Requires(pre): shadow-utils +%{?systemd_requires} + +Conflicts: ntp ntp-perl ntpdate +Obsoletes: ntp < 4.2.10 ntp-perl < 4.2.10 ntp-doc < 4.2.10 ntpdate < 4.2.10 sntp < 4.2.10 + +# Set pool.ntp.org vendor zone for default configuration +%if 0%{!?vendorzone:1} +%global vendorzone %(source /etc/os-release && echo ${ID}.) +%endif + +# Private library +%global __provides_exclude ^libntpc\\.so.*$ +%global __requires_exclude ^libntpc\\.so.*$ + +%description +NTPsec is a more secure and improved implementation of the Network Time +Protocol derived from the original NTP project. + +%prep +%{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0} +%autosetup -p1 + +# Fix egg info to use a shorter version which will work as an rpm provide +sed -i 's|NTPSEC_VERSION_EXTENDED|NTPSEC_VERSION|' pylib/ntp-in.egg-info + +# Modify compiled-in statsdir +sed -i 's|/var/NTP|%{_localstatedir}/log/ntpstats|' \ + docs/includes/ntpd-body.adoc ntpd/ntp_util.c + +%build +export CFLAGS="$RPM_OPT_FLAGS" +export LDFLAGS="$RPM_LD_FLAGS" + +waf configure \ + --enable-debug \ + --enable-debug-gdb \ + --disable-doc \ + --refclock=all \ + --prefix=%{_prefix} \ + --exec-prefix=%{_exec_prefix} \ + --bindir=%{_bindir} \ + --sbindir=%{_sbindir} \ + --sysconfdir=%{_sysconfdir} \ + --datadir=%{_datadir} \ + --includedir=%{_includedir} \ + --libdir=%{_libdir} \ + --libexecdir=%{_libexecdir} \ + --localstatedir=%{_localstatedir} \ + --sharedstatedir=%{_sharedstatedir} \ + --mandir=%{_mandir} \ + ; + +waf build + +%install +waf --destdir=%{buildroot} install + +install -p -m755 attic/ntpdate %{buildroot}%{_sbindir}/ntpdate +mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d +install -p -m644 etc/logrotate-config.ntpd \ + %{buildroot}%{_sysconfdir}/logrotate.d/ntpsec.conf + +rm -rf %{buildroot}%{_docdir} +rm %{buildroot}%{_bindir}/runtests + +pushd %{buildroot} + +sed -e 's|VENDORZONE\.|%{vendorzone}|' \ + -e 's|VARNTP|%{_localstatedir}/lib/ntp|' \ + < %{SOURCE3} > .%{_sysconfdir}/ntp.conf +touch -r %{SOURCE3} .%{_sysconfdir}/ntp.conf + +for f in .%{_bindir}/*; do + head -c 30 "$f" | grep -q python || continue + %py3_shebang_fix "$f" +done + +# Move ntpq to sbin for better compatibility with ntp package +mv .%{_bindir}/ntpq .%{_sbindir}/ntpq + +mkdir -p .%{_localstatedir}/{lib/ntp,log/ntpstats} +touch .%{_localstatedir}/lib/ntp/ntp.drift + +mkdir -p .%{_prefix}/lib/systemd/ntp-units.d +echo 'ntpd.service' > .%{_prefix}/lib/systemd/ntp-units.d/60-ntpd.list + +popd + +%check +waf check + +%pre +# UID/GID inherited from the ntp package +/usr/sbin/groupadd -g 38 ntp 2> /dev/null || : +/usr/sbin/useradd -u 38 -g 38 -s /sbin/nologin -M -r \ + -d %{_localstatedir}/lib/ntp ntp 2>/dev/null || : + +%post +%systemd_post ntpd.service ntp-wait.service +systemctl daemon-reload 2> /dev/null || : + +%preun +%systemd_preun ntpd.service ntp-wait.service + +%postun +%systemd_postun_with_restart ntpd.service + +%global service_save_file /run/ntp-ntpsec.upgrade.services + +%triggerprein -- ntp < 4.2.10 +[ $1 = 0 ] || exit 0 +# Save enabled ntp services and configuration (before our post) +for s in ntpd ntp-wait; do + systemctl is-enabled -q "$s".service 2> /dev/null && + echo "$s" 2> /dev/null >> %{service_save_file} +done +rm -rf %{_sysconfdir}/ntp.ntpsec +cp -r --preserve=all %{_sysconfdir}/ntp %{_sysconfdir}/ntp.ntpsec 2> /dev/null +: + +%triggerpostun -- ntp < 4.2.10 +[ $2 = 0 ] || exit 0 +# Restore the services and configuration from ntp (after its preun) +for s in ntpd ntp-wait; do + grep -q "^$s$" %{service_save_file} 2> /dev/null && + systemctl enable -q "$s".service 2> /dev/null +done +rm -f %{service_save_file} +mv -f -T --backup=numbered %{_sysconfdir}/ntp.ntpsec %{_sysconfdir}/ntp +# Remove unsupported restrictions +sed -i.bak -E '/^restrict/s/no(e?peer|trap)//g' %{_sysconfdir}/ntp.conf +: + +%files +%license LICENSES/* +%doc NEWS.adoc README.adoc +%config(noreplace) %{_sysconfdir}/ntp.conf +%dir %{_sysconfdir}/logrotate.d +%config(noreplace) %{_sysconfdir}/logrotate.d/ntpsec.conf +%{_bindir}/ntp* +%{_sbindir}/ntp* +%{_libdir}/libntpc.so* +%{_mandir}/man1/ntp*.1* +%{_mandir}/man5/ntp*.5* +%{_mandir}/man8/ntp*.8* +%{_unitdir}/ntp*.service +%{_unitdir}/ntp*.timer +%{_prefix}/lib/systemd/ntp-units.d/*ntpd.list +%dir %attr(-,ntp,ntp) %{_localstatedir}/lib/ntp +%ghost %attr(644,ntp,ntp) %{_localstatedir}/lib/ntp/ntp.drift +%dir %attr(-,ntp,ntp) %{_localstatedir}/log/ntpstats +%{python3_sitearch}/ntp-*.egg-info +%{python3_sitearch}/ntp + +%changelog +* Sun Mar 24 2024 Jean-Philippe Pialasse 1.2.2a-2.sme +- first build for el8/SME11 + +* Thu Aug 03 2023 Miroslav Lichvar 1.2.2a-1 +- update to 1.2.2a (CVE-2023-4012) + +* Thu Jul 20 2023 Fedora Release Engineering - 1.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jun 14 2023 Python Maint - 1.2.2-3 +- Rebuilt for Python 3.12 + +* Thu Jan 19 2023 Fedora Release Engineering - 1.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Jan 02 2023 Miroslav Lichvar 1.2.2-1 +- update to 1.2.2 + +* Fri Jul 22 2022 Fedora Release Engineering - 1.2.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Mon Jun 13 2022 Python Maint - 1.2.1-8 +- Rebuilt for Python 3.11 + +* Thu Jan 20 2022 Fedora Release Engineering - 1.2.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Wed Sep 15 2021 Miroslav Lichvar 1.2.1-6 +- fix building with OpenSSL-3.0 + +* Tue Sep 14 2021 Sahana Prasad - 1.2.1-5 +- Rebuilt with OpenSSL 3.0.0 + +* Thu Jul 22 2021 Fedora Release Engineering - 1.2.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu Jun 17 2021 Miroslav Lichvar 1.2.1-3 +- detect weak keys generated by ntpkeygen (#1955859) + +* Mon Jun 07 2021 Python Maint - 1.2.1-2 +- Rebuilt for Python 3.10 + +* Mon Jun 07 2021 Miroslav Lichvar 1.2.1-1 +- update to 1.2.1 (CVE-2021-22212) +- enable refclock support (#1955859) +- add libbsd-devel to build requirements + +* Fri Jun 04 2021 Python Maint - 1.2.0-8 +- Rebuilt for Python 3.10 + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 1.2.0-7 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Mon Feb 01 2021 Miroslav Lichvar 1.2.0-6 +- change ntpdate defaults to follow classic ntpdate (#1917884) + +* Tue Jan 26 2021 Fedora Release Engineering - 1.2.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jan 18 2021 Miroslav Lichvar 1.2.0-4 +- include associd in ntpq readvar output (#1914901) +- fix ntpq crash in raw mode (#1914901) + +* Wed Jan 06 2021 Miroslav Lichvar 1.2.0-3 +- switch to flat default configuration +- save enabled services and configuration when replacing ntp +- move ntpdate and ntpq to /usr/sbin for better compatibility +- extend ntp conflicts and obsoletes + +* Tue Dec 01 2020 Miroslav Lichvar 1.2.0-2 +- address issues found in package review (#1896368) + +* Tue Nov 10 2020 Miroslav Lichvar 1.2.0-1 +- package ntpsec