ntp-4.2.6p5-8

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@10735 ec354946-7b23-47d6-9f5a-488ba84defc7

n/ntp/ntp-vl.spec

@@ -4,7 +4,7 @@ Summary: Synchronizes system time using the Network Time Protocol (NTP).
 Summary(ja): Network Time Protocol (NTP) を用いたシステム時刻の同期
 Name: ntp
 Version: 4.2.6p5
-Release: 7%{?_dist_release}
+Release: 8%{?_dist_release}
 License: distributable
 Group: System Environment/Daemons
 URL: http://www.ntp.org/
@@ -27,64 +27,140 @@ Patch3: ntp-4.2.6p3-bcast.patch
 # align buffer for control messages
 Patch4: ntp-4.2.6p1-cmsgalign.patch
 # link ntpd with -ffast-math on ia64
-# Patch5: ntp-4.2.6p1-linkfastmath.patch
-# ntpbz #1134
-# Patch6: ntp-4.2.6p5-tentative.patch
+Patch5: ntp-4.2.6p1-linkfastmath.patch
 # ntpbz #2294
 Patch6: ntp-4.2.6p5-fipsmd5.patch
 # ntpbz #759
 Patch7: ntp-4.2.6p1-retcode.patch
-# ntpbz #992
-Patch8: ntp-4.2.6p4-rtnetlink.patch
-# fix script used to generate man pages
-# Patch9: ntp-4.2.6p2-html2man.patch
+# ntpbz #2085
+Patch8: ntp-4.2.6p5-rootdisp.patch
+# ntpbz #2309
+Patch9: ntp-4.2.6p5-hexpw.patch
 # ntpbz #898
 Patch10: ntp-4.2.6p4-htmldoc.patch
+# ntpbz #1402
+Patch11: ntp-4.2.6p5-updatebclient.patch
 # fix precision calculation on fast CPUs
 Patch12: ntp-4.2.4p7-getprecision.patch
 # ntpbz #1408
-Patch13: ntp-4.2.6p1-logdefault.patch
+Patch13: ntp-4.2.6p5-logdefault.patch
 # add option -m to lock memory
 Patch14: ntp-4.2.6p4-mlock.patch
-# allow -u and -p options to be used twice (#639101)
-Patch15: ntp-4.2.6p2-multiopts.patch
-# ntpbz #1554
-# Patch16: ntp-4.2.6p3-nosyspeer.patch
+# restore pre 4.2.6 ntpdate behavior
+Patch15: ntp-4.2.6p5-ntpdatetimeout.patch
+# ntpbz #2040
+Patch16: ntp-4.2.6p5-identlen.patch
 # ntpbz #1670
 Patch17: ntp-4.2.6p3-broadcastdelay.patch
 # ntpbz #1671
 Patch18: ntp-4.2.6p5-delaycalib.patch
-# ntpbz #1695
-# Patch19: ntp-4.2.6p5-ntpdaterecv.patch
+# ntpbz #2019
+Patch19: ntp-4.2.6p5-pwcipher.patch
+# ntpbz #2320
+Patch20: ntp-4.2.6p5-noservres.patch
+# ntpbz #2506
+Patch21: ntp-4.2.6p5-refreshroute.patch
+# ntpbz #2666
+Patch22: ntp-4.2.6p5-cve-2014-9294.patch
+# ntpbz #2665
+Patch23: ntp-4.2.6p5-cve-2014-9293.patch
+# ntpbz #2667
+Patch24: ntp-4.2.6p5-cve-2014-9295.patch
+# ntpbz #2670
+Patch25: ntp-4.2.6p5-cve-2014-9296.patch
+# ntpbz #2671
+Patch26: ntp-4.2.6p5-cve-2014-9297.patch
+# ntpbz #2672
+Patch27: ntp-4.2.6p5-cve-2014-9298.patch
+# ntpbz #2174
+Patch28: ntp-4.2.6p5-sourceport.patch
+# ntpbz #2612
+Patch29: ntp-4.2.6p5-monwarn.patch
+# ntpbz #1232
+Patch30: ntp-4.2.6p5-nanoshm.patch
+# ntpbz #2661
+Patch32: ntp-4.2.6p5-mreadvar.patch
+# ntpbz #730
+Patch33: ntp-4.2.6p5-rsaexp.patch
+# ntpbz #2537
+Patch34: ntp-4.2.6p5-keylen.patch
+# ntpbz #2627
+Patch35: ntp-4.2.6p5-shmperm.patch
+# ntpbz #2745
+Patch36: ntp-4.2.6p5-xleap.patch
+# ntpbz #2805
+Patch37: ntp-4.2.6p5-mcastjoin.patch
+# ntpbz #2779
+Patch39: ntp-4.2.6p5-cve-2015-1798.patch
+# ntpbz #2781
+Patch40: ntp-4.2.6p5-cve-2015-1799.patch
+# ntpbz #2797
+Patch41: ntp-4.2.6p5-cve-2015-3405.patch
+# ntpbz #2837
+Patch42: ntp-4.2.6p5-dscp.patch
+# ntpbz #2901
+Patch43: ntp-4.2.6p5-cve-2015-7704.patch
+# allow only one step larger than panic threshold with -g
+Patch44: ntp-4.2.6p5-cve-2015-5300.patch
+# ntpbz #2246
+Patch45: ntp-4.2.6p5-leapreset.patch
+# ntpbz #2081
+Patch46: ntp-4.2.6p5-rawstats.patch
+# ntpbz #2639, #2880
+Patch47: ntp-4.2.6p5-clockstate.patch
+# ntpbz #2851
+Patch48: ntp-4.2.6p5-restrict46.patch
+# ntpbz #1593
+Patch49: ntp-4.2.6p5-cve-2015-5194.patch
+# fix crash when referencing disabled statistic type
+Patch50: ntp-4.2.6p5-cve-2015-5195.patch
+# don't hang in sntp with crafted reply
+Patch51: ntp-4.2.6p5-cve-2015-5219.patch
+# ntpbz #2909
+Patch52: ntp-4.2.6p5-cve-2015-7701.patch
+# ntpbz #2899
+Patch53: ntp-4.2.6p5-cve-2015-7691_7692_7702.patch
+# ntpbz #2919
+Patch54: ntp-4.2.6p5-cve-2015-7852.patch
+# ntpbz #2902
+Patch55: ntp-4.2.6p5-cve-2015-7703.patch
+# ntpbz #2945
+Patch56: ntp-4.2.6p5-cve-2015-8138.patch
+# ntpbz #2939, #2940
+Patch57: ntp-4.2.6p5-cve-2015-7977_7978.patch
+# ntpbz #2942, ntpbz #3007
+Patch60: ntp-4.2.6p5-cve-2015-7979.patch
+# ntpbz #2978
+Patch61: ntp-4.2.6p5-cve-2016-1548.patch
+# ntpbz #3009
+Patch62: ntp-4.2.6p5-cve-2016-2518.patch
+# ntpbz #2879
+Patch63: ntp-4.2.6p5-cve-2016-1550.patch
 
 # handle unknown clock types
-Patch50: ntpstat-0.2-clksrc.patch
+Patch100: ntpstat-0.2-clksrc.patch
 # process first packet in multipacket response
-Patch51: ntpstat-0.2-multipacket.patch
+Patch101: ntpstat-0.2-multipacket.patch
 # use current system variable names
-Patch52: ntpstat-0.2-sysvars.patch
+Patch102: ntpstat-0.2-sysvars.patch
 # print synchronization distance instead of dispersion
-Patch53: ntpstat-0.2-maxerror.patch
+Patch103: ntpstat-0.2-maxerror.patch
 # fix error bit checking
-Patch54: ntpstat-0.2-errorbit.patch
+Patch104: ntpstat-0.2-errorbit.patch
+# improve man page
+Patch105: ntpstat-0.2-manual.patch
 
-# workaround fix for glibc headers
-Patch60: ntp-4.2.x_MOD_NANO.patch
+# fix included autoopts to not crash on range error
+Patch150: ntp-4.2.6p5-optsrange.patch
 
-# security
-# Patch100: ntp-4.2.4_CVE-2009-0159.patch
-Patch100: ntp-4.2.6p5-cve-2014-9293.patch
-Patch110: ntp-4.2.6p5-cve-2014-9294.patch
-Patch120: ntp-4.2.6p3_CVE-2014-9295.patch
-Patch130: ntp-4.2.6p3_CVE-2014-9296.patch
-Patch140: ntp-4.2.6p3-CVE-2014-9297.patch
-Patch150: ntp-4.2.6p5-CVE-2014-9298.patch
+Patch1000: ntp-4.2.6p5-u64.patch
 
 Requires(pre): /sbin/chkconfig
 BuildRequires: openssl-devel
 BuildRequires: libedit-devel
 BuildRequires: libcap-devel
 BuildRequires: autoconf
+BuildRequires: bison
 # ntpstat
 BuildRequires: perl-HTML-Parser
 #Conflicts: xntp3
@@ -129,60 +205,107 @@ This package contains perl scripts ntp-wait and ntptrace.
 %patch3 -p1 -b .bcast
 %patch4 -p1 -b .cmsgalign
 %ifarch ia64
-# %patch5 -p1 -b .linkfastmath
+%patch5 -p1 -b .linkfastmath
 %endif
-# %patch6 -p1 -b .tentative
 %patch6 -p1 -b .fipsmd5
 %patch7 -p1 -b .retcode
-%patch8 -p1 -b .rtnetlink
-# %patch9 -p1 -b .html2man
+%patch8 -p1 -b .rootdisp
+%patch9 -p1 -b .hexpw
 %patch10 -p1 -b .htmldoc
+%patch11 -p1 -b .updatebclient
 %patch12 -p1 -b .getprecision
 %patch13 -p1 -b .logdefault
 %patch14 -p1 -b .mlock
-%patch15 -p1 -b .multiopts
-# %patch16 -p1 -b .nosyspeer
+%patch15 -p1 -b .ntpdatetimeout
+%patch16 -p1 -b .identlen
 %patch17 -p1 -b .broadcastdelay
 %patch18 -p1 -b .delaycalib
-# %patch19 -p1 -b .ntpdaterecv
+%patch19 -p1 -b .pwcipher
+%patch20 -p1 -b .noservres
+%patch21 -p1 -b .refreshroute
+%patch22 -p1 -b .cve-2014-9294
+%patch23 -p1 -b .cve-2014-9293
+%patch24 -p1 -b .cve-2014-9295
+%patch25 -p1 -b .cve-2014-9296
+%patch26 -p1 -b .cve-2014-9297
+%patch27 -p1 -b .cve-2014-9298
+%patch28 -p1 -b .sourceport
+%patch29 -p1 -b .monwarn
+%patch30 -p1 -b .nanoshm
+%patch32 -p1 -b .mreadvar
+%patch33 -p1 -b .rsaexp
+%patch34 -p1 -b .keylen
+%patch35 -p1 -b .shmperm
+%patch36 -p1 -b .xleap
+%patch37 -p1 -b .mcastjoin
+%patch39 -p1 -b .cve-2015-1798
+%patch40 -p1 -b .cve-2015-1799
+%patch41 -p1 -b .cve-2015-3405
+%patch42 -p1 -b .dscp
+%patch43 -p1 -b .cve-2015-7704
+%patch44 -p1 -b .cve-2015-5300
+%patch45 -p1 -b .leapreset
+%patch46 -p1 -b .rawstats
+%patch47 -p1 -b .clockstate
+%patch48 -p1 -b .restrict46
+%patch49 -p1 -b .cve-2015-5194
+%patch50 -p1 -b .cve-2015-5195
+%patch51 -p1 -b .cve-2015-5219
+%patch52 -p1 -b .cve-2015-7701
+%patch53 -p1 -b .cve-2015-7691_7692_7702
+%patch54 -p1 -b .cve-2015-7852
+%patch55 -p1 -b .cve-2015-7703
+%patch56 -p1 -b .cve-2015-8138
+%patch57 -p1 -b .cve-2015-7977_7978
+%patch60 -p1 -b .cve-2015-7979
+%patch61 -p1 -b .cve-2016-1548
+%patch62 -p1 -b .cve-2016-2518
+%patch63 -p1 -b .cve-2016-1550
+
+# ntpstat patches
+%patch100 -p1 -b .clksrc
+%patch101 -p1 -b .multipacket
+%patch102 -p1 -b .sysvars
+%patch103 -p1 -b .maxerror
+%patch104 -p1 -b .errorbit
+%patch105 -p1 -b .manual
+
+# autoopt patches
+%patch150 -p1 -b .optsrange
+
+%patch1000 -p1 -b .u64
 
 # set default path to sntp KoD database
 sed -i 's|/var/db/ntp-kod|%{_localstatedir}/lib/ntp/sntp-kod|' sntp/{sntp.1,main.c}
 
-# ntpstat patches
-%patch50 -p1 -b .clksrc
-%patch51 -p1 -b .multipacket
-%patch52 -p1 -b .sysvars
-%patch53 -p1 -b .maxerror
-%patch54 -p1 -b .errorbit
-
-%patch60 -p0 -b .NANO
-
-# security
-%patch100 -p1 -b .cve-2014-9293
-%patch110 -p1 -b .cve-2014-9294
-%patch120 -p1 -b .CVE-2014-9295
-%patch130 -p1 -b .CVE-2014-9296
-%patch140 -p1 -b .CVE-2014-9297
-%patch150 -p1 -b .CVE-2014-9298
+# fix line terminators
+sed -i 's|\r||g' html/scripts/{footer.txt,style.css}
 
-%build
-# autoconf
-autoreconf -vfi
+for f in COPYRIGHT ChangeLog; do
+	iconv -f iso8859-1 -t utf8 -o ${f}{_,} && touch -r ${f}{,_} && mv -f ${f}{_,}
+done
 
-# XXX work around for anal ntp configure
-# %define	_target_platform	%{nil}
-# %configure
-# CFLAGS="-g -DDEBUG" ./configure --prefix=/usr
+# make the build fail if the parsers are not regenerated
+rm ntpd/ntp_parser.{c,h}
+echo > ntpd/ntp_keyword.h
 
-CFLAGS="-g" ./configure         \
-	     --prefix=/usr      \
-	     --with-openssl-libdir=%{_libdir}
+%build
+export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fno-strict-overflow"
+if echo 'int main () { return 0; }' | gcc -pie -fPIE -O2 -xc - -o pietest 2>/dev/null; then
+	./pietest && export CFLAGS="$CFLAGS -pie -fPIE"
+	rm -f pietest
+fi
+export LDFLAGS="-Wl,-z,relro,-z,now"
 
-%undefine	_target_platform
+%configure \
+	--prefix=/usr      \
+	--with-openssl-libdir=%{_libdir}
 
+make -C ntpd ntp_keyword.h
 %__make %{?_smp_mflags}
-%__make %{?_smp_mflags} -C ntpstat-0.2 CFLAGS="$CFLAGS"
+
+sed -i 's|$ntpq = "ntpq"|$ntpq = "%{_sbindir}/ntpq"|' scripts/ntptrace
+sed -i 's|ntpq -c |%{_sbindir}/ntpq -c |' scripts/ntp-wait
 
 pushd html
 ../scripts/html2man
@@ -190,6 +313,8 @@ pushd html
 sed -i 's/^[\t\ ]*$//;/./,/^$/!d' man/man*/*.[58]
 popd 
 
+%__make %{?_smp_mflags} -C ntpstat-0.2 CFLAGS="$CFLAGS"
+
 %install
 rm -rf $RPM_BUILD_ROOT
 
@@ -275,6 +400,9 @@ fi
 %{_mandir}/man8/ntptrace.8*
 
 %changelog
+* Thu Jul 21 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 4.2.6p5-8
+- imported all patches from CentOS.
+
 * Sun May 15 2016 Yoji TOYODA <bsyamato@sea.plala.or.jp> 4.2.6p5-7
 - rebuild with openssl-1.0.2