!72 update to ntp-4.2.8p17

From: @chengyechun 
Reviewed-by: @kircher 
Signed-off-by: @kircher

Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch

@@ -1,31 +0,0 @@
-From 082a504cfcc046c3d8adaae1164268bc94e5108a Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 31 Jul 2021 10:51:41 -0700
-Subject: [PATCH] libntp: Do not use PTHREAD_STACK_MIN on glibc
-
-In glibc 2.34+ PTHREAD_STACK_MIN is not a compile-time constant which
-could mean different stack sizes at runtime on different architectures
-and it also causes compile failure. Default glibc thread stack size
-or 64Kb set by ntp should be good in glibc these days.
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- libntp/work_thread.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libntp/work_thread.c b/libntp/work_thread.c
-index 03a5647..3ddd751 100644
---- a/libntp/work_thread.c
-+++ b/libntp/work_thread.c
-@@ -41,7 +41,7 @@
- #ifndef THREAD_MINSTACKSIZE
- # define THREAD_MINSTACKSIZE	(64U * 1024)
- #endif
--#ifndef __sun
-+#if !defined(__sun) && !defined(__GLIBC__)
- #if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN
- # undef THREAD_MINSTACKSIZE
- # define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN
---
-2.32.0

backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch

@@ -1,167 +0,0 @@
-From ebd64fcbd4f3858b6986ff1a048e3467d96841ab Mon Sep 17 00:00:00 2001
-From: Harlen Stenn <stenn@ntp.org>
-Date: Sat, 13 May 2023 05:23:33 UTC
-Subject: [PATCH] mstolfp:make sure the buffer has enough room for the input extra characters
-
-Conflict:NA
-Reference:https://www.eecis.udel.edu/~ntp/ntp_spool//ntp4/ntp-4.2.8p15-3806-3807.patch
-
-CVE-2023-26552, CVE-2023-26553, and CVE-2023-26554 are marked identical to CVE-2023-26551
-https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1
-
----
- include/ntp_fp.h        |   4 +-
- libntp/mstolfp.c        | 109 +++++++++++++++-------------------------
- 2 files changed, 42 insertions(+), 71 deletions(-)
-
-diff --git a/include/ntp_fp.h b/include/ntp_fp.h
-index afd1f82..fe6e390 100644
---- a/include/ntp_fp.h
-+++ b/include/ntp_fp.h
-@@ -195,9 +195,9 @@ typedef u_int32 u_fp;
- 	do { \
- 		int32 add_f = (int32)(f); \
- 		if (add_f >= 0) \
--			M_ADD((r_i), (r_f), 0, (uint32)( add_f)); \
-+			M_ADD((r_i), (r_f), 0, (u_int32)( add_f)); \
- 		else \
--			M_SUB((r_i), (r_f), 0, (uint32)(-add_f)); \
-+			M_SUB((r_i), (r_f), 0, (u_int32)(-add_f)); \
- 	} while(0)
- 
- #define	M_ISNEG(v_i)			/* v < 0 */ \
-diff --git a/libntp/mstolfp.c b/libntp/mstolfp.c
-index 3dfc4ef..a428d17 100644
---- a/libntp/mstolfp.c
-+++ b/libntp/mstolfp.c
-@@ -14,86 +14,57 @@ mstolfp(
- 	l_fp *lfp
- 	)
- {
--	register const char *cp;
--	register char *bp;
--	register const char *cpdec;
--	char buf[100];
-+	int        ch, neg = 0; 
-+	u_int32    q, r;
- 
- 	/*
- 	 * We understand numbers of the form:
- 	 *
- 	 * [spaces][-|+][digits][.][digits][spaces|\n|\0]
- 	 *
--	 * This is one enormous hack.  Since I didn't feel like
--	 * rewriting the decoding routine for milliseconds, what
--	 * is essentially done here is to make a copy of the string
--	 * with the decimal moved over three places so the seconds
--	 * decoding routine can be used.
-+	 * This is kinda hack.  We use 'atolfp' to do the basic parsing
-+	 * (after some initial checks) and then divide the result by
-+	 * 1000.  The original implementation avoided that by
-+	 * hacking up the input string to move the decimal point, but
-+	 * that needed string manipulations prone to buffer overruns.
-+	 * To avoid that trouble we do the conversion first and adjust
-+	 * the result.
- 	 */
--	bp = buf;
--	cp = str;
--	while (isspace((unsigned char)*cp))
--	    cp++;
--	
--	if (*cp == '-' || *cp == '+') {
--		*bp++ = *cp++;
--	}
--
--	if (*cp != '.' && !isdigit((unsigned char)*cp))
--	    return 0;
--
--
--	/*
--	 * Search forward for the decimal point or the end of the string.
--	 */
--	cpdec = cp;
--	while (isdigit((unsigned char)*cpdec))
--	    cpdec++;
- 
--	/*
--	 * Found something.  If we have more than three digits copy the
--	 * excess over, else insert a leading 0.
--	 */
--	if ((cpdec - cp) > 3) {
--		do {
--			*bp++ = (char)*cp++;
--		} while ((cpdec - cp) > 3);
--	} else {
--		*bp++ = '0';
-+	while (isspace(ch = *(const unsigned char*)str))
-+		++str;
-+	switch (ch) {
-+	    case '-': neg = TRUE;
-+	    case '+': ++str;
-+	    default : break;
- 	}
- 
--	/*
--	 * Stick the decimal in.  If we've got less than three digits in
--	 * front of the millisecond decimal we insert the appropriate number
--	 * of zeros.
--	 */
--	*bp++ = '.';
--	if ((cpdec - cp) < 3) {
--		size_t i = 3 - (cpdec - cp);
--		do {
--			*bp++ = '0';
--		} while (--i > 0);
--	}
-+	if (!isdigit(ch = *(const unsigned char*)str) && (ch != '.'))
-+		return 0;
-+	if (!atolfp(str, lfp))
-+		return 0;
- 
--	/*
--	 * Copy the remainder up to the millisecond decimal.  If cpdec
--	 * is pointing at a decimal point, copy in the trailing number too.
-+	/* now do a chained/overlapping division by 1000 to get from
-+	 * seconds to msec. 1000 is small enough to go with temporary
-+	 * 32bit accus for Q and R.
- 	 */
--	while (cp < cpdec)
--	    *bp++ = (char)*cp++;
--	
--	if (*cp == '.') {
--		cp++;
--		while (isdigit((unsigned char)*cp))
--		    *bp++ = (char)*cp++;
--	}
--	*bp = '\0';
-+	q = lfp->l_ui / 1000u;
-+	r = lfp->l_ui - (q * 1000u);
-+	lfp->l_ui = q;
- 
--	/*
--	 * Check to make sure the string is properly terminated.  If
--	 * so, give the buffer to the decoding routine.
--	 */
--	if (*cp != '\0' && !isspace((unsigned char)*cp))
--	    return 0;
--	return atolfp(buf, lfp);
-+	r = (r << 16) | (lfp->l_uf >> 16);
-+	q = r / 1000u;
-+	r = ((r - q * 1000) << 16) | (lfp->l_uf & 0x0FFFFu);
-+	lfp->l_uf = q << 16;
-+	q = r / 1000;
-+	lfp->l_uf |= q;
-+	r -= q * 1000u;
-+
-+	/* fix sign */
-+	if (neg)
-+		L_NEG(lfp);
-+	/* round */
-+	if (r >= 500)
-+		L_ADDF(lfp, (neg ? -1 : 1));
-+	return 1;
- }
--- 
-2.33.0
-
-

backport-CVE-2023-26555-fix-out-write-bounds-in-praecis_parse.patch

@@ -1,102 +0,0 @@
-From 1e6893546c526c0961930b6b60a6aba42692dba9 Mon Sep 17 00:00:00 2001
-From: Harlan Stenn <stenn@ntp.org>
-Date: Sat, 13 May 2023 05:23:33 UTC
-Subject: [PATCH] refclock_palisade:fix an out-of-bounds write in praecis_parse
-
-Conflict:NA
-Reference:https://www.eecis.udel.edu/~ntp/ntp_spool//ntp4/ntp-4.2.8p15-3806-3807.patch
-
----
- ntpd/refclock_palisade.c | 50 ++++++++++++++++++++++++++++++++++------
- 1 file changed, 43 insertions(+), 7 deletions(-)
-
-diff --git a/ntpd/refclock_palisade.c b/ntpd/refclock_palisade.c
-index cb68255..66bfbc8 100644
---- a/ntpd/refclock_palisade.c
-+++ b/ntpd/refclock_palisade.c
-@@ -1225,9 +1225,9 @@ palisade_poll (
- 		return;  /* using synchronous packet input */
- 
- 	if(up->type == CLK_PRAECIS) {
--		if(write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0)
-+		if (write(peer->procptr->io.fd,"SPSTAT\r\n",8) < 0) {
- 			msyslog(LOG_ERR, "Palisade(%d) write: %m:",unit);
--		else {
-+		} else {
- 			praecis_msg = 1;
- 			return;
- 		}
-@@ -1249,20 +1249,53 @@ praecis_parse (
- 
- 	pp = peer->procptr;
- 
--	memcpy(buf+p,rbufp->recv_space.X_recv_buffer, rbufp->recv_length);
-+	if (p + rbufp->recv_length >= sizeof buf) {
-+		struct palisade_unit *up;
-+		up = pp->unitptr;
-+
-+		/*
-+		 * We COULD see if there is a \r\n in the incoming
-+		 * buffer before it overflows, and then process the
-+		 * current line.
-+		 *
-+		 * Similarly, if we already have a hunk of data that
-+		 * we're now flushing, that will cause the line of
-+		 * data we're in the process of collecting to be garbage.
-+		 *
-+		 * Since we now check for this overflow and log when it
-+		 * happens, we're now in a better place to easily see
-+		 * what's going on and perhaps better choices can be made.
-+		 */
-+
-+		/* Do we need to log the size of the overflow? */
-+		msyslog(LOG_ERR, "Palisade(%d) praecis_parse(): input buffer overflow",
-+			up->unit);
-+
-+		p = 0;
-+		praecis_msg = 0;
-+
-+		refclock_report(peer, CEVNT_BADREPLY);
-+
-+		return;
-+	}
-+
-+	memcpy(buf+p, rbufp->recv_buffer, rbufp->recv_length);
- 	p += rbufp->recv_length;
- 
--	if(buf[p-2] == '\r' && buf[p-1] == '\n') {
-+	if (   p >= 2
-+	    && buf[p-2] == '\r' 
-+	    && buf[p-1] == '\n') {
- 		buf[p-2] = '\0';
- 		record_clock_stats(&peer->srcadr, buf);
- 
- 		p = 0;
- 		praecis_msg = 0;
- 
--		if (HW_poll(pp) < 0)
-+		if (HW_poll(pp) < 0) {
- 			refclock_report(peer, CEVNT_FAULT);
--
-+		}
- 	}
-+	return;
- }
- 
- static void
-@@ -1407,7 +1440,10 @@ HW_poll (
- 
- 	/* Edge trigger */
- 	if (up->type == CLK_ACUTIME)
--		write (pp->io.fd, "", 1);
-+		if (write (pp->io.fd, "", 1) != 1)
-+			msyslog(LOG_WARNING,
-+				"Palisade(%d) HW_poll: failed to send trigger: %m",
-+				up->unit);
- 		
- 	if (ioctl(pp->io.fd, TIOCMSET, &x) < 0) { 
- #ifdef DEBUG
--- 
-2.33.0
-
-

bugfix-fix-ifindex-length.patch

@@ -1,5 +1,5 @@
---- ntp-4.2.6p5/lib/isc/unix/interfaceiter.c.orig	2018-10-15 15:16:00.414796346 +0800
-+++ ntp-4.2.6p5/lib/isc/unix/interfaceiter.c	2018-10-15 15:16:26.605794341 +0800
+--- a/libntp/lib/isc/unix/interfaceiter.c	2018-10-15 15:16:00.414796346 +0800
++++ a/libntp/lib/isc/unix/interfaceiter.c	2018-10-15 15:16:26.605794341 +0800
 @@ -151,7 +151,7 @@ get_addr(unsigned int family, isc_netadd
  
  #ifdef __linux

fix-multiple-defination-with-gcc-10.patch

@@ -1,155 +0,0 @@
-From bac29f25f063d3a2a87f2b824179df6fbd54334f Mon Sep 17 00:00:00 2001
-From: renmingshuai <renmingshuai@huawei.com>
-Date: Fri, 30 Jul 2021 22:26:26 +0800
-Subject: [PATCH] Fix multiple defination with gcc 10
-
----
- sntp/tests/run-crypto.c           | 2 +-
- sntp/tests/run-keyFile.c          | 2 +-
- sntp/tests/run-kodDatabase.c      | 2 +-
- sntp/tests/run-kodFile.c          | 2 +-
- sntp/tests/run-networking.c       | 2 +-
- sntp/tests/run-packetHandling.c   | 2 +-
- sntp/tests/run-packetProcessing.c | 2 +-
- sntp/tests/run-t-log.c            | 2 +-
- sntp/tests/run-utilities.c        | 2 +-
- tests/libntp/test-libntp.h        | 5 ++++-
- 10 files changed, 13 insertions(+), 10 deletions(-)
-
-diff --git a/sntp/tests/run-crypto.c b/sntp/tests/run-crypto.c
-index a486f86..5d7d02e 100644
---- a/sntp/tests/run-crypto.c
-+++ b/sntp/tests/run-crypto.c
-@@ -57,7 +57,7 @@ void resetTest(void)
-   setUp();
- }
- 
--char const *progname;
-+extern char const *progname;
- 
- 
- //=======MAIN=====
-diff --git a/sntp/tests/run-keyFile.c b/sntp/tests/run-keyFile.c
-index 5b25519..4321002 100644
---- a/sntp/tests/run-keyFile.c
-+++ b/sntp/tests/run-keyFile.c
-@@ -55,7 +55,7 @@ void resetTest(void)
-   setUp();
- }
- 
--char const *progname;
-+extern char const *progname;
- 
- 
- //=======MAIN=====
-diff --git a/sntp/tests/run-kodDatabase.c b/sntp/tests/run-kodDatabase.c
-index 67b7fc2..b591a0b 100644
---- a/sntp/tests/run-kodDatabase.c
-+++ b/sntp/tests/run-kodDatabase.c
-@@ -58,7 +58,7 @@ void resetTest(void)
-   setUp();
- }
- 
--char const *progname;
-+extern char const *progname;
- 
- 
- //=======MAIN=====
-diff --git a/sntp/tests/run-kodFile.c b/sntp/tests/run-kodFile.c
-index a3af218..96d0075 100644
---- a/sntp/tests/run-kodFile.c
-+++ b/sntp/tests/run-kodFile.c
-@@ -56,7 +56,7 @@ void resetTest(void)
-   setUp();
- }
- 
--char const *progname;
-+extern char const *progname;
- 
- 
- //=======MAIN=====
-diff --git a/sntp/tests/run-networking.c b/sntp/tests/run-networking.c
-index 1c1364f..3e1b4cd 100644
---- a/sntp/tests/run-networking.c
-+++ b/sntp/tests/run-networking.c
-@@ -48,7 +48,7 @@ void resetTest(void)
-   setUp();
- }
- 
--char const *progname;
-+extern char const *progname;
- 
- 
- //=======MAIN=====
-diff --git a/sntp/tests/run-packetHandling.c b/sntp/tests/run-packetHandling.c
-index 7790b20..c58380c 100644
---- a/sntp/tests/run-packetHandling.c
-+++ b/sntp/tests/run-packetHandling.c
-@@ -64,7 +64,7 @@ void resetTest(void)
-   setUp();
- }
- 
--char const *progname;
-+extern char const *progname;
- 
- 
- //=======MAIN=====
-diff --git a/sntp/tests/run-packetProcessing.c b/sntp/tests/run-packetProcessing.c
-index c91a6d3..221c88c 100644
---- a/sntp/tests/run-packetProcessing.c
-+++ b/sntp/tests/run-packetProcessing.c
-@@ -68,7 +68,7 @@ void resetTest(void)
-   setUp();
- }
- 
--char const *progname;
-+extern char const *progname;
- 
- 
- //=======MAIN=====
-diff --git a/sntp/tests/run-t-log.c b/sntp/tests/run-t-log.c
-index 268bf41..cd835bc 100644
---- a/sntp/tests/run-t-log.c
-+++ b/sntp/tests/run-t-log.c
-@@ -50,7 +50,7 @@ void resetTest(void)
-   setUp();
- }
- 
--char const *progname;
-+extern char const *progname;
- 
- 
- //=======MAIN=====
-diff --git a/sntp/tests/run-utilities.c b/sntp/tests/run-utilities.c
-index f717882..98d9bf1 100644
---- a/sntp/tests/run-utilities.c
-+++ b/sntp/tests/run-utilities.c
-@@ -58,7 +58,7 @@ void resetTest(void)
-   setUp();
- }
- 
--char const *progname;
-+extern char const *progname;
- 
- 
- //=======MAIN=====
-diff --git a/tests/libntp/test-libntp.h b/tests/libntp/test-libntp.h
-index 93050b3..2f386f6 100644
---- a/tests/libntp/test-libntp.h
-+++ b/tests/libntp/test-libntp.h
-@@ -1,3 +1,5 @@
-+#ifndef TEST_LIBNTP_H
-+#define TEST_LIBNTP_H
- #include "config.h"
- 
- #include "ntp_stdlib.h"
-@@ -5,4 +7,5 @@
- 
- time_t timefunc(time_t *ptr);
- void settime(int y, int m, int d, int H, int M, int S);
--time_t nowtime;
-+extern time_t nowtime;
-+#endif
--- 
-1.8.3.1
-

modify-DSA-key-generation-parameters-base-on-openssl3.patch

@@ -1,25 +0,0 @@
-From 0494312d943d70f45e45e8e41f659318e88c8e52 Mon Sep 17 00:00:00 2001
-From: chengyechun <chengyechun1@huawei.com>
-Date: Tue, 14 Mar 2023 15:16:47 +0800
-Subject: [PATCH] modify DSA key generation parameters base on openssl3
-
----
- util/ntp-keygen.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c
-index eb2cb34..732c073 100644
---- a/util/ntp-keygen.c
-+++ b/util/ntp-keygen.c
-@@ -121,7 +121,7 @@
- #define	MD5SIZE		20	/* maximum key size */
- #ifdef AUTOKEY
- #define	PLEN		512	/* default prime modulus size (bits) */
--#define	ILEN		256	/* default identity modulus size (bits) */
-+#define	ILEN		512	/* default identity modulus size (bits) */
- #define	MVMAX		100	/* max MV parameters */
- 
- /*
--- 
-2.27.0
-

ntp.spec

@@ -1,8 +1,8 @@
 %global _hardened_build 1
 
 Name:                  ntp
-Version:               4.2.8p15
-Release:               11
+Version:               4.2.8p17
+Release:               1
 Summary:               A protocol designed to synchronize the clocks of computers over a network
 License:               MIT and BSD and BSD with advertising
 URL:                   https://www.ntp.org/
@@ -23,13 +23,8 @@ Source16:              sntp.sysconfig
 Patch1:                ntp-ssl-libs.patch
 Patch2:                bugfix-fix-bind-port-in-debug-mode.patch
 Patch3:                bugfix-fix-ifindex-length.patch
-Patch4:                fix-multiple-defination-with-gcc-10.patch
-Patch5:                Do-not-use-PTHREAD_STACK_MIN-on-glibc.patch
-Patch6:                fix-MD5-manpage.patch
-Patch7:                modify-DSA-key-generation-parameters-base-on-openssl3.patch
-Patch8:                backport-CVE-2023-26551-CVE-2023-26552-CVE-2023-26553-CVE-2023-26554.patch
-Patch9:                backport-CVE-2023-26555-fix-out-write-bounds-in-praecis_parse.patch
-Patch10:               backport-add-NULL-pointer-check-when-ntpd-deletes-the-last-interface.patch
+Patch4:                fix-MD5-manpage.patch
+Patch5:                backport-add-NULL-pointer-check-when-ntpd-deletes-the-last-interface.patch
 
 BuildRequires:	       libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel
 BuildRequires:         autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser
@@ -212,6 +207,12 @@ make check
 %{_mandir}/man8/*.8*
 
 %changelog
+* Fri Jul 21 2023 chengyechun <chengyechun1@huawei.com> - 4.2.8p17-1
+- Type:enhancement
+- ID:
+- SUG:NA
+- DESC:update to 4.2.8p17
+
 * Wed Jun 21 2023 chengyechun <chengyechun1@huawei.com> - 4.2.8p15-11
 - Type:bugfix
 - ID: