20248611 Update ntp to 4.2.8 s11u2-sru
authorBrian Utterback <brian.utterback@oracle.com>
Wed, 24 Dec 2014 12:01:19 -0800
branchs11u2-sru
changeset 3575 6124cc35494e
parent 3560 5e2059b35bc2
child 3578 8bc0e1292180
20248611 Update ntp to 4.2.8 15608765 SUNBT6908332 ntpd(v4) fails with link local IPv6 addresses. 15797761 SUNBT7176468 ntpd(1m) man page contains typos 17626608 There There is is a typo in SmfValueNTP.html 19365356 buffer overrun in tokenize() 20231654 ntp fails to build, bad arc4random 20244925 problem in SERVICE/NTP
components/ntp/Makefile
components/ntp/Solaris/SmfValueNTP.html
components/ntp/manpages/ntpd.1m
components/ntp/ntp.p5m
components/ntp/patches/40-ntpwait.patch
components/ntp/patches/70-refresh.patch
components/ntp/patches/82-nametoindex.patch
components/ntp/patches/85-getif-eintr.patch
components/ntp/patches/92-in6.patch
--- a/components/ntp/Makefile	Wed Dec 17 23:57:29 2014 -0800
+++ b/components/ntp/Makefile	Wed Dec 24 12:01:19 2014 -0800
@@ -26,20 +26,19 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		ntp
-COMPONENT_PATCH_VERSION=	381
-COMPONENT_VERSION=	4.2.7
-HUMAN_VERSION=		$(COMPONENT_VERSION)p$(COMPONENT_PATCH_VERSION)
-IPS_COMPONENT_VERSION=	$(COMPONENT_VERSION).$(COMPONENT_PATCH_VERSION)
+COMPONENT_VERSION=	4.2.8
+HUMAN_VERSION=		$(COMPONENT_VERSION)
+IPS_COMPONENT_VERSION=	$(COMPONENT_VERSION)
 COMPONENT_PROJECT_URL=	http://www.ntp.org/
-COMPONENT_SRC_NAME=	ntp-dev
+COMPONENT_SRC_NAME=	ntp
 COMPONENT_SRC=		$(COMPONENT_SRC_NAME)-$(HUMAN_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:169e56bde7df2822c48e5dc8c3cebc6033a47fd278c8783aaf32770ca295fdcc
-COMPONENT_ARCHIVE_URL=	http://archive.ntp.org/ntp4/ntp-dev/$(COMPONENT_ARCHIVE)
+    sha256:2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee
+COMPONENT_ARCHIVE_URL=	http://archive.ntp.org/ntp4/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	service/ntp
 
-TPNO=			18350
+TPNO=			20866
 
 PATCH_LEVEL = 0
 
--- a/components/ntp/Solaris/SmfValueNTP.html	Wed Dec 17 23:57:29 2014 -0800
+++ b/components/ntp/Solaris/SmfValueNTP.html	Wed Dec 24 12:01:19 2014 -0800
@@ -19,14 +19,14 @@
 
     CDDL HEADER END
 
-    Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
+    Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
 -->
 <!--
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
 -->
 <BODY>
 When <em>Value NTP Properties</em> is in the Authorizations Included
-column, it grants the the authorization to change NTP service property values.
+column, it grants the authorization to change NTP service property values.
 <P> 
 If <em>Value NTP Properties</em> is grayed, then you are not entitled to
 Add or Remove this authorization.
--- a/components/ntp/manpages/ntpd.1m	Wed Dec 17 23:57:29 2014 -0800
+++ b/components/ntp/manpages/ntpd.1m	Wed Dec 24 12:01:19 2014 -0800
@@ -18,7 +18,7 @@
 .\"
 .\" CDDL HEADER END
 .\"
-.\" Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
+.\" Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
 .\"
 .TH "ntpd" "1M" "" "" "System Administration Commands"
 .SH NAME
@@ -37,7 +37,7 @@
 .SS How \fBNTP\fR Operates
 The \fBntpd\fR program operates by exchanging messages with one or more configured servers at designated intervals ranging from about one minute to about 17 minutes. When started, the program requires several exchanges while the algorithms accumulate and groom the data before setting the clock. The initial delay to set the clock can be reduced using options as described in the server options page  at file:///usr/share/doc/ntp/confopt.html.
 .LP
-When the machine is booted, the hardware time of day (TOD) chip is used to initialize the operating system time. After the machine has synchronized to a \fBNTP\fR server, the operating system corrects the chip from time to time. During the course of operation if for some reason the system time is more than 1000s offset from the server time, \fBntpd\fR assumes something must be terribly wrong and exits with a panic message to the system log. If it was started via SMF, the ntp service is placed into maintainance mode and must be cleared manually. The -g option overrides this check at startup and allows \fBntpd\fR to set the clock to the server time regardless of the chip time, but only once.
+When the machine is booted, the hardware time of day (TOD) chip is used to initialize the operating system time. After the machine has synchronized to a \fBNTP\fR server, the operating system corrects the chip from time to time. During the course of operation if for some reason the system time is more than 1000s offset from the server time, \fBntpd\fR assumes something must be terribly wrong and exits with a panic message to the system log. If it was started via SMF, the ntp service is placed into maintenance mode and must be cleared manually. The -g option overrides this check at startup and allows \fBntpd\fR to set the clock to the server time regardless of the chip time, but only once.
 .LP
 Under ordinary conditions, \fBntpd\fR slews the clock so that the time is effectively continuous and never runs backwards. If due to extreme network congestion an error spike exceeds the \fIstep threshold\fR (128ms by default), the spike is discarded. However, if the error persists for more than the \fIstepout threshold\fR (900s by default) the system clock is stepped to the correct value. In practice the need for a step is extremely rare and almost always the result of a hardware failure. With the -x option the step threshold is increased to 600s. Other options are available using the \fItinker\fR command as described in the miscellaneous options page at file:///usr/share/doc/ntp/miscopt.html.
 .LP
@@ -249,7 +249,7 @@
 variable.
 .SH AUTOMATIC SERVICE MANAGEMENT (SMF)
 \fBNTP\fR on Solaris is managed via the service management facility described in 
- \fBsmf\fR(5). There are several options controlled by services properties which 
+\fBsmf\fR(5). There are several options controlled by services properties which 
 can be set by the system administrator. The available options can be listed by
 executing the following command:
 .nf
--- a/components/ntp/ntp.p5m	Wed Dec 17 23:57:29 2014 -0800
+++ b/components/ntp/ntp.p5m	Wed Dec 24 12:01:19 2014 -0800
@@ -321,6 +321,7 @@
 file path=usr/share/doc/ntp/tickadj.html
 file path=usr/share/doc/ntp/warp.html
 file path=usr/share/doc/ntp/xleave.html
+file scripts/lib/NTP/Util.pm path=usr/share/ntp/lib/NTP/Util.pm
 file manpages/ntp-keygen.1m path=usr/share/man/man1m/ntp-keygen.1m
 file manpages/ntpd.1m path=usr/share/man/man1m/ntpd.1m
 file manpages/ntpdate.1m path=usr/share/man/man1m/ntpdate.1m mangler.man.stability="uncommitted obsolete"
--- a/components/ntp/patches/40-ntpwait.patch	Wed Dec 17 23:57:29 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-This change allows ntp-wait to work with more versions
-of NTP, since the format changed slightly. It can be removed
-at the next upgrade since there will be no possibility 
-of running an older ntp with the old format.
-
---- scripts/ntp-wait.in
-+++ scripts/ntp-wait.in
[email protected]@ -20,8 +20,8 @@
-     while(<Q>) {
-       chomp;
-       # the first line should be similar to:
--      # associd=0 status=0645 leap_none, sync_ntp, ...
--      if (/^asso?c?id=0 status=(\S{4}) (\S+), (\S+),/i) {
-+      # status=0645 leap_none, sync_ntp, ...
-+      if (/status=(\S{4}) (\S+), (\S+),/i) {
- 	my $status = $1;
- 	my $leap = $2;
- 	my $sync = $3;
--- a/components/ntp/patches/70-refresh.patch	Wed Dec 17 23:57:29 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,122 +0,0 @@
-Patch to restore the period refreshing of the interface list 
-and to re-resolve the peers source addresses. This is needed
-because the interfaces are not done coming online when ntpd
-starts due to delays from DAD. 
-
-This patch can be removed when NTP is upgraded to 4.2.7p396
-or later
-
-
---- ntpd/ntp_io.c
-+++ ntpd/ntp_io.c
[email protected]@ -1704,7 +1704,6 @@ update_interfaces(
- 	isc_result_t		result;
- 	isc_interface_t		isc_if;
- 	int			new_interface_found;
--	int			refresh_peers;
- 	unsigned int		family;
- 	endpt			enumep;
- 	endpt *			ep;
[email protected]@ -1719,7 +1718,6 @@ update_interfaces(
- 	 */
- 
- 	new_interface_found = FALSE;
--	refresh_peers = FALSE;
- 	iter = NULL;
- 	result = isc_interfaceiter_create(mctx, &iter);
- 
[email protected]@ -1755,6 +1753,8 @@ update_interfaces(
- 
- 		convert_isc_if(&isc_if, &enumep, port);
- 
-+		DPRINT_INTERFACE(4, (&enumep, "examining ", "\n"));
-+
- 		/* 
- 		 * Check if and how we are going to use the interface.
- 		 */
[email protected]@ -1762,19 +1762,23 @@ update_interfaces(
- 					 enumep.flags)) {
- 
- 		case ACTION_IGNORE:
-+			DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n",
-+			    enumep.name, stoa(&enumep.sin)));
- 			continue;
- 
- 		case ACTION_LISTEN:
-+			DPRINTF(4, ("listen interface %s (%s) - by nic rules\n",
-+			    enumep.name, stoa(&enumep.sin)));
- 			enumep.ignore_packets = ISC_FALSE;
- 			break;
- 
- 		case ACTION_DROP:
-+			DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n",
-+			    enumep.name, stoa(&enumep.sin)));
- 			enumep.ignore_packets = ISC_TRUE;
- 			break;
- 		}
- 
--		DPRINT_INTERFACE(4, (&enumep, "examining ", "\n"));
--
- 		 /* interfaces must be UP to be usable */
- 		if (!(enumep.flags & INT_UP)) {
- 			DPRINTF(4, ("skipping interface %s (%s) - DOWN\n",
[email protected]@ -1817,15 +1821,7 @@ update_interfaces(
- 				 */
- 				strlcpy(ep->name, enumep.name,
- 					sizeof(ep->name));
--				if (ep->ignore_packets !=
--				    enumep.ignore_packets) {
--					ep->ignore_packets = 
--					    enumep.ignore_packets;
--					refresh_peers = TRUE;
--					DPRINTF(4, ("refreshing peers due to %s ignore_packets change to %d\n",
--					    stoa(&ep->sin),
--					    ep->ignore_packets));
--				}
-+				ep->ignore_packets = enumep.ignore_packets;
- 			} else {
- 				/* name collision - rename interface */
- 				strlcpy(ep->name, "*multiple*",
[email protected]@ -1890,9 +1886,6 @@ update_interfaces(
- 					(*receiver)(data, &ifi);
- 
- 				new_interface_found = TRUE;
--				refresh_peers = TRUE;
--				DPRINTF(4, ("refreshing peers due to new addr %s\n",
--					stoa(&ep->sin)));
- 				DPRINT_INTERFACE(3,
- 					(ep, "updating ",
- 					 " new - created\n"));
[email protected]@ -1932,9 +1925,6 @@ update_interfaces(
- 		DPRINT_INTERFACE(3, (ep, "updating ",
- 				     "GONE - deleting\n"));
- 		remove_interface(ep);
--		refresh_peers = TRUE;
--		DPRINTF(4, ("refreshing peers due to deleted addr %s\n",
--			    stoa(&ep->sin)));
- 
- 		ifi.action = IFS_DELETED;
- 		ifi.ep = ep;
[email protected]@ -1956,17 +1946,16 @@ update_interfaces(
- 	}
- 
- 	/*
--	 * phase 3 - re-configure as the world has changed if necessary
-+	 * phase 3 - re-configure as the world has probably changed
-+	 *
-+	 * never ever make this conditional again - it is needed to track
-+	 * routing updates. see bug #2506
- 	 */
-+	refresh_all_peerinterfaces();
- 
- 	if (broadcast_client_enabled)
- 		io_setbclient();
- 	
--	if (refresh_peers) {
--		refresh_all_peerinterfaces();
--		msyslog(LOG_INFO, "peers refreshed");
--	}
--
- 	return new_interface_found;
- }
- 
--- a/components/ntp/patches/82-nametoindex.patch	Wed Dec 17 23:57:29 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-This patch modifies the configure script to correctly detect the 
-if_nametoindex function. This fix is integrated in ntp-dev-4.2.7p394.
-This patch may be removed when upgrading NTP to a later version.
-See NTP bug 2256 for details.
-
---- configure
-+++ configure
[email protected]@ -35243,6 +35670,8 @@
- fi
-
- esac
-+SAVED_LIBS="$LIBS"
-+LIBS="$LDADD_LIBNTP $LIBS"
- for ac_func in if_nametoindex
- do :
-   ac_fn_c_check_func "$LINENO" "if_nametoindex" "ac_cv_func_if_nametoindex"
[email protected]@ -35254,6 +35683,8 @@
- fi
- done
-
-+LIBS="$SAVED_LIBS"
-+{ SAVED_LIBS=; unset SAVED_LIBS;}
- case "$ac_cv_func_if_nametoindex" in
-  yes)
-
-
--- a/components/ntp/patches/85-getif-eintr.patch	Wed Dec 17 23:57:29 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-If getifaddrs blocks on a lock and a SIGALRM happens to fire while it
-is block, it will return with EINTR. WE need to detect that and just
-try again.
-
-This is NTP bug 2565. Remove this patch when upgrading to a version that
-has bug 2565 fixed in it.
-
---- lib/isc/unix/ifiter_getifaddrs.c
-+++ lib/isc/unix/ifiter_getifaddrs.c
[email protected]@ -55,6 +55,8 @@ isc_interfaceiter_create(isc_mem_t *mctx
- 	isc_interfaceiter_t *iter;
- 	isc_result_t result;
- 	char strbuf[ISC_STRERRORSIZE];
-+	int trys;
-+	int ret;
- 
- 	REQUIRE(mctx != NULL);
- 	REQUIRE(iterp != NULL);
[email protected]@ -86,15 +88,21 @@ isc_interfaceiter_create(isc_mem_t *mctx
- 	iter->valid = ISC_R_FAILURE;
- #endif
- 
--	if (getifaddrs(&iter->ifaddrs) < 0) {
-+	for (trys = 0; trys < 3; trys++) {
-+		if ((ret = getifaddrs(&iter->ifaddrs)) >= 0)
-+			break;
-+		if (errno != EINTR) 
-+			break;
-+	}
-+	if (ret < 0) {
- 		isc__strerror(errno, strbuf, sizeof(strbuf));
- 		UNEXPECTED_ERROR(__FILE__, __LINE__,
--				 isc_msgcat_get(isc_msgcat,
--						ISC_MSGSET_IFITERGETIFADDRS,
--						ISC_MSG_GETIFADDRS,
--						"getting interface "
--						"addresses: getifaddrs: %s"),
--				 strbuf);
-+		    isc_msgcat_get(isc_msgcat,
-+		    ISC_MSGSET_IFITERGETIFADDRS,
-+		    ISC_MSG_GETIFADDRS,
-+		    "getting interface "
-+		    "addresses: getifaddrs: %s"),
-+		    strbuf);
- 		result = ISC_R_UNEXPECTED;
- 		goto failure;
- 	}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ntp/patches/92-in6.patch	Wed Dec 24 12:01:19 2014 -0800
@@ -0,0 +1,38 @@
+The bug for this issue is NTP community bug 2707. This patch has been
+submitted to the community. This patch may be removed when NTP is
+upgraded to any version that has bug 2702 fixed in it.
+
+--- ntpd/ntp_io.c
++++ ntpd/ntp_io.c
[email protected]@ -3450,19 +3450,18 @@ read_network_packet(
+ 	*/
+ 
+ 	// temporary hack...
+-#ifndef HAVE_SOLARIS_PRIVS
+ 	if (AF_INET6 == itf->family) {
+ 		DPRINTF(1, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n",
+ 			stoa(&rb->recv_srcadr),
+-			IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr),
++			IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr.sa6.sin6_addr),
+ 			stoa(&itf->sin),
+-			!IN6_IS_ADDR_LOOPBACK(&itf->sin)
++			!IN6_IS_ADDR_LOOPBACK(&itf->sin.sa6.sin6_addr)
+ 			));
+ 	}
+ 
+ 	if (   AF_INET6 == itf->family
+-	    && IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr)
+-	    && !IN6_IS_ADDR_LOOPBACK(&itf->sin)
++	    && IN6_IS_ADDR_LOOPBACK(&rb->recv_srcadr.sa6.sin6_addr)
++	    && !IN6_IS_ADDR_LOOPBACK(&itf->sin.sa6.sin6_addr)
+ 	   ) {
+ 		packets_dropped++;
+ 		DPRINTF(1, ("DROPPING that packet\n"));
[email protected]@ -3470,7 +3469,6 @@ read_network_packet(
+ 		return buflen;
+ 	}
+ 	DPRINTF(1, ("processing that packet\n"));
+-#endif
+ 
+ 	/*
+ 	 * Got one.  Mark how and when it got here,