diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-06-02 20:56:35 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-06-03 13:30:32 +0200 |
commit | 3f544e903a450a5d34f6fa71212a4a8d4a277e67 (patch) | |
tree | c3f40790bbd25428b4cd841d5a2df3167f2cb2fc /patches | |
parent | f33a393b0f5440b4b2cc9c0932b6205f86463fb4 (diff) | |
download | current-3f544e903a450a5d34f6fa71212a4a8d4a277e67.tar.gz current-3f544e903a450a5d34f6fa71212a4a8d4a277e67.tar.xz |
Fri Jun 2 20:56:35 UTC 202320230602205635_15.0
patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551
https://www.cve.org/CVERecord?id=CVE-2023-26552
https://www.cve.org/CVERecord?id=CVE-2023-26553
https://www.cve.org/CVERecord?id=CVE-2023-26554
https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
Diffstat (limited to 'patches')
-rw-r--r-- | patches/packages/cups-2.4.3-x86_64-1_slack15.0.txt (renamed from patches/packages/cups-2.4.2-x86_64-3_slack15.0.txt) | 0 | ||||
-rw-r--r-- | patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txt | 11 | ||||
-rw-r--r-- | patches/source/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch | 36 | ||||
-rw-r--r-- | patches/source/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch | 36 | ||||
-rwxr-xr-x | patches/source/cups/cups.SlackBuild | 8 | ||||
-rw-r--r-- | patches/source/ntp/doinst.sh | 26 | ||||
-rwxr-xr-x | patches/source/ntp/ntp.SlackBuild | 185 | ||||
-rw-r--r-- | patches/source/ntp/ntp.conf | 82 | ||||
-rw-r--r-- | patches/source/ntp/ntp.keys | 2 | ||||
-rw-r--r-- | patches/source/ntp/ntp.logrotate | 8 | ||||
-rw-r--r-- | patches/source/ntp/ntp.nano.diff | 17 | ||||
-rw-r--r-- | patches/source/ntp/ntp.url | 1 | ||||
-rw-r--r-- | patches/source/ntp/ntpdate.8 | 152 | ||||
-rw-r--r-- | patches/source/ntp/rc.ntpd | 55 | ||||
-rw-r--r-- | patches/source/ntp/slack-desc | 19 |
15 files changed, 559 insertions, 79 deletions
diff --git a/patches/packages/cups-2.4.2-x86_64-3_slack15.0.txt b/patches/packages/cups-2.4.3-x86_64-1_slack15.0.txt index f581115e7..f581115e7 100644 --- a/patches/packages/cups-2.4.2-x86_64-3_slack15.0.txt +++ b/patches/packages/cups-2.4.3-x86_64-1_slack15.0.txt diff --git a/patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txt b/patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txt new file mode 100644 index 000000000..7859c2b60 --- /dev/null +++ b/patches/packages/ntp-4.2.8p16-x86_64-1_slack15.0.txt @@ -0,0 +1,11 @@ +ntp: ntp (Network Time Protocol daemon) +ntp: +ntp: The Network Time Protocol (NTP) is used to synchronize the time of a +ntp: computer client or server to another server or reference time source, +ntp: such as a radio or satellite receiver or modem. It provides client +ntp: accuracies typically within a millisecond on LANs and up to a few tens +ntp: of milliseconds on WANs relative to a primary server synchronized to +ntp: Coordinated Universal Time (UTC) via a Global Positioning Service +ntp: (GPS) receiver, for example. +ntp: +ntp: Homepage: https://www.ntp.org diff --git a/patches/source/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch b/patches/source/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch deleted file mode 100644 index f38baf8a7..000000000 --- a/patches/source/cups/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch +++ /dev/null @@ -1,36 +0,0 @@ -From c0c403744b1bf4a9790a8fcaabcd60970cbefe06 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet <michael.r.sweet@gmail.com> -Date: Tue, 7 Jun 2022 13:45:29 -0400 -Subject: [PATCH] Fix OpenSSL crash bug - "tls" pointer wasn't cleared after - freeing it (Issue #409) - ---- - CHANGES.md | 1 + - cups/tls-openssl.c | 2 ++ - 2 files changed, 3 insertions(+) - -#diff --git a/CHANGES.md b/CHANGES.md -#index 8b78b003fa..befbf3ab44 100644 -#--- a/CHANGES.md -#+++ b/CHANGES.md -#@@ -6,6 +6,7 @@ Changes in CUPS v2.4.3 (TBA) -# -# - Added a title with device uri for found network printers (Issues #402, #393) -# - Fixed configuration on RISC-V machines (Issue #404) -#+- Fixed an OpenSSL crash bug (Issue #409) -# -# -# Changes in CUPS v2.4.2 (26th May 2022) -diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c -index c3e57742e8..6db9f8a9c2 100644 ---- a/cups/tls-openssl.c -+++ b/cups/tls-openssl.c -@@ -1152,6 +1152,8 @@ _httpTLSStop(http_t *http) // I - Connection to server - SSL_shutdown(http->tls); - SSL_CTX_free(context); - SSL_free(http->tls); -+ -+ http->tls = NULL; - } - - diff --git a/patches/source/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch b/patches/source/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch deleted file mode 100644 index 572ca0717..000000000 --- a/patches/source/cups/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch +++ /dev/null @@ -1,36 +0,0 @@ -From cd84d7fde692237af4996d4a0e985a3eb4a293f0 Mon Sep 17 00:00:00 2001 -From: Michael R Sweet <michael.r.sweet@gmail.com> -Date: Mon, 5 Sep 2022 09:20:03 -0400 -Subject: [PATCH] The OpenSSL code path wasn't loading the full certificate - chain (Issue #465) - ---- - CHANGES.md | 1 + - cups/tls-openssl.c | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -#diff --git a/CHANGES.md b/CHANGES.md -#index f96677675a..81aef4e680 100644 -#--- a/CHANGES.md -#+++ b/CHANGES.md -#@@ -12,6 +12,7 @@ Changes in CUPS v2.4.3 (TBA) -# hostname (Issue #419) -# - Fixed an OpenSSL crash bug (Issue #409) -# - Fixed a potential SNMP OID value overflow issue (Issue #431) -#+- Fixed an OpenSSL certificate loading issue (Issue #465) -# - Look for default printer on network if needed (Issue ##452) -# - Now localize HTTP responses using the Content-Language value (Issue #426) -# - Raised file size limit for importing PPD via Web UI (Issue #433) -diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c -index ceb3abaedc..acc10fc420 100644 ---- a/cups/tls-openssl.c -+++ b/cups/tls-openssl.c -@@ -1055,7 +1055,7 @@ _httpTLSStart(http_t *http) // I - Connection to server - } - - SSL_CTX_use_PrivateKey_file(context, keyfile, SSL_FILETYPE_PEM); -- SSL_CTX_use_certificate_file(context, crtfile, SSL_FILETYPE_PEM); -+ SSL_CTX_use_certificate_chain_file(context, crtfile); - } - - // Set TLS options... diff --git a/patches/source/cups/cups.SlackBuild b/patches/source/cups/cups.SlackBuild index f07c6b183..74fd1c898 100755 --- a/patches/source/cups/cups.SlackBuild +++ b/patches/source/cups/cups.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=cups VERSION=${VERSION:-$(echo $PKGNAM-2*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3_slack15.0} +BUILD=${BUILD:-1_slack15.0} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -81,12 +81,6 @@ cd cups-$VERSION || exit 1 sed -i.orig -e 's#$exec_prefix/lib/cups#$libdir/cups#g' configure -# Fix OpenSSL crash: -zcat $CWD/c0c403744b1bf4a9790a8fcaabcd60970cbefe06.patch.gz | patch -p1 --verbose || exit 1 - -# Fix OpenSSL certificate loading issue: -zcat $CWD/cd84d7fde692237af4996d4a0e985a3eb4a293f0.patch.gz | patch -p1 --verbose || exit 1 - # Choose correct options depending on whether PAM is installed: if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then PAM_OPTIONS="--enable-pam" diff --git a/patches/source/ntp/doinst.sh b/patches/source/ntp/doinst.sh new file mode 100644 index 000000000..3f1589bda --- /dev/null +++ b/patches/source/ntp/doinst.sh @@ -0,0 +1,26 @@ +config() { + NEW="$1" + OLD="`dirname $NEW`/`basename $NEW .new`" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} +preserve_perms() { + NEW="$1" + OLD="$(dirname ${NEW})/$(basename ${NEW} .new)" + if [ -e ${OLD} ]; then + cp -a ${OLD} ${NEW}.incoming + cat ${NEW} > ${NEW}.incoming + mv ${NEW}.incoming ${NEW} + fi + config ${NEW} +} + +config etc/logrotate.d/ntp.new +config etc/ntp.conf.new +config etc/ntp.keys.new +preserve_perms etc/rc.d/rc.ntpd.new diff --git a/patches/source/ntp/ntp.SlackBuild b/patches/source/ntp/ntp.SlackBuild new file mode 100755 index 000000000..de4b46a5d --- /dev/null +++ b/patches/source/ntp/ntp.SlackBuild @@ -0,0 +1,185 @@ +#!/bin/bash + +# Copyright 2008, 2009, 2010, 2011, 2012, 2014, 2015, 2017, 2018, 2020, 2023 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=ntp +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +BUILD=${BUILD:-1_slack15.0} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +else + SLKCFLAGS="-O2" +fi + +TMP=${TMP:-/tmp} +PKG=$TMP/package-ntp + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf ntp-${VERSION}* +tar xvf $CWD/ntp-${VERSION}*.tar.?z* || exit 1 +cd ntp-${VERSION}* || exit 1 + +zcat $CWD/ntp.nano.diff.gz | patch -p1 --verbose || exit 1 + +chown -R root:root . +find . \ + \( -perm 2777 -o -perm 2755 -o -perm 2775 \) \ + -exec chmod u+rwx,g-sw,g+rx,o-w,o+rx {} \+ -o \ + \( -perm 777 -o -perm 775 -o -perm 774 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod u+rwx,g-sw,g+rx,o-w,o+rx {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +CFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --localstatedir=/var \ + --sysconfdir=/etc \ + --bindir=/usr/sbin \ + --sbindir=/usr/sbin \ + --mandir=/usr/man \ + --docdir=/usr/doc/ntp-$VERSION \ + --htmldir=/usr/doc/ntp-$VERSION \ + --enable-ipv6 \ + --with-crypto \ + --enable-ntp-signd \ + --program-prefix= \ + --program-suffix= \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# KDE Plasma 5 seems to want ntpdate in /usr/bin unless you have systemd: +mkdir -p $PKG/usr/bin +( cd $PKG/usr/bin + ln -sf ../sbin/ntpdate . +) + +# This should be empty. Try to remove it, and error out if it's not actually empty: +rmdir $PKG/usr/libexec || exit 1 + +# Install default conf and keys files: +mkdir -p $PKG/etc +cat $CWD/ntp.conf > $PKG/etc/ntp.conf.new +cat $CWD/ntp.keys > $PKG/etc/ntp.keys.new +chown root:ntp $PKG/etc/ntp.keys.new +chmod 640 $PKG/etc/ntp.keys.new + +# Location for the drift and stats files: +mkdir -p $PKG/var/lib/ntp +chown ntp:ntp $PKG/var/lib/ntp +chmod 0775 $PKG/var/lib/ntp + +# This is deprecated and no longer used by anything: +#touch $PKG/etc/ntp/step-tickers + +mkdir -p $PKG/etc/logrotate.d +cat $CWD/ntp.logrotate > $PKG/etc/logrotate.d/ntp.new + +mkdir -p $PKG/etc/rc.d +cat $CWD/rc.ntpd > $PKG/etc/rc.d/rc.ntpd.new + +# Add ntpdate man page from Debian: +# src: https://packages.debian.org/stretch/ntpdate +cp -a $CWD/ntpdate.8.gz $PKG/usr/man/man8 +chown root:root $PKG/usr/man/man8/ntpdate.8.gz +chmod 644 $PKG/usr/man/man8/ntpdate.8.gz +gzip -d $PKG/usr/man/man8/ntpdate.8.gz + +mv $PKG/usr/doc/ntp-$VERSION/*.html $PKG/usr/doc/ntp-$VERSION/html || exit 1 +cp -a \ + COPYRIGHT NEWS README* TODO WHERE-TO-START \ + *.y2kfixes clockstuff conf scripts \ + $PKG/usr/doc/ntp-$VERSION +mkdir $PKG/usr/doc/ntp-$VERSION/util +cp -a util/README $PKG/usr/doc/ntp-$VERSION/util +mkdir $PKG/usr/doc/ntp-$VERSION/ntpdate +cp -a ntpdate/README $PKG/usr/doc/ntp-$VERSION/ntpdate +( cd $PKG/usr/doc/ntp-$VERSION + find . -name ".deps*" -exec rm -rf "{}" \+ 2> /dev/null +) + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi + +# Strip binaries: +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +# Compress and link manpages, if any: +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.? + ) + done + ) +fi + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh + +cd $PKG +/sbin/makepkg -l y -c n $TMP/ntp-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/ntp/ntp.conf b/patches/source/ntp/ntp.conf new file mode 100644 index 000000000..e88603c12 --- /dev/null +++ b/patches/source/ntp/ntp.conf @@ -0,0 +1,82 @@ +# Sample /etc/ntp.conf: Configuration file for ntpd. + +# +# Undisciplined Local Clock. This is a fake driver intended for backup +# and when no outside source of synchronized time is available. The +# default stratum is usually 3, but in this case we elect to use stratum +# 0. Since the server line does not have the prefer keyword, this driver +# is never used for synchronization, unless no other other +# synchronization source is available. In case the local host is +# controlled by some external source, such as an external oscillator or +# another protocol, the prefer keyword would cause the local host to +# disregard all other synchronization sources, unless the kernel +# modifications are in use and declare an unsynchronized condition. +# +server 127.127.1.0 # local clock +fudge 127.127.1.0 stratum 10 + +# +# NTP server (list one or more) to synchronize with: +#server 0.pool.ntp.org iburst +#server 1.pool.ntp.org iburst +#server 2.pool.ntp.org iburst +#server 3.pool.ntp.org iburst + +# +# Full path of a directory where statistics files should be created +# +statsdir /var/lib/ntp/stats + +# +# Location of an alternate log file to be used instead of the default system syslog(3) facility +# +logfile /var/log/ntp + +# +# Drift file. Put this in a directory which the daemon can write to. +# No symbolic links allowed, either, since the daemon updates the file +# by creating a temporary in the same directory and then rename()'ing +# it to the file. +# +driftfile /var/lib/ntp/drift + +# +# Location of PID file +# +pidfile /var/run/ntpd.pid + +# +# Uncomment to use a multicast NTP server on the local subnet: +#multicastclient 224.0.1.1 # listen on default 224.0.1.1 +# Set an optional compensation for broadcast packet delay: +#broadcastdelay 0.008 + +# +# Keys file. If you want to diddle your server at run time, make a +# keys file (mode 640 owned by root:ntp) and define the key number to +# be used for making requests. +# PLEASE DO NOT USE THE DEFAULT VALUES HERE. Pick your own, or remote +# systems might be able to reset your clock at will. +# +#keysdir /etc +#keys /etc/ntp.keys +#trustedkey 65535 +#requestkey 65535 +#controlkey 65535 + +# +# Don't serve time or stats to anyone else by default (more secure) +restrict default limited kod nomodify notrap nopeer noquery +restrict -6 default limited kod nomodify notrap nopeer noquery + +# +# Use these lines instead if you do want to serve time and stats to +# other machines on the network: +#restrict default limited kod nomodify notrap nopeer +#restrict -6 default limited kod nomodify notrap nopeer + +# +# Trust ourselves. :-) +restrict 127.0.0.1 +restrict ::1 + diff --git a/patches/source/ntp/ntp.keys b/patches/source/ntp/ntp.keys new file mode 100644 index 000000000..1c3fbd2c4 --- /dev/null +++ b/patches/source/ntp/ntp.keys @@ -0,0 +1,2 @@ +65535 M akey +1 M pass diff --git a/patches/source/ntp/ntp.logrotate b/patches/source/ntp/ntp.logrotate new file mode 100644 index 000000000..77f7d7b3f --- /dev/null +++ b/patches/source/ntp/ntp.logrotate @@ -0,0 +1,8 @@ +/var/log/ntp { + notifempty + missingok + rotate 4 + postrotate + [ -x /etc/rc.d/rc.ntpd ] && /etc/rc.d/rc.ntpd restart + endscript +} diff --git a/patches/source/ntp/ntp.nano.diff b/patches/source/ntp/ntp.nano.diff new file mode 100644 index 000000000..0ff361ce9 --- /dev/null +++ b/patches/source/ntp/ntp.nano.diff @@ -0,0 +1,17 @@ +--- ./include/ntp_syscall.h.orig 2009-12-09 01:36:37.000000000 -0600 ++++ ./include/ntp_syscall.h 2010-04-21 23:38:30.000000000 -0500 +@@ -14,6 +14,14 @@ + # include <sys/timex.h> + #endif + ++#if defined(ADJ_NANO) && !defined(MOD_NANO) ++#define MOD_NANO ADJ_NANO ++#endif ++ ++#if defined(ADJ_TAI) && !defined(MOD_TAI) ++#define MOD_TAI ADJ_TAI ++#endif ++ + #ifndef NTP_SYSCALLS_LIBC + #ifdef NTP_SYSCALLS_STD + # define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t)) diff --git a/patches/source/ntp/ntp.url b/patches/source/ntp/ntp.url new file mode 100644 index 000000000..2fd3e6af6 --- /dev/null +++ b/patches/source/ntp/ntp.url @@ -0,0 +1 @@ +https://www.ntp.org/downloads/ diff --git a/patches/source/ntp/ntpdate.8 b/patches/source/ntp/ntpdate.8 new file mode 100644 index 000000000..69178d472 --- /dev/null +++ b/patches/source/ntp/ntpdate.8 @@ -0,0 +1,152 @@ +.TH ntpdate 8 +.SH NAME +ntpdate \- set the date and time via NTP +.SH SYNOPSIS +.B ntpdate +.RB [\| \-bBdoqsuv \|] +.RB [\| \-a +.IR key \|] +.RB [\| \-e +.IR authdelay \|] +.RB [\| \-k +.IR keyfile \|] +.RB [\| \-o +.IR version \|] +.RB [\| \-p +.IR samples \|] +.RB [\| \-t +.IR timeout \|] +.IR server +.RB [\| ... \|] +.SH DESCRIPTION +.B ntpdate +sets the local date and time by polling the Network Time +Protocol (NTP) server(s) given as the +.I server +arguments to determine +the correct time. It must be run as root on the local host (unless the option \fB\-q\fR is used). A number +of samples are obtained from each of the servers specified and a +subset of the NTP clock filter and selection algorithms are applied to +select the best of these. Note that the accuracy and reliability of +ntpdate depends on the number of servers, the number of polls each +time it is run and the interval between runs. + +ntpdate can be run manually as necessary to set the host clock, or it +can be run from the host startup script to set the clock at boot time. +This is useful in some cases to set the clock initially before +starting the NTP daemon ntpd. It is also possible to run ntpdate from +a cron script. However, it is important to note that ntpdate with +contrived cron scripts is no substitute for the NTP daemon, which uses +sophisticated algorithms to maximize accuracy and reliability while +minimizing resource use. Finally, since ntpdate does not discipline +the host clock frequency as does ntpd, the accuracy using ntpdate is +limited. + +Time adjustments are made by ntpdate in one of two ways. If ntpdate +determines the clock is in error more than 0.5 second it will simply +step the time by calling the system settimeofday() routine. If the +error is less than 0.5 seconds, it will slew the time by calling the +system adjtime() routine. The latter technique is less disruptive and +more accurate when the error is small, and works quite well when +ntpdate is run by cron every hour or two. + +ntpdate will decline to set the date if an NTP server daemon (e.g., +ntpd) is running on the same host. When running ntpdate on a regular +basis from cron as an alternative to running a daemon, doing so once +every hour or two will result in precise enough timekeeping to avoid +stepping the clock. +.SH OPTIONS +.TP +.BI \-a \ key +Enable the authentication function and specify the key +identifier to be used for authentication as the argument +keyntpdate. The keys and key identifiers must match in both the +client and server key files. The default is to disable the +authentication function. +.TP +.B \-B +Force the time to always be slewed using the adjtime() system +call, even if the measured offset is greater than +-128 ms. The +default is to step the time using settimeofday() if the offset +is greater than +-128 ms. Note that, if the offset is much +greater than +-128 ms in this case, that it can take a long +time (hours) to slew the clock to the correct value. During +this time, the host should not be used to synchronize clients. +.TP +.B \-b +Force the time to be stepped using the settimeofday() system +call, rather than slewed (default) using the adjtime() system +call. This option should be used when called from a startup +file at boot time. +.TP +.B \-d +Enable the debugging mode, in which ntpdate will go through all +the steps, but not adjust the local clock. Information useful +for general debugging will also be printed. +.TP +.BI \-e \ authdelay +Specify the processing delay to perform an authentication +function as the value authdelay, in seconds and fraction (see +ntpd for details). This number is usually small enough to be +negligible for most purposes, though specifying a value may +improve timekeeping on very slow CPU's. +.TP +.BI \-k \ keyfile +Specify the path for the authentication key file as the string +keyfile. The default is /etc/ntp.keys. This file should be in +the format described in ntpd. +.TP +.BI \-o \ version +Specify the NTP version for outgoing packets as the integer +version, which can be 1 or 2. The default is 3. This allows +ntpdate to be used with older NTP versions. +.TP +.BI \-p \ samples +Specify the number of samples to be acquired from each server +as the integer samples, with values from 1 to 8 inclusive. The +default is 4. +.TP +.B \-q +Query only - don't set the clock. +.TP +.B \-s +Divert logging output from the standard output (default) to the +system syslog facility. This is designed primarily for +convenience of cron scripts. +.TP +.BI \-t \ timeout +Specify the maximum time waiting for a server response as the +value timeout, in seconds and fraction. The value is is rounded +to a multiple of 0.2 seconds. The default is 1 second, a value +suitable for polling across a LAN. +.TP +.B \-u +Direct ntpdate to use an unprivileged port for outgoing packets. +This is most useful when behind a firewall that blocks incoming +traffic to privileged ports, and you want to synchronise with +hosts beyond the firewall. Note that the \-d option always uses +unprivileged ports. +.TP +.B \-v +Be verbose. This option will cause ntpdate's version +identification string to be logged. +.SH DIAGNOSTICS +\fBntpdate\fP's exit status is zero if it found a server +and could update the clock, and nonzero otherwise. +.SH FILES +.TP +.I /etc/ntp.keys +\- encryption keys used by ntpdate. +.SH BUGS +The slew adjustment is actually 50% larger than the measured offset, +since this (it is argued) will tend to keep a badly drifting clock +more accurate. This is probably not a good idea and may cause a +troubling hunt for some values of the kernel variables tick and +tickadj. +.SH AUTHOR +David L. Mills (mills@udel.edu) +.br +This manpage converted from html to roff by +Fabrizio Polacco <fpolacco@debian.org> +.SH "SEE ALSO" +\fBntpdate\-debian\fR(8) diff --git a/patches/source/ntp/rc.ntpd b/patches/source/ntp/rc.ntpd new file mode 100644 index 000000000..9d1e3e88f --- /dev/null +++ b/patches/source/ntp/rc.ntpd @@ -0,0 +1,55 @@ +#!/bin/sh +# Start/stop/restart ntpd. + +# Start ntpd: +ntpd_start() { + echo -n "Starting NTP daemon: /usr/sbin/ntpd -g -u ntp:ntp" + /usr/sbin/ntpd -g -u ntp:ntp + echo +} + +# Stop ntpd: +ntpd_stop() { + echo -n "Stopping NTP daemon..." + if [ -r /run/ntpd.pid ]; then + kill -HUP $(cat /run/ntpd.pid) + rm -f /run/ntpd.pid + else + killall -HUP -q ntpd + fi + echo +} + +# Restart ntpd: +ntpd_restart() { + ntpd_stop + sleep 1 + ntpd_start +} + +# Check if ntpd is running +ntpd_status() { + if [ -e /run/ntpd.pid ]; then + echo "ntpd is running as pid $(cat /run/ntpd.pid)." + else + echo "ntpd is stopped." + exit 1 + fi +} + +case "$1" in +'start') + ntpd_start + ;; +'stop') + ntpd_stop + ;; +'restart') + ntpd_restart + ;; +'status') + ntpd_status + ;; +*) + echo "usage $0 start|stop|restart|status" +esac diff --git a/patches/source/ntp/slack-desc b/patches/source/ntp/slack-desc new file mode 100644 index 000000000..a1706bf57 --- /dev/null +++ b/patches/source/ntp/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +ntp: ntp (Network Time Protocol daemon) +ntp: +ntp: The Network Time Protocol (NTP) is used to synchronize the time of a +ntp: computer client or server to another server or reference time source, +ntp: such as a radio or satellite receiver or modem. It provides client +ntp: accuracies typically within a millisecond on LANs and up to a few tens +ntp: of milliseconds on WANs relative to a primary server synchronized to +ntp: Coordinated Universal Time (UTC) via a Global Positioning Service +ntp: (GPS) receiver, for example. +ntp: +ntp: Homepage: https://www.ntp.org |