Michael Meier writes: > > Right now it doesn't even compile for me on SLES11, > > because it seems to blindly depend on libbsd, which is simply not > > available on SLES11. configure does not check for its availability and > > just makes the compile fail due to an "undefined reference to > > `arc4random_buf'". > > For those facing the same problem on SLES11 or other Linux systems: As > already mentioned by Harlan, it only needs arc4random if openssl is not > available. The problem is that it is generally unable to find libssl on > Linux even if that is installed (but it DOES look for it in several > slowlaris-specific hideaways!). I think ntp is probably the first > software package ever to be unable to find libssl on Linux - which is > somewhat of an "accomplishment", as it is in the systems default path, > you can just link with -lssl without giving the linker any explicit > search path.
On the RH SLES 11 system I build-tested on these libraries were already available. I don't admin that box, so I have no idea how much work that was. > So to get ntpd 4.2.8 to compile, you can add something like the > following to your 'configure' options (you need to have the > "openssl-devel" or similar package installed): > For SLES 11: > --with-crypto=openssl --with-openssl-libdir=/usr/lib64 > --with-openssl-incdir=/usr/include > For Debian on x86-64 (will probably also work on Ubuntu): > --with-crypto=openssl --with-openssl-libdir=/usr/lib/x86_64-linux-gnu > --with-openssl-incdir=/usr/include > > You might also want to add --disable-autokey since I gather that is > pretty much FUBAR anyways and using OpenSSL enables it by default? > > BTW, it seems that RHEL / CentOS / Debian / OpenSuSE already have > Updates for their respective 4.2.6-version out. If you use any of these > distributions, you should install and switch to the updated version > ASAP. Note that opensuse so far seems to have patched only two of the > four CVEs. > > Looking at the (small) RedHat-patches, it probably wasn't that hard to > backport the fixes to 4.2.6... Certainly not in the range of "delay for > a few weeks." You might not have an appreciation for the number of different versions of different OSes and distributions that need to be tested. And it takes time to add them 4.2.6 and make sure they also work with 4.2.8. This also doubles the testing time, testing 4.2.6 and 4.2.8. But I'm happy to chat about this more later - I'd rather focus on getting the next point release of 4.2.8 out that fixes the build problems with ntp-keygen. H _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
