Security update: net/ntp 4.2.8p6

[Christian Weisgerber]

Security update for net/ntp to 4.2.8p6.  This addresses numerous
security issues.
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

As far as I can tell, the problem fixed by the ssl_init.c patch
only concerns the regression test itself and doesn't appear in
actual protocol code.  The Makefile dependencies want to regenerate
run-ssl_init.c with ruby(1), but since nothing would change in that
file, we can short-ciruit this.

OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/ntp/Makefile,v
retrieving revision 1.67
diff -u -p -r1.67 Makefile
--- Makefile    10 Nov 2015 18:33:02 -0000      1.67
+++ Makefile    2 Feb 2016 20:54:34 -0000
@@ -6,7 +6,7 @@ COMMENT=        Network Time Protocol reference
 # to confuse with the ports system's 'pN' convention, so convert it to
 # 'pl' for local use.
 
-VERSION=       4.2.8p4
+VERSION=       4.2.8p6
 DISTNAME=      ntp-${VERSION}
 PKGNAME=       ntp-${VERSION:S/p/pl/}
 CATEGORIES=    net
@@ -39,6 +39,8 @@ LIB_DEPENDS=  devel/libevent2
 
 post-patch:
        cp ${WRKSRC}/sntp/loc/freebsd ${WRKSRC}/sntp/loc/openbsd
+# short-circuit regeneration after patching ssl_init.c
+       touch ${WRKSRC}/tests/libntp/run-ssl_init.c
 
 post-install:
        ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ntp
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/ntp/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo    10 Nov 2015 18:33:02 -0000      1.19
+++ distinfo    2 Feb 2016 20:54:34 -0000
@@ -1,2 +1,2 @@
-SHA256 (ntp-4.2.8p4.tar.gz) = DWlhVyVI0sSvlvWPdj4irGIPWv73FzhN3DF6DjZc/bk=
-SIZE (ntp-4.2.8p4.tar.gz) = 7104852
+SHA256 (ntp-4.2.8p6.tar.gz) = WD0OHFc6zjCpxq++oPxSyunIyRbbwVwCbkhaDdpLoEg=
+SIZE (ntp-4.2.8p6.tar.gz) = 7152557
Index: patches/patch-tests_libntp_ssl_init_c
===================================================================
RCS file: patches/patch-tests_libntp_ssl_init_c
diff -N patches/patch-tests_libntp_ssl_init_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-tests_libntp_ssl_init_c       2 Feb 2016 20:54:34 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- tests/libntp/ssl_init.c.orig       Wed Jan 20 09:56:48 2016
++++ tests/libntp/ssl_init.c    Tue Feb  2 21:38:07 2016
+@@ -43,7 +43,7 @@ test_SHA1KeyTypeWithDigestLength(void) {
+       size_t digestLength;
+       size_t expected = TEST_SHA1_DIGEST_LENGTH;
+ 
+-      TEST_ASSERT_EQUAL(NID_sha, keytype_from_text("SHA", &digestLength));
++      TEST_ASSERT_EQUAL(NID_sha1, keytype_from_text("SHA1", &digestLength));
+       TEST_ASSERT_EQUAL(expected, digestLength);
+       /* OPENSSL */
+ #else 
+@@ -62,7 +62,7 @@ test_MD5KeyName(void) {
+ void
+ test_SHA1KeyName(void) {
+ #ifdef OPENSSL
+-      TEST_ASSERT_EQUAL_STRING("SHA", keytype_name(NID_sha));
++      TEST_ASSERT_EQUAL_STRING("SHA1", keytype_name(NID_sha1));
+ #else
+       TEST_IGNORE_MESSAGE("Skipping because OPENSSL isn't defined");
+ #endif        /* OPENSSL */
-- 
Christian "naddy" Weisgerber                          na...@mips.inka.de