Security update for net/ntp to 4.2.8p6. This addresses numerous security issues. http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
As far as I can tell, the problem fixed by the ssl_init.c patch only concerns the regression test itself and doesn't appear in actual protocol code. The Makefile dependencies want to regenerate run-ssl_init.c with ruby(1), but since nothing would change in that file, we can short-ciruit this. OK? Index: Makefile =================================================================== RCS file: /cvs/ports/net/ntp/Makefile,v retrieving revision 1.67 diff -u -p -r1.67 Makefile --- Makefile 10 Nov 2015 18:33:02 -0000 1.67 +++ Makefile 2 Feb 2016 20:54:34 -0000 @@ -6,7 +6,7 @@ COMMENT= Network Time Protocol reference # to confuse with the ports system's 'pN' convention, so convert it to # 'pl' for local use. -VERSION= 4.2.8p4 +VERSION= 4.2.8p6 DISTNAME= ntp-${VERSION} PKGNAME= ntp-${VERSION:S/p/pl/} CATEGORIES= net @@ -39,6 +39,8 @@ LIB_DEPENDS= devel/libevent2 post-patch: cp ${WRKSRC}/sntp/loc/freebsd ${WRKSRC}/sntp/loc/openbsd +# short-circuit regeneration after patching ssl_init.c + touch ${WRKSRC}/tests/libntp/run-ssl_init.c post-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ntp Index: distinfo =================================================================== RCS file: /cvs/ports/net/ntp/distinfo,v retrieving revision 1.19 diff -u -p -r1.19 distinfo --- distinfo 10 Nov 2015 18:33:02 -0000 1.19 +++ distinfo 2 Feb 2016 20:54:34 -0000 @@ -1,2 +1,2 @@ -SHA256 (ntp-4.2.8p4.tar.gz) = DWlhVyVI0sSvlvWPdj4irGIPWv73FzhN3DF6DjZc/bk= -SIZE (ntp-4.2.8p4.tar.gz) = 7104852 +SHA256 (ntp-4.2.8p6.tar.gz) = WD0OHFc6zjCpxq++oPxSyunIyRbbwVwCbkhaDdpLoEg= +SIZE (ntp-4.2.8p6.tar.gz) = 7152557 Index: patches/patch-tests_libntp_ssl_init_c =================================================================== RCS file: patches/patch-tests_libntp_ssl_init_c diff -N patches/patch-tests_libntp_ssl_init_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-tests_libntp_ssl_init_c 2 Feb 2016 20:54:34 -0000 @@ -0,0 +1,21 @@ +$OpenBSD$ +--- tests/libntp/ssl_init.c.orig Wed Jan 20 09:56:48 2016 ++++ tests/libntp/ssl_init.c Tue Feb 2 21:38:07 2016 +@@ -43,7 +43,7 @@ test_SHA1KeyTypeWithDigestLength(void) { + size_t digestLength; + size_t expected = TEST_SHA1_DIGEST_LENGTH; + +- TEST_ASSERT_EQUAL(NID_sha, keytype_from_text("SHA", &digestLength)); ++ TEST_ASSERT_EQUAL(NID_sha1, keytype_from_text("SHA1", &digestLength)); + TEST_ASSERT_EQUAL(expected, digestLength); + /* OPENSSL */ + #else +@@ -62,7 +62,7 @@ test_MD5KeyName(void) { + void + test_SHA1KeyName(void) { + #ifdef OPENSSL +- TEST_ASSERT_EQUAL_STRING("SHA", keytype_name(NID_sha)); ++ TEST_ASSERT_EQUAL_STRING("SHA1", keytype_name(NID_sha1)); + #else + TEST_IGNORE_MESSAGE("Skipping because OPENSSL isn't defined"); + #endif /* OPENSSL */ -- Christian "naddy" Weisgerber na...@mips.inka.de