r15 - 2017-05-12 - 08:04:19 - HarlanStennYou are here: NTP >  Dev Web > UpdatingLibopts
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p12 was released on 14 August 2018. It addresses 1 low-/medium-severity security issue in ntpd, 1 low-severity security issue in ntpq and ntpdc, and provides 27 non-security bugfixes and 4 other improvements over 4.2.8p11.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Updating libopts

warning NOTE WELL: If autogen is upgraded on whimsy and another release of -stable is planned, that tarball will be using the new autogen! (Also note that this means that upgrading libopts means there will be a relatively short validation cycle, as we would tend to want to do this just before a new release of -stable, at the end of a -dev cycle.) I may have a solution to this - on whimsy I'll just run ../configure --prefix=/usr/local/gnu/autogen-X.Y.Z and if I need to use the older autogen for a -stable tarball we should be OK.

Fetch, build, and install the target version of autogen.

  • See if any of the following need to be updated:
    • sntp/include/autogen-version.def
    • Main.SoftwareDevelopment
    • Reconcile any autogen file overrides we ave placed in sntp/ag-tpl/* .

  • cd sntp
  • tar xvzf `autoopts-config libsrc`
  • diff -ur libopts*  | grep '^Only' and look for things other than Makefile.in or SCCS.
  • bk rm -f any files that are no longer needed
  • diff -ur libopts-* libopts | grep '^diff' and use that output to copy the updated files from libopts-whatever to libopts
  • Add the following to any updated libopts/Makefile.am
...
MOSTLYCLEANFILES        =

+AM_CFLAGS       = $(NTP_HARD_CFLAGS)
+AM_CPPFLAGS     = $(NTP_HARD_CPPFLAGS)
+AM_LDFLAGS      = $(NTP_HARD_LDFLAGS)

libopts.c:              $(BUILT_SOURCES)
...
  • bk ci -y'Updated to libopts-whatever' (is this the right place?)
  • run :run-autogen (this script is in ntp-dev as that's the only place we would ordinarily be updating libopts)
  • Make a note in the ChangeLog and check that in.

check it out, build it, and:

  • bk commit -y'Updated to AutoGen-1.2.3 and libopts-4.5.6'

Watch some of the perms on the generated files. This should not be a problem because the :run-autogen scripts does a chmod u+w . (Now that autogen supports the --writable option this should not be a problem at all.)

N.B.: If libopts is being updated the snapshot roll will need a make clean before it runs. ntp_configure_cache_version in configure.ac may not do this for us...

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r15 < r14 < r13 < r12 < r11 | More topic actions
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback