ntpsec: Upgrade 1.2.1 -> 1.2.2

Drop backported patches, drop `wscript: Widen the search for tags` as upstream has merged something similar which means devtool builds now work. Add BISONFLAGS support to fix build reproducbility issue. Drop `--debug` which generates internal debug info. License-Update: License files moved to separate directory Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Alex Kiernan <alex.kiernan@gmail.com> 2023-01-24 11:16:34 +0000
committer: Khem Raj <raj.khem@gmail.com> 2023-01-25 08:51:25 -0800
commit: 61598be67d1da6e74bd8e98c467a2b6edeb61739 (patch)
tree: b15d2b70a421133e07cc739156cb58eb38a19d71
parent: 1e2e283635809c0f2cca81045a1dd26ac275b2d9 (diff)
download: meta-openembedded-61598be67d1da6e74bd8e98c467a2b6edeb61739.tar.gz
7 files changed, 42 insertions, 258 deletions
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch
deleted file mode 100644
index 825f6c93c3..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From ba368822d0a197cb84c46c911d40d0c52cf9c391 Mon Sep 17 00:00:00 2001
-From: Hal Murray <hmurray@megapathdsl.net>
-Date: Sun, 2 May 2021 22:24:26 -0700
-Subject: [PATCH] Update to OpenSSL 3.0.0-alpha15
-Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/ba368822d0a197cb84c46c911d40d0c52cf9c391]
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
-Signed-off-by: Alex Kiernan <alexk@zuma.ai>
---
- attic/cmac-timing.c | 37 ++++++++++++++-----------------------
- 1 file changed, 14 insertions(+), 23 deletions(-)
-diff --git a/attic/cmac-timing.c b/attic/cmac-timing.c
-index c2088db63a4c..464daa76b9e6 100644
--- a/attic/cmac-timing.c
-+++ b/attic/cmac-timing.c
-@@ -225,28 +225,14 @@ static void DoPKEY(
- #if OPENSSL_VERSION_NUMBER > 0x20000000L
- static size_t One_EVP_MAC(
-   EVP_MAC_CTX *ctx,         /* context  */
-  char *cipher,
-   uint8_t *key,             /* key pointer */
-   int     keylength,        /* key length */
-   uint8_t *pkt,             /* packet pointer */
-   int     pktlength         /* packet length */
- ) {
-       OSSL_PARAM params[3];
-        size_t len = EVP_MAX_MD_SIZE;
- 
-       params[0] =
-          OSSL_PARAM_construct_utf8_string("cipher", cipher, 0);
-       params[1] =
-          OSSL_PARAM_construct_octet_string("key", key, keylength);
-       params[2] = OSSL_PARAM_construct_end();
-       if (0 == EVP_MAC_CTX_set_params(ctx, params)) {
-               unsigned long err = ERR_get_error();
-               char * str = ERR_error_string(err, NULL);
-               printf("## Oops, EVP_MAC_CTX_set_params() failed: %s.\n", str);
-               return 0;
-       }
-
-       if (0 == EVP_MAC_init(ctx)) {
-+       if (0 == EVP_MAC_init(ctx, key, keylength, NULL)) {
-                unsigned long err = ERR_get_error();
-                char * str = ERR_error_string(err, NULL);
-                printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-@@ -255,13 +241,13 @@ static size_t One_EVP_MAC(
-        if (0 == EVP_MAC_update(ctx, pkt, pktlength)) {
-                unsigned long err = ERR_get_error();
-                char * str = ERR_error_string(err, NULL);
-               printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-+               printf("## Oops, EVP_MAC_update() failed: %s.\n", str);
-                return 0;
-        }
-        if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) {
-                unsigned long err = ERR_get_error();
-                char * str = ERR_error_string(err, NULL);
-               printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-+               printf("## Oops, EVP_MAC_final() failed: %s.\n", str);
-                return 0;
-        }
-        return len;
-@@ -290,7 +276,7 @@ static void Do_EVP_MAC(
- 
-        clock_gettime(CLOCK_MONOTONIC, &start);
-        for (int i = 0; i < SAMPLESIZE; i++) {
-               digestlength = One_EVP_MAC(evp, cbc, key, keylength, pkt, pktlength);
-+               digestlength = One_EVP_MAC(evp, key, keylength, pkt, pktlength);
- if (0 == digestlength) break;
-        }
-        clock_gettime(CLOCK_MONOTONIC, &stop);
-@@ -305,26 +291,31 @@ static size_t One_EVP_MAC2(
-   uint8_t *pkt,             /* packet pointer */
-   int     pktlength         /* packet length */
- ) {
-+       EVP_MAC_CTX *dup;
-        size_t len = EVP_MAX_MD_SIZE;
- 
-       if (0 == EVP_MAC_init(ctx)) {
-+       // dup = ctx;
-+       dup = EVP_MAC_CTX_dup(ctx);
-+
-+       if (0 == EVP_MAC_init(dup, NULL, 0, NULL)) {
-                unsigned long err = ERR_get_error();
-                char * str = ERR_error_string(err, NULL);
-                printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-                return 0;
-        }
-       if (0 == EVP_MAC_update(ctx, pkt, pktlength)) {
-+       if (0 == EVP_MAC_update(dup, pkt, pktlength)) {
-                unsigned long err = ERR_get_error();
-                char * str = ERR_error_string(err, NULL);
-               printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-+               printf("## Oops, EVP_MAC_update() failed: %s.\n", str);
-                return 0;
-        }
-       if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) {
-+       if (0 == EVP_MAC_final(dup, answer, &len, sizeof(answer))) {
-                unsigned long err = ERR_get_error();
-                char * str = ERR_error_string(err, NULL);
-               printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-+               printf("## Oops, EVP_MAC_final() failed: %s.\n", str);
-                return 0;
-        }
-+       EVP_MAC_CTX_free(dup);
-        return len;
- }
- 
-- 
-2.33.0
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch
deleted file mode 100644
index 112aaa2a07..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From d474682bb30b93d04b7b01c2dd09832e483265ed Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Sun, 14 Nov 2021 08:54:58 +0000
-Subject: [PATCH] ntpd/ntp_sandbox.c: allow clone3 for glibc-2.34 in seccomp
- filter
-Bug: https://bugs.gentoo.org/823692
-Fixes: https://gitlab.com/NTPsec/ntpsec/-/issues/713
-Signed-off-by: Sam James <sam@gentoo.org>
-Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/d474682bb30b93d04b7b01c2dd09832e483265ed]
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
-Signed-off-by: Alex Kiernan <alexk@zuma.ai>
---
- ntpd/ntp_sandbox.c | 1 +
- 1 file changed, 1 insertion(+)
-diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
-index e66faaa8cbb0..3d6bccdfcf77 100644
--- a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -401,6 +401,7 @@ int scmp_sc[] = {
-  * rather than generate a trap.
-  */
-        SCMP_SYS(clone),        /* threads */
-+       SCMP_SYS(clone3),
-        SCMP_SYS(kill),         /* generate signal */
-        SCMP_SYS(madvise),
-        SCMP_SYS(mprotect),
-- 
-2.34.1
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch
deleted file mode 100644
index 3bec2cea77..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From a6c0847582305aaab122d54b635954829812922f Mon Sep 17 00:00:00 2001
-From: Alex Kiernan <alexk@zuma.ai>
-Date: Thu, 30 Dec 2021 09:32:26 +0000
-Subject: [PATCH 1/2] ntpd/ntp_sandbox.c: allow newfstatat on all archs for
- glibc-2.34 in seccomp filter
-On Yocto Poky, newfstatat is used on (at least) arm64, x86_64 and
-riscv64:
-  2021-12-30T09:32:04 ntpd[341]: ERR: SIGSYS: got a trap.
-  2021-12-30T09:32:04 ntpd[341]: ERR: SIGSYS/seccomp bad syscall 262/0xc000003e
-Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/a6c0847582305aaab122d54b635954829812922f]
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
-Signed-off-by: Alex Kiernan <alexk@zuma.ai>
---
- ntpd/ntp_sandbox.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
-index 3d6bccdfcf77..1ae82a671344 100644
--- a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -349,6 +349,7 @@ int scmp_sc[] = {
-        SCMP_SYS(lseek),
-        SCMP_SYS(membarrier),   /* Needed on Alpine 3.11.3 */
-        SCMP_SYS(munmap),
-+       SCMP_SYS(newfstatat),
-        SCMP_SYS(open),
- #ifdef __NR_openat
-        SCMP_SYS(openat),       /* SUSE */
-@@ -452,7 +453,6 @@ int scmp_sc[] = {
- #endif
- #if defined(__aarch64__)
-        SCMP_SYS(faccessat),
-       SCMP_SYS(newfstatat),
-        SCMP_SYS(renameat),
-        SCMP_SYS(linkat),
-        SCMP_SYS(unlinkat),
-- 
-2.34.1
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Add-BISONFLAGS-support.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Add-BISONFLAGS-support.patch
new file mode 100644
index 0000000000..2e3730df47
--- /dev/null
+++ b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Add-BISONFLAGS-support.patch
@@ -0,0 +1,29 @@
+From 792cb4f9d13450251c6344eed2b35f382c98df0d Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alexk@zuma.ai>
+Date: Thu, 19 Jan 2023 13:00:45 +0000
+Subject: [PATCH] wscript: Add BISONFLAGS support
+---
+ wscript | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/wscript b/wscript
+index 7329d6e46889..de51f1e9cdd9 100644
+--- a/wscript
+++ b/wscript
+@@ -140,6 +140,7 @@ def configure(ctx):
+     # Ensure m4 is present, or bison will fail with SIGPIPE
+     ctx.find_program('m4')
+     ctx.load('bison')
+    ctx.add_os_flags('BISONFLAGS')
+ 
+     for opt in opt_map:
+         ctx.env[opt] = opt_map[opt]
+@@ -911,6 +912,7 @@ int main(int argc, char **argv) {
+     msg_setting("CFLAGS", " ".join(ctx.env.CFLAGS))
+     msg_setting("LDFLAGS", " ".join(ctx.env.LDFLAGS))
+     msg_setting("LINKFLAGS_NTPD", " ".join(ctx.env.LINKFLAGS_NTPD))
+    msg_setting("BISONFLAGS", ctx.env.BISONFLAGS)
+     msg_setting("PREFIX", ctx.env.PREFIX)
+     msg_setting("LIBDIR", ctx.env.LIBDIR)
+     msg_setting("Droproot Support", droproot_type)
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch
deleted file mode 100644
index 98c62eed49..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 9a7dead72f41e79979625c9bdef2fb638427d3d6 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 22 Aug 2022 20:54:17 -0700
-Subject: [PATCH] wscript: Widen the search for tags
-Default is to look for annotated tags, howveer when using devtool we
-create our own git tree from release tarballs which will have tags but
-they are not annotated, therefore broaden the search to include all tags
-Upstream-Status: Inappropriate [OE-specific]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
- wscript | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/wscript b/wscript
-index 879ded1..dff835d 100644
--- a/wscript
-+++ b/wscript
-@@ -177,7 +177,7 @@ def configure(ctx):
-     if build_desc:
-         build_desc = ' ' + build_desc
-     if ctx.env.BIN_GIT:
-        cmd = ctx.env.BIN_GIT + shlex.split("describe --dirty")
-+        cmd = ctx.env.BIN_GIT + shlex.split("describe --tags --dirty")
-         git_short_hash = ctx.cmd_and_log(cmd).strip()
-         git_short_hash = '-'.join(git_short_hash.split('-')[1:])
- 
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch
deleted file mode 100644
index 705a87bdfa..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0f94870b84e68448f16b1304058bde4628dafde5 Mon Sep 17 00:00:00 2001
-From: Alex Kiernan <alexk@zuma.ai>
-Date: Thu, 30 Dec 2021 10:41:20 +0000
-Subject: [PATCH 2/2] ntpd/ntp_sandbox.c: match riscv to aarch in seccomp
- filter
-On Yocto Poky, faccessat (et al) are also used on riscv64:
-  2018-03-09T12:35:32 ntpd[341]: ERR: SIGSYS: got a trap.
-  2018-03-09T12:35:32 ntpd[341]: ERR: SIGSYS/seccomp bad syscall 48/0xc00000f3
-Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/0f94870b84e68448f16b1304058bde4628dafde5]
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
-Signed-off-by: Alex Kiernan <alexk@zuma.ai>
---
- ntpd/ntp_sandbox.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
-index 1ae82a671344..4a14ae224dc6 100644
--- a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -451,7 +451,7 @@ int scmp_sc[] = {
-        /* gentoo 64-bit and 32-bit, Intel and Arm use mmap */
-        SCMP_SYS(mmap),
- #endif
-#if defined(__aarch64__)
-+#if defined(__aarch64__) || defined(__riscv)
-        SCMP_SYS(faccessat),
-        SCMP_SYS(renameat),
-        SCMP_SYS(linkat),
-- 
-2.34.1
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb
index e975f903f9..d11ada67ee 100644
--- a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
+++ b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb
@@ -2,25 +2,22 @@ SUMMARY = "The Network Time Protocol suite, refactored"
 HOMEPAGE = "https://www.ntpsec.org/"
 LICENSE = "CC-BY-4.0 & BSD-2-Clause & NTP & BSD-3-Clause & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=0520591566b6ed3a9ced8b15b4d4abf9 \
+LIC_FILES_CHKSUM = "file://LICENSES/BSD-2;md5=653830da7b770a32f6f50f6107e0b186 \
-                    file://libjsmn/LICENSE;md5=38118982429881235de8adf478a8e75d \
+                    file://LICENSES/BSD-3;md5=55e9dcf6a625a2dcfcda4ef6a647fbfd \
-                    file://docs/copyright.adoc;md5=9a1e3fce4b630078cb67ba2b619d2b13 \
+                    file://LICENSES/CC-BY-4.0;md5=2ab724713fdaf49e4523c4503bfd068d \
-                    file://libaes_siv/COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
+                    file://LICENSES/MIT;md5=5a9dfc801af3eb49df2055c9b07918b2 \
+                    file://LICENSES/NTP;md5=cb56b7747f86157c78ca81f224806694"
 DEPENDS += "bison-native \
            openssl \
            python3"
 SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \
-           file://0001-Update-to-OpenSSL-3.0.0-alpha15.patch \
-           file://0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch \
-           file://0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch \
-           file://0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch \
           file://volatiles.ntpsec \
-           file://0001-wscript-Widen-the-search-for-tags.patch \
+           file://0001-wscript-Add-BISONFLAGS-support.patch \
           "
-SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a"
+SRC_URI[sha256sum] = "2f2848760b915dfe185b9217f777738b36ceeb78a7fc208b7e74e039dec22df5"
 UPSTREAM_CHECK_URI = "ftp://ftp.ntpsec.org/pub/releases/"
@@ -66,7 +63,6 @@ EXTRA_OECONF = "--cross-compiler='${CC}' \
                --pyshebang=${bindir}/python3 \
                --pythondir=${PYTHON_SITEPACKAGES_DIR} \
                --pythonarchdir=${PYTHON_SITEPACKAGES_DIR} \
-                --enable-debug \
                --enable-debug-gdb \
                --enable-early-droproot"
@@ -74,6 +70,12 @@ EXTRA_OEWAF_BUILD ?= "-v"
 NTP_USER_HOME ?= "/var/lib/ntp"
+BISONFLAGS = "--file-prefix-map=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}"
+do_configure:prepend() {
+        export BISONFLAGS="${BISONFLAGS}"
+}
 do_install:append() {
        install -d ${D}${sysconfdir}/init.d
        install -m 755 ${S}/etc/rc/ntpd ${D}${sysconfdir}/init.d
author	Alex Kiernan <alex.kiernan@gmail.com>	2023-01-24 11:16:34 +0000
committer	Khem Raj <raj.khem@gmail.com>	2023-01-25 08:51:25 -0800
commit	61598be67d1da6e74bd8e98c467a2b6edeb61739 (patch)
tree	b15d2b70a421133e07cc739156cb58eb38a19d71
parent	1e2e283635809c0f2cca81045a1dd26ac275b2d9 (diff)
download	meta-openembedded-61598be67d1da6e74bd8e98c467a2b6edeb61739.tar.gz

diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch deleted file mode 100644 index 825f6c93c3..0000000000 --- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch +++ /dev/null
@@ -1,111 +0,0 @@
1	From ba368822d0a197cb84c46c911d40d0c52cf9c391 Mon Sep 17 00:00:00 2001
2	From: Hal Murray <hmurray@megapathdsl.net>
3	Date: Sun, 2 May 2021 22:24:26 -0700
4	Subject: [PATCH] Update to OpenSSL 3.0.0-alpha15
5
6	Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/ba368822d0a197cb84c46c911d40d0c52cf9c391]
7	Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
8	Signed-off-by: Alex Kiernan <alexk@zuma.ai>
9	---
10	attic/cmac-timing.c \| 37 ++++++++++++++-----------------------
11	1 file changed, 14 insertions(+), 23 deletions(-)
12
13	diff --git a/attic/cmac-timing.c b/attic/cmac-timing.c
14	index c2088db63a4c..464daa76b9e6 100644
15	--- a/attic/cmac-timing.c
16	+++ b/attic/cmac-timing.c
17	@@ -225,28 +225,14 @@ static void DoPKEY(
18	#if OPENSSL_VERSION_NUMBER > 0x20000000L
19	static size_t One_EVP_MAC(
20	EVP_MAC_CTX ctx, / context */
21	- char *cipher,
22	uint8_t key, / key pointer */
23	int keylength, /* key length */
24	uint8_t pkt, / packet pointer */
25	int pktlength /* packet length */
26	) {
27	- OSSL_PARAM params[3];
28	size_t len = EVP_MAX_MD_SIZE;
29
30	- params[0] =
31	- OSSL_PARAM_construct_utf8_string("cipher", cipher, 0);
32	- params[1] =
33	- OSSL_PARAM_construct_octet_string("key", key, keylength);
34	- params[2] = OSSL_PARAM_construct_end();
35	- if (0 == EVP_MAC_CTX_set_params(ctx, params)) {
36	- unsigned long err = ERR_get_error();
37	- char * str = ERR_error_string(err, NULL);
38	- printf("## Oops, EVP_MAC_CTX_set_params() failed: %s.\n", str);
39	- return 0;
40	- }
41	-
42	- if (0 == EVP_MAC_init(ctx)) {
43	+ if (0 == EVP_MAC_init(ctx, key, keylength, NULL)) {
44	unsigned long err = ERR_get_error();
45	char * str = ERR_error_string(err, NULL);
46	printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
47	@@ -255,13 +241,13 @@ static size_t One_EVP_MAC(
48	if (0 == EVP_MAC_update(ctx, pkt, pktlength)) {
49	unsigned long err = ERR_get_error();
50	char * str = ERR_error_string(err, NULL);
51	- printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
52	+ printf("## Oops, EVP_MAC_update() failed: %s.\n", str);
53	return 0;
54	}
55	if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) {
56	unsigned long err = ERR_get_error();
57	char * str = ERR_error_string(err, NULL);
58	- printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
59	+ printf("## Oops, EVP_MAC_final() failed: %s.\n", str);
60	return 0;
61	}
62	return len;
63	@@ -290,7 +276,7 @@ static void Do_EVP_MAC(
64
65	clock_gettime(CLOCK_MONOTONIC, &start);
66	for (int i = 0; i < SAMPLESIZE; i++) {
67	- digestlength = One_EVP_MAC(evp, cbc, key, keylength, pkt, pktlength);
68	+ digestlength = One_EVP_MAC(evp, key, keylength, pkt, pktlength);
69	if (0 == digestlength) break;
70	}
71	clock_gettime(CLOCK_MONOTONIC, &stop);
72	@@ -305,26 +291,31 @@ static size_t One_EVP_MAC2(
73	uint8_t pkt, / packet pointer */
74	int pktlength /* packet length */
75	) {
76	+ EVP_MAC_CTX *dup;
77	size_t len = EVP_MAX_MD_SIZE;
78
79	- if (0 == EVP_MAC_init(ctx)) {
80	+ // dup = ctx;
81	+ dup = EVP_MAC_CTX_dup(ctx);
82	+
83	+ if (0 == EVP_MAC_init(dup, NULL, 0, NULL)) {
84	unsigned long err = ERR_get_error();
85	char * str = ERR_error_string(err, NULL);
86	printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
87	return 0;
88	}
89	- if (0 == EVP_MAC_update(ctx, pkt, pktlength)) {
90	+ if (0 == EVP_MAC_update(dup, pkt, pktlength)) {
91	unsigned long err = ERR_get_error();
92	char * str = ERR_error_string(err, NULL);
93	- printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
94	+ printf("## Oops, EVP_MAC_update() failed: %s.\n", str);
95	return 0;
96	}
97	- if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) {
98	+ if (0 == EVP_MAC_final(dup, answer, &len, sizeof(answer))) {
99	unsigned long err = ERR_get_error();
100	char * str = ERR_error_string(err, NULL);
101	- printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
102	+ printf("## Oops, EVP_MAC_final() failed: %s.\n", str);
103	return 0;
104	}
105	+ EVP_MAC_CTX_free(dup);
106	return len;
107	}
108
109	--
110	2.33.0
111


diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch deleted file mode 100644 index 112aaa2a07..0000000000 --- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	From d474682bb30b93d04b7b01c2dd09832e483265ed Mon Sep 17 00:00:00 2001
2	From: Sam James <sam@gentoo.org>
3	Date: Sun, 14 Nov 2021 08:54:58 +0000
4	Subject: [PATCH] ntpd/ntp_sandbox.c: allow clone3 for glibc-2.34 in seccomp
5	filter
6
7	Bug: https://bugs.gentoo.org/823692
8	Fixes: https://gitlab.com/NTPsec/ntpsec/-/issues/713
9	Signed-off-by: Sam James <sam@gentoo.org>
10	Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/d474682bb30b93d04b7b01c2dd09832e483265ed]
11	Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
12	Signed-off-by: Alex Kiernan <alexk@zuma.ai>
13	---
14	ntpd/ntp_sandbox.c \| 1 +
15	1 file changed, 1 insertion(+)
16
17	diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
18	index e66faaa8cbb0..3d6bccdfcf77 100644
19	--- a/ntpd/ntp_sandbox.c
20	+++ b/ntpd/ntp_sandbox.c
21	@@ -401,6 +401,7 @@ int scmp_sc[] = {
22	* rather than generate a trap.
23	*/
24	SCMP_SYS(clone), /* threads */
25	+ SCMP_SYS(clone3),
26	SCMP_SYS(kill), /* generate signal */
27	SCMP_SYS(madvise),
28	SCMP_SYS(mprotect),
29	--
30	2.34.1
31


diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch deleted file mode 100644 index 3bec2cea77..0000000000 --- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch +++ /dev/null
@@ -1,42 +0,0 @@
1	From a6c0847582305aaab122d54b635954829812922f Mon Sep 17 00:00:00 2001
2	From: Alex Kiernan <alexk@zuma.ai>
3	Date: Thu, 30 Dec 2021 09:32:26 +0000
4	Subject: [PATCH 1/2] ntpd/ntp_sandbox.c: allow newfstatat on all archs for
5	glibc-2.34 in seccomp filter
6
7	On Yocto Poky, newfstatat is used on (at least) arm64, x86_64 and
8	riscv64:
9
10	2021-12-30T09:32:04 ntpd[341]: ERR: SIGSYS: got a trap.
11	2021-12-30T09:32:04 ntpd[341]: ERR: SIGSYS/seccomp bad syscall 262/0xc000003e
12
13	Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/a6c0847582305aaab122d54b635954829812922f]
14	Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
15	Signed-off-by: Alex Kiernan <alexk@zuma.ai>
16	---
17	ntpd/ntp_sandbox.c \| 2 +-
18	1 file changed, 1 insertion(+), 1 deletion(-)
19
20	diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
21	index 3d6bccdfcf77..1ae82a671344 100644
22	--- a/ntpd/ntp_sandbox.c
23	+++ b/ntpd/ntp_sandbox.c
24	@@ -349,6 +349,7 @@ int scmp_sc[] = {
25	SCMP_SYS(lseek),
26	SCMP_SYS(membarrier), /* Needed on Alpine 3.11.3 */
27	SCMP_SYS(munmap),
28	+ SCMP_SYS(newfstatat),
29	SCMP_SYS(open),
30	#ifdef __NR_openat
31	SCMP_SYS(openat), /* SUSE */
32	@@ -452,7 +453,6 @@ int scmp_sc[] = {
33	#endif
34	#if defined(__aarch64__)
35	SCMP_SYS(faccessat),
36	- SCMP_SYS(newfstatat),
37	SCMP_SYS(renameat),
38	SCMP_SYS(linkat),
39	SCMP_SYS(unlinkat),
40	--
41	2.34.1
42


diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Add-BISONFLAGS-support.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Add-BISONFLAGS-support.patch new file mode 100644 index 0000000000..2e3730df47 --- /dev/null +++ b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Add-BISONFLAGS-support.patch
@@ -0,0 +1,29 @@
		1	From 792cb4f9d13450251c6344eed2b35f382c98df0d Mon Sep 17 00:00:00 2001
		2	From: Alex Kiernan <alexk@zuma.ai>
		3	Date: Thu, 19 Jan 2023 13:00:45 +0000
		4	Subject: [PATCH] wscript: Add BISONFLAGS support
		5
		6	---
		7	wscript \| 2 ++
		8	1 file changed, 2 insertions(+)
		9
		10	diff --git a/wscript b/wscript
		11	index 7329d6e46889..de51f1e9cdd9 100644
		12	--- a/wscript
		13	+++ b/wscript
		14	@@ -140,6 +140,7 @@ def configure(ctx):
		15	# Ensure m4 is present, or bison will fail with SIGPIPE
		16	ctx.find_program('m4')
		17	ctx.load('bison')
		18	+ ctx.add_os_flags('BISONFLAGS')
		19
		20	for opt in opt_map:
		21	ctx.env[opt] = opt_map[opt]
		22	@@ -911,6 +912,7 @@ int main(int argc, char **argv) {
		23	msg_setting("CFLAGS", " ".join(ctx.env.CFLAGS))
		24	msg_setting("LDFLAGS", " ".join(ctx.env.LDFLAGS))
		25	msg_setting("LINKFLAGS_NTPD", " ".join(ctx.env.LINKFLAGS_NTPD))
		26	+ msg_setting("BISONFLAGS", ctx.env.BISONFLAGS)
		27	msg_setting("PREFIX", ctx.env.PREFIX)
		28	msg_setting("LIBDIR", ctx.env.LIBDIR)
		29	msg_setting("Droproot Support", droproot_type)


diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch deleted file mode 100644 index 98c62eed49..0000000000 --- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch +++ /dev/null
@@ -1,29 +0,0 @@
1	From 9a7dead72f41e79979625c9bdef2fb638427d3d6 Mon Sep 17 00:00:00 2001
2	From: Khem Raj <raj.khem@gmail.com>
3	Date: Mon, 22 Aug 2022 20:54:17 -0700
4	Subject: [PATCH] wscript: Widen the search for tags
5
6	Default is to look for annotated tags, howveer when using devtool we
7	create our own git tree from release tarballs which will have tags but
8	they are not annotated, therefore broaden the search to include all tags
9
10	Upstream-Status: Inappropriate [OE-specific]
11
12	Signed-off-by: Khem Raj <raj.khem@gmail.com>
13	---
14	wscript \| 2 +-
15	1 file changed, 1 insertion(+), 1 deletion(-)
16
17	diff --git a/wscript b/wscript
18	index 879ded1..dff835d 100644
19	--- a/wscript
20	+++ b/wscript
21	@@ -177,7 +177,7 @@ def configure(ctx):
22	if build_desc:
23	build_desc = ' ' + build_desc
24	if ctx.env.BIN_GIT:
25	- cmd = ctx.env.BIN_GIT + shlex.split("describe --dirty")
26	+ cmd = ctx.env.BIN_GIT + shlex.split("describe --tags --dirty")
27	git_short_hash = ctx.cmd_and_log(cmd).strip()
28	git_short_hash = '-'.join(git_short_hash.split('-')[1:])
29


diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch deleted file mode 100644 index 705a87bdfa..0000000000 --- a/meta-networking/recipes-support/ntpsec/ntpsec/0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch +++ /dev/null
@@ -1,34 +0,0 @@
1	From 0f94870b84e68448f16b1304058bde4628dafde5 Mon Sep 17 00:00:00 2001
2	From: Alex Kiernan <alexk@zuma.ai>
3	Date: Thu, 30 Dec 2021 10:41:20 +0000
4	Subject: [PATCH 2/2] ntpd/ntp_sandbox.c: match riscv to aarch in seccomp
5	filter
6
7	On Yocto Poky, faccessat (et al) are also used on riscv64:
8
9	2018-03-09T12:35:32 ntpd[341]: ERR: SIGSYS: got a trap.
10	2018-03-09T12:35:32 ntpd[341]: ERR: SIGSYS/seccomp bad syscall 48/0xc00000f3
11
12	Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/0f94870b84e68448f16b1304058bde4628dafde5]
13	Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
14	Signed-off-by: Alex Kiernan <alexk@zuma.ai>
15	---
16	ntpd/ntp_sandbox.c \| 2 +-
17	1 file changed, 1 insertion(+), 1 deletion(-)
18
19	diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
20	index 1ae82a671344..4a14ae224dc6 100644
21	--- a/ntpd/ntp_sandbox.c
22	+++ b/ntpd/ntp_sandbox.c
23	@@ -451,7 +451,7 @@ int scmp_sc[] = {
24	/* gentoo 64-bit and 32-bit, Intel and Arm use mmap */
25	SCMP_SYS(mmap),
26	#endif
27	-#if defined(__aarch64__)
28	+#if defined(__aarch64__) \|\| defined(__riscv)
29	SCMP_SYS(faccessat),
30	SCMP_SYS(renameat),
31	SCMP_SYS(linkat),
32	--
33	2.34.1
34


diff --git a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb index e975f903f9..d11ada67ee 100644 --- a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb +++ b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb
@@ -2,25 +2,22 @@ SUMMARY = "The Network Time Protocol suite, refactored"
2	HOMEPAGE = "https://www.ntpsec.org/"	2	HOMEPAGE = "https://www.ntpsec.org/"
3		3
4	LICENSE = "CC-BY-4.0 & BSD-2-Clause & NTP & BSD-3-Clause & MIT"	4	LICENSE = "CC-BY-4.0 & BSD-2-Clause & NTP & BSD-3-Clause & MIT"
5	LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=0520591566b6ed3a9ced8b15b4d4abf9 \	5	LIC_FILES_CHKSUM = "file://LICENSES/BSD-2;md5=653830da7b770a32f6f50f6107e0b186 \
6	file://libjsmn/LICENSE;md5=38118982429881235de8adf478a8e75d \	6	file://LICENSES/BSD-3;md5=55e9dcf6a625a2dcfcda4ef6a647fbfd \
7	file://docs/copyright.adoc;md5=9a1e3fce4b630078cb67ba2b619d2b13 \	7	file://LICENSES/CC-BY-4.0;md5=2ab724713fdaf49e4523c4503bfd068d \
8	file://libaes_siv/COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"	8	file://LICENSES/MIT;md5=5a9dfc801af3eb49df2055c9b07918b2 \
		9	file://LICENSES/NTP;md5=cb56b7747f86157c78ca81f224806694"
9		10
10	DEPENDS += "bison-native \	11	DEPENDS += "bison-native \
11	openssl \	12	openssl \
12	python3"	13	python3"
13		14
14	SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \	15	SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \
15	file://0001-Update-to-OpenSSL-3.0.0-alpha15.patch \
16	file://0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch \
17	file://0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch \
18	file://0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch \
19	file://volatiles.ntpsec \	16	file://volatiles.ntpsec \
20	file://0001-wscript-Widen-the-search-for-tags.patch \	17	file://0001-wscript-Add-BISONFLAGS-support.patch \
21	"	18	"
22		19
23	SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a"	20	SRC_URI[sha256sum] = "2f2848760b915dfe185b9217f777738b36ceeb78a7fc208b7e74e039dec22df5"
24		21
25	UPSTREAM_CHECK_URI = "ftp://ftp.ntpsec.org/pub/releases/"	22	UPSTREAM_CHECK_URI = "ftp://ftp.ntpsec.org/pub/releases/"
26		23
@@ -66,7 +63,6 @@ EXTRA_OECONF = "--cross-compiler='${CC}' \
66	--pyshebang=${bindir}/python3 \	63	--pyshebang=${bindir}/python3 \
67	--pythondir=${PYTHON_SITEPACKAGES_DIR} \	64	--pythondir=${PYTHON_SITEPACKAGES_DIR} \
68	--pythonarchdir=${PYTHON_SITEPACKAGES_DIR} \	65	--pythonarchdir=${PYTHON_SITEPACKAGES_DIR} \
69	--enable-debug \
70	--enable-debug-gdb \	66	--enable-debug-gdb \
71	--enable-early-droproot"	67	--enable-early-droproot"
72		68
@@ -74,6 +70,12 @@ EXTRA_OEWAF_BUILD ?= "-v"
74		70
75	NTP_USER_HOME ?= "/var/lib/ntp"	71	NTP_USER_HOME ?= "/var/lib/ntp"
76		72
		73	BISONFLAGS = "--file-prefix-map=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}"
		74
		75	do_configure:prepend() {
		76	export BISONFLAGS="${BISONFLAGS}"
		77	}
		78
77	do_install:append() {	79	do_install:append() {
78	install -d ${D}${sysconfdir}/init.d	80	install -d ${D}${sysconfdir}/init.d
79	install -m 755 ${S}/etc/rc/ntpd ${D}${sysconfdir}/init.d	81	install -m 755 ${S}/etc/rc/ntpd ${D}${sysconfdir}/init.d