rpm creation of ntp-4.2.8p11 version on centOS 7.5

Issues related to applications and software problems
Post Reply
vjpiyush
Posts: 18
Joined: 2014/09/08 05:52:28

rpm creation of ntp-4.2.8p11 version on centOS 7.5

Post by vjpiyush » 2018/07/18 12:17:13

Hi,

For our project, we need to update the NTP version to ntp-4.2.8p11 as there is lots of vulnerability report for older version which is available with Centos7.5.

Even link local ipv6 doesn't work with ntp-4.2.6p5. (https://bugzilla.redhat.com/show_bug.cgi?id=1321928 )

I am trying to create rpm of ntp-4.2.8 on centos 7.5.

I am able to build manually ( by running configure , make , make install on source code) but when we create rpm , hitting with the following error

Unable to get much of help on following error on net.

In file included from crypto.h:13:0,
from crypto.c:10:
sntp-opts.h:59:3: error: #error option template version mismatches autoopts/options.h header
# error option template version mismatches autoopts/options.h header
^

sntp-opts.h:60:3: error: unknown type name 'Choke'
Choke Me.
^
sntp-opts.h:60:11: error: expected '=', ',', ';', 'asm' or '__attribute__' before '.' token
Choke Me.
^
sntp-opts.h:90:3: warning: data definition has no type or storage class [enabled by default]
} teOptIndex;
^
sntp-opts.h:90:3: warning: type defaults to 'int' in declaration of 'teOptIndex' [enabled by default]
make[5]: *** [crypto.o] Error 1
make[5]: Leaving directory `/root/rpmbuild/BUILD/ntp-4.2.8p11/sntp'
make[4]: *** [../libsntp.a] Error 2
make[4]: Leaving directory `/root/rpmbuild/BUILD/ntp-4.2.8p11/sntp/tests'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/root/rpmbuild/BUILD/ntp-4.2.8p11/sntp'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/root/rpmbuild/BUILD/ntp-4.2.8p11/sntp'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/rpmbuild/BUILD/ntp-4.2.8p11'
make: *** [all] Error 2
+ exit 0


Has anyone successfully built the ntp-4.2.8 on centos 7.5 ? Please provide the spec file if you're successfully built it.

User avatar
avij
Forum Moderator
Posts: 2682
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: rpm creation of ntp-4.2.8p11 version on centOS 7.5

Post by avij » 2018/07/18 12:27:35

vjpiyush wrote:
2018/07/18 12:17:13
as there is lots of vulnerability report for older version which is available with Centos7.5.
Like which ones? See the backporting page and then check rpm -q ntp --changelog | grep -i cve and then RH's CVE database at https://access.redhat.com/security/secu ... ates/#/cve where you can search for information based on the CVE ID.

ramacentos
Posts: 8
Joined: 2018/07/21 00:14:57

Re: rpm creation of ntp-4.2.8p11 version on centOS 7.5

Post by ramacentos » 2018/07/21 00:22:06

Following CVEs are fixed after ntp-4.2.6p5 that is shipped inside CentOS 7.5.1804.
CVE-2015-7704
CVE-2015-8138
CVE-2016-1547
CVE-2016-1548
CVE-2016-1549

CVE-2016-1550
CVE-2016-1551
CVE-2016-2516
CVE-2016-2517
CVE-2016-2518

CVE-2016-2519
CVE-2016-7434
CVE-2016-1549
CVE-2016-1551
CVE-2016-2516

CVE-2016-2517
CVE-2016-2519
CVE-2018-7170
CVE-2018-7185

ramacentos
Posts: 8
Joined: 2018/07/21 00:14:57

Re: rpm creation of ntp-4.2.8p11 version on centOS 7.5

Post by ramacentos » 2018/07/21 00:29:21

I am getting following errors while building ntp.

sntp-opts.h:60:3: error: unknown type name 'Choke'

sntp-opts.h:103:47: note: each undeclared identifier is reported only once for each function it appears in
#define DESC(n) (sntpOptions.pOptDesc[INDEX_OPT_## n])
^
sntp-opts.h:105:41: note: in expansion of macro 'DESC'
#define HAVE_OPT(n) (! UNUSED_OPT(& DESC(n)))
^
networking.c:118:18: note: in expansion of macro 'HAVE_OPT'
is_authentic = (HAVE_OPT(AUTHENTICATION)) ? 0 : -1;
^
make[5]: *** [networking.o] Error 1
make[5]: *** [main.o] Error 1
make[5]: Leaving directory `/root/rpmUpgrades/ntp/rpm/BUILD/ntp-4.2.8p11/sntp'
make[4]: *** [../libsntp.a] Error 2
make[4]: Leaving directory `/root/rpmUpgrades/ntp/rpm/BUILD/ntp-4.2.8p11/sntp/tests'

User avatar
avij
Forum Moderator
Posts: 2682
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: rpm creation of ntp-4.2.8p11 version on centOS 7.5

Post by avij » 2018/07/21 15:28:25

ramacentos wrote:
2018/07/21 00:22:06
Following CVEs are fixed after ntp-4.2.6p5 that is shipped inside CentOS 7.5.1804.
[snip]
Did you bother reading the backporting page I linked to earlier? Or check out the CVE database link?

For example, the first entry on your list, CVE-2015-7704 has been fixed in ntp-4.2.6p5-19.el7_1.3.

User avatar
TrevorH
Forum Moderator
Posts: 23681
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: rpm creation of ntp-4.2.8p11 version on centOS 7.5

Post by TrevorH » 2018/07/21 15:39:32

We do not support building things from source that the distro already ships as packages. I suggest you use the Redhat CVE pages to check on the status of each of those CVEs and you should find that the majority are already fixed or marked as WONTFIX due to the options used by Redhat to build or configure them. Use e.g. https://access.redhat.com/security/cve/cve-2015-7704 to check each one in turn and read the text there. It also seems you still have not read the backporting link that you've been given which explains how Redhat fixes security vulnerabilities without updating the packages to the latest version.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

ramacentos
Posts: 8
Joined: 2018/07/21 00:14:57

Re: rpm creation of ntp-4.2.8p11 version on centOS 7.5

Post by ramacentos » 2018/07/23 18:18:45

ramacentos wrote:
2018/07/21 00:22:06
Sorry for the mislook earlier. Strange that I missed those.
You are right that most of the CVEs are fixed / marked as closed / wont fix.

Only following 2 CVEs are still pending.

CVE-2018-7170 (https://access.redhat.com/security/cve/cve-2018-7170)
CVE-2018-7185 (https://access.redhat.com/security/cve/cve-2018-7185)

ramacentos
Posts: 8
Joined: 2018/07/21 00:14:57

Re: rpm creation of ntp-4.2.8p11 version on centOS 7.5

Post by ramacentos » 2018/07/23 18:22:17

Also, we dont intend to rebuild something thats already available as distro. Thanks.

Post Reply