[ntp:security] Regarding CVE-2014-9293 and CVE-2014-9294 fix patch for ntp-4.2.4p8

Danny Mayer mayer at ntp.org
Sun Jan 11 03:23:26 UTC 2015


On 1/9/2015 6:58 AM, VijayRam LaxmiNarayanan wrote:
> Hi All,
> 
> I m building ntp-4.2.4p8 with CVE-2014-9293 and CVE-2014-9294 patches related to ntp-4.2.4p8
> 
> During build, I get the following error:
> 
>  ntp_random.c:(.text+0x396): undefined reference to `RAND_poll'
>  ../libntp/libntp.a(ntp_random.o): In function `ntp_crypto_random_buf':
> ntp_random.c:(.text+0x3a2): undefined reference to `RAND_bytes'
> ntp_random.c:(.text+0x3ae): undefined reference to `ERR_get_error'
> ntp_random.c:(.text+0x3b4): undefined reference to `ERR_error_string'
> collect2: ld returned 1 exit status
> make[3]: *** [ntpd] Error 1
> 
> 
> I tried enabling openssl in the spec file, but did not succeed
> 
> Also gave the include path of openssl(rand.h file path) in spec file, again did not succeed
> 
> Also tried linking with libraries
> 
> 
> Please let me know for furthur ideas
> 
> 
> Thanks & regards
> Vijayaram

NTP 4.2.4p8 is no longer supported and hasn't been for a number of
years. NTP 4.2.8 is the latest release and if you have a problem
building it then you should enter a bug report in bugzilla.

Danny



More information about the security mailing list