@@ -1,7 +1,7 @@

 Summary:        Network Time Protocol reference implementation

 Name:           ntp

 Version:        4.2.8p10

-Release:        3%{?dist}

+Release:        4%{?dist}

 License:        NTP

 URL:            http://www.ntp.org/

 Group:          System Environment/NetworkingPrograms

@@ -14,6 +14,7 @@ Source0:        https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/%{name}-%

 Source1: ntpstat-master.zip

 %define sha1 ntpstat=729cf2c9f10da43554f26875e91e1973d4498761

 Source2: ntp.sysconfig

+Patch0:  ntpq-remove-list-digest-call.patch

 BuildRequires:  which

 BuildRequires:  libcap-devel

 BuildRequires:  unzip

@@ -38,6 +39,7 @@ state of the NTP daemon running on the local machine.

 %prep

 %setup -q -a 1

+%patch0 -p1

 %build

 ./configure \

@@ -138,6 +140,8 @@ rm -rf %{buildroot}/*

 %{_mandir}/man8/ntpstat.8*

 %changelog

+*   Wed Sep 27 2017 Anish Swaminathan <anishs@vmware.com> 4.2.8p10-4

+-   Add patch to remove call to OpenSSL's list digest method in ntpq

 *   Thu Jul 27 2017 Dheeraj Shetty <dheerajs@vmware.com> 4.2.8p10-3

 -   Remove syslog.target from service file

 *   Mon Apr 10 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.2.8p10-2

new file mode 100644

@@ -0,0 +1,199 @@

+diff -rup ntp-4.2.8p10/ntpq/ntpq.c ntp-4.2.8p10-new/ntpq/ntpq.c

+--- ntp-4.2.8p10/ntpq/ntpq.c	2017-03-21 06:04:30.000000000 -0700

+@@ -33,7 +33,6 @@

+ #ifdef OPENSSL

+ #include "openssl/evp.h"

+ #include "openssl/objects.h"

+-#include "openssl/err.h"

+ #include "libssl_compat.h"

+ #endif

+ #include <ssl_applink.c>

+@@ -227,13 +226,6 @@ static	void	on_ctrlc	(void);

+ static	int	my_easprintf	(char**, const char *, ...) NTP_PRINTF(2, 3);

+ void	ntpq_custom_opt_handler	(tOptions *, tOptDesc *);

+ 

+-#ifdef OPENSSL

+-# ifdef HAVE_EVP_MD_DO_ALL_SORTED

+-static void list_md_fn(const EVP_MD *m, const char *from,

+-		       const char *to, void *arg );

+-# endif

+-#endif

+-static char *list_digest_names(void);

+ 

+ /*

+  * Built-in commands we understand

+@@ -294,8 +286,8 @@ struct xcmd builtins[] = {

+ 	  { "version number", "", "", "" },

+ 	  "set the NTP version number to use for requests" },

+ 	{ "keytype",	keytype,	{ OPT|NTP_STR, NO, NO, NO },

+-	  { "key type %s", "", "", "" },

+-	  NULL },

++	  { "key type (md5|des)", "", "", "" },

++	  "set key type to use for authenticated requests (des|md5)" },

+ 	{ 0,		0,		{ NO, NO, NO, NO },

+ 	  { "", "", "", "" }, "" }

+ };

+@@ -477,37 +469,6 @@ ntpqmain(

+ 	if (!ipv6_works)

+ 		ai_fam_default = AF_INET;

+ 

+-	/* Fixup keytype's help based on available digest names */

+-

+-	{

+-	    char *list;

+-	    char *msg;

+-

+-	    list = list_digest_names();

+-	    for (icmd = 0; icmd < sizeof(builtins)/sizeof(builtins[0]); icmd++) {

+-		if (strcmp("keytype", builtins[icmd].keyword) == 0)

+-		    break;

+-	    }

+-

+-	    /* CID: 1295478 */

+-	    /* This should only "trip" if "keytype" is removed from builtins */

+-	    INSIST(icmd < sizeof(builtins)/sizeof(builtins[0]));

+-

+-#ifdef OPENSSL

+-	    builtins[icmd].desc[0] = "digest-name";

+-	    my_easprintf(&msg,

+-			 "set key type to use for authenticated requests, one of:%s",

+-			 list);

+-#else

+-	    builtins[icmd].desc[0] = "md5";

+-	    my_easprintf(&msg,

+-			 "set key type to use for authenticated requests (%s)",

+-			 list);

+-#endif

+-	    builtins[icmd].comment = msg;

+-	    free(list);

+-	}

+-

+ 	progname = argv[0];

+ 

+ 	{

+@@ -2558,11 +2519,11 @@ keytype(

+ 	key_type = keytype_from_text(digest_name, &digest_len);

+ 

+ 	if (!key_type) {

+-		fprintf(fp, "keytype is not valid. "

++		fprintf(fp, "keytype must be 'md5'%s\n",

+ #ifdef OPENSSL

+-			"Type \"help keytype\" for the available digest types.\n");

++			" or a digest type provided by OpenSSL");

+ #else

+-			"Only \"md5\" is available.\n");

++			"");

+ #endif

+ 		return;

+ 	}

+@@ -3580,109 +3541,6 @@ ntpq_custom_opt_handler(

+ 		break;

+ 	}

+ }

+-/*

+- * Obtain list of digest names

+- */

+-

+-#ifdef OPENSSL

+-# ifdef HAVE_EVP_MD_DO_ALL_SORTED

+-struct hstate {

+-   char *list;

+-   const char **seen;

+-   int idx;

+-};

+-#define K_PER_LINE 8

+-#define K_NL_PFX_STR "\n    "

+-#define K_DELIM_STR ", "

+-static void list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg )

+-{

+-    size_t len, n;

+-    const char *name, *cp, **seen;

+-    struct hstate *hstate = arg;

+-    EVP_MD_CTX *ctx;

+-    u_int digest_len;

+-    u_char digest[EVP_MAX_MD_SIZE];

+-

+-    if (!m)

+-        return; /* Ignore aliases */

+-

+-    name = EVP_MD_name(m);

+-

+-    /* Lowercase names aren't accepted by keytype_from_text in ssl_init.c */

+-

+-    for( cp = name; *cp; cp++ ) {

+-	if( islower((unsigned char)*cp) )

+-	    return;

+-    }

+-    len = (cp - name) + 1;

+-

+-    /* There are duplicates.  Discard if name has been seen. */

+-

+-    for (seen = hstate->seen; *seen; seen++)

+-        if (!strcmp(*seen, name))

+-	    return;

+-    n = (seen - hstate->seen) + 2;

+-    hstate->seen = erealloc(hstate->seen, n * sizeof(*seen));

+-    hstate->seen[n-2] = name;

+-    hstate->seen[n-1] = NULL;

+-

+-    /* Discard MACs that NTP won't accept.

+-     * Keep this consistent with keytype_from_text() in ssl_init.c.

+-     */

+-

+-    ctx = EVP_MD_CTX_new();

+-    EVP_DigestInit(ctx, EVP_get_digestbyname(name));

+-    EVP_DigestFinal(ctx, digest, &digest_len);

+-    EVP_MD_CTX_free(ctx);

+-    if (digest_len > (MAX_MAC_LEN - sizeof(keyid_t)))

+-        return;

+-

+-    if (hstate->list != NULL)

+-	len += strlen(hstate->list);

+-    len += (hstate->idx >= K_PER_LINE)? strlen(K_NL_PFX_STR): strlen(K_DELIM_STR);

+-

+-    if (hstate->list == NULL) {

+-	hstate->list = (char *)emalloc(len);

+-	hstate->list[0] = '\0';

+-    } else

+-	hstate->list = (char *)erealloc(hstate->list, len);

+-

+-    sprintf(hstate->list + strlen(hstate->list), "%s%s",

+-	    ((hstate->idx >= K_PER_LINE)? K_NL_PFX_STR : K_DELIM_STR),

+-	    name);

+-    if (hstate->idx >= K_PER_LINE)

+-	hstate->idx = 1;

+-    else

+-	hstate->idx++;

+-}

+-# endif

+-#endif

+-

+-static char *list_digest_names(void)

+-{

+-    char *list = NULL;

+-

+-#ifdef OPENSSL

+-# ifdef HAVE_EVP_MD_DO_ALL_SORTED

+-    struct hstate hstate = { NULL, NULL, K_PER_LINE+1 };

+-

+-    hstate.seen = (const char **) emalloc_zero(1*sizeof( const char * )); // replaces -> calloc(1, sizeof( const char * ));

+-

+-    INIT_SSL();

+-    EVP_MD_do_all_sorted(list_md_fn, &hstate);

+-    list = hstate.list;

+-    free(hstate.seen);

+-# else

+-    list = (char *)emalloc(sizeof("md5, others (upgrade to OpenSSL-1.0 for full list)"));

+-    strcpy(list, "md5, others (upgrade to OpenSSL-1.0 for full list)");

+-# endif

+-#else

+-    list = (char *)emalloc(sizeof("md5"));

+-    strcpy(list, "md5");

+-#endif

+-

+-    return list;

+-}

+ 

+ #define CTRLC_STACK_MAX 4

+ static volatile size_t		ctrlc_stack_len = 0;