Репозитории ALT
S: | 4.2.8p15-alt4 |
5.1: | 4.2.4-alt5.p7 |
4.1: | 4.2.4-alt3.p4.M41.2 |
4.0: | 4.2.2-alt1.p4.3 |
3.0: | 4.1.2-alt3 |
+backports: | 4.2.4-alt0.M30.3.p4 |
Группа :: Система/Настройка/Прочее
Пакет: ntp
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: ntp-4.2.8p14-MD5-to-SHA1-default.patch
Скачать
Скачать
https://bugzilla.altlinux.org/38300
ntp-keygen-opts.def isn't patched, attempt caused the autogen's problem:
Error in template /usr/share/autogen/cmd-doc.tlib, line 219
DEFINITIONS ERROR in /usr/share/autogen/cmd-doc.tlib line 219 for ntp-keygen-opts.mdoc:
Cannot locate converter for mdoc
Failing Guile command: = = = = =
(define sec-type (string-upcase (get "ds-type")))
(define sec-name (name-to-fname sec-type))
(define cvt-fn (find-file (string-append
(get "ds-format" "man") "2mdoc")))
(if (not (defined? 'cvt-fn))
(error (sprintf "Cannot locate converter for %s"
(get "ds-format" "man"))))
(define sec-file (string-append tmp-dir "/SEC/" sec-name))
(access? sec-file R_OK)
diff --git a/ntp/html/keygen.html b/ntp/html/keygen.html
index 51577e3..f39e6c7 100644
--- a/ntp/html/keygen.html
+++ b/ntp/html/keygen.html
@@ -95,7 +95,7 @@
run for the first time, or if all files with names
beginning <tt>ntpkey</tt> have been removed, use
the <tt>ntp-keygen</tt> command without arguments to generate a
- default RSA host key and matching RSA-MD5 certificate with expiration
+ default RSA host key and matching RSA-SHA1 certificate with expiration
date one year hence. If run again without options, the program uses
the existing keys and parameters and generates only a new certificate
with new expiration date one year hence.</p>
@@ -138,7 +138,7 @@
<dd>Select certificate digital signature and message digest scheme.
Note that RSA schemes must be used with an RSA sign key and DSA
schemes must be used with a DSA sign key. The default without this
- option is <tt>RSA-MD5</tt>. If compatibility with FIPS 140-2 is
+ option is <tt>RSA-SHA1</tt>. If compatibility with FIPS 140-2 is
required, either the <tt>DSA-SHA</tt> or <tt>DSA-SHA1</tt> scheme
must be used.</dd>
<dt><tt>-C <i>cipher</i></tt></dt>
diff --git a/ntp/util/invoke-ntp-keygen.texi b/ntp/util/invoke-ntp-keygen.texi
index d835637..85b9431 100644
--- a/ntp/util/invoke-ntp-keygen.texi
+++ b/ntp/util/invoke-ntp-keygen.texi
@@ -143,7 +143,7 @@ have been removed, use the
command without arguments to generate a default
@code{RSA}
host key and matching
-@code{RSA-MD5}
+@code{RSA-SHA1}
certificate file with expiration date one year hence,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
@@ -478,7 +478,7 @@ On trusted host alice run
to generate the host key file
@file{ntpkey}_ @code{RSA} @file{key_alice.} @kbd{filestamp}
and trusted private certificate file
-@file{ntpkey}_ @code{RSA-MD5} @code{_} @file{cert_alice.} @kbd{filestamp},
+@file{ntpkey}_ @code{RSA-SHA1} @code{_} @file{cert_alice.} @kbd{filestamp},
and soft links.
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
@@ -642,7 +642,7 @@ schemes must be used with a
@code{DSA}
sign key.
The default without this option is
-@code{RSA-MD5}.
+@code{RSA-SHA1}.
If compatibility with FIPS 140-2 is required, either the
@code{DSA-SHA}
or
@@ -1143,7 +1143,7 @@ DSA-SHA, or DSA-SHA1.
Select the certificate signature encryption/message digest scheme.
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key. The default without
-this option is RSA-MD5.
+this option is RSA-SHA1.
@node ntp-keygen cipher
@subsection cipher option (-C)
@cindex ntp-keygen-cipher
diff --git a/ntp/util/ntp-keygen.1ntp-keygenman b/ntp/util/ntp-keygen.1ntp-keygenman
index 4b97854..cdc2af7 100644
--- a/ntp/util/ntp-keygen.1ntp-keygenman
+++ b/ntp/util/ntp-keygen.1ntp-keygenman
@@ -179,7 +179,7 @@ have been removed, use the
command without arguments to generate a default
\f\*[B-Font]RSA\f[]
host key and matching
-\f\*[B-Font]RSA-MD5\f[]
+\f\*[B-Font]RSA-SHA1\f[]
certificate file with expiration date one year hence,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
@@ -548,7 +548,7 @@ On trusted host alice run
to generate the host key file
\fIntpkey\f[]_ \f\*[B-Font]RSA\f[] \fIkey_alice.\f[] \f\*[I-Font]filestamp\f[]
and trusted private certificate file
-\fIntpkey\f[]_ \f\*[B-Font]RSA-MD5\f[] \f\*[B-Font]_\f[] \fIcert_alice.\f[] \f\*[I-Font]filestamp\f[],
+\fIntpkey\f[]_ \f\*[B-Font]RSA-SHA1\f[] \f\*[B-Font]_\f[] \fIcert_alice.\f[] \f\*[I-Font]filestamp\f[],
and soft links.
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
@@ -720,7 +720,7 @@ schemes must be used with a
\f\*[B-Font]DSA\f[]
sign key.
The default without this option is
-\f\*[B-Font]RSA-MD5\f[].
+\f\*[B-Font]RSA-SHA1\f[].
If compatibility with FIPS 140-2 is required, either the
\f\*[B-Font]DSA-SHA\f[]
or
@@ -1144,7 +1144,7 @@ DSA-SHA, or DSA-SHA1.
Select the certificate signature encryption/message digest scheme.
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key. The default without
-this option is RSA-MD5.
+this option is RSA-SHA1.
.TP
.NOP \f\*[B-Font]\-C\f[] \f\*[I-Font]cipher\f[], \f\*[B-Font]\-\-cipher\f[]=\f\*[I-Font]cipher\f[]
privatekey cipher.
diff --git a/ntp/util/ntp-keygen.c b/ntp/util/ntp-keygen.c
index eb2cb34..18cb116 100644
--- a/ntp/util/ntp-keygen.c
+++ b/ntp/util/ntp-keygen.c
@@ -564,7 +564,7 @@ main(
}
}
if (scheme == NULL)
- scheme = "RSA-MD5";
+ scheme = "RSA-SHA1";
if (ciphername == NULL)
ciphername = "des-ede3-cbc";
cipher = EVP_get_cipherbyname(ciphername);
diff --git a/ntp/util/ntp-keygen.html b/ntp/util/ntp-keygen.html
index 38d5345..eb13a58 100644
--- a/ntp/util/ntp-keygen.html
+++ b/ntp/util/ntp-keygen.html
@@ -202,7 +202,7 @@ change to the keys directory, usually <code>/usr/local/etc</code>.
When run for the
first time, or if all files with names beginning <code>ntpkey</code>] have been
removed, use the <code>ntp-keygen</code> command without arguments to generate a
-default RSA host key and matching RSA-MD5 certificate with expiration
+default RSA host key and matching RSA-SHA1 certificate with expiration
date one year hence.
If run again without options, the program uses the
existing keys and parameters and generates only a new certificate with
@@ -439,7 +439,7 @@ have been removed, use the
command without arguments to generate a default
<code>RSA</code>
host key and matching
-<code>RSA-MD5</code>
+<code>RSA-SHA1</code>
certificate file with expiration date one year hence,
which is all that is necessary in many cases.
The program also generates soft links from the generic names
@@ -776,7 +776,7 @@ On trusted host alice run
to generate the host key file
<samp>ntpkey</samp>_ <code>RSA</code> <samp>key_alice.</samp> <kbd>filestamp</kbd>
and trusted private certificate file
-<samp>ntpkey</samp>_ <code>RSA-MD5</code> <code>_</code> <samp>cert_alice.</samp> <kbd>filestamp</kbd>,
+<samp>ntpkey</samp>_ <code>RSA-SHA1</code> <code>_</code> <samp>cert_alice.</samp> <kbd>filestamp</kbd>,
and soft links.
Copy both files to all group hosts;
they replace the files which would be generated in other schemes.
@@ -942,7 +942,7 @@ schemes must be used with a
<code>DSA</code>
sign key.
The default without this option is
-<code>RSA-MD5</code>.
+<code>RSA-SHA1</code>.
If compatibility with FIPS 140-2 is required, either the
<code>DSA-SHA</code>
or
@@ -1499,7 +1499,7 @@ DSA-SHA, or DSA-SHA1.
<p>Select the certificate signature encryption/message digest scheme.
Note that RSA schemes must be used with a RSA sign key and DSA
schemes must be used with a DSA sign key. The default without
-this option is RSA-MD5.
+this option is RSA-SHA1.
</p><hr>
<a name="ntp_002dkeygen-cipher"></a>
<div class="header">
diff --git a/ntp/util/ntp-keygen.man.in b/ntp/util/ntp-keygen.man.in
index b5939b7..58a8e60 100644
--- a/ntp/util/ntp-keygen.man.in
+++ b/ntp/util/ntp-keygen.man.in
@@ -720,7 +720,7 @@ schemes must be used with a
\f\*[B-Font]DSA\f[]
sign key.
The default without this option is
-\f\*[B-Font]RSA-MD5\f[].
+\f\*[B-Font]RSA-SHA1\f[].
If compatibility with FIPS 140-2 is required, either the
\f\*[B-Font]DSA-SHA\f[]
or
diff --git a/ntp/util/ntp-keygen.texi b/ntp/util/ntp-keygen.texi
index 34e6aaa..7519fcc 100644
--- a/ntp/util/ntp-keygen.texi
+++ b/ntp/util/ntp-keygen.texi
@@ -132,7 +132,7 @@ change to the keys directory, usually @code{/usr/local/etc}.
When run for the
first time, or if all files with names beginning @code{ntpkey}] have been
removed, use the @code{ntp-keygen} command without arguments to generate a
-default RSA host key and matching RSA-MD5 certificate with expiration
+default RSA host key and matching RSA-SHA1 certificate with expiration
date one year hence.
If run again without options, the program uses the
existing keys and parameters and generates only a new certificate with