LogoopenSUSE Build Service > Projects > network:time > ntp > Revisions
Sign Up | Log In

Revision Log of ntp (146)

buildservice-autocommit accepted request 400540 about 2 months ago (revision 146)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed about 2 months ago (revision 145)
  avoid the impression that ntpd is started twice.
  (bsc#979302, ntp-processname.patch).
- Don't ignore SIGCHILD because it breaks wait()
  (boo#981422, ntp-sigchld.patch).
- Fix the TZ offset output of sntp during DST.
  (bsc#951559, ntp-sntp-dst.patch)
Reinhard Max Reinhard Max (rmax) committed about 2 months ago (revision 144)
- Keep the parent process alive until the daemon has finished
  initialisation, to make sure that the PID file exists when the
  parent returns (ntp-daemonize.patch).
- Update to 4.2.8p8 (bsc#982056):
  * CVE-2016-4953, bsc#982065: Bad authentication demobilizes
    ephemeral associations.
  * CVE-2016-4954, bsc#982066: Processing spoofed server packets.
  * CVE-2016-4955, bsc#982067: Autokey association reset.
  * CVE-2016-4956, bsc#982068: Broadcast interleave.
  * CVE-2016-4957, bsc#982064: CRYPTO_NAK crash.
- Change the process name of the forking DNS worker process to
  avoid the impression that ntpd is started twice (bsc#979302).
- Don't ignore SIGCHILD because it breaks wait() (boo#981422).
- ntp-wait does not accept fractional seconds, so use 1 instead of
  0.2 in ntp-wait.service (boo#979981).
- Separate the creation of ntp.keys and key #1 in it to avoid
  problems when upgrading installations that have the file, but
  no key #1, which is needed e.g. by "rcntp addserver".
- Fix the TZ offset output of sntp during DST (bsc#951559).
- Add /var/db/ntp-kod (bsc#916617).
- Add ntp-ENOBUFS.patch to limit a warning that might happen
  quite a lot on loaded systems (bsc#956773).
- Don't wait for 11 minutes to restart ntpd when it has died
  (boo#894031).
Reinhard Max Reinhard Max (rmax) committed 3 months ago (revision 143)
s/pps-tools/pps-tools-devel
Reinhard Max Reinhard Max (rmax) committed 3 months ago (revision 142)
- Update to 4.2.8p7 (bsc#977446):
  * CVE-2016-1547, bsc#977459:
    Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.
  * CVE-2016-1548, bsc#977461: Interleave-pivot
  * CVE-2016-1549, bsc#977451:
    Sybil vulnerability: ephemeral association attack.
  * CVE-2016-1550, bsc#977464: Improve NTP security against buffer
    comparison timing attacks.
  * CVE-2016-1551, bsc#977450:
    Refclock impersonation vulnerability
  * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig
    directives will cause an assertion botch in ntpd.
  * CVE-2016-2517, bsc#977455: remote configuration trustedkey/
    requestkey/controlkey values are not properly validated.
  * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7
    causes array wraparound with MATCH_ASSOC.
  * CVE-2016-2519, bsc#977458: ctl_getitem() return value not
    always checked.
  * integrate ntp-fork.patch
  * Improve the fixes for:
    CVE-2015-7704, CVE-2015-7705, CVE-2015-7974
- Restrict the parser in the startup script to the first
  occurrance of "keys" and "controlkey" in ntp.conf (boo#957226).
- Depend on pps-tools-devel to provide timepps.h header to enable
  Linux PPSAPI support to make GPS devices usefull. (boo#977563)
buildservice-autocommit accepted request 370038 4 months ago (revision 141)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 5 months ago (revision 140)
- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq
- CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass
- CVE-2015-7978, bsc#963000: Stack exhaustion in recursive
  traversal of restriction list.
- CVE-2015-7979, bsc#962784: off-path denial of service on
  authenticated broadcast mode
- CVE-2015-7977, bsc#962970: restriction list NULL pointer
  dereference
- CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows
  dangerous characters in filenames
- CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq
- CVE-2015-7974, bsc#962960: Missing key check allows impersonation
  between authenticated peers
- CVE-2015-7973, bsc#962995: replay attack on authenticated
  broadcast mode
- CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make
  a step larger than the panic threshold
Martin Pluskal Martin Pluskal (pluskalm) accepted request 368415 5 months ago (revision 139)
update to 4.2.8p6, fixing several minor CVE's
buildservice-autocommit accepted request 354703 6 months ago (revision 138)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) accepted request 354591 6 months ago (revision 137)
- Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318)
buildservice-autocommit accepted request 344194 8 months ago (revision 136)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 9 months ago (revision 135)
- Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty
  port numbers (bsc#782060).
Reinhard Max Reinhard Max (rmax) committed 9 months ago (revision 134)
- Update to 4.2.8p4 to fix several security issues (bsc#951608):
  * CVE-2015-7871: NAK to the Future: Symmetric association
    authentication bypass via crypto-NAK
  * CVE-2015-7855: decodenetnum() will ASSERT botch instead of
    returning FAIL on some bogus values
  * CVE-2015-7854: Password Length Memory Corruption Vulnerability
  * CVE-2015-7853: Invalid length data provided by a custom
    refclock driver could cause a buffer overflow
  * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
  * CVE-2015-7851 saveconfig Directory Traversal Vulnerability
  * CVE-2015-7850 remote config logfile-keyfile
  * CVE-2015-7849 trusted key use-after-free
  * CVE-2015-7848 mode 7 loop counter underrun
  * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
  * CVE-2015-7703 configuration directives "pidfile" and
    "driftfile" should only be allowed locally
  * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
    validate the origin timestamp field
  * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
    data packet length checks
  * obsoletes ntp-memlock.patch.
- Add a controlkey line to /etc/ntp.conf if one does not already
  exist, to allow runtime configuration via ntpq.
- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).
- Improve runtime configuration:
  * Read keytype from ntp.conf
  * Don't write ntp keys to syslog.
- Fix legacy action scripts to pass on command line arguments.
- Remove ntp.1.gz, it wasn't installed anymore.
- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.
  The rest is partially irrelevant, partially redundant and
  potentially outdated (bsc#942587).
- Remove "kod" from the restrict line in ntp.conf (bsc#944300).
buildservice-autocommit accepted request 330479 11 months ago (revision 133)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 11 months ago (revision 132)
- Add "addserver" as a new legacy action.
- Fix the comment regarding addserver in ntp.conf (bnc#910063).
buildservice-autocommit accepted request 324699 11 months ago (revision 131)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 12 months ago (revision 130)
- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).
- Add a controlkey to ntp.conf to make the above work.
- Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.
- Disable mode 7 (ntpdc) again, now that we don't use it anymore.
buildservice-autocommit accepted request 318177 about 1 year ago (revision 129)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed about 1 year ago (revision 128)
- Update to version 4.2.8p3 which incorporates all security fixes
  and most other patches we have so far (fate#319040).
  More information on:
  http://archive.ntp.org/ntp4/ChangeLog-stable
- Disable chroot by default (bnc#926510).
- Enable ntpdc for backwards compatibility (bnc#920238).
buildservice-autocommit accepted request 298154 over 1 year ago (revision 127)
baserev update by copy to link target

Show all