LogoopenSUSE Build Service > Projects > network:time > ntp > Revisions
Sign Up | Log In

Revision Log of ntp (143)

Reinhard Max Reinhard Max (rmax) committed 27 days ago (revision 143)
s/pps-tools/pps-tools-devel
Reinhard Max Reinhard Max (rmax) committed 27 days ago (revision 142)
- Update to 4.2.8p7 (bsc#977446):
  * CVE-2016-1547, bsc#977459:
    Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.
  * CVE-2016-1548, bsc#977461: Interleave-pivot
  * CVE-2016-1549, bsc#977451:
    Sybil vulnerability: ephemeral association attack.
  * CVE-2016-1550, bsc#977464: Improve NTP security against buffer
    comparison timing attacks.
  * CVE-2016-1551, bsc#977450:
    Refclock impersonation vulnerability
  * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig
    directives will cause an assertion botch in ntpd.
  * CVE-2016-2517, bsc#977455: remote configuration trustedkey/
    requestkey/controlkey values are not properly validated.
  * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7
    causes array wraparound with MATCH_ASSOC.
  * CVE-2016-2519, bsc#977458: ctl_getitem() return value not
    always checked.
  * integrate ntp-fork.patch
  * Improve the fixes for:
    CVE-2015-7704, CVE-2015-7705, CVE-2015-7974
- Restrict the parser in the startup script to the first
  occurrance of "keys" and "controlkey" in ntp.conf (boo#957226).
- Depend on pps-tools-devel to provide timepps.h header to enable
  Linux PPSAPI support to make GPS devices usefull. (boo#977563)
buildservice-autocommit accepted request 370038 2 months ago (revision 141)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 3 months ago (revision 140)
- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq
- CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass
- CVE-2015-7978, bsc#963000: Stack exhaustion in recursive
  traversal of restriction list.
- CVE-2015-7979, bsc#962784: off-path denial of service on
  authenticated broadcast mode
- CVE-2015-7977, bsc#962970: restriction list NULL pointer
  dereference
- CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows
  dangerous characters in filenames
- CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq
- CVE-2015-7974, bsc#962960: Missing key check allows impersonation
  between authenticated peers
- CVE-2015-7973, bsc#962995: replay attack on authenticated
  broadcast mode
- CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make
  a step larger than the panic threshold
Martin Pluskal Martin Pluskal (pluskalm) accepted request 368415 3 months ago (revision 139)
update to 4.2.8p6, fixing several minor CVE's
buildservice-autocommit accepted request 354703 4 months ago (revision 138)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) accepted request 354591 4 months ago (revision 137)
- Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318)
buildservice-autocommit accepted request 344194 6 months ago (revision 136)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 7 months ago (revision 135)
- Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty
  port numbers (bsc#782060).
Reinhard Max Reinhard Max (rmax) committed 7 months ago (revision 134)
- Update to 4.2.8p4 to fix several security issues (bsc#951608):
  * CVE-2015-7871: NAK to the Future: Symmetric association
    authentication bypass via crypto-NAK
  * CVE-2015-7855: decodenetnum() will ASSERT botch instead of
    returning FAIL on some bogus values
  * CVE-2015-7854: Password Length Memory Corruption Vulnerability
  * CVE-2015-7853: Invalid length data provided by a custom
    refclock driver could cause a buffer overflow
  * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
  * CVE-2015-7851 saveconfig Directory Traversal Vulnerability
  * CVE-2015-7850 remote config logfile-keyfile
  * CVE-2015-7849 trusted key use-after-free
  * CVE-2015-7848 mode 7 loop counter underrun
  * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
  * CVE-2015-7703 configuration directives "pidfile" and
    "driftfile" should only be allowed locally
  * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
    validate the origin timestamp field
  * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
    data packet length checks
  * obsoletes ntp-memlock.patch.
- Add a controlkey line to /etc/ntp.conf if one does not already
  exist, to allow runtime configuration via ntpq.
- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).
- Improve runtime configuration:
  * Read keytype from ntp.conf
  * Don't write ntp keys to syslog.
- Fix legacy action scripts to pass on command line arguments.
- Remove ntp.1.gz, it wasn't installed anymore.
- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.
  The rest is partially irrelevant, partially redundant and
  potentially outdated (bsc#942587).
- Remove "kod" from the restrict line in ntp.conf (bsc#944300).
buildservice-autocommit accepted request 330479 9 months ago (revision 133)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 9 months ago (revision 132)
- Add "addserver" as a new legacy action.
- Fix the comment regarding addserver in ntp.conf (bnc#910063).
buildservice-autocommit accepted request 324699 9 months ago (revision 131)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 10 months ago (revision 130)
- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).
- Add a controlkey to ntp.conf to make the above work.
- Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.
- Disable mode 7 (ntpdc) again, now that we don't use it anymore.
buildservice-autocommit accepted request 318177 10 months ago (revision 129)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 11 months ago (revision 128)
- Update to version 4.2.8p3 which incorporates all security fixes
  and most other patches we have so far (fate#319040).
  More information on:
  http://archive.ntp.org/ntp4/ChangeLog-stable
- Disable chroot by default (bnc#926510).
- Enable ntpdc for backwards compatibility (bnc#920238).
buildservice-autocommit accepted request 298154 about 1 year ago (revision 127)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) accepted request 294739 about 1 year ago (revision 126)
upgrade to current release ntp 4.2.8p2
buildservice-autocommit accepted request 293918 about 1 year ago (revision 125)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) accepted request 290921 about 1 year ago (revision 124)
- *.service: Do not start ntpd when running on containers
  or when CAP_SYS_TIME was dropped from the default capability 
  set ( see SYSTEMD-SYSTEM.CONF(5) for details)

- conf.ntpd.service: Must run with PrivateTmp set to true

Show all