LogoopenSUSE Build Service > Projects > network:time > ntp > Revisions
Sign Up | Log In

Revision Log of ntp (146)

buildservice-autocommit accepted request 400540 12 days ago (revision 146)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 19 days ago (revision 145)
  avoid the impression that ntpd is started twice.
  (bsc#979302, ntp-processname.patch).
- Don't ignore SIGCHILD because it breaks wait()
  (boo#981422, ntp-sigchld.patch).
- Fix the TZ offset output of sntp during DST.
  (bsc#951559, ntp-sntp-dst.patch)
Reinhard Max Reinhard Max (rmax) committed 19 days ago (revision 144)
- Keep the parent process alive until the daemon has finished
  initialisation, to make sure that the PID file exists when the
  parent returns (ntp-daemonize.patch).
- Update to 4.2.8p8 (bsc#982056):
  * CVE-2016-4953, bsc#982065: Bad authentication demobilizes
    ephemeral associations.
  * CVE-2016-4954, bsc#982066: Processing spoofed server packets.
  * CVE-2016-4955, bsc#982067: Autokey association reset.
  * CVE-2016-4956, bsc#982068: Broadcast interleave.
  * CVE-2016-4957, bsc#982064: CRYPTO_NAK crash.
- Change the process name of the forking DNS worker process to
  avoid the impression that ntpd is started twice (bsc#979302).
- Don't ignore SIGCHILD because it breaks wait() (boo#981422).
- ntp-wait does not accept fractional seconds, so use 1 instead of
  0.2 in ntp-wait.service (boo#979981).
- Separate the creation of ntp.keys and key #1 in it to avoid
  problems when upgrading installations that have the file, but
  no key #1, which is needed e.g. by "rcntp addserver".
- Fix the TZ offset output of sntp during DST (bsc#951559).
- Add /var/db/ntp-kod (bsc#916617).
- Add ntp-ENOBUFS.patch to limit a warning that might happen
  quite a lot on loaded systems (bsc#956773).
- Don't wait for 11 minutes to restart ntpd when it has died
  (boo#894031).
Reinhard Max Reinhard Max (rmax) committed about 2 months ago (revision 143)
s/pps-tools/pps-tools-devel
Reinhard Max Reinhard Max (rmax) committed about 2 months ago (revision 142)
- Update to 4.2.8p7 (bsc#977446):
  * CVE-2016-1547, bsc#977459:
    Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.
  * CVE-2016-1548, bsc#977461: Interleave-pivot
  * CVE-2016-1549, bsc#977451:
    Sybil vulnerability: ephemeral association attack.
  * CVE-2016-1550, bsc#977464: Improve NTP security against buffer
    comparison timing attacks.
  * CVE-2016-1551, bsc#977450:
    Refclock impersonation vulnerability
  * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig
    directives will cause an assertion botch in ntpd.
  * CVE-2016-2517, bsc#977455: remote configuration trustedkey/
    requestkey/controlkey values are not properly validated.
  * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7
    causes array wraparound with MATCH_ASSOC.
  * CVE-2016-2519, bsc#977458: ctl_getitem() return value not
    always checked.
  * integrate ntp-fork.patch
  * Improve the fixes for:
    CVE-2015-7704, CVE-2015-7705, CVE-2015-7974
- Restrict the parser in the startup script to the first
  occurrance of "keys" and "controlkey" in ntp.conf (boo#957226).
- Depend on pps-tools-devel to provide timepps.h header to enable
  Linux PPSAPI support to make GPS devices usefull. (boo#977563)
buildservice-autocommit accepted request 370038 3 months ago (revision 141)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 4 months ago (revision 140)
- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq
- CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass
- CVE-2015-7978, bsc#963000: Stack exhaustion in recursive
  traversal of restriction list.
- CVE-2015-7979, bsc#962784: off-path denial of service on
  authenticated broadcast mode
- CVE-2015-7977, bsc#962970: restriction list NULL pointer
  dereference
- CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows
  dangerous characters in filenames
- CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq
- CVE-2015-7974, bsc#962960: Missing key check allows impersonation
  between authenticated peers
- CVE-2015-7973, bsc#962995: replay attack on authenticated
  broadcast mode
- CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make
  a step larger than the panic threshold
Martin Pluskal Martin Pluskal (pluskalm) accepted request 368415 4 months ago (revision 139)
update to 4.2.8p6, fixing several minor CVE's
buildservice-autocommit accepted request 354703 5 months ago (revision 138)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) accepted request 354591 5 months ago (revision 137)
- Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318)
buildservice-autocommit accepted request 344194 7 months ago (revision 136)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 8 months ago (revision 135)
- Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty
  port numbers (bsc#782060).
Reinhard Max Reinhard Max (rmax) committed 8 months ago (revision 134)
- Update to 4.2.8p4 to fix several security issues (bsc#951608):
  * CVE-2015-7871: NAK to the Future: Symmetric association
    authentication bypass via crypto-NAK
  * CVE-2015-7855: decodenetnum() will ASSERT botch instead of
    returning FAIL on some bogus values
  * CVE-2015-7854: Password Length Memory Corruption Vulnerability
  * CVE-2015-7853: Invalid length data provided by a custom
    refclock driver could cause a buffer overflow
  * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
  * CVE-2015-7851 saveconfig Directory Traversal Vulnerability
  * CVE-2015-7850 remote config logfile-keyfile
  * CVE-2015-7849 trusted key use-after-free
  * CVE-2015-7848 mode 7 loop counter underrun
  * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
  * CVE-2015-7703 configuration directives "pidfile" and
    "driftfile" should only be allowed locally
  * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
    validate the origin timestamp field
  * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
    data packet length checks
  * obsoletes ntp-memlock.patch.
- Add a controlkey line to /etc/ntp.conf if one does not already
  exist, to allow runtime configuration via ntpq.
- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).
- Improve runtime configuration:
  * Read keytype from ntp.conf
  * Don't write ntp keys to syslog.
- Fix legacy action scripts to pass on command line arguments.
- Remove ntp.1.gz, it wasn't installed anymore.
- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.
  The rest is partially irrelevant, partially redundant and
  potentially outdated (bsc#942587).
- Remove "kod" from the restrict line in ntp.conf (bsc#944300).
buildservice-autocommit accepted request 330479 9 months ago (revision 133)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 10 months ago (revision 132)
- Add "addserver" as a new legacy action.
- Fix the comment regarding addserver in ntp.conf (bnc#910063).
buildservice-autocommit accepted request 324699 10 months ago (revision 131)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 11 months ago (revision 130)
- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).
- Add a controlkey to ntp.conf to make the above work.
- Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.
- Disable mode 7 (ntpdc) again, now that we don't use it anymore.
buildservice-autocommit accepted request 318177 11 months ago (revision 129)
baserev update by copy to link target
Reinhard Max Reinhard Max (rmax) committed 12 months ago (revision 128)
- Update to version 4.2.8p3 which incorporates all security fixes
  and most other patches we have so far (fate#319040).
  More information on:
  http://archive.ntp.org/ntp4/ChangeLog-stable
- Disable chroot by default (bnc#926510).
- Enable ntpdc for backwards compatibility (bnc#920238).
buildservice-autocommit accepted request 298154 about 1 year ago (revision 127)
baserev update by copy to link target

Show all