Revisions of ntp
Reinhard Max (rmax)
committed
(revision 144)
- Keep the parent process alive until the daemon has finished
initialisation, to make sure that the PID file exists when the
parent returns (ntp-daemonize.patch).
- Update to 4.2.8p8 (bsc#982056):
* CVE-2016-4953, bsc#982065: Bad authentication demobilizes
ephemeral associations.
* CVE-2016-4954, bsc#982066: Processing spoofed server packets.
* CVE-2016-4955, bsc#982067: Autokey association reset.
* CVE-2016-4956, bsc#982068: Broadcast interleave.
* CVE-2016-4957, bsc#982064: CRYPTO_NAK crash.
- Change the process name of the forking DNS worker process to
avoid the impression that ntpd is started twice (bsc#979302).
- Don't ignore SIGCHILD because it breaks wait() (boo#981422).
- ntp-wait does not accept fractional seconds, so use 1 instead of
0.2 in ntp-wait.service (boo#979981).
- Separate the creation of ntp.keys and key #1 in it to avoid
problems when upgrading installations that have the file, but
no key #1, which is needed e.g. by "rcntp addserver".
- Fix the TZ offset output of sntp during DST (bsc#951559).
- Add /var/db/ntp-kod (bsc#916617).
- Add ntp-ENOBUFS.patch to limit a warning that might happen
quite a lot on loaded systems (bsc#956773).
- Don't wait for 11 minutes to restart ntpd when it has died
(boo#894031).
Reinhard Max (rmax)
committed
(revision 142)
- Update to 4.2.8p7 (bsc#977446):
* CVE-2016-1547, bsc#977459:
Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.
* CVE-2016-1548, bsc#977461: Interleave-pivot
* CVE-2016-1549, bsc#977451:
Sybil vulnerability: ephemeral association attack.
* CVE-2016-1550, bsc#977464: Improve NTP security against buffer
comparison timing attacks.
* CVE-2016-1551, bsc#977450:
Refclock impersonation vulnerability
* CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig
directives will cause an assertion botch in ntpd.
* CVE-2016-2517, bsc#977455: remote configuration trustedkey/
requestkey/controlkey values are not properly validated.
* CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7
causes array wraparound with MATCH_ASSOC.
* CVE-2016-2519, bsc#977458: ctl_getitem() return value not
always checked.
* integrate ntp-fork.patch
* Improve the fixes for:
CVE-2015-7704, CVE-2015-7705, CVE-2015-7974
- Restrict the parser in the startup script to the first
occurrance of "keys" and "controlkey" in ntp.conf (boo#957226).
- Depend on pps-tools-devel to provide timepps.h header to enable
Linux PPSAPI support to make GPS devices usefull. (boo#977563)
buildservice-autocommit
accepted
request 370038
from
Reinhard Max (rmax)
(revision 141)
Reinhard Max (rmax)
(revision 141)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 140)
- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq - CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass - CVE-2015-7978, bsc#963000: Stack exhaustion in recursive traversal of restriction list. - CVE-2015-7979, bsc#962784: off-path denial of service on authenticated broadcast mode - CVE-2015-7977, bsc#962970: restriction list NULL pointer dereference - CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows dangerous characters in filenames - CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq - CVE-2015-7974, bsc#962960: Missing key check allows impersonation between authenticated peers - CVE-2015-7973, bsc#962995: replay attack on authenticated broadcast mode - CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make a step larger than the panic threshold
Martin Pluskal (pluskalm)
accepted
request 368415
from
Friedrich Haubensak (hsk17)
(revision 139)
update to 4.2.8p6, fixing several minor CVE's
buildservice-autocommit
accepted
request 354703
from
Reinhard Max (rmax)
(revision 138)
Reinhard Max (rmax)
(revision 138)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 354591
from
Wolfgang Bauer (wolfi323)
(revision 137)
- Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318)
buildservice-autocommit
accepted
request 344194
from
Factory Maintainer (factory-maintainer)
(revision 136)
Factory Maintainer (factory-maintainer)
(revision 136)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 135)
- Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty port numbers (bsc#782060).
Reinhard Max (rmax)
committed
(revision 134)
- Update to 4.2.8p4 to fix several security issues (bsc#951608):
* CVE-2015-7871: NAK to the Future: Symmetric association
authentication bypass via crypto-NAK
* CVE-2015-7855: decodenetnum() will ASSERT botch instead of
returning FAIL on some bogus values
* CVE-2015-7854: Password Length Memory Corruption Vulnerability
* CVE-2015-7853: Invalid length data provided by a custom
refclock driver could cause a buffer overflow
* CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
* CVE-2015-7851 saveconfig Directory Traversal Vulnerability
* CVE-2015-7850 remote config logfile-keyfile
* CVE-2015-7849 trusted key use-after-free
* CVE-2015-7848 mode 7 loop counter underrun
* CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
* CVE-2015-7703 configuration directives "pidfile" and
"driftfile" should only be allowed locally
* CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
validate the origin timestamp field
* CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
data packet length checks
* obsoletes ntp-memlock.patch.
- Add a controlkey line to /etc/ntp.conf if one does not already
exist, to allow runtime configuration via ntpq.
- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).
- Improve runtime configuration:
* Read keytype from ntp.conf
* Don't write ntp keys to syslog.
- Fix legacy action scripts to pass on command line arguments.
- Remove ntp.1.gz, it wasn't installed anymore.
- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.
The rest is partially irrelevant, partially redundant and
potentially outdated (bsc#942587).
- Remove "kod" from the restrict line in ntp.conf (bsc#944300).
buildservice-autocommit
accepted
request 330479
from
Factory Maintainer (factory-maintainer)
(revision 133)
Factory Maintainer (factory-maintainer)
(revision 133)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 132)
- Add "addserver" as a new legacy action. - Fix the comment regarding addserver in ntp.conf (bnc#910063).
buildservice-autocommit
accepted
request 324699
from
Factory Maintainer (factory-maintainer)
(revision 131)
Factory Maintainer (factory-maintainer)
(revision 131)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 130)
- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327). - Add a controlkey to ntp.conf to make the above work. - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore.
buildservice-autocommit
accepted
request 318177
from
Factory Maintainer (factory-maintainer)
(revision 129)
Factory Maintainer (factory-maintainer)
(revision 129)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 128)
- Update to version 4.2.8p3 which incorporates all security fixes and most other patches we have so far (fate#319040). More information on: http://archive.ntp.org/ntp4/ChangeLog-stable - Disable chroot by default (bnc#926510). - Enable ntpdc for backwards compatibility (bnc#920238).
buildservice-autocommit
accepted
request 298154
from
Reinhard Max (rmax)
(revision 127)
Reinhard Max (rmax)
(revision 127)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 294739
from
Friedrich Haubensak (hsk17)
(revision 126)
upgrade to current release ntp 4.2.8p2
buildservice-autocommit
accepted
request 293918
from
Reinhard Max (rmax)
(revision 125)
Reinhard Max (rmax)
(revision 125)
baserev update by copy to link target
Displaying revisions 81 - 100 of 224
