Revisions of ntp
Reinhard Max (rmax)
committed
(revision 144)
- Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns (ntp-daemonize.patch). - Update to 4.2.8p8 (bsc#982056): * CVE-2016-4953, bsc#982065: Bad authentication demobilizes ephemeral associations. * CVE-2016-4954, bsc#982066: Processing spoofed server packets. * CVE-2016-4955, bsc#982067: Autokey association reset. * CVE-2016-4956, bsc#982068: Broadcast interleave. * CVE-2016-4957, bsc#982064: CRYPTO_NAK crash. - Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice (bsc#979302). - Don't ignore SIGCHILD because it breaks wait() (boo#981422). - ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service (boo#979981). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". - Fix the TZ offset output of sntp during DST (bsc#951559). - Add /var/db/ntp-kod (bsc#916617). - Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems (bsc#956773). - Don't wait for 11 minutes to restart ntpd when it has died (boo#894031).
Reinhard Max (rmax)
committed
(revision 143)
s/pps-tools/pps-tools-devel
Reinhard Max (rmax)
committed
(revision 142)
- Update to 4.2.8p7 (bsc#977446): * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (boo#957226). - Depend on pps-tools-devel to provide timepps.h header to enable Linux PPSAPI support to make GPS devices usefull. (boo#977563)
buildservice-autocommit
accepted
request 370038
from
Reinhard Max (rmax)
(revision 141)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 140)
- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq - CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass - CVE-2015-7978, bsc#963000: Stack exhaustion in recursive traversal of restriction list. - CVE-2015-7979, bsc#962784: off-path denial of service on authenticated broadcast mode - CVE-2015-7977, bsc#962970: restriction list NULL pointer dereference - CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows dangerous characters in filenames - CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq - CVE-2015-7974, bsc#962960: Missing key check allows impersonation between authenticated peers - CVE-2015-7973, bsc#962995: replay attack on authenticated broadcast mode - CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make a step larger than the panic threshold
Martin Pluskal (pluskalm)
accepted
request 368415
from
Friedrich Haubensak (hsk17)
(revision 139)
update to 4.2.8p6, fixing several minor CVE's
buildservice-autocommit
accepted
request 354703
from
Reinhard Max (rmax)
(revision 138)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 354591
from
Wolfgang Bauer (wolfi323)
(revision 137)
- Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318)
buildservice-autocommit
accepted
request 344194
from
Factory Maintainer (factory-maintainer)
(revision 136)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 135)
- Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty port numbers (bsc#782060).
Reinhard Max (rmax)
committed
(revision 134)
- Update to 4.2.8p4 to fix several security issues (bsc#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks * obsoletes ntp-memlock.patch. - Add a controlkey line to /etc/ntp.conf if one does not already exist, to allow runtime configuration via ntpq. - Use SHA1 instead of MD5 for symmetric keys (bsc#905885). - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587). - Remove "kod" from the restrict line in ntp.conf (bsc#944300).
buildservice-autocommit
accepted
request 330479
from
Factory Maintainer (factory-maintainer)
(revision 133)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 132)
- Add "addserver" as a new legacy action. - Fix the comment regarding addserver in ntp.conf (bnc#910063).
buildservice-autocommit
accepted
request 324699
from
Factory Maintainer (factory-maintainer)
(revision 131)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 130)
- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327). - Add a controlkey to ntp.conf to make the above work. - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore.
buildservice-autocommit
accepted
request 318177
from
Factory Maintainer (factory-maintainer)
(revision 129)
baserev update by copy to link target
Reinhard Max (rmax)
committed
(revision 128)
- Update to version 4.2.8p3 which incorporates all security fixes and most other patches we have so far (fate#319040). More information on: http://archive.ntp.org/ntp4/ChangeLog-stable - Disable chroot by default (bnc#926510). - Enable ntpdc for backwards compatibility (bnc#920238).
buildservice-autocommit
accepted
request 298154
from
Reinhard Max (rmax)
(revision 127)
baserev update by copy to link target
Reinhard Max (rmax)
accepted
request 294739
from
Friedrich Haubensak (hsk17)
(revision 126)
upgrade to current release ntp 4.2.8p2
buildservice-autocommit
accepted
request 293918
from
Reinhard Max (rmax)
(revision 125)
baserev update by copy to link target
Displaying revisions 81 - 100 of 224