Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: ntp | Distribution: openSUSE Leap 15.2 |
Version: 4.2.8p13 | Vendor: openSUSE |
Release: lp152.2.3 | Build date: Thu Feb 6 00:31:47 2020 |
Group: Productivity/Networking/Other | Build host: armbuild02 |
Size: 2850925 | Source RPM: ntp-4.2.8p13-lp152.2.3.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: http://www.ntp.org/ | |
Summary: Network Time Protocol daemon (version 4) |
The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio, satellite receiver, or modem. Ntpd is an operating system daemon that sets and maintains the system time-of-day synchronized with Internet standard time servers.
(MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0
* Mon Mar 11 2019 Reinhard Max <max@suse.com> - Update ro 4.2.8p13 * CVE-2019-8936, bsc#1128525: Crafted null dereference attack in authenticated mode 6 packet. * Fix several bugs in the BANCOMM reclock driver. * Fix ntp_loopfilter.c snprintf compilation warnings. * Fix spurious initgroups() error message. * Fix STA_NANO struct timex units. * Fix GPS week rollover in libparse. * Fix incorrect poll interval in packet. * Add a missing check for ENABLE_CMAC. * Tue Sep 11 2018 max@suse.com - Update to 4.2.8p12 (bsc#1111853): * CVE-2018-12327, bsc#1098531: fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. * Add further tweaks to improve the fix for CVE-2018-7170, bsc#1083424. * ntp-usrgrp-resolver.patch was integrated upstream. - Don't run autoreconf anymore and remove all related hacks and BuildRequires. * Tue Apr 24 2018 max@suse.com - Refactor the key handling in %post so that it does not overwrite user settings (bsc#1036505) and is more robust against ignored SIGPIPE (bsc#1090564). * Sun Mar 18 2018 suse-beta@cboltz.de - change example statsdir in ntp.conf to /var/log/ntpstats/ to match the AppArmor profile (boo#1076247) * Wed Feb 28 2018 max@suse.com - Update to 4.2.8p11 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. * CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral associations. * CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot recover from bad state. * CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset authenticated interleaved association. * CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond its buffer limit. * Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch - Remove dead code from conf.start-ntpd (bsc#1082063). - Don't use libevent's cached time stamps in sntp. (bsc#1077445, ntp-sntp-libevent.patch) * Thu Dec 21 2017 bwiedemann@suse.com - Add ntp-reproducible.patch to make build reproducible (boo#1047218) * Tue Dec 19 2017 max@suse.com - Restart nptd if failed or aborted (FATE#315133). - Do not try to set the HW clock when adding a server at runtime to avoid blocking systemd. * Thu Nov 23 2017 rbrown@suse.com - Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) * Thu Apr 06 2017 max@suse.com - Enable experimental leap smearing (fate#321003). See /usr/share/doc/packages/ntp/README.leapsmear for details. * Thu Apr 06 2017 aj@ajaissle.de - Fix spelling and default values in conf.sysconfig.ntp * Wed Mar 22 2017 max@suse.com - Update to 4.2.8p10 (bsc#1030050): * Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via Malformed Config * Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in DPTS Clock * Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option * Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value * Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused * Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code * Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver * Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in ctl_put() functions * Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf() in mx4200_send() * Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq when fetching reslist * Sec 3376: NTP-01-001 Makefile does not enforce Security Flags * Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin (zero origin) DoS. * [Bug 3393] clang scan-build findings * [Bug 3363] Support for openssl-1.1.0 without compatibility modes * [Bug 3356] Bugfix 3072 breaks multicastclient * [Bug 3173] forking async worker: interrupted pipe I/O * [Bug 3139] (...) time_pps_create: Exec format error * [Bug 3107] Incorrect Logic for Peer Event Limiting * [Bug 3062] Change the process name of forked DNS worker * [Bug 2923] Trap Configuration Fail * [Bug 2896] Nothing happens if minsane < maxclock < minclock * [Bug 2851] allow -4/-6 on restrict line with mask * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags - Removed patches: * ntp-openssl-version.patch: fixed upstream * ntp-processname.patch: accepted upstream * ntp-trap.patch: accepted upstream * ntp-unbreak-multicast.patch: fixed upstream - Remove spurious log messages (bsc#1014172, ntp-warnings.patch). * Fri Mar 10 2017 max@suse.com - Fix a problem with multicast clients. (bsc#1018940, ntp-unbreak-multicast.patch) * Tue Feb 21 2017 kukuk@suse.de - Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates (ntp-move-kod-file.patch) * Tue Jan 17 2017 max@suse.com - Remove 50-ntp.list (bsc#1011919). - Use system-wide libevent instead of local copy. * Mon Nov 28 2016 max@suse.com - Simplify ntpd's search for its own executable to prevent AppArmor warnings (bsc#956365, ntp-pathfind.patch). * Mon Nov 21 2016 max@suse.com - Update to 4.2.8p9: * CVE-2016-9311: Trap crash. * CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector. * CVE-2016-7427: Broadcast Mode Replay Prevention DoS. * CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS. * CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass. * CVE-2016-7434: Null pointer dereference in _IO_str_init_static_internal(). * CVE-2016-7429: Interface selection attack. * CVE-2016-7426: Client rate limiting and server responses. * CVE-2016-7433: Reboot sync calculation problem. * Fix a spurious error message (obsoletes ntp-sigchld.patch). * Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. - Fix a regression in "trap" (bsc#981252, ntp-trap.patch). - Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606, ntp-netlink.patch). - Fix segfault in "sntp -a" (bnc#1009434, ntp-sntp-a.patch). - Silence an OpenSSL version warning (bsc#992038, ntp-openssl-version.patch). * Wed Oct 05 2016 guillaume@opensuse.org - Depend on pps-tools-devel only for openSUSE > 13.2 * Thu Aug 25 2016 josef.moellers@suse.com - Make the resolver task change user and group IDs to the same values as the main task. (bnc#988028, ntp-usrgrp-resolver.patch) * Tue Jun 07 2016 max@suse.com - Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns (ntp-daemonize.patch). - Update to 4.2.8p8 (bsc#982056): * CVE-2016-4953, bsc#982065: Bad authentication demobilizes ephemeral associations. * CVE-2016-4954, bsc#982066: Processing spoofed server packets. * CVE-2016-4955, bsc#982067: Autokey association reset. * CVE-2016-4956, bsc#982068: Broadcast interleave. * CVE-2016-4957, bsc#982064: CRYPTO_NAK crash. - Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. (bsc#979302, ntp-processname.patch). - Don't ignore SIGCHILD because it breaks wait() (boo#981422, ntp-sigchld.patch). - ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service (boo#979981). - Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by "rcntp addserver". - Fix the TZ offset output of sntp during DST. (bsc#951559, ntp-sntp-dst.patch) - Add /var/db/ntp-kod (bsc#916617). - Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems (bsc#956773). - Don't wait for 11 minutes to restart ntpd when it has died (boo#894031). * Wed May 04 2016 max@suse.com - Update to 4.2.8p7 (bsc#977446): * CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS. * CVE-2016-1548, bsc#977461: Interleave-pivot * CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack. * CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks. * CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd. * CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated. * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC. * CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked. * integrate ntp-fork.patch * Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974 - Restrict the parser in the startup script to the first occurrance of "keys" and "controlkey" in ntp.conf (boo#957226). - Depend on pps-tools-devel to provide timepps.h header to enable Linux PPSAPI support to make GPS devices usefull. (boo#977563) * Fri Mar 11 2016 max@suse.com - CVE-2015-8158, bsc#962966: potential infinite loop in ntpq - CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass - CVE-2015-7978, bsc#963000: Stack exhaustion in recursive traversal of restriction list. - CVE-2015-7979, bsc#962784: off-path denial of service on authenticated broadcast mode - CVE-2015-7977, bsc#962970: restriction list NULL pointer dereference - CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows dangerous characters in filenames - CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq - CVE-2015-7974, bsc#962960: Missing key check allows impersonation between authenticated peers - CVE-2015-7973, bsc#962995: replay attack on authenticated broadcast mode - CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make a step larger than the panic threshold * Mon Mar 07 2016 hsk@imb-jena.de - update to 4.2.8p6 * fixes low- and medium-severity vulnerabilities 4.2.8p6: CVE-2015-8158 CVE-2015-8138 CVE-2015-7978 CVE-2015-7979 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975 CVE-2015-7974 CVE-2015-7973 4.2.8p5: CVE-2015-5300 * bug fixes * Mon Jan 18 2016 wbauer@tmo.at - Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318) * Fri Nov 06 2015 max@suse.com - Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty port numbers (bsc#782060). * Thu Oct 29 2015 max@suse.com - Update to 4.2.8p4 to fix several security issues (bsc#951608): * CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK * CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values * CVE-2015-7854: Password Length Memory Corruption Vulnerability * CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability * CVE-2015-7851 saveconfig Directory Traversal Vulnerability * CVE-2015-7850 remote config logfile-keyfile * CVE-2015-7849 trusted key use-after-free * CVE-2015-7848 mode 7 loop counter underrun * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC * CVE-2015-7703 configuration directives "pidfile" and "driftfile" should only be allowed locally * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks * obsoletes ntp-memlock.patch. - Add a controlkey line to /etc/ntp.conf if one does not already exist, to allow runtime configuration via ntpq. - Use SHA1 instead of MD5 for symmetric keys (bsc#905885). - Improve runtime configuration: * Read keytype from ntp.conf * Don't write ntp keys to syslog. - Fix legacy action scripts to pass on command line arguments. - Remove ntp.1.gz, it wasn't installed anymore. - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587). - Remove "kod" from the restrict line in ntp.conf (bsc#944300). * Fri Sep 04 2015 max@suse.com - Add "addserver" as a new legacy action. - Fix the comment regarding addserver in ntp.conf (bnc#910063). * Thu Aug 13 2015 max@suse.com - Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327). - Add a controlkey to ntp.conf to make the above work. - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser. - Disable mode 7 (ntpdc) again, now that we don't use it anymore. * Thu Jul 16 2015 max@suse.com - Update to version 4.2.8p3 which incorporates all security fixes and most other patches we have so far (fate#319040). More information on: http://archive.ntp.org/ntp4/ChangeLog-stable - Disable chroot by default (bnc#926510). - Enable ntpdc for backwards compatibility (bnc#920238). * Tue Apr 07 2015 hsk@imb-jena.de - update to 4.2.8p2 * fixes CVE-2015-1798, CVE-2015-1799 (medium-severity vulnerabilities involving private key authentication) * bug fixes and enhancements * New script: update-leap * Fri Mar 27 2015 max@suse.com - /bin/logger is needed for runtime configuration (bnc#924451). * Mon Mar 16 2015 hsk@imb-jena.de - update to 4.2.8p1 * fixes CVE-2014-9297, CVE-2014-9298 * over 30 bugfixes and improvements - update to 4.2.8 * fixes CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296 * changed Internal NTP Era counters * ntpdc responses disabled by default * over 1100 issues resolved between the 4.2.6 branch and 4.2.8 - adjusted patches to fit 4.2.8p1: ntp-segfault_on_invalid_device.patch bnc#506908.diff MOD_NANO.diff - removed obsolete / now-in-upstream patches: ntpd-maxmonmen.patch ntp-code-cleanup.patch ntp-sntp-recverr.patch bnc#817893.patch ntp-CVE-2014-9295.patch ntp-CVE-2014-9296.patch - changes to spec file: * added --datadir (for private perl module needed by ntp scripts) and --html-dir (html docs now get installed by "make install") to configure options * script ntp-wait has moved in source tree * Mon Mar 16 2015 crrodriguez@opensuse.org - *.service: Do not start ntpd when running on containers or when CAP_SYS_TIME was dropped from the default capability set ( see SYSTEMD-SYSTEM.CONF(5) for details) * Sun Mar 08 2015 wbauer@tmo.at - Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#901751) * Wed Jan 21 2015 dimstar@opensuse.org - Add ntp.NetworkManager: install NetworkManager dipatcher hook: if the DHCP Server delivers NTP Servers, accept those and configure NTP using the information (boo#900982). * Sun Jan 04 2015 mpluskal@suse.com - Enable avahi support * Fri Dec 19 2014 max@suse.com - bnc#910764: VU#852879 ntp security fixes * A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure() where updated to avoid buffer overflows that could be exploited. (CVE-2014-9295) * Furthermore a problem inside the ntpd error handling was found that is missing a return statement. This could also lead to a potentially attack vector. (CVE-2014-9296) - ntp-CVE-2014-9295.patch and ntp-CVE-2014-9296.patch will be obsoleted by the upcoming update to version 4.2.8. * Tue Dec 02 2014 obs@botter.cc - fix typo in version check regarding /usr/lib/initscripts/legacy-actions to fix build for <= 13.1
/etc/NetworkManager /etc/NetworkManager/dispatcher.d /etc/NetworkManager/dispatcher.d/ntp /etc/logrotate.d/ntp /etc/ntp.conf /etc/slp.reg.d /etc/slp.reg.d/ntp.reg /etc/sysconfig/SuSEfirewall2.d/services/ntp /usr/lib/initscripts/legacy-actions/ntpd /usr/lib/initscripts/legacy-actions/ntpd/addserver /usr/lib/initscripts/legacy-actions/ntpd/ntptimeset /usr/lib/systemd/system/ntp-wait.service /usr/lib/systemd/system/ntpd.service /usr/sbin/calc_tickadj /usr/sbin/ntp-keygen /usr/sbin/ntp-wait /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc /usr/sbin/ntpq /usr/sbin/ntptime /usr/sbin/ntptrace /usr/sbin/rcntp-wait /usr/sbin/rcntpd /usr/sbin/sntp /usr/sbin/start-ntpd /usr/sbin/tickadj /usr/sbin/update-leap /usr/share/doc/packages/ntp /usr/share/doc/packages/ntp/COPYRIGHT /usr/share/doc/packages/ntp/ChangeLog /usr/share/doc/packages/ntp/NEWS /usr/share/doc/packages/ntp/README /usr/share/doc/packages/ntp/README.SUSE /usr/share/doc/packages/ntp/README.bk /usr/share/doc/packages/ntp/README.hackers /usr/share/doc/packages/ntp/README.leapsmear /usr/share/doc/packages/ntp/README.patches /usr/share/doc/packages/ntp/README.pullrequests /usr/share/doc/packages/ntp/README.refclocks /usr/share/doc/packages/ntp/README.versions /usr/share/doc/packages/ntp/TODO /usr/share/doc/packages/ntp/WHERE-TO-START /usr/share/doc/packages/ntp/conf /usr/share/doc/packages/ntp/conf/README /usr/share/doc/packages/ntp/conf/baldwin.conf /usr/share/doc/packages/ntp/conf/beauregard.conf /usr/share/doc/packages/ntp/conf/grundoon.conf /usr/share/doc/packages/ntp/conf/malarky.conf /usr/share/doc/packages/ntp/conf/pogo.conf /usr/share/doc/packages/ntp/conf/rackety.conf /usr/share/fillup-templates/sysconfig.ntp /usr/share/fillup-templates/sysconfig.syslog-ntp /usr/share/man/man1/calc_tickadj.1.gz /usr/share/man/man1/ntp-keygen.1.gz /usr/share/man/man1/ntp-wait.1.gz /usr/share/man/man1/ntpd.1.gz /usr/share/man/man1/ntpdc.1.gz /usr/share/man/man1/ntpq.1.gz /usr/share/man/man1/ntptrace.1.gz /usr/share/man/man1/sntp.1.gz /usr/share/man/man1/update-leap.1.gz /usr/share/man/man5/ntp.conf.5.gz /usr/share/man/man5/ntp.keys.5.gz /usr/share/man/man8/ntptime.8.gz /usr/share/ntp /usr/share/ntp/lib /usr/share/ntp/lib/NTP /usr/share/ntp/lib/NTP/Util.pm /usr/share/omc/svcinfo.d/ntp.xml /var/lib/ntp /var/lib/ntp/dev /var/lib/ntp/drift /var/lib/ntp/etc /var/lib/ntp/etc/ntp.conf.iburst /var/lib/ntp/kod /var/lib/ntp/var /var/lib/ntp/var/lib /var/lib/ntp/var/lib/ntp /var/lib/ntp/var/run /var/lib/ntp/var/run/ntp /var/log/ntp
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 11:45:28 2024