Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ntp-4.2.8p13-lp152.2.3 RPM for aarch64

From OpenSuSE Ports Leap 15.2 for aarch64

Name: ntp Distribution: openSUSE Leap 15.2
Version: 4.2.8p13 Vendor: openSUSE
Release: lp152.2.3 Build date: Thu Feb 6 00:31:47 2020
Group: Productivity/Networking/Other Build host: armbuild02
Size: 2850925 Source RPM: ntp-4.2.8p13-lp152.2.3.src.rpm
Packager: https://bugs.opensuse.org
Url: http://www.ntp.org/
Summary: Network Time Protocol daemon (version 4)
The Network Time Protocol (NTP) is used to synchronize the time of a
computer client or server to another server or reference time source,
such as a radio, satellite receiver, or modem.

Ntpd is an operating system daemon that sets and maintains the system
time-of-day synchronized with Internet standard time servers.

Provides

Requires

License

(MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0

Changelog

* Mon Mar 11 2019 Reinhard Max <max@suse.com>
  - Update ro 4.2.8p13
    * CVE-2019-8936, bsc#1128525: Crafted null dereference attack in
      authenticated mode 6 packet.
    * Fix several bugs in the BANCOMM reclock driver.
    * Fix ntp_loopfilter.c snprintf compilation warnings.
    * Fix spurious initgroups() error message.
    * Fix STA_NANO struct timex units.
    * Fix GPS week rollover in libparse.
    * Fix incorrect poll interval in packet.
    * Add a missing check for ENABLE_CMAC.
* Tue Sep 11 2018 max@suse.com
  - Update to 4.2.8p12 (bsc#1111853):
    * CVE-2018-12327, bsc#1098531: fixed stack buffer overflow in
      the openhost() command-line call of NTPQ/NTPDC.
    * Add further tweaks to improve the fix for CVE-2018-7170,
      bsc#1083424.
    * ntp-usrgrp-resolver.patch was integrated upstream.
  - Don't run autoreconf anymore and remove all related hacks and
    BuildRequires.
* Tue Apr 24 2018 max@suse.com
  - Refactor the key handling in %post so that it does not overwrite
    user settings (bsc#1036505) and is more robust against ignored
    SIGPIPE (bsc#1090564).
* Sun Mar 18 2018 suse-beta@cboltz.de
  - change example statsdir in ntp.conf to /var/log/ntpstats/ to match
    the AppArmor profile (boo#1076247)
* Wed Feb 28 2018 max@suse.com
  - Update to 4.2.8p11 (bsc#1082210):
    * CVE-2016-1549: Sybil vulnerability: ephemeral association
      attack. While fixed in ntp-4.2.8p7, there are significant
      additional protections for this issue in 4.2.8p11.
    * CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun
      leads to undefined behavior and information leak.
    * CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral
      associations.
    * CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot
      recover from bad state.
    * CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset
      authenticated interleaved association.
    * CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond
      its buffer limit.
    * Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch
  - Remove dead code from conf.start-ntpd (bsc#1082063).
  - Don't use libevent's cached time stamps in sntp.
    (bsc#1077445, ntp-sntp-libevent.patch)
* Thu Dec 21 2017 bwiedemann@suse.com
  - Add ntp-reproducible.patch to make build reproducible (boo#1047218)
* Tue Dec 19 2017 max@suse.com
  - Restart nptd if failed or aborted (FATE#315133).
  - Do not try to set the HW clock when adding a server at runtime
    to avoid blocking systemd.
* Thu Nov 23 2017 rbrown@suse.com
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Thu Apr 06 2017 max@suse.com
  - Enable experimental leap smearing (fate#321003).
    See /usr/share/doc/packages/ntp/README.leapsmear for details.
* Thu Apr 06 2017 aj@ajaissle.de
  - Fix spelling and default values in conf.sysconfig.ntp
* Wed Mar 22 2017 max@suse.com
  - Update to 4.2.8p10 (bsc#1030050):
    * Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP:
      Denial of Service via Malformed Config
    * Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP:
      Buffer Overflow in DPTS Clock
    * Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP:
      Authenticated DoS via Malicious Config Option
    * Sec 3386: NTP-01-011 NTP:
      ntpq_stripquotes() returns incorrect Value
    * Sec 3385: NTP-01-010 NTP:
      ereallocarray()/eallocarray() underused
    * Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code
    * Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver
    * Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP:
      Potential Overflows in ctl_put() functions
    * Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003
      Improper use of snprintf() in mx4200_send()
    * Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002
      Buffer Overflow in ntpq when fetching reslist
    * Sec 3376: NTP-01-001 Makefile does not enforce Security Flags
    * Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin (zero origin) DoS.
    * [Bug 3393] clang scan-build findings
    * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
    * [Bug 3356] Bugfix 3072 breaks multicastclient
    * [Bug 3173] forking async worker: interrupted pipe I/O
    * [Bug 3139] (...) time_pps_create: Exec format error
    * [Bug 3107] Incorrect Logic for Peer Event Limiting
    * [Bug 3062] Change the process name of forked DNS worker
    * [Bug 2923] Trap Configuration Fail
    * [Bug 2896] Nothing happens if minsane < maxclock < minclock
    * [Bug 2851] allow -4/-6 on restrict line with mask
    * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
  - Removed patches:
    * ntp-openssl-version.patch: fixed upstream
    * ntp-processname.patch: accepted upstream
    * ntp-trap.patch: accepted upstream
    * ntp-unbreak-multicast.patch: fixed upstream
  - Remove spurious log messages (bsc#1014172, ntp-warnings.patch).
* Fri Mar 10 2017 max@suse.com
  - Fix a problem with multicast clients.
    (bsc#1018940, ntp-unbreak-multicast.patch)
* Tue Feb 21 2017 kukuk@suse.de
  - Move ntp-kod to /var/lib/ntp, because /var/db is not a
    standard directory and causes problems for transactional updates
    (ntp-move-kod-file.patch)
* Tue Jan 17 2017 max@suse.com
  - Remove 50-ntp.list (bsc#1011919).
  - Use system-wide libevent instead of local copy.
* Mon Nov 28 2016 max@suse.com
  - Simplify ntpd's search for its own executable to prevent AppArmor
    warnings (bsc#956365, ntp-pathfind.patch).
* Mon Nov 21 2016 max@suse.com
  - Update to 4.2.8p9:
    * CVE-2016-9311: Trap crash.
    * CVE-2016-9310: Mode 6 unauthenticated trap information
      disclosure and DDoS vector.
    * CVE-2016-7427: Broadcast Mode Replay Prevention DoS.
    * CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS.
    * CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp
      Bypass.
    * CVE-2016-7434: Null pointer dereference in
      _IO_str_init_static_internal().
    * CVE-2016-7429: Interface selection attack.
    * CVE-2016-7426: Client rate limiting and server responses.
    * CVE-2016-7433: Reboot sync calculation problem.
    * Fix a spurious error message (obsoletes ntp-sigchld.patch).
    * Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.
  - Fix a regression in "trap" (bsc#981252, ntp-trap.patch).
  - Reduce the number of netlink groups to listen on for changes to
    the local network setup (bsc#992606, ntp-netlink.patch).
  - Fix segfault in "sntp -a" (bnc#1009434, ntp-sntp-a.patch).
  - Silence an OpenSSL version warning (bsc#992038,
    ntp-openssl-version.patch).
* Wed Oct 05 2016 guillaume@opensuse.org
  - Depend on pps-tools-devel only for openSUSE > 13.2
* Thu Aug 25 2016 josef.moellers@suse.com
  - Make the resolver task change user and group IDs to the same
    values as the main task. (bnc#988028, ntp-usrgrp-resolver.patch)
* Tue Jun 07 2016 max@suse.com
  - Keep the parent process alive until the daemon has finished
    initialisation, to make sure that the PID file exists when the
    parent returns (ntp-daemonize.patch).
  - Update to 4.2.8p8 (bsc#982056):
    * CVE-2016-4953, bsc#982065: Bad authentication demobilizes
      ephemeral associations.
    * CVE-2016-4954, bsc#982066: Processing spoofed server packets.
    * CVE-2016-4955, bsc#982067: Autokey association reset.
    * CVE-2016-4956, bsc#982068: Broadcast interleave.
    * CVE-2016-4957, bsc#982064: CRYPTO_NAK crash.
  - Change the process name of the forking DNS worker process to
    avoid the impression that ntpd is started twice.
    (bsc#979302, ntp-processname.patch).
  - Don't ignore SIGCHILD because it breaks wait()
    (boo#981422, ntp-sigchld.patch).
  - ntp-wait does not accept fractional seconds, so use 1 instead of
    0.2 in ntp-wait.service (boo#979981).
  - Separate the creation of ntp.keys and key #1 in it to avoid
    problems when upgrading installations that have the file, but
    no key #1, which is needed e.g. by "rcntp addserver".
  - Fix the TZ offset output of sntp during DST.
    (bsc#951559, ntp-sntp-dst.patch)
  - Add /var/db/ntp-kod (bsc#916617).
  - Add ntp-ENOBUFS.patch to limit a warning that might happen
    quite a lot on loaded systems (bsc#956773).
  - Don't wait for 11 minutes to restart ntpd when it has died
    (boo#894031).
* Wed May 04 2016 max@suse.com
  - Update to 4.2.8p7 (bsc#977446):
    * CVE-2016-1547, bsc#977459:
      Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.
    * CVE-2016-1548, bsc#977461: Interleave-pivot
    * CVE-2016-1549, bsc#977451:
      Sybil vulnerability: ephemeral association attack.
    * CVE-2016-1550, bsc#977464: Improve NTP security against buffer
      comparison timing attacks.
    * CVE-2016-1551, bsc#977450:
      Refclock impersonation vulnerability
    * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig
      directives will cause an assertion botch in ntpd.
    * CVE-2016-2517, bsc#977455: remote configuration trustedkey/
      requestkey/controlkey values are not properly validated.
    * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7
      causes array wraparound with MATCH_ASSOC.
    * CVE-2016-2519, bsc#977458: ctl_getitem() return value not
      always checked.
    * integrate ntp-fork.patch
    * Improve the fixes for:
      CVE-2015-7704, CVE-2015-7705, CVE-2015-7974
  - Restrict the parser in the startup script to the first
    occurrance of "keys" and "controlkey" in ntp.conf (boo#957226).
  - Depend on pps-tools-devel to provide timepps.h header to enable
    Linux PPSAPI support to make GPS devices usefull. (boo#977563)
* Fri Mar 11 2016 max@suse.com
  - CVE-2015-8158, bsc#962966: potential infinite loop in ntpq
  - CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass
  - CVE-2015-7978, bsc#963000: Stack exhaustion in recursive
    traversal of restriction list.
  - CVE-2015-7979, bsc#962784: off-path denial of service on
    authenticated broadcast mode
  - CVE-2015-7977, bsc#962970: restriction list NULL pointer
    dereference
  - CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows
    dangerous characters in filenames
  - CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq
  - CVE-2015-7974, bsc#962960: Missing key check allows impersonation
    between authenticated peers
  - CVE-2015-7973, bsc#962995: replay attack on authenticated
    broadcast mode
  - CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make
    a step larger than the panic threshold
* Mon Mar 07 2016 hsk@imb-jena.de
  - update to 4.2.8p6
    * fixes low- and medium-severity vulnerabilities
      4.2.8p6: CVE-2015-8158 CVE-2015-8138 CVE-2015-7978
      CVE-2015-7979 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975
      CVE-2015-7974 CVE-2015-7973
      4.2.8p5: CVE-2015-5300
    * bug fixes
* Mon Jan 18 2016 wbauer@tmo.at
  - Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When
    run as cron job, /usr/sbin/ is not in the path, which caused the
    synchronization to fail. (boo#962318)
* Fri Nov 06 2015 max@suse.com
  - Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty
    port numbers (bsc#782060).
* Thu Oct 29 2015 max@suse.com
  - Update to 4.2.8p4 to fix several security issues (bsc#951608):
    * CVE-2015-7871: NAK to the Future: Symmetric association
      authentication bypass via crypto-NAK
    * CVE-2015-7855: decodenetnum() will ASSERT botch instead of
      returning FAIL on some bogus values
    * CVE-2015-7854: Password Length Memory Corruption Vulnerability
    * CVE-2015-7853: Invalid length data provided by a custom
      refclock driver could cause a buffer overflow
    * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
    * CVE-2015-7851 saveconfig Directory Traversal Vulnerability
    * CVE-2015-7850 remote config logfile-keyfile
    * CVE-2015-7849 trusted key use-after-free
    * CVE-2015-7848 mode 7 loop counter underrun
    * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
    * CVE-2015-7703 configuration directives "pidfile" and
      "driftfile" should only be allowed locally
    * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
      validate the origin timestamp field
    * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
      data packet length checks
    * obsoletes ntp-memlock.patch.
  - Add a controlkey line to /etc/ntp.conf if one does not already
    exist, to allow runtime configuration via ntpq.
  - Use SHA1 instead of MD5 for symmetric keys (bsc#905885).
  - Improve runtime configuration:
    * Read keytype from ntp.conf
    * Don't write ntp keys to syslog.
  - Fix legacy action scripts to pass on command line arguments.
  - Remove ntp.1.gz, it wasn't installed anymore.
  - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.
    The rest is partially irrelevant, partially redundant and
    potentially outdated (bsc#942587).
  - Remove "kod" from the restrict line in ntp.conf (bsc#944300).
* Fri Sep 04 2015 max@suse.com
  - Add "addserver" as a new legacy action.
  - Fix the comment regarding addserver in ntp.conf (bnc#910063).
* Thu Aug 13 2015 max@suse.com
  - Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).
  - Add a controlkey to ntp.conf to make the above work.
  - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.
  - Disable mode 7 (ntpdc) again, now that we don't use it anymore.
* Thu Jul 16 2015 max@suse.com
  - Update to version 4.2.8p3 which incorporates all security fixes
    and most other patches we have so far (fate#319040).
    More information on:
    http://archive.ntp.org/ntp4/ChangeLog-stable
  - Disable chroot by default (bnc#926510).
  - Enable ntpdc for backwards compatibility (bnc#920238).
* Tue Apr 07 2015 hsk@imb-jena.de
  - update to 4.2.8p2
    * fixes CVE-2015-1798, CVE-2015-1799 (medium-severity
      vulnerabilities involving private key authentication)
    * bug fixes and enhancements
    * New script: update-leap
* Fri Mar 27 2015 max@suse.com
  - /bin/logger is needed for runtime configuration (bnc#924451).
* Mon Mar 16 2015 hsk@imb-jena.de
  - update to 4.2.8p1
    * fixes CVE-2014-9297, CVE-2014-9298
    * over 30 bugfixes and improvements
  - update to 4.2.8
    * fixes CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
    * changed Internal NTP Era counters
    * ntpdc responses disabled by default
    * over 1100 issues resolved between the 4.2.6 branch and 4.2.8
  - adjusted patches to fit 4.2.8p1:
    ntp-segfault_on_invalid_device.patch bnc#506908.diff MOD_NANO.diff
  - removed obsolete / now-in-upstream patches:
    ntpd-maxmonmen.patch ntp-code-cleanup.patch ntp-sntp-recverr.patch
    bnc#817893.patch ntp-CVE-2014-9295.patch ntp-CVE-2014-9296.patch
  - changes to spec file:
    * added --datadir (for private perl module needed by ntp scripts)
      and --html-dir (html docs now get installed by "make install")
      to configure options
    * script ntp-wait has moved in source tree
* Mon Mar 16 2015 crrodriguez@opensuse.org
  - *.service: Do not start ntpd when running on containers
    or when CAP_SYS_TIME was dropped from the default capability
    set ( see SYSTEMD-SYSTEM.CONF(5) for details)
* Sun Mar 08 2015 wbauer@tmo.at
  - Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When
    run as cron job, /usr/sbin/ is not in the path, which caused the
    synchronization to fail. (boo#901751)
* Wed Jan 21 2015 dimstar@opensuse.org
  - Add ntp.NetworkManager: install NetworkManager dipatcher hook:
    if the DHCP Server delivers NTP Servers, accept those and
    configure NTP using the information (boo#900982).
* Sun Jan 04 2015 mpluskal@suse.com
  - Enable avahi support
* Fri Dec 19 2014 max@suse.com
  - bnc#910764: VU#852879 ntp security fixes
    * A potential remote code execution problem was found inside
      ntpd. The functions crypto_recv() (when using autokey
      authentication), ctl_putdata(), and configure() where updated
      to avoid buffer overflows that could be
      exploited. (CVE-2014-9295)
    * Furthermore a problem inside the ntpd error handling was found
      that is missing a return statement. This could also lead to a
      potentially attack vector. (CVE-2014-9296)
  - ntp-CVE-2014-9295.patch and ntp-CVE-2014-9296.patch will be
    obsoleted by the upcoming update to version 4.2.8.
* Tue Dec 02 2014 obs@botter.cc
  - fix typo in version check regarding
    /usr/lib/initscripts/legacy-actions to fix build for <= 13.1

Files

/etc/NetworkManager
/etc/NetworkManager/dispatcher.d
/etc/NetworkManager/dispatcher.d/ntp
/etc/logrotate.d/ntp
/etc/ntp.conf
/etc/slp.reg.d
/etc/slp.reg.d/ntp.reg
/etc/sysconfig/SuSEfirewall2.d/services/ntp
/usr/lib/initscripts/legacy-actions/ntpd
/usr/lib/initscripts/legacy-actions/ntpd/addserver
/usr/lib/initscripts/legacy-actions/ntpd/ntptimeset
/usr/lib/systemd/system/ntp-wait.service
/usr/lib/systemd/system/ntpd.service
/usr/sbin/calc_tickadj
/usr/sbin/ntp-keygen
/usr/sbin/ntp-wait
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc
/usr/sbin/ntpq
/usr/sbin/ntptime
/usr/sbin/ntptrace
/usr/sbin/rcntp-wait
/usr/sbin/rcntpd
/usr/sbin/sntp
/usr/sbin/start-ntpd
/usr/sbin/tickadj
/usr/sbin/update-leap
/usr/share/doc/packages/ntp
/usr/share/doc/packages/ntp/COPYRIGHT
/usr/share/doc/packages/ntp/ChangeLog
/usr/share/doc/packages/ntp/NEWS
/usr/share/doc/packages/ntp/README
/usr/share/doc/packages/ntp/README.SUSE
/usr/share/doc/packages/ntp/README.bk
/usr/share/doc/packages/ntp/README.hackers
/usr/share/doc/packages/ntp/README.leapsmear
/usr/share/doc/packages/ntp/README.patches
/usr/share/doc/packages/ntp/README.pullrequests
/usr/share/doc/packages/ntp/README.refclocks
/usr/share/doc/packages/ntp/README.versions
/usr/share/doc/packages/ntp/TODO
/usr/share/doc/packages/ntp/WHERE-TO-START
/usr/share/doc/packages/ntp/conf
/usr/share/doc/packages/ntp/conf/README
/usr/share/doc/packages/ntp/conf/baldwin.conf
/usr/share/doc/packages/ntp/conf/beauregard.conf
/usr/share/doc/packages/ntp/conf/grundoon.conf
/usr/share/doc/packages/ntp/conf/malarky.conf
/usr/share/doc/packages/ntp/conf/pogo.conf
/usr/share/doc/packages/ntp/conf/rackety.conf
/usr/share/fillup-templates/sysconfig.ntp
/usr/share/fillup-templates/sysconfig.syslog-ntp
/usr/share/man/man1/calc_tickadj.1.gz
/usr/share/man/man1/ntp-keygen.1.gz
/usr/share/man/man1/ntp-wait.1.gz
/usr/share/man/man1/ntpd.1.gz
/usr/share/man/man1/ntpdc.1.gz
/usr/share/man/man1/ntpq.1.gz
/usr/share/man/man1/ntptrace.1.gz
/usr/share/man/man1/sntp.1.gz
/usr/share/man/man1/update-leap.1.gz
/usr/share/man/man5/ntp.conf.5.gz
/usr/share/man/man5/ntp.keys.5.gz
/usr/share/man/man8/ntptime.8.gz
/usr/share/ntp
/usr/share/ntp/lib
/usr/share/ntp/lib/NTP
/usr/share/ntp/lib/NTP/Util.pm
/usr/share/omc/svcinfo.d/ntp.xml
/var/lib/ntp
/var/lib/ntp/dev
/var/lib/ntp/drift
/var/lib/ntp/etc
/var/lib/ntp/etc/ntp.conf.iburst
/var/lib/ntp/kod
/var/lib/ntp/var
/var/lib/ntp/var/lib
/var/lib/ntp/var/lib/ntp
/var/lib/ntp/var/run
/var/lib/ntp/var/run/ntp
/var/log/ntp


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 11:45:28 2024