SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ntp-debugsource-4.2.8p15-lp152.3.12.1.x86_64.rpm :

* Tue Jun 15 2021 Reinhard Max - bsc#1186431: Fix a typo in %post .
* Thu May 20 2021 Reinhard Max - jsc#SLE-15482, ntp-clarify-interface.patch: Adjust the documentation to clarify that \"interface ignore all\" does not cover the wildcard and localhost addresses.
* Thu Apr 22 2021 Reinhard Max - bsc#1185171: Use /run instead of /var/run for PIDFile in ntpd.service.
* Thu Jun 25 2020 Reinhard Max - Update to 4.2.8p15- Fixed security issues:
* bsc#1169740, CVE-2020-11868: DoS on client ntpd using server mode packet
* bsc#1171355, CVE-2018-8956: remote attackers may prevent a broadcast client from synchronizing its clock with a broadcast NTP server via spoofed mode 3 and mode 5 packets.
* bsc#1172651, CVE-2020-13817: vulnerable to off-path attack
* bsc#1173334, CVE-2020-15025: Remote DoS when CMAC key is used- Bugfixes in 4.2.8p15 and 4.2.8p14 include:
* [Bug 3667] decodenetnum fails with numeric port
* [Bug 3666] avoid unlimited receive buffer allocation
* [Bug 3660] Manycast orphan mode startup discovery problem.
* [Bug 3655] ntpdc memstats hash counts
* [Bug 3653] Refclock jitter RMS calculation
* [Bug 3646] Avoid sync with unsync orphan
* [Bug 3644] Unsynchronized server [...] selected as candidate
* [Bug 3636] NMEA: combine time/date from multiple sentences
* [Bug 3635] Make leapsecond file hash check optional
* [Bug 3628] raw DCF decoding - improve robustness
* [Bug 3620] memory leak in ntpq sysinfo
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo
* [Bug 3617] Add support for ACE III and Copernicus II receivers
* [Bug 3615] accelerate refclock startup
* [Bug 3613] Propagate noselect to mobilized pool servers
* [Bug 3612] Use-of-uninitialized-value in receive function
* [Bug 3611] NMEA time interpreted incorrectly
* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter
* [Bug 3604] Wrong param byte order passing into record_raw_stats() in ntp_io.c
* [Bug 3594] ntpd discards messages coming through nmead
* [Bug 3593] ntpd discards silently nmea messages after the 5th string
* [Bug 3590] Update refclock_oncore.c to the new GPS date API
* [Bug 3583] synchronization error - set clock to base date if system time is before that limit
* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled
* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc)
* [Bug 3577] Update refclock_zyfer.c to the new GPS date API
* [Bug 3576] New GPS date function API
* [Bug 3573] nptdate: missleading error message
* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for \'ntpadjtimex()\'
* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH
* [Bug 3542] ntpdc monlist parameters cannot be set
* [Bug 3533] ntpdc peer_info ipv6 issues
* [Bug 3531] make check: test-decodenetnum fails
* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code
* [Bug 3491] Signed values of LFP datatypes should always display a sign
* [Bug 3490] Patch to support Trimble Resolution Receivers
* [Bug 3473] RefID of refclocks should always be text format
* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network
* [Bug 2420] ntpd doesn\'t run and exits with retval 0 when invalid user is specified with -u
* [Bug 1433] runtime check whether the kernel really supports capabilities
* Provide more detail on unrecognized config file parser tokens.
* Startup log improvements.- Obsoleted patches:
* ntp-4.2.6p2-ntpq-speedup-782060.patch
* ntp-daemonize.patch
* ntp-reproducible.patch- Silence an OpenSSL version warning (bsc#992038,bsc#1125401 ntp-openssl-version.patch).
* Mon Mar 11 2019 Reinhard Max - Update to 4.2.8p13
* CVE-2019-8936, bsc#1128525: Crafted null dereference attack in authenticated mode 6 packet.
* Fix several bugs in the BANCOMM reclock driver.
* Fix ntp_loopfilter.c snprintf compilation warnings.
* Fix spurious initgroups() error message.
* Fix STA_NANO struct timex units.
* Fix GPS week rollover in libparse.
* Fix incorrect poll interval in packet.
* Add a missing check for ENABLE_CMAC.
* Tue Sep 11 2018 maxAATTsuse.com- Update to 4.2.8p12 (bsc#1111853):
* CVE-2018-12327, bsc#1098531: fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC.
* Add further tweaks to improve the fix for CVE-2018-7170, bsc#1083424.
* ntp-usrgrp-resolver.patch was integrated upstream.- Don\'t run autoreconf anymore and remove all related hacks and BuildRequires.
* Tue Apr 24 2018 maxAATTsuse.com- Refactor the key handling in %post so that it does not overwrite user settings (bsc#1036505) and is more robust against ignored SIGPIPE (bsc#1090564).
* Sun Mar 18 2018 suse-betaAATTcboltz.de- change example statsdir in ntp.conf to /var/log/ntpstats/ to match the AppArmor profile (boo#1076247)
* Wed Feb 28 2018 maxAATTsuse.com- Update to 4.2.8p11 (bsc#1082210):
* CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11.
* CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak.
* CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral associations.
* CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot recover from bad state.
* CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset authenticated interleaved association.
* CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond its buffer limit.
* Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch- Remove dead code from conf.start-ntpd (bsc#1082063).- Don\'t use libevent\'s cached time stamps in sntp. (bsc#1077445, ntp-sntp-libevent.patch)
* Thu Dec 21 2017 bwiedemannAATTsuse.com- Add ntp-reproducible.patch to make build reproducible (boo#1047218)
* Tue Dec 19 2017 maxAATTsuse.com- Restart nptd if failed or aborted (FATE#315133).- Do not try to set the HW clock when adding a server at runtime to avoid blocking systemd.
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Thu Apr 06 2017 maxAATTsuse.com- Enable experimental leap smearing (fate#321003). See /usr/share/doc/packages/ntp/README.leapsmear for details.
* Thu Apr 06 2017 ajAATTajaissle.de- Fix spelling and default values in conf.sysconfig.ntp
* Wed Mar 22 2017 maxAATTsuse.com- Update to 4.2.8p10 (bsc#1030050):
* Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via Malformed Config
* Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in DPTS Clock
* Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option
* Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value
* Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused
* Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code
* Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver
* Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in ctl_put() functions
* Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf() in mx4200_send()
* Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq when fetching reslist
* Sec 3376: NTP-01-001 Makefile does not enforce Security Flags
* Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin (zero origin) DoS.
* [Bug 3393] clang scan-build findings
* [Bug 3363] Support for openssl-1.1.0 without compatibility modes
* [Bug 3356] Bugfix 3072 breaks multicastclient
* [Bug 3173] forking async worker: interrupted pipe I/O
* [Bug 3139] (...) time_pps_create: Exec format error
* [Bug 3107] Incorrect Logic for Peer Event Limiting
* [Bug 3062] Change the process name of forked DNS worker
* [Bug 2923] Trap Configuration Fail
* [Bug 2896] Nothing happens if minsane < maxclock < minclock
* [Bug 2851] allow -4/-6 on restrict line with mask
* [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags- Removed patches:
* ntp-openssl-version.patch: fixed upstream
* ntp-processname.patch: accepted upstream
* ntp-trap.patch: accepted upstream
* ntp-unbreak-multicast.patch: fixed upstream- Remove spurious log messages (bsc#1014172, ntp-warnings.patch).
* Fri Mar 10 2017 maxAATTsuse.com- Fix a problem with multicast clients. (bsc#1018940, ntp-unbreak-multicast.patch)
* Tue Feb 21 2017 kukukAATTsuse.de- Move ntp-kod to /var/lib/ntp, because /var/db is not a standard directory and causes problems for transactional updates (ntp-move-kod-file.patch)
* Tue Jan 17 2017 maxAATTsuse.com- Remove 50-ntp.list (bsc#1011919).- Use system-wide libevent instead of local copy.
* Mon Nov 28 2016 maxAATTsuse.com- Simplify ntpd\'s search for its own executable to prevent AppArmor warnings (bsc#956365, ntp-pathfind.patch).
* Mon Nov 21 2016 maxAATTsuse.com- Update to 4.2.8p9:
* CVE-2016-9311: Trap crash.
* CVE-2016-9310: Mode 6 unauthenticated trap information disclosure and DDoS vector.
* CVE-2016-7427: Broadcast Mode Replay Prevention DoS.
* CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS.
* CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp Bypass.
* CVE-2016-7434: Null pointer dereference in _IO_str_init_static_internal().
* CVE-2016-7429: Interface selection attack.
* CVE-2016-7426: Client rate limiting and server responses.
* CVE-2016-7433: Reboot sync calculation problem.
* Fix a spurious error message (obsoletes ntp-sigchld.patch).
* Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.- Fix a regression in \"trap\" (bsc#981252, ntp-trap.patch).- Reduce the number of netlink groups to listen on for changes to the local network setup (bsc#992606, ntp-netlink.patch).- Fix segfault in \"sntp -a\" (bnc#1009434, ntp-sntp-a.patch).- Silence an OpenSSL version warning (bsc#992038, ntp-openssl-version.patch).
* Wed Oct 05 2016 guillaumeAATTopensuse.org- Depend on pps-tools-devel only for openSUSE > 13.2
* Thu Aug 25 2016 josef.moellersAATTsuse.com- Make the resolver task change user and group IDs to the same values as the main task. (bnc#988028, ntp-usrgrp-resolver.patch)
* Tue Jun 07 2016 maxAATTsuse.com- Keep the parent process alive until the daemon has finished initialisation, to make sure that the PID file exists when the parent returns (ntp-daemonize.patch).- Update to 4.2.8p8 (bsc#982056):
* CVE-2016-4953, bsc#982065: Bad authentication demobilizes ephemeral associations.
* CVE-2016-4954, bsc#982066: Processing spoofed server packets.
* CVE-2016-4955, bsc#982067: Autokey association reset.
* CVE-2016-4956, bsc#982068: Broadcast interleave.
* CVE-2016-4957, bsc#982064: CRYPTO_NAK crash.- Change the process name of the forking DNS worker process to avoid the impression that ntpd is started twice. (bsc#979302, ntp-processname.patch).- Don\'t ignore SIGCHILD because it breaks wait() (boo#981422, ntp-sigchld.patch).- ntp-wait does not accept fractional seconds, so use 1 instead of 0.2 in ntp-wait.service (boo#979981).- Separate the creation of ntp.keys and key #1 in it to avoid problems when upgrading installations that have the file, but no key #1, which is needed e.g. by \"rcntp addserver\".- Fix the TZ offset output of sntp during DST. (bsc#951559, ntp-sntp-dst.patch)- Add /var/db/ntp-kod (bsc#916617).- Add ntp-ENOBUFS.patch to limit a warning that might happen quite a lot on loaded systems (bsc#956773).- Don\'t wait for 11 minutes to restart ntpd when it has died (boo#894031).
* Wed May 04 2016 maxAATTsuse.com- Update to 4.2.8p7 (bsc#977446):
* CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.
* CVE-2016-1548, bsc#977461: Interleave-pivot
* CVE-2016-1549, bsc#977451: Sybil vulnerability: ephemeral association attack.
* CVE-2016-1550, bsc#977464: Improve NTP security against buffer comparison timing attacks.
* CVE-2016-1551, bsc#977450: Refclock impersonation vulnerability
* CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig directives will cause an assertion botch in ntpd.
* CVE-2016-2517, bsc#977455: remote configuration trustedkey/ requestkey/controlkey values are not properly validated.
* CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC.
* CVE-2016-2519, bsc#977458: ctl_getitem() return value not always checked.
* integrate ntp-fork.patch
* Improve the fixes for: CVE-2015-7704, CVE-2015-7705, CVE-2015-7974- Restrict the parser in the startup script to the first occurrance of \"keys\" and \"controlkey\" in ntp.conf (boo#957226).- Depend on pps-tools-devel to provide timepps.h header to enable Linux PPSAPI support to make GPS devices usefull. (boo#977563)
* Fri Mar 11 2016 maxAATTsuse.com- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq- CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass- CVE-2015-7978, bsc#963000: Stack exhaustion in recursive traversal of restriction list.- CVE-2015-7979, bsc#962784: off-path denial of service on authenticated broadcast mode- CVE-2015-7977, bsc#962970: restriction list NULL pointer dereference- CVE-2015-7976, bsc#962802: \'ntpq saveconfig\' command allows dangerous characters in filenames- CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq- CVE-2015-7974, bsc#962960: Missing key check allows impersonation between authenticated peers- CVE-2015-7973, bsc#962995: replay attack on authenticated broadcast mode- CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make a step larger than the panic threshold
* Mon Mar 07 2016 hskAATTimb-jena.de- update to 4.2.8p6
* fixes low- and medium-severity vulnerabilities 4.2.8p6: CVE-2015-8158 CVE-2015-8138 CVE-2015-7978 CVE-2015-7979 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975 CVE-2015-7974 CVE-2015-7973 4.2.8p5: CVE-2015-5300
* bug fixes
* Mon Jan 18 2016 wbauerAATTtmo.at- Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#962318)
* Fri Nov 06 2015 maxAATTsuse.com- Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty port numbers (bsc#782060).
* Thu Oct 29 2015 maxAATTsuse.com- Update to 4.2.8p4 to fix several security issues (bsc#951608):
* CVE-2015-7871: NAK to the Future: Symmetric association authentication bypass via crypto-NAK
* CVE-2015-7855: decodenetnum() will ASSERT botch instead of returning FAIL on some bogus values
* CVE-2015-7854: Password Length Memory Corruption Vulnerability
* CVE-2015-7853: Invalid length data provided by a custom refclock driver could cause a buffer overflow
* CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
* CVE-2015-7851 saveconfig Directory Traversal Vulnerability
* CVE-2015-7850 remote config logfile-keyfile
* CVE-2015-7849 trusted key use-after-free
* CVE-2015-7848 mode 7 loop counter underrun
* CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
* CVE-2015-7703 configuration directives \"pidfile\" and \"driftfile\" should only be allowed locally
* CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should validate the origin timestamp field
* CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey data packet length checks
* obsoletes ntp-memlock.patch.- Add a controlkey line to /etc/ntp.conf if one does not already exist, to allow runtime configuration via ntpq.- Use SHA1 instead of MD5 for symmetric keys (bsc#905885).- Improve runtime configuration:
* Read keytype from ntp.conf
* Don\'t write ntp keys to syslog.- Fix legacy action scripts to pass on command line arguments.- Remove ntp.1.gz, it wasn\'t installed anymore.- Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz. The rest is partially irrelevant, partially redundant and potentially outdated (bsc#942587).- Remove \"kod\" from the restrict line in ntp.conf (bsc#944300).
* Fri Sep 04 2015 maxAATTsuse.com- Add \"addserver\" as a new legacy action.- Fix the comment regarding addserver in ntp.conf (bnc#910063).
* Thu Aug 13 2015 maxAATTsuse.com- Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).- Add a controlkey to ntp.conf to make the above work.- Don\'t let \"keysdir\" lines in ntp.conf trigger the \"keys\" parser.- Disable mode 7 (ntpdc) again, now that we don\'t use it anymore.
* Thu Jul 16 2015 maxAATTsuse.com- Update to version 4.2.8p3 which incorporates all security fixes and most other patches we have so far (fate#319040). More information on: http://archive.ntp.org/ntp4/ChangeLog-stable- Disable chroot by default (bnc#926510).- Enable ntpdc for backwards compatibility (bnc#920238).
* Tue Apr 07 2015 hskAATTimb-jena.de- update to 4.2.8p2
* fixes CVE-2015-1798, CVE-2015-1799 (medium-severity vulnerabilities involving private key authentication)
* bug fixes and enhancements
* New script: update-leap
* Fri Mar 27 2015 maxAATTsuse.com- /bin/logger is needed for runtime configuration (bnc#924451).
* Mon Mar 16 2015 hskAATTimb-jena.de- update to 4.2.8p1
* fixes CVE-2014-9297, CVE-2014-9298
* over 30 bugfixes and improvements- update to 4.2.8
* fixes CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
* changed Internal NTP Era counters
* ntpdc responses disabled by default
* over 1100 issues resolved between the 4.2.6 branch and 4.2.8- adjusted patches to fit 4.2.8p1: ntp-segfault_on_invalid_device.patch bnc#506908.diff MOD_NANO.diff- removed obsolete / now-in-upstream patches: ntpd-maxmonmen.patch ntp-code-cleanup.patch ntp-sntp-recverr.patch bnc#817893.patch ntp-CVE-2014-9295.patch ntp-CVE-2014-9296.patch- changes to spec file:
* added --datadir (for private perl module needed by ntp scripts) and --html-dir (html docs now get installed by \"make install\") to configure options
* script ntp-wait has moved in source tree
* Mon Mar 16 2015 crrodriguezAATTopensuse.org-
*.service: Do not start ntpd when running on containers or when CAP_SYS_TIME was dropped from the default capability set ( see SYSTEMD-SYSTEM.CONF(5) for details)
* Sun Mar 08 2015 wbauerAATTtmo.at- Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When run as cron job, /usr/sbin/ is not in the path, which caused the synchronization to fail. (boo#901751)
* Wed Jan 21 2015 dimstarAATTopensuse.org- Add ntp.NetworkManager: install NetworkManager dipatcher hook: if the DHCP Server delivers NTP Servers, accept those and configure NTP using the information (boo#900982).
* Sun Jan 04 2015 mpluskalAATTsuse.com- Enable avahi support
* Fri Dec 19 2014 maxAATTsuse.com- bnc#910764: VU#852879 ntp security fixes
* A potential remote code execution problem was found inside ntpd. The functions crypto_recv() (when using autokey authentication), ctl_putdata(), and configure() where updated to avoid buffer overflows that could be exploited. (CVE-2014-9295)
* Furthermore a problem inside the ntpd error handling was found that is missing a return statement. This could also lead to a potentially attack vector. (CVE-2014-9296)- ntp-CVE-2014-9295.patch and ntp-CVE-2014-9296.patch will be obsoleted by the upcoming update to version 4.2.8.
* Tue Dec 02 2014 obsAATTbotter.cc- fix typo in version check regarding /usr/lib/initscripts/legacy-actions to fix build for <= 13.1
  
ICM