Changelog for
ntpsec-devel-1.2.2a-2.2.x86_64.rpm :
* Thu Feb 22 2024 Dominique Leuenberger
- Use %patch -P N instead of deprecated %patchN.
* Sat Nov 25 2023 Dirk Müller - update to 1.2.2a (bsc#1214024, CVE-2023-4012):
* Fix a crash in ntpd if NTS is disabled and an NTS-enabled client request (mode 3) is received. (CVE-2023-4012)
* Mon Feb 06 2023 Marcus Meissner - Updated to version 1.2.2 - Restore/cleanup NTPv1 support - ntpq sysstats now shows NTPv1 traffic. - NTPv1 counter added to sysstats log file. - NTS supports partial wildcards, for example
*.example.com - Work on documentation, ntpdate, ntpheat, ntploggpg, ntpq\'s sysstats, ntpviz, and seccomp. - NTP auth no longer breaks on NULs. - The NTS server now saves 10 days worth of cookie keys. This will allow clients that only poll once a day to use NTS without using NTS-KE to keep cookies up to date. - rawstats now logs dropped packets and their BOGON code - Only one per request to avoid DoSing the log file - This lets you see packets that take too long. - Add 4 or 6 to DNS/NTS RefID tags to indicate that the DNS or NTS-KE has succeeded but NTP has not worked yet. - Build improvements - Restore Python 2.6 support - Restore LibreSSL support - Add support for OpenSSL 3.0 - Fix hash validation in ntpleapfetch again. - FreeBSD now gets nanosecond resolution on receive time stamps.- added ntpsec.keyring
* Tue Oct 12 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_ntp-wait.service.patch
* harden_ntpd.service.patch
* harden_ntplogtemp.service.patch
* harden_ntpviz-daily.service.patch
* harden_ntpviz-weekly.service.patch
* Wed Jun 09 2021 Martin Hauke - Update to version 1.2.1
* Update ntpkeygen/keygone to properly filter # characters. Fix security issue: CVE-2021-22212
* Add dextral peers mode in ntpq and ntpmon.
* Drop NTPv1 as the support was not RFC compliant, maybe v2 except mode 6 next.
* Fix argument P for ntpd parsing fixed and ntpdate improvements.
* Fix crash for raw ntpq readvar.
* Add processor usage to NTS-KE logging except on NetBSD.
* Remove --build-epoch and replace it with arbitrary - -build-desc text. Passing \'--build-desc=$(date -u +%Y-%m-%dT%H:%M:%Sz)\' restores the previous default extended version.
* The build epoch has been replaced with a hardcoded timestamp which will be manually updated every nine years or so (approx 512w). This makes the binaries reproducible by default.
* Compare versions of ntp.ntpc and libntpc printing a warning if mismatched. Fix libntpc install path if using it.
* Reduce maxclocks default to 5 to reduce the NTP pool load.
* Print LIBDIR during ./waf configure.
* Add documentation, new GPG key, and other cleanups.- Update to version 1.2.0
* The minor version bump is to indicate official official support of RFC8915 \"Network Time Security for the Network Time Protocol\" which was released 2020-09-30.
* NTS-KE client now defaults to port 4460.
* NTS-KE server now listens on port 4460. (Listening on port 123 has been removed.)
* The shebang of installed Python scripts can now be customized with: waf configure --pyshebang=\"…\" This has multiple uses, but one example is for distros (like CentOS 8 or Ubuntu 20.04) with no python executable: python3 waf configure - -pyshebang=\"/usr/bin/env python3\"
* NTP clients now use a shared library with Python instead of an extension.
* Add flakiness option to ntpq and fixed limit=1 in mrulist.
* Fixed a minor formatting issue in rate page.- Create subpackages for libntpc and ntpsec-devel
* Fri Jan 08 2021 Martin Hauke - Let system-user-ntp handle the user/group generation
* Fri May 29 2020 Christophe Giboudeaux - Update to 1.1.9. See the NEWS.adoc file for the full list of changes.
* Correctly parse ntpq :config output on Python 3 and check return MACs.
* Add AES and other algorithm support to ntpq and ntpdig, from OpenSSL.
* Remove support for NetInfo.
* The default restrictions now start with noquery and limited to reduce the opportunities for being used for DDoS-ing.
* NTS client now requires ALPN on TLSv1.3.
* asciidoctor (1.5.8 or newer) is now supported and is the preferred AsciiDoc processor.
* Mon Feb 17 2020 Tomáš Chvátal - Update to 1.1.8:
* Fix bug in NTS-KE client so that NTP server names work.
* Fix/tweak several NTS logging messages.
* Mon Oct 14 2019 Tomáš Chvátal - Update the unit install commands wrt bsc#1153841
* Mon Oct 14 2019 Tomáš Chvátal - Update to 1.1.7 bsc#1153841:
* The numeric literal argument of the \'time1\' fudge option on a clock can now have one or more letter suffixes that compensate for era rollover in a GPS device. Each \"g\" adds the number of seconds in a 1024-week (10-bit) GPS era. Each \"G\" adds the number of seconds in a 8192-week (13-bit) GPS era.
* The neoclock4x driver has been removed, due to the hardware and the vendor having utterly vanished from the face of the earth.
* The NTS ALPN negotiation sequence has been modified for improved interoperability with other NTS implementations.
* NTS key rotation now happens every 24 hours. It used to rotate every hour to enable testing of recovery from stale cookies.- Remove merged patch ntpsec-1.1.6-update-waf.patch- Enable documentation build