pool/ntp - ntp - openSUSE Gitea

pool/ntp

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Reinhard Max	68a3f48f2a	- Update ro 4.2.8p13 * CVE-2019-8936, bsc#1128525: Crafted null dereference attack in authenticated mode 6 packet. * Fix several bugs in the BANCOMM reclock driver. * Fix ntp_loopfilter.c snprintf compilation warnings. * Fix spurious initgroups() error message. * Fix STA_NANO struct timex units. * Fix GPS week rollover in libparse. * Fix incorrect poll interval in packet. * Add a missing check for ENABLE_CMAC. OBS-URL: https://build.opensuse.org/package/show/network:time/ntp?expand=0&rev=180	2019-03-11 16:01:00 +00:00
Reinhard Max	39680178a6	- Update to 4.2.8p12 * CVE-2018-12327, bsc#1098531: fixed stack buffer overflow in the openhost() command-line call of NTPQ/NTPDC. * Further tweaks to improve the fix for CVE-2018-7170. * ntp-usrgrp-resolver.patch was integrated upstream. - Don't run autoreconf anymore and remove all related hacks and BuildRequires. OBS-URL: https://build.opensuse.org/package/show/network:time/ntp?expand=0&rev=176	2018-10-08 14:16:15 +00:00
Reinhard Max	e30cd939cd	- Update to 4.2.8p10 (bsc#1082210): * CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. * CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak. * CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral associations. * CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot recover from bad state. * CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset authenticated interleaved association. * CVE-2018-7183, 1083417: ntpq:decodearr() can write beyond its buffer limit. * Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch - Remove dead code from conf.start-ntpd (bsc#1082063). - Don't use libevent's cached time stamps in sntp. (bsc#1077445, ntp-sntp-libevent.patch) OBS-URL: https://build.opensuse.org/package/show/network:time/ntp?expand=0&rev=170	2018-03-06 13:22:11 +00:00

Author

SHA256

Message

Date

Reinhard Max

68a3f48f2a

- Update ro 4.2.8p13

* CVE-2019-8936, bsc#1128525: Crafted null dereference attack in
    authenticated mode 6 packet.
  * Fix several bugs in the BANCOMM reclock driver.
  * Fix ntp_loopfilter.c snprintf compilation warnings.
  * Fix spurious initgroups() error message.
  * Fix STA_NANO struct timex units.
  * Fix GPS week rollover in libparse.
  * Fix incorrect poll interval in packet.
  * Add a missing check for ENABLE_CMAC.

OBS-URL: https://build.opensuse.org/package/show/network:time/ntp?expand=0&rev=180

2019-03-11 16:01:00 +00:00

Reinhard Max

39680178a6

- Update to 4.2.8p12

* CVE-2018-12327, bsc#1098531: fixed stack buffer overflow in
    the openhost() command-line call of NTPQ/NTPDC.
  * Further tweaks to improve the fix for CVE-2018-7170.
  * ntp-usrgrp-resolver.patch was integrated upstream.
- Don't run autoreconf anymore and remove all related hacks and
  BuildRequires.

OBS-URL: https://build.opensuse.org/package/show/network:time/ntp?expand=0&rev=176

2018-10-08 14:16:15 +00:00

Reinhard Max

e30cd939cd

- Update to 4.2.8p10 (bsc#1082210):

* CVE-2016-1549: Sybil vulnerability: ephemeral association
    attack. While fixed in ntp-4.2.8p7, there are significant
    additional protections for this issue in 4.2.8p11.
  * CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun
    leads to undefined behavior and information leak.
  * CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral
    associations.
  * CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot
    recover from bad state.
  * CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset
    authenticated interleaved association.
  * CVE-2018-7183, 1083417: ntpq:decodearr() can write beyond its
    buffer limit.
  * Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch
- Remove dead code from conf.start-ntpd (bsc#1082063).
- Don't use libevent's cached time stamps in sntp.
  (bsc#1077445, ntp-sntp-libevent.patch)

OBS-URL: https://build.opensuse.org/package/show/network:time/ntp?expand=0&rev=170

2018-03-06 13:22:11 +00:00

3 Commits