b55e6a4be998dbe44506ee0981fff92d4.2.4p4unknown21f93671dfc52f8b6671298fdfeb1f764.2.4p4unknown575f739b9986489ab8e59ff86727bbb54.2.4p4unknown9a402164af32df9a5eb278d379919e294.2.4p4unknown9a6e2e120e76db16894c35da61a926c24.2.4p4unknown1a443b2716999a084d382fbe3cec1ab94.2.4p4unknowned89caf8f679d97289e6ee2eff0a04b84.2.4p4unknown97a4327c040a8fcfd70204d98b1007554.2.4p4unknowne016474571e92802dae9580331f4bc7f4.2.4p4unknownc955e0736d76ba47028ef4dcf2a4966e4.2.4p4unknownf4b65dbcb08e3fa2eb36e42ec9beee7e4.2.4p4unknown486b0240dd9522714c212f25ce770f844.2.4p4unknown4f84168251c0be48eb21fc8be7be94344.2.4p5unknown96434074ebafafd23e298261a468bf654.2.4p5unknownd1fb1c9c702cb88296b1ff56544f50804.2.4p5unknown20653674c8cc7795434a0f19d87a77ee4.2.4p5unknown53b5aba2c1d10ab4158bf488fd60faba4.2.4p5unknownd5fa2f9012ec3ed6b529a759dff468494.2.4p5unknown12c699605100c245e5fc05ca2187c1a14.2.4p5unknown5a3d8b5396256026fadeb56df2e47f654.2.4p5unknowndbace1bb4394946eeaa972a5fe7a23414.2.4p5unknownbc9e7271aa0622436a83d7c83a0ad3cc4.2.4p5unknown2c70acc998d612110a8961b6c8b98c9c4.2.4p5unknown22d398ee1706b26bc6eae15f3cfab7fc4.2.4p5unknown4e45c7be2dd372fe7cdce4422237476f4.2.4p5unknownf90a9e0661296218fcdcfb7aca8e6d414.2.4p6unknown4de48338f69eb8dbe35844d9b2313f854.2.4p6unknown0008326ecf886b6e75ce37447f605c484.2.4p7unknownf1ef7f5f715c097218bd954bc0ea201d4.2.4p7unknown2cf749d584b471035cd067d471c91cbc4.2.4p7unknown7033bce95e2e4e166ccaafad4487817a4.2.4p7unknown592d96ae78e92ad921a0677d4fedffbd4.2.4p7autobuildCopy from network:time/ntp based on submit request 21637 from user seife
592d96ae78e92ad921a0677d4fedffbd4.2.4p7autobuildCopy from network:time/ntp based on submit request 21637 from user seife
0cc87db3ed8ffde6f81a1dd9749823f44.2.4p7autobuildCopy from network:time/ntp based on submit request 25229 from user seife
aae59883014ddd7e581e5364cb315a6b4.2.4p8autobuildCopy from network:time/ntp based on submit request 26116 from user varkoly
d24a25097e5884d22a25a8b265af51444.2.4p8autobuildCopy from network:time/ntp based on submit request 28239 from user coolo
e4c00b93e3e14d055f83f24450e0ddf24.2.4p8autobuilde8e4fd48d145fa109fd1942ef7e0ac664.2.4p8autobuildCopy from network:time/ntp based on submit request 35326 from user varkoly
353261d4ff9bd599ad902b3dacfc8a7dee9694.2.4p8autobuildCopy from network:time/ntp based on submit request 37598 from user varkoly
375986e198c832d79455f703f726524afb4e14.2.4p8autobuildCopy from network:time/ntp based on submit request 38574 from user varkoly
385746e198c832d79455f703f726524afb4e14.2.4p8autobuildrelease number sync6e198c832d79455f703f726524afb4e14.2.4p8autobuildrelease number syncf8704bba9289efaf17171f5ac043e9c24.2.4p8autobuildCopy from network:time/ntp based on submit request 49785 from user varkoly
4978578132f15d0f5666cf6a82edca9c4724b4.2.6p2darixAccepted submit request 54248 from user varkoly
542486cb63082aad8d05134e7ad564bc931f74.2.6p2darixAutobuild autoformatter for 54248
6cca81bfc98a0298de53ebe3687fac2c4.2.6p2darixAccepted submit request 55231 from user varkoly
55231fac3039377b2327230b942cf1c303cbf4.2.6p2darixAutobuild autoformatter for 55231
1774854689429c86cfbf96e73f09c61a4.2.6p2darixAccepted submit request 55798 from user varkoly
557986c78c0393d4b1343f3f88114dc6e05094.2.6p2darixAutobuild autoformatter for 55798
986263889f23ca45d46a28b9092f6e914.2.6p3darixAccepted submit request 57631 from user coolo
57631d30904b995106160bb890e349d00f2934.2.6p3darixAutobuild autoformatter for 57631
d30904b995106160bb890e349d00f2934.2.6p3autobuild11.4 source split8ef60fa2e69aeb99f844e3e06ebd7a1e4.2.6p3darixAccepted submit request 62372 from user varkoly
6237235519819c123edf427580b5bbf79441a4.2.6p3darixAutobuild autoformatter for 62372
b01da3a4db9010c4aed285b2a4f501d84.2.6p3oertelAccepted submit request 67003 from user coolo
670038101192e3df682cc17e3b1f24b8506e94.2.6p3oertelAutobuild autoformatter for 67003
b342a621969b9e9084864ea3136849264.2.6p3saschpe- The default timeout for sntp is to long. This can stop booting
- bnc#689070 - ntp post install script always removes /etc/sysconfig/ntp
- bnc#688529 - (ntp) ntpq and ntpdc command history broken
- bnc#695598 - "Started sntp" in /var/log/messages
- fix "rcntp ntptimeset"
* never try to syncronize with local clocks (127.127.*), which led to
sntp blocking until timeout elapsed (and probably blocking boot
sequence for ~5 min per device..)
- fix DOS line breaks in some doc files
- fix/improve init script
* related to bugzilla 688132
* "rcntp ntptimeset" could not parse servers from ntp.conf when IP proto
was specified (server [-4|-6] hostname)
* "rcntp ntptimeset" is now using ip proto parameter (-4|-6) if it's set in
NTPD_OPTIONS and skip servers where the opposite proto is defined724053f2ac070ec16adb5db1a1b22e58c51e64.2.6p3saschpeAutobuild autoformatter for 72405
8f68f7ee59dfb512742fff770418c1e14.2.6p3saschpe- bnc#699724 - ntpdate was replaced with a dud script79859f978556ccbe3990d4fdb39d5e8b36cd44.2.6p3saschpeAutobuild autoformatter for 79859
f978556ccbe3990d4fdb39d5e8b36cd44.2.6p3adrianSuSE11a398ad80139979870556febd52691e4.2.6p3coolo- bnc#656509 - don't use --bind on /var/lib/ntp/proc8948635d90d2d6260dbfd4191db42b01cf2714.2.6p3coolo- add libtool as buildrequire to avoid implicit dependency (forwarded request 93605 from coolo)9360722d72644656559dd43464df88a7fd6844.2.6p3cooloreplace license with spdx.org variantf2a175fa29ac992b41d884714462ec7f4.2.6p5coolo- Remove superfluous remove of acconfig.h while build.
- BuildRequire autoconf to avoid implicit dependency for post-11.4 systems.
- Remove call to suse_update_config macro for post-11.4 systems.
- BuildRequire fdupes for post-10.1 systems.
- Do not call autoreconf for pre-10.2 systems.
- Update to version 4.2.6p5.
Cf. package changelog for details.
- Update to version 4.2.6p4.
Cf. package changelog for details.
- Remove superfluously used NTPD_PID_NOPREFIX from init script.
- Refresh patches to apply with no offset. (forwarded request 99525 from lmuelle)1015017d7db6710dad39bdbe15c90272a4d55c4.2.6p5cooloAutomatic submission by obs-autosubmit1162367d7db6710dad39bdbe15c90272a4d55c4.2.6p5adrianSuSEbranched from openSUSE:Factorye57a08e3c0ab07f34c2d7900c0bd1bc04.2.6p5coololicense update: (MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0
Properly categorise licenses and sync with Fedora declaration (forwarded request 127106 from babelworx)127215c521cdf668ede0aa74e06cfacc52d64a4.2.6p5namtrac- Openssl wanted but not properly detected, fixed. (forwarded request 128294 from elvigia)128869fab2246054cfe75b87778ab5afb6b1624.2.6p5namtracCreated the correct link to /run/ntp (forwarded request 130555 from msmeissn)139178d0d45a53573d0eed49ec051be33a3c9c4.2.6p5coolo- logrotate is not strictly required for operation of ntp so change
it to Suggested. That way the minimal installation doesn't draw in
cron and postfix. (forwarded request 149239 from lnussel)149258d0d45a53573d0eed49ec051be33a3c9c4.2.6p5adrianSuSESplit 12.3 from Factory7e174450cd4fa59002987ac4ba185f624.2.6p5coolo- disable Undisciplined Local Clock in default conf file (bnc#784760) (forwarded request 156062 from -miska-)156338a398d156879942dbc1eb50946e6f1a5b4.2.6p5coolo- bnc#797351 - ntpd "listen-on" directive support is missing/broken;
unable to restrict/secure listening IPs
- bnc#793012 - NTP default to 'sync time on startup' conflicts with NetworkManager1567939d73121d10e321e68975de4d9add361d4.2.6p5coolofix build with automake-1.13 (forwarded request 158115 from seife)158201da7c4aea4cbf0643556590f397cb978d4.2.6p5coolo- Build with -DOPENSSL_LOAD_CONF , ntp must respect and use
the system's openssl configuration. (forwarded request 195641 from elvigia)196291da7c4aea4cbf0643556590f397cb978d4.2.6p5adrianSuSESplit 13.1 from Factory0c79602d795bfb84f221578deae57f584.2.6p5scarabeus_factory- bnc#838458 ntp start script does not update /var/lib/ntp/etc/localtime file if /etc/localtime is symlink204325cf5ee7139406c48fcab1a6ae17cdb3bf4.2.6p5coolo- CVE-2013-5211, bnc#857195: restrict query, configuration,
modification access from world by default. Avoids that ntp can
be used as a DDoS amplifier.214511cfd046e755284be7829f67a25c25610b4.2.6p5coolo- bnc#863815, ntp-sntp-recverr.patch: Get sntp to recognize socket
errors, so that it skips unreachable destinations immediately
instead of trying to reach them for more than five minutes
before finally timing out.
This patch will probably be obsoleted by the next major upgrade,
because the current development release takes a different
approach to get a quick answer from one of the specified servers.222347225727693aec4f5e6cf6372d6f7cc8394.2.6p5coolo- Remove empty insserv call whic hhad only caused an error message
- Correct 50-ntp.list to include ntpd.service
- Restart nptd if failed or aborted (FATE#315133)
- Add missing systemd %pre macro (forwarded request 228826 from WernerFink)228827d2916fb29d4e997b407a736434f434574.2.6p5coolo- Remove /var/run/ntp from the package:
http://lists.opensuse.org/opensuse-packaging/2014-04/msg00046.html
- Fix Provides/Obsoletes of package aliases.
- Add /usr/sbin/rc* links.
- Stay enabled across sysv to systemd migrations (bnc#875490).
- fix "start-ntp addserver": start-ntp has no "status" method2323335cc750bb3d16d01cf3e6f742e817685f4.2.6p5coolofix start-ntpd again: service is now called ntpd, not ntp. Either this changed or my last SR was bogus :-( (forwarded request 232861 from seife)23286222f31a5f7708ec1d11a7c84d644d47f54.2.6p5coolo- Try to fix broken migration from openSUSE-13.1
- Forward-port some bugs that got fixed for SLE11 (bnc#831311):
* bnc#817893
* bnc#482349
* bnc#817893.patch
- Cleanup with spec cleaner for better readability
- Remove conditionals for < 12.2 distros as it does not work on
them anyway.23839409c097fa9daa568df9990bd2e125f5a04.2.6p5coolo124236809c097fa9daa568df9990bd2e125f5a04.2.6p5adrianSuSESplit 13.2 from Factorydb15df70227762e4f45b4aaee71f2f7d4.2.6p5cooloAutomatic submission by obs-autosubmit253820ac65528f77c24944c36afc5cb876c3d34.2.6p5dimstar_suse- bnc#910764: VU#852879 ntp security fixes
* A potential remote code execution problem was found inside
ntpd. The functions crypto_recv() (when using autokey
authentication), ctl_putdata(), and configure() where updated
to avoid buffer overflows that could be
exploited. (CVE-2014-9295)
* Furthermore a problem inside the ntpd error handling was found
that is missing a return statement. This could also lead to a
potentially attack vector. (CVE-2014-9296)
- ntp-CVE-2014-9295.patch and ntp-CVE-2014-9296.patch will be
obsoleted by the upcoming update to version 4.2.8.265959d6b60318fb10b16953efb7e8447810f14.2.6p5dimstar_suse1266310403d8195a1c078b2c796b52ea03faa2b4.2.6p5dimstar_suse12809289605299732c0471e9dcdcedcfaf61e914.2.6p5dimstar_suse12834461cd4384b5474dcd8179faa0d5b629bca4.2.6p5dimstar_suse12900336a412a34b8d32ea3f77794bc7c6e53a14.2.6p5dimstar_suse- /bin/logger is needed for runtime configuration (bnc#924451).2933821567abbc71bd2dff1b56f8479c95af424.2.6p5dimstar_suse1293918ce0cbc7baec8b7bc9e3add1a910f351b4.2.8p2dimstar_suse12981543275fd22bc068176140f59e6f5d86a0d4.2.8p3cooloAutomatic submission by obs-autosubmit3181772ce20021e1c753ff12aef519335250344.2.8p3cooloAutomatic submission by obs-autosubmit32469952ae287ef5f5803192ad720fec1479f04.2.8p3dimstar_suseAutomatic submission by obs-autosubmit33047967e3c20d539b4cf1e6417dd601127e964.2.8p4dimstar_suseAutomatic submission by obs-autosubmit34419420fa23921ef456f9325ff390313dade54.2.8p4dimstar_suse1354703e1f1b4a9b83d33aeb0d3104df59b6a734.2.8p6dimstar_suse- CVE-2015-8158, bsc#962966: potential infinite loop in ntpq
- CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass
- CVE-2015-7978, bsc#963000: Stack exhaustion in recursive
traversal of restriction list.
- CVE-2015-7979, bsc#962784: off-path denial of service on
authenticated broadcast mode
- CVE-2015-7977, bsc#962970: restriction list NULL pointer
dereference
- CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows
dangerous characters in filenames
- CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq
- CVE-2015-7974, bsc#962960: Missing key check allows impersonation
between authenticated peers
- CVE-2015-7973, bsc#962995: replay attack on authenticated
broadcast mode
- CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make
a step larger than the panic threshold
- update to 4.2.8p6
* fixes low- and medium-severity vulnerabilities
4.2.8p6: CVE-2015-8158 CVE-2015-8138 CVE-2015-7978
CVE-2015-7979 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975
CVE-2015-7974 CVE-2015-7973
4.2.8p5: CVE-2015-5300
* bug fixes
----------------------- --------------------------------------------370038ede72049a033b5867feeccb94849e3134.2.8p8dimstar_suse- Keep the parent process alive until the daemon has finished
initialisation, to make sure that the PID file exists when the
parent returns (ntp-daemonize.patch).
- Update to 4.2.8p8 (bsc#982056):
* CVE-2016-4953, bsc#982065: Bad authentication demobilizes
ephemeral associations.
* CVE-2016-4954, bsc#982066: Processing spoofed server packets.
* CVE-2016-4955, bsc#982067: Autokey association reset.
* CVE-2016-4956, bsc#982068: Broadcast interleave.
* CVE-2016-4957, bsc#982064: CRYPTO_NAK crash.
- Change the process name of the forking DNS worker process to
avoid the impression that ntpd is started twice.
(bsc#979302, ntp-processname.patch).
- Don't ignore SIGCHILD because it breaks wait()
(boo#981422, ntp-sigchld.patch).
- ntp-wait does not accept fractional seconds, so use 1 instead of
0.2 in ntp-wait.service (boo#979981).
- Separate the creation of ntp.keys and key #1 in it to avoid
problems when upgrading installations that have the file, but
no key #1, which is needed e.g. by "rcntp addserver".
- Fix the TZ offset output of sntp during DST.
(bsc#951559, ntp-sntp-dst.patch)
- Add /var/db/ntp-kod (bsc#916617).
- Add ntp-ENOBUFS.patch to limit a warning that might happen
quite a lot on loaded systems (bsc#956773).
- Don't wait for 11 minutes to restart ntpd when it has died
(boo#894031).
- Update to 4.2.8p7 (bsc#977446):
* CVE-2016-1547, bsc#977459:4005406fa1336a892bb31be98ef2d26bf19abc4.2.8p8dimstar_suse1423960ede72049a033b5867feeccb94849e3134.2.8p8dimstar_suseRevert the last patch - this seems totally broken when running ntp in a chroot42584594468a546de314570f645a87097e97e04.2.8p8dimstar_suseAutomatic submission by obs-autosubmit43070510a026646cb2775478e9e6e596e011f74.2.8p8dimstar_suseAutomatic submission by obs-autosubmit4345676801b6016ce32afa66216f861bfe53194.2.8p9dimstar_suse- Update to 4.2.8p9:
* CVE-2016-9311: Trap crash.
* CVE-2016-9310: Mode 6 unauthenticated trap information
disclosure and DDoS vector.
* CVE-2016-7427: Broadcast Mode Replay Prevention DoS.
* CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS.
* CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp
Bypass.
* CVE-2016-7434: Null pointer dereference in
_IO_str_init_static_internal().
* CVE-2016-7429: Interface selection attack.
* CVE-2016-7426: Client rate limiting and server responses.
* CVE-2016-7433: Reboot sync calculation problem.
* Fix a spurious error message (obsoletes ntp-sigchld.patch).
* Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.
- Fix a regression in "trap" (bsc#981252, ntp-trap.patch).
- Reduce the number of netlink groups to listen on for changes to
the local network setup (bsc#992606, ntp-netlink.patch).
- Fix segfault in "sntp -a" (bnc#1009434, ntp-sntp-a.patch).
- Silence an OpenSSL version warning (bsc#992038,
ntp-openssl-version.patch).4414523db6d8f33f8b94a5dd059c257a05c9de4.2.8p9dimstar_suse- Move ntp-kod to /var/lib/ntp/db, because /var/db is not a
standard directory and causes problems for transactional updates
(ntp-move-kod-file.patch)
- Remove 50-ntp.list (bsc#1011919).
- Use system-wide libevent instead of local copy.
- Simplify ntpd's search for its own executable to prevent AppArmor
warnings (bsc#956365, ntp-pathfind.patch).46192982bc1e0c189419e97e2adb7d507d31664.2.8p9dimstar_suseAutomatic submission by obs-autosubmit48078141a898644c4de10e8f3730f0f4d1ff714.2.8p10maxlin_factory- Enable experimental leap smearing (fate#321003).
See /usr/share/doc/packages/ntp/README.leapsmear for details.
- Fix spelling and default values in conf.sysconfig.ntp
- Update to 4.2.8p10 (bsc#1030050):
* Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP:
Denial of Service via Malformed Config
* Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP:
Buffer Overflow in DPTS Clock
* Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP:
Authenticated DoS via Malicious Config Option
* Sec 3386: NTP-01-011 NTP:
ntpq_stripquotes() returns incorrect Value
* Sec 3385: NTP-01-010 NTP:
ereallocarray()/eallocarray() underused
* Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code
* Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver
* Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP:
Potential Overflows in ctl_put() functions
* Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003
Improper use of snprintf() in mx4200_send()
* Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002
Buffer Overflow in ntpq when fetching reslist
* Sec 3376: NTP-01-001 Makefile does not enforce Security Flags
* Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin (zero origin) DoS.
* [Bug 3393] clang scan-build findings
* [Bug 3363] Support for openssl-1.1.0 without compatibility modes
* [Bug 3356] Bugfix 3072 breaks multicastclient
* [Bug 3173] forking async worker: interrupted pipe I/O48615692ef52f1e293253c866b0060903a32794.2.8p10dimstar_suse545184ac9528726e257269975dbf0aaa1b8b1b4.2.8p10dimstar_suseAutomatic submission by obs-autosubmit561845a51e3e419b234aacbf1b4132829bb1704.2.8p11dimstar_suse- Update to 4.2.8p11 (bsc#1082210):
* CVE-2016-1549: Sybil vulnerability: ephemeral association
attack. While fixed in ntp-4.2.8p7, there are significant
additional protections for this issue in 4.2.8p11.
* CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun
leads to undefined behavior and information leak.
* CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral
associations.
* CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot
recover from bad state.
* CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset
authenticated interleaved association.
* CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond
its buffer limit.
* Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch
- Remove dead code from conf.start-ntpd (bsc#1082063).
- Don't use libevent's cached time stamps in sntp.
(bsc#1077445, ntp-sntp-libevent.patch)5867027d3eb604ff2d75b105c199494f416f164.2.8p11dimstar_suse59253783e082f8f182e9dabe3d94ec23adb5704.2.8p11dimstar_suse- Refactor the key handling in %post so that it does not overwrite
user settings (bsc#1036505) and is more robust against ignored
SIGPIPE (bsc#1090564).60163232ef0ff04d502569e56f7566068cf1a94.2.8p12dimstar_suse- Update to 4.2.8p12
* CVE-2018-12327, bsc#1098531: fixed stack buffer overflow in
the openhost() command-line call of NTPQ/NTPDC.
* Add further tweaks to improve the fix for CVE-2018-7170,
bsc#1083424.
* ntp-usrgrp-resolver.patch was integrated upstream.
- Don't run autoreconf anymore and remove all related hacks and
BuildRequires.6406709e1ffba810642da92ed922ed1e036f0b4.2.8p12dimstar_suse657615ff85b004a447152adc901337c90ba3694.2.8p13dimstar_suse- Update ro 4.2.8p13
* CVE-2019-8936, bsc#1128525: Crafted null dereference attack in
authenticated mode 6 packet.
* Fix several bugs in the BANCOMM reclock driver.
* Fix ntp_loopfilter.c snprintf compilation warnings.
* Fix spurious initgroups() error message.
* Fix STA_NANO struct timex units.
* Fix GPS week rollover in libparse.
* Fix incorrect poll interval in packet.
* Add a missing check for ENABLE_CMAC.
- Drop use of $FIRST_ARG in ntp.spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks on the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.6841846e4e0cbb62e4881d81c442b2c0f8d68d4.2.8p13dimstar_suse700033ef65ae82d847012244ae9d862856e7c34.2.8p13dimstar_suse70906813d4f59ffd7c39c0317d36ceb00674144.2.8p13dimstar_suse71567396b6de18102be81b2d21808723f57fda4.2.8p13dimstar_suse720097994d184bd95d715beab04023540158ac4.2.8p13dimstar_suse768084fac52aa7d1721712f1bfdd68c3b9676e4.2.8p15dimstar_suse- Update to 4.2.8p15
- Fixed security issues:
* bsc#1169740, CVE-2020-11868:
DoS on client ntpd using server mode packet
* bsc#1171355, CVE-2018-8956: remote attackers may prevent a
broadcast client from synchronizing its clock with a broadcast
NTP server via spoofed mode 3 and mode 5 packets.
* bsc#1172651, CVE-2020-13817: vulnerable to off-path attack
* bsc#1173334, CVE-2020-15025: Remote DoS when CMAC key is used
- Bugfixes in 4.2.8p15 and 4.2.8p14 include:
* [Bug 3667] decodenetnum fails with numeric port
* [Bug 3666] avoid unlimited receive buffer allocation
* [Bug 3660] Manycast orphan mode startup discovery problem.
* [Bug 3655] ntpdc memstats hash counts
* [Bug 3653] Refclock jitter RMS calculation
* [Bug 3646] Avoid sync with unsync orphan
* [Bug 3644] Unsynchronized server [...] selected as candidate
* [Bug 3636] NMEA: combine time/date from multiple sentences
* [Bug 3635] Make leapsecond file hash check optional
* [Bug 3628] raw DCF decoding - improve robustness
* [Bug 3620] memory leak in ntpq sysinfo
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo
* [Bug 3617] Add support for ACE III and Copernicus II receivers
* [Bug 3615] accelerate refclock startup
* [Bug 3613] Propagate noselect to mobilized pool servers
* [Bug 3612] Use-of-uninitialized-value in receive function
* [Bug 3611] NMEA time interpreted incorrectly
* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter
* [Bug 3604] Wrong param byte order passing into
record_raw_stats() in ntp_io.c81708523dd1191955df5fbbbf991c0693b0b504.2.8p15dimstar_suse8442198f6ea1627c231b550a01a713e57158c54.2.8p15dimstar_suse- bsc#1181788: Make the code for the service name change robust to
the simplified systemd-sysv-convert script.
- Fix systemd dependencies.
- Package statsdir /var/log/ntpstats/
- Let system-user-ntp handle the user/group generation
- Introduce subpackage dcf77-tools
* testdcf, a simple DCF77 raw impulse test program
* dcfd, a simple DCF77 raw impulse receiver
- Add patch testdcf-gude.diff
* Improves testdcf's compatibility with GUDE DCF77 receivers
- Silence an OpenSSL version warning (bsc#992038,bsc#1125401
- removal of ntp.firewall, since SuSEfirewall2 has been replaced by
- Drop the omc config ntp.xml fate#301838:
- Update to 4.2.8p12 (bsc#1111853):871212d988c471484361f10ba87a600a84489b4.2.8p15RBrownSUSE- Disown /var/lib/ntp, it is now part of the sysuser-ntp package.87622384443eb7fe00082d1a311cf3e515e1bd4.2.8p15RBrownSUSE88334842d3bf53d0178f059f985902ef0aa1544.2.8p15dimstar_suse- jsc#SLE-15482, ntp-clarify-interface.patch:
Adjust the documentation to clarify that "interface ignore all"
does not cover the wildcard and localhost addresses.894615627168f6d5d863968ef0248f1759cd274.2.8p15dimstar_suse- bsc#1186431: Fix a typo in %post .900200561cafb569b2e9bae388ee80bbcc45ac4.2.8p15dimstar_suseAutomatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort (forwarded request 924895 from jsegitz)924903eaa1a26308c5ae7b601d49bddf288fb74.2.8p15dimstar_suse- Modified ntp.NetworkManager: Update ntp servers on
dhcp4-change and dhcp6-change, instead of up condition. This is
because ntp options are available during dhcp renewed or rebound,
and not available when the interface has been activated
(bsc#1171547). (forwarded request 957171 from JonathanKang)9572200cd694b8aed3b38dfc6d341c70144e4e4.2.8p15dimstar_suse- boo#1207577: set /var/lib/ntp/var/run/ntp to 77510613083c970bbb86c394a07988c96d760cd1a04.2.8p15dimstar_suse1062463