Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ntp-4.2.8p15-lp152.3.9.1 RPM for aarch64

From OpenSuSE Ports Leap 15.2 updates for aarch64

Name: ntp Distribution: openSUSE Leap 15.2
Version: 4.2.8p15 Vendor: openSUSE
Release: lp152.3.9.1 Build date: Tue Jun 22 11:23:30 2021
Group: Productivity/Networking/Other Build host: obs-arm-8
Size: 2866851 Source RPM: ntp-4.2.8p15-lp152.3.9.1.src.rpm
Summary: Network Time Protocol daemon (version 4)
The Network Time Protocol (NTP) is used to synchronize the time of a
computer client or server to another server or reference time source,
such as a radio, satellite receiver, or modem.

Ntpd is an operating system daemon that sets and maintains the system
time-of-day synchronized with Internet standard time servers.




(MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0


* Thu May 20 2021 Reinhard Max <>
  - jsc#SLE-15482, ntp-clarify-interface.patch:
    Adjust the documentation to clarify that "interface ignore all"
    does not cover the wildcard and localhost addresses.
* Thu Apr 22 2021 Reinhard Max <>
  - bsc#1185171:
    Use /run instead of /var/run for PIDFile in ntpd.service.
* Thu Jun 25 2020 Reinhard Max <>
  - Update to 4.2.8p15
  - Fixed security issues:
    * bsc#1169740, CVE-2020-11868:
      DoS on client ntpd using server mode packet
    * bsc#1171355, CVE-2018-8956: remote attackers may prevent a
      broadcast client from synchronizing its clock with a broadcast
      NTP server via spoofed mode 3 and mode 5 packets.
    * bsc#1172651, CVE-2020-13817: vulnerable to off-path attack
    * bsc#1173334, CVE-2020-15025: Remote DoS when CMAC key is used
  - Bugfixes in 4.2.8p15 and 4.2.8p14 include:
    * [Bug 3667] decodenetnum fails with numeric port
    * [Bug 3666] avoid unlimited receive buffer allocation
    * [Bug 3660] Manycast orphan mode startup discovery problem.
    * [Bug 3655] ntpdc memstats hash counts
    * [Bug 3653] Refclock jitter RMS calculation
    * [Bug 3646] Avoid sync with unsync orphan
    * [Bug 3644] Unsynchronized server [...] selected as candidate
    * [Bug 3636] NMEA: combine time/date from multiple sentences
    * [Bug 3635] Make leapsecond file hash check optional
    * [Bug 3628] raw DCF decoding - improve robustness
    * [Bug 3620] memory leak in ntpq sysinfo
    * [Bug 3619] Honour drefid setting in cooked mode and sysinfo
    * [Bug 3617] Add support for ACE III and Copernicus II receivers
    * [Bug 3615] accelerate refclock startup
    * [Bug 3613] Propagate noselect to mobilized pool servers
    * [Bug 3612] Use-of-uninitialized-value in receive function
    * [Bug 3611] NMEA time interpreted incorrectly
    * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter
    * [Bug 3604] Wrong param byte order passing into
      record_raw_stats() in ntp_io.c
    * [Bug 3594] ntpd discards messages coming through nmead
    * [Bug 3593] ntpd discards silently nmea messages after the 5th string
    * [Bug 3590] Update refclock_oncore.c to the new GPS date API
    * [Bug 3583] synchronization error - set clock to base date
      if system time is before that limit
    * [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled
    * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc)
    * [Bug 3577] Update refclock_zyfer.c to the new GPS date API
    * [Bug 3576] New GPS date function API
    * [Bug 3573] nptdate: missleading error message
    * [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()'
    * [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH
    * [Bug 3542] ntpdc monlist parameters cannot be set
    * [Bug 3533] ntpdc peer_info ipv6 issues
    * [Bug 3531] make check: test-decodenetnum fails
    * [Bug 3515] Refactor ntpdmain() dispatcher loop and group
      common code
    * [Bug 3491] Signed values of LFP datatypes should always
      display a sign
    * [Bug 3490] Patch to support Trimble Resolution Receivers
    * [Bug 3473] RefID of refclocks should always be text format
    * [Bug 3094] ntpd trying to listen for broadcasts on a
      completely ipv6 network
    * [Bug 2420] ntpd doesn't run and exits with retval 0 when
      invalid user is specified with -u
    * [Bug 1433] runtime check whether the kernel really supports
    * Provide more detail on unrecognized config file parser tokens.
    * Startup log improvements.
  - Obsoleted patches:
    * ntp-4.2.6p2-ntpq-speedup-782060.patch
    * ntp-daemonize.patch
    * ntp-reproducible.patch
  - Silence an OpenSSL version warning (bsc#992038,bsc#1125401
* Mon Mar 11 2019 Reinhard Max <>
  - Update to 4.2.8p13
    * CVE-2019-8936, bsc#1128525: Crafted null dereference attack in
      authenticated mode 6 packet.
    * Fix several bugs in the BANCOMM reclock driver.
    * Fix ntp_loopfilter.c snprintf compilation warnings.
    * Fix spurious initgroups() error message.
    * Fix STA_NANO struct timex units.
    * Fix GPS week rollover in libparse.
    * Fix incorrect poll interval in packet.
    * Add a missing check for ENABLE_CMAC.
* Tue Sep 11 2018
  - Update to 4.2.8p12 (bsc#1111853):
    * CVE-2018-12327, bsc#1098531: fixed stack buffer overflow in
      the openhost() command-line call of NTPQ/NTPDC.
    * Add further tweaks to improve the fix for CVE-2018-7170,
    * ntp-usrgrp-resolver.patch was integrated upstream.
  - Don't run autoreconf anymore and remove all related hacks and
* Tue Apr 24 2018
  - Refactor the key handling in %post so that it does not overwrite
    user settings (bsc#1036505) and is more robust against ignored
    SIGPIPE (bsc#1090564).
* Sun Mar 18 2018
  - change example statsdir in ntp.conf to /var/log/ntpstats/ to match
    the AppArmor profile (boo#1076247)
* Wed Feb 28 2018
  - Update to 4.2.8p11 (bsc#1082210):
    * CVE-2016-1549: Sybil vulnerability: ephemeral association
      attack. While fixed in ntp-4.2.8p7, there are significant
      additional protections for this issue in 4.2.8p11.
    * CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun
      leads to undefined behavior and information leak.
    * CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral
    * CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot
      recover from bad state.
    * CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset
      authenticated interleaved association.
    * CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond
      its buffer limit.
    * Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch
  - Remove dead code from conf.start-ntpd (bsc#1082063).
  - Don't use libevent's cached time stamps in sntp.
    (bsc#1077445, ntp-sntp-libevent.patch)
* Thu Dec 21 2017
  - Add ntp-reproducible.patch to make build reproducible (boo#1047218)
* Tue Dec 19 2017
  - Restart nptd if failed or aborted (FATE#315133).
  - Do not try to set the HW clock when adding a server at runtime
    to avoid blocking systemd.
* Thu Nov 23 2017
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Thu Apr 06 2017
  - Enable experimental leap smearing (fate#321003).
    See /usr/share/doc/packages/ntp/README.leapsmear for details.
* Thu Apr 06 2017
  - Fix spelling and default values in conf.sysconfig.ntp
* Wed Mar 22 2017
  - Update to 4.2.8p10 (bsc#1030050):
    * Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP:
      Denial of Service via Malformed Config
    * Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP:
      Buffer Overflow in DPTS Clock
    * Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP:
      Authenticated DoS via Malicious Config Option
    * Sec 3386: NTP-01-011 NTP:
      ntpq_stripquotes() returns incorrect Value
    * Sec 3385: NTP-01-010 NTP:
      ereallocarray()/eallocarray() underused
    * Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code
    * Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver
    * Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP:
      Potential Overflows in ctl_put() functions
    * Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003
      Improper use of snprintf() in mx4200_send()
    * Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002
      Buffer Overflow in ntpq when fetching reslist
    * Sec 3376: NTP-01-001 Makefile does not enforce Security Flags
    * Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin (zero origin) DoS.
    * [Bug 3393] clang scan-build findings
    * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
    * [Bug 3356] Bugfix 3072 breaks multicastclient
    * [Bug 3173] forking async worker: interrupted pipe I/O
    * [Bug 3139] (...) time_pps_create: Exec format error
    * [Bug 3107] Incorrect Logic for Peer Event Limiting
    * [Bug 3062] Change the process name of forked DNS worker
    * [Bug 2923] Trap Configuration Fail
    * [Bug 2896] Nothing happens if minsane < maxclock < minclock
    * [Bug 2851] allow -4/-6 on restrict line with mask
    * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags
  - Removed patches:
    * ntp-openssl-version.patch: fixed upstream
    * ntp-processname.patch: accepted upstream
    * ntp-trap.patch: accepted upstream
    * ntp-unbreak-multicast.patch: fixed upstream
  - Remove spurious log messages (bsc#1014172, ntp-warnings.patch).
* Fri Mar 10 2017
  - Fix a problem with multicast clients.
    (bsc#1018940, ntp-unbreak-multicast.patch)
* Tue Feb 21 2017
  - Move ntp-kod to /var/lib/ntp, because /var/db is not a
    standard directory and causes problems for transactional updates
* Tue Jan 17 2017
  - Remove 50-ntp.list (bsc#1011919).
  - Use system-wide libevent instead of local copy.
* Mon Nov 28 2016
  - Simplify ntpd's search for its own executable to prevent AppArmor
    warnings (bsc#956365, ntp-pathfind.patch).
* Mon Nov 21 2016
  - Update to 4.2.8p9:
    * CVE-2016-9311: Trap crash.
    * CVE-2016-9310: Mode 6 unauthenticated trap information
      disclosure and DDoS vector.
    * CVE-2016-7427: Broadcast Mode Replay Prevention DoS.
    * CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS.
    * CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp
    * CVE-2016-7434: Null pointer dereference in
    * CVE-2016-7429: Interface selection attack.
    * CVE-2016-7426: Client rate limiting and server responses.
    * CVE-2016-7433: Reboot sync calculation problem.
    * Fix a spurious error message (obsoletes ntp-sigchld.patch).
    * Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog.
  - Fix a regression in "trap" (bsc#981252, ntp-trap.patch).
  - Reduce the number of netlink groups to listen on for changes to
    the local network setup (bsc#992606, ntp-netlink.patch).
  - Fix segfault in "sntp -a" (bnc#1009434, ntp-sntp-a.patch).
  - Silence an OpenSSL version warning (bsc#992038,
* Wed Oct 05 2016
  - Depend on pps-tools-devel only for openSUSE > 13.2
* Thu Aug 25 2016
  - Make the resolver task change user and group IDs to the same
    values as the main task. (bnc#988028, ntp-usrgrp-resolver.patch)
* Tue Jun 07 2016
  - Keep the parent process alive until the daemon has finished
    initialisation, to make sure that the PID file exists when the
    parent returns (ntp-daemonize.patch).
  - Update to 4.2.8p8 (bsc#982056):
    * CVE-2016-4953, bsc#982065: Bad authentication demobilizes
      ephemeral associations.
    * CVE-2016-4954, bsc#982066: Processing spoofed server packets.
    * CVE-2016-4955, bsc#982067: Autokey association reset.
    * CVE-2016-4956, bsc#982068: Broadcast interleave.
    * CVE-2016-4957, bsc#982064: CRYPTO_NAK crash.
  - Change the process name of the forking DNS worker process to
    avoid the impression that ntpd is started twice.
    (bsc#979302, ntp-processname.patch).
  - Don't ignore SIGCHILD because it breaks wait()
    (boo#981422, ntp-sigchld.patch).
  - ntp-wait does not accept fractional seconds, so use 1 instead of
    0.2 in ntp-wait.service (boo#979981).
  - Separate the creation of ntp.keys and key #1 in it to avoid
    problems when upgrading installations that have the file, but
    no key #1, which is needed e.g. by "rcntp addserver".
  - Fix the TZ offset output of sntp during DST.
    (bsc#951559, ntp-sntp-dst.patch)
  - Add /var/db/ntp-kod (bsc#916617).
  - Add ntp-ENOBUFS.patch to limit a warning that might happen
    quite a lot on loaded systems (bsc#956773).
  - Don't wait for 11 minutes to restart ntpd when it has died
* Wed May 04 2016
  - Update to 4.2.8p7 (bsc#977446):
    * CVE-2016-1547, bsc#977459:
      Validate crypto-NAKs, AKA: CRYPTO-NAK DoS.
    * CVE-2016-1548, bsc#977461: Interleave-pivot
    * CVE-2016-1549, bsc#977451:
      Sybil vulnerability: ephemeral association attack.
    * CVE-2016-1550, bsc#977464: Improve NTP security against buffer
      comparison timing attacks.
    * CVE-2016-1551, bsc#977450:
      Refclock impersonation vulnerability
    * CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig
      directives will cause an assertion botch in ntpd.
    * CVE-2016-2517, bsc#977455: remote configuration trustedkey/
      requestkey/controlkey values are not properly validated.
    * CVE-2016-2518, bsc#977457: Crafted addpeer with hmode > 7
      causes array wraparound with MATCH_ASSOC.
    * CVE-2016-2519, bsc#977458: ctl_getitem() return value not
      always checked.
    * integrate ntp-fork.patch
    * Improve the fixes for:
      CVE-2015-7704, CVE-2015-7705, CVE-2015-7974
  - Restrict the parser in the startup script to the first
    occurrance of "keys" and "controlkey" in ntp.conf (boo#957226).
  - Depend on pps-tools-devel to provide timepps.h header to enable
    Linux PPSAPI support to make GPS devices usefull. (boo#977563)
* Fri Mar 11 2016
  - CVE-2015-8158, bsc#962966: potential infinite loop in ntpq
  - CVE-2015-8138, bsc#963002: Zero Origin Timestamp Bypass
  - CVE-2015-7978, bsc#963000: Stack exhaustion in recursive
    traversal of restriction list.
  - CVE-2015-7979, bsc#962784: off-path denial of service on
    authenticated broadcast mode
  - CVE-2015-7977, bsc#962970: restriction list NULL pointer
  - CVE-2015-7976, bsc#962802: 'ntpq saveconfig' command allows
    dangerous characters in filenames
  - CVE-2015-7975, bsc#962988: nextvar() missing length check in ntpq
  - CVE-2015-7974, bsc#962960: Missing key check allows impersonation
    between authenticated peers
  - CVE-2015-7973, bsc#962995: replay attack on authenticated
    broadcast mode
  - CVE-2015-5300, bsc#951629: MITM attacker can force ntpd to make
    a step larger than the panic threshold
* Mon Mar 07 2016
  - update to 4.2.8p6
    * fixes low- and medium-severity vulnerabilities
      4.2.8p6: CVE-2015-8158 CVE-2015-8138 CVE-2015-7978
      CVE-2015-7979 CVE-2015-7977 CVE-2015-7976 CVE-2015-7975
      CVE-2015-7974 CVE-2015-7973
      4.2.8p5: CVE-2015-5300
    * bug fixes
* Mon Jan 18 2016
  - Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When
    run as cron job, /usr/sbin/ is not in the path, which caused the
    synchronization to fail. (boo#962318)
* Fri Nov 06 2015
  - Fix ntp-4.2.6p2-ntpq-speedup-782060.patch to not pick arbitraty
    port numbers (bsc#782060).
* Thu Oct 29 2015
  - Update to 4.2.8p4 to fix several security issues (bsc#951608):
    * CVE-2015-7871: NAK to the Future: Symmetric association
      authentication bypass via crypto-NAK
    * CVE-2015-7855: decodenetnum() will ASSERT botch instead of
      returning FAIL on some bogus values
    * CVE-2015-7854: Password Length Memory Corruption Vulnerability
    * CVE-2015-7853: Invalid length data provided by a custom
      refclock driver could cause a buffer overflow
    * CVE-2015-7852 ntpq atoascii() Memory Corruption Vulnerability
    * CVE-2015-7851 saveconfig Directory Traversal Vulnerability
    * CVE-2015-7850 remote config logfile-keyfile
    * CVE-2015-7849 trusted key use-after-free
    * CVE-2015-7848 mode 7 loop counter underrun
    * CVE-2015-7701 Slow memory leak in CRYPTO_ASSOC
    * CVE-2015-7703 configuration directives "pidfile" and
      "driftfile" should only be allowed locally
    * CVE-2015-7704, CVE-2015-7705 Clients that receive a KoD should
      validate the origin timestamp field
    * CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Incomplete autokey
      data packet length checks
    * obsoletes ntp-memlock.patch.
  - Add a controlkey line to /etc/ntp.conf if one does not already
    exist, to allow runtime configuration via ntpq.
  - Use SHA1 instead of MD5 for symmetric keys (bsc#905885).
  - Improve runtime configuration:
    * Read keytype from ntp.conf
    * Don't write ntp keys to syslog.
  - Fix legacy action scripts to pass on command line arguments.
  - Remove ntp.1.gz, it wasn't installed anymore.
  - Remove ntp-4.2.7-rh-manpages.tar.gz and only keep ntptime.8.gz.
    The rest is partially irrelevant, partially redundant and
    potentially outdated (bsc#942587).
  - Remove "kod" from the restrict line in ntp.conf (bsc#944300).
* Fri Sep 04 2015
  - Add "addserver" as a new legacy action.
  - Fix the comment regarding addserver in ntp.conf (bnc#910063).
* Thu Aug 13 2015
  - Use ntpq instead of deprecated ntpdc in start-ntpd (bnc#936327).
  - Add a controlkey to ntp.conf to make the above work.
  - Don't let "keysdir" lines in ntp.conf trigger the "keys" parser.
  - Disable mode 7 (ntpdc) again, now that we don't use it anymore.
* Thu Jul 16 2015
  - Update to version 4.2.8p3 which incorporates all security fixes
    and most other patches we have so far (fate#319040).
    More information on:
  - Disable chroot by default (bnc#926510).
  - Enable ntpdc for backwards compatibility (bnc#920238).
* Tue Apr 07 2015
  - update to 4.2.8p2
    * fixes CVE-2015-1798, CVE-2015-1799 (medium-severity
      vulnerabilities involving private key authentication)
    * bug fixes and enhancements
    * New script: update-leap
* Fri Mar 27 2015
  - /bin/logger is needed for runtime configuration (bnc#924451).
* Mon Mar 16 2015
  - update to 4.2.8p1
    * fixes CVE-2014-9297, CVE-2014-9298
    * over 30 bugfixes and improvements
  - update to 4.2.8
    * fixes CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
    * changed Internal NTP Era counters
    * ntpdc responses disabled by default
    * over 1100 issues resolved between the 4.2.6 branch and 4.2.8
  - adjusted patches to fit 4.2.8p1:
    ntp-segfault_on_invalid_device.patch bnc#506908.diff MOD_NANO.diff
  - removed obsolete / now-in-upstream patches:
    ntpd-maxmonmen.patch ntp-code-cleanup.patch ntp-sntp-recverr.patch
    bnc#817893.patch ntp-CVE-2014-9295.patch ntp-CVE-2014-9296.patch
  - changes to spec file:
    * added --datadir (for private perl module needed by ntp scripts)
      and --html-dir (html docs now get installed by "make install")
      to configure options
    * script ntp-wait has moved in source tree
* Mon Mar 16 2015
  - *.service: Do not start ntpd when running on containers
    or when CAP_SYS_TIME was dropped from the default capability
    set ( see SYSTEMD-SYSTEM.CONF(5) for details)
* Sun Mar 08 2015
  - Explicitely run /usr/sbin/sntp to synchronize in start-ntpd. When
    run as cron job, /usr/sbin/ is not in the path, which caused the
    synchronization to fail. (boo#901751)
* Wed Jan 21 2015
  - Add ntp.NetworkManager: install NetworkManager dipatcher hook:
    if the DHCP Server delivers NTP Servers, accept those and
    configure NTP using the information (boo#900982).
* Sun Jan 04 2015
  - Enable avahi support
* Fri Dec 19 2014
  - bnc#910764: VU#852879 ntp security fixes
    * A potential remote code execution problem was found inside
      ntpd. The functions crypto_recv() (when using autokey
      authentication), ctl_putdata(), and configure() where updated
      to avoid buffer overflows that could be
      exploited. (CVE-2014-9295)
    * Furthermore a problem inside the ntpd error handling was found
      that is missing a return statement. This could also lead to a
      potentially attack vector. (CVE-2014-9296)
  - ntp-CVE-2014-9295.patch and ntp-CVE-2014-9296.patch will be
    obsoleted by the upcoming update to version 4.2.8.
* Tue Dec 02 2014
  - fix typo in version check regarding
    /usr/lib/initscripts/legacy-actions to fix build for <= 13.1



Generated by rpm2html 1.8.1

Fabrice Bellet, Mon May 9 14:43:54 2022