Skip to content

Commit

Permalink
ntp: security bump to version 4.2.8p11
Browse files Browse the repository at this point in the history 
Fixed or improved security issues:

  CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
  malicious authenticated peer can create arbitrarily-many ephemeral
  associations in order to win the clock selection algorithm

  CVE-2018-7182: Buffer read overrun leads to undefined behavior and
  information leak

  CVE-2018-7170: Multiple authenticated ephemeral associations

  CVE-2018-7184: Interleaved symmetric mode cannot recover from bad
  state

  CVE-2018-7185: Unauthenticated packet can reset authenticated
  interleaved association

  CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit

Drop patch #3. libntpq_a_CFLAGS now includes NTP_HARD_CFLAGS via
AM_CFLAGS.

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
  • Loading branch information
@baruchsiach @jacmet
baruchsiach authored and jacmet committed Mar 6, 2018
1 parent 74295b0 commit da05d74
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 28 deletions.
23 changes: 0 additions & 23 deletions package/ntp/0003-ntpq-fpic.patch
View file

This file was deleted.

7 changes: 4 additions & 3 deletions package/ntp/ntp.hash
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p10.tar.gz.md5
md5 745384ed0dedb3f66b33fe84d66466f9 ntp-4.2.8p10.tar.gz
# From https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p11.tar.gz.md5
md5 00950ca2855579541896513e78295361 ntp-4.2.8p11.tar.gz
# Calculated based on the hash above
sha256 ddd2366e64219b9efa0f7438e06800d0db394ac5c88e13c17b70d0dcdf99b99f ntp-4.2.8p10.tar.gz
sha256 f14a39f753688252d683ff907035ffff106ba8d3db21309b742e09b5c3cd278e ntp-4.2.8p11.tar.gz
sha256 62c87b269365b38b55359b16dfde7ec28c683c722ef489db90afd0f2e478e4a1 COPYRIGHT
3 changes: 1 addition & 2 deletions package/ntp/ntp.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
################################################################################

NTP_VERSION_MAJOR = 4.2
NTP_VERSION = $(NTP_VERSION_MAJOR).8p10
NTP_VERSION = $(NTP_VERSION_MAJOR).8p11
NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
NTP_DEPENDENCIES = host-pkgconf libevent $(if $(BR2_PACKAGE_BUSYBOX),busybox)
NTP_LICENSE = NTP
Expand All @@ -20,7 +20,6 @@ NTP_CONF_OPTS = \
--disable-local-libevent

# 0002-ntp-syscalls-fallback.patch
# 0003-ntpq-fpic.patch
NTP_AUTORECONF = YES

ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)
Expand Down

0 comments on commit da05d74

Please sign in to comment.