Hello community, here is the log from the commit of package ntp for openSUSE:Factory checked in at 2016-11-25 12:02:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ntp (Old) and /work/SRC/openSUSE:Factory/.ntp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ntp" Changes: -------- --- /work/SRC/openSUSE:Factory/ntp/ntp.changes 2016-10-14 09:27:46.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ntp.new/ntp.changes 2016-11-25 12:02:26.000000000 +0100 @@ -1,0 +2,25 @@ +Mon Nov 21 16:14:17 UTC 2016 - max@suse.com + +- Update to 4.2.8p9: + * CVE-2016-9311: Trap crash. + * CVE-2016-9310: Mode 6 unauthenticated trap information + disclosure and DDoS vector. + * CVE-2016-7427: Broadcast Mode Replay Prevention DoS. + * CVE-2016-7428: Broadcast Mode Poll Interval Enforcement DoS. + * CVE-2016-7431: Regression: 010-origin: Zero Origin Timestamp + Bypass. + * CVE-2016-7434: Null pointer dereference in + _IO_str_init_static_internal(). + * CVE-2016-7429: Interface selection attack. + * CVE-2016-7426: Client rate limiting and server responses. + * CVE-2016-7433: Reboot sync calculation problem. + * Fix a spurious error message (obsoletes ntp-sigchld.patch). + * Other bugfixes, see /usr/share/doc/packages/ntp/ChangeLog. +- Fix a regression in "trap" (bsc#981252, ntp-trap.patch). +- Reduce the number of netlink groups to listen on for changes to + the local network setup (bsc#992606, ntp-netlink.patch). +- Fix segfault in "sntp -a" (bnc#1009434, ntp-sntp-a.patch). +- Silence an OpenSSL version warning (bsc#992038, + ntp-openssl-version.patch). + +------------------------------------------------------------------- Old: ---- ntp-4.2.8p8.tar.gz ntp-sigchld.patch New: ---- ntp-4.2.8p9.tar.gz ntp-netlink.patch ntp-openssl-version.patch ntp-sntp-a.patch ntp-trap.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ntp.spec ++++++ --- /var/tmp/diff_new_pack.oMGpDa/_old 2016-11-25 12:02:28.000000000 +0100 +++ /var/tmp/diff_new_pack.oMGpDa/_new 2016-11-25 12:02:28.000000000 +0100 @@ -21,7 +21,7 @@ %global _ntpunitsdir %{_libexecdir}/systemd/ntp-units.d %endif Name: ntp -Version: 4.2.8p8 +Version: 4.2.8p9 Release: 0 Summary: Network Time Protocol daemon (version 4) License: (MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0 @@ -54,10 +54,13 @@ Patch19: ntp-ENOBUFS.patch Patch20: ntp-sntp-dst.patch Patch21: ntp-4.2.6p2-ntpq-speedup-782060.patch -Patch22: ntp-sigchld.patch +Patch22: ntp-openssl-version.patch Patch23: ntp-processname.patch Patch24: ntp-daemonize.patch Patch25: ntp-usrgrp-resolver.patch +Patch26: ntp-sntp-a.patch +Patch27: ntp-netlink.patch +Patch28: ntp-trap.patch BuildRequires: autoconf BuildRequires: avahi-compat-mDNSResponder-devel @@ -130,10 +133,13 @@ %patch19 -p1 %patch20 -p1 %patch21 -%patch22 -p1 +%patch22 %patch23 %patch24 %patch25 -p1 +%patch26 +%patch27 +%patch28 # fix DOS line breaks sed -i 's/\r//g' html/scripts/{footer.txt,style.css} ++++++ ntp-4.2.8p8.tar.gz -> ntp-4.2.8p9.tar.gz ++++++ /work/SRC/openSUSE:Factory/ntp/ntp-4.2.8p8.tar.gz /work/SRC/openSUSE:Factory/.ntp.new/ntp-4.2.8p9.tar.gz differ: char 5, line 1 ++++++ ntp-netlink.patch ++++++ --- ntpd/ntp_io.c +++ ntpd/ntp_io.c @@ -4765,9 +4765,7 @@ init_async_notifications() ZERO(sa); sa.nl_family = PF_NETLINK; sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR - | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE - | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE - | RTMGRP_IPV6_MROUTE; + | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE; if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) { msyslog(LOG_ERR, "bind failed on routing socket (%m) - using polled interface update"); ++++++ ntp-openssl-version.patch ++++++ --- libntp/ssl_init.c.orig +++ libntp/ssl_init.c @@ -52,15 +52,6 @@ atexit_ssl_cleanup(void) void ssl_check_version(void) { - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) { - msyslog(LOG_WARNING, - "OpenSSL version mismatch. Built against %lx, you have %lx", - (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); - fprintf(stderr, - "OpenSSL version mismatch. Built against %lx, you have %lx\n", - (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); - } - INIT_SSL(); } ++++++ ntp-sntp-a.patch ++++++ --- sntp/main.c.orig +++ sntp/main.c @@ -379,7 +379,6 @@ handle_lookup( { struct addrinfo hints; /* Local copy is OK */ struct dns_ctx *ctx; - long l; char * name_copy; size_t name_sz; size_t octets; @@ -407,9 +406,8 @@ handle_lookup( ctx->timeout = response_tv; /* The following should arguably be passed in... */ - if (ENABLED_OPT(AUTHENTICATION) && - atoint(OPT_ARG(AUTHENTICATION), &l)) { - ctx->key_id = l; + if (ENABLED_OPT(AUTHENTICATION)) { + ctx->key_id = OPT_VALUE_AUTHENTICATION; get_key(ctx->key_id, &ctx->key); } else { ctx->key_id = -1; ++++++ ntp-trap.patch ++++++ --- ntpd/ntp_config.c +++ ntpd/ntp_config.c @@ -4315,11 +4315,11 @@ config_ntpd( config_mdnstries(ptree); config_setvar(ptree); config_ttl(ptree); - config_trap(ptree); config_vars(ptree); io_open_sockets(); + config_trap(ptree); config_other_modes(ptree); config_peers(ptree); config_unpeers(ptree);