Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ntp for openSUSE:Factory checked in at 2023-06-14 16:29:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ntp (Old) and /work/SRC/openSUSE:Factory/.ntp.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ntp" Wed Jun 14 16:29:24 2023 rev:137 rq:1092906 version:4.2.8p17 Changes: -------- --- /work/SRC/openSUSE:Factory/ntp/ntp.changes 2023-05-06 22:09:42.756890724 +0200 +++ /work/SRC/openSUSE:Factory/.ntp.new.15902/ntp.changes 2023-06-14 16:30:32.686912768 +0200 @@ -1,0 +2,20 @@ +Wed Jun 7 09:12:40 UTC 2023 - Reinhard Max <m...@suse.com> + +- Update to 4.2.8p17: + * Fix some regressions of 4.2.8p16 +- Update to 4.2.8p16: + * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date + * [Sec 3807], bsc#1210390, CVE-2023-26555: + praecis_parse() in the Palisade refclock driver has a + hypothetical input buffer overflow. + * [Sec 3767] An OOB KoD RATE value triggers an assertion when + debug is enabled. + * Obsoletes: ntp-CVE-2023-26551.patch, ntp-sntp-dst.patch, + ntp-ENOBUFS.patch + * Multiple bug fixes and improvements. For details, see: + /usr/share/doc/packages/ntp/ChangeLog + http://www.ntp.org/support/securitynotice/4_2_8-series-changelog/ +- Follow upstream's suggestion to build with debugging disabled: + https://www.ntp.org/support/securitynotice/ntpbug3767/ + +------------------------------------------------------------------- Old: ---- ntp-4.2.8p15.tar.gz ntp-CVE-2023-26551.patch ntp-ENOBUFS.patch ntp-sntp-dst.patch New: ---- ntp-4.2.8p17.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ntp.spec ++++++ --- /var/tmp/diff_new_pack.0b4y2b/_old 2023-06-14 16:30:34.914926464 +0200 +++ /var/tmp/diff_new_pack.0b4y2b/_new 2023-06-14 16:30:34.914926464 +0200 @@ -23,7 +23,7 @@ %define ntpfaqversion 3.4 Name: ntp -Version: 4.2.8p15 +Version: 4.2.8p17 Release: 0 Summary: Network Time Protocol daemon (version 4) License: BSD-3-Clause AND MIT AND BSD-4-Clause AND GPL-2.0-only @@ -51,8 +51,6 @@ Patch15: bnc#506908.diff Patch16: MOD_NANO.diff Patch18: bnc#574885.diff -Patch19: ntp-ENOBUFS.patch -Patch20: ntp-sntp-dst.patch Patch23: ntp-openssl-version.patch Patch27: ntp-netlink.patch Patch29: ntp-pathfind.patch @@ -60,7 +58,6 @@ Patch33: ntp-sntp-libevent.patch Patch34: testdcf-gude.diff Patch35: ntp-clarify-interface.patch -Patch36: ntp-CVE-2023-26551.patch BuildRequires: avahi-compat-mDNSResponder-devel BuildRequires: fdupes @@ -140,8 +137,6 @@ %patch15 %patch16 %patch18 -%patch19 -p1 -%patch20 -p1 %patch23 %patch27 %patch29 @@ -149,7 +144,6 @@ %patch33 %patch34 -p1 %patch35 -%patch36 # fix DOS line breaks sed -i 's/\r//g' html/scripts/{footer.txt,style.css} @@ -168,6 +162,7 @@ --with-binsubdir=bin \ --bindir=%{_sbindir} \ --htmldir=%{_docdir}/ntp-doc \ + --disable-debugging \ --enable-parse-clocks \ --enable-all-clocks \ --enable-linuxcaps \ ++++++ bnc#574885.diff ++++++ --- /var/tmp/diff_new_pack.0b4y2b/_old 2023-06-14 16:30:34.962926759 +0200 +++ /var/tmp/diff_new_pack.0b4y2b/_new 2023-06-14 16:30:34.966926783 +0200 @@ -1,7 +1,7 @@ -Index: lib/isc/unix/interfaceiter.c +Index: libntp/lib/isc/unix/interfaceiter.c =================================================================== ---- lib/isc/unix/interfaceiter.c.orig -+++ lib/isc/unix/interfaceiter.c +--- libntp/lib/isc/unix/interfaceiter.c.orig ++++ libntp/lib/isc/unix/interfaceiter.c @@ -147,7 +147,7 @@ get_addr(unsigned int family, isc_netadd #ifdef __linux ++++++ ntp-4.2.8p15.tar.gz -> ntp-4.2.8p17.tar.gz ++++++ /work/SRC/openSUSE:Factory/ntp/ntp-4.2.8p15.tar.gz /work/SRC/openSUSE:Factory/.ntp.new.15902/ntp-4.2.8p17.tar.gz differ: char 5, line 1 ++++++ ntp-pathfind.patch ++++++ --- /var/tmp/diff_new_pack.0b4y2b/_old 2023-06-14 16:30:35.110927669 +0200 +++ /var/tmp/diff_new_pack.0b4y2b/_new 2023-06-14 16:30:35.114927693 +0200 @@ -1,19 +1,19 @@ --- sntp/libopts/init.c.orig +++ sntp/libopts/init.c -@@ -33,6 +33,8 @@ static tSuccess - do_presets(tOptions * opts); - /* = = = END-STATIC-FORWARD = = = */ +@@ -28,6 +28,8 @@ + * 13aa749a5b0a454917a944ed8fffc530b784f5ead522b1aacaf4ec8aa55a6239 COPYING.mbsd + */ +#define PROC_BINARY "/proc/self/exe" + /** * Make sure the option descriptor is there and that we understand it. * This should be called from any user entry point where one needs to -@@ -104,7 +106,13 @@ validate_struct(tOptions * opts, char co +@@ -100,7 +102,13 @@ validate_struct(tOptions * opts, char co else *pp = pname; -- pz = pathfind(getenv("PATH"), pname, "rx"); +- pz = pathfind(getenv("PATH"), (char *)pname, "rx"); +#if defined(HAVE_CANONICALIZE_FILE_NAME) + pz = canonicalize_file_name(PROC_BINARY); +#elif defined(HAVE_REALPATH)
