Hello community, here is the log from the commit of package ntp for openSUSE:Factory checked in at 2018-03-19 23:31:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ntp (Old) and /work/SRC/openSUSE:Factory/.ntp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ntp" Mon Mar 19 23:31:09 2018 rev:113 rq:586702 version:4.2.8p11 Changes: -------- --- /work/SRC/openSUSE:Factory/ntp/ntp.changes 2018-01-16 09:24:09.124839692 +0100 +++ /work/SRC/openSUSE:Factory/.ntp.new/ntp.changes 2018-03-19 23:31:10.908929735 +0100 @@ -1,0 +2,22 @@ +Wed Feb 28 09:47:40 UTC 2018 - [email protected] + +- Update to 4.2.8p11 (bsc#1082210): + * CVE-2016-1549: Sybil vulnerability: ephemeral association + attack. While fixed in ntp-4.2.8p7, there are significant + additional protections for this issue in 4.2.8p11. + * CVE-2018-7182, bsc#1083426: ctl_getitem(): buffer read overrun + leads to undefined behavior and information leak. + * CVE-2018-7170, bsc#1083424: Multiple authenticated ephemeral + associations. + * CVE-2018-7184, bsc#1083422: Interleaved symmetric mode cannot + recover from bad state. + * CVE-2018-7185, bsc#1083420: Unauthenticated packet can reset + authenticated interleaved association. + * CVE-2018-7183, bsc#1083417: ntpq:decodearr() can write beyond + its buffer limit. + * Obsoletes these patches: ntp-sntp-a.patch, ntp-warnings.patch +- Remove dead code from conf.start-ntpd (bsc#1082063). +- Don't use libevent's cached time stamps in sntp. + (bsc#1077445, ntp-sntp-libevent.patch) + +------------------------------------------------------------------- Old: ---- ntp-4.2.8p10.tar.gz ntp-sntp-a.patch ntp-warnings.patch New: ---- ntp-4.2.8p11.tar.gz ntp-sntp-libevent.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ntp.spec ++++++ --- /var/tmp/diff_new_pack.0v3ama/_old 2018-03-19 23:31:11.936892651 +0100 +++ /var/tmp/diff_new_pack.0v3ama/_new 2018-03-19 23:31:11.940892507 +0100 @@ -23,7 +23,7 @@ %define ntpfaqversion 3.4 Name: ntp -Version: 4.2.8p10 +Version: 4.2.8p11 Release: 0 Summary: Network Time Protocol daemon (version 4) License: (MIT and BSD-3-Clause and BSD-4-Clause) and GPL-2.0 @@ -58,12 +58,11 @@ Patch21: ntp-4.2.6p2-ntpq-speedup-782060.patch Patch24: ntp-daemonize.patch Patch25: ntp-usrgrp-resolver.patch -Patch26: ntp-sntp-a.patch Patch27: ntp-netlink.patch Patch29: ntp-pathfind.patch Patch30: ntp-move-kod-file.patch -Patch31: ntp-warnings.patch Patch32: ntp-reproducible.patch +Patch33: ntp-sntp-libevent.patch BuildRequires: autoconf BuildRequires: avahi-compat-mDNSResponder-devel @@ -139,12 +138,11 @@ %patch21 %patch24 %patch25 -%patch26 %patch27 %patch29 %patch30 -%patch31 %patch32 -p1 +%patch33 # fix DOS line breaks sed -i 's/\r//g' html/scripts/{footer.txt,style.css} ++++++ conf.start-ntpd ++++++ --- /var/tmp/diff_new_pack.0v3ama/_old 2018-03-19 23:31:12.392876201 +0100 +++ /var/tmp/diff_new_pack.0v3ama/_new 2018-03-19 23:31:12.396876057 +0100 @@ -60,28 +60,6 @@ /sbin/hwclock --systohc $HWCLOCK return $? fi - if test -z "$(/sbin/modprobe -l rtc_cmos)" ; then - /sbin/hwclock --systohc $HWCLOCK - return $? - fi - local temprules=/dev/.udev/rules.d - local uevseqnum=/sys/kernel/uevent_seqnum - local rule=$temprules/95-rtc-cmos.rules - local -i start=0 end=0 - /bin/mkdir -m 0755 -p $temprules - echo ACTION==\"add\", KERNEL==\"rtc0\", RUN=\"/sbin/hwclock --systohc $HWCLOCK --rtc=\$env{DEVNAME}\" > $rule - test -e $uevseqnum && read -t 1 start < $uevseqnum - if /sbin/modprobe -q rtc_cmos ; then - test -e $uevseqnum && read -t 1 end < $uevseqnum - if test $start -lt $end ; then - /sbin/udevadm settle --quiet --seq-start=$start --seq-end=$end - else - /sbin/udevadm settle --quiet - fi - else - rm -f $rule - /sbin/hwclock --systohc $HWCLOCK - fi } fi fi ++++++ ntp-4.2.8p10.tar.gz -> ntp-4.2.8p11.tar.gz ++++++ /work/SRC/openSUSE:Factory/ntp/ntp-4.2.8p10.tar.gz /work/SRC/openSUSE:Factory/.ntp.new/ntp-4.2.8p11.tar.gz differ: char 5, line 1 ++++++ ntp-sntp-libevent.patch ++++++ --- sntp/main.c.orig +++ sntp/main.c @@ -118,7 +118,6 @@ void set_li_vn_mode(struct pkt *spkt, ch int set_time(double offset); void dec_pending_ntp(const char *, sockaddr_u *); int libevent_version_ok(void); -int gettimeofday_cached(struct event_base *b, struct timeval *tv); /* @@ -271,7 +270,7 @@ sntp_main ( for (i = 0; i < argc; ++i) handle_lookup(argv[i], CTX_UCST); - gettimeofday_cached(base, &start_tv); + gettimeofday(&start_tv, NULL); event_base_dispatch(base); event_base_free(base); @@ -571,7 +570,7 @@ queue_xmt( xctx = emalloc_zero(sizeof(*xctx)); xctx->sock = sock; xctx->spkt = spkt; - gettimeofday_cached(base, &start_cb); + gettimeofday(&start_cb, NULL); xctx->sched = start_cb.tv_sec + (2 * xmt_delay); LINK_SORT_SLIST(xmt_q, xctx, (xctx->sched < L_S_S_CUR()->sched), @@ -621,7 +620,7 @@ xmt_timer_cb( if (NULL == xmt_q || shutting_down) return; - gettimeofday_cached(base, &start_cb); + gettimeofday(&start_cb, NULL); if (xmt_q->sched <= start_cb.tv_sec) { UNLINK_HEAD_SLIST(x, xmt_q, link); TRACE(2, ("xmt_timer_cb: at .%6.6u -> %s\n", @@ -708,7 +707,7 @@ timeout_queries(void) TRACE(3, ("timeout_queries: called to check %u items\n", (unsigned)COUNTOF(fam_listheads))); - gettimeofday_cached(base, &start_cb); + gettimeofday(&start_cb, NULL); for (idx = 0; idx < COUNTOF(fam_listheads); idx++) { head = fam_listheads[idx]; for (spkt = head; spkt != NULL; spkt = spkt_next) { @@ -1224,7 +1223,7 @@ handle_pkt( TRACE(3, ("handle_pkt: %d bytes from %s %s\n", rpktl, stoa(host), hostname)); - gettimeofday_cached(base, &tv_dst); + gettimeofday(&tv_dst, NULL); p_SNTP_PRETEND_TIME = getenv("SNTP_PRETEND_TIME"); if (p_SNTP_PRETEND_TIME) { @@ -1513,98 +1512,3 @@ libevent_version_ok(void) } return 1; } - -/* - * gettimeofday_cached() - * - * Clones the event_base_gettimeofday_cached() interface but ensures the - * times are always on the gettimeofday() 1970 scale. Older libevent 2 - * sometimes used gettimeofday(), sometimes the since-system-start - * clock_gettime(CLOCK_MONOTONIC), depending on the platform. - * - * It is not cleanly possible to tell which timescale older libevent is - * using. - * - * The strategy involves 1 hour thresholds chosen to be far longer than - * the duration of a round of libevent callbacks, which share a cached - * start-of-round time. First compare the last cached time with the - * current gettimeofday() time. If they are within one hour, libevent - * is using the proper timescale so leave the offset 0. Otherwise, - * compare libevent's cached time and the current time on the monotonic - * scale. If they are within an hour, libevent is using the monotonic - * scale so calculate the offset to add to such times to bring them to - * gettimeofday()'s scale. - */ -int -gettimeofday_cached( - struct event_base * b, - struct timeval * caller_tv - ) -{ -#if defined(_EVENT_HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC) - static struct event_base * cached_b; - static struct timeval cached; - static struct timeval adj_cached; - static struct timeval offset; - static int offset_ready; - struct timeval latest; - struct timeval systemt; - struct timespec ts; - struct timeval mono; - struct timeval diff; - int cgt_rc; - int gtod_rc; - - event_base_gettimeofday_cached(b, &latest); - if (b == cached_b && - !memcmp(&latest, &cached, sizeof(latest))) { - *caller_tv = adj_cached; - return 0; - } - cached = latest; - cached_b = b; - if (!offset_ready) { - cgt_rc = clock_gettime(CLOCK_MONOTONIC, &ts); - gtod_rc = gettimeofday(&systemt, NULL); - if (0 != gtod_rc) { - msyslog(LOG_ERR, - "%s: gettimeofday() error %m", - progname); - exit(1); - } - diff = sub_tval(systemt, latest); - if (debug > 1) - printf("system minus cached %+ld.%06ld\n", - (long)diff.tv_sec, (long)diff.tv_usec); - if (0 != cgt_rc || labs((long)diff.tv_sec) < 3600) { - /* - * Either use_monotonic == 0, or this libevent - * has been repaired. Leave offset at zero. - */ - } else { - mono.tv_sec = ts.tv_sec; - mono.tv_usec = ts.tv_nsec / 1000; - diff = sub_tval(latest, mono); - if (debug > 1) - printf("cached minus monotonic %+ld.%06ld\n", - (long)diff.tv_sec, (long)diff.tv_usec); - if (labs((long)diff.tv_sec) < 3600) { - /* older libevent2 using monotonic */ - offset = sub_tval(systemt, mono); - TRACE(1, ("%s: Offsetting libevent CLOCK_MONOTONIC times by %+ld.%06ld\n", - "gettimeofday_cached", - (long)offset.tv_sec, - (long)offset.tv_usec)); - } - } - offset_ready = TRUE; - } - adj_cached = add_tval(cached, offset); - *caller_tv = adj_cached; - - return 0; -#else - return event_base_gettimeofday_cached(b, caller_tv); -#endif -} -
