Hello community, here is the log from the commit of package ntp for openSUSE:Factory checked in at 2020-06-27 23:21:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ntp (Old) and /work/SRC/openSUSE:Factory/.ntp.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ntp" Sat Jun 27 23:21:33 2020 rev:124 rq:817085 version:4.2.8p15 Changes: -------- --- /work/SRC/openSUSE:Factory/ntp/ntp.changes 2020-01-30 09:39:11.593419221 +0100 +++ /work/SRC/openSUSE:Factory/.ntp.new.3060/ntp.changes 2020-06-27 23:21:36.469630450 +0200 @@ -1,0 +2,75 @@ +Thu Jun 25 13:56:55 UTC 2020 - Reinhard Max <[email protected]> + +- Update to 4.2.8p15 +- Fixed security issues: + * bsc#1169740, CVE-2020-11868: + DoS on client ntpd using server mode packet + * bsc#1171355, CVE-2018-8956: remote attackers may prevent a + broadcast client from synchronizing its clock with a broadcast + NTP server via spoofed mode 3 and mode 5 packets. + * bsc#1172651, CVE-2020-13817: vulnerable to off-path attack + * bsc#1173334, CVE-2020-15025: Remote DoS when CMAC key is used +- Bugfixes in 4.2.8p15 and 4.2.8p14 include: + * [Bug 3667] decodenetnum fails with numeric port + * [Bug 3666] avoid unlimited receive buffer allocation + * [Bug 3660] Manycast orphan mode startup discovery problem. + * [Bug 3655] ntpdc memstats hash counts + * [Bug 3653] Refclock jitter RMS calculation + * [Bug 3646] Avoid sync with unsync orphan + * [Bug 3644] Unsynchronized server [...] selected as candidate + * [Bug 3636] NMEA: combine time/date from multiple sentences + * [Bug 3635] Make leapsecond file hash check optional + * [Bug 3628] raw DCF decoding - improve robustness + * [Bug 3620] memory leak in ntpq sysinfo + * [Bug 3619] Honour drefid setting in cooked mode and sysinfo + * [Bug 3617] Add support for ACE III and Copernicus II receivers + * [Bug 3615] accelerate refclock startup + * [Bug 3613] Propagate noselect to mobilized pool servers + * [Bug 3612] Use-of-uninitialized-value in receive function + * [Bug 3611] NMEA time interpreted incorrectly + * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter + * [Bug 3604] Wrong param byte order passing into + record_raw_stats() in ntp_io.c + * [Bug 3594] ntpd discards messages coming through nmead + * [Bug 3593] ntpd discards silently nmea messages after the 5th string + * [Bug 3590] Update refclock_oncore.c to the new GPS date API + * [Bug 3583] synchronization error - set clock to base date + if system time is before that limit + * [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled + * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) + * [Bug 3577] Update refclock_zyfer.c to the new GPS date API + * [Bug 3576] New GPS date function API + * [Bug 3573] nptdate: missleading error message + * [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' + * [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH + * [Bug 3542] ntpdc monlist parameters cannot be set + * [Bug 3533] ntpdc peer_info ipv6 issues + * [Bug 3531] make check: test-decodenetnum fails + * [Bug 3515] Refactor ntpdmain() dispatcher loop and group + common code + * [Bug 3491] Signed values of LFP datatypes should always + display a sign + * [Bug 3490] Patch to support Trimble Resolution Receivers + * [Bug 3473] RefID of refclocks should always be text format + * [Bug 3094] ntpd trying to listen for broadcasts on a + completely ipv6 network + * [Bug 2420] ntpd doesn't run and exits with retval 0 when + invalid user is specified with -u + * [Bug 1433] runtime check whether the kernel really supports + capabilities + * Provide more detail on unrecognized config file parser tokens. + * Startup log improvements. +- Obsoleted patches: + * ntp-4.2.6p2-ntpq-speedup-782060.patch + * ntp-daemonize.patch + * ntp-reproducible.patch +- Silence an OpenSSL version warning (bsc#992038, + ntp-openssl-version.patch). + +------------------------------------------------------------------- +Wed Jun 17 08:26:47 UTC 2020 - Dominique Leuenberger <[email protected]> + +- Properly use %{_libexecdir} to package the legacy initscript + action scripts. + +------------------------------------------------------------------- Old: ---- ntp-4.2.6p2-ntpq-speedup-782060.patch ntp-4.2.8p13.tar.gz ntp-daemonize.patch ntp-reproducible.patch New: ---- ntp-4.2.8p15.tar.gz ntp-openssl-version.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ntp.spec ++++++ --- /var/tmp/diff_new_pack.Rdy1jv/_old 2020-06-27 23:21:37.849634987 +0200 +++ /var/tmp/diff_new_pack.Rdy1jv/_new 2020-06-27 23:21:37.849634987 +0200 @@ -23,7 +23,7 @@ %define ntpfaqversion 3.4 Name: ntp -Version: 4.2.8p13 +Version: 4.2.8p15 Release: 0 Summary: Network Time Protocol daemon (version 4) License: (MIT AND BSD-3-Clause AND BSD-4-Clause) AND GPL-2.0-only @@ -53,12 +53,10 @@ Patch18: bnc#574885.diff Patch19: ntp-ENOBUFS.patch Patch20: ntp-sntp-dst.patch -Patch21: ntp-4.2.6p2-ntpq-speedup-782060.patch -Patch24: ntp-daemonize.patch +Patch23: ntp-openssl-version.patch Patch27: ntp-netlink.patch Patch29: ntp-pathfind.patch Patch30: ntp-move-kod-file.patch -Patch32: ntp-reproducible.patch Patch33: ntp-sntp-libevent.patch BuildRequires: avahi-compat-mDNSResponder-devel @@ -129,12 +127,10 @@ %patch18 %patch19 -p1 %patch20 -p1 -%patch21 -%patch24 +%patch23 %patch27 %patch29 %patch30 -%patch32 -p1 %patch33 # fix DOS line breaks @@ -195,9 +191,9 @@ install -m 0644 -D %{SOURCE9} %{buildroot}/%{_unitdir}/ntp-wait.service install -d %{buildroot}%{_prefix}/sbin install -m 755 -D %{SOURCE8} %{buildroot}%{_sbindir}/start-ntpd -%__install -d %{buildroot}/usr/lib/initscripts/legacy-actions/ntpd +%__install -d %{buildroot}%{_libexecdir}/initscripts/legacy-actions/ntpd for f in ntptimeset addserver; do - F=%{buildroot}/usr/lib/initscripts/legacy-actions/ntpd/$f + F=%{buildroot}%{_libexecdir}/initscripts/legacy-actions/ntpd/$f cat >$F <<-EOF #!/bin/bash exec /usr/sbin/start-ntpd $f "\$@" @@ -379,7 +375,7 @@ %{_sbindir}/* %{_datadir}/ntp %if 0%{?suse_version} > 1310 -/usr/lib/initscripts/legacy-actions/ntpd +%{_libexecdir}/initscripts/legacy-actions/ntpd %else /usr/lib/initscripts %endif ++++++ ntp-4.2.8p13.tar.gz -> ntp-4.2.8p15.tar.gz ++++++ /work/SRC/openSUSE:Factory/ntp/ntp-4.2.8p13.tar.gz /work/SRC/openSUSE:Factory/.ntp.new.3060/ntp-4.2.8p15.tar.gz differ: char 5, line 1 ++++++ ntp-openssl-version.patch ++++++ --- libntp/ssl_init.c.orig +++ libntp/ssl_init.c @@ -67,18 +67,6 @@ ssl_init(void) void ssl_check_version(void) { - u_long v; - - v = OpenSSL_version_num(); - if ((v ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) { - msyslog(LOG_WARNING, - "OpenSSL version mismatch. Built against %lx, you have %lx", - (u_long)OPENSSL_VERSION_NUMBER, v); - fprintf(stderr, - "OpenSSL version mismatch. Built against %lx, you have %lx\n", - (u_long)OPENSSL_VERSION_NUMBER, v); - } - INIT_SSL(); }
