CVS commit: [pkgsrc-2015Q2] pkgsrc/net/ntp4

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2015Q2] pkgsrc/net/ntp4
From: "Matthias Scheler" <tron%netbsd.org@localhost>
Date: Sun, 12 Jul 2015 08:58:44 +0000

Module Name:    pkgsrc
Committed By:   tron
Date:           Sun Jul 12 08:58:43 UTC 2015

Modified Files:
        pkgsrc/net/ntp4 [pkgsrc-2015Q2]: Makefile PLIST distinfo

Log Message:
Pullup ticket #4764 - requested by taca
net/ntp4: security update

Revisions pulled up:
- net/ntp4/Makefile                                             1.87
- net/ntp4/PLIST                                                1.19
- net/ntp4/distinfo                                             1.22

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Tue Jun 30 16:08:21 UTC 2015

   Modified Files:
        pkgsrc/net/ntp4: Makefile PLIST distinfo

   Log Message:
   Update ntp4 to 4.2.8p3.

   Please refer NEWS and ChangeLog for full changes.

   NTP 4.2.8p3 (Harlan Stenn <stenn%ntp.org@localhost>, 2015/06/29)

   Focus: 1 Security fix.  Bug fixes and enhancements.  Leap-second improvements.

   Severity: MEDIUM

   Security Fix:

   * [Sec 2853] Crafted remote config packet can crash some versions of
     ntpd.  Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn.

   Under specific circumstances an attacker can send a crafted packet to
   cause a vulnerable ntpd instance to crash. This requires each of the
   following to be true:

   1) ntpd set up to allow remote configuration (not allowed by default), and
   2) knowledge of the configuration password, and
   3) access to a computer entrusted to perform remote configuration.

   This vulnerability is considered low-risk.

   New features in this release:

   Optional (disabled by default) support to have ntpd provide smeared
   leap second time.  A specially built and configured ntpd will only
   offer smeared time in response to client packets.  These response
   packets will also contain a "refid" of 254.a.b.c, where the 24 bits
   of a, b, and c encode the amount of smear in a 2:22 integer:fraction
   format.  See README.leapsmear and http://bugs.ntp.org/2855 for more
   information.

      *IF YOU CHOOSE TO CONFIGURE NTPD TO PROVIDE LEAP SMEAR TIME*
      *BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.*

   We've imported the Unity test framework, and have begun converting
   the existing google-test items to this new framework.  If you want
   to write new tests or change old ones, you'll need to have ruby
   installed.  You don't need ruby to run the test suite.


To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.86.2.1 pkgsrc/net/ntp4/Makefile
cvs rdiff -u -r1.18 -r1.18.2.1 pkgsrc/net/ntp4/PLIST
cvs rdiff -u -r1.21 -r1.21.2.1 pkgsrc/net/ntp4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: [pkgsrc-2015Q2] pkgsrc/textproc/libxml2
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: [pkgsrc-2015Q2] pkgsrc/textproc/libxml2
Indexes:

Home | Main Index | Thread Index | Old Index