projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c41229a) | patch
ntp: security bump to version 4.2.8p1
authorBaruch Siach <baruch@tkos.co.il>
Tue, 10 Feb 2015 12:46:37 +0000 (14:46 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 10 Feb 2015 23:35:18 +0000 (00:35 +0100)
commit67b845fcc90ddb738ca3344c2777f4f15fbc366f
treee09734b633a91d41761beca23ce062addd263f70tree
parentc41229af06d759081e56ce762b63436eac786cfacommit | diff
ntp: security bump to version 4.2.8p1

Fixes:

CVE-2014-9297 - vallen is not validated in several places in ntp_crypto.c,
leading to a potential information leak or possibly a crash

CVE-2014-9298 - ::1 can be spoofed on some OSes (including "some versions" of
Linux), so ACLs based on IPv6 ::1 addresses can be bypassed

Drop a patch applied upstream, along with its accompanied AUTORECONF.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/ntp/0001-fix-ntp-keygen-without-openssl.patch [deleted file] blob | history
package/ntp/0001-nano.patch [new file with mode: 0644] blob
package/ntp/0002-nano.patch [deleted file] blob | history
package/ntp/ntp.hash diff | blob | history
package/ntp/ntp.mk diff | blob | history