<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking/recipes-support/ntp, branch pyro</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=pyro</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=pyro'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2017-04-25T14:24:47+00:00</updated>
<entry>
<title>ntp: update to 4.2.8.p10</title>
<updated>2017-04-25T14:24:47+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster@mvista.com</email>
</author>
<published>2017-03-24T16:22:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=01511d4cdedb696486f29d328a0289694661448d'/>
<id>urn:sha1:01511d4cdedb696486f29d328a0289694661448d</id>
<content type='text'>
LICENSE_FILE md5 changed do to copyright date change.

NTF's NTP Project is releasing ntp-4.2.8p10, which addresses:

    6 MEDIUM severity vulnerabilities (1 is about the Windows PPSAPI DLL)
    5 LOW severity vulnerabilities (2 are in the Windows Installer)
    4 Informational-level vulnerabilities

    15 other non-security fixes and improvements

All of the security issues in this release are listed in VU#633849.

ntp-4.2.8p10 was released on 21 March 2017.

Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via Malformed Config (Pentest report 01.2017)
Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Pentest report 01.2017)
Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Pentest report 01.2017)
Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value (Pentest report 01.2017)
Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Pentest report 01.2017)
Sec 3384 / CVE-2017-6455 / VU#325339: NTP-01-009 NTP: Windows: Privileged execution of User Library code (Pentest report 01.2017)
Sec 3383 / CVE-2017-6452 / VU#325339: NTP-01-008 NTP: Windows Installer: Stack Buffer Overflow from Command Line (Pentest report 01.2017)
Sec 3382 / CVE-2017-6459 / VU#325339: NTP-01-007 NTP: Windows Installer: Data Structure terminated insufficiently (Pentest report 01.2017)
Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code (Pentest report 01.2017)
Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Pentest report 01.2017)
Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Pentest report 01.2017)
Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf() in mx4200_send() (Pentest report 01.2017)
Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq when fetching reslist (Pentest report 01.2017)
Sec 3376: NTP-01-001 Makefile does not enforce Security Flags (Pentest report 01.2017)
Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin

Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
</content>
</entry>
<entry>
<title>Make use of the new bb.utils.filter() function</title>
<updated>2017-03-07T12:30:26+00:00</updated>
<author>
<name>Peter Kjellerstedt</name>
<email>peter.kjellerstedt@axis.com</email>
</author>
<published>2017-03-01T17:30:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=0c31f55bcfd6630d894dd2dda6ca483bea5de4ab'/>
<id>urn:sha1:0c31f55bcfd6630d894dd2dda6ca483bea5de4ab</id>
<content type='text'>
Signed-off-by: Peter Kjellerstedt &lt;peter.kjellerstedt@axis.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
</content>
</entry>
<entry>
<title>ntp: update to version 4.8p9</title>
<updated>2016-12-14T14:20:10+00:00</updated>
<author>
<name>Joe Slater</name>
<email>jslater@windriver.com</email>
</author>
<published>2016-11-28T22:12:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=1404d793d90efa6c29dd4a37196f0c0699bc3b27'/>
<id>urn:sha1:1404d793d90efa6c29dd4a37196f0c0699bc3b27</id>
<content type='text'>
This fixes two CVE defects.

Signed-off-by: Joe Slater &lt;jslater@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
</content>
</entry>
<entry>
<title>ntp : Add openssl to default PACKAGECONFIG options</title>
<updated>2016-10-20T15:17:38+00:00</updated>
<author>
<name>Jackie Huang</name>
<email>jackie.huang@windriver.com</email>
</author>
<published>2016-09-28T02:17:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=812e940fd23c2a61fdba11904b03e407bd05f664'/>
<id>urn:sha1:812e940fd23c2a61fdba11904b03e407bd05f664</id>
<content type='text'>
Add openssl to default PACKAGECONFIG options so ntp
is configured to have crypto support by default.

Signed-off-by: Jackie Huang &lt;jackie.huang@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
</content>
</entry>
<entry>
<title>ntp: control ipv6 support based on DISTRO_FEATURES</title>
<updated>2016-09-05T17:34:12+00:00</updated>
<author>
<name>Jackie Huang</name>
<email>jackie.huang@windriver.com</email>
</author>
<published>2016-08-24T09:06:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=23b7656cc8028bf3b2854f7127cceea125ba3c54'/>
<id>urn:sha1:23b7656cc8028bf3b2854f7127cceea125ba3c54</id>
<content type='text'>
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.

Signed-off-by: Jackie Huang &lt;jackie.huang@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
</content>
</entry>
<entry>
<title>ntp: make ntp and alternative for ntpd</title>
<updated>2016-08-05T13:13:18+00:00</updated>
<author>
<name>Pascal Bach</name>
<email>pascal.bach@siemens.com</email>
</author>
<published>2016-08-04T07:54:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=bc8fd52a5c0fa4125e6f8137056988cae9332b6c'/>
<id>urn:sha1:bc8fd52a5c0fa4125e6f8137056988cae9332b6c</id>
<content type='text'>
This way ntp can be used as an alternative to ntpd from busybox

Signed-off-by: Pascal Bach &lt;pascal.bach@siemens.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
</content>
</entry>
<entry>
<title>ntp: Security fixes via Upgrade to 4.2.8p8</title>
<updated>2016-06-15T23:52:21+00:00</updated>
<author>
<name>fan.xin</name>
<email>fan.xin@jp.fujitsu.com</email>
</author>
<published>2016-06-07T09:18:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=13db3c65f525a6c87cd51961c3c1816e059478b9'/>
<id>urn:sha1:13db3c65f525a6c87cd51961c3c1816e059478b9</id>
<content type='text'>
CVE-2016-4957
CVE-2016-4953
CVE-2016-4954
CVE-2016-4955
CVE-2016-4956

For more info to see:
http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi

Signed-off-by: Fan Xin &lt;fan.xin@jp.fujitsu.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
</content>
</entry>
<entry>
<title>ntp: avoid floating dependency on mdns (aka mDNSResponder)</title>
<updated>2016-06-01T23:35:50+00:00</updated>
<author>
<name>Andre McCurdy</name>
<email>armccurdy@gmail.com</email>
</author>
<published>2016-05-19T01:24:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9a13040d7b10b9f7221f8190e75aa249bfacee9d'/>
<id>urn:sha1:9a13040d7b10b9f7221f8190e75aa249bfacee9d</id>
<content type='text'>
An mdns package is provided by meta-intel-iot-middleware.

Signed-off-by: Andre McCurdy &lt;armccurdy@gmail.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
</content>
</entry>
<entry>
<title>ntp: Security fixes via update to 4.2.8p7</title>
<updated>2016-05-05T15:41:28+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster@mvista.com</email>
</author>
<published>2016-05-02T15:59:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8cd5bc534612f064458bcc09d39d666c6912b795'/>
<id>urn:sha1:8cd5bc534612f064458bcc09d39d666c6912b795</id>
<content type='text'>
CVE-2016-1551
CVE-2016-2516
CVE-2016-2517
CVE-2016-2518
CVE-2016-2519
CVE-2016-1547
CVE-2015-7704
CVE-2015-8138
CVE-2016-1550

for more info see:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security

Signed-off-by: Armin Kuster &lt;akuster@mvista.com&gt;
Acked-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
</content>
</entry>
<entry>
<title>ntp: remove empty libexecdir to prevent potential QA issues</title>
<updated>2016-02-29T21:23:34+00:00</updated>
<author>
<name>Mark Asselstine</name>
<email>mark.asselstine@windriver.com</email>
</author>
<published>2016-02-04T20:42:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=346cc53ea34cc516de3441862884840379485008'/>
<id>urn:sha1:346cc53ea34cc516de3441862884840379485008</id>
<content type='text'>
Depending on the configuration used to build ntp it is possible to
have an empty libexecdir. This can cause QA issues. Add a test at the
end of install() to remove libexecdir if it is empty, thus avoiding
the possibility of QA issues, regardless of configuration.

Signed-off-by: Mark Asselstine &lt;mark.asselstine@windriver.com&gt;
Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Joe MacDonald &lt;joe_macdonald@mentor.com&gt;
</content>
</entry>
</feed>
