This project is archived. Its data is read-only.

Commit 513c314d authored Jan 08, 2016 by Gustavo Zacarias Committed by Peter Korsgaard Jan 08, 2016

ntp: security bump to version 4.2.8p5



Fixes:
CVE-2015-5300 - MITM attacker can force ntpd to make a step larger than
the panic threshold.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

parent 9bff092e

package/ntp/ntp.hash

+3 −3

Original line number	Diff line number	Diff line
		# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p4.tar.gz.md5
		md5 6af96862b09324a8ef965ca76b759c8b ntp-4.2.8p4.tar.gz
		# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p5.tar.gz.md5
		md5 9f02b2a0acc1617ce2716d529a58d2d8 ntp-4.2.8p5.tar.gz
		# Calculated based on the hash above
		sha256 0d6961572548d2c4af96f58f763e22ac620f5afef717384ddc317a0e365cfdb9 ntp-4.2.8p4.tar.gz
		sha256 ca28baf4f6bb6fabdc1b62fd1dcec412be2e621192b40466a469a2496164f696 ntp-4.2.8p5.tar.gz

package/ntp/ntp.mk

+1 −1

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@
		################################################################################

		NTP_VERSION_MAJOR = 4.2
		NTP_VERSION = $(NTP_VERSION_MAJOR).8p4
		NTP_VERSION = $(NTP_VERSION_MAJOR).8p5
		NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
		NTP_DEPENDENCIES = host-pkgconf libevent $(if $(BR2_PACKAGE_BUSYBOX),busybox)
		NTP_LICENSE = ntp license