This project is archived. Its data is read-only.

Commit c765a7fa authored Apr 07, 2015 by Gustavo Zacarias Committed by Thomas Petazzoni Apr 07, 2015

ntp: security bump to version 4.2.8p2



Fixes:
CVE-2015-1798 - ntpd accepts unauthenticated packets with symmetric key
crypto.
CVE-2015-1799 -  Authentication doesn't protect symmetric associations
against DoS attacks.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

parent 6bf9e233

package/ntp/ntp.hash

+2 −2

Original line number	Diff line number	Diff line
		# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p1.tar.gz.md5
		md5 65d8cdfae4722226fbe29863477641ed ntp-4.2.8p1.tar.gz
		# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p2.tar.gz.md5
		md5 fa37049383316322d060ec9061ac23a9 ntp-4.2.8p2.tar.gz

package/ntp/ntp.mk

+1 −1

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@
		################################################################################

		NTP_VERSION_MAJOR = 4.2
		NTP_VERSION = $(NTP_VERSION_MAJOR).8p1
		NTP_VERSION = $(NTP_VERSION_MAJOR).8p2
		NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
		NTP_DEPENDENCIES = host-pkgconf libevent
		NTP_LICENSE = ntp license