ntp: security bump to version 4.2.8

Fixes:

CVE-2014-9293 - ntpd generated a weak key for its internal use, with
full administrative privileges.  Attackers could use this key to
reconfigure ntpd (or to exploit other vulnerabilities).

CVE-2014-9294 - The ntp-keygen utility generated weak MD5 keys with
insufficient entropy.

CVE-2014-9295 - ntpd had several buffer overflows (both on the stack and
in the data section), allowing remote authenticated attackers to crash
ntpd or potentially execute arbitrary code.

CVE-2014-9296 - The general packet processing function in ntpd did not
handle an error case correctly.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

1 files changed, 0 insertions, 33 deletions

diff --git a/package/ntp/ntp-001-adjtimex.patch b/package/ntp/ntp-001-adjtimex.patch
deleted file mode 100644
index 40625fa18f..0000000000
--- a/package/ntp/ntp-001-adjtimex.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-https://support.ntp.org/bugs/show_bug.cgi?id=769
-http://bugs.gentoo.org/254030
-
---- ntp/util/tickadj.c
-+++ ntp/util/tickadj.c
-@@ -21,7 +21,8 @@
- # include <unistd.h>
- #endif /* HAVE_UNISTD_H */
- 
--#ifdef HAVE___ADJTIMEX		/* Linux */
-+/* proper handling here has been moved to upstream ntp bugzilla */
-+#ifdef linux
- 
- #include <sys/timex.h>
- struct timex txc;
-@@ -91,7 +92,7 @@
- 	}
- 
- 	if (!errflg) {
--		if (__adjtimex(&txc) < 0)
-+		if (adjtimex(&txc) < 0)
- 			perror("adjtimex");
- 		else if (!quiet)
- 			printf("tick     = %ld\ntick_adj = %d\n",
-@@ -146,7 +147,7 @@
- #endif
- 	}
-     
--	if (__adjtimex(&txc) < 0)
-+	if (adjtimex(&txc) < 0)
- 	{
- 		perror("adjtimex");
- 	}