OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.05 2016-05-02T15:24:10+00:00 2016-05-02T15:24:10+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-05-02T12:21:22+00:00 urn:sha1:ee18216d47e3d1eb5e9f666a5f30d61d5e4bbd97 Fixes: CVE-2016-1551 - Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549 - Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516 - Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517 - Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518 - Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519 - ctl_getitem() return value not always checked CVE-2016-1547 - Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548 - Interleave-pivot - MITIGATION ONLY CVE-2015-7704 - KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138 - Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550 - Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-01-20T14:44:17+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-20T13:18:48+00:00 urn:sha1:18542431c1057f493f473f0521edf598a9b520ce CVE-2015-7973 - Deja Vu: Replay attack on authenticated broadcast mode CVE-2015-7974 - Skeleton Key: Missing key check allows impersonation between authenticated peers CVE-2015-7975 - nextvar() missing length check CVE-2015-7976 - ntpq saveconfig command allows dangerous characters in filenames CVE-2015-7977 - reslist NULL pointer dereference CVE-2015-7978 - Stack exhaustion in recursive traversal of restriction list CVE-2015-7979 - Off-path Denial of Service (DoS) attack on authenticated broadcast mode CVE-2015-8137 - origin: Zero Origin Timestamp Bypass CVE-2015-8158 - Potential Infinite Loop in ntpq Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-01-08T17:31:04+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-08T11:09:15+00:00 urn:sha1:513c314dc35ab0f976aaad12aeb5b34be2e55494 Fixes: CVE-2015-5300 - MITM attacker can force ntpd to make a step larger than the panic threshold. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-22T21:44:18+00:00 James Knight james.knight@rockwellcollins.com 2015-10-22T00:08:11+00:00 urn:sha1:73b193f840a9790f2438c02853f9be8738b7fb50 Signed-off-by: James Knight <james.knight@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-19T22:19:36+00:00 James Knight james.knight@rockwellcollins.com 2015-10-14T23:45:33+00:00 urn:sha1:1c6629444dab52649b17a73dbd978c959f7d6b3c Allow the `ntptime` utility to be included on a target. [Peter: add comment why AUTORECONF is needed] Signed-off-by: James Knight <james.knight@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-03T22:56:41+00:00 Maxime Hadjinlian maxime.hadjinlian@gmail.com 2015-10-03T21:29:57+00:00 urn:sha1:0f75b2635ee564fbbdb9ea631cf39fa8731d6d6c 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-07-13T16:44:45+00:00 Gergely Imreh imrehg@gmail.com 2015-05-20T03:44:17+00:00 urn:sha1:d057715d5856b5c0d017db8e55a33424cf97953e To protect agains 1 falsticker NTP server, the client needs to connect to at least 4 servers. Source: http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers 5.3.3. Upstream Time Server Quantity Signed-off-by: Gergely Imreh <imrehg@gmail.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-07-06T12:20:30+00:00 Peter Korsgaard peter@korsgaard.com 2015-07-06T12:20:30+00:00 urn:sha1:1f2bb5504fdf6fb61823463271a0efcf783a5866 Now that NTP_PATCH_FIXUPS is gone. Reported-by: Danomi Manchego <danomimanchego123@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-07-06T07:54:51+00:00 Peter Korsgaard peter@korsgaard.com 2015-07-06T07:54:51+00:00 urn:sha1:0cbe4bc52d5f1cea7d2c085e40f948a5a78183b9 refclock_pcf.c contains code using the tm_gmtoff member of struct tm, which is only available on uClibc if it is built with __UCLIBC_HAS_TM_EXTENSIONS__. This change date back to: commit 7129da009cc72575a84a30c4587bd99f745c49d4 Author: Eric Andersen <andersen@codepoet.org> Date: Sat Jan 18 21:27:22 2003 +0000 Merge a bunch of stuff over from the tuxscreen buildroot, with many updates to make things be more consistant. -Erik But nowadays our uClibc configs DO enable __UCLIBC_HAS_TM_EXTENSIONS__, so it is no longer needed and can be dropped. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-07-06T07:53:38+00:00 Danomi Manchego danomimanchego123@gmail.com 2015-07-05T20:52:25+00:00 urn:sha1:7917152f1353d670f5ada4a2f68397c339106d2c Drop sed line which no longer changes anything as upstream has changed to use strrchr. Worse, it bumps each ntpd/*.c file's modification time, which sometimes triggers a strange dependency path causing the makefile to attempt to run the ntpd keyword-gen app, which fails, because it's been cross-compiled. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>