OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.08 2016-08-07T20:57:40+00:00 2016-08-07T20:57:40+00:00 Vicente Bergas vicencb@gmail.com 2016-08-07T15:18:28+00:00 urn:sha1:a2ce4167e230415e0dbc1349112790b07e104e88 When running ntp it randomly aborts at ntp-4.2.8p8/libntp/recvbuff.c:326 which seems to be a debugging feature. This patch just disables debugging, it does not fix the root cause of the problem. Signed-off-by: Vicente Bergas <vicencb@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-07-15T11:11:06+00:00 Yugendra Sai Babu Nadupuru yugendra.sai.babu.nadupuru@rockwellcollins.com 2016-07-14T21:08:02+00:00 urn:sha1:c091ecda8743683102f9cccffa15f10b55b52ef3 In order for gpsd to work with the new version of ntpd, an enable option must be added to the configure step of ntp that allows for support of SHM clocks to be attached through shared memory. Signed-off-by: Yugendra Sai Babu Nadupuru <yugendra.sai.babu.nadupuru@rockwellcollins.com> Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-06-03T07:45:40+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-06-03T01:26:22+00:00 urn:sha1:e748e303dadf8e04a8a07777e15adbae3d99a140 Fixes: CVE-2016-4957 - Crypto-NAK crash CVE-2016-4953 - Bad authentication demobilizes ephemeral associations CVE-2016-4954 - Processing spoofed server packets CVE-2016-4955 - Autokey association reset CVE-2016-4956 - Broadcast interleave Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-05-02T15:24:10+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-05-02T12:21:22+00:00 urn:sha1:ee18216d47e3d1eb5e9f666a5f30d61d5e4bbd97 Fixes: CVE-2016-1551 - Refclock impersonation vulnerability, AKA: refclock-peering CVE-2016-1549 - Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY CVE-2016-2516 - Duplicate IPs on unconfig directives will cause an assertion botch CVE-2016-2517 - Remote configuration trustedkey/requestkey values are not properly validated CVE-2016-2518 - Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC CVE-2016-2519 - ctl_getitem() return value not always checked CVE-2016-1547 - Validate crypto-NAKs, AKA: nak-dos CVE-2016-1548 - Interleave-pivot - MITIGATION ONLY CVE-2015-7704 - KoD fix: peer associations were broken by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken CVE-2015-8138 - Zero Origin Timestamp Bypass, AKA: Additional KoD Checks CVE-2016-1550 - Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-01-20T14:44:17+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-20T13:18:48+00:00 urn:sha1:18542431c1057f493f473f0521edf598a9b520ce CVE-2015-7973 - Deja Vu: Replay attack on authenticated broadcast mode CVE-2015-7974 - Skeleton Key: Missing key check allows impersonation between authenticated peers CVE-2015-7975 - nextvar() missing length check CVE-2015-7976 - ntpq saveconfig command allows dangerous characters in filenames CVE-2015-7977 - reslist NULL pointer dereference CVE-2015-7978 - Stack exhaustion in recursive traversal of restriction list CVE-2015-7979 - Off-path Denial of Service (DoS) attack on authenticated broadcast mode CVE-2015-8137 - origin: Zero Origin Timestamp Bypass CVE-2015-8158 - Potential Infinite Loop in ntpq Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-01-08T17:31:04+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-01-08T11:09:15+00:00 urn:sha1:513c314dc35ab0f976aaad12aeb5b34be2e55494 Fixes: CVE-2015-5300 - MITM attacker can force ntpd to make a step larger than the panic threshold. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-22T21:44:18+00:00 James Knight james.knight@rockwellcollins.com 2015-10-22T00:08:11+00:00 urn:sha1:73b193f840a9790f2438c02853f9be8738b7fb50 Signed-off-by: James Knight <james.knight@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-19T22:19:36+00:00 James Knight james.knight@rockwellcollins.com 2015-10-14T23:45:33+00:00 urn:sha1:1c6629444dab52649b17a73dbd978c959f7d6b3c Allow the `ntptime` utility to be included on a target. [Peter: add comment why AUTORECONF is needed] Signed-off-by: James Knight <james.knight@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-10-03T22:56:41+00:00 Maxime Hadjinlian maxime.hadjinlian@gmail.com 2015-10-03T21:29:57+00:00 urn:sha1:0f75b2635ee564fbbdb9ea631cf39fa8731d6d6c 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2015-07-13T16:44:45+00:00 Gergely Imreh imrehg@gmail.com 2015-05-20T03:44:17+00:00 urn:sha1:d057715d5856b5c0d017db8e55a33424cf97953e To protect agains 1 falsticker NTP server, the client needs to connect to at least 4 servers. Source: http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers 5.3.3. Upstream Time Server Quantity Signed-off-by: Gergely Imreh <imrehg@gmail.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>