ntp: security bump to version 4.2.8p11

Fixed or improved security issues:

  CVE-2016-1549 (fixed in 4.2.8p7; this release adds protection): A
  malicious authenticated peer can create arbitrarily-many ephemeral
  associations in order to win the clock selection algorithm

  CVE-2018-7182: Buffer read overrun leads to undefined behavior and
  information leak

  CVE-2018-7170: Multiple authenticated ephemeral associations

  CVE-2018-7184: Interleaved symmetric mode cannot recover from bad
  state

  CVE-2018-7185: Unauthenticated packet can reset authenticated
  interleaved association

  CVE-2018-7183: ntpq:decodearr() can write beyond its buffer limit

Drop patch #3. libntpq_a_CFLAGS now includes NTP_HARD_CFLAGS via
AM_CFLAGS.

Add license file hash.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit da05d748057a98254a9c4fbd6afbc8ebf7e08afd)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

1 files changed, 1 insertions, 2 deletions

diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index cc363269c3..1f66ad996b 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p10
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p11
 NTP_SITE = https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
 NTP_DEPENDENCIES = host-pkgconf libevent $(if $(BR2_PACKAGE_BUSYBOX),busybox)
 NTP_LICENSE = NTP
@@ -20,7 +20,6 @@ NTP_CONF_OPTS = \
 	--disable-local-libevent
 
 # 0002-ntp-syscalls-fallback.patch
-# 0003-ntpq-fpic.patch
 NTP_AUTORECONF = YES
 
 ifeq ($(BR2_PACKAGE_LIBOPENSSL),y)