pkgsrc.se | The NetBSD package collection

./net/ntp4, Network Time Protocol Version 4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2015Q2, Version: 4.2.8p3, Package name: ntp-4.2.8p3, Maintainer: pkgsrc-users

This release of the NTP Version 4 (NTPv4) daemon for Unix incorporates
new features and refinements to the NTP Version 3 (NTPv3) algorithms.
However, it continues the tradition of retaining backwards compatibility
with older versions.

Required to run:
[lang/perl5]

Package options: inet6

Master sites:

http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ (Download)

SHA1: fc624396f8d9f9bc282da30c8e8e527ade7d420f
RMD160: 86b7156d36462cfa10e57eed45805814cb7e35bd
Filesize: 6933.179 KB

Version history: (Expand)

(2015-07-12) Updated to version: ntp-4.2.8p3
(2015-07-04) Package added to pkgsrc.se, version ntp-4.2.8p2nb1 (created)

CVS history: (Expand)

2015-07-12 10:58:43 by Matthias Scheler | Files touched by this commit (3) | Package updated

Log message:
Pullup ticket #4764 - requested by taca
net/ntp4: security update

Revisions pulled up:
- net/ntp4/Makefile                                             1.87
- net/ntp4/PLIST                                                1.19
- net/ntp4/distinfo                                             1.22

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jun 30 16:08:21 UTC 2015

   Modified Files:
   	pkgsrc/net/ntp4: Makefile PLIST distinfo

   Log message:
   Update ntp4 to 4.2.8p3.

   Please refer NEWS and ChangeLog for full changes.

   NTP 4.2.8p3 (Harlan Stenn <stenn@ntp.org>, 2015/06/29)

   Focus: 1 Security fix.  Bug fixes and enhancements.  Leap-second improvements.

   Severity: MEDIUM

   Security Fix:

   * [Sec 2853] Crafted remote config packet can crash some versions of
     ntpd.  Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn.

   Under specific circumstances an attacker can send a crafted packet to
   cause a vulnerable ntpd instance to crash. This requires each of the
   following to be true:

   1) ntpd set up to allow remote configuration (not allowed by default), and
   2) knowledge of the configuration password, and
   3) access to a computer entrusted to perform remote configuration.

   This vulnerability is considered low-risk.

   New features in this release:

   Optional (disabled by default) support to have ntpd provide smeared
   leap second time.  A specially built and configured ntpd will only
   offer smeared time in response to client packets.  These response
   packets will also contain a "refid" of 254.a.b.c, where the 24 bits
   of a, b, and c encode the amount of smear in a 2:22 integer:fraction
   format.  See README.leapsmear and http://bugs.ntp.org/2855 for more
   information.

      *IF YOU CHOOSE TO CONFIGURE NTPD TO PROVIDE LEAP SMEAR TIME*
      *BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.*

   We've imported the Unity test framework, and have begun converting
   the existing google-test items to this new framework.  If you want
   to write new tests or change old ones, you'll need to have ruby
   installed.  You don't need ruby to run the test suite.