Subject: CVS commit: [pkgsrc-2015Q1] pkgsrc/net/chrony
From: Matthias Scheler
Date: 2015-04-15 23:13:51
Message id: 20150415211351.8B33798@cvs.netbsd.org

Log Message:
Pullup ticket #4660 - requested by hannken
net/chrony: security update

Revisions pulled up:
- net/chrony/Makefile                                           1.30
- net/chrony/distinfo                                           1.10
- net/chrony/patches/patch-Makefile.in                          1.1
- net/chrony/patches/patch-aa                                   deleted
- net/chrony/patches/patch-ab                                   deleted
- net/chrony/patches/patch-ac                                   deleted
- net/chrony/patches/patch-ad                                   deleted
- net/chrony/patches/patch-ae                                   deleted
- net/chrony/patches/patch-af                                   deleted
- net/chrony/patches/patch-ag                                   deleted
- net/chrony/patches/patch-conf.c                               1.1
- net/chrony/patches/patch-examples_chrony.conf.example         1.1
- net/chrony/patches/patch-examples_chrony.keys.example         1.1
- net/chrony/patches/patch-ntp__io.c                            1.2

---
   Module Name:    pkgsrc
   Committed By:   hannken
   Date:           Mon Apr 13 10:03:21 UTC 2015

   Modified Files:
           pkgsrc/net/chrony: Makefile distinfo
           pkgsrc/net/chrony/patches: patch-ntp__io.c
   Added Files:
           pkgsrc/net/chrony/patches: patch-Makefile.in patch-conf.c
               patch-examples_chrony.conf.example
               patch-examples_chrony.keys.example
   Removed Files:
           pkgsrc/net/chrony/patches: patch-aa patch-ab patch-ac patch-ad patch-ae
               patch-af patch-ag

   Log Message:
   Update chrony to version 1.31.1. For a full list of changes
   since 1.29 see file NEWS in the distfile.

   Security fixes since 1.29:

   * Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021)
     (incompatible with previous protocol version, chronyc supports both)
   * Protect authenticated symmetric NTP associations against DoS attacks
     (CVE-2015-1799)
   * Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821)
   * Fix initialization of reply slots for authenticated commands (CVE-2015-1822)

Files:
RevisionActionfile
1.29.14.1modifypkgsrc/net/chrony/Makefile
1.9.14.1modifypkgsrc/net/chrony/distinfo
1.1.14.1modifypkgsrc/net/chrony/patches/patch-ntp__io.c
1.1.2.2addpkgsrc/net/chrony/patches/patch-Makefile.in
1.1.2.2addpkgsrc/net/chrony/patches/patch-conf.c
1.1.2.2addpkgsrc/net/chrony/patches/patch-examples_chrony.conf.example
1.1.2.2addpkgsrc/net/chrony/patches/patch-examples_chrony.keys.example
1.5removepkgsrc/net/chrony/patches/patch-aa
1.5removepkgsrc/net/chrony/patches/patch-ab
1.5removepkgsrc/net/chrony/patches/patch-ac
1.4removepkgsrc/net/chrony/patches/patch-ad
1.5removepkgsrc/net/chrony/patches/patch-ae
1.4removepkgsrc/net/chrony/patches/patch-af
1.4removepkgsrc/net/chrony/patches/patch-ag