ntpsec-1.2.2a-2.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

A more secure implementation of NTP, derived from NTP Classic, Dave
Mills’s original.

Provides

• ntpsec
• config(ntpsec)
• ntp-daemon
• ntpsec(x86-64)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• config(ntpsec) = 1.2.2a-2.1
• libbsd.so.0()(64bit)
• libbsd.so.0(LIBBSD_0.0)(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.11)(64bit)
• libc.so.6(GLIBC_2.12)(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.15)(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.32)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libcap.so.2()(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libdns_sd.so.1()(64bit)
• libm.so.6()(64bit)
• libm.so.6(GLIBC_2.2.5)(64bit)
• libm.so.6(GLIBC_2.27)(64bit)
• libnss_usrfiles2
• libseccomp.so.2()(64bit)
• libssl.so.3()(64bit)
• libssl.so.3(OPENSSL_3.0.0)(64bit)
• netcfg
• ntpsec-utils
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• user(ntp)

License

BSD-2-Clause AND NTP AND BSD-3-Clause AND MIT

Changelog

* Thu Feb 22 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %patch -P N instead of deprecated %patchN.
* Sat Nov 25 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.2.2a (bsc#1214024, CVE-2023-4012):
    * Fix a crash in ntpd if NTS is disabled and an NTS-enabled
      client request (mode 3) is received. (CVE-2023-4012)
* Mon Feb 06 2023 Marcus Meissner <meissner@suse.com>
  - Updated to version 1.2.2
    - Restore/cleanup NTPv1 support
    - ntpq sysstats now shows NTPv1 traffic.
    - NTPv1 counter added to sysstats log file.
    - NTS supports partial wildcards, for example *.example.com
    - Work on documentation, ntpdate, ntpheat, ntploggpg, ntpq's sysstats, ntpviz, and seccomp.
    - NTP auth no longer breaks on NULs.
    - The NTS server now saves 10 days worth of cookie keys. This will allow clients that only poll once a day to use NTS without using NTS-KE to keep cookies up to date.
    - rawstats now logs dropped packets and their BOGON code
    - Only one per request to avoid DoSing the log file
    - This lets you see packets that take too long.
    - Add 4 or 6 to DNS/NTS RefID tags to indicate that the DNS or NTS-KE has succeeded but NTP has not worked yet.
    - Build improvements
    - Restore Python 2.6 support
    - Restore LibreSSL support
    - Add support for OpenSSL 3.0
    - Fix hash validation in ntpleapfetch again.
    - FreeBSD now gets nanosecond resolution on receive time stamps.
  - added ntpsec.keyring
* Tue Oct 12 2021 Johannes Segitz <jsegitz@suse.com>
  - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
    * harden_ntp-wait.service.patch
    * harden_ntpd.service.patch
    * harden_ntplogtemp.service.patch
    * harden_ntpviz-daily.service.patch
    * harden_ntpviz-weekly.service.patch
* Wed Jun 09 2021 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.2.1
    * Update ntpkeygen/keygone to properly filter # characters.
      Fix security issue: CVE-2021-22212
    * Add dextral peers mode in ntpq and ntpmon.
    * Drop NTPv1 as the support was not RFC compliant, maybe v2
      except mode 6 next.
    * Fix argument P for ntpd parsing fixed and ntpdate improvements.
    * Fix crash for raw ntpq readvar.
    * Add processor usage to NTS-KE logging except on NetBSD.
    * Remove --build-epoch and replace it with arbitrary
    - -build-desc text. Passing
      '--build-desc=$(date -u +%Y-%m-%dT%H:%M:%Sz)' restores the
      previous default extended version.
    * The build epoch has been replaced with a hardcoded timestamp
      which will be manually updated every nine years or so
      (approx 512w). This makes the binaries reproducible by default.
    * Compare versions of ntp.ntpc and libntpc printing a warning
      if mismatched. Fix libntpc install path if using it.
    * Reduce maxclocks default to 5 to reduce the NTP pool load.
    * Print LIBDIR during ./waf configure.
    * Add documentation, new GPG key, and other cleanups.
  - Update to version 1.2.0
    * The minor version bump is to indicate official official support
      of RFC8915 "Network Time Security for the Network Time
      Protocol" which was released 2020-09-30.
    * NTS-KE client now defaults to port 4460.
    * NTS-KE server now listens on port 4460. (Listening on port 123
      has been removed.)
    * The shebang of installed Python scripts can now be customized
      with: waf configure --pyshebang="…" This has multiple uses, but
      one example is for distros (like CentOS 8 or Ubuntu 20.04) with
      no python executable: python3 waf configure
    - -pyshebang="/usr/bin/env python3"
    * NTP clients now use a shared library with Python instead of an
      extension.
    * Add flakiness option to ntpq and fixed limit=1 in mrulist.
    * Fixed a minor formatting issue in rate page.
  - Create subpackages for libntpc and ntpsec-devel
* Fri Jan 08 2021 Martin Hauke <mardnh@gmx.de>
  - Let system-user-ntp handle the user/group generation
* Fri May 29 2020 Christophe Giboudeaux <christophe@krop.fr>
  - Update to 1.1.9. See the NEWS.adoc file for the full list
    of changes.
    * Correctly parse ntpq :config output on Python 3 and check
      return MACs.
    * Add AES and other algorithm support to ntpq and ntpdig,
      from OpenSSL.
    * Remove support for NetInfo.
    * The default restrictions now start with noquery and limited
      to reduce the opportunities for being used for DDoS-ing.
    * NTS client now requires ALPN on TLSv1.3.
    * asciidoctor (1.5.8 or newer) is now supported and is the
      preferred AsciiDoc processor.
* Mon Feb 17 2020 Tomáš Chvátal <tchvatal@suse.com>
  - Update to 1.1.8:
    * Fix bug in NTS-KE client so that NTP server names work.
    * Fix/tweak several NTS logging messages.
* Mon Oct 14 2019 Tomáš Chvátal <tchvatal@suse.com>
  - Update the unit install commands wrt bsc#1153841
* Mon Oct 14 2019 Tomáš Chvátal <tchvatal@suse.com>
  - Update to 1.1.7 bsc#1153841:
    * The numeric literal argument of the 'time1' fudge option on a clock
      can now have one or more letter suffixes that compensate for era
      rollover in a GPS device.  Each "g" adds the number of seconds in a
      1024-week (10-bit) GPS era. Each "G" adds the number of seconds in a
      8192-week (13-bit) GPS era.
    * The neoclock4x driver has been removed, due to the hardware and the
      vendor having utterly vanished from the face of the earth.
    * The NTS ALPN negotiation sequence has been modified for improved
      interoperability with other NTS implementations.
    * NTS key rotation now happens every 24 hours.  It used to rotate
      every hour to enable testing of recovery from stale cookies.
  - Remove merged patch ntpsec-1.1.6-update-waf.patch
  - Enable documentation build

Files

/etc/logrotate.d/ntp
/etc/ntp.conf
/usr/bin/ntpfrob
/usr/bin/ntpleapfetch
/usr/bin/ntptime
/usr/lib/systemd/system/ntpd.service
/usr/sbin/ntpd
/usr/sbin/rcntpd
/usr/share/doc/packages/ntpsec
/usr/share/doc/packages/ntpsec/NEWS.adoc
/usr/share/doc/packages/ntpsec/README.adoc
/usr/share/licenses/ntpsec
/usr/share/licenses/ntpsec/BSD-2
/usr/share/licenses/ntpsec/BSD-3
/usr/share/licenses/ntpsec/CC-BY-4.0
/usr/share/licenses/ntpsec/MIT
/usr/share/licenses/ntpsec/NTP
/usr/share/man/man5/ntp.conf.5.gz
/usr/share/man/man5/ntp.keys.5.gz
/usr/share/man/man8/ntpd.8.gz
/usr/share/man/man8/ntpfrob.8.gz
/usr/share/man/man8/ntpleapfetch.8.gz
/usr/share/man/man8/ntptime.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 30 23:52:28 2024