ntp: security bump to version 4.2.8p1

Fixes: CVE-2014-9297 - vallen is not validated in several places in ntp_crypto.c, leading to a potential information leak or possibly a crash CVE-2014-9298 - ::1 can be spoofed on some OSes (including "some versions" of Linux), so ACLs based on IPv6 ::1 addresses can be bypassed Drop a patch applied upstream, along with its accompanied AUTORECONF. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
author: Baruch Siach <baruch@tkos.co.il> 2015-02-10 14:46:37 +0200
committer: Peter Korsgaard <peter@korsgaard.com> 2015-02-11 00:35:18 +0100
commit: 67b845fcc90ddb738ca3344c2777f4f15fbc366f (patch)
tree: e09734b633a91d41761beca23ce062addd263f70 /package/ntp/ntp.hash
parent: c41229af06d759081e56ce762b63436eac786cfa (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index 1d1b907ad..8336be8dc 100644
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,2 +1,2 @@
-# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8.tar.gz.md5
-md5	6972a626be6150db8cfbd0b63d8719e7 ntp-4.2.8.tar.gz
+# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p1.tar.gz.md5
+md5	65d8cdfae4722226fbe29863477641ed ntp-4.2.8p1.tar.gz
author	Baruch Siach <baruch@tkos.co.il>	2015-02-10 14:46:37 +0200
committer	Peter Korsgaard <peter@korsgaard.com>	2015-02-11 00:35:18 +0100
commit	67b845fcc90ddb738ca3344c2777f4f15fbc366f (patch)
tree	e09734b633a91d41761beca23ce062addd263f70 /package/ntp/ntp.hash
parent	c41229af06d759081e56ce762b63436eac786cfa (diff)