Fixes:
CVE-2016-1567: Impersonation between authenticated peers.
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
With the new version, documentation is not generated part of the main
build. This removes the need to alter the Makefile to remove the invoke
on the `chrony.txt` target. Cleanup also explicitly disabling seccomp
(since its experimental) and tomcrypt (Buildroot does not have
libtomcrypt at this time).
[Thomas: use tabs for indentation in the definition of
CHRONY_CONF_OPTS.]
Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Otherwise the link would appear broken in output/target it's not that
big a deal but at least it's coherent with what we already have.
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
systemd has its own NTP daemon, which must be disabled before
starting chrony. Possible (but unlikely) conflict with openntpd
is not marked in either package.
Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Now that IPv6 is mandatory remove package dependencies and conditionals
for it.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk:
$(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE))
so it is redundant.
This patch removes it from $(PKG)_SITE variable for BR consistency.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2014-0021: Amplification in chrony control protocol
In the chrony control protocol some replies are significantly larger than
their requests, which allows an attacker to use it in an amplification
attack. With hosts allowed by cmdallow (only localhost by default) the
maximum amplification factor is 9.2. Hosts that are not allowed receive a
small reply with error status, which allows amplification of up to 1.5.
To fix the problem, the protocol has been modified to require padding in the
request packet, so replies are never larger than their requests. Also,
chronyd no longer sends replies with error status to hosts that are not
allowed by cmdallow.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>