From c054b85192ea340529fc9a659cac7ea6b893b50e Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Sat, 20 Dec 2014 00:39:43 +0000
Subject: [PATCH] debrand ntp-4.2.6p5-19.el7_0

---
 SPECS/ntp.spec |   22 ++++++++++++++++++++--
 1 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/SPECS/ntp.spec b/SPECS/ntp.spec
index 28cd8ca..34acd21 100644
--- a/SPECS/ntp.spec
+++ b/SPECS/ntp.spec
@@ -1,7 +1,7 @@
 Summary: The NTP daemon and utilities
 Name: ntp
 Version: 4.2.6p5
-Release: 18%{?dist}
+Release: 19%{?dist}
 # primary license (COPYRIGHT) : MIT
 # ElectricFence/ (not used) : GPLv2
 # kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -89,6 +89,14 @@
 Patch20: ntp-4.2.6p5-noservres.patch
 # ntpbz #2506
 Patch21: ntp-4.2.6p5-refreshroute.patch
+# ntpbz #2666
+Patch22: ntp-4.2.6p5-cve-2014-9294.patch
+# ntpbz #2665
+Patch23: ntp-4.2.6p5-cve-2014-9293.patch
+# ntpbz #2667
+Patch24: ntp-4.2.6p5-cve-2014-9295.patch
+# ntpbz #2670
+Patch25: ntp-4.2.6p5-cve-2014-9296.patch
 
 # handle unknown clock types
 Patch50: ntpstat-0.2-clksrc.patch
@@ -198,6 +206,10 @@
 %patch19 -p1 -b .pwcipher
 %patch20 -p1 -b .noservres
 %patch21 -p1 -b .refreshroute
+%patch22 -p1 -b .cve-2014-9294
+%patch23 -p1 -b .cve-2014-9293
+%patch24 -p1 -b .cve-2014-9295
+%patch25 -p1 -b .cve-2014-9296
 
 # ntpstat patches
 %patch50 -p1 -b .clksrc
@@ -409,9 +421,15 @@
 %{ntpdocdir}/html
 
 %changelog
-* Wed Jun 18 2014 Jim Perrin <jperrin@centos.org> - 4.2.6p5-18.el7.centos
+* Fri Dec 19 2014 CentOS Sources <bugs@centos.org> - 4.2.6p5-19.el7.centos
 - rebrand vendorzone
 
+* Fri Dec 19 2014 Miroslav Lichvar <mlichvar@redhat.com> 4.2.6p5-19
+- don't generate weak control key for resolver (CVE-2014-9293)
+- don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294)
+- fix buffer overflows via specially-crafted packets (CVE-2014-9295)
+- don't mobilize passive association when authentication fails (CVE-2014-9296)
+
 * Tue Feb 11 2014 Miroslav Lichvar <mlichvar@redhat.com> 4.2.6p5-18
 - disable monitor in default ntp.conf (#1047856)
 

--
Gitblit v1.8.0