ntpsec-1.2.3-bp160.1.39

- Updat to version 1.2.3
  * Change mode6 alignment to four, which may break some
    compatibility with classic NTP.
  * Seccomp should now also yield invalid syscall names when dying.
  * Make ntpq stop dropping output timestamp leading zeroes.
  * Update documents in quite a few places.
  * Reset some stats hourly, even when not logged into files.
  * Add error logging, and stats for ms-sntp.
  * Add spacing between multiple peer views in ntpq.
  * We think we have fixed ms-sntp but we can’t test it.
  * ntpd and ntpq both treat SHA-1 as an alias for SHA1 NIST
    uses SHA-1. The crypto package from OpenSSL uses SHA1.
  * The default crypto type for ntpq is now AES. RFC 8573
    deprecated MD5.
  * There are now log files with hourly statistics for NTS and
    NTS-KE traffic: filegen ntsstats and filegen ntskestats,
  * Update ntpsnmpd to use python built-in to get uname information.
  * Update license file names for REUSE compliance.
  * Fix ntploggps issue where count_used_satellites checked before
    it is initialized.
  * Print out OpenSSL version at configure time.
  * Enable debug symbols by default, with only an option to disable.
  * Add support for ecdhcurves list.
  * Fix ntpdig crash when using 2.ntp.pool.org with a host without
    IPv6 support.
  * Do not install libaes_siv test anymore.
  * Add update option to buildprep.
  * ntpdig shows packet delay in JSON output.

- Use %patch -P N instead of deprecated %patchN.

- update to 1.2.2a (bsc#1214024, CVE-2023-4012):
  * Fix a crash in ntpd if NTS is disabled and an NTS-enabled
    client request (mode 3) is received. (CVE-2023-4012)

- Updated to version 1.2.2
  - Restore/cleanup NTPv1 support
  - ntpq sysstats now shows NTPv1 traffic.
  - NTPv1 counter added to sysstats log file.
  - NTS supports partial wildcards, for example *.example.com
  - Work on documentation, ntpdate, ntpheat, ntploggpg, ntpq's sysstats, ntpviz, and seccomp.
  - NTP auth no longer breaks on NULs.
  - The NTS server now saves 10 days worth of cookie keys. This will allow clients that only poll once a day to use NTS without using NTS-KE to keep cookies up to date.
  - rawstats now logs dropped packets and their BOGON code
  - Only one per request to avoid DoSing the log file
  - This lets you see packets that take too long.
  - Add 4 or 6 to DNS/NTS RefID tags to indicate that the DNS or NTS-KE has succeeded but NTP has not worked yet.
  - Build improvements
  - Restore Python 2.6 support
  - Restore LibreSSL support
  - Add support for OpenSSL 3.0
  - Fix hash validation in ntpleapfetch again.
  - FreeBSD now gets nanosecond resolution on receive time stamps.
- added ntpsec.keyring

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_ntp-wait.service.patch
  * harden_ntpd.service.patch
  * harden_ntplogtemp.service.patch
  * harden_ntpviz-daily.service.patch
  * harden_ntpviz-weekly.service.patch

- Update to version 1.2.1
  * Update ntpkeygen/keygone to properly filter # characters.
    Fix security issue: CVE-2021-22212
  * Add dextral peers mode in ntpq and ntpmon.
  * Drop NTPv1 as the support was not RFC compliant, maybe v2
    except mode 6 next.
  * Fix argument P for ntpd parsing fixed and ntpdate improvements.
  * Fix crash for raw ntpq readvar.
  * Add processor usage to NTS-KE logging except on NetBSD.
  * Remove --build-epoch and replace it with arbitrary
  - -build-desc text. Passing
    '--build-desc=$(date -u +%Y-%m-%dT%H:%M:%Sz)' restores the
    previous default extended version.
  * The build epoch has been replaced with a hardcoded timestamp
    which will be manually updated every nine years or so
    (approx 512w). This makes the binaries reproducible by default.
  * Compare versions of ntp.ntpc and libntpc printing a warning
    if mismatched. Fix libntpc install path if using it.
  * Reduce maxclocks default to 5 to reduce the NTP pool load.
  * Print LIBDIR during ./waf configure.
  * Add documentation, new GPG key, and other cleanups.
- Update to version 1.2.0
  * The minor version bump is to indicate official official support
    of RFC8915 "Network Time Security for the Network Time
    Protocol" which was released 2020-09-30.
  * NTS-KE client now defaults to port 4460.
  * NTS-KE server now listens on port 4460. (Listening on port 123
    has been removed.)
  * The shebang of installed Python scripts can now be customized
    with: waf configure --pyshebang="…" This has multiple uses, but
    one example is for distros (like CentOS 8 or Ubuntu 20.04) with
    no python executable: python3 waf configure
  - -pyshebang="/usr/bin/env python3"
  * NTP clients now use a shared library with Python instead of an
    extension.
  * Add flakiness option to ntpq and fixed limit=1 in mrulist.
  * Fixed a minor formatting issue in rate page.
- Create subpackages for libntpc and ntpsec-devel

- Let system-user-ntp handle the user/group generation

- Update to 1.1.9. See the NEWS.adoc file for the full list
  of changes.
  * Correctly parse ntpq :config output on Python 3 and check
    return MACs.
  * Add AES and other algorithm support to ntpq and ntpdig,
    from OpenSSL.
  * Remove support for NetInfo.
  * The default restrictions now start with noquery and limited
    to reduce the opportunities for being used for DDoS-ing.
  * NTS client now requires ALPN on TLSv1.3.
  * asciidoctor (1.5.8 or newer) is now supported and is the
    preferred AsciiDoc processor.

- Update to 1.1.8:
  * Fix bug in NTS-KE client so that NTP server names work.
  * Fix/tweak several NTS logging messages.

- Update the unit install commands wrt bsc#1153841