#
611b30b4 |
| 07-Apr-2018 |
christos <christos@NetBSD.org> |
---
* [Sec 3454] Unauthenticated packet can reset authenticated interleave associations. HStenn. * [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn. * [Sec 3415] Permi
---
* [Sec 3454] Unauthenticated packet can reset authenticated interleave associations. HStenn. * [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn. * [Sec 3415] Permit blocking authenticated symmetric/passive associations. Implement ippeerlimit. HStenn, JPerlinger. * [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits - initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org> * [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org> * [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger. * [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org> * [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org> - applied patch by Sean Haugh * [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org> * [Bug 3450] Dubious error messages from plausibility checks in get_systime() - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org> * [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org> - refactoring the MAC code, too * [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org * [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org> - applied patch by ggarvey * [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org> - applied patch by ggarvey (with minor mods) * [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org> * [Bug 3435] anchor NTP era alignment <perlinger@ntp.org> * [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org> * [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" - fixed several issues with hash algos in ntpd, sntp, ntpq, ntpdc and the test suites <perlinger@ntp.org> * [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org> - initial patch by Daniel Pouzzner * [Bug 3423] QNX adjtime() implementation error checking is wrong <perlinger@ntp.org> * [Bug 3417] ntpq ifstats packet counters can be negative made IFSTATS counter quantities unsigned <perlinger@ntp.org> * [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10 - raised receive buffer size to 1200 <perlinger@ntp.org> * [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static analysis tool. <abe@ntp.org> * [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath. * [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org> - fix/drop assumptions on OpenSSL libs directory layout * [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation - initial patch by timeflies@mail2tor.com <perlinger@ntp.org> * [Bug 3398] tests fail with core dump <perlinger@ntp.org> - patch contributed by Alexander Bluhm * [Bug 3397] ctl_putstr() asserts that data fits in its buffer rework of formatting & data transfer stuff in 'ntp_control.c' avoids unecessary buffers and size limitations. <perlinger@ntp.org> * [Bug 3394] Leap second deletion does not work on ntpd clients - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org> * [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size - increased mimimum stack size to 32kB <perlinger@ntp.org> * [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org> - reverted handling of PPS kernel consumer to 4.2.6 behavior * [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org> * [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn. * [Bug 3016] wrong error position reported for bad ":config pool" - fixed location counter & ntpq output <perlinger@ntp.org> * [Bug 2900] libntp build order problem. HStenn. * [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org> * [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net, perlinger@ntp.org * [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp. * [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org> * Use strlcpy() to copy strings, not memcpy(). HStenn. * Typos. HStenn. * test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn. * refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn. * Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org * Fix trivial warnings from 'make check'. perlinger@ntp.org * Fix bug in the override portion of the compiler hardening macro. HStenn. * record_raw_stats(): Log entire packet. Log writes. HStenn. * AES-128-CMAC support. BInglis, HStenn, JPerlinger. * sntp: tweak key file logging. HStenn. * sntp: pkt_output(): Improve debug output. HStenn. * update-leap: updates from Paul McMath. * When using pkg-config, report --modversion. HStenn. * Clean up libevent configure checks. HStenn. * sntp: show the IP of who sent us a crypto-NAK. HStenn. * Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger. * authistrustedip() - use it in more places. HStenn, JPerlinger. * New sysstats: sys_lamport, sys_tsrounding. HStenn. * Update ntp.keys .../N documentation. HStenn. * Distribute testconf.yml. HStenn. * Add DPRINTF(2,...) lines to receive() for packet drops. HStenn. * Rename the configuration flag fifo variables. HStenn. * Improve saveconfig output. HStenn. * Decode restrict flags on receive() debug output. HStenn. * Decode interface flags on receive() debug output. HStenn. * Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn. * Update the documentation in ntp.conf.def . HStenn. * restrictions() must return restrict flags and ippeerlimit. HStenn. * Update ntpq peer documentation to describe the 'p' type. HStenn. * Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn. * Provide dump_restricts() for debugging. HStenn. * Use consistent 4th arg type for [gs]etsockopt. JPerlinger. * Some tests might need LIBM. HStenn. * update-leap: Allow -h/--help early. HStenn.
show more ...
|
#
5c58df45 |
| 01-May-2016 |
christos <christos@NetBSD.org> |
--- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted
--- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn.
--- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn.
---
show more ...
|