#
362716 |
|
28-Jun-2020 |
cy |
MFC r362568:
MFV r362565:
Update 4.2.8p14 --> 4.2.8p15
Summary: Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC keyid, eventually causing ntpd to run out of memory and fail. The CMAC cleanup from https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby the CMAC data structure was no longer completely removed.
Security: NTP Bug 3661
|
#
358659 |
|
05-Mar-2020 |
cy |
MFC r358652:
MFV r358616:
Update ntp-4.2.8p13 --> 4.2.8p14.
The advisory can be found at: http://support.ntp.org/bin/view/Main/SecurityNotice#\ March_2020_ntp_4_2_8p14_NTP_Rele
No CVEs have been documented yet.
Security: http://support.ntp.org/bin/view/Main/NtpBug3610 http://support.ntp.org/bin/view/Main/NtpBug3596 http://support.ntp.org/bin/view/Main/NtpBug3592
|
#
338530 |
|
08-Sep-2018 |
delphij |
MFC r338126: MFV r338092: ntp 4.2.8p12.
Relnotes: yes
|
#
330106 |
|
28-Feb-2018 |
delphij |
MFC r330104: MFV r330102: ntp 4.2.8p11
|
#
316068 |
|
28-Mar-2017 |
delphij |
MFC r315871: MFV r315791: ntp 4.2.8p10.
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
301247 |
|
03-Jun-2016 |
delphij |
MFV r301238:
ntp 4.2.8p8.
Security: CVE-2016-4957, CVE-2016-4953, CVE-2016-4954 Security: CVE-2016-4955, CVE-2016-4956 Security: FreeBSD-SA-16:24.ntp With hat: so
|
#
298695 |
|
27-Apr-2016 |
delphij |
MFV r298691:
ntp 4.2.8p7.
Security: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550 Security: CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518 Security: CVE-2016-2519 Security: FreeBSD-SA-16:16.ntp With hat: so
|
#
294554 |
|
22-Jan-2016 |
delphij |
MFV r294491: ntp 4.2.8p6.
Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975 Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978 Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139 Security: CVE-2015-8140, CVE-2015-8158 With hat: so
|
#
293423 |
|
08-Jan-2016 |
delphij |
MFV r293415:
ntp 4.2.8p5
Reviewed by: cy, roberto Relnotes: yes Differential Revision: https://reviews.freebsd.org/D4828
|
#
289764 |
|
22-Oct-2015 |
glebius |
MFV ntp-4.2.8p4 (r289715)
Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317 Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner Sponsored by: Nginx, Inc.
|
#
285169 |
|
05-Jul-2015 |
cy |
MFV ntp-4.2.8p3 (r284990).
Approved by: roberto, delphij Security: VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0 Security: http://bugs.ntp.org/show_bug.cgi?id=2853 Security: https://www.kb.cert.org/vuls/id/668167 Security: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
|
#
280849 |
|
30-Mar-2015 |
cy |
MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)
Thanks to roberto for providing pointers to wedge this into HEAD.
Approved by: roberto
|
#
277202 |
|
14-Jan-2015 |
hiren |
ntpd tries to bind to IPv6 interfaces in 'tentative' state and fails as IPv6 is actually disabled. Fix it by making ntpd ignore such interfaces.
Submitted by: ume Reviewed by: bz, gnn MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D1527
|
#
276814 |
|
08-Jan-2015 |
ume |
Correct comparison of IPv6 wildcard address.
MFC after: 3 days
|
#
223626 |
|
28-Jun-2011 |
bz |
Compare port numbers correctly. They are stored by SRCPORT() in host byte order, so we need to compare them as such. Properly compare IPv6 addresses as well.
This allows the, by default, 8 badaddrs slots per address family to work correctly and only print sendto() errors once.
The change is no longer applicable to any latest upstream versions.
Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 1 week
|
#
222444 |
|
29-May-2011 |
bz |
The argument to setsockopt for IP_MULTICAST_LOOP depends on operating system and is decided upon by configure and could be an u_int or a u_char. For FreeBSD it is a u_char.
For IPv6 however RFC 3493, 5.2 defines the argument to IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always use that using a second variable for the IPV6 case. This is to get rid of these error messages every 5 minutes on some systems: ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument on socket 22, addr fe80::... for multicast address ff02::101
While here also fix the copy&paste error in the log message for IPV6_MULTICAST_LOOP.
Reviewed by: roberto Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 10 days Filed as: Bug 1936 on ntp.org
|
#
200576 |
|
15-Dec-2009 |
roberto |
Merge 4.2.4p8 into contrib (r200452 & r200454).
Subversion is being difficult here so take a hammer and get it in.
MFC after: 2 weeks Security: CVE-2009-3563
|
#
199995 |
|
01-Dec-2009 |
ume |
Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn't allow bind to an anycast addeess. It does away with an annoying message.
Reviewed by: bz, roberto MFC after: 2 weeks
|
#
182007 |
|
22-Aug-2008 |
roberto |
Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commit will update usr.sbin/ntp to match this.
MFC after: 2 weeks
|
#
132452 |
|
20-Jul-2004 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r132451, which included commits to RCS files with non-trunk default branches.
|
#
132451 |
|
20-Jul-2004 |
roberto |
Virgin import of ntpd 4.2.0
|
#
106163 |
|
29-Oct-2002 |
roberto |
Virgin import of ntpd 4.1.1a
|
#
82498 |
|
29-Aug-2001 |
roberto |
Virgin import of ntpd 4.1.0
|
#
57738 |
|
03-Mar-2000 |
roberto |
Fix potential alignement problems on Alpha + IPv6.
This is done on the vendor branch to avoid spamming the tree. It has been sent to the NTP maintainers already.
Submitted by: shin
|
#
56746 |
|
28-Jan-2000 |
roberto |
Virgin import of ntpd 4.0.99b
|
#
54359 |
|
09-Dec-1999 |
roberto |
Virgin import of ntpd 4.0.98f
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
301247 |
|
03-Jun-2016 |
delphij |
MFV r301238:
ntp 4.2.8p8.
Security: CVE-2016-4957, CVE-2016-4953, CVE-2016-4954 Security: CVE-2016-4955, CVE-2016-4956 Security: FreeBSD-SA-16:24.ntp With hat: so
|
#
298695 |
|
27-Apr-2016 |
delphij |
MFV r298691:
ntp 4.2.8p7.
Security: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550 Security: CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518 Security: CVE-2016-2519 Security: FreeBSD-SA-16:16.ntp With hat: so
|
#
294554 |
|
22-Jan-2016 |
delphij |
MFV r294491: ntp 4.2.8p6.
Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975 Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978 Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139 Security: CVE-2015-8140, CVE-2015-8158 With hat: so
|
#
293423 |
|
08-Jan-2016 |
delphij |
MFV r293415:
ntp 4.2.8p5
Reviewed by: cy, roberto Relnotes: yes Differential Revision: https://reviews.freebsd.org/D4828
|
#
289764 |
|
22-Oct-2015 |
glebius |
MFV ntp-4.2.8p4 (r289715)
Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317 Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner Sponsored by: Nginx, Inc.
|
#
285169 |
|
05-Jul-2015 |
cy |
MFV ntp-4.2.8p3 (r284990).
Approved by: roberto, delphij Security: VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0 Security: http://bugs.ntp.org/show_bug.cgi?id=2853 Security: https://www.kb.cert.org/vuls/id/668167 Security: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
|
#
280849 |
|
30-Mar-2015 |
cy |
MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)
Thanks to roberto for providing pointers to wedge this into HEAD.
Approved by: roberto
|
#
277202 |
|
14-Jan-2015 |
hiren |
ntpd tries to bind to IPv6 interfaces in 'tentative' state and fails as IPv6 is actually disabled. Fix it by making ntpd ignore such interfaces.
Submitted by: ume Reviewed by: bz, gnn MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D1527
|
#
276814 |
|
08-Jan-2015 |
ume |
Correct comparison of IPv6 wildcard address.
MFC after: 3 days
|
#
223626 |
|
28-Jun-2011 |
bz |
Compare port numbers correctly. They are stored by SRCPORT() in host byte order, so we need to compare them as such. Properly compare IPv6 addresses as well.
This allows the, by default, 8 badaddrs slots per address family to work correctly and only print sendto() errors once.
The change is no longer applicable to any latest upstream versions.
Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 1 week
|
#
222444 |
|
29-May-2011 |
bz |
The argument to setsockopt for IP_MULTICAST_LOOP depends on operating system and is decided upon by configure and could be an u_int or a u_char. For FreeBSD it is a u_char.
For IPv6 however RFC 3493, 5.2 defines the argument to IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always use that using a second variable for the IPV6 case. This is to get rid of these error messages every 5 minutes on some systems: ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument on socket 22, addr fe80::... for multicast address ff02::101
While here also fix the copy&paste error in the log message for IPV6_MULTICAST_LOOP.
Reviewed by: roberto Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 10 days Filed as: Bug 1936 on ntp.org
|
#
200576 |
|
15-Dec-2009 |
roberto |
Merge 4.2.4p8 into contrib (r200452 & r200454).
Subversion is being difficult here so take a hammer and get it in.
MFC after: 2 weeks Security: CVE-2009-3563
|
#
199995 |
|
01-Dec-2009 |
ume |
Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn't allow bind to an anycast addeess. It does away with an annoying message.
Reviewed by: bz, roberto MFC after: 2 weeks
|
#
182007 |
|
22-Aug-2008 |
roberto |
Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commit will update usr.sbin/ntp to match this.
MFC after: 2 weeks
|
#
132452 |
|
20-Jul-2004 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r132451, which included commits to RCS files with non-trunk default branches.
|
#
132451 |
|
20-Jul-2004 |
roberto |
Virgin import of ntpd 4.2.0
|
#
106163 |
|
29-Oct-2002 |
roberto |
Virgin import of ntpd 4.1.1a
|
#
82498 |
|
29-Aug-2001 |
roberto |
Virgin import of ntpd 4.1.0
|
#
57738 |
|
03-Mar-2000 |
roberto |
Fix potential alignement problems on Alpha + IPv6.
This is done on the vendor branch to avoid spamming the tree. It has been sent to the NTP maintainers already.
Submitted by: shin
|
#
56746 |
|
28-Jan-2000 |
roberto |
Virgin import of ntpd 4.0.99b
|
#
54359 |
|
09-Dec-1999 |
roberto |
Virgin import of ntpd 4.0.98f
|