#
294554 |
|
22-Jan-2016 |
delphij |
MFV r294491: ntp 4.2.8p6.
Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975 Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978 Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139 Security: CVE-2015-8140, CVE-2015-8158 With hat: so
|
#
289764 |
|
22-Oct-2015 |
glebius |
MFV ntp-4.2.8p4 (r289715)
Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317 Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner Sponsored by: Nginx, Inc.
|
#
280849 |
|
30-Mar-2015 |
cy |
MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)
Thanks to roberto for providing pointers to wedge this into HEAD.
Approved by: roberto
|
#
276071 |
|
22-Dec-2014 |
delphij |
Fix multiple ntp vulnerabilities.
Reviewed by: roberto (earlier revision), philip Security: CVE-2014-9293, CVE-2014-9294 Security: CVE-2014-9295, CVE-2014-9296 Security: FreeBSD-SA-14:31.ntp
Differential Revision: https://reviews.freebsd.org/D1343
|
#
223667 |
|
29-Jun-2011 |
bz |
In case ntp cannot resolve a hostname on startup it will queue the entry for resolving by a child process that, upon success, will add the entry to the config of the running running parent process.
Unfortunately there are a couple of bugs with this, fixed in various later versions of upstream in potentially different ways due to other code changes:
1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving which does not work. Make sure we always pass the name (or IP there).
2) The intermediate file to carry the information to the child process does not know about -4/-6 restrictions, so that a dual-stacked host could resolve to an IPv6 address but that might be unreachable (see r223626) leading to no working synchronization ignoring a IPv4 record. Thus alter the intermediate format to also pass the address family (AF_UNSPEC (default), AF_INET or AF_INET6) to the child process depending on -4 or -6.
3) Make the child process to parse the new intermediate file format and save the address family for getaddrinfo() hints flags.
4) Change child to always reload resolv.conf calling res_init() before trying to resolve names. This will pick up resolv.conf changes or new resolv.confs should they have not existed or been empty or unusable on ntp startup. This fix is more conditional in upstream versions but given FreeBSD has res_init there is no need for the configure logic as well.
Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 9 days
|