Revision tags: ntp-4-2-8p14
|
#
1.1.1.10 |
|
25-May-2020 |
christos |
(4.2.8p14) 2020/03/03 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3610] process_control() should bail earlier on short packets. stenn@ - Reported by Philippe Antoine * [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org> - Reported by Miroslav Lichvar * [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org> - Reported by Miroslav Lichvar * [Bug 3637] Emit the version of ntpd in saveconfig. stenn@ * [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org> * [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org> * [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@ * [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org> * [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org> - integrated patch by Cy Schubert * [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org> - applied patch by Gerry Garvey * [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org> - applied patch by Gerry Garvey * [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@ntp.org> - integrated patch by Richard Steedman * [Bug 3615] accelerate refclock startup <perlinger@ntp.org> * [Bug 3613] Propagate noselect to mobilized pool servers <stenn@ntp.org> - Reported by Martin Burnicki * [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org> - Reported by Philippe Antoine * [Bug 3611] NMEA time interpreted incorrectly <perlinger@ntp.org> - officially document new "trust date" mode bit for NMEA driver - restore the (previously undocumented) "trust date" feature lost with [bug 3577] * [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org> - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter' * [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org> - removed ffs() and fls() prototypes as per Brian Utterback * [Bug 3604] Wrong param byte order passing into record_raw_stats() in ntp_io.c <perlinger@ntp.org> - fixed byte and paramter order as suggested by wei6410@sina.com * [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@ntp.org> * [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org> - added padding as suggested by John Paul Adrian Glaubitz * [Bug 3594] ntpd discards messages coming through nmead <perlinger@ntp.org> * [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@ntp.org> * [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@ntp.org> * [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org> - stdout+stderr are set to line buffered during test setup now * [Bug 3583] synchronization error <perlinger@ntp.org> - set clock to base date if system time is before that limit * [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@ntp.org> * [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org> - Reported by Paulo Neves * [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@ntp.org> - also updates for refclock_nmea.c and refclock_jupiter.c * [Bug 3576] New GPS date function API <perlinger@ntp.org> * [Bug 3573] nptdate: missleading error message <perlinger@ntp.org> * [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@ntp.org> * [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@ntp.org> - sidekick: service port resolution in 'ntpdate' * [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@ntp.org> - applied patch by Douglas Royds * [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@ntp.org> * [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@ntp.org> - applied patch by Gerry Garvey * [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org> - try to harden 'decodenetnum()' against 'getaddrinfo()' errors - fix wrong cond-compile tests in unit tests * [Bug 3517] Reducing build noise <perlinger@ntp.org> * [Bug 3516] Require tooling from this decade <perlinger@ntp.org> - patch by Philipp Prindeville * [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@ntp.org> - patch by Philipp Prindeville * [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@ntp.org> - patch by Philipp Prindeville * [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@ntp.org> - partial application of patch by Philipp Prindeville * [Bug 3491] Signed values of LFP datatypes should always display a sign - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org> * [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@ntp.org> - applied (modified) patch by Richard Steedman * [Bug 3473] RefID of refclocks should always be text format <perlinger@ntp.org> - applied patch by Gerry Garvey (with minor formatting changes) * [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@ntp.org> - applied patch by Miroslav Lichvar * [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network <perlinger@ntp.org> * [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user is specified with -u <perlinger@ntp.org> - monitor daemon child startup & propagate exit codes * [Bug 1433] runtime check whether the kernel really supports capabilities - (modified) patch by Kurt Roeckx <perlinger@ntp.org> * Clean up sntp/networking.c:sendpkt() error message. <stenn@ntp.org> * Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org> * Startup log improvements. <stenn@ntp.org> * Update the copyright year. * html/confopt.html: cleanup. <stenn@ntp.org>
--- (4.2.8p13) 2019/03/07 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3565] Crafted null dereference attack in authenticated mode 6 packet <perlinger@ntp.org> - reported by Magnus Stubman * [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org> - applied patch by Ian Lepore * [Bug 3558] Crash and integer size bug <perlinger@ntp.org> - isolate and fix linux/windows specific code issue * [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org> - provide better function for incremental string formatting * [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org> - applied patch by Gerry Garvey * [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org> - original finding by Gerry Garvey, additional cleanup needed * [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org> - patch by Christous Zoulas * [Bug 3548] Signature not verified on windows system <perlinger@ntp.org> - finding by Chen Jiabin, plus another one by me * [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org> - applied patch by Maciej Szmigiero * [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org> - applied patch by Andre Charbonneau * [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org> - applied patch by Baruch Siach * [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org> - applied patch by Baruch Siach * [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org> - refactored handling of GPS era based on 'tos basedate' for parse (TSIP) and JUPITER clocks * [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org> - patch by Daniel J. Luke; this does not fix a potential linker regression issue on MacOS. * [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet anomaly <perlinger@ntp.org>, reported by GGarvey. - --enable-bug3527-fix support by HStenn * [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org> - applied patch by Gerry Garvey * [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org> - added missing check, reported by Reinhard Max <perlinger@ntp.org> * [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64 - this is a variant of [bug 3558] and should be fixed with it * Implement --disable-signalled-io
|
Revision tags: phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-8-2-RELEASE netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 netbsd-8-1-RELEASE netbsd-8-1-RC1 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 ntp-4-2-8p12 pgoyette-compat-0906 pgoyette-compat-0728 netbsd-8-0-RELEASE phil-wifi-base pgoyette-compat-0625 netbsd-8-0-RC2 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 ntp-4-2-8p11 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 ntp-4-2-8p10 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 ntp-4-2-8p9
|
#
1.1.1.9 |
|
22-Nov-2016 |
christos |
(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3119] Trap crash <perlinger@ntp.org> * [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org> - TRAP config via mode 6 packet requires AUTH now. * [Sec 3114] Broadcast Mode Replay Prevention DoS - applied patches by Matthew Van Gundy. <perlinger@ntp.org> - with bcpollbstep, tweaks and cleanup by stenn@ntp.org * [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org> - applied fix as suggested by Matthew Van Gundy * [Sec 3110] Windows: ntpd DoS by oversized UDP packet - fixed error handling for truncated UDP packets. <perlinger@ntp.org> * [Sec 3102] Zero origin issues. HStenn. * [Sec 3082] null pointer dereference in _IO_str_init_static_internal() - more hardening to read_mru_list(). perlinger@ntp.org * [Sec 3072] Attack on interface selection <perlinger@ntp.org> - implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion to skip interface updates based on incoming packets * [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org> * [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org * [Bug 3129] Unknown hosts can put resolver thread into a hard loop - moved retry decision where it belongs. <perlinger@ntp.org> * [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order using the loopback-ppsapi-provider.dll <perlinger@ntp.org> * [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org> * [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org> - fixed extended sysvar lookup (bug introduced with bug 3008 fix) * [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org> - applied patches by Kurt Roeckx <kurt@roeckx.be> to source - added shim layer for SSL API calls with issues (both directions) * [Bug 3089] Serial Parser does not work anymore for hopfser like device - simplified / refactored hex-decoding in driver. <perlinger@ntp.org> * [Bug 3084] update-leap mis-parses the leapfile name. HStenn. * [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com> * [Bug 3067] Root distance calculation needs improvement. HStenn. * [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org - PPS-HACK works again. * [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org> - applied patch by Brian Utterback <brian.utterback@oracle.com> * [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White. * [Bug 3050] Fix for bug #2960 causes [...] spurious error message. <perlinger@ntp.org> - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no> * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org - Patch provided by Kuramatsu. * [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org> - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()' * [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing. DMayer and JPerlinger. * [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger * [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn. * [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org> - fixed GPS week expansion to work based on build date. Special thanks to Craig Leres for initial patch and testing. * [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd' - fixed Makefile.am <perlinger@ntp.org> * [Bug 2689] ATOM driver processes last PPS pulse at startup, even if it is very old <perlinger@ntp.org> - make sure PPS source is alive before processing samples - improve stability close to the 500ms phase jump (phase gate) * Fix typos in include/ntp.h. * Shim X509_get_signature_nid() if needed. * git author attribution cleanup * bk ignore file cleanup * remove locks in Windows IO, use rpc-like thread synchronisation instead
|
Revision tags: pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base ntp-4-2-8p8 ntp-4-2-8p7
|
#
1.1.1.8 |
|
01-May-2016 |
christos |
branches: 1.1.1.8.2; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn.
--- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn.
---
|
Revision tags: ntp-4-2-8p5
|
#
1.1.1.7 |
|
08-Jan-2016 |
christos |
Import ntp 4.2.8p5
|
Revision tags: ntp-4-2-8p4
|
#
1.1.1.6 |
|
23-Oct-2015 |
christos |
Import ntp 4.2.8p4
|
Revision tags: ntp-4-2-8p3
|
#
1.1.1.5 |
|
10-Jul-2015 |
christos |
Import ntp 4.2.8p3
|
Revision tags: ntp-4-2-8p2 ntp-4-2-8
|
#
1.1.1.4 |
|
19-Dec-2014 |
christos |
branches: 1.1.1.4.2; 1.1.1.4.4; 1.1.1.4.6; Import ntp 4.2.8
|
Revision tags: netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 ntp-2-4-7p404 tls-maxphys-base
|
#
1.1.1.3 |
|
27-Dec-2013 |
christos |
branches: 1.1.1.3.4; import devel ntpd to avoid amplification attacks.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base ntp-4-2-6p5
|
#
1.1.1.2 |
|
31-Jan-2012 |
kardel |
branches: 1.1.1.2.2; 1.1.1.2.6; 1.1.1.2.8; 1.1.1.2.16; Import ntp 4.2.6p5
|
Revision tags: yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231 matt-premerge-20091211 ntp-4-2-6
|
#
1.1.1.1 |
|
13-Dec-2009 |
kardel |
branches: 1.1.1.1.6; Import ntp 4.2.6
|
Revision tags: ntp-4-2-8p9
|
#
1.1.1.9 |
|
21-Nov-2016 |
christos |
(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3119] Trap crash <perlinger@ntp.org> * [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org> - TRAP config via mode 6 packet requires AUTH now. * [Sec 3114] Broadcast Mode Replay Prevention DoS - applied patches by Matthew Van Gundy. <perlinger@ntp.org> - with bcpollbstep, tweaks and cleanup by stenn@ntp.org * [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org> - applied fix as suggested by Matthew Van Gundy * [Sec 3110] Windows: ntpd DoS by oversized UDP packet - fixed error handling for truncated UDP packets. <perlinger@ntp.org> * [Sec 3102] Zero origin issues. HStenn. * [Sec 3082] null pointer dereference in _IO_str_init_static_internal() - more hardening to read_mru_list(). perlinger@ntp.org * [Sec 3072] Attack on interface selection <perlinger@ntp.org> - implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion to skip interface updates based on incoming packets * [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org> * [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org * [Bug 3129] Unknown hosts can put resolver thread into a hard loop - moved retry decision where it belongs. <perlinger@ntp.org> * [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order using the loopback-ppsapi-provider.dll <perlinger@ntp.org> * [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org> * [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org> - fixed extended sysvar lookup (bug introduced with bug 3008 fix) * [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org> - applied patches by Kurt Roeckx <kurt@roeckx.be> to source - added shim layer for SSL API calls with issues (both directions) * [Bug 3089] Serial Parser does not work anymore for hopfser like device - simplified / refactored hex-decoding in driver. <perlinger@ntp.org> * [Bug 3084] update-leap mis-parses the leapfile name. HStenn. * [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com> * [Bug 3067] Root distance calculation needs improvement. HStenn. * [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org - PPS-HACK works again. * [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org> - applied patch by Brian Utterback <brian.utterback@oracle.com> * [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White. * [Bug 3050] Fix for bug #2960 causes [...] spurious error message. <perlinger@ntp.org> - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no> * [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org - Patch provided by Kuramatsu. * [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org> - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()' * [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing. DMayer and JPerlinger. * [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger * [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn. * [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org> - fixed GPS week expansion to work based on build date. Special thanks to Craig Leres for initial patch and testing. * [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd' - fixed Makefile.am <perlinger@ntp.org> * [Bug 2689] ATOM driver processes last PPS pulse at startup, even if it is very old <perlinger@ntp.org> - make sure PPS source is alive before processing samples - improve stability close to the 500ms phase jump (phase gate) * Fix typos in include/ntp.h. * Shim X509_get_signature_nid() if needed. * git author attribution cleanup * bk ignore file cleanup * remove locks in Windows IO, use rpc-like thread synchronisation instead
|
Revision tags: pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base ntp-4-2-8p8 ntp-4-2-8p7
|
#
1.1.1.8 |
|
01-May-2016 |
christos |
--- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn.
--- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn.
---
|
Revision tags: ntp-4-2-8p5
|
#
1.1.1.7 |
|
08-Jan-2016 |
christos |
Import ntp 4.2.8p5
|
Revision tags: ntp-4-2-8p4
|
#
1.1.1.6 |
|
23-Oct-2015 |
christos |
Import ntp 4.2.8p4
|
Revision tags: ntp-4-2-8p3
|
#
1.1.1.5 |
|
10-Jul-2015 |
christos |
Import ntp 4.2.8p3
|
Revision tags: ntp-4-2-8p2 ntp-4-2-8
|
#
1.1.1.4 |
|
19-Dec-2014 |
christos |
branches: 1.1.1.4.2; 1.1.1.4.4; 1.1.1.4.6; Import ntp 4.2.8
|
Revision tags: netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 ntp-2-4-7p404 tls-maxphys-base
|
#
1.1.1.3 |
|
27-Dec-2013 |
christos |
branches: 1.1.1.3.4; import devel ntpd to avoid amplification attacks.
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base ntp-4-2-6p5
|
#
1.1.1.2 |
|
31-Jan-2012 |
kardel |
branches: 1.1.1.2.2; 1.1.1.2.6; 1.1.1.2.8; 1.1.1.2.16; Import ntp 4.2.6p5
|
Revision tags: yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231 matt-premerge-20091211 ntp-4-2-6
|
#
1.1.1.1 |
|
13-Dec-2009 |
kardel |
branches: 1.1.1.1.6; Import ntp 4.2.6
|