Search

Home

Sort by

Full Search
Definition
Symbol
File Path
History
Type

In Project(s)

Searched hist:2892 (Results 1 - 25 of 189) sorted by relevance

12 3 4 5 6 7 8

/netbsd-current/external/bsd/ntp/dist/sntp/libevent/build-aux/

H A D missing diff 1.1.1.3 Sun May 01 15:51:36 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:51:36 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D ltmain.sh diff 1.1.1.4 Sun May 01 15:51:34 MDT 2016 christos branches: 1.1.1.4.2; 1.1.1.4.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.4 Sun May 01 15:51:34 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D depcomp diff 1.1.1.3 Sun May 01 15:51:36 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:51:36 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D install-sh diff 1.1.1.3 Sun May 01 15:51:43 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:51:43 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D compile diff 1.1.1.3 Sun May 01 15:51:36 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:51:36 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D ylwrap diff 1.1.1.3 Sun May 01 15:51:43 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:51:43 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D config.sub diff 1.1.1.3 Sun May 01 15:51:38 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

/netbsd-current/external/bsd/ntp/dist/sntp/libevent/m4/

H A D libtool.m4 diff 1.1.1.3 Sun May 01 15:52:14 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:52:14 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D ltoptions.m4 diff 1.1.1.3 Sun May 01 15:51:45 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:51:45 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D ltsugar.m4 diff 1.1.1.3 Sun May 01 15:52:14 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:52:14 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D ltversion.m4 diff 1.1.1.4 Sun May 01 15:51:45 MDT 2016 christos branches: 1.1.1.4.2; 1.1.1.4.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.4 Sun May 01 15:51:45 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D lt~obsolete.m4 diff 1.1.1.3 Sun May 01 15:52:14 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:52:14 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

/netbsd-current/external/bsd/ntp/dist/sntp/m4/

H A D libtool.m4 diff 1.1.1.3 Sun May 01 15:45:44 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:45:44 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D ltoptions.m4 diff 1.1.1.3 Sun May 01 15:44:56 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:44:56 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D lt~obsolete.m4 diff 1.1.1.3 Sun May 01 15:45:01 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:45:01 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D ltsugar.m4 diff 1.1.1.3 Sun May 01 15:44:51 MDT 2016 christos branches: 1.1.1.3.2; 1.1.1.3.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:44:51 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D ltversion.m4 diff 1.1.1.4 Sun May 01 15:44:53 MDT 2016 christos branches: 1.1.1.4.2; 1.1.1.4.4; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.4 Sun May 01 15:44:53 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

/netbsd-current/external/bsd/ntp/dist/

H A D README.pullrequests 1.1.1.1 Sun May 01 09:13:56 MDT 2016 christos branches: 1.1.1.1.2; 1.1.1.1.4; 1.1.1.1.6; 1.1.1.1.8; 1.1.1.1.10; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

/netbsd-current/external/bsd/ntp/dist/html/

H A D xleave.html diff 1.1.1.4 Sun May 01 09:22:41 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

H A D monopt.html diff 1.1.1.4 Sun May 01 15:57:23 MDT 2016 christos branches: 1.1.1.4.8; 1.1.1.4.14; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.4 Sun May 01 09:22:47 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

/netbsd-current/external/bsd/ntp/dist/ntpd/

H A D ntp.keys.def diff 1.1.1.3 Sun May 01 15:57:23 MDT 2016 christos branches: 1.1.1.3.8; 1.1.1.3.14; --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. --- diff 1.1.1.3 Sun May 01 15:31:47 MDT 2016 christos --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn. ---

/netbsd-current/sys/dev/scsipi/

H A D

scsiconf.h

Error! Full Search Definition Symbol File Path History Type In Project(s) There was an error! Failed to get history for: "/usr/local/opengrok/src/netbsd-current/sys/dev/scsipi/scsiconf.h" Exit code: 1 org.opensolaris.opengrok.history.HistoryException: Failed to get history for: "/usr/local/opengrok/src/netbsd-current/sys/dev/scsipi/scsiconf.h" Exit code: 1 at org.opensolaris.opengrok.history.CVSHistoryParser.parse(CVSHistoryParser.java:166) at org.opensolaris.opengrok.history.CVSRepository.getHistory(CVSRepository.java:262) at org.opensolaris.opengrok.history.FileHistoryCache.get(FileHistoryCache.java:496) at org.opensolaris.opengrok.history.HistoryGuru.getHistory(HistoryGuru.java:230) at org.opensolaris.opengrok.history.HistoryGuru.getHistory(HistoryGuru.java:186) at org.opensolaris.opengrok.search.context.HistoryContext.getContext(HistoryContext.java:109) at org.opensolaris.opengrok.search.Results.prettyPrint(Results.java:199) at org.apache.jsp.search_jsp._jspService(search_jsp.java:680) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:71) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:477) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:165) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:1025) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:451) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1201) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:654) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:319) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:750) Indexes created Sat Sep 07 21:54:46 MDT 2024

asus-wl-520gu-7.0.1.45
asuswrt-rt-n18u-9.0.0.4.380.2695
barrelfish-2018-10-04
barrelfish-master
broadcom-cfe-1.4.2
darwin-on-arm
freebsd-10-stable
freebsd-10.0-release
freebsd-10.1-release
freebsd-10.2-release
freebsd-10.3-release
freebsd-11-stable
freebsd-11.0-release
freebsd-12-stable
freebsd-13-stable
freebsd-9.3-release
freebsd-current
fuchsia
haiku
haiku-buildtools
haiku-fatelf
haikuporter
haikuports
linux-master
macosx-10.10
macosx-10.10.1
macosx-10.5.8
macosx-10.9.5
netbsd-6-1-5-RELEASE
netbsd-current
netgear-R7000-V1.0.7.12_1.2.5
netgear-R7800-V1.0.2.28
netgear-WNDR4500-V1.0.1.40_1.0.68
netgear-WNDR4500v2-V1.0.0.60_1.0.38
openbsd-current
openjdk10
openjdk9
opensolaris-onvv-gate
openwrt
seL4-camkes-master
seL4-l4v-10.1.1
seL4-l4v-master
seL4-mcs-10.1.1
seL4-refos-master
seL4-test-master
u-boot
xnu-2422.115.4
xnu-2782.1.97

asus-wl-520gu-7.0.1.45
asuswrt-rt-n18u-9.0.0.4.380.2695
barrelfish-2018-10-04
barrelfish-master
broadcom-cfe-1.4.2
darwin-on-arm
freebsd-10-stable
freebsd-10.0-release
freebsd-10.1-release
freebsd-10.2-release
freebsd-10.3-release
freebsd-11-stable
freebsd-11.0-release
freebsd-12-stable
freebsd-13-stable
freebsd-9.3-release
freebsd-current
fuchsia
haiku
haiku-buildtools
haiku-fatelf
haikuporter
haikuports
linux-master
macosx-10.10
macosx-10.10.1
macosx-10.5.8
macosx-10.9.5
netbsd-6-1-5-RELEASE
netbsd-current
netgear-R7000-V1.0.7.12_1.2.5
netgear-R7800-V1.0.2.28
netgear-WNDR4500-V1.0.1.40_1.0.68
netgear-WNDR4500v2-V1.0.0.60_1.0.38
openbsd-current
openjdk10
openjdk9
opensolaris-onvv-gate
openwrt
seL4-camkes-master
seL4-l4v-10.1.1
seL4-l4v-master
seL4-mcs-10.1.1
seL4-refos-master
seL4-test-master
u-boot
xnu-2422.115.4
xnu-2782.1.97