[ntp:hackers] NTP Development Snapshot 4.3.92 Released

NTP Public Services Project webmaster at ntp.org
Wed Apr 27 12:30:14 UTC 2016


NTP Development Snapshot 4.3.92 is now available for download.

Security Updates:

* [Sec 3007] Validate crypto-NAKs.  Danny Mayer.
   http://bugs.ntp.org/3007
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
  time. Include passive servers in this check. HStenn.
   http://bugs.ntp.org/2936
* [Sec 3008] Always check the return value of ctl_getitem().
  - initial work by HStenn
  - Additional cleanup of ctl_getitem by perlinger at ntp.org
   http://bugs.ntp.org/3008
* [Sec 3009] Crafted addpeer with hmode 7 causes OOB error. perlinger at ntp.org
   - added more stringent checks on packet content
   http://bugs.ntp.org/3009
* [Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.
   http://bugs.ntp.org/2901
* [Sec 3020] Refclock impersonation.  HStenn.
   http://bugs.ntp.org/3020
* [Sec 3010] remote configuration trustedkey/requestkey values
  are not properly validated. perlinger at ntp.org
  - sidekick: Ignore keys that have an unsupported MAC algorithm
    but are otherwise well-formed
   http://bugs.ntp.org/3010
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
  - graciously accept the same IP multiple times. perlinger at ntp.org
   http://bugs.ntp.org/3011
* [Sec 2978] Interleave can be partially triggered.  HStenn.
   http://bugs.ntp.org/2978
* [Sec 2945] Additional KoD packet checks.  HStenn.
   http://bugs.ntp.org/2945

Bug Fixes:

* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger at ntp.org
   http://bugs.ntp.org/2999
* [Bug 3036] autokey trips an INSIST in authistrustedip().  Harlan Stenn.
   http://bugs.ntp.org/3036
* [Bug 2858] bool support.  Use stdbool.h when available.  HStenn.
   http://bugs.ntp.org/2858
* [Bug 3022] authkeys.c should be refactored. perlinger at ntp.org
  - fixed memory leak in access list (auth[read]keys.c)
  - refactored handling of key access lists (auth[read]keys.c)
  - reduced number of error branches (authreadkeys.c)
   http://bugs.ntp.org/3022
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger at ntp.org
   http://bugs.ntp.org/3023
* [Bug 2952] Symmetric active/passive mode is broken.  HStenn.
   http://bugs.ntp.org/2952
* [Bug 2879] Improve NTP security against timing attacks. perlinger at ntp.org
  - integrated patches by Loganaden Velvidron <logan at ntp.org>
    with some modifications & unit tests
   http://bugs.ntp.org/2879
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger at ntp.org
  - Patch provided by Ch. Weisgerber
   http://bugs.ntp.org/3013
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
  - A change related to [Bug 2853] forbids trailing white space in
    remote config commands. perlinger at ntp.org
   http://bugs.ntp.org/3015
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
  - report and patch from Aleksandr Kostikov.
  - Overhaul of Windows IO completion port handling. perlinger at ntp.org
   http://bugs.ntp.org/3019
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger at ntp.org
   http://bugs.ntp.org/2994
* [Bug 2831]  Segmentation Fault in DNS lookup during startup. perlinger at ntp.org
  - fixed yet another race condition in the threaded resolver code.
   http://bugs.ntp.org/2831
* [Bug 2995] Fixes to compile on Windows
   http://bugs.ntp.org/2995
* [Bug 3030] ntpq needs a general way to specify refid output format.  HStenn.
   http://bugs.ntp.org/3030
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
             when the time of server changed. perlinger at ntp.org
  - Check the initial delay calculation and reject/unpeer the broadcast
    server if the delay exceeds 50ms. Retry again after the next
    broadcast packet.
   http://bugs.ntp.org/3031
* [Bug 2960] async name resolution fixes for chroot() environments.
  Reinhard Max.
   http://bugs.ntp.org/2960

Other Changes:

* Update html/xleave.html documentation.  Harlan Stenn.
* Update ntp.conf documentation.  Harlan Stenn.
* Fix some Credit: attributions in the NEWS file.  Harlan Stenn.
* Fix typo in html/monopt.html.  Harlan Stenn.
* Add README.pullrequests.  Harlan Stenn.
* Cleanup to include/ntp.h.  Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html.  Harlan Stenn.

Tarball:

http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.92.tar.gz 

MD5 sum:

http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.92.tar.gz.md5

Complete ChangeLog:

http://archive.ntp.org/ntp4/ChangeLog-dev

Please report any bugs, issues, or desired enhancements at
http://bugs.ntp.org/.



More information about the hackers mailing list