[ntp:hackers] NTP Development Snapshot 4.3.92 Released
NTP Public Services Project
webmaster at ntp.org
Wed Apr 27 12:30:14 UTC 2016
NTP Development Snapshot 4.3.92 is now available for download.
Security Updates:
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
http://bugs.ntp.org/3007
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
http://bugs.ntp.org/2936
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger at ntp.org
http://bugs.ntp.org/3008
* [Sec 3009] Crafted addpeer with hmode 7 causes OOB error. perlinger at ntp.org
- added more stringent checks on packet content
http://bugs.ntp.org/3009
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
http://bugs.ntp.org/2901
* [Sec 3020] Refclock impersonation. HStenn.
http://bugs.ntp.org/3020
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger at ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
http://bugs.ntp.org/3010
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger at ntp.org
http://bugs.ntp.org/3011
* [Sec 2978] Interleave can be partially triggered. HStenn.
http://bugs.ntp.org/2978
* [Sec 2945] Additional KoD packet checks. HStenn.
http://bugs.ntp.org/2945
Bug Fixes:
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger at ntp.org
http://bugs.ntp.org/2999
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
http://bugs.ntp.org/3036
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
http://bugs.ntp.org/2858
* [Bug 3022] authkeys.c should be refactored. perlinger at ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
http://bugs.ntp.org/3022
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger at ntp.org
http://bugs.ntp.org/3023
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
http://bugs.ntp.org/2952
* [Bug 2879] Improve NTP security against timing attacks. perlinger at ntp.org
- integrated patches by Loganaden Velvidron <logan at ntp.org>
with some modifications & unit tests
http://bugs.ntp.org/2879
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger at ntp.org
- Patch provided by Ch. Weisgerber
http://bugs.ntp.org/3013
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger at ntp.org
http://bugs.ntp.org/3015
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger at ntp.org
http://bugs.ntp.org/3019
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger at ntp.org
http://bugs.ntp.org/2994
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger at ntp.org
- fixed yet another race condition in the threaded resolver code.
http://bugs.ntp.org/2831
* [Bug 2995] Fixes to compile on Windows
http://bugs.ntp.org/2995
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
http://bugs.ntp.org/3030
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger at ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
http://bugs.ntp.org/3031
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
http://bugs.ntp.org/2960
Other Changes:
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
Tarball:
http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.92.tar.gz
MD5 sum:
http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.92.tar.gz.md5
Complete ChangeLog:
http://archive.ntp.org/ntp4/ChangeLog-dev
Please report any bugs, issues, or desired enhancements at
http://bugs.ntp.org/.
More information about the hackers
mailing list