[ntp:hackers] NTP Development Snapshot 4.3.90 Released
NTP Public Services Project
webmaster at ntp.org
Wed Jan 20 12:30:13 UTC 2016
NTP Development Snapshot 4.3.90 is now available for download.
Security Updates:
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
http://bugs.ntp.org/2935
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
http://bugs.ntp.org/2936
* [Sec 2937] ntpq: nextvar() missing length check. perlinger at ntp.org
http://bugs.ntp.org/2937
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger at ntp.org
http://bugs.ntp.org/2938
* [Sec 2939] reslist NULL pointer dereference. perlinger at ntp.org
http://bugs.ntp.org/2939
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger at ntp.org
http://bugs.ntp.org/2940
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
http://bugs.ntp.org/2942
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger at ntp.org
http://bugs.ntp.org/2945
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger at ntp.org
http://bugs.ntp.org/2948
Bug Fixes:
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger at ntp.org
http://bugs.ntp.org/2882
* [Bug 2772] adj_systime overflows tv_usec. perlinger at ntp.org
http://bugs.ntp.org/2772
* [Bug 2980] reduce number of warnings. perlinger at ntp.org
- integrated several patches from Havard Eidnes (he at uninett.no)
http://bugs.ntp.org/2980
* [Bug 2985] bogus calculation in authkeys.c perlinger at ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
http://bugs.ntp.org/2985
* [Bug 2905] DNS lookups broken. perlinger at ntp.org
- added limits to stack consumption, fixed some return code handling
http://bugs.ntp.org/2905
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger at ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger at ntp.org
http://bugs.ntp.org/2971
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger at ntp.org
http://bugs.ntp.org/2891
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger at ntp.org
- Found this already fixed, but validation led to cleanup actions.
http://bugs.ntp.org/2892
* [Bug 2814] msyslog deadlock when signaled. perlinger at ntp.org
- applied patch by shenpeng11 at huawei.com with minor adjustments
http://bugs.ntp.org/2814
Other Changes:
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
* Make leapsec_query debug messages less verbose. Harlan Stenn.
Tarball:
http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.90.tar.gz
MD5 sum:
http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.90.tar.gz.md5
Complete ChangeLog:
http://archive.ntp.org/ntp4/ChangeLog-dev
Please report any bugs, issues, or desired enhancements at
http://bugs.ntp.org/.
More information about the hackers
mailing list