[ntp:hackers] NTP Development Snapshot 4.3.90 Released

NTP Public Services Project webmaster at ntp.org
Wed Jan 20 12:30:13 UTC 2016


NTP Development Snapshot 4.3.90 is now available for download.

Security Updates:

* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
   http://bugs.ntp.org/2935
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
   http://bugs.ntp.org/2936
* [Sec 2937] ntpq: nextvar() missing length check. perlinger at ntp.org
   http://bugs.ntp.org/2937
* [Sec 2938] ntpq saveconfig command allows dangerous characters
  in filenames. perlinger at ntp.org
   http://bugs.ntp.org/2938
* [Sec 2939] reslist NULL pointer dereference.  perlinger at ntp.org
   http://bugs.ntp.org/2939
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
  list. perlinger at ntp.org
   http://bugs.ntp.org/2940
* [Sec 2942]: Off-path DoS attack on auth broadcast mode.  HStenn.
   http://bugs.ntp.org/2942
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger at ntp.org
   http://bugs.ntp.org/2945
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger at ntp.org
   http://bugs.ntp.org/2948

Bug Fixes:

* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger at ntp.org
   http://bugs.ntp.org/2882
* [Bug 2772] adj_systime overflows tv_usec. perlinger at ntp.org
   http://bugs.ntp.org/2772
* [Bug 2980] reduce number of warnings. perlinger at ntp.org
  - integrated several patches from Havard Eidnes (he at uninett.no)
   http://bugs.ntp.org/2980
* [Bug 2985] bogus calculation in authkeys.c perlinger at ntp.org
  - implement 'auth_log2()' using integer bithack instead of float calculation
   http://bugs.ntp.org/2985
* [Bug 2905] DNS lookups broken. perlinger at ntp.org
  - added limits to stack consumption, fixed some return code handling
   http://bugs.ntp.org/2905
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
  - changed stacked/nested handling of CTRL-C. perlinger at ntp.org
  - make CTRL-C work for retrieval and printing od MRU list. perlinger at ntp.org
   http://bugs.ntp.org/2971
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger at ntp.org
   http://bugs.ntp.org/2891
* [Bug 2892] Several test cases assume IPv6 capabilities even when
             IPv6 is disabled in the build. perlinger at ntp.org
  - Found this already fixed, but validation led to cleanup actions.
   http://bugs.ntp.org/2892
* [Bug 2814] msyslog deadlock when signaled. perlinger at ntp.org
  - applied patch by shenpeng11 at huawei.com with minor adjustments
   http://bugs.ntp.org/2814

Other Changes:

* Disable incomplete t-ntp_signd.c test.  Harlan Stenn.
* Make leapsec_query debug messages less verbose.  Harlan Stenn.

Tarball:

http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.90.tar.gz 

MD5 sum:

http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.90.tar.gz.md5

Complete ChangeLog:

http://archive.ntp.org/ntp4/ChangeLog-dev

Please report any bugs, issues, or desired enhancements at
http://bugs.ntp.org/.



More information about the hackers mailing list