[ntp:hackers] NTP Development Snapshot 4.3.94 Released
NTP Public Services Project
webmaster at ntp.org
Mon Apr 8 09:30:20 UTC 2019
NTP Development Snapshot 4.3.94 is now available for download.
Security Updates:
* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger at ntp.org>
- applied fix as suggested by Matthew Van Gundy
http://bugs.ntp.org/3113
* [Sec 3114] Broadcast Mode Replay Prevention DoS
- applied patches by Matthew Van Gundy. <perlinger at ntp.org>
- with bcpollbstep, tweaks and cleanup by stenn at ntp.org
http://bugs.ntp.org/3114
* [Sec 3082] null pointer dereference in _IO_str_init_static_internal()
- more hardening to read_mru_list(). perlinger at ntp.org
http://bugs.ntp.org/3082
* [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger at ntp.org>
- TRAP config via mode 6 packet requires AUTH now.
http://bugs.ntp.org/3118
* [Sec 3119] Trap crash <perlinger at ntp.org>
http://bugs.ntp.org/3119
* [Sec 3102] Zero origin issues. HStenn.
http://bugs.ntp.org/3102
* [Sec 3072] Attack on interface selection <perlinger at ntp.org>
- implemented Miroslav Lichvars <mlichvar at redhat.comsuggestion
to skip interface updates based on incoming packets
http://bugs.ntp.org/3072
* [Sec 3110] Windows: ntpd DoS by oversized UDP packet
- fixed error handling for truncated UDP packets. <perlinger at ntp.org>
http://bugs.ntp.org/3110
Bug Fixes:
* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
http://bugs.ntp.org/2961
* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
http://bugs.ntp.org/2998
* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger at ntp.org>
http://bugs.ntp.org/3116
* [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
http://bugs.ntp.org/3084
* [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
<perlinger at ntp.org>
- patches by Reinhard Max <max at suse.comand Havard Eidnes <he at uninett.no>
http://bugs.ntp.org/3050
* [Bug 3089] Serial Parser does not work anymore for hopfser like device
- simplified / refactored hex-decoding in driver. <perlinger at ntp.org>
http://bugs.ntp.org/3089
* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
http://bugs.ntp.org/3053
* [Bug 3100] ntpq can't retrieve daemon_version <perlinger at ntp.org>
- fixed extended sysvar lookup (bug introduced with bug 3008 fix)
http://bugs.ntp.org/3100
* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn at ntp.org
http://bugs.ntp.org/3138
* [Bug 3021] unity_fixture.c needs pragma weak <perlinger at ntp.org>
- removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
http://bugs.ntp.org/3021
* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd'
- fixed Makefile.am <perlinger at ntp.org>
http://bugs.ntp.org/2951
* [Bug 3059] Potential buffer overrun from oversized hash <perlinger at ntp.org>
- applied patch by Brian Utterback <brian.utterback at oracle.com>
http://bugs.ntp.org/3059
* [Bug 2959] refclock_jupiter: gps week correction <perlinger at ntp.org>
- fixed GPS week expansion to work based on build date. Special thanks
to Craig Leres for initial patch and testing.
http://bugs.ntp.org/2959
* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
using the loopback-ppsapi-provider.dll <perlinger at ntp.org>
http://bugs.ntp.org/3125
* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe at ntp.org
- Patch provided by Kuramatsu.
http://bugs.ntp.org/3047
* [Bug 2689] ATOM driver processes last PPS pulse at startup,
even if it is very old <perlinger at ntp.org>
- make sure PPS source is alive before processing samples
- improve stability close to the 500ms phase jump (phase gate)
http://bugs.ntp.org/2689
* [Bug 3129] Unknown hosts can put resolver thread into a hard loop
- moved retry decision where it belongs. <perlinger at ntp.org>
http://bugs.ntp.org/3129
* [Bug 3095] Compatibility with openssl 1.1 <perlinger at ntp.org>
- applied patches by Kurt Roeckx <kurt at roeckx.beto source
- added shim layer for SSL API calls with issues (both directions)
http://bugs.ntp.org/3095
* [Bug 3142] bug in netmask prefix length detection <perlinger at ntp.org>
http://bugs.ntp.org/3142
* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing.
DMayer and JPerlinger.
http://bugs.ntp.org/3019
* [Bug 3066] NMEA clock ignores pps. perlinger at ntp.org
- PPS-HACK works again.
http://bugs.ntp.org/3066
* [Bug 3067] Root distance calculation needs improvement. HStenn.
http://bugs.ntp.org/3067
* [Bug 3068] Linker warnings when building on Solaris. perlinger at ntp.org
- applied patch thanks to Andrew Stormont <andyjstormont at gmail.com>
http://bugs.ntp.org/3068
Other Changes:
* Pick up tweaks to autogen-5.18.5 <stenn at ntp.org>
>From ntp-4.2.8p9:
* Fix typos in include/ntp.h.
* Shim X509_get_signature_nid() if needed.
* git author attribution cleanup
* bk ignore file cleanup
* remove locks in Windows IO, use rpc-like thread synchronisation instead
* Tweak scripts/build/addChangeLogTag <stenn at ntp.org>
Tarball:
http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.94.tar.gz
MD5 sum:
http://archive.ntp.org/ntp4/ntp-dev/ntp-dev-4.3.94.tar.gz.md5
Complete ChangeLog:
http://archive.ntp.org/ntp4/ChangeLog-dev
Please report any bugs, issues, or desired enhancements at
http://bugs.ntp.org/.
More information about the hackers
mailing list