CVS commit: [pkgsrc-2016Q1] pkgsrc/net/ntp4

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2016Q1] pkgsrc/net/ntp4
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Fri, 13 May 2016 12:33:51 +0000
Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Fri May 13 12:33:51 UTC 2016

Modified Files:
        pkgsrc/net/ntp4 [pkgsrc-2016Q1]: Makefile PLIST distinfo

Log Message:
Pullup ticket #5010 - requested by taca
net/ntp4: security fix

Revisions pulled up:
- net/ntp4/Makefile                                             1.92
- net/ntp4/PLIST                                                1.21
- net/ntp4/distinfo                                             1.26

---
   Module Name: pkgsrc
   Committed By:        wen
   Date:                Wed Apr 27 15:59:19 UTC 2016

   Modified Files:
        pkgsrc/net/ntp4: Makefile PLIST distinfo

   Log Message:
   Update to 4.2.8p7

   Upstream changes:
   (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn%ntp.org@localhost>

   * [Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.
   * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
    time. Include passive servers in this check. HStenn.
   * [Sec 2945] Additional KoD packet checks.  HStenn.
   * [Sec 2978] Interleave can be partially triggered.  HStenn.
   * [Sec 3007] Validate crypto-NAKs.  Danny Mayer.
   * [Sec 3008] Always check the return value of ctl_getitem().
    - initial work by HStenn
    - Additional cleanup of ctl_getitem by perlinger%ntp.org@localhost
   * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger%ntp.org@localhost
     - added more stringent checks on packet content
   * [Sec 3010] remote configuration trustedkey/requestkey values
    are not properly validated. perlinger%ntp.org@localhost
    - sidekick: Ignore keys that have an unsupported MAC algorithm
      but are otherwise well-formed
   * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
    - graciously accept the same IP multiple times. perlinger%ntp.org@localhost
   * [Sec 3020] Refclock impersonation.  HStenn.
   * [Bug 2831]  Segmentation Fault in DNS lookup during startup. perlinger%ntp.org@localhost
    - fixed yet another race condition in the threaded resolver code.
   * [Bug 2858] bool support.  Use stdbool.h when available.  HStenn.
   * [Bug 2879] Improve NTP security against timing attacks. perlinger%ntp.org@localhost
    - integrated patches by Loganaden Velvidron <logan%ntp.org@localhost>
      with some modifications & unit tests
   * [Bug 2952] Symmetric active/passive mode is broken.  HStenn.
   * [Bug 2960] async name resolution fixes for chroot() environments.
    Reinhard Max.
   * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger%ntp.org@localhost
   * [Bug 2995] Fixes to compile on Windows
   * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger%ntp.org@localhost
   * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger%ntp.org@localhost
    - Patch provided by Ch. Weisgerber
   * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
    - A change related to [Bug 2853] forbids trailing white space in
      remote config commands. perlinger%ntp.org@localhost
   * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
    - report and patch from Aleksandr Kostikov.
    - Overhaul of Windows IO completion port handling. perlinger%ntp.org@localhost
   * [Bug 3022] authkeys.c should be refactored. perlinger%ntp.org@localhost
    - fixed memory leak in access list (auth[read]keys.c)
    - refactored handling of key access lists (auth[read]keys.c)
    - reduced number of error branches (authreadkeys.c)
   * [Bug 3023] ntpdate cannot correct dates in the future. perlinger%ntp.org@localhost
   * [Bug 3030] ntpq needs a general way to specify refid output format.  HStenn.
   * [Bug 3031] ntp broadcastclient unable to synchronize to an server
               when the time of server changed. perlinger%ntp.org@localhost
    - Check the initial delay calculation and reject/unpeer the broadcast
      server if the delay exceeds 50ms. Retry again after the next
      broadcast packet.
   * [Bug 3036] autokey trips an INSIST in authistrustedip().  Harlan Stenn.
   * Document ntp.key's optional IP list in authenetic.html.  Harlan Stenn.
   * Update html/xleave.html documentation.  Harlan Stenn.
   * Update ntp.conf documentation.  Harlan Stenn.
   * Fix some Credit: attributions in the NEWS file.  Harlan Stenn.
   * Fix typo in html/monopt.html.  Harlan Stenn.
   * Add README.pullrequests.  Harlan Stenn.
   * Cleanup to include/ntp.h.  Harlan Stenn.

   ---
   (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn%ntp.org@localhost>

   * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
   * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
   * [Sec 2937] ntpq: nextvar() missing length check. perlinger%ntp.org@localhost
   * [Sec 2938] ntpq saveconfig command allows dangerous characters
    in filenames. perlinger%ntp.org@localhost
   * [Sec 2939] reslist NULL pointer dereference.  perlinger%ntp.org@localhost
   * [Sec 2940] Stack exhaustion in recursive traversal of restriction
    list. perlinger%ntp.org@localhost
   * [Sec 2942]: Off-path DoS attack on auth broadcast mode.  HStenn.
   * [Sec 2945] Zero Origin Timestamp Bypass. perlinger%ntp.org@localhost
   * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger%ntp.org@localhost
   * [Bug 2772] adj_systime overflows tv_usec. perlinger%ntp.org@localhost
   * [Bug 2814] msyslog deadlock when signaled. perlinger%ntp.org@localhost
    - applied patch by shenpeng11%huawei.com@localhost with minor adjustments
   * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger%ntp.org@localhost
   * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger%ntp.org@localhost
   * [Bug 2892] Several test cases assume IPv6 capabilities even when
               IPv6 is disabled in the build. perlinger%ntp.org@localhost
    - Found this already fixed, but validation led to cleanup actions.
   * [Bug 2905] DNS lookups broken. perlinger%ntp.org@localhost
    - added limits to stack consumption, fixed some return code handling
   * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
    - changed stacked/nested handling of CTRL-C. perlinger%ntp.org@localhost
    - make CTRL-C work for retrieval and printing od MRU list. perlinger%ntp.org@localhost
   * [Bug 2980] reduce number of warnings. perlinger%ntp.org@localhost
    - integrated several patches from Havard Eidnes (he%uninett.no@localhost)
   * [Bug 2985] bogus calculation in authkeys.c perlinger%ntp.org@localhost
    - implement 'auth_log2()' using integer bithack instead of float calculation
   * Make leapsec_query debug messages less verbose.  Harlan Stenn.
   * Disable incomplete t-ntp_signd.c test.  Harlan Stenn.


To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.91.2.1 pkgsrc/net/ntp4/Makefile
cvs rdiff -u -r1.20 -r1.20.4.1 pkgsrc/net/ntp4/PLIST
cvs rdiff -u -r1.25 -r1.25.2.1 pkgsrc/net/ntp4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Prev by Date: CVS commit: [pkgsrc-2016Q1] pkgsrc/www/squid3
Next by Date: CVS commit: [pkgsrc-2016Q1] pkgsrc/net/samba4
Previous by Thread: CVS commit: [pkgsrc-2016Q1] pkgsrc/www/squid3
Next by Thread: CVS commit: [pkgsrc-2016Q1] pkgsrc/net/samba4
Indexes:
Home | Main Index | Thread Index | Old Index