Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/ntp/dist ---
details: https://anonhg.NetBSD.org/src/rev/d3080a0dda82
branches: trunk
changeset: 360927:d3080a0dda82
user: christos <christos%NetBSD.org@localhost>
date: Sat Apr 07 00:15:40 2018 +0000
description:
---
* [Sec 3454] Unauthenticated packet can reset authenticated interleave
associations. HStenn.
* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn.
* [Sec 3415] Permit blocking authenticated symmetric/passive associations.
Implement ippeerlimit. HStenn, JPerlinger.
* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits
- initial patch by <stenn%ntp.org@localhost>, extended by <perlinger%ntp.org@localhost>
* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger%ntp.org@localhost>
* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger.
* [Bug 3457] OpenSSL FIPS mode regression <perlinger%ntp.org@localhost>
* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger%ntp.org@localhost>
- applied patch by Sean Haugh
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger%ntp.org@localhost>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger%ntp.org@localhost>
* [Bug 3447] AES-128-CMAC (fixes) <perlinger%ntp.org@localhost>
- refactoring the MAC code, too
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn%ntp.org@localhost
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger%ntp.org@localhost>
- applied patch by ggarvey
* [Bug 3438] Negative values and values > 999 days in... <perlinger%ntp.org@localhost>
- applied patch by ggarvey (with minor mods)
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger%ntp.org@localhost>
* [Bug 3435] anchor NTP era alignment <perlinger%ntp.org@localhost>
* [Bug 3433] sntp crashes when run with -a. <stenn%ntp.org@localhost>
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
- fixed several issues with hash algos in ntpd, sntp, ntpq,
ntpdc and the test suites <perlinger%ntp.org@localhost>
* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger%ntp.org@localhost>
- initial patch by Daniel Pouzzner
* [Bug 3423] QNX adjtime() implementation error checking is
wrong <perlinger%ntp.org@localhost>
* [Bug 3417] ntpq ifstats packet counters can be negative
made IFSTATS counter quantities unsigned <perlinger%ntp.org@localhost>
* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
- raised receive buffer size to 1200 <perlinger%ntp.org@localhost>
* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
analysis tool. <abe%ntp.org@localhost>
* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger%ntp.org@localhost>
- fix/drop assumptions on OpenSSL libs directory layout
* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
- initial patch by timeflies%mail2tor.com@localhost <perlinger%ntp.org@localhost>
* [Bug 3398] tests fail with core dump <perlinger%ntp.org@localhost>
- patch contributed by Alexander Bluhm
* [Bug 3397] ctl_putstr() asserts that data fits in its buffer
rework of formatting & data transfer stuff in 'ntp_control.c'
avoids unecessary buffers and size limitations. <perlinger%ntp.org@localhost>
* [Bug 3394] Leap second deletion does not work on ntpd clients
- fixed handling of dynamic deletion w/o leap file <perlinger%ntp.org@localhost>
* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
- increased mimimum stack size to 32kB <perlinger%ntp.org@localhost>
* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger%ntp.org@localhost>
- reverted handling of PPS kernel consumer to 4.2.6 behavior
* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe%ntp.org@localhost>
* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
* [Bug 3016] wrong error position reported for bad ":config pool"
- fixed location counter & ntpq output <perlinger%ntp.org@localhost>
* [Bug 2900] libntp build order problem. HStenn.
* [Bug 2878] Tests are cluttering up syslog <perlinger%ntp.org@localhost>
* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs%bodosom.net@localhost,
perlinger%ntp.org@localhost
* [Bug 2557] Fix Thunderbolt init. ntp-bugs%bodosom.net@localhost, perlinger@ntp.
* [Bug 948] Trustedkey config directive leaks memory. <perlinger%ntp.org@localhost>
* Use strlcpy() to copy strings, not memcpy(). HStenn.
* Typos. HStenn.
* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger%ntp.org@localhost
* Fix trivial warnings from 'make check'. perlinger%ntp.org@localhost
* Fix bug in the override portion of the compiler hardening macro. HStenn.
* record_raw_stats(): Log entire packet. Log writes. HStenn.
* AES-128-CMAC support. BInglis, HStenn, JPerlinger.
* sntp: tweak key file logging. HStenn.
* sntp: pkt_output(): Improve debug output. HStenn.
* update-leap: updates from Paul McMath.
* When using pkg-config, report --modversion. HStenn.
* Clean up libevent configure checks. HStenn.
* sntp: show the IP of who sent us a crypto-NAK. HStenn.
* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
* authistrustedip() - use it in more places. HStenn, JPerlinger.
* New sysstats: sys_lamport, sys_tsrounding. HStenn.
* Update ntp.keys .../N documentation. HStenn.
* Distribute testconf.yml. HStenn.
* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
* Rename the configuration flag fifo variables. HStenn.
* Improve saveconfig output. HStenn.
* Decode restrict flags on receive() debug output. HStenn.
* Decode interface flags on receive() debug output. HStenn.
* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
* Update the documentation in ntp.conf.def . HStenn.
* restrictions() must return restrict flags and ippeerlimit. HStenn.
* Update ntpq peer documentation to describe the 'p' type. HStenn.
* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
* Provide dump_restricts() for debugging. HStenn.
* Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
* Some tests might need LIBM. HStenn.
* update-leap: Allow -h/--help early. HStenn.
diffstat:
external/bsd/ntp/dist/ChangeLog | 105 +-
external/bsd/ntp/dist/Makefile.am | 2 +-
external/bsd/ntp/dist/Makefile.in | 3 +-
external/bsd/ntp/dist/NEWS | 333 ++-
external/bsd/ntp/dist/aclocal.m4 | 1 +
external/bsd/ntp/dist/adjtimed/Makefile.in | 2 +-
external/bsd/ntp/dist/clockstuff/Makefile.in | 2 +-
external/bsd/ntp/dist/configure | 86 +-
external/bsd/ntp/dist/configure.ac | 2 +
external/bsd/ntp/dist/html/access.html | 4 +-
external/bsd/ntp/dist/html/accopt.html | 182 +-
external/bsd/ntp/dist/html/authentic.html | 38 +-
external/bsd/ntp/dist/html/drivers/driver18.html | 4 +-
external/bsd/ntp/dist/html/drivers/driver40-ja.html | 5 +-
external/bsd/ntp/dist/html/drivers/driver40.html | 5 +-
external/bsd/ntp/dist/html/keygen.html | 464 +++-
external/bsd/ntp/dist/html/miscopt.html | 12 +-
external/bsd/ntp/dist/html/monopt.html | 28 +-
external/bsd/ntp/dist/html/ntpq.html | 17 +-
external/bsd/ntp/dist/include/Makefile.in | 1 +
external/bsd/ntp/dist/include/isc/Makefile.in | 1 +
external/bsd/ntp/dist/include/ntp_keyacc.h | 10 +-
external/bsd/ntp/dist/kernel/Makefile.in | 1 +
external/bsd/ntp/dist/kernel/sys/Makefile.in | 1 +
external/bsd/ntp/dist/libntp/Makefile.in | 1 +
external/bsd/ntp/dist/libntp/libssl_compat.c | 7 +-
external/bsd/ntp/dist/libparse/Makefile.in | 2 +-
external/bsd/ntp/dist/ntpd/Makefile.in | 2 +-
external/bsd/ntp/dist/ntpd/complete.conf.in | 16 +-
external/bsd/ntp/dist/ntpd/invoke-ntp.conf.texi | 290 ++-
external/bsd/ntp/dist/ntpd/invoke-ntp.keys.texi | 14 +-
external/bsd/ntp/dist/ntpd/invoke-ntpd.texi | 4 +-
external/bsd/ntp/dist/ntpd/keyword-gen-utd | 2 +-
external/bsd/ntp/dist/ntpd/ntp.conf.5man | 340 ++-
external/bsd/ntp/dist/ntpd/ntp.conf.5mdoc | 342 ++-
external/bsd/ntp/dist/ntpd/ntp.conf.def | 338 ++-
external/bsd/ntp/dist/ntpd/ntp.conf.html | 356 ++-
external/bsd/ntp/dist/ntpd/ntp.conf.man.in | 340 ++-
external/bsd/ntp/dist/ntpd/ntp.conf.mdoc.in | 342 ++-
external/bsd/ntp/dist/ntpd/ntp.keys.5man | 16 +-
external/bsd/ntp/dist/ntpd/ntp.keys.5mdoc | 16 +-
external/bsd/ntp/dist/ntpd/ntp.keys.def | 12 +-
external/bsd/ntp/dist/ntpd/ntp.keys.html | 14 +-
external/bsd/ntp/dist/ntpd/ntp.keys.man.in | 16 +-
external/bsd/ntp/dist/ntpd/ntp.keys.mdoc.in | 16 +-
external/bsd/ntp/dist/ntpd/ntpd.1ntpdman | 6 +-
external/bsd/ntp/dist/ntpd/ntpd.1ntpdmdoc | 4 +-
external/bsd/ntp/dist/ntpd/ntpd.html | 4 +-
external/bsd/ntp/dist/ntpd/ntpd.man.in | 6 +-
external/bsd/ntp/dist/ntpd/ntpd.mdoc.in | 4 +-
external/bsd/ntp/dist/ntpdate/Makefile.in | 2 +-
external/bsd/ntp/dist/ntpdc/Makefile.in | 2 +-
external/bsd/ntp/dist/ntpdc/invoke-ntpdc.texi | 4 +-
external/bsd/ntp/dist/ntpdc/layout.std | 19 +-
external/bsd/ntp/dist/ntpdc/ntpdc.1ntpdcman | 6 +-
external/bsd/ntp/dist/ntpdc/ntpdc.1ntpdcmdoc | 4 +-
external/bsd/ntp/dist/ntpdc/ntpdc.html | 4 +-
external/bsd/ntp/dist/ntpdc/ntpdc.man.in | 6 +-
external/bsd/ntp/dist/ntpdc/ntpdc.mdoc.in | 4 +-
external/bsd/ntp/dist/ntpq/Makefile.am | 6 +-
external/bsd/ntp/dist/ntpq/Makefile.in | 26 +-
external/bsd/ntp/dist/ntpq/invoke-ntpq.texi | 502 ++-
external/bsd/ntp/dist/ntpq/ntpq-opts.def | 738 +++---
external/bsd/ntp/dist/ntpq/ntpq.1ntpqman | 656 +++--
external/bsd/ntp/dist/ntpq/ntpq.1ntpqmdoc | 731 +++--
external/bsd/ntp/dist/ntpq/ntpq.html | 429 ++-
external/bsd/ntp/dist/ntpq/ntpq.man.in | 656 +++--
external/bsd/ntp/dist/ntpq/ntpq.mdoc.in | 731 +++--
external/bsd/ntp/dist/ntpq/ntpq.texi | 2 +-
external/bsd/ntp/dist/ntpsnmpd/Makefile.in | 2 +-
external/bsd/ntp/dist/ntpsnmpd/invoke-ntpsnmpd.texi | 2 +-
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.1ntpsnmpdman | 6 +-
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc | 4 +-
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.html | 2 +-
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.man.in | 6 +-
external/bsd/ntp/dist/ntpsnmpd/ntpsnmpd.mdoc.in | 4 +-
external/bsd/ntp/dist/packageinfo.sh | 2 +-
external/bsd/ntp/dist/parseutil/Makefile.in | 1 +
external/bsd/ntp/dist/scripts/Makefile.in | 1 +
external/bsd/ntp/dist/scripts/build/Makefile.in | 1 +
external/bsd/ntp/dist/scripts/build/UpdatePoint | 22 +-
external/bsd/ntp/dist/scripts/calc_tickadj/Makefile.in | 1 +
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman | 6 +-
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc | 4 +-
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.html | 2 +-
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.man.in | 6 +-
external/bsd/ntp/dist/scripts/calc_tickadj/calc_tickadj.mdoc.in | 4 +-
external/bsd/ntp/dist/scripts/calc_tickadj/invoke-calc_tickadj.texi | 2 +-
external/bsd/ntp/dist/scripts/invoke-plot_summary.texi | 4 +-
external/bsd/ntp/dist/scripts/invoke-summary.texi | 4 +-
external/bsd/ntp/dist/scripts/lib/Makefile.in | 1 +
external/bsd/ntp/dist/scripts/ntp-wait/Makefile.in | 1 +
external/bsd/ntp/dist/scripts/ntp-wait/invoke-ntp-wait.texi | 4 +-
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait-opts | 4 +-
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.1ntp-waitman | 6 +-
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc | 4 +-
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.html | 4 +-
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.man.in | 6 +-
external/bsd/ntp/dist/scripts/ntp-wait/ntp-wait.mdoc.in | 4 +-
external/bsd/ntp/dist/scripts/ntpsweep/Makefile.in | 1 +
external/bsd/ntp/dist/scripts/ntpsweep/invoke-ntpsweep.texi | 4 +-
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep-opts | 4 +-
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.1ntpsweepman | 6 +-
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc | 4 +-
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.html | 4 +-
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.man.in | 6 +-
external/bsd/ntp/dist/scripts/ntpsweep/ntpsweep.mdoc.in | 4 +-
external/bsd/ntp/dist/scripts/ntptrace/Makefile.in | 1 +
external/bsd/ntp/dist/scripts/ntptrace/invoke-ntptrace.texi | 4 +-
external/bsd/ntp/dist/scripts/ntptrace/ntptrace-opts | 4 +-
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.1ntptraceman | 6 +-
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.1ntptracemdoc | 4 +-
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.html | 4 +-
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.man.in | 6 +-
external/bsd/ntp/dist/scripts/ntptrace/ntptrace.mdoc.in | 4 +-
external/bsd/ntp/dist/scripts/plot_summary-opts | 4 +-
external/bsd/ntp/dist/scripts/plot_summary.1plot_summaryman | 6 +-
external/bsd/ntp/dist/scripts/plot_summary.1plot_summarymdoc | 4 +-
external/bsd/ntp/dist/scripts/plot_summary.html | 4 +-
external/bsd/ntp/dist/scripts/plot_summary.man.in | 6 +-
external/bsd/ntp/dist/scripts/plot_summary.mdoc.in | 4 +-
external/bsd/ntp/dist/scripts/summary-opts | 4 +-
external/bsd/ntp/dist/scripts/summary.1summaryman | 6 +-
external/bsd/ntp/dist/scripts/summary.1summarymdoc | 4 +-
external/bsd/ntp/dist/scripts/summary.html | 4 +-
external/bsd/ntp/dist/scripts/summary.man.in | 6 +-
external/bsd/ntp/dist/scripts/summary.mdoc.in | 4 +-
external/bsd/ntp/dist/scripts/update-leap/Makefile.in | 1 +
external/bsd/ntp/dist/scripts/update-leap/invoke-update-leap.texi | 107 +-
external/bsd/ntp/dist/scripts/update-leap/update-leap-opts | 4 +-
external/bsd/ntp/dist/scripts/update-leap/update-leap.1update-leapman | 6 +-
external/bsd/ntp/dist/scripts/update-leap/update-leap.1update-leapmdoc | 4 +-
external/bsd/ntp/dist/scripts/update-leap/update-leap.html | 53 +-
external/bsd/ntp/dist/scripts/update-leap/update-leap.in | 769 +++---
external/bsd/ntp/dist/scripts/update-leap/update-leap.man.in | 6 +-
external/bsd/ntp/dist/scripts/update-leap/update-leap.mdoc.in | 4 +-
external/bsd/ntp/dist/sntp/Makefile.in | 1 -
external/bsd/ntp/dist/sntp/check-libntp.mf | 1 -
external/bsd/ntp/dist/sntp/configure | 56 +-
external/bsd/ntp/dist/sntp/harden/linux | 4 +-
external/bsd/ntp/dist/sntp/include/version.def | 2 +-
external/bsd/ntp/dist/sntp/include/version.texi | 6 +-
external/bsd/ntp/dist/sntp/invoke-sntp.texi | 50 +-
external/bsd/ntp/dist/sntp/m4/ntp_af_unspec.m4 | 23 +
external/bsd/ntp/dist/sntp/m4/ntp_harden.m4 | 12 +-
external/bsd/ntp/dist/sntp/m4/ntp_libevent.m4 | 8 +-
external/bsd/ntp/dist/sntp/m4/ntp_openssl.m4 | 7 +-
external/bsd/ntp/dist/sntp/m4/version.m4 | 2 +-
external/bsd/ntp/dist/sntp/sntp-opts.def | 1 +
external/bsd/ntp/dist/sntp/sntp.1sntpman | 11 +-
external/bsd/ntp/dist/sntp/sntp.1sntpmdoc | 9 +-
external/bsd/ntp/dist/sntp/sntp.html | 50 +-
external/bsd/ntp/dist/sntp/sntp.man.in | 11 +-
external/bsd/ntp/dist/sntp/sntp.mdoc.in | 9 +-
external/bsd/ntp/dist/sntp/tests/Makefile.am | 26 +-
external/bsd/ntp/dist/sntp/tests/Makefile.in | 24 +-
external/bsd/ntp/dist/sntp/tests/crypto.c | 116 +-
external/bsd/ntp/dist/sntp/tests/keyFile.c | 8 +-
external/bsd/ntp/dist/sntp/tests/packetHandling.c | 7 +-
external/bsd/ntp/dist/sntp/tests/packetProcessing.c | 41 +-
external/bsd/ntp/dist/sntp/tests/run-crypto.c | 26 +-
external/bsd/ntp/dist/sntp/tests/run-keyFile.c | 10 +-
external/bsd/ntp/dist/sntp/tests/run-kodDatabase.c | 10 +-
external/bsd/ntp/dist/sntp/tests/run-kodFile.c | 10 +-
external/bsd/ntp/dist/sntp/tests/run-networking.c | 10 +-
external/bsd/ntp/dist/sntp/tests/run-packetHandling.c | 10 +-
external/bsd/ntp/dist/sntp/tests/run-packetProcessing.c | 48 +-
external/bsd/ntp/dist/sntp/tests/run-t-log.c | 10 +-
external/bsd/ntp/dist/sntp/tests/run-utilities.c | 10 +-
external/bsd/ntp/dist/sntp/tests/testconf.yml | 9 +
external/bsd/ntp/dist/sntp/unity/auto/generate_test_runner.rb | 6 +-
external/bsd/ntp/dist/sntp/version.c | 4 +-
external/bsd/ntp/dist/tests/Makefile.in | 1 +
external/bsd/ntp/dist/tests/bug-2803/Makefile.am | 14 +-
external/bsd/ntp/dist/tests/bug-2803/Makefile.in | 15 +-
external/bsd/ntp/dist/tests/bug-2803/run-bug-2803.c | 12 +-
external/bsd/ntp/dist/tests/bug-2803/testconf.yml | 9 +
external/bsd/ntp/dist/tests/libntp/Makefile.am | 91 +-
external/bsd/ntp/dist/tests/libntp/Makefile.in | 327 +-
external/bsd/ntp/dist/tests/libntp/a_md5encrypt.c | 14 +-
external/bsd/ntp/dist/tests/libntp/authkeys.c | 220 +-
external/bsd/ntp/dist/tests/libntp/run-a_md5encrypt.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-atoint.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-atouint.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-authkeys.c | 36 +-
external/bsd/ntp/dist/tests/libntp/run-buftvtots.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-calendar.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-caljulian.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-caltontp.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-calyearstart.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-clocktime.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-decodenetnum.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-hextoint.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-hextolfp.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-humandate.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-lfpfunc.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-lfptostr.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-modetoa.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-msyslog.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-netof.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-numtoa.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-numtohost.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-octtoint.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-prettydate.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-recvbuff.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-refidsmear.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-refnumtoa.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-sfptostr.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-socktoa.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-ssl_init.c | 24 +-
external/bsd/ntp/dist/tests/libntp/run-statestr.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-strtolfp.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-timespecops.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-timevalops.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-tsafememcmp.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-tstotv.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-tvtots.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-uglydate.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-vi64ops.c | 10 +-
external/bsd/ntp/dist/tests/libntp/run-ymd2yd.c | 10 +-
external/bsd/ntp/dist/tests/libntp/ssl_init.c | 33 +-
external/bsd/ntp/dist/tests/libntp/testconf.yml | 9 +
external/bsd/ntp/dist/tests/libntp/timespecops.c | 17 +-
external/bsd/ntp/dist/tests/libntp/timevalops.c | 18 +-
external/bsd/ntp/dist/tests/ntpd/Makefile.am | 31 +-
external/bsd/ntp/dist/tests/ntpd/Makefile.in | 29 +-
external/bsd/ntp/dist/tests/ntpd/leapsec.c | 292 +-
external/bsd/ntp/dist/tests/ntpd/ntp_prio_q.c | 42 +-
external/bsd/ntp/dist/tests/ntpd/ntp_restrict.c | 119 +-
external/bsd/ntp/dist/tests/ntpd/rc_cmdlength.c | 9 +-
external/bsd/ntp/dist/tests/ntpd/run-leapsec.c | 77 +-
external/bsd/ntp/dist/tests/ntpd/run-ntp_prio_q.c | 22 +-
external/bsd/ntp/dist/tests/ntpd/run-ntp_restrict.c | 26 +-
external/bsd/ntp/dist/tests/ntpd/run-rc_cmdlength.c | 12 +-
external/bsd/ntp/dist/tests/ntpd/run-t-ntp_scanner.c | 32 +-
external/bsd/ntp/dist/tests/ntpd/run-t-ntp_signd.c | 10 +-
external/bsd/ntp/dist/tests/ntpd/t-ntp_scanner.c | 72 +-
external/bsd/ntp/dist/tests/ntpd/testconf.yml | 9 +
external/bsd/ntp/dist/tests/ntpq/Makefile.am | 13 +-
external/bsd/ntp/dist/tests/ntpq/Makefile.in | 12 +-
external/bsd/ntp/dist/tests/ntpq/run-t-ntpq.c | 10 +-
external/bsd/ntp/dist/tests/ntpq/testconf.yml | 9 +
external/bsd/ntp/dist/tests/sandbox/Makefile.am | 18 +-
external/bsd/ntp/dist/tests/sandbox/Makefile.in | 25 +-
external/bsd/ntp/dist/tests/sandbox/run-modetoa.c | 10 +-
external/bsd/ntp/dist/tests/sandbox/run-uglydate.c | 10 +-
external/bsd/ntp/dist/tests/sandbox/run-ut-2803.c | 10 +-
external/bsd/ntp/dist/tests/sandbox/testconf.yml | 9 +
external/bsd/ntp/dist/tests/sec-2853/Makefile.am | 17 +-
external/bsd/ntp/dist/tests/sec-2853/Makefile.in | 23 +-
external/bsd/ntp/dist/tests/sec-2853/run-sec-2853.c | 10 +-
external/bsd/ntp/dist/tests/sec-2853/testconf.yml | 9 +
external/bsd/ntp/dist/util/Makefile.in | 2 +-
external/bsd/ntp/dist/util/invoke-ntp-keygen.texi | 1123 +++++----
external/bsd/ntp/dist/util/ntp-keygen-opts.def | 1106 +++++----
external/bsd/ntp/dist/util/ntp-keygen.1ntp-keygenman | 1053 +++++----
external/bsd/ntp/dist/util/ntp-keygen.1ntp-keygenmdoc | 990 +++++---
external/bsd/ntp/dist/util/ntp-keygen.html | 1061 +++++----
external/bsd/ntp/dist/util/ntp-keygen.man.in | 1053 +++++----
external/bsd/ntp/dist/util/ntp-keygen.mdoc.in | 990 +++++---
260 files changed, 12588 insertions(+), 7158 deletions(-)
diffs (truncated from 32926 to 300 lines):
diff -r 6315386f24d2 -r d3080a0dda82 external/bsd/ntp/dist/ChangeLog
--- a/external/bsd/ntp/dist/ChangeLog Fri Apr 06 23:08:23 2018 +0000
+++ b/external/bsd/ntp/dist/ChangeLog Sat Apr 07 00:15:40 2018 +0000
@@ -1,6 +1,107 @@
---
-(4.2.8p10-win-beta1) 2017/03/21 Released by Harlan Stenn <stenn%ntp.org@localhost>
-(4.2.8p10)
+
+* [Sec 3454] Unauthenticated packet can reset authenticated interleave
+ associations. HStenn.
+* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn.
+* [Sec 3415] Permit blocking authenticated symmetric/passive associations.
+ Implement ippeerlimit. HStenn, JPerlinger.
+* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits
+ - initial patch by <stenn%ntp.org@localhost>, extended by <perlinger%ntp.org@localhost>
+* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger%ntp.org@localhost>
+* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger.
+* [Bug 3457] OpenSSL FIPS mode regression <perlinger%ntp.org@localhost>
+* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger%ntp.org@localhost>
+ - applied patch by Sean Haugh
+* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger%ntp.org@localhost>
+* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
+ - removed error log caused by rounding/slew, ensured postcondition <perlinger%ntp.org@localhost>
+* [Bug 3447] AES-128-CMAC (fixes) <perlinger%ntp.org@localhost>
+ - refactoring the MAC code, too
+* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn%ntp.org@localhost
+* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger%ntp.org@localhost>
+ - applied patch by ggarvey
+* [Bug 3438] Negative values and values > 999 days in... <perlinger%ntp.org@localhost>
+ - applied patch by ggarvey (with minor mods)
+* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
+ - applied patch (with mods) by Miroslav Lichvar <perlinger%ntp.org@localhost>
+* [Bug 3435] anchor NTP era alignment <perlinger%ntp.org@localhost>
+* [Bug 3433] sntp crashes when run with -a. <stenn%ntp.org@localhost>
+* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
+ - fixed several issues with hash algos in ntpd, sntp, ntpq,
+ ntpdc and the test suites <perlinger%ntp.org@localhost>
+* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger%ntp.org@localhost>
+ - initial patch by Daniel Pouzzner
+* [Bug 3423] QNX adjtime() implementation error checking is
+ wrong <perlinger%ntp.org@localhost>
+* [Bug 3417] ntpq ifstats packet counters can be negative
+ made IFSTATS counter quantities unsigned <perlinger%ntp.org@localhost>
+* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
+ - raised receive buffer size to 1200 <perlinger%ntp.org@localhost>
+* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
+ analysis tool. <abe%ntp.org@localhost>
+* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
+* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger%ntp.org@localhost>
+ - fix/drop assumptions on OpenSSL libs directory layout
+* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
+ - initial patch by timeflies%mail2tor.com@localhost <perlinger%ntp.org@localhost>
+* [Bug 3398] tests fail with core dump <perlinger%ntp.org@localhost>
+ - patch contributed by Alexander Bluhm
+* [Bug 3397] ctl_putstr() asserts that data fits in its buffer
+ rework of formatting & data transfer stuff in 'ntp_control.c'
+ avoids unecessary buffers and size limitations. <perlinger%ntp.org@localhost>
+* [Bug 3394] Leap second deletion does not work on ntpd clients
+ - fixed handling of dynamic deletion w/o leap file <perlinger%ntp.org@localhost>
+* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
+ - increased mimimum stack size to 32kB <perlinger%ntp.org@localhost>
+* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger%ntp.org@localhost>
+ - reverted handling of PPS kernel consumer to 4.2.6 behavior
+* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe%ntp.org@localhost>
+* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
+* [Bug 3016] wrong error position reported for bad ":config pool"
+ - fixed location counter & ntpq output <perlinger%ntp.org@localhost>
+* [Bug 2900] libntp build order problem. HStenn.
+* [Bug 2878] Tests are cluttering up syslog <perlinger%ntp.org@localhost>
+* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs%bodosom.net@localhost,
+ perlinger%ntp.org@localhost
+* [Bug 2557] Fix Thunderbolt init. ntp-bugs%bodosom.net@localhost, perlinger@ntp.
+* [Bug 948] Trustedkey config directive leaks memory. <perlinger%ntp.org@localhost>
+* Use strlcpy() to copy strings, not memcpy(). HStenn.
+* Typos. HStenn.
+* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
+* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
+* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger%ntp.org@localhost
+* Fix trivial warnings from 'make check'. perlinger%ntp.org@localhost
+* Fix bug in the override portion of the compiler hardening macro. HStenn.
+* record_raw_stats(): Log entire packet. Log writes. HStenn.
+* AES-128-CMAC support. BInglis, HStenn, JPerlinger.
+* sntp: tweak key file logging. HStenn.
+* sntp: pkt_output(): Improve debug output. HStenn.
+* update-leap: updates from Paul McMath.
+* When using pkg-config, report --modversion. HStenn.
+* Clean up libevent configure checks. HStenn.
+* sntp: show the IP of who sent us a crypto-NAK. HStenn.
+* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
+* authistrustedip() - use it in more places. HStenn, JPerlinger.
+* New sysstats: sys_lamport, sys_tsrounding. HStenn.
+* Update ntp.keys .../N documentation. HStenn.
+* Distribute testconf.yml. HStenn.
+* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
+* Rename the configuration flag fifo variables. HStenn.
+* Improve saveconfig output. HStenn.
+* Decode restrict flags on receive() debug output. HStenn.
+* Decode interface flags on receive() debug output. HStenn.
+* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
+* Update the documentation in ntp.conf.def . HStenn.
+* restrictions() must return restrict flags and ippeerlimit. HStenn.
+* Update ntpq peer documentation to describe the 'p' type. HStenn.
+* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
+* Provide dump_restricts() for debugging. HStenn.
+* Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
+* Some tests might need LIBM. HStenn.
+* update-leap: Allow -h/--help early. HStenn.
+
+---
+(4.2.8p10) 2017/03/21 Released by Harlan Stenn <stenn%ntp.org@localhost>
* [Sec 3389] NTP-01-016: Denial of Service via Malformed Config
(Pentest report 01.2017) <perlinger%ntp.org@localhost>
diff -r 6315386f24d2 -r d3080a0dda82 external/bsd/ntp/dist/Makefile.am
--- a/external/bsd/ntp/dist/Makefile.am Fri Apr 06 23:08:23 2018 +0000
+++ b/external/bsd/ntp/dist/Makefile.am Sat Apr 07 00:15:40 2018 +0000
@@ -5,10 +5,10 @@
# moved sntp first to get libtool and libevent built.
SUBDIRS = \
- sntp \
scripts \
include \
libntp \
+ sntp \
libparse \
ntpd \
ntpdate \
diff -r 6315386f24d2 -r d3080a0dda82 external/bsd/ntp/dist/Makefile.in
--- a/external/bsd/ntp/dist/Makefile.in Fri Apr 06 23:08:23 2018 +0000
+++ b/external/bsd/ntp/dist/Makefile.in Sat Apr 07 00:15:40 2018 +0000
@@ -99,6 +99,7 @@
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
+ $(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@@ -523,10 +524,10 @@
# moved sntp first to get libtool and libevent built.
SUBDIRS = \
- sntp \
scripts \
include \
libntp \
+ sntp \
libparse \
ntpd \
ntpdate \
diff -r 6315386f24d2 -r d3080a0dda82 external/bsd/ntp/dist/NEWS
--- a/external/bsd/ntp/dist/NEWS Fri Apr 06 23:08:23 2018 +0000
+++ b/external/bsd/ntp/dist/NEWS Sat Apr 07 00:15:40 2018 +0000
@@ -1,3 +1,330 @@
+--
+NTP 4.2.8p11 (Harlan Stenn <stenn%ntp.org@localhost>, 2018/02/27)
+
+NOTE: this NEWS file will be undergoing more revisions.
+
+Focus: Security, Bug fixes, enhancements.
+
+Severity: MEDIUM
+
+This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
+vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
+provides 65 other non-security fixes and improvements:
+
+* NTP Bug 3454: Unauthenticated packet can reset authenticated interleaved
+ association (LOW/MED)
+ Date Resolved: Stable (4.2.8p11) 27 Feb 2018
+ References: Sec 3454 / CVE-2018-7185 / VU#961909
+ Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
+ CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) This could score between
+ 2.9 and 6.8.
+ CVSS3: LOW 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L This could
+ score between 2.6 and 3.1
+ Summary:
+ The NTP Protocol allows for both non-authenticated and
+ authenticated associations, in client/server, symmetric (peer),
+ and several broadcast modes. In addition to the basic NTP
+ operational modes, symmetric mode and broadcast servers can
+ support an interleaved mode of operation. In ntp-4.2.8p4 a bug
+ was inadvertently introduced into the protocol engine that
+ allows a non-authenticated zero-origin (reset) packet to reset
+ an authenticated interleaved peer association. If an attacker
+ can send a packet with a zero-origin timestamp and the source
+ IP address of the "other side" of an interleaved association,
+ the 'victim' ntpd will reset its association. The attacker must
+ continue sending these packets in order to maintain the
+ disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
+ interleave mode could be entered dynamically. As of ntp-4.2.8p7,
+ interleaved mode must be explicitly configured/enabled.
+ Mitigation:
+ Implement BCP-38.
+ Upgrade to 4.2.8p11, or later, from the NTP Project Download Page
+ or the NTP Public Services Project Download Page.
+ If you are unable to upgrade to 4.2.8p11 or later and have
+ 'peer HOST xleave' lines in your ntp.conf file, remove the
+ 'xleave' option.
+ Have enough sources of time.
+ Properly monitor your ntpd instances.
+ If ntpd stops running, auto-restart it without -g .
+ Credit:
+ This weakness was discovered by Miroslav Lichvar of Red Hat.
+
+* NTP Bug 3453: Interleaved symmetric mode cannot recover from bad
+ state (LOW/MED)
+ Date Resolved: Stable (4.2.8p11) 27 Feb 2018
+ References: Sec 3453 / CVE-2018-7184 / VU#961909
+ Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
+ CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
+ Could score between 2.9 and 6.8.
+ CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
+ Could score between 2.6 and 6.0.
+ Summary:
+ The fix for NtpBug2952 was incomplete, and while it fixed one
+ problem it created another. Specifically, it drops bad packets
+ before updating the "received" timestamp. This means a
+ third-party can inject a packet with a zero-origin timestamp,
+ meaning the sender wants to reset the association, and the
+ transmit timestamp in this bogus packet will be saved as the
+ most recent "received" timestamp. The real remote peer does
+ not know this value and this will disrupt the association until
+ the association resets.
+ Mitigation:
+ Implement BCP-38.
+ Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
+ or the NTP Public Services Project Download Page.
+ Use authentication with 'peer' mode.
+ Have enough sources of time.
+ Properly monitor your ntpd instances.
+ If ntpd stops running, auto-restart it without -g .
+ Credit:
+ This weakness was discovered by Miroslav Lichvar of Red Hat.
+
+* NTP Bug 3415: Provide a way to prevent authenticated symmetric passive
+ peering (LOW)
+ Date Resolved: Stable (4.2.8p11) 27 Feb 2018
+ References: Sec 3415 / CVE-2018-7170 / VU#961909
+ Sec 3012 / CVE-2016-1549 / VU#718152
+ Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
+ 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11.
+ CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
+ CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
+ Summary:
+ ntpd can be vulnerable to Sybil attacks. If a system is set up to
+ use a trustedkey and if one is not using the feature introduced in
+ ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
+ specify which IPs can serve time, a malicious authenticated peer
+ -- i.e. one where the attacker knows the private symmetric key --
+ can create arbitrarily-many ephemeral associations in order to win
+ the clock selection of ntpd and modify a victim's clock. Three
+ additional protections are offered in ntp-4.2.8p11. One is the
+ new 'noepeer' directive, which disables symmetric passive
+ ephemeral peering. Another is the new 'ippeerlimit' directive,
+ which limits the number of peers that can be created from an IP.
+ The third extends the functionality of the 4th field in the
+ ntp.keys file to include specifying a subnet range.
+ Mitigation:
+ Implement BCP-38.
+ Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
+ or the NTP Public Services Project Download Page.
+ Use the 'noepeer' directive to prohibit symmetric passive
+ ephemeral associations.
+ Use the 'ippeerlimit' directive to limit the number of peers
+ that can be created from an IP.
+ Use the 4th argument in the ntp.keys file to limit the IPs and
+ subnets that can be time servers.
+ Have enough sources of time.
+ Properly monitor your ntpd instances.
+ If ntpd stops running, auto-restart it without -g .
+ Credit:
+ This weakness was reported as Bug 3012 by Matthew Van Gundy of
+ Cisco ASIG, and separately by Stefan Moser as Bug 3415.
+
+* ntpq Bug 3414: decodearr() can write beyond its 'buf' limits (Medium)
+ Date Resolved: 27 Feb 2018
+ References: Sec 3414 / CVE-2018-7183 / VU#961909
+ Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
+ CVSS2: MED 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
+ CVSS3: MED 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
+ Summary:
+ ntpq is a monitoring and control program for ntpd. decodearr()
+ is an internal function of ntpq that is used to -- wait for it --
+ decode an array in a response string when formatted data is being
+ displayed. This is a problem in affected versions of ntpq if a
+ maliciously-altered ntpd returns an array result that will trip this
+ bug, or if a bad actor is able to read an ntpq request on its way to
+ a remote ntpd server and forge and send a response before the remote
+ ntpd sends its response. It's potentially possible that the
+ malicious data could become injectable/executable code.
+ Mitigation:
+ Implement BCP-38.
+ Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
+ or the NTP Public Services Project Download Page.
+ Credit:
+ This weakness was discovered by Michael Macnair of Thales e-Security.
+
+* NTP Bug 3412: ctl_getitem(): buffer read overrun leads to undefined
Home |
Main Index |
Thread Index |
Old Index