diff options
author | bsiegert <bsiegert> | 2016-05-13 12:33:51 +0000 |
---|---|---|
committer | bsiegert <bsiegert> | 2016-05-13 12:33:51 +0000 |
commit | 8bebd1821d2a697fb1391ba09c0301972b2c5e54 (patch) | |
tree | b65104b52bf2355ddd2f98309491a84358849ff5 /net | |
parent | 60fee7aeb3947275ea15d64d4fdcf1dfd3141eb4 (diff) | |
download | pkgsrc-8bebd1821d2a697fb1391ba09c0301972b2c5e54.tar.gz |
Pullup ticket #5010 - requested by taca
net/ntp4: security fix
Revisions pulled up:
- net/ntp4/Makefile 1.92
- net/ntp4/PLIST 1.21
- net/ntp4/distinfo 1.26
---
Module Name: pkgsrc
Committed By: wen
Date: Wed Apr 27 15:59:19 UTC 2016
Modified Files:
pkgsrc/net/ntp4: Makefile PLIST distinfo
Log Message:
Update to 4.2.8p7
Upstream changes:
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.
---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
Diffstat (limited to 'net')
-rw-r--r-- | net/ntp4/Makefile | 5 | ||||
-rw-r--r-- | net/ntp4/PLIST | 3 | ||||
-rw-r--r-- | net/ntp4/distinfo | 10 |
3 files changed, 9 insertions, 9 deletions
diff --git a/net/ntp4/Makefile b/net/ntp4/Makefile index 8dfc105bcb9..54415dc93cb 100644 --- a/net/ntp4/Makefile +++ b/net/ntp4/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.91 2016/03/05 11:29:09 jperkin Exp $ +# $NetBSD: Makefile,v 1.91.2.1 2016/05/13 12:33:51 bsiegert Exp $ # -DISTNAME= ntp-4.2.8p5 +DISTNAME= ntp-4.2.8p7 PKGNAME= ${DISTNAME:S/-dev-/-/} -PKGREVISION= 1 CATEGORIES= net time MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ diff --git a/net/ntp4/PLIST b/net/ntp4/PLIST index e8d8ea04261..c644ade133b 100644 --- a/net/ntp4/PLIST +++ b/net/ntp4/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.20 2015/10/23 03:43:31 taca Exp $ +@comment $NetBSD: PLIST,v 1.20.4.1 2016/05/13 12:33:51 bsiegert Exp $ bin/sntp man/man1/sntp.1 man/man5/ntp.conf.5 @@ -29,6 +29,7 @@ share/doc/ntp/README.bk share/doc/ntp/README.hackers share/doc/ntp/README.leapsmear share/doc/ntp/README.patches +share/doc/ntp/README.pullrequests share/doc/ntp/README.refclocks share/doc/ntp/README.versions share/doc/ntp/TODO diff --git a/net/ntp4/distinfo b/net/ntp4/distinfo index b4379161875..7aefbd87811 100644 --- a/net/ntp4/distinfo +++ b/net/ntp4/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.25 2016/01/09 15:49:26 taca Exp $ +$NetBSD: distinfo,v 1.25.2.1 2016/05/13 12:33:51 bsiegert Exp $ -SHA1 (ntp-4.2.8p5.tar.gz) = 95152c9bca8b5229a4db05943f181365bf738ab2 -RMD160 (ntp-4.2.8p5.tar.gz) = a5991d126722fb80bac6a0552feb14403b8d0a0d -SHA512 (ntp-4.2.8p5.tar.gz) = 8df3e51027f6bfc5e77b81317b67e75263cb429dc532d21bb5924852f77ea39314a06b94944804991185f93155063cee7c1f28024698ec893c353a4d5561750e -Size (ntp-4.2.8p5.tar.gz) = 7138233 bytes +SHA1 (ntp-4.2.8p7.tar.gz) = a1f6300132cf1fc6884990353aca7340daf0be0d +RMD160 (ntp-4.2.8p7.tar.gz) = d138a8a36cb0e20ae5a9cda2e0e9771fae4e1380 +SHA512 (ntp-4.2.8p7.tar.gz) = 7b80192f0e3c4a05cc05f167ab85593acca685d514dcd46fb8f42b4cd2a5525e76ba5e15fd7ff13220e4155de6aab5661554e0ded60bfb1d27a969c589958f55 +Size (ntp-4.2.8p7.tar.gz) = 7175313 bytes SHA1 (patch-include-ntp__syscall.h) = b247569339d09a88f2e143e355033ce7635ffe92 SHA1 (patch-sntp_loc_pkgsrc) = 6e46ffc0cc2afcfdc1d01297cbe04cb80d103575 |