./net/ntp4, Network Time Protocol Version 4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 4.2.8p13, Package name: ntp-4.2.8p13, Maintainer: pkgsrc-users

This release of the NTP Version 4 (NTPv4) daemon for Unix incorporates
new features and refinements to the NTP Version 3 (NTPv3) algorithms.
However, it continues the tradition of retaining backwards compatibility
with older versions.


Required to run:
[lang/perl5]

Required to build:
[pkgtools/cwrappers]

Package options: inet6

Master sites:

SHA1: cff200a987d64e891fb349a22313ecb0feaea090
RMD160: 5d85e2a01bafa0bb755ab49e462f6dd7f96ce3d0
Filesize: 6786.487 KB

Version history: (Expand)


CVS history: (Expand)


   2019-03-25 18:19:59 by Tobias Nygren | Files touched by this commit (2) | Package updated
Log message:
ntp4: update to ntp-4.2.8p13

NTP 4.2.8p13 2019-03-07
This release fixes a bug that allows an attacker with access to an
explicitly trusted source to send a crafted malicious mode 6 (ntpq)
packet that can trigger a NULL pointer dereference, crashing ntpd.
It also provides 17 other bugfixes and 1 other improvement.

NTP 4.2.8p12 2018-04-09
This release fixes a "hole" in the noepeer capability introduced to ntpd
in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
ntpq and ntpdc.  It also provides 26 other bugfixes, and 4 other improvements.

NTP 4.2.8p11 2018-02-27
This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
provides 65 other non-security fixes and improvements.
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2017-03-24 04:41:08 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update ntp4 to 4.2.8p10 including security fixes.

NTF's NTP Project is releasing ntp-4.2.8p10, which addresses:

* 6 MEDIUM severity vulnerabilities (1 is about the Windows PPSAPI DLL)
* 5 LOW severity vulnerabilities (2 are in the Windows Installer)
* 4 Informational-level vulnerabilities
* 15 other non-security fixes and improvements

All of the security issues in this release are listed in VU#633849.

ntp-4.2.8p10 was released on 21 March 2017.

* Sec 3389 / CVE-2017-6464 / VU#325339: NTP-01-016 NTP: Denial of Service via
  Malformed Config (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3388 / CVE-2017-6462 / VU#325339: NTP-01-014 NTP: Buffer Overflow in
  DPTS Clock (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3387 / CVE-2017-6463 / VU#325339: NTP-01-012 NTP: Authenticated DoS via
  Malicious Config Option (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value
  (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Pentest
  report 01.2017)
  - Reported by Cure53.

* Sec 3384 / CVE-2017-6455 / VU#325339: NTP-01-009 NTP: Windows: Privileged
  execution of User Library code (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3383 / CVE-2017-6452 / VU#325339: NTP-01-008 NTP: Windows Installer:
  Stack Buffer Overflow from Command Line (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3382 / CVE-2017-6459 / VU#325339: NTP-01-007 NTP: Windows Installer:
  Data Structure terminated insufficiently (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code (Pentest report
  01.2017)
  - Reported by Cure53.

* Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Pentest report
  01.2017)
  - Reported by Cure53.

* Sec 3379 / CVE-2017-6458 / VU#325339: NTP-01-004 NTP: Potential Overflows in
  ctl_put() functions (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3378 / CVE-2017-6451 / VU#325339: NTP-01-003 Improper use of snprintf()
  in mx4200_send() (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3377 / CVE-2017-6460 / VU#325339: NTP-01-002 Buffer Overflow in ntpq
  when fetching reslist (Pentest report 01.2017)
  - Reported by Cure53.

* Sec 3376: NTP-01-001 Makefile does not enforce Security Flags (Pentest
  report 01.2017)
  - Reported by Cure53.

* Sec 3361 / CVE-2016-9042 / VU#325339: 0rigin
  - Reported by Matthew Van Gundy of Cisco ASIG.
   2016-12-05 16:49:59 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update ntp4 to 4.2.8p9.

Here is quote from NEWS file and please refer it in detail.

---
NTP 4.2.8p9 (Harlan Stenn <stenn@ntp.org>, 2016/11/21)

Focus: Security, Bug fixes, enhancements.

Severity: HIGH

In addition to bug fixes and enhancements, this release fixes the
following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
5 low-severity vulnerabilities, and provides 28 other non-security
fixes and improvements:
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-06-03 11:45:09 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update ntp4 package to 4.2.8p8, security fix.

(4.2.8p8) 2016/06/02 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3042] Broadcast Interleave.  HStenn.
* [Sec 3043] Autokey association reset.  perlinger@ntp.org, stenn@ntp.org
  - validate origin timestamps on bad MACs, too.  stenn@ntp.org
* [Sec 3044] Spoofed server packets are partially processed.  HStenn.
* [Sec 3045] Bad authentication demobilizes ephemeral associations. JPerlinger.
* [Sec 3046] CRYPTO_NAK crash.  stenn@ntp.org
* [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org
  - provide build environment
  - 'wint_t' and 'struct timespec' defined by VS2015
  - fixed print()/scanf() format issues
* [Bug 3052] Add a .gitignore file.  Edmund Wong.
* [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite.
* [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
  JPerlinger, HStenn.
* Update the NEWS file for 4.2.8p8.  HStenn.
* Fix typo in ntp-wait and plot_summary.  HStenn.
* Make sure we have an "author" file for git imports.  HStenn.
* Update the sntp problem tests for MacOS.  HStenn.
   2016-05-14 10:13:49 by Benny Siegert | Files touched by this commit (2)
Log message:
Do SNMP support properly, as a package option, default disabled.
   2016-05-13 17:50:13 by Benny Siegert | Files touched by this commit (2)
Log message:
Fix package installation for Darwin, which installs tickadj and ntpsnmpd.

Not sure what the snmp thing is about; is it picking up a dependency from
the base system? Why does no other OS build it?