./net/ntp4, Network Time Protocol Version 4

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 4.2.8p9, Package name: ntp-4.2.8p9, Maintainer: pkgsrc-users

This release of the NTP Version 4 (NTPv4) daemon for Unix incorporates
new features and refinements to the NTP Version 3 (NTPv3) algorithms.
However, it continues the tradition of retaining backwards compatibility
with older versions.

Required to run:

Required to build:

Package options: inet6

Master sites:

SHA1: 032e58e7e416ffa1cbdcbb81021785fce4ed4d4b
RMD160: 73dcdf8c1c13d26b3eda18123cc95014d8b13ce3
Filesize: 7062.387 KB

Version history: (Expand)

CVS history: (Expand)

   2016-12-05 16:49:59 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update ntp4 to 4.2.8p9.

Here is quote from NEWS file and please refer it in detail.

NTP 4.2.8p9 (Harlan Stenn <stenn@ntp.org>, 2016/11/21)

Focus: Security, Bug fixes, enhancements.

Severity: HIGH

In addition to bug fixes and enhancements, this release fixes the
following 1 high- (Windows only), 2 medium-, 2 medium-/low, and
5 low-severity vulnerabilities, and provides 28 other non-security
fixes and improvements:
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-06-03 11:45:09 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
Update ntp4 package to 4.2.8p8, security fix.

(4.2.8p8) 2016/06/02 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3042] Broadcast Interleave.  HStenn.
* [Sec 3043] Autokey association reset.  perlinger@ntp.org, stenn@ntp.org
  - validate origin timestamps on bad MACs, too.  stenn@ntp.org
* [Sec 3044] Spoofed server packets are partially processed.  HStenn.
* [Sec 3045] Bad authentication demobilizes ephemeral associations. JPerlinger.
* [Sec 3046] CRYPTO_NAK crash.  stenn@ntp.org
* [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org
  - provide build environment
  - 'wint_t' and 'struct timespec' defined by VS2015
  - fixed print()/scanf() format issues
* [Bug 3052] Add a .gitignore file.  Edmund Wong.
* [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite.
* [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
  JPerlinger, HStenn.
* Update the NEWS file for 4.2.8p8.  HStenn.
* Fix typo in ntp-wait and plot_summary.  HStenn.
* Make sure we have an "author" file for git imports.  HStenn.
* Update the sntp problem tests for MacOS.  HStenn.
   2016-05-14 10:13:49 by Benny Siegert | Files touched by this commit (2)
Log message:
Do SNMP support properly, as a package option, default disabled.
   2016-05-13 17:50:13 by Benny Siegert | Files touched by this commit (2)
Log message:
Fix package installation for Darwin, which installs tickadj and ntpsnmpd.

Not sure what the snmp thing is about; is it picking up a dependency from
the base system? Why does no other OS build it?
   2016-04-27 17:59:19 by Wen Heping | Files touched by this commit (3) | Package updated
Log message:
Update to 4.2.8p7

Upstream changes:
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
  time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks.  HStenn.
* [Sec 2978] Interleave can be partially triggered.  HStenn.
* [Sec 3007] Validate crypto-NAKs.  Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
  - initial work by HStenn
  - Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
   - added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
  are not properly validated. perlinger@ntp.org
  - sidekick: Ignore keys that have an unsupported MAC algorithm
    but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
  - graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation.  HStenn.
* [Bug 2831]  Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
  - fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support.  Use stdbool.h when available.  HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
  - integrated patches by Loganaden Velvidron <logan@ntp.org>
    with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken.  HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
  Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
  - Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable \ 
  - A change related to [Bug 2853] forbids trailing white space in
    remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
  - report and patch from Aleksandr Kostikov.
  - Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
  - fixed memory leak in access list (auth[read]keys.c)
  - refactored handling of key access lists (auth[read]keys.c)
  - reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format.  HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
             when the time of server changed. perlinger@ntp.org
  - Check the initial delay calculation and reject/unpeer the broadcast
    server if the delay exceeds 50ms. Retry again after the next
    broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip().  Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html.  Harlan Stenn.
* Update html/xleave.html documentation.  Harlan Stenn.
* Update ntp.conf documentation.  Harlan Stenn.
* Fix some Credit: attributions in the NEWS file.  Harlan Stenn.
* Fix typo in html/monopt.html.  Harlan Stenn.
* Add README.pullrequests.  Harlan Stenn.
* Cleanup to include/ntp.h.  Harlan Stenn.

(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
  in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference.  perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
  list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode.  HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
  - applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
             IPv6 is disabled in the build. perlinger@ntp.org
  - Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
  - added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
  - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
  - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
  - integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
  - implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose.  Harlan Stenn.
* Disable incomplete t-ntp_signd.c test.  Harlan Stenn.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-01-09 16:49:27 by Takahiro Kambe | Files touched by this commit (3) | Package updated
Log message:
Update ntp4 to 4.2.8p5.

NTP 4.2.8p5

Focus: Security, Bug fixes, enhancements.

Severity: MEDIUM

In addition to bug fixes and enhancements, this release fixes the
following medium-severity vulnerability:

* Small-step/big-step.  Close the panic gate earlier.
    References: Sec 2956, CVE-2015-5300
    Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
	4.3.0 up to, but not including 4.3.78
    CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM
    Summary: If ntpd is always started with the -g option, which is
	common and against long-standing recommendation, and if at the
	moment ntpd is restarted an attacker can immediately respond to
	enough requests from enough sources trusted by the target, which
	is difficult and not common, there is a window of opportunity
	where the attacker can cause ntpd to set the time to an
	arbitrary value. Similarly, if an attacker is able to respond
	to enough requests from enough sources trusted by the target,
	the attacker can cause ntpd to abort and restart, at which
	point it can tell the target to set the time to an arbitrary
	value if and only if ntpd was re-started against long-standing
	recommendation with the -g flag, or if ntpd was not given the
	-g flag, the attacker can move the target system's time by at
	most 900 seconds' time per attack.
	Configure ntpd to get time from multiple sources.
	Upgrade to 4.2.8p5, or later, from the NTP Project Download
	    Page or the NTP Public Services Project Download Page
	As we've long documented, only use the -g option to ntpd in
	    cold-start situations.
	Monitor your ntpd instances.
    Credit: This weakness was discovered by Aanchal Malhotra,
	Isaac E. Cohen, and Sharon Goldberg at Boston University.

    NOTE WELL: The -g flag disables the limit check on the panic_gate
	in ntpd, which is 900 seconds by default. The bug identified by
	the researchers at Boston University is that the panic_gate
	check was only re-enabled after the first change to the system
	clock that was greater than 128 milliseconds, by default. The
	correct behavior is that the panic_gate check should be
	re-enabled after any initial time correction.

	If an attacker is able to inject consistent but erroneous time
	responses to your systems via the network or "over the air",
	perhaps by spoofing radio, cellphone, or navigation satellite
	transmissions, they are in a great position to affect your
	system's clock. There comes a point where your very best
	defenses include:

	    Configure ntpd to get time from multiple sources.
	    Monitor your ntpd instances.

Other fixes:

* Coverity submission process updated from Coverity 5 to Coverity 7.
  The NTP codebase has been undergoing regular Coverity scans on an
  ongoing basis since 2006.  As part of our recent upgrade from
  Coverity 5 to Coverity 7, Coverity identified 16 nits in some of
  the newly-written Unity test programs.  These were fixed.
* [Bug 2829] Clean up pipe_fds in ntpd.c  perlinger@ntp.org
* [Bug 2887] stratum -1 config results as showing value 99
  - fudge stratum should only accept values [0..16]. perlinger@ntp.org
* [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
* [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
  - applied patch by Christos Zoulas.  perlinger@ntp.org
* [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
* [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes.
  - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
  - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
  - accept key file only if there are no parsing errors
  - fixed size_t/u_int format clash
  - fixed wrong use of 'strlcpy'
* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
  - fixed several other warnings (cast-alignment, missing const, missing prototypes)
  - promote use of 'size_t' for values that express a size
  - use ptr-to-const for read-only arguments
  - make sure SOCKET values are not truncated (win32-specific)
  - format string fixes
* [Bug 2965] Local clock didn't work since 4.2.8p4.  Martin Burnicki.
* [Bug 2967] ntpdate command suffers an assertion failure
  - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
* [Bug 2969]  Seg fault from ntpq/mrulist when looking at server with
              lots of clients. perlinger@ntp.org
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
  - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
* Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
* Unity test cleanup.  Harlan Stenn.
* Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
* Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
* Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
* Quiet a warning from clang.  Harlan Stenn.