From: Harlan Stenn Date: Mon, 18 Apr 2016 05:22:19 +0000 (+0000) Subject: Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p7 X-Git-Tag: NTP_4_2_8P7~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09ea6f69e4798d67ac4cbd0cd7956362563384bc;p=thirdparty%2Fntp.git Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p7 into psp-deb1.ntp.org:/home/stenn/ntp-stable-2831 bk: 57146f0bGHkzysYHj9kNhDCmkJL1BA --- 09ea6f69e4798d67ac4cbd0cd7956362563384bc diff --cc ChangeLog index ee25d22c3,6b2918084..259ebd380 --- a/ChangeLog +++ b/ChangeLog @@@ -1,59 -1,9 +1,61 @@@ --- +* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. +* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve + time. Include passive servers in this check. HStenn. +* [Sec 2945] Additional KoD packet checks. HStenn. +* [Sec 2978] Interleave can be partially triggered. HStenn. +* [Sec 3008] Always check the return value of ctl_getitem(). + - initial work by HStenn + - Additional cleanup of ctl_getitem by perlinger@ntp.org +* [Sec 3020] Refclock impersonation. HStenn. + * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org + - fixed yet another race condition in the threaded resolver code. +* [Bug 2858] bool support. Use stdbool.h when available. HStenn. +* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org + - integrated patches by Loganaden Velvidron + with some modifications & unit tests +* [Bug 2952] Symmetric active/passive mode is broken. HStenn. +* [Bug 2960] async name resolution fixes for chroot() environments. + Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows +* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org +* [Bug 3007] Validate crypto-NAKs +* [Bug 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org + - added more stringent checks on packet content +* [Bug 3010] remote configuration trustedkey/requestkey values + are not properly validated. perlinger@ntp.org + - sidekick: Ignore keys that have an unsupported MAC algorithm + but are otherwise well-formed +* [Bug 3011] Duplicate IPs on unconfig directives will cause an assertion botch + - graciously accept the same IP multiple times. perlinger@ntp.org +* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org + - Patch provided by Ch. Weisgerber +* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" + - A change related to [Bug 2853] forbids trailing white space in + remote config commands. perlinger@ntp.org +* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE + - report and patch from Aleksandr Kostikov. + - Overhaul of Windows IO completion port handling. perlinger@ntp.org +* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org + - fixed memory leak in access list (auth[read]keys.c) + - refactored handling of key access lists (auth[read]keys.c) + - reduced number of error branches (authreadkeys.c) +* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org +* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. +* [Bug 3031] ntp broadcastclient unable to synchronize to an server + when the time of server changed. perlinger@ntp.org + - Check the initial delay calculation and reject/unpeer the broadcast + server if the delay exceeds 50ms. Retry again after the next + broadcast packet. +* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. +* Update html/xleave.html documentation. Harlan Stenn. +* Update ntp.conf documentation. Harlan Stenn. +* Fix some Credit: attributions in the NEWS file. Harlan Stenn. +* Fix typo in html/monopt.html. Harlan Stenn. +* Add README.pullrequests. Harlan Stenn. +* Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn