From: Harlan Stenn Date: Mon, 18 May 2009 10:22:12 +0000 (-0400) Subject: Merge whimsy.udel.edu:/deacon/backroom/ntp-stable X-Git-Tag: NTP_4_2_5P177~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=291c0af4f6b839bc3da11218941780ffa6c55852;p=thirdparty%2Fntp.git Merge whimsy.udel.edu:/deacon/backroom/ntp-stable into whimsy.udel.edu:/deacon/backroom/ntp-dev-hart bk: 4a1136d4Mo-M65HpJv6g-bFnscAUiA --- 291c0af4f6b839bc3da11218941780ffa6c55852 diff --cc ChangeLog index a6f542a3d,3757c47f1..135b69ddf --- a/ChangeLog +++ b/ChangeLog @@@ -1,318 -1,8 +1,323 @@@ ++* Include (4.2.4p7) +* [Bug 1174] nmea_shutdown assumes that nmea has a unit assigned +* [Bug 1190] NMEA refclock fudge flag4 1 obscures position in timecode +* Update NMEA refclock documentation in html/drivers/driver20.html +(4.2.5p176) 2009/05/13 Released by Harlan Stenn +* [Bug 1154] mDNS registration should be done later, repeatedly and only + if asked for. (second try for fix) +(4.2.5p175) 2009/05/12 Released by Harlan Stenn +* Include (4.2.4p7-RC7) +* [Bug 1180] ntpd won't start with more than ~1000 interfaces +* [Bug 1182] Documentation typos and missing bits. +* [Bug 1183] COM port support should extend past COM3 +* [Bug 1184] ntpd is deaf when restricted to second IP on the same net +* Clean up configure.ac NTP_CACHEVERSION interface, display cache + version when clearing. Fixes a regression. +(4.2.5p174) 2009/05/09 Released by Harlan Stenn +* Stale leapsecond file fixes from Dave Mills. +(4.2.5p173) 2009/05/08 Released by Harlan Stenn +* Include (4.2.4p7-RC6) +(4.2.5p172) 2009/05/06 Released by Harlan Stenn +* [Bug 1175] Instability in PLL daemon mode. +* [Bug 1176] refclock_parse.c does not compile without PPSAPI. +(4.2.5p171) 2009/05/04 Released by Harlan Stenn +* Autokey documentation cleanup from Dave Mills. +* [Bug 1171] line editing libs found without headers (Solaris 11) +* [Bug 1173] NMEA refclock fails with Solaris PPSAPI +* Fix problem linking msntp on Solaris when sntp subdir is configured + before parent caused by different gethostent library search order. +* Do not clear config.cache when it is empty. +(4.2.5p170) 2009/05/02 Released by Harlan Stenn +* [Bug 1152] adjust PARSE to new refclock_pps logic +* Include (4.2.4p7-RC5) +* loopfilter FLL/PLL crossover cleanup from Dave Mills. +* Documentation updates from Dave Mills. +* ntp-keygen cleanup from Dave Mills. +* crypto API cleanup from Dave Mills. +* Add NTP_CACHEVERSION mechanism to ignore incompatible config.cache +* Enable gcc -Wstrict-overflow for gsoc_sntp as well +(4.2.5p169) 2009/04/30 Released by Harlan Stenn +* [Bug 1171] Note that we never look for -lreadline by default. +* [Bug 1090] Fix bogus leap seconds in refclock_hpgps. +(4.2.5p168) 2009/04/29 Released by Harlan Stenn +* Include (4.2.4p7-RC4) +* [Bug 1169] quiet compiler warnings +* Re-enable gcc -Wstrict-prototypes when not building with OpenSSL +* Enable gcc -Wstrict-overflow +* ntpq/ntpdc emit newline after accepting password on Windows +* Updates from Dave Mills: +* ntp-keygen.c: Updates. +* Fix the error return and syslog function ID in refclock_{param,ppsapi}. +* Make sure syspoll is within the peer's minpoll/maxpoll bounds. +* ntp_crypto.c: Use sign_siglen, not len. sign key filename cleanup. +* Bump NTP_MAXEXTEN from 1024 to 2048, update values for some field lengths. +* m4/ntp_lineeditlibs.m4: fix warnings from newer Autoconf +* [Bug 1166] Remove truncation of position (blanking) code in refclock_nmea.c +(4.2.5p167) 2009/04/26 Released by Harlan Stenn +* Crypto cleanup from Dave Mills. +(4.2.5p166) 2009/04/25 Released by Harlan Stenn +* [Bug 1165] Clean up small memory leaks in the config file parser +* Correct logconfig keyword declaration to MULTIPLE_ARG +* Enable filename and line number leak reporting on Windows when built + DEBUG for all the typical C runtime allocators such as calloc, + malloc, and strdup. Previously only emalloc calls were covered. +* Add DEBUG-only code to free dynamically allocated memory that would + otherwise remain allocated at ntpd exit, to allow less forgivable + leaks to stand out in leaks reported after exit. +* Ensure termination of strings in ports/winnt/libisc/isc_strerror.c + and quiet compiler warnings. +* [Bug 1057] ntpdc unconfig failure +* [Bug 1161] unpeer AKA unconfig command for ntpq :config +* PPS and crypto cleanup in ntp_proto.c from Dave Mills. +(4.2.5p165) 2009/04/23 Released by Harlan Stenn +* WWVB refclock cleanup from Dave Mills. +* Code cleanup: requested_key -> request_key. +* [Bug 833] ignore whitespace at end of remote configuration lines +* [Bug 1033] ntpdc/ntpq crash prompting for keyid on Windows +* [Bug 1028] Support for W32Time authentication via Samba. +* quiet ntp_parser.c malloc redeclaration warning +* Mitigation and PPS/PPSAPI cleanup from Dave Mills. +* Documentation updates from Dave Mills. +* timepps-Solaris.h patches from Dave Hart. +(4.2.5p164) 2009/04/22 Released by Harlan Stenn +* Include (4.2.4p7-RC3) +* PPS/PPSAPI cleanup from Dave Mills. +* Documentation updates from Dave Mills. +* [Bug 1125] C runtime per-thread initialization on Windows +* [Bug 1152] temporarily disable refclock_parse, refclock_true until + maintainers can repair build break from pps_sample() +* [Bug 1153] refclock_nmea should not mix UTC with GPS time +* [Bug 1159] ntpq overlap diagnostic message test buggy +(4.2.5p163) 2009/04/10 Released by Harlan Stenn +(4.2.5p162) 2009/04/09 Released by Harlan Stenn +* Documentation updates from Dave Mills. +* Mitigation and PPS cleanup from Dave Mills. +* Include (4.2.4p7-RC2) +* [Bug 216] New interpolation scheme for Windows eliminates 1ms jitter +* remove a bunch of #ifdef SYS_WINNT from portable code +* 64-bit time_t cleanup for building on newer Windows compilers +* Only set CMOS clock during ntpd exit on Windows if the computer is + shutting down or restarting. +* [Bug 1148] NMEA reference clock improvements +* remove deleted gsoc_sntp/utilities.o from repository so that .o build + products can be cleaned up without corrupting the repository. +(4.2.5p161) 2009/03/31 Released by Harlan Stenn +* Documentation updates from Dave Mills. +(4.2.5p160) 2009/03/30 Released by Harlan Stenn +* [Bug 1141] refclock_report missing braces cause spurious "peer event: + clock clk_unspec" log entries +* Include (4.2.4p7-RC1) +(4.2.5p159) 2009/03/28 Released by Harlan Stenn +* "bias" changes from Dave Mills. +(4.2.5p158) 2009/01/30 Released by Harlan Stenn +* Fix [CID 72], a typo introduced at the latest fix to prettydate.c. +(4.2.5p157) 2009/01/26 Released by Harlan Stenn +* Cleanup/fixes for ntp_proto.c and ntp_crypto.c from Dave Mills. +(4.2.5p156) 2009/01/19 Released by Harlan Stenn +* [Bug 1118] Fixed sign extension for 32 bit time_t in caljulian() and prettydate(). + Fixed some compiler warnings about missing prototypes. + Fixed some other simple compiler warnings. +* [Bug 1119] [CID 52] Avoid a possible null-dereference in ntp_crypto.c. +* [Bug 1120] [CID 51] INSIST that peer is non-null before we dereference it. +* [Bug 1121] [CID 47] double fclose() in ntp-keygen.c. +(4.2.5p155) 2009/01/18 Released by Harlan Stenn +* Documentation updates from Dave Mills. +* CHU frequency updates. +* Design assertion fixes for ntp_crypto.c from Dave Mills. +(4.2.5p154) 2009/01/13 Released by Harlan Stenn +* [Bug 992] support interface event change on Linux from + Miroslav Lichvar. +(4.2.5p153) 2009/01/09 Released by Harlan Stenn +* Renamed gsoc_sntp/:fetch-stubs to gsoc_sntp/fetch-stubs to avoid + file name problems under Windows. + Removed German umlaut from log msg for 4.2.5p142. +(4.2.5p152) 2009/01/08 Released by Harlan Stenn +* Include (4.2.4p6) 2009/01/08 Released by Harlan Stenn +(4.2.5p151) 2008/12/23 Released by Harlan Stenn +* Stats file logging cleanup from Dave Mills. +(4.2.5p150) 2008/12/15 Released by Harlan Stenn +* [Bug 1099] Fixed wrong behaviour in sntp's crypto.c. +* [Bug 1103] Fix 64-bit issues in the new calendar code. +(4.2.5p149) 2008/12/05 Released by Harlan Stenn +* Fixed mismatches in data types and OID definitions in ntpSnmpSubAgent.c +* added a premliminary MIB file to ntpsnmpd (ntpv4-mib.mib) +(4.2.5p148) 2008/12/04 Released by Harlan Stenn +* [Bug 1070] Fix use of ntpq_parsestring() in ntpsnmpd. +(4.2.5p147) 2008/11/27 Released by Harlan Stenn +* Update gsoc_sntp's GCC warning code. +(4.2.5p146) 2008/11/26 Released by Harlan Stenn +* Update Solaris CFLAGS for gsoc_sntp. +(4.2.5p145) 2008/11/20 Released by Harlan Stenn +* Deal with time.h for sntp under linux. +* Provide rpl_malloc() for sntp for systems that need it. +* Handle ss_len and socklen type for sntp. +* Fixes to the sntp configure.ac script. +* Provide INET6_ADDRSTRLEN if it is missing. +* [Bug 1095] overflow in caljulian.c. +(4.2.5p144) 2008/11/19 Released by Harlan Stenn +* Use int32, not int32_t. +* Avoid the sched*() functions under OSF - link problems. +(4.2.5p143) 2008/11/17 Released by Harlan Stenn +* sntp cleanup and fixes. +(4.2.5p142) 2008/11/16 Released by Harlan Stenn +* Imported GSoC SNTP code from Johannes Maximilian Kuehn. +(4.2.5p141) 2008/11/13 Released by Harlan Stenn +* New caltontp.c and calyearstart.c from Juergen Perlinger. +(4.2.5p140) 2008/11/12 Released by Harlan Stenn +* Cleanup lint from the ntp_scanner files. +* [Bug 1011] gmtime() returns NULL on windows where it would not under Unix. +* Updated caljulian.c and prettydate.c from Juergen Perlinger. +(4.2.5p139) 2008/11/11 Released by Harlan Stenn +* Typo fix to driver20.html. +(4.2.5p138) 2008/11/10 Released by Harlan Stenn +* [Bug 474] --disable-ipv6 is broken. +* IPv6 interfaces were being looked for twice. +* SHM driver grabs more samples, add clockstats +* decode.html and driver20.html updates from Dave Mills. +(4.2.5p137) 2008/11/01 Released by Harlan Stenn +* [Bug 1069] #undef netsnmp's PACKAGE_* macros. +* [Bug 1068] Older versions of netsnmp do not have netsnmp_daemonize(). +(4.2.5p136) 2008/10/27 Released by Harlan Stenn +* [Bug 1078] statsdir configuration parsing is broken. +(4.2.5p135) 2008/09/23 Released by Harlan Stenn +* [Bug 1072] clock_update should not allow updates older than sys_epoch. +(4.2.5p134) 2008/09/17 Released by Harlan Stenn +* Clean up build process for ntpsnmpd. +(4.2.5p133) 2008/09/16 Released by Harlan Stenn +* Add options processing to ntpsnmpd. +* [Bug 1062] Check net-snmp headers before deciding to build ntpsnmpd. +* Clean up the libntpq.a build. +* Regenerate ntp_parser.[ch] from ntp_parser.y +(4.2.5p132) 2008/09/15 Released by Harlan Stenn +* [Bug 1067] Multicast DNS service registration must come after the fork + on Solaris. +* [Bug 1066] Error messages should log as errors. +(4.2.5p131) 2008/09/14 Released by Harlan Stenn +* [Bug 1065] Re-enable support for the timingstats file. +(4.2.5p130) 2008/09/13 Released by Harlan Stenn +* [Bug 1064] Implement --with-net-snmp-config=progname +* [Bug 1063] ntpSnmpSubagentObject.h is missing from the distribution. +(4.2.5p129) 2008/09/11 Released by Harlan Stenn +* Quiet some libntpq-related warnings. +(4.2.5p128) 2008/09/08 Released by Harlan Stenn +* Import Heiko Gerstung's GSoC2008 NTP MIB daemon. +(4.2.5p127) 2008/09/01 Released by Harlan Stenn +* Regenerate ntpd/ntp_parser.c +(4.2.5p126) 2008/08/31 Released by Harlan Stenn +* Stop libtool-1.5 from looking for C++ or Fortran. +* [BUG 610] Documentation update for NMEA reference clock driver. +* [Bug 828] Fix IPv4/IPv6 address parsing. +* Changes from Dave Mills: + Documentation updates. + Fix a corner case where a frequency update was reported but not set. + When LEAP_NOTINSYNC->LEAP_NOWARNING, call crypto_update() if we have + crypto_flags. +(4.2.5p125) 2008/08/18 Released by Harlan Stenn +* [Bug 1052] Add linuxPPS support to ONCORE driver. +(4.2.5p124) 2008/08/17 Released by Harlan Stenn +* Documentation updates from Dave Mills. +* Include (4.2.4p5) 2008/08/17 Released by Harlan Stenn +* [Bug 861] leap info was not being transmitted. +* [Bug 1046] refnumtoa.c is using the wrong header file. +* [Bug 1047] enable/disable options processing fix. +* header file cleanup. +* [Bug 1037] buffer in subroutine was 1 byte short. +* configure.ac: cleanup, add option for wintime, and lay the groundwork + for the changes needed for bug 1028. +* Fixes from Dave Mills: 'bias' and 'interleave' work. Separate + phase and frequency discipline (for long poll intervals). Update + TAI function to match current leapsecond processing. +* Documentation updates from Dave Mills. +* [Bug 1037] Use all 16 of the MD5 passwords generated by ntp-keygen. +* Fixed the incorrect edge parameter being passed to time_pps_kcbind in + NMEA refclock driver. +* [Bug 399] NMEA refclock driver does not honor time1 offset if flag3 set. +* [Bug 985] Modifications to NMEA reference clock driver to support Accord + GPS Clock. +* poll time updates from Dave Mills. +* local refclock documentation updates from Dave Mills. +* [Bug 1022] Fix compilation problems with yesterday's commit. +* Updates and cleanup from Dave Mills: + I've now spent eleven months of a sabbatical year - 7 days a week, 6-10 + hours most days - working on NTP. I have carefully reviewed every major + algorithm, examined its original design and evolution from that design. + I've trimmed off dead code and briar patches and did zillions of tests + contrived to expose evil vulnerabilities. The development article is in + rather good shape and should be ready for prime time. + + 1. The protostats statistics files have been very useful in exposing + little twitches and turns when something hiccups, like a broken PPS + signal. Most of what used to be syslog messages are now repackaged as + protostats messages with optional syslog as well. These can also be sent + as traps which might be handy to tiggle a beeper or celltext. These, the + sysstats files and cryptostats files reveal the ambient health of a busy + server, monitor traffic and error counts and spot crypto attacks. + + 2. Close inspection of the clock discipline behavior at long poll + intervals (36 h) showed it not doing as well as it should. I redesigned + the FLL loop to improve nominal accuracy from several tens of + milliseconds to something less than ten milliseconds. + + 3. Autokey (again). The enhanced error checking was becoming a major + pain. I found a way to toss out gobs of ugly fat code and replace the + function with a much simpler and more comprehensive scheme. It resists + bait-and-switch attacks and quickly detect cases when the protocol is + not correctly synchronized. + + 4. The interface code for the kernel PPS signal was not in sync with the + kernel code itself. Some error checks were duplicated and some + ineffective. I found none of the PPS-capable drivers, including the atom + driver, do anything when the prefer peer fails; the kernel PPS signal + remains in control. The atom driver now disables the kernel PPS when the + prefer peer comes bum. This is important when the prefer peer is not a + reference clock but a remote NTP server. + + 5. The flake restrict bit turned out to be really interesting, + especially with symmtric modes and of those especially those using + Autokey. Small changes in the recovery procedures when packets are lost + now avoid almost all scenarios which previously required protocol resets. + + 6. I've always been a little uncomfortable when using the clock filter + with long poll intervals because the samples become less and less + correlated as the sample age exceeds the Allan intercept. Various + schemes have been used over the years to cope with this fact. The latest + one and the one that works the best is to use a modified sort metric + where the delay is used when the age of the sample is less than the + intercept and the sum of delay and dispersion above that. The net result + is that, at small poll intervals the algorithm operates as a minimum + filter, while at larger poll intervals it morphs to FIFO. Left + unmodified, a sample could be used when twelve days old. This along with + the FLL modifications has made a dramatic improvement at large poll + intervals. + +- [Backward Incompatible] The 'state' variable is no longer reported or + available via ntpq output. The following system status bit names + have been changed: + - sync_alarm -> leap_alarm + - sync_atomic -> sync_pps + - sync_lf_clock -> sync_lf_radio + - sync_hf_clock -> sync_hf_radio + - sync_uhf_clock -> sync_uhf_radio + - sync_local_proto -> sync_local + - sync_udp/time -> sync_other + Other names have been changed as well. See the change history for + libntp/statestr.c for more details. + Other backward-incompatible changes in ntpq include: + - assID -> associd + - rootdispersion -> rootdisp + - pkt_head -> pkt_neader + See the change history for other details. + +* Updates and cleanup from Dave Mills. +* [Bug 995] Remove spurious ; from ntp-keygen.c. +* More cleanup and changes from Dave Mills. +* [Bug 980] Direct help to stdout. ++ --- + (4.2.4p7) 2009/05/18 Released by Harlan Stenn + * [Sec 1151] Remote exploit if autokey is enabled - CVE-2009-1252. + * [Bug 1187] Update the copyright date. * [Bug 1191] ntpd fails on Win2000 - "Address already in use" after fix for [Sec 1149]. diff --cc NEWS index d714061fa,bbd4939ba..aed5d7e4e --- a/NEWS +++ b/NEWS @@@ -1,10 -1,40 +1,48 @@@ +ntpd now syncs to refclocks right away. + +Backward-Incomatible changes: + +ntpd no longer accepts '-v name' or '-V name' to define internal variables. +Use '--var name' or '--dvar name' instead. (Bug 817) + ++--- + NTP 4.2.4p7 (Harlan Stenn , 2009/05/04) + + Focus: Security and Bug Fixes + + Severity: HIGH + + This release fixes the following high-severity vulnerability: + + * [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252 + + See http://support.ntp.org/security for more information. + + If autokey is enabled (if ntp.conf contains a "crypto pw whatever" + line) then a carefully crafted packet sent to the machine will cause + a buffer overflow and possible execution of injected code, running + with the privileges of the ntpd process (often root). + + Credit for finding this vulnerability goes to Chris Ries of CMU. + + This release fixes the following low-severity vulnerabilities: + + * [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 + Credit for finding this vulnerability goes to Geoff Keating of Apple. + + * [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows + Credit for finding this issue goes to Dave Hart. + + This release fixes a number of bugs and adds some improvements: + + * Improved logging + * Fix many compiler warnings + * Many fixes and improvements for Windows + * Adds support for AIX 6.1 + * Resolves some issues under MacOS X and Solaris + + THIS IS A STRONGLY RECOMMENDED UPGRADE. + --- NTP 4.2.4p6 (Harlan Stenn , 2009/01/07)