From: Harlan Stenn <stenn@ntp.org>
Date: Thu, 8 Jan 2009 07:57:52 +0000 (-0500)
Subject: 4.2.4p6
X-Git-Tag: NTP_4_2_4P5~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7d37be1e84245504a3b2f656f21dd10fed12cbed;p=thirdparty%2Fntp.git

4.2.4p6

bk: 4965b200PrappPrv1gJ0-jFmg3wsdA
---

diff --git a/ChangeLog b/ChangeLog
index 6992b8268..0de7a249e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+---
+(4.2.4p6) 2009/01/07 Released by Harlan Stenn <stenn@ntp.org>
+
+* [Sec 1111] Fix incorrect check of EVP_VerifyFinal()'s return value.
+* Update the copyright year.
+
 ---
 (4.2.4p5) 2008/08/17 Released by Harlan Stenn <stenn@ntp.org>
 
diff --git a/NEWS b/NEWS
index 6290fb5b2..2acbe4f5f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,19 @@
+NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
+
+Focus: Security Fix
+
+Severity: Low
+
+This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting
+the OpenSSL library relating to the incorrect checking of the return
+value of EVP_VerifyFinal function.
+
+Credit for finding this issue goes to the Google Security Team for
+finding the original issue with OpenSSL, and to ocert.org for finding
+the problem in NTP and telling us about it.
+
+This is a recommended upgrade.
+---
 NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17)
 
 Focus: Minor Bugfixes 
diff --git a/html/copyright.html b/html/copyright.html
index 471069abc..cf3497906 100644
--- a/html/copyright.html
+++ b/html/copyright.html
@@ -19,7 +19,7 @@
 		<pre>
 ***********************************************************************
 *                                                                     *
-* Copyright (c) David L. Mills 1992-2008                              *
+* Copyright (c) David L. Mills 1992-2009                              *
 *                                                                     *
 * Permission to use, copy, modify, and distribute this software and   *
 * its documentation for any purpose with or without fee is hereby     *
diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c
index 84adbdda1..82afe699b 100644
--- a/ntpd/ntp_crypto.c
+++ b/ntpd/ntp_crypto.c
@@ -1612,7 +1612,7 @@ crypto_verify(
 	 */
 	EVP_VerifyInit(&ctx, peer->digest);
 	EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12);
-	if (!EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey))
+	if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey) <= 0)
 		return (XEVNT_SIG);
 
 	if (peer->crypto & CRYPTO_FLAG_VRFY) {
diff --git a/packageinfo.sh b/packageinfo.sh
index fe1a4ba1f..c1e64ceb6 100644
--- a/packageinfo.sh
+++ b/packageinfo.sh
@@ -16,7 +16,7 @@ special=
 # [???] To start an RC cycle: RC->yes
 # To release from an RC cycle: rcpoint-> GO
 # ReleaseCandidate. 'yes' or 'no'.
-releasecandidate=no
+releasecandidate=yes
 #releasecandidate=no
 # ChangeLog tag
 CLTAG=NTP_4_2_0