Pullup ticket #5010 - requested by taca net/ntp4: security fix Revisions pulled up: - net/ntp4/Makefile 1.92 - net/ntp4/PLIST 1.21 - net/ntp4/distinfo 1.26 --- Module Name: pkgsrc Committed By: wen Date: Wed Apr 27 15:59:19 UTC 2016 Modified Files: pkgsrc/net/ntp4: Makefile PLIST distinfo Log Message: Update to 4.2.8p7 Upstream changes: (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn. * [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve time. Include passive servers in this check. HStenn. * [Sec 2945] Additional KoD packet checks. HStenn. * [Sec 2978] Interleave can be partially triggered. HStenn. * [Sec 3007] Validate crypto-NAKs. Danny Mayer. * [Sec 3008] Always check the return value of ctl_getitem(). - initial work by HStenn - Additional cleanup of ctl_getitem by perlinger@ntp.org * [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org - added more stringent checks on packet content * [Sec 3010] remote configuration trustedkey/requestkey values are not properly validated. perlinger@ntp.org - sidekick: Ignore keys that have an unsupported MAC algorithm but are otherwise well-formed * [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch - graciously accept the same IP multiple times. perlinger@ntp.org * [Sec 3020] Refclock impersonation. HStenn. * [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org - fixed yet another race condition in the threaded resolver code. * [Bug 2858] bool support. Use stdbool.h when available. HStenn. * [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org - integrated patches by Loganaden Velvidron <logan@ntp.org> with some modifications & unit tests * [Bug 2952] Symmetric active/passive mode is broken. HStenn. * [Bug 2960] async name resolution fixes for chroot() environments. Reinhard Max. * [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org * [Bug 2995] Fixes to compile on Windows * [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org * [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org - Patch provided by Ch. Weisgerber * [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" - A change related to [Bug 2853] forbids trailing white space in remote config commands. perlinger@ntp.org * [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE - report and patch from Aleksandr Kostikov. - Overhaul of Windows IO completion port handling. perlinger@ntp.org * [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org - fixed memory leak in access list (auth[read]keys.c) - refactored handling of key access lists (auth[read]keys.c) - reduced number of error branches (authreadkeys.c) * [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org * [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. * [Bug 3031] ntp broadcastclient unable to synchronize to an server when the time of server changed. perlinger@ntp.org - Check the initial delay calculation and reject/unpeer the broadcast server if the delay exceeds 50ms. Retry again after the next broadcast packet. * [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. * Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. * Update html/xleave.html documentation. Harlan Stenn. * Update ntp.conf documentation. Harlan Stenn. * Fix some Credit: attributions in the NEWS file. Harlan Stenn. * Fix typo in html/monopt.html. Harlan Stenn. * Add README.pullrequests. Harlan Stenn. * Cleanup to include/ntp.h. Harlan Stenn. --- (4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org> * [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn. * [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn. * [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org * [Sec 2938] ntpq saveconfig command allows dangerous characters in filenames. perlinger@ntp.org * [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org * [Sec 2940] Stack exhaustion in recursive traversal of restriction list. perlinger@ntp.org * [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn. * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org * [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org * [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org * [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org - applied patch by shenpeng11@huawei.com with minor adjustments * [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org * [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org * [Bug 2892] Several test cases assume IPv6 capabilities even when IPv6 is disabled in the build. perlinger@ntp.org - Found this already fixed, but validation led to cleanup actions. * [Bug 2905] DNS lookups broken. perlinger@ntp.org - added limits to stack consumption, fixed some return code handling * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call - changed stacked/nested handling of CTRL-C. perlinger@ntp.org - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org * [Bug 2980] reduce number of warnings. perlinger@ntp.org - integrated several patches from Havard Eidnes (he@uninett.no) * [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org - implement 'auth_log2()' using integer bithack instead of float calculation * Make leapsec_query debug messages less verbose. Harlan Stenn. * Disable incomplete t-ntp_signd.c test. Harlan Stenn.diff -r1.91 -r1.91.2.1 pkgsrc/net/ntp4/Makefile
(bsiegert)
@@ -1,19 +1,18 @@ | @@ -1,19 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.91 2016/03/05 11:29:09 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.91.2.1 2016/05/13 12:33:51 bsiegert Exp $ | |
2 | # | 2 | # | |
3 | 3 | |||
4 | DISTNAME= ntp-4.2.8p5 | 4 | DISTNAME= ntp-4.2.8p7 | |
5 | PKGNAME= ${DISTNAME:S/-dev-/-/} | 5 | PKGNAME= ${DISTNAME:S/-dev-/-/} | |
6 | PKGREVISION= 1 | |||
7 | CATEGORIES= net time | 6 | CATEGORIES= net time | |
8 | MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ | 7 | MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ | |
9 | 8 | |||
10 | MAINTAINER= pkgsrc-users@NetBSD.org | 9 | MAINTAINER= pkgsrc-users@NetBSD.org | |
11 | HOMEPAGE= http://www.ntp.org/ | 10 | HOMEPAGE= http://www.ntp.org/ | |
12 | COMMENT= Network Time Protocol Version 4 | 11 | COMMENT= Network Time Protocol Version 4 | |
13 | 12 | |||
14 | CONFLICTS+= openntpd-[0-9]* | 13 | CONFLICTS+= openntpd-[0-9]* | |
15 | 14 | |||
16 | GNU_CONFIGURE= YES | 15 | GNU_CONFIGURE= YES | |
17 | USE_LIBTOOL= YES | 16 | USE_LIBTOOL= YES | |
18 | USE_TOOLS+= pax perl:run | 17 | USE_TOOLS+= pax perl:run | |
19 | 18 |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.20 2015/10/23 03:43:31 taca Exp $ | 1 | @comment $NetBSD: PLIST,v 1.20.4.1 2016/05/13 12:33:51 bsiegert Exp $ | |
2 | bin/sntp | 2 | bin/sntp | |
3 | man/man1/sntp.1 | 3 | man/man1/sntp.1 | |
4 | man/man5/ntp.conf.5 | 4 | man/man5/ntp.conf.5 | |
5 | man/man5/ntp.keys.5 | 5 | man/man5/ntp.keys.5 | |
6 | ${PLIST.tickadj}man/man8/calc_tickadj.8 | 6 | ${PLIST.tickadj}man/man8/calc_tickadj.8 | |
7 | man/man8/ntp-keygen.8 | 7 | man/man8/ntp-keygen.8 | |
8 | man/man8/ntp-wait.8 | 8 | man/man8/ntp-wait.8 | |
9 | man/man8/ntpd.8 | 9 | man/man8/ntpd.8 | |
10 | man/man8/ntpdc.8 | 10 | man/man8/ntpdc.8 | |
11 | man/man8/ntpq.8 | 11 | man/man8/ntpq.8 | |
12 | man/man8/ntptrace.8 | 12 | man/man8/ntptrace.8 | |
13 | ${PLIST.tickadj}sbin/calc_tickadj | 13 | ${PLIST.tickadj}sbin/calc_tickadj | |
14 | sbin/ntp-keygen | 14 | sbin/ntp-keygen | |
@@ -19,26 +19,27 @@ sbin/ntpdc | @@ -19,26 +19,27 @@ sbin/ntpdc | |||
19 | sbin/ntpq | 19 | sbin/ntpq | |
20 | ${PLIST.ntptime}sbin/ntptime | 20 | ${PLIST.ntptime}sbin/ntptime | |
21 | sbin/ntptrace | 21 | sbin/ntptrace | |
22 | ${PLIST.tickadj}sbin/tickadj | 22 | ${PLIST.tickadj}sbin/tickadj | |
23 | ${PLIST.timetrim}sbin/timetrim | 23 | ${PLIST.timetrim}sbin/timetrim | |
24 | share/doc/ntp/COPYRIGHT | 24 | share/doc/ntp/COPYRIGHT | |
25 | share/doc/ntp/ChangeLog | 25 | share/doc/ntp/ChangeLog | |
26 | share/doc/ntp/NEWS | 26 | share/doc/ntp/NEWS | |
27 | share/doc/ntp/README | 27 | share/doc/ntp/README | |
28 | share/doc/ntp/README.bk | 28 | share/doc/ntp/README.bk | |
29 | share/doc/ntp/README.hackers | 29 | share/doc/ntp/README.hackers | |
30 | share/doc/ntp/README.leapsmear | 30 | share/doc/ntp/README.leapsmear | |
31 | share/doc/ntp/README.patches | 31 | share/doc/ntp/README.patches | |
32 | share/doc/ntp/README.pullrequests | |||
32 | share/doc/ntp/README.refclocks | 33 | share/doc/ntp/README.refclocks | |
33 | share/doc/ntp/README.versions | 34 | share/doc/ntp/README.versions | |
34 | share/doc/ntp/TODO | 35 | share/doc/ntp/TODO | |
35 | share/doc/ntp/html/access.html | 36 | share/doc/ntp/html/access.html | |
36 | share/doc/ntp/html/accopt.html | 37 | share/doc/ntp/html/accopt.html | |
37 | share/doc/ntp/html/assoc.html | 38 | share/doc/ntp/html/assoc.html | |
38 | share/doc/ntp/html/audio.html | 39 | share/doc/ntp/html/audio.html | |
39 | share/doc/ntp/html/authentic.html | 40 | share/doc/ntp/html/authentic.html | |
40 | share/doc/ntp/html/authopt.html | 41 | share/doc/ntp/html/authopt.html | |
41 | share/doc/ntp/html/autokey.html | 42 | share/doc/ntp/html/autokey.html | |
42 | share/doc/ntp/html/bugs.html | 43 | share/doc/ntp/html/bugs.html | |
43 | share/doc/ntp/html/build.html | 44 | share/doc/ntp/html/build.html | |
44 | share/doc/ntp/html/clock.html | 45 | share/doc/ntp/html/clock.html |
@@ -1,8 +1,8 @@ | @@ -1,8 +1,8 @@ | |||
1 | $NetBSD: distinfo,v 1.25 2016/01/09 15:49:26 taca Exp $ | 1 | $NetBSD: distinfo,v 1.25.2.1 2016/05/13 12:33:51 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (ntp-4.2.8p5.tar.gz) = 95152c9bca8b5229a4db05943f181365bf738ab2 | 3 | SHA1 (ntp-4.2.8p7.tar.gz) = a1f6300132cf1fc6884990353aca7340daf0be0d | |
4 | RMD160 (ntp-4.2.8p5.tar.gz) = a5991d126722fb80bac6a0552feb14403b8d0a0d | 4 | RMD160 (ntp-4.2.8p7.tar.gz) = d138a8a36cb0e20ae5a9cda2e0e9771fae4e1380 | |
5 | SHA512 (ntp-4.2.8p5.tar.gz) = 8df3e51027f6bfc5e77b81317b67e75263cb429dc532d21bb5924852f77ea39314a06b94944804991185f93155063cee7c1f28024698ec893c353a4d5561750e | 5 | SHA512 (ntp-4.2.8p7.tar.gz) = 7b80192f0e3c4a05cc05f167ab85593acca685d514dcd46fb8f42b4cd2a5525e76ba5e15fd7ff13220e4155de6aab5661554e0ded60bfb1d27a969c589958f55 | |
6 | Size (ntp-4.2.8p5.tar.gz) = 7138233 bytes | 6 | Size (ntp-4.2.8p7.tar.gz) = 7175313 bytes | |
7 | SHA1 (patch-include-ntp__syscall.h) = b247569339d09a88f2e143e355033ce7635ffe92 | 7 | SHA1 (patch-include-ntp__syscall.h) = b247569339d09a88f2e143e355033ce7635ffe92 | |
8 | SHA1 (patch-sntp_loc_pkgsrc) = 6e46ffc0cc2afcfdc1d01297cbe04cb80d103575 | 8 | SHA1 (patch-sntp_loc_pkgsrc) = 6e46ffc0cc2afcfdc1d01297cbe04cb80d103575 |