From owner-freebsd-security@freebsd.org Wed Oct 28 11:39:22 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E465AA1F94F for ; Wed, 28 Oct 2015 11:39:21 +0000 (UTC) (envelope-from matthew@freebsd.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 89DC115F7 for ; Wed, 28 Oct 2015 11:39:21 +0000 (UTC) (envelope-from matthew@freebsd.org) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.2/8.15.2) with ESMTPSA id t9SBcshj025782 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Wed, 28 Oct 2015 11:39:11 GMT (envelope-from matthew@freebsd.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=freebsd.org DKIM-Filter: OpenDKIM Filter v2.10.3 smtp.infracaninophile.co.uk t9SBcshj025782 Authentication-Results: smtp.infracaninophile.co.uk/t9SBcshj025782; dkim=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:25.ntp To: freebsd-security@freebsd.org References: <201510261236.t9QCa2cm044240@think.nginx.com> <201510272251.t9RMpAP6080322@sgt.com> From: Matthew Seaman X-Enigmail-Draft-Status: N1110 Message-ID: <5630B3CC.2060505@freebsd.org> Date: Wed, 28 Oct 2015 11:38:52 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <201510272251.t9RMpAP6080322@sgt.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="NjTDsHeA1gXcMEHGXJdtMwJsW7lHvnw0q" X-Virus-Scanned: clamav-milter 0.98.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lucid-nonsense.infracaninophile.co.uk X-Mailman-Approved-At: Wed, 28 Oct 2015 12:06:55 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2015 11:39:22 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --NjTDsHeA1gXcMEHGXJdtMwJsW7lHvnw0q Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 10/27/15 22:51, Robert Sargent via freebsd-security wrote: > there is a simple workaround if you don't want to or can't reboot your = machines: install the ntp pkg=20 >=20 > pkg install ntp >=20 > and add the following line to /etc/rc.conf =20 >=20 > ntpd_program=3D"/usr/local/sbin/ntpd" >=20 > then kill the original /usr/sbin/ntpd process and run this command: >=20 > /etc/rc.d/ntpd start This is very frustrating. Installing the ntp package as above will give you a working ntpd the first time you start it. But attempting to restart ntpd after that will result in the same sort of SEGV as seen with the ntpd from freebsd-update. So far I've found that ntp-4.2.8p3 or above -- whether installed via freebsd-updates or via package -- installed on 10.1-RELEASE-p14 or 10.2-RELEASE-p{3,4,5} will startup and run at most one time (presumably, that's one time between successive system reboots, but I haven't tested that.) Worse: it seems you get at most one successful startup out of both of those variants together. Exactly the same ntp package installed on 10.2-STABLE built yesterday will run perfectly well, and restart just fine. Similarly the base ntpd in 10.2-STABLE runs and restarts just fine. Cheers, Matthew --NjTDsHeA1gXcMEHGXJdtMwJsW7lHvnw0q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWMLPMAAoJEABRPxDgqeTnhWkP/1f4uAOpu56EeK+Q/D9MY3ya BX5JfgMdZRo2GWfU1jE7r2LM8YsVTAPcBPCQk0UehvqJ55i5YUAsFWbbQws0niLv MjsVupNsmfr8LtY0tWn5jdzLlynPeLFx6OQRIufTRcmPIPuBxYiAyZtJNP/lGBif SUDMu3dh/Z32WtSmODJsHXM195njcrSt40H4sCaxABKHzvi9JLAnSQOD/Th7l+y2 4Zffg7hpCdqRItr0k+XH+wMvjobFxISY+pKHptjqv8y+YkzntWkwGwAuMNsG2YpA vCLbAES0JbP7n+y+/ecrB35L7E/oJeoxRSg+9Tov040Bdr+epYU2hlPSMoIVU6vl yHFtZ8m2s+4dJxCrXXXkqIZLje04KIx3EbI5O8FBWZVsppgc4MV9ito+yKNJZu/h 9mGtXGkUx9JoijmArVeSQ/pMOvWQy9U0wV6wUu0LzEfqkh+SRTGDX43Cz8VIXmt/ Fe7p1cshmz5NyA29MUfpHlSbhLH5im0yqdnCbUnduQVJ5Ygp0owRb9KwMRuFizYO 7/HtxmnH2bLSX1Fj3+aqweYw2RS7UaKhPM4grHRPKpALdasCjNURU874tHy3QMoi 4D4j53sBJmxQBr/+nWrUz3c1VB7HpSjQ/ey8ZUjjFT37MdCFW33qDRFO2b+2TeKd LXzTB9GzkD7ddfRWa5/Y =9BZX -----END PGP SIGNATURE----- --NjTDsHeA1gXcMEHGXJdtMwJsW7lHvnw0q--