Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 4 Jun 2016 06:51:08 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org
Subject:   svn commit: r48891 - in head/share: security/advisories security/patches/SA-16:24 xml
Message-ID:  <201606040651.u546p8e1017004@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Sat Jun  4 06:51:08 2016
New Revision: 48891
URL: https://svnweb.freebsd.org/changeset/doc/48891

Log:
  Add SA-16:24.ntp.

Added:
  head/share/security/advisories/FreeBSD-SA-16:24.ntp.asc   (contents, props changed)
  head/share/security/patches/SA-16:24/
  head/share/security/patches/SA-16:24/ntp.patch   (contents, props changed)
  head/share/security/patches/SA-16:24/ntp.patch.asc   (contents, props changed)
Modified:
  head/share/xml/advisories.xml

Added: head/share/security/advisories/FreeBSD-SA-16:24.ntp.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:24.ntp.asc	Sat Jun  4 06:51:08 2016	(r48891)
@@ -0,0 +1,172 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:24.ntp                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple vulnerabilities of ntp
+
+Category:       contrib
+Module:         ntp
+Announced:      2016-06-04
+Credits:        Network Time Foundation and various contributors listed below
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-06-03 08:59:21 UTC (stable/10, 10.3-STABLE)
+                2016-06-04 05:46:52 UTC (releng/10.3, 10.3-RELEASE-p5)
+                2016-06-04 05:46:52 UTC (releng/10.2, 10.2-RELEASE-p19)
+                2016-06-04 05:46:52 UTC (releng/10.1, 10.1-RELEASE-p36)
+                2016-06-03 09:03:10 UTC (stable/9, 9.3-STABLE)
+                2016-06-04 05:46:52 UTC (releng/9.3, 9.3-RELEASE-p44)
+CVE Name:       CVE-2016-4957, CVE-2016-4953, CVE-2016-4954, CVE-2016-4955
+                CVE-2016-4956
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
+used to synchronize the time of a computer system to a reference time
+source.
+
+II.  Problem Description
+
+Multiple vulnerabilities have been discovered in the NTP suite:
+
+The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that could cause ntpd to
+crash. [CVE-2016-4957, Reported by Nicolas Edet of Cisco]
+
+An attacker who knows the origin timestamp and can send a spoofed packet
+containing a CRYPTO-NAK to an ephemeral peer target before any other
+response is sent can demobilize that association. [CVE-2016-4953, Reported by
+Miroslav Lichvar of Red Hat]
+
+An attacker who is able to spoof packets with correct origin timestamps
+from enough servers before the expected response packets arrive at the
+target machine can affect some peer variables and, for example,
+cause a false leap indication to be set. [CVE-2016-4954, Reported by
+Jakub Prokes of Red Hat]
+
+An attacker who is able to spoof a packet with a correct origin timestamp
+before the expected response packet arrives at the target machine can
+send a CRYPTO_NAK or a bad MAC and cause the association's peer variables
+to be cleared. If this can be done often enough, it will prevent that
+association from working. [CVE-2016-4955, Reported by Miroslav Lichvar
+of Red Hat]
+
+The fix for NtpBug2978 does not cover broadcast associations, so broadcast
+clients can be triggered to flip into interleave mode. [CVE-2016-4956,
+Reported by Miroslav Lichvar of Red Hat.]
+
+III. Impact
+
+Malicious remote attackers may be able to break time synchronization,
+or cause the ntpd(8) daemon to crash.
+
+IV.  Workaround
+
+No workaround is available, but systems not running ntpd(8) are not
+affected.  Network administrators are advised to implement BCP-38,
+which helps to reduce the risk associated with the attacks.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+The ntpd service has to be restarted after the update.  A reboot is
+recommended but not required.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+The ntpd service has to be restarted after the update.  A reboot is
+recommended but not required.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:24/ntp.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:24/ntp.patch.asc
+# gpg --verify ntp.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r301257
+releng/9.3/                                                       r301301
+stable/10/                                                        r301256
+releng/10.1/                                                      r301301
+releng/10.2/                                                      r301301
+releng/10.3/                                                      r301301
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4957>;
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4953>;
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4954>;
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4955>;
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4956>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:24.ntp.asc>;
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.12 (FreeBSD)
+
+iQIcBAEBCgAGBQJXUnRyAAoJEO1n7NZdz2rncMMQAIB69xMkhWqoZ+0R2R6MOPAI
+UWIEPN4fLktiz4oIKP/C/xTsJdonC6+GCKbEb4h+deUOEYPaK5L1RsjvzwjqDKvI
+9THtZUBoEcifALOiO1Mkum+1ntCkF+7EK2EXSuF2/wYga/ekVkCPZqLxmUEbL/KG
+HEa4VCnMv0euAxEbtzix6efNTZV/9O0uUmYlU0wt8WF+YL+p15CyhBIc5YZISpWA
+izugcLKU8xriFMOiyOIttnIS1pAKERu0Fh9EqlkfFhcmJXl18Oxn10L0qH6uEx/C
+Rs11KzyJSuOpBl7x5NZi9jsTzlZlI6zqJ9b6Dlj2A8k82oz5p3VUf+CDyDlMZxHo
+2PsRPGdYJA98w/dUFucZozt1J4K05dWOnd6oED1bY8bFEb+IhRYYOil/wqiNBJFw
+Q9B6jB18Olp4PxxMZVX5kXz4j3tzqlt80wY9S/pVOIGjKcbxIHqhB5CFt1UJfsUw
+BGzJTpYYBvqdS0e3ozO+4QyHBlm4Ure4JFlrb/kBXgLvnBcTfn5e2NMJKhMSvC0B
+O5Ma1D7E2eYxxHgpUFTJYo+qNrfWsQHPClxOMVXbxUrz/iheEvTaed7tyHtMI5nz
+vloTNWf4WNWnxYv5meOOSj2lXX5dxT+XpEA+1kmOWdWvOx8nmOWrOUYN6hM191jD
+e3hZ2X6TAfHd5LIHtb2C
+=ttlK
+-----END PGP SIGNATURE-----

Added: head/share/security/patches/SA-16:24/ntp.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-16:24/ntp.patch	Sat Jun  4 06:51:08 2016	(r48891)
@@ -0,0 +1,11582 @@
+--- contrib/ntp/ChangeLog.orig
++++ contrib/ntp/ChangeLog
+@@ -1,4 +1,26 @@
+ ---
++(4.2.8p8) 2016/06/02 Released by Harlan Stenn <stenn@ntp.org>
++
++* [Sec 3042] Broadcast Interleave.  HStenn.
++* [Sec 3043] Autokey association reset.  perlinger@ntp.org, stenn@ntp.org
++  - validate origin timestamps on bad MACs, too.  stenn@ntp.org
++* [Sec 3044] Spoofed server packets are partially processed.  HStenn.
++* [Sec 3045] Bad authentication demobilizes ephemeral associations. JPerlinger.
++* [Sec 3046] CRYPTO_NAK crash.  stenn@ntp.org
++* [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org
++  - provide build environment
++  - 'wint_t' and 'struct timespec' defined by VS2015
++  - fixed print()/scanf() format issues
++* [Bug 3052] Add a .gitignore file.  Edmund Wong.
++* [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite.
++* [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback,
++  JPerlinger, HStenn.
++* Update the NEWS file for 4.2.8p8.  HStenn.
++* Fix typo in ntp-wait and plot_summary.  HStenn.
++* Make sure we have an "author" file for git imports.  HStenn.
++* Update the sntp problem tests for MacOS.  HStenn.
++  
++---
+ (4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>
+ 
+ * [Sec 2901] KoD packets must have non-zero transmit timestamps.  HStenn.
+--- contrib/ntp/CommitLog.orig
++++ contrib/ntp/CommitLog
+@@ -1,3 +1,774 @@
++ChangeSet@1.3686, 2016-06-02 07:40:06-04:00, stenn@deacon.udel.edu
++  NTP_4_2_8P8
++  TAG: NTP_4_2_8P8
++
++  ChangeLog@1.1834 +1 -0
++    NTP_4_2_8P8
++
++  ntpd/invoke-ntp.conf.texi@1.200 +1 -1
++    NTP_4_2_8P8
++
++  ntpd/invoke-ntp.keys.texi@1.190 +1 -1
++    NTP_4_2_8P8
++
++  ntpd/invoke-ntpd.texi@1.506 +2 -2
++    NTP_4_2_8P8
++
++  ntpd/ntp.conf.5man@1.234 +3 -3
++    NTP_4_2_8P8
++
++  ntpd/ntp.conf.5mdoc@1.234 +2 -2
++    NTP_4_2_8P8
++
++  ntpd/ntp.conf.html@1.185 +55 -19
++    NTP_4_2_8P8
++
++  ntpd/ntp.conf.man.in@1.234 +3 -3
++    NTP_4_2_8P8
++
++  ntpd/ntp.conf.mdoc.in@1.234 +2 -2
++    NTP_4_2_8P8
++
++  ntpd/ntp.keys.5man@1.224 +2 -2
++    NTP_4_2_8P8
++
++  ntpd/ntp.keys.5mdoc@1.224 +2 -2
++    NTP_4_2_8P8
++
++  ntpd/ntp.keys.html@1.186 +1 -1
++    NTP_4_2_8P8
++
++  ntpd/ntp.keys.man.in@1.224 +2 -2
++    NTP_4_2_8P8
++
++  ntpd/ntp.keys.mdoc.in@1.224 +2 -2
++    NTP_4_2_8P8
++
++  ntpd/ntpd-opts.c@1.528 +7 -7
++    NTP_4_2_8P8
++
++  ntpd/ntpd-opts.h@1.527 +3 -3
++    NTP_4_2_8P8
++
++  ntpd/ntpd.1ntpdman@1.335 +3 -3
++    NTP_4_2_8P8
++
++  ntpd/ntpd.1ntpdmdoc@1.335 +2 -2
++    NTP_4_2_8P8
++
++  ntpd/ntpd.html@1.179 +2 -2
++    NTP_4_2_8P8
++
++  ntpd/ntpd.man.in@1.335 +3 -3
++    NTP_4_2_8P8
++
++  ntpd/ntpd.mdoc.in@1.335 +2 -2
++    NTP_4_2_8P8
++
++  ntpdc/invoke-ntpdc.texi@1.503 +2 -2
++    NTP_4_2_8P8
++
++  ntpdc/ntpdc-opts.c@1.521 +7 -7
++    NTP_4_2_8P8
++
++  ntpdc/ntpdc-opts.h@1.520 +3 -3
++    NTP_4_2_8P8
++
++  ntpdc/ntpdc.1ntpdcman@1.334 +3 -3
++    NTP_4_2_8P8
++
++  ntpdc/ntpdc.1ntpdcmdoc@1.334 +2 -2
++    NTP_4_2_8P8
++
++  ntpdc/ntpdc.html@1.347 +2 -2
++    NTP_4_2_8P8
++
++  ntpdc/ntpdc.man.in@1.334 +3 -3
++    NTP_4_2_8P8
++
++  ntpdc/ntpdc.mdoc.in@1.334 +2 -2
++    NTP_4_2_8P8
++
++  ntpq/invoke-ntpq.texi@1.511 +2 -2
++    NTP_4_2_8P8
++
++  ntpq/ntpq-opts.c@1.528 +7 -7
++    NTP_4_2_8P8
++
++  ntpq/ntpq-opts.h@1.526 +3 -3
++    NTP_4_2_8P8
++
++  ntpq/ntpq.1ntpqman@1.339 +3 -3
++    NTP_4_2_8P8
++
++  ntpq/ntpq.1ntpqmdoc@1.339 +2 -2
++    NTP_4_2_8P8
++
++  ntpq/ntpq.html@1.176 +2 -2
++    NTP_4_2_8P8
++
++  ntpq/ntpq.man.in@1.339 +3 -3
++    NTP_4_2_8P8
++
++  ntpq/ntpq.mdoc.in@1.339 +2 -2
++    NTP_4_2_8P8
++
++  ntpsnmpd/invoke-ntpsnmpd.texi@1.505 +2 -2
++    NTP_4_2_8P8
++
++  ntpsnmpd/ntpsnmpd-opts.c@1.523 +7 -7
++    NTP_4_2_8P8
++
++  ntpsnmpd/ntpsnmpd-opts.h@1.522 +3 -3
++    NTP_4_2_8P8
++
++  ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.334 +3 -3
++    NTP_4_2_8P8
++
++  ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.334 +2 -2
++    NTP_4_2_8P8
++
++  ntpsnmpd/ntpsnmpd.html@1.174 +1 -1
++    NTP_4_2_8P8
++
++  ntpsnmpd/ntpsnmpd.man.in@1.334 +3 -3
++    NTP_4_2_8P8
++
++  ntpsnmpd/ntpsnmpd.mdoc.in@1.334 +2 -2
++    NTP_4_2_8P8
++
++  packageinfo.sh@1.528 +2 -2
++    NTP_4_2_8P8
++
++  scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.95 +3 -3
++    NTP_4_2_8P8
++
++  scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.96 +2 -2
++    NTP_4_2_8P8
++
++  scripts/calc_tickadj/calc_tickadj.html@1.97 +1 -1
++    NTP_4_2_8P8
++
++  scripts/calc_tickadj/calc_tickadj.man.in@1.94 +3 -3
++    NTP_4_2_8P8
++
++  scripts/calc_tickadj/calc_tickadj.mdoc.in@1.96 +2 -2
++    NTP_4_2_8P8
++
++  scripts/calc_tickadj/invoke-calc_tickadj.texi@1.99 +1 -1
++    NTP_4_2_8P8
++
++  scripts/invoke-plot_summary.texi@1.117 +2 -2
++    NTP_4_2_8P8
++
++  scripts/invoke-summary.texi@1.116 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntp-wait/invoke-ntp-wait.texi@1.326 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntp-wait/ntp-wait-opts@1.62 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntp-wait/ntp-wait.1ntp-waitman@1.323 +3 -3
++    NTP_4_2_8P8
++
++  scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.324 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntp-wait/ntp-wait.html@1.343 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntp-wait/ntp-wait.man.in@1.323 +3 -3
++    NTP_4_2_8P8
++
++  scripts/ntp-wait/ntp-wait.mdoc.in@1.324 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntpsweep/invoke-ntpsweep.texi@1.114 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntpsweep/ntpsweep-opts@1.64 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntpsweep/ntpsweep.1ntpsweepman@1.102 +3 -3
++    NTP_4_2_8P8
++
++  scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.102 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntpsweep/ntpsweep.html@1.115 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntpsweep/ntpsweep.man.in@1.102 +3 -3
++    NTP_4_2_8P8
++
++  scripts/ntpsweep/ntpsweep.mdoc.in@1.103 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntptrace/invoke-ntptrace.texi@1.115 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntptrace/ntptrace-opts@1.64 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntptrace/ntptrace.1ntptraceman@1.102 +3 -3
++    NTP_4_2_8P8
++
++  scripts/ntptrace/ntptrace.1ntptracemdoc@1.103 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntptrace/ntptrace.html@1.116 +2 -2
++    NTP_4_2_8P8
++
++  scripts/ntptrace/ntptrace.man.in@1.102 +3 -3
++    NTP_4_2_8P8
++
++  scripts/ntptrace/ntptrace.mdoc.in@1.104 +2 -2
++    NTP_4_2_8P8
++
++  scripts/plot_summary-opts@1.65 +2 -2
++    NTP_4_2_8P8
++
++  scripts/plot_summary.1plot_summaryman@1.115 +3 -3
++    NTP_4_2_8P8
++
++  scripts/plot_summary.1plot_summarymdoc@1.115 +2 -2
++    NTP_4_2_8P8
++
++  scripts/plot_summary.html@1.118 +40 -58
++    NTP_4_2_8P8
++
++  scripts/plot_summary.man.in@1.115 +3 -3
++    NTP_4_2_8P8
++
++  scripts/plot_summary.mdoc.in@1.115 +2 -2
++    NTP_4_2_8P8
++
++  scripts/summary-opts@1.64 +2 -2
++    NTP_4_2_8P8
++
++  scripts/summary.1summaryman@1.114 +3 -3
++    NTP_4_2_8P8
++
++  scripts/summary.1summarymdoc@1.114 +2 -2
++    NTP_4_2_8P8
++
++  scripts/summary.html@1.117 +2 -2
++    NTP_4_2_8P8
++
++  scripts/summary.man.in@1.114 +3 -3
++    NTP_4_2_8P8
++
++  scripts/summary.mdoc.in@1.114 +2 -2
++    NTP_4_2_8P8
++
++  scripts/update-leap/invoke-update-leap.texi@1.15 +1 -1
++    NTP_4_2_8P8
++
++  scripts/update-leap/update-leap-opts@1.15 +2 -2
++    NTP_4_2_8P8
++
++  scripts/update-leap/update-leap.1update-leapman@1.15 +3 -3
++    NTP_4_2_8P8
++
++  scripts/update-leap/update-leap.1update-leapmdoc@1.15 +2 -2
++    NTP_4_2_8P8
++
++  scripts/update-leap/update-leap.html@1.15 +1 -1
++    NTP_4_2_8P8
++
++  scripts/update-leap/update-leap.man.in@1.15 +3 -3
++    NTP_4_2_8P8
++
++  scripts/update-leap/update-leap.mdoc.in@1.15 +2 -2
++    NTP_4_2_8P8
++
++  sntp/invoke-sntp.texi@1.503 +2 -2
++    NTP_4_2_8P8
++
++  sntp/sntp-opts.c@1.522 +7 -7
++    NTP_4_2_8P8
++
++  sntp/sntp-opts.h@1.520 +3 -3
++    NTP_4_2_8P8
++
++  sntp/sntp.1sntpman@1.338 +3 -3
++    NTP_4_2_8P8
++
++  sntp/sntp.1sntpmdoc@1.338 +2 -2
++    NTP_4_2_8P8
++
++  sntp/sntp.html@1.518 +2 -2
++    NTP_4_2_8P8
++
++  sntp/sntp.man.in@1.338 +3 -3
++    NTP_4_2_8P8
++
++  sntp/sntp.mdoc.in@1.338 +2 -2
++    NTP_4_2_8P8
++
++  util/invoke-ntp-keygen.texi@1.506 +2 -2
++    NTP_4_2_8P8
++
++  util/ntp-keygen-opts.c@1.524 +7 -7
++    NTP_4_2_8P8
++
++  util/ntp-keygen-opts.h@1.522 +3 -3
++    NTP_4_2_8P8
++
++  util/ntp-keygen.1ntp-keygenman@1.334 +3 -3
++    NTP_4_2_8P8
++
++  util/ntp-keygen.1ntp-keygenmdoc@1.334 +2 -2
++    NTP_4_2_8P8
++
++  util/ntp-keygen.html@1.180 +2 -2
++    NTP_4_2_8P8
++
++  util/ntp-keygen.man.in@1.334 +3 -3
++    NTP_4_2_8P8
++
++  util/ntp-keygen.mdoc.in@1.334 +2 -2
++    NTP_4_2_8P8
++
++ChangeSet@1.3685, 2016-06-02 06:50:37-04:00, stenn@deacon.udel.edu
++  4.2.8p8
++
++  packageinfo.sh@1.527 +1 -1
++    4.2.8p8
++
++ChangeSet@1.3684, 2016-05-27 08:02:09+00:00, stenn@psp-deb1.ntp.org
++  typo
++
++  NEWS@1.174 +1 -1
++    typo
++
++ChangeSet@1.3683, 2016-05-27 00:07:22-07:00, harlan@max.pfcs.com
++  [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback, JPerlinger, HStenn.
++
++  ChangeLog@1.1833 +2 -0
++    [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback, JPerlinger, HStenn.
++
++  NEWS@1.173 +2 -0
++    [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback, JPerlinger, HStenn.
++
++  ntpd/ntp_io.c@1.417 +41 -41
++    [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback, JPerlinger, HStenn.
++
++ChangeSet@1.3682, 2016-05-26 22:37:19-07:00, harlan@max.pfcs.com
++  [Sec3043] - validate origin timestamps on bad MACs, too.  stenn@ntp.org
++
++  ChangeLog@1.1832 +2 -1
++    [Sec3043] - validate origin timestamps on bad MACs, too.  stenn@ntp.org
++
++  NEWS@1.172 +9 -9
++    [Sec3043] - validate origin timestamps on bad MACs, too.  stenn@ntp.org
++
++  ntpd/ntp_proto.c@1.392 +19 -6
++    [Sec3043] - validate origin timestamps on bad MACs, too.  stenn@ntp.org
++
++ChangeSet@1.3681, 2016-05-24 23:31:36+00:00, stenn@psp-deb1.ntp.org
++  Update the NEWS file for 4.2.8p8.  HStenn.
++
++  ChangeLog@1.1831 +1 -0
++    Update the NEWS file for 4.2.8p8.  HStenn.
++
++  NEWS@1.171 +103 -2
++    Update the NEWS file for 4.2.8p8.  HStenn.
++
++ChangeSet@1.3680, 2016-05-24 12:05:06+00:00, stenn@psp-deb1.ntp.org
++  [Sec 3044] Spoofed server packets are partially processed.  HStenn.
++
++  ChangeLog@1.1830 +3 -2
++    [Sec 3044] Spoofed server packets are partially processed.  HStenn.
++
++  ntpd/ntp_proto.c@1.391 +39 -24
++    [Sec 3044] Spoofed server packets are partially processed.  HStenn.
++
++ChangeSet@1.3669.3.2, 2016-05-24 02:58:00-07:00, harlan@hms-mbp11.pfcs.com
++  Make sure we have an "author" file for git imports.  HStenn.
++
++  ChangeLog@1.1820.3.3 +1 -0
++    Update the problem tests for MacOS for sntp.  HStenn.
++
++  ChangeLog@1.1820.3.2 +1 -0
++    Make sure we have an "author" file for git imports.  HStenn.
++
++  configure.ac@1.606 +1 -0
++    Make sure we have an "author" file for git imports.  HStenn.
++
++  scripts/build/Makefile.am@1.5 +1 -1
++    Make sure we have an "author" file for git imports.  HStenn.
++
++  scripts/build/genAuthors.in@1.1 +82 -0
++    BitKeeper file /Users/harlan/src/ntp-stable/scripts/build/genAuthors.in
++
++  scripts/build/genAuthors.in@1.0 +0 -0
++
++  sntp/configure.ac@1.83 +2 -0
++    Make sure we have an "author" file for git imports.  HStenn.
++
++  sntp/m4/ntp_problemtests.m4@1.5 +1 -0
++    Make sure we have an "author" file for git imports.  HStenn.
++
++  sntp/m4/sntp_problemtests.m4@1.1 +47 -0
++    BitKeeper file /Users/harlan/src/ntp-stable/sntp/m4/sntp_problemtests.m4
++
++  sntp/m4/sntp_problemtests.m4@1.0 +0 -0
++
++  sntp/tests/Makefile.am@1.67 +8 -2
++    Update the problem tests for MacOS for sntp.  HStenn.
++
++ChangeSet@1.3669.3.1, 2016-05-24 02:25:46-07:00, harlan@hms-mbp11.pfcs.com
++  [Sec 3042] Broadcast Interleave.  HStenn.
++
++  ChangeLog@1.1820.3.1 +4 -0
++    [Sec 3042] Broadcast Interleave.  HStenn.
++
++  ntpd/ntp_proto.c@1.386.1.1 +69 -14
++    [Sec 3042] Broadcast Interleave.  HStenn.
++
++ChangeSet@1.3678, 2016-05-23 09:53:37+00:00, stenn@psp-deb1.ntp.org
++  [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ChangeLog@1.1828 +1 -1
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  include/ntp.h@1.220 +1 -0
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/complete.conf.in@1.31 +1 -1
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/invoke-ntp.conf.texi@1.199 +23 -3
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/keyword-gen-utd@1.28 +1 -1
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/keyword-gen.c@1.34 +2 -1
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp.conf.5man@1.233 +27 -6
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp.conf.5mdoc@1.233 +24 -2
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp.conf.def@1.24 +22 -0
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp.conf.man.in@1.233 +27 -6
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp.conf.mdoc.in@1.233 +24 -2
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp_config.c@1.338 +6 -2
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp_keyword.h@1.30 +617 -597
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp_parser.c@1.102 +1541 -1773
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp_parser.h@1.66 +294 -306
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp_parser.y@1.92 +2 -0
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++  ntpd/ntp_proto.c@1.389 +29 -8
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org, stenn@ntp.org
++
++ChangeSet@1.3671.1.3, 2016-05-17 06:49:41+00:00, stenn@psp-deb1.ntp.org
++  [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite.
++
++  ChangeLog@1.1822.1.3 +1 -0
++    [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite.
++
++  html/miscopt.html@1.86 +2 -2
++    [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite.
++
++ChangeSet@1.3671.1.2, 2016-05-17 04:25:50+00:00, stenn@psp-deb1.ntp.org
++  [Bug 3052] Add a .gitignore file.  Edmund Wong.
++
++  .gitignore@1.1 +9 -0
++    BitKeeper file /home/stenn/ntp-stable/.gitignore
++
++  .gitignore@1.0 +0 -0
++
++  BitKeeper/etc/ignore@1.91 +0 -1
++    [Bug 3052] Add a .gitignore file.  Edmund Wong.
++
++  ChangeLog@1.1822.1.2 +1 -0
++    [Bug 3052] Add a .gitignore file.  Edmund Wong.
++
++ChangeSet@1.3675, 2016-05-08 11:59:28+02:00, perlinger@ntp.org
++  [Sec 3043]  Autokey association reset. perlinger@ntp.org
++   (fixes [Sec 3044] and [Sec 3045], too)
++
++  ChangeLog@1.1825 +2 -0
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org
++
++  ntpd/ntp_proto.c@1.388 +28 -22
++    [Sec 3043]  Autokey association reset. perlinger@ntp.org
++     (fixes [Sec 3044] and [Sec 3045], too)
++
++ChangeSet@1.3674, 2016-05-06 11:05:44+00:00, stenn@psp-deb1.ntp.org
++  [Sec 3046] CRYPTO_NAK crash
++
++  ChangeLog@1.1824 +1 -0
++    [Sec 3046] CRYPTO_NAK crash
++
++  ntpd/ntp_proto.c@1.387 +2 -1
++    [Sec 3046] CRYPTO_NAK crash
++
++ChangeSet@1.3669.2.1, 2016-05-06 09:20:29+00:00, stenn@psp-deb1.ntp.org
++  Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  ChangeLog@1.1820.2.1 +4 -0
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/invoke-plot_summary.texi@1.116 +2 -2
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/ntp-wait/ntp-wait.in@1.12 +1 -1
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/plot_summary-opts@1.64 +1 -1
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/plot_summary-opts.def@1.3 +1 -1
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/plot_summary.1plot_summaryman@1.114 +4 -4
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/plot_summary.1plot_summarymdoc@1.114 +3 -3
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/plot_summary.html@1.117 +58 -40
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/plot_summary.man.in@1.114 +4 -4
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/plot_summary.mdoc.in@1.114 +3 -3
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++  scripts/t/ntp-wait.t@1.2 +1 -1
++    Fix typo in ntp-wait and plot_summary.  HStenn.
++
++ChangeSet@1.3672, 2016-05-05 06:17:20+00:00, stenn@psp-deb1.ntp.org
++  Update NEWS file for 4.2.8p9 for Bug 3038
++
++  NEWS@1.170 +9 -0
++    Update NEWS file for 4.2.8p9 for Bug 3038
++
++ChangeSet@1.3671, 2016-05-05 06:09:53+00:00, stenn@psp-deb1.ntp.org
++  trivial cleanup
++
++  ChangeLog@1.1822 +1 -0
++    trivial cleanup
++
++ChangeSet@1.3670, 2016-04-27 21:54:12+02:00, perlinger@ntp.org
++  [Bug 3038] NTP fails to build in VS2015 Community Edition
++   - new build environment
++   - 'wint_t' and 'struct timespec' defined by VS2015
++   - fixed several format clashes in 'printf()' and 'scanf'
++
++  BitKeeper/etc/ignore@1.90 +1 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - skip next version of MSVC symbol database
++
++  ChangeLog@1.1821 +6 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++
++  ntpd/refclock_parse.c@1.83 +6 -6
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - work around clash SOCKET vs file descriptor formatting
++
++  ntpdc/ntpdc.c@1.107 +2 -2
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - fix format warnings/errors
++
++  ntpq/ntpq.c@1.170 +5 -2
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - fix format warnings/errors
++
++  ports/winnt/include/config.h@1.115 +4 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - VS2015 has 'wint_t'
++
++  ports/winnt/include/sys/time.h@1.9 +2 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - VS2015 has 'struct timespec'
++
++  ports/winnt/libntp/termios.c@1.33 +3 -3
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - fix format parsing error
++
++  ports/winnt/ppsapi/loopback/src/sys/time.h@1.2 +2 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - VS2015 has 'struct timespec'
++
++  ports/winnt/vs2013/common.props@1.3 +1 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     -enable multiprocessor build
++
++  ports/winnt/vs2015/common.props@1.1 +60 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/common.props@1.0 +0 -0
++
++  ports/winnt/vs2015/debug-x64.props@1.1 +24 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/debug-x64.props@1.0 +0 -0
++
++  ports/winnt/vs2015/debug.props@1.1 +24 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/debug.props@1.0 +0 -0
++
++  ports/winnt/vs2015/instsrv/instsrv.vcxproj@1.1 +269 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/instsrv/instsrv.vcxproj@1.0 +0 -0
++
++  ports/winnt/vs2015/instsrv/instsrv.vcxproj.filters@1.1 +28 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/instsrv/instsrv.vcxproj.filters@1.0 +0 -0
++
++  ports/winnt/vs2015/libntp/libntp.vcxproj@1.1 +431 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/libntp/libntp.vcxproj@1.0 +0 -0
++
++  ports/winnt/vs2015/libntp/libntp.vcxproj.filters@1.1 +574 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/libntp/libntp.vcxproj.filters@1.0 +0 -0
++
++  ports/winnt/vs2015/loopback-pps/loopback-ppsapi-provider.vcxproj@1.1 +252 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/loopback-pps/loopback-ppsapi-provider.vcxproj@1.0 +0 -0
++
++  ports/winnt/vs2015/loopback-pps/loopback-ppsapi-provider.vcxproj.filters@1.1 +39 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/loopback-pps/loopback-ppsapi-provider.vcxproj.filters@1.0 +0 -0
++
++  ports/winnt/vs2015/ntp-keygen/ntp-keygen.vcxproj@1.1 +270 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntp-keygen/ntp-keygen.vcxproj@1.0 +0 -0
++
++  ports/winnt/vs2015/ntp-keygen/ntp-keygen.vcxproj.filters@1.1 +36 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntp-keygen/ntp-keygen.vcxproj.filters@1.0 +0 -0
++
++  ports/winnt/vs2015/ntp.sln@1.1 +166 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntp.sln@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpd-keyword-gen/ntpd-keyword-gen.vcxproj@1.1 +227 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpd-keyword-gen/ntpd-keyword-gen.vcxproj@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpd-keyword-gen/ntpd-keyword-gen.vcxproj.filters@1.1 +69 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpd-keyword-gen/ntpd-keyword-gen.vcxproj.filters@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpd/gen-ntp_keyword.bat@1.1 +53 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpd/gen-ntp_keyword.bat@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpd/ntpd.vcxproj@1.1 +515 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpd/ntpd.vcxproj@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpd/ntpd.vcxproj.filters@1.1 +556 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpd/ntpd.vcxproj.filters@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpdate/ntpdate.vcxproj@1.1 +287 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpdate/ntpdate.vcxproj@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpdate/ntpdate.vcxproj.filters@1.1 +72 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpdate/ntpdate.vcxproj.filters@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpdc/ntpdc.vcxproj@1.1 +278 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpdc/ntpdc.vcxproj@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpdc/ntpdc.vcxproj.filters@1.1 +45 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpdc/ntpdc.vcxproj.filters@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpq/ntpq.vcxproj@1.1 +277 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpq/ntpq.vcxproj@1.0 +0 -0
++
++  ports/winnt/vs2015/ntpq/ntpq.vcxproj.filters@1.1 +42 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/ntpq/ntpq.vcxproj.filters@1.0 +0 -0
++
++  ports/winnt/vs2015/release-x64.props@1.1 +25 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/release-x64.props@1.0 +0 -0
++
++  ports/winnt/vs2015/release.props@1.1 +25 -0
++    [Bug 3038] NTP fails to build in VS2015 Community Edition
++     - add build environment
++
++  ports/winnt/vs2015/release.props@1.0 +0 -0
++
+ ChangeSet@1.3669, 2016-04-26 20:30:51-04:00, stenn@deacon.udel.edu
+   NTP_4_2_8P7
+   TAG: NTP_4_2_8P7
+--- contrib/ntp/NEWS.orig
++++ contrib/ntp/NEWS
+@@ -1,4 +1,116 @@
+ ---
++NTP 4.2.8p8 (Harlan Stenn <stenn@ntp.org>, 2016/06/02) 
++
++Focus: Security, Bug fixes, enhancements.
++
++Severity: HIGH
++
++In addition to bug fixes and enhancements, this release fixes the
++following 1 high- and 4 low-severity vulnerabilities:
++
++* CRYPTO_NAK crash
++   Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016
++   References: Sec 3046 / CVE-2016-4957 / VU#321640

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606040651.u546p8e1017004>