From owner-freebsd-security@freebsd.org Wed Jun 24 13:58:04 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 51FBC9157CB for ; Wed, 24 Jun 2015 13:58:04 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2A8B61010 for ; Wed, 24 Jun 2015 13:58:03 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 160FF20EFF for ; Wed, 24 Jun 2015 09:57:54 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute5.internal (MEProxy); Wed, 24 Jun 2015 09:57:58 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=Ew8kaWU6CcIF481 NcAWkfnvn3Tg=; b=ohsaP2AMticl7Q4hiDUcNfzdyY9wWQ2FB0O6O+ZuL2hpJXu ly77fQgu6BpY8LA+Vd8VDZq5JG7Ca6dAjo2Bl9tg6Z9BgMrgwS3ipl4dfjRqeDVM i5mUqE4Wc3wqU+xbFXO8Fha0mz2OKbguZT1QfQ7mNfTl4ZmVZXDgadO0ytNQ= Received: by web3.nyi.internal (Postfix, from userid 99) id 57D8E101E0A; Wed, 24 Jun 2015 09:57:54 -0400 (EDT) Message-Id: <1435154274.964221.306546033.052903CD@webmail.messagingengine.com> X-Sasl-Enc: i5f9Ua7OkptZLwZof3Zi1rHN+fgPT+jeA+ShorhTfxkU 1435154274 From: Mark Felder To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-eecef38c Subject: Re: Leap Second Date: Wed, 24 Jun 2015 08:57:54 -0500 In-Reply-To: References: X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2015 13:58:04 -0000 On Tue, Jun 23, 2015, at 14:03, Pawel Biernacki wrote: > Hi, > > As we (hopefully) all know on 30th of June we'll observe leap second. > tzdata information was updated in release 2015a in January. This > version > was imported in FreeBSD HEAD (r279706), 10-STABLE (r279707), 9-STABLE > (r279708) and 8-STABLE (r279709) on 6th of March. Since then there were > no > releases and therefore users of _supported_ releases don't have tzdata > information about incoming leap second. > RedHat published a very detailed guide about that: > https://access.redhat.com/articles/15145. > I believe that FreeBSD Project should issue Errata Notices for all > supported version with update to share/zoneinfo/leap-seconds.list file. > This also means update to 8.4-R that will be supported till the last (and > leap) second of 30th of June. > I'm not an expert on the leapsecond operation, but if I understand it correctly there are two ways a system can be notified of a leapsecond: via a tzdata update or through NTP. I *think* if the tzdata was missing the leapsecond information but the server was syncing to an NTP server that is aware of the leapsecond, the leapsecond info is passed to the NTP client ~24 hours before it happens. This would mean there are three potential scenarios: 1) FreeBSD server unaware of leapsecond due to no tzdata entry and not synced to NTP ends up 1 second off 2) FreeBSD server unaware of leapsecond due to no tzdata entry synced to leapsecond-aware NTP server successfully handles leapsecond 3) FreeBSD server unaware of leapsecond due to no tzdata entry acting as NTP server doesn't notify clients of leapsecond and they end up 1 second off Can anyone confirm/deny if this summary is accurate?