ntp-4.2.8p14

[Bruce Dubbs]

New patch version.

[Bruce Dubbs]

NTP 4.2.8p14 (Harlan Stenn <stenn@…>, 2020 Mar 03)

Focus: Security, Bug fixes, enhancements.

Severity: MEDIUM

This release fixes three vulnerabilities: a bug that causes causes an ntpd instance that is explicitly configured to override the default and allow ntpdc (mode 7) connections to be made to a server to read some uninitialized memory; fixes the case where an unmonitored ntpd using an unauthenticated association to its servers may be susceptible to a forged packet DoS attack; and fixes an attack against a client instance that uses a single unauthenticated time source. It also fixes 46 other bugs and addresses 4 other issues.

• [Sec 3610] process_control() should bail earlier on short packets. stenn@
  • Reported by Philippe Antoine
• [Sec 3596] Highly predictable timestamp attack. <stenn@…>
  • Reported by Miroslav Lichvar
• [Sec 3592] DoS attack on client ntpd <perlinger@…>
  • Reported by Miroslav Lichvar
• [Bug 3637] Emit the version of ntpd in saveconfig. stenn@
• [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@…>
• [Bug 3635] Make leapsecond file hash check optional <perlinger@…>
• [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@
• [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
  • implement Zeller's congruence in libparse and libntp <perlinger@…>
• [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@…>
  • integrated patch by Cy Schubert
• [Bug 3620] memory leak in ntpq sysinfo <perlinger@…>
  • applied patch by Gerry Garvey
• [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@…>
  • applied patch by Gerry Garvey
• [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@…>
  • integrated patch by Richard Steedman
• [Bug 3615] accelerate refclock startup <perlinger@…>
• [Bug 3613] Propagate noselect to mobilized pool servers <stenn@…>
  • Reported by Martin Burnicki
• [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@…>
  • Reported by Philippe Antoine
• [Bug 3611] NMEA time interpreted incorrectly <perlinger@…>
  • officially document new "trust date" mode bit for NMEA driver
  • restore the (previously undocumented) "trust date" feature lost with [bug 3577]
• [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@…>
  • mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
• [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@…>
  • removed ffs() and fls() prototypes as per Brian Utterback
• [Bug 3604] Wrong param byte order passing into record_raw_stats() in

ntp_io.c <perlinger@…>

• fixed byte and paramter order as suggested by wei6410@…

• [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@…>
• [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@…>
  • added padding as suggested by John Paul Adrian Glaubitz
• [Bug 3594] ntpd discards messages coming through nmead <perlinger@…>
• [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@…>
• [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@…>
• [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@…>
  • stdout+stderr are set to line buffered during test setup now
• [Bug 3583] synchronization error <perlinger@…>
  • set clock to base date if system time is before that limit
• [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@…>
• [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@…>
  • Reported by Paulo Neves
• [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@…>
  • also updates for refclock_nmea.c and refclock_jupiter.c
• [Bug 3576] New GPS date function API <perlinger@…>
• [Bug 3573] nptdate: missleading error message <perlinger@…>
• [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@…>
• [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@…>
  • sidekick: service port resolution in 'ntpdate'
• [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@…>
  • applied patch by Douglas Royds
• [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@…>
• [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@…>
  • applied patch by Gerry Garvey
• [Bug 3531] make check: test-decodenetnum fails <perlinger@…>
  • try to harden 'decodenetnum()' against 'getaddrinfo()' errors
  • fix wrong cond-compile tests in unit tests
• [Bug 3517] Reducing build noise <perlinger@…>
• [Bug 3516] Require tooling from this decade <perlinger@…>
  • patch by Philipp Prindeville
• [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@…>
  • patch by Philipp Prindeville
• [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@…>
  • patch by Philipp Prindeville
• [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@…>
  • partial application of patch by Philipp Prindeville
• [Bug 3491] Signed values of LFP datatypes should always display a sign
  • applied patch by Gerry Garvey & fixed unit tests <perlinger@…>
• [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@…>
  • applied (modified) patch by Richard Steedman
• [Bug 3473] RefID of refclocks should always be text format <perlinger@…>
  • applied patch by Gerry Garvey (with minor formatting changes)
• [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@…>
  • applied patch by Miroslav Lichvar
• [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network <perlinger@…>
• [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user is specified with -u <perlinger@…>
  • monitor daemon child startup & propagate exit codes
• [Bug 1433] runtime check whether the kernel really supports capabilities
  • (modified) patch by Kurt Roeckx <perlinger@…>
• Clean up sntp/networking.c:sendpkt() error message. <stenn@…>
• Provide more detail on unrecognized config file parser tokens. <stenn@…>
• Startup log improvements. <stenn@…>
• Update the copyright year.

[Douglas R. Reno]

Mark as high due to security vulnerability fixes (3 of them)

[Bruce Dubbs]

Fixed at revision 22799.

[Bruce Dubbs]

Milestone renamed

[Bruce Dubbs]

Milestone renamed