ntp-4.2.8p15

[Bruce Dubbs]

New patch level version.

[Bruce Dubbs]

NTP 4.2.8p15 (Harlan Stenn <stenn@…>, 2020 Jun 23)

Focus: Security, Bug fixes

Severity: MEDIUM

This release fixes one vulnerability: Associations that use CMAC authentication between ntpd from versions 4.2.8p11/4.3.97 and 4.2.8p14/4.3.100 will leak a small amount of memory for each packet. Eventually, ntpd will run out of memory and abort.

It also fixes 13 other bugs.

• [Sec 3661] memory leak with AES128CMAC keys
• [Bug 3670] Regression from bad merger between 3592 and 3596
• [Bug 3667] decodenetnum fails with numeric port
  • rewrite 'decodenetnum()' in terms of inet_pton
• [Bug 3666] avoid unlimited receive buffer allocation
  • limit number of receive buffers, with an iron reserve for refclocks
• [Bug 3664] Enable openSSL CMAC support on Windows
• [Bug 3662] Fix build errors on Windows with VS2008
• [Bug 3660] Manycast orphan mode startup discovery problem.
• [Bug 3659] Move definition of psl[] from ntp_config.h to ntp_config.h
• [Bug 3657] Wrong "Autokey group mismatch" debug message
• [Bug 3655] ntpdc memstats hash counts
• [Bug 3653] Refclock jitter RMS calculation
• [Bug 3646] Avoid sync with unsync orphan
• [Bug 3644] Unsynchronized server [...] selected as candidate
• [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply.

[Bruce Dubbs]

Fixed at revision 23322.

[Bruce Dubbs]

Milestone renamed

[Bruce Dubbs]

Milestone renamed