diff options
author | delphij <delphij@FreeBSD.org> | 2016-06-03 08:00:22 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2016-06-03 08:00:22 +0000 |
commit | d64b1a0b83003cfde6f14f443cc77ef5d4fb93a2 (patch) | |
tree | 042fe6d27b8d21e4a753d870e62e6ddf906a9a7b /usr.sbin | |
parent | 2471e9df433f5cfb8d4f26165b81c37f0122e250 (diff) | |
parent | 5a3cfd0dbd10b07725e7ba923e5b0ebbe9919c77 (diff) | |
download | FreeBSD-src-d64b1a0b83003cfde6f14f443cc77ef5d4fb93a2.zip FreeBSD-src-d64b1a0b83003cfde6f14f443cc77ef5d4fb93a2.tar.gz |
MFV r301238:
ntp 4.2.8p8.
Security: CVE-2016-4957, CVE-2016-4953, CVE-2016-4954
Security: CVE-2016-4955, CVE-2016-4956
Security: FreeBSD-SA-16:24.ntp
With hat: so
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/ntp/config.h | 10 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntp-keygen.8 | 4 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntp.conf.5 | 26 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntp.keys.5 | 4 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntpd.8 | 4 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntpdc.8 | 4 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/ntpq.8 | 4 | ||||
-rw-r--r-- | usr.sbin/ntp/doc/sntp.8 | 4 | ||||
-rwxr-xr-x | usr.sbin/ntp/scripts/mkver | 2 |
9 files changed, 42 insertions, 20 deletions
diff --git a/usr.sbin/ntp/config.h b/usr.sbin/ntp/config.h index 30988ea..d11819c 100644 --- a/usr.sbin/ntp/config.h +++ b/usr.sbin/ntp/config.h @@ -1449,7 +1449,7 @@ #define PACKAGE_NAME "ntp" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "ntp 4.2.8p7" +#define PACKAGE_STRING "ntp 4.2.8p8" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "ntp" @@ -1458,7 +1458,7 @@ #define PACKAGE_URL "http://www.ntp.org./" /* Define to the version of this package. */ -#define PACKAGE_VERSION "4.2.8p7" +#define PACKAGE_VERSION "4.2.8p8" /* data dir */ #define PERLLIBDIR "/usr/local/share/ntp/lib" @@ -1639,7 +1639,7 @@ typedef unsigned int uintptr_t; /* #undef USE_UDP_SIGPOLL */ /* Version number of package */ -#define VERSION "4.2.8p7" +#define VERSION "4.2.8p8" /* vsnprintf expands "%m" to strerror(errno) */ /* #undef VSNPRINTF_PERCENT_M */ @@ -1816,5 +1816,5 @@ typedef union mpinfou { /* * FreeBSD specific: Explicitly specify date/time for reproducible build. */ -#define MKREPRO_DATE "Apr 27 2016" -#define MKREPRO_TIME "05:53:49" +#define MKREPRO_DATE "Jun 03 2016" +#define MKREPRO_TIME "06:34:37" diff --git a/usr.sbin/ntp/doc/ntp-keygen.8 b/usr.sbin/ntp/doc/ntp-keygen.8 index 4b58a4c..bb7972a 100644 --- a/usr.sbin/ntp/doc/ntp-keygen.8 +++ b/usr.sbin/ntp/doc/ntp-keygen.8 @@ -1,11 +1,11 @@ -.Dd April 26 2016 +.Dd June 2 2016 .Dt NTP_KEYGEN 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed April 26, 2016 at 08:30:23 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed June 2, 2016 at 07:39:43 AM by AutoGen 5.18.5 .\" From the definitions ntp-keygen-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/usr.sbin/ntp/doc/ntp.conf.5 b/usr.sbin/ntp/doc/ntp.conf.5 index 4e45240..42af4a5 100644 --- a/usr.sbin/ntp/doc/ntp.conf.5 +++ b/usr.sbin/ntp/doc/ntp.conf.5 @@ -1,11 +1,11 @@ -.Dd April 26 2016 +.Dd June 2 2016 .Dt NTP_CONF 5 File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed April 26, 2016 at 08:28:36 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed June 2, 2016 at 07:36:16 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -2442,6 +2442,7 @@ The default value is 46, signifying Expedited Forwarding. .Cm calibrate | Cm kernel | .Cm mode7 | Cm monitor | .Cm ntp | Cm stats | +.Cm peer_clear_digest_early | .Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early .Oc .Xc @@ -2451,6 +2452,7 @@ The default value is 46, signifying Expedited Forwarding. .Cm calibrate | Cm kernel | .Cm mode7 | Cm monitor | .Cm ntp | Cm stats | +.Cm peer_clear_digest_early | .Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early .Oc .Xc @@ -2518,6 +2520,26 @@ closes the feedback loop, which is useful for testing. The default for this flag is .Ic enable . +.It Cm peer_clear_digest_early +By default, if +.Xr ntpd 8 +is using autokey and it +receives a crypto\-NAK packet that +passes the duplicate packet and origin timestamp checks +the peer variables are immediately cleared. +While this is generally a feature +as it allows for quick recovery if a server key has changed, +a properly forged and appropriately delivered crypto\-NAK packet +can be used in a DoS attack. +If you have active noticable problems with this type of DoS attack +then you should consider +disabling this option. +You can check your +.Cm peerstats +file for evidence of any of these attacks. +The +default for this flag is +.Ic enable . .It Cm stats Enables the statistics facility. See the diff --git a/usr.sbin/ntp/doc/ntp.keys.5 b/usr.sbin/ntp/doc/ntp.keys.5 index 6fb04bf..06cf644 100644 --- a/usr.sbin/ntp/doc/ntp.keys.5 +++ b/usr.sbin/ntp/doc/ntp.keys.5 @@ -1,11 +1,11 @@ -.Dd April 26 2016 +.Dd June 2 2016 .Dt NTP_KEYS 5 File Formats .Os SunOS 5.10 .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed April 26, 2016 at 08:28:39 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed June 2, 2016 at 07:36:20 AM by AutoGen 5.18.5 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME diff --git a/usr.sbin/ntp/doc/ntpd.8 b/usr.sbin/ntp/doc/ntpd.8 index d7e6650..bb51eb3 100644 --- a/usr.sbin/ntp/doc/ntpd.8 +++ b/usr.sbin/ntp/doc/ntpd.8 @@ -1,11 +1,11 @@ -.Dd April 26 2016 +.Dd June 2 2016 .Dt NTPD 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed April 26, 2016 at 08:28:41 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed June 2, 2016 at 07:36:22 AM by AutoGen 5.18.5 .\" From the definitions ntpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/usr.sbin/ntp/doc/ntpdc.8 b/usr.sbin/ntp/doc/ntpdc.8 index 7b73651..39de44d 100644 --- a/usr.sbin/ntp/doc/ntpdc.8 +++ b/usr.sbin/ntp/doc/ntpdc.8 @@ -1,11 +1,11 @@ -.Dd April 26 2016 +.Dd June 2 2016 .Dt NTPDC 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed April 26, 2016 at 08:29:08 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed June 2, 2016 at 07:36:58 AM by AutoGen 5.18.5 .\" From the definitions ntpdc-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/usr.sbin/ntp/doc/ntpq.8 b/usr.sbin/ntp/doc/ntpq.8 index 6f2d080..60e66de 100644 --- a/usr.sbin/ntp/doc/ntpq.8 +++ b/usr.sbin/ntp/doc/ntpq.8 @@ -1,11 +1,11 @@ -.Dd April 26 2016 +.Dd June 2 2016 .Dt NTPQ 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed April 26, 2016 at 08:29:41 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed June 2, 2016 at 07:37:48 AM by AutoGen 5.18.5 .\" From the definitions ntpq-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/usr.sbin/ntp/doc/sntp.8 b/usr.sbin/ntp/doc/sntp.8 index a0172a3..c0ab263 100644 --- a/usr.sbin/ntp/doc/sntp.8 +++ b/usr.sbin/ntp/doc/sntp.8 @@ -1,11 +1,11 @@ -.Dd April 26 2016 +.Dd June 2 2016 .Dt SNTP 8 User Commands .Os .\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc) .\" .\" $FreeBSD$ .\" -.\" It has been AutoGen-ed April 26, 2016 at 08:21:15 PM by AutoGen 5.18.5 +.\" It has been AutoGen-ed June 2, 2016 at 07:20:03 AM by AutoGen 5.18.5 .\" From the definitions sntp-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/usr.sbin/ntp/scripts/mkver b/usr.sbin/ntp/scripts/mkver index 373bb5f..5318024 100755 --- a/usr.sbin/ntp/scripts/mkver +++ b/usr.sbin/ntp/scripts/mkver @@ -6,7 +6,7 @@ PROG=${1-UNKNOWN} ConfStr="$PROG" -ConfStr="$ConfStr 4.2.8p7" +ConfStr="$ConfStr 4.2.8p8" case "$CSET" in '') ;; |