[chrony-dev] [GIT] chrony/chrony.git branch, 1.29-security, created. 1.2

[chrony-dev] [GIT] chrony/chrony.git branch, 1.29-security, created. 1.29-5-gc4e6183

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [chrony-dev] [GIT] chrony/chrony.git branch, 1.29-security, created. 1.29-5-gc4e6183
From: git@xxxxxxxxxxxxx
Date: Thu, 30 Jan 2014 17:22:20 +0100

This is an automated email from git. It was enerated because a ref
change was pushed to the repository "chrony/chrony.git".

The branch, 1.29-security has been created
        at  c4e61835d3428913964035a3bbccb4e2c17da644 (commit)

- Log -----------------------------------------------------------------
commit c4e61835d3428913964035a3bbccb4e2c17da644
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Jan 28 13:28:11 2014 +0100

    Update faq.txt

commit e15ce69d08e4c0a489aa75f50116bc1c75a1bfad
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Fri Jan 24 16:06:38 2014 +0100

    Send cmdmon error replies only to allowed hosts
    
    The status codes STT_BADPKTVERSION, STT_BADPKTLENGTH, STT_NOHOSTACCESS
    were sent even to hosts that were not allowed by cmdallow. Deprecate
    STT_NOHOSTACCESS and ignore packets from hosts not allowed by cmdallow
    completely.

commit d537ed11fdbc5ef45a5d41cc01b9684fd5ca2b44
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Fri Jan 24 15:49:18 2014 +0100

    Support previous protocol version in chronyc
    
    This adds compatibility with chronyd using the previous protocol version
    (chrony versions 1.27, 1.28, 1.29).

commit dba458d50c8df52d44c7b90ed6bf81be7413b955
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Fri Jan 24 13:55:15 2014 +0100

    Add padding to cmdmon requests to prevent amplification attack
    
    To prevent an attacker using chronyd in an amplification attack, change
    the protocol to include padding in request packets so that the largest
    possible reply is not larger than the request. Request packets that
    don't include this padding are ignored as invalid.
    
    This is an incompatible change in the protocol. Clients from chrony
    1.27, 1.28 and 1.29 will receive NULL reply with STT_BADPKTVERSION and
    print "Protocol version mismatch". Clients from 1.26 and older will not
    receive a reply as it would be larger than the request if it was padded
    to be compatible with their protocol.

commit 3e23430926342994ef85e181f5b8c71b2c4a9401
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Jan 23 10:55:12 2014 +0100

    Set maximum number of samples in manual list reply to 16
    
    In chronyd the maximum number of manual samples is 16, so there is no
    need to keep room for 32 samples in the command reply. This limits the
    maximum assumed size of the reply packet.

-----------------------------------------------------------------------


hooks/post-receive
--
chrony/chrony.git

-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-dev] Traffic amplification with chrony commands
Next by Date: [chrony-dev] 1.29.1 release ready?
Previous by thread: [chrony-dev] [PATCH 4/4] Send cmdmon error replies only to allowed hosts
Next by thread: [chrony-dev] 1.29.1 release ready?

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/