[chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.0-pre1-41-g074dac4

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


This is an automated email from git. It was enerated because a ref
change was pushed to the repository "chrony/chrony.git".

The branch, master has been updated
       via  074dac41952f9bb9862958edc22afdd03d591b2c (commit)
       via  a8239b865a9858a5bc5174959d391de2cddbc2f3 (commit)
       via  f6a9c5c1b760a563e65493509825ec45bf90f15c (commit)
       via  42774ee8510fa4d71e6b0db30fdf8a51b88a26b9 (commit)
       via  4e26f487819e6ed003df1d44b31f1ebe3f7dc477 (commit)
       via  aec97397e8a511092fbc0050b57ec261e72bc02a (commit)
       via  183a648d0132e2aaa5a952445ac8c36c7e4e3280 (commit)
       via  27f8ad7fd119cf865be0f6dc08cc0b5e960e6da0 (commit)
       via  a79fbef21e33338552ebba483ada23a8d08fbf9c (commit)
       via  54bbd2b1c070da3f482dea24e1977c082897cb10 (commit)
       via  10b2b53aa77e915346ea0ad4eaae274a5ffb730c (commit)
       via  e18ee0bb4671ce1a2fcd7eb131d699651cedaa71 (commit)
       via  f0c48680fe57b964e148dce75545852802a37c49 (commit)
      from  565976acbe3cecb8adb5a5df84ca769eafb1effb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 074dac41952f9bb9862958edc22afdd03d591b2c
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Apr 7 16:14:09 2015 +0200

    doc: update NEWS

commit a8239b865a9858a5bc5174959d391de2cddbc2f3
Merge: f6a9c5c 54bbd2b
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Apr 7 15:34:39 2015 +0200

    Merge branch '1.31-security'
    
    Conflicts:
    	NEWS
    	ntp_core.c

commit f6a9c5c1b760a563e65493509825ec45bf90f15c
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Apr 7 15:03:44 2015 +0200

    sys: allow drivers to fail when applying step offset
    
    Different systems may consider different time values to be valid.
    Don't exit on settimeofday()/adjtimex() error in case the check in
    UTI_IsTimeOffsetSane() isn't restrictive enough.

commit 42774ee8510fa4d71e6b0db30fdf8a51b88a26b9
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Apr 7 15:02:32 2015 +0200

    refclock: check offset sanity

commit 4e26f487819e6ed003df1d44b31f1ebe3f7dc477
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Apr 7 15:01:30 2015 +0200

    manual: check offset sanity

commit aec97397e8a511092fbc0050b57ec261e72bc02a
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Apr 7 14:58:58 2015 +0200

    local: check offset sanity before accumulation
    
    Don't accept an offset that points to time before 1970 or outside the
    interval to which is mapped NTP time.

commit 183a648d0132e2aaa5a952445ac8c36c7e4e3280
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Apr 7 14:13:41 2015 +0200

    local: clamp frequency offset
    
    Don't allow frequency offset larger than 50%, the tracked time must not
    stop or run backwards.

commit 27f8ad7fd119cf865be0f6dc08cc0b5e960e6da0
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Apr 7 14:07:40 2015 +0200

    cmdmon: fix handling of client access command
    
    Rework the loop to limit the number of iterations to MAX_CLIENT_ACCESSES
    and not waste CPU.

commit a79fbef21e33338552ebba483ada23a8d08fbf9c
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Apr 7 14:01:25 2015 +0200

    ntp: set maximum allowed polling interval
    
    To have an upper bound don't allow polling interval be larger than 24
    (194 days).

commit 54bbd2b1c070da3f482dea24e1977c082897cb10
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Mar 30 15:19:12 2015 +0200

    doc: update NEWS

commit 10b2b53aa77e915346ea0ad4eaae274a5ffb730c
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Mar 30 15:13:27 2015 +0200

    cmdmon: fix initialization of allocated reply slots
    
    When allocating memory to save unacknowledged replies to authenticated
    command requests, the last "next" pointer was not initialized to NULL.
    When all allocated reply slots were used, the next reply could be
    written to an invalid memory instead of allocating a new slot for it.
    
    An attacker that has the command key and is allowed to access cmdmon
    (only localhost is allowed by default) could exploit this to crash
    chronyd or possibly execute arbitrary code with the privileges of the
    chronyd process.

commit e18ee0bb4671ce1a2fcd7eb131d699651cedaa71
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Mar 30 14:41:37 2015 +0200

    addrfilt: fix access configuration with subnet size indivisible by 4
    
    When NTP or cmdmon access was configured (from chrony.conf or via
    authenticated cmdmon) with a subnet size that is indivisible by 4 and
    an address that has nonzero bits in the 4-bit subnet remainder (e.g.
    192.168.15.0/22 or f000::/3), the new setting was written to an
    incorrect location, possibly outside the allocated array.
    
    An attacker that has the command key and is allowed to access cmdmon
    (only localhost is allowed by default) could exploit this to crash
    chronyd or possibly execute arbitrary code with the privileges of the
    chronyd process.

commit f0c48680fe57b964e148dce75545852802a37c49
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Mar 5 12:44:30 2015 +0100

    ntp: protect authenticated symmetric associations against DoS attacks
    
    An attacker knowing that NTP hosts A and B are peering with each other
    (symmetric association) can send a packet with random timestamps to host
    A with source address of B which will set the NTP state variables on A
    to the values sent by the attacker. Host A will then send on its next
    poll to B a packet with originate timestamp that doesn't match the
    transmit timestamp of B and the packet will be dropped. If the attacker
    does this periodically for both hosts, they won't be able to synchronize
    to each other. It is a denial-of-service attack.
    
    According to [1], NTP authentication is supposed to protect symmetric
    associations against this attack, but in the NTPv3 (RFC 1305) and NTPv4
    (RFC 5905) specifications the state variables are updated before the
    authentication check is performed, which means the association is
    vulnerable to the attack even when authentication is enabled.
    
    To fix this problem in chrony, save the originate and local timestamps
    only when the authentication check (test5) passed.
    
    [1] https://www.eecis.udel.edu/~mills/onwire.html

-----------------------------------------------------------------------

Summary of changes:
 NEWS          |   20 ++++++++++++++++---
 addrfilt.c    |    5 ++++-
 cmdmon.c      |   28 ++++++++++++++------------
 local.c       |   61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 local.h       |    2 +-
 localp.h      |    2 +-
 manual.c      |   26 +++++++++++++++++++++---
 manual.h      |    1 +
 ntp_core.c    |   23 ++++++++++++++--------
 refclock.c    |    7 +++++--
 reference.c   |    4 ++--
 rtc.c         |    6 +++---
 rtc_linux.c   |    6 +++---
 sys_generic.c |    7 +++++--
 sys_linux.c   |    7 +++++--
 sys_netbsd.c  |    6 ++++--
 sys_solaris.c |    7 +++++--
 sys_sunos.c   |    6 ++++--
 util.c        |   30 ++++++++++++++++++++++++++++
 util.h        |    3 +++
 20 files changed, 205 insertions(+), 52 deletions(-)


hooks/post-receive
--
chrony/chrony.git

-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/