ECO kit NTP-010_A056

NTP-010_A056 - NTP ECO kit Rev 1.0 for MultiNet V5.5A	12-Oct-2021

    Copyright © 2010-2021 Process Software, LLC
 
    This kit updates MultiNet versions 5.5 Rev A and 5.6 Rev A with version
    ntpd 4.2.8p15. This corrects all vulnerabilities known as of
    June 23, 2020.

    This kit contains the following images:
	MULTINET_SOCKET_LIBRARY.EXE - new entry points to resolve names to
	    addresses
	NTPD.EXE - the NTP time maintainence daemon.
	NTPDC.EXE - an NTP control program
	NTPQ.EXE - an NTP control program
	NTP_LIBLOCK.EXE - VMS Version specific routines.
	NTPDATE.EXE - 

	Note that the size of the images has increased because of use of
	additional cryptographic routines that don't currently have entry
	points in the cryptographic routines image provided with MultiNet.
    
    The ranking for this ECO is 3. The highest rank is 1.

    - Work to allow "slewalways" to work as intended with this version of NTP.
      The "slewalways" option requires at least one server that is labeled as
      "true" or "prefer". These servers should be trusted to continue to
      provide accurate time when daylight saving time starts or ends since
      these changes will cause the algorithm that would normally throw them
      out due to an unexpectedly large time difference to retain them for
      synchronization. Note that this change to the algorithm only affects
      functioning on the day of a DST time change. Slewing will happen at a
      fast rate (the clock will run as much as 1/3 slower or faster than
      normal until the local clock is back in sync). Stepping when
      "slewalways" is not in use is unaffected by these changes. 
      NTP-010_A056 12-Oct-2021 BZ 6728

    - Correct a problem where NTPD running on a system that does not observe
      day light saving time goes compute bound. All images now use the LIBCRYPTO
      shareable instead of having the routines in the image.  This reduces the
      size of some of the image files and the patch.

   -  Add some messages when the system is unable to synchronize the time with
      any servers and servers are reachable stating that the accuracy is poor
      and displaying variables.  Note that these messages may occasionally
      occur in configurations that eventually select a good clock.  Also there
      is nothing to limit messages so the log file could grow.  The minimum
      time between polling (and hence messages) is typically about 1 minute.
      NTP-091_A055 21-Jul-2020

    - Update to NTP 4.2.8p15 from ntp.org to correct a memory leak and other bugs.
      NTP-090_A055 26-Jun-2020

    - Update NTPDATE for VAX and Alpha systems.
      NTP-089_A055 16-Jun-2020

    - More work on name resolution, particularly for CNAME that don't specify
      the address family in the configuration file.
      NTP-088_A055 2-Jun-2020

    - Update to NTP 4.2.8P14 to correct some security fixes. See
      https://support.ntp.org/bin/view/Main/SecurityNotice#March_2020_ntp_4_2_8p14_NTP_Rele
      for details.
    - Correct a potential page fault with high IPL that can cause a system crash.
      NTP-087_A055 10-Mar-2020

    - Update to NTP 4.2.8P13 to correct CVE 2019-8936
      NTP-086_A055 19-Mar-2019

    - Correct an error in handling the WAYTOOBIG configuration parameter that
      can cause NTPD to always step the clock and not be useful as a server.
      NTP-085_A055 9-Nov-2018

    - Correct a problem with using system specific time zone rules that
      can cause problems when entering day light saving time.
      NTP-084_A055 24-Oct-2018

    - Update to NTP 4.2.8p12 from NTP.ORG.  NTP-083_A055 17-Sep-2018

    - Correct a problem with processing address restriction (-4) in
      configuration lines that was accidentily introduced in an earlier patch.

    This implementation of NTPD has not had sufficient testing of the
    SLEW_ALWAYS configuration addition.

    - Reduce "Unexpected origin timestamp" messages. NTP-082_A055 19-Jun-2018

    - Improvements to name resolution. DE 6662 NTP-081-A055 21-May-2018

    - Update base code to NTP 4.2.8p11 to resolve a number of problems.
      (CVE-2016-1549, CVE-2018-7182, CVE-2018-7170, CVE-2018-7184,
       CVE-2018-7185) NTP-080_A055, ECO Rank 2 19-Mar-2018

    - Restore message about SLEW_ALWAYS being used. NTP-080_A055, ECO Rank 3

    - Update base code to NTP 4.2.8P10 to resolve a number of problems.
      (CVE-2017-6464, CVE-2017-6462, CVE-2017-6463, CVE-2017-6458,
      CVE-2017-6451, CVE-2017-6460, CVE-2016-9042) NTP-070_A055, ECO Rank 3

    - Provide an appropriate MULTINET_SOCKET_LIBRARY.EXE for the version of
      MultiNet being used. (NTP-061_A055, ECO Rank 3)

    - Correct a few more instances where address values could overflow the
      space available. (NTP-061_A055, ECO Rank 3)

    - Restore parsing of DISABLE OPCOM. (NTP-061_A055, ECO Rank 3)

    - Update base code to NTP 4.2.8P9 to resolve a number of problems.
      (CVE-2016-9311, CVE-2016-9310, CVE-2016-7427, CVE-2016-7428,
      CVE-2016-7431, CVE-2016-7434, CVE-2016-7429, CVE-2016, 7426,
      CVE-2016-7433) (NTP-060_a055, ECO Rank 2)

    - Correct an error that can cause stack corruption when servers with IPv6
      addresses are used.  On Alpha systems this can cause NTPD to be compute
      bound. (NTP-060_A055, ECO Rank 2)

    - Correct an error in the computation of the completion time for the "fall
      back" change from day light saving time to standard time. The error may
      cause the time to "fall back" more than once resulting in the wrong
      time. (NTP-050_A055, ECO Rank 2)

    - Provide the NTPDATE image, which was not included in MultiNet 5.5
      (NTP-048_A055, ECO Rank 3)

    - Improve recognition of ; as comment character.

    - Modifcations to NTPDATE to observe system time zone.

    - Correct a number of security problems. (CVEs 2015-7704, 2015-8138,
      2016-1547, 2016-1548, 2016-1549, 2016-1550, 2016-1551, 2016-2516,
      2016-2517, 2016-2518 and 2016-2519)
      (NTP-047_A055)

    - Correct parsing problem for LOCAL-MASTER and MASTER-SERVER.
	(NTP-046_A054)

    - Update MULTINET_SOCKET_LIBRARY.
	(NTP-045_A054)

    - Correct a memory leak in NTPD.
      (NTP-044_A054)

    - Set process /dump to produce a dump file when unexpected things happen.
      (NTP-043_A054)

    - Address a problem which can cause NTP to stop responding to the MultiNet
      Master Server. (NTP-042_A054)

    - Save the names resolved by responding to MULTINET NETC NTP SHOW
      so that they don't have to be resolved each time. (NTP-041_A054)

    - Add a start up delay for when the system has DNS clusters to allow time
      for the name server to get started.
      (NTP-040_A054)

    - Modification to NTPQ and NTPDC to allow them to be used from the
      MULTINET command. (NTP-032_A054)