NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
This object provides an interface to the outside world. All calls to
system functions, or handling of file names, should be brokered by
NOTE: TWiki creates a singleton sandbox that is shared
by all TWiki
runs under a single mod_perl instance. If any TWiki run modifies the
sandbox, that modification will carry over in to subsequent runs.
Be very, very careful!
Construct a new sandbox suitable for $os, setting
flags for platform features that help. $realOS distinguishes
Perl variants on platforms such as Windows.
Break circular references.
StaticMethod untaintUnchecked ($string) -> $untainted
Untaints $string without any checks (dangerous). If $string is
undefined, return undef.
The intent is to use this routine to be able to find all untainting
places using grep.
StaticMethod normalizeFileName ($string) -> $filename
Errors out if $string contains filtered characters.
The returned string is not tainted, but it may contain shell
metacharacters and even control characters.
StaticMethod sanitizeAttachmentName ($fname) -> ($fileName,$origName)
Given a file name received in a query parameter, sanitise it. Returns
the sanitised name together with the basename before sanitisation.
Sanitisation includes filtering illegal characters and mapping client
file names to legal server names.
ObjectMethod sysCommand ($template,@params) -> ($data,$exit)
Invokes the program described by $template
and @params, and returns the output of the program and an exit code.
STDOUT is returned. STDERR is THROWN AWAY.
The caller has to ensure that the invoked program does not react in a
harmful way to the passed arguments. sysCommand merely
ensures that the shell does not interpret any of the passed arguments.