Release Notes for SecureSync System Software

Release Notes for SecureSync System Software
Software Update Release Notes: SecureSync™
Software Version 5.7.0: Release Notes
Spectracom
Rochester NY, USA
07-June-2017
Spectracom released a software update for SecureSync. Customers can download this software
update at no charge from the Spectracom website (see How to download and install the new SW.)
This software update will upgrade the unit’s system software to Version 5.7.0.
This update provides added benefits through new features, enhancements to existing functionality,
as well as software fixes and security updates, as described in this document.
For your convenience, older 5.x legacy releases are also described in this document, while release
notes for 4.x releases are described in the document Release Notes for SecureSync System
software updates up to and including Version 4.8.9, which is available on the Spectracom website.
IMPORTANT NOTE regarding the software update installation:
The Version 5.7.0 release includes a firmware upgrade for the GNSS receiver.
To install this receiver upgrade, you must first apply the SecureSync system software
Release 5.7.0 update, and then you must again apply the Release 5.7.0 update which
will program the u-blox M8T GNSS Receiver firmware system. (See Chapter 2.2.1 in the
separate Upgrade Instructions document)
Note:
spectracom.com
If the System Software running on your unit is older than Version 5.0.2, the upgrade to
the latest Version may require additional steps – for details, see the Upgrade
Instructions (> How to download and install the new SW).
SecureSync Release Notes V5.7.0 | 1
Table of Contents
Table of Contents .......................................................................................................................................................2
Version 5.7.0 ...............................................................................................................................................................4
Version 5.6.0 ...............................................................................................................................................................6
Version 5.5.0 ...............................................................................................................................................................8
Version 5.4.5 .............................................................................................................................................................10
Version 5.4.1 .............................................................................................................................................................14
Version 5.4.0 .............................................................................................................................................................15
Version 5.3.1 .............................................................................................................................................................18
Version 5.3.0 .............................................................................................................................................................20
Version 5.2.1 .............................................................................................................................................................22
Version 5.2.0 .............................................................................................................................................................24
Version 5.1.7 .............................................................................................................................................................26
Version 5.1.6 .............................................................................................................................................................27
Version 5.1.5 .............................................................................................................................................................28
Version 5.1.4 .............................................................................................................................................................30
Version 5.1.3 .............................................................................................................................................................31
Version 5.1.2 .............................................................................................................................................................33
Version 5.0.2 .............................................................................................................................................................35
Version 5.0.1 .............................................................................................................................................................36
Version 5.0.0 .............................................................................................................................................................38
Version 4.x ................................................................................................................................................................40
spectracom.com
SecureSync Release Notes V5.7.0 | 2
Which SW version is installed on my SecureSync?...................................................................................................41
How to download and install the new SW ...............................................................................................................42
How to contact Spectracom Technical Support .......................................................................................................43
spectracom.com
SecureSync Release Notes V5.7.0 | 3
Version 5.7.0
Newly released features
•
Multi-GNSS reception is now a standard feature (no longer an option), defaulting to GPS + GAL.
•
Phase monitoring now includes phase validation, causing the unit to flywheel if a threshold
value is exceeded.
Enhancements and fixes
The following improvements were applied to existing features and functions:
•
Updated Linux kernel from 4.0.5 to 4.4.26 to improve system stability and functionality
•
Fixed Kernel errors caused by, inter alia, i2C temperature sensor readouts: Changed LM90
SMBUS clock speed to a valid range, and applied Realtek 8139too patch.
•
SNMP Trap Port restriction was modified from 0-1023 to 0-65535.
The following defects were corrected:
•
GNSS Receiver Satellite Data Tab now will be populated with data
•
A unit equipped with a Trimble RES-SMT-GG receiver now will resurvey automatically on
reboot after it has been moved.
Security enhancements and fixes
•
CVE-2014-2830
OpenSSL was updated due to:
•
CVE-2016-7055, CVE-2017-3730, CVE-2017-3731, CVE-2017-3732
net-misc/quagga was updated due to:
•
CVE-2016-1245, CVE-2016-4049
spectracom.com
SecureSync Release Notes V5.7.0 | 4
NTP was updated to NTP 4.2.8_p10 (released on 21 March 2017). For more information, see
http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
•
CVE-2017-6464: NTP-01-016 NTP: Denial of Service via Malformed Config (Pentest report
01.2017)
•
CVE-2017-6462: NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Pentest report 01.2017)
•
CVE-2017-6463: NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Pentest
report 01.2017)
•
Sec 3386: NTP-01-011 NTP: ntpq_stripquotes() returns incorrect Value (Pentest report
01.2017)
•
Sec 3385: NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Pentest report 01.2017)
•
CVE-2017-6455: NTP-01-009 NTP: Windows: Privileged execution of User Library code (Pentest
report 01.2017)
•
CVE-2017-6452: NTP-01-008 NTP: Windows Installer: Stack Buffer Overflow from Command
Line (Pentest report 01.2017)
•
CVE-2017-6459: NTP-01-007 NTP: Windows Installer: Data Structure terminated insufficiently
(Pentest report 01.2017)
•
Sec 3381: NTP-01-006 NTP: Copious amounts of Unused Code (Pentest report 01.2017)
•
Sec 3380: NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Pentest report 01.2017)
•
CVE-2017-6458: NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Pentest report
01.2017)
•
CVE-2017-6451: NTP-01-003 Improper use of snprintf() in mx4200_send() (Pentest report
01.2017)
•
CVE-2017-6460: NTP-01-002 Buffer Overflow in ntpq when fetching reslist (Pentest report
01.2017)
•
Sec 3376: NTP-01-001 Makefile does not enforce Security Flags (Pentest report 01.2017)
•
CVE-2016-9042: 0rigin
net-fs/cifs-utils was updated due to CVE-2014-2830
Option Card enhancements and fixes
•
1204-34: Frequency Monitor reports error "Error: Sum of Period is NULL from FM"
spectracom.com
SecureSync Release Notes V5.7.0 | 5
Version 5.6.0
Newly released features
•
Added support for u-blox M8T receiver firmware update to Release 3.01 TIM 1.10 which
provides performance improvements and use of the Galileo constellation.
•
Added support for loading x509 PEM CA chain certificates.
Enhancements and fixes
The following improvements were applied to existing features and functions:
•
The HTTPS setup window now requires the user to first check the Enable checkbox.
•
Upon saving the log bundle, the contents of the /var/log log folder are now included in
the downloaded log bundle.
•
Radius and TACACS+ now provide login user authentication support for protocols other than
HTTP/HTTPS such as ssh, telnet and FTP.
•
Resolved issues generating A-GPS and A-GNSS using the u-blox receiver. Added generation of
RINEX and Almanac for GPS, Galileo, and BeiDou constellations. Note: A-GNSS server
functionality for GLONASS is not yet supported (known issue – scheduled to be fixed in next
release.)
•
The update process can now program BIOS changes.
The following defects were corrected:
•
Clock Service now can convert from TAI or GPS timescales to UTC (used for inputs like ASCII)
•
Default UTC/GPS and UTC/TAI offsets were updated to 18 and 37 seconds, respectively.
•
TimeKeeper can no longer be set to an NTP rate of 0.
Security enhancements and fixes
•
Apache http headers HTML text no longer contain version information to improve security: The
raw HTML returned from the Apache web server it will no longer display the Apache version
information.
spectracom.com
SecureSync Release Notes V5.7.0 | 6
•
The creation of a default certificate and public/private key pairs now defaults to using a
SHA-256 digest. However, this digest is NOT supported by Internet Explorer version 8 and
below, i.e. users of release 5.6.0 and higher will not be able to login with HTTP/HTTPS using a
SHA-256 digest (use default certificate creation with user specified digest such as SHA1 instead
[defcert command]).
•
The LDAP validation criteria will now appropriately check for a correct Distinguished Name
(DN), and bind DN/Password before allowing the enabling of the configuration. In addition to
that, all servers in the setup will now be checked, as opposed to just one server, to make sure
the DN is valid for all servers listed.
Option Card enhancements and fixes
•
The SNMP MIBs now provide read-only support for PTP variables from the 1204-32 Gigabit PTP
Option Card.
•
Square Wave Output features now include an added 5MPPS/1PPS preset.
•
Gigabit Ethernet option card 1204-06: eth1 - eth3 now allows user to enable/disable individual
ports from the Front Panel.
spectracom.com
SecureSync Release Notes V5.7.0 | 7
Version 5.5.0
Newly released features
•
Added TACACS+ for user authentication
•
Added ability to enable and disable Classic Web UI via command line
•
Improved Web UI for HTTPS Certificate generation
•
Support u-blox GNSS receiver model LEA-M8T firmware version 3.01 TIM 1.10
•
Added support for Galileo Constellation, using LEA-M8T firmware version 3.01 TIM 1.10
•
Updated the Web UI to provide current Spectracom contact information and emails
Enhancements and fixes
The following defects were corrected:
•
SQLite Database for NTP Statistics and Reference Monitor Statistics graphs grow without limit
until the graphs stop updating.
•
SNMP always reports NTP Jitter measurement as 4.000
•
Require GPS to be enabled if user selects GLONASS or QZSS and the SecureSync unit has a
Trimble RES-SMT-GG GNSS receiver
•
Corrected defects in LDAP Security configuration in Web UI and in Classic Web UI.
•
Improved code to provide more consistent error codes
•
Provided E-Loran protocol fix
•
Updated to NTP 4.2.8_p9 (NTP Autokey authentication is now supported again)
•
Corrected system log error indicating current Leap Indicator bits are empty string from NTP on
startup.
Security enhancements and fixes
•
libgcrypt: Multiple vulnerability fixes (dev-libs/libgcrypt-1.6.3-r4) CVE-2014-3591, CVE-2015-0837, CVE2015-7511, CVE-2016-6313
•
GNU Wget: Multiple vulnerabilities (net-misc/wget-1.16.3-r1) CVE-2016-4971
spectracom.com
SecureSync Release Notes V5.7.0 | 8
•
UnZip: Multiple vulnerabilities (app-arch/unzip-6.0-r3) CVE-2014-8139, CVE-2014-8140, CVE2014-8141, CVE-2014-9636
•
libpng: Multiple vulnerabilities (media-libs/libpng-1.6.19) CVE-2015-7981, CVE-2015-8126
•
MIT Kerberos 5: Multiple vulnerabilities (app-crypt/mit-krb5-1.13.2) CVE-2015-2695, CVE2015-2696, CVE-2015-2697
•
Tar: Extract pathname bypass (app-arch/tar-1.27.1-r2) CVE-2016-6321
•
glibc: Update to 2.22-r4 (CVE-2016-5417)
OpenSSH 7.3p1: Fixes CVE-2015-8325, CVE-2016-6210, CVE-2016-8858
OpenSSL 1.0.2j:
•
•
Bug 581234 (CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109,
CVE-2016-2176)
CVE-2016-6309, CVE-2016-7052, CVE-2016-6304, CVE-2016-6306, CVE-2016-6303, CVE-2016-6302,
CVE-2016-2179, CVE-2016-2181, CVE-2016-2182, CVE-2016-2180, CVE-2016-2178, CVE-2016-2177
Apache 2.2.31: CVE-2016-5387
NTP 4.2.8p9: Bug 600430 (CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9310, CVE-2016-9311, CVE-2016-9312)
Option Card enhancements and fixes
•
Bug fix, addressing ASCII RS-232 outputs not always responding to request characters:
o 1204-02 ASCII RS-232 Option Card FPGA update to version 1.16
o 1204-1F NENA Card FPGA update to version 1.03
•
1204-12 10/100 PTP Card update to firmware version T159:
o When the Slave is configured in Minicast mode, the delay request is now sent to the Master in
Unicast even if no contract has been established.
o The Slave now accepts the delay response even if it is configured for Unicast, and it received the
delay response in Multicast.
o Now handles IGMP join requests in Minicast mode.
spectracom.com
SecureSync Release Notes V5.7.0 | 9
Version 5.4.5
Newly released features
•
Reference Monitoring – Allows comparison of filtered phase offsets between Input References.
•
ASCII Format 9S – New variation of ASCII Format 9 with Sysplex compatible fields.
•
Update to NTP 4.2.8p8
•
Added user selectable High and Medium level HTTPS Security settings
•
U-blox type receivers will now resurvey on reboot. The user may select the resurvey mode by
selecting Standard Mode and Land Dynamics to request a resurvey on reboot, or No Resurvey
on Reboot if Standard Mode Stationary Dynamics has been selected.
•
For GNSS receiver models Trimble Resolution-T and u-blox M8T, the user can now choose
between Mobile Dynamics Land, Sea, Air, and Stationary Dynamics.
•
Host disciplining defaults to disabled, but can be enabled by the user.
•
Classic Web UI is now disabled by default. The user can enable Classic Web UI from Network
General Setup Web page.
Enhancements and fixes
•
Removed logging of invalid text on user entry of default gateway.
•
Changed Web UI MANAGEMENT dropdown menu to increase user visibility of
Network Setup selection.
•
Reboot and Halt from Command line now journal the log user who issues them.
•
Anycast configuration changes are now journal the log user who issues them.
•
Temperature Alarm mask configuration and other notification changes are logged in plain
English.
•
Registration reminder now is no longer repeatedly asserted.
•
Clear All Logs command now removes Auth and NTP Logs.
•
NTP Broadcast now correctly accepts address input without error.
•
System Monitor page corrected for user group members.
•
Command line command gettemp allows reading of temperatures.
•
Ethernet Monitor now correctly downloads graph in Excel spreadsheet file.
•
The command line tcpdump and iptables can now be run by spadmin group users.
•
Adding and deleting of NTP Peer and Server addresses are now logged.
•
Corrected update/add/delete NTP Peer/Server line error
spectracom.com
SecureSync Release Notes V5.7.0 | 10
•
SNMP web page is now only accessible by spadmin group members
•
Improved Time Manipulation Library functions to take into account UTC-GPS Offset
•
Corrected KHTD defect which caused delay when time stepped backwards
•
Modification to StatusD to support ntpq commands being issued on a single thread at a time.
•
Simplified IPv6 Gateway main gateway input
•
Updated Trimble RES-SMT-GG to version 1.9
•
Updated to 0.9.88 version of “8139too” Ethernet Eth0 10/100 driver
•
Improved Update Process to more safely format and partition CompactFlash
•
Corrected Epsilon TOD 1 format issue
•
Added support for OpenSSH use of ED25519 keys
•
Disabled Web UI caching
•
Reduced Apache error logging level to reduce amount of logging
•
Corrected Timing System software initialization error in GP Outputs
•
Corrected ASCII Input Auto-Detect mode to display auto-detect rather than E-Loran format
when format is being discovered automatically.
•
Corrected Timing System to schedule leap seconds in the 24 hours prior to the leap second.
•
Corrected File permissions for some Web UI modified files.
•
Changed “Time Scale” to “Timescale” in Web UI
•
Improved Error Logging in Timing System library for commands issued from Web UI or
command line.
•
Improved data storage and organization of Network Monitor data in SQL database
•
Changed Web UI access to “Network Setup” menu.
•
ASCII Formats for BBC EBU LTC outputs now support Local Clocks.
•
Anycast daemons failure to start from Web UI has been corrected. (Note that the Enable status
checkbox may not display as checked after startup. To verify the Enable state after startup,
close Anycast dialog and reopen it.)
Security enhancements and fixes
• Updated Quagga, OpenSSL, OpenSSH, PHP, and others for security vulnerabilities:
Quagga CVE:
•
Bug 577156 (CVE-2016-2342) - <net-misc/quagga-1.0.20160315: Buffer overflow in bgpd (CVE2016-2342)
•
Bug 581526 (CVE-2016-4049) - net-misc/quagga: denial of service vulnerability in BGP routing
daemon
OpenSSH (7.2p2):
spectracom.com
SecureSync Release Notes V5.7.0 | 11
•
CVE-2016-3115
• CVE-2016-3115 (not vulnerable)
PHP, and other libraries:
•
•
•
PHP: Multiple vulnerabilities (dev-lang/php-5.5.37 dev-lang/php-5.6.17) CVE-2013-6501,CVE-20149705,CVE-2014-9709,CVE-2015-0231,CVE-2015-0273,CVE-2015-1351,CVE-2015-1352,CVE-20152301,CVE-2015-2348,CVE-2015-2783,CVE-2015-2787,CVE-2015-3329,CVE-2015-3330,CVE-20154021,CVE-2015-4022,CVE-2015-4025,CVE-2015-4026,CVE-2015-4147,CVE-2015-4148,CVE-20154642,CVE-2015-4643,CVE-2015-4644,CVE-2015-6831,CVE-2015-6832,CVE-2015-6833,CVE-20156834,CVE-2015-6835,CVE-2015-6836,CVE-2015-6837,CVE-2015-6838,CVE-2015-7803,CVE-20157804, 201607-02 [N] [remote]
: Multiple Vulnerabilities (dev-libs/libpcre-8.36) CVE-2014-8964,CVE-2014-8964,CVE-2015-5073,CVE2015-5073,CVE-2015-5073,CVE-2015-8380,CVE-2015-8381,CVE-2015-8383,CVE-2015-8384,CVE2015-8385,CVE-2015-8386,CVE-2015-8387,CVE-2015-8388,CVE-2015-8389,CVE-2015-8390,CVE2015-8391,CVE-2015-8392,CVE-2015-8393,CVE-2015-8394,CVE-2015-8395,CVE-2016-1283,CVE2016-1283, 201607-04 [N] [remote]
GD: Multiple vulnerabilities (media-libs/gd-2.0.35-r4) CVE-2016-3074
OpenSSL (1.0.2h):
CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176, CVE-2016-0702, CVE2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
NTP:
•
ntp-4.2.8p8: CVE-2016-4957 / VU#321640: Crypto-NAK crash; CVE-2016-4953 /
VU#321640: Bad authentication demobilizes ephemeral associations; CVE-2016-4954 /
VU#321640: Processing spoofed server packets; CVE-2016-4955 / VU#321640: Autokey
association reset; CVE-2016-4956 / VU#321640: Broadcast interleave
•
ntp-4.2.8p7: CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering;
CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil MITIGATION ONLY; CVE-2016-2516: Duplicate IPs on unconfig directives will cause an
assertion botch; CVE-2016-2517: Remote configuration trustedkey/requestkey values are not
properly validated; CVE-2016-2518: Crafted addpeer with hmode > 7 causes array
wraparound with MATCH_ASSOC; CVE-2016-2519: ctl_getitem() return value not
always checked; CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos; CVE-2016-1548:
Interleave-pivot - MITIGATION ONLY; CVE-2015-7704: KoD fix: peer associations were broken
by the fix for NtpBug2901, AKA: Symmetric active/passive mode is broken; CVE-2015-8138:
Zero Origin Timestamp Bypass, AKA: Additional KoD Checks; CVE-2016-1550: Improve NTP
security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypttiming
Option Card enhancements and fixes
spectracom.com
SecureSync Release Notes V5.7.0 | 12
•
Corrected 1PPM offset issue in1204-17 Programmable Square Wave Output Card
•
Option Card 1204-12 10/100 PTP Option Card firmware updated to version T156
spectracom.com
SecureSync Release Notes V5.7.0 | 13
Version 5.4.1
Release features
•
n/a
Enhancements and fixes
•
Fixed Anycast configuration defect occurring in release 5.4.0.
•
Corrects a defect in release 5.4.0 in which log rotation fails to occur, resulting in disk utilization
issues.
Security enhancements and fixes
•
n/a
Option Card enhancements and fixes
•
n/a
spectracom.com
SecureSync Release Notes V5.7.0 | 14
Version 5.4.0
Release features
•
SecureSync now supports u-blox LEA-M8T GNSS receiver boards. Trimble receivers continue to
be supported, as well.
•
Under Network Web Interface settings, it is now possible to set a Login timeout. This timeout is
a limit on how long a user can stay logged on, regardless of activity.
•
Ethernet monitoring functionality has been added, allowing a user to observe network traffic
on all Ethernet ports.
•
It is now possible to prefer certain NTP Peers.
•
Support of iptables allows for customizable access restrictions.
•
Language preferences set by the user will now be maintained across logins.
Enhancements and fixes
•
Linux Kernel 4.0.5 configuration has been changed to NO preemption.
•
Processor BIOS update supported.
•
Refactored software to improve software CPU cycle usage.
•
Disciplining improvements have been applied.
•
NTP Autokey is NOT supported in Spectracom Release 5.4.0 NTP 4.2.8_p6, due to a patch to fix
a recent CVE related to Symmetric keys which broke the Autokey feature (for more
information, see http://bugs.ntp.org/show_bug.cgi?id=3005).
•
Anycast over the BGP protocol has been added. Note: BGP will be disabled if the user updates
to Release 5.4.0 or restores an older configuration file after updating to Release 5.4.0. The user
must enable Anycast BGP if so desired.
•
The LDAP authentication setup window now displays only necessary fields, based on Server
Type.
•
It is now possible for the user to enter special characters into the SNMP location string such as
"!@#$%^ words 1234 _[]~"
•
Notifications will be sent based on SAASM events e.g., Key expiration or Keys becoming valid.
•
Static routes will now be restored in the course of a configuration update or an upgrade and on
reboot.
•
Spelling of SNMP MIB variables has been corrected.
spectracom.com
SecureSync Release Notes V5.7.0 | 15
•
It is now permissible to load an HTTPS Certificate.
•
The log history will not be cut off any more, i.e. the entire log history will be displayed in the
Web UI.
•
The GPS Signal strength web pages have been corrected in the Classic Web UI.
•
Corrected the averaging of samples in NTP graphs.
•
Restored the ability to input a Syslog Server IP address in the Web UI.
Security enhancements and fixes
•
•
Updated from version NTP 4.2.8_p3 to NTP 4.2.8_p6 (for more information, see
http://nwtime.org/ntf-releases-ntp-4-2-8p6-security-patch/)
•
CVE-2015-8158: Potential Infinite Loop in ntpq
•
CVE-2015-8140: Ntpq vulnerable to replay attacks
•
CVE-2015-8139: Origin Leak: ntpq and ntpdc, disclose origin
•
CVE-2015-8138: origin: Zero Origin Timestamp Bypass
•
CVE-2015-7979: Off-path Denial of Service (DoS) attack on authenticated broadcast
mode
•
CVE-2015-7978: Stack exhaustion in recursive traversal of restriction list
•
CVE-2015-7977: reslist NULL pointer dereference
•
CVE-2015-7976: ntpq saveconfigcommand allows dangerous characters in
filenames
•
CVE-2015-7975: nextvar()missing length check
•
CVE-2015-7974: Skeleton Key: Missing key check allows impersonation between
authenticated peers
CVE-2015-7973: Deja Vu: Replay attack on authenticated broadcast mode
o
spectracom.com
Updated OpenSSL from version 1.0.1p to 1.0.2f (for more information, see
https://www.openssl.org/news/openssl-1.0.2-notes.html)
• CVE-2016-0800
• CVE-2016-0705
• CVE-2016-0798
• CVE-2016-0797
• CVE-2016-0799
• CVE-2016-0702
• CVE-2015-3197
SecureSync Release Notes V5.7.0 | 16
•
o
Updated OpenSSH from version 6.9p1 to 7.1p2 (for more information, see
http://www.openssh.com/txt/release-7.2)
• CVE-2016-0777
• CVE-2016-0778.
o
Updated GNU C Library GLIBC 2.21-r2 (for more information, see
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html)
• CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow
o Updated to MPFR 3.1.3_p4; Gentoo recommended update.
CVE-2009-075
Option Card enhancements and fixes
•
ASCII Output option cards 1204-02/1204-04 offer two new ASCII formats, Epsilon TOD 1, and 3.
•
For the 1204-1D card, the Time Valid indicator has been fixed for input DOD-STD-1399 BCD
Time Code.
•
Option card PTP 1204-12 command management improvements have been made.
spectracom.com
SecureSync Release Notes V5.7.0 | 17
Version 5.3.1
Release features
•
Enhanced fan control for units equipped with Front Panel Fan Modification, offering the choice
between “Always On” and “User Defined”. The latter can be used to define a temperature
window.
•
Temperature Monitoring Alarms/Clears can now be set by the user: Major and minor alarms
can be generated and delivered via SNMP and Email, and are logged in Alarm and Event logs. A
retry value can be set to determine for how long the measured temperature must remain
above the threshold value before an alarm is triggered.
•
A new System Status page consolidates key temperature and hardware utilization graphs
•
Two NTP traffic graphs, plus peak traffic information have been added to the NTP Setup page.
The graphs can be saved and downloaded. Currently supported for NTP only (not TimeKeeper).
•
All graphs now offer a user-friendly way to delete the logged data. Most graphs can be
downloaded (satellite data, disciplining and temperature data, NTP throughput statistics).
•
New SNMP MIB variables to read oscillator, board and CPU temperatures, including four new
temperature monitoring traps (cf. above).
•
The Front Panel is designed to continue enabling the fan as it did in the past, but additionally
accepts input control from the SecureSync Software/FPGA logic to either enable the Fan all the
time, or to control the fans enable state via user-defined min./max. temperatures to keep the
CPU temperature within the user defined band.
•
The mysql database is converted to a sqlite database which is returned in the
spectracom.log file when saved.
Enhancements and fixes
•
A CLI Command "reboot hard" has been provided to force a restart of SecureSync. This
command is de facto a power cycle.
•
The most current Apache2 Error Log is now returned in the SecureSync log bundle.
•
Changed the Frequency Error threshold for TCXO units to 1x10-6 or 1PPM, to avoid
immediately generating frequency alarms when SecureSync exits time synchronization, due to
a loss of a valid reference, e.g. caused by loss of GPS reception.
•
Improvements to oscillator disciplining (not applicable to Rubidium oscillators), including phase
noise improvements during synchronization.
•
Several changes to how processes are launched, detected and runtime status is collected have
been made to improve efficiency, reduce memory usage.
spectracom.com
SecureSync Release Notes V5.7.0 | 18
•
The build scripts were improved to detect failures and warnings during build and install.
•
Apache2 error logs including the most recent one are now included in the Spectracom Log
bundle.
•
UI names for temperature graphs were changed to CPU, Board and Oscillator temperatures.
•
GNSS licensing error with Multi-GNSS feature was corrected.
•
Corrected setting of Static Routes so user can set them and ensured they are preserved across
a software update.
•
Netmask “0” in Access Restriction is no longer accepted, thus avoiding Apache crash.
•
Added an end-of-year happy new year message. Note this message is logged when the year
changes so it is also an indicator that a problem exists such as the Processor BIOS does not
have the correct year set, e.g. when the battery backing up the BIOS settings has discharged.
•
The SNMP MIB SPECTRACOM-SECURE-SYNC-MIB.mib was changed to add new
Oscillator, Board, and CPU Temperature values. Also, four new SNMP Traps were added to
indicate Major/Minor Temperature Alarms/Clears based on temperature thresholds and
number of reads (user-definable).
Security enhancements and fixes
•
Corrected security vulnerability CVE-2012-2141 by applying the recommended patch to
SecureSync version of NET-SNMP.
Option Card enhancements and fixes
•
The 1204-06 Gigabit Ethernet card EEPROM used to configure the Intel MAC chip was corrected
to fix known issues and errata published by Intel.
•
STANAG In cards [1204-1D, -24] have been provided with enhanced functionality, and an
updated UI
spectracom.com
SecureSync Release Notes V5.7.0 | 19
Version 5.3.0
Release features
•
Support of Anycast over IPv6 utilizing OSPF
•
Host disciplining: Linux kernel time set by NTP or PTP can now also be utilized to discipline the
oscillator in the timing system. (Rubidium oscillators not supported)
Enhancements and fixes
•
Upgrade to GPS receiver firmware version 1.8, allowing QZSS Constellation support and
improved performance
•
RES-SMT-GG GNSS receiver update firmware was improved to avoid intermittent update
failures.
•
Updated TimeKeeper to version 7.0.6
•
Enhanced temperature monitoring, adding processor board and CPU temperature graphs
provided under the Management > Disciplining Menu.
•
Fixed issue caused by NTP monitor Daemon NTPMOND, trying to stop NTP when the Timing
System and Linux kernel time differ by more than 1 sec
•
Software version of GNSS Receiver is no longer displayed when not present.
•
LDAP can no longer be enabled with empty input, causing inability to login.
•
Display of software versions are corrected on update page
•
Web UI message for tcpdump changed from ON/OFF to “Permanently disabled”.
•
Clear Logs and Statistics operation corrected to work from Web UI.
•
Fixed error with creation of HTTPS certificate request and public/private key pair when
entering common name
•
Fixed an error causing Radius authentication to fail because the NAS address is being output as
127.0.0.1
•
Updated IRIG control field format, Spectracom IEEE C37, to control sync state passed in control
fields via signature control settings
•
Corrected DOW (Day-of-Week) range in the BBC message 4 format
•
Corrected Low Phase Noise Rubidium DAC value to remain constant when time is set by user
•
Corrected Web UI to allow update of Main Default Gateway
•
Updated translation of Web UI into French
•
Improved Username management during upgrade
spectracom.com
SecureSync Release Notes V5.7.0 | 20
Security enhancements and fixes
•
•
•
•
•
•
Net-SNMP 5.6.2.1 has been updated with a security patch to correct CVE-2015-5621
Open SSH has been updated to version 6.9.
Updated OpenSSL from 1.0.1m to 1.0.1p.
Among other things, the following vulnerabilities have been addressed:
CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793, CVE2015-4000, CVE-2014-8176
Updated NTP version from 4.2.8p2 to 4.2.8p3 to address CVE-2015-5146.
(NTP CVE-2014-9295 was fixed in 5.2.1 by updating to 4.2.8p2).
NTP – Corrected GUI to avoid issue with allowing exploit of vulnerability CVE-2014-9295
Apache CIPHERS were strengthened to remove weak ciphers, and Apache timeouts were adjusted to
improve transfer of update images via web browser.
(Apache was updated to 2.2.29 in 5.2.1)
Option Card enhancements and fixes
•
1204-32 Gb PTP card: Fixed spelling errors in miscellaneous journal log entries associated with
this Option Card
•
Model 1204-06, Gigabit Ethernet Option Card: Updated Gigabit Ethernet driver to version
3.1.0.2
spectracom.com
SecureSync Release Notes V5.7.0 | 21
Version 5.2.1
Release features
•
Added tcpdump functionality, with the ability to delete tcpdump, if so desired
•
Added Assisted GPS Rinex server license, and improved A-GPS functionality
•
Added IRIG control field format, Spectracom IEEE C37, to extend leap second notification to a
month
•
Added NTP throughput statistics logging
Enhancements and fixes
•
Updated Linux kernel from 3.17.7 to 3.18.11 to improve system stability and functionality
•
Improved how Radius detects and fills in NAS-IP address in its packets
•
Improved local clock functionality: When a local clock has been modified by the user, features
that the clock is applied to will be updated automatically.
•
Added ability to pull serial number from SNMP
•
Added ability to pull system memory, CPU, and CF card disk usage information from SNMP
•
Updated SNMP trap username min/max length to 1 and 31 respectively
•
Improved SNMP stability
•
Extended the scope of journal logging of Web UI configuration settings
•
Fixed issue with submitting NTP stratum 1 configuration
•
Updated Show Clock page to improve clock and system status info displays
•
Fixed issue when attempting to clear a scheduled leap second
•
Software version and model and serial number will be logged in the system log on startup
•
Improved internal network configuration for added stability
•
Fixed issue where Radius/LDAP could be turned on after an update
•
Fixed issue reporting negative phase error numbers via SNMP ssSysStaEstPhaseError OID
•
Fixed issue where disabling an AM IRIG output would not disable the associated AM carrier
•
Front panel ResetPW command now disables Radius/LDAP when resetting spadmin password
•
Fixed issue with TimeKeeper PTP Client domain configuration
spectracom.com
SecureSync Release Notes V5.7.0 | 22
Security enhancements and fixes
•
•
•
Updated NTP version from 4.2.6p5 to 4.2.8p2
Updated OpenSSL from 1.0.1k to 1.0.1m
Updated ciphers for SSL and SSH to address RC4/ARC4 issue
Option Card enhancements and fixes
•
Added support for RS-423 1PPS output
•
Fixed issue with saving configurations for STANAG option cards
spectracom.com
SecureSync Release Notes V5.7.0 | 23
Version 5.2.0
Release features
•
A phase error limit field was added to the Edit window of the Disciplining page allowing for an
automatic disciplining tracking restart, once the phase error limit is exceeded, thus avoiding
manual intervention.
•
Added static IPv6 routing capability by allowing manual configuration of IPv6 routes via the
SecureSync CLI.
•
External PLL lock support for special configurations of SecureSync. This feature allows an
external oscillator to be locked to SecureSync’s 10 MHz output via an external PLL, with the
lock state of the external PLL monitored by SecureSync.
•
The System Status panel on the Web UI home page now includes a temperature readout for
enhanced oscillator disciplining monitoring. The data can also be readout as a temperatureover-time graph in the Web UI, and is logged in the SecureSync log files.
•
Added two-step mode to Gb PTP card (option card 1204-32), and the ability to add an offset to
1PPS.
•
Integrated TimeKeeper monitoring functionality for PTP v.2 and NTP (license required, contact
Spectracom for details.)
•
Added basic PTP v.1 support via TimeKeeper into SecureSync (license required, contact
Spectracom for details.)
•
Added Anycast routing functionality for NTP.
For more information on this subject, see the Tech Brief publication “NTP over Anycast”, which
is located here.
•
To facilitate diagnostics, version numbers of software components, option cards and GPS
receiver are now displayed on the Upgrade/Backup page of the Web UI.
Timing system and software version number have also been added to the system log.
•
The disk/memory status is now displayed on the Upgrade/Backup page
•
Added the ability to re-calibrate oscillator control parameters for non-standard rubidium
oscillators.
•
A note was added to the login page of the Web UI, to inform the user that cookies need to be
enabled in browser.
Enhancements and fixes
•
Implementation of a software fix to resolve an issue where Linux processes could become
frozen and not processed.
spectracom.com
SecureSync Release Notes V5.7.0 | 24
•
Added the Linux kernel map for improved diagnostic purposes.
•
Improvements to LDAP group authentication, addressing reported login issue.
•
Removed password expired message (LDAP/RADIUS only) that was displayed when logging in
as a remote user.
•
Improved LDAP configuration status reporting in the Web UI, as well as add/delete
functionality.
•
Improved the software update patching process, addressing patching configuration issue when
upgrading from older revisions.
•
Implemented a fix, now correctly displaying the SecureSync SW version number when
obtaining it via SNMP.
•
Fixed issue, now correctly applying DST rules to the local time display in the Web UI.
•
Fixed submission error on the GNSS Edit page on systems equipped without a GNSS license.
Security enhancements and fixes
•
Upgraded Net-SNMP software package from Version 5.6.1 to Version 5.6.2.1.
•
Updated OpenSSL package from Version 1.0.1j to 1.0.1k, thus closing a reported security
vulnerability.
•
Updated GLIBC package from version 2.15 to 2.19 (addressing “GHOST” vulnerability, among
other things)
Option Card enhancements and fixes
•
Implemented a fix in FPGA to improve 1PPS signal to option cards, including IRIG, and
addressing possible 5-ns 1PPS signal jump. Previously occurring in SecureSync units equipped
with a standard rubidium oscillator.
•
Enhanced STANAG option card functionality, addressing a reported issue.
•
Implemented a fix addressing an issue with how local clock settings had been applied to an
output.
•
Fixed HaveQuick output display in Web UI Status Summary panel, now correctly reporting the
configured format and state.
spectracom.com
SecureSync Release Notes V5.7.0 | 25
Version 5.1.7
Release features
•
No new features added
Enhancements and fixes
•
Fixed validation rules for SNMP V1/V2 IP address settings to allow set from returned value of
“default” for the IP address
•
Disciplining updates with phase error limiting to reduce transient phase error effects.
•
Resolved an Apache web browser configuration issue in the 5.1.6 release
•
Upgrading from software versions 5.1.4 or below to version 5.1.6 caused the web browser to
become inaccessible. The fix to restore the web browser was to upload a clean config backup
file.
•
Includes firmware version 1.0.7 update for the Trimble RES-SMT-GG GNSS receiver (commercial
GPS receiver installed in units that shipped after April 1, 2014. Not applicable to SAASM GPS
receivers.)
•
Fixes erroneous GPS time offset corrections potentially being applied.
•
Fixes erroneous leap second notifications potentially being asserted.
spectracom.com
SecureSync Release Notes V5.7.0 | 26
Version 5.1.6
Release features
•
No new features added
Security enhancements and fixes
•
Bash update to version 4.2.53, in order to patch the “ShellShock” vulnerability.
•
Addresses potential vulnerabilities CVE 2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-20147169, CVE-2014-7186 and CVE-2014-7187.
•
Updated OpenSSL to Version 1.0.1i
•
Addresses potential vulnerabilities such as the following: CVE-2014-3505, CVE-2014-3506, CVE2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512
and CVE-2014-5139.
spectracom.com
SecureSync Release Notes V5.7.0 | 27
Version 5.1.5
Release features
•
Software in the newer “RES SMT-GG” GNSS receiver can now be updated via SecureSync’s Web
UI.
•
RES-SMT-GG GNSS receivers started shipping in SecureSyncs on April 1, 2014 (see also Release
Notes for Version 5.1.7 above).
Enhancements and fixes
•
Added prevention of erroneous timescale offset information
•
(Applicable only to SecureSyncs with a Rubidium oscillator installed) Fixed an intermittent,
potential issue affecting output references’ 1PPS.
•
This potential 1PPS issue only affects installed Option Cards (not the outputs on the chassis)
and operation changes on a power cycle.
•
Enhanced front panel LCD display indications of the shutdown sequence status
•
“Stopping System” is now displayed for several seconds before “Power off system” is displayed.
•
Fixed a minor issue with LDAP and Radius authentication which required a user account be
created, if the time server had been “cleaned”.
•
NTP broadcast address is now user-configurable instead of being a static factory default value.
•
Prevented a potential one second time error adjustment during operation, when synced to NTP
for the Time reference and to an external 1PPS input for the PPS reference.
•
When creating a Local Clock, manually configured DST rules can now be saved.
•
Telnet and SSH login no longer prompts twice for a password.
•
Management -> SNMP page of the browser now allows SNMPv1 and v2 configurations to be
deleted.
•
“SysObjID” in the Management -> SNMP page of the browser can now be edited.
•
Optional Login banner will now be preserved during software updates.
•
Improved operation of MySQL database (MySQL database is used with the new Web UI).
•
Improved the "Scaled DAC Value" graph's scaling/display in the Management -> disciplining
page of the browser.
•
Configuration changes made to the User-defined Minor and Major alarms are now logged in
the Journal log.
•
Addressed an error with Oscillator log entries reporting all negative frequency error values as
“0.00e-16”.
spectracom.com
SecureSync Release Notes V5.7.0 | 28
•
Interface -> Main page of the Web UI (for configuring the GNSS receiver and A-GPS) and the
Management -> Reference Priority table were not operating correctly with certain web
browsers.
Security enhancements and fixes
•
Updated OpenSSL to Version 1.0.1h
•
Addresses potential vulnerabilities such as the following: CVE-2014-0195, CVE-2014-0198, CVE2014-0221, CVE-2014-0224 and CVE-2014-3470.
•
Updated Apache to Version 2.2.27.
•
Web browser Login password is now cleared after each login attempt.
•
Validation of passwords in the Management -> HTTPS page of the browser now allows all ASCII
characters, but doesn’t allow any spaces.
Option Card enhancements and fixes
(Models 1204-32 Gb PTP Option Card, if installed):
•
Improved switching between Active Master and Passive Master modes (with more than one
PTP Master on the same network).
•
Previously, this card was having difficulty listening to PTP Announce Messages being sent from
other PTP Masters, so it was remaining an Active Master when it should be a Passive Master.
spectracom.com
SecureSync Release Notes V5.7.0 | 29
Version 5.1.4
Release features
•
Added ability to configure the MTU (Maximum Transmission Unit) for each installed Ethernet
Interface
o
The MTU value for each Ethernet interface can be displayed/configured via the
Management -> Network page of the browser.
Enhancements and fixes
•
Fixed settings validation issues related to SNMP configuration.
•
Resolved an error message being displayed when trying to delete SNMPv1 or v2 access
configurations.
•
Addresses an issue with “Assisted GPS” (“A-GPS”) always running/asserting “Rinex server” log
entries in the System log each hour (if the time server does not have access to the Internet).
•
Fixes an issue with certain erratic System log entries being asserted.
•
Changed the scale value of the “Y” Axis of the “NTP Status Summary” graphs to “(Seconds)”.
•
Fixed an issue with the front panel display trying to display a Serial Number for the GPS
receiver (Applicable only to units with no GPS receiver installed.)
•
Main default gateway port number was not being displayed as the same value in both the web
browser and the “gw4get” CLI command.
Security enhancements and fixes
•
Updated OpenSSL to Version 1.0.1g to address CVE-2014-0160 (“Heartbleed”).
•
Updated OpenSSH to Version 6.6p1.
•
Addresses potential vulnerabilities such as CVE-2014-2532 and CVE-2014-5107
•
Updated PHP to Version 5.3.28.
•
Addresses potential vulnerabilities such as CVE-2013-6420, CVE-2013-4113 and CVE-2013-2110
•
Prevents ability to login to the web browser again, if the “Log Out” button wasn’t pressed
before closing the browser.
•
Added ability to disable the “Classic Interface” web browser (Port 8080).
•
Can be disabled via the Management -> Network page of the Web UI
spectracom.com
SecureSync Release Notes V5.7.0 | 30
Version 5.1.3
Release features
(Models 1204-13, 1204-30 and 1204-2F Programmable Frequency Option Cards)
•
Released support for new Programmable Frequency output Option Cards, Models 1204-13,
1204-30 and 1204-2F.
(Models 1204-10, 1204-11, 1204-25 and 1204-1B HaveQuick/Stanag Output Option Cards, if
installed):
•
Added support for additional formats
•
Added DOD-STD-1399 BCD Time Code to HAVE QUICK / STANAG option cards
•
Added ICD-GPS-060A BCD Time Code to HAVE QUICK only option cards
•
Added STANAG 4430 STM to HAVE QUICK only option cards
(All Models):
•
Added “A-GPS” (Assisted-GPS) capability for enhanced “Skylight” indoor antenna
operation/weak GPS reception
Enhancements and fixes
•
Fixed SNMP enterprises.18837.3.3.2.1 MIB (ntpSysStaCurrentMode) from causing SNMP to
potentially halt/crash.
•
Added ability for hostname to accept either dashes or capital letters.
•
Corrected an issue that was preventing users from logging into the new browser, with user
rights, via LDAP or Radius. Users that can authenticate will now be logged in with admin rights.
•
Fixed an issue that prevented the Tools -> Upgrade/Backup page from reporting the GPS
receiver had been replaced by a GNSS (GPS + Glonass) receiver.
•
Added an indication of “completion” when a software upgrade or license file has finished being
installed.
•
Fixed an issue preventing files from being able to be scp transferred into the SecureSync.
•
Removed a “-4” from the ntp.conf file for NTP restrictions that was being added during
software updates from previous versions of software.
•
The “-4” being in the file was preventing NTP Symmetric key from working, after updating to
software version 5.1.2.
spectracom.com
SecureSync Release Notes V5.7.0 | 31
Option Card enhancement and fixes
(Models 1204-32 Gb PTP Option Card, if installed):
•
Option Card now sends IGMP group join requests to switches that have IGMP enabled.
•
Previous software versions weren’t able to join the IGMP group, preventing the PTP Master
from being able to send multicast packets when IGMP is enabled in network switches.
•
Addressed an issue with the “Sourceport ID” not being set to the proper value
•
This issue was causing the “Sourceport ID” field in Delay Response messages to be set to the
wrong value of “256”.
(Models 1204-06 Gb Ethernet Option Card, if installed):
•
Implemented a fix to a potential, but seldom observed, condition which could cause received
packets to be dropped.
•
Added ability to re-disable Ethernet interfaces Eth1, Eth2 and/or Eth3, if they have since been
enabled.
•
Added network configuration qualification checking based on Ethernet port status/state.
•
Gb Ethernet ports settings can only be changed if the port has been enabled.
•
Fixed a broken link in the new web browser that resulted in an error message when clicked.
(Models 1204-02 and 1204-04 ASCII Output Option Cards, if installed):
•
Local Clock not being properly assigned to RS-485/RS-232 outputs
•
Corrected an issue with the new web browser that caused the ASCII data to output UTC time,
plus 8 seconds, when a local clock was applied.
(Models 1204-10, 1204-11, 1204-24, 1204-25, 1204-29, 1204-1B and 1204-1D Havequick/Stanag
Output Option Cards, if installed):
•
Made timing of outputs more robust.
Security enhancements and fixes
•
Added ability for SNMP passwords to be able to include “{ }” characters.
spectracom.com
SecureSync Release Notes V5.7.0 | 32
Version 5.1.2
Release features
•
Implemented a new design of the web browser interface.
o To help with the transition between the earlier and new web browser designs, the previous
web browser design is still currently available, via the “Classic Interface” button in the topright corner of the new web browser. (Note that a future software update will remove the
ability to switch between the two web browser designs).
o Please note the new web browser design removes the IPSec functionality (this function is
still available via the “Classic Interface” web browser).
•
New web browser design implements the ability to view NTP clients that are requesting time
from the time server.
o The “Management” -> “NTP Setup” page of the new web browser has a “View NTP
Clients” button, which opens a table of the last 600 NTP clients that the time server
received NTP requests from, including the average duration (in seconds) between the NTP
requests from that client and how long ago (in seconds) the time server last received a NTP
request from each client.
•
Auth (Authentication) log entries can now be sent to Syslog server(s), as desired.
•
Added Ethernet interface enabling/disabling (applicable to the Model 1204-06: Gigabit
Ethernet Option Card, if installed- All three Ethernet connectors on this module are disabled by
factory default).
•
Added support for IPv6 DHCP functionality and SLAAC addresses.
•
Added graphs to the GPS Status page of the new web browser to show number of satellites
tracked over time and the signal strength of each receiver channel.
•
Released support for new option card, model 1204-32: 1GB PTP Master Option Card
Enhancement and fixes
•
Corrected an issue that was preventing NTP from correcting the time with more than a one
second time error.
•
Corrected the operation of NTP to allow NTP to be able to initially sync (or subsequently
resync) if the System Time is manually set, or if an input reference changes by greater than
1000 seconds.
•
Moved NTP to a slightly higher system priority
•
Addresses a condition which was causing NTP to periodically take 1 to 2 milliseconds to
respond to NTP time requests, instead of it responding right away.
spectracom.com
SecureSync Release Notes V5.7.0 | 33
•
Addressed an issue with the NTP log rotation.
•
Users who can successfully login using LDAP or Radius will now have administrative privileges
(fields will no longer be grayed-out after logging into the web browser).
•
Fcron scheduler is now restarted if the System Time/date is manually set to values in the past.
•
SNMP traps associated with the available User-defined Major/Minor alarms for GPS thresholds
were switched.
•
Fixed an issue that could potentially cause the Compact Flash card with Archive versions 5.0.0
through 5.0.2 installed to become full of data.
•
After a very long period of time, time servers with Archive software versions 5.0.0 to 5.0.2
installed could potentially become full of file snippets. This was related to the email
functionality.
•
SNMP MIB 1.3.6.1.4.1.18837.3.3.2.1.0, (“NTP_CURRENT_MODE”) now reports 0 or 3 to avoid
sluggish SNMP performance
•
Response times for SNMP Gets of this particular MIB were about 6 seconds or so, far longer
than all other MIBs (due to how this status information is obtained from NTP). This potentially
required SNMP script time-outs to need to be lengthened to account for the delayed responses
from this MIB.
Option Card enhancements and fixes
(Models 1204-14, Simulcast CTSSS Option Card if installed):
•
Alarm outputs will transition away from NC/NO/Alarm state when set to "None".
•
Addressed an anomaly that was occurring with the 9600 baud output
•
Once-per-second, a stray signal was being added to the 9600 baud output (if this signal was
configured to be outputted).
spectracom.com
SecureSync Release Notes V5.7.0 | 34
Version 5.0.2
Release features
•
Added an RFC 2783 interface for our timing system to source a 1PPS signal to NTP, to discipline
the Operating System
Enhancements and fixes
•
Strengthened the upgrade process to prevent loss of configuration information in systems with
large accumulated NTP statistics and log files.
•
NTP statistics are not preserved and large log files are truncated
•
Revised thread priorities.
spectracom.com
SecureSync Release Notes V5.7.0 | 35
Version 5.0.1
Option Card release features
•
Added logging of Input Reference changes to the Event log
•
When an Input Reference change occurs, a log entry is asserted to indicate what the newly
selected “Time” and/or “1PPS” input reference has been selected.
Enhancements and fixes
•
Resolved an issue with setting/displaying the main network gateway on the front panel
•
This issue introduced in the version 5.0.0 software upgrade caused characters for the gateway
address to run off the edge of the LCD display and also caused difficulty setting this value using
the keypad.
•
Fixed an issue (introduced in the version 5.0.0 software upgrade) that was causing about a 30
second delay while connecting to SSH, Telnet or FTP.
•
Added the ability to view the Authentication (Auth) log via the web browser (Tools -> Logs
page).
•
“Reference Change” log entries are now being sent to the Event log.
•
Changes associated with a user either creating or updating a Local Clock are now logged in the
Journal log.
•
Resolved an issue with certain Journal log entries being sent to the wrong log.
•
Log entries for a user enabling/disabling Services (such as HTTP, Telnet and FTP) and the IPv4
Gateway were being sent to the Timing log instead of the Journal log.
•
Differentiated the reporting of Rubidium oscillator error messages.
•
Improved switching between GPS Modes (Standard, Mobile and Single Satellite)
•
Previous software versions periodically required a Mode selection change be submitted more
than once for the change to occur.
•
Fixed an issue with the propagation of the Local System Clock, if a previously created Local
Clock was modified.
•
If a previously created Local Clock was edited, the output ports using that Local Clock would no
longer be configured to use a Local Clock.
Security enhancements and fixes
•
Removed the “arcfour” (ARC4, RC4) cipher from SSH.
spectracom.com
SecureSync Release Notes V5.7.0 | 36
•
Reduced the SSH tryouts to 3.
Option Card enhancements and fixes
(Models 1204-02 and 1204-04 ASCII Output Option Cards, if installed):
•
Resolved an output issue with a flag in some ASCII time code message formats.
(Models 1204-10, 1204-11, 1204-25 and 1204-1B HaveQuick Output Option Cards, if installed):
•
Resolved HaveQuick functionality regression introduced with the version 5.0.0 software
update.
(Models 1204-06 Gigabit Option Cards, if installed):
•
Added monitoring of the Gigabit Option Card’s network interfaces.
spectracom.com
SecureSync Release Notes V5.7.0 | 37
Version 5.0.0
Release features
•
No new features added
Enhancements and fixes
•
Upgraded the Operating System to a newer version in order to address a memory consumption
condition
•
Earlier versions of software could potentially consume too much memory, rendering the web
browser inaccessible, until a reboot/power cycle was performed.
•
Upgraded NTP to a newer version
•
NTP was upgraded to version 4.2.6p5.
•
Resolves potential “buffer overflow” messages from being asserted in the NTP log.
•
Mitigates potential vulnerabilities associated with NTPQ/NTPDC.
•
Removed the GPS Dynamics code for the GPS receiver mode selection
•
The GPS Dynamics code (Stationary, Land, Sea, Air) for mobile operation is no longer necessary.
•
Removed this configuration from the Setup -> Inputs -> Onboard GPS receiver page of the
browser.
•
The Dynamics code is no longer displayed on the front panel when GPS information is selected
to be displayed or with the CLI interface commands associated with GPS Mode.
•
IPv4 main default gateway is now tied to the default gateway of a specified interface rather
than as an independent setting.
•
Removed the NTP Local Clock Reference selection from the Network -> NTP Setup page of the
browser, NTP servers tab
•
In earlier versions, if a Stratum 1 reference had excessive 1PPS jitter (such as an
unsynchronized IRIG generator), NTP could potentially resonate back and forth between
selecting the Stratum 1 server and its own internal reference. A better method of going to
Stratum 16 when no NTP servers are present, without needing to use the NTP Local Clock
driver, was implemented.
Security enhancements and fixes
•
Upgraded SSL to version 1.0.1e to mitigate potential vulnerabilities
spectracom.com
SecureSync Release Notes V5.7.0 | 38
•
(CVE-2013-0169) “Lucky Thirteen” issue mitigated. TLS protocols 1.1 and 1.2 as well as DTLS
protocols 1.0 and 1.2 can allow remote attackers to conduct distinguishing attacks and plaintext recovery attacks.
•
Disabled SSL compression to mitigate potential vulnerabilities
•
(CVE-2012-4929 and CVE-2012-4930) SSL/TLS CRIME attack against HTTPS mitigated.
•
A few configuration fields in the “Network” Setup pages of the web browser were changed
from text fields to “password” fields to prevent credentials from being in “plain sight” to users.
These fields include the following in the “NETWORK” pages -> tabs:
•
HTTPS/SSH SETUP, -> HTTPS tab: “Private Key Passphrase” and “Challenge Password”
•
NTP SETUP -> Autokey tab: “Passphrase”
•
LDAP SETUP, LDAP -> Servers Configuration tab: “Credential to Bind Server with”
•
RADIUS SETUP -> Server Configurations tab: “Secret Keys”
•
IPSEC SETUP -> SA Manual Configuration tab – all “Key” fields
•
SNMP SETUP -> Notifications and Users tabs: “Auth Passphrases” and “Priv Passphrases”
spectracom.com
SecureSync Release Notes V5.7.0 | 39
Version 4.x
Release notes for SecureSync software versions 4.x are available upon request. Please contact Spectracom
Technical Support, or your local Spectracom representative.
spectracom.com
SecureSync Release Notes V5.7.0 | 40
Which SW version is installed on my SecureSync?
To determine the software version currently installed on your unit:
A)
Using the new Web UI (Software versions 5.1.0 and above)
Log in to the unit’s Web UI. Click on “Tools”, then “Upgrade/Backup”. The “System Configuration” table on
this page contains a “System” field. The number next to this is the current Archive software version:
Figure 1: Software revision reported in the Tools -> Upgrade/Backup Page
B)
Using the “Classic Interface” (Software versions 5.0.2 and below)
Log in to the unit’s Web UI. Click on “Tools”, then “Versions”. The “System Version” table on this page
contains a field named “Archive version”. The number next to this is the current Archive software version:
Indication of the current Archive
software version installed.
Figure 2: Archive software revision reported in the Tools -> Versions Page
spectracom.com
SecureSync Release Notes V5.7.0 | 41
How to download and install the new SW
Downloading the Software Update
The latest SecureSync software update can be downloaded from the Spectracom website under:
https://spectracom.com/support/securesync-and-netclock-9400-support
On this page,
navigate to:
Installing the Software Update
Instructions on how to install the new software update
can be found in the SecureSync Upgrade Instructions:
This document is also available under
the link provided above.
NOTE: The most current version of the main User Manual can be found under manuals.spectracom.com.
Hard copies of this User Manual may be purchased from the Spectracom Sales department at US +1.585.321.5800.
spectracom.com
SecureSync Release Notes V5.7.0 | 42
How to contact Spectracom Technical Support
Should you have any questions or comments regarding any of the above-mentioned features or fixes, please
contact one of the global Spectracom Technical Support centers for more information:
USA http://spectracom.com/support/request-service-product-support | 1565 Jefferson Road,
Suite 460 | Rochester, NY 14623 USA | +1.585.321.5800
FRANCE techsupport-EMEA@spectracom.com | 3 Avenue du Canada | 91974 Les Ulis, Cedex |
+33 (0)1 64 53 39 80
spectracom.com
SecureSync Release Notes V5.7.0 | 43
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising