Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p14-sec

into  psp-deb1.ntp.org:/net/nfs1/nfs/home/stenn/ntp-stable-3592

bk: 5e4a6cb6XEkMbt-R7bynlDdjQwgbNA

diff --cc ChangeLog
index d3a363f34ff74fcc9c27750fee56f898f70a078a,dbecd5cf132b56139503ff2c9588802496afa322..6bb01c3e9a5c3e3f0fc72dc4dae4ebdfb9cb70fc
--- 1/ChangeLog
--- 2/ChangeLog
+++ b/ChangeLog
@@@ -2,16 -2,9 +2,18 @@@
  
  * [Sec 3610] process_control() should bail earlier on short packets. stenn@
    - Reported by Philippe Antoine
 +* [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org>
 +  - Reported by Miroslav Lichvar
+ * [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org>
+   - Reported by Miroslav Lichvar
 +* [Bug 3637] Emit the version of ntpd in saveconfig.  stenn@
 +* [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org>
 +* [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org>
  * [Bug 3634] Typo in discipline.html, reported by Jason Harrison.  stenn@
 +* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
 +  - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
 +* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
 +  - integrated patch by Cy Schubert
  * [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org>
    - applied patch by Gerry Garvey
  * [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org>

diff --cc ntpd/ntp_proto.c
index 672fc27b2d7f943c2d9d9e7ad4bafe4ff343d346,dd00bf2cdae6bafdb80fac97465f89cd84e1bbd5..32357c8c11e324e34156845295b0d94264dbbd47
--- 1/ntpd/ntp_proto.c
--- 2/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@@ -2999,11 -2955,10 +3007,11 @@@ clock_update
  void
  poll_update(
        struct peer *peer,      /* peer structure pointer */
 -      u_char  mpoll
 +      u_char  mpoll,
 +      u_char  skewpoll
        )
  {
-       u_long  next, utemp;
+       u_long  next, utemp, limit;
        u_char  hpoll;
  
        /*