From: Harlan Stenn <stenn@ntp.org>
Date: Mon, 5 Oct 2015 23:19:50 +0000 (+0000)
Subject: Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-sec
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5013b26b11f84f1f444697dc0e02a33467215145;p=thirdparty%2Fntp.git

Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-sec
into  psp-deb1.ntp.org:/home/stenn/ntp-stable-cisco2

bk: 56130596fVazYurbziGIAEtugxYXkA
---

5013b26b11f84f1f444697dc0e02a33467215145
diff --cc ChangeLog
index 86ff0753e,598363134..78cb7770f
--- a/ChangeLog
+++ b/ChangeLog
@@@ -1,10 -1,11 +1,17 @@@
  ---
- * [TALOS-CAN-0055] Infinite loop if extended logging enabled and
+ * [Sec 2899] CVE-2014-9297  perlinger@ntp.org
+ * [Sec 2902] configuration directives "pidfile" and "driftfile"
+   should be local-only. perlinger@ntp.org (patch by Miroslav Lichvar)
+ * [Sec 2909] added missing call to 'free()' in ntp_crypto.c. perlinger@ntp.org
+ * [Sec 2913] TALOS-CAN-0052: crash by loop counter underrun. perlinger@ntp.org
+ * [Sec 2916] TALOS-CAN-0054: memory corruption in password store. JPerlinger
++* [Sec 2917] TALOS-CAN-0055: Infinite loop if extended logging enabled and
 +  the logfile and keyfile are the same. perlinger@ntp.org
- * [TALOS-CAN-0062] prevent directory traversal for VMS, too, when
++* [Sec 1918] TALOS-CAN-0062: prevent directory traversal for VMS, too, when
 +  using 'saveconfig' command.  perlinger@ntp.org
- * [TALOS-CAN-0064] signed/unsiged clash could lead to buffer overun
+ * [Bug 2919] TALOS-CAN-0063: avoid buffer overrun in ntpq. perlinger@ntp.org
++* [Sec 2020] TALOS-CAN-0064: signed/unsiged clash could lead to buffer overun
 +  and memory corruption. perlinger@ntp.org
  * [Bug 2332] (reopened) Exercise thread cancellation once before dropping
    privileges and limiting resources in NTPD removes the need to link
    forcefully against 'libgcc_s' which does not always work. J.Perlinger