From: NTP Release Engineering Date: Thu, 6 Jun 2019 23:10:52 +0000 (-0700) Subject: Merge ntp-build.tal1.ntfo.org:/ntpbuild/data/master/ntp-stable/ X-Git-Tag: NTP_4_3_96~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70a8cb86054807f0b0b6972cf42ab5fc93e96276;p=thirdparty%2Fntp.git Merge ntp-build.tal1.ntfo.org:/ntpbuild/data/master/ntp-stable/ into ntp-build.tal1.ntfo.org:/ntpbuild/data/newdev/ntp-dev bk: 5cf99d7cwcYUquJR4ZrahSzw_Ujxpg --- 70a8cb86054807f0b0b6972cf42ab5fc93e96276 diff --cc ChangeLog index 6e2be39c6,a1a1cfae4..d5d822f39 --- a/ChangeLog +++ b/ChangeLog @@@ -1,6 -1,65 +1,68 @@@ ++From ntp-4.2.8p10: + --- + (4.2.8p10-win-beta1) 2017/03/21 Released by Harlan Stenn + (4.2.8p10) + + * [Sec 3389] NTP-01-016: Denial of Service via Malformed Config + (Pentest report 01.2017) + * [Sec 3388] NTP-01-014: Buffer Overflow in DPTS Clock + (Pentest report 01.2017) + * [Sec 3387] NTP-01-012: Authenticated DoS via Malicious Config Option + (Pentest report 01.2017) + * [Sec 3386] NTP-01-011: ntpq_stripquotes() returns incorrect Value + (Pentest report 01.2017) + * [Sec 3385] NTP-01-010: ereallocarray()/eallocarray() underused. HStenn + * [Sec 3384] NTP-01-009: Privileged execution of User Library code + (Pentest report 01.2017) + * [Sec 3383] NTP-01-008: Stack Buffer Overflow from Command Line + (Pentest report 01.2017) + * [Sec 3382] NTP-01-007: Data Structure terminated insufficiently + (Pentest report 01.2017) + * [Sec 3380] NTP-01-005: Off-by-one in Oncore GPS Receiver + (Pentest report 01.2017) + * [Sec 3379] NTP-01-004: Potential Overflows in ctl_put() functions + (Pentest report 01.2017) + * [Sec 3378] NTP-01-003: Improper use of snprintf() in mx4200_send() + (Pentest report 01.2017) + * [Sec 3377] NTP-01-002: Buffer Overflow in ntpq when fetching reslist + (Pentest report 01.2017) + * [Bug 3363] Support for openssl-1.1.0 without compatibility modes + - rework of patch set from . + * [Bug 3356] Bugfix 3072 breaks multicastclient + * [Bug 3216] libntp audio ioctl() args incorrectly cast to int + on 4.4BSD-Lite derived platforms + - original patch by Majdi S. Abbas + * [Bug 3215] 'make distcheck' fails with new BK repo format + * [Bug 3173] forking async worker: interrupted pipe I/O + - initial patch by Christos Zoulas + * [Bug 3139] (...) time_pps_create: Exec format error + - move loader API from 'inline' to proper source + - augment pathless dlls with absolute path to NTPD + - use 'msyslog()' instead of 'printf() 'for reporting trouble + * [Bug 3107] Incorrect Logic for Peer Event Limiting + - applied patch by Matthew Van Gundy + * [Bug 3065] Quiet warnings on NetBSD + - applied some of the patches provided by Havard. Not all of them + still match the current code base, and I did not touch libopt. + * [Bug 3062] Change the process name of forked DNS worker + - applied patch by Reinhard Max. See bugzilla for limitations. + * [Bug 2923] Trap Configuration Fail + - fixed dependency inversion from [Bug 2837] + * [Bug 2896] Nothing happens if minsane < maxclock < minclock + - produce ERROR log message about dysfunctional daemon. + * [Bug 2851] allow -4/-6 on restrict line with mask + - applied patch by Miroslav Lichvar for ntp4.2.6 compat + * [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags + - Fixed these and some more locations of this pattern. + Probably din't get them all, though. + * Update copyright year. + * bk-7 trigger updates + +(4.3.95) 2019/04/08 Released by Harlan Stenn +* Clean up sntp/Makefile.am rule for scm-rev. - From ntp-4.2.8p9-win: --- (4.2.8p9-win) 2017/02/01 Released by Harlan Stenn