From: Harlan Stenn <stenn@ntp.org>
Date: Sun, 17 Jan 2016 05:13:49 +0000 (+0000)
Subject: Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p6
X-Git-Tag: NTP_4_2_8P6~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ca3b6f43b4908682813cb8258b9ced2ebd6ba15;p=thirdparty%2Fntp.git

Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p6
into  psp-deb1.ntp.org:/home/stenn/ntp-stable-2942

bk: 569b230dO-NrAwkDzk_j6W8otlHPBQ
---

7ca3b6f43b4908682813cb8258b9ced2ebd6ba15
diff --cc ChangeLog
index fe31e453a,094d4f460..fb72336a3
--- a/ChangeLog
+++ b/ChangeLog
@@@ -1,32 -1,6 +1,33 @@@
  ---
  
 +* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
 +* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
 +* [Sec 2938] ntpq saveconfig command allows dangerous characters
 +  in filenames. perlinger@ntp.org
 +* [Sec 2939] reslist NULL pointer dereference.  perlinger@ntp.org
 +* [Sec 2940] Stack exhaustion in recursive traversal of restriction
 +  list. perlinger@ntp.org
+ * [Sec 2942]: Off-path DoS attack on auth broadcast mode.  HStenn.
 +* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
 +* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
 +* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
 +* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
 +  - applied patch by shenpeng11@huawei.com with minor adjustments
 +* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
 +* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
 +* [Bug 2892] Several test cases assume IPv6 capabilities even when
 +             IPv6 is disabled in the build. perlinger@ntp.org
 +  - Found this already fixed, but validation led to cleanup actions.
 +* [Bug 2905] DNS lookups broken. perlinger@ntp.org
 +  - added limits to stack consumption, fixed some return code handling
 +* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
 +  - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
 +  - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
 +* [Bug 2980] reduce number of warnings. perlinger@ntp.org
 +  - integrated several patches from Havard Eidnes (he@uninett.no)
 +* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
 +  - implement 'auth_log2()' using integer bithack instead of float calculation
 +* Make leapsec_query debug messages less verbose.  Harlan Stenn.
  
  ---
  (4.2.8p5) 2016/01/07 Released by Harlan Stenn <stenn@ntp.org>