From: Harlan Stenn <stenn@ntp.org>
Date: Sat, 4 Aug 2018 10:45:45 +0000 (+0000)
Subject: Merge psp-deb1.ntp.org:/net/nfs1/nfs/home/stenn/ntp-stable
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8253f554cff8e4d4bca0f8971a55ec00fae005eb;p=thirdparty%2Fntp.git

Merge psp-deb1.ntp.org:/net/nfs1/nfs/home/stenn/ntp-stable
into  psp-deb1.ntp.org:/net/nfs1/nfs/home/stenn/ntp-stable-p12-sec

bk: 5b6583d9zs_zYYJQzx9P6lcPA6Y8cQ
---

8253f554cff8e4d4bca0f8971a55ec00fae005eb
diff --cc ChangeLog
index 7572d1ec9,ccceb6ece..cafa818c7
--- a/ChangeLog
+++ b/ChangeLog
@@@ -1,12 -1,7 +1,13 @@@
  ---
  
 +* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
 +  - fixed stack buffer overflow in the openhost() command-line call
 +    of NTPQ/NTPDC <perlinger@ntp.org>
  * [Sec 3012] noepeer tweaks.  <stenn@ntp.org>
+ * [Bug 3521] Fix a logic bug in the INVALIDNAK checks.  <stenn@ntp.org>
 +* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
 +             other TrustedBSD platforms
 +  - applied patch by Ian Lepore <perlinger@ntp.org>
  * [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
    - changed interaction with SCM to signal pending startup
  * [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
diff --cc NEWS
index 99d37683b,91f4b20b1..26430550b
--- a/NEWS
+++ b/NEWS
@@@ -11,16 -11,12 +11,17 @@@ This release fixes a "hole" in the noep
  in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
  ntpq and ntpdc.  It also provides 26 other bugfixes, and 4 other improvements:
  
 -* [Sec 3505]
 +* [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc.
  
 -* [Sec 3012] 
 +* [Sec 3012] Fix a hole in the new "noepeer" processing.
  
  * Bug Fixes:
+  [Bug 3521] Fix a logic bug in the INVALIDNAK checks.  <stenn@ntp.org>
 + [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
 +            other TrustedBSD platforms
 + - applied patch by Ian Lepore <perlinger@ntp.org>
 + [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
 + - changed interaction with SCM to signal pending startup
   [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
   - applied patch by Gerry Garvey
   [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>