Import ntp-4.2.8p18 (previous was ntp-4.2.8p15

---
(4.2.8p18) 2024/05/25 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 3918] Tweak openssl header/library handling. <stenn@ntp.org>
* [Bug 3914] Spurious "Unexpected origin timestamp" logged after time
stepped. <hart@ntp.org>
* [Bug 3913] Avoid duplicate IPv6 link-local manycast associations.
<hart@ntp.org>
* [Bug 3912] Avoid rare math errors in ntptrace. <brian.utterback@oracle.com>
* [Bug 3910] Memory leak using openssl-3 <hart@ntp.org>
* [Bug 3909] Do not select multicast local address for unicast peer.
<hart@ntp.org>
* [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe.
<hart@ntp.org>
* [Bug 3901] LIB_GETBUF isn't thread-safe. <hart@ntp.org>
* [Bug 3900] fast_xmit() selects wrong local addr responding to mcast on
Windows. <hart@ntp.org>
* [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient creates
duplicate associations. <hart@ntp.org>
* [Bug 3872] Ignore restrict mask for hostname. <hart@ntp.org>
* [Bug 3871] 4.2.8p17 build without hopf6021 refclock enabled fails.
Reported by Hans Mayer. Moved NONEMPTY_TRANSLATION_UNIT
declaration from ntp_types.h to config.h. <hart@ntp.org>
* [Bug 3870] Server drops client packets with ppoll < 4. <stenn@ntp.org>
* [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs.
Reported by PoolMUC@web.de. <hart@ntp.org>
* [Bug 3868] Cannot restrict a pool peer. <hart@ntp.org> Thanks to
Edward McGuire for tracking down the deficiency.
* [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian.
<hart@ntp.org>
* [Bug 3859] Use NotifyIpInterfaceChange on Windows ntpd. <hart@ntp.org>
* [Bug 3856] Enable Edit & Continue debugging with Visual Studio.
<hart@ntp.org>
* [Bug 3855] ntpq lacks an equivalent to ntpdc's delrestrict. <hart@ntp.org>
* [Bug 3854] ntpd 4.2.8p17 corrupts rawstats file with space in refid.
<hart@ntp.org>
* [Bug 3853] Clean up warnings with modern compilers. <hart@ntp.org>
* [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as
intended. <hart@ntp.org>
* [Bug 3851] Drop pool server when no local address can reach it.
<hart@ntp.org>
* [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid.
<hart@ntp.org>
* [Bug 3849] ntpd --wait-sync times out. <hart@ntp.org>
* [Bug 3847] SSL detection in configure should run-test if runpath is needed.
<hart@ntp.org>
* [Bug 3846] Use -Wno-format-truncation by default. <hart@ntp.org>
* [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access.
<hart@ntp.org>
* [Bug 3842] Windows ntpd PPSAPI DLL load failure crashes. <hart@ntp.org>
* [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat
Need to remove --Wformat-security when removing -Wformat to
silence numerous libopts warnings. <hart@ntp.org>
* [Bug 3837] NULL pointer deref crash when ntpd deletes last interface.
Reported by renmingshuai. Correct UNLINK_EXPR_SLIST() when the
list is empty. <hart@ntp.org>
* [Bug 3835] NTP_HARD_*FLAGS not used by libevent tearoff. <hart@ntp.org>
* [Bug 3831] pollskewlist zeroed on runtime configuration. <hart@ntp.org>
* [Bug 3830] configure libevent check intersperses output with answer. <stenn@>
* [Bug 3828] BK should ignore a git repo in the same directory.
<burnicki@ntp.org>
* [Bug 3827] Fix build in case CLOCK_HOPF6021 or CLOCK_WHARTON_400A
is disabled. <burnicki@ntp.org>
* [Bug 3825] Don't touch HTML files unless building inside a BK repo.
Fix the script checkHtmlFileDates. <burnicki@ntp.org>
* [Bug 3756] Improve OpenSSL library/header detection.
* [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. <hart@ntp.org>
* [Bug 2734] TEST3 prevents initial interleave sync. Fix from <PoolMUC@web.de>
* Log failures to allocate receive buffers. <hart@ntp.org>
* Remove extraneous */ from libparse/ieee754io.c
* Fix .datecheck target line in Makefile.am. <stenn@ntp.org>
* Update the copyright year. <stenn@ntp.org>
* Update ntp.conf documentation to add "delrestrict" and correct information
about KoD rate limiting. <hart@ntp.org>
* html/clockopt.html cleanup. <stenn@ntp.org>
* util/lsf-times - added. <stenn@ntp.org>
* Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c. <hart@ntp.org>
* Provide ntpd thread names to debugger on Windows. <hart@ntp.org>
* Remove dead code libntp/numtohost.c and its unit tests. <hart@ntp.org>
* Remove class A, B, C IPv4 distinctions in netof(). <hart@ntp.org>
* Use @configure_input@ in various *.in files to include a comment that
the file is generated from another pointing to the *.in. <hart@ntp.org>
* Correct underquoting, indents in ntp_facilitynames.m4. <hart@ntp.org>
* Clean up a few warnings seen building with older gcc. <hart@ntp.org>
* Fix build on older FreeBSD lacking sys/procctl.h. <hart@ntp.org>
* Disable [Bug 3627] workaround on newer FreeBSD which has the kernel fix
that makes it unnecessary, re-enabling ASLR stack gap. <hart@ntp.org>
* Use NONEMPTY_COMPILATION_UNIT in more conditionally-compiled files.
* Remove useless pointer to Windows Help from system error messages.
* Avoid newlines within Windows error messages. <hart@ntp.org>
* Ensure unique association IDs if wrapped. <hart@ntp.org>
* Simplify calc_addr_distance(). <hart@ntp.org>
* Clamp min/maxpoll in edge cases in newpeer(). <hart@ntp.org>
* Quiet local addr change logging when unpeering. <hart@ntp.org>
* Correct missing arg for %s printf specifier in
send_blocking_resp_internal(). <hart@ntp.org>
* Suppress OpenSSL 3 deprecation warning clutter. <hart@ntp.org>
* Correct OpenSSL usage in Autokey code to avoid warnings about
discarding const qualifiers with OpenSSL 3. <hart@ntp.org>
* Display KoD refid as text in recently added message. <hart@ntp.org>
* Avoid running checkHtmlFileDates script repeatedly when no html/*.html
files have changed. <hart@ntp.org>
* Abort configure if --enable-crypto-rand given & unavailable. <hart@ntp.org>
* Add configure --enable-verbose-ssl to trace SSL detection. <hart@ntp.org>
* Add build test coverage for --disable-saveconfig to flock-build script.
<hart@ntp.org>
* Remove deprecated configure --with-arlib option. <hart@ntp.org>
* Remove configure support for ISC UNIX ca. 1998. <hart@ntp.org>
* Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files
to NTP_LIBNTP. <hart@ntp.org>
* Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. <hart@ntp.org>
* Eliminate [v]snprintf redefinition warnings on macOS. <hart@ntp.org>
* Fix clang 14 cast increases alignment warning on Linux. <hart@ntp.org>
* Move ENABLE_CMAC to ntp_openssl.m4, reviving sntp/tests CMAC unit tests.
<hart@ntp.org>
* Use NTP_HARD_CPPFLAGS in libopts tearoff. <hart@ntp.org>
* wire in --enable-build-framework-help

---
(4.2.8p17) 2023/06/06 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at
event_sync. Reported by Edward McGuire. <hart@ntp.org>
* [Bug 3822] ntpd significantly delays first poll of servers specified by name.
<hart@ntp.org> Miroslav Lichvar identified regression in 4.2.8p16.
* [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with
4.2.8p15 or earlier. Reported by Matt Nordhoff, thanks to
Miroslav Lichvar and Matt for rapid testing and identifying the
problem. <hart@ntp.org>
* Add tests/libntp/digests.c to catch regressions reading keys file or with
symmetric authentication digest output. <hart@ntp.org>

---
(4.2.8p16) 2023/05/31 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org>
* [Sec 3807] praecis_parse() in the Palisade refclock driver has a
hypothetical input buffer overflow. Reported by ... stenn@
* [Sec 3806] libntp/mstolfp.c needs bounds checking <perlinger@ntp.org>
- solved numerically instead of using string manipulation
* [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled.
<stenn@ntp.org>
* [Bug 3819] Updated libopts/Makefile.am was missing NTP_HARD_* values. <stenn@>
* [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org>
* [Bug 3814] First poll delay of new or cleared associations miscalculated.
<hart@ntp.org>
* [Bug 3802] ntp-keygen -I default identity modulus bits too small for
OpenSSL 3. Reported by rmsh1216@163.com <hart@ntp.org>
* [Bug 3801] gpsdjson refclock gps_open() device name mishandled. <hart@ntp.org>
* [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org>
* [Bug 3799] Enable libopts noreturn compiler advice for MSC. <hart@ntp.org>
* [Bug 3797] Windows getaddrinfo w/AI_ADDRCONFIG fails for localhost when
disconnected, breaking ntpq and ntpdc. <hart@ntp.org>
* [Bug 3795] pollskewlist documentation uses | when it shouldn't.
- ntp.conf manual page and miscopt.html corrections. <hart@ntp.org>
* [Bug 3793] Wrong variable type passed to record_raw_stats(). <hart@ntp.org>
- Report and patch by Yuezhen LUAN <wei6410@sina.com>.
* [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org>
* [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded.
<hart@ntp.org>
* [Bug 3781] log "Unable to listen for broadcasts" for IPv4 <hart@ntp.org>
* [Bug 3774] mode 6 packets corrupted in rawstats file <hart@ntp.org>
- Reported by Edward McGuire, fix identified by <wei6410@sina.com>.
* [Bug 3758] Provide a 'device' config statement for refclocks <perlinger@ntp.org>
* [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org>
* [Bug 3741] 4.2.8p15 can't build with glibc 2.34 <perlinger@ntp.org>
* [Bug 3725] Make copyright of clk_wharton.c compatible with Debian.
Philippe De Muyter <phdm@macqel.be>
* [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org>
- openssl applink needed again for openSSL-1.1.1
* [Bug 3719] configure.ac checks for closefrom() and getdtablesize() missing.
Reported by Brian Utterback, broken in 2010 by <hart@ntp.org>
* [Bug 3699] Problems handling drift file and restoring previous drifts <perlinger@ntp.org>
- command line options override config statements where applicable
- make initial frequency settings idempotent and reversible
- make sure kernel PLL gets a recovered drift componsation
* [Bug 3695] Fix memory leak with ntpq on Windows Server 2019 <perlinger@ntp.org>
* [Bug 3694] NMEA refclock seems to unnecessarily require location in messages
- misleading title; essentially a request to ignore the receiver status.
Added a mode bit for this. <perlinger@ntp.org>
* [Bug 3693] Improvement of error handling key lengths <perlinger@ntp.org>
- original patch by Richard Schmidt, with mods & unit test fixes
* [Bug 3692] /dev/gpsN requirement prevents KPPS <perlinger@ntp.org>
- implement/wrap 'realpath()' to resolve symlinks in device names
* [Bug 3691] Buffer Overflow reading GPSD output
- original patch by matt<ntpbr@mattcorallo.com>
- increased max PDU size to 4k to avoid truncation
* [Bug 3690] newline in ntp clock variable (parse) <perlinger@ntp.org>
- patch by Frank Kardel
* [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org>
- ntp{q,dc} now use the same password processing as ntpd does in the key
file, so having a binary secret >= 11 bytes is possible for all keys.
(This is a different approach to the problem than suggested)
* [Bug 3688] GCC 10 build errors in testsuite <perlinger@ntp.org>
* [Bug 3687] ntp_crypto_rand RNG status not known <perlinger@ntp.org>
- patch by Gerry Garvey
* [Bug 3682] Fixes for warnings when compiled without OpenSSL <perlinger@ntp.org>
- original patch by Gerry Garvey
* [Bug 3677] additional peer events not decoded in associations listing <perlinger@ntp.org>
- original patch by Gerry Garvey
* [Bug 3676] compiler warnings (CMAC, interrupt_buf, typo, fallthrough)
- applied patches by Gerry Garvey
* [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage
* [Bug 3674] ntpq command 'execute only' using '~' prefix <perlinger@ntp.org>
- idea+patch by Gerry Garvey
* [Bug 3672] fix biased selection in median cut <perlinger@ntp.org>
* [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
- follow-up: fix inverted sense in check, reset shortfall counter
* [Bug 3660] Revert 4.2.8p15 change to manycast. <hart@ntp.org>
* [Bug 3640] document "discard monitor" and fix the code. <hart@ntp.org>
- fixed bug identified by Edward McGuire <perlinger@ntp.org>
* [Bug 3626] (SNTP) UTC offset calculation needs dst flag <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3428] ntpd spinning consuming CPU on Linux router with full table.
Reported by Israel G. Lugo. <hart@ntp.org>
* [Bug 3103] libopts zsave_warn format string too few arguments <bkorb@gnu.org>
* [Bug 2990] multicastclient incorrectly causes bind to broadcast address.
Integrated patch from Brian Utterback. <hart@ntp.org>
* [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org>
* [Bug 2410] syslog an error message on panic exceeded. <brian.utterback@oracle.com>
* Use correct rounding in mstolfp(). perlinger/hart
* M_ADDF should use u_int32. <hart@ntp.org>
* Only define tv_fmt_libbuf() if we will use it. <stenn@ntp.org>
* Use recv_buffer instead of the longer recv_space.X_recv_buffer. hart/stenn
* Make sure the value returned by refid_str() prints cleanly. <stenn@ntp.org>
* If DEBUG is enabled, the startup banner now says that debug assertions
are in force and that ntpd will abort if any are violated. <stenn@ntp.org>
* syslog valid incoming KoDs. <stenn@ntp.org>
* Rename a poorly-named variable. <stenn@ntp.org>
* Disable "embedded NUL in string" messages in libopts, when we can. <stenn@>
* Use https in the AC_INIT URLs in configure.ac. <stenn@ntp.org>
* Implement NTP_FUNC_REALPATH. <stenn@ntp.org>
* Lose a gmake construct in ntpd/Makefile.am. <stenn@ntp.org>
* upgrade to: autogen-5.18.16
* upgrade to: libopts-42.1.17
* upgrade to: autoconf-2.71
* upgrade to: automake-1.16.15
* Upgrade to libevent-2.1.12-stable <stenn@ntp.org>
* Support OpenSSL-3.0

(4.2.8p15) 2020/06/23 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3661] memory leak with AES128CMAC keys <perlinger@ntp.org>
* [Bug 3670] Regression from bad merge of 3592 and 3596 <perlinger@ntp.org>
- fixed a bad merge that happened before 4.2.8-p14. Thanks to
Sylar Tao for noticing this!
* [Bug 3667] decodenetnum fails with numeric port <perlinger@ntp.org>
- rewrite 'decodenetnum()' in terms of inet_pton
* [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
- limit number of receive buffers, with an iron reserve for refclocks
* [Bug 3664] Enable openSSL CMAC support on Windows <burnicki@ntp.org>
* [Bug 3662] Fix build errors on Windows with VS2008 <burnicki@ntp.org>
* [Bug 3660] Manycast orphan mode startup discovery problem. <stenn@ntp.org>
- integrated patch from Charles Claggett
* [Bug 3659] Move definition of psl[] from ntp_config.h to
ntp_config.h <perlinger@ntp.org>
* [Bug 3657] Wrong "Autokey group mismatch" debug message <perlinger@ntp.org>
* [Bug 3655] ntpdc memstats hash counts <perlinger@ntp.org>
- fix by Gerry garvey
* [Bug 3653] Refclock jitter RMS calculation <perlinger@ntp.org>
- thanks to Gerry Garvey
* [Bug 3646] Avoid sync with unsync orphan <perlinger@ntp.org>
- patch by Gerry Garvey
* [Bug 3644] Unsynchronized server [...] selected as candidate <perlinger@ntp.org>
* [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
- applied patch by Takao Abe

(4.2.8p14) 2020/03/03 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3610] process_control() should bail earlier on short packets. stenn@
- Reported by Philippe Antoine
* [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org>
- Reported by Miroslav Lichvar
* [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org>
- Reported by Miroslav Lichvar
* [Bug 3637] Emit the version of ntpd in saveconfig. stenn@
* [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org>
* [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org>
* [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@
* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
- implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
- integrated patch by Cy Schubert
* [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@ntp.org>
- integrated patch by Richard Steedman
* [Bug 3615] accelerate refclock startup <perlinger@ntp.org>
* [Bug 3613] Propagate noselect to mobilized pool servers <stenn@ntp.org>
- Reported by Martin Burnicki
* [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
- Reported by Philippe Antoine
* [Bug 3611] NMEA time interpreted incorrectly <perlinger@ntp.org>
- officially document new "trust date" mode bit for NMEA driver
- restore the (previously undocumented) "trust date" feature lost with [bug 3577]
* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
- mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
* [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org>
- removed ffs() and fls() prototypes as per Brian Utterback
* [Bug 3604] Wrong param byte order passing into record_raw_stats() in
ntp_io.c <perlinger@ntp.org>
- fixed byte and paramter order as suggested by wei6410@sina.com
* [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@ntp.org>
* [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
- added padding as suggested by John Paul Adrian Glaubitz
* [Bug 3594] ntpd discards messages coming through nmead <perlinger@ntp.org>
* [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@ntp.org>
* [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@ntp.org>
* [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org>
- stdout+stderr are set to line buffered during test setup now
* [Bug 3583] synchronization error <perlinger@ntp.org>
- set clock to base date if system time is before that limit
* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@ntp.org>
* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
- Reported by Paulo Neves
* [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@ntp.org>
- also updates for refclock_nmea.c and refclock_jupiter.c
* [Bug 3576] New GPS date function API <perlinger@ntp.org>
* [Bug 3573] nptdate: missleading error message <perlinger@ntp.org>
* [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@ntp.org>
* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@ntp.org>
- sidekick: service port resolution in 'ntpdate'
* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@ntp.org>
- applied patch by Douglas Royds
* [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@ntp.org>
* [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
- try to harden 'decodenetnum()' against 'getaddrinfo()' errors
- fix wrong cond-compile tests in unit tests
* [Bug 3517] Reducing build noise <perlinger@ntp.org>
* [Bug 3516] Require tooling from this decade <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@ntp.org>
- partial application of patch by Philipp Prindeville
* [Bug 3491] Signed values of LFP datatypes should always display a sign
- applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
* [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@ntp.org>
- applied (modified) patch by Richard Steedman
* [Bug 3473] RefID of refclocks should always be text format <perlinger@ntp.org>
- applied patch by Gerry Garvey (with minor formatting changes)
* [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network
<perlinger@ntp.org>
* [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user
is specified with -u <perlinger@ntp.org>
- monitor daemon child startup & propagate exit codes
* [Bug 1433] runtime check whether the kernel really supports capabilities
- (modified) patch by Kurt Roeckx <perlinger@ntp.org>
* Clean up sntp/networking.c:sendpkt() error message. <stenn@ntp.org>
* Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org>
* Startup log improvements. <stenn@ntp.org>
* Update the copyright year.
* html/confopt.html: cleanup. <stenn@ntp.org>

---
(4.2.8p13) 2019/03/07 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3565] Crafted null dereference attack in authenticated
mode 6 packet <perlinger@ntp.org>
- reported by Magnus Stubman
* [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org>
- applied patch by Ian Lepore
* [Bug 3558] Crash and integer size bug <perlinger@ntp.org>
- isolate and fix linux/windows specific code issue
* [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org>
- provide better function for incremental string formatting
* [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
- original finding by Gerry Garvey, additional cleanup needed
* [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org>
- patch by Christous Zoulas
* [Bug 3548] Signature not verified on windows system <perlinger@ntp.org>
- finding by Chen Jiabin, plus another one by me
* [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org>
- applied patch by Maciej Szmigiero
* [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org>
- applied patch by Andre Charbonneau
* [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org>
- refactored handling of GPS era based on 'tos basedate' for
parse (TSIP) and JUPITER clocks
* [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org>
- patch by Daniel J. Luke; this does not fix a potential linker
regression issue on MacOS.
* [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
anomaly <perlinger@ntp.org>, reported by GGarvey.
- --enable-bug3527-fix support by HStenn
* [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org>
- added missing check, reported by Reinhard Max <perlinger@ntp.org>
* [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64
- this is a variant of [bug 3558] and should be fixed with it
* Implement --disable-signalled-io

---
(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
- fixed stack buffer overflow in the openhost() command-line call
of NTPQ/NTPDC <perlinger@ntp.org>
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
* [Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
* html/authopt.html: cleanup, from <stenn@ntp.org>
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
* html/authentic.html: cleanup, from <stenn@ntp.org>

branches: 1.1.1.11.2;
---

* [Sec 3454] Unauthenticated packet can reset authenticated interleave
associations. HStenn.
* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn.
* [Sec 3415] Permit blocking authenticated symmetric/passive associations.
Implement ippeerlimit. HStenn, JPerlinger.
* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits
- initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org>
* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org>
* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger.
* [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
- applied patch by Sean Haugh
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
- refactoring the MAC code, too
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- applied patch by ggarvey
* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- applied patch by ggarvey (with minor mods)
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
- fixed several issues with hash algos in ntpd, sntp, ntpq,
ntpdc and the test suites <perlinger@ntp.org>
* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
- initial patch by Daniel Pouzzner
* [Bug 3423] QNX adjtime() implementation error checking is
wrong <perlinger@ntp.org>
* [Bug 3417] ntpq ifstats packet counters can be negative
made IFSTATS counter quantities unsigned <perlinger@ntp.org>
* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
- raised receive buffer size to 1200 <perlinger@ntp.org>
* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
analysis tool. <abe@ntp.org>
* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
- fix/drop assumptions on OpenSSL libs directory layout
* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
- initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
* [Bug 3398] tests fail with core dump <perlinger@ntp.org>
- patch contributed by Alexander Bluhm
* [Bug 3397] ctl_putstr() asserts that data fits in its buffer
rework of formatting & data transfer stuff in 'ntp_control.c'
avoids unecessary buffers and size limitations. <perlinger@ntp.org>
* [Bug 3394] Leap second deletion does not work on ntpd clients
- fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
- increased mimimum stack size to 32kB <perlinger@ntp.org>
* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
- reverted handling of PPS kernel consumer to 4.2.6 behavior
* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
* [Bug 3016] wrong error position reported for bad ":config pool"
- fixed location counter & ntpq output <perlinger@ntp.org>
* [Bug 2900] libntp build order problem. HStenn.
* [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
perlinger@ntp.org
* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
* [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
* Use strlcpy() to copy strings, not memcpy(). HStenn.
* Typos. HStenn.
* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org
* Fix trivial warnings from 'make check'. perlinger@ntp.org
* Fix bug in the override portion of the compiler hardening macro. HStenn.
* record_raw_stats(): Log entire packet. Log writes. HStenn.
* AES-128-CMAC support. BInglis, HStenn, JPerlinger.
* sntp: tweak key file logging. HStenn.
* sntp: pkt_output(): Improve debug output. HStenn.
* update-leap: updates from Paul McMath.
* When using pkg-config, report --modversion. HStenn.
* Clean up libevent configure checks. HStenn.
* sntp: show the IP of who sent us a crypto-NAK. HStenn.
* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
* authistrustedip() - use it in more places. HStenn, JPerlinger.
* New sysstats: sys_lamport, sys_tsrounding. HStenn.
* Update ntp.keys .../N documentation. HStenn.
* Distribute testconf.yml. HStenn.
* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
* Rename the configuration flag fifo variables. HStenn.
* Improve saveconfig output. HStenn.
* Decode restrict flags on receive() debug output. HStenn.
* Decode interface flags on receive() debug output. HStenn.
* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
* Update the documentation in ntp.conf.def . HStenn.
* restrictions() must return restrict flags and ippeerlimit. HStenn.
* Update ntpq peer documentation to describe the 'p' type. HStenn.
* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
* Provide dump_restricts() for debugging. HStenn.
* Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
* Some tests might need LIBM. HStenn.
* update-leap: Allow -h/--help early. HStenn.

branches: 1.1.1.10.4; 1.1.1.10.10;
Import ntp 4.2.8p10

branches: 1.1.1.9.2;
(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3119] Trap crash <perlinger@ntp.org>
* [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org>
- TRAP config via mode 6 packet requires AUTH now.
* [Sec 3114] Broadcast Mode Replay Prevention DoS
- applied patches by Matthew Van Gundy. <perlinger@ntp.org>
- with bcpollbstep, tweaks and cleanup by stenn@ntp.org
* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org>
- applied fix as suggested by Matthew Van Gundy
* [Sec 3110] Windows: ntpd DoS by oversized UDP packet
- fixed error handling for truncated UDP packets. <perlinger@ntp.org>
* [Sec 3102] Zero origin issues. HStenn.
* [Sec 3082] null pointer dereference in _IO_str_init_static_internal()
- more hardening to read_mru_list(). perlinger@ntp.org
* [Sec 3072] Attack on interface selection <perlinger@ntp.org>
- implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion
to skip interface updates based on incoming packets
* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
* [Bug 3129] Unknown hosts can put resolver thread into a hard loop
- moved retry decision where it belongs. <perlinger@ntp.org>
* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
- fixed extended sysvar lookup (bug introduced with bug 3008 fix)
* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
- applied patches by Kurt Roeckx <kurt@roeckx.be> to source
- added shim layer for SSL API calls with issues (both directions)
* [Bug 3089] Serial Parser does not work anymore for hopfser like device
- simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
* [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
- applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
* [Bug 3067] Root distance calculation needs improvement. HStenn.
* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
- PPS-HACK works again.
* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
- applied patch by Brian Utterback <brian.utterback@oracle.com>
* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
* [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
<perlinger@ntp.org>
- patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
- Patch provided by Kuramatsu.
* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
- removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing.
DMayer and JPerlinger.
* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
- fixed GPS week expansion to work based on build date. Special thanks
to Craig Leres for initial patch and testing.
* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd'
- fixed Makefile.am <perlinger@ntp.org>
* [Bug 2689] ATOM driver processes last PPS pulse at startup,
even if it is very old <perlinger@ntp.org>
- make sure PPS source is alive before processing samples
- improve stability close to the 500ms phase jump (phase gate)
* Fix typos in include/ntp.h.
* Shim X509_get_signature_nid() if needed.
* git author attribution cleanup
* bk ignore file cleanup
* remove locks in Windows IO, use rpc-like thread synchronisation instead

branches: 1.1.1.8.2;
Import ntp 4.2.8p8

---
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.

---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.

---

Import ntp 4.2.8p5

Import ntp 4.2.8p4

Import ntp 4.2.8p3

---
(4.2.8p2) 2015/04/07 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p2-RC3) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2763] Fix for different thresholds for forward and backward steps.
---
(4.2.8p2-RC2) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2592] FLAG_TSTAMP_PPS cleanup for refclock_parse.c.
* [Bug 2769] New script: update-leap
* [Bug 2769] cleannup for update-leap
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2794] Clean up kernel clock status reports.
* [Bug 2795] Cannot build without OpenSLL (on Win32).
Provided a Win32 specific wrapper around libevent/arc4random.c.
fixed some minor warnings.
* [Bug 2796] ntp-keygen crashes in 'getclock()' on Win32.
* [Bug 2797] ntp-keygen trapped in endless loop for MD5 keys
on big-endian machines.
* [Bug 2798] sntp should decode and display the leap indicator.
* Simple cleanup to html/build.html
---
(4.2.8p2-RC1) 2015/03/30 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2794] Don't let reports on normal kernel status changes
look like errors.
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2592] Account for PPS sources which can provide an accurate
absolute time stamp, and status information.
Fixed indention and removed trailing whitespace.
* [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003.
* [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument.
* [Bug 2346] "graceful termination" signals do not do peer cleanup.
* [Bug 2728] See if C99-style structure initialization works.
* [Bug 2747] Upgrade libevent to 2.1.5-beta.
* [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
* [Bug 2751] jitter.h has stale copies of l_fp macros.
* [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
* [Bug 2757] Quiet compiler warnings.
* [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
* [Bug 2763] Allow different thresholds for forward and backward steps.
* [Bug 2766] ntp-keygen output files should not be world-readable.
* [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
* [Bug 2771] nonvolatile value is documented in wrong units.
* [Bug 2773] Early leap announcement from Palisade/Thunderbolt
* [Bug 2774] Unreasonably verbose printout - leap pending/warning
* [Bug 2775] ntp-keygen.c fails to compile under Windows.
* [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info.
Removed non-ASCII characters from some copyright comments.
Removed trailing whitespace.
Updated definitions for Meinberg clocks from current Meinberg header files.
Now use C99 fixed-width types and avoid non-ASCII characters in comments.
Account for updated definitions pulled from Meinberg header files.
Updated comments on Meinberg GPS receivers which are not only called GPS16x.
Replaced some constant numbers by defines from ntp_calendar.h
Modified creation of parse-specific variables for Meinberg devices
in gps16x_message().
Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates.
Modified mbg_tm_str() which now expexts an additional parameter controlling
if the time status shall be printed.
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
* [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE.
* [Bug 2789] Quiet compiler warnings from libevent.
* [Bug 2790] If ntpd sets the Windows MM timer highest resolution
pause briefly before measuring system clock precision to yield
correct results.
* Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer.
* Use predefined function types for parse driver functions
used to set up function pointers.
Account for changed prototype of parse_inp_fnc_t functions.
Cast parse conversion results to appropriate types to avoid
compiler warnings.
Let ioctl() for Windows accept a (void *) to avoid compiler warnings
when called with pointers to different types.
---
(4.2.8p1) 2015/02/04 Released by Harlan Stenn <stenn@ntp.org>

* Update the NEWS file.
* [Sec 2671] vallen in extension fields are not validated.
---
(4.2.8p1-RC2) 2015/01/29 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
rework: reverted sense of mode bit (so default reflects previous
behaviour) and updated ducumentation.
* [Bug 2732] - Leap second not handled correctly on Windows 8
use 'GetTickCount()' to get the true elapsed time of slew
(This should work for all versions of Windows >= W2K)
* [Bug 2738] Missing buffer initialization in refclocK_parse.c::parsestate().
* [Bug 2739] Parse driver with PPS enabled occasionally evaluates
PPS timestamp with wrong sign.
Removed some German umlauts.
* [Bug 2740] Removed some obsolete code from the parse driver.
* [Bug 2741] Incorrect buffer check in refclocK_parse.c::parsestatus().
---
(4.2.8p1-RC1) 2015/01/24 Released by Harlan Stenn <stenn@ntp.org>

* Start the RC for 4.2.8p1.
* [Bug 2187] Update version number generation scripts.
* [Bug 2617] Fix sntp Usage documentation section.
* [Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
* [Bug 2736] Show error message if we cannot open the config file.
* Copyright update.
* Fix the package name.
---
(4.2.8p1-beta5) 2015/01/07 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2695] Windows build: __func__ not supported under Windows.
* [Bug 2728] Work around C99-style structure initialization code
for older compilers, specifically Visual Studio prior to VS2013.
---
(4.2.8p1-beta4) 2015/01/04 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 1084] PPSAPI for ntpd on Windows with DLL backends
* [Bug 2695] Build problem on Windows (sys/socket.h).
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
* Fix a regression introduced to timepps-Solaris.h as part of:
[Bug 1206] Required compiler changes for Windows
(4.2.5p181) 2009/06/06
---
(4.2.8p1-beta3) 2015/01/02 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
Use mode bit 0 to select public access for units >= 2 (units 0 & 1 are
always private.
* [Bug 2681] Fix display of certificate EOValidity dates on 32-bit systems.
* [Bug 2695] 4.2.8 does not build on Windows.
* [bug 2700] mrulist stopped working in 4.2.8.
* [Bug 2706] libparse/info_trimble.c build dependencies are broken.
* [Bug 2713] variable type/cast, parameter name, general cleanup from NetBSD.
* [Bug 2714] libevent may need to be built independently of any build of sntp.
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
---
(4.2.8p1-beta2) 2014/12/27 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2674] Install sntp in sbin on NetBSD.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL and sntp.
* [Bug 2707] Avoid a C90 extension in libjsmn/jsmn.c.
* [Bug 2709] see if we have a C99 compiler (not yet required).
---
(4.2.8p1-beta1) 2014/12/23 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL.
* [Bug 2697] IN6_IS_ADDR_LOOPBACK build problems on some OSes.
* [Bug 2699] HAVE_SYS_SELECT_H is misspelled in refclock_gpsdjson.c.
---

branches: 1.1.1.2.2; 1.1.1.2.4; 1.1.1.2.6; 1.1.1.2.8; 1.1.1.2.10; 1.1.1.2.12;
Import ntp 4.2.8

branches: 1.1.1.1.4; 1.1.1.1.6; 1.1.1.1.8;
import devel ntpd to avoid amplification attacks.

(4.2.8p15) 2020/06/23 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3661] memory leak with AES128CMAC keys <perlinger@ntp.org>
* [Bug 3670] Regression from bad merge of 3592 and 3596 <perlinger@ntp.org>
- fixed a bad merge that happened before 4.2.8-p14. Thanks to
Sylar Tao for noticing this!
* [Bug 3667] decodenetnum fails with numeric port <perlinger@ntp.org>
- rewrite 'decodenetnum()' in terms of inet_pton
* [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org>
- limit number of receive buffers, with an iron reserve for refclocks
* [Bug 3664] Enable openSSL CMAC support on Windows <burnicki@ntp.org>
* [Bug 3662] Fix build errors on Windows with VS2008 <burnicki@ntp.org>
* [Bug 3660] Manycast orphan mode startup discovery problem. <stenn@ntp.org>
- integrated patch from Charles Claggett
* [Bug 3659] Move definition of psl[] from ntp_config.h to
ntp_config.h <perlinger@ntp.org>
* [Bug 3657] Wrong "Autokey group mismatch" debug message <perlinger@ntp.org>
* [Bug 3655] ntpdc memstats hash counts <perlinger@ntp.org>
- fix by Gerry garvey
* [Bug 3653] Refclock jitter RMS calculation <perlinger@ntp.org>
- thanks to Gerry Garvey
* [Bug 3646] Avoid sync with unsync orphan <perlinger@ntp.org>
- patch by Gerry Garvey
* [Bug 3644] Unsynchronized server [...] selected as candidate <perlinger@ntp.org>
* [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org>
- applied patch by Takao Abe

(4.2.8p14) 2020/03/03 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3610] process_control() should bail earlier on short packets. stenn@
- Reported by Philippe Antoine
* [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org>
- Reported by Miroslav Lichvar
* [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org>
- Reported by Miroslav Lichvar
* [Bug 3637] Emit the version of ntpd in saveconfig. stenn@
* [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org>
* [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org>
* [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@
* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
- implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
- integrated patch by Cy Schubert
* [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@ntp.org>
- integrated patch by Richard Steedman
* [Bug 3615] accelerate refclock startup <perlinger@ntp.org>
* [Bug 3613] Propagate noselect to mobilized pool servers <stenn@ntp.org>
- Reported by Martin Burnicki
* [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
- Reported by Philippe Antoine
* [Bug 3611] NMEA time interpreted incorrectly <perlinger@ntp.org>
- officially document new "trust date" mode bit for NMEA driver
- restore the (previously undocumented) "trust date" feature lost with [bug 3577]
* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
- mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
* [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org>
- removed ffs() and fls() prototypes as per Brian Utterback
* [Bug 3604] Wrong param byte order passing into record_raw_stats() in
ntp_io.c <perlinger@ntp.org>
- fixed byte and paramter order as suggested by wei6410@sina.com
* [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@ntp.org>
* [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
- added padding as suggested by John Paul Adrian Glaubitz
* [Bug 3594] ntpd discards messages coming through nmead <perlinger@ntp.org>
* [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@ntp.org>
* [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@ntp.org>
* [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org>
- stdout+stderr are set to line buffered during test setup now
* [Bug 3583] synchronization error <perlinger@ntp.org>
- set clock to base date if system time is before that limit
* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@ntp.org>
* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
- Reported by Paulo Neves
* [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@ntp.org>
- also updates for refclock_nmea.c and refclock_jupiter.c
* [Bug 3576] New GPS date function API <perlinger@ntp.org>
* [Bug 3573] nptdate: missleading error message <perlinger@ntp.org>
* [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@ntp.org>
* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@ntp.org>
- sidekick: service port resolution in 'ntpdate'
* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@ntp.org>
- applied patch by Douglas Royds
* [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@ntp.org>
* [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
- try to harden 'decodenetnum()' against 'getaddrinfo()' errors
- fix wrong cond-compile tests in unit tests
* [Bug 3517] Reducing build noise <perlinger@ntp.org>
* [Bug 3516] Require tooling from this decade <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@ntp.org>
- partial application of patch by Philipp Prindeville
* [Bug 3491] Signed values of LFP datatypes should always display a sign
- applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
* [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@ntp.org>
- applied (modified) patch by Richard Steedman
* [Bug 3473] RefID of refclocks should always be text format <perlinger@ntp.org>
- applied patch by Gerry Garvey (with minor formatting changes)
* [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network
<perlinger@ntp.org>
* [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user
is specified with -u <perlinger@ntp.org>
- monitor daemon child startup & propagate exit codes
* [Bug 1433] runtime check whether the kernel really supports capabilities
- (modified) patch by Kurt Roeckx <perlinger@ntp.org>
* Clean up sntp/networking.c:sendpkt() error message. <stenn@ntp.org>
* Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org>
* Startup log improvements. <stenn@ntp.org>
* Update the copyright year.
* html/confopt.html: cleanup. <stenn@ntp.org>

---
(4.2.8p13) 2019/03/07 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3565] Crafted null dereference attack in authenticated
mode 6 packet <perlinger@ntp.org>
- reported by Magnus Stubman
* [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org>
- applied patch by Ian Lepore
* [Bug 3558] Crash and integer size bug <perlinger@ntp.org>
- isolate and fix linux/windows specific code issue
* [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org>
- provide better function for incremental string formatting
* [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
- original finding by Gerry Garvey, additional cleanup needed
* [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org>
- patch by Christous Zoulas
* [Bug 3548] Signature not verified on windows system <perlinger@ntp.org>
- finding by Chen Jiabin, plus another one by me
* [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org>
- applied patch by Maciej Szmigiero
* [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org>
- applied patch by Andre Charbonneau
* [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org>
- refactored handling of GPS era based on 'tos basedate' for
parse (TSIP) and JUPITER clocks
* [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org>
- patch by Daniel J. Luke; this does not fix a potential linker
regression issue on MacOS.
* [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
anomaly <perlinger@ntp.org>, reported by GGarvey.
- --enable-bug3527-fix support by HStenn
* [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org>
- added missing check, reported by Reinhard Max <perlinger@ntp.org>
* [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64
- this is a variant of [bug 3558] and should be fixed with it
* Implement --disable-signalled-io

---
(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
- fixed stack buffer overflow in the openhost() command-line call
of NTPQ/NTPDC <perlinger@ntp.org>
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
* [Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
* html/authopt.html: cleanup, from <stenn@ntp.org>
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
* html/authentic.html: cleanup, from <stenn@ntp.org>

branches: 1.1.1.11.2;
---

* [Sec 3454] Unauthenticated packet can reset authenticated interleave
associations. HStenn.
* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn.
* [Sec 3415] Permit blocking authenticated symmetric/passive associations.
Implement ippeerlimit. HStenn, JPerlinger.
* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits
- initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org>
* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org>
* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger.
* [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
- applied patch by Sean Haugh
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
- refactoring the MAC code, too
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- applied patch by ggarvey
* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- applied patch by ggarvey (with minor mods)
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
- fixed several issues with hash algos in ntpd, sntp, ntpq,
ntpdc and the test suites <perlinger@ntp.org>
* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
- initial patch by Daniel Pouzzner
* [Bug 3423] QNX adjtime() implementation error checking is
wrong <perlinger@ntp.org>
* [Bug 3417] ntpq ifstats packet counters can be negative
made IFSTATS counter quantities unsigned <perlinger@ntp.org>
* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
- raised receive buffer size to 1200 <perlinger@ntp.org>
* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
analysis tool. <abe@ntp.org>
* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
- fix/drop assumptions on OpenSSL libs directory layout
* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
- initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
* [Bug 3398] tests fail with core dump <perlinger@ntp.org>
- patch contributed by Alexander Bluhm
* [Bug 3397] ctl_putstr() asserts that data fits in its buffer
rework of formatting & data transfer stuff in 'ntp_control.c'
avoids unecessary buffers and size limitations. <perlinger@ntp.org>
* [Bug 3394] Leap second deletion does not work on ntpd clients
- fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
- increased mimimum stack size to 32kB <perlinger@ntp.org>
* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
- reverted handling of PPS kernel consumer to 4.2.6 behavior
* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
* [Bug 3016] wrong error position reported for bad ":config pool"
- fixed location counter & ntpq output <perlinger@ntp.org>
* [Bug 2900] libntp build order problem. HStenn.
* [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
perlinger@ntp.org
* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
* [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
* Use strlcpy() to copy strings, not memcpy(). HStenn.
* Typos. HStenn.
* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org
* Fix trivial warnings from 'make check'. perlinger@ntp.org
* Fix bug in the override portion of the compiler hardening macro. HStenn.
* record_raw_stats(): Log entire packet. Log writes. HStenn.
* AES-128-CMAC support. BInglis, HStenn, JPerlinger.
* sntp: tweak key file logging. HStenn.
* sntp: pkt_output(): Improve debug output. HStenn.
* update-leap: updates from Paul McMath.
* When using pkg-config, report --modversion. HStenn.
* Clean up libevent configure checks. HStenn.
* sntp: show the IP of who sent us a crypto-NAK. HStenn.
* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
* authistrustedip() - use it in more places. HStenn, JPerlinger.
* New sysstats: sys_lamport, sys_tsrounding. HStenn.
* Update ntp.keys .../N documentation. HStenn.
* Distribute testconf.yml. HStenn.
* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
* Rename the configuration flag fifo variables. HStenn.
* Improve saveconfig output. HStenn.
* Decode restrict flags on receive() debug output. HStenn.
* Decode interface flags on receive() debug output. HStenn.
* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
* Update the documentation in ntp.conf.def . HStenn.
* restrictions() must return restrict flags and ippeerlimit. HStenn.
* Update ntpq peer documentation to describe the 'p' type. HStenn.
* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
* Provide dump_restricts() for debugging. HStenn.
* Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
* Some tests might need LIBM. HStenn.
* update-leap: Allow -h/--help early. HStenn.

branches: 1.1.1.10.4; 1.1.1.10.10;
Import ntp 4.2.8p10

branches: 1.1.1.9.2;
(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3119] Trap crash <perlinger@ntp.org>
* [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org>
- TRAP config via mode 6 packet requires AUTH now.
* [Sec 3114] Broadcast Mode Replay Prevention DoS
- applied patches by Matthew Van Gundy. <perlinger@ntp.org>
- with bcpollbstep, tweaks and cleanup by stenn@ntp.org
* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org>
- applied fix as suggested by Matthew Van Gundy
* [Sec 3110] Windows: ntpd DoS by oversized UDP packet
- fixed error handling for truncated UDP packets. <perlinger@ntp.org>
* [Sec 3102] Zero origin issues. HStenn.
* [Sec 3082] null pointer dereference in _IO_str_init_static_internal()
- more hardening to read_mru_list(). perlinger@ntp.org
* [Sec 3072] Attack on interface selection <perlinger@ntp.org>
- implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion
to skip interface updates based on incoming packets
* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
* [Bug 3129] Unknown hosts can put resolver thread into a hard loop
- moved retry decision where it belongs. <perlinger@ntp.org>
* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
- fixed extended sysvar lookup (bug introduced with bug 3008 fix)
* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
- applied patches by Kurt Roeckx <kurt@roeckx.be> to source
- added shim layer for SSL API calls with issues (both directions)
* [Bug 3089] Serial Parser does not work anymore for hopfser like device
- simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
* [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
- applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
* [Bug 3067] Root distance calculation needs improvement. HStenn.
* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
- PPS-HACK works again.
* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
- applied patch by Brian Utterback <brian.utterback@oracle.com>
* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
* [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
<perlinger@ntp.org>
- patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
- Patch provided by Kuramatsu.
* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
- removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing.
DMayer and JPerlinger.
* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
- fixed GPS week expansion to work based on build date. Special thanks
to Craig Leres for initial patch and testing.
* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd'
- fixed Makefile.am <perlinger@ntp.org>
* [Bug 2689] ATOM driver processes last PPS pulse at startup,
even if it is very old <perlinger@ntp.org>
- make sure PPS source is alive before processing samples
- improve stability close to the 500ms phase jump (phase gate)
* Fix typos in include/ntp.h.
* Shim X509_get_signature_nid() if needed.
* git author attribution cleanup
* bk ignore file cleanup
* remove locks in Windows IO, use rpc-like thread synchronisation instead

branches: 1.1.1.8.2;
Import ntp 4.2.8p8

---
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.

---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.

---

Import ntp 4.2.8p5

Import ntp 4.2.8p4

Import ntp 4.2.8p3

---
(4.2.8p2) 2015/04/07 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p2-RC3) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2763] Fix for different thresholds for forward and backward steps.
---
(4.2.8p2-RC2) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2592] FLAG_TSTAMP_PPS cleanup for refclock_parse.c.
* [Bug 2769] New script: update-leap
* [Bug 2769] cleannup for update-leap
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2794] Clean up kernel clock status reports.
* [Bug 2795] Cannot build without OpenSLL (on Win32).
Provided a Win32 specific wrapper around libevent/arc4random.c.
fixed some minor warnings.
* [Bug 2796] ntp-keygen crashes in 'getclock()' on Win32.
* [Bug 2797] ntp-keygen trapped in endless loop for MD5 keys
on big-endian machines.
* [Bug 2798] sntp should decode and display the leap indicator.
* Simple cleanup to html/build.html
---
(4.2.8p2-RC1) 2015/03/30 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2794] Don't let reports on normal kernel status changes
look like errors.
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2592] Account for PPS sources which can provide an accurate
absolute time stamp, and status information.
Fixed indention and removed trailing whitespace.
* [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003.
* [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument.
* [Bug 2346] "graceful termination" signals do not do peer cleanup.
* [Bug 2728] See if C99-style structure initialization works.
* [Bug 2747] Upgrade libevent to 2.1.5-beta.
* [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
* [Bug 2751] jitter.h has stale copies of l_fp macros.
* [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
* [Bug 2757] Quiet compiler warnings.
* [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
* [Bug 2763] Allow different thresholds for forward and backward steps.
* [Bug 2766] ntp-keygen output files should not be world-readable.
* [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
* [Bug 2771] nonvolatile value is documented in wrong units.
* [Bug 2773] Early leap announcement from Palisade/Thunderbolt
* [Bug 2774] Unreasonably verbose printout - leap pending/warning
* [Bug 2775] ntp-keygen.c fails to compile under Windows.
* [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info.
Removed non-ASCII characters from some copyright comments.
Removed trailing whitespace.
Updated definitions for Meinberg clocks from current Meinberg header files.
Now use C99 fixed-width types and avoid non-ASCII characters in comments.
Account for updated definitions pulled from Meinberg header files.
Updated comments on Meinberg GPS receivers which are not only called GPS16x.
Replaced some constant numbers by defines from ntp_calendar.h
Modified creation of parse-specific variables for Meinberg devices
in gps16x_message().
Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates.
Modified mbg_tm_str() which now expexts an additional parameter controlling
if the time status shall be printed.
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
* [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE.
* [Bug 2789] Quiet compiler warnings from libevent.
* [Bug 2790] If ntpd sets the Windows MM timer highest resolution
pause briefly before measuring system clock precision to yield
correct results.
* Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer.
* Use predefined function types for parse driver functions
used to set up function pointers.
Account for changed prototype of parse_inp_fnc_t functions.
Cast parse conversion results to appropriate types to avoid
compiler warnings.
Let ioctl() for Windows accept a (void *) to avoid compiler warnings
when called with pointers to different types.
---
(4.2.8p1) 2015/02/04 Released by Harlan Stenn <stenn@ntp.org>

* Update the NEWS file.
* [Sec 2671] vallen in extension fields are not validated.
---
(4.2.8p1-RC2) 2015/01/29 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
rework: reverted sense of mode bit (so default reflects previous
behaviour) and updated ducumentation.
* [Bug 2732] - Leap second not handled correctly on Windows 8
use 'GetTickCount()' to get the true elapsed time of slew
(This should work for all versions of Windows >= W2K)
* [Bug 2738] Missing buffer initialization in refclocK_parse.c::parsestate().
* [Bug 2739] Parse driver with PPS enabled occasionally evaluates
PPS timestamp with wrong sign.
Removed some German umlauts.
* [Bug 2740] Removed some obsolete code from the parse driver.
* [Bug 2741] Incorrect buffer check in refclocK_parse.c::parsestatus().
---
(4.2.8p1-RC1) 2015/01/24 Released by Harlan Stenn <stenn@ntp.org>

* Start the RC for 4.2.8p1.
* [Bug 2187] Update version number generation scripts.
* [Bug 2617] Fix sntp Usage documentation section.
* [Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
* [Bug 2736] Show error message if we cannot open the config file.
* Copyright update.
* Fix the package name.
---
(4.2.8p1-beta5) 2015/01/07 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2695] Windows build: __func__ not supported under Windows.
* [Bug 2728] Work around C99-style structure initialization code
for older compilers, specifically Visual Studio prior to VS2013.
---
(4.2.8p1-beta4) 2015/01/04 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 1084] PPSAPI for ntpd on Windows with DLL backends
* [Bug 2695] Build problem on Windows (sys/socket.h).
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
* Fix a regression introduced to timepps-Solaris.h as part of:
[Bug 1206] Required compiler changes for Windows
(4.2.5p181) 2009/06/06
---
(4.2.8p1-beta3) 2015/01/02 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
Use mode bit 0 to select public access for units >= 2 (units 0 & 1 are
always private.
* [Bug 2681] Fix display of certificate EOValidity dates on 32-bit systems.
* [Bug 2695] 4.2.8 does not build on Windows.
* [bug 2700] mrulist stopped working in 4.2.8.
* [Bug 2706] libparse/info_trimble.c build dependencies are broken.
* [Bug 2713] variable type/cast, parameter name, general cleanup from NetBSD.
* [Bug 2714] libevent may need to be built independently of any build of sntp.
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
---
(4.2.8p1-beta2) 2014/12/27 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2674] Install sntp in sbin on NetBSD.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL and sntp.
* [Bug 2707] Avoid a C90 extension in libjsmn/jsmn.c.
* [Bug 2709] see if we have a C99 compiler (not yet required).
---
(4.2.8p1-beta1) 2014/12/23 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL.
* [Bug 2697] IN6_IS_ADDR_LOOPBACK build problems on some OSes.
* [Bug 2699] HAVE_SYS_SELECT_H is misspelled in refclock_gpsdjson.c.
---

branches: 1.1.1.2.2; 1.1.1.2.4; 1.1.1.2.6; 1.1.1.2.8; 1.1.1.2.10; 1.1.1.2.12;
Import ntp 4.2.8

branches: 1.1.1.1.4; 1.1.1.1.6; 1.1.1.1.8;
import devel ntpd to avoid amplification attacks.

(4.2.8p14) 2020/03/03 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3610] process_control() should bail earlier on short packets. stenn@
- Reported by Philippe Antoine
* [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org>
- Reported by Miroslav Lichvar
* [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org>
- Reported by Miroslav Lichvar
* [Bug 3637] Emit the version of ntpd in saveconfig. stenn@
* [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org>
* [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org>
* [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@
* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence
- implement Zeller's congruence in libparse and libntp <perlinger@ntp.org>
* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org>
- integrated patch by Cy Schubert
* [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@ntp.org>
- integrated patch by Richard Steedman
* [Bug 3615] accelerate refclock startup <perlinger@ntp.org>
* [Bug 3613] Propagate noselect to mobilized pool servers <stenn@ntp.org>
- Reported by Martin Burnicki
* [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org>
- Reported by Philippe Antoine
* [Bug 3611] NMEA time interpreted incorrectly <perlinger@ntp.org>
- officially document new "trust date" mode bit for NMEA driver
- restore the (previously undocumented) "trust date" feature lost with [bug 3577]
* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org>
- mostly based on a patch by Michael Haardt, implementing 'fudge minjitter'
* [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org>
- removed ffs() and fls() prototypes as per Brian Utterback
* [Bug 3604] Wrong param byte order passing into record_raw_stats() in
ntp_io.c <perlinger@ntp.org>
- fixed byte and paramter order as suggested by wei6410@sina.com
* [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@ntp.org>
* [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org>
- added padding as suggested by John Paul Adrian Glaubitz
* [Bug 3594] ntpd discards messages coming through nmead <perlinger@ntp.org>
* [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@ntp.org>
* [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@ntp.org>
* [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org>
- stdout+stderr are set to line buffered during test setup now
* [Bug 3583] synchronization error <perlinger@ntp.org>
- set clock to base date if system time is before that limit
* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@ntp.org>
* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org>
- Reported by Paulo Neves
* [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@ntp.org>
- also updates for refclock_nmea.c and refclock_jupiter.c
* [Bug 3576] New GPS date function API <perlinger@ntp.org>
* [Bug 3573] nptdate: missleading error message <perlinger@ntp.org>
* [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@ntp.org>
* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@ntp.org>
- sidekick: service port resolution in 'ntpdate'
* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@ntp.org>
- applied patch by Douglas Royds
* [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@ntp.org>
* [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org>
- try to harden 'decodenetnum()' against 'getaddrinfo()' errors
- fix wrong cond-compile tests in unit tests
* [Bug 3517] Reducing build noise <perlinger@ntp.org>
* [Bug 3516] Require tooling from this decade <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@ntp.org>
- patch by Philipp Prindeville
* [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@ntp.org>
- partial application of patch by Philipp Prindeville
* [Bug 3491] Signed values of LFP datatypes should always display a sign
- applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org>
* [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@ntp.org>
- applied (modified) patch by Richard Steedman
* [Bug 3473] RefID of refclocks should always be text format <perlinger@ntp.org>
- applied patch by Gerry Garvey (with minor formatting changes)
* [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network
<perlinger@ntp.org>
* [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user
is specified with -u <perlinger@ntp.org>
- monitor daemon child startup & propagate exit codes
* [Bug 1433] runtime check whether the kernel really supports capabilities
- (modified) patch by Kurt Roeckx <perlinger@ntp.org>
* Clean up sntp/networking.c:sendpkt() error message. <stenn@ntp.org>
* Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org>
* Startup log improvements. <stenn@ntp.org>
* Update the copyright year.
* html/confopt.html: cleanup. <stenn@ntp.org>

---
(4.2.8p13) 2019/03/07 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3565] Crafted null dereference attack in authenticated
mode 6 packet <perlinger@ntp.org>
- reported by Magnus Stubman
* [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org>
- applied patch by Ian Lepore
* [Bug 3558] Crash and integer size bug <perlinger@ntp.org>
- isolate and fix linux/windows specific code issue
* [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org>
- provide better function for incremental string formatting
* [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org>
- original finding by Gerry Garvey, additional cleanup needed
* [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org>
- patch by Christous Zoulas
* [Bug 3548] Signature not verified on windows system <perlinger@ntp.org>
- finding by Chen Jiabin, plus another one by me
* [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org>
- applied patch by Maciej Szmigiero
* [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org>
- applied patch by Andre Charbonneau
* [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org>
- applied patch by Baruch Siach
* [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org>
- refactored handling of GPS era based on 'tos basedate' for
parse (TSIP) and JUPITER clocks
* [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org>
- patch by Daniel J. Luke; this does not fix a potential linker
regression issue on MacOS.
* [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet
anomaly <perlinger@ntp.org>, reported by GGarvey.
- --enable-bug3527-fix support by HStenn
* [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org>
- added missing check, reported by Reinhard Max <perlinger@ntp.org>
* [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64
- this is a variant of [bug 3558] and should be fixed with it
* Implement --disable-signalled-io

---
(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
- fixed stack buffer overflow in the openhost() command-line call
of NTPQ/NTPDC <perlinger@ntp.org>
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
* [Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
* html/authopt.html: cleanup, from <stenn@ntp.org>
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
* html/authentic.html: cleanup, from <stenn@ntp.org>

branches: 1.1.1.11.2;
---

* [Sec 3454] Unauthenticated packet can reset authenticated interleave
associations. HStenn.
* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn.
* [Sec 3415] Permit blocking authenticated symmetric/passive associations.
Implement ippeerlimit. HStenn, JPerlinger.
* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits
- initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org>
* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org>
* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger.
* [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
- applied patch by Sean Haugh
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
- refactoring the MAC code, too
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- applied patch by ggarvey
* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- applied patch by ggarvey (with minor mods)
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
- fixed several issues with hash algos in ntpd, sntp, ntpq,
ntpdc and the test suites <perlinger@ntp.org>
* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
- initial patch by Daniel Pouzzner
* [Bug 3423] QNX adjtime() implementation error checking is
wrong <perlinger@ntp.org>
* [Bug 3417] ntpq ifstats packet counters can be negative
made IFSTATS counter quantities unsigned <perlinger@ntp.org>
* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
- raised receive buffer size to 1200 <perlinger@ntp.org>
* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
analysis tool. <abe@ntp.org>
* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
- fix/drop assumptions on OpenSSL libs directory layout
* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
- initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
* [Bug 3398] tests fail with core dump <perlinger@ntp.org>
- patch contributed by Alexander Bluhm
* [Bug 3397] ctl_putstr() asserts that data fits in its buffer
rework of formatting & data transfer stuff in 'ntp_control.c'
avoids unecessary buffers and size limitations. <perlinger@ntp.org>
* [Bug 3394] Leap second deletion does not work on ntpd clients
- fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
- increased mimimum stack size to 32kB <perlinger@ntp.org>
* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
- reverted handling of PPS kernel consumer to 4.2.6 behavior
* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
* [Bug 3016] wrong error position reported for bad ":config pool"
- fixed location counter & ntpq output <perlinger@ntp.org>
* [Bug 2900] libntp build order problem. HStenn.
* [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
perlinger@ntp.org
* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
* [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
* Use strlcpy() to copy strings, not memcpy(). HStenn.
* Typos. HStenn.
* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org
* Fix trivial warnings from 'make check'. perlinger@ntp.org
* Fix bug in the override portion of the compiler hardening macro. HStenn.
* record_raw_stats(): Log entire packet. Log writes. HStenn.
* AES-128-CMAC support. BInglis, HStenn, JPerlinger.
* sntp: tweak key file logging. HStenn.
* sntp: pkt_output(): Improve debug output. HStenn.
* update-leap: updates from Paul McMath.
* When using pkg-config, report --modversion. HStenn.
* Clean up libevent configure checks. HStenn.
* sntp: show the IP of who sent us a crypto-NAK. HStenn.
* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
* authistrustedip() - use it in more places. HStenn, JPerlinger.
* New sysstats: sys_lamport, sys_tsrounding. HStenn.
* Update ntp.keys .../N documentation. HStenn.
* Distribute testconf.yml. HStenn.
* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
* Rename the configuration flag fifo variables. HStenn.
* Improve saveconfig output. HStenn.
* Decode restrict flags on receive() debug output. HStenn.
* Decode interface flags on receive() debug output. HStenn.
* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
* Update the documentation in ntp.conf.def . HStenn.
* restrictions() must return restrict flags and ippeerlimit. HStenn.
* Update ntpq peer documentation to describe the 'p' type. HStenn.
* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
* Provide dump_restricts() for debugging. HStenn.
* Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
* Some tests might need LIBM. HStenn.
* update-leap: Allow -h/--help early. HStenn.

branches: 1.1.1.10.4; 1.1.1.10.10;
Import ntp 4.2.8p10

branches: 1.1.1.9.2;
(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3119] Trap crash <perlinger@ntp.org>
* [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org>
- TRAP config via mode 6 packet requires AUTH now.
* [Sec 3114] Broadcast Mode Replay Prevention DoS
- applied patches by Matthew Van Gundy. <perlinger@ntp.org>
- with bcpollbstep, tweaks and cleanup by stenn@ntp.org
* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org>
- applied fix as suggested by Matthew Van Gundy
* [Sec 3110] Windows: ntpd DoS by oversized UDP packet
- fixed error handling for truncated UDP packets. <perlinger@ntp.org>
* [Sec 3102] Zero origin issues. HStenn.
* [Sec 3082] null pointer dereference in _IO_str_init_static_internal()
- more hardening to read_mru_list(). perlinger@ntp.org
* [Sec 3072] Attack on interface selection <perlinger@ntp.org>
- implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion
to skip interface updates based on incoming packets
* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
* [Bug 3129] Unknown hosts can put resolver thread into a hard loop
- moved retry decision where it belongs. <perlinger@ntp.org>
* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
- fixed extended sysvar lookup (bug introduced with bug 3008 fix)
* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
- applied patches by Kurt Roeckx <kurt@roeckx.be> to source
- added shim layer for SSL API calls with issues (both directions)
* [Bug 3089] Serial Parser does not work anymore for hopfser like device
- simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
* [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
- applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
* [Bug 3067] Root distance calculation needs improvement. HStenn.
* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
- PPS-HACK works again.
* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
- applied patch by Brian Utterback <brian.utterback@oracle.com>
* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
* [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
<perlinger@ntp.org>
- patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
- Patch provided by Kuramatsu.
* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
- removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing.
DMayer and JPerlinger.
* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
- fixed GPS week expansion to work based on build date. Special thanks
to Craig Leres for initial patch and testing.
* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd'
- fixed Makefile.am <perlinger@ntp.org>
* [Bug 2689] ATOM driver processes last PPS pulse at startup,
even if it is very old <perlinger@ntp.org>
- make sure PPS source is alive before processing samples
- improve stability close to the 500ms phase jump (phase gate)
* Fix typos in include/ntp.h.
* Shim X509_get_signature_nid() if needed.
* git author attribution cleanup
* bk ignore file cleanup
* remove locks in Windows IO, use rpc-like thread synchronisation instead

branches: 1.1.1.8.2;
Import ntp 4.2.8p8

---
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.

---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.

---

Import ntp 4.2.8p5

Import ntp 4.2.8p4

Import ntp 4.2.8p3

---
(4.2.8p2) 2015/04/07 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p2-RC3) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2763] Fix for different thresholds for forward and backward steps.
---
(4.2.8p2-RC2) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2592] FLAG_TSTAMP_PPS cleanup for refclock_parse.c.
* [Bug 2769] New script: update-leap
* [Bug 2769] cleannup for update-leap
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2794] Clean up kernel clock status reports.
* [Bug 2795] Cannot build without OpenSLL (on Win32).
Provided a Win32 specific wrapper around libevent/arc4random.c.
fixed some minor warnings.
* [Bug 2796] ntp-keygen crashes in 'getclock()' on Win32.
* [Bug 2797] ntp-keygen trapped in endless loop for MD5 keys
on big-endian machines.
* [Bug 2798] sntp should decode and display the leap indicator.
* Simple cleanup to html/build.html
---
(4.2.8p2-RC1) 2015/03/30 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2794] Don't let reports on normal kernel status changes
look like errors.
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2592] Account for PPS sources which can provide an accurate
absolute time stamp, and status information.
Fixed indention and removed trailing whitespace.
* [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003.
* [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument.
* [Bug 2346] "graceful termination" signals do not do peer cleanup.
* [Bug 2728] See if C99-style structure initialization works.
* [Bug 2747] Upgrade libevent to 2.1.5-beta.
* [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
* [Bug 2751] jitter.h has stale copies of l_fp macros.
* [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
* [Bug 2757] Quiet compiler warnings.
* [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
* [Bug 2763] Allow different thresholds for forward and backward steps.
* [Bug 2766] ntp-keygen output files should not be world-readable.
* [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
* [Bug 2771] nonvolatile value is documented in wrong units.
* [Bug 2773] Early leap announcement from Palisade/Thunderbolt
* [Bug 2774] Unreasonably verbose printout - leap pending/warning
* [Bug 2775] ntp-keygen.c fails to compile under Windows.
* [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info.
Removed non-ASCII characters from some copyright comments.
Removed trailing whitespace.
Updated definitions for Meinberg clocks from current Meinberg header files.
Now use C99 fixed-width types and avoid non-ASCII characters in comments.
Account for updated definitions pulled from Meinberg header files.
Updated comments on Meinberg GPS receivers which are not only called GPS16x.
Replaced some constant numbers by defines from ntp_calendar.h
Modified creation of parse-specific variables for Meinberg devices
in gps16x_message().
Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates.
Modified mbg_tm_str() which now expexts an additional parameter controlling
if the time status shall be printed.
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
* [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE.
* [Bug 2789] Quiet compiler warnings from libevent.
* [Bug 2790] If ntpd sets the Windows MM timer highest resolution
pause briefly before measuring system clock precision to yield
correct results.
* Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer.
* Use predefined function types for parse driver functions
used to set up function pointers.
Account for changed prototype of parse_inp_fnc_t functions.
Cast parse conversion results to appropriate types to avoid
compiler warnings.
Let ioctl() for Windows accept a (void *) to avoid compiler warnings
when called with pointers to different types.
---
(4.2.8p1) 2015/02/04 Released by Harlan Stenn <stenn@ntp.org>

* Update the NEWS file.
* [Sec 2671] vallen in extension fields are not validated.
---
(4.2.8p1-RC2) 2015/01/29 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
rework: reverted sense of mode bit (so default reflects previous
behaviour) and updated ducumentation.
* [Bug 2732] - Leap second not handled correctly on Windows 8
use 'GetTickCount()' to get the true elapsed time of slew
(This should work for all versions of Windows >= W2K)
* [Bug 2738] Missing buffer initialization in refclocK_parse.c::parsestate().
* [Bug 2739] Parse driver with PPS enabled occasionally evaluates
PPS timestamp with wrong sign.
Removed some German umlauts.
* [Bug 2740] Removed some obsolete code from the parse driver.
* [Bug 2741] Incorrect buffer check in refclocK_parse.c::parsestatus().
---
(4.2.8p1-RC1) 2015/01/24 Released by Harlan Stenn <stenn@ntp.org>

* Start the RC for 4.2.8p1.
* [Bug 2187] Update version number generation scripts.
* [Bug 2617] Fix sntp Usage documentation section.
* [Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
* [Bug 2736] Show error message if we cannot open the config file.
* Copyright update.
* Fix the package name.
---
(4.2.8p1-beta5) 2015/01/07 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2695] Windows build: __func__ not supported under Windows.
* [Bug 2728] Work around C99-style structure initialization code
for older compilers, specifically Visual Studio prior to VS2013.
---
(4.2.8p1-beta4) 2015/01/04 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 1084] PPSAPI for ntpd on Windows with DLL backends
* [Bug 2695] Build problem on Windows (sys/socket.h).
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
* Fix a regression introduced to timepps-Solaris.h as part of:
[Bug 1206] Required compiler changes for Windows
(4.2.5p181) 2009/06/06
---
(4.2.8p1-beta3) 2015/01/02 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
Use mode bit 0 to select public access for units >= 2 (units 0 & 1 are
always private.
* [Bug 2681] Fix display of certificate EOValidity dates on 32-bit systems.
* [Bug 2695] 4.2.8 does not build on Windows.
* [bug 2700] mrulist stopped working in 4.2.8.
* [Bug 2706] libparse/info_trimble.c build dependencies are broken.
* [Bug 2713] variable type/cast, parameter name, general cleanup from NetBSD.
* [Bug 2714] libevent may need to be built independently of any build of sntp.
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
---
(4.2.8p1-beta2) 2014/12/27 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2674] Install sntp in sbin on NetBSD.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL and sntp.
* [Bug 2707] Avoid a C90 extension in libjsmn/jsmn.c.
* [Bug 2709] see if we have a C99 compiler (not yet required).
---
(4.2.8p1-beta1) 2014/12/23 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL.
* [Bug 2697] IN6_IS_ADDR_LOOPBACK build problems on some OSes.
* [Bug 2699] HAVE_SYS_SELECT_H is misspelled in refclock_gpsdjson.c.
---

branches: 1.1.1.2.2; 1.1.1.2.4; 1.1.1.2.6; 1.1.1.2.8; 1.1.1.2.10; 1.1.1.2.12;
Import ntp 4.2.8

branches: 1.1.1.1.4; 1.1.1.1.6; 1.1.1.1.8;
import devel ntpd to avoid amplification attacks.

---
(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
- fixed stack buffer overflow in the openhost() command-line call
of NTPQ/NTPDC <perlinger@ntp.org>
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
* [Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
* html/authopt.html: cleanup, from <stenn@ntp.org>
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
* html/authentic.html: cleanup, from <stenn@ntp.org>

---

* [Sec 3454] Unauthenticated packet can reset authenticated interleave
associations. HStenn.
* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn.
* [Sec 3415] Permit blocking authenticated symmetric/passive associations.
Implement ippeerlimit. HStenn, JPerlinger.
* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits
- initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org>
* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org>
* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger.
* [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
- applied patch by Sean Haugh
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
- refactoring the MAC code, too
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- applied patch by ggarvey
* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- applied patch by ggarvey (with minor mods)
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
- fixed several issues with hash algos in ntpd, sntp, ntpq,
ntpdc and the test suites <perlinger@ntp.org>
* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
- initial patch by Daniel Pouzzner
* [Bug 3423] QNX adjtime() implementation error checking is
wrong <perlinger@ntp.org>
* [Bug 3417] ntpq ifstats packet counters can be negative
made IFSTATS counter quantities unsigned <perlinger@ntp.org>
* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
- raised receive buffer size to 1200 <perlinger@ntp.org>
* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
analysis tool. <abe@ntp.org>
* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
- fix/drop assumptions on OpenSSL libs directory layout
* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
- initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
* [Bug 3398] tests fail with core dump <perlinger@ntp.org>
- patch contributed by Alexander Bluhm
* [Bug 3397] ctl_putstr() asserts that data fits in its buffer
rework of formatting & data transfer stuff in 'ntp_control.c'
avoids unecessary buffers and size limitations. <perlinger@ntp.org>
* [Bug 3394] Leap second deletion does not work on ntpd clients
- fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
- increased mimimum stack size to 32kB <perlinger@ntp.org>
* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
- reverted handling of PPS kernel consumer to 4.2.6 behavior
* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
* [Bug 3016] wrong error position reported for bad ":config pool"
- fixed location counter & ntpq output <perlinger@ntp.org>
* [Bug 2900] libntp build order problem. HStenn.
* [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
perlinger@ntp.org
* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
* [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
* Use strlcpy() to copy strings, not memcpy(). HStenn.
* Typos. HStenn.
* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org
* Fix trivial warnings from 'make check'. perlinger@ntp.org
* Fix bug in the override portion of the compiler hardening macro. HStenn.
* record_raw_stats(): Log entire packet. Log writes. HStenn.
* AES-128-CMAC support. BInglis, HStenn, JPerlinger.
* sntp: tweak key file logging. HStenn.
* sntp: pkt_output(): Improve debug output. HStenn.
* update-leap: updates from Paul McMath.
* When using pkg-config, report --modversion. HStenn.
* Clean up libevent configure checks. HStenn.
* sntp: show the IP of who sent us a crypto-NAK. HStenn.
* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
* authistrustedip() - use it in more places. HStenn, JPerlinger.
* New sysstats: sys_lamport, sys_tsrounding. HStenn.
* Update ntp.keys .../N documentation. HStenn.
* Distribute testconf.yml. HStenn.
* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
* Rename the configuration flag fifo variables. HStenn.
* Improve saveconfig output. HStenn.
* Decode restrict flags on receive() debug output. HStenn.
* Decode interface flags on receive() debug output. HStenn.
* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
* Update the documentation in ntp.conf.def . HStenn.
* restrictions() must return restrict flags and ippeerlimit. HStenn.
* Update ntpq peer documentation to describe the 'p' type. HStenn.
* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
* Provide dump_restricts() for debugging. HStenn.
* Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
* Some tests might need LIBM. HStenn.
* update-leap: Allow -h/--help early. HStenn.

branches: 1.1.1.10.4; 1.1.1.10.10;
Import ntp 4.2.8p10

branches: 1.1.1.9.2;
(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3119] Trap crash <perlinger@ntp.org>
* [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org>
- TRAP config via mode 6 packet requires AUTH now.
* [Sec 3114] Broadcast Mode Replay Prevention DoS
- applied patches by Matthew Van Gundy. <perlinger@ntp.org>
- with bcpollbstep, tweaks and cleanup by stenn@ntp.org
* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org>
- applied fix as suggested by Matthew Van Gundy
* [Sec 3110] Windows: ntpd DoS by oversized UDP packet
- fixed error handling for truncated UDP packets. <perlinger@ntp.org>
* [Sec 3102] Zero origin issues. HStenn.
* [Sec 3082] null pointer dereference in _IO_str_init_static_internal()
- more hardening to read_mru_list(). perlinger@ntp.org
* [Sec 3072] Attack on interface selection <perlinger@ntp.org>
- implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion
to skip interface updates based on incoming packets
* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
* [Bug 3129] Unknown hosts can put resolver thread into a hard loop
- moved retry decision where it belongs. <perlinger@ntp.org>
* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
- fixed extended sysvar lookup (bug introduced with bug 3008 fix)
* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
- applied patches by Kurt Roeckx <kurt@roeckx.be> to source
- added shim layer for SSL API calls with issues (both directions)
* [Bug 3089] Serial Parser does not work anymore for hopfser like device
- simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
* [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
- applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
* [Bug 3067] Root distance calculation needs improvement. HStenn.
* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
- PPS-HACK works again.
* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
- applied patch by Brian Utterback <brian.utterback@oracle.com>
* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
* [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
<perlinger@ntp.org>
- patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
- Patch provided by Kuramatsu.
* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
- removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing.
DMayer and JPerlinger.
* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
- fixed GPS week expansion to work based on build date. Special thanks
to Craig Leres for initial patch and testing.
* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd'
- fixed Makefile.am <perlinger@ntp.org>
* [Bug 2689] ATOM driver processes last PPS pulse at startup,
even if it is very old <perlinger@ntp.org>
- make sure PPS source is alive before processing samples
- improve stability close to the 500ms phase jump (phase gate)
* Fix typos in include/ntp.h.
* Shim X509_get_signature_nid() if needed.
* git author attribution cleanup
* bk ignore file cleanup
* remove locks in Windows IO, use rpc-like thread synchronisation instead

branches: 1.1.1.8.2;
Import ntp 4.2.8p8

---
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.

---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.

---

Import ntp 4.2.8p5

Import ntp 4.2.8p4

Import ntp 4.2.8p3

---
(4.2.8p2) 2015/04/07 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p2-RC3) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2763] Fix for different thresholds for forward and backward steps.
---
(4.2.8p2-RC2) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2592] FLAG_TSTAMP_PPS cleanup for refclock_parse.c.
* [Bug 2769] New script: update-leap
* [Bug 2769] cleannup for update-leap
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2794] Clean up kernel clock status reports.
* [Bug 2795] Cannot build without OpenSLL (on Win32).
Provided a Win32 specific wrapper around libevent/arc4random.c.
fixed some minor warnings.
* [Bug 2796] ntp-keygen crashes in 'getclock()' on Win32.
* [Bug 2797] ntp-keygen trapped in endless loop for MD5 keys
on big-endian machines.
* [Bug 2798] sntp should decode and display the leap indicator.
* Simple cleanup to html/build.html
---
(4.2.8p2-RC1) 2015/03/30 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2794] Don't let reports on normal kernel status changes
look like errors.
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2592] Account for PPS sources which can provide an accurate
absolute time stamp, and status information.
Fixed indention and removed trailing whitespace.
* [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003.
* [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument.
* [Bug 2346] "graceful termination" signals do not do peer cleanup.
* [Bug 2728] See if C99-style structure initialization works.
* [Bug 2747] Upgrade libevent to 2.1.5-beta.
* [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
* [Bug 2751] jitter.h has stale copies of l_fp macros.
* [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
* [Bug 2757] Quiet compiler warnings.
* [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
* [Bug 2763] Allow different thresholds for forward and backward steps.
* [Bug 2766] ntp-keygen output files should not be world-readable.
* [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
* [Bug 2771] nonvolatile value is documented in wrong units.
* [Bug 2773] Early leap announcement from Palisade/Thunderbolt
* [Bug 2774] Unreasonably verbose printout - leap pending/warning
* [Bug 2775] ntp-keygen.c fails to compile under Windows.
* [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info.
Removed non-ASCII characters from some copyright comments.
Removed trailing whitespace.
Updated definitions for Meinberg clocks from current Meinberg header files.
Now use C99 fixed-width types and avoid non-ASCII characters in comments.
Account for updated definitions pulled from Meinberg header files.
Updated comments on Meinberg GPS receivers which are not only called GPS16x.
Replaced some constant numbers by defines from ntp_calendar.h
Modified creation of parse-specific variables for Meinberg devices
in gps16x_message().
Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates.
Modified mbg_tm_str() which now expexts an additional parameter controlling
if the time status shall be printed.
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
* [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE.
* [Bug 2789] Quiet compiler warnings from libevent.
* [Bug 2790] If ntpd sets the Windows MM timer highest resolution
pause briefly before measuring system clock precision to yield
correct results.
* Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer.
* Use predefined function types for parse driver functions
used to set up function pointers.
Account for changed prototype of parse_inp_fnc_t functions.
Cast parse conversion results to appropriate types to avoid
compiler warnings.
Let ioctl() for Windows accept a (void *) to avoid compiler warnings
when called with pointers to different types.
---
(4.2.8p1) 2015/02/04 Released by Harlan Stenn <stenn@ntp.org>

* Update the NEWS file.
* [Sec 2671] vallen in extension fields are not validated.
---
(4.2.8p1-RC2) 2015/01/29 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
rework: reverted sense of mode bit (so default reflects previous
behaviour) and updated ducumentation.
* [Bug 2732] - Leap second not handled correctly on Windows 8
use 'GetTickCount()' to get the true elapsed time of slew
(This should work for all versions of Windows >= W2K)
* [Bug 2738] Missing buffer initialization in refclocK_parse.c::parsestate().
* [Bug 2739] Parse driver with PPS enabled occasionally evaluates
PPS timestamp with wrong sign.
Removed some German umlauts.
* [Bug 2740] Removed some obsolete code from the parse driver.
* [Bug 2741] Incorrect buffer check in refclocK_parse.c::parsestatus().
---
(4.2.8p1-RC1) 2015/01/24 Released by Harlan Stenn <stenn@ntp.org>

* Start the RC for 4.2.8p1.
* [Bug 2187] Update version number generation scripts.
* [Bug 2617] Fix sntp Usage documentation section.
* [Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
* [Bug 2736] Show error message if we cannot open the config file.
* Copyright update.
* Fix the package name.
---
(4.2.8p1-beta5) 2015/01/07 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2695] Windows build: __func__ not supported under Windows.
* [Bug 2728] Work around C99-style structure initialization code
for older compilers, specifically Visual Studio prior to VS2013.
---
(4.2.8p1-beta4) 2015/01/04 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 1084] PPSAPI for ntpd on Windows with DLL backends
* [Bug 2695] Build problem on Windows (sys/socket.h).
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
* Fix a regression introduced to timepps-Solaris.h as part of:
[Bug 1206] Required compiler changes for Windows
(4.2.5p181) 2009/06/06
---
(4.2.8p1-beta3) 2015/01/02 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
Use mode bit 0 to select public access for units >= 2 (units 0 & 1 are
always private.
* [Bug 2681] Fix display of certificate EOValidity dates on 32-bit systems.
* [Bug 2695] 4.2.8 does not build on Windows.
* [bug 2700] mrulist stopped working in 4.2.8.
* [Bug 2706] libparse/info_trimble.c build dependencies are broken.
* [Bug 2713] variable type/cast, parameter name, general cleanup from NetBSD.
* [Bug 2714] libevent may need to be built independently of any build of sntp.
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
---
(4.2.8p1-beta2) 2014/12/27 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2674] Install sntp in sbin on NetBSD.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL and sntp.
* [Bug 2707] Avoid a C90 extension in libjsmn/jsmn.c.
* [Bug 2709] see if we have a C99 compiler (not yet required).
---
(4.2.8p1-beta1) 2014/12/23 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL.
* [Bug 2697] IN6_IS_ADDR_LOOPBACK build problems on some OSes.
* [Bug 2699] HAVE_SYS_SELECT_H is misspelled in refclock_gpsdjson.c.
---

branches: 1.1.1.2.2; 1.1.1.2.4; 1.1.1.2.6; 1.1.1.2.8; 1.1.1.2.10; 1.1.1.2.12;
Import ntp 4.2.8

branches: 1.1.1.1.4; 1.1.1.1.6; 1.1.1.1.8;
import devel ntpd to avoid amplification attacks.

Import ntp 4.2.8p10

branches: 1.1.1.9.2;
(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3119] Trap crash <perlinger@ntp.org>
* [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org>
- TRAP config via mode 6 packet requires AUTH now.
* [Sec 3114] Broadcast Mode Replay Prevention DoS
- applied patches by Matthew Van Gundy. <perlinger@ntp.org>
- with bcpollbstep, tweaks and cleanup by stenn@ntp.org
* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org>
- applied fix as suggested by Matthew Van Gundy
* [Sec 3110] Windows: ntpd DoS by oversized UDP packet
- fixed error handling for truncated UDP packets. <perlinger@ntp.org>
* [Sec 3102] Zero origin issues. HStenn.
* [Sec 3082] null pointer dereference in _IO_str_init_static_internal()
- more hardening to read_mru_list(). perlinger@ntp.org
* [Sec 3072] Attack on interface selection <perlinger@ntp.org>
- implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion
to skip interface updates based on incoming packets
* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
* [Bug 3129] Unknown hosts can put resolver thread into a hard loop
- moved retry decision where it belongs. <perlinger@ntp.org>
* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
- fixed extended sysvar lookup (bug introduced with bug 3008 fix)
* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
- applied patches by Kurt Roeckx <kurt@roeckx.be> to source
- added shim layer for SSL API calls with issues (both directions)
* [Bug 3089] Serial Parser does not work anymore for hopfser like device
- simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
* [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
- applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
* [Bug 3067] Root distance calculation needs improvement. HStenn.
* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
- PPS-HACK works again.
* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
- applied patch by Brian Utterback <brian.utterback@oracle.com>
* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
* [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
<perlinger@ntp.org>
- patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
- Patch provided by Kuramatsu.
* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
- removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing.
DMayer and JPerlinger.
* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
- fixed GPS week expansion to work based on build date. Special thanks
to Craig Leres for initial patch and testing.
* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd'
- fixed Makefile.am <perlinger@ntp.org>
* [Bug 2689] ATOM driver processes last PPS pulse at startup,
even if it is very old <perlinger@ntp.org>
- make sure PPS source is alive before processing samples
- improve stability close to the 500ms phase jump (phase gate)
* Fix typos in include/ntp.h.
* Shim X509_get_signature_nid() if needed.
* git author attribution cleanup
* bk ignore file cleanup
* remove locks in Windows IO, use rpc-like thread synchronisation instead

branches: 1.1.1.8.2;
Import ntp 4.2.8p8

---
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.

---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.

---

Import ntp 4.2.8p5

Import ntp 4.2.8p4

Import ntp 4.2.8p3

---
(4.2.8p2) 2015/04/07 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p2-RC3) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2763] Fix for different thresholds for forward and backward steps.
---
(4.2.8p2-RC2) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2592] FLAG_TSTAMP_PPS cleanup for refclock_parse.c.
* [Bug 2769] New script: update-leap
* [Bug 2769] cleannup for update-leap
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2794] Clean up kernel clock status reports.
* [Bug 2795] Cannot build without OpenSLL (on Win32).
Provided a Win32 specific wrapper around libevent/arc4random.c.
fixed some minor warnings.
* [Bug 2796] ntp-keygen crashes in 'getclock()' on Win32.
* [Bug 2797] ntp-keygen trapped in endless loop for MD5 keys
on big-endian machines.
* [Bug 2798] sntp should decode and display the leap indicator.
* Simple cleanup to html/build.html
---
(4.2.8p2-RC1) 2015/03/30 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2794] Don't let reports on normal kernel status changes
look like errors.
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2592] Account for PPS sources which can provide an accurate
absolute time stamp, and status information.
Fixed indention and removed trailing whitespace.
* [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003.
* [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument.
* [Bug 2346] "graceful termination" signals do not do peer cleanup.
* [Bug 2728] See if C99-style structure initialization works.
* [Bug 2747] Upgrade libevent to 2.1.5-beta.
* [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
* [Bug 2751] jitter.h has stale copies of l_fp macros.
* [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
* [Bug 2757] Quiet compiler warnings.
* [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
* [Bug 2763] Allow different thresholds for forward and backward steps.
* [Bug 2766] ntp-keygen output files should not be world-readable.
* [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
* [Bug 2771] nonvolatile value is documented in wrong units.
* [Bug 2773] Early leap announcement from Palisade/Thunderbolt
* [Bug 2774] Unreasonably verbose printout - leap pending/warning
* [Bug 2775] ntp-keygen.c fails to compile under Windows.
* [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info.
Removed non-ASCII characters from some copyright comments.
Removed trailing whitespace.
Updated definitions for Meinberg clocks from current Meinberg header files.
Now use C99 fixed-width types and avoid non-ASCII characters in comments.
Account for updated definitions pulled from Meinberg header files.
Updated comments on Meinberg GPS receivers which are not only called GPS16x.
Replaced some constant numbers by defines from ntp_calendar.h
Modified creation of parse-specific variables for Meinberg devices
in gps16x_message().
Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates.
Modified mbg_tm_str() which now expexts an additional parameter controlling
if the time status shall be printed.
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
* [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE.
* [Bug 2789] Quiet compiler warnings from libevent.
* [Bug 2790] If ntpd sets the Windows MM timer highest resolution
pause briefly before measuring system clock precision to yield
correct results.
* Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer.
* Use predefined function types for parse driver functions
used to set up function pointers.
Account for changed prototype of parse_inp_fnc_t functions.
Cast parse conversion results to appropriate types to avoid
compiler warnings.
Let ioctl() for Windows accept a (void *) to avoid compiler warnings
when called with pointers to different types.
---
(4.2.8p1) 2015/02/04 Released by Harlan Stenn <stenn@ntp.org>

* Update the NEWS file.
* [Sec 2671] vallen in extension fields are not validated.
---
(4.2.8p1-RC2) 2015/01/29 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
rework: reverted sense of mode bit (so default reflects previous
behaviour) and updated ducumentation.
* [Bug 2732] - Leap second not handled correctly on Windows 8
use 'GetTickCount()' to get the true elapsed time of slew
(This should work for all versions of Windows >= W2K)
* [Bug 2738] Missing buffer initialization in refclocK_parse.c::parsestate().
* [Bug 2739] Parse driver with PPS enabled occasionally evaluates
PPS timestamp with wrong sign.
Removed some German umlauts.
* [Bug 2740] Removed some obsolete code from the parse driver.
* [Bug 2741] Incorrect buffer check in refclocK_parse.c::parsestatus().
---
(4.2.8p1-RC1) 2015/01/24 Released by Harlan Stenn <stenn@ntp.org>

* Start the RC for 4.2.8p1.
* [Bug 2187] Update version number generation scripts.
* [Bug 2617] Fix sntp Usage documentation section.
* [Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
* [Bug 2736] Show error message if we cannot open the config file.
* Copyright update.
* Fix the package name.
---
(4.2.8p1-beta5) 2015/01/07 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2695] Windows build: __func__ not supported under Windows.
* [Bug 2728] Work around C99-style structure initialization code
for older compilers, specifically Visual Studio prior to VS2013.
---
(4.2.8p1-beta4) 2015/01/04 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 1084] PPSAPI for ntpd on Windows with DLL backends
* [Bug 2695] Build problem on Windows (sys/socket.h).
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
* Fix a regression introduced to timepps-Solaris.h as part of:
[Bug 1206] Required compiler changes for Windows
(4.2.5p181) 2009/06/06
---
(4.2.8p1-beta3) 2015/01/02 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
Use mode bit 0 to select public access for units >= 2 (units 0 & 1 are
always private.
* [Bug 2681] Fix display of certificate EOValidity dates on 32-bit systems.
* [Bug 2695] 4.2.8 does not build on Windows.
* [bug 2700] mrulist stopped working in 4.2.8.
* [Bug 2706] libparse/info_trimble.c build dependencies are broken.
* [Bug 2713] variable type/cast, parameter name, general cleanup from NetBSD.
* [Bug 2714] libevent may need to be built independently of any build of sntp.
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
---
(4.2.8p1-beta2) 2014/12/27 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2674] Install sntp in sbin on NetBSD.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL and sntp.
* [Bug 2707] Avoid a C90 extension in libjsmn/jsmn.c.
* [Bug 2709] see if we have a C99 compiler (not yet required).
---
(4.2.8p1-beta1) 2014/12/23 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL.
* [Bug 2697] IN6_IS_ADDR_LOOPBACK build problems on some OSes.
* [Bug 2699] HAVE_SYS_SELECT_H is misspelled in refclock_gpsdjson.c.
---

branches: 1.1.1.2.2; 1.1.1.2.4; 1.1.1.2.6; 1.1.1.2.8; 1.1.1.2.10; 1.1.1.2.12;
Import ntp 4.2.8

branches: 1.1.1.1.4; 1.1.1.1.6; 1.1.1.1.8;
import devel ntpd to avoid amplification attacks.

(4.2.8p9) 2016/11/21 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 3119] Trap crash <perlinger@ntp.org>
* [Sec 3118] Mode 6 information disclosure and DDoS vector <perlinger@ntp.org>
- TRAP config via mode 6 packet requires AUTH now.
* [Sec 3114] Broadcast Mode Replay Prevention DoS
- applied patches by Matthew Van Gundy. <perlinger@ntp.org>
- with bcpollbstep, tweaks and cleanup by stenn@ntp.org
* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS <perlinger@ntp.org>
- applied fix as suggested by Matthew Van Gundy
* [Sec 3110] Windows: ntpd DoS by oversized UDP packet
- fixed error handling for truncated UDP packets. <perlinger@ntp.org>
* [Sec 3102] Zero origin issues. HStenn.
* [Sec 3082] null pointer dereference in _IO_str_init_static_internal()
- more hardening to read_mru_list(). perlinger@ntp.org
* [Sec 3072] Attack on interface selection <perlinger@ntp.org>
- implemented Miroslav Lichvars <mlichvar@redhat.com> suggestion
to skip interface updates based on incoming packets
* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org>
* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org
* [Bug 3129] Unknown hosts can put resolver thread into a hard loop
- moved retry decision where it belongs. <perlinger@ntp.org>
* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order
using the loopback-ppsapi-provider.dll <perlinger@ntp.org>
* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org>
* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org>
- fixed extended sysvar lookup (bug introduced with bug 3008 fix)
* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org>
- applied patches by Kurt Roeckx <kurt@roeckx.be> to source
- added shim layer for SSL API calls with issues (both directions)
* [Bug 3089] Serial Parser does not work anymore for hopfser like device
- simplified / refactored hex-decoding in driver. <perlinger@ntp.org>
* [Bug 3084] update-leap mis-parses the leapfile name. HStenn.
* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org
- applied patch thanks to Andrew Stormont <andyjstormont@gmail.com>
* [Bug 3067] Root distance calculation needs improvement. HStenn.
* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org
- PPS-HACK works again.
* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org>
- applied patch by Brian Utterback <brian.utterback@oracle.com>
* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White.
* [Bug 3050] Fix for bug #2960 causes [...] spurious error message.
<perlinger@ntp.org>
- patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no>
* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org
- Patch provided by Kuramatsu.
* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org>
- removed unnecessary & harmful decls of 'setUp()' & 'tearDown()'
* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing.
DMayer and JPerlinger.
* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger
* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn.
* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org>
- fixed GPS week expansion to work based on build date. Special thanks
to Craig Leres for initial patch and testing.
* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd'
- fixed Makefile.am <perlinger@ntp.org>
* [Bug 2689] ATOM driver processes last PPS pulse at startup,
even if it is very old <perlinger@ntp.org>
- make sure PPS source is alive before processing samples
- improve stability close to the 500ms phase jump (phase gate)
* Fix typos in include/ntp.h.
* Shim X509_get_signature_nid() if needed.
* git author attribution cleanup
* bk ignore file cleanup
* remove locks in Windows IO, use rpc-like thread synchronisation instead

Import ntp 4.2.8p8

---
(4.2.8p7) 2016/04/26 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2901] KoD packets must have non-zero transmit timestamps. HStenn.
* [Sec 2936] Skeleton Key: Any system knowing the trusted key can serve
time. Include passive servers in this check. HStenn.
* [Sec 2945] Additional KoD packet checks. HStenn.
* [Sec 2978] Interleave can be partially triggered. HStenn.
* [Sec 3007] Validate crypto-NAKs. Danny Mayer.
* [Sec 3008] Always check the return value of ctl_getitem().
- initial work by HStenn
- Additional cleanup of ctl_getitem by perlinger@ntp.org
* [Sec 3009] Crafted addpeer with hmode > 7 causes OOB error. perlinger@ntp.org
- added more stringent checks on packet content
* [Sec 3010] remote configuration trustedkey/requestkey values
are not properly validated. perlinger@ntp.org
- sidekick: Ignore keys that have an unsupported MAC algorithm
but are otherwise well-formed
* [Sec 3011] Duplicate IPs on unconfig directives will cause an assertion botch
- graciously accept the same IP multiple times. perlinger@ntp.org
* [Sec 3020] Refclock impersonation. HStenn.
* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org
- fixed yet another race condition in the threaded resolver code.
* [Bug 2858] bool support. Use stdbool.h when available. HStenn.
* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org
- integrated patches by Loganaden Velvidron <logan@ntp.org>
with some modifications & unit tests
* [Bug 2952] Symmetric active/passive mode is broken. HStenn.
* [Bug 2960] async name resolution fixes for chroot() environments.
Reinhard Max.
* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org
* [Bug 2995] Fixes to compile on Windows
* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org
* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org
- Patch provided by Ch. Weisgerber
* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character"
- A change related to [Bug 2853] forbids trailing white space in
remote config commands. perlinger@ntp.org
* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE
- report and patch from Aleksandr Kostikov.
- Overhaul of Windows IO completion port handling. perlinger@ntp.org
* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org
- fixed memory leak in access list (auth[read]keys.c)
- refactored handling of key access lists (auth[read]keys.c)
- reduced number of error branches (authreadkeys.c)
* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org
* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn.
* [Bug 3031] ntp broadcastclient unable to synchronize to an server
when the time of server changed. perlinger@ntp.org
- Check the initial delay calculation and reject/unpeer the broadcast
server if the delay exceeds 50ms. Retry again after the next
broadcast packet.
* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn.
* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn.
* Update html/xleave.html documentation. Harlan Stenn.
* Update ntp.conf documentation. Harlan Stenn.
* Fix some Credit: attributions in the NEWS file. Harlan Stenn.
* Fix typo in html/monopt.html. Harlan Stenn.
* Add README.pullrequests. Harlan Stenn.
* Cleanup to include/ntp.h. Harlan Stenn.

---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.

---

Import ntp 4.2.8p5

Import ntp 4.2.8p4

Import ntp 4.2.8p3

---
(4.2.8p2) 2015/04/07 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p2-RC3) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2763] Fix for different thresholds for forward and backward steps.
---
(4.2.8p2-RC2) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2592] FLAG_TSTAMP_PPS cleanup for refclock_parse.c.
* [Bug 2769] New script: update-leap
* [Bug 2769] cleannup for update-leap
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2794] Clean up kernel clock status reports.
* [Bug 2795] Cannot build without OpenSLL (on Win32).
Provided a Win32 specific wrapper around libevent/arc4random.c.
fixed some minor warnings.
* [Bug 2796] ntp-keygen crashes in 'getclock()' on Win32.
* [Bug 2797] ntp-keygen trapped in endless loop for MD5 keys
on big-endian machines.
* [Bug 2798] sntp should decode and display the leap indicator.
* Simple cleanup to html/build.html
---
(4.2.8p2-RC1) 2015/03/30 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2794] Don't let reports on normal kernel status changes
look like errors.
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2592] Account for PPS sources which can provide an accurate
absolute time stamp, and status information.
Fixed indention and removed trailing whitespace.
* [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003.
* [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument.
* [Bug 2346] "graceful termination" signals do not do peer cleanup.
* [Bug 2728] See if C99-style structure initialization works.
* [Bug 2747] Upgrade libevent to 2.1.5-beta.
* [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
* [Bug 2751] jitter.h has stale copies of l_fp macros.
* [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
* [Bug 2757] Quiet compiler warnings.
* [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
* [Bug 2763] Allow different thresholds for forward and backward steps.
* [Bug 2766] ntp-keygen output files should not be world-readable.
* [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
* [Bug 2771] nonvolatile value is documented in wrong units.
* [Bug 2773] Early leap announcement from Palisade/Thunderbolt
* [Bug 2774] Unreasonably verbose printout - leap pending/warning
* [Bug 2775] ntp-keygen.c fails to compile under Windows.
* [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info.
Removed non-ASCII characters from some copyright comments.
Removed trailing whitespace.
Updated definitions for Meinberg clocks from current Meinberg header files.
Now use C99 fixed-width types and avoid non-ASCII characters in comments.
Account for updated definitions pulled from Meinberg header files.
Updated comments on Meinberg GPS receivers which are not only called GPS16x.
Replaced some constant numbers by defines from ntp_calendar.h
Modified creation of parse-specific variables for Meinberg devices
in gps16x_message().
Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates.
Modified mbg_tm_str() which now expexts an additional parameter controlling
if the time status shall be printed.
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
* [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE.
* [Bug 2789] Quiet compiler warnings from libevent.
* [Bug 2790] If ntpd sets the Windows MM timer highest resolution
pause briefly before measuring system clock precision to yield
correct results.
* Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer.
* Use predefined function types for parse driver functions
used to set up function pointers.
Account for changed prototype of parse_inp_fnc_t functions.
Cast parse conversion results to appropriate types to avoid
compiler warnings.
Let ioctl() for Windows accept a (void *) to avoid compiler warnings
when called with pointers to different types.
---
(4.2.8p1) 2015/02/04 Released by Harlan Stenn <stenn@ntp.org>

* Update the NEWS file.
* [Sec 2671] vallen in extension fields are not validated.
---
(4.2.8p1-RC2) 2015/01/29 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
rework: reverted sense of mode bit (so default reflects previous
behaviour) and updated ducumentation.
* [Bug 2732] - Leap second not handled correctly on Windows 8
use 'GetTickCount()' to get the true elapsed time of slew
(This should work for all versions of Windows >= W2K)
* [Bug 2738] Missing buffer initialization in refclocK_parse.c::parsestate().
* [Bug 2739] Parse driver with PPS enabled occasionally evaluates
PPS timestamp with wrong sign.
Removed some German umlauts.
* [Bug 2740] Removed some obsolete code from the parse driver.
* [Bug 2741] Incorrect buffer check in refclocK_parse.c::parsestatus().
---
(4.2.8p1-RC1) 2015/01/24 Released by Harlan Stenn <stenn@ntp.org>

* Start the RC for 4.2.8p1.
* [Bug 2187] Update version number generation scripts.
* [Bug 2617] Fix sntp Usage documentation section.
* [Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
* [Bug 2736] Show error message if we cannot open the config file.
* Copyright update.
* Fix the package name.
---
(4.2.8p1-beta5) 2015/01/07 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2695] Windows build: __func__ not supported under Windows.
* [Bug 2728] Work around C99-style structure initialization code
for older compilers, specifically Visual Studio prior to VS2013.
---
(4.2.8p1-beta4) 2015/01/04 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 1084] PPSAPI for ntpd on Windows with DLL backends
* [Bug 2695] Build problem on Windows (sys/socket.h).
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
* Fix a regression introduced to timepps-Solaris.h as part of:
[Bug 1206] Required compiler changes for Windows
(4.2.5p181) 2009/06/06
---
(4.2.8p1-beta3) 2015/01/02 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2627] shm refclock allows only two units with owner-only access
Use mode bit 0 to select public access for units >= 2 (units 0 & 1 are
always private.
* [Bug 2681] Fix display of certificate EOValidity dates on 32-bit systems.
* [Bug 2695] 4.2.8 does not build on Windows.
* [bug 2700] mrulist stopped working in 4.2.8.
* [Bug 2706] libparse/info_trimble.c build dependencies are broken.
* [Bug 2713] variable type/cast, parameter name, general cleanup from NetBSD.
* [Bug 2714] libevent may need to be built independently of any build of sntp.
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
---
(4.2.8p1-beta2) 2014/12/27 Released by Harlan Stenn <stenn@ntp.org>

* [Bug 2674] Install sntp in sbin on NetBSD.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL and sntp.
* [Bug 2707] Avoid a C90 extension in libjsmn/jsmn.c.
* [Bug 2709] see if we have a C99 compiler (not yet required).
---
(4.2.8p1-beta1) 2014/12/23 Released by Harlan Stenn <stenn@ntp.org>

* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL.
* [Bug 2697] IN6_IS_ADDR_LOOPBACK build problems on some OSes.
* [Bug 2699] HAVE_SYS_SELECT_H is misspelled in refclock_gpsdjson.c.
---

branches: 1.1.1.2.2; 1.1.1.2.4; 1.1.1.2.6; 1.1.1.2.8; 1.1.1.2.10; 1.1.1.2.12;
Import ntp 4.2.8

branches: 1.1.1.1.4; 1.1.1.1.6; 1.1.1.1.8;
import devel ntpd to avoid amplification attacks.