(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
- fixed stack buffer overflow in the openhost() command-line call
of NTPQ/NTPDC <perlinger@ntp.org>
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
other TrustedBSD platforms
- applied patch by Ian Lepore <perlinger@ntp.org>
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
- changed interaction with SCM to signal pending startup
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
- rework of ntpq 'nextvar()' key/value parsing
* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods)
* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
- add #define ENABLE_CMAC support in configure. HStenn.
* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
- patch by Stephen Friedl
* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
- initial patch by Hal Murray; also fixed refclock_report() trouble
* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
- applied patch by Gerry Garvey
* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
with modifications
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
- applied patch by Miroslav Lichvar
* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
- integrated patch by Reinhard Max
* [Bug 2821] minor build issues <perlinger@ntp.org>
- applied patches by Christos Zoulas, including real bug fixes
* html/authopt.html: cleanup, from <stenn@ntp.org>
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
* html/authentic.html: cleanup, from <stenn@ntp.org>
commit 1bd0e85c3ce7f6946f5cd4e18e7b45d50767412f
Author: popcornmix <popcornmix@gmail.com>
Date: Mon Sep 17 14:39:10 2018 +0100
Tested by Jun Ebihara as discussed on port-arm
--
redo mknative-gcc for all ports. main changes include:
- "#define HAVE_CC_TLS 1" for most/all ports, thanks maya@
- "#define _GLIBCXX_HAVE_LDEXPL 1" and "#define _GLIBCXX_HAVE_TGMATH_H 1"
for many ports
- arm64 and amd64 had a broken c++config.h that disabled many things
- configargs.h has more normalisation
- ppc64 has a few things fixed, must have missed several mknative rounds
--
regen to pull out INTERNAL_CFLAGS.
--
pull -DHAVE_CC_TLS out of $(INTERNAL_CFLAGS) if it is there, and add
it to CPPFLAGS.
this fixes PR#53567 for me.
- "#define HAVE_CC_TLS 1" for most/all ports, thanks maya@
- "#define _GLIBCXX_HAVE_LDEXPL 1" and "#define _GLIBCXX_HAVE_TGMATH_H 1"
for many ports
- arm64 and amd64 had a broken c++config.h that disabled many things
- configargs.h has more normalisation
- ppc64 has a few things fixed, must have missed several mknative rounds
Changes from version 4.0.0 to version 4.0.1:
- Bug fixes (see ChangeLog file), in particular in mpfr_div_ui, which
could yield an incorrectly rounded result to nearest when using
different precisions; this bug had been present since the introduction
of mpfr_div_ui, and in MPFR 4.0.0, it was affecting mpfr_div too.
Changes from versions 3.1.* to version 4.0.0:
- Partial support of MPFR_RNDF (faithful rounding).
- New functions: mpfr_fpif_export and mpfr_fpif_import to export and import
numbers in a floating-point interchange format, independent both on the
number of bits per word and on the endianness.
- New function mpfr_fmodquo to return the low bits of the quotient
corresponding to mpfr_fmod.
- New functions mpfr_flags_clear, mpfr_flags_set, mpfr_flags_test,
mpfr_flags_save and mpfr_flags_restore to operate on groups of flags.
- New functions mpfr_set_float128 and mpfr_get_float128 to convert from/to
the __float128 type (requires --enable-float128 and compiler support).
- New functions mpfr_buildopt_float128_p and mpfr_buildopt_sharedcache_p.
- New functions mpfr_rint_roundeven and mpfr_roundeven, completing the
other similar round-to-integer functions for rounding to nearest with
the even-rounding rule.
- New macro mpfr_round_nearest_away to add partial emulation of the
rounding to nearest-away (as defined in IEEE 754-2008).
- New functions mpfr_nrandom and mpfr_erandom to generate random numbers
following normal and exponential distributions respectively.
- New functions mpfr_fmma and mpfr_fmms to compute a*b+c*d and a*b-c*d.
- New function mpfr_rootn_ui, similar to mpfr_root, but agreeing with the
rootn function of the IEEE 754-2008 standard.
- New functions mpfr_log_ui to compute the logarithm of an integer,
mpfr_gamma_inc for the incomplete Gamma function.
- New function mpfr_beta for the Beta function (incomplete, experimental).
- New function mpfr_get_q to convert a floating-point number into rational.
- Dropped K&R C compatibility.
- Major speedup in mpfr_add, mpfr_sub, mpfr_mul, mpfr_div and mpfr_sqrt when
all operands have the same precision and this precision is less than twice
the number of bits per word, e.g., less than 128 on a 64-bit computer.
- Speedup by a factor of almost 2 in the double <--> mpfr conversions
(mpfr_set_d and mpfr_get_d).
- Speedup in mpfr_log1p and mpfr_atanh for small arguments.
- Speedup in the mpfr_const_euler function (contributed by Fredrik Johansson),
in the computation of Bernoulli numbers (used in mpfr_gamma, mpfr_li2,
mpfr_digamma, mpfr_lngamma and mpfr_lgamma), in mpfr_div, in mpfr_fma
and mpfr_fms.
These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.
HOWEVER! Some subsystems have
#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))
even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.
To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.
I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:
cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))
It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.
Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
Sunday, June 24, 2018, by mcr@sandelman.ca
Summary for 1.9.0 libpcap release
Added testing system to libpcap, independent of tcpdump
Changes to how pcap_t is activated
Adding support for Large stream buffers on Endace DAG cards
Changes to BSD 3-clause license to 2-clause licence
Additions to TCP header parsing, per RFC3168
Add CMake build process (extensive number of changes)
Assign a value for OpenBSD DLT_OPENFLOW.
Support setting non-blocking mode before activating.
Extensive build support for Windows VS2010 and MINGW (many many changes, over many months)
Added RPCAPD support when --enable-remote (default no)
Add the rpcap daemon source and build instructions.
Put back the greasy "save the capture filter string so we can tweak it"
hack, that keeps libpcap from capturing rpcap traffic.
Fixes for captures on MacOS, utun0
fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses.
Add a linktype for IBM SDLC frames containing SNA PDUs.
pcap_compile() in 1.8.0 and later is newly thread-safe.
bound snaplen for linux tpacket_v2 to ~64k
Make VLAN filter handle both metadata and inline tags
D-Bus captures can now be up to 128MB in size
Added LORATAP DLT value
Added DLT_VSOCK for http://qemu-project.org/Features/VirtioVsock
probe_devices() fixes not to overrun buffer for name of device
Add linux-specific pcap_set_protocol_linux() to allow specifying a specific capture protocol.
RDMA sniffing support for pcap
Add Nordic Semiconductor Bluetooth LE sniffer link-layer header type.
fixes for reading /etc/ethers
Make it possible to build on Windows without packet.dll.
Add tests for large file support on UN*X.
Solaris fixes to work with 2.8.6
configuration test now looks for header files, not capture devices present
Fix to work with Berkeley YACC.
fixes for DragonBSD compilation of pcap-netmap.c
Clean up the ether_hostton() stuff.
Add an option to disable Linux memory-mapped capture support.
Add DAG API support checks.
Add Septel, Myricom SNF, and Riverbed TurboCap checks.
Add checks for Linux USB, Linux Bluetooth, D-Bus, and RDMA sniffing support.
Add a check for hardware time stamping on Linux.
Don't bother supporting pre-2005 Visual Studio.
Increased minimum autoconf version requirement to 2.64
Add DLT value 273 for XRA-31 sniffer
Clean up handing of signal interrupts in pcap_read_nocb_remote().
Use the XPG 4.2 versions of the networking APIs in Solaris.
Fix, and better explain, the "IPv6 means IPv6, not IPv4" option setting.
Explicitly warn that negative packet buffer timeouts should not be used.
rpcapd: Add support inetd-likes, including xinetd.conf, and systemd units
Rename DLT_IEEE802_15_4 to DLT_IEEE802_15_4_WITHFCS.
Add DISPLAYPORT AUX link type
Remove the sunos4 kernel modules and all references to them.
Add more interface flags to pcap_findalldevs().
Summary for 1.9.0 libpcap release (to 2017-01-25 by guy@alum.mit.edu)
Man page improvements
Fix Linux cooked mode userspace filtering (GitHub pull request #429)
Fix compilation if IPv6 support not enabled
Fix some Linux memory-mapped capture buffer size issues
Don't fail if kernel filter can't be set on Linux (GitHub issue
#549)
Improve sorting of interfaces for pcap_findalldevs()
Don't list Linux usbmon devices if usbmon module isn't loaded
Report PCAP_ERROR_PERM_DENIED if no permission to open Linux usbmon
devices
Fix DLT_ type for Solaris IPNET devices
Always return an error message for errors finding DAG or Myricom
devices
If possible, don't require that a device be openable when
enumerating them for pcap_findalldevs()
Don't put incompletely-initialized addresses in the address list for
When finding Myricom devices, update description for regular
interfaces that are Myricom devices and handle SNF_FLAGS=0x2(port
aggregation enabled)
Fix compilation error in DAG support
Fix issues with CMake configuration
Add support for stream buffers larger than 2GB on newer DAG cards
Remove support for building against DAG versions without STREAMS
support (before dag-3.0.0 2007)
