(4.2.8p2) 2015/04/07 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p2-RC3) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 2763] Fix for different thresholds for forward and backward steps.
---
(4.2.8p2-RC2) 2015/04/03 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 2592] FLAG_TSTAMP_PPS cleanup for refclock_parse.c.
* [Bug 2769] New script: update-leap
* [Bug 2769] cleannup for update-leap
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2794] Clean up kernel clock status reports.
* [Bug 2795] Cannot build without OpenSLL (on Win32).
Provided a Win32 specific wrapper around libevent/arc4random.c.
fixed some minor warnings.
* [Bug 2796] ntp-keygen crashes in 'getclock()' on Win32.
* [Bug 2797] ntp-keygen trapped in endless loop for MD5 keys
on big-endian machines.
* [Bug 2798] sntp should decode and display the leap indicator.
* Simple cleanup to html/build.html
---
(4.2.8p2-RC1) 2015/03/30 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 2794] Don't let reports on normal kernel status changes
look like errors.
* [Bug 2788] New flag -G (force_step_once).
* [Bug 2592] Account for PPS sources which can provide an accurate
absolute time stamp, and status information.
Fixed indention and removed trailing whitespace.
* [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003.
* [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument.
* [Bug 2346] "graceful termination" signals do not do peer cleanup.
* [Bug 2728] See if C99-style structure initialization works.
* [Bug 2747] Upgrade libevent to 2.1.5-beta.
* [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. .
* [Bug 2751] jitter.h has stale copies of l_fp macros.
* [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM.
* [Bug 2757] Quiet compiler warnings.
* [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq.
* [Bug 2763] Allow different thresholds for forward and backward steps.
* [Bug 2766] ntp-keygen output files should not be world-readable.
* [Bug 2767] ntp-keygen -M should symlink to ntp.keys.
* [Bug 2771] nonvolatile value is documented in wrong units.
* [Bug 2773] Early leap announcement from Palisade/Thunderbolt
* [Bug 2774] Unreasonably verbose printout - leap pending/warning
* [Bug 2775] ntp-keygen.c fails to compile under Windows.
* [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info.
Removed non-ASCII characters from some copyright comments.
Removed trailing whitespace.
Updated definitions for Meinberg clocks from current Meinberg header files.
Now use C99 fixed-width types and avoid non-ASCII characters in comments.
Account for updated definitions pulled from Meinberg header files.
Updated comments on Meinberg GPS receivers which are not only called GPS16x.
Replaced some constant numbers by defines from ntp_calendar.h
Modified creation of parse-specific variables for Meinberg devices
in gps16x_message().
Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates.
Modified mbg_tm_str() which now expexts an additional parameter controlling
if the time status shall be printed.
* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto.
* [Sec 2781] Authentication doesn't protect symmetric associations against
DoS attacks.
* [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE.
* [Bug 2789] Quiet compiler warnings from libevent.
* [Bug 2790] If ntpd sets the Windows MM timer highest resolution
pause briefly before measuring system clock precision to yield
correct results.
* Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer.
* Use predefined function types for parse driver functions
used to set up function pointers.
Account for changed prototype of parse_inp_fnc_t functions.
Cast parse conversion results to appropriate types to avoid
compiler warnings.
Let ioctl() for Windows accept a (void *) to avoid compiler warnings
when called with pointers to different types.
---
(4.2.8p1) 2015/02/04 Released by Harlan Stenn <stenn@ntp.org>
* Update the NEWS file.
* [Sec 2671] vallen in extension fields are not validated.
---
(4.2.8p1-RC2) 2015/01/29 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 2627] shm refclock allows only two units with owner-only access
rework: reverted sense of mode bit (so default reflects previous
behaviour) and updated ducumentation.
* [Bug 2732] - Leap second not handled correctly on Windows 8
use 'GetTickCount()' to get the true elapsed time of slew
(This should work for all versions of Windows >= W2K)
* [Bug 2738] Missing buffer initialization in refclocK_parse.c::parsestate().
* [Bug 2739] Parse driver with PPS enabled occasionally evaluates
PPS timestamp with wrong sign.
Removed some German umlauts.
* [Bug 2740] Removed some obsolete code from the parse driver.
* [Bug 2741] Incorrect buffer check in refclocK_parse.c::parsestatus().
---
(4.2.8p1-RC1) 2015/01/24 Released by Harlan Stenn <stenn@ntp.org>
* Start the RC for 4.2.8p1.
* [Bug 2187] Update version number generation scripts.
* [Bug 2617] Fix sntp Usage documentation section.
* [Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
* [Bug 2736] Show error message if we cannot open the config file.
* Copyright update.
* Fix the package name.
---
(4.2.8p1-beta5) 2015/01/07 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 2695] Windows build: __func__ not supported under Windows.
* [Bug 2728] Work around C99-style structure initialization code
for older compilers, specifically Visual Studio prior to VS2013.
---
(4.2.8p1-beta4) 2015/01/04 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 1084] PPSAPI for ntpd on Windows with DLL backends
* [Bug 2695] Build problem on Windows (sys/socket.h).
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
* Fix a regression introduced to timepps-Solaris.h as part of:
[Bug 1206] Required compiler changes for Windows
(4.2.5p181) 2009/06/06
---
(4.2.8p1-beta3) 2015/01/02 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 2627] shm refclock allows only two units with owner-only access
Use mode bit 0 to select public access for units >= 2 (units 0 & 1 are
always private.
* [Bug 2681] Fix display of certificate EOValidity dates on 32-bit systems.
* [Bug 2695] 4.2.8 does not build on Windows.
* [bug 2700] mrulist stopped working in 4.2.8.
* [Bug 2706] libparse/info_trimble.c build dependencies are broken.
* [Bug 2713] variable type/cast, parameter name, general cleanup from NetBSD.
* [Bug 2714] libevent may need to be built independently of any build of sntp.
* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
---
(4.2.8p1-beta2) 2014/12/27 Released by Harlan Stenn <stenn@ntp.org>
* [Bug 2674] Install sntp in sbin on NetBSD.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL and sntp.
* [Bug 2707] Avoid a C90 extension in libjsmn/jsmn.c.
* [Bug 2709] see if we have a C99 compiler (not yet required).
---
(4.2.8p1-beta1) 2014/12/23 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
* [Bug 2693] ntp-keygen doesn't build without OpenSSL.
* [Bug 2697] IN6_IS_ADDR_LOOPBACK build problems on some OSes.
* [Bug 2699] HAVE_SYS_SELECT_H is misspelled in refclock_gpsdjson.c.
---
As provided by Takahiro HAYASHI in PR kern/48109. Additional error
registration in ipf(8) by myself. Changes tested with GENERIC and
XEN3_DOM0. Thanks!
XXX pull-up netbsd-7
* allow OpenSSL cipher configuration to be set for internal EAP server
(openssl_ciphers parameter)
* fixed number of small issues based on hwsim test case failures and
static analyzer reports
* P2P:
- add new=<0/1> flag to P2P-DEVICE-FOUND events
- add passive channels in invitation response from P2P Client
- enable nl80211 P2P_DEVICE support by default
- fix regresssion in disallow_freq preventing search on social
channels
- fix regressions in P2P SD query processing
- try to re-invite with social operating channel if no common channels
in invitation
- allow cross connection on parent interface (this fixes number of
use cases with nl80211)
- add support for P2P services (P2PS)
- add p2p_go_ctwindow configuration parameter to allow GO CTWindow to
be configured
* increase postponing of EAPOL-Start by one second with AP/GO that
supports WPS 2.0 (this makes it less likely to trigger extra roundtrip
of identity frames)
* add support for PMKSA caching with SAE
* add support for control mesh BSS (IEEE 802.11s) operations
* fixed number of issues with D-Bus P2P commands
* fixed regression in ap_scan=2 special case for WPS
* fixed macsec_validate configuration
* add a workaround for incorrectly behaving APs that try to use
EAPOL-Key descriptor version 3 when the station supports PMF even if
PMF is not enabled on the AP
* allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior
of disabling these can be configured to work around issues with broken
servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1"
* add support for Suite B (128-bit and 192-bit level) key management and
cipher suites
* add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS)
* improved BSS Transition Management processing
* add support for neighbor report
* add support for link measurement
* fixed expiration of BSS entry with all-zeros BSSID
* add optional LAST_ID=x argument to LIST_NETWORK to allow all
configured networks to be listed even with huge number of network
profiles
* add support for EAP Re-Authentication Protocol (ERP)
* fixed EAP-IKEv2 fragmentation reassembly
* improved PKCS#11 configuration for OpenSSL
* set stdout to be line-buffered
* add TDLS channel switch configuration
* add support for MAC address randomization in scans with nl80211
* enable HT for IBSS if supported by the driver
* add BSSID black and white lists (bssid_blacklist, bssid_whitelist)
* add support for domain_suffix_match with GnuTLS
* add OCSP stapling client support with GnuTLS
* include peer certificate in EAP events even without a separate probe
operation; old behavior can be restored with cert_in_cb=0
* add peer ceritficate alt subject name to EAP events
(CTRL-EVENT-EAP-PEER-ALT)
* add domain_match network profile parameter (similar to
domain_suffix_match, but full match is required)
* enable AP/GO mode HT Tx STBC automatically based on driver support
* add ANQP-QUERY-DONE event to provide information on ANQP parsing
status
* allow passive scanning to be forced with passive_scan=1
* add a workaround for Linux packet socket behavior when interface is in
bridge
* increase 5 GHz band preference in BSS selection (estimate SNR, if info
not available from driver; estimate maximum throughput based on common
HT/VHT/specific TX rate support)
* add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to
implement Interworking network selection behavior in upper layers
software components
* add optional reassoc_same_bss_optim=1 (disabled by default)
optimization to avoid unnecessary Authentication frame exchange
* extend TDLS frame padding workaround to cover all packets
* allow wpa_supplicant to recover nl80211 functionality if the cfg80211
module gets removed and reloaded without restarting wpa_supplicant
* allow hostapd DFS implementation to be used in wpa_supplicant AP mode
Summary for 4.7.3 tcpdump release
Capsicum fixes for FreeBSD 10
Monday March. 10, 2015 guy@alum.mit.edu
Summary for 4.7.2 tcpdump release
DCCP: update Packet Types with RFC4340/IANA names
fixes for CVE-2015-0261: IPv6 mobility header check issue
fixes for CVE-2015-2153, 2154, 2155: kday packets
Friday Nov. 12, 2014 guy@alum.mit.edu
Summary for 4.7.0 tcpdump release
changes to hex printing of CDP packets
Fix PPI printing
Radius: update Packet Type Codes and Attribute Types with RFC/IANA names
Add a routine to print "text protocols", and add FTP/HTTP/SMTP/RTSP support.
improvements to telnet printer, even if not -v
omit length for bcp, print-tcp uses it
formatting fixes for a bunch of protocols
new bounds checks for a number of protocols
split netflow 1,6, and 6 dissector up.
added geneve dissector
CVE-2014-9140 PPP dissector fixed.
Thursday Feb. 12, 2015 guy@alum.mit.edu/mcr@sandelman.ca
Summary for 1.8.0 libpcap release
Support for filtering Geneve encapsulated packets.
Wednesday Nov. 12, 2014 guy@alum.mit.edu/mcr@sandelman.ca
Summary for 1.7.0 libpcap release
Fix handling of zones for BPF on Solaris
new DLT for ZWAVE
clarifications for read timeouts.
added bpf_filter1() with extensions
some fixes to compilation without stdint.h
EBUSY can now be returned by SNFv3 code.
* Use the exit code of EXIT_SUCCESS when terminating gracefully.
* Fix dumping a lease file by filename.
* If RTF_LOCAL is defined, don't try and set loopback routes.
* Fix adding host routes on BSD.
* After adding an address load the kernel routing table for the
interface. When routes are rebuilt try not to remove any existing
routes if they don't need changing.
* Replace timeval with timespec for our internal functions.
* Support kqueue(2).
* Better support for more interface types on BSD, thanks to Guy Yur.
* Many Prefix Delegation fixes.
* Fix creation of normal IPv6 link-local addresses overflowing the
address storage and fooling dhcpcd into thinking it's not
tentative when added.
* Add own syslog(3) like logging function for a nicer output and so
we can log to a file for the case when syslogd(8) starts after
dhcpcd so we can log any errors during system start using the new
--logfile option.
Only the change to lib/dns/zone.c is security relevant
Upstream changelog:
--- 9.10.1-P2 released ---
4053. [security] Revoking a managed trust anchor and supplying
an untrusted replacement could cause named
to crash with an assertion failure.
(CVE-2015-1349) [RT #38344]
4027. [port] Net::DNS 0.81 compatibility. [RT #38165]
h=c32e74763f77675b9e144126e375977ed6dc562c
The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL
pointer when a search request includes the Deref control with an empty
list of attributes to return (missing input validation). [CVE-2015-1545]
XXX: Pullup-7
h=2f1a2dd329b91afe561cd06b872d09630d4edb6a
Certain search queries including the Matched Values control can trigger
a double free in slapd 2.4.40 when freeing operation controls. This is a
regression in 2.4.40, no earlier releases are affected. [CVE-1546]
XXX: Pullup-7
