NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
Line Editing Libraries
In ntp-4.2.4 and before,
searched for and used
to provide line editing capabilities. This mechanism was incomplete, as described in Bug #764
We now use the following argument to
to show the order we search for line editing libraries (and
must be manually provided because it is GPL code and not compatible with things like OpenSSL):
In ntp-4.2.5 (at least) and before, the line editing facilities were put directly into the source code of
- pretty much duplicated code.
I'm wondering if it would be useful to create a new library, say
, which would contain a library that
would call to
handle all line input.
would produce this convenience library, using one
of the following files:
stdio.c for normal stdio
readline.c for -lreadline-compatible code
edit.c for -ledit-compatible
Additional 'methods' could be added easily.
This would reduce the
and also give us a
single point of service for these functions.
I'm thinking we'd need:
as the API (off the top of my head, as a first pass).
- 20 Oct 2007
I'd like to suggest a slightly simpler interface which I believe achieves the same aims.
Rather than a library built from three different sources we simply use a common header file
provide the shim between the application and the different libraries.
The header file would use the existing
configs to select the appropriate library header files and
implement the interface functions as either
This requires no changes to the build system rather than adding optional includes of different sources.
A slight expansion on your api, I also think
has an implied operation than might confuse
some so have changed the name.
#define MAXLINE 512 /* The minimum input line length we are guaranteed to process */
void ntpline_init(void); /* Initialise the interface (must be called first) */
char *ntpline_readline(char *prompt); /* See below */
void *nptline_close(void); /* Release memory and shutdown */
which may be zero length or
and then gathers a line of
input. The returned line may
'd memory or a static buffer, will
character and may
be longer than
- 22 Oct 2007
Changes along the lines I've suggested are available from pogo:~rdunlop/ntp-dev
I have included new code to support -ledit but not -leditline due to lack of documentation.
- 31 Oct 2007