diff --git a/contrib/ntp/ChangeLog b/contrib/ntp/ChangeLog index 8e34d2a96696..93cdab8b94eb 100644 --- a/contrib/ntp/ChangeLog +++ b/contrib/ntp/ChangeLog @@ -1,3 +1,17 @@ +--- +(4.2.8p17) 2023/06/06 Released by Harlan Stenn + +* [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at + event_sync. Reported by Edward McGuire. +* [Bug 3822] ntpd significantly delays first poll of servers specified by name. + Miroslav Lichvar identified regression in 4.2.8p16. +* [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with + 4.2.8p15 or earlier. Reported by Matt Nordhoff, thanks to + Miroslav Lichvar and Matt for rapid testing and identifying the + problem. +* Add tests/libntp/digests.c to catch regressions reading keys file or with + symmetric authentication digest output. + --- (4.2.8p16) 2023/05/31 Released by Harlan Stenn diff --git a/contrib/ntp/CommitLog b/contrib/ntp/CommitLog index 54bf0f9a45fc..adeda2c60402 100644 --- a/contrib/ntp/CommitLog +++ b/contrib/ntp/CommitLog @@ -1,3 +1,467 @@ +ChangeSet@1.4004, 2023-06-06 04:40:27-07:00, ntpreleng@ntp-build.tal1.ntfo.org + NTP_4_2_8P17 + TAG: NTP_4_2_8P17 + + ChangeLog@1.2053 +1 -0 + NTP_4_2_8P17 + + ntpd/invoke-ntp.conf.texi@1.225 +1 -1 + NTP_4_2_8P17 + + ntpd/invoke-ntp.keys.texi@1.210 +1 -1 + NTP_4_2_8P17 + + ntpd/invoke-ntpd.texi@1.524 +2 -2 + NTP_4_2_8P17 + + ntpd/ntp.conf.5man@1.259 +2 -2 + NTP_4_2_8P17 + + ntpd/ntp.conf.5mdoc@1.259 +2 -2 + NTP_4_2_8P17 + + ntpd/ntp.conf.html@1.207 +1 -1 + NTP_4_2_8P17 + + ntpd/ntp.conf.man.in@1.259 +2 -2 + NTP_4_2_8P17 + + ntpd/ntp.conf.mdoc.in@1.259 +2 -2 + NTP_4_2_8P17 + + ntpd/ntp.keys.5man@1.244 +2 -2 + NTP_4_2_8P17 + + ntpd/ntp.keys.5mdoc@1.244 +2 -2 + NTP_4_2_8P17 + + ntpd/ntp.keys.html@1.204 +1 -1 + NTP_4_2_8P17 + + ntpd/ntp.keys.man.in@1.244 +2 -2 + NTP_4_2_8P17 + + ntpd/ntp.keys.mdoc.in@1.244 +2 -2 + NTP_4_2_8P17 + + ntpd/ntpd-opts.c@1.549 +7 -7 + NTP_4_2_8P17 + + ntpd/ntpd-opts.h@1.548 +3 -3 + NTP_4_2_8P17 + + ntpd/ntpd.1ntpdman@1.353 +2 -2 + NTP_4_2_8P17 + + ntpd/ntpd.1ntpdmdoc@1.353 +2 -2 + NTP_4_2_8P17 + + ntpd/ntpd.html@1.198 +2 -2 + NTP_4_2_8P17 + + ntpd/ntpd.man.in@1.353 +2 -2 + NTP_4_2_8P17 + + ntpd/ntpd.mdoc.in@1.353 +2 -2 + NTP_4_2_8P17 + + ntpdc/invoke-ntpdc.texi@1.523 +2 -2 + NTP_4_2_8P17 + + ntpdc/ntpdc-opts.c@1.544 +7 -7 + NTP_4_2_8P17 + + ntpdc/ntpdc-opts.h@1.543 +3 -3 + NTP_4_2_8P17 + + ntpdc/ntpdc.1ntpdcman@1.354 +2 -2 + NTP_4_2_8P17 + + ntpdc/ntpdc.1ntpdcmdoc@1.354 +2 -2 + NTP_4_2_8P17 + + ntpdc/ntpdc.html@1.368 +2 -2 + NTP_4_2_8P17 + + ntpdc/ntpdc.man.in@1.354 +2 -2 + NTP_4_2_8P17 + + ntpdc/ntpdc.mdoc.in@1.354 +2 -2 + NTP_4_2_8P17 + + ntpq/invoke-ntpq.texi@1.533 +2 -2 + NTP_4_2_8P17 + + ntpq/ntpq-opts.c@1.553 +7 -7 + NTP_4_2_8P17 + + ntpq/ntpq-opts.h@1.551 +3 -3 + NTP_4_2_8P17 + + ntpq/ntpq.1ntpqman@1.361 +2 -2 + NTP_4_2_8P17 + + ntpq/ntpq.1ntpqmdoc@1.361 +2 -2 + NTP_4_2_8P17 + + ntpq/ntpq.html@1.198 +2 -2 + NTP_4_2_8P17 + + ntpq/ntpq.man.in@1.361 +2 -2 + NTP_4_2_8P17 + + ntpq/ntpq.mdoc.in@1.361 +2 -2 + NTP_4_2_8P17 + + ntpsnmpd/invoke-ntpsnmpd.texi@1.523 +1 -1 + NTP_4_2_8P17 + + ntpsnmpd/ntpsnmpd-opts.c@1.544 +7 -7 + NTP_4_2_8P17 + + ntpsnmpd/ntpsnmpd-opts.h@1.543 +3 -3 + NTP_4_2_8P17 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.352 +2 -2 + NTP_4_2_8P17 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.352 +2 -2 + NTP_4_2_8P17 + + ntpsnmpd/ntpsnmpd.html@1.190 +1 -1 + NTP_4_2_8P17 + + ntpsnmpd/ntpsnmpd.man.in@1.352 +2 -2 + NTP_4_2_8P17 + + ntpsnmpd/ntpsnmpd.mdoc.in@1.352 +2 -2 + NTP_4_2_8P17 + + packageinfo.sh@1.550 +2 -2 + NTP_4_2_8P17 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.113 +2 -2 + NTP_4_2_8P17 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.115 +2 -2 + NTP_4_2_8P17 + + scripts/calc_tickadj/calc_tickadj.html@1.114 +1 -1 + NTP_4_2_8P17 + + scripts/calc_tickadj/calc_tickadj.man.in@1.112 +2 -2 + NTP_4_2_8P17 + + scripts/calc_tickadj/calc_tickadj.mdoc.in@1.115 +2 -2 + NTP_4_2_8P17 + + scripts/calc_tickadj/invoke-calc_tickadj.texi@1.117 +1 -1 + NTP_4_2_8P17 + + scripts/invoke-plot_summary.texi@1.135 +2 -2 + NTP_4_2_8P17 + + scripts/invoke-summary.texi@1.134 +2 -2 + NTP_4_2_8P17 + + scripts/ntp-wait/invoke-ntp-wait.texi@1.346 +2 -2 + NTP_4_2_8P17 + + scripts/ntp-wait/ntp-wait-opts@1.82 +2 -2 + NTP_4_2_8P17 + + scripts/ntp-wait/ntp-wait.1ntp-waitman@1.341 +2 -2 + NTP_4_2_8P17 + + scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.343 +2 -2 + NTP_4_2_8P17 + + scripts/ntp-wait/ntp-wait.html@1.362 +2 -2 + NTP_4_2_8P17 + + scripts/ntp-wait/ntp-wait.man.in@1.341 +2 -2 + NTP_4_2_8P17 + + scripts/ntp-wait/ntp-wait.mdoc.in@1.343 +2 -2 + NTP_4_2_8P17 + + scripts/ntpsweep/invoke-ntpsweep.texi@1.132 +2 -2 + NTP_4_2_8P17 + + scripts/ntpsweep/ntpsweep-opts@1.85 +2 -2 + NTP_4_2_8P17 + + scripts/ntpsweep/ntpsweep.1ntpsweepman@1.120 +2 -2 + NTP_4_2_8P17 + + scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.120 +2 -2 + NTP_4_2_8P17 + + scripts/ntpsweep/ntpsweep.html@1.134 +2 -2 + NTP_4_2_8P17 + + scripts/ntpsweep/ntpsweep.man.in@1.120 +2 -2 + NTP_4_2_8P17 + + scripts/ntpsweep/ntpsweep.mdoc.in@1.121 +2 -2 + NTP_4_2_8P17 + + scripts/ntptrace/invoke-ntptrace.texi@1.135 +2 -2 + NTP_4_2_8P17 + + scripts/ntptrace/ntptrace-opts@1.85 +2 -2 + NTP_4_2_8P17 + + scripts/ntptrace/ntptrace.1ntptraceman@1.120 +2 -2 + NTP_4_2_8P17 + + scripts/ntptrace/ntptrace.1ntptracemdoc@1.122 +2 -2 + NTP_4_2_8P17 + + scripts/ntptrace/ntptrace.html@1.135 +2 -2 + NTP_4_2_8P17 + + scripts/ntptrace/ntptrace.man.in@1.120 +2 -2 + NTP_4_2_8P17 + + scripts/ntptrace/ntptrace.mdoc.in@1.123 +2 -2 + NTP_4_2_8P17 + + scripts/plot_summary-opts@1.86 +2 -2 + NTP_4_2_8P17 + + scripts/plot_summary.1plot_summaryman@1.133 +2 -2 + NTP_4_2_8P17 + + scripts/plot_summary.1plot_summarymdoc@1.133 +2 -2 + NTP_4_2_8P17 + + scripts/plot_summary.html@1.137 +2 -2 + NTP_4_2_8P17 + + scripts/plot_summary.man.in@1.133 +2 -2 + NTP_4_2_8P17 + + scripts/plot_summary.mdoc.in@1.133 +2 -2 + NTP_4_2_8P17 + + scripts/summary-opts@1.85 +2 -2 + NTP_4_2_8P17 + + scripts/summary.1summaryman@1.132 +2 -2 + NTP_4_2_8P17 + + scripts/summary.1summarymdoc@1.132 +2 -2 + NTP_4_2_8P17 + + scripts/summary.html@1.136 +2 -2 + NTP_4_2_8P17 + + scripts/summary.man.in@1.132 +2 -2 + NTP_4_2_8P17 + + scripts/summary.mdoc.in@1.132 +2 -2 + NTP_4_2_8P17 + + scripts/update-leap/invoke-update-leap.texi@1.33 +1 -1 + NTP_4_2_8P17 + + scripts/update-leap/update-leap-opts@1.35 +2 -2 + NTP_4_2_8P17 + + scripts/update-leap/update-leap.1update-leapman@1.33 +2 -2 + NTP_4_2_8P17 + + scripts/update-leap/update-leap.1update-leapmdoc@1.34 +2 -2 + NTP_4_2_8P17 + + scripts/update-leap/update-leap.html@1.33 +1 -1 + NTP_4_2_8P17 + + scripts/update-leap/update-leap.man.in@1.33 +2 -2 + NTP_4_2_8P17 + + scripts/update-leap/update-leap.mdoc.in@1.34 +2 -2 + NTP_4_2_8P17 + + sntp/invoke-sntp.texi@1.523 +2 -2 + NTP_4_2_8P17 + + sntp/sntp-opts.c@1.545 +7 -7 + NTP_4_2_8P17 + + sntp/sntp-opts.h@1.543 +3 -3 + NTP_4_2_8P17 + + sntp/sntp.1sntpman@1.358 +2 -2 + NTP_4_2_8P17 + + sntp/sntp.1sntpmdoc@1.358 +2 -2 + NTP_4_2_8P17 + + sntp/sntp.html@1.539 +2 -2 + NTP_4_2_8P17 + + sntp/sntp.man.in@1.358 +2 -2 + NTP_4_2_8P17 + + sntp/sntp.mdoc.in@1.358 +2 -2 + NTP_4_2_8P17 + + util/invoke-ntp-keygen.texi@1.526 +2 -2 + NTP_4_2_8P17 + + util/ntp-keygen-opts.c@1.547 +7 -7 + NTP_4_2_8P17 + + util/ntp-keygen-opts.h@1.545 +3 -3 + NTP_4_2_8P17 + + util/ntp-keygen.1ntp-keygenman@1.354 +2 -2 + NTP_4_2_8P17 + + util/ntp-keygen.1ntp-keygenmdoc@1.354 +2 -2 + NTP_4_2_8P17 + + util/ntp-keygen.html@1.199 +2 -2 + NTP_4_2_8P17 + + util/ntp-keygen.man.in@1.354 +2 -2 + NTP_4_2_8P17 + + util/ntp-keygen.mdoc.in@1.354 +2 -2 + NTP_4_2_8P17 + +ChangeSet@1.4003, 2023-06-06 04:28:11-07:00, ntpreleng@ntp-build.tal1.ntfo.org + p17 + + tests/libntp/run-digests.c@1.2 +7 -7 + p17 + +ChangeSet@1.4002, 2023-06-06 04:09:35-07:00, ntpreleng@ntp-build.tal1.ntfo.org + p17 + + packageinfo.sh@1.549 +1 -1 + p17 + +ChangeSet@1.4001, 2023-06-06 09:43:55+00:00, hart@ntp-devbuild.chi1.ntfo.org + Makefile.am: + Fix make distcheck failure with generated srcdir.c + + tests/libntp/Makefile.am@1.104 +2 -2 + Fix make distcheck failure with generated srcdir.c + +ChangeSet@1.4000, 2023-06-06 03:43:29-05:00, stenn@stenn.chi1.ntfo.org + prep for p17 + + ChangeLog@1.2052 +8 -6 + prep for p17 + + NEWS@1.219 +25 -0 + prep for p17 + +ChangeSet@1.3998, 2023-06-05 00:21:10+00:00, davehart@tl.davehart.net + Add tests for loading and using all supported symmetric auth digests. + + ChangeLog@1.2050 +2 -0 + Add tests/libntp/digests.c to catch regressions reading keys file or with + symmetric authentication digest output. + + include/ntp.h@1.235 +1 -1 + move KEY_TYPE_MD5 to ntp_md5.h + + include/ntp_md5.h@1.15 +4 -0 + move a few items here where they better fit. + + include/ntp_stdlib.h@1.91 +21 -18 + Move items to ntp_md5.h, add some arg names to prototypes. + + libntp/a_md5encrypt.c@1.55 +13 -10 + %zu isn't supported by all compilers we support + + libntp/authkeys.c@1.46 +11 -12 + Get rid of magic number 4 for sizeof(u_int32), use zero_mem() + + libntp/authreadkeys.c@1.36 +10 -2 + Warn if AES128CMAC key is less than 128 bits. + + libntp/msyslog.c@1.57 +3 -2 + Comment grammar + + libparse/clk_hopf6021.c@1.14 +3 -2 + include ascii.h after ntp_stdlib.h to avoid clash with EM define + + libparse/clk_wharton.c@1.13 +3 -2 + include ascii.h after ntp_stdlib.h to avoid clash with EM define + + ntpd/ntp_control.c@1.241 +0 -1 + ntp_md5.h in ntp_stdlib.h now + + ntpd/ntp_loopfilter.c@1.197 +0 -3 + Move PATH_MAX definition to header file. + + sntp/crypto.c@1.42 +0 -5 + Remove redundancies + + sntp/crypto.h@1.15 +0 -1 + separate include of ntp_md5.h no longer needed + + tests/libntp/Makefile.am@1.103 +33 -6 + add digests.c + + tests/libntp/data/ntp.keys@1.2 +1 -1 + typo + + tests/libntp/digests.c@1.1 +415 -0 + Unit test for loading and using all supported symmetric auth methods. + + tests/libntp/digests.c@1.0 +0 -0 + + tests/libntp/run-digests.c@1.1 +80 -0 + Unity generated runner for digests.c + + tests/libntp/run-digests.c@1.0 +0 -0 + +ChangeSet@1.3996.2.1, 2023-06-03 22:48:12+00:00, davehart@tl.davehart.net + [Bug 3822] ntpd significantly delays first poll of servers specified by name. + + ChangeLog@1.2048.2.1 +4 -0 + [Bug 3822] ntpd significantly delays first poll of servers specified by name. + + ntpd/ntp_config.c@1.383 +18 -0 + Treat associations from ntp.conf with hostnames the same as those with IP addresses. + +ChangeSet@1.3996.1.1, 2023-06-02 23:42:10+00:00, davehart@tl.davehart.net + [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at event_sync. + + ChangeLog@1.2048.1.1 +4 -0 + [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at event_sync. + + ntpd/ntp_proto.c@1.446 +3 -2 + CLarify error message + + ntpd/ntpd.c@1.189 +4 -2 + Fix logic error, clarify message + +ChangeSet@1.3997, 2023-06-02 19:29:12+00:00, davehart@tl.davehart.net + [Bug 3821] 4.2.8p16 misreads hex auth keys, won't interop with 4.2.8p15. + + ChangeLog@1.2049 +5 -0 + [Bug 3821] 4.2.8p16 misreads hex auth keys, won't interop with 4.2.8p15. + + libntp/authkeys.c@1.45 +2 -2 + > typo for >> + + tests/libntp/data/mills,david-03.jpg@1.1 +912 -0 + The internet's Father Time + + tests/libntp/data/mills,david-03.jpg@1.0 +0 -0 + + tests/libntp/data/ntp.keys@1.1 +34 -0 + Test keys for libntp/tests/digest.c + + tests/libntp/data/ntp.keys@1.0 +0 -0 + ChangeSet@1.3996, 2023-05-31 20:05:32-07:00, ntpreleng@ntp-build.tal1.ntfo.org NTP_4_2_8P16 TAG: NTP_4_2_8P16 diff --git a/contrib/ntp/NEWS b/contrib/ntp/NEWS index d9d8a0987ab6..432c3d324575 100644 --- a/contrib/ntp/NEWS +++ b/contrib/ntp/NEWS @@ -1,3 +1,28 @@ +--- +NTP 4.2.8p17 (Harlan Stenn , 2023 Jun 06) + +Focus: Bug fixes + +Severity: HIGH (for people running 4.2.8p16) + +This release: + +- fixes 3 bugs, including a regression +- adds new unit tests + +Details below: + +* [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at + event_sync. Reported by Edward McGuire. +* [Bug 3822] ntpd significantly delays first poll of servers specified by name. + Miroslav Lichvar identified regression in 4.2.8p16. +* [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with + 4.2.8p15 or earlier. Reported by Matt Nordhoff, thanks to + Miroslav Lichvar and Matt for rapid testing and identifying the + problem. +* Add tests/libntp/digests.c to catch regressions reading keys file or with + symmetric authentication digest output. + --- NTP 4.2.8p16 (Harlan Stenn , 2023 May 30) diff --git a/contrib/ntp/configure b/contrib/ntp/configure index a8c2ba593aa3..5d09904bea03 100755 --- a/contrib/ntp/configure +++ b/contrib/ntp/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for ntp 4.2.8p16. +# Generated by GNU Autoconf 2.71 for ntp 4.2.8p17. # # Report bugs to . # @@ -621,8 +621,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ntp' PACKAGE_TARNAME='ntp' -PACKAGE_VERSION='4.2.8p16' -PACKAGE_STRING='ntp 4.2.8p16' +PACKAGE_VERSION='4.2.8p17' +PACKAGE_STRING='ntp 4.2.8p17' PACKAGE_BUGREPORT='https://bugs.ntp.org/' PACKAGE_URL='https://www.ntp.org/' @@ -1651,7 +1651,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ntp 4.2.8p16 to adapt to many kinds of systems. +\`configure' configures ntp 4.2.8p17 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1722,7 +1722,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ntp 4.2.8p16:";; + short | recursive ) echo "Configuration of ntp 4.2.8p17:";; esac cat <<\_ACEOF @@ -1967,7 +1967,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ntp configure 4.2.8p16 +ntp configure 4.2.8p17 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2624,7 +2624,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ntp $as_me 4.2.8p16, which was +It was created by ntp $as_me 4.2.8p17, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -4039,7 +4039,7 @@ fi # Define the identity of the package. PACKAGE='ntp' - VERSION='4.2.8p16' + VERSION='4.2.8p17' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -35365,7 +35365,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ntp $as_me 4.2.8p16, which was +This file was extended by ntp $as_me 4.2.8p17, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -35434,7 +35434,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -ntp config.status 4.2.8p16 +ntp config.status 4.2.8p17 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/contrib/ntp/include/ntp.h b/contrib/ntp/include/ntp.h index c037f5986016..258ddd6138f7 100644 --- a/contrib/ntp/include/ntp.h +++ b/contrib/ntp/include/ntp.h @@ -134,7 +134,7 @@ typedef char s_char; * Miscellaneous stuff */ #define NTP_MAXKEY 65535 /* max authentication key number */ -#define KEY_TYPE_MD5 NID_md5 /* MD5 digest NID */ + /* * Limits of things */ diff --git a/contrib/ntp/include/ntp_md5.h b/contrib/ntp/include/ntp_md5.h index 06c90b2d2faf..8b5a7d0cbb49 100644 --- a/contrib/ntp/include/ntp_md5.h +++ b/contrib/ntp/include/ntp_md5.h @@ -6,6 +6,8 @@ #ifndef NTP_MD5_H #define NTP_MD5_H +# define KEY_TYPE_MD5 NID_md5 + #ifdef OPENSSL # include # include "libssl_compat.h" @@ -30,6 +32,8 @@ typedef MD5_CTX EVP_MD_CTX; +# define NID_md5 4 /* from openssl/objects.h */ +# define EVP_MAX_MD_SIZE 64 /* from openssl/evp.h */ # define EVP_MD_CTX_free(c) free(c) # define EVP_MD_CTX_new() calloc(1, sizeof(MD5_CTX)) # define EVP_get_digestbynid(t) NULL diff --git a/contrib/ntp/include/ntp_stdlib.h b/contrib/ntp/include/ntp_stdlib.h index 2d7c640565d5..446837e3adcb 100644 --- a/contrib/ntp/include/ntp_stdlib.h +++ b/contrib/ntp/include/ntp_stdlib.h @@ -11,6 +11,7 @@ #include "declcond.h" /* ntpd uses ntpd/declcond.h, others include/ */ #include "l_stdlib.h" +#include "ntp_md5.h" #include "ntp_net.h" #include "ntp_debug.h" #include "ntp_malloc.h" @@ -18,6 +19,10 @@ #include "ntp_syslog.h" #include "ntp_keyacc.h" +#ifndef PATH_MAX +# define PATH_MAX MAX_PATH +#endif + #ifdef __GNUC__ #define NTP_PRINTF(fmt, args) __attribute__((__format__(__printf__, fmt, args))) #else @@ -36,24 +41,16 @@ extern void mvsyslog(int, const char *, va_list) NTP_PRINTF(2, 0); extern void init_logging (const char *, u_int32, int); extern int change_logfile (const char *, int); extern void setup_logfile (const char *); -#ifndef errno_to_str +#ifndef errno_to_str /* Windows port defines this */ extern void errno_to_str(int, char *, size_t); #endif -extern char * ntp_realpath(const char * fsname); +extern char * ntp_realpath(const char *fsname); -extern int xvsbprintf(char**, char* const, char const*, va_list) NTP_PRINTF(3, 0); -extern int xsbprintf(char**, char* const, char const*, ...) NTP_PRINTF(3, 4); - -/* - * When building without OpenSSL, use a few macros of theirs to - * minimize source differences in NTP. - */ -#ifndef OPENSSL -#define NID_md5 4 /* from openssl/objects.h */ -/* from openssl/evp.h */ -#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ -#endif +extern int xvsbprintf(char **, char * const, char const *, va_list) + NTP_PRINTF(3, 0); +extern int xsbprintf(char **, char * const, char const *, ...) + NTP_PRINTF(3, 4); #define SAVE_ERRNO(stmt) \ { \ @@ -111,10 +108,16 @@ extern void auth_prealloc_symkeys(int); extern int ymd2yd (int, int, int); /* a_md5encrypt.c */ -extern int MD5authdecrypt (int, const u_char *, size_t, u_int32 *, size_t, size_t, keyid_t); -extern size_t MD5authencrypt (int, const u_char *, size_t, u_int32 *, size_t); -extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t, KeyAccT *c); -extern u_int32 addr2refid (sockaddr_u *); +extern size_t MD5authencrypt (int type, const u_char *key, size_t klen, + u_int32 *pkt, size_t length); +extern int MD5authdecrypt (int type, const u_char *key, size_t klen, + u_int32 *pkt, size_t length, size_t size, + keyid_t keyno); +extern u_int32 addr2refid(sockaddr_u *); + +/* authkeys.c */ +extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t, + KeyAccT *c); /* emalloc.c */ #ifndef EREALLOC_CALLSITE /* ntp_malloc.h defines */ diff --git a/contrib/ntp/libntp/a_md5encrypt.c b/contrib/ntp/libntp/a_md5encrypt.c index 6011af52af6d..7a372969123f 100644 --- a/contrib/ntp/libntp/a_md5encrypt.c +++ b/contrib/ntp/libntp/a_md5encrypt.c @@ -9,7 +9,6 @@ #include "ntp_string.h" #include "ntp_stdlib.h" #include "ntp.h" -#include "ntp_md5.h" /* provides OpenSSL digest API */ #include "isc/string.h" typedef struct { @@ -22,10 +21,12 @@ typedef struct { size_t len; } rwbuffT; + #if defined(OPENSSL) && defined(ENABLE_CMAC) static size_t cmac_ctx_size( - CMAC_CTX * ctx) + CMAC_CTX * ctx + ) { size_t mlen = 0; @@ -36,14 +37,16 @@ cmac_ctx_size( } return mlen; } -#endif /*OPENSSL && ENABLE_CMAC*/ +#endif /* OPENSSL && ENABLE_CMAC */ + static size_t make_mac( const rwbuffT * digest, int ktype, const robuffT * key, - const robuffT * msg) + const robuffT * msg + ) { /* * Compute digest of key concatenated with packet. Note: the @@ -66,8 +69,8 @@ make_mac( /* adjust key size (zero padded buffer) if necessary */ if (AES_128_KEY_SIZE > key->len) { memcpy(keybuf, keyptr, key->len); - memset((keybuf + key->len), 0, - (AES_128_KEY_SIZE - key->len)); + zero_mem((keybuf + key->len), + (AES_128_KEY_SIZE - key->len)); keyptr = keybuf; } @@ -107,10 +110,10 @@ make_mac( goto mac_fail; } - #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW + #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW /* make sure MD5 is allowd */ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - #endif + #endif /* [Bug 3457] DON'T use plain EVP_DigestInit! It would * kill the flags! */ if (!EVP_DigestInit_ex(ctx, EVP_get_digestbynid(ktype), NULL)) { @@ -239,8 +242,8 @@ MD5authdecrypt( dlen = MAX_MDG_LEN; if (size != (size_t)dlen + KEY_MAC_LEN) { msyslog(LOG_ERR, - "MAC decrypt: MAC length error: len=%zu key=%d", - size, keyno); + "MAC decrypt: MAC length error: len=%u key=%d", + (u_int)size, keyno); return (0); } return !isc_tsmemcmp(digest, diff --git a/contrib/ntp/libntp/authkeys.c b/contrib/ntp/libntp/authkeys.c index 4448dadd2b6a..d28b4b932b84 100644 --- a/contrib/ntp/libntp/authkeys.c +++ b/contrib/ntp/libntp/authkeys.c @@ -284,8 +284,7 @@ init_auth(void) */ newalloc = authhashbuckets * sizeof(key_hash[0]); - key_hash = erealloc(key_hash, newalloc); - memset(key_hash, '\0', newalloc); + key_hash = emalloc_zero(newalloc); INIT_DLIST(key_listhead, llink); @@ -458,7 +457,7 @@ auth_resize_hashtable(void) newalloc = authhashbuckets * sizeof(key_hash[0]); key_hash = erealloc(key_hash, newalloc); - memset(key_hash, '\0', newalloc); + zero_mem(key_hash, newalloc); ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey) hash = KEYHASH(sk->keyid); @@ -528,14 +527,14 @@ freesymkey( bucket = &key_hash[KEYHASH(sk->keyid)]; if (sk->secret != NULL) { - memset(sk->secret, '\0', sk->secretsize); + zero_mem(sk->secret, sk->secretsize); free(sk->secret); } UNLINK_SLIST(unlinked, *bucket, sk, hlink, symkey); DEBUG_ENSURE(sk == unlinked); UNLINK_DLIST(sk, llink); - memset((char *)sk + offsetof(symkey, symkey_payload), '\0', - sizeof(*sk) - offsetof(symkey, symkey_payload)); + zero_mem((char *)sk + offsetof(symkey, symkey_payload), + sizeof(*sk) - offsetof(symkey, symkey_payload)); LINK_SLIST(authfreekeys, sk, llink.f); authnumkeys--; authnumfreekeys++; @@ -719,13 +718,13 @@ authistrusted( if (keyno == cache_keyid) { return (KEY_TRUSTED & cache_flags) && - keyacc_contains(cache_keyacclist, sau, TRUE); + keyacc_contains(cache_keyacclist, sau, TRUE); } if (NULL != (sk = auth_findkey(keyno))) { authkeyuncached++; return (KEY_TRUSTED & sk->flags) && - keyacc_contains(sk->keyacclist, sau, TRUE); + keyacc_contains(sk->keyacclist, sau, TRUE); } authkeynotfound++; @@ -800,7 +799,7 @@ MD5auth_setkey( allocsymkey(keyno, 0, (u_short)keytype, 0, secretsize, secret, ka); #ifdef DEBUG - if (debug >= 4) { + if (debug >= 1) { size_t j; printf("auth_setkey: key %d type %d len %d ", (int)keyno, @@ -816,7 +815,7 @@ MD5auth_setkey( /* * auth_delkeys - delete non-autokey untrusted keys, and clear all info - * except the trusted bit of non-autokey trusted keys, in + * except the trusted bit of non-autokey trusted keys, in * preparation for rereading the keys file. */ void @@ -835,7 +834,7 @@ auth_delkeys(void) */ if (KEY_TRUSTED & sk->flags) { if (sk->secret != NULL) { - memset(sk->secret, 0, sk->secretsize); + zero_mem(sk->secret, sk->secretsize); free(sk->secret); sk->secret = NULL; /* TALOS-CAN-0054 */ } @@ -886,9 +885,9 @@ authencrypt( * consists of a single word with value zero. */ authencryptions++; - pkt[length / 4] = htonl(keyno); + pkt[length / KEY_MAC_LEN] = htonl(keyno); if (0 == keyno) { - return 4; + return KEY_MAC_LEN; } if (!authhavekey(keyno)) { return 0; @@ -972,7 +971,7 @@ pwdecode_hex( reslen = (size_t)-1; break; } - tmp = (u_char)((ptr - hex) > 1); + tmp = (u_char)((ptr - hex) >> 1); if (j & 1) dst[j >> 1] |= tmp; else diff --git a/contrib/ntp/libntp/authreadkeys.c b/contrib/ntp/libntp/authreadkeys.c index da91bd0d3443..fa2f5b540de4 100644 --- a/contrib/ntp/libntp/authreadkeys.c +++ b/contrib/ntp/libntp/authreadkeys.c @@ -234,7 +234,7 @@ authreadkeys( * The key type is unused, but is required to be 'M' or * 'm' for compatibility. */ - if (!(*token == 'M' || *token == 'm')) { + if (! (toupper(*token) == 'M')) { log_maybe(NULL, "authreadkeys: invalid type for key %d", keyno); @@ -357,13 +357,21 @@ authreadkeys( continue; } - INSIST(NULL != next); + DEBUG_INSIST(NULL != next); +#if defined(OPENSSL) && defined(ENABLE_CMAC) + if (NID_cmac == keytype && len < 16) { + msyslog(LOG_WARNING, CMAC " keys are 128 bits, " + "zero-extending key %u by %u bits", + (u_int)keyno, 8 * (16 - (u_int)len)); + } +#endif /* OPENSSL && ENABLE_CMAC */ next->next = list; list = next; } fclose(fp); if (nerr > 0) { const char * why = ""; + if (nerr > nerr_maxlimit) why = " (emergency break)"; msyslog(LOG_ERR, diff --git a/contrib/ntp/libntp/msyslog.c b/contrib/ntp/libntp/msyslog.c index ae950171f468..a1ba72792595 100644 --- a/contrib/ntp/libntp/msyslog.c +++ b/contrib/ntp/libntp/msyslog.c @@ -583,8 +583,9 @@ setup_logfile( syslog_fname); } -/* Helper for unit tests, where stdout + stderr are piped to the same - * stream. This works moderately reliable only if both streams are +/* + * Helper for unit tests, where stdout + stderr are piped to the same + * stream. This works moderately reliably only if both streams are * unbuffered or line buffered. Unfortunately stdout can be fully * buffered on pipes or files... */ diff --git a/contrib/ntp/libparse/clk_hopf6021.c b/contrib/ntp/libparse/clk_hopf6021.c index c5980ef13f2b..b0b0c1ff2a73 100644 --- a/contrib/ntp/libparse/clk_hopf6021.c +++ b/contrib/ntp/libparse/clk_hopf6021.c @@ -25,7 +25,6 @@ #include "ntp_fp.h" #include "ntp_unixtime.h" #include "ntp_calendar.h" -#include "ascii.h" #include "parse.h" @@ -37,6 +36,8 @@ extern int printf (const char *, ...); #endif +#include "ascii.h" + /* * hopf Funkuhr 6021 * used with 9600,8N1, @@ -263,7 +264,7 @@ hexval( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_HOPF6021) */ -int clk_hopf6021_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_HOPF6021) */ /* diff --git a/contrib/ntp/libparse/clk_wharton.c b/contrib/ntp/libparse/clk_wharton.c index 371137dc6fe8..fbe9cc95f5f7 100644 --- a/contrib/ntp/libparse/clk_wharton.c +++ b/contrib/ntp/libparse/clk_wharton.c @@ -15,7 +15,6 @@ */ #include "ntp_fp.h" -#include "ascii.h" #include "parse.h" #ifndef PARSESTREAM @@ -26,6 +25,8 @@ extern void printf (const char *, ...); #endif +#include "ascii.h" + /* * In private e-mail alastair@wharton.co.uk said : * "If you are going to use the 400A and 404.2 system [for ntp] I recommend @@ -166,7 +167,7 @@ clockformat_t clock_wharton_400a = }; #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_WHARTON_400A) */ -int clk_wharton_400a_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_WHARTON_400A) */ /* diff --git a/contrib/ntp/ntpd/invoke-ntp.conf.texi b/contrib/ntp/ntpd/invoke-ntp.conf.texi index ff708155cd4e..86a039ea6f49 100644 --- a/contrib/ntp/ntpd/invoke-ntp.conf.texi +++ b/contrib/ntp/ntpd/invoke-ntp.conf.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) # -# It has been AutoGen-ed May 31, 2023 at 02:49:31 PM by AutoGen 5.18.16 +# It has been AutoGen-ed June 6, 2023 at 04:37:38 AM by AutoGen 5.18.16 # From the definitions ntp.conf.def # and the template file agtexi-file.tpl @end ignore diff --git a/contrib/ntp/ntpd/invoke-ntp.keys.texi b/contrib/ntp/ntpd/invoke-ntp.keys.texi index 52dee572b434..3926518de3a2 100644 --- a/contrib/ntp/ntpd/invoke-ntp.keys.texi +++ b/contrib/ntp/ntpd/invoke-ntp.keys.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) # -# It has been AutoGen-ed May 31, 2023 at 02:49:34 PM by AutoGen 5.18.16 +# It has been AutoGen-ed June 6, 2023 at 04:37:41 AM by AutoGen 5.18.16 # From the definitions ntp.keys.def # and the template file agtexi-file.tpl @end ignore diff --git a/contrib/ntp/ntpd/invoke-ntpd.texi b/contrib/ntp/ntpd/invoke-ntpd.texi index fbce35dd8d26..471bca5b86c8 100644 --- a/contrib/ntp/ntpd/invoke-ntpd.texi +++ b/contrib/ntp/ntpd/invoke-ntpd.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi) # -# It has been AutoGen-ed May 31, 2023 at 02:49:36 PM by AutoGen 5.18.16 +# It has been AutoGen-ed June 6, 2023 at 04:37:42 AM by AutoGen 5.18.16 # From the definitions ntpd-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -142,7 +142,7 @@ with a status code of 0. @exampleindent 0 @example -ntpd - NTP daemon program - Ver. 4.2.8p16 +ntpd - NTP daemon program - Ver. 4.2.8p17 Usage: ntpd [ - [] | --[@{=| @}] ]... \ [ ... ] Flg Arg Option-Name Description diff --git a/contrib/ntp/ntpd/ntp.conf.5man b/contrib/ntp/ntpd/ntp.conf.5man index 80b742f7d624..4e7a47ab83ef 100644 --- a/contrib/ntp/ntpd/ntp.conf.5man +++ b/contrib/ntp/ntpd/ntp.conf.5man @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5man "31 May 2023" "4.2.8p16" "File Formats" +.TH ntp.conf 5man "06 Jun 2023" "4.2.8p17" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed May 31, 2023 at 02:49:38 PM by AutoGen 5.18.16 +.\" It has been AutoGen-ed June 6, 2023 at 04:37:45 AM by AutoGen 5.18.16 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/contrib/ntp/ntpd/ntp.conf.5mdoc b/contrib/ntp/ntpd/ntp.conf.5mdoc index bc6f31c73c24..951f33da4faa 100644 --- a/contrib/ntp/ntpd/ntp.conf.5mdoc +++ b/contrib/ntp/ntpd/ntp.conf.5mdoc @@ -1,9 +1,9 @@ -.Dd May 31 2023 +.Dd June 6 2023 .Dt NTP_CONF 5mdoc File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed May 31, 2023 at 02:49:25 PM by AutoGen 5.18.16 +.\" It has been AutoGen-ed June 6, 2023 at 04:37:32 AM by AutoGen 5.18.16 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/contrib/ntp/ntpd/ntp.conf.html b/contrib/ntp/ntpd/ntp.conf.html index bda4b750d4f5..f7f0b4bef931 100644 --- a/contrib/ntp/ntpd/ntp.conf.html +++ b/contrib/ntp/ntpd/ntp.conf.html @@ -50,7 +50,7 @@ Next: