diff --git a/contrib/ntp/ChangeLog b/contrib/ntp/ChangeLog index 0805467dc6b9..0cb8c4fb4779 100644 --- a/contrib/ntp/ChangeLog +++ b/contrib/ntp/ChangeLog @@ -1,3 +1,72 @@ +--- +(4.2.8p9) 2016/11/21 Released by Harlan Stenn +(4.2.8p9) 2016/MM/DD Released by Harlan Stenn + +* [Sec 3119] Trap crash +* [Sec 3118] Mode 6 information disclosure and DDoS vector + - TRAP config via mode 6 packet requires AUTH now. +* [Sec 3114] Broadcast Mode Replay Prevention DoS + - applied patches by Matthew Van Gundy. + - with bcpollbstep, tweaks and cleanup by stenn@ntp.org +* [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS + - applied fix as suggested by Matthew Van Gundy +* [Sec 3110] Windows: ntpd DoS by oversized UDP packet + - fixed error handling for truncated UDP packets. +* [Sec 3102] Zero origin issues. HStenn. +* [Sec 3082] null pointer dereference in _IO_str_init_static_internal() + - more hardening to read_mru_list(). perlinger@ntp.org +* [Sec 3072] Attack on interface selection + - implemented Miroslav Lichvars suggestion + to skip interface updates based on incoming packets +* [Bug 3142] bug in netmask prefix length detection +* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org +* [Bug 3129] Unknown hosts can put resolver thread into a hard loop + - moved retry decision where it belongs. +* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order + using the loopback-ppsapi-provider.dll +* [Bug 3116] unit tests for NTP time stamp expansion. +* [Bug 3100] ntpq can't retrieve daemon_version + - fixed extended sysvar lookup (bug introduced with bug 3008 fix) +* [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx to source + - added shim layer for SSL API calls with issues (both directions) +* [Bug 3089] Serial Parser does not work anymore for hopfser like device + - simplified / refactored hex-decoding in driver. +* [Bug 3084] update-leap mis-parses the leapfile name. HStenn. +* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org + - applied patch thanks to Andrew Stormont +* [Bug 3067] Root distance calculation needs improvement. HStenn. +* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org + - PPS-HACK works again. +* [Bug 3059] Potential buffer overrun from oversized hash + - applied patch by Brian Utterback +* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White. +* [Bug 3050] Fix for bug #2960 causes [...] spurious error message. + + - patches by Reinhard Max and Havard Eidnes +* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org + - Patch provided by Kuramatsu. +* [Bug 3021] unity_fixture.c needs pragma weak + - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()' +* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing. + DMayer and JPerlinger. +* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger +* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn. +* [Bug 2959] refclock_jupiter: gps week correction + - fixed GPS week expansion to work based on build date. Special thanks + to Craig Leres for initial patch and testing. +* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd' + - fixed Makefile.am +* [Bug 2689] ATOM driver processes last PPS pulse at startup, + even if it is very old + - make sure PPS source is alive before processing samples + - improve stability close to the 500ms phase jump (phase gate) +* Fix typos in include/ntp.h. +* Shim X509_get_signature_nid() if needed. +* git author attribution cleanup +* bk ignore file cleanup +* remove locks in Windows IO, use rpc-like thread synchronisation instead + --- (4.2.8p8) 2016/06/02 Released by Harlan Stenn @@ -19,7 +88,7 @@ * Fix typo in ntp-wait and plot_summary. HStenn. * Make sure we have an "author" file for git imports. HStenn. * Update the sntp problem tests for MacOS. HStenn. - + --- (4.2.8p7) 2016/04/26 Released by Harlan Stenn diff --git a/contrib/ntp/CommitLog b/contrib/ntp/CommitLog index 45777550d71a..1c4c87f90692 100644 --- a/contrib/ntp/CommitLog +++ b/contrib/ntp/CommitLog @@ -1,3 +1,1866 @@ +ChangeSet@1.3720, 2016-11-21 08:08:21-05:00, stenn@deacon.udel.edu + NTP_4_2_8P9 + TAG: NTP_4_2_8P9 + + ChangeLog@1.1852 +1 -0 + NTP_4_2_8P9 + + ntpd/invoke-ntp.conf.texi@1.203 +1 -1 + NTP_4_2_8P9 + + ntpd/invoke-ntp.keys.texi@1.192 +1 -1 + NTP_4_2_8P9 + + ntpd/invoke-ntpd.texi@1.508 +2 -2 + NTP_4_2_8P9 + + ntpd/ntp.conf.5man@1.237 +3 -3 + NTP_4_2_8P9 + + ntpd/ntp.conf.5mdoc@1.237 +2 -2 + NTP_4_2_8P9 + + ntpd/ntp.conf.html@1.187 +157 -154 + NTP_4_2_8P9 + + ntpd/ntp.conf.man.in@1.237 +3 -3 + NTP_4_2_8P9 + + ntpd/ntp.conf.mdoc.in@1.237 +2 -2 + NTP_4_2_8P9 + + ntpd/ntp.keys.5man@1.226 +2 -2 + NTP_4_2_8P9 + + ntpd/ntp.keys.5mdoc@1.226 +3 -3 + NTP_4_2_8P9 + + ntpd/ntp.keys.html@1.188 +21 -33 + NTP_4_2_8P9 + + ntpd/ntp.keys.man.in@1.226 +2 -2 + NTP_4_2_8P9 + + ntpd/ntp.keys.mdoc.in@1.226 +3 -3 + NTP_4_2_8P9 + + ntpd/ntpd-opts.c@1.530 +245 -245 + NTP_4_2_8P9 + + ntpd/ntpd-opts.h@1.529 +3 -3 + NTP_4_2_8P9 + + ntpd/ntpd.1ntpdman@1.337 +3 -3 + NTP_4_2_8P9 + + ntpd/ntpd.1ntpdmdoc@1.337 +2 -2 + NTP_4_2_8P9 + + ntpd/ntpd.html@1.181 +142 -186 + NTP_4_2_8P9 + + ntpd/ntpd.man.in@1.337 +3 -3 + NTP_4_2_8P9 + + ntpd/ntpd.mdoc.in@1.337 +2 -2 + NTP_4_2_8P9 + + ntpdc/invoke-ntpdc.texi@1.505 +2 -2 + NTP_4_2_8P9 + + ntpdc/ntpdc-opts.c@1.523 +106 -106 + NTP_4_2_8P9 + + ntpdc/ntpdc-opts.h@1.522 +3 -3 + NTP_4_2_8P9 + + ntpdc/ntpdc.1ntpdcman@1.336 +3 -3 + NTP_4_2_8P9 + + ntpdc/ntpdc.1ntpdcmdoc@1.336 +2 -2 + NTP_4_2_8P9 + + ntpdc/ntpdc.html@1.349 +75 -95 + NTP_4_2_8P9 + + ntpdc/ntpdc.man.in@1.336 +3 -3 + NTP_4_2_8P9 + + ntpdc/ntpdc.mdoc.in@1.336 +2 -2 + NTP_4_2_8P9 + + ntpq/invoke-ntpq.texi@1.513 +2 -2 + NTP_4_2_8P9 + + ntpq/ntpq-opts.c@1.530 +113 -113 + NTP_4_2_8P9 + + ntpq/ntpq-opts.h@1.528 +3 -3 + NTP_4_2_8P9 + + ntpq/ntpq.1ntpqman@1.341 +3 -3 + NTP_4_2_8P9 + + ntpq/ntpq.1ntpqmdoc@1.341 +2 -2 + NTP_4_2_8P9 + + ntpq/ntpq.html@1.178 +136 -160 + NTP_4_2_8P9 + + ntpq/ntpq.man.in@1.341 +3 -3 + NTP_4_2_8P9 + + ntpq/ntpq.mdoc.in@1.341 +2 -2 + NTP_4_2_8P9 + + ntpsnmpd/invoke-ntpsnmpd.texi@1.507 +2 -2 + NTP_4_2_8P9 + + ntpsnmpd/ntpsnmpd-opts.c@1.525 +67 -67 + NTP_4_2_8P9 + + ntpsnmpd/ntpsnmpd-opts.h@1.524 +3 -3 + NTP_4_2_8P9 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.336 +3 -3 + NTP_4_2_8P9 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.336 +2 -2 + NTP_4_2_8P9 + + ntpsnmpd/ntpsnmpd.html@1.176 +10 -14 + NTP_4_2_8P9 + + ntpsnmpd/ntpsnmpd.man.in@1.336 +3 -3 + NTP_4_2_8P9 + + ntpsnmpd/ntpsnmpd.mdoc.in@1.336 +2 -2 + NTP_4_2_8P9 + + packageinfo.sh@1.532 +2 -2 + NTP_4_2_8P9 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.97 +3 -3 + NTP_4_2_8P9 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.98 +2 -2 + NTP_4_2_8P9 + + scripts/calc_tickadj/calc_tickadj.html@1.99 +30 -42 + NTP_4_2_8P9 + + scripts/calc_tickadj/calc_tickadj.man.in@1.96 +3 -3 + NTP_4_2_8P9 + + scripts/calc_tickadj/calc_tickadj.mdoc.in@1.98 +2 -2 + NTP_4_2_8P9 + + scripts/calc_tickadj/invoke-calc_tickadj.texi@1.101 +1 -1 + NTP_4_2_8P9 + + scripts/invoke-plot_summary.texi@1.119 +2 -2 + NTP_4_2_8P9 + + scripts/invoke-summary.texi@1.118 +2 -2 + NTP_4_2_8P9 + + scripts/ntp-wait/invoke-ntp-wait.texi@1.328 +2 -2 + NTP_4_2_8P9 + + scripts/ntp-wait/ntp-wait-opts@1.64 +2 -2 + NTP_4_2_8P9 + + scripts/ntp-wait/ntp-wait.1ntp-waitman@1.325 +3 -3 + NTP_4_2_8P9 + + scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.326 +2 -2 + NTP_4_2_8P9 + + scripts/ntp-wait/ntp-wait.html@1.345 +41 -59 + NTP_4_2_8P9 + + scripts/ntp-wait/ntp-wait.man.in@1.325 +3 -3 + NTP_4_2_8P9 + + scripts/ntp-wait/ntp-wait.mdoc.in@1.326 +2 -2 + NTP_4_2_8P9 + + scripts/ntpsweep/invoke-ntpsweep.texi@1.116 +2 -2 + NTP_4_2_8P9 + + scripts/ntpsweep/ntpsweep-opts@1.66 +2 -2 + NTP_4_2_8P9 + + scripts/ntpsweep/ntpsweep.1ntpsweepman@1.104 +3 -3 + NTP_4_2_8P9 + + scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.104 +2 -2 + NTP_4_2_8P9 + + scripts/ntpsweep/ntpsweep.html@1.117 +46 -57 + NTP_4_2_8P9 + + scripts/ntpsweep/ntpsweep.man.in@1.104 +3 -3 + NTP_4_2_8P9 + + scripts/ntpsweep/ntpsweep.mdoc.in@1.105 +2 -2 + NTP_4_2_8P9 + + scripts/ntptrace/invoke-ntptrace.texi@1.117 +2 -2 + NTP_4_2_8P9 + + scripts/ntptrace/ntptrace-opts@1.66 +2 -2 + NTP_4_2_8P9 + + scripts/ntptrace/ntptrace.1ntptraceman@1.104 +3 -3 + NTP_4_2_8P9 + + scripts/ntptrace/ntptrace.1ntptracemdoc@1.105 +2 -2 + NTP_4_2_8P9 + + scripts/ntptrace/ntptrace.html@1.118 +38 -47 + NTP_4_2_8P9 + + scripts/ntptrace/ntptrace.man.in@1.104 +3 -3 + NTP_4_2_8P9 + + scripts/ntptrace/ntptrace.mdoc.in@1.106 +2 -2 + NTP_4_2_8P9 + + scripts/plot_summary-opts@1.67 +2 -2 + NTP_4_2_8P9 + + scripts/plot_summary.1plot_summaryman@1.117 +3 -3 + NTP_4_2_8P9 + + scripts/plot_summary.1plot_summarymdoc@1.117 +2 -2 + NTP_4_2_8P9 + + scripts/plot_summary.html@1.120 +40 -58 + NTP_4_2_8P9 + + scripts/plot_summary.man.in@1.117 +3 -3 + NTP_4_2_8P9 + + scripts/plot_summary.mdoc.in@1.117 +2 -2 + NTP_4_2_8P9 + + scripts/summary-opts@1.66 +2 -2 + NTP_4_2_8P9 + + scripts/summary.1summaryman@1.116 +3 -3 + NTP_4_2_8P9 + + scripts/summary.1summarymdoc@1.116 +2 -2 + NTP_4_2_8P9 + + scripts/summary.html@1.119 +37 -49 + NTP_4_2_8P9 + + scripts/summary.man.in@1.116 +3 -3 + NTP_4_2_8P9 + + scripts/summary.mdoc.in@1.116 +2 -2 + NTP_4_2_8P9 + + scripts/update-leap/invoke-update-leap.texi@1.17 +1 -1 + NTP_4_2_8P9 + + scripts/update-leap/update-leap-opts@1.17 +2 -2 + NTP_4_2_8P9 + + scripts/update-leap/update-leap.1update-leapman@1.17 +3 -3 + NTP_4_2_8P9 + + scripts/update-leap/update-leap.1update-leapmdoc@1.17 +2 -2 + NTP_4_2_8P9 + + scripts/update-leap/update-leap.html@1.17 +48 -72 + NTP_4_2_8P9 + + scripts/update-leap/update-leap.man.in@1.17 +3 -3 + NTP_4_2_8P9 + + scripts/update-leap/update-leap.mdoc.in@1.17 +2 -2 + NTP_4_2_8P9 + + sntp/invoke-sntp.texi@1.505 +2 -2 + NTP_4_2_8P9 + + sntp/sntp-opts.c@1.524 +158 -158 + NTP_4_2_8P9 + + sntp/sntp-opts.h@1.522 +3 -3 + NTP_4_2_8P9 + + sntp/sntp.1sntpman@1.340 +3 -3 + NTP_4_2_8P9 + + sntp/sntp.1sntpmdoc@1.340 +2 -2 + NTP_4_2_8P9 + + sntp/sntp.html@1.520 +111 -135 + NTP_4_2_8P9 + + sntp/sntp.man.in@1.340 +3 -3 + NTP_4_2_8P9 + + sntp/sntp.mdoc.in@1.340 +2 -2 + NTP_4_2_8P9 + + util/invoke-ntp-keygen.texi@1.508 +2 -2 + NTP_4_2_8P9 + + util/ntp-keygen-opts.c@1.526 +172 -172 + NTP_4_2_8P9 + + util/ntp-keygen-opts.h@1.524 +3 -3 + NTP_4_2_8P9 + + util/ntp-keygen.1ntp-keygenman@1.336 +3 -3 + NTP_4_2_8P9 + + util/ntp-keygen.1ntp-keygenmdoc@1.336 +2 -2 + NTP_4_2_8P9 + + util/ntp-keygen.html@1.182 +157 -216 + NTP_4_2_8P9 + + util/ntp-keygen.man.in@1.336 +3 -3 + NTP_4_2_8P9 + + util/ntp-keygen.mdoc.in@1.336 +2 -2 + NTP_4_2_8P9 + +ChangeSet@1.3719, 2016-11-21 07:07:04-05:00, stenn@deacon.udel.edu + ntp-4.2.8p9 + + packageinfo.sh@1.531 +1 -1 + ntp-4.2.8p9 + +ChangeSet@1.3718, 2016-11-21 03:47:58+00:00, stenn@psp-deb1.ntp.org + NEWS updates, final p9 testing + + NEWS@1.203 +25 -17 + NEWS updates, final p9 testing + + packageinfo.sh@1.530 +2 -2 + NEWS updates, final p9 testing + +ChangeSet@1.3717, 2016-11-18 10:33:02+00:00, stenn@psp-deb1.ntp.org + NEWS update for 3142 + + NEWS@1.202 +2 -1 + NEWS update for 3142 + +ChangeSet@1.3686.23.1, 2016-11-18 08:55:13+01:00, perlinger@ntp.org + [Bug 3142] bug in netmask prefix length detection + + ChangeLog@1.1834.23.1 +3 -0 + [Bug 3142] bug in netmask prefix length detection + + lib/isc/netaddr.c@1.15 +0 -1 + [Bug 3142] bug in netmask prefix length detection + +ChangeSet@1.3715, 2016-11-16 21:25:49-08:00, harlan@fb-x86-a.pfcs.com + NEWS file update + + NEWS@1.201 +7 -22 + NEWS file update + +ChangeSet@1.3707.1.1, 2016-11-13 21:59:31-08:00, harlan@fb-x86-a.pfcs.com + cleanup + + NEWS@1.197.1.1 +201 -77 + cleanup + +ChangeSet@1.3713, 2016-11-13 21:56:18-08:00, harlan@hms-mbp11.pfcs.com + cleanip + + ChangeLog@1.1850 +2 -0 + cleanip + +ChangeSet@1.3712, 2016-11-13 02:43:02+00:00, stenn@psp-deb1.ntp.org + NEWS updates + + NEWS@1.199 +17 -0 + NEWS updates + +ChangeSet@1.3710, 2016-11-13 02:30:31+00:00, stenn@psp-deb1.ntp.org + NEWS cleanup + + NEWS@1.198 +2 -0 + NEWS cleanup + +ChangeSet@1.3707, 2016-11-12 17:36:54-08:00, harlan@fb-x86-a.pfcs.com + NEWS cleanup + + NEWS@1.197 +41 -6 + NEWS cleanup + +ChangeSet@1.3706, 2016-11-12 16:55:59-08:00, harlan@fb-x86-a.pfcs.com + [Bug 3067] Root distance calculation needs improvement. HStenn + + ChangeLog@1.1846.1.2 +1 -0 + [Bug 3067] Root distance calculation needs improvement. HStenn + + NEWS@1.196 +1 -0 + [Bug 3067] Root distance calculation needs improvement. HStenn + + ntpd/ntp_proto.c@1.396 +16 -11 + [Bug 3067] Root distance calculation needs improvement. HStenn + +ChangeSet@1.3705, 2016-11-12 15:57:34-08:00, harlan@fb-x86-a.pfcs.com + [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org + + ChangeLog@1.1846.1.1 +1 -0 + [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org + + NEWS@1.195 +1 -0 + [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org + + ntpd/refclock_gpsdjson.c@1.25 +1 -1 + [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org + +ChangeSet@1.3686.22.1, 2016-11-12 05:54:39+01:00, perlinger@ntp.org + [Bug 3129] Unknown hosts can put resolver thread into a hard loop + + ChangeLog@1.1834.22.1 +4 -0 + [Bug 3129] Unknown hosts can put resolver thread into a hard loop + + include/ntp_intres.h@1.2 +6 -0 + [Bug 3129] Unknown hosts can put resolver thread into a hard loop + - add flags and prototype for 'getaddrinfo_sometime_ex()' + + libntp/ntp_intres.c@1.101 +48 -14 + [Bug 3129] Unknown hosts can put resolver thread into a hard loop + - implement 'getaddrinfo_sometime_ex()', support ignoring all errors + + ntpd/ntp_config.c@1.338.1.1 +11 -10 + [Bug 3129] Unknown hosts can put resolver thread into a hard loop + - move decison about igoring DNS errors to resolver code + +ChangeSet@1.3703.1.2, 2016-11-09 12:32:07+00:00, stenn@psp-deb1.ntp.org + [Bug 3114] bcpollbstep, tweaks and cleanup + + ChangeLog@1.1848 +1 -1 + [Bug 3114] bcpollbstep, tweaks and cleanup + + html/miscopt.html@1.87 +4 -2 + [Bug 3114] bcpollbstep, tweaks and cleanup + + include/ntp.h@1.223 +1 -0 + [Bug 3114] bcpollbstep, tweaks and cleanup + + include/ntpd.h@1.194 +1 -0 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/complete.conf.in@1.32 +1 -1 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/invoke-ntp.conf.texi@1.202 +16 -1 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/keyword-gen-utd@1.29 +1 -1 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/keyword-gen.c@1.35 +1 -0 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp.conf.5man@1.236 +29 -8 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp.conf.5mdoc@1.236 +21 -2 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp.conf.def@1.25 +19 -0 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp.conf.man.in@1.236 +29 -8 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp.conf.mdoc.in@1.236 +21 -2 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp_config.c@1.339 +15 -0 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp_keyword.h@1.31 +1068 -1058 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp_parser.c@1.103 +1196 -1193 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp_parser.h@1.67 +373 -371 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp_parser.y@1.93 +3 -1 + [Bug 3114] bcpollbstep, tweaks and cleanup + + ntpd/ntp_proto.c@1.394.1.2 +43 -26 + [Bug 3114] bcpollbstep, tweaks and cleanup + +ChangeSet@1.3703, 2016-11-09 06:06:04+00:00, stenn@psp-deb1.ntp.org + typo + + ChangeLog@1.1846 +1 -1 + typo + +ChangeSet@1.3686.21.1, 2016-11-08 20:01:41+01:00, perlinger@ntp.org + [Bug 3089] Serial Parser does not work anymore for hopfser like device + + ChangeLog@1.1834.21.1 +4 -0 + [Bug 3089] Serial Parser does not work anymore for hopfser like device + + libparse/clk_hopf6021.c@1.13 +43 -25 + [Bug 3089] Serial Parser does not work anymore for hopfser like device + - simplified / refactored hex-decoding in driver. + +ChangeSet@1.3698.2.1, 2016-11-03 17:02:24-07:00, harlan@max.pfcs.com + Added leap smear/root dispersion comment + + ntpd/ntp_proto.c@1.393.1.1 +4 -0 + Added leap smear/root dispersion comment + +ChangeSet@1.3699.1.2, 2016-10-31 10:56:33+00:00, stenn@psp-deb1.ntp.org + Add bug 3125 to the NEWS file + + NEWS@1.194 +2 -0 + Add bug 3125 to the NEWS file + +ChangeSet@1.3701, 2016-10-24 07:37:25+02:00, perlinger@ntp.org + [winio2 - unlocked] + - the great lock removal + - the great renaming + + ChangeLog@1.1844 +1 -0 + [winio2 - unlocked] notes on changes + + ntpd/ntp_refclock.c@1.123 +1 -1 + [winio2 - unlocked] + - whitespace at EOL + + ports/winnt/include/ntp_iocpltypes.h@1.3 +21 -24 + [winio2 - unlocked] + - eliminate critical section, simplify API + - the great renaming + + ports/winnt/ntpd/ntp_iocompletionport.c@1.77 +331 -209 + [winio2 - unlocked] + - the great lock removal + - handle context objects are only manipulated by IOCPL thread + - closing handles is done by main thread after informing IOCPL thread (RPC-style) + - the great renaming + - restructured UNIX line mode emulation + + ports/winnt/ntpd/ntp_iocpltypes.c@1.3 +31 -95 + [winio2 - unlocked] + - eliminate critical section, simplify API + - the great renaming + + +ChangeSet@1.3698.1.7, 2016-10-23 05:18:04+00:00, stenn@psp-deb1.ntp.org + ntp-4.2.8p9-PRE + + ntpd/invoke-ntp.conf.texi@1.201 +1 -1 + ntp-4.2.8p9-PRE + + ntpd/invoke-ntp.keys.texi@1.191 +1 -1 + ntp-4.2.8p9-PRE + + ntpd/invoke-ntpd.texi@1.507 +2 -2 + ntp-4.2.8p9-PRE + + ntpd/ntp.conf.5man@1.235 +3 -3 + ntp-4.2.8p9-PRE + + ntpd/ntp.conf.5mdoc@1.235 +2 -2 + ntp-4.2.8p9-PRE + + ntpd/ntp.conf.html@1.186 +104 -91 + ntp-4.2.8p9-PRE + + ntpd/ntp.conf.man.in@1.235 +3 -3 + ntp-4.2.8p9-PRE + + ntpd/ntp.conf.mdoc.in@1.235 +2 -2 + ntp-4.2.8p9-PRE + + ntpd/ntp.keys.5man@1.225 +2 -2 + ntp-4.2.8p9-PRE + + ntpd/ntp.keys.5mdoc@1.225 +3 -3 + ntp-4.2.8p9-PRE + + ntpd/ntp.keys.html@1.187 +29 -17 + ntp-4.2.8p9-PRE + + ntpd/ntp.keys.man.in@1.225 +2 -2 + ntp-4.2.8p9-PRE + + ntpd/ntp.keys.mdoc.in@1.225 +3 -3 + ntp-4.2.8p9-PRE + + ntpd/ntpd-opts.c@1.529 +245 -245 + ntp-4.2.8p9-PRE + + ntpd/ntpd-opts.h@1.528 +3 -3 + ntp-4.2.8p9-PRE + + ntpd/ntpd.1ntpdman@1.336 +3 -3 + ntp-4.2.8p9-PRE + + ntpd/ntpd.1ntpdmdoc@1.336 +2 -2 + ntp-4.2.8p9-PRE + + ntpd/ntpd.html@1.180 +146 -102 + ntp-4.2.8p9-PRE + + ntpd/ntpd.man.in@1.336 +3 -3 + ntp-4.2.8p9-PRE + + ntpd/ntpd.mdoc.in@1.336 +2 -2 + ntp-4.2.8p9-PRE + + ntpdc/invoke-ntpdc.texi@1.504 +2 -2 + ntp-4.2.8p9-PRE + + ntpdc/ntpdc-opts.c@1.522 +106 -106 + ntp-4.2.8p9-PRE + + ntpdc/ntpdc-opts.h@1.521 +3 -3 + ntp-4.2.8p9-PRE + + ntpdc/ntpdc.1ntpdcman@1.335 +3 -3 + ntp-4.2.8p9-PRE + + ntpdc/ntpdc.1ntpdcmdoc@1.335 +2 -2 + ntp-4.2.8p9-PRE + + ntpdc/ntpdc.html@1.348 +77 -57 + ntp-4.2.8p9-PRE + + ntpdc/ntpdc.man.in@1.335 +3 -3 + ntp-4.2.8p9-PRE + + ntpdc/ntpdc.mdoc.in@1.335 +2 -2 + ntp-4.2.8p9-PRE + + ntpq/invoke-ntpq.texi@1.512 +2 -2 + ntp-4.2.8p9-PRE + + ntpq/ntpq-opts.c@1.529 +113 -113 + ntp-4.2.8p9-PRE + + ntpq/ntpq-opts.h@1.527 +3 -3 + ntp-4.2.8p9-PRE + + ntpq/ntpq.1ntpqman@1.340 +3 -3 + ntp-4.2.8p9-PRE + + ntpq/ntpq.1ntpqmdoc@1.340 +2 -2 + ntp-4.2.8p9-PRE + + ntpq/ntpq.html@1.177 +129 -105 + ntp-4.2.8p9-PRE + + ntpq/ntpq.man.in@1.340 +3 -3 + ntp-4.2.8p9-PRE + + ntpq/ntpq.mdoc.in@1.340 +2 -2 + ntp-4.2.8p9-PRE + + ntpsnmpd/invoke-ntpsnmpd.texi@1.506 +2 -2 + ntp-4.2.8p9-PRE + + ntpsnmpd/ntpsnmpd-opts.c@1.524 +67 -67 + ntp-4.2.8p9-PRE + + ntpsnmpd/ntpsnmpd-opts.h@1.523 +3 -3 + ntp-4.2.8p9-PRE + + ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.335 +3 -3 + ntp-4.2.8p9-PRE + + ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.335 +2 -2 + ntp-4.2.8p9-PRE + + ntpsnmpd/ntpsnmpd.html@1.175 +14 -10 + ntp-4.2.8p9-PRE + + ntpsnmpd/ntpsnmpd.man.in@1.335 +3 -3 + ntp-4.2.8p9-PRE + + ntpsnmpd/ntpsnmpd.mdoc.in@1.335 +2 -2 + ntp-4.2.8p9-PRE + + packageinfo.sh@1.529 +2 -2 + ntp-4.2.8p9-PRE + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.96 +3 -3 + ntp-4.2.8p9-PRE + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.97 +2 -2 + ntp-4.2.8p9-PRE + + scripts/calc_tickadj/calc_tickadj.html@1.98 +34 -22 + ntp-4.2.8p9-PRE + + scripts/calc_tickadj/calc_tickadj.man.in@1.95 +3 -3 + ntp-4.2.8p9-PRE + + scripts/calc_tickadj/calc_tickadj.mdoc.in@1.97 +2 -2 + ntp-4.2.8p9-PRE + + scripts/calc_tickadj/invoke-calc_tickadj.texi@1.100 +1 -1 + ntp-4.2.8p9-PRE + + scripts/invoke-plot_summary.texi@1.118 +2 -2 + ntp-4.2.8p9-PRE + + scripts/invoke-summary.texi@1.117 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntp-wait/invoke-ntp-wait.texi@1.327 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntp-wait/ntp-wait-opts@1.63 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntp-wait/ntp-wait.1ntp-waitman@1.324 +3 -3 + ntp-4.2.8p9-PRE + + scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.325 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntp-wait/ntp-wait.html@1.344 +49 -31 + ntp-4.2.8p9-PRE + + scripts/ntp-wait/ntp-wait.man.in@1.324 +3 -3 + ntp-4.2.8p9-PRE + + scripts/ntp-wait/ntp-wait.mdoc.in@1.325 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntpsweep/invoke-ntpsweep.texi@1.115 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntpsweep/ntpsweep-opts@1.65 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntpsweep/ntpsweep.1ntpsweepman@1.103 +3 -3 + ntp-4.2.8p9-PRE + + scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.103 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntpsweep/ntpsweep.html@1.116 +44 -33 + ntp-4.2.8p9-PRE + + scripts/ntpsweep/ntpsweep.man.in@1.103 +3 -3 + ntp-4.2.8p9-PRE + + scripts/ntpsweep/ntpsweep.mdoc.in@1.104 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntptrace/invoke-ntptrace.texi@1.116 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntptrace/ntptrace-opts@1.65 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntptrace/ntptrace.1ntptraceman@1.103 +3 -3 + ntp-4.2.8p9-PRE + + scripts/ntptrace/ntptrace.1ntptracemdoc@1.104 +2 -2 + ntp-4.2.8p9-PRE + + scripts/ntptrace/ntptrace.html@1.117 +36 -27 + ntp-4.2.8p9-PRE + + scripts/ntptrace/ntptrace.man.in@1.103 +3 -3 + ntp-4.2.8p9-PRE + + scripts/ntptrace/ntptrace.mdoc.in@1.105 +2 -2 + ntp-4.2.8p9-PRE + + scripts/plot_summary-opts@1.66 +2 -2 + ntp-4.2.8p9-PRE + + scripts/plot_summary.1plot_summaryman@1.116 +3 -3 + ntp-4.2.8p9-PRE + + scripts/plot_summary.1plot_summarymdoc@1.116 +2 -2 + ntp-4.2.8p9-PRE + + scripts/plot_summary.html@1.119 +47 -29 + ntp-4.2.8p9-PRE + + scripts/plot_summary.man.in@1.116 +3 -3 + ntp-4.2.8p9-PRE + + scripts/plot_summary.mdoc.in@1.116 +2 -2 + ntp-4.2.8p9-PRE + + scripts/summary-opts@1.65 +2 -2 + ntp-4.2.8p9-PRE + + scripts/summary.1summaryman@1.115 +3 -3 + ntp-4.2.8p9-PRE + + scripts/summary.1summarymdoc@1.115 +2 -2 + ntp-4.2.8p9-PRE + + scripts/summary.html@1.118 +39 -27 + ntp-4.2.8p9-PRE + + scripts/summary.man.in@1.115 +3 -3 + ntp-4.2.8p9-PRE + + scripts/summary.mdoc.in@1.115 +2 -2 + ntp-4.2.8p9-PRE + + scripts/update-leap/invoke-update-leap.texi@1.16 +1 -1 + ntp-4.2.8p9-PRE + + scripts/update-leap/update-leap-opts@1.16 +2 -2 + ntp-4.2.8p9-PRE + + scripts/update-leap/update-leap.1update-leapman@1.16 +3 -3 + ntp-4.2.8p9-PRE + + scripts/update-leap/update-leap.1update-leapmdoc@1.16 +2 -2 + ntp-4.2.8p9-PRE + + scripts/update-leap/update-leap.html@1.16 +59 -35 + ntp-4.2.8p9-PRE + + scripts/update-leap/update-leap.man.in@1.16 +3 -3 + ntp-4.2.8p9-PRE + + scripts/update-leap/update-leap.mdoc.in@1.16 +2 -2 + ntp-4.2.8p9-PRE + + sntp/invoke-sntp.texi@1.504 +2 -2 + ntp-4.2.8p9-PRE + + sntp/sntp-opts.c@1.523 +158 -158 + ntp-4.2.8p9-PRE + + sntp/sntp-opts.h@1.521 +3 -3 + ntp-4.2.8p9-PRE + + sntp/sntp.1sntpman@1.339 +3 -3 + ntp-4.2.8p9-PRE + + sntp/sntp.1sntpmdoc@1.339 +2 -2 + ntp-4.2.8p9-PRE + + sntp/sntp.html@1.519 +109 -85 + ntp-4.2.8p9-PRE + + sntp/sntp.man.in@1.339 +3 -3 + ntp-4.2.8p9-PRE + + sntp/sntp.mdoc.in@1.339 +2 -2 + ntp-4.2.8p9-PRE + + util/invoke-ntp-keygen.texi@1.507 +2 -2 + ntp-4.2.8p9-PRE + + util/ntp-keygen-opts.c@1.525 +172 -172 + ntp-4.2.8p9-PRE + + util/ntp-keygen-opts.h@1.523 +3 -3 + ntp-4.2.8p9-PRE + + util/ntp-keygen.1ntp-keygenman@1.335 +3 -3 + ntp-4.2.8p9-PRE + + util/ntp-keygen.1ntp-keygenmdoc@1.335 +2 -2 + ntp-4.2.8p9-PRE + + util/ntp-keygen.html@1.181 +183 -124 + ntp-4.2.8p9-PRE + + util/ntp-keygen.man.in@1.335 +3 -3 + ntp-4.2.8p9-PRE + + util/ntp-keygen.mdoc.in@1.335 +2 -2 + ntp-4.2.8p9-PRE + +ChangeSet@1.3688.4.1, 2016-10-20 19:28:06+00:00, stenn@psp-deb1.ntp.org + cleanup + + ChangeLog@1.1836.4.1 +1 -0 + cleanup + +ChangeSet@1.3686.20.1, 2016-10-20 20:13:40+02:00, perlinger@ntp.org + [Sec 3114] Broadcast Mode Replay Prevention DoS + + ChangeLog@1.1834.20.1 +4 -0 + [Sec 3114] Broadcast Mode Replay Prevention DoS + + ntpd/ntp_proto.c@1.392.2.1 +39 -6 + [Sec 3114] Broadcast Mode Replay Prevention DoS + - applied patches by Matthew Van Gundy, with some rework. + +ChangeSet@1.3686.19.1, 2016-10-20 09:21:04+02:00, perlinger@ntp.org + [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS + + ChangeLog@1.1834.19.1 +4 -0 + [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS + + + include/ntp.h@1.220.1.1 +1 -1 + [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS + + ntpd/ntp_proto.c@1.392.1.1 +12 -3 + [Sec 3113] Broadcast Mode Poll Interval Enforcement DoS + - applied fix as suggested by Matthew Van Gundy + +ChangeSet@1.3698.1.5, 2016-10-13 01:26:54-07:00, harlan@max.pfcs.com + typo + + ChangeLog@1.1841.1.3 +1 -1 + typo + +ChangeSet@1.3698.1.4, 2016-10-13 01:24:48-07:00, harlan@max.pfcs.com + [Bug 3102] Zero origin issues + + ChangeLog@1.1841.1.2 +1 -0 + [Bug 3102] Zero origin issues + + ntpd/ntp_proto.c@1.393 +28 -3 + [Bug 3102] Zero origin issues + +ChangeSet@1.3698.1.3, 2016-10-11 01:33:28-07:00, harlan@max.pfcs.com + Distribute libssl_compat.h + + include/Makefile.am@1.55 +1 -0 + Distribute libssl_compat.h + +ChangeSet@1.3698.1.2, 2016-10-10 22:34:55-07:00, harlan@max.pfcs.com + bug 3102 tests + + tests/bug-3102/README-3102.txt@1.1 +43 -0 + BitKeeper file tests/bug-3102/README-3102.txt + + tests/bug-3102/README-3102.txt@1.0 +0 -0 + + tests/bug-3102/zeroorg.py@1.1 +24 -0 + BitKeeper file tests/bug-3102/zeroorg.py + + tests/bug-3102/zeroorg.py@1.0 +0 -0 + +ChangeSet@1.3688.3.2, 2016-10-10 01:46:05-07:00, harlan@max.pfcs.com + Fix typos in include/ntp.h + + ChangeLog@1.1836.3.1 +1 -0 + Fix typos in include/ntp.h + + include/ntp.h@1.221 +3 -4 + Fix typos in include/ntp.h + +ChangeSet@1.3699, 2016-10-04 08:36:17+02:00, perlinger@ntp.org + [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order using the loopback-ppsapi-provider.dll + + ChangeLog@1.1842 +2 -0 + [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order using the loopback-ppsapi-provider.dll + + ports/winnt/include/ntp_iocompletionport.h@1.23 +1 -1 + [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order using the loopback-ppsapi-provider.dll + - minor type renaming + + ports/winnt/include/termios.h@1.18 +3 -0 + [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order using the loopback-ppsapi-provider.dll + - manage device context for IOCPL together with comport + + ports/winnt/libntp/termios.c@1.34 +191 -120 + [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order using the loopback-ppsapi-provider.dll + - manage device context for IOCPL together with comport + + ports/winnt/ntpd/ntp_iocompletionport.c@1.76 +91 -98 + [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order using the loopback-ppsapi-provider.dll + - manage device context for IOCPL together with comport + - integrate Danny Mayers changes for docket error handling + + ports/winnt/ntpd/ntp_iocpltypes.c@1.2 +2 -2 + [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order using the loopback-ppsapi-provider.dll + - fix wrong instance initialisation + +ChangeSet@1.3698, 2016-10-01 10:52:11+00:00, stenn@psp-deb1.ntp.org + Update NEWS for 3119 + + NEWS@1.193 +17 -0 + Update NEWS for 3119 + +ChangeSet@1.3696, 2016-10-01 10:43:24+00:00, stenn@psp-deb1.ntp.org + Update NEWS for 3118 + + NEWS@1.192 +17 -0 + Update NEWS for 3118 + +ChangeSet@1.3694, 2016-10-01 10:29:06+00:00, stenn@psp-deb1.ntp.org + Update NEWS for 3110 + + NEWS@1.191 +17 -0 + Update NEWS for 3110 + +ChangeSet@1.3688.3.1, 2016-10-01 11:36:55+02:00, perlinger@ntp.org + [Bug 3095] Compatibility with openssl 1.1 + - add new sources to project files + + ports/winnt/vs2005/libntp.vcproj@1.26 +8 -0 + [Bug 3095] Compatibility with openssl 1.1 + - add new sources to project + + ports/winnt/vs2008/libntp/libntp.vcproj@1.57 +12 -0 + [Bug 3095] Compatibility with openssl 1.1 + - add new sources to project + + ports/winnt/vs2013/libntp/libntp.vcxproj@1.12 +4 -1 + [Bug 3095] Compatibility with openssl 1.1 + - add new sources to project + + ports/winnt/vs2013/libntp/libntp.vcxproj.filters@1.10 +14 -5 + [Bug 3095] Compatibility with openssl 1.1 + - add new sources to project + + ports/winnt/vs2015/libntp/libntp.vcxproj@1.2 +3 -0 + [Bug 3095] Compatibility with openssl 1.1 + - add new sources to project + + ports/winnt/vs2015/libntp/libntp.vcxproj.filters@1.2 +9 -0 + [Bug 3095] Compatibility with openssl 1.1 + - add new sources to project + +ChangeSet@1.3691, 2016-10-01 09:18:25+00:00, stenn@psp-deb1.ntp.org + Update NEWS for 3082 + + NEWS@1.190 +17 -0 + Update NEWS for 3082 + +ChangeSet@1.3688.1.33, 2016-10-01 08:32:28+00:00, stenn@psp-deb1.ntp.org + [Bug 3072] tweaks + + NEWS@1.189 +16 -1 + [Bug 3072] tweaks + + ntpd/ntp_peer.c@1.160 +6 -1 + [Bug 3072] tweaks + +ChangeSet@1.3688.1.31, 2016-09-29 20:53:30+00:00, perlinger@ntp.org + created 'X509_get_signature_nid()' shim for OpenSSL < v1.1.0 + fixed unit test for sntp/packetProcessing to work with or without AUTOKEY flag + + include/libssl_compat.h@1.2 +8 -1 + created 'X509_get_signature_nid()' shim for OpenSSL < v1.1.0 + + libntp/libssl_compat.c@1.2 +9 -1 + created 'X509_get_signature_nid()' shim for OpenSSL < v1.1.0 + + libntp/ssl_init.c@1.21 +0 -11 + moved 'X509_get_signature_nid()' for OpenSSL < v1.1.0 to 'libssl_compat.{c,h}' + + sntp/tests/packetProcessing.c@1.12 +0 -13 + fixed unit test to work with or without AUTOKEY flag + +ChangeSet@1.3688.1.30, 2016-09-29 12:03:17+00:00, stenn@psp-deb1.ntp.org + NEWS update + + NEWS@1.188 +2 -0 + NEWS update + +ChangeSet@1.3688.2.1, 2016-09-29 11:59:03+00:00, stenn@psp-deb1.ntp.org + X509_get_signature_nid() shim tweak + + ChangeLog@1.1836.2.1, stenn@stenn.ntp.org +1 -0 + Shim X509_get_signature_nid() if needed + + NEWS@1.187, stenn@stenn.ntp.org +1 -0 + Shim X509_get_signature_nid() if needed + + libntp/ssl_init.c@1.17.1.3 +1 -1 + X509_get_signature_nid() shim tweak + + libntp/ssl_init.c@1.17.1.2, stenn@stenn.ntp.org +12 -0 + Shim X509_get_signature_nid() if needed + +ChangeSet@1.3688.1.27, 2016-09-28 11:28:56+00:00, stenn@psp-deb1.ntp.org + NEWS + + NEWS@1.186 +1 -0 + NEWS + +ChangeSet@1.3688.1.25, 2016-09-28 11:24:36+00:00, stenn@psp-deb1.ntp.org + NEWS + + NEWS@1.185 +2 -0 + NEWS + +ChangeSet@1.3688.1.23, 2016-09-28 11:17:22+00:00, stenn@psp-deb1.ntp.org + Updated ChangeLog and NEWS + + ChangeLog@1.1836.1.19 +2 -2 + Updated ChangeLog and NEWS + + NEWS@1.184 +2 -0 + Updated ChangeLog and NEWS + +ChangeSet@1.3688.1.21, 2016-09-28 11:12:28+00:00, stenn@psp-deb1.ntp.org + NEWS + + NEWS@1.183 +2 -0 + NEWS + +ChangeSet@1.3688.1.19, 2016-09-28 11:01:29+00:00, stenn@psp-deb1.ntp.org + NEWS + + NEWS@1.182 +3 -0 + NEWS + +ChangeSet@1.3688.1.17, 2016-09-28 10:54:12+00:00, stenn@psp-deb1.ntp.org + Update ChangeLog and NEWS + + NEWS@1.181 +3 -0 + Update ChangeLog and NEWS + +ChangeSet@1.3688.1.15, 2016-09-28 10:45:21+00:00, stenn@psp-deb1.ntp.org + Update ChangeLog and NEWS + + ChangeLog@1.1836.1.14 +2 -2 + Update ChangeLog and NEWS + + NEWS@1.180 +2 -0 + Update ChangeLog and NEWS + +ChangeSet@1.3688.1.13, 2016-09-28 10:37:17+00:00, stenn@psp-deb1.ntp.org + NEWS updates + + NEWS@1.179 +4 -0 + NEWS updates + +ChangeSet@1.3688.1.11, 2016-09-28 10:25:01+00:00, stenn@psp-deb1.ntp.org + Update ChangeLog and NEWS + + ChangeLog@1.1836.1.11 +1 -1 + Update ChangeLog and NEWS + + NEWS@1.178 +1 -0 + Update ChangeLog and NEWS + +ChangeSet@1.3688.1.8, 2016-09-28 08:17:16+00:00, stenn@psp-deb1.ntp.org + Update ChangeLog and NEWS + + ChangeLog@1.1836.1.8 +2 -4 + Update ChangeLog and NEWS + + NEWS@1.177 +3 -0 + Update ChangeLog and NEWS + +ChangeSet@1.3688.1.6, 2016-09-28 08:10:35+00:00, stenn@psp-deb1.ntp.org + Update ChangeLog and NEWS + + ChangeLog@1.1836.1.6 +4 -6 + Update ChangeLog and NEWS + + NEWS@1.176 +4 -0 + Update ChangeLog and NEWS + +ChangeSet@1.3688.1.4, 2016-09-28 07:59:31+00:00, stenn@psp-deb1.ntp.org + ChangeLog and NEWS cleanup + + ChangeLog@1.1836.1.4 +2 -4 + ChangeLog and NEWS cleanup + + NEWS@1.175 +20 -0 + ChangeLog and NEWS cleanup + +ChangeSet@1.3686.9.2, 2016-09-26 08:24:48+02:00, perlinger@ntp.org + [Bug 3021] unity_fixture.c needs pragma weak + - add library implementation of empty setUp()/tearDown() + + sntp/unity/Makefile.am@1.10 +2 -0 + [Bug 3021] unity_fixture.c needs pragma weak + - add library implementation of empty setUp()/tearDown() + + sntp/unity/ulib_setup.c@1.1 +14 -0 + [Bug 3021] unity_fixture.c needs pragma weak + - add library implementation of empty setUp()/tearDown() + + sntp/unity/ulib_setup.c@1.0 +0 -0 + + sntp/unity/ulib_teardown.c@1.1 +13 -0 + [Bug 3021] unity_fixture.c needs pragma weak + - add library implementation of empty setUp()/tearDown() + + sntp/unity/ulib_teardown.c@1.0 +0 -0 + +ChangeSet@1.3686.18.1, 2016-09-25 10:58:43+02:00, perlinger@ntp.org + [Bug 2689] ATOM driver processes last PPS pulse at startup, even if it is very old + - make sure PPS source is alive before processing samples + - improve stability close to the 500ms phase jump by a 400ms phase gate + + ChangeLog@1.1834.18.1 +6 -0 + [Bug 2689] ATOM driver processes last PPS pulse at startup, even if it is very old + + ntpd/ntp_refclock.c@1.122 +50 -10 + [Bug 2689] ATOM driver processes last PPS pulse at startup, even if it is very old + - make sure PPS source is alive before processing samples + - improve stability close to the 500ms phase jump by a 400ms phase gate + +ChangeSet@1.3686.17.1, 2016-09-24 20:38:17+02:00, perlinger@ntp.org + [Sec 3118] Mode 6 information disclosure and DDoS vector + + ChangeLog@1.1834.17.1 +4 -0 + [Sec 3118] Mode 6 information disclosure and DDoS vector + + ntpd/ntp_control.c@1.209.5.1 +3 -3 + [Sec 3118] Mode 6 information disclosure and DDoS vector + - TRAP config via mode 6 packet requires AUTH now + - writing the clock status should require AUTH, too. + +ChangeSet@1.3686.16.1, 2016-09-23 20:00:55+02:00, perlinger@ntp.org + [Sec 3119] Trap crash + + ChangeLog@1.1834.16.1 +3 -0 + [Sec 3119] Trap crash + + ntpd/ntp_control.c@1.209.4.1 +19 -4 + [Sec 3119] Trap crash + - bail out if we hit a Peer Event without a peer. + +ChangeSet@1.3686.15.1, 2016-09-22 20:42:39+02:00, perlinger@ntp.org + [Bug 3116] unit tests for NTP time stamp expansion + + ChangeLog@1.1834.15.1 +3 -0 + [Bug 3116] unit tests for NTP time stamp expansion + + libntp/ntp_calendar.c@1.18 +56 -29 + [Bug 3116] unit tests for NTP time stamp expansion + - added back unsigned spec to constant to avoid confusion + and explained why there was no problem at all + + tests/libntp/calendar.c@1.13 +127 -0 + [Bug 3116] unit tests for NTP time stamp expansion + - added test cases for NTP time stamp expansion + + tests/libntp/run-calendar.c@1.12 +20 -15 + [Bug 3116] unit tests for NTP time stamp expansion + - update generated file + +ChangeSet@1.3688.1.2, 2016-09-16 08:26:08+00:00, stenn@psp-deb1.ntp.org + [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White. + + ChangeLog@1.1836.1.2 +1 -0 + [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White. + + ntpd/ntp_loopfilter.c@1.189 +6 -5 + [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White. + +ChangeSet@1.3688.1.1, 2016-09-16 08:21:45+00:00, stenn@psp-deb1.ntp.org + cleanup + + ChangeLog@1.1836.1.1 +1 -0 + cleanup + +ChangeSet@1.3686.14.1, 2016-09-15 19:29:17+02:00, perlinger@ntp.org + [Bug 2959] refclock_jupiter: gps week correction + + ChangeLog@1.1834.14.1 +5 -0 + [Bug 2959] refclock_jupiter: gps week correction + + ntpd/refclock_jupiter.c@1.30 +66 -1 + [Bug 2959] refclock_jupiter: gps week correction + - fixed GPS week expansion to work based on build date. Special thanks to Craig Leres + for initial patch and testing. + +ChangeSet@1.3686.13.1, 2016-09-13 07:26:06+02:00, perlinger@ntp.org + [Bug 3072] Attack on interface selection + + ChangeLog@1.1834.13.1 +6 -1 + [Bug 3072] Attack on interface selection + + ntpd/ntp_peer.c@1.159 +61 -50 + [Bug 3072] Attack on interface selection + - implemented Miroslav Lichvars suggestion to skip interface updates + based on incoming packets + +ChangeSet@1.3686.12.1, 2016-09-10 17:22:27+02:00, perlinger@ntp.org + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx to source + - added shim layer for new SSL API calls + + ChangeLog@1.1834.12.1 +5 -0 + [Bug 3095] Compatibility with openssl 1.1 + + include/libssl_compat.h@1.1 +93 -0 + [Bug 3095] Compatibility with openssl 1.1 + shim layer for OpenSSL v1.1 API compatibility + + include/libssl_compat.h@1.0 +0 -0 + + libntp/Makefile.am@1.78.1.1 +1 -0 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + libntp/a_md5encrypt.c@1.36.1.1 +26 -28 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + libntp/libssl_compat.c@1.1 +327 -0 + [Bug 3095] Compatibility with openssl 1.1 + shim layer for OpenSSL v1.1 API compatibility + + libntp/libssl_compat.c@1.0 +0 -0 + + libntp/ssl_init.c@1.17.1.1 +7 -3 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + ntpd/ntp_control.c@1.209.3.1 +13 -10 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + ntpd/ntp_crypto.c@1.186.1.1 +207 -138 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + ntpq/ntpq.c@1.170.1.1 +6 -3 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + sntp/crypto.c@1.21.1.1 +11 -7 + [Bug 3095] Compatibility with openssl 1.1 + - switched to new OpenSSL API + + util/ntp-keygen.c@1.107.1.1 +217 -150 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + - replaced use of deprecated functions + +ChangeSet@1.3686.11.1, 2016-09-09 18:34:03+02:00, jnperlin@nemesis.localnet + [Sec 3110] Windows: ntpd DoS by oversized UDP packet + + BitKeeper/etc/ignore@1.91.2.1 +2 -0 + add more studio specific garbage + + ChangeLog@1.1834.11.1 +4 -0 + [Sec 3110] Windows: ntpd DoS by oversized UDP packet + + ports/winnt/include/ntp_iocpltypes.h@1.2 +1 -0 + [Sec 3110] Windows: ntpd DoS by oversized UDP packet + - add 'ioFlags' to context; should be persistent during overlapped IO + + ports/winnt/ntpd/ntp_iocompletionport.c@1.73.1.1 +48 -9 + [Sec 3110] Windows: ntpd DoS by oversized UDP packet + - fixed error handling for truncated UDP packets + - sidekick: fixed handling of spurious ERROR_HOST_UNREACHABLE errors + - sidekick: fixed error message formatting for WaitForMultipleObjects() errors + + ports/winnt/vs2015/ntp.sln@1.2 +3 -3 + [Sec 3110] Windows: ntpd DoS by oversized UDP packet + - sidekick: set version of solution to match VS2015 + +ChangeSet@1.3686.10.1, 2016-09-04 21:10:56+02:00, perlinger@ntp.org + [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd' + + ChangeLog@1.1834.10.1 +4 -0 + [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd' + + tests/ntpd/Makefile.am@1.29 +0 -1 + [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd' + - removed source file that is included from t-ntp_signed.c + +ChangeSet@1.3686.9.1, 2016-09-04 19:19:34+02:00, perlinger@ntp.org + [Bug 3021] unity_fixture.c needs pragma weak + + ChangeLog@1.1834.9.1 +4 -0 + [Bug 3021] unity_fixture.c needs pragma weak + + sntp/unity/unity_fixture.c@1.2 +0 -4 + [Bug 3021] unity_fixture.c needs pragma weak + - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()' + (no need to declare & implement locally unreferenced functions) + +ChangeSet@1.3686.8.1, 2016-09-04 17:37:34+02:00, perlinger@ntp.org + [Bug 3050] Fix for bug #2960 causes sntp to print a spurious error message + + ChangeLog@1.1834.8.1 +5 -0 + [Bug 3050] Fix for bug #2960 causes sntp to print a spurious error message + + libntp/work_fork.c@1.17 +13 -5 + [Bug 3050] Fix for bug #2960 causes sntp to print a spurious error message + - applied patches by Reinhard Max and Havard Eidnes . + Reinhard fought the cause, Harvard the symptom -- having both should put an end to this issue. + +ChangeSet@1.3686.7.2, 2016-09-04 11:20:00+02:00, perlinger@ntp.org + [Bug 3059] Potential buffer overrun from oversized hash + + ChangeLog@1.1834.7.2 +2 -0 + [Bug 3059] Potential buffer overrun from oversized hash + + libntp/a_md5encrypt.c@1.38 +7 -1 + [Bug 3059] Potential buffer overrun from oversized hash + - applied patch by Brian Utterback + +ChangeSet@1.3686.7.1, 2016-09-04 08:48:03+02:00, perlinger@ntp.org + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx to source + - added shim layer for SSL API calls with issues (both directions) + + ChangeLog@1.1834.7.1 +5 -0 + [Bug 3095] Compatibility with openssl 1.1 + + include/libssl_compat.h@1.1 +127 -0 + [Bug 3095] Compatibility with openssl 1.1 + shim layer for OpenSSL v1.1 API compatibility + + include/libssl_compat.h@1.0 +0 -0 + + libntp/Makefile.am@1.79 +1 -0 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + libntp/a_md5encrypt.c@1.37 +26 -28 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + - added shim layer for SSL API calls with issues (both directions) + + libntp/libssl_compat.c@1.1 +452 -0 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx to source + - added shim layer for SSL API calls with issues (both directions) + + libntp/libssl_compat.c@1.0 +0 -0 + + libntp/ssl_init.c@1.18 +7 -3 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + ntpd/ntp_control.c@1.209.2.1 +13 -10 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + ntpd/ntp_crypto.c@1.187 +207 -138 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + ntpq/ntpq.c@1.171 +6 -3 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + + sntp/crypto.c@1.22 +11 -7 + [Bug 3095] Compatibility with openssl 1.1 + - switched to new OpenSSL API + + util/ntp-keygen.c@1.108 +147 -131 + [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx + +ChangeSet@1.3686.6.1, 2016-08-21 09:29:00+02:00, perlinger@ntp.org + [Bug 3100] ntpq can't retrieve daemon_version + (extended sysvar lookup bug, introduced with fix for bug 3008) + + ChangeLog@1.1834.6.1 +4 -0 + [Bug 3100] ntpq can't retrieve daemon_version + + ntpd/ntp_control.c@1.209.1.1 +10 -4 + [Bug 3100] ntpq can't retrieve daemon_version + - extended sysvar lookup broken with fix for bug3008: extended sysvar text is "=", + name compare has to match if the name match stops at NUL or '='. Bug introduced with bug 3008 fix. + +ChangeSet@1.3686.5.1, 2016-08-01 09:09:19+02:00, perlinger@ntp.org + [Bug 3068] Linker warnings when building on Solaris. + - applied patch thanks to Andrew Stormont + + ChangeLog@1.1834.5.1 +2 -0 + [Bug 3068] Linker warnings when building on Solaris. + + libntp/audio.c@1.37 +3 -3 + [Bug 3068] Linker warnings when building on Solaris. + - applied patch thanks to Andrew Stormont + +ChangeSet@1.3686.4.1, 2016-07-26 08:56:44+02:00, perlinger@ntp.org + [Bug 2998] sntp/tests/packetProcessing.c broken without openssl + + ChangeLog@1.1834.4.1 +1 -0 + [Bug 2998] sntp/tests/packetProcessing.c broken without openssl + + sntp/tests/packetProcessing.c@1.9.1.1 +107 -89 + [Bug 2998] sntp/tests/packetProcessing.c broken without openssl + - make sure the tests compile when configured using --without-crypto --disable-autokey + - ensure the there is no buffer overrun when AUTOKEY is disabled + + sntp/tests/run-packetProcessing.c@1.11 +18 -18 + [Bug 2998] sntp/tests/packetProcessing.c broken without openssl + - automatic testrunner update + + tests/libntp/a_md5encrypt.c@1.15 +1 -3 + [Bug 2998] sntp/tests/packetProcessing.c broken without openssl + - side kick: avoid extra memset by using 'emalloc_zero()' + + tests/libntp/sfptostr.c@1.6 +3 -3 + [Bug 2998] sntp/tests/packetProcessing.c broken without openssl + - side kick: avoid warnings about left shift of negative integer + +ChangeSet@1.3686.3.1, 2016-07-23 09:20:53+02:00, perlinger@ntp.org + [Bug 3066] NMEA clock ignores pps. + (side kick: ignore msbuild 10 user settings file) + + BitKeeper/etc/ignore@1.91.1.1 +1 -0 + ignore msbuild 10 user setting + + ChangeLog@1.1834.3.1 +4 -0 + [Bug 3066] NMEA clock ignores pps. (actually, the PPS HACK stopped to work for all serial devices) + + ports/winnt/ntpd/ntp_iocompletionport.c@1.74 +20 -2 + [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org + - PPS-HACK works again; now controllable (explicitely) by the env var PPSAPI_HACK=true/yes/1 (anything else is NO) + - if PPSAPI_HACK is not set, a non-empty PPSAPI_DLLS list disables the PPS hack + +ChangeSet@1.3686.2.2, 2016-07-06 01:53:32-07:00, harlan@max.pfcs.com + [Bug 3084] update-leap mis-parses the leapfile name + + ChangeLog@1.1834.2.2 +1 -0 + [Bug 3084] update-leap mis-parses the leapfile name + + scripts/update-leap/update-leap.in@1.3 +5 -2 + [Bug 3084] update-leap mis-parses the leapfile name + +ChangeSet@1.3686.2.1, 2016-07-06 01:47:02-07:00, harlan@max.pfcs.com + [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY + + ChangeLog@1.1834.2.1 +4 -0 + [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY + + sntp/tests/packetProcessing.c@1.10 +5 -3 + [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY + +ChangeSet@1.3686.1.1, 2016-07-05 23:15:20+02:00, perlinger@ntp.org + [Sec 3075] Core Dump. Added missing paramter validation in read_mru_list(). + [Sec 3082] (title too long -- Variation of [Sec 3075].) + - more hardening to read_mru_list(). + + ChangeLog@1.1834.1.1 +7 -1 + [Sec 3075] Core Dump. Added missing paramter validation in read_mru_list() + [Sec 3082] (title too long -- Variation of [Sec 3075].) + - more hardening to read_mru_list(). + + ntpd/ntp_control.c@1.210 +57 -33 + [Sec 3075] Core Dump. Added missing paramter validation in read_mru_list(). + [Sec 3082] (title too long -- Variation of [Sec 3075].) + - more hardening to read_mru_list(). + +ChangeSet@1.3688, 2016-06-14 05:57:34+00:00, stenn@psp-deb1.ntp.org + bk ignore file cleanup + + BitKeeper/etc/ignore@1.92 +17 -13 + bk ignore file cleanup + + ChangeLog@1.1836 +1 -0 + bk ignore file cleanup + +ChangeSet@1.3687, 2016-06-14 05:56:12+00:00, stenn@psp-deb1.ntp.org + git author attribution cleanup + + BitKeeper/etc/Authors/a115350.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/a115350.txt + + BitKeeper/etc/Authors/a115350.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/abe.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/abe.txt + + BitKeeper/etc/Authors/abe.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/amidamaru.txt@1.1 +2 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/amidamaru.txt + + BitKeeper/etc/Authors/amidamaru.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/bkorb.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/bkorb.txt + + BitKeeper/etc/Authors/bkorb.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/blk.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/blk.txt + + BitKeeper/etc/Authors/blk.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/blu.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/blu.txt + + BitKeeper/etc/Authors/blu.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/bruckman.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/bruckman.txt + + BitKeeper/etc/Authors/bruckman.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/burnicki.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/burnicki.txt + + BitKeeper/etc/Authors/burnicki.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/claas.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/claas.txt + + BitKeeper/etc/Authors/claas.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/clemens.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/clemens.txt + + BitKeeper/etc/Authors/clemens.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/cov-build.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/cov-build.txt + + BitKeeper/etc/Authors/cov-build.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/cprice.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/cprice.txt + + BitKeeper/etc/Authors/cprice.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/davehart.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/davehart.txt + + BitKeeper/etc/Authors/davehart.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/dietrich.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/dietrich.txt + + BitKeeper/etc/Authors/dietrich.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/dunlop.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/dunlop.txt + + BitKeeper/etc/Authors/dunlop.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/fernandoph.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/fernandoph.txt + + BitKeeper/etc/Authors/fernandoph.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/fredb.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/fredb.txt + + BitKeeper/etc/Authors/fredb.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/gerstung.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/gerstung.txt + + BitKeeper/etc/Authors/gerstung.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/ginsbach.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/ginsbach.txt + + BitKeeper/etc/Authors/ginsbach.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/gnu.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/gnu.txt + + BitKeeper/etc/Authors/gnu.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/gopal.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/gopal.txt + + BitKeeper/etc/Authors/gopal.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/gunturu.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/gunturu.txt + + BitKeeper/etc/Authors/gunturu.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/harlan.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/harlan.txt + + BitKeeper/etc/Authors/harlan.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/harlanst.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/harlanst.txt + + BitKeeper/etc/Authors/harlanst.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/hart.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/hart.txt + + BitKeeper/etc/Authors/hart.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/hilbrecht.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/hilbrecht.txt + + BitKeeper/etc/Authors/hilbrecht.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/hstenn.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/hstenn.txt + + BitKeeper/etc/Authors/hstenn.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/jhay.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/jhay.txt + + BitKeeper/etc/Authors/jhay.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/jnperlin.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/jnperlin.txt + + BitKeeper/etc/Authors/jnperlin.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/kamboj.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/kamboj.txt + + BitKeeper/etc/Authors/kamboj.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/kardel.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/kardel.txt + + BitKeeper/etc/Authors/kardel.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/karlsson.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/karlsson.txt + + BitKeeper/etc/Authors/karlsson.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/kuehn.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/kuehn.txt + + BitKeeper/etc/Authors/kuehn.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/linus.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/linus.txt + + BitKeeper/etc/Authors/linus.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/loki.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/loki.txt + + BitKeeper/etc/Authors/loki.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/martin.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/martin.txt + + BitKeeper/etc/Authors/martin.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/matthias.andree.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/matthias.andree.txt + + BitKeeper/etc/Authors/matthias.andree.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/mayer.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/mayer.txt + + BitKeeper/etc/Authors/mayer.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/mbrett.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/mbrett.txt + + BitKeeper/etc/Authors/mbrett.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/murray.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/murray.txt + + BitKeeper/etc/Authors/murray.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/neal.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/neal.txt + + BitKeeper/etc/Authors/neal.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/paul.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/paul.txt + + BitKeeper/etc/Authors/paul.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/peda.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/peda.txt + + BitKeeper/etc/Authors/peda.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/perlinger.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/perlinger.txt + + BitKeeper/etc/Authors/perlinger.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/phk.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/phk.txt + + BitKeeper/etc/Authors/phk.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/rayvt.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/rayvt.txt + + BitKeeper/etc/Authors/rayvt.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/rick.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/rick.txt + + BitKeeper/etc/Authors/rick.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/ro.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/ro.txt + + BitKeeper/etc/Authors/ro.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/root.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/root.txt + + BitKeeper/etc/Authors/root.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/skamboj.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/skamboj.txt + + BitKeeper/etc/Authors/skamboj.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/stenn.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/stenn.txt + + BitKeeper/etc/Authors/stenn.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/tflendrich.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/tflendrich.txt + + BitKeeper/etc/Authors/tflendrich.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/tomek.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/tomek.txt + + BitKeeper/etc/Authors/tomek.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/utterback.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/utterback.txt + + BitKeeper/etc/Authors/utterback.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/venu.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/venu.txt + + BitKeeper/etc/Authors/venu.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/viperus.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/viperus.txt + + BitKeeper/etc/Authors/viperus.txt@1.0 +0 -0 + + BitKeeper/etc/Authors/wink.txt@1.1 +1 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/Authors/wink.txt + + BitKeeper/etc/Authors/wink.txt@1.0 +0 -0 + + BitKeeper/etc/authors.txt@1.1 +58 -0 + BitKeeper file /home/stenn/ntp-stable-p8/BitKeeper/etc/authors.txt + + BitKeeper/etc/authors.txt@1.0 +0 -0 + + ChangeLog@1.1835 +3 -0 + git author attribution cleanup + + scripts/build/genAuthors.in@1.2 +7 -5 + git author attribution cleanup + ChangeSet@1.3686, 2016-06-02 07:40:06-04:00, stenn@deacon.udel.edu NTP_4_2_8P8 TAG: NTP_4_2_8P8 @@ -386,13 +2249,13 @@ ChangeSet@1.3680, 2016-05-24 12:05:06+00:00, stenn@psp-deb1.ntp.org ntpd/ntp_proto.c@1.391 +39 -24 [Sec 3044] Spoofed server packets are partially processed. HStenn. -ChangeSet@1.3669.3.2, 2016-05-24 02:58:00-07:00, harlan@hms-mbp11.pfcs.com +ChangeSet@1.3669.4.2, 2016-05-24 02:58:00-07:00, harlan@hms-mbp11.pfcs.com Make sure we have an "author" file for git imports. HStenn. - ChangeLog@1.1820.3.3 +1 -0 + ChangeLog@1.1820.4.3 +1 -0 Update the problem tests for MacOS for sntp. HStenn. - ChangeLog@1.1820.3.2 +1 -0 + ChangeLog@1.1820.4.2 +1 -0 Make sure we have an "author" file for git imports. HStenn. configure.ac@1.606 +1 -0 @@ -420,10 +2283,10 @@ ChangeSet@1.3669.3.2, 2016-05-24 02:58:00-07:00, harlan@hms-mbp11.pfcs.com sntp/tests/Makefile.am@1.67 +8 -2 Update the problem tests for MacOS for sntp. HStenn. -ChangeSet@1.3669.3.1, 2016-05-24 02:25:46-07:00, harlan@hms-mbp11.pfcs.com +ChangeSet@1.3669.4.1, 2016-05-24 02:25:46-07:00, harlan@hms-mbp11.pfcs.com [Sec 3042] Broadcast Interleave. HStenn. - ChangeLog@1.1820.3.1 +4 -0 + ChangeLog@1.1820.4.1 +4 -0 [Sec 3042] Broadcast Interleave. HStenn. ntpd/ntp_proto.c@1.386.1.1 +69 -14 @@ -506,6 +2369,13 @@ ChangeSet@1.3671.1.2, 2016-05-17 04:25:50+00:00, stenn@psp-deb1.ntp.org ChangeLog@1.1822.1.2 +1 -0 [Bug 3052] Add a .gitignore file. Edmund Wong. +ChangeSet@1.3669.3.2, 2016-05-10 12:11:43+00:00, abe@psp-deb1.ntp.org + refclock_jjy.c: + [Bug 3047] Correct typo in the comment line. + + ntpd/refclock_jjy.c@1.32 +1 -1 + [Bug 3047] Correct typo in the comment line. + ChangeSet@1.3675, 2016-05-08 11:59:28+02:00, perlinger@ntp.org [Sec 3043] Autokey association reset. perlinger@ntp.org (fixes [Sec 3044] and [Sec 3045], too) @@ -517,6 +2387,22 @@ ChangeSet@1.3675, 2016-05-08 11:59:28+02:00, perlinger@ntp.org [Sec 3043] Autokey association reset. perlinger@ntp.org (fixes [Sec 3044] and [Sec 3045], too) +ChangeSet@1.3669.3.1, 2016-05-08 07:34:11+00:00, abe@psp-deb1.ntp.org + driver40.html, refclock_jjy.c, driver40-ja.html, ChangeLog: + [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org + + ChangeLog@1.1820.3.1 +2 -0 + [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org + + html/drivers/driver40-ja.html@1.5 +2 -2 + [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org + + html/drivers/driver40.html@1.20 +2 -2 + [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org + + ntpd/refclock_jjy.c@1.31 +7 -3 + [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org + ChangeSet@1.3674, 2016-05-06 11:05:44+00:00, stenn@psp-deb1.ntp.org [Sec 3046] CRYPTO_NAK crash diff --git a/contrib/ntp/NEWS b/contrib/ntp/NEWS index fd2551cf4de2..6445ed4cab2f 100644 --- a/contrib/ntp/NEWS +++ b/contrib/ntp/NEWS @@ -1,3 +1,310 @@ +--- +NTP 4.2.8p9 (Harlan Stenn , 2016/11/21) + +Focus: Security, Bug fixes, enhancements. + +Severity: HIGH + +In addition to bug fixes and enhancements, this release fixes the +following 1 high- (Windows only), 2 medium-, 2 medium-/low, and +5 low-severity vulnerabilities, and provides 28 other non-security +fixes and improvements: + +* Trap crash + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3119 / CVE-2016-9311 / VU#633847 + Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not + including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94. + CVSS2: MED 4.9 (AV:N/AC:H/Au:N/C:N/I:N/A:C) + CVSS3: MED 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H + Summary: + ntpd does not enable trap service by default. If trap service + has been explicitly enabled, an attacker can send a specially + crafted packet to cause a null pointer dereference that will + crash ntpd, resulting in a denial of service. + Mitigation: + Implement BCP-38. + Use "restrict default noquery ..." in your ntp.conf file. Only + allow mode 6 queries from trusted networks and hosts. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco. + +* Mode 6 information disclosure and DDoS vector + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3118 / CVE-2016-9310 / VU#633847 + Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not + including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94. + CVSS2: MED 6.4 (AV:A/AC:L/Au:N/C:N/I:N/A:P) + CVSS3: MED 6.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: + An exploitable configuration modification vulnerability exists + in the control mode (mode 6) functionality of ntpd. If, against + long-standing BCP recommendations, "restrict default noquery ..." + is not specified, a specially crafted control mode packet can set + ntpd traps, providing information disclosure and DDoS + amplification, and unset ntpd traps, disabling legitimate + monitoring. A remote, unauthenticated, network attacker can + trigger this vulnerability. + Mitigation: + Implement BCP-38. + Use "restrict default noquery ..." in your ntp.conf file. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco. + +* Broadcast Mode Replay Prevention DoS + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3114 / CVE-2016-7427 / VU#633847 + Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and + ntp-4.3.90 up to, but not including ntp-4.3.94. + CVSS2: LOW 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P) + CVSS3: MED 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: + The broadcast mode of NTP is expected to only be used in a + trusted network. If the broadcast network is accessible to an + attacker, a potentially exploitable denial of service + vulnerability in ntpd's broadcast mode replay prevention + functionality can be abused. An attacker with access to the NTP + broadcast domain can periodically inject specially crafted + broadcast mode NTP packets into the broadcast domain which, + while being logged by ntpd, can cause ntpd to reject broadcast + mode packets from legitimate NTP broadcast servers. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco. + +* Broadcast Mode Poll Interval Enforcement DoS + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3113 / CVE-2016-7428 / VU#633847 + Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and + ntp-4.3.90 up to, but not including ntp-4.3.94 + CVSS2: LOW 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P) + CVSS3: MED 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: + The broadcast mode of NTP is expected to only be used in a + trusted network. If the broadcast network is accessible to an + attacker, a potentially exploitable denial of service + vulnerability in ntpd's broadcast mode poll interval enforcement + functionality can be abused. To limit abuse, ntpd restricts the + rate at which each broadcast association will process incoming + packets. ntpd will reject broadcast mode packets that arrive + before the poll interval specified in the preceding broadcast + packet expires. An attacker with access to the NTP broadcast + domain can send specially crafted broadcast mode NTP packets to + the broadcast domain which, while being logged by ntpd, will + cause ntpd to reject broadcast mode packets from legitimate NTP + broadcast servers. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco. + +* Windows: ntpd DoS by oversized UDP packet + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3110 / CVE-2016-9312 / VU#633847 + Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9, + and ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: HIGH 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) + CVSS3: HIGH 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + Summary: + If a vulnerable instance of ntpd on Windows receives a crafted + malicious packet that is "too big", ntpd will stop working. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Robert Pajak of ABB. + +* 0rigin (zero origin) issues + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3102 / CVE-2016-7431 / VU#633847 + Affects: ntp-4.2.8p8, and ntp-4.3.93. + CVSS2: MED 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) + CVSS3: MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + Summary: + Zero Origin timestamp problems were fixed by Bug 2945 in + ntp-4.2.8p6. However, subsequent timestamp validation checks + introduced a regression in the handling of some Zero origin + timestamp checks. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Sharon Goldberg and Aanchal + Malhotra of Boston University. + +* read_mru_list() does inadequate incoming packet checks + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3082 / CVE-2016-7434 / VU#633847 + Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: LOW 3.8 (AV:L/AC:H/Au:S/C:N/I:N/A:C) + CVSS3: LOW 3.8 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: + If ntpd is configured to allow mrulist query requests from a + server that sends a crafted malicious packet, ntpd will crash + on receipt of that crafted malicious mrulist query packet. + Mitigation: + Only allow mrulist query packets from trusted hosts. + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Magnus Stubman. + +* Attack on interface selection + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3072 / CVE-2016-7429 / VU#633847 + Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and + ntp-4.3.0 up to, but not including ntp-4.3.94 + CVSS2: LOW 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P) + CVSS3: LOW 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L + Summary: + When ntpd receives a server response on a socket that corresponds + to a different interface than was used for the request, the peer + structure is updated to use the interface for new requests. If + ntpd is running on a host with multiple interfaces in separate + networks and the operating system doesn't check source address in + received packets (e.g. rp_filter on Linux is set to 0), an + attacker that knows the address of the source can send a packet + with spoofed source address which will cause ntpd to select wrong + interface for the source and prevent it from sending new requests + until the list of interfaces is refreshed, which happens on + routing changes or every 5 minutes by default. If the attack is + repeated often enough (once per second), ntpd will not be able to + synchronize with the source. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + If you are going to configure your OS to disable source address + checks, also configure your firewall configuration to control + what interfaces can receive packets from what networks. + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Miroslav Lichvar of Red Hat. + +* Client rate limiting and server responses + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3071 / CVE-2016-7426 / VU#633847 + Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and + ntp-4.3.0 up to, but not including ntp-4.3.94 + CVSS2: LOW 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P) + CVSS3: LOW 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L + Summary: + When ntpd is configured with rate limiting for all associations + (restrict default limited in ntp.conf), the limits are applied + also to responses received from its configured sources. An + attacker who knows the sources (e.g., from an IPv4 refid in + server response) and knows the system is (mis)configured in this + way can periodically send packets with spoofed source address to + keep the rate limiting activated and prevent ntpd from accepting + valid responses from its sources. + + While this blanket rate limiting can be useful to prevent + brute-force attacks on the origin timestamp, it allows this DoS + attack. Similarly, it allows the attacker to prevent mobilization + of ephemeral associations. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Miroslav Lichvar of Red Hat. + +* Fix for bug 2085 broke initial sync calculations + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3067 / CVE-2016-7433 / VU#633847 + Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and + ntp-4.3.0 up to, but not including ntp-4.3.94. But the + root-distance calculation in general is incorrect in all versions + of ntp-4 until this release. + CVSS2: LOW 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P) + CVSS3: LOW 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L + Summary: + Bug 2085 described a condition where the root delay was included + twice, causing the jitter value to be higher than expected. Due + to a misinterpretation of a small-print variable in The Book, the + fix for this problem was incorrect, resulting in a root distance + that did not include the peer dispersion. The calculations and + formulae have been reviewed and reconciled, and the code has been + updated accordingly. + Mitigation: + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered independently by Brian Utterback of + Oracle, and Sharon Goldberg and Aanchal Malhotra of Boston University. + +Other fixes: + +* [Bug 3142] bug in netmask prefix length detection +* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org +* [Bug 3129] Unknown hosts can put resolver thread into a hard loop + - moved retry decision where it belongs. +* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order + using the loopback-ppsapi-provider.dll +* [Bug 3116] unit tests for NTP time stamp expansion. +* [Bug 3100] ntpq can't retrieve daemon_version + - fixed extended sysvar lookup (bug introduced with bug 3008 fix) +* [Bug 3095] Compatibility with openssl 1.1 + - applied patches by Kurt Roeckx to source + - added shim layer for SSL API calls with issues (both directions) +* [Bug 3089] Serial Parser does not work anymore for hopfser like device + - simplified / refactored hex-decoding in driver. +* [Bug 3084] update-leap mis-parses the leapfile name. HStenn. +* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org + - applied patch thanks to Andrew Stormont +* [Bug 3067] Root distance calculation needs improvement. HStenn +* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org + - PPS-HACK works again. +* [Bug 3059] Potential buffer overrun from oversized hash + - applied patch by Brian Utterback +* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White. +* [Bug 3050] Fix for bug #2960 causes [...] spurious error message. + + - patches by Reinhard Max and Havard Eidnes +* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org + - Patch provided by Kuramatsu. +* [Bug 3021] unity_fixture.c needs pragma weak + - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()' +* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing. DMayer +* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger +* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn. +* [Bug 2959] refclock_jupiter: gps week correction + - fixed GPS week expansion to work based on build date. Special thanks + to Craig Leres for initial patch and testing. +* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd' + - fixed Makefile.am +* [Bug 2689] ATOM driver processes last PPS pulse at startup, + even if it is very old + - make sure PPS source is alive before processing samples + - improve stability close to the 500ms phase jump (phase gate) +* Fix typos in include/ntp.h. +* Shim X509_get_signature_nid() if needed +* git author attribution cleanup +* bk ignore file cleanup +* remove locks in Windows IO, use rpc-like thread synchronisation instead + --- NTP 4.2.8p8 (Harlan Stenn , 2016/06/02) diff --git a/contrib/ntp/configure b/contrib/ntp/configure index c38e7eb5e8f1..91131cdb87c2 100755 --- a/contrib/ntp/configure +++ b/contrib/ntp/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for ntp 4.2.8p8. +# Generated by GNU Autoconf 2.69 for ntp 4.2.8p9. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ntp' PACKAGE_TARNAME='ntp' -PACKAGE_VERSION='4.2.8p8' -PACKAGE_STRING='ntp 4.2.8p8' +PACKAGE_VERSION='4.2.8p9' +PACKAGE_STRING='ntp 4.2.8p9' PACKAGE_BUGREPORT='http://bugs.ntp.org./' PACKAGE_URL='http://www.ntp.org./' @@ -1618,7 +1618,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ntp 4.2.8p8 to adapt to many kinds of systems. +\`configure' configures ntp 4.2.8p9 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1688,7 +1688,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ntp 4.2.8p8:";; + short | recursive ) echo "Configuration of ntp 4.2.8p9:";; esac cat <<\_ACEOF @@ -1924,7 +1924,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ntp configure 4.2.8p8 +ntp configure 4.2.8p9 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2754,7 +2754,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ntp $as_me 4.2.8p8, which was +It was created by ntp $as_me 4.2.8p9, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -3755,7 +3755,7 @@ fi # Define the identity of the package. PACKAGE='ntp' - VERSION='4.2.8p8' + VERSION='4.2.8p9' cat >>confdefs.h <<_ACEOF @@ -38003,7 +38003,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ntp $as_me 4.2.8p8, which was +This file was extended by ntp $as_me 4.2.8p9, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -38070,7 +38070,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ntp config.status 4.2.8p8 +ntp config.status 4.2.8p9 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/contrib/ntp/html/drivers/driver40-ja.html b/contrib/ntp/html/drivers/driver40-ja.html index 8b67e9009d40..d84c3ce107d9 100644 --- a/contrib/ntp/html/drivers/driver40-ja.html +++ b/contrib/ntp/html/drivers/driver40-ja.html @@ -16,7 +16,7 @@

JJY Receivers

Last update: - 15-May-2015 00:00 + 08-May-2016 00:00 UTC          ENGLISH(英語)   JAPANESE(日本語)


Synopsis

@@ -137,7 +137,7 @@ {ENQ}1J{ETX}  -->  - {STX}JYYMMDD HHMMSSS{ETX} + {STX}JYYMMDDWHHMMSSS{ETX}
diff --git a/contrib/ntp/html/drivers/driver40.html b/contrib/ntp/html/drivers/driver40.html index 356429e499e6..3b5f00f1506b 100644 --- a/contrib/ntp/html/drivers/driver40.html +++ b/contrib/ntp/html/drivers/driver40.html @@ -16,7 +16,7 @@

JJY Receivers

Last update: - 15-May-2015 00:00 + 08-May-2016 00:00 UTC          ENGLISH   JAPANESE


Synopsis

@@ -136,7 +136,7 @@ {ENQ}1J{ETX}  -->  - {STX}JYYMMDD HHMMSSS{ETX} + {STX}JYYMMDDWHHMMSSS{ETX}
diff --git a/contrib/ntp/html/miscopt.html b/contrib/ntp/html/miscopt.html index bf4cfbfdb5aa..6e03963326ea 100644 --- a/contrib/ntp/html/miscopt.html +++ b/contrib/ntp/html/miscopt.html @@ -11,7 +11,7 @@ giffrom Pogo, Walt Kelly

We have three, now looking for more.

Last update: - 17-May-2016 06:26 + 9-Nov-2016 12:26 UTC


Related Links

@@ -145,10 +145,12 @@
Specifies the stepout threshold in seconds. The default without this command is 300 s. Since this option also affects the training and startup intervals, it should not be set less than the default. Further details are on the Clock State Machine page.
-
tos [beacon beacon | ceiling ceiling | cohort {0 | 1} | floor floor | maxclock maxclock | maxdist maxdist | minclock minclock | mindist mindist | minsane minsane | orphan stratum | orphanwait delay]
+
tos [bcpollbstep poll-gate | beacon beacon | ceiling ceiling | cohort {0 | 1} | floor floor | maxclock maxclock | maxdist maxdist | minclock minclock | mindist mindist | minsane minsane | orphan stratum | orphanwait delay]
This command alters certain system variables used by the the clock selection and clustering algorithms. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in dynamic server discovery schemes. The options are as follows:
+
bcpollbstep poll-gate
+
This option will cause the client to delay believing backward time steps from a broadcast server for bcpollbstep poll intervals. NTP Broadcast networks are expected to be trusted, and if the server's time gets stepped backwards then it's desireable that the clients follow this change as soon as possible. However, in spite of various protections built-in to the broadcast protocol, it is possible that an attacker could perform a carefully-constructed replay attack and cause clients to erroneously step their clocks backward. If the risk of a successful broadcast replay attack is greater than the risk of the clients being out of sync in the event that there is a backward step on the broadcast time servers, this option may be used to cause the clients to delay beliveving backward time steps until poll-gate consecutive polls have been received. The default is 0, which means the client will accept these steps upon receipt. Any value from 0 to 4 can be specified.
beacon beacon
The manycast server sends packets at intervals of 64 s if less than maxclock servers are available. Otherwise, it sends packets at the beacon interval in seconds. The default is 3600 s. See the Automatic Server Discovery page for further details.
ceiling ceiling
diff --git a/contrib/ntp/include/Makefile.am b/contrib/ntp/include/Makefile.am index 521ac146c777..749a0c839050 100644 --- a/contrib/ntp/include/Makefile.am +++ b/contrib/ntp/include/Makefile.am @@ -16,6 +16,7 @@ noinst_HEADERS = \ intreswork.h \ iosignal.h \ l_stdlib.h \ + libssl_compat.h \ lib_strbuf.h \ libntp.h \ mbg_gps166.h \ diff --git a/contrib/ntp/include/Makefile.in b/contrib/ntp/include/Makefile.in index ef92804d14fa..acd3bb5f8031 100644 --- a/contrib/ntp/include/Makefile.in +++ b/contrib/ntp/include/Makefile.in @@ -501,6 +501,7 @@ noinst_HEADERS = \ intreswork.h \ iosignal.h \ l_stdlib.h \ + libssl_compat.h \ lib_strbuf.h \ libntp.h \ mbg_gps166.h \ diff --git a/contrib/ntp/include/libssl_compat.h b/contrib/ntp/include/libssl_compat.h new file mode 100644 index 000000000000..a8938a1517c8 --- /dev/null +++ b/contrib/ntp/include/libssl_compat.h @@ -0,0 +1,100 @@ +/* + * libssl_compat.h -- OpenSSL v1.1 compatibility shims + * + * --------------------------------------------------------------------- + * + * Written by Juergen Perlinger for the NTP project + * + * Based on an idea by Kurt Roeckx + * + * --------------------------------------------------------------------- + * This is a clean room implementation of shim functions that have + * counterparts in the OpenSSL v1.1 API but not in earlier versions. + * + * If the OpenSSL version used for compilation needs the shims (that is, + * does not provide the new functions) the names of these functions are + * redirected to our shims. + * --------------------------------------------------------------------- + */ + +#ifndef NTP_LIBSSL_COMPAT_H +#define NTP_LIBSSL_COMPAT_H + +#include "openssl/evp.h" +#include "openssl/dsa.h" +#include "openssl/rsa.h" + +/* ----------------------------------------------------------------- */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +/* ----------------------------------------------------------------- */ + +# include +# include + +/* shim the new-style API on an old-style OpenSSL */ + +extern BN_GENCB* sslshimBN_GENCB_new(void); +extern void sslshimBN_GENCB_free(BN_GENCB*); + +extern EVP_MD_CTX* sslshim_EVP_MD_CTX_new(void); +extern void sslshim_EVP_MD_CTX_free(EVP_MD_CTX *ctx); + +extern int sslshim_EVP_PKEY_id(const EVP_PKEY * pkey); +extern int sslshim_EVP_PKEY_base_id(const EVP_PKEY * pkey); +extern RSA* sslshim_EVP_PKEY_get0_RSA(EVP_PKEY * pkey); +extern DSA* sslshim_EVP_PKEY_get0_DSA(EVP_PKEY * pkey); + +extern void sslshim_RSA_get0_key(const RSA *prsa, const BIGNUM **pn, + const BIGNUM **pe, const BIGNUM **pd); +extern int sslshim_RSA_set0_key(RSA *prsa, BIGNUM *n, + BIGNUM *e, BIGNUM *d); +extern void sslshim_RSA_get0_factors(const RSA *prsa, const BIGNUM **pp, + const BIGNUM **pq); +extern int sslshim_RSA_set0_factors(RSA *prsar, BIGNUM *p, BIGNUM *q); +extern int sslshim_RSA_set0_crt_params(RSA *prsa, BIGNUM *dmp1, + BIGNUM *dmq1, BIGNUM *iqmp); + +extern void sslshim_DSA_SIG_get0(const DSA_SIG *psig, const BIGNUM **pr, + const BIGNUM **ps); +extern int sslshim_DSA_SIG_set0(DSA_SIG *psig, BIGNUM *r, BIGNUM *s); +extern void sslshim_DSA_get0_pqg(const DSA *pdsa, const BIGNUM **pp, + const BIGNUM **pq, const BIGNUM **pg); +extern int sslshim_DSA_set0_pqg(DSA *pdsa, BIGNUM *p, BIGNUM *q, BIGNUM *g); +extern void sslshim_DSA_get0_key(const DSA *pdsa, const BIGNUM **ppub_key, + const BIGNUM **ppriv_key); +extern int sslshim_DSA_set0_key(DSA *pdsa, BIGNUM *pub_key, + BIGNUM *priv_key); + +extern int sslshim_X509_get_signature_nid(const X509 *x); + +#define BN_GENCB_new sslshimBN_GENCB_new +#define BN_GENCB_free sslshimBN_GENCB_free + +#define EVP_MD_CTX_new sslshim_EVP_MD_CTX_new +#define EVP_MD_CTX_free sslshim_EVP_MD_CTX_free + +#define EVP_PKEY_id sslshim_EVP_PKEY_id +#define EVP_PKEY_base_id sslshim_EVP_PKEY_base_id +#define EVP_PKEY_get0_RSA sslshim_EVP_PKEY_get0_RSA +#define EVP_PKEY_get0_DSA sslshim_EVP_PKEY_get0_DSA + +#define RSA_get0_key sslshim_RSA_get0_key +#define RSA_set0_key sslshim_RSA_set0_key +#define RSA_get0_factors sslshim_RSA_get0_factors +#define RSA_set0_factors sslshim_RSA_set0_factors +#define RSA_set0_crt_params sslshim_RSA_set0_crt_params + +#define DSA_SIG_get0 sslshim_DSA_SIG_get0 +#define DSA_SIG_set0 sslshim_DSA_SIG_set0 +#define DSA_get0_pqg sslshim_DSA_get0_pqg +#define DSA_set0_pqg sslshim_DSA_set0_pqg +#define DSA_get0_key sslshim_DSA_get0_key +#define DSA_set0_key sslshim_DSA_set0_key + +#define X509_get_signature_nid sslshim_X509_get_signature_nid + +/* ----------------------------------------------------------------- */ +#endif /* OPENSSL_VERSION_NUMBER < v1.1.0 */ +/* ----------------------------------------------------------------- */ + +#endif /* NTP_LIBSSL_COMPAT_H */ diff --git a/contrib/ntp/include/ntp.h b/contrib/ntp/include/ntp.h index 84c30d9feea0..323135da4a89 100644 --- a/contrib/ntp/include/ntp.h +++ b/contrib/ntp/include/ntp.h @@ -391,7 +391,7 @@ struct peer { * Statistic counters */ u_long timereset; /* time stat counters were reset */ - u_long timelastrec; /* last packet received time */ + u_long timelastrec; /* last packet received time, incl. trash */ u_long timereceived; /* last (clean) packet received time */ u_long timereachable; /* last reachable/unreachable time */ @@ -419,8 +419,7 @@ struct peer { * MODE_BROADCAST and MODE_BCLIENT appear in the transition * function. MODE_CONTROL and MODE_PRIVATE can appear in packets, * but those never survive to the transition function. - * is a -/ */ + */ #define MODE_UNSPEC 0 /* unspecified (old version) */ #define MODE_ACTIVE 1 /* symmetric active mode */ #define MODE_PASSIVE 2 /* symmetric passive mode */ @@ -433,7 +432,7 @@ struct peer { #define MODE_CONTROL 6 /* control mode */ #define MODE_PRIVATE 7 /* private mode */ /* - * This is a madeup mode for broadcast client. + * This is a made-up mode for broadcast client. */ #define MODE_BCLIENT 6 /* broadcast client mode */ @@ -724,6 +723,7 @@ struct pkt { #define PROTO_UECRYPTONAK 30 #define PROTO_UEDIGEST 31 #define PROTO_PCEDIGEST 32 +#define PROTO_BCPOLLBSTEP 33 /* * Configuration items for the loop filter @@ -731,7 +731,7 @@ struct pkt { #define LOOP_DRIFTINIT 1 /* iniitialize frequency */ #define LOOP_KERN_CLEAR 2 /* set initial frequency offset */ #define LOOP_MAX 3 /* set both step offsets */ -#define LOOP_MAX_BACK 4 /* set bacward-step offset */ +#define LOOP_MAX_BACK 4 /* set backward-step offset */ #define LOOP_MAX_FWD 5 /* set forward-step offset */ #define LOOP_PANIC 6 /* set panic offseet */ #define LOOP_PHI 7 /* set dispersion rate */ diff --git a/contrib/ntp/include/ntp_intres.h b/contrib/ntp/include/ntp_intres.h index 1b6bd66e0b11..110913007602 100644 --- a/contrib/ntp/include/ntp_intres.h +++ b/contrib/ntp/include/ntp_intres.h @@ -9,6 +9,9 @@ #ifdef WORKER #define INITIAL_DNS_RETRY 2 /* seconds between queries */ +/* flags for extended addrinfo version */ +#define GAIR_F_IGNDNSERR 0x0001 /* ignore DNS errors */ + /* * you call getaddrinfo_sometime(name, service, &hints, retry, callback_func, context); * later (*callback_func)(rescode, gai_errno, context, name, service, hints, ai_result) is called. @@ -19,6 +22,9 @@ typedef void (*gai_sometime_callback) extern int getaddrinfo_sometime(const char *, const char *, const struct addrinfo *, int, gai_sometime_callback, void *); +extern int getaddrinfo_sometime_ex(const char *, const char *, + const struct addrinfo *, int, + gai_sometime_callback, void *, u_int); /* * In gai_sometime_callback routines, the resulting addrinfo list is * only available until the callback returns. To hold on to the list diff --git a/contrib/ntp/include/ntpd.h b/contrib/ntp/include/ntpd.h index 362068c765ed..1f33bf456b2f 100644 --- a/contrib/ntp/include/ntpd.h +++ b/contrib/ntp/include/ntpd.h @@ -483,6 +483,7 @@ extern int sys_bclient; /* we set our time to broadcasts */ extern double sys_bdelay; /* broadcast client default delay */ extern int sys_authenticate; /* requre authentication for config */ extern l_fp sys_authdelay; /* authentication delay */ +extern u_char sys_bcpollbstep; /* broadcast poll backstep gate */ extern u_long sys_epoch; /* last clock update time */ extern keyid_t sys_private; /* private value for session seed */ extern int sys_manycastserver; /* respond to manycast client pkts */ diff --git a/contrib/ntp/lib/isc/netaddr.c b/contrib/ntp/lib/isc/netaddr.c index 9710466281c6..01f908043495 100644 --- a/contrib/ntp/lib/isc/netaddr.c +++ b/contrib/ntp/lib/isc/netaddr.c @@ -280,7 +280,6 @@ isc_netaddr_masktoprefixlen(const isc_netaddr_t *s, unsigned int *lenp) { for (; i < ipbytes; i++) { if (p[i] != 0) return (ISC_R_MASKNONCONTIG); - i++; } *lenp = nbytes * 8 + nbits; return (ISC_R_SUCCESS); diff --git a/contrib/ntp/libntp/Makefile.am b/contrib/ntp/libntp/Makefile.am index 26a4709e8b54..874739a18846 100644 --- a/contrib/ntp/libntp/Makefile.am +++ b/contrib/ntp/libntp/Makefile.am @@ -73,6 +73,7 @@ libntp_a_SRCS = \ iosignal.c \ is_ip_address.c \ lib_strbuf.c \ + libssl_compat.c \ machines.c \ mktime.c \ modetoa.c \ diff --git a/contrib/ntp/libntp/Makefile.in b/contrib/ntp/libntp/Makefile.in index 9125c19ee062..46b7926ab3fd 100644 --- a/contrib/ntp/libntp/Makefile.in +++ b/contrib/ntp/libntp/Makefile.in @@ -150,15 +150,15 @@ am__libntp_a_SOURCES_DIST = systime.c a_md5encrypt.c adjtime.c \ calyearstart.c clocktime.c clocktypes.c decodenetnum.c \ dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \ hextoint.c hextolfp.c humandate.c icom.c iosignal.c \ - is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \ - mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \ - ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \ - ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \ - prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \ - socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ - strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \ - vint64ops.c work_fork.c work_thread.c ymd2yd.c \ - $(srcdir)/../lib/isc/assertions.c \ + is_ip_address.c lib_strbuf.c libssl_compat.c machines.c \ + mktime.c modetoa.c mstolfp.c msyslog.c netof.c ntp_calendar.c \ + ntp_crypto_rnd.c ntp_intres.c ntp_libopts.c ntp_lineedit.c \ + ntp_random.c ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c \ + octtoint.c prettydate.c refidsmear.c recvbuff.c refnumtoa.c \ + snprintf.c socket.c socktoa.c socktohost.c ssl_init.c \ + statestr.c strdup.c strl_obsd.c syssignal.c timetoa.c \ + timevalops.c uglydate.c vint64ops.c work_fork.c work_thread.c \ + ymd2yd.c $(srcdir)/../lib/isc/assertions.c \ $(srcdir)/../lib/isc/buffer.c \ $(srcdir)/../lib/isc/backtrace-emptytbl.c \ $(srcdir)/../lib/isc/backtrace.c \ @@ -209,20 +209,21 @@ am__objects_4 = a_md5encrypt.$(OBJEXT) adjtime.$(OBJEXT) \ getopt.$(OBJEXT) hextoint.$(OBJEXT) hextolfp.$(OBJEXT) \ humandate.$(OBJEXT) icom.$(OBJEXT) iosignal.$(OBJEXT) \ is_ip_address.$(OBJEXT) lib_strbuf.$(OBJEXT) \ - machines.$(OBJEXT) mktime.$(OBJEXT) modetoa.$(OBJEXT) \ - mstolfp.$(OBJEXT) msyslog.$(OBJEXT) netof.$(OBJEXT) \ - ntp_calendar.$(OBJEXT) ntp_crypto_rnd.$(OBJEXT) \ - ntp_intres.$(OBJEXT) ntp_libopts.$(OBJEXT) \ - ntp_lineedit.$(OBJEXT) ntp_random.$(OBJEXT) \ - ntp_rfc2553.$(OBJEXT) ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) \ - numtohost.$(OBJEXT) octtoint.$(OBJEXT) prettydate.$(OBJEXT) \ - refidsmear.$(OBJEXT) recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) \ - snprintf.$(OBJEXT) socket.$(OBJEXT) socktoa.$(OBJEXT) \ - socktohost.$(OBJEXT) ssl_init.$(OBJEXT) statestr.$(OBJEXT) \ - strdup.$(OBJEXT) strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) \ - timetoa.$(OBJEXT) timevalops.$(OBJEXT) uglydate.$(OBJEXT) \ - vint64ops.$(OBJEXT) work_fork.$(OBJEXT) work_thread.$(OBJEXT) \ - ymd2yd.$(OBJEXT) $(am__objects_3) $(am__objects_1) + libssl_compat.$(OBJEXT) machines.$(OBJEXT) mktime.$(OBJEXT) \ + modetoa.$(OBJEXT) mstolfp.$(OBJEXT) msyslog.$(OBJEXT) \ + netof.$(OBJEXT) ntp_calendar.$(OBJEXT) \ + ntp_crypto_rnd.$(OBJEXT) ntp_intres.$(OBJEXT) \ + ntp_libopts.$(OBJEXT) ntp_lineedit.$(OBJEXT) \ + ntp_random.$(OBJEXT) ntp_rfc2553.$(OBJEXT) \ + ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) numtohost.$(OBJEXT) \ + octtoint.$(OBJEXT) prettydate.$(OBJEXT) refidsmear.$(OBJEXT) \ + recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) snprintf.$(OBJEXT) \ + socket.$(OBJEXT) socktoa.$(OBJEXT) socktohost.$(OBJEXT) \ + ssl_init.$(OBJEXT) statestr.$(OBJEXT) strdup.$(OBJEXT) \ + strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) timetoa.$(OBJEXT) \ + timevalops.$(OBJEXT) uglydate.$(OBJEXT) vint64ops.$(OBJEXT) \ + work_fork.$(OBJEXT) work_thread.$(OBJEXT) ymd2yd.$(OBJEXT) \ + $(am__objects_3) $(am__objects_1) am_libntp_a_OBJECTS = systime.$(OBJEXT) $(am__objects_4) libntp_a_OBJECTS = $(am_libntp_a_OBJECTS) libntpsim_a_AR = $(AR) $(ARFLAGS) @@ -233,15 +234,15 @@ am__libntpsim_a_SOURCES_DIST = systime_s.c a_md5encrypt.c adjtime.c \ calyearstart.c clocktime.c clocktypes.c decodenetnum.c \ dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \ hextoint.c hextolfp.c humandate.c icom.c iosignal.c \ - is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \ - mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \ - ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \ - ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \ - prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \ - socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ - strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \ - vint64ops.c work_fork.c work_thread.c ymd2yd.c \ - $(srcdir)/../lib/isc/assertions.c \ + is_ip_address.c lib_strbuf.c libssl_compat.c machines.c \ + mktime.c modetoa.c mstolfp.c msyslog.c netof.c ntp_calendar.c \ + ntp_crypto_rnd.c ntp_intres.c ntp_libopts.c ntp_lineedit.c \ + ntp_random.c ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c \ + octtoint.c prettydate.c refidsmear.c recvbuff.c refnumtoa.c \ + snprintf.c socket.c socktoa.c socktohost.c ssl_init.c \ + statestr.c strdup.c strl_obsd.c syssignal.c timetoa.c \ + timevalops.c uglydate.c vint64ops.c work_fork.c work_thread.c \ + ymd2yd.c $(srcdir)/../lib/isc/assertions.c \ $(srcdir)/../lib/isc/buffer.c \ $(srcdir)/../lib/isc/backtrace-emptytbl.c \ $(srcdir)/../lib/isc/backtrace.c \ @@ -665,6 +666,7 @@ libntp_a_SRCS = \ iosignal.c \ is_ip_address.c \ lib_strbuf.c \ + libssl_compat.c \ machines.c \ mktime.c \ modetoa.c \ @@ -813,6 +815,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_ip_address.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib_strbuf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl_compat.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/machines.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Po@am__quote@ diff --git a/contrib/ntp/libntp/a_md5encrypt.c b/contrib/ntp/libntp/a_md5encrypt.c index 618ccd9de102..7edcd2e30583 100644 --- a/contrib/ntp/libntp/a_md5encrypt.c +++ b/contrib/ntp/libntp/a_md5encrypt.c @@ -11,6 +11,7 @@ #include "ntp.h" #include "ntp_md5.h" /* provides OpenSSL digest API */ #include "isc/string.h" +#include "libssl_compat.h" /* * MD5authencrypt - generate message digest * @@ -26,7 +27,7 @@ MD5authencrypt( { u_char digest[EVP_MAX_MD_SIZE]; u_int len; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; /* * Compute digest of key concatenated with packet. Note: the @@ -34,18 +35,20 @@ MD5authencrypt( * was creaded. */ INIT_SSL(); -#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL - if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) { + ctx = EVP_MD_CTX_new(); + if (!(ctx && EVP_DigestInit(ctx, EVP_get_digestbynid(type)))) { msyslog(LOG_ERR, "MAC encrypt: digest init failed"); + EVP_MD_CTX_free(ctx); return (0); } -#else - EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); -#endif - EVP_DigestUpdate(&ctx, key, cache_secretsize); - EVP_DigestUpdate(&ctx, (u_char *)pkt, length); - EVP_DigestFinal(&ctx, digest, &len); + EVP_DigestUpdate(ctx, key, cache_secretsize); + EVP_DigestUpdate(ctx, (u_char *)pkt, length); + EVP_DigestFinal(ctx, digest, &len); + EVP_MD_CTX_free(ctx); + /* If the MAC is longer than the MAX then truncate it. */ + if (len > MAX_MAC_LEN - 4) + len = MAX_MAC_LEN - 4; memmove((u_char *)pkt + length + 4, digest, len); return (len + 4); } @@ -67,7 +70,7 @@ MD5authdecrypt( { u_char digest[EVP_MAX_MD_SIZE]; u_int len; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; /* * Compute digest of key concatenated with packet. Note: the @@ -75,24 +78,26 @@ MD5authdecrypt( * was created. */ INIT_SSL(); -#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL - if (!EVP_DigestInit(&ctx, EVP_get_digestbynid(type))) { + ctx = EVP_MD_CTX_new(); + if (!(ctx && EVP_DigestInit(ctx, EVP_get_digestbynid(type)))) { msyslog(LOG_ERR, "MAC decrypt: digest init failed"); + EVP_MD_CTX_free(ctx); return (0); } -#else - EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); -#endif - EVP_DigestUpdate(&ctx, key, cache_secretsize); - EVP_DigestUpdate(&ctx, (u_char *)pkt, length); - EVP_DigestFinal(&ctx, digest, &len); + EVP_DigestUpdate(ctx, key, cache_secretsize); + EVP_DigestUpdate(ctx, (u_char *)pkt, length); + EVP_DigestFinal(ctx, digest, &len); + EVP_MD_CTX_free(ctx); + /* If the MAC is longer than the MAX then truncate it. */ + if (len > MAX_MAC_LEN - 4) + len = MAX_MAC_LEN - 4; if (size != (size_t)len + 4) { msyslog(LOG_ERR, "MAC decrypt: MAC length error"); return (0); } - return !isc_tsmemcmp(digest, (const char *)pkt + length + 4, len); + return !isc_tsmemcmp(digest, (u_char *)pkt + length + 4, len); } /* @@ -106,7 +111,7 @@ addr2refid(sockaddr_u *addr) { u_char digest[20]; u_int32 addr_refid; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; u_int len; if (IS_IPV4(addr)) @@ -114,24 +119,23 @@ addr2refid(sockaddr_u *addr) INIT_SSL(); -#if defined(OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x0090700fL - EVP_MD_CTX_init(&ctx); + ctx = EVP_MD_CTX_new(); + EVP_MD_CTX_init(ctx); #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW /* MD5 is not used as a crypto hash here. */ - EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); #endif - if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) { + if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) { msyslog(LOG_ERR, "MD5 init failed"); + EVP_MD_CTX_free(ctx); /* pedantic... but safe */ exit(1); } -#else - EVP_DigestInit(&ctx, EVP_md5()); -#endif - EVP_DigestUpdate(&ctx, (u_char *)PSOCK_ADDR6(addr), + EVP_DigestUpdate(ctx, (u_char *)PSOCK_ADDR6(addr), sizeof(struct in6_addr)); - EVP_DigestFinal(&ctx, digest, &len); + EVP_DigestFinal(ctx, digest, &len); + EVP_MD_CTX_free(ctx); memcpy(&addr_refid, digest, sizeof(addr_refid)); return (addr_refid); } diff --git a/contrib/ntp/libntp/audio.c b/contrib/ntp/libntp/audio.c index 726dfa94d819..3b0a0b364c11 100644 --- a/contrib/ntp/libntp/audio.c +++ b/contrib/ntp/libntp/audio.c @@ -55,7 +55,7 @@ static struct audio_device device; /* audio device ident */ #ifdef PCM_STYLE_SOUND # define INIT_FILE "/etc/ntp.audio" int agc = SOUND_MIXER_WRITE_RECLEV; /* or IGAIN or LINE */ -int monitor = SOUND_MIXER_WRITE_VOLUME; /* or OGAIN */ +int audiomonitor = SOUND_MIXER_WRITE_VOLUME; /* or OGAIN */ int devmask = 0; int recmask = 0; char cf_c_dev[100], cf_i_dev[100], cf_agc[100], cf_monitor[100]; @@ -334,7 +334,7 @@ audio_init( /* devmask */ i = mixer_name(cf_monitor, devmask); if (i >= 0) - monitor = MIXER_WRITE(i); + audiomonitor = MIXER_WRITE(i); else printf("monitor %s not in devmask %#x\n", cf_monitor, devmask); @@ -412,7 +412,7 @@ audio_gain( # endif l |= r << 8; if (cf_monitor[0] != '\0') - rval = ioctl(ctl_fd, monitor, &l ); + rval = ioctl(ctl_fd, audiomonitor, &l ); else rval = ioctl(ctl_fd, SOUND_MIXER_WRITE_VOLUME, &l); diff --git a/contrib/ntp/libntp/libssl_compat.c b/contrib/ntp/libntp/libssl_compat.c new file mode 100644 index 000000000000..ce6acb7d3c78 --- /dev/null +++ b/contrib/ntp/libntp/libssl_compat.c @@ -0,0 +1,335 @@ +/* + * libssl_compat.c -- OpenSSL v1.1 compatibility functions + * + * --------------------------------------------------------------------- + * Written by Juergen Perlinger for the NTP project + * + * Based on an idea by Kurt Roeckx + * + * --------------------------------------------------------------------- + * This is a clean room implementation of shim functions that have + * counterparts in the OpenSSL v1.1 API but not in earlier versions. So + * while OpenSSL broke binary compatibility with v1.1, this shim module + * should provide the necessary source code compatibility with older + * versions of OpenSSL. + * --------------------------------------------------------------------- + */ +#include "config.h" + +#include +#include +#include + +#include "ntp_types.h" + +/* ----------------------------------------------------------------- */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +/* ----------------------------------------------------------------- */ + +#include "libssl_compat.h" +#include "ntp_assert.h" + +/* -------------------------------------------------------------------- + * replace a BIGNUM owned by the caller with another one if it's not + * NULL, taking over the ownership of the new value. This clears & frees + * the old value -- the clear might be overkill, but it's better to err + * on the side of paranoia here. + */ +static void +replace_bn_nn( + BIGNUM ** ps, + BIGNUM * n + ) +{ + if (n) { + REQUIRE(*ps != n); + BN_clear_free(*ps); + *ps = n; + } +} + +/* -------------------------------------------------------------------- + * allocation and deallocation of prime number callbacks + */ +BN_GENCB* +sslshimBN_GENCB_new(void) +{ + return calloc(1,sizeof(BN_GENCB)); +} + +void +sslshimBN_GENCB_free( + BN_GENCB *cb + ) +{ + free(cb); +} + +/* -------------------------------------------------------------------- + * allocation and deallocation of message digests + */ +EVP_MD_CTX* +sslshim_EVP_MD_CTX_new(void) +{ + return calloc(1, sizeof(EVP_MD_CTX)); +} + +void +sslshim_EVP_MD_CTX_free( + EVP_MD_CTX * pctx + ) +{ + free(pctx); +} + +/* -------------------------------------------------------------------- + * get EVP keys and key type + */ +int +sslshim_EVP_PKEY_id( + const EVP_PKEY *pkey + ) +{ + return (pkey) ? pkey->type : EVP_PKEY_NONE; +} + +int +sslshim_EVP_PKEY_base_id( + const EVP_PKEY *pkey + ) +{ + return (pkey) ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE; +} + +RSA* +sslshim_EVP_PKEY_get0_RSA( + EVP_PKEY * pkey + ) +{ + return (pkey) ? pkey->pkey.rsa : NULL; +} + +DSA* +sslshim_EVP_PKEY_get0_DSA( + EVP_PKEY * pkey + ) +{ + return (pkey) ? pkey->pkey.dsa : NULL; +} + +/* -------------------------------------------------------------------- + * set/get RSA params + */ +void +sslshim_RSA_get0_key( + const RSA * prsa, + const BIGNUM ** pn, + const BIGNUM ** pe, + const BIGNUM ** pd + ) +{ + REQUIRE(prsa != NULL); + + if (pn) + *pn = prsa->n; + if (pe) + *pe = prsa->e; + if (pd) + *pd = prsa->d; +} + +int +sslshim_RSA_set0_key( + RSA * prsa, + BIGNUM * n, + BIGNUM * e, + BIGNUM * d + ) +{ + REQUIRE(prsa != NULL); + if (!((prsa->n || n) && (prsa->e || e))) + return 0; + + replace_bn_nn(&prsa->n, n); + replace_bn_nn(&prsa->e, e); + replace_bn_nn(&prsa->d, d); + + return 1; +} + +void +sslshim_RSA_get0_factors( + const RSA * prsa, + const BIGNUM ** pp, + const BIGNUM ** pq + ) +{ + REQUIRE(prsa != NULL); + + if (pp) + *pp = prsa->p; + if (pq) + *pq = prsa->q; +} + +int +sslshim_RSA_set0_factors( + RSA * prsa, + BIGNUM * p, + BIGNUM * q + ) +{ + REQUIRE(prsa != NULL); + if (!((prsa->p || p) && (prsa->q || q))) + return 0; + + replace_bn_nn(&prsa->p, p); + replace_bn_nn(&prsa->q, q); + + return 1; +} + +int +sslshim_RSA_set0_crt_params( + RSA * prsa, + BIGNUM * dmp1, + BIGNUM * dmq1, + BIGNUM * iqmp + ) +{ + REQUIRE(prsa != NULL); + if (!((prsa->dmp1 || dmp1) && + (prsa->dmq1 || dmq1) && + (prsa->iqmp || iqmp) )) + return 0; + + replace_bn_nn(&prsa->dmp1, dmp1); + replace_bn_nn(&prsa->dmq1, dmq1); + replace_bn_nn(&prsa->iqmp, iqmp); + + return 1; +} + +/* -------------------------------------------------------------------- + * set/get DSA signature parameters + */ +void +sslshim_DSA_SIG_get0( + const DSA_SIG * psig, + const BIGNUM ** pr, + const BIGNUM ** ps + ) +{ + REQUIRE(psig != NULL); + + if (pr != NULL) + *pr = psig->r; + if (ps != NULL) + *ps = psig->s; +} + +int +sslshim_DSA_SIG_set0( + DSA_SIG * psig, + BIGNUM * r, + BIGNUM * s + ) +{ + REQUIRE(psig != NULL); + if (!(r && s)) + return 0; + + replace_bn_nn(&psig->r, r); + replace_bn_nn(&psig->s, s); + + return 1; +} + +/* -------------------------------------------------------------------- + * get/set DSA parameters + */ +void +sslshim_DSA_get0_pqg( + const DSA * pdsa, + const BIGNUM ** pp, + const BIGNUM ** pq, + const BIGNUM ** pg + ) +{ + REQUIRE(pdsa != NULL); + + if (pp != NULL) + *pp = pdsa->p; + if (pq != NULL) + *pq = pdsa->q; + if (pg != NULL) + *pg = pdsa->g; +} + +int +sslshim_DSA_set0_pqg( + DSA * pdsa, + BIGNUM * p, + BIGNUM * q, + BIGNUM * g + ) +{ + if (!((pdsa->p || p) && (pdsa->q || q) && (pdsa->g || g))) + return 0; + + replace_bn_nn(&pdsa->p, p); + replace_bn_nn(&pdsa->q, q); + replace_bn_nn(&pdsa->g, g); + + return 1; +} + +void +sslshim_DSA_get0_key( + const DSA * pdsa, + const BIGNUM ** ppub_key, + const BIGNUM ** ppriv_key + ) +{ + REQUIRE(pdsa != NULL); + + if (ppub_key != NULL) + *ppub_key = pdsa->pub_key; + if (ppriv_key != NULL) + *ppriv_key = pdsa->priv_key; +} + +int +sslshim_DSA_set0_key( + DSA * pdsa, + BIGNUM * pub_key, + BIGNUM * priv_key + ) +{ + REQUIRE(pdsa != NULL); + if (!(pdsa->pub_key || pub_key)) + return 0; + + replace_bn_nn(&pdsa->pub_key, pub_key); + replace_bn_nn(&pdsa->priv_key, priv_key); + + return 1; +} + +int +sslshim_X509_get_signature_nid( + const X509 *x + ) +{ + return OBJ_obj2nid(x->sig_alg->algorithm); +} + +/* ----------------------------------------------------------------- */ +#else /* OPENSSL_VERSION_NUMBER >= v1.1.0 */ +/* ----------------------------------------------------------------- */ + +NONEMPTY_TRANSLATION_UNIT + +/* ----------------------------------------------------------------- */ +#endif +/* ----------------------------------------------------------------- */ diff --git a/contrib/ntp/libntp/ntp_calendar.c b/contrib/ntp/libntp/ntp_calendar.c index ff6ead364e5a..4bfb0e723c01 100644 --- a/contrib/ntp/libntp/ntp_calendar.c +++ b/contrib/ntp/libntp/ntp_calendar.c @@ -91,7 +91,7 @@ /* *--------------------------------------------------------------------- * replacing the 'time()' function - * -------------------------------------------------------------------- + *--------------------------------------------------------------------- */ static systime_func_ptr systime_func = &time; @@ -395,7 +395,7 @@ ntpcal_get_build_date( /* *--------------------------------------------------------------------- * basic calendar stuff - * -------------------------------------------------------------------- + *--------------------------------------------------------------------- */ /* month table for a year starting with March,1st */ @@ -443,11 +443,11 @@ static const uint16_t real_month_table[2][13] = { */ /* - * ================================================================== + * ==================================================================== * * General algorithmic stuff * - * ================================================================== + * ==================================================================== */ /* @@ -495,7 +495,7 @@ static const uint16_t real_month_table[2][13] = { * 32/16bit divisions and is still performant is a bit more * difficult. Since most usecases can be coded in a way that does only * require the 32-bit version a 64bit version is NOT provided here. - * --------------------------------------------------------------------- + *--------------------------------------------------------------------- */ int32_t ntpcal_periodic_extend( @@ -542,8 +542,35 @@ ntpcal_periodic_extend( return pivot; } +/*--------------------------------------------------------------------- + * Note to the casual reader + * + * In the next two functions you will find (or would have found...) + * the expression + * + * res.Q_s -= 0x80000000; + * + * There was some ruckus about a possible programming error due to + * integer overflow and sign propagation. + * + * This assumption is based on a lack of understanding of the C + * standard. (Though this is admittedly not one of the most 'natural' + * aspects of the 'C' language and easily to get wrong.) + * + * see + * http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf + * "ISO/IEC 9899:201x Committee Draft — April 12, 2011" + * 6.4.4.1 Integer constants, clause 5 + * + * why there is no sign extension/overflow problem here. + * + * But to ease the minds of the doubtful, I added back the 'u' qualifiers + * that somehow got lost over the last years. + */ + + /* - *------------------------------------------------------------------- + *--------------------------------------------------------------------- * Convert a timestamp in NTP scale to a 64bit seconds value in the UN*X * scale with proper epoch unfolding around a given pivot or the current * system time. This function happily accepts negative pivot values as @@ -553,7 +580,7 @@ ntpcal_periodic_extend( * This is also a periodic extension, but since the cycle is 2^32 and * the shift is 2^31, we can do some *very* fast math without explicit * divisions. - *------------------------------------------------------------------- + *--------------------------------------------------------------------- */ vint64 ntpcal_ntp_to_time( @@ -568,7 +595,7 @@ ntpcal_ntp_to_time( res.q_s = (pivot != NULL) ? *pivot : now(); - res.Q_s -= 0x80000000; /* unshift of half range */ + res.Q_s -= 0x80000000u; /* unshift of half range */ ntp -= (uint32_t)JAN_1970; /* warp into UN*X domain */ ntp -= res.D_s.lo; /* cycle difference */ res.Q_s += (uint64_t)ntp; /* get expanded time */ @@ -581,7 +608,7 @@ ntpcal_ntp_to_time( ? *pivot : now(); res = time_to_vint64(&tmp); - M_SUB(res.D_s.hi, res.D_s.lo, 0, 0x80000000); + M_SUB(res.D_s.hi, res.D_s.lo, 0, 0x80000000u); ntp -= (uint32_t)JAN_1970; /* warp into UN*X domain */ ntp -= res.D_s.lo; /* cycle difference */ M_ADD(res.D_s.hi, res.D_s.lo, 0, ntp); @@ -592,7 +619,7 @@ ntpcal_ntp_to_time( } /* - *------------------------------------------------------------------- + *--------------------------------------------------------------------- * Convert a timestamp in NTP scale to a 64bit seconds value in the NTP * scale with proper epoch unfolding around a given pivot or the current * system time. @@ -602,7 +629,7 @@ ntpcal_ntp_to_time( * This is also a periodic extension, but since the cycle is 2^32 and * the shift is 2^31, we can do some *very* fast math without explicit * divisions. - *------------------------------------------------------------------- + *--------------------------------------------------------------------- */ vint64 ntpcal_ntp_to_ntp( @@ -617,7 +644,7 @@ ntpcal_ntp_to_ntp( res.q_s = (pivot) ? *pivot : now(); - res.Q_s -= 0x80000000; /* unshift of half range */ + res.Q_s -= 0x80000000u; /* unshift of half range */ res.Q_s += (uint32_t)JAN_1970; /* warp into NTP domain */ ntp -= res.D_s.lo; /* cycle difference */ res.Q_s += (uint64_t)ntp; /* get expanded time */ @@ -642,20 +669,20 @@ ntpcal_ntp_to_ntp( /* - * ================================================================== + * ==================================================================== * * Splitting values to composite entities * - * ================================================================== + * ==================================================================== */ /* - *------------------------------------------------------------------- + *--------------------------------------------------------------------- * Split a 64bit seconds value into elapsed days in 'res.hi' and * elapsed seconds since midnight in 'res.lo' using explicit floor * division. This function happily accepts negative time values as * timestamps before the respective epoch start. - * ------------------------------------------------------------------- + *--------------------------------------------------------------------- */ ntpcal_split ntpcal_daysplit( @@ -736,11 +763,11 @@ ntpcal_daysplit( } /* - *------------------------------------------------------------------- + *--------------------------------------------------------------------- * Split a 32bit seconds value into h/m/s and excessive days. This * function happily accepts negative time values as timestamps before * midnight. - * ------------------------------------------------------------------- + *--------------------------------------------------------------------- */ static int32_t priv_timesplit( @@ -773,7 +800,7 @@ priv_timesplit( } /* - * --------------------------------------------------------------------- + *--------------------------------------------------------------------- * Given the number of elapsed days in the calendar era, split this * number into the number of elapsed years in 'res.hi' and the number * of elapsed days of that year in 'res.lo'. @@ -1053,11 +1080,11 @@ ntpcal_time_to_date( /* - * ================================================================== + * ==================================================================== * * merging composite entities * - * ================================================================== + * ==================================================================== */ /* @@ -1251,8 +1278,8 @@ ntpcal_edate_to_eradays( * Convert ELAPSED years/months/days of gregorian calendar to elapsed * days in year. * - * Note: This will give the true difference to the start of the given year, - * even if months & days are off-scale. + * Note: This will give the true difference to the start of the given + * year, even if months & days are off-scale. *--------------------------------------------------------------------- */ int32_t @@ -1434,11 +1461,11 @@ ntpcal_date_to_time( /* - * ================================================================== + * ==================================================================== * * extended and unchecked variants of caljulian/caltontp * - * ================================================================== + * ==================================================================== */ int ntpcal_ntp64_to_date( @@ -1500,11 +1527,11 @@ ntpcal_date_to_ntp( /* - * ================================================================== + * ==================================================================== * * day-of-week calculations * - * ================================================================== + * ==================================================================== */ /* * Given a RataDie and a day-of-week, calculate a RDN that is reater-than, @@ -1557,7 +1584,7 @@ ntpcal_weekday_lt( } /* - * ================================================================== + * ==================================================================== * * ISO week-calendar conversions * @@ -1601,7 +1628,7 @@ ntpcal_weekday_lt( * smallest possible powers of two, so the division can be implemented * as shifts if the optimiser chooses to do so. * - * ================================================================== + * ==================================================================== */ /* diff --git a/contrib/ntp/libntp/ntp_intres.c b/contrib/ntp/libntp/ntp_intres.c index 0b5bb7534256..7aa288af57b2 100644 --- a/contrib/ntp/libntp/ntp_intres.c +++ b/contrib/ntp/libntp/ntp_intres.c @@ -118,14 +118,16 @@ * is managed by the code which calls the *_complete routines. */ + /* === typedefs === */ typedef struct blocking_gai_req_tag { /* marshalled args */ size_t octets; u_int dns_idx; time_t scheduled; time_t earliest; - struct addrinfo hints; int retry; + struct addrinfo hints; + u_int qflags; gai_sometime_callback callback; void * context; size_t nodesize; @@ -205,8 +207,8 @@ static dnsworker_ctx * get_worker_context(blocking_child *, u_int); static void scheduled_sleep(time_t, time_t, dnsworker_ctx *); static void manage_dns_retry_interval(time_t *, time_t *, - int *, - time_t *); + int *, time_t *, + int/*BOOL*/); static int should_retry_dns(int, int); #ifdef HAVE_RES_INIT static void reload_resolv_conf(dnsworker_ctx *); @@ -230,13 +232,14 @@ static void getnameinfo_sometime_complete(blocking_work_req, * invokes provided callback completion function. */ int -getaddrinfo_sometime( +getaddrinfo_sometime_ex( const char * node, const char * service, const struct addrinfo * hints, int retry, gai_sometime_callback callback, - void * context + void * context, + u_int qflags ) { blocking_gai_req * gai_req; @@ -277,6 +280,7 @@ getaddrinfo_sometime( gai_req->context = context; gai_req->nodesize = nodesize; gai_req->servsize = servsize; + gai_req->qflags = qflags; memcpy((char *)gai_req + sizeof(*gai_req), node, nodesize); memcpy((char *)gai_req + sizeof(*gai_req) + nodesize, service, @@ -451,6 +455,20 @@ blocking_getaddrinfo( return 0; } +int +getaddrinfo_sometime( + const char * node, + const char * service, + const struct addrinfo * hints, + int retry, + gai_sometime_callback callback, + void * context + ) +{ + return getaddrinfo_sometime_ex(node, service, hints, retry, + callback, context, 0); +} + static void getaddrinfo_sometime_complete( @@ -470,7 +488,7 @@ getaddrinfo_sometime_complete( char * service; char * canon_start; time_t time_now; - int again; + int again, noerr; int af; const char * fam_spec; int i; @@ -498,8 +516,9 @@ getaddrinfo_sometime_complete( gai_req->dns_idx, humantime(time_now))); } } else { - again = should_retry_dns(gai_resp->retcode, - gai_resp->gai_errno); + noerr = !!(gai_req->qflags & GAIR_F_IGNDNSERR); + again = noerr || should_retry_dns( + gai_resp->retcode, gai_resp->gai_errno); /* * exponential backoff of DNS retries to 64s */ @@ -528,9 +547,10 @@ getaddrinfo_sometime_complete( gai_strerror(gai_resp->retcode), gai_resp->retcode); } - manage_dns_retry_interval(&gai_req->scheduled, - &gai_req->earliest, &gai_req->retry, - &child_ctx->next_dns_timeslot); + manage_dns_retry_interval( + &gai_req->scheduled, &gai_req->earliest, + &gai_req->retry, &child_ctx->next_dns_timeslot, + noerr); if (!queue_blocking_request( BLOCKING_GETADDRINFO, gai_req, @@ -826,7 +846,7 @@ getnameinfo_sometime_complete( if (gni_req->retry > 0) manage_dns_retry_interval(&gni_req->scheduled, &gni_req->earliest, &gni_req->retry, - &child_ctx->next_dns_timeslot); + &child_ctx->next_dns_timeslot, FALSE); if (gni_req->retry > 0 && again) { if (!queue_blocking_request( @@ -1033,18 +1053,32 @@ manage_dns_retry_interval( time_t * pscheduled, time_t * pwhen, int * pretry, - time_t * pnext_timeslot + time_t * pnext_timeslot, + int forever ) { time_t now; time_t when; int retry; + int retmax; now = time(NULL); retry = *pretry; when = max(now + retry, *pnext_timeslot); *pnext_timeslot = when; - retry = min(64, retry << 1); + + /* this exponential backoff is slower than doubling up: The + * sequence goes 2-3-4-6-8-12-16-24-32... and the upper limit is + * 64 seconds for things that should not repeat forever, and + * 1024 when repeated forever. + */ + retmax = forever ? 1024 : 64; + retry <<= 1; + if (retry & (retry - 1)) + retry &= (retry - 1); + else + retry -= (retry >> 2); + retry = min(retmax, retry); *pscheduled = now; *pwhen = when; diff --git a/contrib/ntp/libntp/ssl_init.c b/contrib/ntp/libntp/ssl_init.c index a9d1d546dfb8..ef0f1c185a88 100644 --- a/contrib/ntp/libntp/ssl_init.c +++ b/contrib/ntp/libntp/ssl_init.c @@ -15,6 +15,7 @@ #ifdef OPENSSL #include "openssl/err.h" #include "openssl/evp.h" +#include "libssl_compat.h" void atexit_ssl_cleanup(void); @@ -62,6 +63,7 @@ ssl_check_version(void) INIT_SSL(); } + #endif /* OPENSSL */ @@ -84,7 +86,6 @@ keytype_from_text( u_char digest[EVP_MAX_MD_SIZE]; char * upcased; char * pch; - EVP_MD_CTX ctx; /* * OpenSSL digest short names are capitalized, so uppercase the @@ -110,8 +111,12 @@ keytype_from_text( if (NULL != pdigest_len) { #ifdef OPENSSL - EVP_DigestInit(&ctx, EVP_get_digestbynid(key_type)); - EVP_DigestFinal(&ctx, digest, &digest_len); + EVP_MD_CTX *ctx; + + ctx = EVP_MD_CTX_new(); + EVP_DigestInit(ctx, EVP_get_digestbynid(key_type)); + EVP_DigestFinal(ctx, digest, &digest_len); + EVP_MD_CTX_free(ctx); if (digest_len > max_digest_len) { fprintf(stderr, "key type %s %u octet digests are too big, max %lu\n", diff --git a/contrib/ntp/libntp/work_fork.c b/contrib/ntp/libntp/work_fork.c index 6c9545aa9cbc..8223fdd2f9b2 100644 --- a/contrib/ntp/libntp/work_fork.c +++ b/contrib/ntp/libntp/work_fork.c @@ -114,18 +114,24 @@ interrupt_worker_sleep(void) /* * harvest_child_status() runs in the parent. + * + * Note the error handling -- this is an interaction with SIGCHLD. + * SIG_IGN on SIGCHLD on some OSes means do not wait but reap + * automatically. Since we're not really interested in the result code, + * we simply ignore the error. */ static void harvest_child_status( blocking_child * c ) { - if (c->pid) - { + if (c->pid) { /* Wait on the child so it can finish terminating */ if (waitpid(c->pid, NULL, 0) == c->pid) TRACE(4, ("harvested child %d\n", c->pid)); - else msyslog(LOG_ERR, "error waiting on child %d: %m", c->pid); + else if (errno != ECHILD) + msyslog(LOG_ERR, "error waiting on child %d: %m", c->pid); + c->pid = 0; } } @@ -162,7 +168,6 @@ cleanup_after_child( close(c->resp_read_pipe); c->resp_read_pipe = -1; } - c->pid = 0; c->resp_read_ctx = NULL; DEBUG_INSIST(-1 == c->req_read_pipe); DEBUG_INSIST(-1 == c->resp_write_pipe); @@ -461,7 +466,10 @@ fork_blocking_child( fflush(stdout); fflush(stderr); - signal_no_reset(SIGCHLD, SIG_IGN); + /* [BUG 3050] setting SIGCHLD to SIG_IGN likely causes unwanted + * or undefined effects. We don't do it and leave SIGCHLD alone. + */ + /* signal_no_reset(SIGCHLD, SIG_IGN); */ childpid = fork(); if (-1 == childpid) { diff --git a/contrib/ntp/libparse/clk_hopf6021.c b/contrib/ntp/libparse/clk_hopf6021.c index 235962890f8c..c5980ef13f2b 100644 --- a/contrib/ntp/libparse/clk_hopf6021.c +++ b/contrib/ntp/libparse/clk_hopf6021.c @@ -113,13 +113,10 @@ static struct format hopf6021_fmt = #define OFFS(x) format->field_offsets[(x)].offset #define STOI(x, y) Stoi(&buffer[OFFS(x)], y, format->field_offsets[(x)].length) -#define hexval(x) (('0' <= (x) && (x) <= '9') ? (x) - '0' : \ - ('a' <= (x) && (x) <= 'f') ? (x) - 'a' + 10 : \ - ('A' <= (x) && (x) <= 'F') ? (x) - 'A' + 10 : \ - -1) static parse_cvt_fnc_t cvt_hopf6021; static parse_inp_fnc_t inp_hopf6021; +static unsigned char hexval(unsigned char); clockformat_t clock_hopf6021 = { @@ -160,40 +157,40 @@ cvt_hopf6021( return CVT_FAIL|CVT_BADFMT; } - clock_time->usecond = 0; - clock_time->utcoffset = 0; + clock_time->usecond = 0; + clock_time->flags = 0; - status = (u_char) hexval(buffer[OFFS(O_FLAGS)]); - weekday= (u_char) hexval(buffer[OFFS(O_WDAY)]); + status = hexval(buffer[OFFS(O_FLAGS)]); + weekday = hexval(buffer[OFFS(O_WDAY)]); if ((status == 0xFF) || (weekday == 0xFF)) { return CVT_FAIL|CVT_BADFMT; } - clock_time->flags = 0; - if (weekday & HOPF_UTC) { - clock_time->flags |= PARSEB_UTC; + clock_time->flags |= PARSEB_UTC; + clock_time->utcoffset = 0; + } + else if (status & HOPF_DST) + { + clock_time->flags |= PARSEB_DST; + clock_time->utcoffset = -2*60*60; /* MET DST */ } else { - if (status & HOPF_DST) - { - clock_time->flags |= PARSEB_DST; - clock_time->utcoffset = -2*60*60; /* MET DST */ - } - else - { - clock_time->utcoffset = -1*60*60; /* MET */ - } + clock_time->utcoffset = -1*60*60; /* MET */ } - clock_time->flags |= (status & HOPF_DSTWARN) ? PARSEB_ANNOUNCE : 0; - + if (status & HOPF_DSTWARN) + { + clock_time->flags |= PARSEB_ANNOUNCE; + } + switch (status & HOPF_MODE) { + default: /* dummy: we cover all 4 cases. */ case HOPF_INVALID: /* Time/Date invalid */ clock_time->flags |= PARSEB_POWERUP; break; @@ -205,9 +202,6 @@ cvt_hopf6021( case HOPF_RADIO: /* Radio clock */ case HOPF_RADIOHP: /* Radio clock high precision */ break; - - default: - return CVT_FAIL|CVT_BADFMT; } return CVT_OK; @@ -244,6 +238,30 @@ inp_hopf6021( } } +/* + * convert a hex-digit to numeric value + */ +static unsigned char +hexval( + unsigned char ch + ) +{ + unsigned int dv; + + if ((dv = ch - '0') >= 10u) + { + if ((dv -= 'A'-'0') < 6u || (dv -= 'a'-'A') < 6u) + { + dv += 10; + } + else + { + dv = 0xFF; + } + } + return (unsigned char)dv; +} + #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_HOPF6021) */ int clk_hopf6021_bs; #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_HOPF6021) */ diff --git a/contrib/ntp/ntpd/complete.conf.in b/contrib/ntp/ntpd/complete.conf.in index 2c547fac7d56..4c6c0459b5f5 100644 --- a/contrib/ntp/ntpd/complete.conf.in +++ b/contrib/ntp/ntpd/complete.conf.in @@ -26,7 +26,7 @@ controlkey 12 requestkey 12 enable auth ntp monitor stats disable bclient calibrate kernel mode7 peer_clear_digest_early unpeer_crypto_early unpeer_crypto_nak_early unpeer_digest_early -tos beacon 3600 ceiling 16 cohort 0 floor 1 maxclock 10 maxdist 1.5 minclock 3 mindist 0.001 minsane 1 orphan 16 orphanwait 300 +tos beacon 3600 ceiling 16 cohort 0 floor 1 maxclock 10 maxdist 1.5 minclock 3 mindist 0.001 minsane 1 orphan 16 orphanwait 300 bcpollbstep 3 rlimit@HAVE_RLIMIT_MEMLOCK@@HAVE_RLIMIT_STACK@ tinker allan 1500 dispersion 15 freq 0 huffpuff 7200 panic 1000 step 0.128 stepout 900 tick 0.01 broadcastclient diff --git a/contrib/ntp/ntpd/invoke-ntp.conf.texi b/contrib/ntp/ntpd/invoke-ntp.conf.texi index 7efeceebbfe7..afd92ffd97ba 100644 --- a/contrib/ntp/ntpd/invoke-ntp.conf.texi +++ b/contrib/ntp/ntpd/invoke-ntp.conf.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) # -# It has been AutoGen-ed June 2, 2016 at 07:36:07 AM by AutoGen 5.18.5 +# It has been AutoGen-ed November 21, 2016 at 08:01:55 AM by AutoGen 5.18.5 # From the definitions ntp.conf.def # and the template file agtexi-file.tpl @end ignore @@ -1925,6 +1925,21 @@ At the same time, the manycast scheme starts all over from the beginning and the expanding ring shrinks to the minimum and increments from there while collecting all servers in scope. +@subsubsection Broadcast Options +@table @asis +@item @code{tos} @code{[@code{bcpollbstep} @kbd{gate}]} +This command provides a way to delay, +by the specified number of broadcast poll intervals, +believing backward time steps from a broadcast server. +Broadcast time networks are expected to be trusted. +In the event a broadcast server's time is stepped backwards, +there is clear benefit to having the clients notice this change +as soon as possible. +Attacks such as replay attacks can happen, however, +and even though there are a number of protections built in to +broadcast mode, attempts to perform a replay attack are possible. +This value defaults to 0, but can be changed +to any number of poll intervals between 0 and 4. @subsubsection Manycast Options @table @asis @item @code{tos} @code{[@code{ceiling} @kbd{ceiling} | @code{cohort} @code{@{} @code{0} | @code{1} @code{@}} | @code{floor} @kbd{floor} | @code{minclock} @kbd{minclock} | @code{minsane} @kbd{minsane}]} diff --git a/contrib/ntp/ntpd/invoke-ntp.keys.texi b/contrib/ntp/ntpd/invoke-ntp.keys.texi index 8585e65b6e68..5982f036dbae 100644 --- a/contrib/ntp/ntpd/invoke-ntp.keys.texi +++ b/contrib/ntp/ntpd/invoke-ntp.keys.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) # -# It has been AutoGen-ed June 2, 2016 at 07:36:10 AM by AutoGen 5.18.5 +# It has been AutoGen-ed November 21, 2016 at 08:01:58 AM by AutoGen 5.18.5 # From the definitions ntp.keys.def # and the template file agtexi-file.tpl @end ignore diff --git a/contrib/ntp/ntpd/invoke-ntpd.texi b/contrib/ntp/ntpd/invoke-ntpd.texi index 7c1275ab7209..975494be71c1 100644 --- a/contrib/ntp/ntpd/invoke-ntpd.texi +++ b/contrib/ntp/ntpd/invoke-ntpd.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi) # -# It has been AutoGen-ed June 2, 2016 at 07:36:12 AM by AutoGen 5.18.5 +# It has been AutoGen-ed November 21, 2016 at 08:02:00 AM by AutoGen 5.18.5 # From the definitions ntpd-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -142,7 +142,7 @@ with a status code of 0. @exampleindent 0 @example -ntpd - NTP daemon program - Ver. 4.2.8p8 +ntpd - NTP daemon program - Ver. 4.2.8p9 Usage: ntpd [ - [] | --[@{=| @}] ]... \ [ ... ] Flg Arg Option-Name Description diff --git a/contrib/ntp/ntpd/keyword-gen-utd b/contrib/ntp/ntpd/keyword-gen-utd index 69665c2d8df6..683453dc6440 100644 --- a/contrib/ntp/ntpd/keyword-gen-utd +++ b/contrib/ntp/ntpd/keyword-gen-utd @@ -1 +1 @@ - * Generated 2016-05-19 06:35:34 UTC diff_ignore_line + * Generated 2016-11-09 11:39:28 UTC diff_ignore_line diff --git a/contrib/ntp/ntpd/keyword-gen.c b/contrib/ntp/ntpd/keyword-gen.c index 648b3ae01bc3..c9d30bece226 100644 --- a/contrib/ntp/ntpd/keyword-gen.c +++ b/contrib/ntp/ntpd/keyword-gen.c @@ -148,6 +148,7 @@ struct key_tok ntp_keywords[] = { { "cohort", T_Cohort, FOLLBY_TOKEN }, { "mindist", T_Mindist, FOLLBY_TOKEN }, { "maxdist", T_Maxdist, FOLLBY_TOKEN }, +{ "bcpollbstep", T_Bcpollbstep, FOLLBY_TOKEN }, { "beacon", T_Beacon, FOLLBY_TOKEN }, { "orphan", T_Orphan, FOLLBY_TOKEN }, { "orphanwait", T_Orphanwait, FOLLBY_TOKEN }, diff --git a/contrib/ntp/ntpd/ntp.conf.5man b/contrib/ntp/ntpd/ntp.conf.5man index b3fc3d80e56b..35fa0aae5a69 100644 --- a/contrib/ntp/ntpd/ntp.conf.5man +++ b/contrib/ntp/ntpd/ntp.conf.5man @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5man "02 Jun 2016" "4.2.8p8" "File Formats" +.TH ntp.conf 5man "21 Nov 2016" "4.2.8p9" "File Formats" .\" -.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-OzaOIT/ag-3zaGHT) +.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Q_ai3f/ag-2_aa2f) .\" -.\" It has been AutoGen-ed June 2, 2016 at 07:35:50 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed November 21, 2016 at 08:01:41 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME @@ -2174,7 +2174,23 @@ At the same time, the manycast scheme starts all over from the beginning and the expanding ring shrinks to the minimum and increments from there while collecting all servers in scope. +.SS Broadcast Options +.TP 7 +.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]bcpollbstep\f[] \f\*[I-Font]gate\f[]] +This command provides a way to delay, +by the specified number of broadcast poll intervals, +believing backward time steps from a broadcast server. +Broadcast time networks are expected to be trusted. +In the event a broadcast server's time is stepped backwards, +there is clear benefit to having the clients notice this change +as soon as possible. +Attacks such as replay attacks can happen, however, +and even though there are a number of protections built in to +broadcast mode, attempts to perform a replay attack are possible. +This value defaults to 0, but can be changed +to any number of poll intervals between 0 and 4. .SS Manycast Options +.RS .TP 7 .NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] | \f\*[B-Font]cohort\f[] { \f\*[B-Font]0\f[] | \f\*[B-Font]1\f[] } | \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] | \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] | \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]] This command affects the clock selection and clustering @@ -2244,7 +2260,7 @@ In manycast mode these values are used in turn in an expanding-ring search. The default is eight multiples of 32 starting at 31. -.PP +.RE .SH Reference Clock Support The NTP Version 4 daemon supports some three dozen different radio, satellite and modem reference clocks plus a special pseudo-clock @@ -2411,6 +2427,7 @@ option is used for this purpose. Except where noted, these options apply to all clock drivers. .SS Reference Clock Commands +.RS .TP 7 .NOP \f\*[B-Font]server\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]] This command can be used to configure reference clocks in @@ -2559,8 +2576,9 @@ Further information on the command can be found in \fIMonitoring\f[] \fIOptions\f[]. .RE -.PP +.RE .SH Miscellaneous Options +.RS .TP 7 .NOP \f\*[B-Font]broadcastdelay\f[] \f\*[I-Font]seconds\f[] The broadcast and multicast modes require a special calibration @@ -3079,8 +3097,9 @@ In manycast mode these values are used in turn in an expanding-ring search. The default is eight multiples of 32 starting at 31. -.PP +.RE .SH "OPTIONS" +.RS .TP .NOP \f\*[B-Font]\-\-help\f[] Display usage information and exit. @@ -3092,7 +3111,7 @@ Pass the extended usage information through a pager. Output version of program and exit. The default mode is `v', a simple version. The `c' mode will print copyright information and `n' will print the full copyright notice. -.PP +.RE .SH "OPTION PRESETS" Any option that is not marked as \fInot presettable\fP may be preset by loading values from environment variables named: @@ -3103,6 +3122,7 @@ by loading values from environment variables named: .SH "ENVIRONMENT" See \fBOPTION PRESETS\fP for configuration environment variables. .SH FILES +.RS .TP 15 .NOP \fI/etc/ntp.conf\f[] the default name of the configuration file @@ -3126,9 +3146,10 @@ RSA public key .TP 15 .NOP \fIntp_dh\f[] Diffie-Hellman agreement parameters -.PP +.RE .SH "EXIT STATUS" One of the following exit values will be returned: +.RS .TP .NOP 0 " (EXIT_SUCCESS)" Successful program execution. @@ -3139,7 +3160,7 @@ The operation failed or the command syntax was not valid. .NOP 70 " (EX_SOFTWARE)" libopts had an internal operational error. Please report it to autogen-users@lists.sourceforge.net. Thank you. -.PP +.RE .SH "SEE ALSO" \fCntpd\f[]\fR(1ntpdmdoc)\f[], \fCntpdc\f[]\fR(1ntpdcmdoc)\f[], diff --git a/contrib/ntp/ntpd/ntp.conf.5mdoc b/contrib/ntp/ntpd/ntp.conf.5mdoc index 21806bc2ea7a..3d328eb8ddce 100644 --- a/contrib/ntp/ntpd/ntp.conf.5mdoc +++ b/contrib/ntp/ntpd/ntp.conf.5mdoc @@ -1,9 +1,9 @@ -.Dd June 2 2016 +.Dd November 21 2016 .Dt NTP_CONF 5mdoc File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed June 2, 2016 at 07:36:16 AM by AutoGen 5.18.5 +.\" It has been AutoGen-ed November 21, 2016 at 08:02:03 AM by AutoGen 5.18.5 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -1995,6 +1995,25 @@ At the same time, the manycast scheme starts all over from the beginning and the expanding ring shrinks to the minimum and increments from there while collecting all servers in scope. +.Ss Broadcast Options +.Bl -tag -width indent +.It Xo Ic tos +.Oo +.Cm bcpollbstep Ar gate +.Oc +.Xc +This command provides a way to delay, +by the specified number of broadcast poll intervals, +believing backward time steps from a broadcast server. +Broadcast time networks are expected to be trusted. +In the event a broadcast server's time is stepped backwards, +there is clear benefit to having the clients notice this change +as soon as possible. +Attacks such as replay attacks can happen, however, +and even though there are a number of protections built in to +broadcast mode, attempts to perform a replay attack are possible. +This value defaults to 0, but can be changed +to any number of poll intervals between 0 and 4. .Ss Manycast Options .Bl -tag -width indent .It Xo Ic tos diff --git a/contrib/ntp/ntpd/ntp.conf.def b/contrib/ntp/ntpd/ntp.conf.def index a62e97650739..5ae8c382bd11 100644 --- a/contrib/ntp/ntpd/ntp.conf.def +++ b/contrib/ntp/ntpd/ntp.conf.def @@ -1997,6 +1997,25 @@ At the same time, the manycast scheme starts all over from the beginning and the expanding ring shrinks to the minimum and increments from there while collecting all servers in scope. +.Ss Broadcast Options +.Bl -tag -width indent +.It Xo Ic tos +.Oo +.Cm bcpollbstep Ar gate +.Oc +.Xc +This command provides a way to delay, +by the specified number of broadcast poll intervals, +believing backward time steps from a broadcast server. +Broadcast time networks are expected to be trusted. +In the event a broadcast server's time is stepped backwards, +there is clear benefit to having the clients notice this change +as soon as possible. +Attacks such as replay attacks can happen, however, +and even though there are a number of protections built in to +broadcast mode, attempts to perform a replay attack are possible. +This value defaults to 0, but can be changed +to any number of poll intervals between 0 and 4. .Ss Manycast Options .Bl -tag -width indent .It Xo Ic tos diff --git a/contrib/ntp/ntpd/ntp.conf.html b/contrib/ntp/ntpd/ntp.conf.html index 2f0db057bbd4..31cf87e47072 100644 --- a/contrib/ntp/ntpd/ntp.conf.html +++ b/contrib/ntp/ntpd/ntp.conf.html @@ -33,9 +33,9 @@ Up: (dir)

This document describes the configuration file for the NTP Project's ntpd program. -

This document applies to version 4.2.8p8 of ntp.conf. +

This document applies to version 4.2.8p9 of ntp.conf. -

+

Short Contents

    NTP's Configuration File User Manual @@ -1926,9 +1926,25 @@ scheme starts all over from the beginning and the expanding ring shrinks to the minimum and increments from there while collecting all servers in scope. -
    Manycast Options
    +
    Broadcast Options
    +
    tos [bcpollbstep gate]
    This command provides a way to delay, +by the specified number of broadcast poll intervals, +believing backward time steps from a broadcast server. +Broadcast time networks are expected to be trusted. +In the event a broadcast server's time is stepped backwards, +there is clear benefit to having the clients notice this change +as soon as possible. +Attacks such as replay attacks can happen, however, +and even though there are a number of protections built in to +broadcast mode, attempts to perform a replay attack are possible. +This value defaults to 0, but can be changed +to any number of poll intervals between 0 and 4. + +
    Manycast Options
    + +
    tos [ceiling ceiling | cohort { 0 | 1 } | floor floor | minclock minclock | minsane minsane]
    This command affects the clock selection and clustering algorithms. It can be used to select the quality and @@ -1936,7 +1952,7 @@ quantity of peers used to synchronize the system clock and is most useful in manycast mode. The variables operate as follows: -
    +
    ceiling ceiling
    Peers with strata above ceiling will be discarded if there are at least @@ -1978,14 +1994,14 @@ Byzantine agreement, should be at least 4 in order to detect and discard a single falseticker.
    -
    ttl hop ...
    This command specifies a list of TTL values in increasing +
    ttl hop ...
    This command specifies a list of TTL values in increasing order, up to 8 values can be specified. In manycast mode these values are used in turn in an expanding-ring search. The default is eight multiples of 32 starting at 31.
    -
    +



    @@ -1993,7 +2009,7 @@ multiples of 32 starting at 31.

    Reference Clock Support

    -

    The NTP Version 4 daemon supports some three dozen different radio, +

    The NTP Version 4 daemon supports some three dozen different radio, satellite and modem reference clocks plus a special pseudo-clock used for backup or when no other clock source is available. Detailed descriptions of individual device drivers and options can @@ -2030,7 +2046,7 @@ page provided in /usr/share/doc/ntp). -

    A reference clock will generally (though not always) be a radio +

    A reference clock will generally (though not always) be a radio timecode receiver which is synchronized to a source of standard time such as the services offered by the NRC in Canada and NIST and USNO in the US. @@ -2046,7 +2062,7 @@ or the hardware port has not been appropriately configured results in a scalding remark to the system log file, but is otherwise non hazardous. -

    For the purposes of configuration, +

    For the purposes of configuration, ntpd(1ntpdmdoc) treats reference clocks in a manner analogous to normal NTP peers as much @@ -2067,7 +2083,7 @@ While it may seem overkill, it is in fact sometimes useful to configure multiple reference clocks of the same type, in which case the unit numbers must be unique. -

    The +

    The server command is used to configure a reference clock, where the @@ -2105,7 +2121,7 @@ meaning only for selected clock drivers. See the individual clock driver document pages for additional information. -

    The +

    The fudge command is used to provide additional information for individual clock drivers and normally follows @@ -2127,7 +2143,7 @@ in the fudge command as well. -

    The stratum number of a reference clock is by default zero. +

    The stratum number of a reference clock is by default zero. Since the ntpd(1ntpdmdoc) daemon adds one to the stratum of each @@ -2150,11 +2166,11 @@ these options apply to all clock drivers.

    Reference Clock Commands
    -
    +
    server 127.127.t.u [prefer] [mode int] [minpoll int] [maxpoll int]
    This command can be used to configure reference clocks in special ways. The options are interpreted as follows: -
    +
    prefer
    Marks the reference clock as preferred. All other things being equal, this host will be chosen for synchronization among a set of @@ -2187,7 +2203,7 @@ defaults to 10 (17.1 m) and defaults to 14 (4.5 h). The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
    -
    fudge 127.127.t.u [time1 sec] [time2 sec] [stratum int] [refid string] [mode int] [flag1 0 | 1] [flag2 0 | 1] [flag3 0 | 1] [flag4 0 | 1]
    This command can be used to configure reference clocks in +
    fudge 127.127.t.u [time1 sec] [time2 sec] [stratum int] [refid string] [mode int] [flag1 0 | 1] [flag2 0 | 1] [flag3 0 | 1] [flag4 0 | 1]
    This command can be used to configure reference clocks in special ways. It must immediately follow the server @@ -2198,7 +2214,7 @@ is possible at run time using the program. The options are interpreted as follows: -
    +
    time1 sec
    Specifies a constant to be added to the time offset produced by the driver, a fixed-point decimal number in seconds. This is used @@ -2269,8 +2285,8 @@ Further information on the command can be found in Monitoring Options.
    -
    -
    +
    +



    @@ -2278,7 +2294,7 @@ command can be found in

    Miscellaneous Options

    -
    +
    broadcastdelay seconds
    The broadcast and multicast modes require a special calibration to determine the network delay between the local and remote servers. @@ -2311,7 +2327,7 @@ frequency of zero and creates the file when writing it for the first time. If this command is not given, the daemon will always start with an initial frequency of zero. -

    The file format consists of a single line containing a single +

    The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing @@ -2331,7 +2347,7 @@ Note that all of these flags can be controlled remotely using the ntpdc(1ntpdcmdoc) utility program. -

    +
    auth
    Enables the server to synchronize with unconfigured peers only if the peer has been correctly authenticated using either public key or private key cryptography. @@ -2466,7 +2482,7 @@ The default for this flag is enable.
    -
    includefile includefile
    This command allows additional configuration commands +
    includefile includefile
    This command allows additional configuration commands to be included from a separate file. Include files may be nested to a depth of five; upon reaching the end of any @@ -2527,7 +2543,7 @@ and status messages (status). -

    Configuration keywords are formed by concatenating the message class with +

    Configuration keywords are formed by concatenating the message class with the event class. The all @@ -2539,20 +2555,20 @@ keyword to enable/disable all messages of the respective message class. Thus, a minimal log configuration could look like this: -

         
    -     logconfig =syncstatus +sysevents
    -
    +
              
    +          logconfig =syncstatus +sysevents
    +     
    -

    This would just list the synchronizations state of +

    This would just list the synchronizations state of ntpd(1ntpdmdoc) and the major system events. For a simple reference server, the following minimum message configuration could be useful: -

         
    -     logconfig =syncall +clockall
    -
    +
              
    +          logconfig =syncall +clockall
    +     
    -

    This configuration will list all clock information and +

    This configuration will list all clock information and synchronization information. All other events and messages about peers, system events and so on is suppressed. @@ -2611,8 +2627,8 @@ for them. Emphasis added: twisters are on their own and can expect no help from the support group. -

    The variables operate as follows: -

    +

    The variables operate as follows: +

    allan allan
    The argument becomes the new value for the minimum Allan intercept, which is a parameter of the PLL/FLL clock discipline algorithm. @@ -2661,8 +2677,8 @@ be set to any positive number in seconds. If set to zero, the stepout pulses will not be suppressed.
    -
    rlimit [memlock Nmegabytes | stacksize N4kPages filenum Nfiledescriptors]
    -
    +
    rlimit [memlock Nmegabytes | stacksize N4kPages filenum Nfiledescriptors]
    +
    memlock Nmegabytes
    Specify the number of megabytes of memory that should be allocated and locked. Probably only available under Linux, this option may be useful @@ -2679,7 +2695,7 @@ Defaults to 50 4k pages (200 4k pages in OpenBSD).
    filenum Nfiledescriptors
    Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default.
    -
    trap host_address [port port_number] [interface interface_address]
    This command configures a trap receiver at the given host +
    trap host_address [port port_number] [interface interface_address]
    This command configures a trap receiver at the given host address and port number for sending messages with the specified local interface address. If the port number is unspecified, a value @@ -2690,7 +2706,7 @@ message is sent through. Note that on a multihomed host the interface used may vary from time to time with routing changes. -

    The trap receiver will generally log event messages and other +

    The trap receiver will generally log event messages and other information from the server in a log file. While such monitor programs may also request their own trap dynamically, configuring a @@ -2704,11 +2720,11 @@ The default is eight multiples of 32 starting at 31.

    -

    This section was generated by AutoGen, +

    This section was generated by AutoGen, using the agtexi-cmd template and the option descriptions for the ntp.conf program. This software is released under the NTP license, <http://ntp.org/license>. -