Vendor import ntp-4.2.8p1.

Approved by:	roberto

COPYRIGHT

@@ -4,16 +4,16 @@ This file is automatically generated from html/copyright.html
   
    jpg "Clone me," says Dolly sheepishly.
    
-   Last update: 9-Aug-2014 07:56 UTC
+   Last update: 17-Jan-2015 00:16 UTC
      _________________________________________________________________
    
    The following copyright notice applies to all files collectively
    called the Network Time Protocol Version 4 Distribution. Unless
-   specifically declared otherwise in an individual file, this notice
-   applies as if the text was explicitly included in the file.
+   specifically declared otherwise in an individual file, this entire
+   notice applies as if the text was explicitly included in the file.
 ***********************************************************************
 *                                                                     *
-* Copyright (c) University of Delaware 1992-2014                      *
+* Copyright (c) University of Delaware 1992-2015                      *
 *                                                                     *
 * Permission to use, copy, modify, and distribute this software and   *
 * its documentation for any purpose with or without fee is hereby     *
@@ -27,6 +27,38 @@ This file is automatically generated from html/copyright.html
 * purpose. It is provided "as is" without express or implied          *
 * warranty.                                                           *
 *                                                                     *
+***********************************************************************
+
+   Content starting in 2011 from Harlan Stenn, Danny Mayer, and Martin
+   Burnicki is:
+***********************************************************************
+*                                                                     *
+* Copyright (c) Network Time Foundation 2011-2015                     *
+*                                                                     *
+* All Rights Reserved                                                 *
+*                                                                     *
+* Redistribution and use in source and binary forms, with or without  *
+* modification, are permitted provided that the following conditions  *
+* are met:                                                            *
+* 1. Redistributions of source code must retain the above copyright   *
+*    notice, this list of conditions and the following disclaimer.    *
+* 2. Redistributions in binary form must reproduce the above          *
+*    copyright notice, this list of conditions and the following      *
+*    disclaimer in the documentation and/or other materials provided  *
+*    with the distribution.                                           *
+*                                                                     *
+* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS  *
+* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED   *
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE  *
+* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE    *
+* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR *
+* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT   *
+* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR  *
+* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF          *
+* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT           *
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE   *
+* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH    *
+* DAMAGE.                                                             *
 ***********************************************************************
 
    The following individuals contributed in part to the Network Time

ChangeLog

@@ -1,4 +1,76 @@
 ---
+(4.2.8p1) 2015/02/04 Released by Harlan Stenn <stenn@ntp.org>
+
+* Update the NEWS file.
+* [Sec 2671] vallen in extension fields are not validated.
+---
+(4.2.8p1-RC2) 2015/01/29 Released by Harlan Stenn <stenn@ntp.org>
+
+* [Bug 2627] shm refclock allows only two units with owner-only access
+  rework: reverted sense of mode bit (so default reflects previous
+  behaviour) and updated ducumentation.
+* [Bug 2732] - Leap second not handled correctly on Windows 8
+  use 'GetTickCount()' to get the true elapsed time of slew
+  (This should work for all versions of Windows >= W2K)
+* [Bug 2738] Missing buffer initialization in refclocK_parse.c::parsestate().
+* [Bug 2739] Parse driver with PPS enabled occasionally evaluates
+  PPS timestamp with wrong sign. 
+  Removed some German umlauts.
+* [Bug 2740] Removed some obsolete code from the parse driver.
+* [Bug 2741] Incorrect buffer check in refclocK_parse.c::parsestatus().
+---
+(4.2.8p1-RC1) 2015/01/24 Released by Harlan Stenn <stenn@ntp.org>
+
+* Start the RC for 4.2.8p1.
+* [Bug 2187] Update version number generation scripts.
+* [Bug 2617] Fix sntp Usage documentation section.
+* [Sec 2672] Code cleanup: On some OSes ::1 can be spoofed...
+* [Bug 2736] Show error message if we cannot open the config file.
+* Copyright update.
+* Fix the package name.
+---
+(4.2.8p1-beta5) 2015/01/07 Released by Harlan Stenn <stenn@ntp.org>
+
+* [Bug 2695] Windows build: __func__ not supported under Windows.
+* [Bug 2728] Work around C99-style structure initialization code
+  for older compilers, specifically Visual Studio prior to VS2013.
+---
+(4.2.8p1-beta4) 2015/01/04 Released by Harlan Stenn <stenn@ntp.org>
+
+* [Bug 1084] PPSAPI for ntpd on Windows with DLL backends
+* [Bug 2695] Build problem on Windows (sys/socket.h).
+* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
+* Fix a regression introduced to timepps-Solaris.h as part of:
+  [Bug 1206] Required compiler changes for Windows
+  (4.2.5p181) 2009/06/06
+---
+(4.2.8p1-beta3) 2015/01/02 Released by Harlan Stenn <stenn@ntp.org>
+
+* [Bug 2627] shm refclock allows only two units with owner-only access
+  Use mode bit 0 to select public access for units >= 2 (units 0 & 1 are
+  always private.
+* [Bug 2681] Fix display of certificate EOValidity dates on 32-bit systems.
+* [Bug 2695] 4.2.8 does not build on Windows.
+* [bug 2700] mrulist stopped working in 4.2.8.
+* [Bug 2706] libparse/info_trimble.c build dependencies are broken.
+* [Bug 2713] variable type/cast, parameter name, general cleanup from NetBSD.
+* [Bug 2714] libevent may need to be built independently of any build of sntp.
+* [Bug 2715] mdnstries option for ntp.conf from NetBSD.
+---
+(4.2.8p1-beta2) 2014/12/27 Released by Harlan Stenn <stenn@ntp.org>
+
+* [Bug 2674] Install sntp in sbin on NetBSD.
+* [Bug 2693] ntp-keygen doesn't build without OpenSSL and sntp.
+* [Bug 2707] Avoid a C90 extension in libjsmn/jsmn.c.
+* [Bug 2709] see if we have a C99 compiler (not yet required).
+---
+(4.2.8p1-beta1) 2014/12/23 Released by Harlan Stenn <stenn@ntp.org>
+
+* [Sec 2672] On some OSes ::1 can be spoofed, bypassing source IP ACLs.
+* [Bug 2693] ntp-keygen doesn't build without OpenSSL.
+* [Bug 2697] IN6_IS_ADDR_LOOPBACK build problems on some OSes.
+* [Bug 2699] HAVE_SYS_SELECT_H is misspelled in refclock_gpsdjson.c.
+---
 (4.2.8) 2014/12/19 Released by Harlan Stenn <stenn@ntp.org>
 
 * [Sec 730] Increase RSA_generate_key modulus.
@@ -25,7 +97,7 @@
 * [Bug 2314] Kernel PPS binding EOPNOTSUPP is a failure condition. 
 * Rename pps_enable to hardpps_enable.
 (4.2.7p480) 2014/11/21 Released by Harlan Stenn <stenn@ntp.org>
-* [Bug 2677] PATH_MAX isn't #define'd  under Windows.
+* [Bug 2677] PATH_MAX isn't #define'd under Windows.
   Regression from the patch fixing Bug 2639.
 (4.2.7p479) 2014/11/15 Released by Harlan Stenn <stenn@ntp.org>
 * [Bug 2651] Certificates with ASN timestamps w/ 4-digit years mis-parsed.

Makefile.am

@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/libevent/m4 -I sntp/libopts/m4
 
 NULL =
 
+# moved sntp first to get libtool and libevent built.
+
 SUBDIRS =		\
+	sntp		\
 	scripts		\
 	include		\
 	libntp		\
@@ -17,7 +20,6 @@ SUBDIRS =		\
 	clockstuff	\
 	kernel		\
 	util		\
-	sntp		\
 	tests		\
 	$(NULL)
 
@@ -64,7 +66,6 @@ BUILT_SOURCES =				\
 	.gcc-warning			\
 	libtool				\
 	html/.datecheck			\
-	sntp/built-sources-only		\
 	$(srcdir)/COPYRIGHT		\
 	$(srcdir)/.checkChangeLog	\
 	$(NULL)

Makefile.in

@@ -171,6 +171,7 @@ CHUTEST = @CHUTEST@
 CONFIG_SHELL = @CONFIG_SHELL@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CPPFLAGS_LIBEVENT = @CPPFLAGS_LIBEVENT@
 CPPFLAGS_NTP = @CPPFLAGS_NTP@
 CXX = @CXX@
 CXXCPP = @CXXCPP@
@@ -205,7 +206,9 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
 LD = @LD@
+LDADD_LIBEVENT = @LDADD_LIBEVENT@
 LDADD_LIBNTP = @LDADD_LIBNTP@
+LDADD_LIBUTIL = @LDADD_LIBUTIL@
 LDADD_NLIST = @LDADD_NLIST@
 LDADD_NTP = @LDADD_NTP@
 LDFLAGS = @LDFLAGS@
@@ -404,7 +407,10 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/libevent/m4 -I sntp/libopts/m4
 NULL = 
+
+# moved sntp first to get libtool and libevent built.
 SUBDIRS = \
+	sntp		\
 	scripts		\
 	include		\
 	libntp		\
@@ -419,7 +425,6 @@ SUBDIRS = \
 	clockstuff	\
 	kernel		\
 	util		\
-	sntp		\
 	tests		\
 	$(NULL)
 
@@ -465,7 +470,6 @@ BUILT_SOURCES = \
 	.gcc-warning			\
 	libtool				\
 	html/.datecheck			\
-	sntp/built-sources-only		\
 	$(srcdir)/COPYRIGHT		\
 	$(srcdir)/.checkChangeLog	\
 	$(NULL)

NEWS

@@ -1,3 +1,63 @@
+---
+NTP 4.2.8p1 (Harlan Stenn <stenn@ntp.org>, 2015/02/04) 
+
+Focus: Security and Bug fixes, enhancements.
+
+Severity: HIGH
+ 
+In addition to bug fixes and enhancements, this release fixes the
+following high-severity vulnerabilities:
+
+* vallen is not validated in several places in ntp_crypto.c, leading
+  to a potential information leak or possibly a crash
+
+    References: Sec 2671 / CVE-2014-9297 / VU#852879
+    Affects: All NTP4 releases before 4.2.8p1 that are running autokey.
+    CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5
+    Date Resolved: Stable (4.2.8p1) 04 Feb 2015
+    Summary: The vallen packet value is not validated in several code
+             paths in ntp_crypto.c which can lead to information leakage
+	     or perhaps a crash of the ntpd process.
+    Mitigation - any of:
+	Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
+		or the NTP Public Services Project Download Page.
+	Disable Autokey Authentication by removing, or commenting out,
+		all configuration directives beginning with the "crypto"
+		keyword in your ntp.conf file. 
+    Credit: This vulnerability was discovered by Stephen Roettger of the
+    	Google Security Team, with additional cases found by Sebastian
+	Krahmer of the SUSE Security Team and Harlan Stenn of Network
+	Time Foundation. 
+
+* ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses
+  can be bypassed.
+
+    References: Sec 2672 / CVE-2014-9298 / VU#852879
+    Affects: All NTP4 releases before 4.2.8p1, under at least some
+	versions of MacOS and Linux. *BSD has not been seen to be vulnerable.
+    CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:C) Base Score: 9
+    Date Resolved: Stable (4.2.8p1) 04 Feb 2014
+    Summary: While available kernels will prevent 127.0.0.1 addresses
+	from "appearing" on non-localhost IPv4 interfaces, some kernels
+	do not offer the same protection for ::1 source addresses on
+	IPv6 interfaces. Since NTP's access control is based on source
+	address and localhost addresses generally have no restrictions,
+	an attacker can send malicious control and configuration packets
+	by spoofing ::1 addresses from the outside. Note Well: This is
+	not really a bug in NTP, it's a problem with some OSes. If you
+	have one of these OSes where ::1 can be spoofed, ALL ::1 -based
+	ACL restrictions on any application can be bypassed!
+    Mitigation:
+        Upgrade to 4.2.8p1, or later, from the NTP Project Download Page
+	or the NTP Public Services Project Download Page
+        Install firewall rules to block packets claiming to come from
+	::1 from inappropriate network interfaces. 
+    Credit: This vulnerability was discovered by Stephen Roettger of
+	the Google Security Team. 
+
+Additionally, over 30 bugfixes and improvements were made to the codebase.
+See the ChangeLog for more information.
+
 ---
 NTP 4.2.8 (Harlan Stenn <stenn@ntp.org>, 2014/12/18) 
  
@@ -8,6 +68,24 @@ Severity: HIGH
 In addition to bug fixes and enhancements, this release fixes the
 following high-severity vulnerabilities:
 
+************************** vv NOTE WELL vv *****************************
+
+The vulnerabilities listed below can be significantly mitigated by
+following the BCP of putting
+
+ restrict default ... noquery
+
+in the ntp.conf file.  With the exception of:
+
+   receive(): missing return on error
+   References: Sec 2670 / CVE-2014-9296 / VU#852879
+
+below (which is a limited-risk vulnerability), none of the recent
+vulnerabilities listed below can be exploited if the source IP is
+restricted from sending a 'query'-class packet by your ntp.conf file.
+
+************************** ^^ NOTE WELL ^^ *****************************
+
 * Weak default key in config_auth().
 
   References: [Sec 2665] / CVE-2014-9293 / VU#852879
@@ -23,7 +101,9 @@ following high-severity vulnerabilities:
 	entropy.  This was sufficient back in the late 1990s when the
 	code was written.  Not today.
 
-  Mitigation: Upgrade to 4.2.7p11 or later.
+  Mitigation - any of:
+	- Upgrade to 4.2.7p11 or later.
+	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
 
   Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta
   	of the Google Security Team.
@@ -43,7 +123,9 @@ following high-severity vulnerabilities:
 	cryptographic random number generator, either RAND_bytes from
 	OpenSSL, or arc4random(). 
 
-  Mitigation: Upgrade to 4.2.7p230 or later.
+  Mitigation - any of:
+  	- Upgrade to 4.2.7p230 or later.
+	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
 
   Credit:  This vulnerability was discovered in ntp-4.2.6 by
   	Stephen Roettger of the Google Security Team.
@@ -61,10 +143,11 @@ following high-severity vulnerabilities:
 	buffer and potentially allow malicious code to be executed
 	with the privilege level of the ntpd process.
 
-  Mitigation: Upgrade to 4.2.8, or later, or
-	Disable Autokey Authentication by removing, or commenting out,
-	all configuration directives beginning with the crypto keyword
-	in your ntp.conf file. 
+  Mitigation - any of:
+  	- Upgrade to 4.2.8, or later, or
+	- Disable Autokey Authentication by removing, or commenting out,
+	  all configuration directives beginning with the crypto keyword
+	  in your ntp.conf file. 
 
   Credit: This vulnerability was discovered by Stephen Roettger of the
   	Google Security Team. 
@@ -80,7 +163,9 @@ following high-severity vulnerabilities:
   	can overflow a stack buffer and potentially allow malicious
 	code to be executed with the privilege level of the ntpd process.
 
-  Mitigation: Upgrade to 4.2.8, or later.
+  Mitigation - any of:
+  	- Upgrade to 4.2.8, or later.
+	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
 
   Credit: This vulnerability was discovered by Stephen Roettger of the
   	Google Security Team. 
@@ -96,7 +181,9 @@ following high-severity vulnerabilities:
 	can overflow a stack buffer and potentially allow malicious
 	code to be executed with the privilege level of the ntpd process.
 
-  Mitigation: Upgrade to 4.2.8, or later.
+  Mitigation - any of:
+  	- Upgrade to 4.2.8, or later.
+	- Follow BCP and put 'restrict ... noquery' in your ntp.conf file.
 
   Credit: This vulnerability was discovered by Stephen Roettger of the
 	Google Security Team. 
@@ -118,10 +205,10 @@ following high-severity vulnerabilities:
 	becomes a 5. If system integrity can be partially affected
 	via all three integrity metrics, the CVSS base score become 7.5.
 
-  Mitigation:
-        Upgrade to 4.2.8, or later,
-        or Remove or comment out all configuration directives
-	beginning with the crypto keyword in your ntp.conf file. 
+  Mitigation - any of:
+        - Upgrade to 4.2.8, or later,
+        - Remove or comment out all configuration directives
+	  beginning with the crypto keyword in your ntp.conf file. 
 
   Credit: This vulnerability was discovered by Stephen Roettger of the
   	Google Security Team. 

adjtimed/Makefile.in

@@ -153,6 +153,7 @@ CHUTEST = @CHUTEST@
 CONFIG_SHELL = @CONFIG_SHELL@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CPPFLAGS_LIBEVENT = @CPPFLAGS_LIBEVENT@
 CPPFLAGS_NTP = @CPPFLAGS_NTP@
 CXX = @CXX@
 CXXCPP = @CXXCPP@
@@ -187,7 +188,9 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
 LD = @LD@
+LDADD_LIBEVENT = @LDADD_LIBEVENT@
 LDADD_LIBNTP = @LDADD_LIBNTP@
+LDADD_LIBUTIL = @LDADD_LIBUTIL@
 LDADD_NLIST = @LDADD_NLIST@
 LDADD_NTP = @LDADD_NTP@
 LDFLAGS = @LDFLAGS@

build

@@ -117,7 +117,7 @@ case "$CC" in
     ;;
 esac
 
-	BDIR="$BASEDIR$KEYSUF$CCSUF"
+BDIR="$BASEDIR$KEYSUF$CCSUF"
 
 [ -d "$BDIR" ] || mkdir $BDIR
 [ -f "$BDIR/.buildcvo" ] || echo $CVO > $BDIR/.buildcvo
@@ -162,7 +162,11 @@ if [ -z "$TEST" ] ; then
     fi
 fi
 
-CONFIGURE="../configure --cache-file=../config.cache-$IAM$KEYSUF$CCSUF $CONFIG_ARGS"
+CONFIGURE="../configure"
+# We need KEYSUF because of RAND_ and others, and -noopenssl"
+#CONFIGURE="$CONFIGURE --cache-file=../config.cache-$IAM$KEYSUF$CCSUF"
+CONFIGURE="$CONFIGURE $CONFIG_ARGS"
+
 
 (	# This sequence of commands is logged to make.log.
 	# If config.status is newer than ../configure, and the same

clockstuff/Makefile.in

@@ -149,6 +149,7 @@ CHUTEST = @CHUTEST@
 CONFIG_SHELL = @CONFIG_SHELL@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CPPFLAGS_LIBEVENT = @CPPFLAGS_LIBEVENT@
 CPPFLAGS_NTP = @CPPFLAGS_NTP@
 CXX = @CXX@
 CXXCPP = @CXXCPP@
@@ -183,7 +184,9 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
 LD = @LD@
+LDADD_LIBEVENT = @LDADD_LIBEVENT@
 LDADD_LIBNTP = @LDADD_LIBNTP@
+LDADD_LIBUTIL = @LDADD_LIBUTIL@
 LDADD_NLIST = @LDADD_NLIST@
 LDADD_NTP = @LDADD_NTP@
 LDFLAGS = @LDFLAGS@

config.h.in

@@ -327,6 +327,9 @@
    */
 #undef HAVE_ALLOCA_H
 
+/* Define to 1 if you have the `arc4random_buf' function. */
+#undef HAVE_ARC4RANDOM_BUF
+
 /* Define to 1 if you have the <arpa/nameser.h> header file. */
 #undef HAVE_ARPA_NAMESER_H
 
@@ -1558,6 +1561,9 @@ typedef unsigned int	uintptr_t;
 /* Use OpenSSL's crypto random functions */
 #undef USE_OPENSSL_CRYPTO_RAND
 
+/* OK to use snprintb()? */
+#undef USE_SNPRINTB
+
 /* Can we use SIGPOLL for tty IO? */
 #undef USE_TTY_SIGPOLL
 

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for ntp4 4.2.8.
+# Generated by GNU Autoconf 2.68 for ntp 4.2.8p1.
 #
 # Report bugs to <http://bugs.ntp.org./>.
 #
@@ -568,10 +568,10 @@ MFLAGS=
 MAKEFLAGS=
 
 # Identity of this package.
-PACKAGE_NAME='ntp4'
-PACKAGE_TARNAME='ntp4'
-PACKAGE_VERSION='4.2.8'
-PACKAGE_STRING='ntp4 4.2.8'
+PACKAGE_NAME='ntp'
+PACKAGE_TARNAME='ntp'
+PACKAGE_VERSION='4.2.8p1'
+PACKAGE_STRING='ntp 4.2.8p1'
 PACKAGE_BUGREPORT='http://bugs.ntp.org./'
 PACKAGE_URL='http://www.ntp.org./'
 
@@ -649,7 +649,6 @@ DCFD
 TESTDCF
 MAKE_CHECK_LAYOUT
 VER_SUFFIX
-PKG_CONFIG
 MAKE_CHECK_Y2K
 MAKE_LIBPARSE_KERNEL
 MAKE_LIBPARSE
@@ -667,12 +666,18 @@ PTHREADS_TRUE
 LIBISC_PTHREADS_NOTHREADS
 PTHREAD_LIBS
 HAVE_INLINE
+LDADD_LIBUTIL
 ALLOCA
 LIBM
 EDITLINE_LIBS
 LDADD_LIBNTP
 NTP_CROSSCOMPILE_FALSE
 NTP_CROSSCOMPILE_TRUE
+BUILD_LIBEVENT_FALSE
+BUILD_LIBEVENT_TRUE
+LDADD_LIBEVENT
+CPPFLAGS_LIBEVENT
+PKG_CONFIG
 LIBOPTS_DIR
 LIBOPTS_CFLAGS
 LIBOPTS_LDADD
@@ -1568,7 +1573,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures ntp4 4.2.8 to adapt to many kinds of systems.
+\`configure' configures ntp 4.2.8p1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1616,7 +1621,7 @@ Fine tuning of the installation directories:
   --infodir=DIR           info documentation [DATAROOTDIR/info]
   --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
   --mandir=DIR            man documentation [DATAROOTDIR/man]
-  --docdir=DIR            documentation root [DATAROOTDIR/doc/ntp4]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/ntp]
   --htmldir=DIR           html documentation [DOCDIR]
   --dvidir=DIR            dvi documentation [DOCDIR]
   --pdfdir=DIR            pdf documentation [DOCDIR]
@@ -1638,7 +1643,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of ntp4 4.2.8:";;
+     short | recursive ) echo "Configuration of ntp 4.2.8p1:";;
    esac
   cat <<\_ACEOF
 
@@ -1804,7 +1809,7 @@ Use these variables to override the choices made by `configure' or to help
 it to find libraries and programs with nonstandard names/locations.
 
 Report bugs to <http://bugs.ntp.org./>.
-ntp4 home page: <http://www.ntp.org./>.
+ntp home page: <http://www.ntp.org./>.
 _ACEOF
 ac_status=$?
 fi
@@ -1867,7 +1872,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-ntp4 configure 4.2.8
+ntp configure 4.2.8p1
 generated by GNU Autoconf 2.68
 
 Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2692,7 +2697,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by ntp4 $as_me 4.2.8, which was
+It was created by ntp $as_me 4.2.8p1, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   $ $0 $@
@@ -3638,8 +3643,8 @@ fi
 
 
 # Define the identity of the package.
- PACKAGE='ntp4'
- VERSION='4.2.8'
+ PACKAGE='ntp'
+ VERSION='4.2.8p1'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -5429,6 +5434,183 @@ if test "x$ac_cv_prog_cc_c89" != xno; then :
 fi
 
 
+   { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C99" >&5
+$as_echo_n "checking for $CC option to accept ISO C99... " >&6; }
+if ${ac_cv_prog_cc_c99+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c99=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <wchar.h>
+#include <stdio.h>
+
+// Check varargs macros.  These examples are taken from C99 6.10.3.5.
+#define debug(...) fprintf (stderr, __VA_ARGS__)
+#define showlist(...) puts (#__VA_ARGS__)
+#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__))
+static void
+test_varargs_macros (void)
+{
+  int x = 1234;
+  int y = 5678;
+  debug ("Flag");
+  debug ("X = %d\n", x);
+  showlist (The first, second, and third items.);
+  report (x>y, "x is %d but y is %d", x, y);
+}
+
+// Check long long types.
+#define BIG64 18446744073709551615ull
+#define BIG32 4294967295ul
+#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0)
+#if !BIG_OK
+  your preprocessor is broken;
+#endif
+#if BIG_OK
+#else
+  your preprocessor is broken;
+#endif
+static long long int bignum = -9223372036854775807LL;
+static unsigned long long int ubignum = BIG64;
+
+struct incomplete_array
+{
+  int datasize;
+  double data[];
+};
+
+struct named_init {
+  int number;
+  const wchar_t *name;
+  double average;
+};
+
+typedef const char *ccp;
+
+static inline int
+test_restrict (ccp restrict text)
+{
+  // See if C++-style comments work.
+  // Iterate through items via the restricted pointer.
+  // Also check for declarations in for loops.
+  for (unsigned int i = 0; *(text+i) != '\0'; ++i)
+    continue;
+  return 0;
+}
+
+// Check varargs and va_copy.
+static void
+test_varargs (const char *format, ...)
+{
+  va_list args;
+  va_start (args, format);
+  va_list args_copy;
+  va_copy (args_copy, args);
+
+  const char *str;
+  int number;
+  float fnumber;
+
+  while (*format)
+    {
+      switch (*format++)
+	{
+	case 's': // string
+	  str = va_arg (args_copy, const char *);
+	  break;
+	case 'd': // int
+	  number = va_arg (args_copy, int);
+	  break;
+	case 'f': // float
+	  fnumber = va_arg (args_copy, double);
+	  break;
+	default:
+	  break;
+	}
+    }
+  va_end (args_copy);
+  va_end (args);
+}
+
+int
+main ()
+{
+
+  // Check bool.
+  _Bool success = false;
+
+  // Check restrict.
+  if (test_restrict ("String literal") == 0)
+    success = true;
+  char *restrict newvar = "Another string";
+
+  // Check varargs.
+  test_varargs ("s, d' f .", "string", 65, 34.234);
+  test_varargs_macros ();
+
+  // Check flexible array members.
+  struct incomplete_array *ia =
+    malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10));
+  ia->datasize = 10;
+  for (int i = 0; i < ia->datasize; ++i)
+    ia->data[i] = i * 1.234;
+
+  // Check named initializers.
+  struct named_init ni = {
+    .number = 34,
+    .name = L"Test wide string",
+    .average = 543.34343,
+  };
+
+  ni.number = 58;
+
+  int dynamic_array[ni.number];
+  dynamic_array[ni.number - 1] = 543;
+
+  // work around unused variable warnings
+  return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x'
+	  || dynamic_array[ni.number - 1] != 543);
+
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -xc99=all -qlanglvl=extc99
+do
+  CC="$ac_save_CC $ac_arg"
+  if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_c99=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c99" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c99" in
+  x)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c99"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5
+$as_echo "$ac_cv_prog_cc_c99" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c99" != xno; then :
+
+fi
+
+
 
 
 
@@ -6162,6 +6344,7 @@ fi
 
 
 
+
 CFLAGS_NTP=
 CPPFLAGS_NTP=
 LDADD_NTP=
@@ -19237,6 +19420,126 @@ fi
 
 
 
+ntp_pkgconfig_min_version='0.15.0'
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PKG_CONFIG+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+  ac_pt_PKG_CONFIG=$PKG_CONFIG
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $ac_pt_PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_pt_PKG_CONFIG" = x; then
+    PKG_CONFIG=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    PKG_CONFIG=$ac_pt_PKG_CONFIG
+  fi
+else
+  PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+{ ac_cv_path_PKG_CONFIG=; unset ac_cv_path_PKG_CONFIG;}
+{ ac_cv_path_ac_pt_PKG_CONFIG=; unset ac_cv_path_ac_pt_PKG_CONFIG;}
+
+case "$PKG_CONFIG" in
+ /*)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if pkg-config is at least version $ntp_pkgconfig_min_version" >&5
+$as_echo_n "checking if pkg-config is at least version $ntp_pkgconfig_min_version... " >&6; }
+    if $PKG_CONFIG --atleast-pkgconfig-version $ntp_pkgconfig_min_version; then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+    else
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	PKG_CONFIG=""
+    fi
+    ;;
+esac
+
+
+
+
 # Check whether --enable-local-libevent was given.
 if test "${enable_local_libevent+set}" = set; then :
   enableval=$enable_local_libevent; ntp_use_local_libevent=$enableval
@@ -19249,6 +19552,91 @@ fi
 
 
 
+ntp_libevent_min_version=2
+ntp_libevent_tearoff=sntp/libevent
+
+
+
+
+case "$ntp_use_local_libevent" in
+ yes)
+    ;;
+ *) # If we have (a good enough) pkg-config, see if it can find libevent
+    case "$PKG_CONFIG" in
+     /*)
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if libevent $ntp_libevent_min_version or later is installed" >&5
+$as_echo_n "checking if libevent $ntp_libevent_min_version or later is installed... " >&6; }
+	if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent
+	then
+	    ntp_use_local_libevent=no
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: Using the installed libevent" >&5
+$as_echo "$as_me: Using the installed libevent" >&6;}
+	    CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent`
+	    # HMS: I hope the following is accurate.
+	    # We don't need -levent, we only need  -levent_core.
+	    # While we could grab only the -L stuff, there *might* be
+	    # other flags there we want.  Originally we just removed -levent
+	    # but then somebody decided to install -levent-2.0
+	    # LDADD_LIBEVENT=`$PKG_CONFIG --libs libevent | sed 's:-levent::'`
+	    # So now we dance...
+	    LDADD_LIBEVENT=
+	    for i in `$PKG_CONFIG --libs libevent`
+	    do
+		case "$i" in
+		 -levent*) ;;
+		 *) case "$LDADD_LIBEVENT" in
+		     '') LDADD_LIBEVENT="$i" ;;
+		     *) LDADD_LIBEVENT="$LDADD_LIBEVENT $i" ;;
+		    esac
+		    ;;
+		esac
+	    done
+	    case "$LIBISC_PTHREADS_NOTHREADS" in
+	     pthreads)
+		LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_pthreads"
+	    esac
+	    LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_core"
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	else
+	    ntp_use_local_libevent=yes
+	    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	fi
+	;;
+     *)
+	ntp_use_local_libevent=yes
+	;;
+    esac
+    ;;
+esac
+
+case "$ntp_use_local_libevent" in
+ yes)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: Using libevent tearoff" >&5
+$as_echo "$as_me: Using libevent tearoff" >&6;}
+    CPPFLAGS_LIBEVENT="-I\$(top_builddir)/$ntp_libevent_tearoff/include -I\$(top_srcdir)/$ntp_libevent_tearoff/include"
+    case "$LIBISC_PTHREADS_NOTHREADS" in
+     pthreads)
+	LDADD_LIBEVENT="\$(top_builddir)/$ntp_libevent_tearoff/libevent_pthreads.la \$(top_builddir)/$ntp_libevent_tearoff/libevent_core.la"
+	;;
+     *)
+	LDADD_LIBEVENT="\$(top_builddir)/$ntp_libevent_tearoff/libevent_core.la"
+    esac
+esac
+
+ if test "x$ntp_use_local_libevent" = "xyes"; then
+  BUILD_LIBEVENT_TRUE=
+  BUILD_LIBEVENT_FALSE='#'
+else
+  BUILD_LIBEVENT_TRUE='#'
+  BUILD_LIBEVENT_FALSE=
+fi
+
+
+
+
+
 
 # Expose a cross-compilation indicator to makefiles
  if test $build != $host; then
@@ -21078,6 +21466,73 @@ fi
 done
 
 
+# Bug 2713
+LDADD_LIBUTIL=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing snprintb" >&5
+$as_echo_n "checking for library containing snprintb... " >&6; }
+if ${ac_cv_search_snprintb+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char snprintb ();
+int
+main ()
+{
+return snprintb ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' util; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_snprintb=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if ${ac_cv_search_snprintb+:} false; then :
+  break
+fi
+done
+if ${ac_cv_search_snprintb+:} false; then :
+
+else
+  ac_cv_search_snprintb=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_snprintb" >&5
+$as_echo "$ac_cv_search_snprintb" >&6; }
+ac_res=$ac_cv_search_snprintb
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+  case "$ac_cv_search_snprintb" in
+ 'none required') ;;
+ no) ;;
+ *) LDADD_LIBUTIL="$ac_cv_search_snprintb $LDADD_LIBUTIL" ;;
+ esac
+
+$as_echo "#define USE_SNPRINTB 1" >>confdefs.h
+
+fi
+
+
 #
 for ac_header in errno.h sys/socket.h sys/types.h time.h
 do :
@@ -29950,6 +30405,20 @@ fi
 
 esac
 
+####
+
+for ac_func in arc4random_buf
+do :
+  ac_fn_c_check_func "$LINENO" "arc4random_buf" "ac_cv_func_arc4random_buf"
+if test "x$ac_cv_func_arc4random_buf" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_ARC4RANDOM_BUF 1
+_ACEOF
+
+fi
+done
+
+
 ####
 
 saved_LIBS="$LIBS"
@@ -33046,126 +33515,6 @@ $as_echo "$ans" >&6; }
 
 
 
-ntp_pkgconfig_min_version='0.15.0'
-if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
-set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_PKG_CONFIG+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $PKG_CONFIG in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  ;;
-esac
-fi
-PKG_CONFIG=$ac_cv_path_PKG_CONFIG
-if test -n "$PKG_CONFIG"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
-$as_echo "$PKG_CONFIG" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_path_PKG_CONFIG"; then
-  ac_pt_PKG_CONFIG=$PKG_CONFIG
-  # Extract the first word of "pkg-config", so it can be a program name with args.
-set dummy pkg-config; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $ac_pt_PKG_CONFIG in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  ;;
-esac
-fi
-ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
-if test -n "$ac_pt_PKG_CONFIG"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
-$as_echo "$ac_pt_PKG_CONFIG" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-  if test "x$ac_pt_PKG_CONFIG" = x; then
-    PKG_CONFIG=""
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
-    PKG_CONFIG=$ac_pt_PKG_CONFIG
-  fi
-else
-  PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
-fi
-
-{ ac_cv_path_PKG_CONFIG=; unset ac_cv_path_PKG_CONFIG;}
-{ ac_cv_path_ac_pt_PKG_CONFIG=; unset ac_cv_path_ac_pt_PKG_CONFIG;}
-
-case "$PKG_CONFIG" in
- /*)
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if pkg-config is at least version $ntp_pkgconfig_min_version" >&5
-$as_echo_n "checking if pkg-config is at least version $ntp_pkgconfig_min_version... " >&6; }
-    if $PKG_CONFIG --atleast-pkgconfig-version $ntp_pkgconfig_min_version; then
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-    else
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-	PKG_CONFIG=""
-    fi
-    ;;
-esac
-
-
-
-
 
 VER_SUFFIX=
 
@@ -36327,6 +36676,10 @@ if test -z "${NEED_LIBOPTS_TRUE}" && test -z "${NEED_LIBOPTS_FALSE}"; then
   as_fn_error $? "conditional \"NEED_LIBOPTS\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
 fi
+if test -z "${BUILD_LIBEVENT_TRUE}" && test -z "${BUILD_LIBEVENT_FALSE}"; then
+  as_fn_error $? "conditional \"BUILD_LIBEVENT\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
 if test -z "${NTP_CROSSCOMPILE_TRUE}" && test -z "${NTP_CROSSCOMPILE_FALSE}"; then
   as_fn_error $? "conditional \"NTP_CROSSCOMPILE\" was never defined.
 Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -36756,7 +37109,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by ntp4 $as_me 4.2.8, which was
+This file was extended by ntp $as_me 4.2.8p1, which was
 generated by GNU Autoconf 2.68.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -36817,13 +37170,13 @@ Configuration commands:
 $config_commands
 
 Report bugs to <http://bugs.ntp.org./>.
-ntp4 home page: <http://www.ntp.org./>."
+ntp home page: <http://www.ntp.org./>."
 
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-ntp4 config.status 4.2.8
+ntp config.status 4.2.8p1
 configured by $0, generated by GNU Autoconf 2.68,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -3,7 +3,7 @@ dnl
 m4_include([sntp/m4/version.m4])
 AC_PREREQ([2.61])
 AC_INIT(
-    [ntp4],
+    [ntp],
     [VERSION_NUMBER],
     [http://bugs.ntp.org./],
     [],
@@ -102,7 +102,7 @@ esac
 enable_nls=no
 LIBOPTS_CHECK_NOBUILD([sntp/libopts])
 
-NTP_ENABLE_LOCAL_LIBEVENT
+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent])
 
 NTP_LIBNTP
 
@@ -771,6 +771,10 @@ esac
 
 #### 
 
+AC_CHECK_FUNCS([arc4random_buf])
+
+#### 
+
 saved_LIBS="$LIBS"
 LIBS="$LIBS $LDADD_LIBNTP"
 AC_CHECK_FUNCS([daemon])

html/confopt.html

@@ -91,11 +91,13 @@ outgoing NTP packets. Versions 1-4 are the choices, with version 4 the default.<
 <h4 id="aux">Auxiliary Commands</h4>
 <dl>
 	<dt id="broadcastclient"><tt>broadcastclient</tt></dt>
-	<dd>Enable reception of broadcast server messages to any local interface (type	b address). Ordinarily, upon receiving a broadcast message for the first time, the broadcast client measures the nominal server propagation delay using a brief client/server exchange, after which it continues in listen-only mode. If a nonzero value is specified in the <tt>broadcastdelay</tt> command, the value becomes the delay and the volley is not executed. Note: the <tt>novolley</tt> option has been deprecated for future enhancements. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric key or public key authentication as described in the <a href="authopt.html">Authentication Options</a> page. Note that the volley is required with public key authentication in order to run the Autokey protocol..</dd>
+	<dd>Enable reception of broadcast server messages to any local interface (type	b address). Ordinarily, upon receiving a broadcast message for the first time, the broadcast client measures the nominal server propagation delay using a brief client/server exchange, after which it continues in listen-only mode. If a nonzero value is specified in the <tt>broadcastdelay</tt> command, the value becomes the delay and the volley is not executed. Note: the <tt>novolley</tt> option has been deprecated for future enhancements. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric key or public key authentication as described in the <a href="authopt.html">Authentication Options</a> page. Note that the volley is required with public key authentication in order to run the Autokey protocol.</dd>
   <dt id="manycastserver"><tt>manycastserver <i>address</i> [...]</tt></dt>
 	<dd>Enable reception of manycast client messages (type m) to the multicasts group address(es) (type m) specified. At least one address is required. Note that, in order to avoid accidental or malicious disruption, both the server and client should operate using symmetric key or public key authentication as described in the <a href="authopt.html">Authentication Options</a> page.</dd>
 	<dt id="multicastclient"><tt>multicastclient <i>address</i> [...]</tt></dt>
 	<dd>Enable reception of multicast server messages to the multicast group address(es) (type m) specified. Upon receiving a message for the first time, the multicast client measures the nominal server propagation delay using a brief client/server exchange with the server, then enters the broadcast client mode, in which it synchronizes to succeeding multicast messages. Note that, in order to avoid accidental or malicious disruption in this mode, both the server and client should operate using symmetric key or public key authentication as described in the <a href="authopt.html">Authentication Options</a> page.</dd>
+	<dt id="mdnstries"><tt>mdnstries</tt> <i>number</i></dt>
+	<dd>If we are participating in mDNS, after we have synched for the first time we attempt to register with the mDNS system.  If that registration attempt fails, we try again at one minute intervals for up to <tt>mdnstries</tt> times.  After all, <tt>ntpd</tt> may be starting before mDNS.  The default value for <tt>mdnstries</tt> is 5.</dd>
 </dl>
 <hr>
 <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>

html/copyright.html

@@ -10,16 +10,16 @@
 <h3>Copyright Notice</h3>
 <img src="pic/sheepb.jpg" alt="jpg" align="left"> "Clone me," says Dolly sheepishly.
 <p>Last update:
-  <!-- #BeginDate format:En2m -->9-Aug-2014  07:56<!-- #EndDate -->
+  <!-- #BeginDate format:En2m -->17-Jan-2015  00:16<!-- #EndDate -->
     UTC</p>
 <br clear="left">
 </p>
 <hr>
-<p>The following copyright notice applies to all files collectively  called the Network Time Protocol Version 4 Distribution. Unless  specifically declared otherwise in an individual file, this notice  applies as if the text was explicitly included in the file.</p>
+<p>The following copyright notice applies to all files collectively  called the Network Time Protocol Version 4 Distribution. Unless  specifically declared otherwise in an individual file, this entire notice  applies as if the text was explicitly included in the file.</p>
 <pre>
 ***********************************************************************
 *                                                                     *
-* Copyright (c) University of Delaware 1992-2014                      *
+* Copyright (c) University of Delaware 1992-2015                      *
 *                                                                     *
 * Permission to use, copy, modify, and distribute this software and   *
 * its documentation for any purpose with or without fee is hereby     *
@@ -35,6 +35,38 @@
 *                                                                     *
 ***********************************************************************
 </pre>
+<p>Content starting in 2011 from Harlan Stenn, Danny Mayer, and Martin Burnicki is:</p>
+<pre>
+***********************************************************************
+*                                                                     *
+* Copyright (c) Network Time Foundation 2011-2015                     *
+*                                                                     *
+* All Rights Reserved                                                 *
+*                                                                     *
+* Redistribution and use in source and binary forms, with or without  *
+* modification, are permitted provided that the following conditions  *
+* are met:                                                            *
+* 1. Redistributions of source code must retain the above copyright   *
+*    notice, this list of conditions and the following disclaimer.    *
+* 2. Redistributions in binary form must reproduce the above          *
+*    copyright notice, this list of conditions and the following      *
+*    disclaimer in the documentation and/or other materials provided  *
+*    with the distribution.                                           *
+*                                                                     *
+* THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS  *
+* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED   *
+* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE  *
+* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE    *
+* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR *
+* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT   *
+* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR  *
+* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF          *
+* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT           *
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE   *
+* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH    *
+* DAMAGE.                                                             *
+***********************************************************************
+</pre>
 <p>The following individuals contributed in part to the Network Time  Protocol Distribution Version 4 and are acknowledged as authors of this  work.</p>
 <ol>
   <li><a href="mailto:%20takao_abe@xurb.jp">Takao Abe &lt;takao_abe@xurb.jp&gt;</a> Clock driver for JJY receivers</li>

html/drivers/driver28.html

@@ -7,6 +7,10 @@
         <meta name="GENERATOR" content="Mozilla/4.01 [en] (Win95; I) [Netscape]">
         <title>Shared Memory Driver</title>
         <link href="scripts/style.css" type="text/css" rel="stylesheet">
+	<style type="text/css">
+	  table.dlstable { font-size:85%; }
+	  td.ttf{ font-family:Courier; font-weight:bold; }
+	</style>
     </head>
 
     <body>
@@ -21,7 +25,13 @@
             Driver ID: <tt>SHM</tt></p>
 
         <h4>Description</h4>
-        <p>This driver receives its reference clock info from a shared memory-segment. The shared memory-segment is created with owner-only access for unit 0 and 1, and world access for unit 2 and 3</p>
+        <p>This driver receives its reference clock info from a shared
+        memory-segment. The shared memory-segment is created with owner-only
+        access by default, unless otherwise requested by the mode word for units
+        &ge;2. Units 0 and 1 are always created with owner-only access for
+        backward compatibility.
+	</p>
+
 
         <h4>Structure of shared memory-segment</h4>
         <pre>struct shmTime {
@@ -49,14 +59,14 @@
 
         <h4>Operation mode=0</h4>
         <p>Each second, the value of <code>valid</code> of the shared memory-segment is checked:</p>
-        <p>If set, the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision) are passed to ntp, and <code>valid</code> is cleared and <code>count</code> is bumped.</p>
+        <p>If set, the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision) are passed to <i>NTPD</i>, and <code>valid</code> is cleared and <code>count</code> is bumped.</p>
         <p>If not set, <code>count</code> is bumped.</p>
         <h4>Operation mode=1</h4>
         <p>Each second, <code>valid</code> in the shared memory-segment is checked:</p>
-        <p>If set, the <code>count</code> field of the record is remembered, and the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision) are read. Then, the remembered <code>count</code> is compared to current value of <code>count</code> now in the record. If both are equal, the values read from the record are passed to ntp. If they differ, another process has modified the record while it was read out (was not able to produce this case), and failure is reported to ntp. The <code>valid</code> flag is cleared and <code>count</code> is bumped.</p>
+        <p>If set, the <code>count</code> field of the record is remembered, and the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision) are read. Then, the remembered <code>count</code> is compared to current value of <code>count</code> now in the record. If both are equal, the values read from the record are passed to <i>NTPD</i>. If they differ, another process has modified the record while it was read out (was not able to produce this case), and failure is reported to <i>NTPD</i>. The <code>valid</code> flag is cleared and <code>count</code> is bumped.</p>
         <p>If not set, <code>count</code> is bumped</p>
 
-<h4>Mode-independent postprocessing</h4>
+<h4>Mode-independent post-processing</h4>
 After the time stamps have been successfully plucked from the SHM
 segment, some sanity checks take place:
 <ul>
@@ -69,30 +79,38 @@ segment, some sanity checks take place:
   set to 1.
 </ul>
 
-<h4>gpsd</h4>
+<h4>GPSD</h4>
 
-<a href="http://gpsd.berlios.de/"><i>gpsd</i></a>
+<a href="http://gpsd.berlios.de/"><i>GPSD</i></a>
 knows how to talk to many GPS devices.
-It can work with <i>ntpd</i> through the SHM driver.
+It can work with <i>NTPD</i> through the SHM driver.
 <P>
-The <i>gpsd</i> man page suggests setting minpoll and maxpoll to 4.
+The <i>GPSD</i> man page suggests setting minpoll and maxpoll to 4.
 That was an attempt to reduce jitter.
 The SHM driver was fixed (ntp-4.2.5p138) to collect data each second rather than
 once per polling interval so that suggestion is no longer reasonable.
 <P>
-  <b>Note:</b> The GPSD client driver (type 46) uses the <i>gpsd</i>
-  client protocol to connect and talk to <i>gpsd</i>, but using the
-  SHM driver is the ancient way to have <i>gpsd</i> talk to <i>ntpd</i>.
+  <b>Note:</b> The <i>GPSD</i> client driver (type 46) uses the <i>GPSD</i>
+  client protocol to connect and talk to <i>GPSD</i>, but using the
+  SHM driver is the ancient way to have <i>GPSD</i> talk to <i>NTPD</i>. There
+  are some tricky points when using the SHM interface to interface
+  with <i>GPSD</i>, because <i>GPSD</i> will use two SHM clocks, one for the
+  serial data stream and one for the PPS information when
+  available. Receivers with a loose/sloppy timing between PPS and serial data
+  can easily cause trouble here because <i>NTPD</i> has no way to join the two
+  data streams and correlate the serial data with the PPS events.
+</p>
+<p>
 
 <h4>Clockstats</h4>
 If flag4 is set when the driver is polled, a clockstats record is written.
 The first 3 fields are the normal date, time, and IP address common to all clockstats records.
 <P>
 The 4th field is the number of second ticks since the last poll.
-The 5th field is the number of good data samples found.  The last 64 will be used by ntpd.
+The 5th field is the number of good data samples found.  The last 64 will be used by <i>NTPD</i>.
 The 6th field is the number of sample that didn't have valid data ready.
 The 7th field is the number of bad samples.
-The 8th field is the number of times the the mode 1 info was update while nptd was trying to grab a sample.
+The 8th field is the number of times the the mode 1 info was update while <i>NTPD</i> was trying to grab a sample.
 <P>
 
 Here is a sample showing the GPS reception fading out:
@@ -112,6 +130,39 @@ Here is a sample showing the GPS reception fading out:
 54364 85700.160 127.127.28.0  65   0  65   0   0
 </pre>
 
+    <h4>The 'mode' word</h4>
+    
+    <p>
+      Some aspects of the driver behavior can be adjusted by setting bits of
+      the 'mode' word in the server configuration line:<br>
+      &nbsp;&nbsp;<tt>server 127.127.28.</tt><i>x</i><tt> mode </tt><i>Y</i>
+    </p>
+
+    <table border="1" width="100%">
+      <caption>mode word bits and bit groups</caption>
+      <tbody><tr>
+	<th align="center">Bit</th>
+	<th align="center">Dec</th>
+	<th align="center">Hex</th>
+	<th align="left">Meaning</th>
+      </tr>
+      
+      <tr>
+	<td align="center">0</td>
+	<td align="center">1</td>
+	<td align="center">1</td>
+	<td>The SHM segment is private (mode 0600). This is the fixed
+	default for clock units 0 and 1; clock units &gt;1 are mode
+	0666 unless this bit is set for the specific unit.</td>
+      </tr><tr>
+	<td align="center">1-31</td>
+	<td align="center">-</td>
+	<td align="center">-</td>
+	<td><i>reserved -- do not use</i></td>
+	</tr>
+      </tbody>
+      </table>
+    
 	<h4>Fudge Factors</h4>
         <dl>
             <dt><tt>time1 <i>time</i></tt>
@@ -136,9 +187,64 @@ Here is a sample showing the GPS reception fading out:
             <dd>Not used by this driver.
             <dt><tt>flag4 0 | 1</tt>
             <dd>If flag4 is set, clockstats records will be written when the driver is polled.
-            <h4>Additional Information</h4>
-            <p><a href="../refclock.html">Reference Clock Drivers</a></p>
         </dl>
+
+	<h4>Public vs. Private SHM segments</h4>
+
+	<p>The driver attempts to create a shared memory segment with an
+	  identifier depending on the unit number. This identifier (which can be
+	  a numeric value or a string) clearly depends on the method used, which
+	  in turn depends on the host operating system:</p>
+
+	<ul>
+	  <li><p>
+	      <tt>Windows</tt> uses a file mapping to the page file with the
+	      name '<tt>Global\NTP</tt><i>u</i>' for public accessible
+	      mappings, where <i>u</i> is the clock unit. Private /
+	      non-public mappings are created as
+	      '<tt>Local\NTP</tt><i>u</i>'.
+	    </p><p>
+	      Public access assigns a NULL DACL to the memory mapping, while
+	      private access just uses the default DACL of the process creating
+	      the mapping.
+	    </p> 
+	  </li>
+	  <li><p>
+	      <tt>SYSV IPC</tt> creates a shared memory segment with a key value
+	      of <tt>0x4E545030</tt> + <i>u</i>, where <i>u</i> is again
+	      the clock unit. (This value could be hex-decoded as 'NTP0',
+	      'NTP1',..., with funny characters for units &gt; 9.)
+	    </p><p>
+	      Public access means a permission set of 0666, while private access
+	      creates the mapping with a permission set of 0600.
+	    </p>
+	  </li>
+	</ul>
+	
+	<p>There's no support for POSIX shared memory yet.</p>
+
+	<p><i>NTPD</i> is started as root on most POSIX-like operating systems
+	and uses the setuid/setgid system API to run under reduced rights once
+	the initial setup of the process is done. One consequence out of this
+	is that the allocation of SHM segments must be done early during the
+	clock setup. The actual polling of the clock is done as the run-time
+	user; deferring the creation of the SHM segment to this point will
+	create a SHM segment owned by the runtime-user account. The internal
+	structure of <i>NTPD</i> does not permit the use of a fudge flag if
+	this is to be avoided; this is the reason why a mode bit is used for
+	the configuration of a public segment.
+	</p>
+	
+	<p>When running under Windows, the chosen user account must be able to
+	create a SHM segment in the global object name space for SHM clocks with
+	public access. Otherwise the session isolation used by Windows kernels
+	after WinXP will get into the way if the client program does not run in
+	the same session.
+	</p>
+
+        <h4>Additional Information</h4>
+        <p><a href="../refclock.html">Reference Clock Drivers</a></p>
+
         <hr>
         <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
     </body>

include/Makefile.in

@@ -151,6 +151,7 @@ CHUTEST = @CHUTEST@
 CONFIG_SHELL = @CONFIG_SHELL@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CPPFLAGS_LIBEVENT = @CPPFLAGS_LIBEVENT@
 CPPFLAGS_NTP = @CPPFLAGS_NTP@
 CXX = @CXX@
 CXXCPP = @CXXCPP@
@@ -185,7 +186,9 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
 LD = @LD@
+LDADD_LIBEVENT = @LDADD_LIBEVENT@
 LDADD_LIBNTP = @LDADD_LIBNTP@
+LDADD_LIBUTIL = @LDADD_LIBUTIL@
 LDADD_NLIST = @LDADD_NLIST@
 LDADD_NTP = @LDADD_NTP@
 LDFLAGS = @LDFLAGS@

include/audio.h

@@ -9,6 +9,6 @@
 /*
  * Function prototypes
  */
-int	audio_init		(char *, int, int);
+int	audio_init		(const char *, int, int);
 int	audio_gain		(int, int, int);
 void	audio_show		(void);

include/icom.h

@@ -83,5 +83,5 @@
 /*
  * Function prototypes
  */
-int	icom_init		(char *, int, int);
+int	icom_init		(const char *, int, int);
 int	icom_freq		(int, int, double);

include/isc/Makefile.in

@@ -113,6 +113,7 @@ CHUTEST = @CHUTEST@
 CONFIG_SHELL = @CONFIG_SHELL@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@
+CPPFLAGS_LIBEVENT = @CPPFLAGS_LIBEVENT@
 CPPFLAGS_NTP = @CPPFLAGS_NTP@
 CXX = @CXX@
 CXXCPP = @CXXCPP@
@@ -147,7 +148,9 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
 LD = @LD@
+LDADD_LIBEVENT = @LDADD_LIBEVENT@
 LDADD_LIBNTP = @LDADD_LIBNTP@
+LDADD_LIBUTIL = @LDADD_LIBUTIL@
 LDADD_NLIST = @LDADD_NLIST@
 LDADD_NTP = @LDADD_NTP@
 LDFLAGS = @LDFLAGS@

include/ntp_config.h

@@ -239,6 +239,7 @@ struct config_tree_tag {
 	int_fifo *	reset_counters;
 
 	sim_fifo *	sim_details;
+	int		mdnstries;
 };
 
 
@@ -286,7 +287,7 @@ attr_val *create_attr_dval(int attr, double value);
 attr_val *create_attr_ival(int attr, int value);
 attr_val *create_attr_uval(int attr, u_int value);
 attr_val *create_attr_rangeval(int attr, int first, int last);
-attr_val *create_attr_sval(int attr, char *s);
+attr_val *create_attr_sval(int attr, const char *s);
 filegen_node *create_filegen_node(int filegen_token,
 				  attr_val_fifo *options);
 string_node *create_string_node(char *str);
@@ -316,7 +317,7 @@ int dump_all_config_trees(FILE *df, int comment);
 #endif
 
 #if defined(HAVE_SETRLIMIT)
-void ntp_rlimit(int, rlim_t, int, char *);
+void ntp_rlimit(int, rlim_t, int, const char *);
 #endif
 
 #endif	/* !defined(NTP_CONFIG_H) */

include/ntp_filegen.h

@@ -52,5 +52,5 @@ extern	void	filegen_statsdir(void);
 extern	FILEGEN *filegen_get	(const char *);
 extern	void	filegen_register (const char *, const char *, FILEGEN *);
 #ifdef DEBUG
-extern	void	filegen_unregister(char *);
+extern	void	filegen_unregister(const char *);
 #endif

include/ntp_stdlib.h

@@ -96,14 +96,14 @@ extern	int	ymd2yd		(int, int, int);
 /* a_md5encrypt.c */
 extern	int	MD5authdecrypt	(int, u_char *, u_int32 *, int, int);
 extern	int	MD5authencrypt	(int, u_char *, u_int32 *, int);
-extern	void	MD5auth_setkey	(keyid_t, int, const u_char *, int);
+extern	void	MD5auth_setkey	(keyid_t, int, const u_char *, size_t);
 extern	u_int32	addr2refid	(sockaddr_u *);
 
 /* emalloc.c */
 #ifndef EREALLOC_CALLSITE	/* ntp_malloc.h defines */
 extern	void *	ereallocz	(void *, size_t, size_t, int);
 #define	erealloczsite(p, n, o, z, f, l) ereallocz(p, n, o, (z))
-extern	void *	emalloc		(size_t);
+#define	emalloc(n)		ereallocz(NULL, n, 0, FALSE)
 #define	emalloc_zero(c)		ereallocz(NULL, (c), 0, TRUE)
 #define	erealloc(p, c)		ereallocz(p, (c), 0, FALSE)
 #define erealloc_zero(p, n, o)	ereallocz(p, n, (o), TRUE)
@@ -129,11 +129,11 @@ extern	char *	estrdup_impl	(const char *, const char *, int);
 extern	int	atoint		(const char *, long *);
 extern	int	atouint		(const char *, u_long *);
 extern	int	hextoint	(const char *, u_long *);
-extern	char *	humanlogtime	(void);
-extern	char *	humantime	(time_t);
+extern	const char *	humanlogtime	(void);
+extern	const char *	humantime	(time_t);
 extern	char *	mfptoa		(u_int32, u_int32, short);
 extern	char *	mfptoms		(u_int32, u_int32, short);
-extern	const char * modetoa	(int);
+extern	const char * modetoa	(size_t);
 extern	const char * eventstr	(int);
 extern	const char * ceventstr	(int);
 extern	const char * res_match_flags(u_short);

include/ntpd.h

@@ -78,7 +78,7 @@ extern	int	mprintf_event	(int, struct peer *, const char *, ...)
 struct ctl_var {
 	u_short code;
 	u_short flags;
-	char *text;
+	const char *text;
 };
 /*
  * Flag values
@@ -218,7 +218,7 @@ extern struct value tai_leap;
 /* ntp_proto.c */
 extern	void	transmit	(struct peer *);
 extern	void	receive 	(struct recvbuf *);
-extern	void	peer_clear	(struct peer *, char *);
+extern	void	peer_clear	(struct peer *, const char *);
 extern	void 	process_packet	(struct peer *, struct pkt *, u_int);
 extern	void	clock_select	(void);
 
@@ -285,7 +285,7 @@ extern	void	record_loop_stats (double, double, double, double, int);
 extern	void	record_clock_stats (sockaddr_u *, const char *);
 extern	int	mprintf_clock_stats(sockaddr_u *, const char *, ...)
 			NTP_PRINTF(2, 3);
-extern	void	record_raw_stats (sockaddr_u *srcadr, sockaddr_u *dstadr, l_fp *t1, l_fp *t2, l_fp *t3, l_fp *t4, int leap, int version, int mode, int stratum, int poll, int precision, double root_delay, double root_dispersion, u_int32 refid);
+extern	void	record_raw_stats (sockaddr_u *srcadr, sockaddr_u *dstadr, l_fp *t1, l_fp *t2, l_fp *t3, l_fp *t4, int leap, int version, int mode, int stratum, int ppoll, int precision, double root_delay, double root_dispersion, u_int32 refid);
 extern	void	check_leap_file	(int is_daily_check, u_int32 ntptime, const time_t * systime);
 extern	void	record_crypto_stats (sockaddr_u *, const char *);
 #ifdef DEBUG