276158 |
23-Dec-2014 |
des |
[SA-14:31] Fix multiple vulnerabilities in NTP suite. [EN-14:13] Fix directory deletion issue in freebsd-update.
Approved by: so |
260641 |
14-Jan-2014 |
delphij |
MFS r260639 (MFC r260637):
Disable 'monitor' feature in ntpd by default.
Security: FreeBSD-SA-14:02.ntpd Approved by: re (gjb) |
259128 |
09-Dec-2013 |
gjb |
Remove svn:mergeinfo from the releng/10.0 branch.
After branch creation from stable/10, the stable/10 branch mergeinfo was moved to the root of the branch.
Since there have not been any merges from stable/10 to releng/10.0 yet, we do not need to track any of the existing mergeinfo here.
Merges to releng/10.0 should now be done to the root of the branch.
For future branches during the release cycle, unless otherwise noted, this change will be done as part of the stable/ and releng/ branch creation.
Discussed with: peter Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
259065 |
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
245952 |
26-Jan-2013 |
pfg |
Clean some 'svn:executable' properties in the tree.
Submitted by: Christoph Mallon MFC after: 3 days
|
243933 |
06-Dec-2012 |
eadler |
Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk> Reviewed by: imp, toolchain@ Approved by: cperciva MFC after: 2 weeks
|
232844 |
12-Mar-2012 |
emaste |
Remove extraneous log message
When ntp switched between PLL and FLL mode it produced a log message "kernel time sync status change %04x". This issue is reported in ntp bug 452[1] which claims that this behaviour is normal and the log message isn't necessary. I'm not sure exactly when it was removed, but it's gone in the latest ntp release (4.2.6p5).
[1] http://bugs.ntp.org/show_bug.cgi?id=452
Approved by: roberto
|
223758 |
04-Jul-2011 |
attilio |
With retirement of cpumask_t and usage of cpuset_t for representing a mask of CPUs, pc_other_cpus and pc_cpumask become highly inefficient.
Remove them and replace their usage with custom pc_cpuid magic (as, atm, pc_cpumask can be easilly represented by (1 << pc_cpuid) and pc_other_cpus by (all_cpus & ~(1 << pc_cpuid))).
This change is not targeted for MFC because of struct pcpu members removal and dependency by cpumask_t retirement.
MD review by: marcel, marius, alc Tested by: pluknet MD testing by: marcel, marius, gonzo, andreast
|
223667 |
29-Jun-2011 |
bz |
In case ntp cannot resolve a hostname on startup it will queue the entry for resolving by a child process that, upon success, will add the entry to the config of the running running parent process.
Unfortunately there are a couple of bugs with this, fixed in various later versions of upstream in potentially different ways due to other code changes:
1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving which does not work. Make sure we always pass the name (or IP there).
2) The intermediate file to carry the information to the child process does not know about -4/-6 restrictions, so that a dual-stacked host could resolve to an IPv6 address but that might be unreachable (see r223626) leading to no working synchronization ignoring a IPv4 record. Thus alter the intermediate format to also pass the address family (AF_UNSPEC (default), AF_INET or AF_INET6) to the child process depending on -4 or -6.
3) Make the child process to parse the new intermediate file format and save the address family for getaddrinfo() hints flags.
4) Change child to always reload resolv.conf calling res_init() before trying to resolve names. This will pick up resolv.conf changes or new resolv.confs should they have not existed or been empty or unusable on ntp startup. This fix is more conditional in upstream versions but given FreeBSD has res_init there is no need for the configure logic as well.
Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 9 days
|
223626 |
28-Jun-2011 |
bz |
Compare port numbers correctly. They are stored by SRCPORT() in host byte order, so we need to compare them as such. Properly compare IPv6 addresses as well.
This allows the, by default, 8 badaddrs slots per address family to work correctly and only print sendto() errors once.
The change is no longer applicable to any latest upstream versions.
Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 1 week
|
222813 |
07-Jun-2011 |
attilio |
etire the cpumask_t type and replace it with cpuset_t usage.
This is intended to fix the bug where cpu mask objects are capped to 32. MAXCPU, then, can now arbitrarely bumped to whatever value. Anyway, as long as several structures in the kernel are statically allocated and sized as MAXCPU, it is suggested to keep it as low as possible for the time being.
Technical notes on this commit itself: - More functions to handle with cpuset_t objects are introduced. The most notable are cpusetobj_ffs() (which calculates a ffs(3) for a cpuset_t object), cpusetobj_strprint() (which prepares a string representing a cpuset_t object) and cpusetobj_strscan() (which creates a valid cpuset_t starting from a string representation). - pc_cpumask and pc_other_cpus are target to be removed soon. With the moving from cpumask_t to cpuset_t they are now inefficient and not really useful. Anyway, for the time being, please note that access to pcpu datas is protected by sched_pin() in order to avoid migrating the CPU while reading more than one (possible) word - Please note that size of cpuset_t objects may differ between kernel and userland. While this is not directly related to the patch itself, it is good to understand that concept and possibly use the patch as a reference on how to deal with cpuset_t objects in userland, when accessing kernland members. - KTR_CPUMASK is changed and now is represented through a string, to be set as the example reported in NOTES.
Please additively note that no MAXCPU is bumped in this patch, but private testing has been done until to MAXCPU=128 on a real 8x8x2(htt) machine (amd64).
Please note that the FreeBSD version is not yet bumped because of the upcoming pcpu changes. However, note that this patch is not targeted for MFC.
People to thank for the time spent on this patch: - sbruno, pluknet and Nicholas Esborn (nick AT desert DOT net) tested several revision of the patches and really helped in improving stability of this work. - marius fixed several bugs in the sparc64 implementation and reviewed patches related to ktr. - jeff and jhb discussed the basic approach followed. - kib and marcel made targeted review on some specific part of the patch. - marius, art, nwhitehorn and andreast reviewed MD specific part of the patch. - marius, andreast, gonzo, nwhitehorn and jceel tested MD specific implementations of the patch. - Other people have made contributions on other patches that have been already committed and have been listed separately.
Companies that should be mentioned for having participated at several degrees: - Yahoo! for having offered the machines used for testing on big count of CPUs. - The FreeBSD Foundation for having sponsored my devsummit attendance, which has been instrumental. - Sandvine for having offered offices and infrastructure during development.
(I really hope I didn't forget anyone, if it happened I apologize in advance).
|
222444 |
29-May-2011 |
bz |
The argument to setsockopt for IP_MULTICAST_LOOP depends on operating system and is decided upon by configure and could be an u_int or a u_char. For FreeBSD it is a u_char.
For IPv6 however RFC 3493, 5.2 defines the argument to IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always use that using a second variable for the IPV6 case. This is to get rid of these error messages every 5 minutes on some systems: ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument on socket 22, addr fe80::... for multicast address ff02::101
While here also fix the copy&paste error in the log message for IPV6_MULTICAST_LOOP.
Reviewed by: roberto Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 10 days Filed as: Bug 1936 on ntp.org
|
207736 |
07-May-2010 |
mckusick |
Merger of the quota64 project into head.
This joint work of Dag-Erling Smørgrav and myself updates the FFS quota system to support both traditional 32-bit and new 64-bit quotas (for those of you who want to put 2+Tb quotas on your users).
By default quotas are not compiled into the kernel. To include them in your kernel configuration you need to specify:
options QUOTA # Enable FFS quotas
If you are already running with the current 32-bit quotas, they should continue to work just as they have in the past. If you wish to convert to using 64-bit quotas, use `quotacheck -c 64'; if you wish to revert from 64-bit quotas back to 32-bit quotas, use `quotacheck -c 32'.
There is a new library of functions to simplify the use of the quota system, do `man quotafile' for details. If your application is currently using the quotactl(2), it is highly recommended that you convert your application to use the quotafile interface. Note that existing binaries will continue to work.
Special thanks to John Kozubik of rsync.net for getting me interested in pursuing 64-bit quota support and for funding part of my development time on this project.
|
200576 |
15-Dec-2009 |
roberto |
Merge 4.2.4p8 into contrib (r200452 & r200454).
Subversion is being difficult here so take a hammer and get it in.
MFC after: 2 weeks Security: CVE-2009-3563
|
200575 |
15-Dec-2009 |
roberto |
Bootstrap mergeinfo (thanks des@).
|
199995 |
01-Dec-2009 |
ume |
Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn't allow bind to an anycast addeess. It does away with an annoying message.
Reviewed by: bz, roberto MFC after: 2 weeks
|
195626 |
11-Jul-2009 |
cperciva |
Remove build timestamps from the following files: /boot/kernel/hptrr.ko /etc/mail/*.cf /lib/libcrypto.so.5 /usr/bin/ntpq /usr/sbin/amd /usr/sbin/iasl /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc
There does not appear to be any purpose to having these timestamps, and they have the irritating consequence that the aforementioned files will be different every time they are rebuilt.
After this commit, the only remaining build timestamps are in the kernel, the boot loaders, /usr/include/osreldate.h (the year in the copyright notice), and lib*.a (the timestamps on all of the included .o files).
Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl), roberto (ntp), jkim (acpica) Approved by: re (kib)
|
193893 |
10-Jun-2009 |
cperciva |
Prevent integer overflow in direct pipe write code from circumventing virtual-to-physical page lookups. [09:09]
Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]
Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]
Approved by: so (cperciva) Approved by: re (not really, but SVN wants this...) Security: FreeBSD-SA-09:09.pipe Security: FreeBSD-SA-09:10.ipv6 Security: FreeBSD-SA-09:11.ntpd
|
191517 |
26-Apr-2009 |
ed |
Remove empty directories from the HEAD.
Discussed with: developers, imp
|
191302 |
20-Apr-2009 |
roberto |
Merge r191298 into HEAD.
Prevent a buffer overflow in ntpq. Patch taken from the PR database after being committed to the official ntp tree and present in 4.2.4p7-rc2.
It will be MFH to the upcoming 7.2 pending re approval.
Obtained from: https://support.ntp.org/bugs/show_bug.cgi?id=1144 MFC after: 3 days Security: http://www.securityfocus.com/bid/34481 CVE-2009-0159
|
187194 |
13-Jan-2009 |
simon |
Correct ntpd(8) cryptographic signature bypass [SA-09:04].
Correct BIND DNSSEC incorrect checks for malformed signatures [SA-09:04].
Security: FreeBSD-SA-09:03.ntpd Security: FreeBSD-SA-09:04.bind Obtained from: ISC [SA-09:04] Approved by: so (simon)
|
182857 |
07-Sep-2008 |
roberto |
Merge from vendor/ntp/dist: r182856:
Apply updated patch from bin/92839 to avoid two possible buffer overflows.
PR: bin/92839 Submitted by: Helge Oldach <freebsdntpd@oldach.net>
|
182007 |
22-Aug-2008 |
roberto |
Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commit will update usr.sbin/ntp to match this.
MFC after: 2 weeks
|
181837 |
18-Aug-2008 |
roberto |
Move FREEBSD-upgrade as well.
|
181836 |
18-Aug-2008 |
roberto |
Move FREEBSD-Xlist in a more proper location.
|
181829 |
18-Aug-2008 |
roberto |
Reset mergeinfo for contrib/ntp (per the wiki page).
|
162736 |
28-Sep-2006 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r162735, which included commits to RCS files with non-trunk default branches.
|
138452 |
06-Dec-2004 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r138451, which included commits to RCS files with non-trunk default branches.
|
132537 |
22-Jul-2004 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r132536, which included commits to RCS files with non-trunk default branches.
|
132460 |
20-Jul-2004 |
roberto |
Remove an extra '}'.
|
132457 |
20-Jul-2004 |
roberto |
Update information on build/import.
|
132456 |
20-Jul-2004 |
roberto |
Merge conflicts.
Lots of added files, some removed and quite a large number of renames :(
|
132455 |
20-Jul-2004 |
roberto |
Merge conflicts (see also previous commit).
Reinsert our local changes to ntp_control.c:
1.4: Do not log every potential exploit attempt since a denial-of-service may result 1.5: int -> unsigned char fixes
|
132454 |
20-Jul-2004 |
roberto |
Revert this file to the vendor version, we don't need to have our own version of it. Will help further upgrades.
|
132452 |
20-Jul-2004 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r132451, which included commits to RCS files with non-trunk default branches.
|
106427 |
04-Nov-2002 |
roberto |
Merge conflicts.
MFC after: 1 month
|
106425 |
04-Nov-2002 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r106424, which included commits to RCS files with non-trunk default branches.
|
106170 |
29-Oct-2002 |
roberto |
Update for 4.1.1a.
Tested on: Sparc64 (panther), Alpha (beast) & i386
|
106168 |
29-Oct-2002 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r106167, which included commits to RCS files with non-trunk default branches.
|
106166 |
29-Oct-2002 |
roberto |
Merge conflicts.
MFC after: 1 month
|
106164 |
29-Oct-2002 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r106163, which included commits to RCS files with non-trunk default branches.
|
82505 |
29-Aug-2001 |
roberto |
Merge after 4.1.0 import.
|
82503 |
29-Aug-2001 |
roberto |
Update for 4.1.0 import.
|
82502 |
29-Aug-2001 |
roberto |
Redo the int -> unsigned changes jedgar did. It should have been submitted back but it was off the vendor branch anyway so...
|
82499 |
29-Aug-2001 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r82498, which included commits to RCS files with non-trunk default branches.
|
75260 |
06-Apr-2001 |
jedgar |
Do not log every potential exploit attempt since a denial-of-service may result.
|
75259 |
06-Apr-2001 |
jedgar |
- Correct off-by-one error and buffer underflow from previous fix - int -> unsigned char fixes
Submitted by: ache, dillon, Mark Andrews, et.al. (on -security)
|
75202 |
04-Apr-2001 |
phk |
Fix a potential ROOT-exploit in NTPD.
PR: 26358 Reviewed by: dima
|
57739 |
03-Mar-2000 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r57738, which included commits to RCS files with non-trunk default branches.
|
56751 |
28-Jan-2000 |
roberto |
Update for ntp 4.0.99b.
|
56749 |
28-Jan-2000 |
roberto |
Merge conflicts with the import of 4.0.99b.
|
56747 |
28-Jan-2000 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r56746, which included commits to RCS files with non-trunk default branches.
|
54364 |
09-Dec-1999 |
roberto |
This is the list of files excluded from the original tarball.
Reviewed by: peter, obrien
|
54363 |
09-Dec-1999 |
roberto |
Commit a fix several warnings on alpha for sysctlbyname arguments. It could have resulted in stack corruption. A patch has been sent to the ntp author for inclusion in next version.
Obtained from: peter
|
54362 |
09-Dec-1999 |
roberto |
Please all welcome the long-awaited upgrade from our ancient xntpd 3.4f to a brand new and shiny ntpd 4.0.98f.
I got tired of waiting for 4.1.0 and there is the feature freeze deadline so here it is. This is the contrib/ part of the upgrade. The Makefile glue will be added very soon in usr.sbin.
It builds and runs on both i386 and alpha (Thanks Peter!).
The bad news is that manpages no longer exist, everything is in HTML. I'll commit the text version of each HTML file in /usr/share/doc/ntp soon to have at least the help files w/o needing to get the entire contrib/ntp tree.
I'll commit FREEBSD-Xlist as soon as I can skip over $FreeBSD$ checks...
Reviewed by: peter, obrien Pushed by: phk
|
54360 |
09-Dec-1999 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r54359, which included commits to RCS files with non-trunk default branches.
|