MFC r362568:

MFV r362565:

Update 4.2.8p14 --> 4.2.8p15

Summary: Systems that use a CMAC algorithm in ntp.keys will not release
a bit of memory on each packet that uses a CMAC keyid, eventually causing
ntpd to run out of memory and fail. The CMAC cleanup from
https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby
the CMAC data structure was no longer completely removed.

Security: NTP Bug 3661

MFC -fno-common fixes: r359389, r359394, r359397-r359399, r359403-r359404,
r359406, r359413-r359416, r359425, r359427, r359432-r359433, r359443,
r359675-r359677

Note: this is not necessarily a complete fix to get these programs to build
with -fno-common applied.

r359389:
config(8): fixes for -fno-common

Move this handful of definitions into main.c, properly declare these as
extern in config.h. This fixes the config(8) build with -fno-common.

Unexplained in my previous commit to gas, -fno-common will become the
default in GCC10 and LLVM11, so it's worth addressing these in advance.

r359394:
MFV r359393: tcsh: import 6974bc35a5cd

This removes an extra variable definition that causes the -fno-common build
to fail, which will be a new default in GCC10/LLVM11.

r359397:
zfs: fix -fno-common issues

A similar (or identical?) fix has already landed in OpenZFS.

-fno-common will become the default in GCC10/LLVM11.

r359398:
sh: remove duplicate el definition

el is declared extern in myhistedit.h and defined in histedit.c. Remove the
duplicate definition in input.c to appease the -fno-common build.

-fno-common will become the default in GCC10/LLVM11.

r359399:
telnet: remove some duplicate definitions, mark terminaltype extern

Most of these were already properly declared and defined elsewhere, this is
effectively just a minor cleanup that fixes the -fno-common build.

-fno-common will become the default in GCC10/LLVM11.

r359403:
Revert 359399: telnet -fno-common bits

There was a large misfire from my local diff that I need to investigate, and
this version committed did not build.

r359404:
Re-apply r359399: telnet -fno-common fix

line and auth_level's redefinitions are just extraneous

telnetd will #define extern and then include ext.h to allocate storage for
all of these extern'd vars; however, two of them are actually defined in
libtelnet instead. Instead of doing an #ifdef extern dance around those
function pointers, just add an EXTERN macro to make it easier to
differentiate by sight which ones will get allocated in globals.c and which
ones are defined elsewhere.

r359406:
telnet: kill off remaining duplicate definition

r359413:
ipfilter: remove duplicate definition of 'thishost'

thishost is already defined in lib/initparse.c; no need for this one. This
fixes the ipfilter build with -fno-common.

-fno-common will become the default in GCC10/LLVM11.

r359414:
iscontrol: move definition of vflag/iscsidev to iscontrol.c

Mark the declaration extern as these are used elsewhere; this fixes the
build with -fno-common.

r359415:
userboot: mark host_fsops as extern

This is already defined elsewhere; mark this declaration extern to the fix
the -fno-common build.

r359416:
systat: remove redundant definition of kd

kd is already properly declared in extern.h and defined in main.c, rendering
this definition useless. This fixes the -fno-common build.

r359425:
locate: fix -fno-common build

Just a single variable declaration to extern and define elsewhere here,
myctype.

-fno-common will become a default in GCC10/LLVM11.

r359427:
fsck_ffs/fsdb: fix -fno-common build

This one is also a small list:

- 3x duplicate definition (ufs2_zino, returntosingle, nflag)
- 5x 'needs extern', 3/5 of which are referenced in fsdb

-fno-common will become the default in GCC10/LLVM11.

r359432:
gdb: compile with -fcommon explicitly

As described in the comment, gdb relies on some of the linker magic that
happens with -fcommon. I suspect the life expectancy of gdb-in-base is low
enough that this isn't worth spending much time addressing, especially given
the vintage. Hit it with the -fcommon hammer so that it continues to just
work.

r359433:
bmake: fix -fno-common build

debug was declared extern, but debug_file was not; correct this and define
debug_file in main.c (as debug is) to fix the -fno-common build.

-fno-common will become the default with GCC10/LLVM11.

r359443:
MFV r359442: bmake: import -fno-common fix build back from upstream

sjg@ committed the local patch previously committed upstream; pull it in to
vendor/ to ease any potential stress of future imports.

r359675:
kqueue tests: fix -fno-common build

vnode_fd and kqfd are both shared among multiple CU; define them exactly
once.

In the case of vnode_fd, it was simply the declaration that needed
correction.

-fno-common will become the default in GCC10/LLVM11.

r359676:
ntpd: fix build with -fno-common

Only a small nit here: psl should be declared extern and defined exactly
once.

-fno-common will become the default in GCC10/LLVM11.

r359677:
yp*: fix -fno-common build

This is mostly two problems spread out far and wide:
- ypldap_process should be declared properly
- debug is defined differently in many programs

For the latter, just extern it and define it everywhere that actually needs
it. This mostly works out nicely for ^/libexec/ypxfr, which can remove the
assignment at the beginning of main in favor of defining it properly.

-fno-common will become the default in GCC10/LLVM11.

This is a direct commit to stable/11:

Stack gap is not supported on stable/11.

MFC r358652:

MFV r358616:

Update ntp-4.2.8p13 --> 4.2.8p14.

The advisory can be found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele

No CVEs have been documented yet.

Security: http://support.ntp.org/bin/view/Main/NtpBug3610
http://support.ntp.org/bin/view/Main/NtpBug3596
http://support.ntp.org/bin/view/Main/NtpBug3592

MFC r352304, r352540

r352304:
No longer mlock() ntpd pages by default in memory thus allowing its
pages to page as necessary.

To restore historic BSD behaviour add the following to ntp.conf:
rlimit memlock 32

Discussed on: freebsd-current@ between Sept 6-9, 2019
Reported by: Users using ASLR with stack gap != 0
Reviewed by: ian, kib, rgrimes (all previous versions)
Differential Revision: https://reviews.freebsd.org/D21581

r352540:
Follow up on r352304 which disabled default mlockall() at startup.
Unfortunately though the original tarball supports this in ./configure
(for Linux), to fully support disabling of mlockall() by default requires
a little extra help otherwise the following is logged in syslog:

Cannot set RLIMIT_MEMLOCK: Operation not permitted

MFC r344883:

(MFV r344878:)

4.2.8p12 --> 4.2.8p13

Security: CVE-2019-8936
VuXML: c2576e14-36e2-11e9-9eda-206a8a720317
Obtained from: nwtime.org

MFC r338126: MFV r338092: ntp 4.2.8p12.

Relnotes: yes

MFC r330104: MFV r330102: ntp 4.2.8p11

MFC r315871: MFV r315791: ntp 4.2.8p10.

MFC r308957: MFV r308954:

ntp 4.2.8p9.

Approved by: so

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFV r301238:

ntp 4.2.8p8.

Security: CVE-2016-4957, CVE-2016-4953, CVE-2016-4954
Security: CVE-2016-4955, CVE-2016-4956
Security: FreeBSD-SA-16:24.ntp
With hat: so

MFV r298691:

ntp 4.2.8p7.

Security: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550
Security: CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518
Security: CVE-2016-2519
Security: FreeBSD-SA-16:16.ntp
With hat: so

Remove the RCSID line from ntp_control.c, and set the fbsd:nokeywords
property. This should have been done a while back (certainly before
mergeing projects/release-pkg to head), but I fixed the merge conflicts
and forgot to correct the real problem afterward.

Noticed by: peter
Sponsored by: The FreeBSD Foundation

Merge the projects/release-pkg branch to head.

This allows packaging the base system with pkg(8), including
but not limited to providing the ability to provide upstream
binary update possibilities for non-tier-1 architectures.

This merge is a requirement of the 11.0-RELEASE, and as such,
thank you to everyone that has tested the project branch.

Documentation in build(7) etc. is still somewhat sparse, but
updates to those parts will follow.

Sponsored by: The FreeBSD Foundation

Upgrade our copies of clang, llvm, lldb and compiler-rt to 3.8.0
release.

Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11
support to build; see UPDATING for more information.

Release notes for llvm and clang will soon be available here:
<http://llvm.org/releases/3.8.0/docs/ReleaseNotes.html>
<http://llvm.org/releases/3.8.0/tools/clang/docs/ReleaseNotes.html>

Thanks to Ed Maste, Roman Divacky, Davide Italiano and Antoine Brodin
for their help.

Relnotes: yes

MFV r294491: ntp 4.2.8p6.

Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975
Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978
Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139
Security: CVE-2015-8140, CVE-2015-8158
With hat: so

MFV r293415:

ntp 4.2.8p5

Reviewed by: cy, roberto
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D4828

mergeinfo fixup.

Improve collation string and locales support

Merge collation support from Illumos and DragonflyBSD.

Locales are now generated with the new localedef(1) tool from CLDR POSIX files.
The generated files are now identified as "BSD 1.0" format.

The libc now only read "BSD 1.0" locales definitions, all other version will be
set to "C"
The localedef(1) tool has been imported from Illumos and modified to use tree(3)
instead of the CDDL avl(3)
A set of tool created by edwin@ and extended by marino@ for dragonfly has been
added to be able to generate locales and the Makefiles from the vanilla CLDR
unicode databases + a universal UTF-8 charmap (by marino@)
Update the locales to unicode v27
Given our regex(3) does not support multibyte (yet) it has been forced to always
use locale C
Remove now unused colldef(1) and mklocale(1)
Finish implementing the numeric BSD extension for ctypes
The number of supported locales has grown from 175 to 250 locales. Among the new
locales: 6 Arabic locales (AE EG JO MA QA SA), Different variations of spanish
locales.
Added new 3 components locales for mn_Cyrl_MN, sr_Cyrl_RS sr_Latn_RS,
zh_Hans_CN, zh_Hant_HK and zh_Hant_TW. Some aliases has been for 2 components
version when possible.

Thanks: Garrett D'Amore (Illumos) who made sure all his work was done under
BSD license!, Edwin Groothuis (edwin@) for the work he made on tools to be able
to generate locales definition usable in freebsd sources out of vanilla CLDR
definitions, John Marino (DragonflyBSD) who first merge the Illumos work into
Dragonfly and spent hours tracking down bugs.

Merge mpsutil(8) branch

mpsutil(8)/mprutil(8) are new utilities for managing LSI Fusion-MPT
2/3 controllers (mps(4) and mpr(4))

For now only informational commands have been implemented.

This utility has been written by scottl@ [1] and polished by myself[2]

Submitted by: scottl
Discussed with: scottl
Relnotes: yes
Sponsored by: Netflix [1]
Sponsored by: Gandi.net [2]

Remove svn:keywords that leaked in.

MFV ntp-4.2.8p4 (r289715)

Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Sponsored by: Nginx, Inc.

Upgrade our copies of clang, llvm, lldb, compiler-rt and libc++ to 3.7.0
release.

Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11
support to build; see UPDATING for more information.

Release notes for llvm and clang can be found here:
<http://llvm.org/releases/3.7.0/docs/ReleaseNotes.html>
<http://llvm.org/releases/3.7.0/tools/clang/docs/ReleaseNotes.html>

Thanks to Ed Maste, Andrew Turner and Antoine Brodin for their help.

Exp-run: antoine
Relnotes: yes

MFV ntp-4.2.8p3 (r284990).

Approved by: roberto, delphij
Security: VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0
Security: http://bugs.ntp.org/show_bug.cgi?id=2853
Security: https://www.kb.cert.org/vuls/id/668167
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi

MFV ntp 4.2.8p2 (r281348)

Reviewed by: delphij (suggested MFC)
Approved by: roberto
Security: CVE-2015-1798, CVE-2015-1799
Security: VuXML ebd84c96-dd7e-11e4-854e-3c970e169bc2
MFC after: 1 month

Fix merge error.

Submitted by: jkim

Remove rednandt file.

Submitted by: jkim

Fix build.

MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)

Thanks to roberto for providing pointers to wedge this into HEAD.

Approved by: roberto

ntpd tries to bind to IPv6 interfaces in 'tentative' state and fails as IPv6 is
actually disabled. Fix it by making ntpd ignore such interfaces.

Submitted by: ume
Reviewed by: bz, gnn
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D1527

Correct comparison of IPv6 wildcard address.

MFC after: 3 days

Upgrade our copy of clang, llvm and lldb to 3.5.0 release.

Please note that this version now requires C++11 support to build; see
UPDATING for more information.

Release notes for llvm and clang can be found here:
<http://llvm.org/releases/3.5.0/docs/ReleaseNotes.html>
<http://llvm.org/releases/3.5.0/tools/clang/docs/ReleaseNotes.html>

Thanks to Ed Maste, Roman Divacky, Andrew Turner, Justin Hibbits and
Antoine Brodin for their invaluable help with this import.

Approved by: portmgr (antoine)
MFC after: 1 month

Fix multiple ntp vulnerabilities.

Reviewed by: roberto (earlier revision), philip
Security: CVE-2014-9293, CVE-2014-9294
Security: CVE-2014-9295, CVE-2014-9296
Security: FreeBSD-SA-14:31.ntp

Differential Revision: https://reviews.freebsd.org/D1343

Don't reply monlist request when it's not enabled.

No objection from: roberto (but all bugs are mine)
MFC after: 2 weeks

Disable 'monitor' feature in ntpd by default.

Security: FreeBSD-SA-14:02.ntpd
Approved by: so

Clean some 'svn:executable' properties in the tree.

Submitted by: Christoph Mallon
MFC after: 3 days

Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in
share/mk/sys.mk instead.

This is part of a medium term project to permit deterministic builds of
FreeBSD.

Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks

Remove extraneous log message

When ntp switched between PLL and FLL mode it produced a log message
"kernel time sync status change %04x". This issue is reported in ntp
bug 452[1] which claims that this behaviour is normal and the log
message isn't necessary. I'm not sure exactly when it was removed, but
it's gone in the latest ntp release (4.2.6p5).

[1] http://bugs.ntp.org/show_bug.cgi?id=452

Approved by: roberto

With retirement of cpumask_t and usage of cpuset_t for representing a
mask of CPUs, pc_other_cpus and pc_cpumask become highly inefficient.

Remove them and replace their usage with custom pc_cpuid magic (as,
atm, pc_cpumask can be easilly represented by (1 << pc_cpuid) and
pc_other_cpus by (all_cpus & ~(1 << pc_cpuid))).

This change is not targeted for MFC because of struct pcpu members
removal and dependency by cpumask_t retirement.

MD review by: marcel, marius, alc
Tested by: pluknet
MD testing by: marcel, marius, gonzo, andreast

In case ntp cannot resolve a hostname on startup it will queue the entry
for resolving by a child process that, upon success, will add the entry
to the config of the running running parent process.

Unfortunately there are a couple of bugs with this, fixed in various
later versions of upstream in potentially different ways due to other
code changes:

1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving
which does not work. Make sure we always pass the name (or IP there).

2) The intermediate file to carry the information to the child process
does not know about -4/-6 restrictions, so that a dual-stacked host
could resolve to an IPv6 address but that might be unreachable (see
r223626) leading to no working synchronization ignoring a IPv4 record.
Thus alter the intermediate format to also pass the address family
(AF_UNSPEC (default), AF_INET or AF_INET6) to the child process
depending on -4 or -6.

3) Make the child process to parse the new intermediate file format and
save the address family for getaddrinfo() hints flags.

4) Change child to always reload resolv.conf calling res_init() before
trying to resolve names. This will pick up resolv.conf changes or
new resolv.confs should they have not existed or been empty or
unusable on ntp startup. This fix is more conditional in upstream
versions but given FreeBSD has res_init there is no need for the
configure logic as well.

Approved by: roberto
Sponsored by: Sandvine Incorporated
MFC after: 9 days

Compare port numbers correctly. They are stored by SRCPORT()
in host byte order, so we need to compare them as such.
Properly compare IPv6 addresses as well.

This allows the, by default, 8 badaddrs slots per address
family to work correctly and only print sendto() errors once.

The change is no longer applicable to any latest upstream versions.

Approved by: roberto
Sponsored by: Sandvine Incorporated
MFC after: 1 week

etire the cpumask_t type and replace it with cpuset_t usage.

This is intended to fix the bug where cpu mask objects are
capped to 32. MAXCPU, then, can now arbitrarely bumped to whatever
value. Anyway, as long as several structures in the kernel are
statically allocated and sized as MAXCPU, it is suggested to keep it
as low as possible for the time being.

Technical notes on this commit itself:
- More functions to handle with cpuset_t objects are introduced.
The most notable are cpusetobj_ffs() (which calculates a ffs(3)
for a cpuset_t object), cpusetobj_strprint() (which prepares a string
representing a cpuset_t object) and cpusetobj_strscan() (which
creates a valid cpuset_t starting from a string representation).
- pc_cpumask and pc_other_cpus are target to be removed soon.
With the moving from cpumask_t to cpuset_t they are now inefficient
and not really useful. Anyway, for the time being, please note that
access to pcpu datas is protected by sched_pin() in order to avoid
migrating the CPU while reading more than one (possible) word
- Please note that size of cpuset_t objects may differ between kernel
and userland. While this is not directly related to the patch itself,
it is good to understand that concept and possibly use the patch
as a reference on how to deal with cpuset_t objects in userland, when
accessing kernland members.
- KTR_CPUMASK is changed and now is represented through a string, to be
set as the example reported in NOTES.

Please additively note that no MAXCPU is bumped in this patch, but
private testing has been done until to MAXCPU=128 on a real 8x8x2(htt)
machine (amd64).

Please note that the FreeBSD version is not yet bumped because of
the upcoming pcpu changes. However, note that this patch is not
targeted for MFC.

People to thank for the time spent on this patch:
- sbruno, pluknet and Nicholas Esborn (nick AT desert DOT net) tested
several revision of the patches and really helped in improving
stability of this work.
- marius fixed several bugs in the sparc64 implementation and reviewed
patches related to ktr.
- jeff and jhb discussed the basic approach followed.
- kib and marcel made targeted review on some specific part of the
patch.
- marius, art, nwhitehorn and andreast reviewed MD specific part of
the patch.
- marius, andreast, gonzo, nwhitehorn and jceel tested MD specific
implementations of the patch.
- Other people have made contributions on other patches that have been
already committed and have been listed separately.

Companies that should be mentioned for having participated at several
degrees:
- Yahoo! for having offered the machines used for testing on big
count of CPUs.
- The FreeBSD Foundation for having sponsored my devsummit attendance,
which has been instrumental.
- Sandvine for having offered offices and infrastructure during
development.

(I really hope I didn't forget anyone, if it happened I apologize in
advance).

The argument to setsockopt for IP_MULTICAST_LOOP depends on operating
system and is decided upon by configure and could be an u_int or a
u_char. For FreeBSD it is a u_char.

For IPv6 however RFC 3493, 5.2 defines the argument to
IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always
use that using a second variable for the IPV6 case.
This is to get rid of these error messages every 5 minutes on some
systems:
ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument
on socket 22, addr fe80::... for multicast address ff02::101

While here also fix the copy&paste error in the log message for
IPV6_MULTICAST_LOOP.

Reviewed by: roberto
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
MFC after: 10 days
Filed as: Bug 1936 on ntp.org

Merger of the quota64 project into head.

This joint work of Dag-Erling Smørgrav and myself updates the
FFS quota system to support both traditional 32-bit and new 64-bit
quotas (for those of you who want to put 2+Tb quotas on your users).

By default quotas are not compiled into the kernel. To include them
in your kernel configuration you need to specify:

options QUOTA # Enable FFS quotas

If you are already running with the current 32-bit quotas, they
should continue to work just as they have in the past. If you
wish to convert to using 64-bit quotas, use `quotacheck -c 64';
if you wish to revert from 64-bit quotas back to 32-bit quotas,
use `quotacheck -c 32'.

There is a new library of functions to simplify the use of the
quota system, do `man quotafile' for details. If your application
is currently using the quotactl(2), it is highly recommended that
you convert your application to use the quotafile interface.
Note that existing binaries will continue to work.

Special thanks to John Kozubik of rsync.net for getting me
interested in pursuing 64-bit quota support and for funding
part of my development time on this project.

Merge 4.2.4p8 into contrib (r200452 & r200454).

Subversion is being difficult here so take a hammer and get it in.

MFC after: 2 weeks
Security: CVE-2009-3563

Bootstrap mergeinfo (thanks des@).

Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn't
allow bind to an anycast addeess. It does away with an annoying
message.

Reviewed by: bz, roberto
MFC after: 2 weeks

Remove build timestamps from the following files:
/boot/kernel/hptrr.ko
/etc/mail/*.cf
/lib/libcrypto.so.5
/usr/bin/ntpq
/usr/sbin/amd
/usr/sbin/iasl
/usr/sbin/ntpd
/usr/sbin/ntpdate
/usr/sbin/ntpdc

There does not appear to be any purpose to having these timestamps, and
they have the irritating consequence that the aforementioned files will
be different every time they are rebuilt.

After this commit, the only remaining build timestamps are in the kernel,
the boot loaders, /usr/include/osreldate.h (the year in the copyright
notice), and lib*.a (the timestamps on all of the included .o files).

Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl),
roberto (ntp), jkim (acpica)
Approved by: re (kib)

Prevent integer overflow in direct pipe write code from circumventing
virtual-to-physical page lookups. [09:09]

Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]

Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]

Approved by: so (cperciva)
Approved by: re (not really, but SVN wants this...)
Security: FreeBSD-SA-09:09.pipe
Security: FreeBSD-SA-09:10.ipv6
Security: FreeBSD-SA-09:11.ntpd

Remove empty directories from the HEAD.

Discussed with: developers, imp

Merge r191298 into HEAD.

Prevent a buffer overflow in ntpq. Patch taken from the PR database
after being committed to the official ntp tree and present in 4.2.4p7-rc2.

It will be MFH to the upcoming 7.2 pending re approval.

Obtained from: https://support.ntp.org/bugs/show_bug.cgi?id=1144
MFC after: 3 days
Security: http://www.securityfocus.com/bid/34481
CVE-2009-0159

Correct ntpd(8) cryptographic signature bypass [SA-09:04].

Correct BIND DNSSEC incorrect checks for malformed signatures
[SA-09:04].

Security: FreeBSD-SA-09:03.ntpd
Security: FreeBSD-SA-09:04.bind
Obtained from: ISC [SA-09:04]
Approved by: so (simon)

Merge from vendor/ntp/dist: r182856:

Apply updated patch from bin/92839 to avoid two possible buffer overflows.

PR: bin/92839
Submitted by: Helge Oldach <freebsdntpd@oldach.net>

Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commit
will update usr.sbin/ntp to match this.

MFC after: 2 weeks

Move FREEBSD-upgrade as well.

Move FREEBSD-Xlist in a more proper location.

Reset mergeinfo for contrib/ntp (per the wiki page).

This commit was generated by cvs2svn to compensate for changes in r162735,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r138451,
which included commits to RCS files with non-trunk default branches.

This commit was generated by cvs2svn to compensate for changes in r132536,
which included commits to RCS files with non-trunk default branches.

Remove an extra '}'.

Update information on build/import.

Merge conflicts.

Lots of added files, some removed and quite a large number of renames :(

Merge conflicts (see also previous commit).

Reinsert our local changes to ntp_control.c:

1.4: Do not log every potential exploit attempt since a denial-of-service
may result
1.5: int -> unsigned char fixes

Revert this file to the vendor version, we don't need to have our own
version of it. Will help further upgrades.

This commit was generated by cvs2svn to compensate for changes in r132451,
which included commits to RCS files with non-trunk default branches.

Merge conflicts.

MFC after: 1 month

This commit was generated by cvs2svn to compensate for changes in r106424,
which included commits to RCS files with non-trunk default branches.

Update for 4.1.1a.

Tested on: Sparc64 (panther), Alpha (beast) & i386

This commit was generated by cvs2svn to compensate for changes in r106167,
which included commits to RCS files with non-trunk default branches.

Merge conflicts.

MFC after: 1 month

This commit was generated by cvs2svn to compensate for changes in r106163,
which included commits to RCS files with non-trunk default branches.

Merge after 4.1.0 import.

Update for 4.1.0 import.

Redo the int -> unsigned changes jedgar did. It should have been submitted
back but it was off the vendor branch anyway so...

This commit was generated by cvs2svn to compensate for changes in r82498,
which included commits to RCS files with non-trunk default branches.

Do not log every potential exploit attempt since a denial-of-service
may result.

- Correct off-by-one error and buffer underflow from previous fix
- int -> unsigned char fixes

Submitted by: ache, dillon, Mark Andrews, et.al. (on -security)

Fix a potential ROOT-exploit in NTPD.

PR: 26358
Reviewed by: dima

This commit was generated by cvs2svn to compensate for changes in r57738,
which included commits to RCS files with non-trunk default branches.

Update for ntp 4.0.99b.

Merge conflicts with the import of 4.0.99b.

This commit was generated by cvs2svn to compensate for changes in r56746,
which included commits to RCS files with non-trunk default branches.

This is the list of files excluded from the original tarball.

Reviewed by: peter, obrien

Commit a fix several warnings on alpha for sysctlbyname arguments. It could
have resulted in stack corruption. A patch has been sent to the ntp author
for inclusion in next version.

Obtained from: peter

Please all welcome the long-awaited upgrade from our ancient xntpd 3.4f
to a brand new and shiny ntpd 4.0.98f.

I got tired of waiting for 4.1.0 and there is the feature freeze deadline
so here it is. This is the contrib/ part of the upgrade. The Makefile glue
will be added very soon in usr.sbin.

It builds and runs on both i386 and alpha (Thanks Peter!).

The bad news is that manpages no longer exist, everything is in HTML. I'll
commit the text version of each HTML file in /usr/share/doc/ntp soon to have
at least the help files w/o needing to get the entire contrib/ntp tree.

I'll commit FREEBSD-Xlist as soon as I can skip over $FreeBSD$ checks...

Reviewed by: peter, obrien
Pushed by: phk

This commit was generated by cvs2svn to compensate for changes in r54359,
which included commits to RCS files with non-trunk default branches.