362716 |
28-Jun-2020 |
cy |
MFC r362568:
MFV r362565:
Update 4.2.8p14 --> 4.2.8p15
Summary: Systems that use a CMAC algorithm in ntp.keys will not release a bit of memory on each packet that uses a CMAC keyid, eventually causing ntpd to run out of memory and fail. The CMAC cleanup from https://bugs.ntp.org/3447, part of ntp-4.2.8p11, introduced a bug whereby the CMAC data structure was no longer completely removed.
Security: NTP Bug 3661 |
359754 |
09-Apr-2020 |
kevans |
MFC -fno-common fixes: r359389, r359394, r359397-r359399, r359403-r359404, r359406, r359413-r359416, r359425, r359427, r359432-r359433, r359443, r359675-r359677
Note: this is not necessarily a complete fix to get these programs to build with -fno-common applied.
r359389: config(8): fixes for -fno-common
Move this handful of definitions into main.c, properly declare these as extern in config.h. This fixes the config(8) build with -fno-common.
Unexplained in my previous commit to gas, -fno-common will become the default in GCC10 and LLVM11, so it's worth addressing these in advance.
r359394: MFV r359393: tcsh: import 6974bc35a5cd
This removes an extra variable definition that causes the -fno-common build to fail, which will be a new default in GCC10/LLVM11.
r359397: zfs: fix -fno-common issues
A similar (or identical?) fix has already landed in OpenZFS.
-fno-common will become the default in GCC10/LLVM11.
r359398: sh: remove duplicate el definition
el is declared extern in myhistedit.h and defined in histedit.c. Remove the duplicate definition in input.c to appease the -fno-common build.
-fno-common will become the default in GCC10/LLVM11.
r359399: telnet: remove some duplicate definitions, mark terminaltype extern
Most of these were already properly declared and defined elsewhere, this is effectively just a minor cleanup that fixes the -fno-common build.
-fno-common will become the default in GCC10/LLVM11.
r359403: Revert 359399: telnet -fno-common bits
There was a large misfire from my local diff that I need to investigate, and this version committed did not build.
r359404: Re-apply r359399: telnet -fno-common fix
line and auth_level's redefinitions are just extraneous
telnetd will #define extern and then include ext.h to allocate storage for all of these extern'd vars; however, two of them are actually defined in libtelnet instead. Instead of doing an #ifdef extern dance around those function pointers, just add an EXTERN macro to make it easier to differentiate by sight which ones will get allocated in globals.c and which ones are defined elsewhere.
r359406: telnet: kill off remaining duplicate definition
r359413: ipfilter: remove duplicate definition of 'thishost'
thishost is already defined in lib/initparse.c; no need for this one. This fixes the ipfilter build with -fno-common.
-fno-common will become the default in GCC10/LLVM11.
r359414: iscontrol: move definition of vflag/iscsidev to iscontrol.c
Mark the declaration extern as these are used elsewhere; this fixes the build with -fno-common.
r359415: userboot: mark host_fsops as extern
This is already defined elsewhere; mark this declaration extern to the fix the -fno-common build.
r359416: systat: remove redundant definition of kd
kd is already properly declared in extern.h and defined in main.c, rendering this definition useless. This fixes the -fno-common build.
r359425: locate: fix -fno-common build
Just a single variable declaration to extern and define elsewhere here, myctype.
-fno-common will become a default in GCC10/LLVM11.
r359427: fsck_ffs/fsdb: fix -fno-common build
This one is also a small list:
- 3x duplicate definition (ufs2_zino, returntosingle, nflag) - 5x 'needs extern', 3/5 of which are referenced in fsdb
-fno-common will become the default in GCC10/LLVM11.
r359432: gdb: compile with -fcommon explicitly
As described in the comment, gdb relies on some of the linker magic that happens with -fcommon. I suspect the life expectancy of gdb-in-base is low enough that this isn't worth spending much time addressing, especially given the vintage. Hit it with the -fcommon hammer so that it continues to just work.
r359433: bmake: fix -fno-common build
debug was declared extern, but debug_file was not; correct this and define debug_file in main.c (as debug is) to fix the -fno-common build.
-fno-common will become the default with GCC10/LLVM11.
r359443: MFV r359442: bmake: import -fno-common fix build back from upstream
sjg@ committed the local patch previously committed upstream; pull it in to vendor/ to ease any potential stress of future imports.
r359675: kqueue tests: fix -fno-common build
vnode_fd and kqfd are both shared among multiple CU; define them exactly once.
In the case of vnode_fd, it was simply the declaration that needed correction.
-fno-common will become the default in GCC10/LLVM11.
r359676: ntpd: fix build with -fno-common
Only a small nit here: psl should be declared extern and defined exactly once.
-fno-common will become the default in GCC10/LLVM11.
r359677: yp*: fix -fno-common build
This is mostly two problems spread out far and wide: - ypldap_process should be declared properly - debug is defined differently in many programs
For the latter, just extern it and define it everywhere that actually needs it. This mostly works out nicely for ^/libexec/ypxfr, which can remove the assignment at the beginning of main in favor of defining it properly.
-fno-common will become the default in GCC10/LLVM11. |
358660 |
05-Mar-2020 |
cy |
This is a direct commit to stable/11:
Stack gap is not supported on stable/11. |
358659 |
05-Mar-2020 |
cy |
MFC r358652:
MFV r358616:
Update ntp-4.2.8p13 --> 4.2.8p14.
The advisory can be found at: http://support.ntp.org/bin/view/Main/SecurityNotice#\ March_2020_ntp_4_2_8p14_NTP_Rele
No CVEs have been documented yet.
Security: http://support.ntp.org/bin/view/Main/NtpBug3610 http://support.ntp.org/bin/view/Main/NtpBug3596 http://support.ntp.org/bin/view/Main/NtpBug3592 |
352865 |
29-Sep-2019 |
cy |
MFC r352304, r352540
r352304: No longer mlock() ntpd pages by default in memory thus allowing its pages to page as necessary.
To restore historic BSD behaviour add the following to ntp.conf: rlimit memlock 32
Discussed on: freebsd-current@ between Sept 6-9, 2019 Reported by: Users using ASLR with stack gap != 0 Reviewed by: ian, kib, rgrimes (all previous versions) Differential Revision: https://reviews.freebsd.org/D21581
r352540: Follow up on r352304 which disabled default mlockall() at startup. Unfortunately though the original tarball supports this in ./configure (for Linux), to fully support disabling of mlockall() by default requires a little extra help otherwise the following is logged in syslog:
Cannot set RLIMIT_MEMLOCK: Operation not permitted |
344884 |
07-Mar-2019 |
cy |
MFC r344883:
(MFV r344878:)
4.2.8p12 --> 4.2.8p13
Security: CVE-2019-8936 VuXML: c2576e14-36e2-11e9-9eda-206a8a720317 Obtained from: nwtime.org |
338530 |
08-Sep-2018 |
delphij |
MFC r338126: MFV r338092: ntp 4.2.8p12.
Relnotes: yes |
330106 |
28-Feb-2018 |
delphij |
MFC r330104: MFV r330102: ntp 4.2.8p11 |
316068 |
28-Mar-2017 |
delphij |
MFC r315871: MFV r315791: ntp 4.2.8p10. |
309007 |
22-Nov-2016 |
delphij |
MFC r308957: MFV r308954:
ntp 4.2.8p9.
Approved by: so |
302408 |
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
301247 |
03-Jun-2016 |
delphij |
MFV r301238:
ntp 4.2.8p8.
Security: CVE-2016-4957, CVE-2016-4953, CVE-2016-4954 Security: CVE-2016-4955, CVE-2016-4956 Security: FreeBSD-SA-16:24.ntp With hat: so
|
298695 |
27-Apr-2016 |
delphij |
MFV r298691:
ntp 4.2.8p7.
Security: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550 Security: CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518 Security: CVE-2016-2519 Security: FreeBSD-SA-16:16.ntp With hat: so
|
298123 |
16-Apr-2016 |
gjb |
Remove the RCSID line from ntp_control.c, and set the fbsd:nokeywords property. This should have been done a while back (certainly before mergeing projects/release-pkg to head), but I fixed the merge conflicts and forgot to correct the real problem afterward.
Noticed by: peter Sponsored by: The FreeBSD Foundation
|
298107 |
16-Apr-2016 |
gjb |
Merge the projects/release-pkg branch to head.
This allows packaging the base system with pkg(8), including but not limited to providing the ability to provide upstream binary update possibilities for non-tier-1 architectures.
This merge is a requirement of the 11.0-RELEASE, and as such, thank you to everyone that has tested the project branch.
Documentation in build(7) etc. is still somewhat sparse, but updates to those parts will follow.
Sponsored by: The FreeBSD Foundation
|
296417 |
05-Mar-2016 |
dim |
Upgrade our copies of clang, llvm, lldb and compiler-rt to 3.8.0 release.
Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11 support to build; see UPDATING for more information.
Release notes for llvm and clang will soon be available here: <http://llvm.org/releases/3.8.0/docs/ReleaseNotes.html> <http://llvm.org/releases/3.8.0/tools/clang/docs/ReleaseNotes.html>
Thanks to Ed Maste, Roman Divacky, Davide Italiano and Antoine Brodin for their help.
Relnotes: yes
|
294554 |
22-Jan-2016 |
delphij |
MFV r294491: ntp 4.2.8p6.
Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975 Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978 Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139 Security: CVE-2015-8140, CVE-2015-8158 With hat: so
|
293423 |
08-Jan-2016 |
delphij |
MFV r293415:
ntp 4.2.8p5
Reviewed by: cy, roberto Relnotes: yes Differential Revision: https://reviews.freebsd.org/D4828
|
293417 |
08-Jan-2016 |
delphij |
mergeinfo fixup.
|
290494 |
07-Nov-2015 |
bapt |
Improve collation string and locales support
Merge collation support from Illumos and DragonflyBSD.
Locales are now generated with the new localedef(1) tool from CLDR POSIX files. The generated files are now identified as "BSD 1.0" format.
The libc now only read "BSD 1.0" locales definitions, all other version will be set to "C" The localedef(1) tool has been imported from Illumos and modified to use tree(3) instead of the CDDL avl(3) A set of tool created by edwin@ and extended by marino@ for dragonfly has been added to be able to generate locales and the Makefiles from the vanilla CLDR unicode databases + a universal UTF-8 charmap (by marino@) Update the locales to unicode v27 Given our regex(3) does not support multibyte (yet) it has been forced to always use locale C Remove now unused colldef(1) and mklocale(1) Finish implementing the numeric BSD extension for ctypes The number of supported locales has grown from 175 to 250 locales. Among the new locales: 6 Arabic locales (AE EG JO MA QA SA), Different variations of spanish locales. Added new 3 components locales for mn_Cyrl_MN, sr_Cyrl_RS sr_Latn_RS, zh_Hans_CN, zh_Hant_HK and zh_Hant_TW. Some aliases has been for 2 components version when possible.
Thanks: Garrett D'Amore (Illumos) who made sure all his work was done under BSD license!, Edwin Groothuis (edwin@) for the work he made on tools to be able to generate locales definition usable in freebsd sources out of vanilla CLDR definitions, John Marino (DragonflyBSD) who first merge the Illumos work into Dragonfly and spent hours tracking down bugs.
|
290102 |
28-Oct-2015 |
bapt |
Merge mpsutil(8) branch
mpsutil(8)/mprutil(8) are new utilities for managing LSI Fusion-MPT 2/3 controllers (mps(4) and mpr(4))
For now only informational commands have been implemented.
This utility has been written by scottl@ [1] and polished by myself[2]
Submitted by: scottl Discussed with: scottl Relnotes: yes Sponsored by: Netflix [1] Sponsored by: Gandi.net [2]
|
290012 |
26-Oct-2015 |
glebius |
Remove svn:keywords that leaked in.
|
289764 |
22-Oct-2015 |
glebius |
MFV ntp-4.2.8p4 (r289715)
Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317 Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner Sponsored by: Nginx, Inc.
|
288943 |
06-Oct-2015 |
dim |
Upgrade our copies of clang, llvm, lldb, compiler-rt and libc++ to 3.7.0 release.
Please note that from 3.5.0 onwards, clang, llvm and lldb require C++11 support to build; see UPDATING for more information.
Release notes for llvm and clang can be found here: <http://llvm.org/releases/3.7.0/docs/ReleaseNotes.html> <http://llvm.org/releases/3.7.0/tools/clang/docs/ReleaseNotes.html>
Thanks to Ed Maste, Andrew Turner and Antoine Brodin for their help.
Exp-run: antoine Relnotes: yes
|
285169 |
05-Jul-2015 |
cy |
MFV ntp-4.2.8p3 (r284990).
Approved by: roberto, delphij Security: VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0 Security: http://bugs.ntp.org/show_bug.cgi?id=2853 Security: https://www.kb.cert.org/vuls/id/668167 Security: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
|
282408 |
04-May-2015 |
cy |
MFV ntp 4.2.8p2 (r281348)
Reviewed by: delphij (suggested MFC) Approved by: roberto Security: CVE-2015-1798, CVE-2015-1799 Security: VuXML ebd84c96-dd7e-11e4-854e-3c970e169bc2 MFC after: 1 month
|
281016 |
03-Apr-2015 |
cy |
Fix merge error.
Submitted by: jkim
|
281015 |
03-Apr-2015 |
cy |
Remove rednandt file.
Submitted by: jkim
|
280915 |
31-Mar-2015 |
cy |
Fix build.
|
280849 |
30-Mar-2015 |
cy |
MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)
Thanks to roberto for providing pointers to wedge this into HEAD.
Approved by: roberto
|
277202 |
14-Jan-2015 |
hiren |
ntpd tries to bind to IPv6 interfaces in 'tentative' state and fails as IPv6 is actually disabled. Fix it by making ntpd ignore such interfaces.
Submitted by: ume Reviewed by: bz, gnn MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D1527
|
276814 |
08-Jan-2015 |
ume |
Correct comparison of IPv6 wildcard address.
MFC after: 3 days
|
276479 |
31-Dec-2014 |
dim |
Upgrade our copy of clang, llvm and lldb to 3.5.0 release.
Please note that this version now requires C++11 support to build; see UPDATING for more information.
Release notes for llvm and clang can be found here: <http://llvm.org/releases/3.5.0/docs/ReleaseNotes.html> <http://llvm.org/releases/3.5.0/tools/clang/docs/ReleaseNotes.html>
Thanks to Ed Maste, Roman Divacky, Andrew Turner, Justin Hibbits and Antoine Brodin for their invaluable help with this import.
Approved by: portmgr (antoine) MFC after: 1 month
|
276071 |
22-Dec-2014 |
delphij |
Fix multiple ntp vulnerabilities.
Reviewed by: roberto (earlier revision), philip Security: CVE-2014-9293, CVE-2014-9294 Security: CVE-2014-9295, CVE-2014-9296 Security: FreeBSD-SA-14:31.ntp
Differential Revision: https://reviews.freebsd.org/D1343
|
265465 |
06-May-2014 |
delphij |
Don't reply monlist request when it's not enabled.
No objection from: roberto (but all bugs are mine) MFC after: 2 weeks
|
260637 |
14-Jan-2014 |
delphij |
Disable 'monitor' feature in ntpd by default.
Security: FreeBSD-SA-14:02.ntpd Approved by: so
|
245952 |
26-Jan-2013 |
pfg |
Clean some 'svn:executable' properties in the tree.
Submitted by: Christoph Mallon MFC after: 3 days
|
243933 |
06-Dec-2012 |
eadler |
Clean up hardcoded ar(1) flags in the tree to use the global ARFLAGS in share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk> Reviewed by: imp, toolchain@ Approved by: cperciva MFC after: 2 weeks
|
232844 |
12-Mar-2012 |
emaste |
Remove extraneous log message
When ntp switched between PLL and FLL mode it produced a log message "kernel time sync status change %04x". This issue is reported in ntp bug 452[1] which claims that this behaviour is normal and the log message isn't necessary. I'm not sure exactly when it was removed, but it's gone in the latest ntp release (4.2.6p5).
[1] http://bugs.ntp.org/show_bug.cgi?id=452
Approved by: roberto
|
223758 |
04-Jul-2011 |
attilio |
With retirement of cpumask_t and usage of cpuset_t for representing a mask of CPUs, pc_other_cpus and pc_cpumask become highly inefficient.
Remove them and replace their usage with custom pc_cpuid magic (as, atm, pc_cpumask can be easilly represented by (1 << pc_cpuid) and pc_other_cpus by (all_cpus & ~(1 << pc_cpuid))).
This change is not targeted for MFC because of struct pcpu members removal and dependency by cpumask_t retirement.
MD review by: marcel, marius, alc Tested by: pluknet MD testing by: marcel, marius, gonzo, andreast
|
223667 |
29-Jun-2011 |
bz |
In case ntp cannot resolve a hostname on startup it will queue the entry for resolving by a child process that, upon success, will add the entry to the config of the running running parent process.
Unfortunately there are a couple of bugs with this, fixed in various later versions of upstream in potentially different ways due to other code changes:
1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving which does not work. Make sure we always pass the name (or IP there).
2) The intermediate file to carry the information to the child process does not know about -4/-6 restrictions, so that a dual-stacked host could resolve to an IPv6 address but that might be unreachable (see r223626) leading to no working synchronization ignoring a IPv4 record. Thus alter the intermediate format to also pass the address family (AF_UNSPEC (default), AF_INET or AF_INET6) to the child process depending on -4 or -6.
3) Make the child process to parse the new intermediate file format and save the address family for getaddrinfo() hints flags.
4) Change child to always reload resolv.conf calling res_init() before trying to resolve names. This will pick up resolv.conf changes or new resolv.confs should they have not existed or been empty or unusable on ntp startup. This fix is more conditional in upstream versions but given FreeBSD has res_init there is no need for the configure logic as well.
Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 9 days
|
223626 |
28-Jun-2011 |
bz |
Compare port numbers correctly. They are stored by SRCPORT() in host byte order, so we need to compare them as such. Properly compare IPv6 addresses as well.
This allows the, by default, 8 badaddrs slots per address family to work correctly and only print sendto() errors once.
The change is no longer applicable to any latest upstream versions.
Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 1 week
|
222813 |
07-Jun-2011 |
attilio |
etire the cpumask_t type and replace it with cpuset_t usage.
This is intended to fix the bug where cpu mask objects are capped to 32. MAXCPU, then, can now arbitrarely bumped to whatever value. Anyway, as long as several structures in the kernel are statically allocated and sized as MAXCPU, it is suggested to keep it as low as possible for the time being.
Technical notes on this commit itself: - More functions to handle with cpuset_t objects are introduced. The most notable are cpusetobj_ffs() (which calculates a ffs(3) for a cpuset_t object), cpusetobj_strprint() (which prepares a string representing a cpuset_t object) and cpusetobj_strscan() (which creates a valid cpuset_t starting from a string representation). - pc_cpumask and pc_other_cpus are target to be removed soon. With the moving from cpumask_t to cpuset_t they are now inefficient and not really useful. Anyway, for the time being, please note that access to pcpu datas is protected by sched_pin() in order to avoid migrating the CPU while reading more than one (possible) word - Please note that size of cpuset_t objects may differ between kernel and userland. While this is not directly related to the patch itself, it is good to understand that concept and possibly use the patch as a reference on how to deal with cpuset_t objects in userland, when accessing kernland members. - KTR_CPUMASK is changed and now is represented through a string, to be set as the example reported in NOTES.
Please additively note that no MAXCPU is bumped in this patch, but private testing has been done until to MAXCPU=128 on a real 8x8x2(htt) machine (amd64).
Please note that the FreeBSD version is not yet bumped because of the upcoming pcpu changes. However, note that this patch is not targeted for MFC.
People to thank for the time spent on this patch: - sbruno, pluknet and Nicholas Esborn (nick AT desert DOT net) tested several revision of the patches and really helped in improving stability of this work. - marius fixed several bugs in the sparc64 implementation and reviewed patches related to ktr. - jeff and jhb discussed the basic approach followed. - kib and marcel made targeted review on some specific part of the patch. - marius, art, nwhitehorn and andreast reviewed MD specific part of the patch. - marius, andreast, gonzo, nwhitehorn and jceel tested MD specific implementations of the patch. - Other people have made contributions on other patches that have been already committed and have been listed separately.
Companies that should be mentioned for having participated at several degrees: - Yahoo! for having offered the machines used for testing on big count of CPUs. - The FreeBSD Foundation for having sponsored my devsummit attendance, which has been instrumental. - Sandvine for having offered offices and infrastructure during development.
(I really hope I didn't forget anyone, if it happened I apologize in advance).
|
222444 |
29-May-2011 |
bz |
The argument to setsockopt for IP_MULTICAST_LOOP depends on operating system and is decided upon by configure and could be an u_int or a u_char. For FreeBSD it is a u_char.
For IPv6 however RFC 3493, 5.2 defines the argument to IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always use that using a second variable for the IPV6 case. This is to get rid of these error messages every 5 minutes on some systems: ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument on socket 22, addr fe80::... for multicast address ff02::101
While here also fix the copy&paste error in the log message for IPV6_MULTICAST_LOOP.
Reviewed by: roberto Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 10 days Filed as: Bug 1936 on ntp.org
|
207736 |
07-May-2010 |
mckusick |
Merger of the quota64 project into head.
This joint work of Dag-Erling Smørgrav and myself updates the FFS quota system to support both traditional 32-bit and new 64-bit quotas (for those of you who want to put 2+Tb quotas on your users).
By default quotas are not compiled into the kernel. To include them in your kernel configuration you need to specify:
options QUOTA # Enable FFS quotas
If you are already running with the current 32-bit quotas, they should continue to work just as they have in the past. If you wish to convert to using 64-bit quotas, use `quotacheck -c 64'; if you wish to revert from 64-bit quotas back to 32-bit quotas, use `quotacheck -c 32'.
There is a new library of functions to simplify the use of the quota system, do `man quotafile' for details. If your application is currently using the quotactl(2), it is highly recommended that you convert your application to use the quotafile interface. Note that existing binaries will continue to work.
Special thanks to John Kozubik of rsync.net for getting me interested in pursuing 64-bit quota support and for funding part of my development time on this project.
|
200576 |
15-Dec-2009 |
roberto |
Merge 4.2.4p8 into contrib (r200452 & r200454).
Subversion is being difficult here so take a hammer and get it in.
MFC after: 2 weeks Security: CVE-2009-3563
|
200575 |
15-Dec-2009 |
roberto |
Bootstrap mergeinfo (thanks des@).
|
199995 |
01-Dec-2009 |
ume |
Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn't allow bind to an anycast addeess. It does away with an annoying message.
Reviewed by: bz, roberto MFC after: 2 weeks
|
195626 |
11-Jul-2009 |
cperciva |
Remove build timestamps from the following files: /boot/kernel/hptrr.ko /etc/mail/*.cf /lib/libcrypto.so.5 /usr/bin/ntpq /usr/sbin/amd /usr/sbin/iasl /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc
There does not appear to be any purpose to having these timestamps, and they have the irritating consequence that the aforementioned files will be different every time they are rebuilt.
After this commit, the only remaining build timestamps are in the kernel, the boot loaders, /usr/include/osreldate.h (the year in the copyright notice), and lib*.a (the timestamps on all of the included .o files).
Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl), roberto (ntp), jkim (acpica) Approved by: re (kib)
|
193893 |
10-Jun-2009 |
cperciva |
Prevent integer overflow in direct pipe write code from circumventing virtual-to-physical page lookups. [09:09]
Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10]
Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11]
Approved by: so (cperciva) Approved by: re (not really, but SVN wants this...) Security: FreeBSD-SA-09:09.pipe Security: FreeBSD-SA-09:10.ipv6 Security: FreeBSD-SA-09:11.ntpd
|
191517 |
26-Apr-2009 |
ed |
Remove empty directories from the HEAD.
Discussed with: developers, imp
|
191302 |
20-Apr-2009 |
roberto |
Merge r191298 into HEAD.
Prevent a buffer overflow in ntpq. Patch taken from the PR database after being committed to the official ntp tree and present in 4.2.4p7-rc2.
It will be MFH to the upcoming 7.2 pending re approval.
Obtained from: https://support.ntp.org/bugs/show_bug.cgi?id=1144 MFC after: 3 days Security: http://www.securityfocus.com/bid/34481 CVE-2009-0159
|
187194 |
13-Jan-2009 |
simon |
Correct ntpd(8) cryptographic signature bypass [SA-09:04].
Correct BIND DNSSEC incorrect checks for malformed signatures [SA-09:04].
Security: FreeBSD-SA-09:03.ntpd Security: FreeBSD-SA-09:04.bind Obtained from: ISC [SA-09:04] Approved by: so (simon)
|
182857 |
07-Sep-2008 |
roberto |
Merge from vendor/ntp/dist: r182856:
Apply updated patch from bin/92839 to avoid two possible buffer overflows.
PR: bin/92839 Submitted by: Helge Oldach <freebsdntpd@oldach.net>
|
182007 |
22-Aug-2008 |
roberto |
Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commit will update usr.sbin/ntp to match this.
MFC after: 2 weeks
|
181837 |
18-Aug-2008 |
roberto |
Move FREEBSD-upgrade as well.
|
181836 |
18-Aug-2008 |
roberto |
Move FREEBSD-Xlist in a more proper location.
|
181829 |
18-Aug-2008 |
roberto |
Reset mergeinfo for contrib/ntp (per the wiki page).
|
162736 |
28-Sep-2006 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r162735, which included commits to RCS files with non-trunk default branches.
|
138452 |
06-Dec-2004 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r138451, which included commits to RCS files with non-trunk default branches.
|
132537 |
22-Jul-2004 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r132536, which included commits to RCS files with non-trunk default branches.
|
132460 |
20-Jul-2004 |
roberto |
Remove an extra '}'.
|
132457 |
20-Jul-2004 |
roberto |
Update information on build/import.
|
132456 |
20-Jul-2004 |
roberto |
Merge conflicts.
Lots of added files, some removed and quite a large number of renames :(
|
132455 |
20-Jul-2004 |
roberto |
Merge conflicts (see also previous commit).
Reinsert our local changes to ntp_control.c:
1.4: Do not log every potential exploit attempt since a denial-of-service may result 1.5: int -> unsigned char fixes
|
132454 |
20-Jul-2004 |
roberto |
Revert this file to the vendor version, we don't need to have our own version of it. Will help further upgrades.
|
132452 |
20-Jul-2004 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r132451, which included commits to RCS files with non-trunk default branches.
|
106427 |
04-Nov-2002 |
roberto |
Merge conflicts.
MFC after: 1 month
|
106425 |
04-Nov-2002 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r106424, which included commits to RCS files with non-trunk default branches.
|
106170 |
29-Oct-2002 |
roberto |
Update for 4.1.1a.
Tested on: Sparc64 (panther), Alpha (beast) & i386
|
106168 |
29-Oct-2002 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r106167, which included commits to RCS files with non-trunk default branches.
|
106166 |
29-Oct-2002 |
roberto |
Merge conflicts.
MFC after: 1 month
|
106164 |
29-Oct-2002 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r106163, which included commits to RCS files with non-trunk default branches.
|
82505 |
29-Aug-2001 |
roberto |
Merge after 4.1.0 import.
|
82503 |
29-Aug-2001 |
roberto |
Update for 4.1.0 import.
|
82502 |
29-Aug-2001 |
roberto |
Redo the int -> unsigned changes jedgar did. It should have been submitted back but it was off the vendor branch anyway so...
|
82499 |
29-Aug-2001 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r82498, which included commits to RCS files with non-trunk default branches.
|
75260 |
06-Apr-2001 |
jedgar |
Do not log every potential exploit attempt since a denial-of-service may result.
|
75259 |
06-Apr-2001 |
jedgar |
- Correct off-by-one error and buffer underflow from previous fix - int -> unsigned char fixes
Submitted by: ache, dillon, Mark Andrews, et.al. (on -security)
|
75202 |
04-Apr-2001 |
phk |
Fix a potential ROOT-exploit in NTPD.
PR: 26358 Reviewed by: dima
|
57739 |
03-Mar-2000 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r57738, which included commits to RCS files with non-trunk default branches.
|
56751 |
28-Jan-2000 |
roberto |
Update for ntp 4.0.99b.
|
56749 |
28-Jan-2000 |
roberto |
Merge conflicts with the import of 4.0.99b.
|
56747 |
28-Jan-2000 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r56746, which included commits to RCS files with non-trunk default branches.
|
54364 |
09-Dec-1999 |
roberto |
This is the list of files excluded from the original tarball.
Reviewed by: peter, obrien
|
54363 |
09-Dec-1999 |
roberto |
Commit a fix several warnings on alpha for sysctlbyname arguments. It could have resulted in stack corruption. A patch has been sent to the ntp author for inclusion in next version.
Obtained from: peter
|
54362 |
09-Dec-1999 |
roberto |
Please all welcome the long-awaited upgrade from our ancient xntpd 3.4f to a brand new and shiny ntpd 4.0.98f.
I got tired of waiting for 4.1.0 and there is the feature freeze deadline so here it is. This is the contrib/ part of the upgrade. The Makefile glue will be added very soon in usr.sbin.
It builds and runs on both i386 and alpha (Thanks Peter!).
The bad news is that manpages no longer exist, everything is in HTML. I'll commit the text version of each HTML file in /usr/share/doc/ntp soon to have at least the help files w/o needing to get the entire contrib/ntp tree.
I'll commit FREEBSD-Xlist as soon as I can skip over $FreeBSD$ checks...
Reviewed by: peter, obrien Pushed by: phk
|
54360 |
09-Dec-1999 |
roberto |
This commit was generated by cvs2svn to compensate for changes in r54359, which included commits to RCS files with non-trunk default branches.
|