ntp: Vendor import of ntp-4.2.8p18

MFC: 3 days

Merge commit '1f833b3fc9968c3dd7ed79ccf0525ebf16c891ad' into main

ntp: import ntp-4.2.8p17

Fixes two small bugs including one regression.

MFC after: 3 days

Merge commit 'ab1f1aa8333369a83ff284848fc3fc2e52d5f29f'

ntp: import ntp-4.2.8p16

Security: NtpBUg3767, NtpBug3808, NtpBug3807 (CVE-2023-26555)
MFC after: immediately

MFV r358616:

Update ntp-4.2.8p13 --> 4.2.8p14.

The advisory can be found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele

No CVEs have been documented yet.

MFC after: now
Security: http://support.ntp.org/bin/view/Main/NtpBug3610
http://support.ntp.org/bin/view/Main/NtpBug3596
http://support.ntp.org/bin/view/Main/NtpBug3592

MFV r344878:

4.2.8p12 --> 4.2.8p13

MFC after: immediately
Security: CVE-2019-8936
VuXML: c2576e14-36e2-11e9-9eda-206a8a720317
Obtained from: nwtime.org

MFV r338092: ntp 4.2.8p12.

Relnotes: yes

MFV r330102: ntp 4.2.8p11

MFV r315791: ntp 4.2.8p10.

MFV r308954:

ntp 4.2.8p9.

Approved by: so

MFV r298691:

ntp 4.2.8p7.

Security: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550
Security: CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518
Security: CVE-2016-2519
Security: FreeBSD-SA-16:16.ntp
With hat: so

Remove the RCSID line from ntp_control.c, and set the fbsd:nokeywords
property. This should have been done a while back (certainly before
mergeing projects/release-pkg to head), but I fixed the merge conflicts
and forgot to correct the real problem afterward.

Noticed by: peter
Sponsored by: The FreeBSD Foundation

MFH

Sponsored by: The FreeBSD Foundation

MFV r294491: ntp 4.2.8p6.

Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975
Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978
Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139
Security: CVE-2015-8140, CVE-2015-8158
With hat: so

MFH

Sponsored by: The FreeBSD Foundation

MFV r293415:

ntp 4.2.8p5

Reviewed by: cy, roberto
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D4828

Fix another mis-merge.

Sponsored by: The FreeBSD Foundation

MFH r289384-r293170

Sponsored by: The FreeBSD Foundation

MFV ntp-4.2.8p4 (r289715)

Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Sponsored by: Nginx, Inc.

Merge from head

MFV ntp-4.2.8p3 (r284990).

Approved by: roberto, delphij
Security: VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0
Security: http://bugs.ntp.org/show_bug.cgi?id=2853
Security: https://www.kb.cert.org/vuls/id/668167
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi

Merge from HEAD

MFV ntp 4.2.8p2 (r281348)

Reviewed by: delphij (suggested MFC)
Approved by: roberto
Security: CVE-2015-1798, CVE-2015-1799
Security: VuXML ebd84c96-dd7e-11e4-854e-3c970e169bc2
MFC after: 1 month

Merge from HEAD

MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)

Thanks to roberto for providing pointers to wedge this into HEAD.

Approved by: roberto

Fix multiple ntp vulnerabilities.

Reviewed by: roberto (earlier revision), philip
Security: CVE-2014-9293, CVE-2014-9294
Security: CVE-2014-9295, CVE-2014-9296
Security: FreeBSD-SA-14:31.ntp

Differential Revision: https://reviews.freebsd.org/D1343

Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commit
will update usr.sbin/ntp to match this.

MFC after: 2 weeks

Flatten the dist and various 4.n.n trees in preparation of future ntp imports.

Remove an extra '}'.

Merge conflicts (see also previous commit).

Reinsert our local changes to ntp_control.c:

1.4: Do not log every potential exploit attempt since a denial-of-service
may result
1.5: int -> unsigned char fixes

Virgin import of ntpd 4.2.0

Merge conflicts.

MFC after: 1 month

Virgin import of ntpd 4.1.1b

Merge conflicts.

MFC after: 1 month

Virgin import of ntpd 4.1.1a

Redo the int -> unsigned changes jedgar did. It should have been submitted
back but it was off the vendor branch anyway so...

Virgin import of ntpd 4.1.0

Do not log every potential exploit attempt since a denial-of-service
may result.

- Correct off-by-one error and buffer underflow from previous fix
- int -> unsigned char fixes

Submitted by: ache, dillon, Mark Andrews, et.al. (on -security)

Fix a potential ROOT-exploit in NTPD.

PR: 26358
Reviewed by: dima

Virgin import of ntpd 4.0.99b

Virgin import of ntpd 4.0.98f

ntp: import ntp-4.2.8p17

Fixes two small bugs including one regression.

MFC after: 3 days

Merge commit 'ab1f1aa8333369a83ff284848fc3fc2e52d5f29f'

ntp: import ntp-4.2.8p16

Security: NtpBUg3767, NtpBug3808, NtpBug3807 (CVE-2023-26555)
MFC after: immediately

MFV r358616:

Update ntp-4.2.8p13 --> 4.2.8p14.

The advisory can be found at:
http://support.ntp.org/bin/view/Main/SecurityNotice#\
March_2020_ntp_4_2_8p14_NTP_Rele

No CVEs have been documented yet.

MFC after: now
Security: http://support.ntp.org/bin/view/Main/NtpBug3610
http://support.ntp.org/bin/view/Main/NtpBug3596
http://support.ntp.org/bin/view/Main/NtpBug3592

MFV r344878:

4.2.8p12 --> 4.2.8p13

MFC after: immediately
Security: CVE-2019-8936
VuXML: c2576e14-36e2-11e9-9eda-206a8a720317
Obtained from: nwtime.org

MFV r338092: ntp 4.2.8p12.

Relnotes: yes

MFV r330102: ntp 4.2.8p11

MFV r315791: ntp 4.2.8p10.

MFV r308954:

ntp 4.2.8p9.

Approved by: so

MFV r298691:

ntp 4.2.8p7.

Security: CVE-2016-1547, CVE-2016-1548, CVE-2016-1549, CVE-2016-1550
Security: CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518
Security: CVE-2016-2519
Security: FreeBSD-SA-16:16.ntp
With hat: so

Remove the RCSID line from ntp_control.c, and set the fbsd:nokeywords
property. This should have been done a while back (certainly before
mergeing projects/release-pkg to head), but I fixed the merge conflicts
and forgot to correct the real problem afterward.

Noticed by: peter
Sponsored by: The FreeBSD Foundation

MFH

Sponsored by: The FreeBSD Foundation

MFV r294491: ntp 4.2.8p6.

Security: CVE-2015-7973, CVE-2015-7974, CVE-2015-7975
Security: CVE-2015-7976, CVE-2015-7977, CVE-2015-7978
Security: CVE-2015-7979, CVE-2015-8138, CVE-2015-8139
Security: CVE-2015-8140, CVE-2015-8158
With hat: so

MFH

Sponsored by: The FreeBSD Foundation

MFV r293415:

ntp 4.2.8p5

Reviewed by: cy, roberto
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D4828

Fix another mis-merge.

Sponsored by: The FreeBSD Foundation

MFH r289384-r293170

Sponsored by: The FreeBSD Foundation

MFV ntp-4.2.8p4 (r289715)

Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317
Security: CVE-2015-7871
Security: CVE-2015-7855
Security: CVE-2015-7854
Security: CVE-2015-7853
Security: CVE-2015-7852
Security: CVE-2015-7851
Security: CVE-2015-7850
Security: CVE-2015-7849
Security: CVE-2015-7848
Security: CVE-2015-7701
Security: CVE-2015-7703
Security: CVE-2015-7704, CVE-2015-7705
Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
Sponsored by: Nginx, Inc.

Merge from head

MFV ntp-4.2.8p3 (r284990).

Approved by: roberto, delphij
Security: VuXML: 0d0f3050-1f69-11e5-9ba9-d050996490d0
Security: http://bugs.ntp.org/show_bug.cgi?id=2853
Security: https://www.kb.cert.org/vuls/id/668167
Security: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi

Merge from HEAD

MFV ntp 4.2.8p2 (r281348)

Reviewed by: delphij (suggested MFC)
Approved by: roberto
Security: CVE-2015-1798, CVE-2015-1799
Security: VuXML ebd84c96-dd7e-11e4-854e-3c970e169bc2
MFC after: 1 month

Merge from HEAD

MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)

Thanks to roberto for providing pointers to wedge this into HEAD.

Approved by: roberto

Fix multiple ntp vulnerabilities.

Reviewed by: roberto (earlier revision), philip
Security: CVE-2014-9293, CVE-2014-9294
Security: CVE-2014-9295, CVE-2014-9296
Security: FreeBSD-SA-14:31.ntp

Differential Revision: https://reviews.freebsd.org/D1343

Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commit
will update usr.sbin/ntp to match this.

MFC after: 2 weeks

Flatten the dist and various 4.n.n trees in preparation of future ntp imports.

Remove an extra '}'.

Merge conflicts (see also previous commit).

Reinsert our local changes to ntp_control.c:

1.4: Do not log every potential exploit attempt since a denial-of-service
may result
1.5: int -> unsigned char fixes

Virgin import of ntpd 4.2.0

Merge conflicts.

MFC after: 1 month

Virgin import of ntpd 4.1.1b

Merge conflicts.

MFC after: 1 month

Virgin import of ntpd 4.1.1a

Redo the int -> unsigned changes jedgar did. It should have been submitted
back but it was off the vendor branch anyway so...

Virgin import of ntpd 4.1.0

Do not log every potential exploit attempt since a denial-of-service
may result.

- Correct off-by-one error and buffer underflow from previous fix
- int -> unsigned char fixes

Submitted by: ache, dillon, Mark Andrews, et.al. (on -security)

Fix a potential ROOT-exploit in NTPD.

PR: 26358
Reviewed by: dima

Virgin import of ntpd 4.0.99b

Virgin import of ntpd 4.0.98f

Remove the RCSID line from ntp_control.c, and set the fbsd:nokeywords
property. This should have been done a while back (certainly before
mergeing projects/release-pkg to head), but I fixed the merge conflicts
and forgot to correct the real problem afterward.

Noticed by: peter
Sponsored by: The FreeBSD Foundation

Fix another mis-merge.

Sponsored by: The FreeBSD Foundation

Fix multiple ntp vulnerabilities.

Reviewed by: roberto (earlier revision), philip
Security: CVE-2014-9293, CVE-2014-9294
Security: CVE-2014-9295, CVE-2014-9296
Security: FreeBSD-SA-14:31.ntp

Differential Revision: https://reviews.freebsd.org/D1343

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

Remove an extra '}'.

Merge conflicts (see also previous commit).

Reinsert our local changes to ntp_control.c:

1.4: Do not log every potential exploit attempt since a denial-of-service
may result
1.5: int -> unsigned char fixes

Virgin import of ntpd 4.2.0

Merge conflicts.

MFC after: 1 month

Virgin import of ntpd 4.1.1b

Merge conflicts.

MFC after: 1 month

Virgin import of ntpd 4.1.1a

Redo the int -> unsigned changes jedgar did. It should have been submitted
back but it was off the vendor branch anyway so...

Virgin import of ntpd 4.1.0

Do not log every potential exploit attempt since a denial-of-service
may result.

- Correct off-by-one error and buffer underflow from previous fix
- int -> unsigned char fixes

Submitted by: ache, dillon, Mark Andrews, et.al. (on -security)

Fix a potential ROOT-exploit in NTPD.

PR: 26358
Reviewed by: dima

Virgin import of ntpd 4.0.99b

Virgin import of ntpd 4.0.98f