diff --git a/share/security/advisories/FreeBSD-EN-20:03.sshd.asc b/share/security/advisories/FreeBSD-EN-20:03.sshd.asc new file mode 100644 index 0000000000..944aaacefa --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-20:03.sshd.asc @@ -0,0 +1,119 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:03.sshd Errata Notice + The FreeBSD Project + +Topic: Misleading log messages upon successful sshd login + +Category: contrib +Module: sshd +Announced: 2020-03-19 +Affects: FreeBSD 12.1 +Corrected: 2019-11-28 02:18:19 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:34:11 UTC (releng/12.1, 12.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The sshd server implements the secure shell protocol, providing remote +access. + +II. Problem Description + +Due to a programming error, error messages of the form "Failed unknown for +user ..." will be emitted to auth.log for successful logins. + +III. Impact + +Log files will be confusing, and programs like fail2ban that parse logs will +not function correctly. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and restart the sshd +service. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# nohup service sshd restart + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-20:03/sshd.patch +# fetch https://security.FreeBSD.org/patches/EN-20:03/sshd.patch.asc +# gpg --verify sshd.patch.asc + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r355160 +releng/12.1/ r359134 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplJfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJLCA//V8LAaiI3320RkieKpp1W8VJLajd1aWnwmMzCMuyXYsEnDoLRzGdsEdcv +K1HhEz27vEuhusmW6AwLGcuHDJl+/230JJMcs24dtbJ/VcanG4Tw5fKjT6g1zT9m +A8ZQ16N5LU8q8TGcRATie9+88Ri3iepDkur4Gh4HBH/VKfI4szoWZXpBe0UZJTPr +EGXtcvTRlVlex3jWJF2FA/4TioR6PGAyJxwtxLpaSWoMJFrTKh0b7AnyCTzqC6cE +aHF/RDH8i16VbVDTHmfo0FPKeCcF25uFYG1edDpSofdvE9XZTEvqy1fz6Nv+LEbp +EMFOa99zUtzjWVkvPMXWXSYDVivyjoX38pEvbZnNxWNot8His9UWOss9vff9/B/L +Y6uHIpPeW8JhBpyOJ6hlYZ/zkEnKy33tNm+/mzV6TBUpu0h8cTULKkXCeIQIyU61 +YUGEhw+TFRS0X9v6lovXif3/Cs6r8nNKSh/NUa43B7oxacEsCimfU1YApNi7nj3L +DD1vQmvR7j7k8tTDw4FGqv3HgkRL4RgkbWsGJB83dUXTEUV/Dtjh6o7duTsYbdw0 +eEaqTQBysENCQEsZ3s0NHF0nUdrmxecw/6US+dhnt1nMJH7I4UaHM95wMXY0x3CQ +k5yDoMPMs4NTC7iBRtyw69IQMsOwRsUU5notdlWjklKKSvRAXnA= +=8o6k +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-20:04.pfctl.asc b/share/security/advisories/FreeBSD-EN-20:04.pfctl.asc new file mode 100644 index 0000000000..e6cca7a5f4 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-20:04.pfctl.asc @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:04.pfctl Errata Notice + The FreeBSD Project + +Topic: Missing pfctl(8) tunable + +Category: core +Module: pfctl(8) +Announced: 2020-03-19 +Credits: Rubicon Communications, LLC (netgate.com) +Affects: FreeBSD 11.3-RELEASE +Corrected: 2020-02-12 14:50:13 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:35:15 UTC (releng/11.3, 11.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +Packet filtering takes place in the kernel. A pseudo-device, /dev/pf, allows +userland processes to control the behavior of the packet filter through an +ioctl(2) interface. Commands include enabling and disabling the filter, +loading rulesets, adding and removing individual rules or state table entries, +and retrieving statistics. The most commonly used functions are covered by +the pfctl(8) utility. + +II. Problem Description + +pf(4) ioctls frequently take a variable number of elements as argument. +This can potentially allow users to request very large allocations. + +A failing non-blocking pf(4) allocation can tie up resources resulting in +concurrent blocking allocations entering vm_wait() and inducing reclamation +of caches. + +III. Impact + +The kernel will reject very large tables to avoid resource exhaustion +attacks. Some users run into this limit with legitimate table +configurations. + +IV. Workaround + +No workaround is available, however systems that do not employ pf(4) nor +use pf(4) table definitions larger than 65535 entries are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/EN-20:04/pfctl.patch +# fetch https://security.FreeBSD.org/patches/EN-20:04/pfctl.patch.asc +# gpg --verify pfctl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/11/ r357822 +releng/11.3/ r359135 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpldfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cL4Aw/9GhPqyMcVMROjoX2xepwOubsM+C9lMCTQtxOOhYLtt9IIt5KTgSefAcyt +DMcqE78R6wgaxf08XAQyD/iN3udhCFT4YRElB1o5XMEhYUcCIsatKcb8hIVJuRD3 +Ap2goT7zHlicFxpKuWblg/qenU0A9PgaCjsRaVePHS2nzOW+d9DJSg3yxz6xwGCZ +Nuv03Y2OBVm/KdW4awk50FdzR2L04U0D0ZATh+5yr25aH99dVpUQMmRc+qjRtXzh +4j34Qj8mWteAkD5690zcE1nGwu7lGDFoRjwhiP5RP9Gn3o2Sv5SJwHNwB5W1WQDr +GAormcXgUwuWwd9ijtKfWNmJm7MhZhCjvq9l0tt54e+j4Nmz39/ZijFfa1Ug7XKJ +4yp1ey2ri3W3bGrv2nRHMzY6d3EaQq/96vupt/dWxlufoIHbUvUQ0l8KWNmQ8kK1 +dplsoMS6x/AeFjjF4I62Cp429vBbpRDRCJk4mZ6itJ8CWbNXIv2xCj7aKzRcrwpx +kmcblpkFpm7edVkTGjtv/MMhUPXdlskQStOCjSkHoo/cofcAOUovJ8755AvYNkwl +P0e49iOxvFFMA3jZSuxCrQksHq295VwjImEUSJKYyARGdDiPR4q8AdUy+CPyDoLs +zMrzZz5HiNSNdoh4mX3OFIkjtuk/fXR5LQnMBuzHfmfhLtsmHAQ= +=upRR +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc b/share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc new file mode 100644 index 0000000000..be8a5d80ab --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc @@ -0,0 +1,122 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:05.mlx5en Errata Notice + The FreeBSD Project + +Topic: Fix packet forwarding performance in mlx5en(4) driver + +Category: core +Module: mlx5en +Announced: 2020-03-19 +Affects: FreeBSD 12.1 +Corrected: 2019-11-07 13:12:38 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:41:29 UTC (releng/12.1, 12.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +Add CSUM_SND_TAG flag and set this flag for outgoing ratelimited mbufs. +This fixes an issue that redirected packets are dropped in the mlx5en +transmit routine. + +II. Problem Description + +Ratelimiting support in the network stack reuses an mbuf field for a +different purpose to avoid having to grow the mbuf size. This can a cause +packet drop in the forwarding case if the field in question is not cleared +prior to transmit. + +III. Impact + +All packets going through firewall code are dropped when using mlx5en(4). + +IV. Workaround + +No workaround is available. Systems not using mlx5en(4) are not affected. + +V. Solution + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# reboot + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.1] +# fetch https://security.FreeBSD.org/patches/EN-20:05/mlx5en.patch +# fetch https://security.FreeBSD.org/patches/EN-20:05/mlx5en.patch.asc +# gpg --verify mlx5en.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r354440 +releng/12.1/ r359136 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpldfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIMCw/7BCNrVg/W7nwnbDdQs1xR0gTz4pUTGB7SnyXs69kJ15dimWt00oVCJurP +oh7uZIPenrS/xRosmbehsNc3IJRN6Npnf86dazuj3qRu24E3CJg9bQJ0sAHrWOXB +i6UgrWIDKIEQ/Yflpcl4bqj/L5HQsTQ/mbkBl1nYiu7VUwjGPhidRYSCQQHDY8ZM +XJ4BFBJCx+gSEcfP6iAqZTGcDAwyFkl9kzxfMIymIRqGlBABBqN6OFrnMjiBoDGL +CiTFt0rFs4/bdX8wQyRhQ6IHjFGiEbXZS4txJxP3XZaIJaPYF5snrrV1rgGjOeVl +2PmGF82ugSwrpVgPuDCMkiJEvYR6matvjRrYQDEBsz0rY6pyid4q9Ck7uKt2KW8u +M3tPtL61SbnuPXTYGpFD++xWYjlQrkcuudwHRT3NYOgNAwU6U+ejLuDzpbWFtPAh +RCQ/tmSOxTQWubxbiwiA07zxVY1a2ffguyzpc+p8PTwIbgrtuh64saoenuvNg0wJ +rhuShGQnhsfWbStOW1T21tsBkB/cZekQYt3e9zB3RREl3WBvJmKPLqO0m8WBaSUx +2iTxnMrhEAnD4R6oVouibCwRdlnxMD3xyYmJJZJ/p8hFXVZlWm60c5nKh82bQVLj +mN4Uf+V7Q/P+fkfoWFm7Dq4kYQp7DmANjh2gK80/88f9/AhX+so= +=EjZa +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-20:06.ipv6.asc b/share/security/advisories/FreeBSD-EN-20:06.ipv6.asc new file mode 100644 index 0000000000..e0a11f1d71 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-20:06.ipv6.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:06.ipv6 Errata Notice + The FreeBSD Project + +Topic: Incorrect checksum calculations with IPv6 extension headers + +Category: core +Module: netinet6 +Announced: 2020-03-19 +Credits: Francis Dupont +Affects: All supported versions of FreeBSD. +Corrected: 2020-03-02 22:54:32 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:43:37 UTC (releng/12.1, 12.1-RELEASE-p3) + 2020-03-03 08:24:09 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:43:37 UTC (releng/11.3, 11.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +Upper layer transport protocols, e.g., TCP, UDP, or SCTP, include +checksums in their headers. IPv6 is a network protocol, which can +add extension headers between its own header and that of the upper +layer protocol. + +II. Problem Description + +Pseudo header checksum calculations can be delayed until the IPv6 +output routine or offloaded to the NIC. In case IPv6 extension +headers are present, FreeBSD currently never offloads to the NIC. +When passing the data to the functions doing the delayed checksum +calculations, the contents of the extension headers were erroneously +included as part of the checksum. + +III. Impact + +Upper layer transport protocol checksums may be wrong for IPv6 packets, +such as IPv6 fragments, or IPv6 packets with a Destination Options or +Hop-by-Hop Options extension header. + +IV. Workaround + +No workaround is available. Packets sent over IPv4 or IPv6 without +any extension headers are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/EN-20:06/ipv6.patch +# fetch https://security.FreeBSD.org/patches/EN-20:06/ipv6.patch.asc +# gpg --verify ipv6.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r358557 +releng/12.1/ r359137 +stable/11/ r358566 +releng/11.3/ r359137 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpldfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLxaA/+IUDfq39zppv1SsIrwD1a2VZVQvPtNPmM0OUzJK7gt6Jj1lDJjY/WTXl6 +I93Xm1q6VL6u+6n95XfaUe3xu05Oujlq+KE0zu3tOigs50tvyn2+PAQU1waTT3O7 +zFqqLb0mBoQl1WasiLj0NhIpAK3GDYNV/Zd0jYuQzyyhu1kahMpeiVYn5OG7Q1C0 +BUPfObwGfzDYZbDtT4RSok35uVfzLnk5mZ1L+grQaoZbh3OJonlx5GnbRAboncCY +IJRfeyrHvCX2WMKx0CiUTEHZKJErKWcynYHkWYc+jmSqfTFARWBdIHpxQzF52kuW +E34WQDuCf9miSRGrlV1CgwjXUExuPOcUN7XcRRJQkkjc2wnpjMi1qudpyZmNW7Ig +rMQQdRLAmHyuy8ZjNuuBesWqBZYC2pr1p94KGUO7VsRNRVWOe8CEBT5NCRcRzoqw +rhyGlS1ahc6P/6FliYd86MMpdS4S0olRcylW+r5z3O8DStt0VEvwC5cYubqJJDud +Crpuces4hq8xZ2E4ZVN2YclT/gKNNvtNXmPfqpWVLdtCJqg6JTjAShX/YH52Q3/Q +5VOqj1wJmAMV07f68gp6GH+dQIxAnI5uAXwrGBs5Y7PCzRafhUkEy/6m5FHYOpUN +CR+/5Iqp2S79LeAoxSbZmuVh1pmLrs6bVZcfI21V91d5hSniPPE= +=/jJ1 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-20:04.tcp.asc b/share/security/advisories/FreeBSD-SA-20:04.tcp.asc new file mode 100644 index 0000000000..cbad273c2e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-20:04.tcp.asc @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:04.tcp Security Advisory + The FreeBSD Project + +Topic: TCP IPv6 SYN cache kernel information disclosure + +Category: core +Module: tcp +Announced: 2020-03-19 +Credits: Michael Tuexen (Netflix, contractor) +Affects: All supported versions of FreeBSD. +Corrected: 2020-03-08 14:48:21 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:46:01 UTC (releng/12.1, 12.1-RELEASE-p3) + 2020-03-08 14:48:32 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:46:01 UTC (releng/11.3, 11.3-RELEASE-p7) +CVE Name: CVE-2020-7451 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The Internet Protocol version 6 (IPv6) header contains a one byte field +called Traffic Class. Two bits of this field are used for Explicit +Congestion Notification (ECN), the other six bits are used as Differentiated +Services Field Codepoints (DSCP). + +The Transmission Control Protocol (TCP) is a connection oriented transport +protocol, which can be used as an upper layer of IPv6. A TCP endpoint is +either acting as a client (sending initially a SYN segment) or as a server +(initially waiting to receive a SYN segment and then responding with a +SYN-ACK segment). + +To mitigate the impact of some attacks against TCP servers (like +SYN-flooding), FreeBSD uses specific code to handle the TCP connection setup +for servers. This includes the transmission and retransmission of SYN-ACK +segments or responding with a challenge ACK segment to a received RST +segment. + +II. Problem Description + +When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, +the Traffic Class field is not initialized. This also applies to challenge ACK +segments, which are sent in response to received RST segments during the TCP +connection setup phase. + +III. Impact + +For each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6, one byte +of kernel memory is transmitted over the network. + +IV. Workaround + +No workaround is available. Systems not using IPv6 are unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:04/tcp.patch +# fetch https://security.FreeBSD.org/patches/SA-20:04/tcp.patch.asc +# gpg --verify tcp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r358739 +releng/12.1/ r359138 +stable/11/ r358740 +releng/11.3/ r359138 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLuzQ/9HvuKX5w2/CDerZPseNDKqumxjoap6MjfExvpVN4Auy31wcE7248JpZ/d +I+Be927dmghiey97opVcR56g5OJ9QAinQRTWX1rLKaQ2xldGFE5924iLyQ/hjMXG +LDkYrBpJ2Wkdq9XFZKAuu2dpV/RUMlGnKANG/QfAAd5V4VC7Sg5X6ty7ISlVMrM7 +aQdBP4e5XyssfeqZeZ/A57dF3Yi7F1TEEjXeM+dulTET4nm0+w74n+QaNoH6hcMI +n3Bb/SsF9HfbZtXz235vkzbgvvSX4f+D/d3vrcAA9KMVjKBH6QbiwJKuHSdb0GY8 +ENMb7vO7Rx71u8GnCYg659qFrWb/kaTW2BCbgAJyp2747nAw8I7DwZiN2RKWA7qh +JbcZb1rJN9gEccnGyNouuy4DzUlUc4VQnp4ajqV4S1YGbwdfsBqi2c0dYwqEcW96 +RKxxTrH9JB8d52wMMshB7hMfwbeLeOJJ4phFL8knXuv19SWCP/tz6XDopoBN6wTW +yn5g+n7oVCOsSwlPLHl/5WWUTvKjyCB6eZIblFhlbiNTuQiUaegDXx66On+vgVKD +oYA9cDQUcvIKLne/KgCqTQ5MAuwE/7hPyUlGmuiZ3/Qx6CW568+v1kTc19eUQb0a ++e5HDRFhtiQyRMpTC9Yt14sv8oFLynhyt/IbQWTeqppZhBugbJ8= +=CFKz +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc b/share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc new file mode 100644 index 0000000000..24a12489dc --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:05.if_oce_ioctl Security Advisory + The FreeBSD Project + +Topic: Insufficient oce(4) ioctl(2) privilege checking + +Category: core +Module: oce(4) +Announced: 2020-03-19 +Credits: Ilja Van Sprundel +Affects: All supported versions of FreeBSD. +Corrected: 2019-12-26 16:56:42 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:48:29 UTC (releng/12.1, 12.1-RELEASE-p3) + 2019-12-26 16:58:11 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:48:29 UTC (releng/11.3, 11.3-RELEASE-p7) +CVE Name: CVE-2019-15876 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The primary interface used for network driver configuration is ioctl(2). +Several ioctl(2) commands are reserved for driver-specific purposes. For +instance, a driver may use one of these ioctls to implement an interface for +updating device firmware. + +II. Problem Description + +The driver-specific ioctl(2) command handlers in oce(4) failed to check +whether the caller has sufficient privileges to perform the corresponding +operation. + +III. Impact + +The oce(4) handler permits unprivileged users to send passthrough commands to +device firmware. + +IV. Workaround + +No workaround is available. Systems that do not contain devices driven by +oce(4) are unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:05/if_oce_ioctl.patch +# fetch https://security.FreeBSD.org/patches/SA-20:05/if_oce_ioctl.patch.asc +# gpg --verify if_oce_ioctl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r356089 +releng/12.1/ r359139 +stable/11/ r356090 +releng/11.3/ r359139 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJAuBAAnsnjdm2aTLo14rOiNHTNh0NqJPQTJ5F6MwE1P/nUlP5xM21GzDkyki7H +4AytZiCma6MCPzbc8aO6wGnc5zfSA1G/5TLetIgIQeyDQ8wRd0uhIoeO3NB3EXhz +KJkNqtyosmzKUSmq7V/WqYN7VOVceegvbvLXCMTYFkUmvJxYbB67s0upqydFBAD4 +j1ecKkNOIehV6cGColM3Dv7sJtVgdvaKg2ehW+AWR7UBOntIr/X3mVpkUE5Y2oLX +tpjuEbdraOpIw/ohKfvpZNPXnEFmhgxrRV4WRw8yFeMsEtLI2HyyUV4ysZrgMKB+ +LKxdhfd7HhIiGdoRZO4P60traRiRD+VfqU9Jt3xd9fO1t0MZYTS0R0Lqt9n3UPhR +26YcyrJgElaHIz8Viiw1U7Pdxila7b7gL+V4QVNSG00OqCKkdepgURRepzaz8Zhd +lrfLf+9vysPIL6RsJwDb77qYbu9kK/afGmadBVot6QGg6ovWVLUGd0pQFJuLihZl +YRocdxDO0lgF+w6llmp6ZidEjaScL7XG3yKG1DuoSa0tS+0eQU2U2hByJDzzzkTn +x7t7WU8o5gSRYDe68yuJHXiHWswA4IK+tkYf+h8fDhENDbt7PCo86Vq0Dixg3hoG +ak/KfomAAsnh6MfWNRlCWDXbe0p/yxYLPRHugDdrZ2IpX+uJWHs= +=pADZ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc b/share/security/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc new file mode 100644 index 0000000000..83a32fd9bf --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:06.if_ixl_ioctl Security Advisory + The FreeBSD Project + +Topic: Insufficient ixl(4) ioctl(2) privilege checking + +Category: core +Module: ixl(4) +Announced: 2020-03-19 +Credits: Ilja Van Sprundel +Affects: All supported versions of FreeBSD. +Corrected: 2020-01-10 18:31:59 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:49:32 UTC (releng/12.1, 12.1-RELEASE-p3) +CVE Name: CVE-2019-15877 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The primary interface used for network driver configuration is ioctl(2). +Several ioctl(2) commands are reserved for driver-specific purposes. For +instance, a driver may use one of these ioctls to implement an interface for +updating device firmware. + +II. Problem Description + +The driver-specific ioctl(2) command handlers in ixl(4) failed to check +whether the caller has sufficient privileges to perform the corresponding +operation. + +III. Impact + +The ixl(4) handler permits unprivileged users to trigger updates to the +device's non-volatile memory (NVM). + +IV. Workaround + +No workaround is available. Systems that do not contain devices driven by +ixl(4) are unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:06/if_ixl_ioctl.patch +# fetch https://security.FreeBSD.org/patches/SA-20:06/if_ixl_ioctl.patch.asc +# gpg --verify if_ixl_ioctl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r356606 +releng/12.1/ r359140 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIyvg/+Myq/m3iP2V8tluOVxVmXOEn9qULYfSEM8thr7N+EZpepK45KMkVeBMp5 +gGvd8XEbZyS1RSu+Knr3+yU+jQTFeVg/52QJ8fcTbH5r+5fcO0eJw9I0hwoJBAM+ +Fp7mTtON6PUCIlaXcwmFQfQ4l1iPee2qCsn7ia02dBFZXvHq6fT6tplSagtJj8Fd +xOBvnlf8obrvC+TswIKydCREaGAIRKTa0yMzh0Ml435gmCYMrGTe2NtjNKM9sgw8 +N0Y5QHuV59kiM3mYc5I7uLux1wUIlO6rdZ2lOsbuWNcW40q9IE1Gve9kjhmha8Ls +h7BW3VPLM8gxwrgJNygxSRtremDYfQZNoeONqRKd0C2H5EVT4vZfPRI4VxziNGU7 +US0VJwm7x/bET/zbVS5YIsGwqyn9kVjBRpv+eRN4CNmEoZugB/ZJn7lRhZ9cdsTG +fDM/ULk7UMPrap8ltr0hcYvLYzOmsR1K+oxqmWLzO2+FpnoUrAmWaInptbBuOaSj +tbmRc97wpR7LJcrmAo3rHvHdbwzY9jsQk1X1Y4LAKAr114S36m3HqwX5mhv91/ZR +oXOiDYCvFlf8BBQo5BMFDlSfft1Nd8iwAEumHmo+hFFs/yVwJlwwyt2tVwpT3V3Z +py6szSTnDzjslb/JGYI8ujpHNuJrfdWRmJUrXzqreKbiYA5pWGo= +=MmYl +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-20:07.epair.asc b/share/security/advisories/FreeBSD-SA-20:07.epair.asc new file mode 100644 index 0000000000..62e1642809 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-20:07.epair.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:07.epair Security Advisory + The FreeBSD Project + +Topic: Incorrect user-controlled pointer use in epair + +Category: core +Module: kernel +Announced: 2020-03-19 +Credits: Ilja van Sprundel +Affects: All supported versions of FreeBSD. +Corrected: 2020-02-04 04:29:54 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:50:36 UTC (releng/12.1, 12.1-RELEASE-p3) + 2020-02-04 04:29:53 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:50:36 UTC (releng/11.3, 11.3-RELEASE-p7) +CVE Name: CVE-2020-7452 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The epair(4) interface provides a pair of virtual back-to-back connected +Ethernet interfaces. + +II. Problem Description + +Incorrect use of a potentially user-controlled pointer in the kernel allowed +vnet jailed users to panic the system and potentially execute aribitrary code +in the kernel. + +III. Impact + +Users with root level access (or the PRIV_NET_IFCREATE privilege) can panic +the system, or potentially escape the jail or execute arbitrary code with +kernel priviliges. + +IV. Workaround + +No workaround is available. Systems not using epair(4) are not vulnerable. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.1] +# fetch https://security.FreeBSD.org/patches/SA-20:07/epair.12.patch +# fetch https://security.FreeBSD.org/patches/SA-20:07/epair.12.patch.asc +# gpg --verify epair.12.patch.asc + +[FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/SA-20:07/epair.11.patch +# fetch https://security.FreeBSD.org/patches/SA-20:07/epair.11.patch.asc +# gpg --verify epair.11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- - ------------------------------------------------------------------------- +stable/12/ r357490 +releng/12.1/ r359141 +stable/11/ r357489 +releng/11.3/ r359141 +- - ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJIrhAAjdJsKCoBkjLmwIG/yU2W5jUkqahriXx6hAQwOqwAl7pyguAghPBUFRF6 +SjU2yr/4yQk0TB3wxRMGJNVlKuBZm8I62BQLdh7al6zO3S55s4FedeM3FOBZ1jT+ +GrHU08DPEoDT3pgz4w5/T5PQFxBwqsQDEE204kAOBBOsoZEhgxz+6pADyDpt1ciY +3x+b47PTMk0D4Oi2eXX+ErMApB5xA6sEQfVa6j7HoaQ3HRnvRbuF2vQt2/KTdrWB +pOnad52smH0+5ervZS9Ooidg7L9Sfu+ARdWSFxOIsFPOSgJr7dVIKw6vcliw93Py +GwRVaOxKWUmVxuQUNBSawsIbhLCQYMp74hUL9iZ/vLo398H32u/sd/xLfHYXyZfb +GoyTQ6WxjjqzXlc1ISj3gv8+25X9vnPZ/zQC45cDLqTBYkB7V3rdDAcqrxzR/PF/ +hA+skUOnJ9N00MM/WB9+fMlAj4ZqZR2btpQcxPbRkTHbm0NZfGAFU2IlLgQ38sPD +ZN/zXEho+7rCFocEJ8AxFWMsTB0eAsVfvFyN2sdQXMQcGeHb2HfAX7d3MUInb+aH +BQm6tMi+cNTDUdPnMefRy0G/gQGEUPha0Nv5uePMhXum8J1Gaubs5a9SEezCBRby +6k1Oj0PSkR89XW4X9nkTnKo4F7fu/wB+IQy7Ts7rTa36LcgtV+U= +=yXWc +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-20:08.jail.asc b/share/security/advisories/FreeBSD-SA-20:08.jail.asc new file mode 100644 index 0000000000..03891c36cd --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-20:08.jail.asc @@ -0,0 +1,138 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:08.jail Security Advisory + The FreeBSD Project + +Topic: Kernel memory disclosure with nested jails + +Category: core +Module: kern +Announced: 2020-03-19 +Credits: Hans Christian Woithe +Affects: All supported versions of FreeBSD. +Corrected: 2020-03-16 21:12:46 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:51:33 UTC (releng/12.1, 12.1-RELEASE-p3) + 2020-03-16 21:12:32 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:51:33 UTC (releng/11.3, 11.3-RELEASE-p7) +CVE Name: CVE-2020-7453 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The jail_set(2) system call allows a system administrator to lock up a +process and all its descendants inside a closed environment with very +limited ability to affect the system outside that environment, even +for processes with superuser privileges. + +The jail_get(2) system call allows a system administrator to read the +configuration of running jails. + +II. Problem Description + +A missing NUL-termination check for the jail_set(2) configration option +"osrelease" may return more bytes when reading the jail configuration +back with jail_get(2) than were originally set. + +III. Impact + +For jails with a non-default setting of children.max > 0 ("nested jails") +a superuser inside a jail can create a jail and may be able to read and +take advantage of exposed kernel memory. + +IV. Workaround + +No workaround is available. Systems not altering the default settings of +the jail configuration option children.max=0 are not affected as a root on +the base system has access to kernel memory by other means and a super +user inside a jail cannot create further jails. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:08/kern_jail.patch +# fetch https://security.FreeBSD.org/patches/SA-20:08/kern_jail.patch.asc +# gpg --verify kern_jail.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r359021 +releng/12.1/ r359142 +stable/11/ r359020 +releng/11.3/ r359142 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKWdw//ZFfaoCenbVtvB6a4JW9HOT0yMoDXup+OdpjbhUTsJSyvDB9eZUSiZJ7u +4rQZpYQZotND2I/U8BSUjcJlDVzhTn6WN1yZFpWI9oFrSJhKxkwGMuetocUw7MgE +++WaaVueodMBjG7+v7mUmr5pXomdpxCO4XZxTW0BCm3Pvydera1kZVHzQ2pAw0On +cnOiSN+v04latfkjjdjPv+oC8GUsI3Q+4jF745MN9dND+4KV/4CW5BJg6sUiJakx +WB6cXayxp+Q/WPoB4OS/w3loe1FGIqESjXMxdHAV0n9eVofv8+h0rQt5kQ9oFpCm +Ql2NUG7xKqoidGlhzff5w0j5+VNXA/exv+sH/lQTZO5xJa/5Ti1wlUxsrp/8jO9Z +vRDd3CwjOIG+dFBSAXWcAaSedJ+Ax97RVbfKmYiy5B7ujJp/X6rJXU2G3zOhObCS +8/E+KHlj9YT4hN73zDeGiw5zKVjbfVQp661mKgP1lO+4Mv9357F8epux+CV3fdb6 +BBttCm8l8ubhfr12fmBAfXUXDx7stNTpvcgphGUB0v6Sfxbv0OHoGzfAGrQ3i3LP +Os7OoFRJ+2SJ/G8xpjVjriOsAoLeUX43JIlPTOEvU2mhol/M717Rwn94ndqXfNJh +XCF2AaOVXxBpdx2Vik3FBTGZvAfTCxMQOZwGn7zVzpbxlCbasKM= +=13XM +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-20:09.ntp.asc b/share/security/advisories/FreeBSD-SA-20:09.ntp.asc new file mode 100644 index 0000000000..8e6d3b2f8d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-20:09.ntp.asc @@ -0,0 +1,168 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:09.ntp Security Advisory + The FreeBSD Project + +Topic: Multiple denial of service in ntpd + +Category: contrib +Module: ntp +Announced: 2020-03-19 +Credits: Philippe Antoine and Miroslav Lichvar +Affects: All supported versions of FreeBSD. +Corrected: 2020-03-04 23:54:13 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:52:41 UTC (releng/12.1, 12.1-RELEASE-p3) + 2020-03-05 00:18:09 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:52:41 UTC (releng/11.3, 11.3-RELEASE-p7) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol +(NTP) used to synchronize the time of a computer system to a reference +time source. + +II. Problem Description + +Three NTP vulnerabilities are addressed by this security advisory. + +NTP Bug 3610: Process_control() should exit earlier on short packets. +On systems that override the default and enable ntpdc (mode 7), fuzz testing +detected a short packet will cause ntpd to read uninitialized data. + +NTP Bug 3596: Due to highly predictable transmit timestamps, an +unauthenticated, unmonitored ntpd is vulnerable to attack over IPv4. A victim +ntpd configured to receive time from an unauthenticated time source is +vulnerable to an off-path attacker with permission to query the victim. The +attacker must send from a spoofed IPv4 address of an upstream NTP server and +the victim must process a large number of packets with that spoofed IPv4 +address. After eight or more successful attacks in a row, the attacker can +either modify the victim's clock by a small amount or cause ntpd to +terminate. The attack is especially effective when unusually short poll +intervals have been configured. + +NTP Bug 3592: The fix for https://bugs.ntp.org/3445 introduced a bug such +that an ntpd can be prevented from initiating a time volley to its peer +resulting in a DoS. + +III. Impact + +All three NTP bugs may result in DoS or terimation of the ntp daemon. + +IV. Workaround + +Systems not using ntpd(8) are not vulnerable. + +Systems running ntpd should make the following changes: +- - Disable mode 7 +- - Use many trustworthy sources of time +- - Use NTP packet authentication +- - Monitor ntpd for error messages indicating attack +- - If only unauthenticated time over IPv4 is available, use the restrict + configuration directive + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.1-STABLE] +# fetch https://security.FreeBSD.org/patches/SA-20:09/ntp.12.patch +# fetch https://security.FreeBSD.org/patches/SA-20:09/ntp.12.patch.asc +# gpg --verify ntp.12.patch.asc + +[FreeBSD 12.1-RELEASE] +# fetch https://security.FreeBSD.org/patches/SA-20:09/ntp.12.1.patch +# fetch https://security.FreeBSD.org/patches/SA-20:09/ntp.12.1.patch.asc +# gpg --verify ntp.12.1.patch.asc + +[FreeBSD 11.3-STABLE] +# fetch https://security.FreeBSD.org/patches/SA-20:09/ntp.11.patch +# fetch https://security.FreeBSD.org/patches/SA-20:09/ntp.11.patch.asc +# gpg --verify ntp.11.patch.asc + +[FreeBSD 11.3-RELEASE] +# fetch https://security.FreeBSD.org/patches/SA-20:09/ntp.11.3.patch +# fetch https://security.FreeBSD.org/patches/SA-20:09/ntp.11.3.patch.asc +# gpg --verify ntp.11.3.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r358659 +releng/12.1/ r359144 +stable/11/ r358660 +releng/11.3/ r359144 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIoaA//V8fG/ugFkS6ASluls3rsww0gxoVH65HM7SDiPC814cl8ck2DUSMO7lzA +jPAmsLPdrhGrJ7lTndUxuZ5hf0YeI/CgccTWYoPgiZjfXoeHS2ydQVVpM9j2ByNo +KgwqEnRxLaIRBg3+zf7sT/IenC+ivHbPDxrmW4y7ehUQO/fZ3AcXjcAw6PPCzGlp +pN8Jml04uUuD/Nb92IzWGKvLPsL27slWAHG6nPPw0onzqaZqNhFf1UUDK9qvZRNB +2pHO+aJPfRq2kUk2DvfcB4kTGB1jbHJBBRNA1ns2xrtdKKIBnwSBatN/SBznhPuF +nxGN/Y0k8EYJdVOHaoyqSlG31jatAd/TaA9+1JauxB7/29c65JHyAfddtZKY64vl +DVnfDus+fcxg9D5FI7/O9qUeMZ/S1Ix683BzUPYhCDksC+VP28mqCHMBYRdKrc1m +ysnnER8Tli+Zbenn88202+lJAaAI3gKygdzKRQg5FgXWqWi84G1WPs+c8dihpovV +ZG5AqS1gJuwlP72x/g8by7BT140PZIEYaR5Qm7uIlfNTQxNBDmDkCF54wrhAFQWY +XZrOLiOsVJdn6mX9WfPh7kxd59nAjGuy5fKwWF22g5vQsGCGoBHsqZTKPiA+WxVu +Ngqq+8zUMkcTXP7NE3aT+4HDTXi/WRwiEKTGd8zGm5J8bEHXi9I= +=Q4Yq +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-20:03/sshd.patch b/share/security/patches/EN-20:03/sshd.patch new file mode 100644 index 0000000000..ab8006d033 --- /dev/null +++ b/share/security/patches/EN-20:03/sshd.patch @@ -0,0 +1,11 @@ +--- crypto/openssh/monitor.c.orig ++++ crypto/openssh/monitor.c +@@ -193,7 +193,7 @@ + #endif + {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, + #ifdef HAVE_LOGIN_CAP +- {MONITOR_REQ_GETPWCLASS, MON_AUTH, mm_answer_login_getpwclass}, ++ {MONITOR_REQ_GETPWCLASS, MON_ISAUTH, mm_answer_login_getpwclass}, + #endif + {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, + {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, diff --git a/share/security/patches/EN-20:03/sshd.patch.asc b/share/security/patches/EN-20:03/sshd.patch.asc new file mode 100644 index 0000000000..1add09e65e --- /dev/null +++ b/share/security/patches/EN-20:03/sshd.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpotfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIsbQ/9HDDvo7coVA4O70bhusaw40fVNZB8ZYvncW6CgP26TsXj4IGdhFNoQRaW +wfBOnADtv+0P0WvPkHe9+bNOXBD1KI1oejBnYFW9xjgPoilWtE5eoQzpbBGkar+/ +WUTHpdqunAcnt2gYly+pKByn9yrbZDmtbR9Fu1lGSMxuiOWxc7U6pFRZrJ3b+IRm +eUSiLiwR1l1Xuju5FEe7yZVKEkNOFuZUCd9dN2Iw6NFpFONug4RAmSwzBBdmgbyH +54aPvkwMpPBGqQp0WATGWlWi/FHPLWzK8wEkz+Z2UtLR/khkCd+314MMCkZpGeGp +I2SU6vQA+zL2qy75dWI13tyAPZHkBcj9FsIVQ4z86w8a/kmwbQE5VXZhIyqPQ4XQ +SJ6RkOJ+ltAQt0YsptndbZ149qimNOxT2ly4sAysNCELla+AyQgEWHgD53jfOVN6 +p4clsrRiAHXba/+4SZWqdrebck0VvqCpbp1o2TBJ3vPLGNql8ovfWrYL0KWZUndq +oqjwJtP4YTwsymX9AwNuOMwzYBUnTMPPhjwOlrWSMIQUsEva8rDI0yprdikwxUHt +3vddotFj/fcM5xJRMZykNbz7ORFVEYP2KJjTDBp/gu7nV9+UQtK9aquURgZ2bs0X +aKH2Y66XcYbUP3VgQxWapiFesFVjCFl+JtuD2Sm6aC6qibjXxLY= +=r0HP +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-20:04/pfctl.patch b/share/security/patches/EN-20:04/pfctl.patch new file mode 100644 index 0000000000..2f4efdea50 --- /dev/null +++ b/share/security/patches/EN-20:04/pfctl.patch @@ -0,0 +1,155 @@ +--- sys/netpfil/pf/pf.c.orig ++++ sys/netpfil/pf/pf.c +@@ -363,11 +363,14 @@ + u_long pf_srchashmask; + static u_long pf_hashsize; + static u_long pf_srchashsize; ++u_long pf_ioctl_maxcount = 65535; + + SYSCTL_ULONG(_net_pf, OID_AUTO, states_hashsize, CTLFLAG_RDTUN, + &pf_hashsize, 0, "Size of pf(4) states hashtable"); + SYSCTL_ULONG(_net_pf, OID_AUTO, source_nodes_hashsize, CTLFLAG_RDTUN, + &pf_srchashsize, 0, "Size of pf(4) source nodes hashtable"); ++SYSCTL_ULONG(_net_pf, OID_AUTO, request_maxcount, CTLFLAG_RDTUN, ++ &pf_ioctl_maxcount, 0, "Maximum number of tables, addresses, ... in a single ioctl() call"); + + VNET_DEFINE(void *, pf_swi_cookie); + +--- sys/netpfil/pf/pf_ioctl.c.orig ++++ sys/netpfil/pf/pf_ioctl.c +@@ -86,8 +86,6 @@ + #include + #endif + +-#define PF_TABLES_MAX_REQUEST 65535 /* Maximum tables per request. */ +- + static struct pf_pool *pf_get_pool(char *, u_int32_t, u_int8_t, u_int32_t, + u_int8_t, u_int8_t, u_int8_t); + +@@ -215,6 +213,8 @@ + /* pflog */ + pflog_packet_t *pflog_packet_ptr = NULL; + ++extern u_long pf_ioctl_maxcount; ++ + static void + pfattach_vnet(void) + { +@@ -2528,7 +2528,8 @@ + break; + } + +- if (io->pfrio_size < 0 || io->pfrio_size > PF_TABLES_MAX_REQUEST) { ++ if (io->pfrio_size < 0 || io->pfrio_size > pf_ioctl_maxcount || ++ WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_table))) { + error = ENOMEM; + break; + } +@@ -2559,7 +2560,8 @@ + break; + } + +- if (io->pfrio_size < 0 || io->pfrio_size > PF_TABLES_MAX_REQUEST) { ++ if (io->pfrio_size < 0 || io->pfrio_size > pf_ioctl_maxcount || ++ WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_table))) { + error = ENOMEM; + break; + } +@@ -2732,6 +2734,7 @@ + break; + } + if (io->pfrio_size < 0 || ++ io->pfrio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; +@@ -2769,6 +2772,7 @@ + break; + } + if (io->pfrio_size < 0 || ++ io->pfrio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; +@@ -2810,7 +2814,8 @@ + break; + } + count = max(io->pfrio_size, io->pfrio_size2); +- if (WOULD_OVERFLOW(count, sizeof(struct pfr_addr))) { ++ if (count > pf_ioctl_maxcount || ++ WOULD_OVERFLOW(count, sizeof(struct pfr_addr))) { + error = EINVAL; + break; + } +@@ -2848,6 +2853,7 @@ + break; + } + if (io->pfrio_size < 0 || ++ io->pfrio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; +@@ -2879,6 +2885,7 @@ + break; + } + if (io->pfrio_size < 0 || ++ io->pfrio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_astats))) { + error = EINVAL; + break; +@@ -2910,6 +2917,7 @@ + break; + } + if (io->pfrio_size < 0 || ++ io->pfrio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; +@@ -2947,6 +2955,7 @@ + break; + } + if (io->pfrio_size < 0 || ++ io->pfrio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; +@@ -2984,6 +2993,7 @@ + break; + } + if (io->pfrio_size < 0 || ++ io->pfrio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfrio_size, sizeof(struct pfr_addr))) { + error = EINVAL; + break; +@@ -3036,6 +3046,7 @@ + break; + } + if (io->size < 0 || ++ io->size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) { + error = EINVAL; + break; +@@ -3112,6 +3123,7 @@ + break; + } + if (io->size < 0 || ++ io->size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) { + error = EINVAL; + break; +@@ -3189,6 +3201,7 @@ + } + + if (io->size < 0 || ++ io->size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->size, sizeof(struct pfioc_trans_e))) { + error = EINVAL; + break; +@@ -3407,6 +3420,7 @@ + } + + if (io->pfiio_size < 0 || ++ io->pfiio_size > pf_ioctl_maxcount || + WOULD_OVERFLOW(io->pfiio_size, sizeof(struct pfi_kif))) { + error = EINVAL; + break; diff --git a/share/security/patches/EN-20:04/pfctl.patch.asc b/share/security/patches/EN-20:04/pfctl.patch.asc new file mode 100644 index 0000000000..1fb9df3b2e --- /dev/null +++ b/share/security/patches/EN-20:04/pfctl.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpotfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cI4mQ//S1DbTRLbm9xnXDA9XUKtC/2icqJ4B74oApa92Yn2y9Vu2Zz9x43HV/Hr +0+qqqZcw5kouz9SuP2JeTFBZqqDaSoR2Ee8TboM/MslIMYRkagJxxQUSZY/5U/3O +TihXbGgnVjyt+kAorH4+nJVbBtKnJhIvBmk+EGBIci5Pdlz8OVp2kuOk8jlN2zs3 +WeRpwv+Wwv1BLaa86+4sbUMIm28v3jWrNlJgDnJ2On9Wu9iXCRgPUBm5jIztfkGA +d5XDCTISwM1o5lNmEg8rl2ZdO/3Q3hJRSjYETgMqnDXyWvNmxWUmDvQYmABYkfGq +PRnjVlUyOdK7uVPa6TAI+8MEv1akUKmhWCsjGoJqHTqbg6Q7rItD3z6G2etfPNi8 +RL+DGW/ugJhwKjY8DLd3JH1GFyNpUxIcCF5wOaYvliY4Hvy0KC6BBVcNXuGxB9Nd +kVYt2Ki2J2pzLc5jkngfybuYjPnbp8uMOkO2BZtngmzGncuT/UMZyon6ONMB88yn +Yz3F4/IrKJ7guDnYZwOPyaNVHKcADB+tmmDQfSIok+3zuw2QJrCj9/jwI5urzBQu +xYab1xjAutPsWBPmDEMIdSt42aYjDV4tCWeFo0BKas2v391/8YdAu378+Xw/TLfp +mCr5c2g2zUyeKzvEQvv5hCPLRT2ViTcSp8roeBvoXq6FUwmlUso= +=HAnc +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-20:05/mlx5en.patch b/share/security/patches/EN-20:05/mlx5en.patch new file mode 100644 index 0000000000..4d5e5ce7bb --- /dev/null +++ b/share/security/patches/EN-20:05/mlx5en.patch @@ -0,0 +1,68 @@ +--- sys/dev/mlx5/mlx5_en/mlx5_en_tx.c.orig ++++ sys/dev/mlx5/mlx5_en/mlx5_en_tx.c +@@ -609,7 +609,8 @@ + struct mlx5e_sq *sq; + int ret; + +- if (mb->m_pkthdr.snd_tag != NULL) { ++ if ((mb->m_pkthdr.csum_flags & CSUM_SND_TAG) != 0 && ++ (mb->m_pkthdr.snd_tag != NULL)) { + sq = mlx5e_select_queue_by_send_tag(ifp, mb); + if (unlikely(sq == NULL)) { + /* Check for route change */ +--- sys/netinet/ip_output.c.orig ++++ sys/netinet/ip_output.c +@@ -653,6 +653,7 @@ + in_pcboutput_txrtlmt(inp, ifp, m); + /* stamp send tag on mbuf */ + m->m_pkthdr.snd_tag = inp->inp_snd_tag; ++ m->m_pkthdr.csum_flags |= CSUM_SND_TAG; + } else { + m->m_pkthdr.snd_tag = NULL; + } +@@ -705,6 +706,7 @@ + in_pcboutput_txrtlmt(inp, ifp, m); + /* stamp send tag on mbuf */ + m->m_pkthdr.snd_tag = inp->inp_snd_tag; ++ m->m_pkthdr.csum_flags |= CSUM_SND_TAG; + } else { + m->m_pkthdr.snd_tag = NULL; + } +--- sys/netinet6/ip6_output.c.orig ++++ sys/netinet6/ip6_output.c +@@ -966,6 +966,7 @@ + in_pcboutput_txrtlmt(inp, ifp, m); + /* stamp send tag on mbuf */ + m->m_pkthdr.snd_tag = inp->inp_snd_tag; ++ m->m_pkthdr.csum_flags |= CSUM_SND_TAG; + } else { + m->m_pkthdr.snd_tag = NULL; + } +@@ -1081,6 +1082,7 @@ + in_pcboutput_txrtlmt(inp, ifp, m); + /* stamp send tag on mbuf */ + m->m_pkthdr.snd_tag = inp->inp_snd_tag; ++ m->m_pkthdr.csum_flags |= CSUM_SND_TAG; + } else { + m->m_pkthdr.snd_tag = NULL; + } +--- sys/sys/mbuf.h.orig ++++ sys/sys/mbuf.h +@@ -519,6 +519,8 @@ + #define CSUM_L5_VALID 0x20000000 /* checksum is correct */ + #define CSUM_COALESCED 0x40000000 /* contains merged segments */ + ++#define CSUM_SND_TAG 0x80000000 /* Packet header has send tag */ ++ + /* + * CSUM flag description for use with printf(9) %b identifier. + */ +@@ -528,7 +530,7 @@ + "\12CSUM_IP6_UDP\13CSUM_IP6_TCP\14CSUM_IP6_SCTP\15CSUM_IP6_TSO" \ + "\16CSUM_IP6_ISCSI" \ + "\31CSUM_L3_CALC\32CSUM_L3_VALID\33CSUM_L4_CALC\34CSUM_L4_VALID" \ +- "\35CSUM_L5_CALC\36CSUM_L5_VALID\37CSUM_COALESCED" ++ "\35CSUM_L5_CALC\36CSUM_L5_VALID\37CSUM_COALESCED\40CSUM_SND_TAG" + + /* CSUM flags compatibility mappings. */ + #define CSUM_IP_CHECKED CSUM_L3_CALC diff --git a/share/security/patches/EN-20:05/mlx5en.patch.asc b/share/security/patches/EN-20:05/mlx5en.patch.asc new file mode 100644 index 0000000000..5fe3e9a39c --- /dev/null +++ b/share/security/patches/EN-20:05/mlx5en.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpotfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJdIQ/+L5DjK4Dny1CiFCxHMU52Gli2cYq37RIRciPockVn8aV5BQ4spn8BHgVd +l4LOZu3Scp2Ooo7m34L65+EkTp9cXsG5Ins3Cxv2EHMApwQs8GFWPZGSwiaNUC6V +iAmCMux4unoCd4kpIXVJcFa0KLP4jH9rofFGbVpJSxvdkfLIxdxPDTQauDJUCI80 +ZWmb78AZMX7xZXNduwEszSg4JRej46jHZhCxOQdJ3jaAbXgiTwMof61qVkcSbtmP +q4UOGuGbLp53hFjItc9LMAyn6GXzqO5KFrQbQUifqaeKbpYELKcSjARcHN0FFXzc +mba3CwDG/PPInCF49Mb4Q/VkJyPNaKdoUWRhCc05Xl5p0k4BJYy/lmlNqqg97tX1 +gbWyGc6xa+8GmlNA7uj1C4wFlXCziTnNth6PNK+teyZh3YFJW7bXvTqNNwbp3qB0 +qs113nT+FL7UEBTwVNdTaF9wAoVWb/bHg5hjw7Lg3cNx8WbpMKhOP9jhQcfd2QDO +uGjzLGkwb5Q9RMOogq8OD00FHr7Ok2x2YPrJFIBqV36bMEyjsvkjr2W1kIgodZkv +LSXHYmTKiUEOc1XgBZN+qrlTBjQ+MZLyoAdpb0dlH4gQyS/vikY5FwrJqUTfBf4n +06P8HJ5TW6d0KH6Vm+6V57KLzTAqdc0hK9hOb3L257Bs54EZWUg= +=0lYL +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-20:06/ipv6.patch b/share/security/patches/EN-20:06/ipv6.patch new file mode 100644 index 0000000000..4d298f4085 --- /dev/null +++ b/share/security/patches/EN-20:06/ipv6.patch @@ -0,0 +1,83 @@ +--- sys/netinet6/ip6_output.c.orig ++++ sys/netinet6/ip6_output.c +@@ -205,6 +205,36 @@ + *(u_short *)mtodo(m, offset) = csum; + } + ++static int ++ip6_output_delayed_csum(struct mbuf *m, struct ifnet *ifp, int csum_flags, ++ int plen, int optlen, bool frag __unused) ++{ ++ ++ KASSERT((plen >= optlen), ("%s:%d: plen %d < optlen %d, m %p, ifp %p " ++ "csum_flags %#x frag %d\n", ++ __func__, __LINE__, plen, optlen, m, ifp, csum_flags, frag)); ++ ++ if ((csum_flags & CSUM_DELAY_DATA_IPV6) || ++#ifdef SCTP ++ (csum_flags & CSUM_SCTP_IPV6) || ++#endif ++ false) { ++ if (csum_flags & CSUM_DELAY_DATA_IPV6) { ++ in6_delayed_cksum(m, plen - optlen, ++ sizeof(struct ip6_hdr) + optlen); ++ m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; ++ } ++#ifdef SCTP ++ if (csum_flags & CSUM_SCTP_IPV6) { ++ sctp_delayed_cksum(m, sizeof(struct ip6_hdr) + optlen); ++ m->m_pkthdr.csum_flags &= ~CSUM_SCTP_IPV6; ++ } ++#endif ++ } ++ ++ return (0); ++} ++ + int + ip6_fragment(struct ifnet *ifp, struct mbuf *m0, int hlen, u_char nextproto, + int fraglen , uint32_t id) +@@ -908,17 +938,10 @@ + * XXX-BZ Need a framework to know when the NIC can handle it, even + * with ext. hdrs. + */ +- if (sw_csum & CSUM_DELAY_DATA_IPV6) { +- sw_csum &= ~CSUM_DELAY_DATA_IPV6; +- in6_delayed_cksum(m, plen, sizeof(struct ip6_hdr)); +- } +-#ifdef SCTP +- if (sw_csum & CSUM_SCTP_IPV6) { +- sw_csum &= ~CSUM_SCTP_IPV6; +- sctp_delayed_cksum(m, sizeof(struct ip6_hdr)); +- } +-#endif +- m->m_pkthdr.csum_flags &= ifp->if_hwassist; ++ error = ip6_output_delayed_csum(m, ifp, sw_csum, plen, optlen, false); ++ if (error != 0) ++ goto bad; ++ /* XXX-BZ m->m_pkthdr.csum_flags &= ~ifp->if_hwassist; */ + tlen = m->m_pkthdr.len; + + if ((opt && (opt->ip6po_flags & IP6PO_DONTFRAG)) || tso) +@@ -1017,16 +1040,11 @@ + * fragmented packets, then do it here. + * XXX-BZ handle the hw offloading case. Need flags. + */ +- if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { +- in6_delayed_cksum(m, plen, hlen); +- m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; +- } +-#ifdef SCTP +- if (m->m_pkthdr.csum_flags & CSUM_SCTP_IPV6) { +- sctp_delayed_cksum(m, hlen); +- m->m_pkthdr.csum_flags &= ~CSUM_SCTP_IPV6; +- } +-#endif ++ error = ip6_output_delayed_csum(m, ifp, m->m_pkthdr.csum_flags, ++ plen, optlen, true); ++ if (error != 0) ++ goto bad; ++ + /* + * Change the next header field of the last header in the + * unfragmentable part. diff --git a/share/security/patches/EN-20:06/ipv6.patch.asc b/share/security/patches/EN-20:06/ipv6.patch.asc new file mode 100644 index 0000000000..302dc4ac70 --- /dev/null +++ b/share/security/patches/EN-20:06/ipv6.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpotfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIh8Q/9ETsrnu22hJARS6H5kO+HGOd3NhRamWpllytcM1Q2TLMYbHB6UunMao05 +YxBp86u9NhWYgyQ+qJeOqXgQpo6/ReUmjfplersuraacGjVoDgxPRqCVibAX8Of7 +3PhaVCH8vwC5bkZqMm3JpPS62eEF2WF/Mc2asao6z0pI16PCi01ZOEgLFC9CdqTr +IZpHN1QX3Jj1uinYoACkwTKoY/y5FdoSoXg0Z8cvuoZ94ruSg/bUmuZJD0Hrs20r +HGWmcUJx/qorozp0X006kbErZqQ8WIlk+BDLiGdG/XjDd+OWOmYclAcKvpbJb8IR +2ELeLbP+yhXgpayrbXKA/B4Dd0p4uzPe0KV9GjLb+6et7SFV5Aidxs+7PfNubzpi +JecV47YEvLDS6AhdiYmVD7ZF7PX6LEd3tFKgsH+yygYfPCWjZopeViqo2vAE4aBC +a1fIIPugZDsqQowhdo0IfEc/BBP5X8hRlQt1FwKoepZ++hcQzvSvOtZgQI/VTP4R +B+zPVSJKvb7lbPknSXHMnLEqhf4TtRWAEHQiz14YhVFdeCFxxJ+V6Rsm+6DnijLs +O69YmQ4eI59eY1rfADaDE+ej6OPHhQ46rJKmN7+JyzAM/NcW3ZRuUEItdlSrBt4M +4olOYvnF6OBl3Qnta85O/53fP1dEnclxv838uEtSXYesVZbyVeA= +=xBIY +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-20:04/tcp.patch b/share/security/patches/SA-20:04/tcp.patch new file mode 100644 index 0000000000..71da5ac463 --- /dev/null +++ b/share/security/patches/SA-20:04/tcp.patch @@ -0,0 +1,12 @@ +--- sys/netinet/tcp_syncache.c.orig ++++ sys/netinet/tcp_syncache.c +@@ -1728,7 +1728,8 @@ + ip6->ip6_dst = sc->sc_inc.inc6_faddr; + ip6->ip6_plen = htons(tlen - hlen); + /* ip6_hlim is set after checksum */ +- ip6->ip6_flow &= ~IPV6_FLOWLABEL_MASK; ++ /* Zero out traffic class and flow label. */ ++ ip6->ip6_flow &= ~IPV6_FLOWINFO_MASK; + ip6->ip6_flow |= sc->sc_flowlabel; + + th = (struct tcphdr *)(ip6 + 1); diff --git a/share/security/patches/SA-20:04/tcp.patch.asc b/share/security/patches/SA-20:04/tcp.patch.asc new file mode 100644 index 0000000000..75834e236a --- /dev/null +++ b/share/security/patches/SA-20:04/tcp.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpoxfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cL73A//ccllY3bR2AqzjlfNp8I+w6dzZx8uS/waSLJL+zUeSI1TVrSu2+mjTbIK +s0JVqZ9XP+CPHE+37acn3YpXMsVRn1E4DBLzeaMLH255x+b5svWFZh+/rdgy0w+S +WSlTB5zu+77WaCr9XdBD5V0EkUBmUIOgkUc+LL9tM9s1x4+DUD+4KybLQHQo7zke +wbQ/mc0mpD7ugb4t5V7xPxvYOOxmCZEnZNIaNz991q/n48Kqi47GDPdnTidjUqdT +i6f2N0/eToGMmx+Dilbuyk2hCtOiSdydUVJAk+KA1RGSGKIGSQ7nUD5wmOLRmPO3 +xQCEdG117Fpu1Y54zSLmU6O11S+FjOO9RyDPQkeQq+TD23rweTJG7kFgxIEZw3om +gMFaVW8BNmqR0ozTqryM6wpNqeI52HiWi9OKhp05jV1cV6z6o5kyfGGceI/HcAAa +Du/JAyvqNDSyrGJQZKSTkcr0/8YxtzM/QYXaSQoqrhYnyegGYTfkv2OgGgcypTdl +QxKd1F/wVhIac5FGDBmAst/nHMwlnyadugRe1FjCQLOdwIkuj5Ol/fRq670+eBQh +mLFQM3fGw2nW2ZuVj5ewqIbeLAzJ/cz3USdX+XT473i9u1/3O0OyN3tVY6HsSIP2 +7SgjuAxAwsy5Gkg5pq42sYeENKJn0DTIks11llrfGNaivQHWmao= +=m2Ba +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-20:05/if_oce_ioctl.patch b/share/security/patches/SA-20:05/if_oce_ioctl.patch new file mode 100644 index 0000000000..7d2255010d --- /dev/null +++ b/share/security/patches/SA-20:05/if_oce_ioctl.patch @@ -0,0 +1,22 @@ +--- sys/dev/oce/oce_if.c.orig ++++ sys/dev/oce/oce_if.c +@@ -616,6 +616,9 @@ + break; + + case SIOCGPRIVATE_0: ++ rc = priv_check(curthread, PRIV_DRIVER); ++ if (rc != 0) ++ break; + rc = oce_handle_passthrough(ifp, data); + break; + default: +--- sys/dev/oce/oce_if.h.orig ++++ sys/dev/oce/oce_if.h +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + #include + #include + #include diff --git a/share/security/patches/SA-20:05/if_oce_ioctl.patch.asc b/share/security/patches/SA-20:05/if_oce_ioctl.patch.asc new file mode 100644 index 0000000000..e93b91de5d --- /dev/null +++ b/share/security/patches/SA-20:05/if_oce_ioctl.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpoxfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cI3/hAAmEYQUOLoEEcfq7YAM+P+kowlu+atAw+istqcqMqs8KWlELcd5PG78R2v +EXdywpDDDnmbp/zTBTs1aaIShmKkV8e/+ow++n8eABDYp/ERdNFMhosCuNjvGjy8 +u38hBUL5L7FC5CARndSp5teixEi9GnITg9CckHrOYfAje2WOJJjhd2VKTKsblEn6 +1jrVdncK3HQQFmRS+A2l0Ot+WVF7zO7H5vZgkqDOgt9bNXc47eTX6GumZ0NgKnDG +Mth0PJvCVMBw2cQLmYF2/gkZPFIff9TucHvosESScjQkD1NPNQ+0sc73lEhQolmV +7KvmahlayMrMZp5t48iDSjhMug4uVrIv+hvM3VTE7VQKNV0gWfUAYKaXDiF/1Dq8 +cDCPttm/Ohq1wbEWtidP/vfmQd5TowKofikHOS0y+65qCvg5CR3FTU2cC0vUkwxN +yE/XYz9lfNyuLyJOj/plr/1dQXZoOGjg/4iurttGDy+PTqazQQuGJigSDaYirj/J +CJyZPG3Y3QKYM0DACS9KJxoydv9L6prusS0PqW4YaCPRZ9zuV93J7GyIxzi/DCXB +go8pRDAvqgJ5O1eQUYOX3IKl9nCeuXvleHEL/jDBozrsvmvkdVDlcsYCGzOA7LUv +vEjoncew786D9bAc+SRWgsuebU40wgLV1mbjtjBaEX/QVWqsypc= +=en9g +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-20:06/if_ixl_ioctl.patch b/share/security/patches/SA-20:06/if_ixl_ioctl.patch new file mode 100644 index 0000000000..f1c1795f3b --- /dev/null +++ b/share/security/patches/SA-20:06/if_ixl_ioctl.patch @@ -0,0 +1,48 @@ +--- sys/dev/ixl/if_ixl.c.orig ++++ sys/dev/ixl/if_ixl.c +@@ -1625,12 +1625,30 @@ + struct ifdrv *ifd = (struct ifdrv *)data; + int error = 0; + +- /* NVM update command */ +- if (ifd->ifd_cmd == I40E_NVM_ACCESS) +- error = ixl_handle_nvmupd_cmd(pf, ifd); +- else +- error = EINVAL; ++ /* ++ * The iflib_if_ioctl forwards SIOCxDRVSPEC and SIOGPRIVATE_0 without ++ * performing privilege checks. It is important that this function ++ * perform the necessary checks for commands which should only be ++ * executed by privileged threads. ++ */ + ++ switch(command) { ++ case SIOCGDRVSPEC: ++ case SIOCSDRVSPEC: ++ /* NVM update command */ ++ if (ifd->ifd_cmd == I40E_NVM_ACCESS) { ++ error = priv_check(curthread, PRIV_DRIVER); ++ if (error) ++ break; ++ error = ixl_handle_nvmupd_cmd(pf, ifd); ++ } else { ++ error = EINVAL; ++ } ++ break; ++ default: ++ error = EOPNOTSUPP; ++ } ++ + return (error); + } + +--- sys/dev/ixl/ixl.h.orig ++++ sys/dev/ixl/ixl.h +@@ -52,6 +52,7 @@ + #include + #include + #include ++#include + + #include + #include diff --git a/share/security/patches/SA-20:06/if_ixl_ioctl.patch.asc b/share/security/patches/SA-20:06/if_ixl_ioctl.patch.asc new file mode 100644 index 0000000000..2358a366f4 --- /dev/null +++ b/share/security/patches/SA-20:06/if_ixl_ioctl.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpoxfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJedxAAkRktJwXTYThJXPRmmF0iko2vuF6FBr/dtZO2elSStsXmDL5EeU6Qn8XY +kId640GOm8UmLctWspVL8R/Vo2CGMnZam2+Z5rPZ/UEXS2KyC4FTWMNR8nQtiNci +GVFJgUIyKTjuDAEGMI51cFZ72Hheh4vV3jtw8RmKnPjsHxwTJqEPt0povqvu/gym +3kBk1BXbLSKOw04AH/MiVw8t7mMRZWNrYE61zsG9LE9FprITtZcQZB6yNsZFICpd +ImfivrHm75X5Or1Q0T0+MeGvVe0hCjRa2O81wnGPoAYYKorhHSVhg0zQWOBzCqgi +B+8Az7eGuIRCGzh4ZDJwN6hI6vAb0lk2MSAvAvAkhrwzO5NAcMXg/PTej4Ph79U+ +IYlfp+gA4vaBgChx/++n9TM7b/2etq1hB1aF8hcgvJOLdcXiVK9cl4ad97uAezz0 +0ux71E/igUC/tub0TUL9Oe8VCoWrzZUF+UeWZadbalIALnFPaZJ+5ZQH/xvr+D7H +aQXwbUJqp0Qq3TS07Yk9wqq5UeyF+H15lgUAHJ3CWolUaiJJyjmNqj5ekijreP0P +7Lk8q4Ouxi5jz2S/ZbeHWnVLY+vDnrn7Ww+qWJh2T8+nHLRgw1vYeWQUO3FHUxH3 +/lJy6n1ypS63tYfmN3vpmhKpgRfKbp5ovCAAONgSdqxSzBmhVd4= +=O27d +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-20:07/epair.11.patch b/share/security/patches/SA-20:07/epair.11.patch new file mode 100644 index 0000000000..fa6f7e6893 --- /dev/null +++ b/share/security/patches/SA-20:07/epair.11.patch @@ -0,0 +1,114 @@ +--- sys/net/if_clone.c.orig ++++ sys/net/if_clone.c +@@ -208,6 +208,17 @@ + return (if_clone_createif(ifc, name, len, params)); + } + ++void ++if_clone_addif(struct if_clone *ifc, struct ifnet *ifp) ++{ ++ ++ if_addgroup(ifp, ifc->ifc_name); ++ ++ IF_CLONE_LOCK(ifc); ++ IFC_IFLIST_INSERT(ifc, ifp); ++ IF_CLONE_UNLOCK(ifc); ++} ++ + /* + * Create a clone network interface. + */ +@@ -230,11 +241,7 @@ + if (ifp == NULL) + panic("%s: lookup failed for %s", __func__, name); + +- if_addgroup(ifp, ifc->ifc_name); +- +- IF_CLONE_LOCK(ifc); +- IFC_IFLIST_INSERT(ifc, ifp); +- IF_CLONE_UNLOCK(ifc); ++ if_clone_addif(ifc, ifp); + } + + return (err); +--- sys/net/if_clone.h.orig ++++ sys/net/if_clone.h +@@ -72,7 +72,8 @@ + struct if_clone *if_clone_findifc(struct ifnet *); + void if_clone_addgroup(struct ifnet *, struct if_clone *); + +-/* The below interface used only by epair(4). */ ++/* The below interfaces are used only by epair(4). */ ++void if_clone_addif(struct if_clone *, struct ifnet *); + int if_clone_destroyif(struct if_clone *, struct ifnet *); + + #endif /* _KERNEL */ +--- sys/net/if_epair.c.orig ++++ sys/net/if_epair.c +@@ -704,6 +704,23 @@ + return (1); + } + ++static void ++epair_clone_add(struct if_clone *ifc, struct epair_softc *scb) ++{ ++ struct ifnet *ifp; ++ uint8_t eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ ++ ++ ifp = scb->ifp; ++ /* Assign a hopefully unique, locally administered etheraddr. */ ++ eaddr[0] = 0x02; ++ eaddr[3] = (ifp->if_index >> 8) & 0xff; ++ eaddr[4] = ifp->if_index & 0xff; ++ eaddr[5] = 0x0b; ++ ether_ifattach(ifp, eaddr); ++ ++ if_clone_addif(ifc, ifp); ++} ++ + static int + epair_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) + { +@@ -713,26 +730,6 @@ + int error, unit, wildcard; + uint8_t eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ + +- /* +- * We are abusing params to create our second interface. +- * Actually we already created it and called if_clone_create() +- * for it to do the official insertion procedure the moment we knew +- * it cannot fail anymore. So just do attach it here. +- */ +- if (params) { +- scb = (struct epair_softc *)params; +- ifp = scb->ifp; +- /* Assign a hopefully unique, locally administered etheraddr. */ +- eaddr[0] = 0x02; +- eaddr[3] = (ifp->if_index >> 8) & 0xff; +- eaddr[4] = ifp->if_index & 0xff; +- eaddr[5] = 0x0b; +- ether_ifattach(ifp, eaddr); +- /* Correctly set the name for the cloner list. */ +- strlcpy(name, scb->ifp->if_xname, len); +- return (0); +- } +- + /* Try to see if a special unit was requested. */ + error = ifc_name2unit(name, &unit); + if (error != 0) +@@ -860,10 +857,11 @@ + ifp->if_snd.ifq_maxlen = ifqmaxlen; + /* We need to play some tricks here for the second interface. */ + strlcpy(name, epairname, len); +- error = if_clone_create(name, len, (caddr_t)scb); +- if (error) +- panic("%s: if_clone_create() for our 2nd iface failed: %d", +- __func__, error); ++ ++ /* Correctly set the name for the cloner list. */ ++ strlcpy(name, scb->ifp->if_xname, len); ++ epair_clone_add(ifc, scb); ++ + scb->if_qflush = ifp->if_qflush; + ifp->if_qflush = epair_qflush; + ifp->if_transmit = epair_transmit; diff --git a/share/security/patches/SA-20:07/epair.11.patch.asc b/share/security/patches/SA-20:07/epair.11.patch.asc new file mode 100644 index 0000000000..8704494060 --- /dev/null +++ b/share/security/patches/SA-20:07/epair.11.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpoxfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIQtQ//UD8/0BDQYHiWjIfps4h6sPh0UQvXsCbE7uvLWpyA7H96Qi7EZhq17Yjr +IrF0iwkNtp4LInhbLEmAOuYwbkdhk4oqAZ30T7VbZQRuny/fDzMfM2M3mTW+2Ozr +SbIw3TlRd47p1NZQW5nhG7GFTVwlLQS0VxS1uHnNCXD9djW29tgeN9jI7pYe/ozq +VHIx5Dq9EphU5DvBrZNWQDIGS8Wq63DrRzHTJmm6+WpAFnHBETv3pplN9XRpjY24 +RFPv94Xtj0fbn6D4b+rDQUCVZ1ukea6EcMCRZDL4RQrCgWXpNTqQr1Nsqf4QGdFS +dz0krA4IRdZnUQvqp8X0KkAb80rCEhXOzI8bmD9VSoTMJtn0NrYU0oh5O9quZVXh +OVisB5o+eBY+Ywgh6q1R6Arm5MOzSAuDgQ3J+M3sRmx4k6SIL5F72hUupIWEvesk +rqpashwDQM4luXMyEmucpbEvB/s7ELUjMp1BDnb2+xRyzAAPDPr/d8PPAP5lWa+k +YjCDRGObtnaX2A0uEXDt0JZ0UCrxDW4NRmdWzI8/PrT4IekW8NwvJX4ON6zAFudW +ENoOK3qmIIZkhIUbIHUrmJ/pl52vwY7ztiQ3cHvolZX4T7bHURScwnVPcwiaDyZ4 +z4HeBdJafULZnZifVkWa3gTer804AMy3Ww8vSdkclIg+ADtUZg8= +=Fp6B +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-20:07/epair.12.patch b/share/security/patches/SA-20:07/epair.12.patch new file mode 100644 index 0000000000..cd9ed09771 --- /dev/null +++ b/share/security/patches/SA-20:07/epair.12.patch @@ -0,0 +1,112 @@ +--- sys/net/if_clone.c.orig ++++ sys/net/if_clone.c +@@ -211,6 +211,18 @@ + return (if_clone_createif(ifc, name, len, params)); + } + ++void ++if_clone_addif(struct if_clone *ifc, struct ifnet *ifp) ++{ ++ ++ if ((ifc->ifc_flags & IFC_NOGROUP) == 0) ++ if_addgroup(ifp, ifc->ifc_name); ++ ++ IF_CLONE_LOCK(ifc); ++ IFC_IFLIST_INSERT(ifc, ifp); ++ IF_CLONE_UNLOCK(ifc); ++} ++ + /* + * Create a clone network interface. + */ +@@ -233,12 +245,7 @@ + if (ifp == NULL) + panic("%s: lookup failed for %s", __func__, name); + +- if ((ifc->ifc_flags & IFC_NOGROUP) == 0) +- if_addgroup(ifp, ifc->ifc_name); +- +- IF_CLONE_LOCK(ifc); +- IFC_IFLIST_INSERT(ifc, ifp); +- IF_CLONE_UNLOCK(ifc); ++ if_clone_addif(ifc, ifp); + } + + return (err); +--- sys/net/if_clone.h.orig ++++ sys/net/if_clone.h +@@ -79,7 +79,8 @@ + struct if_clone *if_clone_findifc(struct ifnet *); + void if_clone_addgroup(struct ifnet *, struct if_clone *); + +-/* The below interface used only by epair(4). */ ++/* The below interfaces are used only by epair(4). */ ++void if_clone_addif(struct if_clone *, struct ifnet *); + int if_clone_destroyif(struct if_clone *, struct ifnet *); + + #endif /* _KERNEL */ +--- sys/net/if_epair.c.orig ++++ sys/net/if_epair.c +@@ -711,6 +711,21 @@ + return (1); + } + ++static void ++epair_clone_add(struct if_clone *ifc, struct epair_softc *scb) ++{ ++ struct ifnet *ifp; ++ uint8_t eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ ++ ++ ifp = scb->ifp; ++ /* Copy epairNa etheraddr and change the last byte. */ ++ memcpy(eaddr, scb->oifp->if_hw_addr, ETHER_ADDR_LEN); ++ eaddr[5] = 0x0b; ++ ether_ifattach(ifp, eaddr); ++ ++ if_clone_addif(ifc, ifp); ++} ++ + static int + epair_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params) + { +@@ -723,24 +738,6 @@ + uint32_t hash; + uint8_t eaddr[ETHER_ADDR_LEN]; /* 00:00:00:00:00:00 */ + +- /* +- * We are abusing params to create our second interface. +- * Actually we already created it and called if_clone_create() +- * for it to do the official insertion procedure the moment we knew +- * it cannot fail anymore. So just do attach it here. +- */ +- if (params) { +- scb = (struct epair_softc *)params; +- ifp = scb->ifp; +- /* Copy epairNa etheraddr and change the last byte. */ +- memcpy(eaddr, scb->oifp->if_hw_addr, ETHER_ADDR_LEN); +- eaddr[5] = 0x0b; +- ether_ifattach(ifp, eaddr); +- /* Correctly set the name for the cloner list. */ +- strlcpy(name, ifp->if_xname, len); +- return (0); +- } +- + /* Try to see if a special unit was requested. */ + error = ifc_name2unit(name, &unit); + if (error != 0) +@@ -891,10 +888,11 @@ + if_setsendqready(ifp); + /* We need to play some tricks here for the second interface. */ + strlcpy(name, epairname, len); +- error = if_clone_create(name, len, (caddr_t)scb); +- if (error) +- panic("%s: if_clone_create() for our 2nd iface failed: %d", +- __func__, error); ++ ++ /* Correctly set the name for the cloner list. */ ++ strlcpy(name, scb->ifp->if_xname, len); ++ epair_clone_add(ifc, scb); ++ + scb->if_qflush = ifp->if_qflush; + ifp->if_qflush = epair_qflush; + ifp->if_transmit = epair_transmit; diff --git a/share/security/patches/SA-20:07/epair.12.patch.asc b/share/security/patches/SA-20:07/epair.12.patch.asc new file mode 100644 index 0000000000..ebd7d013a8 --- /dev/null +++ b/share/security/patches/SA-20:07/epair.12.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpoxfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLwgg/9G7rMa/od4rYSAnzkA0nPcsSQnZbpEnxUmDhEx9oaEOXOKvWEd8WCikei +YIZZ2UmHdtLs9nYhVuw7pM1DTzrxwO+9YJe5ywE6ZiuZ0oX8xvEU+OeeTaQbh8Ks +fHPybbZFyi7gxJpOgmka00qeV8O6Q8ixNqqOo/xsfFszbmgp/MQeFW3czmEKy53y +CxsDjpnjr4MdlGSKQ5v97TuCyeJs+jvxNigoEj8xog0xFqHAk9WhZjTOzaaQiiUS +owrUyavN97amH1ZOAKsi2m8uvRlNZxa8eDff12Fcrt3Qe+7JQr8oKhk9377RCw8G +z1O5lBXR2ga1O9q05S/17LF2tCs380UdBgaOGEa0cg2SvHPiPAGOUwvlDNMrQCkL +btGn2JMPRK2qISM1jjwM3Gfk2txCQsMYEwsF9YgGyOiXWu0Pq/uABAeEqgzdmhZp +0u7EqchQ9lyQR102i9446EMSfO4VmgFgszfzCdVVcuSRYekjqko0z0KLC7FtXl1Z +EtUPHOYWyeI/wF1wFj8BKXEEfp8PEccLYNVmSafMRfj/GxX6CMCMHoTHblVSwZ2v +tzaGwxHyqwCwE0Qqk6wMUtRyzQdRbUYSyUy41PrM41RZg+AOwvMZVYghUDfNbXJ1 +PfdW/jWle2FukRhUK5upGuXc2atFBwY50wwJrL4zG0UoT6CSIM4= +=SiJG +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-20:08/kern_jail.patch b/share/security/patches/SA-20:08/kern_jail.patch new file mode 100644 index 0000000000..36c885851c --- /dev/null +++ b/share/security/patches/SA-20:08/kern_jail.patch @@ -0,0 +1,30 @@ +--- sys/kern/kern_jail.c.orig ++++ sys/kern/kern_jail.c +@@ -865,8 +865,12 @@ + "osrelease cannot be changed after creation"); + goto done_errmsg; + } +- if (len == 0 || len >= OSRELEASELEN) { ++ if (len == 0 || osrelstr[len - 1] != '\0') { + error = EINVAL; ++ goto done_free; ++ } ++ if (len >= OSRELEASELEN) { ++ error = ENAMETOOLONG; + vfs_opterror(opts, + "osrelease string must be 1-%d bytes long", + OSRELEASELEN - 1); +@@ -1241,9 +1245,11 @@ + + pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; + if (osrelstr == NULL) +- strcpy(pr->pr_osrelease, ppr->pr_osrelease); ++ strlcpy(pr->pr_osrelease, ppr->pr_osrelease, ++ sizeof(pr->pr_osrelease)); + else +- strcpy(pr->pr_osrelease, osrelstr); ++ strlcpy(pr->pr_osrelease, osrelstr, ++ sizeof(pr->pr_osrelease)); + + LIST_INIT(&pr->pr_children); + mtx_init(&pr->pr_mtx, "jail mutex", NULL, MTX_DEF | MTX_DUPOK); diff --git a/share/security/patches/SA-20:08/kern_jail.patch.asc b/share/security/patches/SA-20:08/kern_jail.patch.asc new file mode 100644 index 0000000000..b80df9274a --- /dev/null +++ b/share/security/patches/SA-20:08/kern_jail.patch.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpoxfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJybQ/+MODmoQrligHy7yuXlpo+mY4Ew3ALca4Q+F1+u1ZtwaPbyyiT2dZO5uhi +mIdUvq3okDeaJhU+JDJ9KmEtxAOTUE90AJTCsUISbHQ+RGtkYvuuJDDLw/7hZItC +yepdHa5Jcp6TIPa/JLC0TZJVWKBYr/JyiUk8svUzMJXB1b0BNxNJ0yOiiprEmiuI +drFgnzHIJRE8W9AxtyK1+ypLTGUuDpdvbVRlYnx5IBC7Jks/0U8jHWW9xsjOdA3/ +RNz15yvX9dyc7DQBi6a3xr+TJUDnDRPRmzCUHvqVJp+cErLylfTS5sON3tY85TqU +C/kr27nHRqML05iaWyW5bE9S84I6uilh5/Cj51aHaKRqCO5yLpybNcB35GmgTLXG +Ojj5MCxbCexvlCiiy+I97cikl+kfmmk63zjRwNF5dgYU7CITARf1sLJLp4Ia3iux +MMvLgugvMPneF94u2zas2yNVO0JfndV6BEMEVt32aGc+eUBDKrnv/jSXshB/WGKf +PXO9K6x2lVOZfjIk0x/Ete/70nutn9GZ58ipHnQD968dmTR+6+wQdYkZxH1s+9p9 +NRDwlz0K2f5+OvfFRlIqIZhDJP6ZwJ475M9oTZvxIzcmceVMdcOImWB1c4a4qcOV +cdVgf6v02+A+S7taomKPaNNSeyrJn/UOrO+ZNHqMcLRr7Ho8/G0= +=OlVb +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-20:09/ntp.11.3.patch b/share/security/patches/SA-20:09/ntp.11.3.patch new file mode 100644 index 0000000000..522d4f46c3 --- /dev/null +++ b/share/security/patches/SA-20:09/ntp.11.3.patch @@ -0,0 +1,29580 @@ +--- contrib/ntp/COPYRIGHT.orig ++++ contrib/ntp/COPYRIGHT +@@ -3,7 +3,7 @@ + + jpg "Clone me," says Dolly sheepishly. + +- Last update: 2-Jan-2017 11:58 UTC ++ Last update: 4-Feb-2020 23:47 UTC + __________________________________________________________________ + + The following copyright notice applies to all files collectively called +@@ -32,7 +32,7 @@ + Burnicki is: + *********************************************************************** + * * +-* Copyright (c) Network Time Foundation 2011-2017 * ++* Copyright (c) Network Time Foundation 2011-2020 * + * * + * All Rights Reserved * + * * +--- contrib/ntp/ChangeLog.orig ++++ contrib/ntp/ChangeLog +@@ -1,4 +1,100 @@ + --- ++(4.2.8p14) 2020/03/03 Released by Harlan Stenn ++ ++* [Sec 3610] process_control() should bail earlier on short packets. stenn@ ++ - Reported by Philippe Antoine ++* [Sec 3596] Highly predictable timestamp attack. ++ - Reported by Miroslav Lichvar ++* [Sec 3592] DoS attack on client ntpd ++ - Reported by Miroslav Lichvar ++* [Bug 3637] Emit the version of ntpd in saveconfig. stenn@ ++* [Bug 3636] NMEA: combine time/date from multiple sentences ++* [Bug 3635] Make leapsecond file hash check optional ++* [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@ ++* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence ++ - implement Zeller's congruence in libparse and libntp ++* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap ++ - integrated patch by Cy Schubert ++* [Bug 3620] memory leak in ntpq sysinfo ++ - applied patch by Gerry Garvey ++* [Bug 3619] Honour drefid setting in cooked mode and sysinfo ++ - applied patch by Gerry Garvey ++* [Bug 3617] Add support for ACE III and Copernicus II receivers ++ - integrated patch by Richard Steedman ++* [Bug 3615] accelerate refclock startup ++* [Bug 3613] Propagate noselect to mobilized pool servers ++ - Reported by Martin Burnicki ++* [Bug 3612] Use-of-uninitialized-value in receive function ++ - Reported by Philippe Antoine ++* [Bug 3611] NMEA time interpreted incorrectly ++ - officially document new "trust date" mode bit for NMEA driver ++ - restore the (previously undocumented) "trust date" feature lost with [bug 3577] ++* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter' ++* [Bug 3608] libparse fails to compile on S11.4SRU13 and later ++ - removed ffs() and fls() prototypes as per Brian Utterback ++* [Bug 3604] Wrong param byte order passing into record_raw_stats() in ++ ntp_io.c ++ - fixed byte and paramter order as suggested by wei6410@sina.com ++* [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no ++* [Bug 3599] Build fails on linux-m68k due to alignment issues ++ - added padding as suggested by John Paul Adrian Glaubitz ++* [Bug 3594] ntpd discards messages coming through nmead ++* [Bug 3593] ntpd discards silently nmea messages after the 5th string ++* [Bug 3590] Update refclock_oncore.c to the new GPS date API ++* [Bug 3585] Unity tests mix buffered and unbuffered output ++ - stdout+stderr are set to line buffered during test setup now ++* [Bug 3583] synchronization error ++ - set clock to base date if system time is before that limit ++* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled ++* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) ++ - Reported by Paulo Neves ++* [Bug 3577] Update refclock_zyfer.c to the new GPS date API ++ - also updates for refclock_nmea.c and refclock_jupiter.c ++* [Bug 3576] New GPS date function API ++* [Bug 3573] nptdate: missleading error message ++* [Bug 3570] NMEA driver docs: talker ID not mentioned, typo ++* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' ++ - sidekick: service port resolution in 'ntpdate' ++* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH ++ - applied patch by Douglas Royds ++* [Bug 3542] ntpdc monlist parameters cannot be set ++* [Bug 3533] ntpdc peer_info ipv6 issues ++ - applied patch by Gerry Garvey ++* [Bug 3531] make check: test-decodenetnum fails ++ - try to harden 'decodenetnum()' against 'getaddrinfo()' errors ++ - fix wrong cond-compile tests in unit tests ++* [Bug 3517] Reducing build noise ++* [Bug 3516] Require tooling from this decade ++ - patch by Philipp Prindeville ++* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code ++ - patch by Philipp Prindeville ++* [Bug 3511] Get rid of AC_LANG_SOURCE() warnings ++ - patch by Philipp Prindeville ++* [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() ++ - partial application of patch by Philipp Prindeville ++* [Bug 3491] Signed values of LFP datatypes should always display a sign ++ - applied patch by Gerry Garvey & fixed unit tests ++* [Bug 3490] Patch to support Trimble Resolution Receivers ++ - applied (modified) patch by Richard Steedman ++* [Bug 3473] RefID of refclocks should always be text format ++ - applied patch by Gerry Garvey (with minor formatting changes) ++* [Bug 3132] Building 4.2.8p8 with disabled local libopts fails ++ - applied patch by Miroslav Lichvar ++* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network ++ ++* [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user ++ is specified with -u ++ - monitor daemon child startup & propagate exit codes ++* [Bug 1433] runtime check whether the kernel really supports capabilities ++ - (modified) patch by Kurt Roeckx ++* Clean up sntp/networking.c:sendpkt() error message. ++* Provide more detail on unrecognized config file parser tokens. ++* Startup log improvements. ++* Update the copyright year. ++* html/confopt.html: cleanup. ++ ++--- + (4.2.8p13) 2019/03/07 Released by Harlan Stenn + + * [Sec 3565] Crafted null dereference attack in authenticated +--- contrib/ntp/CommitLog.orig ++++ contrib/ntp/CommitLog +@@ -1,10 +1,3065 @@ +-ChangeSet@1.3849, 2019-02-20 17:13:36-08:00, harlan@ntp-build.tal1.ntfo.org ++ChangeSet@1.3896, 2020-03-03 17:42:43-08:00, ntpreleng@ntp-build.tal1.ntfo.org ++ NTP_4_2_8P14 ++ TAG: NTP_4_2_8P14 ++ ++ ChangeLog@1.1974 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/invoke-ntp.conf.texi@1.221 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/invoke-ntp.keys.texi@1.206 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/invoke-ntpd.texi@1.520 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.conf.5man@1.255 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.conf.5mdoc@1.255 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.conf.html@1.203 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.conf.man.in@1.255 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.conf.mdoc.in@1.255 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.keys.5man@1.240 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.keys.5mdoc@1.240 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.keys.html@1.201 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.keys.man.in@1.240 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpd/ntp.keys.mdoc.in@1.240 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/ntpd-opts.c@1.543 +7 -7 ++ NTP_4_2_8P14 ++ ++ ntpd/ntpd-opts.h@1.542 +3 -3 ++ NTP_4_2_8P14 ++ ++ ntpd/ntpd.1ntpdman@1.349 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpd/ntpd.1ntpdmdoc@1.349 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpd/ntpd.html@1.194 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpd/ntpd.man.in@1.349 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpd/ntpd.mdoc.in@1.349 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpdc/invoke-ntpdc.texi@1.517 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpdc/ntpdc-opts.c@1.536 +7 -7 ++ NTP_4_2_8P14 ++ ++ ntpdc/ntpdc-opts.h@1.535 +3 -3 ++ NTP_4_2_8P14 ++ ++ ntpdc/ntpdc.1ntpdcman@1.348 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpdc/ntpdc.1ntpdcmdoc@1.348 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpdc/ntpdc.html@1.363 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpdc/ntpdc.man.in@1.348 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpdc/ntpdc.mdoc.in@1.348 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpq/invoke-ntpq.texi@1.527 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpq/ntpq-opts.c@1.545 +7 -7 ++ NTP_4_2_8P14 ++ ++ ntpq/ntpq-opts.h@1.543 +3 -3 ++ NTP_4_2_8P14 ++ ++ ntpq/ntpq.1ntpqman@1.355 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpq/ntpq.1ntpqmdoc@1.355 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpq/ntpq.html@1.194 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpq/ntpq.man.in@1.355 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpq/ntpq.mdoc.in@1.355 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpsnmpd/invoke-ntpsnmpd.texi@1.519 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpsnmpd/ntpsnmpd-opts.c@1.538 +7 -7 ++ NTP_4_2_8P14 ++ ++ ntpsnmpd/ntpsnmpd-opts.h@1.537 +3 -3 ++ NTP_4_2_8P14 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.348 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.348 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpsnmpd/ntpsnmpd.html@1.187 +1 -1 ++ NTP_4_2_8P14 ++ ++ ntpsnmpd/ntpsnmpd.man.in@1.348 +2 -2 ++ NTP_4_2_8P14 ++ ++ ntpsnmpd/ntpsnmpd.mdoc.in@1.348 +1 -1 ++ NTP_4_2_8P14 ++ ++ packageinfo.sh@1.544 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.109 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.110 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/calc_tickadj/calc_tickadj.html@1.110 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/calc_tickadj/calc_tickadj.man.in@1.108 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/calc_tickadj/calc_tickadj.mdoc.in@1.110 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/calc_tickadj/invoke-calc_tickadj.texi@1.113 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/invoke-plot_summary.texi@1.131 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/invoke-summary.texi@1.130 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntp-wait/invoke-ntp-wait.texi@1.341 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntp-wait/ntp-wait-opts@1.77 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitman@1.337 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.338 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/ntp-wait/ntp-wait.html@1.359 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntp-wait/ntp-wait.man.in@1.337 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntp-wait/ntp-wait.mdoc.in@1.338 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/ntpsweep/invoke-ntpsweep.texi@1.128 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntpsweep/ntpsweep-opts@1.79 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepman@1.116 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.116 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/ntpsweep/ntpsweep.html@1.131 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntpsweep/ntpsweep.man.in@1.116 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntpsweep/ntpsweep.mdoc.in@1.117 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/ntptrace/invoke-ntptrace.texi@1.130 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntptrace/ntptrace-opts@1.79 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntptrace/ntptrace.1ntptraceman@1.116 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntptrace/ntptrace.1ntptracemdoc@1.117 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/ntptrace/ntptrace.html@1.132 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntptrace/ntptrace.man.in@1.116 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/ntptrace/ntptrace.mdoc.in@1.118 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/plot_summary-opts@1.80 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/plot_summary.1plot_summaryman@1.129 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/plot_summary.1plot_summarymdoc@1.129 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/plot_summary.html@1.134 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/plot_summary.man.in@1.129 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/plot_summary.mdoc.in@1.129 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/summary-opts@1.79 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/summary.1summaryman@1.128 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/summary.1summarymdoc@1.128 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/summary.html@1.133 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/summary.man.in@1.128 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/summary.mdoc.in@1.128 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/update-leap/invoke-update-leap.texi@1.29 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/update-leap/update-leap-opts@1.30 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/update-leap/update-leap.1update-leapman@1.29 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/update-leap/update-leap.1update-leapmdoc@1.29 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/update-leap/update-leap.html@1.30 +1 -1 ++ NTP_4_2_8P14 ++ ++ scripts/update-leap/update-leap.man.in@1.29 +2 -2 ++ NTP_4_2_8P14 ++ ++ scripts/update-leap/update-leap.mdoc.in@1.29 +1 -1 ++ NTP_4_2_8P14 ++ ++ sntp/invoke-sntp.texi@1.519 +2 -2 ++ NTP_4_2_8P14 ++ ++ sntp/sntp-opts.c@1.539 +7 -7 ++ NTP_4_2_8P14 ++ ++ sntp/sntp-opts.h@1.537 +3 -3 ++ NTP_4_2_8P14 ++ ++ sntp/sntp.1sntpman@1.354 +2 -2 ++ NTP_4_2_8P14 ++ ++ sntp/sntp.1sntpmdoc@1.354 +1 -1 ++ NTP_4_2_8P14 ++ ++ sntp/sntp.html@1.535 +2 -2 ++ NTP_4_2_8P14 ++ ++ sntp/sntp.man.in@1.354 +2 -2 ++ NTP_4_2_8P14 ++ ++ sntp/sntp.mdoc.in@1.354 +1 -1 ++ NTP_4_2_8P14 ++ ++ util/invoke-ntp-keygen.texi@1.522 +2 -2 ++ NTP_4_2_8P14 ++ ++ util/ntp-keygen-opts.c@1.541 +7 -7 ++ NTP_4_2_8P14 ++ ++ util/ntp-keygen-opts.h@1.539 +3 -3 ++ NTP_4_2_8P14 ++ ++ util/ntp-keygen.1ntp-keygenman@1.350 +2 -2 ++ NTP_4_2_8P14 ++ ++ util/ntp-keygen.1ntp-keygenmdoc@1.350 +1 -1 ++ NTP_4_2_8P14 ++ ++ util/ntp-keygen.html@1.195 +2 -2 ++ NTP_4_2_8P14 ++ ++ util/ntp-keygen.man.in@1.350 +2 -2 ++ NTP_4_2_8P14 ++ ++ util/ntp-keygen.mdoc.in@1.350 +1 -1 ++ NTP_4_2_8P14 ++ ++ChangeSet@1.3895, 2020-03-03 17:09:57-08:00, ntpreleng@ntp-build.tal1.ntfo.org ++ quiet some debug messages ++ ++ ntpd/ntp_config.c@1.375 +0 -2 ++ quiet some debug messages ++ ++ ntpd/ntp_peer.c@1.166 +2 -0 ++ quiet some debug messages ++ ++ChangeSet@1.3894, 2020-03-03 16:49:54-08:00, ntpreleng@ntp-build.tal1.ntfo.org ++ NTP_4_2_8P13 ++ TAG: NTP_4_2_8P13 ++ ++ ChangeLog@1.1973 +1 -0 ++ NTP_4_2_8P13 ++ ++ ntpd/invoke-ntp.conf.texi@1.220 +31 -7 ++ NTP_4_2_8P13 ++ ++ ntpd/invoke-ntp.keys.texi@1.205 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpd/invoke-ntpd.texi@1.519 +3 -3 ++ NTP_4_2_8P13 ++ ++ ntpd/ntp.conf.5man@1.254 +34 -9 ++ NTP_4_2_8P13 ++ ++ ntpd/ntp.conf.5mdoc@1.254 +41 -6 ++ NTP_4_2_8P13 ++ ++ ntpd/ntp.conf.html@1.202 +33 -7 ++ NTP_4_2_8P13 ++ ++ ntpd/ntp.conf.man.in@1.254 +34 -9 ++ NTP_4_2_8P13 ++ ++ ntpd/ntp.conf.mdoc.in@1.254 +41 -6 ++ NTP_4_2_8P13 ++ ++ ntpd/ntp.keys.5man@1.239 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpd/ntp.keys.5mdoc@1.239 +3 -3 ++ NTP_4_2_8P13 ++ ++ ntpd/ntp.keys.man.in@1.239 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpd/ntp.keys.mdoc.in@1.239 +3 -3 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpd-opts.c@1.542 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpd-opts.h@1.541 +3 -3 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpd.1ntpdman@1.348 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpd.1ntpdmdoc@1.348 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpd.man.in@1.348 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpd.mdoc.in@1.348 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpdc/invoke-ntpdc.texi@1.516 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpdc/ntpdc-opts.c@1.535 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpdc/ntpdc-opts.h@1.534 +3 -3 ++ NTP_4_2_8P13 ++ ++ ntpdc/ntpdc.1ntpdcman@1.347 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpdc/ntpdc.1ntpdcmdoc@1.347 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpdc/ntpdc.html@1.362 +408 -353 ++ NTP_4_2_8P13 ++ ++ ntpdc/ntpdc.man.in@1.347 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpdc/ntpdc.mdoc.in@1.347 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpq/invoke-ntpq.texi@1.526 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq-opts.c@1.544 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq-opts.h@1.542 +3 -3 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq.1ntpqman@1.354 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq.1ntpqmdoc@1.354 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq.html@1.193 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq.man.in@1.354 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq.mdoc.in@1.354 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpsnmpd/invoke-ntpsnmpd.texi@1.518 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpsnmpd/ntpsnmpd-opts.c@1.537 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpsnmpd/ntpsnmpd-opts.h@1.536 +3 -3 ++ NTP_4_2_8P13 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.347 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.347 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpsnmpd/ntpsnmpd.man.in@1.347 +2 -2 ++ NTP_4_2_8P13 ++ ++ ntpsnmpd/ntpsnmpd.mdoc.in@1.347 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.108 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.109 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/calc_tickadj/calc_tickadj.html@1.109 +172 -128 ++ NTP_4_2_8P13 ++ ++ scripts/calc_tickadj/calc_tickadj.man.in@1.107 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/calc_tickadj/calc_tickadj.mdoc.in@1.109 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/calc_tickadj/invoke-calc_tickadj.texi@1.112 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/invoke-plot_summary.texi@1.130 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/invoke-summary.texi@1.129 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntp-wait/invoke-ntp-wait.texi@1.340 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntp-wait/ntp-wait-opts@1.76 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitman@1.336 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.337 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntp-wait/ntp-wait.html@1.358 +181 -152 ++ NTP_4_2_8P13 ++ ++ scripts/ntp-wait/ntp-wait.man.in@1.336 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntp-wait/ntp-wait.mdoc.in@1.337 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntpsweep/invoke-ntpsweep.texi@1.127 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntpsweep/ntpsweep-opts@1.78 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepman@1.115 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.115 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntpsweep/ntpsweep.html@1.130 +188 -152 ++ NTP_4_2_8P13 ++ ++ scripts/ntpsweep/ntpsweep.man.in@1.115 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntpsweep/ntpsweep.mdoc.in@1.116 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntptrace/invoke-ntptrace.texi@1.129 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntptrace/ntptrace-opts@1.78 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntptrace/ntptrace.1ntptraceman@1.115 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntptrace/ntptrace.1ntptracemdoc@1.116 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntptrace/ntptrace.html@1.131 +179 -129 ++ NTP_4_2_8P13 ++ ++ scripts/ntptrace/ntptrace.man.in@1.115 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntptrace/ntptrace.mdoc.in@1.117 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/plot_summary-opts@1.79 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/plot_summary.1plot_summaryman@1.128 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/plot_summary.1plot_summarymdoc@1.128 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/plot_summary.html@1.133 +203 -161 ++ NTP_4_2_8P13 ++ ++ scripts/plot_summary.man.in@1.128 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/plot_summary.mdoc.in@1.128 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/summary-opts@1.78 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/summary.1summaryman@1.127 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/summary.1summarymdoc@1.127 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/summary.html@1.132 +184 -136 ++ NTP_4_2_8P13 ++ ++ scripts/summary.man.in@1.127 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/summary.mdoc.in@1.127 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/update-leap/invoke-update-leap.texi@1.28 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/update-leap/update-leap-opts@1.29 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/update-leap/update-leap.1update-leapman@1.28 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/update-leap/update-leap.1update-leapmdoc@1.28 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/update-leap/update-leap.html@1.29 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/update-leap/update-leap.man.in@1.28 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/update-leap/update-leap.mdoc.in@1.28 +2 -2 ++ NTP_4_2_8P13 ++ ++ sntp/invoke-sntp.texi@1.518 +1 -1 ++ NTP_4_2_8P13 ++ ++ sntp/sntp-opts.c@1.538 +2 -2 ++ NTP_4_2_8P13 ++ ++ sntp/sntp-opts.h@1.536 +3 -3 ++ NTP_4_2_8P13 ++ ++ sntp/sntp.1sntpman@1.353 +2 -2 ++ NTP_4_2_8P13 ++ ++ sntp/sntp.1sntpmdoc@1.353 +2 -2 ++ NTP_4_2_8P13 ++ ++ sntp/sntp.html@1.534 +472 -418 ++ NTP_4_2_8P13 ++ ++ sntp/sntp.man.in@1.353 +2 -2 ++ NTP_4_2_8P13 ++ ++ sntp/sntp.mdoc.in@1.353 +2 -2 ++ NTP_4_2_8P13 ++ ++ util/invoke-ntp-keygen.texi@1.521 +1 -1 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen-opts.c@1.540 +2 -2 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen-opts.h@1.538 +3 -3 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen.1ntp-keygenman@1.349 +2 -2 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen.1ntp-keygenmdoc@1.349 +2 -2 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen.html@1.194 +1 -1 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen.man.in@1.349 +2 -2 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen.mdoc.in@1.349 +2 -2 ++ NTP_4_2_8P13 ++ ++ChangeSet@1.3893, 2020-03-03 16:25:14-08:00, ntpreleng@ntp-build.tal1.ntfo.org ++ Replace line with head -1 ++ ++ scripts/build/addChangeLogTag@1.6 +1 -1 ++ Replace line with head -1 ++ ++ChangeSet@1.3892, 2020-03-03 16:05:38-08:00, ntpreleng@ntp-build.tal1.ntfo.org ++ provide get_pollskew() for simulator ++ ++ ntpd/ntp_config.c@1.374 +2 -2 ++ provide get_pollskew() for simulator ++ ++ChangeSet@1.3844.24.1, 2020-03-03 03:30:13-08:00, ntpreleng@ntp-build.tal1.ntfo.org ++ NTP_4_2_8P13 ++ TAG: NTP_4_2_8P13 (currently on 1.3894) ++ ++ BitKeeper/triggers/2mirrors@1.11 +6 -2 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpd-opts.c@1.539.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpd-opts.h@1.538.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpd.html@1.193 +3 -3 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpdsim-opts.c@1.29 +372 -340 ++ NTP_4_2_8P13 ++ ++ ntpd/ntpdsim-opts.h@1.29 +44 -37 ++ NTP_4_2_8P13 ++ ++ ntpdc/ntpdc-opts.c@1.532.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpdc/ntpdc-opts.h@1.531.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq-opts.c@1.541.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq-opts.h@1.539.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpq/ntpq.html@1.192 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpsnmpd/ntpsnmpd-opts.c@1.534.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ ntpsnmpd/ntpsnmpd-opts.h@1.533.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/calc_tickadj/calc_tickadj-opts@1.10 +2 -2 ++ NTP_4_2_8P13 ++ ++ scripts/ntp-wait/invoke-ntp-wait.texi@1.337.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/ntp-wait/ntp-wait-opts@1.73.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/ntpsweep/ntpsweep-opts@1.75.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/ntptrace/invoke-ntptrace.texi@1.126.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/ntptrace/ntptrace-opts@1.75.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/plot_summary-opts@1.76.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/summary-opts@1.75.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ scripts/update-leap/update-leap-opts@1.26.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ sntp/sntp-opts.c@1.535.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ sntp/sntp-opts.h@1.533.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen-opts.c@1.537.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen-opts.h@1.535.1.1 +1 -1 ++ NTP_4_2_8P13 ++ ++ util/ntp-keygen.html@1.193 +1 -1 ++ NTP_4_2_8P13 ++ ++ChangeSet@1.3888, 2020-03-03 07:26:56+00:00, stenn@psp-deb1.ntp.org ++ cleanup ++ ++ NEWS@1.197.1.3 +3 -2 ++ cleanup ++ ++ChangeSet@1.3887, 2020-02-18 05:11:26+00:00, stenn@psp-deb1.ntp.org ++ Cleanup distcheck psl* files ++ ++ ntpd/Makefile.am@1.138 +11 -0 ++ Cleanup distcheck psl* files ++ ++ChangeSet@1.3886, 2020-02-18 05:10:35+00:00, stenn@psp-deb1.ntp.org ++ Distribute ntp_calgps.h ++ ++ include/Makefile.am@1.58 +1 -0 ++ Distribute ntp_calgps.h ++ ++ChangeSet@1.3885, 2020-02-18 03:32:51+00:00, stenn@psp-deb1.ntp.org ++ Update the NEWS file for p14 ++ ++ NEWS@1.197.1.2 +107 -0 ++ Update the NEWS file for p14 ++ ++ChangeSet@1.3884, 2020-02-17 11:05:46+00:00, stenn@psp-deb1.ntp.org ++ merge cleanup ++ ++ ntpd/ntp_proto.c@1.432 +1 -1 ++ merge cleanup ++ ++ChangeSet@1.3881, 2020-02-17 08:50:00+00:00, stenn@psp-deb1.ntp.org ++ update ++ ++ ntpd/ntp_keyword.h@1.38 +545 -539 ++ update ++ ++ChangeSet@1.3880, 2020-02-17 08:48:45+00:00, stenn@psp-deb1.ntp.org ++ Startp logging improvements. ++ Bug3596. ++ ++ html/accopt.html@1.48 +7 -2 ++ cleanup. ++ bug3596: document 'serverresponse fuzz' ++ ++ html/confopt.html@1.64.1.1 +22 -9 ++ Cleanup. ++ ++ Bug 3596: document xmtnonce ++ ++ html/miscopt.html@1.93 +19 -1 ++ Cleanup. ++ ++ bug3596: document pollskewlist ++ ++ include/Makefile.am@1.57 +1 -0 ++ pollskew upodates ++ ++ include/ntp.h@1.232 +8 -2 ++ bug3596 chagnes: ++ - srvfuzrft patches ++ - pollskew updates ++ - xmtnonce ++ ++ include/ntp_config.h@1.89 +27 -20 ++ bug3596 updates: ++ - pollskewlist ++ - srvfuzrft patches ++ ++ include/ntp_psl.h@1.1 +17 -0 ++ BitKeeper file include/ntp_psl.h ++ --- ++ bug3596 ++ ++ include/ntp_psl.h@1.0 +0 -0 ++ ++ include/ntp_request.h@1.54 +2 -1 ++ srvfuzrft patches ++ ++ include/ntp_stdlib.h@1.88 +1 -1 ++ randomizepoll/server response fuzz reftime fixes ++ ++ include/ntpd.h@1.207 +1 -1 ++ bug3596 cleanup ++ ++ libntp/statestr.c@1.31 +12 -5 ++ bug3596 srvrspfuz fixes ++ ++ ntpd/Makefile.am@1.137 +37 -7 ++ bug3596 pollskewlist changes ++ ++ ntpd/complete.conf.in@1.37 +4 -2 ++ bug3596: randompoll, pollskew xmtnonce ++ ++ ntpd/keyword-gen-utd@1.35 +1 -1 ++ Keyword table updates ++ ++ ntpd/keyword-gen.c@1.42 +3 -3 ++ bug3596: serverresponse fuzz, pollskewlist, xmtnonce ++ ++ ntpd/ntp.conf.def@1.34 +40 -4 ++ Cleanup. ++ bug3596: xmtnonce, serverresponse fuzz, pollskewlist, ++ ++ ntpd/ntp_config.c@1.373 +250 -26 ++ bug3596: serverresponse fuzz, pollskewlist, xmtnonce ++ ++ ntpd/ntp_loopfilter.c@1.195 +1 -1 ++ pollskew upodates ++ ++ ntpd/ntp_parser.c@1.117 +1298 -1283 ++ bug3596 ++ ++ ntpd/ntp_parser.h@1.79 +331 -334 ++ bug3596 ++ ++ ntpd/ntp_parser.y@1.105 +49 -55 ++ bug3596: serverresponse fuzz, pollskewlist, xmtnonce ++ ++ ntpd/ntp_proto.c@1.427.1.2 +183 -36 ++ bug3596: pollskewlist, server response fuzz, xmtnonce ++ ++ ntpd/ntp_refclock.c@1.131 +1 -1 ++ pollskew upodates ++ ++ ntpd/ntp_request.c@1.131 +2 -2 ++ randomizepoll/server response fuzz reftime fixes ++ --- ++ srvfuzrft patches ++ --- ++ bug3596 cleanup ++ ++ ntpd/ntp_restrict.c@1.48 +5 -4 ++ bug3596: pollskewlist, server response fuzz ++ ++ ntpd/ntp_scanner.c@1.52 +16 -7 ++ bug3596: serverresponse fuzz ++ ++ ntpd/ntpd.c@1.185 +8 -1 ++ startup logging improvements ++ ++ ntpd/psl0.conf@1.1 +1 -0 ++ BitKeeper file ntpd/psl0.conf ++ --- ++ pollskewlist changes ++ ++ ntpd/psl0.conf@1.0 +0 -0 ++ ++ ntpd/psl1.conf@1.1 +1 -0 ++ BitKeeper file ntpd/psl1.conf ++ --- ++ pollskewlist changes ++ ++ ntpd/psl1.conf@1.0 +0 -0 ++ ++ ntpd/psl2.conf@1.1 +1 -0 ++ BitKeeper file ntpd/psl2.conf ++ --- ++ pollskewlist changes ++ ++ ntpd/psl2.conf@1.0 +0 -0 ++ ++ ntpdc/layout.std@1.16 +8 -7 ++ srvfuzrft patches ++ ++ sntp/crypto.c@1.39 +2 -0 ++ cleanup ++ ++ tests/ntpd/t-ntp_scanner.c@1.9 +1 -1 ++ Provide more detail on unrecognized config file parser tokens ++ ++ChangeSet@1.3879, 2020-02-17 08:11:42+00:00, stenn@psp-deb1.ntp.org ++ updates ++ ++ ChangeLog@1.1968.34.1 +2 -0 ++ ++ChangeSet@1.3877.1.2, 2020-02-08 23:00:11+00:00, stenn@psp-deb1.ntp.org ++ html/confopt.html cleanup ++ ++ ChangeLog@1.1968.1.28 +1 -0 ++ html/confopt.html cleanup ++ ++ html/confopt.html@1.65 +83 -9 ++ html/confopt.html cleanup ++ ++ChangeSet@1.3877.1.1, 2020-02-04 23:58:57+00:00, stenn@psp-deb1.ntp.org ++ Update the copyright year ++ ++ ChangeLog@1.1968.1.27 +1 -0 ++ Update the copyright year ++ ++ html/copyright.html@1.69 +2 -3 ++ Update the copyright year ++ ++ ntpd/invoke-ntp.conf.texi@1.219 +1 -1 ++ Update the copyright year ++ ++ ntpd/invoke-ntp.keys.texi@1.204 +1 -1 ++ Update the copyright year ++ ++ ntpd/invoke-ntpd.texi@1.518 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntp.conf.5man@1.253 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntp.conf.5mdoc@1.253 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntp.conf.man.in@1.253 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntp.conf.mdoc.in@1.253 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntp.keys.5man@1.238 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntp.keys.5mdoc@1.238 +4 -4 ++ Update the copyright year ++ ++ ntpd/ntp.keys.man.in@1.238 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntp.keys.mdoc.in@1.238 +4 -4 ++ Update the copyright year ++ ++ ntpd/ntpd-opts.c@1.540 +5 -5 ++ Update the copyright year ++ ++ ntpd/ntpd-opts.h@1.539 +4 -4 ++ Update the copyright year ++ ++ ntpd/ntpd.1ntpdman@1.347 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntpd.1ntpdmdoc@1.347 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntpd.man.in@1.347 +3 -3 ++ Update the copyright year ++ ++ ntpd/ntpd.mdoc.in@1.347 +3 -3 ++ Update the copyright year ++ ++ ntpdc/invoke-ntpdc.texi@1.515 +1 -1 ++ Update the copyright year ++ ++ ntpdc/ntpdc-opts.c@1.533 +5 -5 ++ Update the copyright year ++ ++ ntpdc/ntpdc-opts.h@1.532 +4 -4 ++ Update the copyright year ++ ++ ntpdc/ntpdc.1ntpdcman@1.346 +3 -3 ++ Update the copyright year ++ ++ ntpdc/ntpdc.1ntpdcmdoc@1.346 +3 -3 ++ Update the copyright year ++ ++ ntpdc/ntpdc.html@1.361 +353 -408 ++ Update the copyright year ++ ++ ntpdc/ntpdc.man.in@1.346 +3 -3 ++ Update the copyright year ++ ++ ntpdc/ntpdc.mdoc.in@1.346 +3 -3 ++ Update the copyright year ++ ++ ntpq/invoke-ntpq.texi@1.525 +1 -1 ++ Update the copyright year ++ ++ ntpq/ntpq-opts.c@1.542 +5 -5 ++ Update the copyright year ++ ++ ntpq/ntpq-opts.h@1.540 +4 -4 ++ Update the copyright year ++ ++ ntpq/ntpq.1ntpqman@1.353 +3 -3 ++ Update the copyright year ++ ++ ntpq/ntpq.1ntpqmdoc@1.353 +3 -3 ++ Update the copyright year ++ ++ ntpq/ntpq.man.in@1.353 +3 -3 ++ Update the copyright year ++ ++ ntpq/ntpq.mdoc.in@1.353 +3 -3 ++ Update the copyright year ++ ++ ntpsnmpd/invoke-ntpsnmpd.texi@1.517 +1 -1 ++ Update the copyright year ++ ++ ntpsnmpd/ntpsnmpd-opts.c@1.535 +5 -5 ++ Update the copyright year ++ ++ ntpsnmpd/ntpsnmpd-opts.h@1.534 +4 -4 ++ Update the copyright year ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.346 +3 -3 ++ Update the copyright year ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.346 +3 -3 ++ Update the copyright year ++ ++ ntpsnmpd/ntpsnmpd.man.in@1.346 +3 -3 ++ Update the copyright year ++ ++ ntpsnmpd/ntpsnmpd.mdoc.in@1.346 +3 -3 ++ Update the copyright year ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.107 +2 -2 ++ Update the copyright year ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.108 +2 -2 ++ Update the copyright year ++ ++ scripts/calc_tickadj/calc_tickadj.html@1.108 +127 -171 ++ Update the copyright year ++ ++ scripts/calc_tickadj/calc_tickadj.man.in@1.106 +2 -2 ++ Update the copyright year ++ ++ scripts/calc_tickadj/calc_tickadj.mdoc.in@1.108 +2 -2 ++ Update the copyright year ++ ++ scripts/calc_tickadj/invoke-calc_tickadj.texi@1.111 +1 -1 ++ Update the copyright year ++ ++ scripts/invoke-plot_summary.texi@1.129 +1 -1 ++ Update the copyright year ++ ++ scripts/invoke-summary.texi@1.128 +1 -1 ++ Update the copyright year ++ ++ scripts/ntp-wait/invoke-ntp-wait.texi@1.338 +1 -1 ++ Update the copyright year ++ ++ scripts/ntp-wait/ntp-wait-opts@1.74 +1 -1 ++ Update the copyright year ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitman@1.335 +2 -2 ++ Update the copyright year ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.336 +2 -2 ++ Update the copyright year ++ ++ scripts/ntp-wait/ntp-wait.html@1.357 +151 -180 ++ Update the copyright year ++ ++ scripts/ntp-wait/ntp-wait.man.in@1.335 +2 -2 ++ Update the copyright year ++ ++ scripts/ntp-wait/ntp-wait.mdoc.in@1.336 +2 -2 ++ Update the copyright year ++ ++ scripts/ntpsweep/invoke-ntpsweep.texi@1.126 +1 -1 ++ Update the copyright year ++ ++ scripts/ntpsweep/ntpsweep-opts@1.76 +1 -1 ++ Update the copyright year ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepman@1.114 +2 -2 ++ Update the copyright year ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.114 +2 -2 ++ Update the copyright year ++ ++ scripts/ntpsweep/ntpsweep.html@1.129 +151 -187 ++ Update the copyright year ++ ++ scripts/ntpsweep/ntpsweep.man.in@1.114 +2 -2 ++ Update the copyright year ++ ++ scripts/ntpsweep/ntpsweep.mdoc.in@1.115 +2 -2 ++ Update the copyright year ++ ++ scripts/ntptrace/invoke-ntptrace.texi@1.127 +1 -1 ++ Update the copyright year ++ ++ scripts/ntptrace/ntptrace-opts@1.76 +1 -1 ++ Update the copyright year ++ ++ scripts/ntptrace/ntptrace.1ntptraceman@1.114 +2 -2 ++ Update the copyright year ++ ++ scripts/ntptrace/ntptrace.1ntptracemdoc@1.115 +2 -2 ++ Update the copyright year ++ ++ scripts/ntptrace/ntptrace.html@1.130 +127 -177 ++ Update the copyright year ++ ++ scripts/ntptrace/ntptrace.man.in@1.114 +2 -2 ++ Update the copyright year ++ ++ scripts/ntptrace/ntptrace.mdoc.in@1.116 +2 -2 ++ Update the copyright year ++ ++ scripts/plot_summary-opts@1.77 +1 -1 ++ Update the copyright year ++ ++ scripts/plot_summary.1plot_summaryman@1.127 +2 -2 ++ Update the copyright year ++ ++ scripts/plot_summary.1plot_summarymdoc@1.127 +2 -2 ++ Update the copyright year ++ ++ scripts/plot_summary.html@1.132 +159 -201 ++ Update the copyright year ++ ++ scripts/plot_summary.man.in@1.127 +2 -2 ++ Update the copyright year ++ ++ scripts/plot_summary.mdoc.in@1.127 +2 -2 ++ Update the copyright year ++ ++ scripts/summary-opts@1.76 +1 -1 ++ Update the copyright year ++ ++ scripts/summary.1summaryman@1.126 +2 -2 ++ Update the copyright year ++ ++ scripts/summary.1summarymdoc@1.126 +2 -2 ++ Update the copyright year ++ ++ scripts/summary.html@1.131 +134 -182 ++ Update the copyright year ++ ++ scripts/summary.man.in@1.126 +2 -2 ++ Update the copyright year ++ ++ scripts/summary.mdoc.in@1.126 +2 -2 ++ Update the copyright year ++ ++ scripts/update-leap/invoke-update-leap.texi@1.27 +1 -1 ++ Update the copyright year ++ ++ scripts/update-leap/update-leap-opts@1.27 +1 -1 ++ Update the copyright year ++ ++ scripts/update-leap/update-leap.1update-leapman@1.27 +2 -2 ++ Update the copyright year ++ ++ scripts/update-leap/update-leap.1update-leapmdoc@1.27 +2 -2 ++ Update the copyright year ++ ++ scripts/update-leap/update-leap.man.in@1.27 +2 -2 ++ Update the copyright year ++ ++ scripts/update-leap/update-leap.mdoc.in@1.27 +2 -2 ++ Update the copyright year ++ ++ sntp/include/copyright.def@1.28 +1 -1 ++ Update the copyright year ++ ++ sntp/invoke-sntp.texi@1.517 +1 -1 ++ Update the copyright year ++ ++ sntp/sntp-opts.c@1.536 +5 -5 ++ Update the copyright year ++ ++ sntp/sntp-opts.h@1.534 +4 -4 ++ Update the copyright year ++ ++ sntp/sntp.1sntpman@1.352 +3 -3 ++ Update the copyright year ++ ++ sntp/sntp.1sntpmdoc@1.352 +3 -3 ++ Update the copyright year ++ ++ sntp/sntp.html@1.533 +418 -472 ++ Update the copyright year ++ ++ sntp/sntp.man.in@1.352 +3 -3 ++ Update the copyright year ++ ++ sntp/sntp.mdoc.in@1.352 +3 -3 ++ Update the copyright year ++ ++ util/invoke-ntp-keygen.texi@1.520 +1 -1 ++ Update the copyright year ++ ++ util/ntp-keygen-opts.c@1.538 +5 -5 ++ Update the copyright year ++ ++ util/ntp-keygen-opts.h@1.536 +4 -4 ++ Update the copyright year ++ ++ util/ntp-keygen.1ntp-keygenman@1.348 +3 -3 ++ Update the copyright year ++ ++ util/ntp-keygen.1ntp-keygenmdoc@1.348 +3 -3 ++ Update the copyright year ++ ++ util/ntp-keygen.man.in@1.348 +3 -3 ++ Update the copyright year ++ ++ util/ntp-keygen.mdoc.in@1.348 +3 -3 ++ Update the copyright year ++ ++ChangeSet@1.3878, 2020-01-29 06:03:13+00:00, stenn@psp-deb1.ntp.org ++ Initial pass at fixes for bug 3596 ++ ++ include/ntp_config.h@1.88 +15 -2 ++ Initial pass at fixes for bug 3596 ++ ++ ntpd/keyword-gen-utd@1.34 +1 -1 ++ Initial pass at fixes for bug 3596 ++ ++ ntpd/keyword-gen.c@1.41 +5 -0 ++ Initial pass at fixes for bug 3596 ++ ++ ntpd/ntp_config.c@1.372 +13 -11 ++ Initial pass at fixes for bug 3596 ++ ++ ntpd/ntp_keyword.h@1.37 +940 -913 ++ Initial pass at fixes for bug 3596 ++ ++ ntpd/ntp_parser.c@1.116 +1362 -1285 ++ Initial pass at fixes for bug 3596 ++ ++ ntpd/ntp_parser.h@1.78 +356 -344 ++ Initial pass at fixes for bug 3596 ++ ++ ntpd/ntp_parser.y@1.104 +70 -2 ++ Initial pass at fixes for bug 3596 ++ ++ ntpd/ntp_proto.c@1.427.1.1 +8 -0 ++ Initial pass at fixes for bug 3596 ++ ++ChangeSet@1.3873.4.2, 2020-01-18 04:46:30-05:00, stenn@psp-deb2.ntp.org ++ [Bug 3637] Emit the version of ntpd in saveconfig ++ ++ ntpd/Makefile.am@1.136 +2 -1 ++ [Bug 3637] Emit the version of ntpd in saveconfig ++ ++ ntpd/ntp_config.c@1.369.1.2 +3 -2 ++ [Bug 3637] Emit the version of ntpd in saveconfig ++ ++ChangeSet@1.3873.4.1, 2020-01-18 04:05:48-05:00, stenn@psp-deb2.ntp.org ++ [Bug 3637] Emit the version of ntpd in saveconfig ++ ++ ChangeLog@1.1968.33.1 +1 -0 ++ [Bug 3637] Emit the version of ntpd in saveconfig ++ ++ ntpd/ntp_config.c@1.369.1.1 +7 -0 ++ [Bug 3637] Emit the version of ntpd in saveconfig ++ ++ChangeSet@1.3873.2.2, 2020-01-17 06:59:50+01:00, perlinger@ntp.org ++ [Bug 3636] NMEA: combine time/date from multiple sentences ++ ++ ChangeLog@1.1968.30.2 +1 -0 ++ [Bug 3636] NMEA: combine time/date from multiple sentences ++ ++ html/drivers/driver20.html@1.34 +17 -9 ++ [Bug 3636] NMEA: combine time/date from multiple sentences ++ ++ include/ntp_calgps.h@1.4 +19 -4 ++ [Bug 3636] NMEA: combine time/date from multiple sentences ++ ++ libntp/ntp_calgps.c@1.4 +31 -20 ++ [Bug 3636] NMEA: combine time/date from multiple sentences ++ ++ ntpd/refclock_nmea.c@1.84 +158 -97 ++ [Bug 3636] NMEA: combine time/date from multiple sentences ++ ++ChangeSet@1.3873.3.2, 2020-01-12 07:10:55+01:00, perlinger@ntp.org ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ChangeLog@1.1968.32.2 +1 -0 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ html/miscopt.html@1.92 +3 -2 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ include/ntp_config.h@1.87 +1 -0 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ include/ntpd.h@1.206 +1 -1 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/cmd_args.c@1.63 +3 -3 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/complete.conf.in@1.36 +2 -1 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/keyword-gen-utd@1.33 +1 -1 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/keyword-gen.c@1.40 +2 -0 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/ntp_config.c@1.370 +9 -4 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/ntp_keyword.h@1.36 +1043 -1029 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/ntp_leapsec.c@1.24 +36 -33 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/ntp_leapsec.h@1.15 +3 -2 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/ntp_parser.c@1.115 +1286 -1226 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/ntp_parser.h@1.77 +378 -371 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/ntp_parser.y@1.103 +20 -1 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ ntpd/ntp_util.c@1.120 +20 -16 ++ [Bug 3635] Make leapsecond file hash check optional ++ ++ChangeSet@1.3873.1.5, 2020-01-04 04:36:43-05:00, stenn@psp-deb2.ntp.org ++ cleanup ++ ++ ChangeLog@1.1968.31.3 +2 -2 ++ cleanup ++ ++ChangeSet@1.3873.3.1, 2020-01-03 02:23:27-05:00, stenn@psp-deb2.ntp.org ++ [Bug 3634] Typo in discipline.html, reported by Jason Harrison. ++ ++ ChangeLog@1.1968.32.1 +1 -0 ++ [Bug 3634] Typo in discipline.html, reported by Jason Harrison. ++ ++ html/discipline.html@1.11 +19 -18 ++ [Bug 3634] Typo in discipline.html, reported by Jason Harrison. ++ ++ChangeSet@1.3873.1.3, 2019-12-16 08:30:00+01:00, perlinger@ntp.org ++ [Sec 3592] DoS attack on client ntpd ++ ++ ChangeLog@1.1968.31.1 +2 -0 ++ [Sec 3592] DoS attack on client ntpd ++ ++ ntpd/ntp_proto.c@1.430 +17 -1 ++ [Sec 3592] DoS attack on client ntpd ++ ++ChangeSet@1.3873.2.1, 2019-12-09 07:43:31+01:00, perlinger@ntp.org ++ [bug 3628] Zeller's congruence in calendar ++ ++ ChangeLog@1.1968.30.1 +2 -0 ++ [bug 3628] Zeller's congruence in calendar ++ ++ include/ntp_calendar.h@1.23 +8 -0 ++ [bug 3628] Zeller's congruence in calendar ++ - reconstruct century from y/m/d + day-of-week, 2digit year ++ ++ include/ntp_calgps.h@1.3 +2 -2 ++ [bug 3628] Zeller's congruence in calendar ++ - comment typos ++ ++ libntp/ntp_calendar.c@1.26 +161 -43 ++ [bug 3628] Zeller's congruence in calendar ++ - reconstruct century from y/m/d + day-of-week, 2digit year ++ - fast (mod 7) operations ++ - implement reverse Zeller congruence ++ ++ libparse/clk_rawdcf.c@1.24 +55 -0 ++ [bug 3628] Zeller's congruence in calendar ++ - in-situ implementation of Zeller's congruence ++ ++ tests/libntp/calendar.c@1.18 +235 -0 ++ [bug 3628] Zeller's congruence in calendar ++ - added unit tests for mod7 and century reconstruction ++ - test algorithm of in-situ implementation of Zeller's congruence in libparse ++ ++ tests/libntp/run-calendar.c@1.19 +18 -0 ++ [bug 3628] Zeller's congruence in calendar ++ - regenerated test driver ++ ++ChangeSet@1.3873.1.2, 2019-12-07 08:19:05+01:00, perlinger@ntp.org ++ [bug 3592] ++ first try to move poll_update ++ ++ ntpd/ntp_proto.c@1.429 +10 -9 ++ [bug 3592] ++ first try to move poll_update ++ ++ChangeSet@1.3873.1.1, 2019-12-05 05:58:36+00:00, stenn@psp-deb1.ntp.org ++ Note places to look for things related to bug 3592 ++ ++ ntpd/ntp_proto.c@1.428 +5 -0 ++ Note places to look for things related to bug 3592 ++ ++ChangeSet@1.3874, 2019-11-18 06:04:58+00:00, perlinger@psp-deb1.ntp.org ++ [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap ++ ++ ChangeLog@1.1968.1.23 +2 -0 ++ [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap ++ ++ ntpd/ntpd.c@1.184 +23 -0 ++ [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap ++ ++ChangeSet@1.3871.4.2, 2019-10-10 15:26:29+02:00, perlinger@ntp.org ++ [Bug 3620] memory leak in ntpq sysinfo ++ ++ ChangeLog@1.1968.29.2 +2 -0 ++ [Bug 3620] memory leak in ntpq sysinfo ++ ++ ntpq/ntpq-subs.c@1.131 +4 -0 ++ [Bug 3620] memory leak in ntpq sysinfo ++ ++ChangeSet@1.3871.4.1, 2019-10-10 15:13:25+02:00, perlinger@ntp.org ++ [Bug 3619] Honour drefid setting in cooked mode and sysinfo ++ ++ ChangeLog@1.1968.29.1 +2 -0 ++ [Bug 3619] Honour drefid setting in cooked mode and sysinfo ++ ++ ntpq/ntpq-subs.c@1.130 +18 -1 ++ [Bug 3619] Honour drefid setting in cooked mode and sysinfo ++ ++ ntpq/ntpq.c@1.192 +12 -5 ++ [Bug 3619] Honour drefid setting in cooked mode and sysinfo ++ ++ ntpq/ntpq.h@1.33 +1 -0 ++ [Bug 3619] Honour drefid setting in cooked mode and sysinfo ++ ++ChangeSet@1.3871.3.1, 2019-10-10 07:19:05+02:00, perlinger@ntp.org ++ [Bug 3612] Use-of-uninitialized-value in receive function ++ ++ ChangeLog@1.1968.28.1 +2 -0 ++ [Bug 3612] Use-of-uninitialized-value in receive function ++ ++ ntpd/ntp_proto.c@1.427 +28 -15 ++ [Bug 3612] Use-of-uninitialized-value in receive function ++ ++ChangeSet@1.3871.2.1, 2019-10-04 07:29:17+02:00, perlinger@ntp.org ++ [Bug 3593] ntpd discards silently nmea messages after the 5th string ++ ++ ChangeLog@1.1968.27.1 +1 -0 ++ [Bug 3593] ntpd discards silently nmea messages after the 5th string ++ ++ libntp/recvbuff.c@1.43 +0 -2 ++ [Bug 3593] ntpd discards silently nmea messages after the 5th string ++ - replenish buffers *always* in 'get_full_recv_buffer', not just for signalled IO ++ ++ChangeSet@1.3871.1.5, 2019-10-03 10:04:23+02:00, perlinger@ntp.org ++ [Bug 3594] ntpd discards messages coming through nmead ++ ++ ChangeLog@1.1968.25.3 +1 -0 ++ [Bug 3594] ntpd discards messages coming through nmead ++ ++ ntpd/refclock_nmea.c@1.83 +110 -28 ++ [Bug 3594] ntpd discards messages coming through nmead ++ - make socket I/O for NMEAD nonblocking ++ - do local line split / record assembly as TCP does not preserve boundaries ++ ++ChangeSet@1.3871.1.3, 2019-09-26 06:46:14+00:00, stenn@psp-deb1.ntp.org ++ typo ++ ++ html/clockopt.html@1.28 +2 -2 ++ typo ++ ++ChangeSet@1.3871.1.1, 2019-09-23 07:18:39+02:00, perlinger@ntp.org ++ [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no ++ ++ ChangeLog@1.1968.26.1 +1 -0 ++ [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no ++ ++ sntp/m4/ntp_problemtests.m4@1.6 +12 -0 ++ [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no ++ - disable the 'problematic' tests in all cases where ntp_cv_gc_sections_runs=no ++ ++ChangeSet@1.3870.1.1, 2019-09-21 07:31:44+02:00, perlinger@ntp.org ++ [Bug 3615] accelerate refclock startup ++ ++ ChangeLog@1.1968.25.1 +1 -0 ++ [Bug 3615] accelerate refclock startup ++ ++ include/ntp_refclock.h@1.39.1.1 +1 -0 ++ [Bug 3615] accelerate refclock startup ++ - add 'inpoll' flag ++ ++ ntpd/ntp_loopfilter.c@1.194 +30 -9 ++ [Bug 3615] accelerate refclock startup ++ - time boxed stepping of sys_poll (avoid quick sys_poll overshoot) ++ ++ ntpd/ntp_refclock.c@1.128.1.1 +77 -6 ++ [Bug 3615] accelerate refclock startup ++ - check if clock status could benefit from early poll ++ - 'unsolicited' calls to refclock_receive add bits to the reach mask ++ ++ ntpd/refclock_nmea.c@1.82 +14 -10 ++ [Bug 3615] accelerate refclock startup ++ - minor sidekick: different order of data integrity checks reduces number of clock events ++ during signal dropout ++ ++ChangeSet@1.3867.1.2, 2019-09-13 18:10:32+02:00, perlinger@ntp.org ++ [bug 3609] addendum: extended documention ++ ++ html/clockopt.html@1.27 +4 -0 ++ [bug 3609] addendum: extended documention ++ ++ChangeSet@1.3872, 2019-09-13 08:18:14+02:00, perlinger@ntp.org ++ [Bug 3617] Add support for ACE III and Copernicus II receivers ++ ++ ChangeLog@1.1968.1.21 +2 -0 ++ [Bug 3617] Add support for ACE III and Copernicus II receivers ++ ++ html/drivers/driver29.html@1.18 +68 -10 ++ [Bug 3617] Add support for ACE III and Copernicus II receivers ++ ++ ntpd/refclock_palisade.c@1.48 +197 -11 ++ [Bug 3617] Add support for ACE III and Copernicus II receivers ++ ++ ntpd/refclock_palisade.h@1.16 +5 -2 ++ [Bug 3617] Add support for ACE III and Copernicus II receivers ++ ++ChangeSet@1.3871, 2019-09-06 17:06:02+02:00, perlinger@ntp.org ++ [Bug 3613] 'pool' directive doesn't honor 'noselect' flag ++ ++ ntpd/ntp_proto.c@1.426 +7 -5 ++ [Bug 3613] 'pool' directive doesn't honor 'noselect' flag ++ - minor cleanup: define mask for all bits going from pool to peer ++ ++ChangeSet@1.3870, 2019-09-06 01:32:24-07:00, harlan@max.pfcs.com ++ merge cleanup ++ ++ ChangeLog@1.1968.1.20 +2 -1 ++ merge cleanup ++ ++ChangeSet@1.3844.23.1, 2019-09-05 23:41:13-07:00, harlan@max.pfcs.com ++ [Bug 3613] Propagate noselect to mobilized pool servers ++ ++ ChangeLog@1.1968.24.1 +1 -0 ++ [Bug 3613] Propagate noselect to mobilized pool servers ++ ++ ntpd/ntp_proto.c@1.423.1.1 +4 -1 ++ [Bug 3613] Propagate noselect to mobilized pool servers ++ ++ChangeSet@1.3867.1.1, 2019-09-05 22:24:53+02:00, perlinger@ntp.org ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ChangeLog@1.1968.23.1 +2 -0 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ html/clockopt.html@1.26 +12 -0 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ include/ntp_refclock.h@1.40 +4 -1 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/complete.conf.in@1.35 +1 -1 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/keyword-gen.c@1.39 +1 -0 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/ntp_config.c@1.369 +15 -4 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/ntp_control.c@1.237 +15 -2 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/ntp_keyword.h@1.35 +701 -694 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/ntp_parser.c@1.114 +805 -805 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/ntp_parser.h@1.76 +201 -199 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/ntp_parser.y@1.102 +2 -0 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/ntp_refclock.c@1.129 +19 -0 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ ntpd/refclock_parse.c@1.88 +3 -0 ++ [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - implementing 'fudge minjitter' ++ ++ChangeSet@1.3868, 2019-09-04 21:40:55+02:00, perlinger@ntp.org ++ [Bug 3611] NMEA time interpreted incorrectly ++ ++ ChangeLog@1.1968.1.18 +3 -0 ++ [Bug 3611] NMEA time interpreted incorrectly ++ ++ html/drivers/driver20.html@1.33 +34 -2 ++ [Bug 3611] NMEA time interpreted incorrectly ++ - add documentation for mode bit 18 ("date trust" feature) ++ ++ include/ntp_calgps.h@1.2 +12 -2 ++ [Bug 3611] NMEA time interpreted incorrectly ++ - make GPS era folding a runtime decision ("date trust" support) ++ ++ libntp/ntp_calgps.c@1.3 +26 -13 ++ [Bug 3611] NMEA time interpreted incorrectly ++ - make GPS era folding a runtime decision ("date trust" support) ++ ++ ntpd/refclock_nmea.c@1.81 +5 -4 ++ [Bug 3611] NMEA time interpreted incorrectly ++ - restore hitherto undocumented "date trust" feature (was lost in [bug 3577]) ++ - move "date trust" to mode bit 18 ++ ++ChangeSet@1.3867, 2019-09-01 10:33:34+02:00, perlinger@ntp.org ++ [Bug 3576] New GPS date function API ++ - copy/paste bug in division code (32-bit non-ARM targets only) ++ ++ libntp/ntp_calendar.c@1.25 +1 -1 ++ [Bug 3576] New GPS date function API ++ - copy/paste bug in division code (32-bit non-ARM targets only) ++ ++ChangeSet@1.3866, 2019-09-01 06:55:03+00:00, stenn@psp-deb1.ntp.org ++ Make 3610 a SEC bug ++ ++ ChangeLog@1.1968.1.17 +1 -1 ++ Make 3610 a SEC bug ++ ++ChangeSet@1.3865, 2019-08-31 23:59:24+00:00, stenn@psp-deb1.ntp.org ++ Clean up sntp/networking.c:sendpkt() error message. ++ ++ ChangeLog@1.1968.1.16 +1 -0 ++ Clean up sntp/networking.c:sendpkt() error message. ++ ++ sntp/networking.c@1.71 +1 -1 ++ Clean up sntp/networking.c:sendpkt() error message. ++ ++ChangeSet@1.3864, 2019-08-31 23:56:58+00:00, stenn@psp-deb1.ntp.org ++ [Bug 3610] process_control() should bail earlier on short packets. stenn@ ++ ++ ChangeLog@1.1968.1.15 +2 -0 ++ ++ ntpd/ntp_control.c@1.236 +13 -6 ++ ++ChangeSet@1.3863, 2019-08-20 08:36:42+02:00, perlinger@ntp.org ++ [Bug3608] libparse fails to compile on S11.4SRU13 and later ++ ++ ChangeLog@1.1968.1.14 +2 -0 ++ [Bug3608] libparse fails to compile on S11.4SRU13 and later ++ ++ libparse/Makefile.am@1.33 +3 -1 ++ [Bug3608] libparse fails to compile on S11.4SRU13 and later ++ ++ChangeSet@1.3862, 2019-08-16 04:07:25-04:00, stenn@psp-deb2.ntp.org ++ ChangeLog: ++ merge cleanup ++ ++ ChangeLog@1.1968.1.13 +3 -4 ++ merge cleanup ++ ++ChangeSet@1.3844.3.13, 2019-08-12 07:09:14+02:00, perlinger@ntp.org ++ [bug 3576] documentation typo ++ ++ html/drivers/driver20.html@1.29.1.2 +1 -1 ++ [bug 3576] documentation typo ++ ++ChangeSet@1.3844.21.2, 2019-08-10 18:35:06+02:00, perlinger@ntp.org ++ comment change ++ ++ include/ntp_request.h@1.53 +1 -1 ++ comment change ++ ++ChangeSet@1.3844.22.1, 2019-08-10 09:03:06+02:00, perlinger@ntp.org ++ [Bug 3604] Wrong param byte order passing into record_raw_stats() in ntp_io.c ++ ++ ChangeLog@1.1968.21.1 +4 -0 ++ [Bug 3604] Wrong param byte order passing into record_raw_stats() in ntp_io.c ++ ++ ntpd/ntp_io.c@1.429.1.1 +8 -4 ++ [Bug 3604] Wrong param byte order passing into record_raw_stats() in ntp_io.c ++ ++ChangeSet@1.3844.21.1, 2019-08-10 08:31:59+02:00, perlinger@ntp.org ++ [Bug 3599] Build fails on linux-m68k due to alignment issues ++ ++ ChangeLog@1.1968.20.1 +4 -0 ++ [Bug 3599] Build fails on linux-m68k due to alignment issues ++ ++ include/ntp_request.h@1.52 +1 -0 ++ [Bug 3599] Build fails on linux-m68k due to alignment issues ++ ++ ntpdc/layout.std@1.15 +1 -0 ++ [Bug 3599] Build fails on linux-m68k due to alignment issues ++ ++ChangeSet@1.3852, 2019-07-04 06:29:23-04:00, stenn@psp-deb2.ntp.org ++ typo ++ ++ html/drivers/driver20.html@1.31 +1 -1 ++ typo ++ ++ChangeSet@1.3850, 2019-07-04 06:20:52-04:00, stenn@psp-deb2.ntp.org ++ Distribute include/timexsup.h ++ ++ include/Makefile.am@1.56 +1 -0 ++ Distribute include/timexsup.h ++ ++ChangeSet@1.3844.3.12, 2019-06-20 06:23:08+02:00, perlinger@ntp.org ++ [Bug 3576] New GPS date function API ++ - sidekick: use different division tricks in calendar ++ ++ libntp/ntp_calendar.c@1.24 +91 -95 ++ [Bug 3576] New GPS date function API ++ - sidekick: use different division tricks in calendar, use linear fractionals for month length ++ ++ tests/libntp/calendar.c@1.17 +28 -0 ++ [Bug 3576] New GPS date function API ++ - sidekick: more calendar unit tests ++ ++ tests/libntp/run-calendar.c@1.17 +22 -18 ++ [Bug 3576] New GPS date function API ++ - sidekick: update unit test runner ++ ++ChangeSet@1.3844.20.1, 2019-06-15 09:17:38+02:00, perlinger@ntp.org ++ [Bug 3473] RefID of refclocks should always be text format ++ ++ ChangeLog@1.1968.19.1 +4 -0 ++ [Bug 3473] RefID of refclocks should always be text format ++ ++ ntpd/ntp_control.c@1.232.2.2 +4 -9 ++ [Bug 3473] RefID of refclocks should always be text format ++ ++ ntpdc/ntpdc_ops.c@1.86.1.1 +65 -63 ++ [Bug 3473] RefID of refclocks should always be text format ++ ++ ntpq/ntpq.c@1.189.1.1 +14 -1 ++ [Bug 3473] RefID of refclocks should always be text format ++ ++ChangeSet@1.3844.19.1, 2019-06-04 07:59:30+02:00, perlinger@ntp.org ++ [Bug 3490] Patch to support Trimble Resolution Receivers ++ ++ ChangeLog@1.1968.18.1 +4 -0 ++ [Bug 3490] Patch to support Trimble Resolution Receivers ++ ++ ntpd/refclock_palisade.c@1.47 +45 -1 ++ [Bug 3490] Patch to support Trimble Resolution Receivers ++ - original patch by Richard Steedman ++ - fixed bitwise AND vs boolean AND operation (not a real bug, but confusing) ++ ++ChangeSet@1.3844.18.1, 2019-06-04 06:41:14+02:00, perlinger@ntp.org ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ ChangeLog@1.1968.17.1 +4 -0 ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ include/ntp_fp.h@1.35 +2 -2 ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ libntp/dofptoa.c@1.10 +5 -5 ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ libntp/dolfptoa.c@1.13 +5 -5 ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ libntp/mstolfp.c@1.6 +3 -4 ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ ntpq/ntpq-subs.c@1.127.1.1 +3 -3 ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ ntpq/ntpq.c@1.190 +27 -10 ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ tests/libntp/lfptostr.c@1.9 +18 -18 ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ tests/libntp/refidsmear.c@1.8 +16 -16 ++ [Bug 3491] Signed values of LFP datatypes should always display a sign ++ ++ChangeSet@1.3844.17.1, 2019-06-02 14:02:24+02:00, perlinger@ntp.org ++ [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user is specified with -u ++ - monitor daemon child startup & propagate exit codes ++ ++ ChangeLog@1.1968.16.1 +5 -0 ++ [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user is specified with -u ++ - monitor daemon child startup & propagate exit codes ++ ++ configure.ac@1.616.1.1 +1 -0 ++ [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user is specified with -u ++ - check for 'waitpid()' ++ ++ include/ntpd.h@1.205 +1 -1 ++ [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user is specified with -u ++ - unclutter daemon startup pipe handling ++ ++ ntpd/ntp_proto.c@1.424 +4 -3 ++ [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user is specified with -u ++ - unclutter daemon startup pipe handling ++ - send 'S' (--> synced) message to parent process ++ ++ ntpd/ntpd.c@1.180.2.1 +150 -60 ++ [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user is specified with -u ++ - monitor daemon child startup & propagate exit codes ++ - send 'R' (--> running) message to parent process when getting operational ++ - unclutter daemon startup pipe handling ++ ++ChangeSet@1.3844.16.1, 2019-06-01 17:53:11+02:00, perlinger@ntp.org ++ [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network ++ ++ ChangeLog@1.1968.15.1 +4 -0 ++ [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network ++ ++ include/ntp_io.h@1.24 +1 -1 ++ [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network ++ ++ ntpd/ntp_io.c@1.430 +38 -28 ++ [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network ++ - disable the warning on an IPv6-only network. No harm done in that case, and the ++ semantic of 'sys_bclient' is too intricate for simple changes ++ ++ChangeSet@1.3844.15.1, 2019-05-30 10:53:25+02:00, perlinger@ntp.org ++ [Bug 3533] ntpdc peer_info ipv6 issues ++ ++ ChangeLog@1.1968.14.1 +4 -0 ++ [Bug 3533] ntpdc peer_info ipv6 issues ++ ++ ntpd/ntp_request.c@1.130 +1 -1 ++ [Bug 3533] ntpdc peer_info ipv6 issues ++ - wrong address used in AF-specific branch decision ++ ++ ntpdc/ntpdc.c@1.112.1.1 +8 -7 ++ [Bug 3533] ntpdc peer_info ipv6 issues ++ ++ ntpdc/ntpdc_ops.c@1.87 +10 -3 ++ [Bug 3533] ntpdc peer_info ipv6 issues ++ ++ChangeSet@1.3844.3.11, 2019-05-28 08:11:59+02:00, perlinger@ntp.org ++ [some cleanup of calendar calculations] ++ ++ include/ntp_calendar.h@1.22 +43 -1 ++ [some cleanup of calendar calculations] ++ - alternative implementation of the leapyear test ++ ++ libntp/ntp_calendar.c@1.23 +19 -12 ++ [some cleanup of calendar calculations] ++ - fix an embarrassing error in the 32bit-only code for day/week join ++ ++ tests/libntp/calendar.c@1.16 +16 -0 ++ [some cleanup of calendar calculations] ++ - add direkt unit test for leap year rule ++ ++ tests/libntp/run-calendar.c@1.16 +16 -14 ++ [some cleanup of calendar calculations] ++ - update regenerated file ++ ++ChangeSet@1.3844.14.5, 2019-05-16 21:09:12+02:00, perlinger@ntp.org ++ [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code ++ ++ ChangeLog@1.1968.13.5 +2 -0 ++ [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code ++ ++ ntpd/ntpd.c@1.180.1.2 +7 -12 ++ [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code ++ ++ChangeSet@1.3844.14.4, 2019-05-16 20:51:13+02:00, perlinger@ntp.org ++ [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() ++ ++ ChangeLog@1.1968.13.4 +2 -0 ++ [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() ++ ++ ntpd/ntpd.c@1.180.1.1 +2 -6 ++ [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() ++ ++ChangeSet@1.3844.14.3, 2019-05-16 20:19:10+02:00, perlinger@ntp.org ++ [Bug 3517] Reducing build noise ++ ++ ChangeLog@1.1968.13.3 +1 -0 ++ [Bug 3517] Reducing build noise ++ ++ ntpq/Makefile.am@1.74 +15 -13 ++ [Bug 3517] Reducing build noise ++ - linker flags useless for static library ++ - lines containing tabs only are bad in makefiles ++ ++ChangeSet@1.3844.14.2, 2019-05-16 19:42:17+02:00, perlinger@ntp.org ++ [Bug 3516] Require tooling from this decade ++ ++ ChangeLog@1.1968.13.2 +2 -0 ++ [Bug 3516] Require tooling from this decade ++ ++ configure.ac@1.617 +4 -7 ++ [Bug 3516] Require tooling from this decade ++ ++ sntp/configure.ac@1.86 +5 -7 ++ [Bug 3516] Require tooling from this decade ++ ++ChangeSet@1.3844.14.1, 2019-05-16 19:03:12+02:00, perlinger@ntp.org ++ [Bug 3511] Get rid of AC_LANG_SOURCE() warnings ++ ++ ChangeLog@1.1968.13.1 +4 -0 ++ [Bug 3511] Get rid of AC_LANG_SOURCE() warnings ++ ++ sntp/libopts/m4/libopts.m4@1.35 +12 -12 ++ [Bug 3511] Get rid of AC_LANG_SOURCE() warnings ++ ++ChangeSet@1.3844.3.10, 2019-05-13 07:44:52+02:00, perlinger@ntp.org ++ [Bug 3590] Update refclock_oncore.c to the new GPS date API ++ ++ ChangeLog@1.1968.3.3 +1 -0 ++ [Bug 3590] Update refclock_oncore.c to the new GPS date API ++ ++ libntp/ntp_calgps.c@1.2 +29 -5 ++ [Bug 3590] Update refclock_oncore.c to the new GPS date API ++ ++ ntpd/refclock_oncore.c@1.105 +54 -2 ++ [Bug 3590] Update refclock_oncore.c to the new GPS date API ++ - use GPS era remapping ++ ++ tests/libntp/calendar.c@1.15 +67 -28 ++ [Bug 3590] Update refclock_oncore.c to the new GPS date API ++ - additional tests for era remapping ++ ++ tests/libntp/run-calendar.c@1.15 +5 -3 ++ [Bug 3590] Update refclock_oncore.c to the new GPS date API ++ ++ChangeSet@1.3844.13.1, 2019-05-04 10:13:19+02:00, perlinger@ntp.org ++ [Bug 3531] make check: test-decodenetnum fails ++ ++ ChangeLog@1.1968.12.1 +5 -0 ++ [Bug 3531] make check: test-decodenetnum fails ++ ++ include/ntp_control.h@1.60 +4 -0 ++ [Bug 3531] make check: test-decodenetnum fails ++ - side kick: add preprocessor guards ++ ++ libntp/decodenetnum.c@1.19 +57 -25 ++ [Bug 3531] make check: test-decodenetnum fails ++ - harden against missing/incomplete /etc/services (getaddrinfo() croaks on service) ++ ++ tests/libntp/decodenetnum.c@1.12 +6 -6 ++ [Bug 3531] make check: test-decodenetnum fails ++ - fix cond-compile target/config guards ++ ++ tests/libntp/sockaddrtest.c@1.3 +7 -1 ++ [Bug 3531] make check: test-decodenetnum fails ++ - get strings to local buffers instead of overruning lib buffers ++ ++ tests/libntp/socktoa.c@1.13 +8 -8 ++ [Bug 3531] make check: test-decodenetnum fails ++ - fix cond-compile target/config guards ++ ++ChangeSet@1.3844.8.2, 2019-05-02 10:26:12+02:00, perlinger@ntp.org ++ [Bug 3573] nptdate: missleading error message ++ ++ ntpdate/ntpdate.c@1.102.1.2 +1 -3 ++ [Bug 3573] nptdate: missleading error message ++ - sidekick: make failing to set IPV6_V6ONLY non-fatal ++ ++ChangeSet@1.3844.12.1, 2019-05-02 08:35:23+02:00, perlinger@ntp.org ++ [Bug 1433] runtime check whether the kernel really supports capabilities ++ ++ ChangeLog@1.1968.11.1 +4 -0 ++ [Bug 1433] runtime check whether the kernel really supports capabilities ++ ++ ntpd/ntpd.c@1.181 +27 -3 ++ [Bug 1433] runtime check whether the kernel really supports capabilities ++ ++ChangeSet@1.3844.11.1, 2019-05-02 07:27:17+02:00, perlinger@ntp.org ++ [Bug 3132] Building 4.2.8p8 with disabled local libopts fails ++ ++ ChangeLog@1.1968.10.1 +4 -0 ++ [Bug 3132] Building 4.2.8p8 with disabled local libopts fails ++ ++ sntp/main.c@1.105 +4 -0 ++ [Bug 3132] Building 4.2.8p8 with disabled local libopts fails ++ - include if we have it ++ ++ChangeSet@1.3844.10.1, 2019-05-02 06:32:04+02:00, perlinger@ntp.org ++ [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH ++ ++ ChangeLog@1.1968.9.1 +4 -0 ++ [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH ++ ++ scripts/build/mkver.in@1.16 +6 -1 ++ [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH ++ ++ChangeSet@1.3844.9.1, 2019-05-01 10:25:57+02:00, perlinger@ntp.org ++ [Bug 3542] ntpdc monlist parameters cannot be set ++ ++ ChangeLog@1.1968.8.1 +3 -0 ++ [Bug 3542] ntpdc monlist parameters cannot be set ++ ++ ntpdc/ntpdc.c@1.113 +15 -35 ++ [Bug 3542] ntpdc monlist parameters cannot be set ++ - fixed 'getarg()' number parsing (still assumed union and was badly refactored) ++ ++ChangeSet@1.3844.8.1, 2019-05-01 07:24:20+02:00, perlinger@ntp.org ++ [Bug 3573] nptdate: missleading error message ++ ++ ChangeLog@1.1968.7.1 +3 -0 ++ [Bug 3573] nptdate: missleading error message ++ ++ ntpdate/ntpdate.c@1.102.1.1 +5 -1 ++ [Bug 3573] nptdate: missleading error message ++ - empty ARGV/ARGC acceptable only with NETINFO available ++ ++ChangeSet@1.3844.6.2, 2019-04-30 08:09:13+02:00, perlinger@ntp.org ++ [Bug 3583] synchronization error ++ - update docs on 'tos basedate' ++ ++ html/miscopt.html@1.91 +6 -2 ++ [Bug 3583] synchronization error ++ - update docs on 'tos basedate' ++ ++ChangeSet@1.3844.7.1, 2019-04-28 09:50:11+02:00, perlinger@ntp.org ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ ++ ChangeLog@1.1968.6.1 +4 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ ++ include/ntp_syslog.h@1.10 +3 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - add 'change_iobufs()' for unit test setup ++ ++ libntp/msyslog.c@1.55 +38 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - add 'change_iobufs()' for unit test setup ++ ++ sntp/tests/run-crypto.c@1.9 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ sntp/tests/run-keyFile.c@1.11 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ sntp/tests/run-kodDatabase.c@1.11 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ sntp/tests/run-kodFile.c@1.9 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ sntp/tests/run-networking.c@1.5 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ sntp/tests/run-packetHandling.c@1.8 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ sntp/tests/run-packetProcessing.c@1.14 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ sntp/tests/run-t-log.c@1.7 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ sntp/tests/run-utilities.c@1.8 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ sntp/tests/testconf.yml@1.2 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - set output streams to line buffered during test suite setup ++ ++ tests/bug-2803/run-bug-2803.c@1.11 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/bug-2803/testconf.yml@1.2 +2 -1 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - set output streams to line buffered during test suite setup ++ ++ tests/bug-3102/testconf.yml@1.2 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - set output streams to line buffered during test suite setup ++ ++ tests/libntp/run-a_md5encrypt.c@1.17 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-atoint.c@1.10 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-atouint.c@1.11 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-authkeys.c@1.15 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-buftvtots.c@1.8 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-calendar.c@1.13.1.1 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-caljulian.c@1.15 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-caltontp.c@1.7 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-calyearstart.c@1.9 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-clocktime.c@1.12 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-decodenetnum.c@1.13 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-hextoint.c@1.11 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-hextolfp.c@1.10 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-humandate.c@1.9 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-lfpfunc.c@1.21 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-lfptostr.c@1.10 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-modetoa.c@1.14 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-msyslog.c@1.11 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-netof.c@1.10 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-numtoa.c@1.13 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-numtohost.c@1.13 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-octtoint.c@1.9 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-prettydate.c@1.8 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-recvbuff.c@1.7 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-refidsmear.c@1.10 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-refnumtoa.c@1.11 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-sbprintf.c@1.3 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-sfptostr.c@1.9 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-socktoa.c@1.16 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-ssl_init.c@1.11 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-statestr.c@1.13 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-strtolfp.c@1.8 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-timespecops.c@1.13 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-timevalops.c@1.16 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-tsafememcmp.c@1.3 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-tstotv.c@1.7 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-tvtots.c@1.8 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-uglydate.c@1.13 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-vi64ops.c@1.10 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/run-ymd2yd.c@1.13 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/libntp/testconf.yml@1.2 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - set output streams to line buffered during test suite setup ++ ++ tests/ntpd/run-leapsec.c@1.9 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/ntpd/run-ntp_prio_q.c@1.7 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/ntpd/run-ntp_restrict.c@1.9 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/ntpd/run-rc_cmdlength.c@1.7 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/ntpd/run-t-ntp_scanner.c@1.8 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/ntpd/run-t-ntp_signd.c@1.13 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/ntpd/testconf.yml@1.2 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - set output streams to line buffered during test suite setup ++ ++ tests/ntpq/run-t-ntpq.c@1.5 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/ntpq/testconf.yml@1.2 +2 -1 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - set output streams to line buffered during test suite setup ++ ++ tests/sandbox/run-modetoa.c@1.5 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/sandbox/run-uglydate.c@1.9 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/sandbox/run-ut-2803.c@1.4 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/sandbox/testconf.yml@1.2 +2 -1 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - set output streams to line buffered during test suite setup ++ ++ tests/sec-2853/run-sec-2853.c@1.7 +2 -0 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - regenrated test runner ++ ++ tests/sec-2853/testconf.yml@1.2 +2 -1 ++ [Bug 3585] Unity tests mix buffered and unbuffered output ++ - set output streams to line buffered during test suite setup ++ ++ChangeSet@1.3844.6.1, 2019-04-27 18:55:23+02:00, perlinger@ntp.org ++ [Bug 3583] synchronization error ++ ++ ChangeLog@1.1968.5.1 +4 -0 ++ [Bug 3583] synchronization error ++ ++ libntp/systime.c@1.75 +11 -15 ++ [Bug 3583] synchronization error ++ - set clock to base date if system time is before that limit ++ (used to map inside the intended era, which is actually a bad idea) ++ ++ChangeSet@1.3844.5.5, 2019-04-23 08:17:58+02:00, perlinger@ntp.org ++ [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled ++ ++ ChangeLog@1.1968.4.1 +3 -0 ++ [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled ++ ++ ntpd/refclock_gpsdjson.c@1.30 +1 -1 ++ [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled ++ ++ChangeSet@1.3844.3.9, 2019-04-22 11:57:53+02:00, perlinger@ntp.org ++ [Bug 3577] silence some nitpicking from MSVC ++ ++ ntpd/refclock_jupiter.c@1.34 +12 -12 ++ [Bug 3577] silence some nitpicking from MSVC ++ ++ChangeSet@1.3844.5.4, 2019-04-22 01:20:36-07:00, ntpreleng@ntp-build.tal1.ntfo.org ++ Author cleanup ++ ++ BitKeeper/etc/Authors/ntpreleng.txt@1.1 +1 -0 ++ BitKeeper file BitKeeper/etc/Authors/ntpreleng.txt ++ ++ BitKeeper/etc/Authors/ntpreleng.txt@1.0 +0 -0 ++ ++ BitKeeper/etc/authors.txt@1.3 +1 -2 ++ Author cleanup ++ ++ChangeSet@1.3844.5.3, 2019-04-21 03:33:53-07:00, ntpreleng@ntp-build.tal1.ntfo.org ++ author cleanup ++ ++ BitKeeper/deleted/2e/Brian.txt~204f4d9a946d68c3@1.2 +0 -0 ++ Delete: BitKeeper/etc/Authors/Brian.txt ++ ++ChangeSet@1.3844.5.2, 2019-04-21 03:26:18-07:00, ntpreleng@ntp-build.tal1.ntfo.org ++ author cleanup ++ ++ BitKeeper/etc/Authors/amidamaru.txt@1.3 +0 -0 ++ Rename: BitKeeper/etc/Authors/Amidamaru.txt -> BitKeeper/etc/Authors/amidamaru.txt ++ ++ChangeSet@1.3844.5.1, 2019-04-21 03:25:30-07:00, ntpreleng@ntp-build.tal1.ntfo.org ++ author cleanup ++ ++ BitKeeper/deleted/b5/amidamaru.txt~83565bba563cd9e2@1.3 +0 -0 ++ Delete: BitKeeper/etc/Authors/amidamaru.txt ++ ++ BitKeeper/etc/Authors/Amidamaru.txt@1.2 +1 -0 ++ author cleanup ++ ++ BitKeeper/triggers/Old/post-incoming.license-warn@1.11 +0 -0 ++ Rename: BitKeeper/triggers/post-incoming.license-warn -> BitKeeper/triggers/Old/post-incoming.license-warn ++ ++ BitKeeper/triggers/Old/pre-resolve.license-chk@1.12 +0 -0 ++ Rename: BitKeeper/triggers/pre-resolve.license-chk -> BitKeeper/triggers/Old/pre-resolve.license-chk ++ ++ BitKeeper/triggers/Old/pre-resolve.licfix@1.6 +0 -0 ++ Rename: BitKeeper/triggers/pre-resolve.licfix -> BitKeeper/triggers/Old/pre-resolve.licfix ++ ++ChangeSet@1.3844.3.7, 2019-04-20 08:38:11+02:00, perlinger@ntp.org ++ [Bug 3577] Update refclock_zyfer.c to the new GPS date API ++ ++ ChangeLog@1.1968.3.2 +2 -0 ++ [Bug 3577] Update refclock_zyfer.c to the new GPS date API ++ ++ html/drivers/driver20.html@1.29.1.1 +22 -1 ++ [Bug 3577] Update refclock_zyfer.c to the new GPS date API ++ ++ ntpd/refclock_jupiter.c@1.33 +312 -409 ++ [Bug 3577] Update refclock_zyfer.c to the new GPS date API ++ ++ ntpd/refclock_nmea.c@1.80 +434 -703 ++ [Bug 3577] Update refclock_zyfer.c to the new GPS date API ++ - use new API to wrap/warp GPS time stamps ++ - implement silent PPS mode & data expiration ++ - major changes for string parsing, too ++ ++ ntpd/refclock_zyfer.c@1.11 +21 -4 ++ [Bug 3577] Update refclock_zyfer.c to the new GPS date API ++ ++ChangeSet@1.3844.3.6, 2019-04-20 08:18:00+02:00, perlinger@ntp.org ++ [Bug 3576] New GPS date function API ++ ++ ChangeLog@1.1968.3.1 +3 -0 ++ [Bug 3576] New GPS date function API ++ ++ include/ntp_calendar.h@1.21 +20 -1 ++ [Bug 3576] New GPS date function API ++ - typedefs & new functions ++ ++ include/ntp_calgps.h@1.1 +126 -0 ++ [Bug 3576] New GPS date function API ++ - new module to do proper GPS epoch wrapping ++ ++ include/ntp_calgps.h@1.0 +0 -0 ++ ++ include/ntp_refclock.h@1.39 +20 -9 ++ [Bug 3576] New GPS date function API ++ - filter stage count is power of two now ++ - new functions for buffer handling ++ ++ include/timespecops.h@1.6 +8 -179 ++ [Bug 3576] New GPS date function API ++ - moved functions from inline to body ++ ++ libntp/Makefile.am@1.82.1.1 +2 -0 ++ [Bug 3576] New GPS date function API ++ - added new modules ++ ++ libntp/ntp_calendar.c@1.22 +398 -259 ++ [Bug 3576] New GPS date function API ++ - typedefs & new functions ++ ++ libntp/ntp_calgps.c@1.1 +586 -0 ++ [Bug 3576] New GPS date function API ++ - new module to do proper GPS epoch wrapping ++ ++ libntp/ntp_calgps.c@1.0 +0 -0 ++ ++ libntp/timespecops.c@1.1 +233 -0 ++ [Bug 3576] New GPS date function API ++ - moved functions from inline to body ++ ++ libntp/timespecops.c@1.0 +0 -0 ++ ++ ntpd/ntp_refclock.c@1.128 +309 -7 ++ [Bug 3576] New GPS date function API ++ - filter stage count is power of two now ++ - new functions for buffer handling ++ ++ ntpd/ntp_restrict.c@1.47 +0 -2 ++ [Bug 3576] New GPS date function API ++ - side kick: remove unused variables ++ ++ parseutil/dcfd.c@1.30 +10 -10 ++ [Bug 3576] New GPS date function API ++ - side kick: fix compiler warnings (dprintf is a function and not the same as DPRINTF) ++ ++ ports/winnt/vs2005/libntp.vcproj@1.28 +12 -0 ++ [Bug 3576] New GPS date function API ++ - added new modules ++ ++ ports/winnt/vs2008/libntp/libntp.vcproj@1.59 +12 -0 ++ [Bug 3576] New GPS date function API ++ - added new modules ++ ++ ports/winnt/vs2013/libntp/libntp.vcxproj@1.15 +3 -0 ++ [Bug 3576] New GPS date function API ++ - added new modules ++ ++ ports/winnt/vs2013/libntp/libntp.vcxproj.filters@1.13 +9 -0 ++ [Bug 3576] New GPS date function API ++ - added new modules ++ ++ ports/winnt/vs2015/libntp/libntp.vcxproj@1.5 +3 -0 ++ [Bug 3576] New GPS date function API ++ - added new modules ++ ++ ports/winnt/vs2015/libntp/libntp.vcxproj.filters@1.5 +9 -0 ++ [Bug 3576] New GPS date function API ++ - added new modules ++ ++ tests/libntp/calendar.c@1.14 +169 -4 ++ [Bug 3576] New GPS date function API ++ - week split function tests ++ ++ tests/libntp/run-calendar.c@1.14 +27 -17 ++ [Bug 3576] New GPS date function API ++ - regenerated ++ ++ChangeSet@1.3844.4.1, 2019-04-08 21:54:16+02:00, perlinger@ntp.org ++ [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) ++ ++ ChangeLog@1.1968.1.4 +4 -0 ++ [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) ++ ++ ntpq/ntpq-subs.c@1.128 +188 -147 ++ [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) ++ - wrap FILE I/O in functions that substitute stderr for NULL ++ - kill trailing whitespace ++ ++ChangeSet@1.3844.3.5, 2019-03-10 17:10:50-07:00, ntpreleng@ntp-bk2git.tal1.ntfo.org ++ author updates ++ ++ BitKeeper/etc/authors.txt@1.2 +4 -0 ++ author updates ++ ++ChangeSet@1.3844.3.4, 2019-03-10 17:04:30-07:00, ntpreleng@ntp-bk2git.tal1.ntfo.org ++ author updates ++ ++ BitKeeper/etc/Authors/Amidamaru.txt@1.1 +1 -0 ++ BitKeeper file BitKeeper/etc/Authors/Amidamaru.txt ++ ++ BitKeeper/etc/Authors/Amidamaru.txt@1.0 +0 -0 ++ ++ BitKeeper/etc/Authors/Brian.txt@1.1 +1 -0 ++ BitKeeper file BitKeeper/etc/Authors/Brian.txt ++ ++ BitKeeper/etc/Authors/Brian.txt@1.0 +0 -0 ++ ++ BitKeeper/etc/Authors/brian.txt@1.1 +1 -0 ++ BitKeeper file BitKeeper/etc/Authors/brian.txt ++ ++ BitKeeper/etc/Authors/brian.txt@1.0 +0 -0 ++ ++ BitKeeper/etc/Authors/bwi.txt@1.1 +1 -0 ++ BitKeeper file BitKeeper/etc/Authors/bwi.txt ++ ++ BitKeeper/etc/Authors/bwi.txt@1.0 +0 -0 ++ ++ChangeSet@1.3844.3.3, 2019-03-10 17:03:40-07:00, ntpreleng@ntp-bk2git.tal1.ntfo.org ++ author updates ++ ++ BitKeeper/etc/Authors/a115350.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/abe.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/amidamaru.txt@1.2 +1 -2 ++ ++ BitKeeper/etc/Authors/bkorb.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/blk.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/blu.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/bruckman.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/burnicki.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/claas.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/clemens.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/cov-build.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/cprice.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/davehart.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/dietrich.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/dunlop.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/fernandoph.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/fredb.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/gerstung.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/ginsbach.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/gnu.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/gopal.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/gunturu.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/harlan.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/harlanst.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/hart.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/hilbrecht.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/hstenn.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/jhay.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/jnperlin.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/kamboj.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/kardel.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/karlsson.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/kuehn.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/linus.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/loki.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/martin.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/matthias.andree.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/mayer.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/mbrett.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/murray.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/neal.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/paul.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/peda.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/perlinger.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/phk.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/rayvt.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/rick.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/ro.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/root.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/skamboj.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/stenn.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/tflendrich.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/tomek.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/utterback.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/venu.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/viperus.txt@1.2 +1 -1 ++ ++ BitKeeper/etc/Authors/wink.txt@1.2 +1 -1 ++ ++ChangeSet@1.3827.17.1, 2019-03-08 22:53:29-08:00, ntpreleng@ntp-build.tal1.ntfo.org ++ Use hostname builddirs at NTF ++ ++ build@1.49.2.1 +1 -1 ++ Use hostname builddirs at NTF ++ ++ChangeSet@1.3844.3.1, 2019-03-07 11:59:40+00:00, stenn@psp-deb1.ntp.org ++ NTP_4_2_8P13 ++ TAG: NTP_4_2_8P13 (currently on 1.3894) ++ ++ ChangeLog@1.1968.1.3 +4 -1 ++ ntp-4.2.8p13 ++ ++ NEWS@1.197.1.1 +54 -2 ++ ntp-4.2.8p13 ++ ++ build@1.49.1.1 +1 -1 ++ ntp-4.2.8p13 ++ ++ ntpd/invoke-ntp.conf.texi@1.218 +1 -1 ++ ntp-4.2.8p13 ++ ++ ntpd/invoke-ntp.keys.texi@1.203 +1 -1 ++ ntp-4.2.8p13 ++ ++ ntpd/invoke-ntpd.texi@1.517 +4 -4 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.conf.5man@1.252 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.conf.5mdoc@1.252 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.conf.html@1.201 +1680 -1266 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.conf.man.in@1.252 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.conf.mdoc.in@1.252 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.keys.5man@1.237 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.keys.5mdoc@1.237 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.keys.html@1.200 +167 -116 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.keys.man.in@1.237 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp.keys.mdoc.in@1.237 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpd/ntp_control.c@1.232.2.1 +17 -9 ++ ntp-4.2.8p13 ++ ++ ntpd/ntpd-opts.c@1.539 +8 -8 ++ ntp-4.2.8p13 ++ ++ ntpd/ntpd-opts.h@1.538 +5 -5 ++ ntp-4.2.8p13 ++ ++ ntpd/ntpd.1ntpdman@1.346 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpd/ntpd.1ntpdmdoc@1.346 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpd/ntpd.html@1.192 +758 -677 ++ ntp-4.2.8p13 ++ ++ ntpd/ntpd.man.in@1.346 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpd/ntpd.mdoc.in@1.346 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpdc/invoke-ntpdc.texi@1.514 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpdc/ntpdc-opts.c@1.532 +8 -8 ++ ntp-4.2.8p13 ++ ++ ntpdc/ntpdc-opts.h@1.531 +5 -5 ++ ntp-4.2.8p13 ++ ++ ntpdc/ntpdc.1ntpdcman@1.345 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpdc/ntpdc.1ntpdcmdoc@1.345 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpdc/ntpdc.html@1.360 +425 -350 ++ ntp-4.2.8p13 ++ ++ ntpdc/ntpdc.man.in@1.345 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpdc/ntpdc.mdoc.in@1.345 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpq/invoke-ntpq.texi@1.524 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpq/ntpq-opts.c@1.541 +8 -8 ++ ntp-4.2.8p13 ++ ++ ntpq/ntpq-opts.h@1.539 +5 -5 ++ ntp-4.2.8p13 ++ ++ ntpq/ntpq.1ntpqman@1.352 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpq/ntpq.1ntpqmdoc@1.352 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpq/ntpq.html@1.191 +1543 -1324 ++ ntp-4.2.8p13 ++ ++ ntpq/ntpq.man.in@1.352 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpq/ntpq.mdoc.in@1.352 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpsnmpd/invoke-ntpsnmpd.texi@1.516 +10 -11 ++ ntp-4.2.8p13 ++ ++ ntpsnmpd/ntpsnmpd-opts.c@1.534 +8 -8 ++ ntp-4.2.8p13 ++ ++ ntpsnmpd/ntpsnmpd-opts.h@1.533 +5 -5 ++ ntp-4.2.8p13 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.345 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.345 +2 -2 ++ ntp-4.2.8p13 ++ ++ ntpsnmpd/ntpsnmpd.html@1.186 +95 -58 ++ ntp-4.2.8p13 ++ ++ ntpsnmpd/ntpsnmpd.man.in@1.345 +3 -3 ++ ntp-4.2.8p13 ++ ++ ntpsnmpd/ntpsnmpd.mdoc.in@1.345 +2 -2 ++ ntp-4.2.8p13 ++ ++ packageinfo.sh@1.543 +1 -1 ++ ntp-4.2.8p13 ++ ++ scripts/build/check--help@1.3.1.1 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.106 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.107 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/calc_tickadj/calc_tickadj.html@1.107 +178 -122 ++ ntp-4.2.8p13 ++ ++ scripts/calc_tickadj/calc_tickadj.man.in@1.105 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/calc_tickadj/calc_tickadj.mdoc.in@1.107 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/calc_tickadj/invoke-calc_tickadj.texi@1.110 +1 -1 ++ ntp-4.2.8p13 ++ ++ scripts/invoke-plot_summary.texi@1.128 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/invoke-summary.texi@1.127 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntp-wait/invoke-ntp-wait.texi@1.337 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntp-wait/ntp-wait-opts@1.73 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitman@1.334 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.335 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntp-wait/ntp-wait.html@1.356 +189 -142 ++ ntp-4.2.8p13 ++ ++ scripts/ntp-wait/ntp-wait.man.in@1.334 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/ntp-wait/ntp-wait.mdoc.in@1.335 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntpsweep/invoke-ntpsweep.texi@1.125 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntpsweep/ntpsweep-opts@1.75 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepman@1.113 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.113 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntpsweep/ntpsweep.html@1.128 +196 -149 ++ ntp-4.2.8p13 ++ ++ scripts/ntpsweep/ntpsweep.man.in@1.113 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/ntpsweep/ntpsweep.mdoc.in@1.114 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntptrace/invoke-ntptrace.texi@1.126 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntptrace/ntptrace-opts@1.75 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntptrace/ntptrace.1ntptraceman@1.113 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/ntptrace/ntptrace.1ntptracemdoc@1.114 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/ntptrace/ntptrace.html@1.129 +186 -127 ++ ntp-4.2.8p13 ++ ++ scripts/ntptrace/ntptrace.man.in@1.113 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/ntptrace/ntptrace.mdoc.in@1.115 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/plot_summary-opts@1.76 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/plot_summary.1plot_summaryman@1.126 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/plot_summary.1plot_summarymdoc@1.126 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/plot_summary.html@1.131 +211 -151 ++ ntp-4.2.8p13 ++ ++ scripts/plot_summary.man.in@1.126 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/plot_summary.mdoc.in@1.126 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/summary-opts@1.75 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/summary.1summaryman@1.125 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/summary.1summarymdoc@1.125 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/summary.html@1.130 +192 -132 ++ ntp-4.2.8p13 ++ ++ scripts/summary.man.in@1.125 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/summary.mdoc.in@1.125 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/update-leap/invoke-update-leap.texi@1.26 +1 -1 ++ ntp-4.2.8p13 ++ ++ scripts/update-leap/update-leap-opts@1.26 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/update-leap/update-leap.1update-leapman@1.26 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/update-leap/update-leap.1update-leapmdoc@1.26 +2 -2 ++ ntp-4.2.8p13 ++ ++ scripts/update-leap/update-leap.html@1.28 +245 -197 ++ ntp-4.2.8p13 ++ ++ scripts/update-leap/update-leap.man.in@1.26 +3 -3 ++ ntp-4.2.8p13 ++ ++ scripts/update-leap/update-leap.mdoc.in@1.26 +2 -2 ++ ntp-4.2.8p13 ++ ++ sntp/invoke-sntp.texi@1.516 +2 -2 ++ ntp-4.2.8p13 ++ ++ sntp/libopts/autoopts/options.h@1.30.1.1 +1 -1 ++ ntp-4.2.8p13 ++ ++ sntp/libopts/genshell.h@1.30.1.1 +1 -1 ++ ntp-4.2.8p13 ++ ++ sntp/sntp-opts.c@1.535 +8 -8 ++ ntp-4.2.8p13 ++ ++ sntp/sntp-opts.h@1.533 +5 -5 ++ ntp-4.2.8p13 ++ ++ sntp/sntp.1sntpman@1.351 +3 -3 ++ ntp-4.2.8p13 ++ ++ sntp/sntp.1sntpmdoc@1.351 +2 -2 ++ ntp-4.2.8p13 ++ ++ sntp/sntp.html@1.532 +493 -415 ++ ntp-4.2.8p13 ++ ++ sntp/sntp.man.in@1.351 +3 -3 ++ ntp-4.2.8p13 ++ ++ sntp/sntp.mdoc.in@1.351 +2 -2 ++ ntp-4.2.8p13 ++ ++ util/invoke-ntp-keygen.texi@1.519 +2 -2 ++ ntp-4.2.8p13 ++ ++ util/ntp-keygen-opts.c@1.537 +8 -8 ++ ntp-4.2.8p13 ++ ++ util/ntp-keygen-opts.h@1.535 +5 -5 ++ ntp-4.2.8p13 ++ ++ util/ntp-keygen.1ntp-keygenman@1.347 +3 -3 ++ ntp-4.2.8p13 ++ ++ util/ntp-keygen.1ntp-keygenmdoc@1.347 +2 -2 ++ ntp-4.2.8p13 ++ ++ util/ntp-keygen.html@1.192 +1184 -1025 ++ ntp-4.2.8p13 ++ ++ util/ntp-keygen.man.in@1.347 +3 -3 ++ ntp-4.2.8p13 ++ ++ util/ntp-keygen.mdoc.in@1.347 +2 -2 ++ ntp-4.2.8p13 ++ ++ChangeSet@1.3844.1.5, 2019-02-20 17:13:36-08:00, harlan@ntp-build.tal1.ntfo.org + Update NEWS file + + NEWS@1.200 +3 -0 + Update NEWS file + +-ChangeSet@1.3848, 2019-02-20 09:44:58-08:00, harlan@ntp-build.tal1.ntfo.org ++ChangeSet@1.3844.1.4, 2019-02-20 09:44:58-08:00, harlan@ntp-build.tal1.ntfo.org + build system cleanups + + build@1.50 +1 -1 +@@ -19,7 +3074,7 @@ + sntp/libopts/genshell.h@1.31 +1 -1 + build system cleanups + +-ChangeSet@1.3847, 2019-02-18 22:26:26-08:00, harlan@ntp-build.tal1.ntfo.org ++ChangeSet@1.3844.1.3, 2019-02-18 22:26:26-08:00, harlan@ntp-build.tal1.ntfo.org + ChangeLog and NEWS description cleanups + + ChangeLog@1.1971 +4 -4 +@@ -28,19 +3083,19 @@ + NEWS@1.199 +4 -2 + ChangeLog and NEWS description cleanups + +-ChangeSet@1.3844.1.4, 2019-02-18 20:10:25-08:00, harlan@ntp-build.tal1.ntfo.org ++ChangeSet@1.3844.2.4, 2019-02-18 20:10:25-08:00, harlan@ntp-build.tal1.ntfo.org + NEWS file update + + NEWS@1.198 +49 -2 + NEWS file update + +-ChangeSet@1.3844.1.3, 2019-02-16 07:36:50+00:00, stenn@stenn.ntp.org ++ChangeSet@1.3844.2.3, 2019-02-16 07:36:50+00:00, stenn@stenn.ntp.org + Improve messages around signalled IO handling in configure + + sntp/m4/ntp_libntp.m4@1.38 +5 -0 + Improve messages around signalled IO handling in configure + +-ChangeSet@1.3844.1.2, 2019-02-15 13:27:05+00:00, stenn@stenn.ntp.org ++ChangeSet@1.3844.2.2, 2019-02-15 13:27:05+00:00, stenn@stenn.ntp.org + Implement --disable-signalled-io + + ChangeLog@1.1968.1.2 +1 -0 +@@ -49,21 +3104,74 @@ + sntp/m4/ntp_libntp.m4@1.37 +22 -2 + Implement --disable-signalled-io + +-ChangeSet@1.3844.1.1, 2019-01-17 04:16:52+00:00, stenn@psp-deb1.ntp.org ++ChangeSet@1.3827.16.1, 2019-02-04 07:51:23+01:00, perlinger@ntp.org ++ [Bug 3570] NMEA driver docs: talker ID not mentioned, typo ++ ++ ChangeLog@1.1952.16.1 +3 -0 ++ [Bug 3570] NMEA driver docs: talker ID not mentioned, typo ++ ++ html/drivers/driver20.html@1.30 +94 -48 ++ [Bug 3570] NMEA driver docs: talker ID not mentioned, typo ++ ++ChangeSet@1.3848, 2019-01-27 11:26:02+01:00, perlinger@ntp.org ++ [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' ++ Changelog + assigned bug number ++ ++ ChangeLog@1.1968.2.1 +2 -0 ++ [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' ++ ++ChangeSet@1.3847, 2019-01-27 10:19:08+01:00, perlinger@ntp.org ++ ntpdate: fix service resolution if 'ntp' is not in '/etc/services' ++ ++ ntpdate/ntpdate.c@1.103 +10 -1 ++ ntpdate: fix service resolution if 'ntp' is not in '/etc/services' ++ ++ChangeSet@1.3844.2.1, 2019-01-17 04:16:52+00:00, stenn@psp-deb1.ntp.org + Cleanup + + ChangeLog@1.1968.1.1 +0 -1 + Cleanup + +-ChangeSet@1.3845, 2019-01-16 21:42:59+01:00, perlinger@ntp.org ++ChangeSet@1.3844.1.1, 2019-01-16 21:42:59+01:00, perlinger@ntp.org + [Sec 3565] null pointer crash by remote attack + + ChangeLog@1.1969 +3 -0 + [Sec 3565] null pointer crash by remote attack + +- ntpd/ntp_control.c@1.233 +17 -9 ++ ntpd/ntp_control.c@1.232.1.1 +17 -9 + [Sec 3565] null pointer crash by remote attack + ++ChangeSet@1.3846, 2019-01-06 10:58:40+01:00, perlinger@ntp.org ++ 'struct timex' suppoert -- cleanup ++ ++ libntp/timexsup.c@1.2 +1 -1 ++ 'struct timex' suppoert -- cleanup ++ ++ ntpd/ntp_control.c@1.233 +9 -14 ++ 'struct timex' suppoert -- cleanup ++ ++ util/ntptime.c@1.29 +39 -44 ++ 'struct timex' suppoert -- cleanup ++ ++ChangeSet@1.3845, 2019-01-03 23:58:11+01:00, perlinger@ntp.org ++ refactor 'struct timex' access (MOD_NANO/STA_NANO) ++ ++ include/timexsup.h@1.1 +42 -0 ++ refactor 'struct timex' access (MOD_NANO/STA_NANO) ++ ++ include/timexsup.h@1.0 +0 -0 ++ ++ libntp/Makefile.am@1.83 +1 -0 ++ refactor 'struct timex' access (MOD_NANO/STA_NANO) ++ ++ libntp/timexsup.c@1.1 +83 -0 ++ refactor 'struct timex' access (MOD_NANO/STA_NANO) ++ ++ libntp/timexsup.c@1.0 +0 -0 ++ ++ ntpd/ntp_loopfilter.c@1.193 +10 -25 ++ refactor 'struct timex' access (MOD_NANO/STA_NANO) ++ + ChangeSet@1.3827.1.2, 2018-12-15 13:25:25+00:00, stenn@psp-deb1.ntp.org + bug3527 fixes + +@@ -154107,6 +157215,9 @@ + sntp/sntp-opts.texi@1.46.26.2 +1 -1 + NTP_4_2_4P8 + ++ sntp/sntp.1@1.49.26.2 +2 -2 ++ NTP_4_2_4P8 ++ + util/ntp-keygen-opts.c@1.49.26.2 +2 -2 + NTP_4_2_4P8 + +@@ -154186,6 +157297,9 @@ + sntp/sntp-opts.texi@1.46.26.1 +54 -2 + NTP_4_2_4P9_RC1 + ++ sntp/sntp.1@1.49.26.1 +2 -2 ++ NTP_4_2_4P9_RC1 ++ + util/ntp-keygen-opts.c@1.49.26.1 +5 -5 + NTP_4_2_4P9_RC1 + +@@ -171117,6 +174231,9 @@ + sntp/sntp-opts.texi@1.46.25.1 +1 -1 + NTP_4_2_4P7 + ++ sntp/sntp.1@1.49.25.1 +2 -2 ++ NTP_4_2_4P7 ++ + util/ntp-keygen-opts.c@1.49.25.1 +4 -4 + NTP_4_2_4P7 + +@@ -171482,6 +174599,9 @@ + sntp/sntp-opts.texi@1.46.24.1 +1 -1 + NTP_4_2_4P7_RC7 + ++ sntp/sntp.1@1.49.24.1 +3 -3 ++ NTP_4_2_4P7_RC7 ++ + util/ntp-keygen-opts.c@1.49.24.1 +3 -3 + NTP_4_2_4P7_RC7 + +@@ -171955,6 +175075,9 @@ + sntp/sntp-opts.texi@1.46.23.1 +1 -1 + NTP_4_2_4P7_RC6 + ++ sntp/sntp.1@1.49.23.1 +2 -2 ++ NTP_4_2_4P7_RC6 ++ + util/ntp-keygen-opts.c@1.49.23.1 +2 -2 + NTP_4_2_4P7_RC6 + +@@ -172668,6 +175791,9 @@ + sntp/sntp-opts.texi@1.46.22.1 +1 -1 + NTP_4_2_4P7_RC5 + ++ sntp/sntp.1@1.49.22.1 +2 -2 ++ NTP_4_2_4P7_RC5 ++ + util/ntp-keygen-opts.c@1.49.22.1 +2 -2 + NTP_4_2_4P7_RC5 + +@@ -173065,6 +176191,9 @@ + sntp/sntp-opts.texi@1.46.21.1 +1 -1 + NTP_4_2_4P7_RC4 + ++ sntp/sntp.1@1.49.21.1 +2 -2 ++ NTP_4_2_4P7_RC4 ++ + util/ntp-keygen-opts.c@1.49.21.1 +2 -2 + NTP_4_2_4P7_RC4 + +@@ -174075,6 +177204,9 @@ + sntp/sntp-opts.texi@1.46.20.1 +1 -1 + NTP_4_2_4P7_RC3 + ++ sntp/sntp.1@1.49.20.1 +2 -2 ++ NTP_4_2_4P7_RC3 ++ + util/ntp-keygen-opts.c@1.49.20.1 +2 -2 + NTP_4_2_4P7_RC3 + +@@ -174696,6 +177828,9 @@ + sntp/sntp-opts.texi@1.46.19.1 +1 -1 + NTP_4_2_4P7_RC2 + ++ sntp/sntp.1@1.49.19.1 +2 -2 ++ NTP_4_2_4P7_RC2 ++ + util/ntp-keygen-opts.c@1.49.19.1 +2 -2 + NTP_4_2_4P7_RC2 + +@@ -175235,6 +178370,9 @@ + sntp/sntp-opts.texi@1.46.18.1 +1 -1 + NTP_4_2_4P7_RC1 + ++ sntp/sntp.1@1.49.18.1 +2 -2 ++ NTP_4_2_4P7_RC1 ++ + util/ntp-keygen-opts.c@1.49.18.1 +2 -2 + NTP_4_2_4P7_RC1 + +@@ -176569,6 +179707,9 @@ + sntp/sntp-opts.texi@1.46.17.2 +1 -1 + NTP_4_2_4P6 + ++ sntp/sntp.1@1.49.17.2 +2 -2 ++ NTP_4_2_4P6 ++ + util/ntp-keygen-opts.c@1.49.17.2 +2 -2 + NTP_4_2_4P6 + +@@ -176648,6 +179789,9 @@ + sntp/sntp-opts.texi@1.46.17.1 +1 -1 + NTP_4_2_4P5 + ++ sntp/sntp.1@1.49.17.1 +2 -2 ++ NTP_4_2_4P5 ++ + util/ntp-keygen-opts.c@1.49.17.1 +1 -1 + NTP_4_2_4P5 + +@@ -179900,6 +183044,9 @@ + ChangeSet@1.1759, 2008-08-22 21:27:59-04:00, stenn@pogo.udel.edu + remove bogus .o file + ++ BitKeeper/deleted/.del-utilities.o@1.2 +0 -0 ++ Delete: gsoc_sntp/utilities.o ++ + ChangeSet@1.1735.1.29, 2008-08-21 05:05:19+00:00, gopal@pogo.udel.edu + driver20.html: + [BUG 610] Documentation update for NMEA reference clock driver. +@@ -180178,6 +183325,9 @@ + sntp/sntp-opts.texi@1.46.16.1 +1 -1 + NTP_4_2_4P5 + ++ sntp/sntp.1@1.49.16.1 +2 -2 ++ NTP_4_2_4P5 ++ + util/ntp-keygen-opts.c@1.49.16.1 +2 -2 + NTP_4_2_4P5 + +@@ -180299,6 +183449,11 @@ + + gsoc_sntp/utilities.h@1.0 +0 -0 + ++ gsoc_sntp/utilities.o@1.1 +177 -0 ++ BitKeeper file /geom_mobile/home/Amidamaru/projects/sntp/repo/ntp-dev/gsoc_sntp/utilities.o ++ ++ gsoc_sntp/utilities.o@1.0 +0 -0 ++ + ChangeSet@1.1436.1.105, 2008-08-10 21:56:17-04:00, clemens@pogo.udel.edu + BUG[1052] Minor reordering of previous patch to make it more robust. + +@@ -180456,6 +183611,9 @@ + sntp/sntp-opts.texi@1.46.15.1 +2 -3 + NTP_4_2_4P5_RC2 + ++ sntp/sntp.1@1.49.15.1 +3 -3 ++ NTP_4_2_4P5_RC2 ++ + util/ntp-keygen-opts.c@1.49.15.1 +2 -2 + NTP_4_2_4P5_RC2 + +@@ -181916,6 +185074,9 @@ + sntp/sntp-opts.texi@1.46.14.1 +1 -1 + NTP_4_2_4P5_RC1 + ++ sntp/sntp.1@1.49.14.1 +2 -2 ++ NTP_4_2_4P5_RC1 ++ + util/ntp-keygen-opts.c@1.49.14.1 +6 -7 + NTP_4_2_4P5_RC1 + +@@ -187174,6 +190335,9 @@ + sntp/sntp-opts.texi@1.46.13.1 +1 -1 + NTP_4_2_4P4 + ++ sntp/sntp.1@1.49.13.1 +2 -2 ++ NTP_4_2_4P4 ++ + util/ntp-keygen-opts.c@1.49.13.1 +2 -2 + NTP_4_2_4P4 + +@@ -187480,6 +190644,9 @@ + sntp/sntp-opts.texi@1.46.12.1 +1 -1 + NTP_4_2_4P4_RC2 + ++ sntp/sntp.1@1.49.12.1 +2 -2 ++ NTP_4_2_4P4_RC2 ++ + util/ntp-keygen-opts.c@1.49.12.1 +4 -4 + NTP_4_2_4P4_RC2 + +@@ -187867,6 +191034,9 @@ + sntp/sntp-opts.texi@1.46.11.1 +1 -1 + NTP_4_2_4P4_RC1 + ++ sntp/sntp.1@1.49.11.1 +2 -2 ++ NTP_4_2_4P4_RC1 ++ + util/ntp-keygen-opts.c@1.49.11.1 +2 -2 + NTP_4_2_4P4_RC1 + +@@ -189214,6 +192384,9 @@ + sntp/sntp-opts.texi@1.46.10.1 +1 -1 + NTP_4_2_4P3 + ++ sntp/sntp.1@1.49.10.1 +2 -2 ++ NTP_4_2_4P3 ++ + util/ntp-keygen-opts.c@1.49.10.1 +2 -2 + NTP_4_2_4P3 + +@@ -189463,6 +192636,9 @@ + sntp/sntp-opts.texi@1.46.9.1 +1 -1 + NTP_4_2_4P3_RC1 + ++ sntp/sntp.1@1.49.9.1 +2 -2 ++ NTP_4_2_4P3_RC1 ++ + util/ntp-keygen-opts.c@1.49.9.1 +2 -2 + NTP_4_2_4P3_RC1 + +@@ -189958,6 +193134,9 @@ + sntp/sntp-opts.texi@1.46.8.1 +1 -1 + NTP_4_2_4P2 + ++ sntp/sntp.1@1.49.8.1 +2 -2 ++ NTP_4_2_4P2 ++ + util/ntp-keygen-opts.c@1.49.8.1 +2 -2 + NTP_4_2_4P2 + +@@ -190605,6 +193784,9 @@ + sntp/sntp-opts.texi@1.46.7.1 +1 -1 + NTP_4_2_4P2_RC6 + ++ sntp/sntp.1@1.49.7.1 +2 -2 ++ NTP_4_2_4P2_RC6 ++ + util/ntp-keygen-opts.c@1.49.7.1 +2 -2 + NTP_4_2_4P2_RC6 + +@@ -191359,6 +194541,9 @@ + sntp/sntp-opts.texi@1.46.6.1 +1 -1 + NTP_4_2_4P2_RC5 + ++ sntp/sntp.1@1.49.6.1 +2 -2 ++ NTP_4_2_4P2_RC5 ++ + util/ntp-keygen-opts.c@1.49.6.1 +2 -2 + NTP_4_2_4P2_RC5 + +@@ -191616,6 +194801,9 @@ + sntp/sntp-opts.texi@1.46.5.1 +1 -1 + NTP_4_2_4P2_RC4 + ++ sntp/sntp.1@1.49.5.1 +2 -2 ++ NTP_4_2_4P2_RC4 ++ + util/ntp-keygen-opts.c@1.49.5.1 +2 -2 + NTP_4_2_4P2_RC4 + +@@ -191826,6 +195014,9 @@ + sntp/sntp-opts.texi@1.46.4.1 +1 -1 + NTP_4_2_4P2_RC3 + ++ sntp/sntp.1@1.49.4.1 +2 -2 ++ NTP_4_2_4P2_RC3 ++ + util/ntp-keygen-opts.c@1.49.4.1 +2 -2 + NTP_4_2_4P2_RC3 + +@@ -192152,6 +195343,9 @@ + sntp/sntp-opts.texi@1.46.3.2 +1 -1 + NTP_4_2_4P2_RC2 + ++ sntp/sntp.1@1.49.3.2 +2 -2 ++ NTP_4_2_4P2_RC2 ++ + util/ntp-keygen-opts.c@1.49.3.2 +4 -4 + NTP_4_2_4P2_RC2 + +@@ -192895,6 +196089,9 @@ + sntp/sntp-opts.texi@1.46.3.1 +1 -1 + We need to use the upgraded autogen/libopts in -stable too. + ++ sntp/sntp.1@1.49.3.1 +2 -2 ++ We need to use the upgraded autogen/libopts in -stable too. ++ + util/ntp-keygen-opts.c@1.49.3.1 +23 -14 + We need to use the upgraded autogen/libopts in -stable too. + +@@ -194949,6 +198146,9 @@ + sntp/sntp-opts.texi@1.46.2.2 +1 -1 + NTP_4_2_4P2_RC1 + ++ sntp/sntp.1@1.49.2.2 +2 -2 ++ NTP_4_2_4P2_RC1 ++ + util/ntp-keygen-opts.c@1.49.2.3 +2 -2 + NTP_4_2_4P2_RC1 + +@@ -195034,6 +198234,9 @@ + sntp/sntp-opts.texi@1.46.2.1 +1 -1 + NTP_4_2_4P1_RC1 + ++ sntp/sntp.1@1.49.2.1 +2 -2 ++ NTP_4_2_4P1_RC1 ++ + util/ntp-keygen-opts.c@1.49.2.2 +2 -2 + NTP_4_2_4P1_RC1 + +@@ -197194,6 +200397,9 @@ + sntp/sntp-opts.texi@1.46.1.6 +1 -1 + NTP_4_2_4P0 + ++ sntp/sntp.1@1.49.1.6 +2 -2 ++ NTP_4_2_4P0 ++ + util/ntp-keygen-opts.c@1.49.1.6 +2 -2 + NTP_4_2_4P0 + +@@ -197363,6 +200569,9 @@ + BitKeeper/deleted/.del-sntp-opts.texi@1.68 +0 -0 + Delete: sntp/sntp-opts.texi + ++ BitKeeper/deleted/.del-sntp.1@1.71 +0 -0 ++ Delete: sntp/sntp.1 ++ + ntpd/ntpd-opts.c@1.1 +1055 -0 + BitKeeper file /deacon/backroom/ntp-dev/ntpd/ntpd-opts.c + +@@ -197556,6 +200765,9 @@ + sntp/sntp-opts.texi@1.66 +1 -1 + NTP_4_2_5P15 + ++ sntp/sntp.1@1.69 +2 -2 ++ NTP_4_2_5P15 ++ + util/ntp-keygen-opts.c@1.69 +2 -2 + NTP_4_2_5P15 + +@@ -197645,6 +200857,9 @@ + sntp/sntp-opts.texi@1.65 +1 -1 + NTP_4_2_5P14 + ++ sntp/sntp.1@1.68 +2 -2 ++ NTP_4_2_5P14 ++ + util/ntp-keygen-opts.c@1.68 +2 -2 + NTP_4_2_5P14 + +@@ -197738,6 +200953,9 @@ + sntp/sntp-opts.texi@1.64 +1 -1 + NTP_4_2_5P13 + ++ sntp/sntp.1@1.67 +2 -2 ++ NTP_4_2_5P13 ++ + util/ntp-keygen-opts.c@1.67 +2 -2 + NTP_4_2_5P13 + +@@ -197830,6 +201048,9 @@ + sntp/sntp-opts.texi@1.63 +1 -1 + NTP_4_2_5P12 + ++ sntp/sntp.1@1.66 +2 -2 ++ NTP_4_2_5P12 ++ + util/ntp-keygen-opts.c@1.66 +2 -2 + NTP_4_2_5P12 + +@@ -197906,6 +201127,9 @@ + sntp/sntp-opts.texi@1.46.1.5 +1 -1 + NTP_4_2_4P0_RC5 + ++ sntp/sntp.1@1.49.1.5 +2 -2 ++ NTP_4_2_4P0_RC5 ++ + util/ntp-keygen-opts.c@1.49.1.5 +2 -2 + NTP_4_2_4P0_RC5 + +@@ -197994,6 +201218,9 @@ + sntp/sntp-opts.texi@1.62 +1 -1 + NTP_4_2_5P11 + ++ sntp/sntp.1@1.65 +2 -2 ++ NTP_4_2_5P11 ++ + util/ntp-keygen-opts.c@1.65 +2 -2 + NTP_4_2_5P11 + +@@ -198085,6 +201312,9 @@ + sntp/sntp-opts.texi@1.61 +1 -1 + NTP_4_2_5P10 + ++ sntp/sntp.1@1.64 +2 -2 ++ NTP_4_2_5P10 ++ + util/ntp-keygen-opts.c@1.64 +2 -2 + NTP_4_2_5P10 + +@@ -198167,6 +201397,9 @@ + sntp/sntp-opts.texi@1.59 +1 -1 + NTP_4_2_5P9 + ++ sntp/sntp.1@1.62 +2 -2 ++ NTP_4_2_5P9 ++ + util/ntp-keygen-opts.c@1.62 +2 -2 + NTP_4_2_5P9 + +@@ -198243,6 +201476,9 @@ + sntp/sntp-opts.texi@1.46.1.4 +1 -1 + NTP_4_2_4P0_RC4 + ++ sntp/sntp.1@1.49.1.4 +2 -2 ++ NTP_4_2_4P0_RC4 ++ + util/ntp-keygen-opts.c@1.49.1.4 +2 -2 + NTP_4_2_4P0_RC4 + +@@ -198352,6 +201588,9 @@ + sntp/sntp-opts.texi@1.57 +1 -1 + NTP_4_2_5P8 + ++ sntp/sntp.1@1.60 +2 -2 ++ NTP_4_2_5P8 ++ + util/ntp-keygen-opts.c@1.60 +2 -2 + NTP_4_2_5P8 + +@@ -198437,6 +201676,9 @@ + sntp/sntp-opts.texi@1.56 +1 -1 + NTP_4_2_5P7 + ++ sntp/sntp.1@1.59 +2 -2 ++ NTP_4_2_5P7 ++ + util/ntp-keygen-opts.c@1.59 +2 -2 + NTP_4_2_5P7 + +@@ -198537,6 +201779,9 @@ + sntp/sntp-opts.texi@1.55 +1 -1 + NTP_4_2_5P6 + ++ sntp/sntp.1@1.58 +2 -2 ++ NTP_4_2_5P6 ++ + util/ntp-keygen-opts.c@1.58 +2 -2 + NTP_4_2_5P6 + +@@ -198613,6 +201858,9 @@ + sntp/sntp-opts.texi@1.46.1.3 +1 -1 + NTP_4_2_4_RC3 + ++ sntp/sntp.1@1.49.1.3 +2 -2 ++ NTP_4_2_4_RC3 ++ + util/ntp-keygen-opts.c@1.49.1.3 +2 -2 + NTP_4_2_4_RC3 + +@@ -198758,6 +202006,9 @@ + sntp/sntp-opts.texi@1.53 +1 -1 + NTP_4_2_5P5 + ++ sntp/sntp.1@1.56 +2 -2 ++ NTP_4_2_5P5 ++ + util/ntp-keygen-opts.c@1.56 +2 -2 + NTP_4_2_5P5 + +@@ -198840,6 +202091,9 @@ + sntp/sntp-opts.texi@1.52 +1 -1 + NTP_4_2_5P4 + ++ sntp/sntp.1@1.55 +2 -2 ++ NTP_4_2_5P4 ++ + util/ntp-keygen-opts.c@1.55 +2 -2 + NTP_4_2_5P4 + +@@ -198916,6 +202170,9 @@ + sntp/sntp-opts.texi@1.46.1.2 +1 -1 + NTP_4_2_4_RC2 + ++ sntp/sntp.1@1.49.1.2 +2 -2 ++ NTP_4_2_4_RC2 ++ + util/ntp-keygen-opts.c@1.49.1.2 +2 -2 + NTP_4_2_4_RC2 + +@@ -199061,6 +202318,9 @@ + sntp/sntp-opts.texi@1.51 +1 -1 + NTP_4_2_5P3 + ++ sntp/sntp.1@1.54 +2 -2 ++ NTP_4_2_5P3 ++ + util/ntp-keygen-opts.c@1.54 +2 -2 + NTP_4_2_5P3 + +@@ -199143,6 +202403,9 @@ + sntp/sntp-opts.texi@1.46.1.1 +1 -1 + NTP_4_2_4_RC1 + ++ sntp/sntp.1@1.49.1.1 +2 -2 ++ NTP_4_2_4_RC1 ++ + util/ntp-keygen-opts.c@1.49.1.1 +2 -2 + NTP_4_2_4_RC1 + +@@ -199372,6 +202635,9 @@ + sntp/sntp-opts.texi@1.49 +1 -1 + NTP_4_2_5P2 + ++ sntp/sntp.1@1.52 +2 -2 ++ NTP_4_2_5P2 ++ + util/ntp-keygen-opts.c@1.52 +2 -2 + NTP_4_2_5P2 + +@@ -199489,6 +202755,9 @@ + sntp/sntp-opts.texi@1.48 +1 -1 + NTP_4_2_5P1 + ++ sntp/sntp.1@1.51 +2 -2 ++ NTP_4_2_5P1 ++ + util/ntp-keygen-opts.c@1.51 +2 -2 + NTP_4_2_5P1 + +@@ -200120,6 +203389,9 @@ + sntp/sntp-opts.texi@1.45.1.2 +1 -1 + NTP_4_2_5P0 + ++ sntp/sntp.1@1.48.1.2 +2 -2 ++ NTP_4_2_5P0 ++ + util/ntp-keygen-opts.c@1.48.1.2 +2 -2 + NTP_4_2_5P0 + +@@ -200229,6 +203501,9 @@ + sntp/sntp-opts.texi@1.45.1.1 +1 -1 + NTP_4_2_5 + ++ sntp/sntp.1@1.48.1.1 +2 -2 ++ NTP_4_2_5 ++ + util/ntp-keygen-opts.c@1.48.1.1 +2 -2 + NTP_4_2_5 + +@@ -200305,6 +203580,9 @@ + sntp/sntp-opts.texi@1.46 +1 -1 + NTP_4_2_4 + ++ sntp/sntp.1@1.49 +2 -2 ++ NTP_4_2_4 ++ + util/ntp-keygen-opts.c@1.49 +2 -2 + NTP_4_2_4 + +@@ -200483,6 +203761,9 @@ + sntp/sntp-opts.texi@1.45 +1 -1 + NTP_4_2_3P70_RC + ++ sntp/sntp.1@1.48 +2 -2 ++ NTP_4_2_3P70_RC ++ + util/ntp-keygen-opts.c@1.48 +2 -2 + NTP_4_2_3P70_RC + +@@ -200568,6 +203849,9 @@ + sntp/sntp-opts.texi@1.44 +9 -1 + NTP_4_2_3P69_RC + ++ sntp/sntp.1@1.47 +8 -64 ++ NTP_4_2_3P69_RC ++ + util/ntp-keygen-opts.c@1.47 +2 -2 + NTP_4_2_3P69_RC + +@@ -200659,6 +203943,9 @@ + sntp/sntp-opts.texi@1.43 +1 -1 + NTP_4_2_3P68_RC + ++ sntp/sntp.1@1.46 +2 -2 ++ NTP_4_2_3P68_RC ++ + util/ntp-keygen-opts.c@1.46 +2 -2 + NTP_4_2_3P68_RC + +@@ -200753,6 +204040,9 @@ + sntp/sntp-opts.texi@1.42 +1 -1 + NTP_4_2_3P67_RC + ++ sntp/sntp.1@1.45 +2 -2 ++ NTP_4_2_3P67_RC ++ + util/ntp-keygen-opts.c@1.45 +2 -2 + NTP_4_2_3P67_RC + +@@ -200850,6 +204140,9 @@ + sntp/sntp-opts.texi@1.41 +1 -1 + NTP_4_2_3P66_RC + ++ sntp/sntp.1@1.44 +2 -2 ++ NTP_4_2_3P66_RC ++ + util/ntp-keygen-opts.c@1.44 +2 -2 + NTP_4_2_3P66_RC + +@@ -200944,6 +204237,9 @@ + sntp/sntp-opts.texi@1.40 +1 -1 + NTP_4_2_3P65_RC + ++ sntp/sntp.1@1.43 +2 -2 ++ NTP_4_2_3P65_RC ++ + util/ntp-keygen-opts.c@1.43 +2 -2 + NTP_4_2_3P65_RC + +@@ -201032,6 +204328,9 @@ + sntp/sntp-opts.texi@1.39 +1 -1 + NTP_4_2_3P64_RC + ++ sntp/sntp.1@1.42 +2 -2 ++ NTP_4_2_3P64_RC ++ + util/ntp-keygen-opts.c@1.42 +2 -2 + NTP_4_2_3P64_RC + +@@ -201124,6 +204423,9 @@ + sntp/sntp-opts.texi@1.38 +1 -1 + NTP_4_2_3P63_RC + ++ sntp/sntp.1@1.41 +2 -2 ++ NTP_4_2_3P63_RC ++ + util/ntp-keygen-opts.c@1.41 +2 -2 + NTP_4_2_3P63_RC + +@@ -201233,6 +204535,9 @@ + sntp/sntp-opts.texi@1.37 +1 -1 + NTP_4_2_3P62_RC + ++ sntp/sntp.1@1.40 +2 -2 ++ NTP_4_2_3P62_RC ++ + util/ntp-keygen-opts.c@1.40 +2 -2 + NTP_4_2_3P62_RC + +@@ -201324,6 +204629,9 @@ + sntp/sntp-opts.texi@1.36 +1 -1 + NTP_4_2_3P61_RC + ++ sntp/sntp.1@1.39 +2 -2 ++ NTP_4_2_3P61_RC ++ + util/ntp-keygen-opts.c@1.39 +2 -2 + NTP_4_2_3P61_RC + +@@ -201409,6 +204717,9 @@ + sntp/sntp-opts.texi@1.35 +1 -1 + NTP_4_2_3P60_RC + ++ sntp/sntp.1@1.38 +2 -2 ++ NTP_4_2_3P60_RC ++ + util/ntp-keygen-opts.c@1.38 +2 -2 + NTP_4_2_3P60_RC + +@@ -201504,6 +204815,9 @@ + sntp/sntp-opts.texi@1.34 +1 -1 + NTP_4_2_3P59 + ++ sntp/sntp.1@1.37 +2 -2 ++ NTP_4_2_3P59 ++ + util/ntp-keygen-opts.c@1.37 +2 -2 + NTP_4_2_3P59 + +@@ -201606,6 +204920,9 @@ + sntp/sntp-opts.texi@1.33 +1 -1 + NTP_4_2_3P58 + ++ sntp/sntp.1@1.36 +2 -2 ++ NTP_4_2_3P58 ++ + util/ntp-keygen-opts.c@1.36 +2 -2 + NTP_4_2_3P58 + +@@ -201705,6 +205022,9 @@ + sntp/sntp-opts.texi@1.32 +1 -1 + NTP_4_2_3P57 + ++ sntp/sntp.1@1.35 +2 -2 ++ NTP_4_2_3P57 ++ + util/ntp-keygen-opts.c@1.35 +4 -4 + NTP_4_2_3P57 + +@@ -202102,6 +205422,9 @@ + sntp/sntp-opts.texi@1.31 +1 -1 + NTP_4_2_3P56 + ++ sntp/sntp.1@1.34 +2 -2 ++ NTP_4_2_3P56 ++ + util/ntp-keygen-opts.c@1.32 +2 -2 + NTP_4_2_3P56 + +@@ -202196,6 +205519,9 @@ + sntp/sntp-opts.texi@1.30 +1 -1 + NTP_4_2_3P55 + ++ sntp/sntp.1@1.33 +2 -2 ++ NTP_4_2_3P55 ++ + util/ntp-keygen-opts.c@1.31 +2 -2 + NTP_4_2_3P55 + +@@ -202290,6 +205616,9 @@ + sntp/sntp-opts.texi@1.29 +1 -1 + NTP_4_2_3P54 + ++ sntp/sntp.1@1.32 +2 -2 ++ NTP_4_2_3P54 ++ + util/ntp-keygen-opts.c@1.30 +2 -2 + NTP_4_2_3P54 + +@@ -202384,6 +205713,9 @@ + sntp/sntp-opts.texi@1.28 +1 -1 + NTP_4_2_3P53 + ++ sntp/sntp.1@1.31 +2 -2 ++ NTP_4_2_3P53 ++ + util/ntp-keygen-opts.c@1.29 +2 -2 + NTP_4_2_3P53 + +@@ -202469,6 +205801,9 @@ + sntp/sntp-opts.texi@1.27 +1 -1 + NTP_4_2_3P52 + ++ sntp/sntp.1@1.30 +2 -2 ++ NTP_4_2_3P52 ++ + util/ntp-keygen-opts.c@1.28 +4 -4 + NTP_4_2_3P52 + +@@ -202749,6 +206084,9 @@ + sntp/sntp-opts.texi@1.26 +1 -1 + autogen update + ++ sntp/sntp.1@1.29 +1 -1 ++ autogen update ++ + util/ntp-keygen-opts.c@1.26 +3 -3 + autogen update + +@@ -202825,6 +206163,9 @@ + sntp/sntp-opts.texi@1.25 +1 -1 + NTP_4_2_3P51 + ++ sntp/sntp.1@1.28 +2 -2 ++ NTP_4_2_3P51 ++ + util/ntp-keygen-opts.c@1.25 +4 -4 + NTP_4_2_3P51 + +@@ -203104,6 +206445,9 @@ + sntp/sntp-opts.texi@1.24 +1 -1 + autogen upgrade + ++ sntp/sntp.1@1.27 +2 -2 ++ autogen upgrade ++ + util/ntp-keygen-opts.c@1.24 +3 -2 + autogen upgrade + +@@ -203180,6 +206524,9 @@ + sntp/sntp-opts.texi@1.23 +1 -1 + NTP_4_2_3P50 + ++ sntp/sntp.1@1.26 +2 -2 ++ NTP_4_2_3P50 ++ + util/ntp-keygen-opts.c@1.23 +43 -43 + NTP_4_2_3P50 + +@@ -203643,6 +206990,9 @@ + sntp/sntp-opts.texi@1.22 +1 -1 + NTP_4_2_3P49 + ++ sntp/sntp.1@1.25 +2 -2 ++ NTP_4_2_3P49 ++ + util/ntp-keygen-opts.c@1.22 +2 -2 + NTP_4_2_3P49 + +@@ -203737,6 +207087,9 @@ + sntp/sntp-opts.texi@1.21 +1 -1 + NTP_4_2_3P48 + ++ sntp/sntp.1@1.24 +2 -2 ++ NTP_4_2_3P48 ++ + util/ntp-keygen-opts.c@1.21 +2 -2 + NTP_4_2_3P48 + +@@ -203844,6 +207197,9 @@ + sntp/sntp-opts.texi@1.20 +1 -1 + NTP_4_2_3P47 + ++ sntp/sntp.1@1.23 +2 -2 ++ NTP_4_2_3P47 ++ + util/ntp-keygen-opts.c@1.20 +2 -2 + NTP_4_2_3P47 + +@@ -203939,6 +207295,9 @@ + sntp/sntp-opts.texi@1.19 +1 -1 + NTP_4_2_3P46 + ++ sntp/sntp.1@1.22 +2 -2 ++ NTP_4_2_3P46 ++ + util/ntp-keygen-opts.c@1.19 +2 -2 + NTP_4_2_3P46 + +@@ -204036,6 +207395,9 @@ + sntp/sntp-opts.texi@1.18 +1 -1 + NTP_4_2_3P45 + ++ sntp/sntp.1@1.21 +2 -2 ++ NTP_4_2_3P45 ++ + util/ntp-keygen-opts.c@1.18 +2 -2 + NTP_4_2_3P45 + +@@ -204134,6 +207496,9 @@ + sntp/sntp-opts.texi@1.17 +1 -1 + NTP_4_2_3P44 + ++ sntp/sntp.1@1.20 +2 -2 ++ NTP_4_2_3P44 ++ + util/ntp-keygen-opts.c@1.17 +2 -2 + NTP_4_2_3P44 + +@@ -204300,6 +207665,9 @@ + sntp/sntp-opts.texi@1.16 +1 -1 + NTP_4_2_3P43 + ++ sntp/sntp.1@1.19 +2 -2 ++ NTP_4_2_3P43 ++ + util/ntp-keygen-opts.c@1.16 +2 -2 + NTP_4_2_3P43 + +@@ -204382,6 +207750,9 @@ + sntp/sntp-opts.texi@1.15 +1 -1 + NTP_4_2_3P42 + ++ sntp/sntp.1@1.18 +2 -2 ++ NTP_4_2_3P42 ++ + util/ntp-keygen-opts.c@1.15 +2 -2 + NTP_4_2_3P42 + +@@ -204566,6 +207937,9 @@ + sntp/sntp-opts.texi@1.14 +1 -1 + NTP_4_2_3P41 + ++ sntp/sntp.1@1.17 +2 -2 ++ NTP_4_2_3P41 ++ + util/ntp-keygen-opts.c@1.14 +2 -2 + NTP_4_2_3P41 + +@@ -204696,6 +208070,9 @@ + sntp/sntp-opts.texi@1.13 +1 -1 + NTP_4_2_3P39 + ++ sntp/sntp.1@1.16 +2 -2 ++ NTP_4_2_3P39 ++ + util/ntp-keygen-opts.c@1.13 +2 -2 + NTP_4_2_3P39 + +@@ -204847,6 +208224,9 @@ + sntp/sntp-opts.texi@1.12 +1 -1 + NTP_4_2_3P38 + ++ sntp/sntp.1@1.15 +2 -2 ++ NTP_4_2_3P38 ++ + util/ntp-keygen-opts.c@1.12 +2 -2 + NTP_4_2_3P38 + +@@ -204972,6 +208352,9 @@ + sntp/sntp-opts.texi@1.11 +1 -1 + NTP_4_2_3P37 + ++ sntp/sntp.1@1.14 +2 -2 ++ NTP_4_2_3P37 ++ + util/ntp-keygen-opts.c@1.11 +2 -2 + NTP_4_2_3P37 + +@@ -205084,6 +208467,9 @@ + sntp/sntp-opts.texi@1.10 +1 -1 + NTP_4_2_3P36 + ++ sntp/sntp.1@1.13 +2 -2 ++ NTP_4_2_3P36 ++ + util/ntp-keygen-opts.c@1.10 +2 -2 + NTP_4_2_3P36 + +@@ -205167,6 +208553,9 @@ + sntp/sntp-opts.texi@1.9 +1 -1 + NTP_4_2_3P35 + ++ sntp/sntp.1@1.12 +2 -2 ++ NTP_4_2_3P35 ++ + util/ntp-keygen-opts.c@1.9 +2 -2 + NTP_4_2_3P35 + +@@ -205306,6 +208695,9 @@ + sntp/sntp-opts.texi@1.8 +1 -1 + NTP_4_2_3P34 + ++ sntp/sntp.1@1.11 +2 -2 ++ NTP_4_2_3P34 ++ + util/ntp-keygen-opts.c@1.8 +2 -2 + NTP_4_2_3P34 + +@@ -205388,6 +208780,9 @@ + sntp/sntp-opts.texi@1.7 +1 -1 + NTP_4_2_3P33 + ++ sntp/sntp.1@1.10 +2 -2 ++ NTP_4_2_3P33 ++ + util/ntp-keygen-opts.c@1.7 +2 -2 + NTP_4_2_3P33 + +@@ -205553,6 +208948,9 @@ + sntp/sntp-opts.texi@1.6 +1 -1 + run autogen after point release + ++ sntp/sntp.1@1.9 +2 -2 ++ run autogen after point release ++ + util/ntp-keygen-opts.c@1.6 +2 -2 + run autogen after point release + +@@ -205682,6 +209080,9 @@ + sntp/sntp-opts.texi@1.5 +1 -1 + regenerate autogen-erated files + ++ sntp/sntp.1@1.8 +2 -2 ++ regenerate autogen-erated files ++ + util/ntp-keygen-opts.c@1.5 +29 -4 + regenerate autogen-erated files + +@@ -205775,6 +209176,9 @@ + sntp/sntp-opts.texi@1.4 +1 -1 + NTP_4_2_3P29 + ++ sntp/sntp.1@1.7 +82 -3 ++ NTP_4_2_3P29 ++ + util/ntp-keygen-opts.c@1.4 +2 -2 + NTP_4_2_3P29 + +@@ -206267,6 +209671,12 @@ + sntp/sntp-opts.texi@1.2 +0 -0 + Change mode to -rw-r--r-- + ++ sntp/sntp.1@1.6 +129 -64 ++ autogen upgrade ++ ++ sntp/sntp.1@1.5 +0 -0 ++ Change mode to -rw-r--r-- ++ + util/ntp-keygen-opts.c@1.3 +54 -36 + autogen upgrade + +@@ -209044,7 +212454,7 @@ + [Bug 527] Lose signalled IO. + + configure.ac@1.359.1.28 +7 -2 +- [Bug 527] Lose signalled IO. ++ [Bug 527] Losed signalled IO. + + ChangeSet@1.1251.85.1, 2006-04-18 05:58:13-04:00, stenn@whimsy.udel.edu + there are 240 ntp-dev patch releases so far +@@ -210493,7 +213903,7 @@ + [Bug 516] unprotected crypto_update() call fix from Dave Mills + + ChangeSet@1.1251.67.11, 2005-10-25 20:15:47-04:00, stenn@deacon.udel.edu +- [Bug 519] Allow dynamic SSL libraries ++ [Bug 517] Allow dynamic SSL libraries + + configure.ac@1.359.1.24 +3 -2 + [Bug 519] Allow dynamic SSL libraries: also check /usr/sfw/{lib,include} +@@ -215973,7 +219383,6 @@ + + ntpdate/ntpdate.c@1.48 +2 -2 + [Bug 363] ntpdate: use -1 to represent an invalid fd +- Fix from Rainer Weikusat. + + ChangeSet@1.1251.1.27, 2004-11-21 21:33:09-05:00, stenn@whimsy.udel.edu + [Bug 349] Patches from Takao Abe +@@ -216674,6 +220083,9 @@ + sntp/main.c@1.5 +19 -115 + Lose broadcast and server modes. + ++ sntp/sntp.1@1.4 +0 -23 ++ Lose broadcast and server modes. ++ + sntp/socket.c@1.4 +6 -22 + Lose broadcast and server modes. + +@@ -217061,6 +220473,17 @@ + sntp/main.c@1.4 +8 -8 + added sntp.1 and did a little cleanup + ++ sntp/sntp.1@1.3 +25 -15 ++ added sntp.1 and did a little cleanup ++ ++ sntp/sntp.1@1.2 +0 -0 ++ Rename: sntp/msntp.1 -> sntp/sntp.1 ++ ++ sntp/msntp.1@1.1 +325 -0 ++ ++ sntp/msntp.1@1.0 +0 -0 ++ BitKeeper file /deacon/backroom/ntp-dev/sntp/msntp.1 ++ + ChangeSet@1.1202.1.15, 2004-08-23 22:08:55-04:00, stenn@www.ntp.org + make propdelay compile/link + +--- contrib/ntp/NEWS.orig ++++ contrib/ntp/NEWS +@@ -1,4 +1,112 @@ + --- ++NTP 4.2.8p14 (Harlan Stenn , 2020 Mar 03) ++ ++Focus: Security, Bug fixes, enhancements. ++ ++Severity: MEDIUM ++ ++This release fixes three vulnerabilities: a bug that causes causes an ntpd ++instance that is explicitly configured to override the default and allow ++ntpdc (mode 7) connections to be made to a server to read some uninitialized ++memory; fixes the case where an unmonitored ntpd using an unauthenticated ++association to its servers may be susceptible to a forged packet DoS attack; ++and fixes an attack against a client instance that uses a single ++unauthenticated time source. It also fixes 46 other bugs and addresses ++4 other issues. ++ ++* [Sec 3610] process_control() should bail earlier on short packets. stenn@ ++ - Reported by Philippe Antoine ++* [Sec 3596] Highly predictable timestamp attack. ++ - Reported by Miroslav Lichvar ++* [Sec 3592] DoS attack on client ntpd ++ - Reported by Miroslav Lichvar ++* [Bug 3637] Emit the version of ntpd in saveconfig. stenn@ ++* [Bug 3636] NMEA: combine time/date from multiple sentences ++* [Bug 3635] Make leapsecond file hash check optional ++* [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@ ++* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence ++ - implement Zeller's congruence in libparse and libntp ++* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap ++ - integrated patch by Cy Schubert ++* [Bug 3620] memory leak in ntpq sysinfo ++ - applied patch by Gerry Garvey ++* [Bug 3619] Honour drefid setting in cooked mode and sysinfo ++ - applied patch by Gerry Garvey ++* [Bug 3617] Add support for ACE III and Copernicus II receivers ++ - integrated patch by Richard Steedman ++* [Bug 3615] accelerate refclock startup ++* [Bug 3613] Propagate noselect to mobilized pool servers ++ - Reported by Martin Burnicki ++* [Bug 3612] Use-of-uninitialized-value in receive function ++ - Reported by Philippe Antoine ++* [Bug 3611] NMEA time interpreted incorrectly ++ - officially document new "trust date" mode bit for NMEA driver ++ - restore the (previously undocumented) "trust date" feature lost with [bug 3577] ++* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter ++ - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter' ++* [Bug 3608] libparse fails to compile on S11.4SRU13 and later ++ - removed ffs() and fls() prototypes as per Brian Utterback ++* [Bug 3604] Wrong param byte order passing into record_raw_stats() in ++ ntp_io.c ++ - fixed byte and paramter order as suggested by wei6410@sina.com ++* [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no ++* [Bug 3599] Build fails on linux-m68k due to alignment issues ++ - added padding as suggested by John Paul Adrian Glaubitz ++* [Bug 3594] ntpd discards messages coming through nmead ++* [Bug 3593] ntpd discards silently nmea messages after the 5th string ++* [Bug 3590] Update refclock_oncore.c to the new GPS date API ++* [Bug 3585] Unity tests mix buffered and unbuffered output ++ - stdout+stderr are set to line buffered during test setup now ++* [Bug 3583] synchronization error ++ - set clock to base date if system time is before that limit ++* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled ++* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) ++ - Reported by Paulo Neves ++* [Bug 3577] Update refclock_zyfer.c to the new GPS date API ++ - also updates for refclock_nmea.c and refclock_jupiter.c ++* [Bug 3576] New GPS date function API ++* [Bug 3573] nptdate: missleading error message ++* [Bug 3570] NMEA driver docs: talker ID not mentioned, typo ++* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' ++ - sidekick: service port resolution in 'ntpdate' ++* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH ++ - applied patch by Douglas Royds ++* [Bug 3542] ntpdc monlist parameters cannot be set ++* [Bug 3533] ntpdc peer_info ipv6 issues ++ - applied patch by Gerry Garvey ++* [Bug 3531] make check: test-decodenetnum fails ++ - try to harden 'decodenetnum()' against 'getaddrinfo()' errors ++ - fix wrong cond-compile tests in unit tests ++* [Bug 3517] Reducing build noise ++* [Bug 3516] Require tooling from this decade ++ - patch by Philipp Prindeville ++* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code ++ - patch by Philipp Prindeville ++* [Bug 3511] Get rid of AC_LANG_SOURCE() warnings ++ - patch by Philipp Prindeville ++* [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() ++ - partial application of patch by Philipp Prindeville ++* [Bug 3491] Signed values of LFP datatypes should always display a sign ++ - applied patch by Gerry Garvey & fixed unit tests ++* [Bug 3490] Patch to support Trimble Resolution Receivers ++ - applied (modified) patch by Richard Steedman ++* [Bug 3473] RefID of refclocks should always be text format ++ - applied patch by Gerry Garvey (with minor formatting changes) ++* [Bug 3132] Building 4.2.8p8 with disabled local libopts fails ++ - applied patch by Miroslav Lichvar ++* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network ++ ++* [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user ++ is specified with -u ++ - monitor daemon child startup & propagate exit codes ++* [Bug 1433] runtime check whether the kernel really supports capabilities ++ - (modified) patch by Kurt Roeckx ++* Clean up sntp/networking.c:sendpkt() error message. ++* Provide more detail on unrecognized config file parser tokens. ++* Startup log improvements. ++* Update the copyright year. ++ ++--- + NTP 4.2.8p13 (Harlan Stenn , 2019 Mar 07) + + Focus: Security, Bug fixes, enhancements. +--- contrib/ntp/config.h.in.orig ++++ contrib/ntp/config.h.in +@@ -1215,6 +1215,9 @@ + /* Define if C99-compliant `vsnprintf' is available. */ + #undef HAVE_VSNPRINTF + ++/* Define to 1 if you have the `waitpid' function. */ ++#undef HAVE_WAITPID ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_WCHAR_H + +--- contrib/ntp/configure.orig ++++ contrib/ntp/configure +@@ -1,6 +1,6 @@ + #! /bin/sh + # Guess values for system-dependent variables and create Makefiles. +-# Generated by GNU Autoconf 2.69 for ntp 4.2.8p13. ++# Generated by GNU Autoconf 2.69 for ntp 4.2.8p14. + # + # Report bugs to . + # +@@ -590,8 +590,8 @@ + # Identity of this package. + PACKAGE_NAME='ntp' + PACKAGE_TARNAME='ntp' +-PACKAGE_VERSION='4.2.8p13' +-PACKAGE_STRING='ntp 4.2.8p13' ++PACKAGE_VERSION='4.2.8p14' ++PACKAGE_STRING='ntp 4.2.8p14' + PACKAGE_BUGREPORT='http://bugs.ntp.org./' + PACKAGE_URL='http://www.ntp.org./' + +@@ -1617,7 +1617,7 @@ + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +-\`configure' configures ntp 4.2.8p13 to adapt to many kinds of systems. ++\`configure' configures ntp 4.2.8p14 to adapt to many kinds of systems. + + Usage: $0 [OPTION]... [VAR=VALUE]... + +@@ -1687,7 +1687,7 @@ + + if test -n "$ac_init_help"; then + case $ac_init_help in +- short | recursive ) echo "Configuration of ntp 4.2.8p13:";; ++ short | recursive ) echo "Configuration of ntp 4.2.8p14:";; + esac + cat <<\_ACEOF + +@@ -1930,7 +1930,7 @@ + test -n "$ac_init_help" && exit $ac_status + if $ac_init_version; then + cat <<\_ACEOF +-ntp configure 4.2.8p13 ++ntp configure 4.2.8p14 + generated by GNU Autoconf 2.69 + + Copyright (C) 2012 Free Software Foundation, Inc. +@@ -2639,7 +2639,7 @@ + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. + +-It was created by ntp $as_me 4.2.8p13, which was ++It was created by ntp $as_me 4.2.8p14, which was + generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ +@@ -3640,7 +3640,7 @@ + + # Define the identity of the package. + PACKAGE='ntp' +- VERSION='4.2.8p13' ++ VERSION='4.2.8p14' + + + cat >>confdefs.h <<_ACEOF +@@ -26091,6 +26091,17 @@ + + done + ++for ac_func in waitpid ++do : ++ ac_fn_c_check_func "$LINENO" "waitpid" "ac_cv_func_waitpid" ++if test "x$ac_cv_func_waitpid" = xyes; then : ++ cat >>confdefs.h <<_ACEOF ++#define HAVE_WAITPID 1 ++_ACEOF ++ ++fi ++done ++ + case "$host" in + *-convex-*) + for ac_header in /sys/sync/queue.h /sys/sync/sema.h +@@ -33331,6 +33342,10 @@ + no:0:*-*-solaris*) ;; + *) ntp_test_ntp_restrict="yes" ;; + esac ++case "$ntp_cv_gc_sections_runs" in ++ no) ntp_test_ntp_restrict="no" ;; ++ * ) ;; ++esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_restrict" >&5 + $as_echo "$ntp_test_ntp_restrict" >&6; } + if test x$ntp_test_ntp_restrict = xyes; then +@@ -33350,6 +33365,10 @@ + no:0:*-*-solaris*) ;; + *) ntp_test_ntp_scanner="yes" ;; + esac ++case "$ntp_cv_gc_sections_runs" in ++ no) ntp_test_ntp_scanner="no" ;; ++ * ) ;; ++esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_scanner" >&5 + $as_echo "$ntp_test_ntp_scanner" >&6; } + if test x$ntp_test_ntp_scanner = xyes; then +@@ -33369,6 +33388,10 @@ + no:0:*-*-solaris*) ;; + *) ntp_test_ntp_signd="yes" ;; + esac ++case "$ntp_cv_gc_sections_runs" in ++ no) ntp_test_ntp_signd="no" ;; ++ * ) ;; ++esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_signd" >&5 + $as_echo "$ntp_test_ntp_signd" >&6; } + if test x$ntp_test_ntp_signd = xyes; then +@@ -34151,7 +34174,7 @@ + # report actual input values of CONFIG_FILES etc. instead of their + # values after options handling. + ac_log=" +-This file was extended by ntp $as_me 4.2.8p13, which was ++This file was extended by ntp $as_me 4.2.8p14, which was + generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES +@@ -34218,7 +34241,7 @@ + cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" + ac_cs_version="\\ +-ntp config.status 4.2.8p13 ++ntp config.status 4.2.8p14 + configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +--- contrib/ntp/configure.ac.orig ++++ contrib/ntp/configure.ac +@@ -1,7 +1,7 @@ + dnl NTP top-level configure.ac -*- Autoconf -*- + dnl + m4_include([sntp/m4/version.m4]) +-AC_PREREQ([2.61]) ++AC_PREREQ([2.68]) + AC_INIT( + [ntp], + [VERSION_NUMBER], +@@ -42,13 +42,10 @@ + + NTP_CACHEVERSION([main], [$ntp_configure_cache_version]) + +-AM_INIT_AUTOMAKE([1.10 foreign -Wall -Wno-gnu]) ++AM_INIT_AUTOMAKE([1.15 foreign -Wall -Wno-gnu]) + +-dnl AM_SILENT_RULES req. automake 1.11. [yes] defaults V=0 +-m4_ifdef( +- [AM_SILENT_RULES], +- [AM_SILENT_RULES([yes])] +-) ++AM_SILENT_RULES([yes]) ++ + AC_CANONICAL_BUILD + AC_CANONICAL_HOST + dnl the 'build' machine is where we run configure and compile +@@ -382,6 +379,7 @@ + esac + AC_CHECK_HEADERS([sys/stat.h sys/stream.h stropts.h sys/stropts.h sys/syssgi.h]) + AC_CHECK_HEADERS([sys/systune.h sys/termios.h sys/tpro.h sys/wait.h]) ++AC_CHECK_FUNCS([waitpid]) + case "$host" in + *-convex-*) + AC_CHECK_HEADERS([/sys/sync/queue.h /sys/sync/sema.h]) +--- contrib/ntp/html/accopt.html.orig ++++ contrib/ntp/html/accopt.html +@@ -55,8 +55,10 @@ + + +
restrict [-4 | -6] default [ippeerlimit num] +- [flag][...]
restrict source [ippeerlimit num] +- [flag][...]
restrict address [mask mask] ++ [flag][...]
++
restrict source [ippeerlimit num] ++ [flag][...]
++
restrict address [mask mask] + [ippeerlimit num] [flag][...]
+
The address argument expressed in IPv4 or IPv6 numeric + address form is the address of a host or network. Alternatively, +@@ -168,6 +170,9 @@ + UDP port (123). A restrict line containing ntpport is + considered more specific than one with the same address and mask, + but lacking ntpport.
++
serverresponse fuzz
++
When reponding to server requests, fuzz the low order bits of ++ the reftime.
+
version
+
Deny packets that do not match the current NTP version.
+ +--- contrib/ntp/html/clockopt.html.orig ++++ contrib/ntp/html/clockopt.html +@@ -10,7 +10,7 @@ +

Reference Clock Commands and Options

+ gifMaster Time Facility at the UDel Internet Research Laboratory +

Last update: +- 11-Sep-2010 05:55 ++ 26-Sep-2019 06:34 + UTC

+
+

Related Links

+@@ -50,6 +50,22 @@ +
Specifies an ASCII string of from one to four characters which defines the reference identifier used by the driver. This string overrides the default identifier ordinarily assigned by the driver itself.
+
flag1 flag2 flag3 flag4
+
These four flags are used for customizing the clock driver. The interpretation of these values, and whether they are used at all, is a function of the particular driver. However, by convention flag4 is used to enable recording monitoring data to the clockstats file configured with the filegen command. Additional information on the filegen command is on the Monitoring Options page.
++
minjitter secs
++
If the source has a jitter that cannot be sensibly estimated, because ++ it is not statistic jitter, the source will be detected as falseticker ++ sooner or later. This has been observed e.g. with the serial data of ++ certain GPS receivers. Enforcing a minimal jitter value avoids a too ++ low estimation, keeping the clock in the zoo while still detecting ++ higher jitter. ++
Note: this changes the refclock samples and ends up in the ++ clock dispersion, not the clock jitter, despite being called jitter. To ++ see the modified values, check the NTP clock variable "filtdisp", not ++ "jitter". ++
The falseticker problem can also be avoided by increasing tos ++ mindist, which extends the intersection interval, but that affects ++ the root dispersion and is intended for the case of multiple reference ++ clocks with reliable jitter that do not intersect otherwise. ++
+ + + +--- contrib/ntp/html/confopt.html.orig ++++ contrib/ntp/html/confopt.html +@@ -13,7 +13,7 @@ + Walt Kelly +

The chicken is getting configuration advice.

+

Last update: +- 24-Jul-2018 07:27 ++ 13-Feb-2020 10:08 + UTC

+
+

Related Links

+@@ -33,12 +33,12 @@ + support for the IPv6 address family is generated in addition to the default IPv4 address family. IPv6 addresses can be identified by the presence of colons ":" in the address field. IPv6 addresses can be used almost everywhere where IPv4 addresses can be used, with the exception of reference clock addresses, which are always IPv4. Note that in contexts where a host name is expected, a -4 qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a -6 qualifier forces DNS resolution to the IPv6 namespace.

+

Server Commands

+

Unless noted otherwise, further information about these commands is on the Association Management page.

+-
server address [options ...]
+- peer address [options ...]
+- broadcast address [options ...]
+- manycastclient address [options ...]
+- pool address [options ...]
+- unpeer [address | associd]
++
server address [options ...]
++
peer address [options ...]
++
broadcast address [options ...]
++
manycastclient address [options ...]
++
pool address [options ...]
++
unpeer [address | associd]
+
These commands specify the remote server name or address to be used and the mode in which to operate. The address can be either a DNS name or a IPv4 or IPv6 address in standard notation. In general, multiple commands of each type can be used for different server and peer addresses or multicast groups. +
+
server
+@@ -67,8 +67,14 @@ +
ident group
+
Specify the group name for the association. See the Autokey Public-Key Authentication page for further information.
+
key key
+-
Send and receive packets authenticated by the symmetric key scheme described in the Authentication Support page. The key specifies the key identifier with values from 1 to 65535, inclusive. This option is mutually exclusive with the autokey option.
minpoll minpoll
+- maxpoll maxpoll
++
Send and receive packets authenticated by the symmetric key scheme ++ described in the Authentication Support ++ page. The key specifies the key identifier with values ++ from 1 to 65535, inclusive. This option is mutually exclusive with ++ the autokey ++ option.
++
minpoll minpoll
++
maxpoll maxpoll
+
These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the maxpoll option to an upper limit of 17 (36 hr). The minimum poll interval defaults to 6 (64 s), but can be decreased by the minpoll option to a lower limit of 3 (8 s). Additional information about this option is on the Poll Program page.
+
mode option
+
Pass the option to a reference clock driver, where option is an integer in the range from 0 to 255, inclusive. This option is valid only with type r addresses.
+@@ -87,6 +93,13 @@ + outgoing NTP packets. Versions 1-4 are the choices, with version 4 the default.
+
xleave
+
Operate in interleaved mode (symmetric and broadcast modes only). Further information is on the NTP Interleaved Modes page.
++
xmtnonce
++
Allowed in the server and pool modes, this flag causes the ++ client to put a random number nonce in the transmit timestamp of ++ its outgoing packet. Since the server will reply copying the ++ incoming transmit timestamp to the outgoing origin timestamp, this ++ flag provides extra security for the loopback test, at the expense ++ of the server having no idea what time the client thinks it is.
+
+

Auxiliary Commands

+
+--- contrib/ntp/html/copyright.html.orig ++++ contrib/ntp/html/copyright.html +@@ -3,7 +3,6 @@ + + + Copyright Notice +- + + + +@@ -10,7 +9,7 @@ +

Copyright Notice

+ jpg "Clone me," says Dolly sheepishly. +

Last update: +- 2-Jan-2017 11:58 ++ 4-Feb-2020 23:47 + UTC

+
+

+@@ -39,7 +38,7 @@ + 
+ ***********************************************************************
+ *                                                                     *
+-* Copyright (c) Network Time Foundation 2011-2017                     *
++* Copyright (c) Network Time Foundation 2011-2020                     *
+ *                                                                     *
+ * All Rights Reserved                                                 *
+ *                                                                     *
+--- contrib/ntp/html/discipline.html.orig
++++ contrib/ntp/html/discipline.html
+@@ -4,12 +4,13 @@
+ 
+ 
+ Clock Discipline Algorithm
++
+ 
+ 
+ 
+ 
Clock Discipline Algorithm

+ 
Last update:
+-  10-Mar-2014  05:03
++  3-Jan-2020  02:12
+     UTC

+ 
Table of Contents

+ 
    
+@@ -20,29 +21,29 @@
+ 

+ 

+ 
General Overview

+-
At the heart of the NTP specification and reference implementation is the clock discipline algorithm, which is best described as an adaptive parameter, hybrid phase/frequency-lock feedback loop. It is an intricately crafted algorithm that automatically  adapts  for optimum performance while  minimizing network overhead. Operation is in two modes, phase-lock loop (PLL), which is used at poll intervals  below the Allan intercept, by default 2048 s, and frequency-lock loop (FLL), which is used above that.

++
At the heart of the NTP specification and reference implementation is the clock discipline algorithm, which is best described as an adaptive parameter, hybrid phase/frequency-lock feedback loop.  It is an intricately crafted algorithm that automatically adapts for optimum performance while minimizing network overhead.  Operation is in two modes, phase-lock loop (PLL), which is used at poll intervals below the Allan intercept, by default 2048 s, and frequency-lock loop (FLL), which is used above that.

+ 
 gif
+   
Figure 1. Clock Discipline Algorithm

+ 

+ 
Clock Discipline Operations

+-
A block diagram of the clock discipline is shown in Figure 1. The timestamp of a reference clock or remote server is compared with the timestamp of the system clock, represented as a variable frequency oscillator (VFO), to produce a raw offset sample Vd. Offset samples are processed by the clock filter to produce a filtered update Vs. The loop filter implements a type-2  proportional-integrator controller (PIC). The PIC can  minimize errors in both time and frequency using predictors x and y, respectively. The clock adjust process samples these predictors once each second for the daemon discipline or once each tick interrupt for the kernel discipline to produce the system clock  update Vc.

+-
In PLL mode the frequency predictor is an integral of the offset over past updates, while the phase predictor is the offset amortized over time in order to  avoid  setting the clock backward. In FLL mode the phase predictor is not used, while the frequency predictor is similar to the  NIST lockclock algorithm. In this algorithm, the frequency predictor is computed as a fraction of the current offset divided by the time since the last update in order to  minimize the offset at the next update.

+-
The discipline  response  in PLL mode is determined by  the time constant, which results in a "stiffness" depending on the   jitter  of the available sources and the wander of the system clock oscillator. The  scaled time constant is also used as the poll interval  described on the Poll Program page. However, in  NTP symmetric mode, each   peer manages its own poll interval and the two  might not be the same. In such cases either peer uses the minimum of its own poll interval and that of the other peer, which is included in the NTP  packet header.

++
A block diagram of the clock discipline is shown in Figure 1.  The timestamp of a reference clock or remote server is compared with the timestamp of the system clock, represented as a variable frequency oscillator (VFO), to produce a raw offset sample Vd.  Offset samples are processed by the clock filter to produce a filtered update Vs.  The loop filter implements a type-2 proportional-integrator controller (PIC).  The PIC can minimize errors in both time and frequency using predictors x and y, respectively.  The clock adjust process samples these predictors once each second for the daemon discipline or once each tick interrupt for the kernel discipline to produce the system clock update Vc.

++
In PLL mode the frequency predictor is an integral of the offset over past updates, while the phase predictor is the offset amortized over time in order to avoid setting the clock backward.  In FLL mode the phase predictor is not used, while the frequency predictor is similar to the NIST lockclock algorithm.  In this algorithm, the frequency predictor is computed as a fraction of the current offset divided by the time since the last update in order to minimize the offset at the next update.

++
The discipline response in PLL mode is determined by the time constant, which results in a "stiffness" depending on the jitter of the available sources and the wander of the system clock oscillator.  The scaled time constant is also used as the poll interval described on the Poll Program page.  However, in NTP symmetric mode, each peer manages its own poll interval and the two might not be the same.  In such cases either peer uses the minimum of its own poll interval and that of the other peer, which is included in the NTP packet header.

+ 
Loop Dynamics

+-
 It is necessary to verify that the clock discipline algorithm is stable and satisfies the Nyquist criterion, which requires that the sampling rate be at least twice the bandwidth. In this case the bandwidth can be approximated by the reciprocal of the time constant. In the NTP specification and reference implementation, time constants and poll intervals are  expressed as exponents of 2. By construction, the time constant exponent is five times the poll interval exponent.  Thus, the default poll exponent of 6 corresponds to a poll interval of 64 s and a time constant of 2048 s. A change  in the poll interval changes the time constant by a corresponding amount.. The Nyquist criterion requires the  sample interval to be not more than half the time constant or 1024 s. The clock filter guarantees at least one sample in eight poll intervals, so the sample interval is not more than 512 s. This would be described as oversampling by a factor of two. Finally, the PLL parameters have been chosen for a damping factor of 2, which results in a much faster risetime than with critical damping, but results in modest overshoot of  6 percent.

+-
 It is important to understand how the dynamics of the PLL are affected by the time constant and poll interval. At the default poll interval of 64 s and a step offset  change of 100 ms, the time response crosses zero in about 50 min and overshoots about 6 ms, as per design. Ordinarily, a step correction would causes a temporary frequency  surge of about 5 PPM, which  along with the overshoot slowly dissipates over a few hours.

+-
However, the clock state machine used with the discipline algorithm avoids this transient at startup. It does this using a previously saved frequency file, if present, or by measuring the oscillator frequency, if not. It then quickly amortizes the residual offset at startup without affecting the oscillator frequency. In this way the offset error is less than 0.5 ms within 5 min, if the file is present, and within 10 min if not. See the Clock State Machine page for further details.

+-
Since the PLL is linear, the response with different offset step amplitudes and poll intervals has the same characteristic shape, but scaled differently in amplitude and time. The response scales exactly with step amplitude, so that the response to  a 10-ms step has the same shape as at 64 s, but with amplitude  compressed by one-tenth. The response scales exactly with poll interval, so that response at a poll interval of 8 s  has the same shape as at 64 s, but with  time compressed by  one-eighth.

+-
The optimum time constant, and thus the poll interval, depends on the network time jitter and the  oscillator frequency wander. Errors due to jitter decrease as the time constant increases, while errors due to wander decrease as the time constant decreases. For typical Internet paths, the two error characteristics intersect at a point called the Allan intercept, which represents the optimum time constant. With a compromise Allan intercept of 2048 s, the optimum poll interval is about 64 s, which corresponds to a compromise poll exponent of 6. For fast LANs with modern computers, the Allan intercept is somewhat lower at around 512 s, so a compromise poll exponent of 4 (16 s) is appropriate. An intricate, heuristic algorithm is used to manage the actual poll interval within a specified range. Details are on the Poll Program page.

+-
In the NTPv4 specification and reference implementation a state machine is used to manage the system clock under exceptional conditions, as when the daemon is first started or when encountering  severe network congestion. In extreme cases not likely to be encountered in normal operation, the system time can be stepped forward or backward more than 128 ms. Further details are on the Clock State Machine page.

++
 It is necessary to verify that the clock discipline algorithm is stable and satisfies the Nyquist criterion, which requires that the sampling rate be at least twice the bandwidth.  In this case the bandwidth can be approximated by the reciprocal of the time constant.  In the NTP specification and reference implementation, time constants and poll intervals are expressed as exponents of 2.  By construction, the time constant exponent is five times the poll interval exponent.  Thus, the default poll exponent of 6 corresponds to a poll interval of 64 s and a time constant of 2048 s.  A change in the poll interval changes the time constant by a corresponding amount..  The Nyquist criterion requires the sample interval to be not more than half the time constant or 1024 s.  The clock filter guarantees at least one sample in eight poll intervals, so the sample interval is not more than 512 s.  This would be described as oversampling by a factor of two.  Finally, the PLL parameters have been chosen for a damping factor of 2, which results in a much faster risetime than with critical damping, but results in modest overshoot of 6 percent.

++
 It is important to understand how the dynamics of the PLL are affected by the time constant and poll interval.  At the default poll interval of 64 s and a step offset change of 100 ms, the time response crosses zero in about 50 min and overshoots about 6 ms, as per design.  Ordinarily, a step correction would causes a temporary frequency surge of about 5 PPM, which along with the overshoot slowly dissipates over a few hours.

++
However, the clock state machine used with the discipline algorithm avoids this transient at startup.  It does this using a previously saved frequency file, if present, or by measuring the oscillator frequency, if not.  It then quickly amortizes the residual offset at startup without affecting the oscillator frequency.  In this way the offset error is less than 0.5 ms within 5 min, if the file is present, and within 10 min if not.  See the Clock State Machine page for further details.

++
Since the PLL is linear, the response with different offset step amplitudes and poll intervals has the same characteristic shape, but scaled differently in amplitude and time.  The response scales exactly with step amplitude, so that the response to a 10-ms step has the same shape as at 64 s, but with amplitude compressed by one-tenth.  The response scales exactly with poll interval, so that response at a poll interval of 8 s has the same shape as at 64 s, but with time compressed by one-eighth.

++
The optimum time constant, and thus the poll interval, depends on the network time jitter and the oscillator frequency wander.  Errors due to jitter decrease as the time constant increases, while errors due to wander decrease as the time constant decreases.  For typical Internet paths, the two error characteristics intersect at a point called the Allan intercept, which represents the optimum time constant.  With a compromise Allan intercept of 2048 s, the optimum poll interval is about 64 s, which corresponds to a compromise poll exponent of 6.  For fast LANs with modern computers, the Allan intercept is somewhat lower at around 512 s, so a compromise poll exponent of 4 (16 s) is appropriate.  An intricate, heuristic algorithm is used to manage the actual poll interval within a specified range.  Details are on the Poll Program page.

++
In the NTPv4 specification and reference implementation a state machine is used to manage the system clock under exceptional conditions, as when the daemon is first started or when encountering severe network congestion.  In extreme cases not likely to be encountered in normal operation, the system time can be stepped forward or backward more than 128 ms.  Further details are on the Clock State Machine page.

+ 
Clock Initialization and Management

+-
If left running continuously, an NTP client on a fast LAN in a home or office environment can  maintain synchronization  nominally within one millisecond. When the ambient temperature variations are less than a degree Celsius,  the clock oscillator frequency is  disciplined to within one part per million (PPM), even when the   clock oscillator native  frequency offset is 100 PPM or more.

+-
 For laptops and portable devices when the power is turned off,  the   battery backup clock offset error can increase   as much as one second  per day. When  power is restored after  several hours or days,  the  clock offset and oscillator frequency   errors must be resolved by the clock discipline algorithm, but this can take several hours without specific provisions.

+-
 The provisions described in this section insure that, in all but pathological situations, the startup transient is suppressed to within nominal levels in no more than five minutes after a warm start or ten minutes after a cold start. Following is a summary of these provisions. A detailed discussion of these provisions is on the Clock State Machine page.

+-
 The reference implementation   measures the clock oscillator frequency  and updates a frequency  file  at intervals of one hour or more, depending on the measured frequency wander. This design is intended to minimize  write cycles in NVRAM that might  be used in a laptop or portable device. In a warm start, the frequency is initialized from this file, which avoids a possibly lengthy convergence time. In a cold start when no frequency file is available, the reference implementation first measures the   oscillator frequency  over a five-min interval. This generally results in a residual frequency error  less than  1 PPM. The measurement interval can be changed using the stepout option of the tinker command.

+-
In order to  reduce the  clock offset error at restart, the reference implementation  mext disables oscillator frequency discipline and enables clock offset discipline with a small time constant. This  is designed to quickly reduce the clock offset error without causing a frequency surge. This configuration is continued for an interval of five-min, after which the  clock offset error is usually  no more than a millisecond. The  measurement interval can be changed using the stepout option of the tinker command.

+-
Another  concern at  restart is the  time necessary for  the select and cluster algorithms to refine and validate the initial  clock offset estimate. Normally, this takes several updates before setting the system clock. As the default minimum poll interval in most configurations is about one minute, it can take several minutes before setting the system clock. The iburst option of the server command  changes the behavior at restart and is    recommended for client/server configurations.  When this option is enabled, the client  sends a volley of six requests at intervals of two seconds. This usually insures a reliable estimate is available in about ten seconds before setting the clock. Once this initial volley is complete, the procedures described above are executed.

+-
As a result of the above considerations, when a backup source, such as the local clock driver, ACTS modem driver or orphan mode is included in the system configuration, it may happen that one or more of them are selectable before one or more of the  regular sources are selectable. When backup sources are included in the configuration, the  reference implementation waits an interval of several minutes without regular sources before switching to backup sources. This is generally enough to avoid startup transients due to premature switching to backup sources. The interval can be changed using the orphanwait option of the tos command.

++
If left running continuously, an NTP client on a fast LAN in a home or office environment can maintain synchronization nominally within one millisecond.  When the ambient temperature variations are less than a degree Celsius, the clock oscillator frequency is disciplined to within one part per million (PPM), even when the clock oscillator native frequency offset is 100 PPM or more.

++
 For laptops and portable devices when the power is turned off, the battery backup clock offset error can increase as much as one second per day.  When power is restored after several hours or days, the clock offset and oscillator frequency errors must be resolved by the clock discipline algorithm, but this can take several hours without specific provisions.

++
 The provisions described in this section insure that, in all but pathological situations, the startup transient is suppressed to within nominal levels in no more than five minutes after a warm start or ten minutes after a cold start.  Following is a summary of these provisions.  A detailed discussion of these provisions is on the Clock State Machine page.

++
 The reference implementation measures the clock oscillator frequency and updates a frequency file at intervals of one hour or more, depending on the measured frequency wander.  This design is intended to minimize write cycles in NVRAM that might be used in a laptop or portable device.  In a warm start, the frequency is initialized from this file, which avoids a possibly lengthy convergence time.  In a cold start when no frequency file is available, the reference implementation first measures the oscillator frequency over a five-min interval.  This generally results in a residual frequency error less than 1 PPM.  The measurement interval can be changed using the stepout option of the tinker command.

++
In order to reduce the clock offset error at restart, the reference implementation next disables oscillator frequency discipline and enables clock offset discipline with a small time constant.  This is designed to quickly reduce the clock offset error without causing a frequency surge.  This configuration is continued for an interval of five-min, after which the clock offset error is usually no more than a millisecond.  The measurement interval can be changed using the stepout option of the tinker command.

++
Another concern at restart is the time necessary for the select and cluster algorithms to refine and validate the initial clock offset estimate.  Normally, this takes several updates before setting the system clock.  As the default minimum poll interval in most configurations is about one minute, it can take several minutes before setting the system clock.  The iburst option of the server command changes the behavior at restart and is recommended for client/server configurations.  When this option is enabled, the client sends a volley of six requests at intervals of two seconds.  This usually insures a reliable estimate is available in about ten seconds before setting the clock.  Once this initial volley is complete, the procedures described above are executed.

++
As a result of the above considerations, when a backup source, such as the local clock driver, ACTS modem driver or orphan mode is included in the system configuration, it may happen that one or more of them are selectable before one or more of the regular sources are selectable.  When backup sources are included in the configuration, the reference implementation waits an interval of several minutes without regular sources before switching to backup sources.  This is generally enough to avoid startup transients due to premature switching to backup sources.  The interval can be changed using the orphanwait option of the tos command.

+ 

+ 
+ 
+--- contrib/ntp/html/drivers/driver20.html.orig
++++ contrib/ntp/html/drivers/driver20.html
+@@ -1,7 +1,7 @@
+ 
+ 
+     Generic NMEA GPS Receiver
+-    
++    
+     
+