diff --git a/share/security/advisories/FreeBSD-EN-16:01.filemon.asc b/share/security/advisories/FreeBSD-EN-16:01.filemon.asc new file mode 100644 index 0000000000..11783e493b --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-16:01.filemon.asc @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:01.filemon Errata Notice + The FreeBSD Project + +Topic: filemon and bmake meta-mode stability issues + +Category: core +Module: filemon +Announced: 2016-01-14 +Credits: Bryan Drewery +Affects: FreeBSD 10.2-RELEASE +Corrected: 2015-09-09 17:15:13 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security branches, +and the following sections, please visit +. + +I. Background + +In FreeBSD 10.2, /usr/bin/make is the NetBSD bmake utility. bmake has +a feature called meta-mode [1], which can make use of the filemon(4) kernel +module to perform reliable update builds and provide better build +dependencies. +[1] http://www.crufty.net/sjg/blog/freebsd-meta-mode.htm + +II. Problem Description + +Multiple stability and locking problems have been fixed in the filemon(4) +kernel module. Without these fixes, using meta-mode and filemon(4) on a +FreeBSD 10.2 system may result in kernel panics. + +III. Impact + +For the jails and virtual machines used by the FreeBSD Jenkins Continuous +Integration builders, it is desirable to use released versions FreeBSD. +This will allow us to set up builders to test building FreeBSD-CURRENT with +meta-mode, using a FreeBSD 10.2-RELEASE-p9 build host. + +IV. Workaround + +No workaround is available for the filemon stability problems. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:01/filemon.patch +# fetch https://security.FreeBSD.org/patches/EN-16:01/filemon.patch.asc +# gpg --verify filemon.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10 r287598 +releng/10.2 r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + +The latest revision of this Errata Notice is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2jlAAoJEO1n7NZdz2rnF6kQAJEgtPKwowupOd3QV2UvMJ4T +PP/UK9tvF+Tbmow+5z9vV8ghh/oHc/AUWxhbIcnOFO7YldwrYJDXAHWF5VoTgatb +Ycg+R10Kyg8loZZuAAaGsY+zS78BIXunKVduWealz6TV978sZ5mr7qVJjX03Bvdh +9s3dX6PLfA0ZtqxXuhJ3oMj1Nt7UoGyNNNg23TWhQDMzpueB1EihhjzcLEk8UCjR +OlZElMXsnI/c9zG0eaSDPqfUuQrZDasQ+kM4eWaEXxcZVHSEQtU7vJ6SjxAkeCHT +fzRcAilzQBQJzObzpdXCxrd3OmKL52Ml44Kll2k31QQM3YDHw5g+mMJ+G6BoD5HZ +hQktb7Y064s/SQ0S91aTCgdSBzlTOny7IjsE1W+T6WD4Dohc1aY5y5u2UDBIRIS9 +BvovQF9k0PXIqpA3DjV1cGp3oYLpmJc5NYqHuJ9hkQWSp8FntfuQ1gKpieznyg25 +mb7fsOU693Dglcodtz1uQcwwgh/0s7bEcP6o7ejzsd4bzhe9CTLgD5qp0MD8htiH +Li+i9O5hUS8nheJt03btw/mq7CPbr66JWnpVHmPe8kL8SU7qmwBwq6d3buk5Hyr1 +tOmpuTyW+dq4iWweG411/j9M8Q03fD/DI4Ez2KS5OTizNAWb2wq8e+OZIk6TDE37 +Aam3KrksQZjG+sqL7NVp +=INcx +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-16:02.pf.asc b/share/security/advisories/FreeBSD-EN-16:02.pf.asc new file mode 100644 index 0000000000..0337dae215 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-16:02.pf.asc @@ -0,0 +1,149 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:02.pf Errata Notice + The FreeBSD Project + +Topic: Invalid TCP checksums with pf(4) + +Category: core +Module: pf +Announced: 2016-01-14 +Credits: Kristof Provost +Affects: All supported versions of FreeBSD. +Corrected: 2015-11-11 12:36:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2015-12-25 15:12:54 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The pf(4) is one of several packet filters available in FreeBSD, originally +written for OpenBSD. In addition to filtering packets, it also has packet +normalization capabilities. + +II. Problem Description + +When running with certain network interfaces, capable for hardware transmit +checksum offloading, or TCP segmentation offload, pf(4) produces packets with +invalid TCP checksums. + +III. Impact + +The TCP packets with invalid checksums are rejected by the remote host, +leading to large performance impacts or inability to successfully run +a TCP connection. + +IV. Workaround + +Disable transmit checksum offloading and TSO support on the affected +network interface: + +# ifconfig ue0 -txcsum -tso + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Reboot the system or unload and reload the pf.ko kernel module. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot the system or unload and reload the pf.ko kernel module. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 10.2] +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.2.patch +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.2.patch.asc +# gpg --verify pf-10.2.patch.asc + +[FreeBSD 10.1] +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.1.patch +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.1.patch.asc +# gpg --verify pf-10.1.patch.asc + +[FreeBSD 9.3] +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-9.3.patch +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-9.3.patch.asc +# gpg --verify pf-9.3.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system or unload and reload the pf.ko kernel module. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r292732 +releng/9.3/ r293896 +stable/10/ r290669 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2rlAAoJEO1n7NZdz2rnv0QP/RXPzKbSRsyyX3914BJv/W4V +coLFodRd62WxPvFIOXaLbNsVSi1yqRqNS3BPNTXnldEvjZWS5HsRlY5inq7hCjOn +NzZFIBVD3aL3eIXBUghNHTcCp3Ml5zIzcGUwJ0wW4F8j3D8Ty0YbJs+E7Ku63DIb +3rR2Mj1Jcoxi4JNVaQ962JlRrqauQUIiFbS0bSmP/cQCUlvhm+uk8Yj1KgSYesSu +n+lQAipH2zZWGjVj1xxvqi4cUcr6J6LEF0eTmg+UoM24vhq+QNql5aactYMOORiW +f+80HOWm6R8F/6TI2xs7HpNfnQNuNBRTfmfViQB8GgzgV2juElcTXW4NKXALrkWy +HxAfv6wdhDxclOXzumUXDOXC90o62Jv5gWiToJWLyETHI1vTe4UuE0egejFHSDJB +bmFpbYeuvXJ5/3dAYHHtnjtIPE9PXG+c16eJr3XDkY4plreL/hpyDHFRd3scqWew +EvPnkYcXZmzpCC/wZbDM5sI76YAfX7vayVqsUI0X4WRueYyIljRQGwygwfmHWiac +HIrgLgJvXZCGXiiuSpZq5874er0/UN9czGuMVOFZoXZ45yuj99pO1rJNZryO926A +UAOsC76m78myPrM+a4dJDrnWKgZjputCEBHXXNS8Yxt1cimrrbAb2wy0gt1CIMFm +cuAfikAwdNj3JAvjS4oA +=Aw1R +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-16:03.yplib.asc b/share/security/advisories/FreeBSD-EN-16:03.yplib.asc new file mode 100644 index 0000000000..8cbc2fe16a --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-16:03.yplib.asc @@ -0,0 +1,139 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:03.ypclnt Errata Notice + The FreeBSD Project + +Topic: YP/NIS client library critical bug + +Category: core +Module: ypclnt +Announced: 2016-01-14 +Credits: Ravi Pokala, + Lakshmi Narasimhan Sundararajan, + Fred Lewis, + Pushkar Kothavade +Affects: All supported versions of FreeBSD. +Corrected: 2015-12-21 14:32:29 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-13 05:32:24 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The YP/NIS subsystem allows network management of passwd, group, netgroup, +hosts, services, rpc, bootparams and ethers file entries. The ypclnt suite +provides an interface to the YP subsystem. + +The standard NIS protocol limits its database entries to YPMAXRECORD (1024 +characters). + +II. Problem Description + +There is a bug with the NIS client library, which can lead to an infinite +loop. + +III. Impact + +A server that is deliberately configured to violate the NIS/YP protocol can +cause a FreeBSD NIS client to be stuck forever. + +IV. Workaround + +No workaround is available, but systems that are not configured to use +NIS/YP are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +A reboot is recommended. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +A reboot is recommended. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:03/yplib.patch +# fetch https://security.FreeBSD.org/patches/EN-16:03/yplib.patch.asc +# gpg --verify yplib.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +A reboot is recommended. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293804 +releng/9.3/ r293896 +stable/10/ r292547 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j1AAoJEO1n7NZdz2rnRZQP/iZq/xlDFZrxwpW4S0GimmmK +CdB9yE8rITW2XRWIaTW+fj4aqQ8cvD3IpqtgPe1wCXe69XgmICPwwBh/zNB4w0qu +xmyihP6/2qTLatIq886StqXRkS+05U5y4VoEwFaRkBCy3IWDVXgM41DsRhOuYq3y +Y72VNeJFSuD+qb0i0B56PpPhaVd7hyEgvuXLXxi3l/BiUMD9t4Z36W8a2IPrF1wa +wviTB6cr614dzH+Jou+d9ffKoD6TWeZtbcf1jrw12YVBJhPx3vCqPVJGerGRUwVF +TeD4cUyHmY1nRa4zssKJcbAbgbYGtumRZTysa50eXBVsd7MTloZk0o8Angr6uGeR +rRo8Sop8PbwWm81Zykb4lIBOVUB4TsEfMjusKhgcJ5kmd+gK8z1ZzE/ZlOes2UJ8 +eH+LOEKjux3c9UKkz6RDWinM277J5fhZ5Zi6jO6n/LrJRKiqKud6VeHQLOElXye7 +/8KFqCaym8JpZ0P3Cywid+2EyqjlNwvsZleDs8EE/d1+60yX+Qm2j+BKAfqhSyLD +a9TimJTsEMA47Rf3af2lx1q4bnrKJVSBGhNaNzDHe5UIge0FAt8uUwgL/yIDpBlS +/5TtnD3F30B34482sAf4u/WW/1ipppIFEe8i6d9uwIGjG9Z5eVVom2FJbAHHdVA6 +w8xVZil5irkB2fdI1DOi +=A4Qy +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-16:01.sctp.asc b/share/security/advisories/FreeBSD-SA-16:01.sctp.asc new file mode 100644 index 0000000000..adcfec8722 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-16:01.sctp.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:01.sctp Security Advisory + The FreeBSD Project + +Topic: SCTP ICMPv6 error message vulnerability + +Category: core +Module: SCTP +Announced: 2016-01-14 +Credits: Jonathan T. Looney +Affects: All supported versions of FreeBSD +Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2016-1879 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The Stream Control Transmission Protocol (SCTP) protocol provides reliable, +flow-controlled, two-way transmission of data. + +The Internet Control Message Protocol for IPv6 (ICMPv6) provides a way for +hosts on the Internet to exchange control information. Among other uses, +a host or router can use ICMPv6 to inform a host when there is an error +delivering a packet sent by that host. + +II. Problem Description + +A lack of proper input checks in the ICMPv6 processing in the SCTP stack +can lead to either a failed kernel assertion or to a NULL pointer +dereference. In either case, a kernel panic will follow. + +III. Impact + +A remote, unauthenticated attacker can reliably trigger a kernel panic +in a vulnerable system running IPv6. Any kernel compiled with both IPv6 +and SCTP support is vulnerable. There is no requirement to have an SCTP +socket open. + +IPv4 ICMP processing is not impacted by this vulnerability. + +IV. Workaround + +No workaround is available, but systems using a kernel compiled without +SCTP support or IPv6 support are not vulnerable. + +In addition, some stateful firewalls may block ICMPv6 messages that are +not responding to a legitimate connection. (However, this may not +completely block the problem, as an ICMPv6 message could still be sent +in response to a legitimate SCTP connection.) + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. +Rebooting to the new kernel is required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Rebooting to the new kernel is required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-16:01/sctp.patch +# fetch https://security.FreeBSD.org/patches/SA-16:01/sctp.patch.asc +# gpg --verify sctp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293898 +releng/9.3/ r293896 +stable/10/ r293897 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j1AAoJEO1n7NZdz2rnIfoQAOZTLX3VovQPGj9wr7PspLQi +Tazu6vRnjzdOdjpeWwSgYlq6DJGjT71c/BRyCWCoijr2uyBWRlANqzMO64thuTzx +gc6juRlChLDF4sNVWbNDMRwuHTfCpgDH2/4hQeR/9CmiQxHJyqL0gXc889D206i9 +KzgmYrSALEVK0E2kDBeRMsadtqPIEzCw4LygWd4qrtYNPjAfBR/a9U4rg7ZN0ICZ +RCPnkAF6qI09B931QfHaI4C9wdBF8DJ6nKN/2aU9ATdOJJb7oUkpaHht8kmbdZS+ +Tn12nEXkQvNxuAKT7Fb87M14s7LUR12V5wgDeMd2UtOfkeSpGEDFACdhYW3IpKan +gD+2IlzLRhoQTJ7lQWMRTKh3OiDDR2kLwvbEU7BGecDSG6fVkgumn6NlHYybdH7L +axpDOxPz8ITfcdRipIXLOQEC308ckdmaEwqi4ikgBGwEkSgIwj1flGStswvcMrim +vT0xof2dv1y6RW5xYnJF7Mtn/rEcqrql/BeBp/kxJZ2Qt3hkppQnjWD6kvrEj00s +CajzxdBTM7J3buDzu++RL2GL9p5Cwo1kDmUJdWimIbSecL62J9+PwFCDYp/dOy25 +GAPGnf7gk8YhwM8pHwLtcX0b9UundkXLWnLBN7R12fL7Ch2CmPbgPcoFc5CSbcIx +TBRU+4TGcNGxigXyzIHT +=G0DD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-16:02.ntp.asc b/share/security/advisories/FreeBSD-SA-16:02.ntp.asc new file mode 100644 index 0000000000..aefd38e3ac --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-16:02.ntp.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:02.ntp Security Advisory + The FreeBSD Project + +Topic: ntp panic threshold bypass vulnerability + +Category: contrib +Module: ntp +Announced: 2016-01-14 +Credits: Network Time Foundation +Affects: All supported versions of FreeBSD. +Corrected: 2016-01-11 01:09:50 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-11 01:48:16 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2015-5300 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +II. Problem Description + +The ntpd(8) daemon has a safety feature to prevent excessive stepping of +the clock called the "panic threshold". If ever ntpd(8) determines the +system clock is incorrect by more than this threshold, the daemon exits. +There is an implementation error within the ntpd(8) implementation of this +feature, which allows the system time be adjusted in certain circumstances. + +III. Impact + +When ntpd(8) is started with the '-g' option specified, the system time will +be corrected regardless of if the time offset exceeds the panic threshold (by +default, 1000 seconds). The FreeBSD rc(8) subsystem allows specifying the +'-g' option by either including '-g' in the ntpd_flags list or by enabling +ntpd_sync_on_start in the system rc.conf(5) file. + +If at the moment ntpd(8) is restarted, an attacker can immediately respond to +enough requests from enough sources trusted by the target, which is difficult +and not common, there is a window of opportunity where the attacker can cause +ntpd(8) to set the time to an arbitrary value. + +IV. Workaround + +No workaround is available, but systems not running ntpd(8), or running +ntpd(8) but do not use ntpd_sync_on_start="YES" or specify the '-g' option in +ntpd_flags are not affected. Neither of these are set by default. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 10.1 and 10.2] +# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-10.patch +# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-10.patch.asc +# gpg --verify ntp-10.patch.asc + +[FreeBSD 9.3] +# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-9.patch +# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-9.patch.asc +# gpg --verify ntp-9.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293652 +releng/9.3/ r293896 +stable/10/ r293650 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j2AAoJEO1n7NZdz2rnyg4QAJ/x3xs+pNGXxTT63hbBqLcB +NTSljW5+hFpL94Nr+rHrelvcT3HkvdWUC+7BvMksoUYCZv0vClp5W7tsfuojDPr0 +GechK1BpLwxeLnRexulWEuvDQpbr6BN9ABdfSl4h3AaUwGYbBVLMY8aT5JpTiE3I +UZg/5iPXVGFPcfdFhzaPgCpZxQtGI3QV7m5jx+Pf8r0ifuTNi8bAbwHCRzmOV8rA +1LM4fvlCPd6TiP3UANWM7PFGbX8UArgzXlb8jSwkxEVC02oZitol4UhcLgacwVrO +0/0q71pyn8W3NBQ1QPUaUg1M81sE501NCTCP3rEg+o6g7oxiq+GpgB0FKwCJxrTk +n3EL7tyhbvVcsglPLRkIXkGz3o5XdelFJ66+qS+mZAiPozkzEFUIdxd8rHKsA1e4 +ZIFARDvDgi8iTArbJnPsQH0CgK8+/2RV2ILFW00Zcu7batvSWJtAUNNFqTSN34tk +JJzHWYwKfGwRIMyEABsy9wLez9K2tRIG0fX75p82dVbRcRZwwSfPmFdfDPuMRRmc +dsNF3133TA92uxwZ177cZk537g+Q0/0I6bts8us3GlCdY2HBuIc+HvRJQyEEqGEv +v1GfEdnwGLp4rmPI8uY+JQ87now7KYhAK1SVil9AXm3tLrIqJsHYayA9nI8mjxfY +Mh1utEeP+TMuievDMQNo +=il8c +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-16:03.linux.asc b/share/security/advisories/FreeBSD-SA-16:03.linux.asc new file mode 100644 index 0000000000..30873fdb22 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-16:03.linux.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:03.linux Security Advisory + The FreeBSD Project + +Topic: Linux compatibility layer incorrect futex handling + +Category: core +Module: kernel +Announced: 2016-01-14 +Credits: Mateusz Guzik +Affects: All supported versions of FreeBSD. +Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2016-1880 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD is binary-compatible with the Linux operating system through a +loadable kernel module/optional kernel component. The support is +provided on amd64 and i386 machines. + +II. Problem Description + +A programming error in the handling of Linux futex robust lists may result +in incorrect memory locations being accessed. + +III. Impact + +It is possible for a local attacker to read portions of kernel memory, which +may result in a privilege escalation. + +IV. Workaround + +No workaround is available, but systems not using the Linux binary +compatibility layer are not vulnerable. + +The following command can be used to test if the Linux binary +compatibility layer is loaded: + +# kldstat -m linuxelf + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Reboot the system or unload and reload the linux.ko kernel module. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot the system or unload and reload the linux.ko kernel module. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-16:03/linux.patch +# fetch http://security.FreeBSD.org/patches/SA-16:03/linux.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/amd64/linux32 +# make sysent +# cd /usr/src/i386/linux +# make sysent + +c) Recompile your kernel and modules as described in +. + +Reboot the system or unload and reload the linux.ko kernel module. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Subversion: + +Branch/path Revision +- --------------------------------------------------------------------------- +stable/9/ r293898 +releng/9.3/ r293896 +stable/10/ r293897 +releng/10.1/ r293894 +releng/10.2/ r293893 +- --------------------------------------------------------------------------- + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j2AAoJEO1n7NZdz2rngkcQAJ8yxlxYd+qZPf+pbP+0Kj6w ++Sy8BrSUrYLMFynrs4vRPTJobLnVGpwkp6I6ZCDL/yoI/7Xkl3ld7HWfH7MAJ6WP +x0j5/bC+AlWGpKfL6wqeddxjHgmaAlDznN1MyO+3byVfP1Y8VVppbzqPNw9AW17Q +kNqNAMsVuk3OMpoE7CYEsaH6rzHzbMGAPuR+KN5J55Mth6dNkIYSIFJ0sCae5cnv +P6SoMKjn7ffcHymmX/Yj7K0FTOrJOePR0eLbTITivJT1uZ3bYbbYyK1bYslE6bwF +EQ3Ij+LhZdM5D7GBOpILBZ9ojvVMq8PiW9yY3zo7DRrwWajBy8pe/3ow0u7igoOK +/0XUFmRT0Q0iCxlGhXPxEGcc40g6oE6oVz1m3Ewgqc2+iZm+w6N/w88dRqiBHNgL +AiCqleI10eRNgP1uq7XT/5PEslmQLxSCrDPFDOgmSZc3uY7H5LBb6O9fb7YTpn6J +bfL7yyJFei/lAlY1s2b+4/DW9PE1OwxNw/R85mSUpbP5my5wwZR+s3mGTLI2JAlk +74Nw/OR9HLLHoEO5JlagfEclKp7O+JzhHYkAcBm7yRMRr1LV+7JZQEaTCeWTkm6L +YvL8Ca1PAL6qNLZbxQ26Gjka7KCrFhhNfR22c3Lz4pLtkg9YmDRb4sy6i+q3ellG +0mLi0OqTu2gn+25xhidf +=OQft +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-16:04.linux.asc b/share/security/advisories/FreeBSD-SA-16:04.linux.asc new file mode 100644 index 0000000000..bfd01b913e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-16:04.linux.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:04.linux Security Advisory + The FreeBSD Project + +Topic: Linux compatibility layer setgroups(2) system call + vulnerability + +Category: core +Module: kernel +Announced: 2016-01-14 +Credits: Dmitry Chagin +Affects: All supported versions of FreeBSD +Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2016-1881 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD is binary-compatible with the Linux operating system through a +loadable kernel module/optional kernel component. The support is +provided on amd64 and i386 machines. + +II. Problem Description + +A programming error in the Linux compatibility layer setgroups(2) system +call can lead to an unexpected results, such as overwriting random kernel +memory contents. + +III. Impact + +It is possible for a local attacker to overwrite portions of kernel +memory, which may result in a privilege escalation or cause a system +panic. + +IV. Workaround + +No workaround is available, but systems not using the Linux binary +compatibility layer are not vulnerable. + +The following command can be used to test if the Linux binary +compatibility layer is loaded: + +# kldstat -m linuxelf + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Reboot the system or unload and reload the linux.ko kernel module. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot the system or unload and reload the linux.ko kernel module. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-16:04/linux.patch +# fetch https://security.FreeBSD.org/patches/SA-16:04/linux.patch.asc +# gpg --verify linux.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/amd64/linux32 +# make sysent +# cd /usr/src/i386/linux +# make sysent + +c) Recompile your kernel as described in +. + +Reboot the system or unload and reload the linux.ko kernel module. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293898 +releng/9.3/ r293896 +stable/10/ r293897 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j3AAoJEO1n7NZdz2rnstMP/jddSJehSXe9rlL2qhYfRrQY +XZSuoOtolvcl2xSQCZYprXN95/i890VOdJ9x4+iYJA2IQO55a8MjS1DcJjjonV7J +zJa7Apnu1jaK1jDx+RL6C3eVDff0ss1B7NvZTXmjHn+nIsIRxd6vzxDp2NujTnWS +XHNinNAPcVK9Hy/AJh1W+mClvgLg+lyMICuraMjTDc5ML3+fxUmXfDUWq1mm2Chq +uYXMXcIBXBJx1mnnm9n2izExr7j7AHaVJywe/UYk+KCNbSeags76pt1vuPfoOjdE +BaSlX9KNMouYU0JNfv/wC7/UnuQ/BY1XzxheVpIqmXwlFstAmSiKYIQkpIuypVF1 +yUmf8CjN6AOx9P5CjxX88eeY3F6J1yohch1AI4IMqT3F3fd5LbJ5WqOjritt0J96 +hDjnsiVhw4ozQE6SWTY8TKlokOOEfJC+yhNIJ0cNaHnkLSCUuDDErtGzp1CYoYmt +Q8D1VJ1UEaVPaKcaNAo4+sjiE1uK6svPiWa1+W9VbKGvc3Y7PbcuVIzU0aI4ySgj +VecEFM1O5wr3WXIYnDQNwkWVxbCQdxOIPyW0rqMGQVpu1h7MKk0oMboY1bLcQYFy +Aa9okOl+D7ItpEpRUgnIT06B6krC5sUQuzkUxnVIBPKtcl1OZ4B8KidLjEqu4BSx +3qOQSGqZzr8TFcwPIJv4 +=JKVW +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-16:05.tcp.asc b/share/security/advisories/FreeBSD-SA-16:05.tcp.asc new file mode 100644 index 0000000000..8035177ba4 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-16:05.tcp.asc @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:05.tcp Security Advisory + The FreeBSD Project + +Topic: TCP MD5 signature denial of service + +Category: core +Module: kernel +Announced: 2016-01-14 +Credits: Ryan Stone, + Jonathan T. Looney +Affects: All supported versions of FreeBSD. +Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2016-1882 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The Transmission Control Protocol (TCP) of the TCP/IP protocol suite +provides a connection-oriented, reliable, sequence-preserving data +stream service. An optional extension to TCP described in RFC 2385 allows +protecting data streams against spoofed packets with MD5 signature. + +Support for TCP MD5 signatures is not enabled in default kernel. + +II. Problem Description + +A programming error in processing a TCP connection with both TCP_MD5SIG +and TCP_NOOPT socket options may lead to kernel crash. + +III. Impact + +A local attacker can crash the kernel, resulting in a denial-of-service. + +A remote attack is theoretically possible, if server has a listening +socket with TCP_NOOPT set, and server is either out of SYN cache entries, +or SYN cache is disabled by configuration. + +IV. Workaround + +No workaround is available, but installations running a default kernel, +or a custom kernel without TCP_SIGNATURE option are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +System reboot is required. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-16:05/tcp.patch +# fetch https://security.FreeBSD.org/patches/SA-16:05/tcp.patch.asc +# gpg --verify tcp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293898 +releng/9.3/ r293896 +stable/10/ r293897 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j3AAoJEO1n7NZdz2rnrWcQAN+QX6wEvC7FkTXyX2LHFWas +CVOI/KkxkHSVwYMMScmorG27OxDsHTkvrGfqyVbYDczmC5NY+AorMiZMoo7CHn5J +gYmS8NZvBPeMKmFt45lBTBDnKT6mOvHBz6UPhyyHruvR6VZ2h3fyLqYzbMKcy12i +Onmk/nm3vgrqOCmnqYQN8Xo2v2x4KcKU3/jegK+pdfOwd9Q1bmxzBWwFx8yc7pZ0 +3YItalkiMsuRppSuNS9fGoRSoB/Ybf/8pu6SDnhvJnw4CIRGAl3IDKpBanB7F/9E +sofcI499s+uyOHPY8TrQ62L4UjteEukwaV8EJh6vPaLm3pns0cSURzKczgytTH3G +Nz9GcI3hYdfbXRBgJvwtZv9JY5s3ZtPiqqTwHta7AdplXwiOJJ1Ylso5lZ4beiJh +q7Sv+YMJr9cNfnYmSGv33rKN4hdae7XfJm+Ipde4bpgCLFpKkb/aQaGxGlowjDaW +0C77qCg+se3TzwGl0A7ClEq4dLaadTsiShQCpZGQOgc6Wgz9QUBGxU811e3KQHLo +3XQgxGSB9+3d7YiK/ZNkzi8d89VXMgUOx4HoOZ7+SkVBg1+qpbiYnk8VJjLmXyOz +dPtDbzWG68wluWcSc7TD5yIYx2Lw4E9ZMWzh2boOxEWrcd9mxCUPiU9nsF+PIAPG +kTcLnX0+iXijpKMnQpgP +=UjjC +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc b/share/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc new file mode 100644 index 0000000000..fd9b6d8dc7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:06.bsnmpd Security Advisory + The FreeBSD Project + +Topic: Insecure default bsnmpd.conf permissions + +Category: contrib +Module: bsnmpd +Announced: 2016-01-14 +Credits: Pierre Kim +Affects: All supported versions of FreeBSD. +Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2015-5677 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The bsnmpd daemon serves the Internet SNMP (Simple Network Management +Protocol). It is intended to serve only the absolute basic MIBs and +implements all other MIBs through loadable modules. + +II. Problem Description + +The SNMP protocol supports an authentication model called USM, which relies +on a shared secret. The default permission of the bsnmpd configuration file, +/etc/bsnmpd.conf, is weak and does not provide adequate protection against +local unprivileged users. + +III. Impact + +A local user may be able to read the shared secret, if configured and used +by the system administrator. + +IV. Workaround + +No workaround is available, but systems that do not use bsnmpd with its USM +authentication model are not vulnerable. + +V. Solution + +This vulnerability can be fixed by modifying the permission on +/etc/bsnmpd.conf to owner root:wheel and permission 0600. + +The patch is provided mainly for third party vendors who deploy FreeBSD +and provide a safe default. The patch itself DOES NOT fix the permissions +for existing installations. + +The patch can be applied by performing one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The system administrator should change the permission on /etc/bsnmpd.conf +to root:wheel and 0600. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The system administrator should change the permission on /etc/bsnmpd.conf +to root:wheel and 0600. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-16:06/bsnmpd.patch +# fetch https://security.FreeBSD.org/patches/SA-16:06/bsnmpd.patch.asc +# gpg --verify bsnmpd.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in . + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293898 +releng/9.3/ r293896 +stable/10/ r293897 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + + + +VII. References + + + +The latest revision of this advisory is available at + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j4AAoJEO1n7NZdz2rnkaQP/3K9kqYY1YoHQ++uzFPnfuZQ +mkGPJ0frGG46pTL806QJidky6D0LP0zNCzhtU45ZlFMguJ3B3QYp/62Cw61dBG22 +x0uEkvI2F2F39IPA/clspyUHg3Y1RYgTpJrxey0JLrK0yxelyI8vMwB4tCB2eEDW +ZGVU6rvFQcWJOWHABXVYcc+4Yy5ucudp0QbJsVHAKLtF7MLuntVlUj+x4Nncog5k +kmGt6W7tzFn2gNsWcmntmG/LWyPkPURWhYfIj3fgcRrpMTVIDFX5PTgQyJR7DwOM +/beIoQxxKBUwTW1ZRgvcCqFBu7DKSCMABoHgpqLj1gdeiJ1LaO4dErtWXvdBEAAP ++XLi5OkRG3OKzIAIRnkz/SrkAUoRkzHEK1dI0coyw7AdXXjDBWtX+n9lzRXs7hqT +LC3riK/Km9OYVn3+T7tCWnvKN45f+FnD8zxZDE+33Jv9wI8X+CCs9GjJdoJ0HDSd +b6rg8E4gGPzfwFxSNXZQKfDSSuVBECIp3av1gp6hN3qZNOX/sadMsxro8VVGFLPg +81rC+JfKNTeVtxF8oJi9eg3FQ/eupxQv4RvC2c37R7LcErAU1KKxZyNrwv6xDEMx +QVnx74o+luxXSirLxq276pfBQJdMjxYzWCj6E8ztcAZenz3M4WNiRFlt7hdq/3YO +bDBdQPe4eYSHHSGyGcz/ +=LDPU +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-16:01/filemon.patch b/share/security/patches/EN-16:01/filemon.patch new file mode 100644 index 0000000000..f73de625fb --- /dev/null +++ b/share/security/patches/EN-16:01/filemon.patch @@ -0,0 +1,625 @@ +--- sys/dev/filemon/filemon.c.orig ++++ sys/dev/filemon/filemon.c +@@ -1,6 +1,7 @@ + /*- + * Copyright (c) 2011, David E. O'Brien. + * Copyright (c) 2009-2011, Juniper Networks, Inc. ++ * Copyright (c) 2015, EMC Corp. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without +@@ -39,6 +40,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -45,6 +47,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -85,12 +88,8 @@ + + struct filemon { + TAILQ_ENTRY(filemon) link; /* Link into the in-use list. */ +- struct mtx mtx; /* Lock mutex for this filemon. */ +- struct cv cv; /* Lock condition variable for this +- filemon. */ ++ struct sx lock; /* Lock mutex for this filemon. */ + struct file *fp; /* Output file pointer. */ +- struct thread *locker; /* Ptr to the thread locking this +- filemon. */ + pid_t pid; /* The process ID being monitored. */ + char fname1[MAXPATHLEN]; /* Temporary filename buffer. */ + char fname2[MAXPATHLEN]; /* Temporary filename buffer. */ +@@ -99,11 +98,7 @@ + + static TAILQ_HEAD(, filemon) filemons_inuse = TAILQ_HEAD_INITIALIZER(filemons_inuse); + static TAILQ_HEAD(, filemon) filemons_free = TAILQ_HEAD_INITIALIZER(filemons_free); +-static int n_readers = 0; +-static struct mtx access_mtx; +-static struct cv access_cv; +-static struct thread *access_owner = NULL; +-static struct thread *access_requester = NULL; ++static struct sx access_lock; + + static struct cdev *filemon_dev; + +@@ -203,8 +198,7 @@ + + filemon->fp = NULL; + +- mtx_init(&filemon->mtx, "filemon", "filemon", MTX_DEF); +- cv_init(&filemon->cv, "filemon"); ++ sx_init(&filemon->lock, "filemon"); + } + + filemon->pid = curproc->p_pid; +@@ -234,8 +228,7 @@ + static void + filemon_load(void *dummy __unused) + { +- mtx_init(&access_mtx, "filemon", "filemon", MTX_DEF); +- cv_init(&access_cv, "filemon"); ++ sx_init(&access_lock, "filemons_inuse"); + + /* Install the syscall wrappers. */ + filemon_wrapper_install(); +@@ -270,14 +263,12 @@ + filemon_lock_write(); + while ((filemon = TAILQ_FIRST(&filemons_free)) != NULL) { + TAILQ_REMOVE(&filemons_free, filemon, link); +- mtx_destroy(&filemon->mtx); +- cv_destroy(&filemon->cv); ++ sx_destroy(&filemon->lock); + free(filemon, M_FILEMON); + } + filemon_unlock_write(); + +- mtx_destroy(&access_mtx); +- cv_destroy(&access_cv); ++ sx_destroy(&access_lock); + } + + return (error); +--- sys/dev/filemon/filemon_lock.c.orig ++++ sys/dev/filemon/filemon_lock.c +@@ -1,5 +1,6 @@ + /*- + * Copyright (c) 2009-2011, Juniper Networks, Inc. ++ * Copyright (c) 2015, EMC Corp. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without +@@ -27,96 +28,44 @@ + #include + __FBSDID("$FreeBSD$"); + +-static void ++static __inline void + filemon_filemon_lock(struct filemon *filemon) + { +- mtx_lock(&filemon->mtx); + +- while (filemon->locker != NULL && filemon->locker != curthread) +- cv_wait(&filemon->cv, &filemon->mtx); +- +- filemon->locker = curthread; +- +- mtx_unlock(&filemon->mtx); ++ sx_xlock(&filemon->lock); + } + +-static void ++static __inline void + filemon_filemon_unlock(struct filemon *filemon) + { +- mtx_lock(&filemon->mtx); + +- if (filemon->locker == curthread) +- filemon->locker = NULL; +- +- /* Wake up threads waiting. */ +- cv_broadcast(&filemon->cv); +- +- mtx_unlock(&filemon->mtx); ++ sx_xunlock(&filemon->lock); + } + +-static void ++static __inline void + filemon_lock_read(void) + { +- mtx_lock(&access_mtx); + +- while (access_owner != NULL || access_requester != NULL) +- cv_wait(&access_cv, &access_mtx); +- +- n_readers++; +- +- /* Wake up threads waiting. */ +- cv_broadcast(&access_cv); +- +- mtx_unlock(&access_mtx); ++ sx_slock(&access_lock); + } + +-static void ++static __inline void + filemon_unlock_read(void) + { +- mtx_lock(&access_mtx); + +- if (n_readers > 0) +- n_readers--; +- +- /* Wake up a thread waiting. */ +- cv_broadcast(&access_cv); +- +- mtx_unlock(&access_mtx); ++ sx_sunlock(&access_lock); + } + +-static void ++static __inline void + filemon_lock_write(void) + { +- mtx_lock(&access_mtx); + +- while (access_owner != curthread) { +- if (access_owner == NULL && +- (access_requester == NULL || +- access_requester == curthread)) { +- access_owner = curthread; +- access_requester = NULL; +- } else { +- if (access_requester == NULL) +- access_requester = curthread; +- +- cv_wait(&access_cv, &access_mtx); +- } +- } +- +- mtx_unlock(&access_mtx); ++ sx_xlock(&access_lock); + } + +-static void ++static __inline void + filemon_unlock_write(void) + { +- mtx_lock(&access_mtx); + +- /* Sanity check that the current thread actually has the write lock. */ +- if (access_owner == curthread) +- access_owner = NULL; +- +- /* Wake up a thread waiting. */ +- cv_broadcast(&access_cv); +- +- mtx_unlock(&access_mtx); ++ sx_xunlock(&access_lock); + } +--- sys/dev/filemon/filemon_wrapper.c.orig ++++ sys/dev/filemon/filemon_wrapper.c +@@ -1,6 +1,7 @@ + /*- + * Copyright (c) 2011, David E. O'Brien. + * Copyright (c) 2009-2011, Juniper Networks, Inc. ++ * Copyright (c) 2015, EMC Corp. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without +@@ -86,11 +87,18 @@ + { + struct filemon *filemon; + ++ filemon_lock_read(); ++ if (TAILQ_EMPTY(&filemons_inuse)) { ++ filemon_unlock_read(); ++ return (NULL); ++ } + sx_slock(&proctree_lock); + while (p != initproc) { + TAILQ_FOREACH(filemon, &filemons_inuse, link) { + if (p->p_pid == filemon->pid) { + sx_sunlock(&proctree_lock); ++ filemon_filemon_lock(filemon); ++ filemon_unlock_read(); + return (filemon); + } + } +@@ -97,6 +105,7 @@ + p = proc_realparent(p); + } + sx_sunlock(&proctree_lock); ++ filemon_unlock_read(); + return (NULL); + } + +@@ -109,9 +118,6 @@ + /* Load timestamp before locking. Less accurate but less contention. */ + getmicrotime(&now); + +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + /* Lock the found filemon structure. */ + filemon_filemon_lock(filemon); + +@@ -124,9 +130,6 @@ + + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + static int +@@ -138,13 +141,7 @@ + struct filemon *filemon; + + if ((ret = sys_chdir(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->path, filemon->fname1, + sizeof(filemon->fname1), &done); + +@@ -157,9 +154,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -177,13 +171,7 @@ + copyinstr(uap->fname, fname, sizeof(fname), &done); + + if ((ret = sys_execve(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + len = snprintf(filemon->msgbufr, + sizeof(filemon->msgbufr), "E %d %s\n", + curproc->p_pid, fname); +@@ -193,9 +181,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -215,13 +200,7 @@ + copyinstr(uap->fname, fname, sizeof(fname), &done); + + if ((ret = freebsd32_execve(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + len = snprintf(filemon->msgbufr, + sizeof(filemon->msgbufr), "E %d %s\n", + curproc->p_pid, fname); +@@ -231,9 +210,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -248,13 +224,7 @@ + struct filemon *filemon; + + if ((ret = sys_fork(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + len = snprintf(filemon->msgbufr, + sizeof(filemon->msgbufr), "F %d %ld\n", + curproc->p_pid, (long)curthread->td_retval[0]); +@@ -264,9 +234,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -281,13 +248,7 @@ + struct filemon *filemon; + + if ((ret = sys_open(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->path, filemon->fname1, + sizeof(filemon->fname1), &done); + +@@ -313,9 +274,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -330,13 +288,7 @@ + struct filemon *filemon; + + if ((ret = sys_openat(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->path, filemon->fname1, + sizeof(filemon->fname1), &done); + +@@ -375,9 +327,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -392,13 +341,7 @@ + struct filemon *filemon; + + if ((ret = sys_rename(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->from, filemon->fname1, + sizeof(filemon->fname1), &done); + copyinstr(uap->to, filemon->fname2, +@@ -413,9 +356,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -430,13 +370,7 @@ + struct filemon *filemon; + + if ((ret = sys_link(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->path, filemon->fname1, + sizeof(filemon->fname1), &done); + copyinstr(uap->link, filemon->fname2, +@@ -451,9 +385,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -468,13 +399,7 @@ + struct filemon *filemon; + + if ((ret = sys_symlink(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->path, filemon->fname1, + sizeof(filemon->fname1), &done); + copyinstr(uap->link, filemon->fname2, +@@ -489,9 +414,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -507,13 +429,7 @@ + struct filemon *filemon; + + if ((ret = sys_linkat(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->path1, filemon->fname1, + sizeof(filemon->fname1), &done); + copyinstr(uap->path2, filemon->fname2, +@@ -528,9 +444,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -546,13 +459,7 @@ + struct filemon *filemon; + + if ((ret = sys_stat(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->path, filemon->fname1, + sizeof(filemon->fname1), &done); + +@@ -565,9 +472,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -584,13 +488,7 @@ + struct filemon *filemon; + + if ((ret = freebsd32_stat(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->path, filemon->fname1, + sizeof(filemon->fname1), &done); + +@@ -603,9 +501,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -622,13 +517,7 @@ + /* Get timestamp before locking. */ + getmicrotime(&now); + +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + len = snprintf(filemon->msgbufr, sizeof(filemon->msgbufr), + "X %d %d\n", curproc->p_pid, uap->rval); + +@@ -649,9 +538,6 @@ + filemon_filemon_unlock(filemon); + } + +- /* Release the read lock. */ +- filemon_unlock_read(); +- + sys_sys_exit(td, uap); + } + +@@ -664,13 +550,7 @@ + struct filemon *filemon; + + if ((ret = sys_unlink(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + copyinstr(uap->path, filemon->fname1, + sizeof(filemon->fname1), &done); + +@@ -683,9 +563,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); +@@ -699,13 +576,7 @@ + struct filemon *filemon; + + if ((ret = sys_vfork(td, uap)) == 0) { +- /* Grab a read lock on the filemon inuse list. */ +- filemon_lock_read(); +- + if ((filemon = filemon_pid_check(curproc)) != NULL) { +- /* Lock the found filemon structure. */ +- filemon_filemon_lock(filemon); +- + len = snprintf(filemon->msgbufr, + sizeof(filemon->msgbufr), "F %d %ld\n", + curproc->p_pid, (long)curthread->td_retval[0]); +@@ -715,9 +586,6 @@ + /* Unlock the found filemon structure. */ + filemon_filemon_unlock(filemon); + } +- +- /* Release the read lock. */ +- filemon_unlock_read(); + } + + return (ret); diff --git a/share/security/patches/EN-16:01/filemon.patch.asc b/share/security/patches/EN-16:01/filemon.patch.asc new file mode 100644 index 0000000000..f16e99d943 --- /dev/null +++ b/share/security/patches/EN-16:01/filemon.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJWl2vPAAoJEO1n7NZdz2rnKwUQAKVHEkB285VYYoYqJKoy8Pr6 +SG71lY59IZ1YRuFoSQq8RkizrskBDNhSqEXdDgjdMOIqSdaJqXaIHMwtKAv+/I1Y +oRgUtIyLZYhuEUgsbjInNpd7Wk7Y2TQYjb1ZsI3hrNwFLxt5jzrYZCs0Ouk0RkB3 +nR++SMIrBtI5Ak48I8q0KZFPnIralqTmASo8m7QYvqI3Jmq6L06F5LHQ8t/oXVlB +Dubf/SndnZnHtGV2a1qg9uuYvoqEaaH7kY6ZheRrhP5s1AduEWZB4fTiB0Yz9dtv ++hYEO+cP2ynkSispljvtDDC717tOZeWhCisl/D1R+ohlKHiwtQRSLObeKHue27Fx +Ku8c6BvpR311c9WazHIMT9CguvU3WEWnUgm1j+CyRb6KXgCuRaRIDl5vOwvFvGNW +83imL3UY7Z0khlPZKicWWPqhC/Mn0MR5mKza0nyeTTRpWh4ynTZn6fWyU4RO99ic +Zv1bRB6OS5LrL4uFConTXk+n5qo2hILGZfnFODlUZ8QasC/BB6SC+1R0a6kx9dOs +1XYyoZBnjKgn8P/yEqpjOa/KMTDp90jkocjP35HkJBoKftewR2eAtceY4lbw1/Tl +07YYbBmoKjNH4qTH5Rp76m9Dd+vDVpyHQ+Ov5Wm9h8/WUDP3p6aahGh1s5qPYBN3 +AZ3ZmnOKIHgNp1vtWbDq +=j+SB +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-16:02/pf-10.1.patch b/share/security/patches/EN-16:02/pf-10.1.patch new file mode 100644 index 0000000000..8d4136b405 --- /dev/null +++ b/share/security/patches/EN-16:02/pf-10.1.patch @@ -0,0 +1,392 @@ +--- sys/net/pfvar.h.orig ++++ sys/net/pfvar.h +@@ -1558,6 +1558,8 @@ + extern void pf_print_flags(u_int8_t); + extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t, + u_int8_t); ++extern u_int16_t pf_proto_cksum_fixup(struct mbuf *, u_int16_t, ++ u_int16_t, u_int16_t, u_int8_t); + + VNET_DECLARE(struct ifnet *, sync_ifp); + #define V_sync_ifp VNET(sync_ifp); +@@ -1582,6 +1584,9 @@ + void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *, + sa_family_t); + void pf_change_a(void *, u_int16_t *, u_int32_t, u_int8_t); ++void pf_change_proto_a(struct mbuf *, void *, u_int16_t *, u_int32_t, ++ u_int8_t); ++void pf_change_tcp_a(struct mbuf *, void *, u_int16_t *, u_int32_t); + void pf_send_deferred_syn(struct pf_state *); + int pf_match_addr(u_int8_t, struct pf_addr *, struct pf_addr *, + struct pf_addr *, sa_family_t); +--- sys/netinet6/ip6_output.c.orig ++++ sys/netinet6/ip6_output.c +@@ -184,7 +184,7 @@ + }\ + } while (/*CONSTCOND*/ 0) + +-static void ++void + in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset) + { + u_short csum; +--- sys/netinet6/ip6_var.h.orig ++++ sys/netinet6/ip6_var.h +@@ -456,6 +456,7 @@ + struct rtentry **, u_int); + u_int32_t ip6_randomid(void); + u_int32_t ip6_randomflowlabel(void); ++void in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset); + #endif /* _KERNEL */ + + #endif /* !_NETINET6_IP6_VAR_H_ */ +--- sys/netpfil/pf/pf.c.orig ++++ sys/netpfil/pf/pf.c +@@ -203,7 +203,7 @@ + static void pf_add_threshold(struct pf_threshold *); + static int pf_check_threshold(struct pf_threshold *); + +-static void pf_change_ap(struct pf_addr *, u_int16_t *, ++static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *, + u_int16_t *, u_int16_t *, struct pf_addr *, + u_int16_t, u_int8_t, sa_family_t); + static int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *, +@@ -1966,6 +1966,22 @@ + } + } + ++/** ++ * Checksum updates are a little complicated because the checksum in the TCP/UDP ++ * header isn't always a full checksum. In some cases (i.e. output) it's a ++ * pseudo-header checksum, which is a partial checksum over src/dst IP ++ * addresses, protocol number and length. ++ * ++ * That means we have the following cases: ++ * * Input or forwarding: we don't have TSO, the checksum fields are full ++ * checksums, we need to update the checksum whenever we change anything. ++ * * Output (i.e. the checksum is a pseudo-header checksum): ++ * x The field being updated is src/dst address or affects the length of ++ * the packet. We need to update the pseudo-header checksum (note that this ++ * checksum is not ones' complement). ++ * x Some other field is being modified (e.g. src/dst port numbers): We ++ * don't have to update anything. ++ **/ + u_int16_t + pf_cksum_fixup(u_int16_t cksum, u_int16_t old, u_int16_t new, u_int8_t udp) + { +@@ -1981,9 +1997,20 @@ + return (l); + } + ++u_int16_t ++pf_proto_cksum_fixup(struct mbuf *m, u_int16_t cksum, u_int16_t old, ++ u_int16_t new, u_int8_t udp) ++{ ++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6)) ++ return (cksum); ++ ++ return (pf_cksum_fixup(cksum, old, new, udp)); ++} ++ + static void +-pf_change_ap(struct pf_addr *a, u_int16_t *p, u_int16_t *ic, u_int16_t *pc, +- struct pf_addr *an, u_int16_t pn, u_int8_t u, sa_family_t af) ++pf_change_ap(struct mbuf *m, struct pf_addr *a, u_int16_t *p, u_int16_t *ic, ++ u_int16_t *pc, struct pf_addr *an, u_int16_t pn, u_int8_t u, ++ sa_family_t af) + { + struct pf_addr ao; + u_int16_t po = *p; +@@ -1991,6 +2018,9 @@ + PF_ACPY(&ao, a, af); + PF_ACPY(a, an, af); + ++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6)) ++ *pc = ~*pc; ++ + *p = pn; + + switch (af) { +@@ -2000,10 +2030,12 @@ + ao.addr16[0], an->addr16[0], 0), + ao.addr16[1], an->addr16[1], 0); + *p = pn; +- *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc, ++ ++ *pc = pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), +- ao.addr16[1], an->addr16[1], u), +- po, pn, u); ++ ao.addr16[1], an->addr16[1], u); ++ ++ *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + break; + #endif /* INET */ + #ifdef INET6 +@@ -2010,7 +2042,7 @@ + case AF_INET6: + *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( + pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( +- pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc, ++ pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), + ao.addr16[1], an->addr16[1], u), + ao.addr16[2], an->addr16[2], u), +@@ -2018,14 +2050,21 @@ + ao.addr16[4], an->addr16[4], u), + ao.addr16[5], an->addr16[5], u), + ao.addr16[6], an->addr16[6], u), +- ao.addr16[7], an->addr16[7], u), +- po, pn, u); ++ ao.addr16[7], an->addr16[7], u); ++ ++ *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + break; + #endif /* INET6 */ + } ++ ++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | ++ CSUM_DELAY_DATA_IPV6)) { ++ *pc = ~*pc; ++ if (! *pc) ++ *pc = 0xffff; ++ } + } + +- + /* Changes a u_int32_t. Uses a void * so there are no align restrictions */ + void + pf_change_a(void *a, u_int16_t *c, u_int32_t an, u_int8_t u) +@@ -2038,6 +2077,19 @@ + ao % 65536, an % 65536, u); + } + ++void ++pf_change_proto_a(struct mbuf *m, void *a, u_int16_t *c, u_int32_t an, u_int8_t udp) ++{ ++ u_int32_t ao; ++ ++ memcpy(&ao, a, sizeof(ao)); ++ memcpy(a, &an, sizeof(u_int32_t)); ++ ++ *c = pf_proto_cksum_fixup(m, ++ pf_proto_cksum_fixup(m, *c, ao / 65536, an / 65536, udp), ++ ao % 65536, an % 65536, udp); ++} ++ + #ifdef INET6 + static void + pf_change_a6(struct pf_addr *a, u_int16_t *c, struct pf_addr *an, u_int8_t u) +@@ -2183,12 +2235,10 @@ + for (i = 2; i + TCPOLEN_SACK <= olen; + i += TCPOLEN_SACK) { + memcpy(&sack, &opt[i], sizeof(sack)); +- pf_change_a(&sack.start, &th->th_sum, +- htonl(ntohl(sack.start) - +- dst->seqdiff), 0); +- pf_change_a(&sack.end, &th->th_sum, +- htonl(ntohl(sack.end) - +- dst->seqdiff), 0); ++ pf_change_proto_a(m, &sack.start, &th->th_sum, ++ htonl(ntohl(sack.start) - dst->seqdiff), 0); ++ pf_change_proto_a(m, &sack.end, &th->th_sum, ++ htonl(ntohl(sack.end) - dst->seqdiff), 0); + memcpy(&opt[i], &sack, sizeof(sack)); + } + copyback = 1; +@@ -3092,7 +3142,7 @@ + + if (PF_ANEQ(saddr, &nk->addr[pd->sidx], af) || + nk->port[pd->sidx] != sport) { +- pf_change_ap(saddr, &th->th_sport, pd->ip_sum, ++ pf_change_ap(m, saddr, &th->th_sport, pd->ip_sum, + &th->th_sum, &nk->addr[pd->sidx], + nk->port[pd->sidx], 0, af); + pd->sport = &th->th_sport; +@@ -3101,7 +3151,7 @@ + + if (PF_ANEQ(daddr, &nk->addr[pd->didx], af) || + nk->port[pd->didx] != dport) { +- pf_change_ap(daddr, &th->th_dport, pd->ip_sum, ++ pf_change_ap(m, daddr, &th->th_dport, pd->ip_sum, + &th->th_sum, &nk->addr[pd->didx], + nk->port[pd->didx], 0, af); + dport = th->th_dport; +@@ -3115,7 +3165,7 @@ + + if (PF_ANEQ(saddr, &nk->addr[pd->sidx], af) || + nk->port[pd->sidx] != sport) { +- pf_change_ap(saddr, &pd->hdr.udp->uh_sport, ++ pf_change_ap(m, saddr, &pd->hdr.udp->uh_sport, + pd->ip_sum, &pd->hdr.udp->uh_sum, + &nk->addr[pd->sidx], + nk->port[pd->sidx], 1, af); +@@ -3125,7 +3175,7 @@ + + if (PF_ANEQ(daddr, &nk->addr[pd->didx], af) || + nk->port[pd->didx] != dport) { +- pf_change_ap(daddr, &pd->hdr.udp->uh_dport, ++ pf_change_ap(m, daddr, &pd->hdr.udp->uh_dport, + pd->ip_sum, &pd->hdr.udp->uh_sum, + &nk->addr[pd->didx], + nk->port[pd->didx], 1, af); +@@ -3477,7 +3527,7 @@ + if ((s->src.seqdiff = pf_tcp_iss(pd) - s->src.seqlo) == + 0) + s->src.seqdiff = 1; +- pf_change_a(&th->th_seq, &th->th_sum, ++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, + htonl(s->src.seqlo + s->src.seqdiff), 0); + *rewrite = 1; + } else +@@ -3786,9 +3836,9 @@ + while ((src->seqdiff = arc4random() - seq) == 0) + ; + ack = ntohl(th->th_ack) - dst->seqdiff; +- pf_change_a(&th->th_seq, &th->th_sum, htonl(seq + ++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq + + src->seqdiff), 0); +- pf_change_a(&th->th_ack, &th->th_sum, htonl(ack), 0); ++ pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0); + *copyback = 1; + } else { + ack = ntohl(th->th_ack); +@@ -3838,9 +3888,9 @@ + ack = ntohl(th->th_ack) - dst->seqdiff; + if (src->seqdiff) { + /* Modulate sequence numbers */ +- pf_change_a(&th->th_seq, &th->th_sum, htonl(seq + ++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq + + src->seqdiff), 0); +- pf_change_a(&th->th_ack, &th->th_sum, htonl(ack), 0); ++ pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0); + *copyback = 1; + } + end = seq + pd->p_len; +@@ -4294,14 +4344,14 @@ + + if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) || + nk->port[pd->sidx] != th->th_sport) +- pf_change_ap(pd->src, &th->th_sport, pd->ip_sum, +- &th->th_sum, &nk->addr[pd->sidx], ++ pf_change_ap(m, pd->src, &th->th_sport, ++ pd->ip_sum, &th->th_sum, &nk->addr[pd->sidx], + nk->port[pd->sidx], 0, pd->af); + + if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) || + nk->port[pd->didx] != th->th_dport) +- pf_change_ap(pd->dst, &th->th_dport, pd->ip_sum, +- &th->th_sum, &nk->addr[pd->didx], ++ pf_change_ap(m, pd->dst, &th->th_dport, ++ pd->ip_sum, &th->th_sum, &nk->addr[pd->didx], + nk->port[pd->didx], 0, pd->af); + copyback = 1; + } +@@ -4365,13 +4415,13 @@ + + if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) || + nk->port[pd->sidx] != uh->uh_sport) +- pf_change_ap(pd->src, &uh->uh_sport, pd->ip_sum, ++ pf_change_ap(m, pd->src, &uh->uh_sport, pd->ip_sum, + &uh->uh_sum, &nk->addr[pd->sidx], + nk->port[pd->sidx], 1, pd->af); + + if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) || + nk->port[pd->didx] != uh->uh_dport) +- pf_change_ap(pd->dst, &uh->uh_dport, pd->ip_sum, ++ pf_change_ap(m, pd->dst, &uh->uh_dport, pd->ip_sum, + &uh->uh_sum, &nk->addr[pd->didx], + nk->port[pd->didx], 1, pd->af); + m_copyback(m, off, sizeof(*uh), (caddr_t)uh); +@@ -5487,6 +5537,13 @@ + if (ifp->if_flags & IFF_LOOPBACK) + m0->m_flags |= M_SKIP_FIREWALL; + ++ if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6 & ++ ~ifp->if_hwassist) { ++ uint32_t plen = m0->m_pkthdr.len - sizeof(*ip6); ++ in6_delayed_cksum(m0, plen, sizeof(struct ip6_hdr)); ++ m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; ++ } ++ + /* + * If the packet is too large for the outgoing interface, + * send back an icmp6 error. +--- sys/netpfil/pf/pf_ioctl.c.orig ++++ sys/netpfil/pf/pf_ioctl.c +@@ -3571,12 +3571,6 @@ + { + int chk; + +- /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */ +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { +- in_delayed_cksum(*m); +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; +- } +- + chk = pf_test(PF_OUT, ifp, m, inp); + if (chk && *m) { + m_freem(*m); +@@ -3615,14 +3609,6 @@ + { + int chk; + +- /* We need a proper CSUM before we start (s. OpenBSD ip_output) */ +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { +-#ifdef INET +- /* XXX-BZ copy&paste error from r126261? */ +- in_delayed_cksum(*m); +-#endif +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; +- } + CURVNET_SET(ifp->if_vnet); + chk = pf_test6(PF_OUT, ifp, m, inp); + CURVNET_RESTORE(); +--- sys/netpfil/pf/pf_norm.c.orig ++++ sys/netpfil/pf/pf_norm.c +@@ -1374,13 +1374,14 @@ + th->th_x2 = 0; + nv = *(u_int16_t *)(&th->th_ack + 1); + +- th->th_sum = pf_cksum_fixup(th->th_sum, ov, nv, 0); ++ th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, ov, nv, 0); + rewrite = 1; + } + + /* Remove urgent pointer, if TH_URG is not set */ + if (!(flags & TH_URG) && th->th_urp) { +- th->th_sum = pf_cksum_fixup(th->th_sum, th->th_urp, 0, 0); ++ th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, th->th_urp, ++ 0, 0); + th->th_urp = 0; + rewrite = 1; + } +@@ -1581,7 +1582,7 @@ + (src->scrub->pfss_flags & + PFSS_TIMESTAMP)) { + tsval = ntohl(tsval); +- pf_change_a(&opt[2], ++ pf_change_proto_a(m, &opt[2], + &th->th_sum, + htonl(tsval + + src->scrub->pfss_ts_mod), +@@ -1597,7 +1598,7 @@ + PFSS_TIMESTAMP)) { + tsecr = ntohl(tsecr) + - dst->scrub->pfss_ts_mod; +- pf_change_a(&opt[6], ++ pf_change_proto_a(m, &opt[6], + &th->th_sum, htonl(tsecr), + 0); + copyback = 1; +@@ -1924,8 +1925,8 @@ + case TCPOPT_MAXSEG: + mss = (u_int16_t *)(optp + 2); + if ((ntohs(*mss)) > r->max_mss) { +- th->th_sum = pf_cksum_fixup(th->th_sum, +- *mss, htons(r->max_mss), 0); ++ th->th_sum = pf_proto_cksum_fixup(m, ++ th->th_sum, *mss, htons(r->max_mss), 0); + *mss = htons(r->max_mss); + rewrite = 1; + } diff --git a/share/security/patches/EN-16:02/pf-10.1.patch.asc b/share/security/patches/EN-16:02/pf-10.1.patch.asc new file mode 100644 index 0000000000..17964e3713 --- /dev/null +++ b/share/security/patches/EN-16:02/pf-10.1.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJWl2vRAAoJEO1n7NZdz2rneQkP/A5c7Q56gNdajrwxyWwV4jmN +cNtmgLfs9dp2IpyBHkh+kAr+TCiI9ymX7XjxfHr2VZsrzEOiOObj8eRUivORybo2 +Qq7I1ALXUxL2RLzJHRDunWc7h7JC5uAikrv8DCKZ5h3Hu2e5s07fHZqYXbPJyMcb +xzfB6GNXpCSutDnJgHOZqgCefokb5O+J2ER8Zk4Q4Q0ILs1MO6aiseDEoFapFTBk +2rxf1dEzwYxRTpDkqbnVNQb3JNg9YemnlX265kOYUf10sG969EB+W3cOfuP/mRZS +5ff+S7si+5sHFn/0TVc4yN3iEqjxUlYX5IlzRENQEXztxoqLQDuuQ4nF92703loH +5Ay6kp+fci2UiIaK5PNnEWtvNpvgeuK9kY5H40P+qEMPv5nCrGtKzumKy6tlPuIo +ppSc3QCTWjvIbs2MYbonDooCo4z7WQ7P2OJT0kUbHYwaez0gullOt8nv9GgNvLIX +hbox02nWvHV/x9pCtBpFW8qxKVmrNvvYkujhr5G8sf/xmNtUNK8xv2vpKRmatJWC +jzUmJl+UZC6fy60ThaosZO7uZlsC6POtSzQVA4DcIATB/LMNRhf4Z4q8qut0ur64 +YQnKDch1mepEmr/+mTkLf8nk/8kQMHpmij6Dv9xN+dCA5rPozjCervjjiKjRDD4G +gRBpo4VOn2B/ApFDzCP8 +=wyiX +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-16:02/pf-10.2.patch b/share/security/patches/EN-16:02/pf-10.2.patch new file mode 100644 index 0000000000..881326dffb --- /dev/null +++ b/share/security/patches/EN-16:02/pf-10.2.patch @@ -0,0 +1,368 @@ +--- sys/net/pfvar.h.orig ++++ sys/net/pfvar.h +@@ -1554,6 +1554,8 @@ + extern void pf_print_flags(u_int8_t); + extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t, + u_int8_t); ++extern u_int16_t pf_proto_cksum_fixup(struct mbuf *, u_int16_t, ++ u_int16_t, u_int16_t, u_int8_t); + + VNET_DECLARE(struct ifnet *, sync_ifp); + #define V_sync_ifp VNET(sync_ifp); +@@ -1583,6 +1585,9 @@ + void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *, + sa_family_t); + void pf_change_a(void *, u_int16_t *, u_int32_t, u_int8_t); ++void pf_change_proto_a(struct mbuf *, void *, u_int16_t *, u_int32_t, ++ u_int8_t); ++void pf_change_tcp_a(struct mbuf *, void *, u_int16_t *, u_int32_t); + void pf_send_deferred_syn(struct pf_state *); + int pf_match_addr(u_int8_t, struct pf_addr *, struct pf_addr *, + struct pf_addr *, sa_family_t); +--- sys/netpfil/pf/pf.c.orig ++++ sys/netpfil/pf/pf.c +@@ -203,7 +203,7 @@ + static void pf_add_threshold(struct pf_threshold *); + static int pf_check_threshold(struct pf_threshold *); + +-static void pf_change_ap(struct pf_addr *, u_int16_t *, ++static void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *, + u_int16_t *, u_int16_t *, struct pf_addr *, + u_int16_t, u_int8_t, sa_family_t); + static int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *, +@@ -1989,6 +1989,22 @@ + } + } + ++/** ++ * Checksum updates are a little complicated because the checksum in the TCP/UDP ++ * header isn't always a full checksum. In some cases (i.e. output) it's a ++ * pseudo-header checksum, which is a partial checksum over src/dst IP ++ * addresses, protocol number and length. ++ * ++ * That means we have the following cases: ++ * * Input or forwarding: we don't have TSO, the checksum fields are full ++ * checksums, we need to update the checksum whenever we change anything. ++ * * Output (i.e. the checksum is a pseudo-header checksum): ++ * x The field being updated is src/dst address or affects the length of ++ * the packet. We need to update the pseudo-header checksum (note that this ++ * checksum is not ones' complement). ++ * x Some other field is being modified (e.g. src/dst port numbers): We ++ * don't have to update anything. ++ **/ + u_int16_t + pf_cksum_fixup(u_int16_t cksum, u_int16_t old, u_int16_t new, u_int8_t udp) + { +@@ -2004,9 +2020,20 @@ + return (l); + } + ++u_int16_t ++pf_proto_cksum_fixup(struct mbuf *m, u_int16_t cksum, u_int16_t old, ++ u_int16_t new, u_int8_t udp) ++{ ++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6)) ++ return (cksum); ++ ++ return (pf_cksum_fixup(cksum, old, new, udp)); ++} ++ + static void +-pf_change_ap(struct pf_addr *a, u_int16_t *p, u_int16_t *ic, u_int16_t *pc, +- struct pf_addr *an, u_int16_t pn, u_int8_t u, sa_family_t af) ++pf_change_ap(struct mbuf *m, struct pf_addr *a, u_int16_t *p, u_int16_t *ic, ++ u_int16_t *pc, struct pf_addr *an, u_int16_t pn, u_int8_t u, ++ sa_family_t af) + { + struct pf_addr ao; + u_int16_t po = *p; +@@ -2014,6 +2041,9 @@ + PF_ACPY(&ao, a, af); + PF_ACPY(a, an, af); + ++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6)) ++ *pc = ~*pc; ++ + *p = pn; + + switch (af) { +@@ -2023,17 +2053,19 @@ + ao.addr16[0], an->addr16[0], 0), + ao.addr16[1], an->addr16[1], 0); + *p = pn; +- *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc, ++ ++ *pc = pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), +- ao.addr16[1], an->addr16[1], u), +- po, pn, u); ++ ao.addr16[1], an->addr16[1], u); ++ ++ *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + break; + #endif /* INET */ + #ifdef INET6 + case AF_INET6: + *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( + pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( +- pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc, ++ pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), + ao.addr16[1], an->addr16[1], u), + ao.addr16[2], an->addr16[2], u), +@@ -2041,13 +2073,20 @@ + ao.addr16[4], an->addr16[4], u), + ao.addr16[5], an->addr16[5], u), + ao.addr16[6], an->addr16[6], u), +- ao.addr16[7], an->addr16[7], u), +- po, pn, u); ++ ao.addr16[7], an->addr16[7], u); ++ ++ *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + break; + #endif /* INET6 */ + } +-} + ++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | ++ CSUM_DELAY_DATA_IPV6)) { ++ *pc = ~*pc; ++ if (! *pc) ++ *pc = 0xffff; ++ } ++} + + /* Changes a u_int32_t. Uses a void * so there are no align restrictions */ + void +@@ -2061,6 +2100,19 @@ + ao % 65536, an % 65536, u); + } + ++void ++pf_change_proto_a(struct mbuf *m, void *a, u_int16_t *c, u_int32_t an, u_int8_t udp) ++{ ++ u_int32_t ao; ++ ++ memcpy(&ao, a, sizeof(ao)); ++ memcpy(a, &an, sizeof(u_int32_t)); ++ ++ *c = pf_proto_cksum_fixup(m, ++ pf_proto_cksum_fixup(m, *c, ao / 65536, an / 65536, udp), ++ ao % 65536, an % 65536, udp); ++} ++ + #ifdef INET6 + static void + pf_change_a6(struct pf_addr *a, u_int16_t *c, struct pf_addr *an, u_int8_t u) +@@ -2206,12 +2258,10 @@ + for (i = 2; i + TCPOLEN_SACK <= olen; + i += TCPOLEN_SACK) { + memcpy(&sack, &opt[i], sizeof(sack)); +- pf_change_a(&sack.start, &th->th_sum, +- htonl(ntohl(sack.start) - +- dst->seqdiff), 0); +- pf_change_a(&sack.end, &th->th_sum, +- htonl(ntohl(sack.end) - +- dst->seqdiff), 0); ++ pf_change_proto_a(m, &sack.start, &th->th_sum, ++ htonl(ntohl(sack.start) - dst->seqdiff), 0); ++ pf_change_proto_a(m, &sack.end, &th->th_sum, ++ htonl(ntohl(sack.end) - dst->seqdiff), 0); + memcpy(&opt[i], &sack, sizeof(sack)); + } + copyback = 1; +@@ -3115,7 +3165,7 @@ + + if (PF_ANEQ(saddr, &nk->addr[pd->sidx], af) || + nk->port[pd->sidx] != sport) { +- pf_change_ap(saddr, &th->th_sport, pd->ip_sum, ++ pf_change_ap(m, saddr, &th->th_sport, pd->ip_sum, + &th->th_sum, &nk->addr[pd->sidx], + nk->port[pd->sidx], 0, af); + pd->sport = &th->th_sport; +@@ -3124,7 +3174,7 @@ + + if (PF_ANEQ(daddr, &nk->addr[pd->didx], af) || + nk->port[pd->didx] != dport) { +- pf_change_ap(daddr, &th->th_dport, pd->ip_sum, ++ pf_change_ap(m, daddr, &th->th_dport, pd->ip_sum, + &th->th_sum, &nk->addr[pd->didx], + nk->port[pd->didx], 0, af); + dport = th->th_dport; +@@ -3138,7 +3188,7 @@ + + if (PF_ANEQ(saddr, &nk->addr[pd->sidx], af) || + nk->port[pd->sidx] != sport) { +- pf_change_ap(saddr, &pd->hdr.udp->uh_sport, ++ pf_change_ap(m, saddr, &pd->hdr.udp->uh_sport, + pd->ip_sum, &pd->hdr.udp->uh_sum, + &nk->addr[pd->sidx], + nk->port[pd->sidx], 1, af); +@@ -3148,7 +3198,7 @@ + + if (PF_ANEQ(daddr, &nk->addr[pd->didx], af) || + nk->port[pd->didx] != dport) { +- pf_change_ap(daddr, &pd->hdr.udp->uh_dport, ++ pf_change_ap(m, daddr, &pd->hdr.udp->uh_dport, + pd->ip_sum, &pd->hdr.udp->uh_sum, + &nk->addr[pd->didx], + nk->port[pd->didx], 1, af); +@@ -3500,7 +3550,7 @@ + if ((s->src.seqdiff = pf_tcp_iss(pd) - s->src.seqlo) == + 0) + s->src.seqdiff = 1; +- pf_change_a(&th->th_seq, &th->th_sum, ++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, + htonl(s->src.seqlo + s->src.seqdiff), 0); + *rewrite = 1; + } else +@@ -3824,9 +3874,9 @@ + while ((src->seqdiff = arc4random() - seq) == 0) + ; + ack = ntohl(th->th_ack) - dst->seqdiff; +- pf_change_a(&th->th_seq, &th->th_sum, htonl(seq + ++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq + + src->seqdiff), 0); +- pf_change_a(&th->th_ack, &th->th_sum, htonl(ack), 0); ++ pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0); + *copyback = 1; + } else { + ack = ntohl(th->th_ack); +@@ -3876,9 +3926,9 @@ + ack = ntohl(th->th_ack) - dst->seqdiff; + if (src->seqdiff) { + /* Modulate sequence numbers */ +- pf_change_a(&th->th_seq, &th->th_sum, htonl(seq + ++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq + + src->seqdiff), 0); +- pf_change_a(&th->th_ack, &th->th_sum, htonl(ack), 0); ++ pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0); + *copyback = 1; + } + end = seq + pd->p_len; +@@ -4332,14 +4382,14 @@ + + if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) || + nk->port[pd->sidx] != th->th_sport) +- pf_change_ap(pd->src, &th->th_sport, pd->ip_sum, +- &th->th_sum, &nk->addr[pd->sidx], ++ pf_change_ap(m, pd->src, &th->th_sport, ++ pd->ip_sum, &th->th_sum, &nk->addr[pd->sidx], + nk->port[pd->sidx], 0, pd->af); + + if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) || + nk->port[pd->didx] != th->th_dport) +- pf_change_ap(pd->dst, &th->th_dport, pd->ip_sum, +- &th->th_sum, &nk->addr[pd->didx], ++ pf_change_ap(m, pd->dst, &th->th_dport, ++ pd->ip_sum, &th->th_sum, &nk->addr[pd->didx], + nk->port[pd->didx], 0, pd->af); + copyback = 1; + } +@@ -4403,13 +4453,13 @@ + + if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) || + nk->port[pd->sidx] != uh->uh_sport) +- pf_change_ap(pd->src, &uh->uh_sport, pd->ip_sum, ++ pf_change_ap(m, pd->src, &uh->uh_sport, pd->ip_sum, + &uh->uh_sum, &nk->addr[pd->sidx], + nk->port[pd->sidx], 1, pd->af); + + if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) || + nk->port[pd->didx] != uh->uh_dport) +- pf_change_ap(pd->dst, &uh->uh_dport, pd->ip_sum, ++ pf_change_ap(m, pd->dst, &uh->uh_dport, pd->ip_sum, + &uh->uh_sum, &nk->addr[pd->didx], + nk->port[pd->didx], 1, pd->af); + m_copyback(m, off, sizeof(*uh), (caddr_t)uh); +@@ -5526,6 +5576,13 @@ + if (ifp->if_flags & IFF_LOOPBACK) + m0->m_flags |= M_SKIP_FIREWALL; + ++ if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6 & ++ ~ifp->if_hwassist) { ++ uint32_t plen = m0->m_pkthdr.len - sizeof(*ip6); ++ in6_delayed_cksum(m0, plen, sizeof(struct ip6_hdr)); ++ m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; ++ } ++ + /* + * If the packet is too large for the outgoing interface, + * send back an icmp6 error. +--- sys/netpfil/pf/pf_ioctl.c.orig ++++ sys/netpfil/pf/pf_ioctl.c +@@ -3561,12 +3561,6 @@ + { + int chk; + +- /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */ +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { +- in_delayed_cksum(*m); +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; +- } +- + chk = pf_test(PF_OUT, ifp, m, inp); + if (chk && *m) { + m_freem(*m); +@@ -3605,13 +3599,6 @@ + { + int chk; + +- /* We need a proper CSUM before we start (s. OpenBSD ip_output) */ +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6) { +- in6_delayed_cksum(*m, +- (*m)->m_pkthdr.len - sizeof(struct ip6_hdr), +- sizeof(struct ip6_hdr)); +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; +- } + CURVNET_SET(ifp->if_vnet); + chk = pf_test6(PF_OUT, ifp, m, inp); + CURVNET_RESTORE(); +--- sys/netpfil/pf/pf_norm.c.orig ++++ sys/netpfil/pf/pf_norm.c +@@ -1680,13 +1680,14 @@ + th->th_x2 = 0; + nv = *(u_int16_t *)(&th->th_ack + 1); + +- th->th_sum = pf_cksum_fixup(th->th_sum, ov, nv, 0); ++ th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, ov, nv, 0); + rewrite = 1; + } + + /* Remove urgent pointer, if TH_URG is not set */ + if (!(flags & TH_URG) && th->th_urp) { +- th->th_sum = pf_cksum_fixup(th->th_sum, th->th_urp, 0, 0); ++ th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, th->th_urp, ++ 0, 0); + th->th_urp = 0; + rewrite = 1; + } +@@ -1887,7 +1888,7 @@ + (src->scrub->pfss_flags & + PFSS_TIMESTAMP)) { + tsval = ntohl(tsval); +- pf_change_a(&opt[2], ++ pf_change_proto_a(m, &opt[2], + &th->th_sum, + htonl(tsval + + src->scrub->pfss_ts_mod), +@@ -1903,7 +1904,7 @@ + PFSS_TIMESTAMP)) { + tsecr = ntohl(tsecr) + - dst->scrub->pfss_ts_mod; +- pf_change_a(&opt[6], ++ pf_change_proto_a(m, &opt[6], + &th->th_sum, htonl(tsecr), + 0); + copyback = 1; +@@ -2230,8 +2231,8 @@ + case TCPOPT_MAXSEG: + mss = (u_int16_t *)(optp + 2); + if ((ntohs(*mss)) > r->max_mss) { +- th->th_sum = pf_cksum_fixup(th->th_sum, +- *mss, htons(r->max_mss), 0); ++ th->th_sum = pf_proto_cksum_fixup(m, ++ th->th_sum, *mss, htons(r->max_mss), 0); + *mss = htons(r->max_mss); + rewrite = 1; + } diff --git a/share/security/patches/EN-16:02/pf-10.2.patch.asc b/share/security/patches/EN-16:02/pf-10.2.patch.asc new file mode 100644 index 0000000000..604f9757d5 --- /dev/null +++ b/share/security/patches/EN-16:02/pf-10.2.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJWl2vVAAoJEO1n7NZdz2rnwAsP/jRzi56f90G3nCAJx18gorHB +unXB4gMVkQvFoEYrhn9N96HhvFPdvEm0/YwAJqWpiRH3OO9RtAjGIJUc1vpBzCIk +XROAzwV4EevwcqhfVpZlQ/SxrU1+TXAL/sLSgnaSapCaTadUGDbetDpCi6ZeWzb3 +Kn8xeYZcIGDxQgiDBvzq3xcpxoQNc5VzpTwfE5P3yrfjFEPhW13J+6+PZuQEr3Hd +44vqFI+me0g498CSuokctqidGTCqsd0ak6y6t1r1wRkBnZJ12kc1TQT0FCkTB38I +THgdpglmr2ZNN7RRw0L30N28XPUipoVfzIjv8c7bWFY6j7SzjIWdGQVbnzOdNUyg +YbR68yVA4uZ0/vpTHLlme3s90NdUufS7DVL7ner7hFjAuSMJU11UyLYRcZhMCsMs +V3Zssu49J7as/f5qvRCJOrR2DBQwX8XnvuMLBRf2GdseHhrNn8RSRIsMGgOu96XN +NriyyoV7XcM30Tn1OlLdPNlrIYi/OB8STstdWRnSDhimdkf/t7IGYKUdhNAadCQI +X0tsNalFP0ChbrKpooJ0wVExeS6mF+cWJqvS78y1we/3rQYBPDKA1vMptt7shHI7 +Cy1uZezwh5Pge2CeRgkyBvdplmZIbwNi3pah8JwE9cdlipEvf9qEydY8pooQIpZe +sk42yCvQAjd69q7VWdhx +=b/JC +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-16:02/pf-9.patch b/share/security/patches/EN-16:02/pf-9.patch new file mode 100644 index 0000000000..c9a347aadf --- /dev/null +++ b/share/security/patches/EN-16:02/pf-9.patch @@ -0,0 +1,389 @@ +--- sys/contrib/pf/net/pf.c.orig ++++ sys/contrib/pf/net/pf.c +@@ -239,7 +239,7 @@ + void pf_add_threshold(struct pf_threshold *); + int pf_check_threshold(struct pf_threshold *); + +-void pf_change_ap(struct pf_addr *, u_int16_t *, ++void pf_change_ap(struct mbuf *, struct pf_addr *, u_int16_t *, + u_int16_t *, u_int16_t *, struct pf_addr *, + u_int16_t, u_int8_t, sa_family_t); + int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *, +@@ -2007,6 +2007,22 @@ + } + } + ++/** ++ * Checksum updates are a little complicated because the checksum in the TCP/UDP ++ * header isn't always a full checksum. In some cases (i.e. output) it's a ++ * pseudo-header checksum, which is a partial checksum over src/dst IP ++ * addresses, protocol number and length. ++ * ++ * That means we have the following cases: ++ * * Input or forwarding: we don't have TSO, the checksum fields are full ++ * checksums, we need to update the checksum whenever we change anything. ++ * * Output (i.e. the checksum is a pseudo-header checksum): ++ * x The field being updated is src/dst address or affects the length of ++ * the packet. We need to update the pseudo-header checksum (note that this ++ * checksum is not ones' complement). ++ * x Some other field is being modified (e.g. src/dst port numbers): We ++ * don't have to update anything. ++ **/ + u_int16_t + pf_cksum_fixup(u_int16_t cksum, u_int16_t old, u_int16_t new, u_int8_t udp) + { +@@ -2022,9 +2038,20 @@ + return (l); + } + ++u_int16_t ++pf_proto_cksum_fixup(struct mbuf *m, u_int16_t cksum, u_int16_t old, ++ u_int16_t new, u_int8_t udp) ++{ ++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6)) ++ return (cksum); ++ ++ return (pf_cksum_fixup(cksum, old, new, udp)); ++} ++ + void +-pf_change_ap(struct pf_addr *a, u_int16_t *p, u_int16_t *ic, u_int16_t *pc, +- struct pf_addr *an, u_int16_t pn, u_int8_t u, sa_family_t af) ++pf_change_ap(struct mbuf *m, struct pf_addr *a, u_int16_t *p, u_int16_t *ic, ++ u_int16_t *pc, struct pf_addr *an, u_int16_t pn, u_int8_t u, ++ sa_family_t af) + { + struct pf_addr ao; + u_int16_t po = *p; +@@ -2032,6 +2059,9 @@ + PF_ACPY(&ao, a, af); + PF_ACPY(a, an, af); + ++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | CSUM_DELAY_DATA_IPV6)) ++ *pc = ~*pc; ++ + *p = pn; + + switch (af) { +@@ -2041,17 +2071,19 @@ + ao.addr16[0], an->addr16[0], 0), + ao.addr16[1], an->addr16[1], 0); + *p = pn; +- *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc, ++ ++ *pc = pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), +- ao.addr16[1], an->addr16[1], u), +- po, pn, u); ++ ao.addr16[1], an->addr16[1], u); ++ ++ *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + break; + #endif /* INET */ + #ifdef INET6 + case AF_INET6: + *pc = pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( + pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup( +- pf_cksum_fixup(pf_cksum_fixup(pf_cksum_fixup(*pc, ++ pf_cksum_fixup(pf_cksum_fixup(*pc, + ao.addr16[0], an->addr16[0], u), + ao.addr16[1], an->addr16[1], u), + ao.addr16[2], an->addr16[2], u), +@@ -2059,13 +2091,20 @@ + ao.addr16[4], an->addr16[4], u), + ao.addr16[5], an->addr16[5], u), + ao.addr16[6], an->addr16[6], u), +- ao.addr16[7], an->addr16[7], u), +- po, pn, u); ++ ao.addr16[7], an->addr16[7], u); ++ ++ *pc = pf_proto_cksum_fixup(m, *pc, po, pn, u); + break; + #endif /* INET6 */ + } +-} + ++ if (m->m_pkthdr.csum_flags & (CSUM_DELAY_DATA | ++ CSUM_DELAY_DATA_IPV6)) { ++ *pc = ~*pc; ++ if (! *pc) ++ *pc = 0xffff; ++ } ++} + + /* Changes a u_int32_t. Uses a void * so there are no align restrictions */ + void +@@ -2079,6 +2118,19 @@ + ao % 65536, an % 65536, u); + } + ++void ++pf_change_proto_a(struct mbuf *m, void *a, u_int16_t *c, u_int32_t an, u_int8_t udp) ++{ ++ u_int32_t ao; ++ ++ memcpy(&ao, a, sizeof(ao)); ++ memcpy(a, &an, sizeof(u_int32_t)); ++ ++ *c = pf_proto_cksum_fixup(m, ++ pf_proto_cksum_fixup(m, *c, ao / 65536, an / 65536, udp), ++ ao % 65536, an % 65536, udp); ++} ++ + #ifdef INET6 + void + pf_change_a6(struct pf_addr *a, u_int16_t *c, struct pf_addr *an, u_int8_t u) +@@ -2228,12 +2280,10 @@ + for (i = 2; i + TCPOLEN_SACK <= olen; + i += TCPOLEN_SACK) { + memcpy(&sack, &opt[i], sizeof(sack)); +- pf_change_a(&sack.start, &th->th_sum, +- htonl(ntohl(sack.start) - +- dst->seqdiff), 0); +- pf_change_a(&sack.end, &th->th_sum, +- htonl(ntohl(sack.end) - +- dst->seqdiff), 0); ++ pf_change_proto_a(m, &sack.start, &th->th_sum, ++ htonl(ntohl(sack.start) - dst->seqdiff), 0); ++ pf_change_proto_a(m, &sack.end, &th->th_sum, ++ htonl(ntohl(sack.end) - dst->seqdiff), 0); + memcpy(&opt[i], &sack, sizeof(sack)); + } + copyback = 1; +@@ -3400,7 +3450,7 @@ + + if (PF_ANEQ(saddr, &nk->addr[pd->sidx], af) || + nk->port[pd->sidx] != sport) { +- pf_change_ap(saddr, &th->th_sport, pd->ip_sum, ++ pf_change_ap(m, saddr, &th->th_sport, pd->ip_sum, + &th->th_sum, &nk->addr[pd->sidx], + nk->port[pd->sidx], 0, af); + pd->sport = &th->th_sport; +@@ -3409,7 +3459,7 @@ + + if (PF_ANEQ(daddr, &nk->addr[pd->didx], af) || + nk->port[pd->didx] != dport) { +- pf_change_ap(daddr, &th->th_dport, pd->ip_sum, ++ pf_change_ap(m, daddr, &th->th_dport, pd->ip_sum, + &th->th_sum, &nk->addr[pd->didx], + nk->port[pd->didx], 0, af); + dport = th->th_dport; +@@ -3423,7 +3473,7 @@ + + if (PF_ANEQ(saddr, &nk->addr[pd->sidx], af) || + nk->port[pd->sidx] != sport) { +- pf_change_ap(saddr, &pd->hdr.udp->uh_sport, ++ pf_change_ap(m, saddr, &pd->hdr.udp->uh_sport, + pd->ip_sum, &pd->hdr.udp->uh_sum, + &nk->addr[pd->sidx], + nk->port[pd->sidx], 1, af); +@@ -3433,7 +3483,7 @@ + + if (PF_ANEQ(daddr, &nk->addr[pd->didx], af) || + nk->port[pd->didx] != dport) { +- pf_change_ap(daddr, &pd->hdr.udp->uh_dport, ++ pf_change_ap(m, daddr, &pd->hdr.udp->uh_dport, + pd->ip_sum, &pd->hdr.udp->uh_sum, + &nk->addr[pd->didx], + nk->port[pd->didx], 1, af); +@@ -3845,7 +3895,7 @@ + if ((s->src.seqdiff = pf_tcp_iss(pd) - s->src.seqlo) == + 0) + s->src.seqdiff = 1; +- pf_change_a(&th->th_seq, &th->th_sum, ++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, + htonl(s->src.seqlo + s->src.seqdiff), 0); + *rewrite = 1; + } else +@@ -4175,9 +4225,9 @@ + while ((src->seqdiff = arc4random() - seq) == 0) + ; + ack = ntohl(th->th_ack) - dst->seqdiff; +- pf_change_a(&th->th_seq, &th->th_sum, htonl(seq + ++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq + + src->seqdiff), 0); +- pf_change_a(&th->th_ack, &th->th_sum, htonl(ack), 0); ++ pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0); + *copyback = 1; + } else { + ack = ntohl(th->th_ack); +@@ -4227,9 +4277,9 @@ + ack = ntohl(th->th_ack) - dst->seqdiff; + if (src->seqdiff) { + /* Modulate sequence numbers */ +- pf_change_a(&th->th_seq, &th->th_sum, htonl(seq + ++ pf_change_proto_a(m, &th->th_seq, &th->th_sum, htonl(seq + + src->seqdiff), 0); +- pf_change_a(&th->th_ack, &th->th_sum, htonl(ack), 0); ++ pf_change_proto_a(m, &th->th_ack, &th->th_sum, htonl(ack), 0); + *copyback = 1; + } + end = seq + pd->p_len; +@@ -4729,14 +4779,14 @@ + + if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) || + nk->port[pd->sidx] != th->th_sport) +- pf_change_ap(pd->src, &th->th_sport, pd->ip_sum, +- &th->th_sum, &nk->addr[pd->sidx], ++ pf_change_ap(m, pd->src, &th->th_sport, ++ pd->ip_sum, &th->th_sum, &nk->addr[pd->sidx], + nk->port[pd->sidx], 0, pd->af); + + if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) || + nk->port[pd->didx] != th->th_dport) +- pf_change_ap(pd->dst, &th->th_dport, pd->ip_sum, +- &th->th_sum, &nk->addr[pd->didx], ++ pf_change_ap(m, pd->dst, &th->th_dport, ++ pd->ip_sum, &th->th_sum, &nk->addr[pd->didx], + nk->port[pd->didx], 0, pd->af); + copyback = 1; + } +@@ -4807,13 +4857,13 @@ + + if (PF_ANEQ(pd->src, &nk->addr[pd->sidx], pd->af) || + nk->port[pd->sidx] != uh->uh_sport) +- pf_change_ap(pd->src, &uh->uh_sport, pd->ip_sum, ++ pf_change_ap(m, pd->src, &uh->uh_sport, pd->ip_sum, + &uh->uh_sum, &nk->addr[pd->sidx], + nk->port[pd->sidx], 1, pd->af); + + if (PF_ANEQ(pd->dst, &nk->addr[pd->didx], pd->af) || + nk->port[pd->didx] != uh->uh_dport) +- pf_change_ap(pd->dst, &uh->uh_dport, pd->ip_sum, ++ pf_change_ap(m, pd->dst, &uh->uh_dport, pd->ip_sum, + &uh->uh_sum, &nk->addr[pd->didx], + nk->port[pd->didx], 1, pd->af); + #ifdef __FreeBSD__ +@@ -6290,6 +6340,13 @@ + ip6 = mtod(m0, struct ip6_hdr *); + } + ++ if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA_IPV6 & ++ ~ifp->if_hwassist) { ++ uint32_t plen = m0->m_pkthdr.len - sizeof(*ip6); ++ in6_delayed_cksum(m0, plen, sizeof(struct ip6_hdr)); ++ m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA_IPV6; ++ } ++ + /* + * If the packet is too large for the outgoing interface, + * send back an icmp6 error. +--- sys/contrib/pf/net/pf_ioctl.c.orig ++++ sys/contrib/pf/net/pf_ioctl.c +@@ -4158,11 +4158,6 @@ + struct ip *h = NULL; + int chk; + +- /* We need a proper CSUM befor we start (s. OpenBSD ip_output) */ +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { +- in_delayed_cksum(*m); +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; +- } + if ((*m)->m_pkthdr.len >= (int)sizeof(*h)) { + /* if m_pkthdr.len is less than ip header, pf will handle. */ + h = mtod(*m, struct ip *); +@@ -4222,14 +4217,6 @@ + */ + int chk; + +- /* We need a proper CSUM before we start (s. OpenBSD ip_output) */ +- if ((*m)->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { +-#ifdef INET +- /* XXX-BZ copy&paste error from r126261? */ +- in_delayed_cksum(*m); +-#endif +- (*m)->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; +- } + CURVNET_SET(ifp->if_vnet); + chk = pf_test6(PF_OUT, ifp, m, NULL, inp); + CURVNET_RESTORE(); +--- sys/contrib/pf/net/pf_norm.c.orig ++++ sys/contrib/pf/net/pf_norm.c +@@ -1657,13 +1657,14 @@ + th->th_x2 = 0; + nv = *(u_int16_t *)(&th->th_ack + 1); + +- th->th_sum = pf_cksum_fixup(th->th_sum, ov, nv, 0); ++ th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, ov, nv, 0); + rewrite = 1; + } + + /* Remove urgent pointer, if TH_URG is not set */ + if (!(flags & TH_URG) && th->th_urp) { +- th->th_sum = pf_cksum_fixup(th->th_sum, th->th_urp, 0, 0); ++ th->th_sum = pf_proto_cksum_fixup(m, th->th_sum, th->th_urp, ++ 0, 0); + th->th_urp = 0; + rewrite = 1; + } +@@ -1889,7 +1890,7 @@ + (src->scrub->pfss_flags & + PFSS_TIMESTAMP)) { + tsval = ntohl(tsval); +- pf_change_a(&opt[2], ++ pf_change_proto_a(m, &opt[2], + &th->th_sum, + htonl(tsval + + src->scrub->pfss_ts_mod), +@@ -1905,7 +1906,7 @@ + PFSS_TIMESTAMP)) { + tsecr = ntohl(tsecr) + - dst->scrub->pfss_ts_mod; +- pf_change_a(&opt[6], ++ pf_change_proto_a(m, &opt[6], + &th->th_sum, htonl(tsecr), + 0); + copyback = 1; +@@ -2286,8 +2287,8 @@ + case TCPOPT_MAXSEG: + mss = (u_int16_t *)(optp + 2); + if ((ntohs(*mss)) > r->max_mss) { +- th->th_sum = pf_cksum_fixup(th->th_sum, +- *mss, htons(r->max_mss), 0); ++ th->th_sum = pf_proto_cksum_fixup(m, ++ th->th_sum, *mss, htons(r->max_mss), 0); + *mss = htons(r->max_mss); + rewrite = 1; + } +--- sys/contrib/pf/net/pfvar.h.orig ++++ sys/contrib/pf/net/pfvar.h +@@ -1909,6 +1909,8 @@ + extern void pf_print_flags(u_int8_t); + extern u_int16_t pf_cksum_fixup(u_int16_t, u_int16_t, u_int16_t, + u_int8_t); ++extern u_int16_t pf_proto_cksum_fixup(struct mbuf *, u_int16_t, ++ u_int16_t, u_int16_t, u_int8_t); + + #ifdef __FreeBSD__ + VNET_DECLARE(struct ifnet *, sync_ifp); +@@ -1954,6 +1956,9 @@ + void *pf_pull_hdr(struct mbuf *, int, void *, int, u_short *, u_short *, + sa_family_t); + void pf_change_a(void *, u_int16_t *, u_int32_t, u_int8_t); ++void pf_change_proto_a(struct mbuf *, void *, u_int16_t *, u_int32_t, ++ u_int8_t); ++void pf_change_tcp_a(struct mbuf *, void *, u_int16_t *, u_int32_t); + int pflog_packet(struct pfi_kif *, struct mbuf *, sa_family_t, u_int8_t, + u_int8_t, struct pf_rule *, struct pf_rule *, struct pf_ruleset *, + struct pf_pdesc *); +--- sys/netinet6/ip6_output.c.orig ++++ sys/netinet6/ip6_output.c +@@ -184,7 +184,7 @@ + }\ + } while (/*CONSTCOND*/ 0) + +-static void ++void + in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset) + { + u_short csum; +--- sys/netinet6/ip6_var.h.orig ++++ sys/netinet6/ip6_var.h +@@ -456,6 +456,7 @@ + struct rtentry **, u_int); + u_int32_t ip6_randomid(void); + u_int32_t ip6_randomflowlabel(void); ++void in6_delayed_cksum(struct mbuf *m, uint32_t plen, u_short offset); + #endif /* _KERNEL */ + + #endif /* !_NETINET6_IP6_VAR_H_ */ diff --git a/share/security/patches/EN-16:02/pf-9.patch.asc b/share/security/patches/EN-16:02/pf-9.patch.asc new file mode 100644 index 0000000000..00b167a019 --- /dev/null +++ b/share/security/patches/EN-16:02/pf-9.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJWl2vXAAoJEO1n7NZdz2rnWksQANG3wnvt9x7pSkzPczC76OlN +FVDRCnBNcBe4Jpr0KixCGBxY5ICVLPTbyS9REX3cNY5PokjKuFEqvX6EUtE0W6Jp +k3Y4AYRvCGCrCbn7HXwlbmRDKZNjvnC0Ek6SQYotcSGeY69RyusZ2tAZKQRv+TGR +JO95YKORnU4NvBtm6jDQAvdFodDG2yLpj5Q8V8/N7aA+0CKHp5+RkTUv/2THmrKD +8BeMWbtCJBVIAEuChfuDKj5fpWKaCAm7TmZZJHUviY1BmRu2z0CAya7Z//a74d+s +uvkDC2ohjqZ13EmC9dQ+WyRIlb8KbBGl5f8zM2wNX2Cqvlt0tAeoEHl/KAJTJ2Ap +PAJd6DCz2Fqu/vHzqzRW8zkjUOoRJ4CkwLjHqhxKJcJoG2x8nwCKYpKpF47/6Ys1 +UGfGva42YjEKqtK9vK7PjMUSFyvJVNQSEsj3kYBPW3cJdx7monF9kcLYpBRBFO4W +9RVT8xjHtJv76aWqnsyA5DIlNfIg3x7lMLnXE1hR+jifyZ1mDJxHYIaDzxq/klBt +cWIRlfCvtar8bGgNR1O/qncSNgn+3k32861AsfS/F0ca4lYdTAkE/5xXA2YesfyS +hWqjchvI6v36JyeshEqL68RXKsnoaB0SxJ3z19Qam0m3QSHNNANyQackPsiTZRxe +hLYgXohMz/V8yjbEgOOP +=rwun +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-16:03/yplib.patch b/share/security/patches/EN-16:03/yplib.patch new file mode 100644 index 0000000000..f3e405ec47 --- /dev/null +++ b/share/security/patches/EN-16:03/yplib.patch @@ -0,0 +1,121 @@ +--- lib/libc/yp/yplib.c.orig ++++ lib/libc/yp/yplib.c +@@ -655,7 +655,7 @@ + struct timeval tv; + struct ypreq_key yprk; + int r; +- ++ int retries = 0; + *outval = NULL; + *outvallen = 0; + +@@ -700,6 +700,11 @@ + #endif + + again: ++ if (retries > MAX_RETRIES) { ++ YPUNLOCK(); ++ return (YPERR_RPC); ++ } ++ + if (_yp_dobind(indomain, &ysd) != 0) { + YPUNLOCK(); + return (YPERR_DOMAIN); +@@ -716,6 +721,7 @@ + if (r != RPC_SUCCESS) { + clnt_perror(ysd->dom_client, "yp_match: clnt_call"); + _yp_unbind(ysd); ++ retries++; + goto again; + } + +@@ -772,7 +778,7 @@ + struct dom_binding *ysd; + struct timeval tv; + int r; +- ++ int retries = 0; + /* Sanity check */ + + if (indomain == NULL || !strlen(indomain) || +@@ -784,6 +790,11 @@ + + YPLOCK(); + again: ++ if (retries > MAX_RETRIES) { ++ YPUNLOCK(); ++ return (YPERR_RPC); ++ } ++ + if (_yp_dobind(indomain, &ysd) != 0) { + YPUNLOCK(); + return (YPERR_DOMAIN); +@@ -802,6 +813,7 @@ + if (r != RPC_SUCCESS) { + clnt_perror(ysd->dom_client, "yp_first: clnt_call"); + _yp_unbind(ysd); ++ retries++; + goto again; + } + if (!(r = ypprot_err(yprkv.stat))) { +@@ -844,7 +856,7 @@ + struct dom_binding *ysd; + struct timeval tv; + int r; +- ++ int retries = 0; + /* Sanity check */ + + if (inkey == NULL || !strlen(inkey) || inkeylen <= 0 || +@@ -857,6 +869,11 @@ + + YPLOCK(); + again: ++ if (retries > MAX_RETRIES) { ++ YPUNLOCK(); ++ return (YPERR_RPC); ++ } ++ + if (_yp_dobind(indomain, &ysd) != 0) { + YPUNLOCK(); + return (YPERR_DOMAIN); +@@ -877,6 +894,7 @@ + if (r != RPC_SUCCESS) { + clnt_perror(ysd->dom_client, "yp_next: clnt_call"); + _yp_unbind(ysd); ++ retries++; + goto again; + } + if (!(r = ypprot_err(yprkv.stat))) { +@@ -920,7 +938,7 @@ + CLIENT *clnt; + u_long status, savstat; + int clnt_sock; +- ++ int retries = 0; + /* Sanity check */ + + if (indomain == NULL || !strlen(indomain) || +@@ -929,6 +947,10 @@ + + YPLOCK(); + again: ++ if (retries > MAX_RETRIES) { ++ YPUNLOCK(); ++ return (YPERR_RPC); ++ } + + if (_yp_dobind(indomain, &ysd) != 0) { + YPUNLOCK(); +@@ -958,9 +980,10 @@ + if (clnt_call(clnt, YPPROC_ALL, + (xdrproc_t)xdr_ypreq_nokey, &yprnk, + (xdrproc_t)xdr_ypresp_all_seq, &status, tv) != RPC_SUCCESS) { +- clnt_perror(ysd->dom_client, "yp_all: clnt_call"); ++ clnt_perror(clnt, "yp_all: clnt_call"); + clnt_destroy(clnt); + _yp_unbind(ysd); ++ retries++; + goto again; + } + diff --git a/share/security/patches/EN-16:03/yplib.patch.asc b/share/security/patches/EN-16:03/yplib.patch.asc new file mode 100644 index 0000000000..c7f6acb6b3 --- /dev/null +++ b/share/security/patches/EN-16:03/yplib.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJWl2vYAAoJEO1n7NZdz2rnxbYQAKxlkBfJnArM/ESwHCi9dvbC +Q4dsDErwVo2uIaxyB29Tl2uy2qR7npiXOCbuaKZHnFr87lTwi0zsELQ3OJEFbzsF +XTkRteKfM4el/s4UUzj0IIYnR7w97UvLM5stgrilIegg4yg0okOiGDDpentv/iPb +EGzt9PbWncsminLR0bbwMygE3Pb/5NVcdEUzZSEVVFjWt+8N4j1DMQolLIs/pgvh +TSWlztQqEFntia5LjBx05WOlg5cnM9NZGYW4ruQ2hVOjVdb/qEYyDKRzDOIkYIGl +vHjWltGQNAmB3+EpCg1m4dENBhQPwkmXI9x87c+M3MsgZafOwY9C/igjWyUngDjP +lquCAQq8pMk0OvtUctbjp3jMGVOUwhi4x3ZtknnHcR33/PCBTGIi7eekNdXp9g1G +0Iu/0meA1HEN3Zll+J4iGUoMIDPj247Lcqp3k/+V7sWDuHRszjW1Thk07OLS/+E4 +iJ1vLy9FuwBoVOuc5h3P2hc2dAR49rlSh/DC+CIosRWtBN3K5kEi3zGyTPx1jCb9 +KZnJLRjRsp7Pc8ttCXHprUn1EqqxeIsDHLAJ4v2FjieKawQXfeJPnzhUKL5W1B8F +N6GkwxhwwksHfwqOF6Lt7i4Zfy3+HSqO5sJlAvZ0H95in6/rdkC/au0FTYfoowkW +XCERr6GWLn+OElTN0zP6 +=m8uJ +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-16:01/sctp.patch b/share/security/patches/SA-16:01/sctp.patch new file mode 100644 index 0000000000..be7ef8a30f --- /dev/null +++ b/share/security/patches/SA-16:01/sctp.patch @@ -0,0 +1,21 @@ +--- sys/netinet6/sctp6_usrreq.c.orig ++++ sys/netinet6/sctp6_usrreq.c +@@ -379,7 +379,6 @@ + * XXX: We assume that when IPV6 is non NULL, M and OFF are + * valid. + */ +- /* check if we can safely examine src and dst ports */ + struct sctp_inpcb *inp = NULL; + struct sctp_tcb *stcb = NULL; + struct sctp_nets *net = NULL; +@@ -388,6 +387,10 @@ + if (ip6cp->ip6c_m == NULL) + return; + ++ /* Check if we can safely examine the SCTP header. */ ++ if (ip6cp->ip6c_m->m_pkthdr.len < ip6cp->ip6c_off + sizeof(sh)) ++ return; ++ + bzero(&sh, sizeof(sh)); + bzero(&final, sizeof(final)); + inp = NULL; diff --git a/share/security/patches/SA-16:01/sctp.patch.asc b/share/security/patches/SA-16:01/sctp.patch.asc new file mode 100644 index 0000000000..fa17253a11 --- /dev/null +++ b/share/security/patches/SA-16:01/sctp.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJWl2vZAAoJEO1n7NZdz2rnhLcQAKcsskSsuiYk43iZ3r+xYTxW +rnKNXWsg07vvgGTt7SuSieW+U+QJG7tlneksjFdOMlubaEzxhpSptsWYWy+jkR8U +revnF2SW1BItKYmXLtYAtyzvHxIuOlJKiyUKflA/MdrNdgPBpLcOgxJw1EJcaY6u +5YUTIg3N4KLNSNFlvOVPi9PtM8uf7gR+8rvvbPW/v9ni28qsp8un5biPtgr/ESuV +ya4nTFwYi6221na3dB/PyA97WKd7rvkDyZvUA5IDeNGDm1mT15YPRPaknAmlBsa6 +9vEnObj9oODKsdwsPS+Ov0By3X9CsW2dJlcLIHmC/DW89My3x/Q1pbquqTc5P8DF +eu4i0TuYgPlukjWqASi04zoOPibRxNadLaqPr6BKMDX4daUXmP6G+wnWAp89tj/3 +t1rAsB/z/OXq136vIEgRnEIVYMBk0Ie9Jc5wsm9ZA8WQ7w4+1NJOmhmR5V4hD+IX +m0FueELyEKje57ArwryjoBgHUgODQtI1QARPPAvvN1x81J76dQVT+fzBWychWzzk +OvvF2mbxwxfIQBB47OQVrrqctxfLZyekmpY6Ma6eCY5dzFdmI3ncHnkmXE2HHklU +Oi7NtuwkxQfARKDON3CWU9PBYQkV9aciTDYMO1Lk24ojwye0XL7XWGMPR+/GjT3v +cacygRjuFTVLcLIka2w+ +=AqPl +-----END PGP SIGNATURE----- diff --git a/share/security/patches/SA-16:02/ntp-10.patch b/share/security/patches/SA-16:02/ntp-10.patch new file mode 100644 index 0000000000..07d2a4db6f --- /dev/null +++ b/share/security/patches/SA-16:02/ntp-10.patch @@ -0,0 +1,15927 @@ +--- contrib/ntp/html/miscopt.html.orig ++++ contrib/ntp/html/miscopt.html +@@ -3,7 +3,7 @@ + + + Miscellaneous Commands and Options +- ++ + + + +@@ -11,7 +11,7 @@ + giffrom Pogo, Walt Kelly +

We have three, now looking for more.

+

Last update: +- 23-Sep-2015 10:20 ++ 17-Nov-2015 11:06 + UTC

+
+

Related Links

+@@ -57,7 +57,7 @@ +
interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name | address[/prefixlen]]
+
This command controls which network addresses ntpd opens, and whether input is dropped without processing. The first parameter determines the action for addresses which match the second parameter. That parameter specifies a class of addresses, or a specific interface name, or an address. In the address case, prefixlen determines how many bits must match for this rule to apply. ignore prevents opening matching addresses, drop causes ntpd to open the address and drop all received packets without examination. Multiple interface commands can be used. The last rule which matches a particular address determines the action for it. interface commands are disabled if any -I, --interface, -L, or --novirtualips command-line options are used. If none of those options are used and no interface actions are specified in the configuration file, all available network addresses are opened. The nic command is an alias for interface.
+
leapfile leapfile
+-
This command loads the NIST leapseconds file and initializes the leapsecond values for the next leapsecond time, expiration time and TAI offset. The file can be obtained directly from NIST national time servers using ftp as the ASCII file pub/leap-seconds.
++
This command loads the IERS leapseconds file and initializes the leapsecond values for the next leapsecond time, expiration time and TAI offset. The file can be obtained directly from the IERS at https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list or ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list.
+
The leapfile is scanned when ntpd processes the leapfile directive or when ntpd detects that leapfile has changed. ntpd checks once a day to see if the leapfile has changed.
+
While not strictly a security function, the Autokey protocol provides means to securely retrieve the current or updated leapsecond values from a server.
+
leapsmearinterval seconds
+--- contrib/ntp/include/Makefile.am.orig ++++ contrib/ntp/include/Makefile.am +@@ -66,6 +66,7 @@ + recvbuff.h \ + refclock_atom.h \ + refidsmear.h \ ++ safecast.h \ + ssl_applink.c \ + timepps-SCO.h \ + timepps-Solaris.h \ +--- contrib/ntp/include/Makefile.in.orig ++++ contrib/ntp/include/Makefile.in +@@ -551,6 +551,7 @@ + recvbuff.h \ + refclock_atom.h \ + refidsmear.h \ ++ safecast.h \ + ssl_applink.c \ + timepps-SCO.h \ + timepps-Solaris.h \ +--- contrib/ntp/include/ntp_refclock.h.orig ++++ contrib/ntp/include/ntp_refclock.h +@@ -220,7 +220,7 @@ + extern void refclock_control(sockaddr_u *, + const struct refclockstat *, + struct refclockstat *); +-extern int refclock_open (char *, u_int, u_int); ++extern int refclock_open (const char *, u_int, u_int); + extern int refclock_setup (int, u_int, u_int); + extern void refclock_timer (struct peer *); + extern void refclock_transmit(struct peer *); +--- contrib/ntp/include/ntp_stdlib.h.orig ++++ contrib/ntp/include/ntp_stdlib.h +@@ -65,8 +65,8 @@ + /* authkeys.c */ + extern void auth_delkeys (void); + extern int auth_havekey (keyid_t); +-extern int authdecrypt (keyid_t, u_int32 *, int, int); +-extern int authencrypt (keyid_t, u_int32 *, int); ++extern int authdecrypt (keyid_t, u_int32 *, size_t, size_t); ++extern size_t authencrypt (keyid_t, u_int32 *, size_t); + extern int authhavekey (keyid_t); + extern int authistrusted (keyid_t); + extern int authreadkeys (const char *); +@@ -95,8 +95,8 @@ + extern int ymd2yd (int, int, int); + + /* a_md5encrypt.c */ +-extern int MD5authdecrypt (int, u_char *, u_int32 *, int, int); +-extern int MD5authencrypt (int, u_char *, u_int32 *, int); ++extern int MD5authdecrypt (int, const u_char *, u_int32 *, size_t, size_t); ++extern size_t MD5authencrypt (int, const u_char *, u_int32 *, size_t); + extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t); + extern u_int32 addr2refid (sockaddr_u *); + +--- contrib/ntp/include/ntp_worker.h.orig ++++ contrib/ntp/include/ntp_worker.h +@@ -43,19 +43,22 @@ + } blocking_pipe_header; + + # ifdef WORK_THREAD +-# ifdef WORK_PIPE +-typedef pthread_t * thr_ref; +-typedef sem_t * sem_ref; ++# ifdef SYS_WINNT ++typedef struct { HANDLE thnd; } thread_type; ++typedef struct { HANDLE shnd; } sema_type; + # else +-typedef HANDLE thr_ref; +-typedef HANDLE sem_ref; ++typedef pthread_t thread_type; ++typedef sem_t sema_type; + # endif ++typedef thread_type *thr_ref; ++typedef sema_type *sem_ref; + # endif + + /* + * + */ +-#ifdef WORK_FORK ++#if defined(WORK_FORK) ++ + typedef struct blocking_child_tag { + int reusable; + int pid; +@@ -66,38 +69,59 @@ + int resp_write_pipe; + int ispipe; + } blocking_child; ++ + #elif defined(WORK_THREAD) ++ + typedef struct blocking_child_tag { + /* + * blocking workitems and blocking_responses are dynamically-sized + * one-dimensional arrays of pointers to blocking worker requests and + * responses. ++ * ++ * IMPORTANT: This structure is shared between threads, and all access ++ * that is not atomic (especially queue operations) must hold the ++ * 'accesslock' semaphore to avoid data races. ++ * ++ * The resource management (thread/semaphore creation/destruction) ++ * functions and functions just testing a handle are safe because these ++ * are only changed by the main thread when no worker is running on the ++ * same data structure. + */ + int reusable; +- thr_ref thread_ref; +- u_int thread_id; +- blocking_pipe_header * volatile * volatile ++ sem_ref accesslock; /* shared access lock */ ++ thr_ref thread_ref; /* thread 'handle' */ ++ ++ /* the reuest queue */ ++ blocking_pipe_header ** volatile + workitems; + volatile size_t workitems_alloc; +- size_t next_workitem; /* parent */ +- size_t next_workeritem; /* child */ +- blocking_pipe_header * volatile * volatile ++ size_t head_workitem; /* parent */ ++ size_t tail_workitem; /* child */ ++ sem_ref workitems_pending; /* signalling */ ++ ++ /* the response queue */ ++ blocking_pipe_header ** volatile + responses; + volatile size_t responses_alloc; +- size_t next_response; /* child */ +- size_t next_workresp; /* parent */ ++ size_t head_response; /* child */ ++ size_t tail_response; /* parent */ ++ + /* event handles / sem_t pointers */ +- /* sem_ref child_is_blocking; */ +- sem_ref blocking_req_ready; + sem_ref wake_scheduled_sleep; ++ ++ /* some systems use a pipe for notification, others a semaphore. ++ * Both employ the queue above for the actual data transfer. ++ */ + #ifdef WORK_PIPE +- int resp_read_pipe; /* parent */ +- int resp_write_pipe;/* child */ ++ int resp_read_pipe; /* parent */ ++ int resp_write_pipe; /* child */ + int ispipe; +- void * resp_read_ctx; /* child */ ++ void * resp_read_ctx; /* child */ + #else +- sem_ref blocking_response_ready; ++ sem_ref responses_pending; /* signalling */ + #endif ++ sema_type sem_table[4]; ++ thread_type thr_table[1]; + } blocking_child; + + #endif /* WORK_THREAD */ +@@ -111,7 +135,7 @@ + extern int queue_blocking_request(blocking_work_req, void *, + size_t, blocking_work_callback, + void *); +-extern int queue_blocking_response(blocking_child *, ++extern int queue_blocking_response(blocking_child *, + blocking_pipe_header *, size_t, + const blocking_pipe_header *); + extern void process_blocking_resp(blocking_child *); +--- contrib/ntp/include/ntpd.h.orig ++++ contrib/ntp/include/ntpd.h +@@ -156,7 +156,7 @@ + extern int freq_cnt; + + /* ntp_monitor.c */ +-#define MON_HASH_SIZE (1U << mon_hash_bits) ++#define MON_HASH_SIZE ((size_t)1U << mon_hash_bits) + #define MON_HASH_MASK (MON_HASH_SIZE - 1) + #define MON_HASH(addr) (sock_hash(addr) & MON_HASH_MASK) + extern void init_mon (void); +@@ -408,6 +408,7 @@ + extern int ext_enable; /* external clock enabled */ + extern int cal_enable; /* refclock calibrate enable */ + extern int allow_panic; /* allow panic correction (-g) */ ++extern int enable_panic_check; /* Can we check allow_panic's state? */ + extern int force_step_once; /* always step time once at startup (-G) */ + extern int mode_ntpdate; /* exit on first clock set (-q) */ + extern int peer_ntpdate; /* count of ntpdate peers */ +--- contrib/ntp/include/safecast.h.orig ++++ contrib/ntp/include/safecast.h +@@ -0,0 +1,34 @@ ++#ifndef SAFECAST_H ++#define SAFECAST_H ++ ++#include ++static inline int size2int_chk(size_t v) ++{ ++ if (v > INT_MAX) ++ abort(); ++ return (int)(v); ++} ++ ++static inline int size2int_sat(size_t v) ++{ ++ return (v > INT_MAX) ? INT_MAX : (int)v; ++} ++ ++/* Compilers can emit warning about increased alignment requirements ++ * when casting pointers. The impact is tricky: on machines where ++ * alignment is just a performance issue (x86,x64,...) this might just ++ * cause a performance penalty. On others, an address error can occur ++ * and the process dies... ++ * ++ * Still, there are many cases where the pointer arithmetic and the ++ * buffer alignment make sure this does not happen. OTOH, the compiler ++ * doesn't know this and still emits warnings. ++ * ++ * The following cast macros are going through void pointers to tell ++ * the compiler that there is no alignment requirement to watch. ++ */ ++#define UA_PTR(ptype,pval) ((ptype *)(void*)(pval)) ++#define UAC_PTR(ptype,pval) ((const ptype *)(const void*)(pval)) ++#define UAV_PTR(ptype,pval) ((volatile ptype *)(volatile void*)(pval)) ++ ++#endif +--- contrib/ntp/lib/isc/win32/interfaceiter.c.orig ++++ contrib/ntp/lib/isc/win32/interfaceiter.c +@@ -54,7 +54,7 @@ + IP_ADAPTER_ADDRESSES * ipaaCur; /* enumeration position */ + IP_ADAPTER_UNICAST_ADDRESS *ipuaCur; /* enumeration subposition */ + /* fields used for the older address enumeration ioctls */ +- int socket; ++ SOCKET socket; + INTERFACE_INFO IFData; /* Current Interface Info */ + int numIF; /* Current Interface count */ + int v4IF; /* Number of IPv4 Interfaces */ +--- contrib/ntp/lib/isc/win32/net.c.orig ++++ contrib/ntp/lib/isc/win32/net.c +@@ -216,7 +216,8 @@ + + static void + try_ipv6pktinfo(void) { +- int s, on; ++ SOCKET s; ++ int on; + char strbuf[ISC_STRERRORSIZE]; + isc_result_t result; + int optname; +--- contrib/ntp/lib/isc/backtrace.c.orig ++++ contrib/ntp/lib/isc/backtrace.c +@@ -278,7 +278,7 @@ + result = ISC_R_NOTFOUND; + else { + *symbolp = found->symbol; +- *offsetp = (const char *)addr - (char *)found->addr; ++ *offsetp = (u_long)((const char *)addr - (char *)found->addr); + } + + return (result); +--- contrib/ntp/lib/isc/buffer.c.orig ++++ contrib/ntp/lib/isc/buffer.c +@@ -406,7 +406,7 @@ + + void + isc__buffer_putstr(isc_buffer_t *b, const char *source) { +- unsigned int l; ++ size_t l; + unsigned char *cp; + + REQUIRE(ISC_BUFFER_VALID(b)); +@@ -421,7 +421,7 @@ + + cp = isc_buffer_used(b); + memcpy(cp, source, l); +- b->used += l; ++ b->used += (u_int)l; /* checked above - no overflow here */ + } + + isc_result_t +--- contrib/ntp/lib/isc/inet_aton.c.orig ++++ contrib/ntp/lib/isc/inet_aton.c +@@ -92,7 +92,7 @@ + int + isc_net_aton(const char *cp, struct in_addr *addr) { + unsigned long val; +- int base, n; ++ int base; + unsigned char c; + isc_uint8_t parts[4]; + isc_uint8_t *pp = parts; +@@ -166,8 +166,7 @@ + * Concoct the address according to + * the number of parts specified. + */ +- n = pp - parts + 1; +- switch (n) { ++ switch (pp - parts + 1) { + case 1: /* a -- 32 bits */ + break; + +--- contrib/ntp/lib/isc/inet_pton.c.orig ++++ contrib/ntp/lib/isc/inet_pton.c +@@ -92,7 +92,7 @@ + const char *pch; + + if ((pch = strchr(digits, ch)) != NULL) { +- unsigned int newv = *tp * 10 + (pch - digits); ++ size_t newv = *tp * 10 + (pch - digits); + + if (saw_digit && *tp == 0) + return (0); +@@ -197,12 +197,12 @@ + * Since some memmove()'s erroneously fail to handle + * overlapping regions, we'll do the shift by hand. + */ +- const int n = tp - colonp; ++ const size_t n = tp - colonp; + int i; + + if (tp == endp) + return (0); +- for (i = 1; i <= n; i++) { ++ for (i = 1; (size_t)i <= n; i++) { + endp[- i] = colonp[n - i]; + colonp[n - i] = 0; + } +--- contrib/ntp/lib/isc/log.c.orig ++++ contrib/ntp/lib/isc/log.c +@@ -1146,7 +1146,7 @@ + char *basenam, *digit_end; + const char *dirname; + int version, greatest = -1; +- unsigned int basenamelen; ++ size_t basenamelen; + isc_dir_t dir; + isc_result_t result; + char sep = '/'; +--- contrib/ntp/lib/isc/netaddr.c.orig ++++ contrib/ntp/lib/isc/netaddr.c +@@ -159,7 +159,7 @@ + if (r == NULL) + return (ISC_R_FAILURE); + +- alen = strlen(abuf); ++ alen = (unsigned int)strlen(abuf); /* no overflow possible */ + INSIST(alen < sizeof(abuf)); + + zlen = 0; +--- contrib/ntp/lib/isc/sockaddr.c.orig ++++ contrib/ntp/lib/isc/sockaddr.c +@@ -134,7 +134,7 @@ + break; + #ifdef ISC_PLAFORM_HAVESYSUNH + case AF_UNIX: +- plen = strlen(sockaddr->type.sunix.sun_path); ++ plen = (unsigned int)strlen(sockaddr->type.sunix.sun_path); + if (plen >= isc_buffer_availablelength(target)) + return (ISC_R_NOSPACE); + +@@ -153,7 +153,7 @@ + return (ISC_R_FAILURE); + } + +- plen = strlen(pbuf); ++ plen = (unsigned int)strlen(pbuf); + INSIST(plen < sizeof(pbuf)); + + isc_netaddr_fromsockaddr(&netaddr, sockaddr); +--- contrib/ntp/lib/isc/task.c.orig ++++ contrib/ntp/lib/isc/task.c +@@ -329,7 +329,7 @@ + isc__task_create(isc_taskmgr_t *manager0, unsigned int quantum, + isc_task_t **taskp) + { +- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0; ++ isc__taskmgr_t *manager = (void*)manager0; + isc__task_t *task; + isc_boolean_t exiting; + isc_result_t result; +@@ -1463,7 +1463,7 @@ + */ + + REQUIRE(managerp != NULL); +- manager = (isc__taskmgr_t *)*managerp; ++ manager = (void*)(*managerp); + REQUIRE(VALID_MANAGER(manager)); + + #ifndef USE_WORKER_THREADS +@@ -1559,7 +1559,7 @@ + + ISC_TASKFUNC_SCOPE void + isc__taskmgr_setmode(isc_taskmgr_t *manager0, isc_taskmgrmode_t mode) { +- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0; ++ isc__taskmgr_t *manager = (void*)manager0; + + LOCK(&manager->lock); + manager->mode = mode; +@@ -1568,7 +1568,7 @@ + + ISC_TASKFUNC_SCOPE isc_taskmgrmode_t + isc__taskmgr_mode(isc_taskmgr_t *manager0) { +- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0; ++ isc__taskmgr_t *manager = (void*)manager0; + isc_taskmgrmode_t mode; + LOCK(&manager->lock); + mode = manager->mode; +@@ -1579,7 +1579,7 @@ + #ifndef USE_WORKER_THREADS + isc_boolean_t + isc__taskmgr_ready(isc_taskmgr_t *manager0) { +- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0; ++ isc__taskmgr_t *manager = (void*)manager0; + isc_boolean_t is_ready; + + #ifdef USE_SHARED_MANAGER +@@ -1598,7 +1598,7 @@ + + isc_result_t + isc__taskmgr_dispatch(isc_taskmgr_t *manager0) { +- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0; ++ isc__taskmgr_t *manager = (void*)manager0; + + #ifdef USE_SHARED_MANAGER + if (manager == NULL) +@@ -1615,7 +1615,7 @@ + #else + ISC_TASKFUNC_SCOPE void + isc__taskmgr_pause(isc_taskmgr_t *manager0) { +- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0; ++ isc__taskmgr_t *manager = (void*)manager0; + LOCK(&manager->lock); + while (manager->tasks_running > 0) { + WAIT(&manager->paused, &manager->lock); +@@ -1626,7 +1626,7 @@ + + ISC_TASKFUNC_SCOPE void + isc__taskmgr_resume(isc_taskmgr_t *manager0) { +- isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0; ++ isc__taskmgr_t *manager = (void*)manager0; + + LOCK(&manager->lock); + if (manager->pause_requested) { +--- contrib/ntp/libntp/a_md5encrypt.c.orig ++++ contrib/ntp/libntp/a_md5encrypt.c +@@ -16,12 +16,12 @@ + * + * Returns length of MAC including key ID and digest. + */ +-int ++size_t + MD5authencrypt( +- int type, /* hash algorithm */ +- u_char *key, /* key pointer */ +- u_int32 *pkt, /* packet pointer */ +- int length /* packet length */ ++ int type, /* hash algorithm */ ++ const u_char * key, /* key pointer */ ++ u_int32 * pkt, /* packet pointer */ ++ size_t length /* packet length */ + ) + { + u_char digest[EVP_MAX_MD_SIZE]; +@@ -44,7 +44,7 @@ + EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); + #endif + EVP_DigestUpdate(&ctx, key, cache_secretsize); +- EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); ++ EVP_DigestUpdate(&ctx, (u_char *)pkt, length); + EVP_DigestFinal(&ctx, digest, &len); + memmove((u_char *)pkt + length + 4, digest, len); + return (len + 4); +@@ -58,11 +58,11 @@ + */ + int + MD5authdecrypt( +- int type, /* hash algorithm */ +- u_char *key, /* key pointer */ +- u_int32 *pkt, /* packet pointer */ +- int length, /* packet length */ +- int size /* MAC size */ ++ int type, /* hash algorithm */ ++ const u_char * key, /* key pointer */ ++ u_int32 * pkt, /* packet pointer */ ++ size_t length, /* packet length */ ++ size_t size /* MAC size */ + ) + { + u_char digest[EVP_MAX_MD_SIZE]; +@@ -85,14 +85,14 @@ + EVP_DigestInit(&ctx, EVP_get_digestbynid(type)); + #endif + EVP_DigestUpdate(&ctx, key, cache_secretsize); +- EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length); ++ EVP_DigestUpdate(&ctx, (u_char *)pkt, length); + EVP_DigestFinal(&ctx, digest, &len); +- if ((u_int)size != len + 4) { ++ if (size != (size_t)len + 4) { + msyslog(LOG_ERR, + "MAC decrypt: MAC length error"); + return (0); + } +- return !memcmp(digest, (char *)pkt + length + 4, len); ++ return !memcmp(digest, (const char *)pkt + length + 4, len); + } + + /* +--- contrib/ntp/libntp/atolfp.c.orig ++++ contrib/ntp/libntp/atolfp.c +@@ -68,7 +68,7 @@ + + while (*cp != '\0' && (ind = strchr(digits, *cp)) != NULL) { + dec_i = (dec_i << 3) + (dec_i << 1); /* multiply by 10 */ +- dec_i += (ind - digits); ++ dec_i += (u_long)(ind - digits); + cp++; + } + +@@ -80,7 +80,7 @@ + && (ind = strchr(digits, *cp)) != NULL) { + ndec++; + dec_f = (dec_f << 3) + (dec_f << 1); /* *10 */ +- dec_f += (ind - digits); ++ dec_f += (u_long)(ind - digits); + cp++; + } + +--- contrib/ntp/libntp/authkeys.c.orig ++++ contrib/ntp/libntp/authkeys.c +@@ -63,7 +63,7 @@ + * keyid. We make this fairly big for potentially busy servers. + */ + #define DEF_AUTHHASHSIZE 64 +-//#define HASHMASK ((HASHSIZE)-1) ++/*#define HASHMASK ((HASHSIZE)-1)*/ + #define KEYHASH(keyid) ((keyid) & authhashmask) + + int authhashdisabled; +@@ -511,7 +511,17 @@ + return TRUE; + } + +- ++/* Note: There are two locations below where 'strncpy()' is used. While ++ * this function is a hazard by itself, it's essential that it is used ++ * here. Bug 1243 involved that the secret was filled with NUL bytes ++ * after the first NUL encountered, and 'strlcpy()' simply does NOT have ++ * this behaviour. So disabling the fix and reverting to the buggy ++ * behaviour due to compatibility issues MUST also fill with NUL and ++ * this needs 'strncpy'. Also, the secret is managed as a byte blob of a ++ * given size, and eventually truncating it and replacing the last byte ++ * with a NUL would be a bug. ++ * perlinger@ntp.org 2015-10-10 ++ */ + void + MD5auth_setkey( + keyid_t keyno, +@@ -546,7 +556,8 @@ + #ifndef DISABLE_BUG1243_FIX + memcpy(sk->secret, key, secretsize); + #else +- strlcpy((char *)sk->secret, (const char *)key, ++ /* >MUST< use 'strncpy()' here! See above! */ ++ strncpy((char *)sk->secret, (const char *)key, + secretsize); + #endif + if (cache_keyid == keyno) { +@@ -565,7 +576,8 @@ + #ifndef DISABLE_BUG1243_FIX + memcpy(secret, key, secretsize); + #else +- strlcpy((char *)secret, (const char *)key, secretsize); ++ /* >MUST< use 'strncpy()' here! See above! */ ++ strncpy((char *)secret, (const char *)key, secretsize); + #endif + allocsymkey(bucket, keyno, 0, (u_short)keytype, 0, + (u_short)secretsize, secret); +@@ -641,13 +653,13 @@ + * + * Returns length of authenticator field, zero if key not found. + */ +-int ++size_t + authencrypt( + keyid_t keyno, + u_int32 * pkt, +- int length ++ size_t length + ) +-{\ ++{ + /* + * A zero key identifier means the sender has not verified + * the last message was correctly authenticated. The MAC +@@ -675,8 +687,8 @@ + authdecrypt( + keyid_t keyno, + u_int32 * pkt, +- int length, +- int size ++ size_t length, ++ size_t size + ) + { + /* +--- contrib/ntp/libntp/authreadkeys.c.orig ++++ contrib/ntp/libntp/authreadkeys.c +@@ -77,14 +77,23 @@ + * data on global/static level. + */ + +-static const size_t nerr_loglimit = 5u; +-static const size_t nerr_maxlimit = 15; ++static const u_int nerr_loglimit = 5u; ++static const u_int nerr_maxlimit = 15; + +-static void log_maybe(size_t*, const char*, ...) NTP_PRINTF(2, 3); ++static void log_maybe(u_int*, const char*, ...) NTP_PRINTF(2, 3); + ++typedef struct keydata KeyDataT; ++struct keydata { ++ KeyDataT *next; /* queue/stack link */ ++ keyid_t keyid; /* stored key ID */ ++ u_short keytype; /* stored key type */ ++ u_short seclen; /* length of secret */ ++ u_char secbuf[1]; /* begin of secret (formal only)*/ ++}; ++ + static void + log_maybe( +- size_t *pnerr, ++ u_int *pnerr, + const char *fmt , + ...) + { +@@ -113,26 +122,25 @@ + u_char keystr[32]; /* Bug 2537 */ + size_t len; + size_t j; +- size_t nerr; ++ u_int nerr; ++ KeyDataT *list = NULL; ++ KeyDataT *next = NULL; + /* + * Open file. Complain and return if it can't be opened. + */ + fp = fopen(file, "r"); + if (fp == NULL) { +- msyslog(LOG_ERR, "authreadkeys: file %s: %m", ++ msyslog(LOG_ERR, "authreadkeys: file '%s': %m", + file); +- return (0); ++ goto onerror; + } + INIT_SSL(); + + /* +- * Remove all existing keys ++ * Now read lines from the file, looking for key entries. Put ++ * the data into temporary store for later propagation to avoid ++ * two-pass processing. + */ +- auth_delkeys(); +- +- /* +- * Now read lines from the file, looking for key entries +- */ + nerr = 0; + while ((line = fgets(buf, sizeof buf, fp)) != NULL) { + if (nerr > nerr_maxlimit) +@@ -216,11 +224,16 @@ + "authreadkeys: no key for key %d", keyno); + continue; + } ++ next = NULL; + len = strlen(token); + if (len <= 20) { /* Bug 2537 */ +- MD5auth_setkey(keyno, keytype, (u_char *)token, len); ++ next = emalloc(sizeof(KeyDataT) + len); ++ next->keyid = keyno; ++ next->keytype = keytype; ++ next->seclen = len; ++ memcpy(next->secbuf, token, len); + } else { +- char hex[] = "0123456789abcdef"; ++ static const char hex[] = "0123456789abcdef"; + u_char temp; + char *ptr; + size_t jlim; +@@ -242,19 +255,51 @@ + keyno); + continue; + } +- MD5auth_setkey(keyno, keytype, keystr, jlim / 2); ++ len = jlim/2; /* hmmmm.... what about odd length?!? */ ++ next = emalloc(sizeof(KeyDataT) + len); ++ next->keyid = keyno; ++ next->keytype = keytype; ++ next->seclen = len; ++ memcpy(next->secbuf, keystr, len); + } ++ INSIST(NULL != next); ++ next->next = list; ++ list = next; + } + fclose(fp); + if (nerr > nerr_maxlimit) { + msyslog(LOG_ERR, +- "authreadkeys: emergency break after %u errors", +- nerr); +- return (0); +- } else if (nerr > nerr_loglimit) { ++ "authreadkeys: rejecting file '%s' after %u errors (emergency break)", ++ file, nerr); ++ goto onerror; ++ } ++ if (nerr > 0) { + msyslog(LOG_ERR, +- "authreadkeys: found %u more error(s)", +- nerr - nerr_loglimit); ++ "authreadkeys: rejecting file '%s' after %u error(s)", ++ file, nerr); ++ goto onerror; + } ++ ++ /* first remove old file-based keys */ ++ auth_delkeys(); ++ /* insert the new key material */ ++ while (NULL != (next = list)) { ++ list = next->next; ++ MD5auth_setkey(next->keyid, next->keytype, ++ next->secbuf, next->seclen); ++ /* purge secrets from memory before free()ing it */ ++ memset(next, 0, sizeof(*next) + next->seclen); ++ free(next); ++ } + return (1); ++ ++ onerror: ++ /* Mop up temporary storage before bailing out. */ ++ while (NULL != (next = list)) { ++ list = next->next; ++ /* purge secrets from memory before free()ing it */ ++ memset(next, 0, sizeof(*next) + next->seclen); ++ free(next); ++ } ++ return (0); + } +--- contrib/ntp/libntp/authusekey.c.orig ++++ contrib/ntp/libntp/authusekey.c +@@ -23,7 +23,7 @@ + const u_char *str + ) + { +- int len; ++ size_t len; + + len = strlen((const char *)str); + if (0 == len) +--- contrib/ntp/libntp/dolfptoa.c.orig ++++ contrib/ntp/libntp/dolfptoa.c +@@ -40,7 +40,7 @@ + * including a possible rounding from the fractional part. + */ + cp = cpend = cpdec = &cbuf[10]; +- for (dec = cp - cbuf; dec > 0 && fpi != 0; dec--) { ++ for (dec = (int)(cp - cbuf); dec > 0 && fpi != 0; dec--) { + /* can add another digit */ + u_int32 digit; + +@@ -62,7 +62,7 @@ + cpdec += 3; + } + if ((size_t)dec > sizeof(cbuf) - (cpend - cbuf)) +- dec = sizeof(cbuf) - (cpend - cbuf); ++ dec = (int)(sizeof(cbuf) - (cpend - cbuf)); + + /* + * If there's a fraction to deal with, do so. +@@ -95,7 +95,7 @@ + u_char *tp = cpend; + int carry = ((fpv & 0x80000000) != 0); + +- for (dec = tp - cbuf; carry && dec > 0; dec--) { ++ for (dec = (int)(tp - cbuf); carry && dec > 0; dec--) { + *--tp += 1; + if (*tp == 10) + *tp = 0; +--- contrib/ntp/libntp/hextolfp.c.orig ++++ contrib/ntp/libntp/hextolfp.c +@@ -37,8 +37,9 @@ + while (*cp != '\0' && (cp - cpstart) < 8 && + (ind = strchr(digits, *cp)) != NULL) { + dec_i = dec_i << 4; /* multiply by 16 */ +- dec_i += ((ind - digits) > 15) ? (ind - digits) - 6 +- : (ind - digits); ++ dec_i += ((ind - digits) > 15) ++ ? (u_long)(ind - digits - 6) ++ : (u_long)(ind - digits); + cp++; + } + +@@ -51,8 +52,9 @@ + while (*cp != '\0' && (cp - cpstart) < 8 && + (ind = strchr(digits, *cp)) != NULL) { + dec_f = dec_f << 4; /* multiply by 16 */ +- dec_f += ((ind - digits) > 15) ? (ind - digits) - 6 +- : (ind - digits); ++ dec_f += ((ind - digits) > 15) ++ ? (u_long)(ind - digits - 6) ++ : (u_long)(ind - digits); + cp++; + } + +--- contrib/ntp/libntp/mstolfp.c.orig ++++ contrib/ntp/libntp/mstolfp.c +@@ -70,8 +70,7 @@ + */ + *bp++ = '.'; + if ((cpdec - cp) < 3) { +- register int i = 3 - (cpdec - cp); +- ++ size_t i = 3 - (cpdec - cp); + do { + *bp++ = '0'; + } while (--i > 0); +--- contrib/ntp/libntp/msyslog.c.orig ++++ contrib/ntp/libntp/msyslog.c +@@ -331,7 +331,7 @@ + ) + { + va_list ap; +- size_t rc; ++ int rc; + + va_start(ap, fmt); + rc = mvsnprintf(buf, bufsiz, fmt, ap); +--- contrib/ntp/libntp/ntp_crypto_rnd.c.orig ++++ contrib/ntp/libntp/ntp_crypto_rnd.c +@@ -16,6 +16,7 @@ + + #include + #include ++#include "safecast.h" + + #ifdef USE_OPENSSL_CRYPTO_RAND + #include +@@ -93,7 +94,7 @@ + #ifdef USE_OPENSSL_CRYPTO_RAND + int rc; + +- rc = RAND_bytes(buf, nbytes); ++ rc = RAND_bytes(buf, size2int_chk(nbytes)); + if (1 != rc) { + unsigned long err; + char *err_str; +--- contrib/ntp/libntp/ntp_lineedit.c.orig ++++ contrib/ntp/libntp/ntp_lineedit.c +@@ -29,6 +29,7 @@ + #include "ntp.h" + #include "ntp_stdlib.h" + #include "ntp_lineedit.h" ++#include "safecast.h" + + #define MAXEDITLINE 512 + +@@ -213,7 +214,7 @@ + + line = fgets(line_buf, sizeof(line_buf), stdin); + if (NULL != line && *line) { +- *pcount = strlen(line); ++ *pcount = (int)strlen(line); /* cannot overflow here */ + line = estrdup(line); + } else + line = NULL; +--- contrib/ntp/libntp/ntp_rfc2553.c.orig ++++ contrib/ntp/libntp/ntp_rfc2553.c +@@ -203,11 +203,12 @@ + else + ai_nxt = ai_src->ai_next; + *ai_cpy = *ai_src; +- REQUIRE(ai_src->ai_addrlen <= sizeof(sockaddr_u)); ++ DEBUG_INSIST(ai_cpy->ai_canonname == ai_src->ai_canonname); ++ INSIST(ai_src->ai_addrlen <= sizeof(sockaddr_u)); + memcpy(psau, ai_src->ai_addr, ai_src->ai_addrlen); + ai_cpy->ai_addr = &psau->sa; + ++psau; +- if (NULL != ai_cpy->ai_canonname) { ++ if (NULL != ai_src->ai_canonname) { + ai_cpy->ai_canonname = pcanon; + str_octets = 1 + strlen(ai_src->ai_canonname); + memcpy(pcanon, ai_src->ai_canonname, str_octets); +@@ -480,9 +481,9 @@ + * set elsewhere so that we can set the appropriate wildcard + */ + if (nodename == NULL) { +- ai->ai_addrlen = sizeof(struct sockaddr_storage); + if (ai->ai_family == AF_INET) + { ++ ai->ai_addrlen = sizeof(struct sockaddr_in); + sockin = (struct sockaddr_in *)ai->ai_addr; + sockin->sin_family = (short) ai->ai_family; + sockin->sin_addr.s_addr = htonl(INADDR_ANY); +@@ -489,6 +490,7 @@ + } + else + { ++ ai->ai_addrlen = sizeof(struct sockaddr_in6); + sockin6 = (struct sockaddr_in6 *)ai->ai_addr; + sockin6->sin6_family = (short) ai->ai_family; + /* +--- contrib/ntp/libntp/ntp_worker.c.orig ++++ contrib/ntp/libntp/ntp_worker.c +@@ -150,7 +150,8 @@ + prev_octets); + blocking_children_alloc = new_alloc; + +- return prev_alloc; ++ /* assume we'll never have enough workers to overflow u_int */ ++ return (u_int)prev_alloc; + } + + +--- contrib/ntp/libntp/snprintf.c.orig ++++ contrib/ntp/libntp/snprintf.c +@@ -889,19 +889,19 @@ + switch (cflags) { + case PRINT_C_CHAR: + charptr = va_arg(args, signed char *); +- *charptr = len; ++ *charptr = (signed char)len; + break; + case PRINT_C_SHORT: + shortptr = va_arg(args, short int *); +- *shortptr = len; ++ *shortptr = (short int)len; + break; + case PRINT_C_LONG: + longptr = va_arg(args, long int *); +- *longptr = len; ++ *longptr = (long int)len; + break; + case PRINT_C_LLONG: + llongptr = va_arg(args, LLONG *); +- *llongptr = len; ++ *llongptr = (LLONG)len; + break; + case PRINT_C_SIZE: + /* +@@ -912,19 +912,19 @@ + * size_t argument." (7.19.6.1, 7) + */ + sizeptr = va_arg(args, SSIZE_T *); +- *sizeptr = len; ++ *sizeptr = (SSIZE_T)len; + break; + case PRINT_C_INTMAX: + intmaxptr = va_arg(args, INTMAX_T *); +- *intmaxptr = len; ++ *intmaxptr = (INTMAX_T)len; + break; + case PRINT_C_PTRDIFF: + ptrdiffptr = va_arg(args, PTRDIFF_T *); +- *ptrdiffptr = len; ++ *ptrdiffptr = (PTRDIFF_T)len; + break; + default: + intptr = va_arg(args, int *); +- *intptr = len; ++ *intptr = (int)len; + break; + } + break; +@@ -1209,7 +1209,7 @@ + * Factor of ten with the number of digits needed for the fractional + * part. For example, if the precision is 3, the mask will be 1000. + */ +- mask = mypow10(precision); ++ mask = (UINTMAX_T)mypow10(precision); + /* + * We "cheat" by converting the fractional part to integer by + * multiplying by a factor of ten. +@@ -1461,7 +1461,7 @@ + if (value >= UINTMAX_MAX) + return UINTMAX_MAX; + +- result = value; ++ result = (UINTMAX_T)value; + /* + * At least on NetBSD/sparc64 3.0.2 and 4.99.30, casting long double to + * an integer type converts e.g. 1.9 to 2 instead of 1 (which violates +--- contrib/ntp/libntp/socktohost.c.orig ++++ contrib/ntp/libntp/socktohost.c +@@ -36,13 +36,18 @@ + sockaddr_u addr; + size_t octets; + int a_info; ++ int saved_errno; + ++ saved_errno = socket_errno(); ++ + /* reverse the address to purported DNS name */ + LIB_GETBUF(pbuf); + gni_flags = NI_DGRAM | NI_NAMEREQD; + if (getnameinfo(&sock->sa, SOCKLEN(sock), pbuf, LIB_BUFLENGTH, +- NULL, 0, gni_flags)) ++ NULL, 0, gni_flags)) { ++ errno = saved_errno; + return stoa(sock); /* use address */ ++ } + + TRACE(1, ("%s reversed to %s\n", stoa(sock), pbuf)); + +@@ -97,8 +102,10 @@ + } + freeaddrinfo(alist); + +- if (ai != NULL) ++ if (ai != NULL) { ++ errno = saved_errno; + return pbuf; /* forward check passed */ ++ } + + forward_fail: + TRACE(1, ("%s forward check lookup fail: %s\n", pbuf, +@@ -106,5 +113,6 @@ + LIB_GETBUF(pliar); + snprintf(pliar, LIB_BUFLENGTH, "%s (%s)", stoa(sock), pbuf); + ++ errno = saved_errno; + return pliar; + } +--- contrib/ntp/libntp/systime.c.orig ++++ contrib/ntp/libntp/systime.c +@@ -25,6 +25,8 @@ + # include + #endif /* HAVE_UTMPX_H */ + ++int allow_panic = FALSE; /* allow panic correction (-g) */ ++int enable_panic_check = TRUE; /* Can we check allow_panic's state? */ + + #ifndef USE_COMPILETIME_PIVOT + # define USE_COMPILETIME_PIVOT 1 +@@ -295,8 +297,13 @@ + * EVNT_NSET adjtime() can be aborted by a tiny adjtime() + * triggered by sys_residual. + */ +- if (0. == now) ++ if (0. == now) { ++ if (enable_panic_check && allow_panic) { ++ msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!"); ++ INSIST(!allow_panic); ++ } + return TRUE; ++ } + + /* + * Most Unix adjtime() implementations adjust the system clock +@@ -333,9 +340,15 @@ + if (adjtv.tv_sec != 0 || adjtv.tv_usec != 0) { + if (adjtime(&adjtv, &oadjtv) < 0) { + msyslog(LOG_ERR, "adj_systime: %m"); ++ if (enable_panic_check && allow_panic) { ++ msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!"); ++ } + return FALSE; + } + } ++ if (enable_panic_check && allow_panic) { ++ msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!"); ++ } + return TRUE; + } + #endif +@@ -419,6 +432,9 @@ + /* now set new system time */ + if (ntp_set_tod(&timetv, NULL) != 0) { + msyslog(LOG_ERR, "step-systime: %m"); ++ if (enable_panic_check && allow_panic) { ++ msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!"); ++ } + return FALSE; + } + +@@ -445,7 +461,7 @@ + * long ut_time; + * }; + * and appends line="|", name="date", host="", time for the OLD +- * and appends line="{", name="date", host="", time for the NEW ++ * and appends line="{", name="date", host="", time for the NEW // } + * to _PATH_WTMP . + * + * Some OSes have utmp, some have utmpx. +@@ -564,6 +580,10 @@ + #endif /* UPDATE_WTMPX */ + + } ++ if (enable_panic_check && allow_panic) { ++ msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!"); ++ INSIST(!allow_panic); ++ } + return TRUE; + } + +--- contrib/ntp/libntp/work_thread.c.orig ++++ contrib/ntp/libntp/work_thread.c +@@ -32,16 +32,20 @@ + #define THREAD_MINSTACKSIZE (64U * 1024) + #endif + +-#ifndef DEVOLATILE +-#define DEVOLATILE(type, var) ((type)(uintptr_t)(volatile void *)(var)) +-#endif ++#ifdef SYS_WINNT + +-#ifdef SYS_WINNT + # define thread_exit(c) _endthreadex(c) +-# define tickle_sem SetEvent ++# define tickle_sem(sh) ReleaseSemaphore((sh->shnd), 1, NULL) ++u_int WINAPI blocking_thread(void *); ++static BOOL same_os_sema(const sem_ref obj, void * osobj); ++ + #else ++ + # define thread_exit(c) pthread_exit((void*)(size_t)(c)) + # define tickle_sem sem_post ++void * blocking_thread(void *); ++static void block_thread_signals(sigset_t *); ++ + #endif + + #ifdef WORK_PIPE +@@ -54,18 +58,10 @@ + static void start_blocking_thread_internal(blocking_child *); + static void prepare_child_sems(blocking_child *); + static int wait_for_sem(sem_ref, struct timespec *); +-static void ensure_workitems_empty_slot(blocking_child *); +-static void ensure_workresp_empty_slot(blocking_child *); ++static int ensure_workitems_empty_slot(blocking_child *); ++static int ensure_workresp_empty_slot(blocking_child *); + static int queue_req_pointer(blocking_child *, blocking_pipe_header *); + static void cleanup_after_child(blocking_child *); +-#ifdef SYS_WINNT +-u_int WINAPI blocking_thread(void *); +-#else +-void * blocking_thread(void *); +-#endif +-#ifndef SYS_WINNT +-static void block_thread_signals(sigset_t *); +-#endif + + + void +@@ -76,7 +72,9 @@ + thread_exit(exitcode); /* see #define thread_exit */ + } + +- ++/* -------------------------------------------------------------------- ++ * sleep for a given time or until the wakup semaphore is tickled. ++ */ + int + worker_sleep( + blocking_child * c, +@@ -98,9 +96,7 @@ + } + # endif + until.tv_sec += seconds; +- do { +- rc = wait_for_sem(c->wake_scheduled_sleep, &until); +- } while (-1 == rc && EINTR == errno); ++ rc = wait_for_sem(c->wake_scheduled_sleep, &until); + if (0 == rc) + return -1; + if (-1 == rc && ETIMEDOUT == errno) +@@ -110,6 +106,9 @@ + } + + ++/* -------------------------------------------------------------------- ++ * Wake up a worker that takes a nap. ++ */ + void + interrupt_worker_sleep(void) + { +@@ -124,65 +123,79 @@ + } + } + +- +-static void ++/* -------------------------------------------------------------------- ++ * Make sure there is an empty slot at the head of the request ++ * queue. Tell if the queue is currently empty. ++ */ ++static int + ensure_workitems_empty_slot( + blocking_child *c + ) + { +- const size_t each = sizeof(blocking_children[0]->workitems[0]); +- size_t new_alloc; +- size_t old_octets; +- size_t new_octets; +- void * nonvol_workitems; ++ /* ++ ** !!! PRECONDITION: caller holds access lock! ++ ** ++ ** This simply tries to increase the size of the buffer if it ++ ** becomes full. The resize operation does *not* maintain the ++ ** order of requests, but that should be irrelevant since the ++ ** processing is considered asynchronous anyway. ++ ** ++ ** Return if the buffer is currently empty. ++ */ ++ ++ static const size_t each = ++ sizeof(blocking_children[0]->workitems[0]); + ++ size_t new_alloc; ++ size_t slots_used; + +- if (c->workitems != NULL && +- NULL == c->workitems[c->next_workitem]) +- return; +- +- new_alloc = c->workitems_alloc + WORKITEMS_ALLOC_INC; +- old_octets = c->workitems_alloc * each; +- new_octets = new_alloc * each; +- nonvol_workitems = DEVOLATILE(void *, c->workitems); +- c->workitems = erealloc_zero(nonvol_workitems, new_octets, +- old_octets); +- if (0 == c->next_workitem) +- c->next_workitem = c->workitems_alloc; +- c->workitems_alloc = new_alloc; ++ slots_used = c->head_workitem - c->tail_workitem; ++ if (slots_used >= c->workitems_alloc) { ++ new_alloc = c->workitems_alloc + WORKITEMS_ALLOC_INC; ++ c->workitems = erealloc(c->workitems, new_alloc * each); ++ c->tail_workitem = 0; ++ c->head_workitem = c->workitems_alloc; ++ c->workitems_alloc = new_alloc; ++ } ++ return (0 == slots_used); + } + +- +-static void ++/* -------------------------------------------------------------------- ++ * Make sure there is an empty slot at the head of the response ++ * queue. Tell if the queue is currently empty. ++ */ ++static int + ensure_workresp_empty_slot( + blocking_child *c + ) + { +- const size_t each = sizeof(blocking_children[0]->responses[0]); +- size_t new_alloc; +- size_t old_octets; +- size_t new_octets; +- void * nonvol_responses; ++ /* ++ ** !!! PRECONDITION: caller holds access lock! ++ ** ++ ** Works like the companion function above. ++ */ ++ ++ static const size_t each = ++ sizeof(blocking_children[0]->responses[0]); + +- if (c->responses != NULL && +- NULL == c->responses[c->next_response]) +- return; ++ size_t new_alloc; ++ size_t slots_used; + +- new_alloc = c->responses_alloc + RESPONSES_ALLOC_INC; +- old_octets = c->responses_alloc * each; +- new_octets = new_alloc * each; +- nonvol_responses = DEVOLATILE(void *, c->responses); +- c->responses = erealloc_zero(nonvol_responses, new_octets, +- old_octets); +- if (0 == c->next_response) +- c->next_response = c->responses_alloc; +- c->responses_alloc = new_alloc; ++ slots_used = c->head_response - c->tail_response; ++ if (slots_used >= c->responses_alloc) { ++ new_alloc = c->responses_alloc + RESPONSES_ALLOC_INC; ++ c->responses = erealloc(c->responses, new_alloc * each); ++ c->tail_response = 0; ++ c->head_response = c->responses_alloc; ++ c->responses_alloc = new_alloc; ++ } ++ return (0 == slots_used); + } + + +-/* ++/* -------------------------------------------------------------------- + * queue_req_pointer() - append a work item or idle exit request to +- * blocking_workitems[]. ++ * blocking_workitems[]. Employ proper locking. + */ + static int + queue_req_pointer( +@@ -190,21 +203,28 @@ + blocking_pipe_header * hdr + ) + { +- c->workitems[c->next_workitem] = hdr; +- c->next_workitem = (1 + c->next_workitem) % c->workitems_alloc; ++ size_t qhead; ++ ++ /* >>>> ACCESS LOCKING STARTS >>>> */ ++ wait_for_sem(c->accesslock, NULL); ++ ensure_workitems_empty_slot(c); ++ qhead = c->head_workitem; ++ c->workitems[qhead % c->workitems_alloc] = hdr; ++ c->head_workitem = 1 + qhead; ++ tickle_sem(c->accesslock); ++ /* <<<< ACCESS LOCKING ENDS <<<< */ + +- /* +- * We only want to signal the wakeup event if the child is +- * blocking on it, which is indicated by setting the blocking +- * event. Wait with zero timeout to test. +- */ +- /* !!!! if (WAIT_OBJECT_0 == WaitForSingleObject(c->child_is_blocking, 0)) */ +- tickle_sem(c->blocking_req_ready); ++ /* queue consumer wake-up notification */ ++ tickle_sem(c->workitems_pending); + + return 0; + } + +- ++/* -------------------------------------------------------------------- ++ * API function to make sure a worker is running, a proper private copy ++ * of the data is made, the data eneterd into the queue and the worker ++ * is signalled. ++ */ + int + send_blocking_req_internal( + blocking_child * c, +@@ -223,12 +243,8 @@ + return 1; /* failure */ + payload_octets = hdr->octets - sizeof(*hdr); + +- ensure_workitems_empty_slot(c); +- if (NULL == c->thread_ref) { +- ensure_workresp_empty_slot(c); ++ if (NULL == c->thread_ref) + start_blocking_thread(c); +- } +- + threadcopy = emalloc(hdr->octets); + memcpy(threadcopy, hdr, sizeof(*hdr)); + memcpy((char *)threadcopy + sizeof(*hdr), data, payload_octets); +@@ -236,7 +252,10 @@ + return queue_req_pointer(c, threadcopy); + } + +- ++/* -------------------------------------------------------------------- ++ * Wait for the 'incoming queue no longer empty' signal, lock the shared ++ * structure and dequeue an item. ++ */ + blocking_pipe_header * + receive_blocking_req_internal( + blocking_child * c +@@ -243,36 +262,31 @@ + ) + { + blocking_pipe_header * req; +- int rc; ++ size_t qhead, qtail; + +- /* +- * Child blocks here when idle. SysV semaphores maintain a +- * count and release from sem_wait() only when it reaches 0. +- * Windows auto-reset events are simpler, and multiple SetEvent +- * calls before any thread waits result in a single wakeup. +- * On Windows, the child drains all workitems each wakeup, while +- * with SysV semaphores wait_sem() is used before each item. +- */ +-#ifdef SYS_WINNT +- while (NULL == c->workitems[c->next_workeritem]) { +- /* !!!! SetEvent(c->child_is_blocking); */ +- rc = wait_for_sem(c->blocking_req_ready, NULL); +- INSIST(0 == rc); +- /* !!!! ResetEvent(c->child_is_blocking); */ +- } +-#else ++ req = NULL; + do { +- rc = wait_for_sem(c->blocking_req_ready, NULL); +- } while (-1 == rc && EINTR == errno); +- INSIST(0 == rc); +-#endif ++ /* wait for tickle from the producer side */ ++ wait_for_sem(c->workitems_pending, NULL); + +- req = c->workitems[c->next_workeritem]; ++ /* >>>> ACCESS LOCKING STARTS >>>> */ ++ wait_for_sem(c->accesslock, NULL); ++ qhead = c->head_workitem; ++ do { ++ qtail = c->tail_workitem; ++ if (qhead == qtail) ++ break; ++ c->tail_workitem = qtail + 1; ++ qtail %= c->workitems_alloc; ++ req = c->workitems[qtail]; ++ c->workitems[qtail] = NULL; ++ } while (NULL == req); ++ tickle_sem(c->accesslock); ++ /* <<<< ACCESS LOCKING ENDS <<<< */ ++ ++ } while (NULL == req); ++ + INSIST(NULL != req); +- c->workitems[c->next_workeritem] = NULL; +- c->next_workeritem = (1 + c->next_workeritem) % +- c->workitems_alloc; +- + if (CHILD_EXIT_REQ == req) { /* idled out */ + send_blocking_resp_internal(c, CHILD_GONE_RESP); + req = NULL; +@@ -281,7 +295,10 @@ + return req; + } + +- ++/* -------------------------------------------------------------------- ++ * Push a response into the return queue and eventually tickle the ++ * receiver. ++ */ + int + send_blocking_resp_internal( + blocking_child * c, +@@ -288,37 +305,64 @@ + blocking_pipe_header * resp + ) + { +- ensure_workresp_empty_slot(c); ++ size_t qhead; ++ int empty; ++ ++ /* >>>> ACCESS LOCKING STARTS >>>> */ ++ wait_for_sem(c->accesslock, NULL); ++ empty = ensure_workresp_empty_slot(c); ++ qhead = c->head_response; ++ c->responses[qhead % c->responses_alloc] = resp; ++ c->head_response = 1 + qhead; ++ tickle_sem(c->accesslock); ++ /* <<<< ACCESS LOCKING ENDS <<<< */ + +- c->responses[c->next_response] = resp; +- c->next_response = (1 + c->next_response) % c->responses_alloc; +- +-#ifdef WORK_PIPE +- write(c->resp_write_pipe, "", 1); +-#else +- tickle_sem(c->blocking_response_ready); +-#endif +- ++ /* queue consumer wake-up notification */ ++ if (empty) ++ { ++# ifdef WORK_PIPE ++ write(c->resp_write_pipe, "", 1); ++# else ++ tickle_sem(c->responses_pending); ++# endif ++ } + return 0; + } + + + #ifndef WORK_PIPE ++ ++/* -------------------------------------------------------------------- ++ * Check if a (Windows-)hanndle to a semaphore is actually the same we ++ * are using inside the sema wrapper. ++ */ ++static BOOL ++same_os_sema( ++ const sem_ref obj, ++ void* osh ++ ) ++{ ++ return obj && osh && (obj->shnd == (HANDLE)osh); ++} ++ ++/* -------------------------------------------------------------------- ++ * Find the shared context that associates to an OS handle and make sure ++ * the data is dequeued and processed. ++ */ + void + handle_blocking_resp_sem( + void * context + ) + { +- HANDLE ready; + blocking_child * c; + u_int idx; + +- ready = (HANDLE)context; + c = NULL; + for (idx = 0; idx < blocking_children_alloc; idx++) { + c = blocking_children[idx]; +- if (c != NULL && c->thread_ref != NULL && +- ready == c->blocking_response_ready) ++ if (c != NULL && ++ c->thread_ref != NULL && ++ same_os_sema(c->responses_pending, context)) + break; + } + if (idx < blocking_children_alloc) +@@ -326,7 +370,10 @@ + } + #endif /* !WORK_PIPE */ + +- ++/* -------------------------------------------------------------------- ++ * Fetch the next response from the return queue. In case of signalling ++ * via pipe, make sure the pipe is flushed, too. ++ */ + blocking_pipe_header * + receive_blocking_resp_internal( + blocking_child * c +@@ -333,19 +380,31 @@ + ) + { + blocking_pipe_header * removed; ++ size_t qhead, qtail, slot; ++ + #ifdef WORK_PIPE + int rc; + char scratch[32]; + +- do { ++ do + rc = read(c->resp_read_pipe, scratch, sizeof(scratch)); +- } while (-1 == rc && EINTR == errno); ++ while (-1 == rc && EINTR == errno); + #endif +- removed = c->responses[c->next_workresp]; ++ ++ /* >>>> ACCESS LOCKING STARTS >>>> */ ++ wait_for_sem(c->accesslock, NULL); ++ qhead = c->head_response; ++ qtail = c->tail_response; ++ for (removed = NULL; !removed && (qhead != qtail); ++qtail) { ++ slot = qtail % c->responses_alloc; ++ removed = c->responses[slot]; ++ c->responses[slot] = NULL; ++ } ++ c->tail_response = qtail; ++ tickle_sem(c->accesslock); ++ /* <<<< ACCESS LOCKING ENDS <<<< */ ++ + if (NULL != removed) { +- c->responses[c->next_workresp] = NULL; +- c->next_workresp = (1 + c->next_workresp) % +- c->responses_alloc; + DEBUG_ENSURE(CHILD_GONE_RESP == removed || + BLOCKING_RESP_MAGIC == removed->magic_sig); + } +@@ -357,7 +416,9 @@ + return removed; + } + +- ++/* -------------------------------------------------------------------- ++ * Light up a new worker. ++ */ + static void + start_blocking_thread( + blocking_child * c +@@ -370,7 +431,14 @@ + start_blocking_thread_internal(c); + } + +- ++/* -------------------------------------------------------------------- ++ * Create a worker thread. There are several differences between POSIX ++ * and Windows, of course -- most notably the Windows thread is no ++ * detached thread, and we keep the handle around until we want to get ++ * rid of the thread. The notification scheme also differs: Windows ++ * makes use of semaphores in both directions, POSIX uses a pipe for ++ * integration with 'select()' or alike. ++ */ + static void + start_blocking_thread_internal( + blocking_child * c +@@ -377,12 +445,11 @@ + ) + #ifdef SYS_WINNT + { +- thr_ref blocking_child_thread; +- u_int blocking_thread_id; + BOOL resumed; + +- (*addremove_io_semaphore)(c->blocking_response_ready, FALSE); +- blocking_child_thread = ++ c->thread_ref = NULL; ++ (*addremove_io_semaphore)(c->responses_pending->shnd, FALSE); ++ c->thr_table[0].thnd = + (HANDLE)_beginthreadex( + NULL, + 0, +@@ -389,21 +456,20 @@ + &blocking_thread, + c, + CREATE_SUSPENDED, +- &blocking_thread_id); ++ NULL); + +- if (NULL == blocking_child_thread) { ++ if (NULL == c->thr_table[0].thnd) { + msyslog(LOG_ERR, "start blocking thread failed: %m"); + exit(-1); + } +- c->thread_id = blocking_thread_id; +- c->thread_ref = blocking_child_thread; + /* remember the thread priority is only within the process class */ +- if (!SetThreadPriority(blocking_child_thread, ++ if (!SetThreadPriority(c->thr_table[0].thnd, + THREAD_PRIORITY_BELOW_NORMAL)) + msyslog(LOG_ERR, "Error lowering blocking thread priority: %m"); + +- resumed = ResumeThread(blocking_child_thread); ++ resumed = ResumeThread(c->thr_table[0].thnd); + DEBUG_INSIST(resumed); ++ c->thread_ref = &c->thr_table[0]; + } + #else /* pthreads start_blocking_thread_internal() follows */ + { +@@ -419,6 +485,8 @@ + size_t stacksize; + sigset_t saved_sig_mask; + ++ c->thread_ref = NULL; ++ + # ifdef NEED_PTHREAD_INIT + /* + * from lib/isc/unix/app.c: +@@ -475,7 +543,7 @@ + #endif + c->thread_ref = emalloc_zero(sizeof(*c->thread_ref)); + block_thread_signals(&saved_sig_mask); +- rc = pthread_create(c->thread_ref, &thr_attr, ++ rc = pthread_create(&c->thr_table[0], &thr_attr, + &blocking_thread, c); + saved_errno = errno; + pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL); +@@ -485,11 +553,11 @@ + msyslog(LOG_ERR, "pthread_create() blocking child: %m"); + exit(1); + } ++ c->thread_ref = &c->thr_table[0]; + } + #endif + +- +-/* ++/* -------------------------------------------------------------------- + * block_thread_signals() + * + * Temporarily block signals used by ntpd main thread, so that signal +@@ -538,61 +606,101 @@ + #endif /* !SYS_WINNT */ + + +-/* ++/* -------------------------------------------------------------------- ++ * Create & destroy semaphores. This is sufficiently different between ++ * POSIX and Windows to warrant wrapper functions and close enough to ++ * use the concept of synchronization via semaphore for all platforms. ++ */ ++static sem_ref ++create_sema( ++ sema_type* semptr, ++ u_int inival, ++ u_int maxval) ++{ ++#ifdef SYS_WINNT ++ ++ long svini, svmax; ++ if (NULL != semptr) { ++ svini = (inival < LONG_MAX) ++ ? (long)inival : LONG_MAX; ++ svmax = (maxval < LONG_MAX && maxval > 0) ++ ? (long)maxval : LONG_MAX; ++ semptr->shnd = CreateSemaphore(NULL, svini, svmax, NULL); ++ if (NULL == semptr->shnd) ++ semptr = NULL; ++ } ++ ++#else ++ ++ (void)maxval; ++ if (semptr && sem_init(semptr, FALSE, inival)) ++ semptr = NULL; ++ ++#endif ++ ++ return semptr; ++} ++ ++/* ------------------------------------------------------------------ */ ++static sem_ref ++delete_sema( ++ sem_ref obj) ++{ ++ ++# ifdef SYS_WINNT ++ ++ if (obj) { ++ if (obj->shnd) ++ CloseHandle(obj->shnd); ++ obj->shnd = NULL; ++ } ++ ++# else ++ ++ if (obj) ++ sem_destroy(obj); ++ ++# endif ++ ++ return NULL; ++} ++ ++/* -------------------------------------------------------------------- + * prepare_child_sems() + * +- * create sync events (semaphores) +- * child_is_blocking initially unset +- * blocking_req_ready initially unset ++ * create sync & access semaphores + * +- * Child waits for blocking_req_ready to be set after +- * setting child_is_blocking. blocking_req_ready and +- * blocking_response_ready are auto-reset, so wake one +- * waiter and become unset (unsignalled) in one operation. ++ * All semaphores are cleared, only the access semaphore has 1 unit. ++ * Childs wait on 'workitems_pending', then grabs 'sema_access' ++ * and dequeues jobs. When done, 'sema_access' is given one unit back. ++ * ++ * The producer grabs 'sema_access', manages the queue, restores ++ * 'sema_access' and puts one unit into 'workitems_pending'. ++ * ++ * The story goes the same for the response queue. + */ + static void + prepare_child_sems( + blocking_child *c + ) +-#ifdef SYS_WINNT + { +- if (NULL == c->blocking_req_ready) { +- /* manual reset using ResetEvent() */ +- /* !!!! c->child_is_blocking = CreateEvent(NULL, TRUE, FALSE, NULL); */ +- /* auto reset - one thread released from wait each set */ +- c->blocking_req_ready = CreateEvent(NULL, FALSE, FALSE, NULL); +- c->blocking_response_ready = CreateEvent(NULL, FALSE, FALSE, NULL); +- c->wake_scheduled_sleep = CreateEvent(NULL, FALSE, FALSE, NULL); +- } else { +- /* !!!! ResetEvent(c->child_is_blocking); */ +- /* ResetEvent(c->blocking_req_ready); */ +- /* ResetEvent(c->blocking_response_ready); */ +- /* ResetEvent(c->wake_scheduled_sleep); */ +- } ++ c->accesslock = create_sema(&c->sem_table[0], 1, 1); ++ c->workitems_pending = create_sema(&c->sem_table[1], 0, 0); ++ c->wake_scheduled_sleep = create_sema(&c->sem_table[2], 0, 1); ++# ifndef WORK_PIPE ++ c->responses_pending = create_sema(&c->sem_table[3], 0, 0); ++# endif + } +-#else /* pthreads prepare_child_sems() follows */ +-{ +- size_t octets; + +- if (NULL == c->blocking_req_ready) { +- octets = sizeof(*c->blocking_req_ready); +- octets += sizeof(*c->wake_scheduled_sleep); +- /* !!!! octets += sizeof(*c->child_is_blocking); */ +- c->blocking_req_ready = emalloc_zero(octets);; +- c->wake_scheduled_sleep = 1 + c->blocking_req_ready; +- /* !!!! c->child_is_blocking = 1 + c->wake_scheduled_sleep; */ +- } else { +- sem_destroy(c->blocking_req_ready); +- sem_destroy(c->wake_scheduled_sleep); +- /* !!!! sem_destroy(c->child_is_blocking); */ +- } +- sem_init(c->blocking_req_ready, FALSE, 0); +- sem_init(c->wake_scheduled_sleep, FALSE, 0); +- /* !!!! sem_init(c->child_is_blocking, FALSE, 0); */ +-} +-#endif +- +- ++/* -------------------------------------------------------------------- ++ * wait for semaphore. Where the wait can be interrupted, it will ++ * internally resume -- When this function returns, there is either no ++ * semaphore at all, a timeout occurred, or the caller could ++ * successfully take a token from the semaphore. ++ * ++ * For untimed wait, not checking the result of this function at all is ++ * definitely an option. ++ */ + static int + wait_for_sem( + sem_ref sem, +@@ -605,6 +713,11 @@ + DWORD msec; + DWORD rc; + ++ if (!(sem && sem->shnd)) { ++ errno = EINVAL; ++ return -1; ++ } ++ + if (NULL == timeout) { + msec = INFINITE; + } else { +@@ -619,7 +732,7 @@ + msec += delta.tv_nsec / (1000 * 1000); + } + } +- rc = WaitForSingleObject(sem, msec); ++ rc = WaitForSingleObject(sem->shnd, msec); + if (WAIT_OBJECT_0 == rc) + return 0; + if (WAIT_TIMEOUT == rc) { +@@ -632,24 +745,28 @@ + } + #else /* pthreads wait_for_sem() follows */ + { +- int rc; ++ int rc = -1; + +- if (NULL == timeout) +- rc = sem_wait(sem); ++ if (sem) do { ++ if (NULL == timeout) ++ rc = sem_wait(sem); ++ else ++ rc = sem_timedwait(sem, timeout); ++ } while (rc == -1 && errno == EINTR); + else +- rc = sem_timedwait(sem, timeout); +- ++ errno = EINVAL; ++ + return rc; + } + #endif + +- +-/* +- * blocking_thread - thread functions have WINAPI calling convention ++/* -------------------------------------------------------------------- ++ * blocking_thread - thread functions have WINAPI (aka 'stdcall') ++ * calling conventions under Windows and POSIX-defined signature ++ * otherwise. + */ + #ifdef SYS_WINNT +-u_int +-WINAPI ++u_int WINAPI + #else + void * + #endif +@@ -666,9 +783,16 @@ + return 0; + } + +- +-/* ++/* -------------------------------------------------------------------- + * req_child_exit() runs in the parent. ++ * ++ * This function is called from from the idle timer, too, and possibly ++ * without a thread being there any longer. Since we have folded up our ++ * tent in that case and all the semaphores are already gone, we simply ++ * ignore this request in this case. ++ * ++ * Since the existence of the semaphores is controlled exclusively by ++ * the parent, there's no risk of data race here. + */ + int + req_child_exit( +@@ -675,11 +799,12 @@ + blocking_child *c + ) + { +- return queue_req_pointer(c, CHILD_EXIT_REQ); ++ return (c->accesslock) ++ ? queue_req_pointer(c, CHILD_EXIT_REQ) ++ : 0; + } + +- +-/* ++/* -------------------------------------------------------------------- + * cleanup_after_child() runs in parent. + */ + static void +@@ -687,17 +812,27 @@ + blocking_child * c + ) + { +- u_int idx; +- + DEBUG_INSIST(!c->reusable); +-#ifdef SYS_WINNT +- INSIST(CloseHandle(c->thread_ref)); +-#else +- free(c->thread_ref); +-#endif ++ ++# ifdef SYS_WINNT ++ /* The thread was not created in detached state, so we better ++ * clean up. ++ */ ++ if (c->thread_ref && c->thread_ref->thnd) { ++ WaitForSingleObject(c->thread_ref->thnd, INFINITE); ++ INSIST(CloseHandle(c->thread_ref->thnd)); ++ c->thread_ref->thnd = NULL; ++ } ++# endif + c->thread_ref = NULL; +- c->thread_id = 0; +-#ifdef WORK_PIPE ++ ++ /* remove semaphores and (if signalling vi IO) pipes */ ++ ++ c->accesslock = delete_sema(c->accesslock); ++ c->workitems_pending = delete_sema(c->workitems_pending); ++ c->wake_scheduled_sleep = delete_sema(c->wake_scheduled_sleep); ++ ++# ifdef WORK_PIPE + DEBUG_INSIST(-1 != c->resp_read_pipe); + DEBUG_INSIST(-1 != c->resp_write_pipe); + (*addremove_io_fd)(c->resp_read_pipe, c->ispipe, TRUE); +@@ -705,18 +840,22 @@ + close(c->resp_read_pipe); + c->resp_write_pipe = -1; + c->resp_read_pipe = -1; +-#else +- DEBUG_INSIST(NULL != c->blocking_response_ready); +- (*addremove_io_semaphore)(c->blocking_response_ready, TRUE); +-#endif +- for (idx = 0; idx < c->workitems_alloc; idx++) +- c->workitems[idx] = NULL; +- c->next_workitem = 0; +- c->next_workeritem = 0; +- for (idx = 0; idx < c->responses_alloc; idx++) +- c->responses[idx] = NULL; +- c->next_response = 0; +- c->next_workresp = 0; ++# else ++ DEBUG_INSIST(NULL != c->responses_pending); ++ (*addremove_io_semaphore)(c->responses_pending->shnd, TRUE); ++ c->responses_pending = delete_sema(c->responses_pending); ++# endif ++ ++ /* Is it necessary to check if there are pending requests and ++ * responses? If so, and if there are, what to do with them? ++ */ ++ ++ /* re-init buffer index sequencers */ ++ c->head_workitem = 0; ++ c->tail_workitem = 0; ++ c->head_response = 0; ++ c->tail_response = 0; ++ + c->reusable = TRUE; + } + +--- contrib/ntp/libparse/clk_computime.c.orig ++++ contrib/ntp/libparse/clk_computime.c +@@ -157,7 +157,7 @@ + { + unsigned int rtc; + +- parseprintf(DD_PARSE, ("inp_computime(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("inp_computime(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + switch (ch) + { +--- contrib/ntp/libparse/clk_dcf7000.c.orig ++++ contrib/ntp/libparse/clk_dcf7000.c +@@ -158,7 +158,7 @@ + { + unsigned int rtc; + +- parseprintf(DD_PARSE, ("inp_dcf7000(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("inp_dcf7000(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + switch (ch) + { +--- contrib/ntp/libparse/clk_hopf6021.c.orig ++++ contrib/ntp/libparse/clk_hopf6021.c +@@ -227,7 +227,7 @@ + { + unsigned int rtc; + +- parseprintf(DD_PARSE, ("inp_hopf6021(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("inp_hopf6021(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + switch (ch) + { +--- contrib/ntp/libparse/clk_meinberg.c.orig ++++ contrib/ntp/libparse/clk_meinberg.c +@@ -434,7 +434,7 @@ + { + unsigned int rtc; + +- parseprintf(DD_PARSE, ("mbg_input(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("mbg_input(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + switch (ch) + { +@@ -602,7 +602,7 @@ + + msg_buf = (struct msg_buf *)parseio->parse_pdata; + +- parseprintf(DD_PARSE, ("gps_input(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("gps_input(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + if (!msg_buf) + return PARSE_INP_SKIP; +--- contrib/ntp/libparse/clk_rawdcf.c.orig ++++ contrib/ntp/libparse/clk_rawdcf.c +@@ -627,7 +627,7 @@ + { + static struct timeval timeout = { 1, 500000 }; /* 1.5 secongs denote second #60 */ + +- parseprintf(DD_PARSE, ("inp_rawdcf(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("inp_rawdcf(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + parseio->parse_dtime.parse_stime = *tstamp; /* collect timestamp */ + +--- contrib/ntp/libparse/clk_rcc8000.c.orig ++++ contrib/ntp/libparse/clk_rcc8000.c +@@ -141,7 +141,7 @@ + { + unsigned int rtc; + +- parseprintf(DD_PARSE, ("inp_rcc8000(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("inp_rcc8000(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + switch (ch) + { +--- contrib/ntp/libparse/clk_schmid.c.orig ++++ contrib/ntp/libparse/clk_schmid.c +@@ -205,7 +205,7 @@ + { + unsigned int rtc; + +- parseprintf(DD_PARSE, ("inp_schmid(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("inp_schmid(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + switch ((uint8_t)ch) + { +--- contrib/ntp/libparse/clk_trimtaip.c.orig ++++ contrib/ntp/libparse/clk_trimtaip.c +@@ -155,7 +155,7 @@ + { + unsigned int rtc; + +- parseprintf(DD_PARSE, ("inp_trimtaip(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("inp_trimtaip(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + switch (ch) + { +--- contrib/ntp/libparse/clk_varitext.c.orig ++++ contrib/ntp/libparse/clk_varitext.c +@@ -58,12 +58,12 @@ + extern int printf (const char *, ...); + #endif + +-static const u_char VT_INITIALISED = 0x01; +-static const u_char VT_SYNCHRONISED = 0x02; +-static const u_char VT_ALARM_STATE = 0x04; ++/* static const u_char VT_INITIALISED = 0x01; */ ++/* static const u_char VT_SYNCHRONISED = 0x02; */ ++/* static const u_char VT_ALARM_STATE = 0x04; */ + static const u_char VT_BST = 0x08; +-static const u_char VT_SEASON_CHANGE = 0x10; +-static const u_char VT_LAST_TELEGRAM_OK = 0x20; ++/* static const u_char VT_SEASON_CHANGE = 0x10; */ ++/* static const u_char VT_LAST_TELEGRAM_OK = 0x20; */ + + /* + * The Varitext receiver sends a datagram in the following format every minute +@@ -195,7 +195,7 @@ + struct varitext *t = (struct varitext *)parseio->parse_pdata; + int rtc; + +- parseprintf(DD_PARSE, ("inp_varitext(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("inp_varitext(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + if (!t) + return PARSE_INP_SKIP; /* local data not allocated - sigh! */ +--- contrib/ntp/libparse/clk_wharton.c.orig ++++ contrib/ntp/libparse/clk_wharton.c +@@ -137,7 +137,7 @@ + { + unsigned int rtc; + +- parseprintf(DD_PARSE, ("inp_wharton_400a(0x%lx, 0x%x, ...)\n", (long)parseio, ch)); ++ parseprintf(DD_PARSE, ("inp_wharton_400a(0x%p, 0x%x, ...)\n", (void*)parseio, ch)); + + switch (ch) + { +--- contrib/ntp/libparse/parse.c.orig ++++ contrib/ntp/libparse/parse.c +@@ -288,7 +288,7 @@ + break; + } + +- parseprintf(DD_PARSE, ("parse_ioread(0x%lx, char=0x%x, ..., ...)\n", (unsigned long)parseio, ch & 0xFF)); ++ parseprintf(DD_PARSE, ("parse_ioread(0x%p, char=0x%x, ..., ...)\n", (void*)parseio, ch & 0xFF)); + + if (!clockformats[parseio->parse_lformat]->convert) + { +--- contrib/ntp/ntpd/invoke-ntp.conf.texi.orig ++++ contrib/ntp/ntpd/invoke-ntp.conf.texi +@@ -6,7 +6,7 @@ + # + # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) + # +-# It has been AutoGen-ed October 21, 2015 at 12:38:16 PM by AutoGen 5.18.5 ++# It has been AutoGen-ed January 7, 2016 at 11:30:49 PM by AutoGen 5.18.5 + # From the definitions ntp.conf.def + # and the template file agtexi-file.tpl + @end ignore +--- contrib/ntp/ntpd/invoke-ntp.keys.texi.orig ++++ contrib/ntp/ntpd/invoke-ntp.keys.texi +@@ -6,7 +6,7 @@ + # + # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) + # +-# It has been AutoGen-ed October 21, 2015 at 12:38:19 PM by AutoGen 5.18.5 ++# It has been AutoGen-ed January 7, 2016 at 11:30:52 PM by AutoGen 5.18.5 + # From the definitions ntp.keys.def + # and the template file agtexi-file.tpl + @end ignore +--- contrib/ntp/ntpd/invoke-ntpd.texi.orig ++++ contrib/ntp/ntpd/invoke-ntpd.texi +@@ -6,7 +6,7 @@ + # + # EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi) + # +-# It has been AutoGen-ed October 21, 2015 at 12:38:21 PM by AutoGen 5.18.5 ++# It has been AutoGen-ed January 7, 2016 at 11:30:54 PM by AutoGen 5.18.5 + # From the definitions ntpd-opts.def + # and the template file agtexi-cmd.tpl + @end ignore +@@ -142,7 +142,7 @@ + + @exampleindent 0 + @example +-ntpd - NTP daemon program - Ver. 4.2.8p4 ++ntpd - NTP daemon program - Ver. 4.2.8p5 + Usage: ntpd [ - [] | --[@{=| @}] ]... \ + [ ... ] + Flg Arg Option-Name Description +--- contrib/ntp/ntpd/ntp.conf.5man.orig ++++ contrib/ntp/ntpd/ntp.conf.5man +@@ -10,11 +10,11 @@ + .ds B-Font B + .ds I-Font I + .ds R-Font R +-.TH ntp.conf 5man "21 Oct 2015" "4.2.8p4" "File Formats" ++.TH ntp.conf 5man "07 Jan 2016" "4.2.8p5" "File Formats" + .\" +-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI) ++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5 + .\" From the definitions ntp.conf.def + .\" and the template file agman-cmd.tpl + .SH NAME +--- contrib/ntp/ntpd/ntp.conf.5mdoc.orig ++++ contrib/ntp/ntpd/ntp.conf.5mdoc +@@ -1,9 +1,9 @@ +-.Dd October 21 2015 ++.Dd January 7 2016 + .Dt NTP_CONF 5mdoc File Formats + .Os + .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5 + .\" From the definitions ntp.conf.def + .\" and the template file agmdoc-cmd.tpl + .Sh NAME +--- contrib/ntp/ntpd/ntp.conf.html.orig ++++ contrib/ntp/ntpd/ntp.conf.html +@@ -33,7 +33,7 @@ +

This document describes the configuration file for the NTP Project's + ntpd program. + +-

This document applies to version 4.2.8p4 of ntp.conf. ++

This document applies to version 4.2.8p5 of ntp.conf. + +

+

Short Contents

+--- contrib/ntp/ntpd/ntp.conf.man.in.orig ++++ contrib/ntp/ntpd/ntp.conf.man.in +@@ -10,11 +10,11 @@ + .ds B-Font B + .ds I-Font I + .ds R-Font R +-.TH ntp.conf 5 "21 Oct 2015" "4.2.8p4" "File Formats" ++.TH ntp.conf 5 "07 Jan 2016" "4.2.8p5" "File Formats" + .\" +-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI) ++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5 + .\" From the definitions ntp.conf.def + .\" and the template file agman-cmd.tpl + .SH NAME +--- contrib/ntp/ntpd/ntp.conf.mdoc.in.orig ++++ contrib/ntp/ntpd/ntp.conf.mdoc.in +@@ -1,9 +1,9 @@ +-.Dd October 21 2015 ++.Dd January 7 2016 + .Dt NTP_CONF 5 File Formats + .Os + .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5 + .\" From the definitions ntp.conf.def + .\" and the template file agmdoc-cmd.tpl + .Sh NAME +--- contrib/ntp/ntpd/ntp.keys.5man.orig ++++ contrib/ntp/ntpd/ntp.keys.5man +@@ -1,8 +1,8 @@ +-.TH ntp.keys 5man "21 Oct 2015" "4.2.8p4" "File Formats" ++.TH ntp.keys 5man "07 Jan 2016" "4.2.8p5" "File Formats" + .\" + .\" EDIT THIS FILE WITH CAUTION (ntp.man) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5 + .\" From the definitions ntp.keys.def + .\" and the template file agman-file.tpl + .Sh NAME +--- contrib/ntp/ntpd/ntp.keys.5mdoc.orig ++++ contrib/ntp/ntpd/ntp.keys.5mdoc +@@ -1,9 +1,9 @@ +-.Dd October 21 2015 ++.Dd January 7 2016 + .Dt NTP_KEYS 5mdoc File Formats + .Os SunOS 5.10 + .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:31:00 PM by AutoGen 5.18.5 + .\" From the definitions ntp.keys.def + .\" and the template file agmdoc-file.tpl + .Sh NAME +--- contrib/ntp/ntpd/ntp.keys.html.orig ++++ contrib/ntp/ntpd/ntp.keys.html +@@ -33,7 +33,7 @@ +

This document describes the symmetric key file for the NTP Project's + ntpd program. + +-

This document applies to version 4.2.8p4 of ntp.keys. ++

This document applies to version 4.2.8p5 of ntp.keys. + +

+

Short Contents

+--- contrib/ntp/ntpd/ntp.keys.man.in.orig ++++ contrib/ntp/ntpd/ntp.keys.man.in +@@ -1,8 +1,8 @@ +-.TH ntp.keys 5 "21 Oct 2015" "4.2.8p4" "File Formats" ++.TH ntp.keys 5 "07 Jan 2016" "4.2.8p5" "File Formats" + .\" + .\" EDIT THIS FILE WITH CAUTION (ntp.man) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5 + .\" From the definitions ntp.keys.def + .\" and the template file agman-file.tpl + .Sh NAME +--- contrib/ntp/ntpd/ntp.keys.mdoc.in.orig ++++ contrib/ntp/ntpd/ntp.keys.mdoc.in +@@ -1,9 +1,9 @@ +-.Dd October 21 2015 ++.Dd January 7 2016 + .Dt NTP_KEYS 5 File Formats + .Os SunOS 5.10 + .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:31:00 PM by AutoGen 5.18.5 + .\" From the definitions ntp.keys.def + .\" and the template file agmdoc-file.tpl + .Sh NAME +--- contrib/ntp/ntpd/ntp_control.c.orig ++++ contrib/ntp/ntpd/ntp_control.c +@@ -846,7 +846,7 @@ + u_char errcode + ) + { +- int maclen; ++ size_t maclen; + + numctlerrors++; + DPRINTF(3, ("sending control error %u\n", errcode)); +@@ -1248,10 +1248,10 @@ + ) + { + size_t i; +- int dlen; +- int sendlen; +- int maclen; +- int totlen; ++ size_t dlen; ++ size_t sendlen; ++ size_t maclen; ++ size_t totlen; + keyid_t keyid; + + dlen = datapt - rpkt.u.data; +--- contrib/ntp/ntpd/ntp_crypto.c.orig ++++ contrib/ntp/ntpd/ntp_crypto.c +@@ -473,9 +473,9 @@ + } + + /* Check if the declared size fits into the remaining +- * buffer. ++ * buffer. We *know* 'macbytes' > 0 here! + */ +- if (len > macbytes) { ++ if (len > (u_int)macbytes) { + DPRINTF(1, ("crypto_recv: possible attack detected, associd %d\n", + associd)); + return XEVNT_LEN; +--- contrib/ntp/ntpd/ntp_io.c.orig ++++ contrib/ntp/ntpd/ntp_io.c +@@ -41,6 +41,7 @@ + #include "timevalops.h" + #include "timespecops.h" + #include "ntpd-opts.h" ++#include "safecast.h" + + /* Don't include ISC's version of IPv6 variables and structures */ + #define ISC_IPV6_H 1 +@@ -772,7 +773,7 @@ + hints.ai_flags |= AI_NUMERICHOST; + if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) { + AF(addr) = AF_INET6; +- resaddr6 = (struct sockaddr_in6 *)result->ai_addr; ++ resaddr6 = UA_PTR(struct sockaddr_in6, result->ai_addr); + SET_ADDR6N(addr, resaddr6->sin6_addr); + SET_SCOPE(addr, resaddr6->sin6_scope_id); + +@@ -3365,7 +3366,7 @@ + #endif /* HAVE_BINTIME */ + #ifdef HAVE_TIMESTAMPNS + case SCM_TIMESTAMPNS: +- tsp = (struct timespec *)CMSG_DATA(cmsghdr); ++ tsp = UA_PTR(struct timespec, CMSG_DATA(cmsghdr)); + if (sys_tick > measured_tick && + sys_tick > 1e-9) { + ticks = (unsigned long)((tsp->tv_nsec * 1e-9) / +@@ -3666,8 +3667,7 @@ + fds = activefds; + tvzero.tv_sec = tvzero.tv_usec = 0; + +- n = select(maxactivefd + 1, &fds, (fd_set *)0, (fd_set *)0, +- &tvzero); ++ n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero); + + /* + * If there are no packets waiting just return +@@ -4447,7 +4447,7 @@ + break; + + case FD_TYPE_FILE: +- closeserial(lsock->fd); ++ closeserial((int)lsock->fd); + break; + + default: +@@ -4643,7 +4643,7 @@ + * process routing message + */ + #ifdef HAVE_RTNETLINK +- for (nh = (struct nlmsghdr *)buffer; ++ for (nh = UA_PTR(struct nlmsghdr, buffer); + NLMSG_OK(nh, cnt); + nh = NLMSG_NEXT(nh, cnt)) { + msg_type = nh->nlmsg_type; +--- contrib/ntp/ntpd/ntp_loopfilter.c.orig ++++ contrib/ntp/ntpd/ntp_loopfilter.c +@@ -154,7 +154,6 @@ + int ext_enable; /* external clock enabled */ + int pps_stratum; /* pps stratum */ + int kernel_status; /* from ntp_adjtime */ +-int allow_panic = FALSE; /* allow panic correction (-g) */ + int force_step_once = FALSE; /* always step time once at startup (-G) */ + int mode_ntpdate = FALSE; /* exit on first clock set (-q) */ + int freq_cnt; /* initial frequency clamp */ +@@ -459,16 +458,16 @@ + double dtemp, etemp; /* double temps */ + char tbuf[80]; /* report buffer */ + ++ (void)ntp_adj_ret; /* not always used below... */ + /* + * If the loop is opened or the NIST LOCKCLOCK is in use, + * monitor and record the offsets anyway in order to determine + * the open-loop response and then go home. + */ +-#ifdef LOCKCLOCK ++#ifndef LOCKCLOCK ++ if (!ntp_enable) ++#endif /* not LOCKCLOCK */ + { +-#else +- if (!ntp_enable) { +-#endif /* LOCKCLOCK */ + record_loop_stats(fp_offset, drift_comp, clock_jitter, + clock_stability, sys_poll); + return (0); +@@ -493,6 +492,8 @@ + return (-1); + } + ++ allow_panic = FALSE; ++ + /* + * This section simulates ntpdate. If the offset exceeds the + * step threshold (128 ms), step the clock to that time and +@@ -538,12 +539,8 @@ + else + dtemp = (peer->delay - sys_mindly) / 2; + fp_offset += dtemp; +-#ifdef DEBUG +- if (debug) +- printf( +- "local_clock: size %d mindly %.6f huffpuff %.6f\n", +- sys_hufflen, sys_mindly, dtemp); +-#endif ++ DPRINTF(1, ("local_clock: size %d mindly %.6f huffpuff %.6f\n", ++ sys_hufflen, sys_mindly, dtemp)); + } + + /* +@@ -694,7 +691,6 @@ + * startup until the initial transient has subsided. + */ + default: +- allow_panic = FALSE; + if (freq_cnt == 0) { + + /* +@@ -921,15 +917,11 @@ + */ + record_loop_stats(clock_offset, drift_comp, clock_jitter, + clock_stability, sys_poll); +-#ifdef DEBUG +- if (debug) +- printf( +- "local_clock: offset %.9f jit %.9f freq %.3f stab %.3f poll %d\n", ++ DPRINTF(1, ("local_clock: offset %.9f jit %.9f freq %.3f stab %.3f poll %d\n", + clock_offset, clock_jitter, drift_comp * 1e6, +- clock_stability * 1e6, sys_poll); +-#endif /* DEBUG */ ++ clock_stability * 1e6, sys_poll)); + return (rval); +-#endif /* LOCKCLOCK */ ++#endif /* not LOCKCLOCK */ + } + + +@@ -1005,7 +997,10 @@ + * but does not automatically stop slewing when an offset + * has decayed to zero. + */ ++ DEBUG_INSIST(enable_panic_check == TRUE); ++ enable_panic_check = FALSE; + adj_systime(offset_adj + freq_adj); ++ enable_panic_check = TRUE; + #endif /* LOCKCLOCK */ + } + +@@ -1019,12 +1014,9 @@ + double offset /* new offset */ + ) + { +-#ifdef DEBUG +- if (debug > 1) +- printf("local_clock: mu %lu state %d poll %d count %d\n", ++ DPRINTF(2, ("rstclock: mu %lu state %d poll %d count %d\n", + current_time - clock_epoch, trans, sys_poll, +- tc_counter); +-#endif ++ tc_counter)); + if (trans != state && trans != EVNT_FSET) + report_event(trans, NULL, NULL); + state = trans; +@@ -1075,6 +1067,7 @@ + const char * loop_desc; + int ntp_adj_ret; + ++ (void)ntp_adj_ret; /* not always used below... */ + drift_comp = freq; + loop_desc = "ntpd"; + #ifdef KERNEL_PLL +@@ -1236,10 +1229,7 @@ + int i; + double ftemp; + +-#ifdef DEBUG +- if (debug > 1) +- printf("loop_config: item %d freq %f\n", item, freq); +-#endif ++ DPRINTF(2, ("loop_config: item %d freq %f\n", item, freq)); + switch (item) { + + /* +--- contrib/ntp/ntpd/ntp_parser.c.orig ++++ contrib/ntp/ntpd/ntp_parser.c +@@ -889,21 +889,21 @@ + 872, 873, 874, 875, 876, 877, 878, 879, 880, 881, + 882, 886, 891, 899, 904, 905, 906, 910, 915, 923, + 928, 929, 930, 931, 932, 933, 934, 935, 943, 953, +- 958, 966, 968, 970, 972, 974, 979, 980, 984, 985, +- 986, 987, 995, 1000, 1005, 1013, 1018, 1019, 1020, 1029, +- 1031, 1036, 1041, 1049, 1051, 1068, 1069, 1070, 1071, 1072, +- 1073, 1077, 1078, 1086, 1091, 1096, 1104, 1109, 1110, 1111, +- 1112, 1113, 1114, 1115, 1116, 1117, 1118, 1127, 1128, 1129, +- 1136, 1143, 1150, 1166, 1185, 1187, 1189, 1191, 1193, 1195, +- 1202, 1207, 1208, 1209, 1213, 1217, 1226, 1227, 1231, 1232, +- 1233, 1237, 1248, 1262, 1274, 1279, 1281, 1286, 1287, 1295, +- 1297, 1305, 1310, 1318, 1343, 1350, 1360, 1361, 1365, 1366, +- 1367, 1368, 1372, 1373, 1374, 1378, 1383, 1388, 1396, 1397, +- 1398, 1399, 1400, 1401, 1402, 1412, 1417, 1425, 1430, 1438, +- 1440, 1444, 1449, 1454, 1462, 1467, 1475, 1484, 1485, 1489, +- 1490, 1499, 1517, 1521, 1526, 1534, 1539, 1540, 1544, 1549, +- 1557, 1562, 1567, 1572, 1577, 1585, 1590, 1595, 1603, 1608, +- 1609, 1610, 1611, 1612 ++ 958, 966, 968, 970, 979, 981, 986, 987, 991, 992, ++ 993, 994, 1002, 1007, 1012, 1020, 1025, 1026, 1027, 1036, ++ 1038, 1043, 1048, 1056, 1058, 1075, 1076, 1077, 1078, 1079, ++ 1080, 1084, 1085, 1093, 1098, 1103, 1111, 1116, 1117, 1118, ++ 1119, 1120, 1121, 1122, 1123, 1124, 1125, 1134, 1135, 1136, ++ 1143, 1150, 1157, 1173, 1192, 1194, 1196, 1198, 1200, 1202, ++ 1209, 1214, 1215, 1216, 1220, 1224, 1233, 1234, 1238, 1239, ++ 1240, 1244, 1255, 1269, 1281, 1286, 1288, 1293, 1294, 1302, ++ 1304, 1312, 1317, 1325, 1350, 1357, 1367, 1368, 1372, 1373, ++ 1374, 1375, 1379, 1380, 1381, 1385, 1390, 1395, 1403, 1404, ++ 1405, 1406, 1407, 1408, 1409, 1419, 1424, 1432, 1437, 1445, ++ 1447, 1451, 1456, 1461, 1469, 1474, 1482, 1491, 1492, 1496, ++ 1497, 1506, 1524, 1528, 1533, 1541, 1546, 1547, 1551, 1556, ++ 1564, 1569, 1574, 1579, 1584, 1592, 1597, 1602, 1610, 1615, ++ 1616, 1617, 1618, 1619 + }; + #endif + +@@ -2684,90 +2684,97 @@ + + case 173: + #line 971 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ +- { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } +-#line 2689 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++ { ++ if ((yyvsp[0].Integer) >= 0 && (yyvsp[0].Integer) <= 16) { ++ (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); ++ } else { ++ (yyval.Attr_val) = NULL; ++ yyerror("fudge factor: stratum value not in [0..16], ignored"); ++ } ++ } ++#line 2696 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 174: +-#line 973 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 980 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } +-#line 2695 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2702 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 175: +-#line 975 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 982 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } +-#line 2701 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2708 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 182: +-#line 996 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1003 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { CONCAT_G_FIFOS(cfgt.rlimit, (yyvsp[0].Attr_val_fifo)); } +-#line 2707 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2714 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 183: +-#line 1001 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1008 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 2716 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2723 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 184: +-#line 1006 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1013 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = NULL; + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 2725 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2732 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 185: +-#line 1014 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1021 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } +-#line 2731 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2738 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 189: +-#line 1030 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1037 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { CONCAT_G_FIFOS(cfgt.enable_opts, (yyvsp[0].Attr_val_fifo)); } +-#line 2737 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2744 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 190: +-#line 1032 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1039 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { CONCAT_G_FIFOS(cfgt.disable_opts, (yyvsp[0].Attr_val_fifo)); } +-#line 2743 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2750 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 191: +-#line 1037 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1044 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 2752 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2759 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 192: +-#line 1042 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1049 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = NULL; + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 2761 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2768 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 193: +-#line 1050 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1057 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); } +-#line 2767 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2774 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 194: +-#line 1052 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1059 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + if (lex_from_file()) { + (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); +@@ -2781,41 +2788,41 @@ + yyerror(err_str); + } + } +-#line 2785 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2792 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 203: +-#line 1087 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1094 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { CONCAT_G_FIFOS(cfgt.tinker, (yyvsp[0].Attr_val_fifo)); } +-#line 2791 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2798 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 204: +-#line 1092 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1099 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 2800 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2807 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 205: +-#line 1097 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1104 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = NULL; + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 2809 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2816 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 206: +-#line 1105 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1112 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); } +-#line 2815 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2822 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 219: +-#line 1130 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1137 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + attr_val *av; + +@@ -2822,11 +2829,11 @@ + av = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); + APPEND_G_FIFO(cfgt.vars, av); + } +-#line 2826 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2833 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 220: +-#line 1137 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1144 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + attr_val *av; + +@@ -2833,11 +2840,11 @@ + av = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); + APPEND_G_FIFO(cfgt.vars, av); + } +-#line 2837 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2844 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 221: +-#line 1144 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1151 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + attr_val *av; + +@@ -2844,11 +2851,11 @@ + av = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); + APPEND_G_FIFO(cfgt.vars, av); + } +-#line 2848 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2855 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 222: +-#line 1151 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1158 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + char error_text[64]; + attr_val *av; +@@ -2864,11 +2871,11 @@ + yyerror(error_text); + } + } +-#line 2868 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2875 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 223: +-#line 1167 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1174 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + if (!lex_from_file()) { + YYFREE((yyvsp[-1].String)); /* avoid leak */ +@@ -2887,41 +2894,41 @@ + } + YYFREE((yyvsp[-1].String)); /* avoid leak */ + } +-#line 2891 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2898 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 224: +-#line 1186 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1193 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { lex_flush_stack(); } +-#line 2897 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2904 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 225: +-#line 1188 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1195 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { /* see drift_parm below for actions */ } +-#line 2903 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2910 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 226: +-#line 1190 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1197 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { CONCAT_G_FIFOS(cfgt.logconfig, (yyvsp[0].Attr_val_fifo)); } +-#line 2909 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2916 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 227: +-#line 1192 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1199 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { CONCAT_G_FIFOS(cfgt.phone, (yyvsp[0].String_fifo)); } +-#line 2915 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2922 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 228: +-#line 1194 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1201 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { APPEND_G_FIFO(cfgt.setvar, (yyvsp[0].Set_var)); } +-#line 2921 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2928 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 229: +-#line 1196 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1203 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + addr_opts_node *aon; + +@@ -2928,27 +2935,27 @@ + aon = create_addr_opts_node((yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo)); + APPEND_G_FIFO(cfgt.trap, aon); + } +-#line 2932 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2939 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 230: +-#line 1203 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1210 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { CONCAT_G_FIFOS(cfgt.ttl, (yyvsp[0].Attr_val_fifo)); } +-#line 2938 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2945 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 235: +-#line 1218 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1225 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + #ifndef LEAP_SMEAR + yyerror("Built without LEAP_SMEAR support."); + #endif + } +-#line 2948 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2955 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 241: +-#line 1238 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1245 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + if (lex_from_file()) { + attr_val *av; +@@ -2959,11 +2966,11 @@ + yyerror("driftfile remote configuration ignored"); + } + } +-#line 2963 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2970 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 242: +-#line 1249 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1256 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + if (lex_from_file()) { + attr_val *av; +@@ -2976,11 +2983,11 @@ + yyerror("driftfile remote configuration ignored"); + } + } +-#line 2980 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 2987 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 243: +-#line 1262 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1269 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + if (lex_from_file()) { + attr_val *av; +@@ -2990,71 +2997,71 @@ + yyerror("driftfile remote configuration ignored"); + } + } +-#line 2994 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3001 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 244: +-#line 1275 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1282 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Set_var) = create_setvar_node((yyvsp[-3].String), (yyvsp[-1].String), (yyvsp[0].Integer)); } +-#line 3000 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3007 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 246: +-#line 1281 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1288 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Integer) = 0; } +-#line 3006 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3013 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 247: +-#line 1286 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1293 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val_fifo) = NULL; } +-#line 3012 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3019 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 248: +-#line 1288 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1295 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 3021 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3028 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 249: +-#line 1296 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1303 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } +-#line 3027 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3034 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 250: +-#line 1298 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1305 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), estrdup((yyvsp[0].Address_node)->address)); + destroy_address_node((yyvsp[0].Address_node)); + } +-#line 3036 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3043 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 251: +-#line 1306 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1313 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 3045 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3052 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 252: +-#line 1311 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1318 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = NULL; + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 3054 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3061 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 253: +-#line 1319 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1326 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + char prefix; + char * type; +@@ -3076,11 +3083,11 @@ + (yyval.Attr_val) = create_attr_sval(prefix, estrdup(type)); + YYFREE((yyvsp[0].String)); + } +-#line 3080 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3087 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 254: +-#line 1344 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1351 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + nic_rule_node *nrn; + +@@ -3087,11 +3094,11 @@ + nrn = create_nic_rule_node((yyvsp[0].Integer), NULL, (yyvsp[-1].Integer)); + APPEND_G_FIFO(cfgt.nic_rules, nrn); + } +-#line 3091 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3098 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 255: +-#line 1351 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1358 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + nic_rule_node *nrn; + +@@ -3098,119 +3105,119 @@ + nrn = create_nic_rule_node(0, (yyvsp[0].String), (yyvsp[-1].Integer)); + APPEND_G_FIFO(cfgt.nic_rules, nrn); + } +-#line 3102 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3109 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 265: +-#line 1379 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1386 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { CONCAT_G_FIFOS(cfgt.reset_counters, (yyvsp[0].Int_fifo)); } +-#line 3108 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3115 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 266: +-#line 1384 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1391 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Int_fifo) = (yyvsp[-1].Int_fifo); + APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); + } +-#line 3117 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3124 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 267: +-#line 1389 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1396 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Int_fifo) = NULL; + APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); + } +-#line 3126 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3133 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 275: +-#line 1413 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1420 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); + APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer))); + } +-#line 3135 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3142 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 276: +-#line 1418 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1425 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = NULL; + APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer))); + } +-#line 3144 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3151 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 277: +-#line 1426 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1433 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 3153 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3160 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 278: +-#line 1431 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1438 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = NULL; + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); + } +-#line 3162 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3169 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 279: +-#line 1439 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1446 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_ival('i', (yyvsp[0].Integer)); } +-#line 3168 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3175 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 281: +-#line 1445 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1452 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_rangeval('-', (yyvsp[-3].Integer), (yyvsp[-1].Integer)); } +-#line 3174 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3181 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 282: +-#line 1450 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1457 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.String_fifo) = (yyvsp[-1].String_fifo); + APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String))); + } +-#line 3183 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3190 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 283: +-#line 1455 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1462 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.String_fifo) = NULL; + APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String))); + } +-#line 3192 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3199 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 284: +-#line 1463 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1470 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Address_fifo) = (yyvsp[-1].Address_fifo); + APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node)); + } +-#line 3201 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3208 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 285: +-#line 1468 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1475 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Address_fifo) = NULL; + APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node)); + } +-#line 3210 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3217 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 286: +-#line 1476 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1483 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + if ((yyvsp[0].Integer) != 0 && (yyvsp[0].Integer) != 1) { + yyerror("Integer value is not boolean (0 or 1). Assuming 1"); +@@ -3219,29 +3226,29 @@ + (yyval.Integer) = (yyvsp[0].Integer); + } + } +-#line 3223 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3230 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 287: +-#line 1484 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1491 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Integer) = 1; } +-#line 3229 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3236 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 288: +-#line 1485 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1492 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Integer) = 0; } +-#line 3235 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3242 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 289: +-#line 1489 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1496 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Double) = (double)(yyvsp[0].Integer); } +-#line 3241 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3248 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 291: +-#line 1500 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1507 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + sim_node *sn; + +@@ -3251,125 +3258,125 @@ + /* Revert from ; to \n for end-of-command */ + old_config_style = 1; + } +-#line 3255 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3262 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 292: +-#line 1517 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1524 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { old_config_style = 0; } +-#line 3261 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3268 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 293: +-#line 1522 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1529 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo); + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); + } +-#line 3270 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3277 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 294: +-#line 1527 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1534 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = NULL; + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); + } +-#line 3279 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3286 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 295: +-#line 1535 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1542 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); } +-#line 3285 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3292 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 298: +-#line 1545 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1552 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Sim_server_fifo) = (yyvsp[-1].Sim_server_fifo); + APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server)); + } +-#line 3294 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3301 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 299: +-#line 1550 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1557 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Sim_server_fifo) = NULL; + APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server)); + } +-#line 3303 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3310 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 300: +-#line 1558 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1565 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Sim_server) = ONLY_SIM(create_sim_server((yyvsp[-4].Address_node), (yyvsp[-2].Double), (yyvsp[-1].Sim_script_fifo))); } +-#line 3309 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3316 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 301: +-#line 1563 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1570 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Double) = (yyvsp[-1].Double); } +-#line 3315 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3322 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 302: +-#line 1568 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1575 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Address_node) = (yyvsp[0].Address_node); } +-#line 3321 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3328 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 303: +-#line 1573 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1580 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Sim_script_fifo) = (yyvsp[-1].Sim_script_fifo); + APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script)); + } +-#line 3330 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3337 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 304: +-#line 1578 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1585 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Sim_script_fifo) = NULL; + APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script)); + } +-#line 3339 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3346 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 305: +-#line 1586 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1593 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Sim_script) = ONLY_SIM(create_sim_script_info((yyvsp[-3].Double), (yyvsp[-1].Attr_val_fifo))); } +-#line 3345 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3352 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 306: +-#line 1591 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1598 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo); + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); + } +-#line 3354 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3361 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 307: +-#line 1596 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1603 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { + (yyval.Attr_val_fifo) = NULL; + APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); + } +-#line 3363 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3370 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + case 308: +-#line 1604 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ ++#line 1611 "../../ntpd/ntp_parser.y" /* yacc.c:1646 */ + { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); } +-#line 3369 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3376 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + break; + + +-#line 3373 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ ++#line 3380 "../../ntpd/ntp_parser.c" /* yacc.c:1646 */ + default: break; + } + /* User semantic actions sometimes alter yychar, and that requires +@@ -3597,7 +3604,7 @@ + #endif + return yyresult; + } +-#line 1615 "../../ntpd/ntp_parser.y" /* yacc.c:1906 */ ++#line 1622 "../../ntpd/ntp_parser.y" /* yacc.c:1906 */ + + + void +--- contrib/ntp/ntpd/ntp_proto.c.orig ++++ contrib/ntp/ntpd/ntp_proto.c +@@ -15,6 +15,7 @@ + #include "ntp_string.h" + #include "ntp_leapsec.h" + #include "refidsmear.h" ++#include "lib_strbuf.h" + + #include + #ifdef HAVE_LIBSCF_H +@@ -172,8 +173,14 @@ + const struct addrinfo *); + #endif /* WORKER */ + ++const char * amtoa (int am); ++ ++ + void +-set_sys_leap(u_char new_sys_leap) { ++set_sys_leap( ++ u_char new_sys_leap ++ ) ++{ + sys_leap = new_sys_leap; + xmt_leap = sys_leap; + +@@ -189,8 +196,9 @@ + #ifdef LEAP_SMEAR + else { + /* +- * If leap smear is enabled in general we must never send a leap second warning +- * to clients, so make sure we only send "in sync". ++ * If leap smear is enabled in general we must ++ * never send a leap second warning to clients, ++ * so make sure we only send "in sync". + */ + if (leap_smear.enabled) + xmt_leap = LEAP_NOWARNING; +@@ -199,34 +207,39 @@ + } + } + ++ + /* + * Kiss Code check + */ +-int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid) { ++int ++kiss_code_check( ++ u_char hisleap, ++ u_char hisstratum, ++ u_char hismode, ++ u_int32 refid ++ ) ++{ + +- if ( hismode == MODE_SERVER +- && hisleap == LEAP_NOTINSYNC +- && hisstratum == STRATUM_UNSPEC) { +- if(memcmp(&refid,"RATE", 4) == 0) { +- return (RATEKISS); +- } +- else if(memcmp(&refid,"DENY", 4) == 0) { +- return (DENYKISS); +- } +- else if(memcmp(&refid,"RSTR", 4) == 0) { +- return (RSTRKISS); +- } +- else if(memcmp(&refid,"X", 1) == 0) { +- return (XKISS); +- } +- else { +- return (UNKNOWNKISS); +- } ++ if ( hismode == MODE_SERVER ++ && hisleap == LEAP_NOTINSYNC ++ && hisstratum == STRATUM_UNSPEC) { ++ if(memcmp(&refid,"RATE", 4) == 0) { ++ return (RATEKISS); ++ } else if(memcmp(&refid,"DENY", 4) == 0) { ++ return (DENYKISS); ++ } else if(memcmp(&refid,"RSTR", 4) == 0) { ++ return (RSTRKISS); ++ } else if(memcmp(&refid,"X", 1) == 0) { ++ return (XKISS); ++ } else { ++ return (UNKNOWNKISS); + } +- else { +- return (NOKISS); +- } ++ } else { ++ return (NOKISS); ++ } + } ++ ++ + /* + * transmit - transmit procedure called by poll timeout + */ +@@ -303,7 +316,7 @@ + peer->outdate = current_time; + if ( (peer_associations <= 2 * sys_maxclock) + && ( peer_associations < sys_maxclock +- || sys_survivors < sys_minclock)) ++ || sys_survivors < sys_minclock)) + pool_xmit(peer); + poll_update(peer, hpoll); + return; +@@ -416,9 +429,36 @@ + if (peer->hmode != MODE_BCLIENT) + peer_xmit(peer); + poll_update(peer, hpoll); ++ ++ return; + } + + ++const char * ++amtoa( ++ int am ++ ) ++{ ++ char *bp; ++ ++ switch(am) { ++ case AM_ERR: return "AM_ERR"; ++ case AM_NOMATCH: return "AM_NOMATCH"; ++ case AM_PROCPKT: return "AM_PROCPKT"; ++ case AM_BCST: return "AM_BCST"; ++ case AM_FXMIT: return "AM_FXMIT"; ++ case AM_MANYCAST: return "AM_MANYCAST"; ++ case AM_NEWPASS: return "AM_NEWPASS"; ++ case AM_NEWBCL: return "AM_NEWBCL"; ++ case AM_POSSBCL: return "AM_POSSBCL"; ++ default: ++ LIB_GETBUF(bp); ++ snprintf(bp, LIB_BUFLENGTH, "AM_#%d", am); ++ return bp; ++ } ++} ++ ++ + /* + * receive - receive procedure called for each packet received + */ +@@ -434,7 +474,9 @@ + u_char hismode; /* packet mode */ + u_char hisstratum; /* packet stratum */ + u_short restrict_mask; /* restrict bits */ +- int kissCode = NOKISS; /* Kiss Code */ ++ const char *hm_str; /* hismode string */ ++ const char *am_str; /* association match string */ ++ int kissCode = NOKISS; /* Kiss Code */ + int has_mac; /* length of MAC field */ + int authlen; /* offset of MAC field */ + int is_authentic = 0; /* cryptosum ok */ +@@ -441,9 +483,9 @@ + int retcode = AM_NOMATCH; /* match code */ + keyid_t skeyid = 0; /* key IDs */ + u_int32 opcode = 0; /* extension field opcode */ +- sockaddr_u *dstadr_sin; /* active runway */ ++ sockaddr_u *dstadr_sin; /* active runway */ + struct peer *peer2; /* aux peer structure pointer */ +- endpt * match_ep; /* newpeer() local address */ ++ endpt *match_ep; /* newpeer() local address */ + l_fp p_org; /* origin timestamp */ + l_fp p_rec; /* receive timestamp */ + l_fp p_xmt; /* transmit timestamp */ +@@ -474,11 +516,12 @@ + return; /* bogus port */ + } + restrict_mask = restrictions(&rbufp->recv_srcadr); +- DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x\n", ++ pkt = &rbufp->recv_pkt; ++ DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x org %#010x.%08x xmt %#010x.%08x\n", + current_time, stoa(&rbufp->dstadr->sin), +- stoa(&rbufp->recv_srcadr), +- rbufp->dstadr->flags, restrict_mask)); +- pkt = &rbufp->recv_pkt; ++ stoa(&rbufp->recv_srcadr), rbufp->dstadr->flags, ++ restrict_mask, ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), ++ ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); + hisversion = PKT_VERSION(pkt->li_vn_mode); + hisleap = PKT_LEAP(pkt->li_vn_mode); + hismode = (int)PKT_MODE(pkt->li_vn_mode); +@@ -685,6 +728,8 @@ + NTOHL_FP(&pkt->org, &p_org); + NTOHL_FP(&pkt->rec, &p_rec); + NTOHL_FP(&pkt->xmt, &p_xmt); ++ hm_str = modetoa(hismode); ++ am_str = amtoa(retcode); + + /* + * Authentication is conditioned by three switches: +@@ -713,25 +758,21 @@ + if (has_mac == 0) { + restrict_mask &= ~RES_MSSNTP; + is_authentic = AUTH_NONE; /* not required */ +-#ifdef DEBUG +- if (debug) +- printf( +- "receive: at %ld %s<-%s mode %d len %d\n", ++ DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n", + current_time, stoa(dstadr_sin), +- stoa(&rbufp->recv_srcadr), hismode, +- authlen); +-#endif ++ stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, ++ authlen, ++ ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), ++ ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); + } else if (has_mac == 4) { + restrict_mask &= ~RES_MSSNTP; + is_authentic = AUTH_CRYPTO; /* crypto-NAK */ +-#ifdef DEBUG +- if (debug) +- printf( +- "receive: at %ld %s<-%s mode %d keyid %08x len %d auth %d\n", ++ DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC4\n", + current_time, stoa(dstadr_sin), +- stoa(&rbufp->recv_srcadr), hismode, skeyid, +- authlen + has_mac, is_authentic); +-#endif ++ stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, ++ skeyid, authlen + has_mac, is_authentic, ++ ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), ++ ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); + + #ifdef HAVE_NTP_SIGND + /* +@@ -747,7 +788,7 @@ + && (restrict_mask & RES_MSSNTP) + && (retcode == AM_FXMIT || retcode == AM_NEWPASS) + && (memcmp(zero_key, (char *)pkt + authlen + 4, +- MAX_MD5_LEN - 4) == 0)) { ++ MAX_MD5_LEN - 4) == 0)) { + is_authentic = AUTH_NONE; + #endif /* HAVE_NTP_SIGND */ + +@@ -856,14 +897,12 @@ + if (crypto_flags && skeyid > NTP_MAXKEY) + authtrust(skeyid, 0); + #endif /* AUTOKEY */ +-#ifdef DEBUG +- if (debug) +- printf( +- "receive: at %ld %s<-%s mode %d keyid %08x len %d auth %d\n", ++ DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x\n", + current_time, stoa(dstadr_sin), +- stoa(&rbufp->recv_srcadr), hismode, skeyid, +- authlen + has_mac, is_authentic); +-#endif ++ stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, ++ skeyid, authlen + has_mac, is_authentic, ++ ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), ++ ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); + } + + /* +@@ -1194,11 +1233,11 @@ + * debug-printed and not logged to avoid log + * flooding. + */ +- DPRINTF(1, ("receive: at %ld refusing to mobilize passive association" +- " with unknown peer %s mode %d keyid %08x len %d auth %d\n", ++ DPRINTF(2, ("receive: at %ld refusing to mobilize passive association" ++ " with unknown peer %s mode %d/%s:%s keyid %08x len %d auth %d\n", + current_time, stoa(&rbufp->recv_srcadr), +- hismode, skeyid, (authlen + has_mac), +- is_authentic)); ++ hismode, hm_str, am_str, skeyid, ++ (authlen + has_mac), is_authentic)); + sys_declined++; + return; + } +@@ -1321,26 +1360,36 @@ + } + + /* +- * Check for bogus packet in basic mode. If found, switch to +- * interleaved mode and resynchronize, but only after confirming +- * the packet is not bogus in symmetric interleaved mode. ++ * Basic mode checks: + * ++ * If there is no origin timestamp, it's an initial packet. ++ * ++ * Otherwise, check for bogus packet in basic mode. ++ * If it is bogus, switch to interleaved mode and resynchronize, ++ * but only after confirming the packet is not bogus in ++ * symmetric interleaved mode. ++ * + * This could also mean somebody is forging packets claiming to + * be from us, attempting to cause our server to KoD us. + */ + } else if (peer->flip == 0) { +- if (!L_ISEQU(&p_org, &peer->aorg)) { ++ if (0 < hisstratum && L_ISZERO(&p_org)) { ++ L_CLR(&peer->aorg); ++ } else if (!L_ISEQU(&p_org, &peer->aorg)) { + peer->bogusorg++; + peer->flash |= TEST2; /* bogus */ + msyslog(LOG_INFO, +- "receive: Unexpected origin timestamp from %s", +- ntoa(&peer->srcadr)); ++ "receive: Unexpected origin timestamp %#010x.%08x from %s xmt %#010x.%08x", ++ ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), ++ ntoa(&peer->srcadr), ++ ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)); + if ( !L_ISZERO(&peer->dst) + && L_ISEQU(&p_org, &peer->dst)) { ++ /* Might be the start of an interleave */ + peer->flip = 1; + report_event(PEVNT_XLEAVE, peer, NULL); + } +- return; /* Bogus packet, we are done */ ++ return; /* Bogus or possible interleave packet */ + } else { + L_CLR(&peer->aorg); + } +@@ -1694,11 +1743,8 @@ + */ + if (peer->flash & PKT_TEST_MASK) { + peer->seldisptoolarge++; +-#ifdef DEBUG +- if (debug) +- printf("packet: flash header %04x\n", +- peer->flash); +-#endif ++ DPRINTF(1, ("packet: flash header %04x\n", ++ peer->flash)); + return; + } + +@@ -1871,15 +1917,12 @@ + * the roundtrip delay. Then it calculates the correction as a + * fraction of d. + */ +- peer->t21 = t21; ++ peer->t21 = t21; + peer->t21_last = peer->t21_bytes; + peer->t34 = -t34; + peer->t34_bytes = len; +-#ifdef DEBUG +- if (debug > 1) +- printf("packet: t21 %.9lf %d t34 %.9lf %d\n", peer->t21, +- peer->t21_bytes, peer->t34, peer->t34_bytes); +-#endif ++ DPRINTF(2, ("packet: t21 %.9lf %d t34 %.9lf %d\n", peer->t21, ++ peer->t21_bytes, peer->t34, peer->t34_bytes)); + if (peer->r21 > 0 && peer->r34 > 0 && p_del > 0) { + if (peer->pmode != MODE_BROADCAST) + td = (peer->r34 / (peer->r21 + peer->r34) - +@@ -1888,7 +1931,7 @@ + td = 0; + + /* +- * Unfortunately, in many cases the errors are ++ * Unfortunately, in many cases the errors are + * unacceptable, so for the present the rates are not + * used. In future, we might find conditions where the + * calculations are useful, so this should be considered +@@ -1896,12 +1939,9 @@ + */ + t21 -= td; + t34 -= td; +-#ifdef DEBUG +- if (debug > 1) +- printf("packet: del %.6lf r21 %.1lf r34 %.1lf %.6lf\n", ++ DPRINTF(2, ("packet: del %.6lf r21 %.1lf r34 %.1lf %.6lf\n", + p_del, peer->r21 / 1e3, peer->r34 / 1e3, +- td); +-#endif ++ td)); + } + #endif /* ASSYM */ + +@@ -1994,12 +2034,8 @@ + sys_rootdelay = peer->delay + peer->rootdelay; + sys_reftime = peer->dst; + +-#ifdef DEBUG +- if (debug) +- printf( +- "clock_update: at %lu sample %lu associd %d\n", +- current_time, peer->epoch, peer->associd); +-#endif ++ DPRINTF(1, ("clock_update: at %lu sample %lu associd %d\n", ++ current_time, peer->epoch, peer->associd)); + + /* + * Comes now the moment of truth. Crank the clock discipline and +@@ -2308,13 +2344,9 @@ + #ifdef AUTOKEY + peer->refresh = current_time + (1 << NTP_REFRESH); + #endif /* AUTOKEY */ +-#ifdef DEBUG +- if (debug) +- printf( +- "peer_clear: at %ld next %ld associd %d refid %s\n", ++ DPRINTF(1, ("peer_clear: at %ld next %ld associd %d refid %s\n", + current_time, peer->nextdate, peer->associd, +- ident); +-#endif ++ ident)); + } + + +@@ -2478,11 +2510,8 @@ + * packets. + */ + if (peer->filter_epoch[k] <= peer->epoch) { +-#if DEBUG +- if (debug > 1) +- printf("clock_filter: old sample %lu\n", current_time - +- peer->filter_epoch[k]); +-#endif ++ DPRINTF(2, ("clock_filter: old sample %lu\n", current_time - ++ peer->filter_epoch[k])); + return; + } + peer->epoch = peer->filter_epoch[k]; +@@ -2494,13 +2523,9 @@ + */ + record_peer_stats(&peer->srcadr, ctlpeerstatus(peer), + peer->offset, peer->delay, peer->disp, peer->jitter); +-#ifdef DEBUG +- if (debug) +- printf( +- "clock_filter: n %d off %.6f del %.6f dsp %.6f jit %.6f\n", ++ DPRINTF(1, ("clock_filter: n %d off %.6f del %.6f dsp %.6f jit %.6f\n", + m, peer->offset, peer->delay, peer->disp, +- peer->jitter); +-#endif ++ peer->jitter)); + if (peer->burst == 0 || sys_leap == LEAP_NOTINSYNC) + clock_select(); + } +@@ -3004,7 +3029,7 @@ + typesystem = typepps; + sys_clockhop = 0; + typesystem->new_status = CTL_PST_SEL_PPS; +- sys_offset = typesystem->offset; ++ sys_offset = typesystem->offset; + sys_jitter = typesystem->jitter; + DPRINTF(1, ("select: pps offset %.9f jitter %.9f\n", + sys_offset, sys_jitter)); +@@ -3157,11 +3182,11 @@ + * might not be usable. + */ + sendlen = LEN_PKT_NOMAC; ++ if ( + #ifdef AUTOKEY +- if (!(peer->flags & FLAG_SKEY) && peer->keyid == 0) { +-#else /* !AUTOKEY follows */ +- if (peer->keyid == 0) { ++ !(peer->flags & FLAG_SKEY) && + #endif /* !AUTOKEY */ ++ peer->keyid == 0) { + + /* + * Transmit a-priori timestamps +@@ -3207,13 +3232,11 @@ + } + L_SUB(&xmt_ty, &xmt_tx); + LFPTOD(&xmt_ty, peer->xleave); +-#ifdef DEBUG +- if (debug) +- printf("transmit: at %ld %s->%s mode %d len %zu\n", +- current_time, peer->dstadr ? +- stoa(&peer->dstadr->sin) : "-", +- stoa(&peer->srcadr), peer->hmode, sendlen); +-#endif ++ DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d len %zu xmt %#010x.%08x\n", ++ current_time, ++ peer->dstadr ? stoa(&peer->dstadr->sin) : "-", ++ stoa(&peer->srcadr), peer->hmode, sendlen, ++ xmt_tx.l_ui, xmt_tx.l_uf)); + return; + } + +@@ -3498,7 +3521,7 @@ + authtrust(xkeyid, 0); + #endif /* AUTOKEY */ + if (sendlen > sizeof(xpkt)) { +- msyslog(LOG_ERR, "proto: buffer overflow %zu", sendlen); ++ msyslog(LOG_ERR, "peer_xmit: buffer overflow %zu", sendlen); + exit (-1); + } + peer->t21_bytes = sendlen; +@@ -3521,22 +3544,18 @@ + L_SUB(&xmt_ty, &xmt_tx); + LFPTOD(&xmt_ty, peer->xleave); + #ifdef AUTOKEY +-#ifdef DEBUG +- if (debug) +- printf("transmit: at %ld %s->%s mode %d keyid %08x len %zu index %d\n", ++ DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu index %d\n", + current_time, latoa(peer->dstadr), + ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen, +- peer->keynumber); +-#endif ++ peer->keynumber)); + #else /* !AUTOKEY follows */ +-#ifdef DEBUG +- if (debug) +- printf("transmit: at %ld %s->%s mode %d keyid %08x len %d\n", ++ DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %d\n", + current_time, peer->dstadr ? + ntoa(&peer->dstadr->sin) : "-", +- ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen); +-#endif ++ ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen)); + #endif /* !AUTOKEY */ ++ ++ return; + } + + +@@ -3543,8 +3562,15 @@ + #ifdef LEAP_SMEAR + + static void +-leap_smear_add_offs(l_fp *t, l_fp *t_recv) { ++leap_smear_add_offs( ++ l_fp *t, ++ l_fp *t_recv ++ ) ++{ ++ + L_ADD(t, &leap_smear.offset); ++ ++ return; + } + + #endif /* LEAP_SMEAR */ +@@ -3565,7 +3591,7 @@ + struct pkt xpkt; /* transmit packet structure */ + struct pkt *rpkt; /* receive packet structure */ + l_fp xmt_tx, xmt_ty; +- int sendlen; ++ size_t sendlen; + #ifdef AUTOKEY + u_int32 temp32; + #endif +@@ -3684,13 +3710,10 @@ + if (rbufp->recv_length == sendlen) { + sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt, + sendlen); +-#ifdef DEBUG +- if (debug) +- printf( +- "transmit: at %ld %s->%s mode %d len %d\n", ++ DPRINTF(1, ("fast_xmit: at %ld %s->%s mode %d len %lu\n", + current_time, stoa(&rbufp->dstadr->sin), +- stoa(&rbufp->recv_srcadr), xmode, sendlen); +-#endif ++ stoa(&rbufp->recv_srcadr), xmode, ++ (u_long)sendlen)); + return; + } + +@@ -3717,7 +3740,7 @@ + */ + cookie = session_key(&rbufp->recv_srcadr, + &rbufp->dstadr->sin, 0, sys_private, 0); +- if (rbufp->recv_length > sendlen + (int)MAX_MAC_LEN) { ++ if ((size_t)rbufp->recv_length > sendlen + MAX_MAC_LEN) { + session_key(&rbufp->dstadr->sin, + &rbufp->recv_srcadr, xkeyid, 0, 2); + temp32 = CRYPTO_RESP; +@@ -3741,13 +3764,10 @@ + get_systime(&xmt_ty); + L_SUB(&xmt_ty, &xmt_tx); + sys_authdelay = xmt_ty; +-#ifdef DEBUG +- if (debug) +- printf( +- "transmit: at %ld %s->%s mode %d keyid %08x len %d\n", ++ DPRINTF(1, ("fast_xmit: at %ld %s->%s mode %d keyid %08x len %lu\n", + current_time, ntoa(&rbufp->dstadr->sin), +- ntoa(&rbufp->recv_srcadr), xmode, xkeyid, sendlen); +-#endif ++ ntoa(&rbufp->recv_srcadr), xmode, xkeyid, ++ (u_long)sendlen)); + } + + +@@ -3827,11 +3847,8 @@ + LEN_PKT_NOMAC); + pool->sent++; + pool->throttle += (1 << pool->minpoll) - 2; +-#ifdef DEBUG +- if (debug) +- printf("transmit: at %ld %s->%s pool\n", +- current_time, latoa(lcladr), stoa(rmtadr)); +-#endif ++ DPRINTF(1, ("pool_xmit: at %ld %s->%s pool\n", ++ current_time, latoa(lcladr), stoa(rmtadr))); + msyslog(LOG_INFO, "Soliciting pool server %s", stoa(rmtadr)); + #endif /* WORKER */ + } +@@ -3849,7 +3866,8 @@ + * group different 1 ignore + * * ignore if notrust + */ +-int group_test( ++int ++group_test( + char *grp, + char *ident + ) +@@ -3929,11 +3947,8 @@ + value_free(&peer->sndval); + peer->keynumber = 0; + peer->flags &= ~FLAG_ASSOC; +-#ifdef DEBUG +- if (debug) +- printf("key_expire: at %lu associd %d\n", current_time, +- peer->associd); +-#endif ++ DPRINTF(1, ("key_expire: at %lu associd %d\n", current_time, ++ peer->associd)); + } + #endif /* AUTOKEY */ + +--- contrib/ntp/ntpd/ntp_refclock.c.orig ++++ contrib/ntp/ntpd/ntp_refclock.c +@@ -732,9 +732,9 @@ + */ + int + refclock_open( +- char *dev, /* device name pointer */ +- u_int speed, /* serial port speed (code) */ +- u_int lflags /* line discipline flags */ ++ const char *dev, /* device name pointer */ ++ u_int speed, /* serial port speed (code) */ ++ u_int lflags /* line discipline flags */ + ) + { + int fd; +--- contrib/ntp/ntpd/ntp_request.c.orig ++++ contrib/ntp/ntpd/ntp_request.c +@@ -2006,11 +2006,11 @@ + u_long trust + ) + { +- register u_long *kp; ++ register uint32_t *kp; + register int items; + + items = INFO_NITEMS(inpkt->err_nitems); +- kp = (u_long *)&inpkt->u; ++ kp = (uint32_t*)&inpkt->u; + while (items-- > 0) { + authtrust(*kp, trust); + kp++; +--- contrib/ntp/ntpd/ntp_restrict.c.orig ++++ contrib/ntp/ntpd/ntp_restrict.c +@@ -160,7 +160,7 @@ + const size_t count = INC_RESLIST4; + restrict_u * rl; + restrict_u * res; +- int i; ++ size_t i; + + UNLINK_HEAD_SLIST(res, resfree4, link); + if (res != NULL) +@@ -186,7 +186,7 @@ + const size_t count = INC_RESLIST6; + restrict_u * rl; + restrict_u * res; +- int i; ++ size_t i; + + UNLINK_HEAD_SLIST(res, resfree6, link); + if (res != NULL) +--- contrib/ntp/ntpd/ntp_signd.c.orig ++++ contrib/ntp/ntpd/ntp_signd.c +@@ -66,7 +66,7 @@ + while (len) { + int n = write(fd, buf, len); + if (n <= 0) return total; +- buf = n + (char *)buf; ++ buf = n + (const char *)buf; + len -= n; + total += n; + } +@@ -110,9 +110,10 @@ + { + if (read_all(fd, len, sizeof(*len)) != sizeof(*len)) return -1; + *len = ntohl(*len); +- (*buf) = emalloc(*len); ++ *buf = emalloc(*len); + if (read_all(fd, *buf, *len) != *len) { + free(*buf); ++ *buf = NULL; + return -1; + } + return 0; +--- contrib/ntp/ntpd/ntp_timer.c.orig ++++ contrib/ntp/ntpd/ntp_timer.c +@@ -626,18 +626,19 @@ + * announce the leap event has happened. + */ + const char *leapmsg = NULL; +- if (lsdata.warped < 0) { ++ double lswarp = lsdata.warped; ++ if (lswarp < 0.0) { + if (clock_max_back > 0.0 && +- clock_max_back < fabs(lsdata.warped)) { +- step_systime(lsdata.warped); ++ clock_max_back < -lswarp) { ++ step_systime(lswarp); + leapmsg = leapmsg_p_step; + } else { + leapmsg = leapmsg_p_slew; + } +- } else if (lsdata.warped > 0) { ++ } else if (lswarp > 0.0) { + if (clock_max_fwd > 0.0 && +- clock_max_fwd < fabs(lsdata.warped)) { +- step_systime(lsdata.warped); ++ clock_max_fwd < lswarp) { ++ step_systime(lswarp); + leapmsg = leapmsg_n_step; + } else { + leapmsg = leapmsg_n_slew; +--- contrib/ntp/ntpd/ntp_util.c.orig ++++ contrib/ntp/ntpd/ntp_util.c +@@ -334,7 +334,7 @@ + { + FILE *fp; + const char *value; +- int len; ++ size_t len; + double old_drift; + l_fp now; + time_t ttnow; +@@ -437,7 +437,7 @@ + (int)sizeof(statsdir) - 2); + } else { + int add_dir_sep; +- int value_l; ++ size_t value_l; + + /* Add a DIR_SEP unless we already have one. */ + value_l = strlen(value); +@@ -933,7 +933,7 @@ + const char *keyfile + ) + { +- int len; ++ size_t len; + + len = strlen(keyfile); + if (!len) +--- contrib/ntp/ntpd/ntpd-opts.c.orig ++++ contrib/ntp/ntpd/ntpd-opts.c +@@ -1,7 +1,7 @@ + /* + * EDIT THIS FILE WITH CAUTION (ntpd-opts.c) + * +- * It has been AutoGen-ed October 21, 2015 at 12:36:00 PM by AutoGen 5.18.5 ++ * It has been AutoGen-ed January 7, 2016 at 11:28:29 PM by AutoGen 5.18.5 + * From the definitions ntpd-opts.def + * and the template file options + * +@@ -75,7 +75,7 @@ + * static const strings for ntpd options + */ + static char const ntpd_opt_strs[3129] = +-/* 0 */ "ntpd 4.2.8p4\n" ++/* 0 */ "ntpd 4.2.8p5\n" + "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n" + "This is free software. It is licensed for use, modification and\n" + "redistribution under the terms of the NTP License, copies of which\n" +@@ -205,12 +205,12 @@ + /* 2900 */ "output version information and exit\0" + /* 2936 */ "version\0" + /* 2944 */ "NTPD\0" +-/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p4\n" ++/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p5\n" + "Usage: %s [ - [] | --[{=| }] ]... \\\n" + "\t\t[ ... ]\n\0" + /* 3080 */ "http://bugs.ntp.org, bugs@ntp.org\0" + /* 3114 */ "\n\0" +-/* 3116 */ "ntpd 4.2.8p4"; ++/* 3116 */ "ntpd 4.2.8p5"; + + /** + * ipv4 option description with +@@ -1529,7 +1529,7 @@ + translate option names. + */ + /* referenced via ntpdOptions.pzCopyright */ +- puts(_("ntpd 4.2.8p4\n\ ++ puts(_("ntpd 4.2.8p5\n\ + Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\ + This is free software. It is licensed for use, modification and\n\ + redistribution under the terms of the NTP License, copies of which\n\ +@@ -1670,7 +1670,7 @@ + puts(_("output version information and exit")); + + /* referenced via ntpdOptions.pzUsageTitle */ +- puts(_("ntpd - NTP daemon program - Ver. 4.2.8p4\n\ ++ puts(_("ntpd - NTP daemon program - Ver. 4.2.8p5\n\ + Usage: %s [ - [] | --[{=| }] ]... \\\n\ + \t\t[ ... ]\n")); + +@@ -1678,7 +1678,7 @@ + puts(_("\n")); + + /* referenced via ntpdOptions.pzFullVersion */ +- puts(_("ntpd 4.2.8p4")); ++ puts(_("ntpd 4.2.8p5")); + + /* referenced via ntpdOptions.pzFullUsage */ + puts(_("<<>>")); +--- contrib/ntp/ntpd/ntpd-opts.h.orig ++++ contrib/ntp/ntpd/ntpd-opts.h +@@ -1,7 +1,7 @@ + /* + * EDIT THIS FILE WITH CAUTION (ntpd-opts.h) + * +- * It has been AutoGen-ed October 21, 2015 at 12:35:59 PM by AutoGen 5.18.5 ++ * It has been AutoGen-ed January 7, 2016 at 11:28:28 PM by AutoGen 5.18.5 + * From the definitions ntpd-opts.def + * and the template file options + * +@@ -106,9 +106,9 @@ + /** count of all options for ntpd */ + #define OPTION_CT 38 + /** ntpd version */ +-#define NTPD_VERSION "4.2.8p4" ++#define NTPD_VERSION "4.2.8p5" + /** Full ntpd version text */ +-#define NTPD_FULL_VERSION "ntpd 4.2.8p4" ++#define NTPD_FULL_VERSION "ntpd 4.2.8p5" + + /** + * Interface defines for all options. Replace "n" with the UPPER_CASED +--- contrib/ntp/ntpd/ntpd.1ntpdman.orig ++++ contrib/ntp/ntpd/ntpd.1ntpdman +@@ -10,11 +10,11 @@ + .ds B-Font B + .ds I-Font I + .ds R-Font R +-.TH ntpd 1ntpdman "21 Oct 2015" "4.2.8p4" "User Commands" ++.TH ntpd 1ntpdman "07 Jan 2016" "4.2.8p5" "User Commands" + .\" +-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK) ++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5 + .\" From the definitions ntpd-opts.def + .\" and the template file agman-cmd.tpl + .SH NAME +--- contrib/ntp/ntpd/ntpd.1ntpdmdoc.orig ++++ contrib/ntp/ntpd/ntpd.1ntpdmdoc +@@ -1,9 +1,9 @@ +-.Dd October 21 2015 ++.Dd January 7 2016 + .Dt NTPD 1ntpdmdoc User Commands + .Os + .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) + .\" +-.\" It has been AutoGen-ed October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5 ++.\" It has been AutoGen-ed January 7, 2016 at 11:31:02 PM by AutoGen 5.18.5 + .\" From the definitions ntpd-opts.def + .\" and the template file agmdoc-cmd.tpl + .Sh NAME +--- contrib/ntp/ntpd/ntpd.c.orig ++++ contrib/ntp/ntpd/ntpd.c +@@ -27,12 +27,16 @@ + #include "ntp_libopts.h" + #include "ntpd-opts.h" + +-/* there's a short treatise below what the thread stuff is for */ ++/* there's a short treatise below what the thread stuff is for. ++ * [Bug 2954] enable the threading warm-up only for Linux. ++ */ + #if defined(HAVE_PTHREADS) && HAVE_PTHREADS && !defined(NO_THREADS) + # ifdef HAVE_PTHREAD_H + # include + # endif +-# define NEED_PTHREAD_WARMUP ++# if defined(linux) ++# define NEED_PTHREAD_WARMUP ++# endif + #endif + + #ifdef HAVE_UNISTD_H +@@ -269,6 +273,9 @@ + * This uses only the standard pthread API and should work with all + * implementations of pthreads. It is not necessary everywhere, but it's + * cheap enough to go on nearly unnoticed. ++ * ++ * Addendum: Bug 2954 showed that the assumption that this should work ++ * with all OS is wrong -- at least FreeBSD bombs heavily. + */ + #ifdef NEED_PTHREAD_WARMUP + +@@ -646,6 +653,9 @@ + # endif + + # ifdef HAVE_WORKING_FORK ++ /* make sure the FDs are initialised */ ++ pipe_fds[0] = -1; ++ pipe_fds[1] = -1; + do { /* 'loop' once */ + if (!HAVE_OPT( WAIT_SYNC )) + break; +--- contrib/ntp/ntpd/ntpd.html.orig ++++ contrib/ntp/ntpd/ntpd.html +@@ -39,7 +39,7 @@ + symmetric and broadcast modes, and with both symmetric-key and public-key + cryptography. + +-

This document applies to version 4.2.8p4 of ntpd. ++

This document applies to version 4.2.8p5 of ntpd. + +

    +
  • ntpd Description: Description +@@ -220,7 +220,7 @@ + used to select the program, defaulting to more. Both will exit + with a status code of 0. + +-
    ntpd - NTP daemon program - Ver. 4.2.8p4-sec-RC2
++
    ntpd - NTP daemon program - Ver. 4.2.8p4
+ Usage:  ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
+                 [ <server1> ... <serverN> ]
+   Flg Arg Option-Name    Description
+--- contrib/ntp/ntpd/ntpd.man.in.orig
++++ contrib/ntp/ntpd/ntpd.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpd @NTPD_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpd @NTPD_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5
+ .\" From the definitions ntpd-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpd/ntpd.mdoc.in.orig
++++ contrib/ntp/ntpd/ntpd.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPD @NTPD_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpd/refclock_local.c.orig
++++ contrib/ntp/ntpd/refclock_local.c
+@@ -205,6 +205,7 @@
+ 	pp->disp = 0;
+ 	pp->jitter = 0;
+ #else /* KERNEL_PLL LOCKCLOCK */
++	pp->leap = LEAP_NOWARNING;
+ 	pp->disp = DISPERSION;
+ 	pp->jitter = 0;
+ #endif /* KERNEL_PLL LOCKCLOCK */
+--- contrib/ntp/ntpd/refclock_parse.c.orig
++++ contrib/ntp/ntpd/refclock_parse.c
+@@ -1630,9 +1630,9 @@
+ static char *
+ mkreadable(
+ 	char  *buffer,
+-	long  blen,
++	size_t blen,
+ 	const char  *src,
+-	u_long  srclen,
++	size_t srclen,
+ 	int hex
+ 	)
+ {
+--- contrib/ntp/ntpd/refclock_shm.c.orig
++++ contrib/ntp/ntpd/refclock_shm.c
+@@ -381,7 +381,8 @@
+ static enum segstat_t shm_query(volatile struct shmTime *shm_in, struct shm_stat_t *shm_stat)
+ /* try to grab a sample from the specified SHM segment */
+ {
+-    volatile struct shmTime shmcopy, *shm = shm_in;
++    struct shmTime shmcopy;
++    volatile struct shmTime *shm = shm_in;
+     volatile int cnt;
+ 
+     unsigned int cns_new, rns_new;
+@@ -418,7 +419,7 @@
+      * (b) memset compiles to an uninterruptible single-instruction bitblt.
+      */
+     memory_barrier();
+-    memcpy((void *)&shmcopy, (void *)shm, sizeof(struct shmTime));
++    memcpy(&shmcopy, (void*)(uintptr_t)shm, sizeof(struct shmTime));
+     shm->valid = 0;
+     memory_barrier();
+ 
+--- contrib/ntp/ntpd/refclock_true.c.orig
++++ contrib/ntp/ntpd/refclock_true.c
+@@ -637,7 +637,7 @@
+ 
+ 	pp = peer->procptr;
+ 	if (!(pp->sloppyclockflag & CLK_FLAG1)) {
+-		int len = strlen(cmd);
++		size_t len = strlen(cmd);
+ 
+ 		true_debug(peer, "Send '%s'\n", cmd);
+ 		if (write(pp->io.fd, cmd, (unsigned)len) != len)
+--- contrib/ntp/ntpd/refclock_tsyncpci.c.orig
++++ contrib/ntp/ntpd/refclock_tsyncpci.c
+@@ -549,7 +549,7 @@
+     memcpy(ppsRef, pRefObj->pps, TSYNC_REF_LEN);
+ 
+     // Extract the Clock Service Time Scale and convert to correct byte order
+-    memcpy(&tmscl, ((TIME_SCALE*)(it1->payloads)), sizeof(tmscl));
++    memcpy(&tmscl, it1->payloads, sizeof(tmscl));
+     tmscl = ntohl(tmscl);
+ 
+     // Extract leap second info from ioctl payload and perform byte swapping
+--- contrib/ntp/ntpdate/ntpdate.c.orig
++++ contrib/ntp/ntpdate/ntpdate.c
+@@ -561,8 +561,8 @@
+ 			nfound = poll(rdfdes, (unsigned int)nbsock, timeout.tv_sec * 1000);
+ 
+ #else
+-			nfound = select(maxfd, &rdfdes, (fd_set *)0,
+-					(fd_set *)0, &timeout);
++			nfound = select(maxfd, &rdfdes, NULL, NULL,
++					&timeout);
+ #endif
+ 			if (nfound > 0)
+ 				input_handler();
+@@ -696,7 +696,7 @@
+ 	 * If not, just timestamp it and send it away.
+ 	 */
+ 	if (sys_authenticate) {
+-		int len;
++		size_t len;
+ 
+ 		xpkt.exten[0] = htonl(sys_authkey);
+ 		get_systime(&server->xmt);
+@@ -808,11 +808,11 @@
+ 			printf("receive: rpkt keyid=%ld sys_authkey=%ld decrypt=%ld\n",
+ 			   (long int)ntohl(rpkt->exten[0]), (long int)sys_authkey,
+ 			   (long int)authdecrypt(sys_authkey, (u_int32 *)rpkt,
+-				LEN_PKT_NOMAC, (int)(rbufp->recv_length - LEN_PKT_NOMAC)));
++				LEN_PKT_NOMAC, (size_t)(rbufp->recv_length - LEN_PKT_NOMAC)));
+ 
+ 		if (has_mac && ntohl(rpkt->exten[0]) == sys_authkey &&
+ 			authdecrypt(sys_authkey, (u_int32 *)rpkt, LEN_PKT_NOMAC,
+-			(int)(rbufp->recv_length - LEN_PKT_NOMAC)))
++			(size_t)(rbufp->recv_length - LEN_PKT_NOMAC)))
+ 			is_authentic = 1;
+ 		if (debug)
+ 			printf("receive: authentication %s\n",
+@@ -1888,7 +1888,7 @@
+ #else
+ 	fd_set fds;
+ #endif
+-	int fdc = 0;
++	SOCKET fdc = 0;
+ 
+ 	/*
+ 	 * Do a poll to see if we have data
+@@ -1912,7 +1912,7 @@
+ 
+ #else
+ 		fds = fdmask;
+-		n = select(maxfd, &fds, (fd_set *)0, (fd_set *)0, &tvzero);
++		n = select(maxfd, &fds, NULL, NULL, &tvzero);
+ 
+ 		/*
+ 		 * Determine which socket received data
+--- contrib/ntp/ntpdc/invoke-ntpdc.texi.orig
++++ contrib/ntp/ntpdc/invoke-ntpdc.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntpdc.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:38:54 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:31:26 PM by AutoGen 5.18.5
+ # From the definitions    ntpdc-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -76,7 +76,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4
++ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5
+ Usage:  ntpdc [ - [] | --[@{=| @}] ]... [ host ...]
+   Flg Arg Option-Name    Description
+    -4 no  ipv4           Force IPv4 DNS name resolution
+--- contrib/ntp/ntpdc/ntpdc-opts.c.orig
++++ contrib/ntp/ntpdc/ntpdc-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:38:40 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:31:12 PM by AutoGen 5.18.5
+  *  From the definitions    ntpdc-opts.def
+  *  and the template file   options
+  *
+@@ -69,7 +69,7 @@
+  *  static const strings for ntpdc options
+  */
+ static char const ntpdc_opt_strs[1911] =
+-/*     0 */ "ntpdc 4.2.8p4\n"
++/*     0 */ "ntpdc 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -128,7 +128,7 @@
+ /*  1694 */ "no-load-opts\0"
+ /*  1707 */ "no\0"
+ /*  1710 */ "NTPDC\0"
+-/*  1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4\n"
++/*  1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n\0"
+ /*  1846 */ "$HOME\0"
+ /*  1852 */ ".\0"
+@@ -135,7 +135,7 @@
+ /*  1854 */ ".ntprc\0"
+ /*  1861 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  1895 */ "\n\0"
+-/*  1897 */ "ntpdc 4.2.8p4";
++/*  1897 */ "ntpdc 4.2.8p5";
+ 
+ /**
+  *  ipv4 option description with
+@@ -796,7 +796,7 @@
+      translate option names.
+    */
+   /* referenced via ntpdcOptions.pzCopyright */
+-  puts(_("ntpdc 4.2.8p4\n\
++  puts(_("ntpdc 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -862,7 +862,7 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via ntpdcOptions.pzUsageTitle */
+-  puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4\n\
++  puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n"));
+ 
+   /* referenced via ntpdcOptions.pzExplain */
+@@ -869,7 +869,7 @@
+   puts(_("\n"));
+ 
+   /* referenced via ntpdcOptions.pzFullVersion */
+-  puts(_("ntpdc 4.2.8p4"));
++  puts(_("ntpdc 4.2.8p5"));
+ 
+   /* referenced via ntpdcOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/ntpdc/ntpdc-opts.h.orig
++++ contrib/ntp/ntpdc/ntpdc-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:38:39 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:31:11 PM by AutoGen 5.18.5
+  *  From the definitions    ntpdc-opts.def
+  *  and the template file   options
+  *
+@@ -83,9 +83,9 @@
+ /** count of all options for ntpdc */
+ #define OPTION_CT    15
+ /** ntpdc version */
+-#define NTPDC_VERSION       "4.2.8p4"
++#define NTPDC_VERSION       "4.2.8p5"
+ /** Full ntpdc version text */
+-#define NTPDC_FULL_VERSION  "ntpdc 4.2.8p4"
++#define NTPDC_FULL_VERSION  "ntpdc 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/ntpdc/ntpdc.1ntpdcman.orig
++++ contrib/ntp/ntpdc/ntpdc.1ntpdcman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpdc 1ntpdcman "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpdc 1ntpdcman "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Gvay7L/ag-Svaq6L)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:38:51 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5
+ .\" From the definitions ntpdc-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc.orig
++++ contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPDC 1ntpdcmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:29 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpdc-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpdc/ntpdc.c.orig
++++ contrib/ntp/ntpdc/ntpdc.c
+@@ -32,6 +32,7 @@
+ 
+ #include "ntp_libopts.h"
+ #include "ntpdc-opts.h"
++#include "safecast.h"
+ 
+ #ifdef SYS_VXWORKS
+ 				/* vxWorks needs mode flag -casey*/
+@@ -74,8 +75,8 @@
+ static	int	openhost	(const char *);
+ static	int	sendpkt		(void *, size_t);
+ static	void	growpktdata	(void);
+-static	int	getresponse	(int, int, int *, int *, char **, int);
+-static	int	sendrequest	(int, int, int, u_int, size_t, char *);
++static	int	getresponse	(int, int, size_t *, size_t *, const char **, size_t);
++static	int	sendrequest	(int, int, int, size_t, size_t, const char *);
+ static	void	getcmds		(void);
+ static	RETSIGTYPE abortcmd	(int);
+ static	void	docmd		(const char *);
+@@ -526,10 +527,11 @@
+ 
+ #ifdef SYS_VXWORKS
+ 	if (connect(sockfd, (struct sockaddr *)&hostaddr, 
+-		    sizeof(hostaddr)) == -1) {
++		    sizeof(hostaddr)) == -1)
+ #else
+-	if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1) {
++	if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1)
+ #endif /* SYS_VXWORKS */
++	{
+ 		error("connect");
+ 		exit(-1);
+ 	}
+@@ -582,18 +584,18 @@
+ getresponse(
+ 	int implcode,
+ 	int reqcode,
+-	int *ritems,
+-	int *rsize,
+-	char **rdata,
+-	int esize
++	size_t *ritems,
++	size_t *rsize,
++	const char **rdata,
++	size_t esize
+ 	)
+ {
+ 	struct resp_pkt rpkt;
+ 	struct sock_timeval tvo;
+-	int items;
+-	int i;
+-	int size;
+-	int datasize;
++	size_t items;
++	size_t i;
++	size_t size;
++	size_t datasize;
+ 	char *datap;
+ 	char *tmp_data;
+ 	char haveseq[MAXSEQ+1];
+@@ -603,7 +605,7 @@
+ 	int seq;
+ 	fd_set fds;
+ 	ssize_t n;
+-	int pad;
++	size_t pad;
+ 
+ 	/*
+ 	 * This is pretty tricky.  We may get between 1 and many packets
+@@ -628,8 +630,7 @@
+ 		tvo = tvsout;
+ 	
+ 	FD_SET(sockfd, &fds);
+-	n = select(sockfd+1, &fds, (fd_set *)0, (fd_set *)0, &tvo);
+-
++	n = select(sockfd+1, &fds, NULL, NULL, &tvo);
+ 	if (n == -1) {
+ 		warning("select fails");
+ 		return -1;
+@@ -640,7 +641,8 @@
+ 		 */
+ 		if (firstpkt) {
+ 			(void) fprintf(stderr,
+-				       "%s: timed out, nothing received\n", currenthost);
++				       "%s: timed out, nothing received\n",
++				       currenthost);
+ 			return ERR_TIMEOUT;
+ 		} else {
+ 			(void) fprintf(stderr,
+@@ -740,7 +742,7 @@
+ 	if ((size_t)datasize > (n-RESP_HEADER_SIZE)) {
+ 		if (debug)
+ 		    printf(
+-			    "Received items %d, size %d (total %d), data in packet is %zu\n",
++			    "Received items %zu, size %zu (total %zu), data in packet is %zu\n",
+ 			    items, size, datasize, n-RESP_HEADER_SIZE);
+ 		goto again;
+ 	}
+@@ -751,7 +753,7 @@
+ 	 */
+ 	if (!firstpkt && size != *rsize) {
+ 		if (debug)
+-		    printf("Received itemsize %d, previous %d\n",
++		    printf("Received itemsize %zu, previous %zu\n",
+ 			   size, *rsize);
+ 		goto again;
+ 	}
+@@ -781,7 +783,7 @@
+ 	 * So far, so good.  Copy this data into the output array.
+ 	 */
+ 	if ((datap + datasize + (pad * items)) > (pktdata + pktdatasize)) {
+-		int offset = datap - pktdata;
++		size_t offset = datap - pktdata;
+ 		growpktdata();
+ 		*rdata = pktdata; /* might have been realloced ! */
+ 		datap = pktdata + offset;
+@@ -844,9 +846,9 @@
+ 	int implcode,
+ 	int reqcode,
+ 	int auth,
+-	u_int qitems,
++	size_t qitems,
+ 	size_t qsize,
+-	char *qdata
++	const char *qdata
+ 	)
+ {
+ 	struct req_pkt qpkt;
+@@ -855,7 +857,7 @@
+ 	u_long	key_id;
+ 	l_fp	ts;
+ 	l_fp *	ptstamp;
+-	int	maclen;
++	size_t	maclen;
+ 	char *	pass;
+ 
+ 	ZERO(qpkt);
+@@ -918,13 +920,14 @@
+ 	get_systime(&ts);
+ 	L_ADD(&ts, &delay_time);
+ 	HTONL_FP(&ts, ptstamp);
+-	maclen = authencrypt(info_auth_keyid, (void *)&qpkt, reqsize);
++	maclen = authencrypt(
++		info_auth_keyid, (void *)&qpkt, size2int_chk(reqsize));
+ 	if (!maclen) {  
+ 		fprintf(stderr, "Key not found\n");
+ 		return 1;
+ 	} else if (maclen != (int)(info_auth_hashlen + sizeof(keyid_t))) {
+ 		fprintf(stderr,
+-			"%d octet MAC, %zu expected with %zu octet digest\n",
++			"%zu octet MAC, %zu expected with %zu octet digest\n",
+ 			maclen, (info_auth_hashlen + sizeof(keyid_t)),
+ 			info_auth_hashlen);
+ 		return 1;
+@@ -941,12 +944,12 @@
+ 	int implcode,
+ 	int reqcode,
+ 	int auth,
+-	int qitems,
+-	int qsize,
+-	char *qdata,
+-	int *ritems,
+-	int *rsize,
+-	char **rdata,
++	size_t qitems,
++	size_t qsize,
++	const char *qdata,
++	size_t *ritems,
++	size_t *rsize,
++	const char **rdata,
+  	int quiet_mask,
+ 	int esize
+ 	)
+@@ -972,8 +975,7 @@
+ 		tvzero.tv_sec = tvzero.tv_usec = 0;
+ 		FD_ZERO(&fds);
+ 		FD_SET(sockfd, &fds);
+-		res = select(sockfd+1, &fds, (fd_set *)0, (fd_set *)0, &tvzero);
+-
++		res = select(sockfd+1, &fds, NULL, NULL, &tvzero);
+ 		if (res == -1) {
+ 			warning("polling select");
+ 			return -1;
+@@ -1271,7 +1273,7 @@
+ 	)
+ {
+ 	register struct xcmd *cl;
+-	register int clen;
++	size_t clen;
+ 	int nmatch;
+ 	struct xcmd *nearmatch = NULL;
+ 	struct xcmd *clist;
+@@ -1384,7 +1386,7 @@
+ 				return 0;
+ 			}
+ 			argp->uval *= 10;
+-			argp->uval += (cp - digits);
++			argp->uval += (u_long)(cp - digits);
+ 		} while (*(++np) != '\0');
+ 
+ 		if (isneg) {
+--- contrib/ntp/ntpdc/ntpdc.h.orig
++++ contrib/ntp/ntpdc/ntpdc.h
+@@ -63,5 +63,5 @@
+ extern	int showhostnames;
+ extern	int s_port;
+ 
+-extern	int	doquery	(int, int, int, int, int, char *, int *, int *, char **, int, int);
++extern	int	doquery	(int, int, int, size_t, size_t, const char *, size_t *, size_t *, const char **, int, int);
+ extern	const char * nntohost	(sockaddr_u *);
+--- contrib/ntp/ntpdc/ntpdc.html.orig
++++ contrib/ntp/ntpdc/ntpdc.html
+@@ -36,7 +36,7 @@
+ clock.  Run as root, it can correct the system clock to this offset as
+ well.  It can be run as an interactive command or from a cron job.
+ 
+-  
    This document applies to version 4.2.8p4 of ntpdc.
++  
    This document applies to version 4.2.8p5 of ntpdc.
+ 
+   
    The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
+ IETF specification.
+@@ -152,7 +152,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
    ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4
++
    ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5
+ Usage:  ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
+   Flg Arg Option-Name    Description
+    -4 no  ipv4           Force IPv4 DNS name resolution
+--- contrib/ntp/ntpdc/ntpdc.man.in.orig
++++ contrib/ntp/ntpdc/ntpdc.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpdc @NTPDC_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpdc @NTPDC_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Gvay7L/ag-Svaq6L)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:38:51 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5
+ .\" From the definitions ntpdc-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpdc/ntpdc.mdoc.in.orig
++++ contrib/ntp/ntpdc/ntpdc.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPDC @NTPDC_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:29 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpdc-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpdc/ntpdc_ops.c.orig
++++ contrib/ntp/ntpdc/ntpdc_ops.c
+@@ -31,9 +31,9 @@
+ /*
+  * utility functions
+  */
+-static	int	checkitems	(int, FILE *);
+-static	int	checkitemsize	(int, int);
+-static	int	check1item	(int, FILE *);
++static	int	checkitems	(size_t, FILE *);
++static	int	checkitemsize	(size_t, size_t);
++static	int	check1item	(size_t, FILE *);
+ 
+ /*
+  * Declarations for command handlers in here
+@@ -288,7 +288,7 @@
+  */
+ static int
+ checkitems(
+-	int items,
++	size_t items,
+ 	FILE *fp
+ 	)
+ {
+@@ -305,14 +305,14 @@
+  */
+ static int
+ checkitemsize(
+-	int itemsize,
+-	int expected
++	size_t itemsize,
++	size_t expected
+ 	)
+ {
+ 	if (itemsize != expected) {
+ 		(void) fprintf(stderr,
+-			       "***Incorrect item size returned by remote host (%d should be %d)\n",
+-			       itemsize, expected);
++			       "***Incorrect item size returned by remote host (%lu should be %lu)\n",
++			       (u_long)itemsize, (u_long)expected);
+ 		return 0;
+ 	}
+ 	return 1;
+@@ -324,7 +324,7 @@
+  */
+ static int
+ check1item(
+-	int items,
++	size_t items,
+ 	FILE *fp
+ 	)
+ {
+@@ -333,8 +333,8 @@
+ 		return 0;
+ 	}
+ 	if (items > 1) {
+-		(void) fprintf(fp, "Expected one item in response, got %d\n",
+-			       items);
++		(void) fprintf(fp, "Expected one item in response, got %lu\n",
++			       (u_long)items);
+ 		return 0;
+ 	}
+ 	return 1;
+@@ -353,8 +353,8 @@
+ {
+ 	struct info_peer_list *plist;
+ 	sockaddr_u paddr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -430,8 +430,8 @@
+ 	struct info_peer_summary *plist;
+ 	sockaddr_u dstadr;
+ 	sockaddr_u srcadr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int ntp_poll;
+ 	int res;
+ 	int c;
+@@ -679,10 +679,10 @@
+ 	struct info_peer *pp;
+ 	/* 4 is the maximum number of peers which will fit in a packet */
+ 	struct info_peer_list *pl, plist[min(MAXARGS, 4)];
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	int sendsize;
+ 
+@@ -753,12 +753,12 @@
+ 	/* 4 is the maximum number of peers which will fit in a packet */
+ 	struct info_peer_list *pl, plist[min(MAXARGS, 4)];
+ 	sockaddr_u src, dst;
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+-	int sendsize;
++	size_t sendsize;
+ 
+ again:
+ 	if (impl_ver == IMPL_XNTPD)
+@@ -871,8 +871,8 @@
+ 	)
+ {
+ 	struct info_loop *il;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int oneline = 0;
+ 	int res;
+ 	l_fp tempts;
+@@ -946,8 +946,8 @@
+ {
+ 	struct info_sys *is;
+ 	sockaddr_u peeraddr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	l_fp tempts;
+ 
+@@ -1035,8 +1035,8 @@
+ 	)
+ {
+ 	struct info_sys_stats *ss;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -1101,8 +1101,8 @@
+ 	)
+ {
+ 	struct info_io_stats *io;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -1162,8 +1162,8 @@
+ {
+ 	struct info_mem_stats *mem;
+ 	int i;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -1219,8 +1219,8 @@
+ 	)
+ {
+ 	struct info_timer_stats *tim;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -1314,9 +1314,9 @@
+ 	)
+ {
+ 	struct conf_peer cpeer;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	u_long keyid;
+ 	u_int version;
+ 	u_char minpoll;
+@@ -1480,13 +1480,13 @@
+ {
+ 	/* 8 is the maximum number of peers which will fit in a packet */
+ 	struct conf_unpeer *pl, plist[min(MAXARGS, 8)];
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+-	int sendsize;
++	size_t sendsize;
+ 
+ again:
+ 	if (impl_ver == IMPL_XNTPD)
+@@ -1564,9 +1564,9 @@
+ 	)
+ {
+ 	struct conf_sys_flags sys;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+ 
+ 	sys.flags = 0;
+@@ -1675,8 +1675,8 @@
+ 	struct info_restrict *rl;
+ 	sockaddr_u resaddr;
+ 	sockaddr_u maskaddr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	int skip;
+ 	const char *addr;
+@@ -1827,9 +1827,9 @@
+ 	)
+ {
+ 	struct conf_restrict cres;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	u_int32 num;
+ 	u_long bit;
+ 	int i;
+@@ -1946,14 +1946,14 @@
+ 	FILE *fp
+ 	)
+ {
+-	char *struct_star;
+-	struct info_monitor *ml;
+-	struct info_monitor_1 *m1;
+-	struct old_info_monitor *oml;
++	const char *struct_star;
++	const struct info_monitor *ml;
++	const struct info_monitor_1 *m1;
++	const struct old_info_monitor *oml;
+ 	sockaddr_u addr;
+ 	sockaddr_u dstadr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	int version = -1;
+ 
+@@ -1987,7 +1987,7 @@
+ 	if (itemsize == sizeof(struct info_monitor_1) ||
+ 	    itemsize == v4sizeof(struct info_monitor_1)) {
+ 
+-		m1 = (void *)struct_star;
++	    m1 = (const void*)struct_star;
+ 		fprintf(fp,
+ 			"remote address          port local address      count m ver rstr avgint  lstint\n");
+ 		fprintf(fp,
+@@ -2014,7 +2014,7 @@
+ 	} else if (itemsize == sizeof(struct info_monitor) ||
+ 	    itemsize == v4sizeof(struct info_monitor)) {
+ 
+-		ml = (void *) struct_star;
++		ml = (const void *)struct_star;
+ 		fprintf(fp,
+ 			"     address               port     count mode ver rstr avgint  lstint\n");
+ 		fprintf(fp,
+@@ -2039,7 +2039,7 @@
+ 		}
+ 	} else if (itemsize == sizeof(struct old_info_monitor)) {
+ 
+-		oml = (void *)struct_star;
++		oml = (const void *)struct_star;
+ 		fprintf(fp,
+ 			"     address          port     count  mode version  lasttime firsttime\n");
+ 		fprintf(fp,
+@@ -2091,9 +2091,9 @@
+ 	)
+ {
+ 	struct reset_flags rflags;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int i;
+ 	size_t res;
+ 	int err;
+@@ -2148,13 +2148,13 @@
+ {
+ 	/* 8 is the maximum number of peers which will fit in a packet */
+ 	struct conf_unpeer *pl, plist[min(MAXARGS, 8)];
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+-	int sendsize;
++	size_t sendsize;
+ 
+ again:
+ 	if (impl_ver == IMPL_XNTPD)
+@@ -2205,9 +2205,9 @@
+ 	FILE *fp
+ 	)
+ {
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+ 
+ again:
+@@ -2263,9 +2263,9 @@
+ {
+ 	u_long keyids[MAXARGS];
+ 	size_t i;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int ritems;
+ 	int res;
+ 
+@@ -2302,8 +2302,8 @@
+ 	)
+ {
+ 	struct info_auth *ia;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -2356,11 +2356,11 @@
+ 	FILE *fp
+ 	)
+ {
+-	int i;
++	size_t i;
+ 	struct info_trap *it;
+ 	sockaddr_u trap_addr, local_addr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -2446,9 +2446,9 @@
+ 	)
+ {
+ 	struct conf_trap ctrap;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+ 	int sendsize;
+ 
+@@ -2545,9 +2545,9 @@
+ 	)
+ {
+ 	u_long key;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+ 
+ 
+@@ -2581,8 +2581,8 @@
+ 	)
+ {
+ 	struct info_control *ic;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -2648,10 +2648,10 @@
+ 	struct info_clock *cl;
+ 	/* 8 is the maximum number of clocks which will fit in a packet */
+ 	u_long clist[min(MAXARGS, 8)];
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	l_fp ts;
+ 	struct clktype *clk;
+@@ -2735,9 +2735,9 @@
+ 	)
+ {
+ 	struct conf_fudge fudgedata;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	l_fp ts;
+ 	int res;
+ 	long val;
+@@ -2822,10 +2822,10 @@
+ 	/* 8 is the maximum number of clocks which will fit in a packet */
+ 	u_long clist[min(MAXARGS, 8)];
+ 	u_int32 ltemp;
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	int needsp;
+ 	l_fp ts;
+@@ -2916,8 +2916,8 @@
+ 	)
+ {
+ 	struct info_kernel *ik;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	unsigned status;
+ 	double tscale = 1e-6;
+@@ -3050,8 +3050,8 @@
+ iflist(
+ 	FILE *fp,
+ 	struct info_if_stats *ifs,
+-	int items,
+-	int itemsize,
++	size_t items,
++	size_t itemsize,
+ 	int res
+ 	)
+ {
+@@ -3113,8 +3113,8 @@
+ 	)
+ {
+ 	struct info_if_stats *ifs;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ 	res = doquery(impl_ver, REQ_IF_STATS, 1, 0, 0, (char *)NULL, &items,
+@@ -3131,8 +3131,8 @@
+ 	)
+ {
+ 	struct info_if_stats *ifs;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ 	res = doquery(impl_ver, REQ_IF_RELOAD, 1, 0, 0, (char *)NULL, &items,
+--- contrib/ntp/ntpq/invoke-ntpq.texi.orig
++++ contrib/ntp/ntpq/invoke-ntpq.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntpq.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:39:27 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:32:00 PM by AutoGen 5.18.5
+ # From the definitions    ntpq-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -847,7 +847,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntpq - standard NTP query program - Ver. 4.2.8p4
++ntpq - standard NTP query program - Ver. 4.2.8p5
+ Usage:  ntpq [ - [] | --[@{=| @}] ]... [ host ...]
+   Flg Arg Option-Name    Description
+    -4 no  ipv4           Force IPv4 DNS name resolution
+--- contrib/ntp/ntpq/libntpq.c.orig
++++ contrib/ntp/ntpq/libntpq.c
+@@ -132,7 +132,7 @@
+ {
+ 	char *	name;
+ 	char *	value;
+-	int	idatalen;
++	size_t	idatalen;
+ 
+ 	value = NULL;
+ 	idatalen = (int)datalen;
+@@ -181,8 +181,8 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
+-	u_short rstatus;
++	size_t	dsize;
++	u_short	rstatus;
+ 	
+ 	if ( numhosts > 0 )
+ 		res = doquery(VARSET,association,0,0, (char *)0, &rstatus, &dsize, &datap);
+@@ -417,7 +417,7 @@
+ {
+ 	const char *	datap;
+ 	int		res;
+-	int		dsize;
++	size_t		dsize;
+ 	u_short		rstatus;
+ 
+ 	res = doquery(CTL_OP_READVAR, associd, 0, 0, NULL, &rstatus,
+@@ -474,17 +474,16 @@
+ {
+ 	const char *	datap;
+ 	int		res;
+-	int		i_dsize;
+ 	size_t		dsize;
+ 	u_short		rstatus;
+ 
+ 	res = doquery(CTL_OP_READVAR, 0, 0, 0, NULL, &rstatus,
+-		      &i_dsize, &datap);
++		      &dsize, &datap);
+ 
+ 	if (res != 0)
+ 		return 0;
+ 
+-	if (i_dsize == 0) {
++	if (dsize == 0) {
+ 		if (numhosts > 1)
+ 			fprintf(stderr, "server=%s ", currenthost);
+ 		fprintf(stderr, "***No sysvar information returned\n");
+@@ -491,7 +490,6 @@
+ 
+ 		return 0;
+ 	} else {
+-		dsize = max(0, i_dsize);
+ 		dsize = min(dsize, maxsize);
+ 		memcpy(resultbuf, datap, dsize);
+ 	}
+@@ -661,7 +659,7 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ 	res = ntpq_doquerylist(ntpq_varlist, CTL_OP_READCLOCK, associd,
+--- contrib/ntp/ntpq/libntpq.h.orig
++++ contrib/ntp/ntpq/libntpq.h
+@@ -106,4 +106,4 @@
+ extern int ntpq_dogetassoc(void);
+ extern char ntpq_decodeaddrtype(sockaddr_u *sock);
+ extern int ntpq_doquerylist(struct ntpq_varlist *, int, associd_t, int,
+-			    u_short *, int *, const char **datap);
++			    u_short *, size_t *, const char **datap);
+--- contrib/ntp/ntpq/libntpq_subs.c.orig
++++ contrib/ntp/ntpq/libntpq_subs.c
+@@ -42,7 +42,7 @@
+ 	associd_t associd,
+ 	int auth,
+ 	u_short *rstatus,
+-	int *dsize,
++	size_t *dsize,
+ 	const char **datap
+ 	)
+ {
+--- contrib/ntp/ntpq/ntpq-opts.c.orig
++++ contrib/ntp/ntpq/ntpq-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:00 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:31:32 PM by AutoGen 5.18.5
+  *  From the definitions    ntpq-opts.def
+  *  and the template file   options
+  *
+@@ -69,7 +69,7 @@
+  *  static const strings for ntpq options
+  */
+ static char const ntpq_opt_strs[1925] =
+-/*     0 */ "ntpq 4.2.8p4\n"
++/*     0 */ "ntpq 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -129,13 +129,13 @@
+ /*  1723 */ "no-load-opts\0"
+ /*  1736 */ "no\0"
+ /*  1739 */ "NTPQ\0"
+-/*  1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p4\n"
++/*  1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n\0"
+ /*  1863 */ "$HOME\0"
+ /*  1869 */ ".\0"
+ /*  1871 */ ".ntprc\0"
+ /*  1878 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+-/*  1912 */ "ntpq 4.2.8p4";
++/*  1912 */ "ntpq 4.2.8p5";
+ 
+ /**
+  *  ipv4 option description with
+@@ -786,7 +786,7 @@
+      translate option names.
+    */
+   /* referenced via ntpqOptions.pzCopyright */
+-  puts(_("ntpq 4.2.8p4\n\
++  puts(_("ntpq 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -852,11 +852,11 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via ntpqOptions.pzUsageTitle */
+-  puts(_("ntpq - standard NTP query program - Ver. 4.2.8p4\n\
++  puts(_("ntpq - standard NTP query program - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n"));
+ 
+   /* referenced via ntpqOptions.pzFullVersion */
+-  puts(_("ntpq 4.2.8p4"));
++  puts(_("ntpq 4.2.8p5"));
+ 
+   /* referenced via ntpqOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/ntpq/ntpq-opts.h.orig
++++ contrib/ntp/ntpq/ntpq-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:00 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:31:32 PM by AutoGen 5.18.5
+  *  From the definitions    ntpq-opts.def
+  *  and the template file   options
+  *
+@@ -83,9 +83,9 @@
+ /** count of all options for ntpq */
+ #define OPTION_CT    15
+ /** ntpq version */
+-#define NTPQ_VERSION       "4.2.8p4"
++#define NTPQ_VERSION       "4.2.8p5"
+ /** Full ntpq version text */
+-#define NTPQ_FULL_VERSION  "ntpq 4.2.8p4"
++#define NTPQ_FULL_VERSION  "ntpq 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/ntpq/ntpq-subs.c.orig
++++ contrib/ntp/ntpq/ntpq-subs.c
+@@ -22,9 +22,9 @@
+ static	void	doaddvlist	(struct varlist *, const char *);
+ static	void	dormvlist	(struct varlist *, const char *);
+ static	void	doclearvlist	(struct varlist *);
+-static	void	makequerydata	(struct varlist *, int *, char *);
++static	void	makequerydata	(struct varlist *, size_t *, char *);
+ static	int	doquerylist	(struct varlist *, int, associd_t, int,
+-				 u_short *, int *, const char **);
++				 u_short *, size_t *, const char **);
+ static	void	doprintvlist	(struct varlist *, FILE *);
+ static	void	addvars 	(struct parse *, FILE *);
+ static	void	rmvars		(struct parse *, FILE *);
+@@ -56,7 +56,7 @@
+ static	void	pstats	 	(struct parse *, FILE *);
+ static	long	when		(l_fp *, l_fp *, l_fp *);
+ static	char *	prettyinterval	(char *, size_t, long);
+-static	int	doprintpeers	(struct varlist *, int, int, int, const char *, FILE *, int);
++static	int	doprintpeers	(struct varlist *, int, int, size_t, const char *, FILE *, int);
+ static	int	dogetpeers	(struct varlist *, associd_t, FILE *, int);
+ static	void	dopeers 	(int, FILE *, int);
+ static	void	peers		(struct parse *, FILE *);
+@@ -343,7 +343,7 @@
+ /*
+  * other local function prototypes
+  */
+-void		mrulist_ctrl_c_hook(void);
++static int	mrulist_ctrl_c_hook(void);
+ static mru *	add_mru(mru *);
+ static int	collect_mru_list(const char *, l_fp *);
+ static int	fetch_nonce(char *, size_t);
+@@ -440,7 +440,7 @@
+ 	)
+ {
+ 	struct varlist *vl;
+-	int len;
++	size_t len;
+ 	char *name;
+ 	char *value;
+ 
+@@ -475,7 +475,7 @@
+ 	)
+ {
+ 	struct varlist *vl;
+-	int len;
++	size_t len;
+ 	char *name;
+ 	char *value;
+ 
+@@ -527,14 +527,14 @@
+ static void
+ makequerydata(
+ 	struct varlist *vlist,
+-	int *datalen,
++	size_t *datalen,
+ 	char *data
+ 	)
+ {
+ 	register struct varlist *vl;
+ 	register char *cp, *cpend;
+-	register int namelen, valuelen;
+-	register int totallen;
++	register size_t namelen, valuelen;
++	register size_t totallen;
+ 
+ 	cp = data;
+ 	cpend = data + *datalen;
+@@ -563,7 +563,7 @@
+ 			cp += valuelen;
+ 		}
+ 	}
+-	*datalen = cp - data;
++	*datalen = (size_t)(cp - data);
+ }
+ 
+ 
+@@ -577,12 +577,12 @@
+ 	associd_t associd,
+ 	int auth,
+ 	u_short *rstatus,
+-	int *dsize,
++	size_t *dsize,
+ 	const char **datap
+ 	)
+ {
+ 	char data[CTL_MAX_DATA_LEN];
+-	int datalen;
++	size_t datalen;
+ 
+ 	datalen = sizeof(data);
+ 	makequerydata(vlist, &datalen, data);
+@@ -686,7 +686,7 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 	int quiet;
+ 
+@@ -766,7 +766,7 @@
+ 	const char *datap;
+ 	int res;
+ 	associd_t associd;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ 	if (pcmd->nargs == 0) {
+@@ -808,8 +808,8 @@
+ 	)
+ {
+ 	associd_t	associd;
+-	u_int		tmpcount;
+-	u_int		u;
++	size_t		tmpcount;
++	size_t		u;
+ 	int		type;
+ 	struct varlist	tmplist[MAXLIST];
+ 
+@@ -849,7 +849,7 @@
+ 	int res;
+ 	associd_t associd;
+ 	int type;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 	struct varlist tmplist[MAXLIST];
+ 
+@@ -1071,7 +1071,7 @@
+ 	const char *datap;
+ 	const u_short *pus;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ 	res = doquery(CTL_OP_READSTAT, 0, 0, 0, (char *)0, &rstatus,
+@@ -1091,7 +1091,7 @@
+ 		if (numhosts > 1)
+ 			fprintf(stderr, "server=%s ", currenthost);
+ 		fprintf(stderr,
+-			"***Server returned %d octets, should be multiple of 4\n",
++			"***Server returned %zu octets, should be multiple of 4\n",
+ 			dsize);
+ 		return 0;
+ 	}
+@@ -1379,7 +1379,7 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ 	if (0 == pcmd->nargs)
+@@ -1396,7 +1396,7 @@
+ 	if (0 == dsize)
+ 		fprintf(fp, "(no response message, curiously)");
+ 	else
+-		fprintf(fp, "%.*s", dsize, datap);
++		fprintf(fp, "%.*s", (int)dsize, datap); /* cast is wobbly */
+ }
+ 
+ 
+@@ -1593,7 +1593,7 @@
+ 	struct varlist *pvl,
+ 	int associd,
+ 	int rstatus,
+-	int datalen,
++	size_t datalen,
+ 	const char *data,
+ 	FILE *fp,
+ 	int af
+@@ -1602,7 +1602,7 @@
+ 	char *name;
+ 	char *value = NULL;
+ 	int c;
+-	int len;
++	size_t len;
+ 	int have_srchost;
+ 	int have_dstadr;
+ 	int have_da_rid;
+@@ -1881,7 +1881,7 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ #ifdef notdef
+@@ -2186,7 +2186,7 @@
+ {
+ 	const char *cfgcmd;
+ 	u_short rstatus;
+-	int rsize;
++	size_t rsize;
+ 	const char *rdata;
+ 	char *resp;
+ 	int res;
+@@ -2201,7 +2201,8 @@
+ 			"Keyword = %s\n"
+ 			"Command = %s\n", pcmd->keyword, cfgcmd);
+ 
+-	res = doquery(CTL_OP_CONFIGURE, 0, 1, strlen(cfgcmd), cfgcmd,
++	res = doquery(CTL_OP_CONFIGURE, 0, 1,
++		      strlen(cfgcmd), cfgcmd,
+ 		      &rstatus, &rsize, &rdata);
+ 
+ 	if (res != 0)
+@@ -2251,7 +2252,7 @@
+ 	)
+ {
+ 	u_short rstatus;
+-	int rsize;
++	size_t rsize;
+ 	const char *rdata;
+ 	int res;
+ 	FILE *config_fd;
+@@ -2302,7 +2303,7 @@
+ 			rsize--;
+ 		if (rsize > 0 && '\r' == rdata[rsize - 1])
+ 			rsize--;
+-		printf("Line No: %d %.*s: %s", i, rsize, rdata,
++		printf("Line No: %d %.*s: %s", i, (int)rsize, rdata, /* cast is wobbly */
+ 		       config_cmd);
+ 	}
+ 	printf("Done sending file\n");
+@@ -2319,9 +2320,9 @@
+ 	const char	nonce_eq[] = "nonce=";
+ 	int		qres;
+ 	u_short		rstatus;
+-	int		rsize;
++	size_t		rsize;
+ 	const char *	rdata;
+-	int		chars;
++	size_t		chars;
+ 
+ 	/*
+ 	 * Retrieve a nonce specific to this client to demonstrate to
+@@ -2338,7 +2339,7 @@
+ 	if ((size_t)rsize <= sizeof(nonce_eq) - 1 ||
+ 	    strncmp(rdata, nonce_eq, sizeof(nonce_eq) - 1)) {
+ 		fprintf(stderr, "unexpected nonce response format: %.*s\n",
+-			rsize, rdata);
++			(int)rsize, rdata); /* cast is wobbly */
+ 		return FALSE;
+ 	}
+ 	chars = rsize - (sizeof(nonce_eq) - 1);
+@@ -2421,10 +2422,11 @@
+ 	} while (0)
+ 
+ 
+-void
++int
+ mrulist_ctrl_c_hook(void)
+ {
+ 	mrulist_interrupted = TRUE;
++	return TRUE;
+ }
+ 
+ 
+@@ -2449,10 +2451,10 @@
+ 	char req_buf[CTL_MAX_DATA_LEN];
+ 	char *req;
+ 	char *req_end;
+-	int chars;
++	size_t chars;
+ 	int qres;
+ 	u_short rstatus;
+-	int rsize;
++	size_t rsize;
+ 	const char *rdata;
+ 	int limit;
+ 	int frags;
+@@ -2495,11 +2497,6 @@
+ 	mon = emalloc_zero(cb);
+ 	ZERO(*pnow);
+ 	ZERO(last_older);
+-	mrulist_interrupted = FALSE;
+-	set_ctrl_c_hook(&mrulist_ctrl_c_hook);
+-	fprintf(stderr,
+-		"Ctrl-C will stop MRU retrieval and display partial results.\n");
+-	fflush(stderr);
+ 	next_report = time(NULL) + MRU_REPORT_SECS;
+ 
+ 	limit = min(3 * MAXFRAGS, ntpd_row_limit);
+@@ -2512,8 +2509,9 @@
+ 		if (debug)
+ 			fprintf(stderr, "READ_MRU parms: %s\n", req_buf);
+ 
+-		qres = doqueryex(CTL_OP_READ_MRU, 0, 0, strlen(req_buf),
+-			         req_buf, &rstatus, &rsize, &rdata, TRUE);
++		qres = doqueryex(CTL_OP_READ_MRU, 0, 0,
++				 strlen(req_buf), req_buf,
++				 &rstatus, &rsize, &rdata, TRUE);
+ 
+ 		if (CERR_UNKNOWNVAR == qres && ri > 0) {
+ 			/*
+@@ -2863,7 +2861,7 @@
+ 				 ri, sptoa(&recent->addr), ri,
+ 				 recent->last.l_ui, recent->last.l_uf);
+ 			chars = strlen(buf);
+-			if (REQ_ROOM - chars < 1)
++			if (REQ_ROOM <= chars)
+ 				break;
+ 			memcpy(req, buf, chars + 1);
+ 			req += chars;
+@@ -2870,7 +2868,6 @@
+ 		}
+ 	}
+ 
+-	set_ctrl_c_hook(NULL);
+ 	c_mru_l_rc = TRUE;
+ 	goto retain_hash_table;
+ 
+@@ -3080,6 +3077,12 @@
+ 	int lstint;
+ 	size_t i;
+ 
++	mrulist_interrupted = FALSE;
++	push_ctrl_c_handler(&mrulist_ctrl_c_hook);
++	fprintf(stderr,
++		"Ctrl-C will stop MRU retrieval and display partial results.\n");
++	fflush(stderr);
++
+ 	order = MRUSORT_DEF;
+ 	parms_buf[0] = '\0';
+ 	parms = parms_buf;
+@@ -3220,6 +3223,8 @@
+ 	free(hash_table);
+ 	hash_table = NULL;
+ 	INIT_DLIST(mru_list, mlink);
++
++	pop_ctrl_c_handler(&mrulist_ctrl_c_hook);
+ }
+ 
+ 
+@@ -3317,7 +3322,7 @@
+ 	const char	up_fmt[] =	"up.%u";	/* uptime */
+ 	const char *	datap;
+ 	int		qres;
+-	int		dsize;
++	size_t		dsize;
+ 	u_short		rstatus;
+ 	char *		tag;
+ 	char *		val;
+@@ -3533,7 +3538,7 @@
+ 	const int qdata_chars =		COUNTOF(qdata) - 1;
+ 	const char *	datap;
+ 	int		qres;
+-	int		dsize;
++	size_t		dsize;
+ 	u_short		rstatus;
+ 	char *		tag;
+ 	char *		val;
+@@ -3632,7 +3637,7 @@
+ 	char tagbuf[32];
+ 	vdc *pvdc;
+ 	u_short rstatus;
+-	int rsize;
++	size_t rsize;
+ 	const char *rdata;
+ 	int qres;
+ 	char *tag;
+--- contrib/ntp/ntpq/ntpq.1ntpqman.orig
++++ contrib/ntp/ntpq/ntpq.1ntpqman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpq 1ntpqman "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpq 1ntpqman "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-joa4fN/ag-voaWeN)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4VaaKt/ag-eWa4It)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:39:23 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:31:55 PM by AutoGen 5.18.5
+ .\" From the definitions ntpq-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpq/ntpq.1ntpqmdoc.orig
++++ contrib/ntp/ntpq/ntpq.1ntpqmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPQ 1ntpqmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpq-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpq/ntpq.c.orig
++++ contrib/ntp/ntpq/ntpq.c
+@@ -39,6 +39,7 @@
+ 
+ #include "ntp_libopts.h"
+ #include "ntpq-opts.h"
++#include "safecast.h"
+ 
+ #ifdef SYS_VXWORKS		/* vxWorks needs mode flag -casey*/
+ # define open(name, flags)   open(name, flags, 0777)
+@@ -168,13 +169,13 @@
+ static	int	openhost	(const char *, int);
+ static	void	dump_hex_printable(const void *, size_t);
+ static	int	sendpkt		(void *, size_t);
+-static	int	getresponse	(int, int, u_short *, int *, const char **, int);
+-static	int	sendrequest	(int, associd_t, int, int, const char *);
++static	int	getresponse	(int, int, u_short *, size_t *, const char **, int);
++static	int	sendrequest	(int, associd_t, int, size_t, const char *);
+ static	char *	tstflags	(u_long);
+ #ifndef BUILD_AS_LIB
+ static	void	getcmds		(void);
+ #ifndef SYS_WINNT
+-static	RETSIGTYPE abortcmd	(int);
++static	int	abortcmd	(void);
+ #endif	/* SYS_WINNT */
+ static	void	docmd		(const char *);
+ static	void	tokenize	(const char *, char **, int *);
+@@ -208,13 +209,14 @@
+     __attribute__((__format__(__printf__, 1, 2)));
+ static	u_long	getkeyid	(const char *);
+ static	void	atoascii	(const char *, size_t, char *, size_t);
+-static	void	cookedprint	(int, int, const char *, int, int, FILE *);
+-static	void	rawprint	(int, int, const char *, int, int, FILE *);
++static	void	cookedprint	(int, size_t, const char *, int, int, FILE *);
++static	void	rawprint	(int, size_t, const char *, int, int, FILE *);
+ static	void	startoutput	(void);
+ static	void	output		(FILE *, const char *, const char *);
+ static	void	endoutput	(FILE *);
+ static	void	outputarr	(FILE *, char *, int, l_fp *);
+ static	int	assoccmp	(const void *, const void *);
++static	void	on_ctrlc	(void);
+ 	u_short	varfmt		(const char *);
+ 
+ void	ntpq_custom_opt_handler	(tOptions *, tOptDesc *);
+@@ -558,9 +560,10 @@
+ 		interactive = 1;
+ 	}
+ 
++	set_ctrl_c_hook(on_ctrlc);
+ #ifndef SYS_WINNT /* Under NT cannot handle SIGINT, WIN32 spawns a handler */
+ 	if (interactive)
+-	    (void) signal_no_reset(SIGINT, abortcmd);
++		push_ctrl_c_handler(abortcmd);
+ #endif /* SYS_WINNT */
+ 
+ 	if (numcmds == 0) {
+@@ -739,9 +742,9 @@
+ 		    sizeof(hostaddr)) == -1)
+ #else
+ 	   (connect(sockfd, (struct sockaddr *)ai->ai_addr,
+-		    ai->ai_addrlen) == -1)
++		ai->ai_addrlen) == -1)
+ #endif /* SYS_VXWORKS */
+-	    {
++	{
+ 		error("connect");
+ 		freeaddrinfo(ai);
+ 		return 0;
+@@ -802,7 +805,7 @@
+ 	if (debug >= 3)
+ 		printf("Sending %zu octets\n", xdatalen);
+ 
+-	if (send(sockfd, xdata, (size_t)xdatalen, 0) == -1) {
++	if (send(sockfd, xdata, xdatalen, 0) == -1) {
+ 		warning("write to %s failed", currenthost);
+ 		return -1;
+ 	}
+@@ -822,7 +825,7 @@
+ 	int opcode,
+ 	int associd,
+ 	u_short *rstatus,
+-	int *rsize,
++	size_t *rsize,
+ 	const char **rdata,
+ 	int timeo
+ 	)
+@@ -871,8 +874,7 @@
+ 			tvo = tvsout;
+ 
+ 		FD_SET(sockfd, &fds);
+-		n = select(sockfd + 1, &fds, NULL, NULL, &tvo);
+-
++		n = select(sockfd+1, &fds, NULL, NULL, &tvo);
+ 		if (n == -1) {
+ 			warning("select fails");
+ 			return -1;
+@@ -1171,15 +1173,15 @@
+ 	int opcode,
+ 	associd_t associd,
+ 	int auth,
+-	int qsize,
++	size_t qsize,
+ 	const char *qdata
+ 	)
+ {
+ 	struct ntp_control qpkt;
+-	int	pktsize;
++	size_t	pktsize;
+ 	u_long	key_id;
+ 	char *	pass;
+-	int	maclen;
++	size_t	maclen;
+ 
+ 	/*
+ 	 * Check to make sure the data will fit in one packet
+@@ -1186,7 +1188,7 @@
+ 	 */
+ 	if (qsize > CTL_MAX_DATA_LEN) {
+ 		fprintf(stderr,
+-			"***Internal error!  qsize (%d) too large\n",
++			"***Internal error!  qsize (%zu) too large\n",
+ 			qsize);
+ 		return 1;
+ 	}
+@@ -1265,7 +1267,7 @@
+ 		return 1;
+ 	} else if ((size_t)maclen != (info_auth_hashlen + sizeof(keyid_t))) {
+ 		fprintf(stderr,
+-			"%d octet MAC, %zu expected with %zu octet digest\n",
++			"%zu octet MAC, %zu expected with %zu octet digest\n",
+ 			maclen, (info_auth_hashlen + sizeof(keyid_t)),
+ 			info_auth_hashlen);
+ 		return 1;
+@@ -1355,10 +1357,10 @@
+ 	int opcode,
+ 	associd_t associd,
+ 	int auth,
+-	int qsize,
++	size_t qsize,
+ 	const char *qdata,
+ 	u_short *rstatus,
+-	int *rsize,
++	size_t *rsize,
+ 	const char **rdata
+ 	)
+ {
+@@ -1376,10 +1378,10 @@
+ 	int opcode,
+ 	associd_t associd,
+ 	int auth,
+-	int qsize,
++	size_t qsize,
+ 	const char *qdata,
+ 	u_short *rstatus,
+-	int *rsize,
++	size_t *rsize,
+ 	const char **rdata,
+ 	int quiet
+ 	)
+@@ -1460,16 +1462,18 @@
+ /*
+  * abortcmd - catch interrupts and abort the current command
+  */
+-static RETSIGTYPE
+-abortcmd(
+-	int sig
+-	)
++static int
++abortcmd(void)
+ {
+ 	if (current_output == stdout)
+-	    (void) fflush(stdout);
++		(void) fflush(stdout);
+ 	putc('\n', stderr);
+ 	(void) fflush(stderr);
+-	if (jump) longjmp(interrupt_buf, 1);
++	if (jump) {
++		jump = 0;
++		longjmp(interrupt_buf, 1);
++	}
++	return TRUE;
+ }
+ #endif	/* !SYS_WINNT && !BUILD_AS_LIB */
+ 
+@@ -1743,7 +1747,7 @@
+ 	)
+ {
+ 	struct xcmd *cl;
+-	int clen;
++	size_t clen;
+ 	int nmatch;
+ 	struct xcmd *nearmatch = NULL;
+ 	struct xcmd *clist;
+@@ -2665,7 +2669,7 @@
+ 	int serrno = errno;
+ 	(void) fprintf(stderr, "%s: ", progname);
+ 	vfprintf(stderr, fmt, ap);
+-	(void) fprintf(stderr, ": %s", strerror(serrno));
++	(void) fprintf(stderr, ": %s\n", strerror(serrno));
+ }
+ 
+ /*
+@@ -2800,7 +2804,7 @@
+  */
+ void
+ makeascii(
+-	int length,
++	size_t length,
+ 	const char *data,
+ 	FILE *fp
+ 	)
+@@ -2916,7 +2920,7 @@
+  */
+ int
+ nextvar(
+-	int *datalen,
++	size_t *datalen,
+ 	const char **datap,
+ 	char **vname,
+ 	char **vvalue
+@@ -2963,7 +2967,7 @@
+ 		if (cp < cpend)
+ 			cp++;
+ 		*datap = cp;
+-		*datalen = cpend - cp;
++		*datalen = size2int_sat(cpend - cp);
+ 		*vvalue = NULL;
+ 		return 1;
+ 	}
+@@ -3003,7 +3007,7 @@
+ 	if (np < cpend && ',' == *np)
+ 		np++;
+ 	*datap = np;
+-	*datalen = cpend - np;
++	*datalen = size2int_sat(cpend - np);
+ 	*vvalue = value;
+ 	return 1;
+ }
+@@ -3027,7 +3031,7 @@
+  */
+ void
+ printvars(
+-	int length,
++	size_t length,
+ 	const char *data,
+ 	int status,
+ 	int sttype,
+@@ -3048,7 +3052,7 @@
+ static void
+ rawprint(
+ 	int datatype,
+-	int length,
++	size_t length,
+ 	const char *data,
+ 	int status,
+ 	int quiet,
+@@ -3113,10 +3117,10 @@
+ 	const char *value
+ 	)
+ {
+-	size_t len;
++	int len;
+ 
+ 	/* strlen of "name=value" */
+-	len = strlen(name) + 1 + strlen(value);
++	len = size2int_sat(strlen(name) + 1 + strlen(value));
+ 
+ 	if (out_chars != 0) {
+ 		out_chars += 2;
+@@ -3161,10 +3165,10 @@
+ 	l_fp *lfp
+ 	)
+ {
+-	register char *bp;
+-	register char *cp;
+-	register int i;
+-	register int len;
++	char *bp;
++	char *cp;
++	size_t i;
++	size_t len;
+ 	char buf[256];
+ 
+ 	bp = buf;
+@@ -3246,7 +3250,7 @@
+ static void
+ cookedprint(
+ 	int datatype,
+-	int length,
++	size_t length,
+ 	const char *data,
+ 	int status,
+ 	int quiet,
+@@ -3430,7 +3434,7 @@
+ 	}
+ 	assoc_cache = erealloc_zero(assoc_cache, new_sz, prior_sz); 
+ 	prior_sz = new_sz;
+-	assoc_cache_slots = new_sz / sizeof(assoc_cache[0]);
++	assoc_cache_slots = (u_int)(new_sz / sizeof(assoc_cache[0]));
+ }
+ 
+ 
+@@ -3566,3 +3570,48 @@
+ 
+     return list;
+ }
++
++#define CTRLC_STACK_MAX 4
++static volatile size_t		ctrlc_stack_len = 0;
++static volatile Ctrl_C_Handler	ctrlc_stack[CTRLC_STACK_MAX];
++
++
++
++int/*BOOL*/
++push_ctrl_c_handler(
++	Ctrl_C_Handler func
++	)
++{
++	size_t size = ctrlc_stack_len;
++	if (func && (size < CTRLC_STACK_MAX)) {
++		ctrlc_stack[size] = func;
++		ctrlc_stack_len = size + 1;
++		return TRUE;
++	}
++	return FALSE;	
++}
++
++int/*BOOL*/
++pop_ctrl_c_handler(
++	Ctrl_C_Handler func
++	)
++{
++	size_t size = ctrlc_stack_len;
++	if (size) {
++		--size;
++		if (func == NULL || func == ctrlc_stack[size]) {
++			ctrlc_stack_len = size;
++			return TRUE;
++		}
++	}
++	return FALSE;
++}
++
++static void
++on_ctrlc(void)
++{
++	size_t size = ctrlc_stack_len;
++	while (size)
++		if ((*ctrlc_stack[--size])())
++			break;
++}
+--- contrib/ntp/ntpq/ntpq.h.orig
++++ contrib/ntp/ntpq/ntpq.h
+@@ -136,19 +136,23 @@
+ extern	void	sortassoc	(void);
+ extern	void	show_error_msg	(int, associd_t);
+ extern	int	dogetassoc	(FILE *);
+-extern	int	doquery		(int, associd_t, int, int, const char *,
+-				 u_short *, int *, const char **);
+-extern	int	doqueryex	(int, associd_t, int, int, const char *,
+-				 u_short *, int *, const char **, int);
++extern	int	doquery		(int, associd_t, int, size_t, const char *,
++				 u_short *, size_t *, const char **);
++extern	int	doqueryex	(int, associd_t, int, size_t, const char *,
++				 u_short *, size_t *, const char **, int);
+ extern	const char * nntohost	(sockaddr_u *);
+ extern	const char * nntohost_col (sockaddr_u *, size_t, int);
+ extern	const char * nntohostp	(sockaddr_u *);
+ extern	int	decodets	(char *, l_fp *);
+ extern	int	decodeuint	(char *, u_long *);
+-extern	int	nextvar		(int *, const char **, char **, char **);
++extern	int	nextvar		(size_t *, const char **, char **, char **);
+ extern	int	decodetime	(char *, l_fp *);
+-extern	void	printvars	(int, const char *, int, int, int, FILE *);
++extern	void	printvars	(size_t, const char *, int, int, int, FILE *);
+ extern	int	decodeint	(char *, long *);
+-extern	void	makeascii	(int, const char *, FILE *);
++extern	void	makeascii	(size_t, const char *, FILE *);
+ extern	const char * trunc_left	(const char *, size_t);
+ extern	const char * trunc_right(const char *, size_t);
++
++typedef	int/*BOOL*/ (*Ctrl_C_Handler)(void);
++extern	int/*BOOL*/ 	push_ctrl_c_handler(Ctrl_C_Handler);
++extern	int/*BOOL*/ 	pop_ctrl_c_handler(Ctrl_C_Handler);
+--- contrib/ntp/ntpq/ntpq.html.orig
++++ contrib/ntp/ntpq/ntpq.html
+@@ -44,7 +44,7 @@
+ and determine the performance of
+ ntpd, the NTP daemon.
+ 
+-  
    This document applies to version 4.2.8p4 of ntpq.
++  
    This document applies to version 4.2.8p5 of ntpq.
+ 
+ 
      
+ 
    • ntpq Description
+@@ -769,7 +769,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
      ntpq - standard NTP query program - Ver. 4.2.8p4-sec-RC2
++
      ntpq - standard NTP query program - Ver. 4.2.8p4
+ Usage:  ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
+   Flg Arg Option-Name    Description
+    -4 no  ipv4           Force IPv4 DNS name resolution
+--- contrib/ntp/ntpq/ntpq.man.in.orig
++++ contrib/ntp/ntpq/ntpq.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpq @NTPQ_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpq @NTPQ_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-joa4fN/ag-voaWeN)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4VaaKt/ag-eWa4It)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:39:23 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:31:55 PM by AutoGen 5.18.5
+ .\" From the definitions ntpq-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpq/ntpq.mdoc.in.orig
++++ contrib/ntp/ntpq/ntpq.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPQ @NTPQ_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpq-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi.orig
++++ contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntpsnmpd.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:39:43 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:32:15 PM by AutoGen 5.18.5
+ # From the definitions    ntpsnmpd-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -47,7 +47,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p4
++ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5
+ Usage:  ntpsnmpd [ - [] | --[@{=| @}] ]...
+   Flg Arg Option-Name    Description
+    -n no  nofork         Do not fork
+--- contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:32 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:32:05 PM by AutoGen 5.18.5
+  *  From the definitions    ntpsnmpd-opts.def
+  *  and the template file   options
+  *
+@@ -61,7 +61,7 @@
+  *  static const strings for ntpsnmpd options
+  */
+ static char const ntpsnmpd_opt_strs[1610] =
+-/*     0 */ "ntpsnmpd 4.2.8p4\n"
++/*     0 */ "ntpsnmpd 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -101,7 +101,7 @@
+ /*  1414 */ "no-load-opts\0"
+ /*  1427 */ "no\0"
+ /*  1430 */ "NTPSNMPD\0"
+-/*  1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p4\n"
++/*  1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]...\n\0"
+ /*  1542 */ "$HOME\0"
+ /*  1548 */ ".\0"
+@@ -108,7 +108,7 @@
+ /*  1550 */ ".ntprc\0"
+ /*  1557 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  1591 */ "\n\0"
+-/*  1593 */ "ntpsnmpd 4.2.8p4";
++/*  1593 */ "ntpsnmpd 4.2.8p5";
+ 
+ /**
+  *  nofork option description:
+@@ -554,7 +554,7 @@
+      translate option names.
+    */
+   /* referenced via ntpsnmpdOptions.pzCopyright */
+-  puts(_("ntpsnmpd 4.2.8p4\n\
++  puts(_("ntpsnmpd 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -599,7 +599,7 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via ntpsnmpdOptions.pzUsageTitle */
+-  puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p4\n\
++  puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]...\n"));
+ 
+   /* referenced via ntpsnmpdOptions.pzExplain */
+@@ -606,7 +606,7 @@
+   puts(_("\n"));
+ 
+   /* referenced via ntpsnmpdOptions.pzFullVersion */
+-  puts(_("ntpsnmpd 4.2.8p4"));
++  puts(_("ntpsnmpd 4.2.8p5"));
+ 
+   /* referenced via ntpsnmpdOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:32 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:32:04 PM by AutoGen 5.18.5
+  *  From the definitions    ntpsnmpd-opts.def
+  *  and the template file   options
+  *
+@@ -76,9 +76,9 @@
+ /** count of all options for ntpsnmpd */
+ #define OPTION_CT    8
+ /** ntpsnmpd version */
+-#define NTPSNMPD_VERSION       "4.2.8p4"
++#define NTPSNMPD_VERSION       "4.2.8p5"
+ /** Full ntpsnmpd version text */
+-#define NTPSNMPD_FULL_VERSION  "ntpsnmpd 4.2.8p4"
++#define NTPSNMPD_FULL_VERSION  "ntpsnmpd 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpsnmpd 1ntpsnmpdman "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpsnmpd 1ntpsnmpdman "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Xna4nO/ag-9naWmO)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dZaaSu/ag-qZa4Qu)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:39:39 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:32:12 PM by AutoGen 5.18.5
+ .\" From the definitions ntpsnmpd-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:45 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:18 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpsnmpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.html.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.html
+@@ -42,7 +42,7 @@
+ 
      The ntpsnmpd utility program is used to monitor NTP daemon ntpd
+ operations and determine performance.  It uses the standard NTP mode 6 control
+ 
+-  
      This document applies to version 4.2.8p4 of ntpsnmpd.
++  
      This document applies to version 4.2.8p5 of ntpsnmpd.
+ 
+ 
        
+ 
      • ntpsnmpd Description:             Description
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.man.in.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpsnmpd @NTPSNMPD_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpsnmpd @NTPSNMPD_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Xna4nO/ag-9naWmO)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dZaaSu/ag-qZa4Qu)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:39:39 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:32:12 PM by AutoGen 5.18.5
+ .\" From the definitions ntpsnmpd-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:45 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:18 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpsnmpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/calc_tickadj/Makefile.am.orig
++++ contrib/ntp/scripts/calc_tickadj/Makefile.am
+@@ -60,6 +60,8 @@
+ 	$(manpage_HACK)			\
+ 	$(NULL)
+ 
++BUILT_SOURCES = $(noinst_DATA)
++
+ calc_tickadj: $(srcdir)/calc_tickadj-opts
+ 
+ $(srcdir)/calc_tickadj-opts: $(srcdir)/calc_tickadj-opts.def
+--- contrib/ntp/scripts/calc_tickadj/Makefile.in.orig
++++ contrib/ntp/scripts/calc_tickadj/Makefile.in
+@@ -516,7 +516,9 @@
+ 	$(manpage_HACK)			\
+ 	$(NULL)
+ 
+-all: all-am
++BUILT_SOURCES = $(noinst_DATA)
++all: $(BUILT_SOURCES)
++	$(MAKE) $(AM_MAKEFLAGS) all-am
+ 
+ .SUFFIXES:
+ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+@@ -785,13 +787,15 @@
+ 	  fi; \
+ 	done
+ check-am: all-am
+-check: check-am
++check: $(BUILT_SOURCES)
++	$(MAKE) $(AM_MAKEFLAGS) check-am
+ all-am: Makefile $(SCRIPTS) $(MANS) $(DATA)
+ installdirs:
+ 	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
+ 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ 	done
+-install: install-am
++install: $(BUILT_SOURCES)
++	$(MAKE) $(AM_MAKEFLAGS) install-am
+ install-exec: install-exec-am
+ install-data: install-data-am
+ uninstall: uninstall-am
+@@ -822,6 +826,7 @@
+ maintainer-clean-generic:
+ 	@echo "This command is intended for maintainers to use"
+ 	@echo "it deletes files that may require special tools to rebuild."
++	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+ clean: clean-am
+ 
+ clean-am: clean-generic clean-libtool mostlyclean-am
+@@ -892,7 +897,7 @@
+ 
+ uninstall-man: uninstall-man1 uninstall-man8
+ 
+-.MAKE: install-am install-strip
++.MAKE: all check install install-am install-strip
+ 
+ .PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ 	cscopelist-am ctags-am distclean distclean-generic \
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH calc_tickadj 1calc_tickadjman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH calc_tickadj 1calc_tickadjman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-3baGnz/ag-dcaOmz)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nyaOMf/ag-AyaWLf)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:33:58 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:26 PM by AutoGen 5.18.5
+ .\" From the definitions calc_tickadj-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (calc_tickadj-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:02 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:28 PM by AutoGen 5.18.5
+ .\"  From the definitions    calc_tickadj-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.html.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.html
+@@ -31,7 +31,7 @@
+ 
        calc_tickadj User's Manual
        
+ 
+ 
        This document describes the use of the NTP Project's calc_tickadj program. 
+-This document applies to version 4.2.8p4 of calc_tickadj.
++This document applies to version 4.2.8p5 of calc_tickadj.
+ 
+   
        
+ 
        Short Contents
        
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH calc_tickadj 1calc_tickadjman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH calc_tickadj 1calc_tickadjman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-3baGnz/ag-dcaOmz)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nyaOMf/ag-AyaWLf)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:33:58 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:26 PM by AutoGen 5.18.5
+ .\" From the definitions calc_tickadj-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (calc_tickadj-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:02 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:28 PM by AutoGen 5.18.5
+ .\"  From the definitions    calc_tickadj-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi.orig
++++ contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-calc_tickadj.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:04 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:30 PM by AutoGen 5.18.5
+ # From the definitions    calc_tickadj-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+--- contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi.orig
++++ contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntp-wait.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:12 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:39 PM by AutoGen 5.18.5
+ # From the definitions    ntp-wait-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -61,7 +61,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p4
++ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5
+ USAGE: ntp-wait [ - [] | --[@{=| @}] ]... 
+ 
+     -n, --tries=num              Number of times to check ntpd
+--- contrib/ntp/scripts/ntp-wait/ntp-wait-opts.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (ntp-wait-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:06 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:33 PM by AutoGen 5.18.5
+ # From the definitions    ntp-wait-opts.def
+ # and the template file   perlopt
+ 
+@@ -40,7 +40,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p4
++ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5
+ USAGE: ntp-wait [ - [] | --[{=| }] ]... 
+ 
+     -n, --tries=num              Number of times to check ntpd
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp-wait 1ntp-waitman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntp-wait 1ntp-waitman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-fzaONA/ag-rzaWMA)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7OaOah/ag-iPaW_g)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:08 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:35 PM by AutoGen 5.18.5
+ .\" From the definitions ntp-wait-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_WAIT 1ntp-waitmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:14 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:41 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-wait-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.html.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.html
+@@ -39,7 +39,7 @@
+ and only then start any applicaitons (like database servers) that require
+ accurate and stable time.
+ 
+-  
        This document applies to version 4.2.8p4 of ntp-wait.
++  
        This document applies to version 4.2.8p5 of ntp-wait.
+ 
+ 
        
+ 
        Short Contents
        
+@@ -114,7 +114,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
        ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p4
++
        ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5
+ USAGE: ntp-wait [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
+ 
+     -n, --tries=num              Number of times to check ntpd
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.man.in.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp-wait @NTP_WAIT_MS@ "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntp-wait @NTP_WAIT_MS@ "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-fzaONA/ag-rzaWMA)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7OaOah/ag-iPaW_g)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:08 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:35 PM by AutoGen 5.18.5
+ .\" From the definitions ntp-wait-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_WAIT @NTP_WAIT_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:14 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:41 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-wait-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi.orig
++++ contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntpsweep.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:18 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:45 PM by AutoGen 5.18.5
+ # From the definitions    ntpsweep-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -45,7 +45,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p4
++ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p5
+ USAGE: ntpsweep [ - [] | --[@{=| @}] ]... [hostfile]
+ 
+     -l, --host-list=str          Host to execute actions on
+--- contrib/ntp/scripts/ntpsweep/ntpsweep-opts.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (ntpsweep-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:16 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:43 PM by AutoGen 5.18.5
+ # From the definitions    ntpsweep-opts.def
+ # and the template file   perlopt
+ 
+@@ -43,7 +43,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p4
++ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p5
+ USAGE: ntpsweep [ - [] | --[{=| }] ]... [hostfile]
+ 
+     -l, --host-list=str          Host to execute actions on
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpsweep 1ntpsweepman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntpsweep 1ntpsweepman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-kqaGdC/ag-xqaOcC)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-eHaGCi/ag-rHaOBi)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:20 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:47 PM by AutoGen 5.18.5
+ .\" From the definitions ntpsweep-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPSWEEP 1ntpsweepmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpsweep-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:23 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:50 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpsweep-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.html.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.html
+@@ -30,7 +30,7 @@
+ 
+   
        This document describes the use of the NTP Project's ntpsweep program.
+ 
+-  
        This document applies to version 4.2.8p4 of ntpsweep.
++  
        This document applies to version 4.2.8p5 of ntpsweep.
+ 
+   
        
+ 
        Short Contents
        
+@@ -90,7 +90,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
        ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p4
++
        ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p5
+ USAGE: ntpsweep [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostfile]
+ 
+     -l, --host-list=str          Host to execute actions on
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.man.in.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpsweep 1ntpsweepman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntpsweep 1ntpsweepman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-kqaGdC/ag-xqaOcC)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-eHaGCi/ag-rHaOBi)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:20 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:47 PM by AutoGen 5.18.5
+ .\" From the definitions ntpsweep-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPSWEEP 1ntpsweepmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpsweep-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:23 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:50 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpsweep-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi.orig
++++ contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntptrace.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:30 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:58 PM by AutoGen 5.18.5
+ # From the definitions    ntptrace-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -62,7 +62,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntptrace - Trace peers of an NTP server - Ver. 4.2.8p4
++ntptrace - Trace peers of an NTP server - Ver. 4.2.8p5
+ USAGE: ntptrace [ - [] | --[@{=| @}] ]... [host]
+ 
+     -n, --numeric                Print IP addresses instead of hostnames
+--- contrib/ntp/scripts/ntptrace/ntptrace-opts.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (ntptrace-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:25 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:52 PM by AutoGen 5.18.5
+ # From the definitions    ntptrace-opts.def
+ # and the template file   perlopt
+ 
+@@ -40,7 +40,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-ntptrace - Trace peers of an NTP server - Ver. 4.2.8p4
++ntptrace - Trace peers of an NTP server - Ver. 4.2.8p5
+ USAGE: ntptrace [ - [] | --[{=| }] ]... [host]
+ 
+     -n, --numeric                Print IP addresses instead of hostnames
+--- contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntptrace 1ntptraceman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntptrace 1ntptraceman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-h.aOvD/ag-u.aWuD)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tqaWUj/ag-Gqa4Tj)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:27 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:54 PM by AutoGen 5.18.5
+ .\" From the definitions ntptrace-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPTRACE 1ntptracemdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntptrace-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:32 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:00 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntptrace-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntptrace/ntptrace.html.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.html
+@@ -31,7 +31,7 @@
+ 
        Simple Network Time Protocol User Manual
        
+ 
+ 
        This document describes the use of the NTP Project's ntptrace program. 
+-This document applies to version 4.2.8p4 of ntptrace.
++This document applies to version 4.2.8p5 of ntptrace.
+ 
+   
        
+ 
        Short Contents
        
+@@ -107,7 +107,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
        ntptrace - Trace peers of an NTP server - Ver. 4.2.8p4
++
        ntptrace - Trace peers of an NTP server - Ver. 4.2.8p5
+ USAGE: ntptrace [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [host]
+ 
+     -n, --numeric                Print IP addresses instead of hostnames
+--- contrib/ntp/scripts/ntptrace/ntptrace.man.in.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntptrace @NTPTRACE_MS@ "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntptrace @NTPTRACE_MS@ "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-h.aOvD/ag-u.aWuD)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tqaWUj/ag-Gqa4Tj)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:27 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:54 PM by AutoGen 5.18.5
+ .\" From the definitions ntptrace-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPTRACE @NTPTRACE_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntptrace-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:32 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:00 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntptrace-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/update-leap/invoke-update-leap.texi.orig
++++ contrib/ntp/scripts/update-leap/invoke-update-leap.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-update-leap.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:38 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:05 PM by AutoGen 5.18.5
+ # From the definitions    update-leap-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+--- contrib/ntp/scripts/update-leap/update-leap-opts.orig
++++ contrib/ntp/scripts/update-leap/update-leap-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (update-leap-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:44 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:11 PM by AutoGen 5.18.5
+ # From the definitions    update-leap-opts.def
+ # and the template file   perlopt
+ 
+@@ -46,7 +46,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-update-leap - leap-seconds file manager/updater - Ver. 4.2.8p4
++update-leap - leap-seconds file manager/updater - Ver. 4.2.8p5
+ USAGE: update-leap [ - [] | --[{=| }] ]... 
+ 
+     -s, --source-url=str         The URL of the master copy of the leapseconds file
+--- contrib/ntp/scripts/update-leap/update-leap.1update-leapman.orig
++++ contrib/ntp/scripts/update-leap/update-leap.1update-leapman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH update-leap 1update-leapman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH update-leap 1update-leapman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tXaylE/ag-FXaGkE)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9hayKk/ag-kiaGJk)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:34 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:02 PM by AutoGen 5.18.5
+ .\" From the definitions update-leap-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc.orig
++++ contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt UPDATE_LEAP 1update-leapmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (update-leap-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:42 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:10 PM by AutoGen 5.18.5
+ .\"  From the definitions    update-leap-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/update-leap/update-leap.html.orig
++++ contrib/ntp/scripts/update-leap/update-leap.html
+@@ -30,7 +30,7 @@
+ 
+   
        This document describes the use of the NTP Project's update-leap program.
+ 
+-  
        This document applies to version 4.2.8p4 of update-leap.
++  
        This document applies to version 4.2.8p5 of update-leap.
+ 
+ 
        
+ 
        Short Contents
        
+--- contrib/ntp/scripts/update-leap/update-leap.man.in.orig
++++ contrib/ntp/scripts/update-leap/update-leap.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH update-leap 1update-leapman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH update-leap 1update-leapman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tXaylE/ag-FXaGkE)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9hayKk/ag-kiaGJk)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:34 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:02 PM by AutoGen 5.18.5
+ .\" From the definitions update-leap-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/update-leap/update-leap.mdoc.in.orig
++++ contrib/ntp/scripts/update-leap/update-leap.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt UPDATE_LEAP 1update-leapmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (update-leap-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:42 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:10 PM by AutoGen 5.18.5
+ .\"  From the definitions    update-leap-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/invoke-plot_summary.texi.orig
++++ contrib/ntp/scripts/invoke-plot_summary.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-plot_summary.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:48 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:16 PM by AutoGen 5.18.5
+ # From the definitions    plot_summary-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -41,7 +41,7 @@
+ 
+ @exampleindent 0
+ @example
+-plot_summary - plot statistics generated by summary script - Ver. 4.2.8p4
++plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5
+ USAGE: plot_summary [ - [] | --[@{=| @}] ]... 
+ 
+         --directory=str          Where the summary files are
+--- contrib/ntp/scripts/invoke-summary.texi.orig
++++ contrib/ntp/scripts/invoke-summary.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-summary.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:54 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:22 PM by AutoGen 5.18.5
+ # From the definitions    summary-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -42,7 +42,7 @@
+ 
+ @exampleindent 0
+ @example
+-summary - compute various stastics from NTP stat files - Ver. 4.2.8p4
++summary - compute various stastics from NTP stat files - Ver. 4.2.8p5
+ USAGE: summary [ - [] | --[@{=| @}] ]... 
+ 
+         --directory=str          Directory containing stat files
+--- contrib/ntp/scripts/plot_summary-opts.orig
++++ contrib/ntp/scripts/plot_summary-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (plot_summary-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:45 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:12 PM by AutoGen 5.18.5
+ # From the definitions    plot_summary-opts.def
+ # and the template file   perlopt
+ 
+@@ -46,7 +46,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-plot_summary - plot statistics generated by summary script - Ver. 4.2.8p4
++plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5
+ USAGE: plot_summary [ - [] | --[{=| }] ]... 
+ 
+         --directory=str          Where the summary files are
+--- contrib/ntp/scripts/plot_summary.1plot_summaryman.orig
++++ contrib/ntp/scripts/plot_summary.1plot_summaryman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH plot_summary 1plot_summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH plot_summary 1plot_summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaylG/ag-RXaGkG)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-xiaqKm/ag-KiayJm)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:51 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:18 PM by AutoGen 5.18.5
+ .\" From the definitions plot_summary-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/plot_summary.1plot_summarymdoc.orig
++++ contrib/ntp/scripts/plot_summary.1plot_summarymdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (plot_summary-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:53 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:20 PM by AutoGen 5.18.5
+ .\"  From the definitions    plot_summary-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/plot_summary.html.orig
++++ contrib/ntp/scripts/plot_summary.html
+@@ -31,7 +31,7 @@
+ 
        Plot_summary User Manual
        
+ 
+ 
        This document describes the use of the NTP Project's plot_summary program. 
+-This document applies to version 4.2.8p4 of plot_summary.
++This document applies to version 4.2.8p5 of plot_summary.
+ 
+   
        
+ 
        Short Contents
        
+@@ -89,7 +89,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
        plot_summary - plot statistics generated by summary script - Ver. 4.2.8p4
++
        plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5
+ USAGE: plot_summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
+ 
+         --directory=str          Where the summary files are
+--- contrib/ntp/scripts/plot_summary.man.in.orig
++++ contrib/ntp/scripts/plot_summary.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH plot_summary 1plot_summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH plot_summary 1plot_summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaylG/ag-RXaGkG)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-xiaqKm/ag-KiayJm)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:51 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:18 PM by AutoGen 5.18.5
+ .\" From the definitions plot_summary-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/plot_summary.mdoc.in.orig
++++ contrib/ntp/scripts/plot_summary.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (plot_summary-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:53 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:20 PM by AutoGen 5.18.5
+ .\"  From the definitions    plot_summary-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/summary-opts.orig
++++ contrib/ntp/scripts/summary-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (summary-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:47 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:14 PM by AutoGen 5.18.5
+ # From the definitions    summary-opts.def
+ # and the template file   perlopt
+ 
+@@ -44,7 +44,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-summary - compute various stastics from NTP stat files - Ver. 4.2.8p4
++summary - compute various stastics from NTP stat files - Ver. 4.2.8p5
+ USAGE: summary [ - [] | --[{=| }] ]... 
+ 
+         --directory=str          Directory containing stat files
+--- contrib/ntp/scripts/summary.1summaryman.orig
++++ contrib/ntp/scripts/summary.1summaryman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH summary 1summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH summary 1summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-ghaazG/ag-shaiyG)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-.Ca4Xm/ag-lDaaXm)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:56 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:24 PM by AutoGen 5.18.5
+ .\" From the definitions summary-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/summary.1summarymdoc.orig
++++ contrib/ntp/scripts/summary.1summarymdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SUMMARY 1summarymdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (summary-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:58 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:25 PM by AutoGen 5.18.5
+ .\"  From the definitions    summary-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/summary.html.orig
++++ contrib/ntp/scripts/summary.html
+@@ -31,7 +31,7 @@
+ 
        Summary User Manual
        
+ 
+ 
        This document describes the use of the NTP Project's summary program. 
+-This document applies to version 4.2.8p4 of summary.
++This document applies to version 4.2.8p5 of summary.
+ 
+   
        
+ 
        Short Contents
        
+@@ -88,7 +88,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
        summary - compute various stastics from NTP stat files - Ver. 4.2.8p4
++
        summary - compute various stastics from NTP stat files - Ver. 4.2.8p5
+ USAGE: summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
+ 
+         --directory=str          Directory containing stat files
+--- contrib/ntp/scripts/summary.man.in.orig
++++ contrib/ntp/scripts/summary.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH summary 1summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH summary 1summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-ghaazG/ag-shaiyG)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-.Ca4Xm/ag-lDaaXm)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:56 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:24 PM by AutoGen 5.18.5
+ .\" From the definitions summary-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/summary.mdoc.in.orig
++++ contrib/ntp/scripts/summary.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SUMMARY 1summarymdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (summary-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:58 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:25 PM by AutoGen 5.18.5
+ .\"  From the definitions    summary-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/sntp/include/version.def.orig
++++ contrib/ntp/sntp/include/version.def
+@@ -1 +1 @@
+-version = '4.2.8p4';
++version = '4.2.8p5';
+--- contrib/ntp/sntp/include/version.texi.orig
++++ contrib/ntp/sntp/include/version.texi
+@@ -1,3 +1,3 @@
+-@set UPDATED 21 October 2015
+-@set EDITION 4.2.8p4
+-@set VERSION 4.2.8p4
++@set UPDATED 07 January 2016
++@set EDITION 4.2.8p5
++@set VERSION 4.2.8p5
+--- contrib/ntp/sntp/m4/ntp_libevent.m4.orig
++++ contrib/ntp/sntp/m4/ntp_libevent.m4
+@@ -89,9 +89,10 @@
+ 	    # LDADD_LIBEVENT=`$PKG_CONFIG --libs libevent | sed 's:-levent::'`
+ 	    # So now we dance...
+ 	    LDADD_LIBEVENT=
+-	    for i in `$PKG_CONFIG --libs libevent`
++	    for i in `$PKG_CONFIG --libs libevent` `$PKG_CONFIG --cflags-only-other libevent_pthreads`
+ 	    do
+ 		case "$i" in
++		 -D*) ;;
+ 		 -levent*) ;;
+ 		 *) case "$LDADD_LIBEVENT" in
+ 		     '') LDADD_LIBEVENT="$i" ;;
+--- contrib/ntp/sntp/m4/ntp_problemtests.m4.orig
++++ contrib/ntp/sntp/m4/ntp_problemtests.m4
+@@ -28,8 +28,9 @@
+ AC_MSG_CHECKING([if we can run test-ntp_restrict])
+ ntp_test_ntp_restrict="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
++ no:0:*-*-hpux11.23*) ;;
+  no:0:*-*-solaris*) ;;
+- no:0:*-*-hpux-11.23*) ;;
+  *) ntp_test_ntp_restrict="yes" ;;
+ esac
+ AC_MSG_RESULT([$ntp_test_ntp_restrict])
+@@ -38,6 +39,7 @@
+ AC_MSG_CHECKING([if we can run test-ntp_scanner])
+ ntp_test_ntp_scanner="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
+  no:0:*-*-solaris*) ;;
+  *) ntp_test_ntp_scanner="yes" ;;
+ esac
+@@ -47,6 +49,7 @@
+ AC_MSG_CHECKING([if we can run test-ntp_signd])
+ ntp_test_ntp_signd="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
+  no:0:*-*-solaris*) ;;
+  *) ntp_test_ntp_signd="yes" ;;
+ esac
+--- contrib/ntp/sntp/m4/version.m4.orig
++++ contrib/ntp/sntp/m4/version.m4
+@@ -1 +1 @@
+-m4_define([VERSION_NUMBER],[4.2.8p4])
++m4_define([VERSION_NUMBER],[4.2.8p5])
+--- contrib/ntp/sntp/tests/keyFile.c.orig
++++ contrib/ntp/sntp/tests/keyFile.c
+@@ -62,9 +62,13 @@
+ void
+ test_ReadEmptyKeyFile(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-empty", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(0, auth_init(CreatePath("key-test-empty", INPUT_DIR), &keys));
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(0, auth_init(path, &keys));
+ 	TEST_ASSERT_NULL(keys);
++
++	free((void *)path);
+ }
+ 
+ 
+@@ -71,11 +75,14 @@
+ void
+ test_ReadASCIIKeys(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-ascii", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(2, auth_init(CreatePath("key-test-ascii", INPUT_DIR), &keys));
+-
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(2, auth_init(path, &keys));
+ 	TEST_ASSERT_NOT_NULL(keys);
+ 
++	free((void *)path);
++
+ 	struct key* result = NULL;
+ 	get_key(40, &result);
+ 	TEST_ASSERT_NOT_NULL(result);
+@@ -91,10 +98,12 @@
+ void
+ test_ReadHexKeys(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-hex", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(3, auth_init(CreatePath("key-test-hex", INPUT_DIR), &keys));
+-
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(3, auth_init(path, &keys));
+ 	TEST_ASSERT_NOT_NULL(keys);
++	free((void *)path);
+ 
+ 	struct key* result = NULL;
+ 	get_key(10, &result);
+@@ -119,10 +128,12 @@
+ void
+ test_ReadKeyFileWithComments(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-comments", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(2, auth_init(CreatePath("key-test-comments", INPUT_DIR), &keys));
+-	
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(2, auth_init(path, &keys));
+ 	TEST_ASSERT_NOT_NULL(keys);
++	free((void *)path);
+ 
+ 	struct key* result = NULL;
+ 	get_key(10, &result);
+@@ -140,10 +151,12 @@
+ void
+ test_ReadKeyFileWithInvalidHex(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-invalid-hex", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(1, auth_init(CreatePath("key-test-invalid-hex", INPUT_DIR), &keys));
+-
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(1, auth_init(path, &keys));
+ 	TEST_ASSERT_NOT_NULL(keys);
++	free((void *)path);
+ 
+ 	struct key* result = NULL;
+ 	get_key(10, &result);
+--- contrib/ntp/sntp/tests/kodDatabase.c.orig
++++ contrib/ntp/sntp/tests/kodDatabase.c
+@@ -1,5 +1,6 @@
+ #include "config.h"
+ 
++#include "ntp_workimpl.h"
+ #include "ntp_types.h"
+ #include "sntptest.h"
+ #include "ntp_stdlib.h"
+@@ -20,6 +21,7 @@
+ void
+ setUp(void) {
+ 	kod_init_kod_db("/dev/null", TRUE);
++	init_lib();
+ }
+ 
+ 
+--- contrib/ntp/sntp/tests/kodFile.c.orig
++++ contrib/ntp/sntp/tests/kodFile.c
+@@ -28,6 +28,7 @@
+ setUp(void) {
+ 	kod_db_cnt = 0;
+ 	kod_db = NULL;
++	init_lib();
+ }
+ 
+ 
+--- contrib/ntp/sntp/tests/run-kodDatabase.c.orig
++++ contrib/ntp/sntp/tests/run-kodDatabase.c
+@@ -23,6 +23,7 @@
+ #include 
+ #include 
+ #include "config.h"
++#include "ntp_workimpl.h"
+ #include "ntp_types.h"
+ #include "sntptest.h"
+ #include "ntp_stdlib.h"
+@@ -56,11 +57,11 @@
+ {
+   progname = argv[0];
+   UnityBegin("kodDatabase.c");
+-  RUN_TEST(test_SingleEntryHandling, 13);
+-  RUN_TEST(test_MultipleEntryHandling, 14);
+-  RUN_TEST(test_NoMatchInSearch, 15);
+-  RUN_TEST(test_AddDuplicate, 16);
+-  RUN_TEST(test_DeleteEntry, 17);
++  RUN_TEST(test_SingleEntryHandling, 14);
++  RUN_TEST(test_MultipleEntryHandling, 15);
++  RUN_TEST(test_NoMatchInSearch, 16);
++  RUN_TEST(test_AddDuplicate, 17);
++  RUN_TEST(test_DeleteEntry, 18);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/sntp/tests/run-t-log.c.orig
++++ contrib/ntp/sntp/tests/run-t-log.c
+@@ -49,9 +49,9 @@
+ {
+   progname = argv[0];
+   UnityBegin("t-log.c");
+-  RUN_TEST(testChangePrognameInMysyslog, 9);
+-  RUN_TEST(testOpenLogfileTest, 10);
+-  RUN_TEST(testWriteInCustomLogfile, 35);
++  RUN_TEST(testChangePrognameInMysyslog, 10);
++  RUN_TEST(testOpenLogfileTest, 11);
++  RUN_TEST(testWriteInCustomLogfile, 12);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/sntp/tests/t-log.c.orig
++++ contrib/ntp/sntp/tests/t-log.c
+@@ -6,63 +6,82 @@
+ //#include "log.h"
+ #include "log.c"
+ 
++void setUp(void);
+ void testChangePrognameInMysyslog(void);
+ void testOpenLogfileTest(void);
++void testWriteInCustomLogfile(void);
+ 
+ 
++void
++setUp(void) {
++	init_lib();
++}
++
++
+ //in var/log/syslog (may differ depending on your OS), logged name of the program will be "TEST_PROGNAME".
+ 
+-void testChangePrognameInMysyslog(void){
++void
++testChangePrognameInMysyslog(void)
++{
+ 	sntp_init_logging("TEST_PROGNAME");
+-	msyslog(LOG_ERR, "TESTING sntp_init_logging()"); //%m will print the last errno?
++	msyslog(LOG_ERR, "TESTING sntp_init_logging()");
++
++	return;
+ }
+ 
+ //writes log files in your own file instead of syslog! (MAY BE USEFUL TO SUPPRESS ERROR MESSAGES!)
+ 
+-void testOpenLogfileTest(void){
++void
++testOpenLogfileTest(void)
++{
+ 	sntp_init_logging("TEST_PROGNAME2"); //this name is consistent through the entire program unless changed
+-	open_logfile("testLogfile.log"); 
++	open_logfile("testLogfile.log");
+ 	//open_logfile("/var/log/syslog"); //this gives me "Permission Denied" when i do %m
+-	
++
+ 	msyslog(LOG_ERR, "Cannot open log file %s","abcXX");
+ 	//cleanup_log(); //unnecessary  after log.c fix!
+-	
++
++	return;
+ }
+ 
+ 
+ //multiple cleanup_log() causes segfault. Probably the reason it's static. Opening multiple open_logfile(name) will cause segfault x.x I'm guessing it's not intended to be changed. Cleanup after unity test doesn't fix it, looks like. Calling in tearDown() also causes issues.
+ 
+-void testWriteInCustomLogfile(void){
++void
++testWriteInCustomLogfile(void)
++{
+ 	char testString[256] = "12345 ABC";
+ 	char testName[256] = "TEST_PROGNAME3";
+ 
+-	remove("testLogfile2.log");
++	(void)remove("testLogfile2.log");
+ 
+ 	sntp_init_logging(testName);
+ 	open_logfile("testLogfile2.log"); // ./ causing issues
+ 	//sntp_init_logging(testName);
+ 
+-	
+-	msyslog(LOG_ERR, testString);
++
++	msyslog(LOG_ERR, "%s", testString);
+ 	FILE * f = fopen("testLogfile2.log","r");
+ 	char line[256];
+ 
++	TEST_ASSERT_TRUE( f != NULL);
++
+ 	//should be only 1 line
+- 	while (fgets(line, sizeof(line), f)) {
+-        	printf("%s", line); 
+-    	}
+-	
++	while (fgets(line, sizeof(line), f)) {
++		printf("%s", line);
++	}
+ 
++
+ 	char* x = strstr(line,testName);
+-	
++
+ 	TEST_ASSERT_TRUE( x != NULL);
+ 
+ 	x = strstr(line,testString);
+ 	TEST_ASSERT_TRUE( x != NULL);
+ 	//cleanup_log();
+-	fclose(f); //using this will also cause segfault, because at the end, log.c will  call (using atexit(func) function) cleanup_log(void)-> fclose(syslog_file); 
++	fclose(f); //using this will also cause segfault, because at the end, log.c will  call (using atexit(func) function) cleanup_log(void)-> fclose(syslog_file);
+ 	//After the 1st fclose, syslog_file = NULL, and is never reset -> hopefully fixed by editing log.c
+ 	//TEST_ASSERT_EQUAL_STRING(testString,line); //doesn't work, line is dynamic because the process name is random.
++
++	return;
+ }
+-
+-
+--- contrib/ntp/sntp/tests/utilities.c.orig
++++ contrib/ntp/sntp/tests/utilities.c
+@@ -96,12 +96,12 @@
+ 
+ void
+ test_IPv6Address(void) {
+-	const struct in6_addr address = {
++	const struct in6_addr address = { { {
+ 						0x20, 0x01, 0x0d, 0xb8,
+ 						0x85, 0xa3, 0x08, 0xd3, 
+ 						0x13, 0x19, 0x8a, 0x2e,
+ 						0x03, 0x70, 0x73, 0x34
+-					};
++					} } };
+ 	const char * expected = "2001:db8:85a3:8d3:1319:8a2e:370:7334";
+ 	sockaddr_u	input;
+ 	struct addrinfo	inputA;
+--- contrib/ntp/sntp/unity/unity_internals.h.orig
++++ contrib/ntp/sntp/unity/unity_internals.h
+@@ -305,7 +305,19 @@
+ #   undef UNITY_WEAK_PRAGMA
+ #endif
+ 
++#if !defined(UNITY_NORETURN_ATTRIBUTE)
++#   ifdef __GNUC__ // includes clang
++#       if !(defined(__WIN32__) && defined(__clang__))
++#           define UNITY_NORETURN_ATTRIBUTE __attribute__((noreturn))
++#       endif
++#   endif
++#endif
+ 
++#ifndef UNITY_NORETURN_ATTRIBUTE
++#   define UNITY_NORETURN_ATTRIBUTE
++#endif
++
++
+ //-------------------------------------------------------
+ // Internal Structs Needed
+ //-------------------------------------------------------
+@@ -465,7 +477,7 @@
+                               const UNITY_LINE_TYPE lineNumber,
+                               const UNITY_DISPLAY_STYLE_T style);
+ 
+-void UnityFail(const char* message, const UNITY_LINE_TYPE line);
++void UnityFail(const char* message, const UNITY_LINE_TYPE line) UNITY_NORETURN_ATTRIBUTE;
+ 
+ void UnityIgnore(const char* message, const UNITY_LINE_TYPE line);
+ 
+--- contrib/ntp/sntp/configure.orig
++++ contrib/ntp/sntp/configure
+@@ -1,6 +1,6 @@
+ #! /bin/sh
+ # Guess values for system-dependent variables and create Makefiles.
+-# Generated by GNU Autoconf 2.69 for sntp 4.2.8p4.
++# Generated by GNU Autoconf 2.69 for sntp 4.2.8p5.
+ #
+ # Report bugs to .
+ #
+@@ -590,8 +590,8 @@
+ # Identity of this package.
+ PACKAGE_NAME='sntp'
+ PACKAGE_TARNAME='sntp'
+-PACKAGE_VERSION='4.2.8p4'
+-PACKAGE_STRING='sntp 4.2.8p4'
++PACKAGE_VERSION='4.2.8p5'
++PACKAGE_STRING='sntp 4.2.8p5'
+ PACKAGE_BUGREPORT='http://bugs.ntp.org./'
+ PACKAGE_URL='http://www.ntp.org./'
+ 
+@@ -1491,7 +1491,7 @@
+   # Omit some internal or obsolete options to make the list less imposing.
+   # This message is too long to be a string in the A/UX 3.1 sh.
+   cat <<_ACEOF
+-\`configure' configures sntp 4.2.8p4 to adapt to many kinds of systems.
++\`configure' configures sntp 4.2.8p5 to adapt to many kinds of systems.
+ 
+ Usage: $0 [OPTION]... [VAR=VALUE]...
+ 
+@@ -1561,7 +1561,7 @@
+ 
+ if test -n "$ac_init_help"; then
+   case $ac_init_help in
+-     short | recursive ) echo "Configuration of sntp 4.2.8p4:";;
++     short | recursive ) echo "Configuration of sntp 4.2.8p5:";;
+    esac
+   cat <<\_ACEOF
+ 
+@@ -1706,7 +1706,7 @@
+ test -n "$ac_init_help" && exit $ac_status
+ if $ac_init_version; then
+   cat <<\_ACEOF
+-sntp configure 4.2.8p4
++sntp configure 4.2.8p5
+ generated by GNU Autoconf 2.69
+ 
+ Copyright (C) 2012 Free Software Foundation, Inc.
+@@ -2536,7 +2536,7 @@
+ This file contains any messages produced by compilers while
+ running configure, to aid debugging if configure makes a mistake.
+ 
+-It was created by sntp $as_me 4.2.8p4, which was
++It was created by sntp $as_me 4.2.8p5, which was
+ generated by GNU Autoconf 2.69.  Invocation command line was
+ 
+   $ $0 $@
+@@ -3533,7 +3533,7 @@
+ 
+ # Define the identity of the package.
+  PACKAGE='sntp'
+- VERSION='4.2.8p4'
++ VERSION='4.2.8p5'
+ 
+ 
+ cat >>confdefs.h <<_ACEOF
+@@ -25155,9 +25155,10 @@
+ 	    # LDADD_LIBEVENT=`$PKG_CONFIG --libs libevent | sed 's:-levent::'`
+ 	    # So now we dance...
+ 	    LDADD_LIBEVENT=
+-	    for i in `$PKG_CONFIG --libs libevent`
++	    for i in `$PKG_CONFIG --libs libevent` `$PKG_CONFIG --cflags-only-other libevent_pthreads`
+ 	    do
+ 		case "$i" in
++		 -D*) ;;
+ 		 -levent*) ;;
+ 		 *) case "$LDADD_LIBEVENT" in
+ 		     '') LDADD_LIBEVENT="$i" ;;
+@@ -31109,7 +31110,7 @@
+ # report actual input values of CONFIG_FILES etc. instead of their
+ # values after options handling.
+ ac_log="
+-This file was extended by sntp $as_me 4.2.8p4, which was
++This file was extended by sntp $as_me 4.2.8p5, which was
+ generated by GNU Autoconf 2.69.  Invocation command line was
+ 
+   CONFIG_FILES    = $CONFIG_FILES
+@@ -31176,7 +31177,7 @@
+ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ ac_cs_version="\\
+-sntp config.status 4.2.8p4
++sntp config.status 4.2.8p5
+ configured by $0, generated by GNU Autoconf 2.69,
+   with options \\"\$ac_cs_config\\"
+ 
+--- contrib/ntp/sntp/invoke-sntp.texi.orig
++++ contrib/ntp/sntp/invoke-sntp.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-sntp.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:30:56 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:23:24 PM by AutoGen 5.18.5
+ # From the definitions    sntp-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -101,7 +101,7 @@
+ 
+ @exampleindent 0
+ @example
+-sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4
++sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5
+ Usage:  sntp [ - [] | --[@{=| @}] ]... \
+                 [ hostname-or-IP ...]
+   Flg Arg Option-Name    Description
+--- contrib/ntp/sntp/networking.c.orig
++++ contrib/ntp/sntp/networking.c
+@@ -136,7 +136,7 @@
+ 		return PACKET_UNUSEABLE;
+ 	}
+ 	/* Note: pkt_len must be a multiple of 4 at this point! */
+-	packet_end = (u_int32*)((char*)rpkt + pkt_len);
++	packet_end = (void*)((char*)rpkt + pkt_len);
+ 	exten_end = skip_efields(rpkt->exten, packet_end);
+ 	if (NULL == exten_end) {
+ 		msyslog(LOG_ERR,
+--- contrib/ntp/sntp/sntp-opts.c.orig
++++ contrib/ntp/sntp/sntp-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (sntp-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:30:23 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:22:49 PM by AutoGen 5.18.5
+  *  From the definitions    sntp-opts.def
+  *  and the template file   options
+  *
+@@ -70,7 +70,7 @@
+  *  static const strings for sntp options
+  */
+ static char const sntp_opt_strs[2549] =
+-/*     0 */ "sntp 4.2.8p4\n"
++/*     0 */ "sntp 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -155,7 +155,7 @@
+ /*  2298 */ "LOAD_OPTS\0"
+ /*  2308 */ "no-load-opts\0"
+ /*  2321 */ "SNTP\0"
+-/*  2326 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4\n"
++/*  2326 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]... \\\n"
+             "\t\t[ hostname-or-IP ...]\n\0"
+ /*  2485 */ "$HOME\0"
+@@ -163,7 +163,7 @@
+ /*  2493 */ ".ntprc\0"
+ /*  2500 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  2534 */ "\n\0"
+-/*  2536 */ "sntp 4.2.8p4";
++/*  2536 */ "sntp 4.2.8p5";
+ 
+ /**
+  *  ipv4 option description with
+@@ -1173,7 +1173,7 @@
+      translate option names.
+    */
+   /* referenced via sntpOptions.pzCopyright */
+-  puts(_("sntp 4.2.8p4\n\
++  puts(_("sntp 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -1263,7 +1263,7 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via sntpOptions.pzUsageTitle */
+-  puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4\n\
++  puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]... \\\n\
+ \t\t[ hostname-or-IP ...]\n"));
+ 
+@@ -1271,7 +1271,7 @@
+   puts(_("\n"));
+ 
+   /* referenced via sntpOptions.pzFullVersion */
+-  puts(_("sntp 4.2.8p4"));
++  puts(_("sntp 4.2.8p5"));
+ 
+   /* referenced via sntpOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/sntp/sntp-opts.h.orig
++++ contrib/ntp/sntp/sntp-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (sntp-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:30:22 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:22:48 PM by AutoGen 5.18.5
+  *  From the definitions    sntp-opts.def
+  *  and the template file   options
+  *
+@@ -91,9 +91,9 @@
+ /** count of all options for sntp */
+ #define OPTION_CT    23
+ /** sntp version */
+-#define SNTP_VERSION       "4.2.8p4"
++#define SNTP_VERSION       "4.2.8p5"
+ /** Full sntp version text */
+-#define SNTP_FULL_VERSION  "sntp 4.2.8p4"
++#define SNTP_FULL_VERSION  "sntp 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/sntp/sntp.1sntpman.orig
++++ contrib/ntp/sntp/sntp.1sntpman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH sntp 1sntpman "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH sntp 1sntpman "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-hEaqbg/ag-UEaiag)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-e.aO3S/ag-r.aG2S)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:30:52 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:23:20 PM by AutoGen 5.18.5
+ .\" From the definitions sntp-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/sntp/sntp.1sntpmdoc.orig
++++ contrib/ntp/sntp/sntp.1sntpmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SNTP 1sntpmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:23:27 PM by AutoGen 5.18.5
+ .\"  From the definitions    sntp-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/sntp/sntp.html.orig
++++ contrib/ntp/sntp/sntp.html
+@@ -36,7 +36,7 @@
+ clock.  Run as root, it can correct the system clock to this offset as
+ well.  It can be run as an interactive command or from a cron job.
+ 
+-  
        This document applies to version 4.2.8p4 of sntp.
++  
        This document applies to version 4.2.8p5 of sntp.
+ 
+   
        The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
+ IETF specification.
+@@ -176,7 +176,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
        sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4
++
        sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5
+ Usage:  sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
+                 [ hostname-or-IP ...]
+   Flg Arg Option-Name    Description
+--- contrib/ntp/sntp/sntp.man.in.orig
++++ contrib/ntp/sntp/sntp.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH sntp @SNTP_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH sntp @SNTP_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-hEaqbg/ag-UEaiag)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-e.aO3S/ag-r.aG2S)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:30:52 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:23:20 PM by AutoGen 5.18.5
+ .\" From the definitions sntp-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/sntp/sntp.mdoc.in.orig
++++ contrib/ntp/sntp/sntp.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SNTP @SNTP_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:23:27 PM by AutoGen 5.18.5
+ .\"  From the definitions    sntp-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/sntp/version.c.orig
++++ contrib/ntp/sntp/version.c
+@@ -2,4 +2,4 @@
+  * version file for sntp
+  */
+ #include 
+-const char * Version = "sntp 4.2.8p4@1.3265-o Wed Oct 21 16:41:07 UTC 2015 (25)";
++const char * Version = "sntp 4.2.8p4@1.3265-o Thu Jan  7 23:23:18 UTC 2016 (26)";
+--- contrib/ntp/tests/bug-2803/bug-2803.c.orig
++++ contrib/ntp/tests/bug-2803/bug-2803.c
+@@ -15,7 +15,7 @@
+ int simpleTest(void);
+ void setUp(void);
+ void tearDown(void);
+-//void test_main(void);
++void test_main(void);
+ 
+ static int verbose = 1;        // if not 0, also print results if test passed
+ static int exit_on_err = 0;    // if not 0, exit if test failed
+--- contrib/ntp/tests/bug-2803/run-bug-2803.c.orig
++++ contrib/ntp/tests/bug-2803/run-bug-2803.c
+@@ -31,6 +31,7 @@
+ //=======External Functions This Runner Calls=====
+ extern void setUp(void);
+ extern void tearDown(void);
++extern void test_main(void);
+ extern void test_main(void );
+ 
+ 
+@@ -51,6 +52,7 @@
+   progname = argv[0];
+   UnityBegin("bug-2803.c");
+   RUN_TEST(test_main, 18);
++  RUN_TEST(test_main, 18);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/a_md5encrypt.c.orig
++++ contrib/ntp/tests/libntp/a_md5encrypt.c
+@@ -16,14 +16,25 @@
+  * Example packet with MD5 hash calculated manually.
+  */
+ const int keytype = KEY_TYPE_MD5;
+-const char *key = "abcdefgh";
++const u_char *key = (const u_char*)"abcdefgh";
+ const u_short keyLength = 8;
+-const char *packet = "ijklmnopqrstuvwx";
++const u_char *packet = (const u_char*)"ijklmnopqrstuvwx";
+ #define packetLength 16
+ #define keyIdLength  4
+ #define digestLength 16
+-const int totalLength = packetLength + keyIdLength + digestLength;
+-const char *expectedPacket = "ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x53";
++#define totalLength (packetLength + keyIdLength + digestLength)
++union {
++	u_char		u8 [totalLength];
++	uint32_t	u32[1];
++} expectedPacket = {
++	"ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x53"
++};
++union {
++	u_char		u8 [totalLength];
++	uint32_t	u32[1];
++} invalidPacket = {
++	"ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x54"
++};
+ 
+ 
+ void test_Encrypt(void);
+@@ -35,7 +46,7 @@
+ 
+ void
+ test_Encrypt(void) {
+-	char *packetPtr;
++	u_int32 *packetPtr;
+ 	int length;
+ 
+ 	packetPtr = emalloc(totalLength * sizeof(*packetPtr));
+@@ -45,12 +56,12 @@
+ 
+ 	cache_secretsize = keyLength;
+ 
+-	length = MD5authencrypt(keytype, (u_char*)key, (u_int32*)packetPtr, packetLength);
++	length = MD5authencrypt(keytype, key, packetPtr, packetLength);
+ 
+-	TEST_ASSERT_TRUE(MD5authdecrypt(keytype, (u_char*)key, (u_int32*)packetPtr, packetLength, length));
++	TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, packetPtr, packetLength, length));
+ 
+ 	TEST_ASSERT_EQUAL(20, length);
+-	TEST_ASSERT_EQUAL_MEMORY(expectedPacket, packetPtr, totalLength);
++	TEST_ASSERT_EQUAL_MEMORY(expectedPacket.u8, packetPtr, totalLength);
+ 
+ 	free(packetPtr);
+ }
+@@ -58,17 +69,13 @@
+ void
+ test_DecryptValid(void) {
+ 	cache_secretsize = keyLength;
+-
+-	TEST_ASSERT_TRUE(MD5authdecrypt(keytype, (u_char*)key, (u_int32*)expectedPacket, packetLength, 20));
++	TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, expectedPacket.u32, packetLength, 20));
+ }
+ 
+ void
+ test_DecryptInvalid(void) {
+ 	cache_secretsize = keyLength;
+-
+-	const char *invalidPacket = "ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x54";
+-
+-	TEST_ASSERT_FALSE(MD5authdecrypt(keytype, (u_char*)key, (u_int32*)invalidPacket, packetLength, 20));
++	TEST_ASSERT_FALSE(MD5authdecrypt(keytype, key, invalidPacket.u32, packetLength, 20));
+ }
+ 
+ void
+@@ -87,12 +94,13 @@
+ 
+ void
+ test_IPv6AddressToRefId(void) {
+-	const struct in6_addr address = {
++	const int expected = 0x75cffd52;
++	const struct in6_addr address = { { {
+ 		0x20, 0x01, 0x0d, 0xb8,
+ 		0x85, 0xa3, 0x08, 0xd3,
+ 		0x13, 0x19, 0x8a, 0x2e,
+ 		0x03, 0x70, 0x73, 0x34
+-	};
++	} } };
+ 	sockaddr_u addr;
+ 
+ 	addr.sa6.sin6_family = AF_INET6;
+@@ -99,11 +107,11 @@
+ 
+ 	addr.sa6.sin6_addr = address;
+ 
+-	const int expected = 0x75cffd52;
+ 
+ #if 0
+ 	TEST_ASSERT_EQUAL(expected, addr2refid(&addr));
+ #else
++	(void)expected;
+ 	TEST_IGNORE_MESSAGE("Skipping because of big endian problem?");
+ #endif
+ }
+--- contrib/ntp/tests/libntp/authkeys.c.orig
++++ contrib/ntp/tests/libntp/authkeys.c
+@@ -51,18 +51,21 @@
+ 	cache_flags = 0;
+ 	cache_secret = NULL;
+ 	cache_secretsize = 0;
++
++	return;
+ }
+ 
+ void
+ tearDown(void)
+ {
+-
++	return;
+ }
+ 
+ static const int KEYTYPE = KEY_TYPE_MD5;
+ 
+ void
+-AddTrustedKey(keyid_t keyno) {
++AddTrustedKey(keyid_t keyno)
++{
+ 	/*
+ 	 * We need to add a MD5-key in addition to setting the
+ 	 * trust, because authhavekey() requires type != 0.
+@@ -70,15 +73,21 @@
+ 	MD5auth_setkey(keyno, KEYTYPE, NULL, 0);
+ 
+ 	authtrust(keyno, TRUE);
++
++	return;
+ }
+ 
+ void
+-AddUntrustedKey(keyid_t keyno) {
++AddUntrustedKey(keyid_t keyno)
++{
+ 	authtrust(keyno, FALSE);
++
++	return;
+ }
+ 
+ void
+-test_AddTrustedKeys(void) {
++test_AddTrustedKeys(void)
++{
+ 	const keyid_t KEYNO1 = 5;
+ 	const keyid_t KEYNO2 = 8;
+ 
+@@ -87,19 +96,25 @@
+ 
+ 	TEST_ASSERT_TRUE(authistrusted(KEYNO1));
+ 	TEST_ASSERT_TRUE(authistrusted(KEYNO2));
++
++	return;
+ }
+ 
+ void
+-test_AddUntrustedKey(void) {
++test_AddUntrustedKey(void)
++{
+ 	const keyid_t KEYNO = 3;
+    
+ 	AddUntrustedKey(KEYNO);
+ 
+ 	TEST_ASSERT_FALSE(authistrusted(KEYNO));
++
++	return;
+ }
+ 
+ void
+-test_HaveKeyCorrect(void) {
++test_HaveKeyCorrect(void)
++{
+ 	const keyid_t KEYNO = 3;
+ 
+ 	AddTrustedKey(KEYNO);
+@@ -106,29 +121,40 @@
+ 
+ 	TEST_ASSERT_TRUE(auth_havekey(KEYNO));
+ 	TEST_ASSERT_TRUE(authhavekey(KEYNO));
++
++	return;
+ }
+ 
+ void
+-test_HaveKeyIncorrect(void) {
++test_HaveKeyIncorrect(void)
++{
+ 	const keyid_t KEYNO = 2;
+ 
+ 	TEST_ASSERT_FALSE(auth_havekey(KEYNO));
+ 	TEST_ASSERT_FALSE(authhavekey(KEYNO));
++
++	return;
+ }
+ 
+ void
+-test_AddWithAuthUseKey(void) {
++test_AddWithAuthUseKey(void)
++{
+ 	const keyid_t KEYNO = 5;
+ 	const char* KEY = "52a";
+ 
+-	TEST_ASSERT_TRUE(authusekey(KEYNO, KEYTYPE, (u_char*)KEY));	
++	TEST_ASSERT_TRUE(authusekey(KEYNO, KEYTYPE, (const u_char*)KEY));
++
++	return;
+ }
+ 
+ void
+-test_EmptyKey(void) {
++test_EmptyKey(void)
++{
+ 	const keyid_t KEYNO = 3;
+ 	const char* KEY = "";
+ 
+ 
+-	TEST_ASSERT_FALSE(authusekey(KEYNO, KEYTYPE, (u_char*)KEY));
++	TEST_ASSERT_FALSE(authusekey(KEYNO, KEYTYPE, (const u_char*)KEY));
++
++	return;
+ }
+--- contrib/ntp/tests/libntp/buftvtots.c.orig
++++ contrib/ntp/tests/libntp/buftvtots.c
+@@ -18,7 +18,8 @@
+ 
+ 
+ void
+-test_ZeroBuffer(void) {
++test_ZeroBuffer(void)
++{
+ #ifndef SYS_WINNT
+ 	const struct timeval input = {0, 0};
+ 	const l_fp expected = {{0 + JAN_1970}, 0};
+@@ -30,10 +31,14 @@
+ #else
+ 	TEST_IGNORE_MESSAGE("Test only for Windows, skipping...");
+ #endif
++
++	return;
+ }
+ 
++
+ void
+-test_IntegerAndFractionalBuffer(void) {
++test_IntegerAndFractionalBuffer(void)
++{
+ #ifndef SYS_WINNT
+ 	const struct timeval input = {5, 500000}; /* 5.5 */
+ 	const l_fp expected = {{5 + JAN_1970}, HALF};
+@@ -53,13 +58,16 @@
+ #else
+ 	TEST_IGNORE_MESSAGE("Test only for Windows, skipping...");
+ #endif
++
++	return;
+ }
+ 
+ void
+-test_IllegalMicroseconds(void) {
++test_IllegalMicroseconds(void)
++{
+ #ifndef SYS_WINNT
+ 	const struct timeval input = {0, 1100000}; /* > 999 999 microseconds. */
+-	
++
+ 	l_fp actual;
+ 
+ 	TEST_ASSERT_FALSE(buftvtots((const char*)(&input), &actual));
+@@ -66,11 +74,14 @@
+ #else
+ 	TEST_IGNORE_MESSAGE("Test only for Windows, skipping...");
+ #endif
++
++	return;
+ }
+ 
+ 
+ void
+-test_AlwaysFalseOnWindows(void) {
++test_AlwaysFalseOnWindows(void)
++{
+ #ifdef SYS_WINNT
+ 	/*
+ 	 * Under Windows, buftvtots will just return
+@@ -81,5 +92,6 @@
+ #else
+ 	TEST_IGNORE_MESSAGE("Non-Windows test, skipping...");
+ #endif
++
++	return;
+ }
+-
+--- contrib/ntp/tests/libntp/calendar.c.orig
++++ contrib/ntp/tests/libntp/calendar.c
+@@ -8,32 +8,43 @@
+ 
+ static int leapdays(int year);
+ 
+-int isGT(int first, int second);
+-int leapdays(int year);
+-char * CalendarFromCalToString(const struct calendar *cal);
+-char * CalendarFromIsoToString(const struct isodate *iso); 
+-int IsEqualCal(const struct calendar *expected, const struct calendar *actual);
+-int IsEqualIso(const struct isodate *expected, const struct isodate *actual);
+-char * DateFromCalToString(const struct calendar *cal);
+-char * DateFromIsoToString(const struct isodate *iso);
+-int IsEqualDateCal(const struct calendar *expected, const struct calendar *actual);
+-int IsEqualDateIso(const struct isodate *expected, const struct isodate *actual);
+-void test_DaySplitMerge(void);
+-void test_SplitYearDays1(void);
+-void test_SplitYearDays2(void);
+-void test_RataDie1(void);
+-void test_LeapYears1(void);
+-void test_LeapYears2(void);
+-void test_RoundTripDate(void);
+-void test_RoundTripYearStart(void);
+-void test_RoundTripMonthStart(void);
+-void test_RoundTripWeekStart(void);
+-void test_RoundTripDayStart(void);
+-void test_IsoCalYearsToWeeks(void);
+-void test_IsoCalWeeksToYearStart(void);
+-void test_IsoCalWeeksToYearEnd(void);
+-void test_DaySecToDate(void);
++void	setUp(void);
++int	isGT(int first, int second);
++int	leapdays(int year);
++char *	CalendarFromCalToString(const struct calendar *cal);
++char *	CalendarFromIsoToString(const struct isodate *iso); 
++int	IsEqualCal(const struct calendar *expected, const struct calendar *actual);
++int	IsEqualIso(const struct isodate *expected, const struct isodate *actual);
++char *	DateFromCalToString(const struct calendar *cal);
++char *	DateFromIsoToString(const struct isodate *iso);
++int	IsEqualDateCal(const struct calendar *expected, const struct calendar *actual);
++int	IsEqualDateIso(const struct isodate *expected, const struct isodate *actual);
++void	test_DaySplitMerge(void);
++void	test_SplitYearDays1(void);
++void	test_SplitYearDays2(void);
++void	test_RataDie1(void);
++void	test_LeapYears1(void);
++void	test_LeapYears2(void);
++void	test_RoundTripDate(void);
++void	test_RoundTripYearStart(void);
++void	test_RoundTripMonthStart(void);
++void	test_RoundTripWeekStart(void);
++void	test_RoundTripDayStart(void);
++void	test_IsoCalYearsToWeeks(void);
++void	test_IsoCalWeeksToYearStart(void);
++void	test_IsoCalWeeksToYearEnd(void);
++void	test_DaySecToDate(void);
+ 
++
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ /*
+  * ---------------------------------------------------------------------
+  * test support stuff
+@@ -42,7 +53,7 @@
+ int
+ isGT(int first, int second)
+ {
+-	if(first > second) {	
++	if(first > second) {
+ 		return TRUE;
+ 	} else {
+ 		return FALSE;
+@@ -100,9 +111,14 @@
+ 	    expected->second == actual->second) {
+ 		return TRUE;
+ 	} else {
+-		printf("expected: %s but was %s",
+-		       CalendarFromCalToString(expected),
+-		       CalendarFromCalToString(actual));
++		char *p_exp = CalendarFromCalToString(expected);
++		char *p_act = CalendarFromCalToString(actual);
++
++		printf("expected: %s but was %s", p_exp, p_act);
++
++		free(p_exp);
++		free(p_act);
++
+ 		return FALSE;		  
+ 	}
+ }
+@@ -215,8 +231,10 @@
+  * the 'vint64' is definitely needed.
+  */
+ void
+-test_DaySplitMerge(void) {
++test_DaySplitMerge(void)
++{
+ 	int32 day,sec;
++
+ 	for (day = -1000000; day <= 1000000; day += 100) {
+ 		for (sec = -100000; sec <= 186400; sec += 10000) {
+ 			vint64		 merge;
+@@ -242,11 +260,15 @@
+ 			TEST_ASSERT_EQUAL(esec, split.lo);
+ 		}
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_SplitYearDays1(void) {
++test_SplitYearDays1(void)
++{
+ 	int32 eyd;
++
+ 	for (eyd = -1; eyd <= 365; eyd++) {
+ 		ntpcal_split split = ntpcal_split_yeardays(eyd, 0);
+ 		if (split.lo >= 0 && split.hi >= 0) {
+@@ -257,11 +279,15 @@
+ 		} else
+ 			TEST_ASSERT_TRUE(eyd < 0 || eyd > 364);
+ 	}
++
++	return;
+ }
+-		
++
+ void
+-test_SplitYearDays2(void) {
++test_SplitYearDays2(void)
++{
+ 	int32 eyd;
++
+ 	for (eyd = -1; eyd <= 366; eyd++) {
+ 		ntpcal_split split = ntpcal_split_yeardays(eyd, 1);
+ 		if (split.lo >= 0 && split.hi >= 0) {
+@@ -274,10 +300,13 @@
+ 		} else
+ 			TEST_ASSERT_TRUE(eyd < 0 || eyd > 365);
+ 		}
++
++	return;
+ }
+-		
++
+ void
+-test_RataDie1(void) {
++test_RataDie1(void)
++{
+ 	int32	 testDate = 1; /* 0001-01-01 (proleptic date) */
+ 	struct calendar expected = { 1, 1, 1, 1 };
+ 	struct calendar actual;
+@@ -284,11 +313,14 @@
+ 
+ 	ntpcal_rd_to_date(&actual, testDate);
+ 	TEST_ASSERT_TRUE(IsEqualDateCal(&expected, &actual));
++
++	return;
+ }
+ 
+ /* check last day of february for first 10000 years */
+ void
+-test_LeapYears1(void) {
++test_LeapYears1(void)
++{
+ 	struct calendar dateIn, dateOut;
+ 
+ 	for (dateIn.year = 1; dateIn.year < 10000; ++dateIn.year) {
+@@ -300,11 +332,14 @@
+ 
+ 		TEST_ASSERT_TRUE(IsEqualDateCal(&dateIn, &dateOut));
+ 	}
++
++	return;
+ }
+ 
+ /* check first day of march for first 10000 years */
+ void
+-test_LeapYears2(void) {
++test_LeapYears2(void)
++{
+ 	struct calendar dateIn, dateOut;
+ 
+ 	for (dateIn.year = 1; dateIn.year < 10000; ++dateIn.year) {
+@@ -315,6 +350,8 @@
+ 		ntpcal_rd_to_date(&dateOut, ntpcal_date_to_rd(&dateIn));
+ 		TEST_ASSERT_TRUE(IsEqualDateCal(&dateIn, &dateOut));
+ 	}
++
++	return;
+ }
+ 
+ /* Full roundtrip from 1601-01-01 to 2400-12-31
+@@ -324,7 +361,8 @@
+  * invalid output can occur.)
+  */
+ void
+-test_RoundTripDate(void) {
++test_RoundTripDate(void)
++{
+ 	struct calendar truDate, expDate = { 1600, 0, 12, 31 };;
+ 	int	 leaps;
+ 	int32	 truRdn, expRdn	= ntpcal_date_to_rd(&expDate);
+@@ -335,7 +373,7 @@
+ 		expDate.yearday = 0;
+ 		leaps = leapdays(expDate.year);
+ 		while (expDate.month < 12) {
+-			expDate.month++;			
++			expDate.month++;
+ 			expDate.monthday = 0;
+ 			while (expDate.monthday < real_month_days[leaps][expDate.month]) {
+ 				expDate.monthday++;
+@@ -350,11 +388,14 @@
+ 			}
+ 		}
+ 	}
++
++	return;
+ }
+ 
+ /* Roundtrip testing on calyearstart */
+ void
+-test_RoundTripYearStart(void) {
++test_RoundTripYearStart(void)
++{
+ 	static const time_t pivot = 0;
+ 	u_int32 ntp, expys, truys;
+ 	struct calendar date;
+@@ -367,11 +408,14 @@
+ 		expys = ntpcal_date_to_ntp(&date);
+ 		TEST_ASSERT_EQUAL(expys, truys);
+ 	}
+-}	
+ 
++	return;
++}
++
+ /* Roundtrip testing on calmonthstart */
+ void
+-test_RoundTripMonthStart(void) {
++test_RoundTripMonthStart(void)
++{
+ 	static const time_t pivot = 0;
+ 	u_int32 ntp, expms, trums;
+ 	struct calendar date;
+@@ -384,11 +428,14 @@
+ 		expms = ntpcal_date_to_ntp(&date);
+ 		TEST_ASSERT_EQUAL(expms, trums);
+ 	}
+-}	
+ 
++	return;
++}
++
+ /* Roundtrip testing on calweekstart */
+ void
+-test_RoundTripWeekStart(void) {
++test_RoundTripWeekStart(void)
++{
+ 	static const time_t pivot = 0;
+ 	u_int32 ntp, expws, truws;
+ 	struct isodate date;
+@@ -401,11 +448,14 @@
+ 		expws = isocal_date_to_ntp(&date);
+ 		TEST_ASSERT_EQUAL(expws, truws);
+ 	}
+-}	
+ 
++	return;
++}
++
+ /* Roundtrip testing on caldaystart */
+ void
+-test_RoundTripDayStart(void) {
++test_RoundTripDayStart(void)
++{
+ 	static const time_t pivot = 0;
+ 	u_int32 ntp, expds, truds;
+ 	struct calendar date;
+@@ -417,6 +467,8 @@
+ 		expds = ntpcal_date_to_ntp(&date);
+ 		TEST_ASSERT_EQUAL(expds, truds);
+ 	}
++
++	return;
+ }
+ 
+ /* ---------------------------------------------------------------------
+@@ -444,6 +496,7 @@
+ 	int32_t years)
+ {
+ 	int32_t days, weeks;
++
+ 	days = ntpcal_weekday_close(
+ 		ntpcal_days_in_years(years) + 1,
+ 		CAL_MONDAY) - 1;
+@@ -455,6 +508,7 @@
+ 	weeks = days / 7;
+ 	days  = days % 7;
+ 	TEST_ASSERT_EQUAL(0, days); /* paranoia check... */
++
+ 	return weeks;
+ }
+ 
+@@ -462,9 +516,11 @@
+  * they are not, the calendar needs a better implementation...
+  */
+ void
+-test_IsoCalYearsToWeeks(void) {
++test_IsoCalYearsToWeeks(void)
++{
+ 	int32_t years;
+ 	int32_t wref, wcal;
++
+ 	for (years = -1000; years < 4000; ++years) {
+ 		/* get number of weeks before years (reference) */
+ 		wref = refimpl_WeeksInIsoYears(years);
+@@ -472,13 +528,17 @@
+ 		wcal = isocal_weeks_in_years(years);
+ 		TEST_ASSERT_EQUAL(wref, wcal);
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_IsoCalWeeksToYearStart(void) {
++test_IsoCalWeeksToYearStart(void)
++{
+ 	int32_t years;
+ 	int32_t wref;
+ 	ntpcal_split ysplit;
++
+ 	for (years = -1000; years < 4000; ++years) {
+ 		/* get number of weeks before years (reference) */
+ 		wref = refimpl_WeeksInIsoYears(years);
+@@ -488,13 +548,17 @@
+ 		TEST_ASSERT_EQUAL(years, ysplit.hi);
+ 		TEST_ASSERT_EQUAL(0, ysplit.lo);
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_IsoCalWeeksToYearEnd(void) {
++test_IsoCalWeeksToYearEnd(void)
++{
+ 	int32_t years;
+ 	int32_t wref;
+ 	ntpcal_split ysplit;
++
+ 	for (years = -1000; years < 4000; ++years) {
+ 		/* get last week of previous year */
+ 		wref = refimpl_WeeksInIsoYears(years) - 1;
+@@ -504,10 +568,13 @@
+ 		TEST_ASSERT_EQUAL(years-1, ysplit.hi);
+ 		TEST_ASSERT(ysplit.lo == 51 || ysplit.lo == 52);
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_DaySecToDate(void) {
++test_DaySecToDate(void)
++{
+ 	struct calendar cal;
+ 	int32_t days;
+ 
+@@ -538,4 +605,6 @@
+ 	days = ntpcal_daysec_to_date(&cal, 86400);
+ 	TEST_ASSERT_MESSAGE((days==1 && cal.hour==0 && cal.minute==0 && cal.second==0),
+ 		"failed for 86400");
++
++	return;
+ }
+--- contrib/ntp/tests/libntp/caljulian.c.orig
++++ contrib/ntp/tests/libntp/caljulian.c
+@@ -20,10 +20,12 @@
+ 
+ 
+ char *
+-CalendarToString(const struct calendar cal) {
++CalendarToString(const struct calendar cal)
++{
+ 	char * str = emalloc (sizeof (char) * 100);
+-	
+ 	char buffer[100] ="";
++
++	*str = '\0';
+ 	snprintf(buffer, 100, "%u", cal.year);
+ 	strcat(str, buffer);
+ 	strcat(str, "-");
+@@ -48,19 +50,25 @@
+ }
+ 
+ int // technically boolean
+-IsEqual(const struct calendar expected, const struct calendar actual) {
+-	if (expected.year == actual.year &&
+-		(expected.yearday == actual.yearday ||
+-		 (expected.month == actual.month &&
+-		  expected.monthday == actual.monthday)) &&
+-		expected.hour == actual.hour &&
+-		expected.minute == actual.minute &&
+-		expected.second == actual.second) {
++IsEqual(const struct calendar expected, const struct calendar actual)
++{
++	if (   expected.year == actual.year
++	    && (   expected.yearday == actual.yearday
++		|| (   expected.month == actual.month
++		    && expected.monthday == actual.monthday))
++	    && expected.hour == actual.hour
++	    && expected.minute == actual.minute
++	    && expected.second == actual.second) {
+ 		return TRUE;
+ 	} else {
+-		printf("expected: %s but was %s", CalendarToString(expected) ,CalendarToString(actual));
++		char *p_exp, *p_act;
++
++		p_exp = CalendarToString(expected);
++		p_act = CalendarToString(actual);
++		printf("expected: %s but was %s", p_exp, p_act);
++		free(p_exp);
++		free(p_act);
+ 		return FALSE;
+-			
+ 	}
+ }
+ 
+@@ -70,6 +78,9 @@
+ {
+     ntpcal_set_timefunc(timefunc);
+     settime(1970, 1, 1, 0, 0, 0);
++    init_lib();
++
++    return;
+ }
+ 
+ void
+@@ -76,11 +87,14 @@
+ tearDown()
+ {
+     ntpcal_set_timefunc(NULL);
++
++    return;
+ }
+ 
+ 
+ void
+-test_RegularTime(void) {
++test_RegularTime(void)
++{
+ 	u_long testDate = 3485080800UL; // 2010-06-09 14:00:00
+ 	struct calendar expected = {2010,160,6,9,14,0,0};
+ 
+@@ -89,10 +103,13 @@
+ 	caljulian(testDate, &actual);
+ 
+ 	TEST_ASSERT_TRUE(IsEqual(expected, actual));
++
++	return;
+ }
+ 
+ void
+-test_LeapYear(void) {
++test_LeapYear(void)
++{
+ 	u_long input = 3549902400UL; // 2012-06-28 20:00:00Z
+ 	struct calendar expected = {2012, 179, 6, 28, 20, 0, 0};
+ 
+@@ -101,28 +118,36 @@
+ 	caljulian(input, &actual);
+ 
+ 	TEST_ASSERT_TRUE(IsEqual(expected, actual));
++
++	return;
+ }
+ 
+ void
+-test_uLongBoundary(void) {
+-	u_long time = 4294967295UL; // 2036-02-07 6:28:15
++test_uLongBoundary(void)
++{
++	u_long enc_time = 4294967295UL; // 2036-02-07 6:28:15
+ 	struct calendar expected = {2036,0,2,7,6,28,15};
+ 
+ 	struct calendar actual;
+ 
+-	caljulian(time, &actual);
++	caljulian(enc_time, &actual);
+ 
+ 	TEST_ASSERT_TRUE(IsEqual(expected, actual));
++
++	return;
+ }
+ 
+ void
+-test_uLongWrapped(void) {
+-	u_long time = 0;
++test_uLongWrapped(void)
++{
++	u_long enc_time = 0;
+ 	struct calendar expected = {2036,0,2,7,6,28,16};
+ 
+ 	struct calendar actual;
+ 
+-	caljulian(time, &actual);
++	caljulian(enc_time, &actual);
+ 
+ 	TEST_ASSERT_TRUE(IsEqual(expected, actual));
++
++	return;
+ }
+--- contrib/ntp/tests/libntp/clocktime.c.orig
++++ contrib/ntp/tests/libntp/clocktime.c
+@@ -30,14 +30,18 @@
+ void
+ setUp()
+ {
+-    ntpcal_set_timefunc(timefunc);
+-    settime(2000, 1, 1, 0, 0, 0);
++	ntpcal_set_timefunc(timefunc);
++	settime(2000, 1, 1, 0, 0, 0);
++
++	return;
+ }
+ 
+ void
+ tearDown()
+ {
+-    ntpcal_set_timefunc(NULL);
++	ntpcal_set_timefunc(NULL);
++
++	return;
+ }
+ 
+ /* ---------------------------------------------------------------------
+@@ -45,7 +49,8 @@
+  */
+ 
+ void
+-test_CurrentYear(void) {
++test_CurrentYear(void)
++{
+ 	/* Timestamp: 2010-06-24 12:50:00Z */
+ 	const u_int32 timestamp = 3486372600UL;
+ 	const u_int32 expected	= timestamp; /* exactly the same. */
+@@ -52,16 +57,19 @@
+ 
+ 	const int yday=175, hour=12, minute=50, second=0, tzoff=0;
+ 
+-	u_long yearstart=0;
++	u_long yearstart = 0;
+ 	u_int32 actual;
+ 
+-	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff, timestamp,
+-						  &yearstart, &actual));
++	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff,
++				   timestamp, &yearstart, &actual));
+ 	TEST_ASSERT_EQUAL(expected, actual);
++
++	return;
+ }
+ 
+ void
+-test_CurrentYearFuzz(void) {
++test_CurrentYearFuzz(void)
++{
+ 	/* 
+ 	 * Timestamp (rec_ui) is: 2010-06-24 12:50:00
+ 	 * Time sent into function is 12:00:00.
+@@ -78,13 +86,16 @@
+ 	u_long yearstart=0;
+ 	u_int32 actual;
+ 
+-	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff, timestamp,
+-						  &yearstart, &actual));
++	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff,
++				   timestamp, &yearstart, &actual));
+ 	TEST_ASSERT_EQUAL(expected, actual);
++
++	return;
+ }
+ 
+ void
+-test_TimeZoneOffset(void) {
++test_TimeZoneOffset(void)
++{
+ 	/*
+ 	 * Timestamp (rec_ui) is: 2010-06-24 12:00:00 +0800
+ 	 * (which is 2010-06-24 04:00:00Z)
+@@ -105,7 +116,8 @@
+ }
+ 
+ void
+-test_WrongYearStart(void) {
++test_WrongYearStart(void)
++{
+ 	/* 
+ 	 * Timestamp (rec_ui) is: 2010-01-02 11:00:00Z
+ 	 * Time sent into function is 11:00:00.
+@@ -125,7 +137,8 @@
+ }
+ 
+ void
+-test_PreviousYear(void) {
++test_PreviousYear(void)
++{
+ 	/*
+ 	 * Timestamp is: 2010-01-01 01:00:00Z
+ 	 * Time sent into function is 23:00:00
+@@ -145,7 +158,8 @@
+ }
+ 
+ void
+-test_NextYear(void) {
++test_NextYear(void)
++{
+ 	/*
+ 	 * Timestamp is: 2009-12-31 23:00:00Z
+ 	 * Time sent into function is 01:00:00
+@@ -158,28 +172,35 @@
+ 	u_long yearstart = 0;
+ 	u_int32 actual;
+ 
+-	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff, timestamp,
+-						  &yearstart, &actual));
++	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff,
++				   timestamp, &yearstart, &actual));
+ 	TEST_ASSERT_EQUAL(expected, actual);
++
++	return;
+ }
+ 
+ void
+-test_NoReasonableConversion(void) {
++test_NoReasonableConversion(void)
++{
+ 	/* Timestamp is: 2010-01-02 11:00:00Z */
+ 	const u_int32 timestamp = 3471418800UL;
+-	
++
+ 	const int yday=100, hour=12, minute=0, second=0, tzoff=0;
+ 	u_long yearstart = 0;
+ 	u_int32 actual;
+ 
+-	TEST_ASSERT_FALSE(clocktime(yday, hour, minute, second, tzoff, timestamp,
+-						   &yearstart, &actual));
++	TEST_ASSERT_FALSE(clocktime(yday, hour, minute, second, tzoff,
++				    timestamp, &yearstart, &actual));
++
++	return;
+ }
+ 
+ 
+ int/*BOOL*/
+-isLE(u_int32 diff,u_int32 actual){
+-	if(diff <= actual){
++isLE(u_int32 diff,u_int32 actual)
++{
++
++	if (diff <= actual) {
+ 		return TRUE;
+ 	}
+ 	else return FALSE;
+@@ -187,7 +208,8 @@
+ 
+ 
+ void
+-test_AlwaysInLimit(void) {
++test_AlwaysInLimit(void)
++{
+ 	/* Timestamp is: 2010-01-02 11:00:00Z */
+ 	const u_int32 timestamp = 3471418800UL;
+ 	const u_short prime_incs[] = { 127, 151, 163, 179 };
+@@ -210,7 +232,8 @@
+ 			for (hour = -204; hour < 204; hour += 2) {
+ 				for (minute = -60; minute < 60; minute++) {
+ 					clocktime(yday, hour, minute, 30, 0,
+-						  timestamp, &yearstart, &actual);
++						  timestamp, &yearstart,
++						  &actual);
+ 					diff = actual - timestamp;
+ 					if (diff >= 0x80000000UL)
+ 						diff = ~diff + 1;
+@@ -219,4 +242,5 @@
+ 			}
+ 		}
+ 	}
++	return;
+ }
+--- contrib/ntp/tests/libntp/decodenetnum.c.orig
++++ contrib/ntp/tests/libntp/decodenetnum.c
+@@ -4,6 +4,7 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ extern void test_IPv4AddressOnly(void);
+ extern void test_IPv4AddressWithPort(void);
+ //#ifdef ISC_PLATFORM_HAVEIPV6
+@@ -15,6 +16,15 @@
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_IPv4AddressOnly(void) {
+ 	const char *str = "192.0.2.1";
+ 	sockaddr_u actual;
+--- contrib/ntp/tests/libntp/humandate.c.orig
++++ contrib/ntp/tests/libntp/humandate.c
+@@ -5,11 +5,21 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_RegularTime(void);
+ void test_CurrentTime(void);
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_RegularTime(void)
+ {
+ 	time_t sample = 1276601278;
+@@ -17,11 +27,13 @@
+ 	struct tm* tm;
+ 
+ 	tm = localtime(&sample);
+-	TEST_ASSERT_TRUE(time != NULL);
++	TEST_ASSERT_TRUE(tm != NULL);
+ 
+ 	snprintf(expected, 15, "%02d:%02d:%02d", tm->tm_hour, tm->tm_min, tm->tm_sec);
+ 
+ 	TEST_ASSERT_EQUAL_STRING(expected, humantime(sample));
++
++	return;
+ }
+ 
+ void
+@@ -34,9 +46,11 @@
+ 	time(&sample);
+ 
+ 	tm = localtime(&sample);
+-	TEST_ASSERT_TRUE(time != NULL);
++	TEST_ASSERT_TRUE(tm != NULL);
+ 
+ 	snprintf(expected, 15, "%02d:%02d:%02d", tm->tm_hour, tm->tm_min, tm->tm_sec);
+ 
+ 	TEST_ASSERT_EQUAL_STRING(expected, humantime(sample));
++
++	return;
+ }
+--- contrib/ntp/tests/libntp/lfpfunc.c.orig
++++ contrib/ntp/tests/libntp/lfpfunc.c
+@@ -9,17 +9,18 @@
+ #include 
+ 
+ 
+-/* replaced TEST_ASSERT_EQUAL_MEMORY(&a, &b, sizeof(a)) with TEST_ASSERT_EQUAL_l_fp(a, b).
+-   It's safer this way, because structs can be compared even if they aren't initiated
+-   with memset (due to padding bytes).
++/*
++   replaced:	TEST_ASSERT_EQUAL_MEMORY(&a, &b, sizeof(a))
++   with:	TEST_ASSERT_EQUAL_l_fp(a, b).
++   It's safer this way, because structs can be compared even if they
++   aren't initiated with memset (due to padding bytes).
+ */
+-#define TEST_ASSERT_EQUAL_l_fp(a, b) { \
+-    TEST_ASSERT_EQUAL_MESSAGE(a.l_i, b.l_i, "Field l_i"); \
+-    TEST_ASSERT_EQUAL_UINT_MESSAGE(a.l_uf, b.l_uf, "Field l_uf");	\
++#define TEST_ASSERT_EQUAL_l_fp(a, b) {					\
++	TEST_ASSERT_EQUAL_MESSAGE(a.l_i, b.l_i, "Field l_i");		\
++	TEST_ASSERT_EQUAL_UINT_MESSAGE(a.l_uf, b.l_uf, "Field l_uf");	\
+ }
+ 
+ 
+-
+ typedef int bool; // typedef enum { FALSE, TRUE } boolean; -> can't use this because TRUE and FALSE are already defined
+ 
+ 
+@@ -28,23 +29,23 @@
+ } lfp_hl;
+ 
+ 
+-int l_fp_scmp(const l_fp first, const l_fp second);
+-int l_fp_ucmp(const l_fp first, l_fp second );
+-l_fp l_fp_init(int32 i, u_int32 f);
+-l_fp l_fp_add(const l_fp first, const l_fp second);
+-l_fp l_fp_subtract(const l_fp first, const l_fp second);
+-l_fp l_fp_negate(const l_fp first);
+-l_fp l_fp_abs(const l_fp first);
+-int l_fp_signum(const l_fp first);
+-double l_fp_convert_to_double(const l_fp first);
+-l_fp l_fp_init_from_double( double rhs);
+-void l_fp_swap(l_fp * first, l_fp *second);
+-bool l_isgt(const l_fp first, const l_fp second);
+-bool l_isgtu(const l_fp first, const l_fp second);
+-bool l_ishis(const l_fp first, const l_fp second);
+-bool l_isgeq(const l_fp first, const l_fp second);
+-bool l_isequ(const l_fp first, const l_fp second);
+-double eps(double d);
++int	l_fp_scmp(const l_fp first, const l_fp second);
++int	l_fp_ucmp(const l_fp first, l_fp second);
++l_fp	l_fp_init(int32 i, u_int32 f);
++l_fp	l_fp_add(const l_fp first, const l_fp second);
++l_fp	l_fp_subtract(const l_fp first, const l_fp second);
++l_fp	l_fp_negate(const l_fp first);
++l_fp	l_fp_abs(const l_fp first);
++int	l_fp_signum(const l_fp first);
++double	l_fp_convert_to_double(const l_fp first);
++l_fp	l_fp_init_from_double( double rhs);
++void	l_fp_swap(l_fp * first, l_fp *second);
++bool	l_isgt(const l_fp first, const l_fp second);
++bool	l_isgtu(const l_fp first, const l_fp second);
++bool	l_ishis(const l_fp first, const l_fp second);
++bool	l_isgeq(const l_fp first, const l_fp second);
++bool	l_isequ(const l_fp first, const l_fp second);
++double	eps(double d);
+ 
+ 
+ void test_AdditionLR(void);
+@@ -58,7 +59,6 @@
+ void test_UnsignedRelOps(void);
+ 
+ 
+-
+ static int cmp_work(u_int32 a[3], u_int32 b[3]);
+ 
+ //----------------------------------------------------------------------
+@@ -72,10 +72,10 @@
+ l_fp_scmp(const l_fp first, const l_fp second)
+ {
+ 	u_int32 a[3], b[3];
+-	
++
+ 	const l_fp op1 = first;
+ 	const l_fp op2 = second;
+-	
++
+ 	a[0] = op1.l_uf; a[1] = op1.l_ui; a[2] = 0;
+ 	b[0] = op2.l_uf; b[1] = op2.l_ui; b[2] = 0;
+ 
+@@ -86,12 +86,12 @@
+ }
+ 
+ int
+-l_fp_ucmp(const l_fp first, l_fp second )
++l_fp_ucmp(const l_fp first, l_fp second)
+ {
+ 	u_int32 a[3], b[3];
+ 	const l_fp op1 = first; 
+ 	const l_fp op2 = second;
+-	
++
+ 	a[0] = op1.l_uf; a[1] = op1.l_ui; a[2] = 0;
+ 	b[0] = op2.l_uf; b[1] = op2.l_ui; b[2] = 0;
+ 
+@@ -142,7 +142,7 @@
+ {
+ 	l_fp temp = first;
+ 	L_SUB(&temp, &second);
+-	
++
+ 	return temp;
+ }
+ 
+@@ -151,7 +151,7 @@
+ {
+ 	l_fp temp = first;
+ 	L_NEG(&temp);
+-	
++
+ 	return temp;
+ }
+ 
+@@ -189,11 +189,14 @@
+ }
+ 
+ void
+-l_fp_swap(l_fp * first, l_fp *second){
++l_fp_swap(l_fp * first, l_fp *second)
++{
+ 	l_fp temp = *second;
+ 
+ 	*second = *first;
+ 	*first = temp;
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -204,27 +207,37 @@
+ 
+ 
+ bool
+-l_isgt (const l_fp first, const l_fp second) {
++l_isgt (const l_fp first, const l_fp second)
++{
++
+ 	return L_ISGT(&first, &second);
+ }
+ 
+ bool
+-l_isgtu(const l_fp first, const l_fp second) {
++l_isgtu(const l_fp first, const l_fp second)
++{
++
+ 	return L_ISGTU(&first, &second);
+ }
+ 
+ bool
+-l_ishis(const l_fp first, const l_fp second) {
++l_ishis(const l_fp first, const l_fp second)
++{
++
+ 	return L_ISHIS(&first, &second);
+ }
+ 
+ bool
+-l_isgeq(const l_fp first, const l_fp second) {
++l_isgeq(const l_fp first, const l_fp second)
++{
++
+ 	return L_ISGEQ(&first, &second);
+ }
+ 
+ bool
+-l_isequ(const l_fp first, const l_fp second) {
++l_isequ(const l_fp first, const l_fp second)
++{
++
+ 	return L_ISEQU(&first, &second);
+ }
+ 
+@@ -275,6 +288,7 @@
+ double
+ eps(double d)
+ {
++
+ 	return fmax(ldexp(1.0, -31), ldexp(fabs(d), -53));
+ }
+ 
+@@ -282,61 +296,71 @@
+ // test addition
+ //----------------------------------------------------------------------
+ void
+-test_AdditionLR(void) {
+-	
++test_AdditionLR(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op2 = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
+-		l_fp exp = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
+-		l_fp res = l_fp_add(op1, op2);		
++		l_fp e_res = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
++		l_fp res = l_fp_add(op1, op2);
+ 
+-		TEST_ASSERT_EQUAL_l_fp(exp, res);
+-	}	
++		TEST_ASSERT_EQUAL_l_fp(e_res, res);
++	}
++	return;
+ }
+ 
+ void
+-test_AdditionRL(void) {
++test_AdditionRL(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op2 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
+-		l_fp exp = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
++		l_fp e_res = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
+ 		l_fp res = l_fp_add(op1, op2);
+ 
+-		TEST_ASSERT_EQUAL_l_fp(exp, res);
+-	}	
++		TEST_ASSERT_EQUAL_l_fp(e_res, res);
++	}
++	return;
+ }
+ 
+ 
+-
+ //----------------------------------------------------------------------
+ // test subtraction
+ //----------------------------------------------------------------------
+ void
+-test_SubtractionLR(void) {
++test_SubtractionLR(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op2 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+-		l_fp exp = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
++		l_fp e_res = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
+ 		l_fp res = l_fp_subtract(op1, op2);
+-		
+-		TEST_ASSERT_EQUAL_l_fp(exp, res);		
+-	}	
++
++		TEST_ASSERT_EQUAL_l_fp(e_res, res);
++	}
++	return;
+ }
+ 
+ void
+-test_SubtractionRL(void) {
++test_SubtractionRL(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+-		l_fp exp = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
++		l_fp e_res = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op2 = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
+ 		l_fp res = l_fp_subtract(op1, op2);
+ 
+-		TEST_ASSERT_EQUAL_l_fp(exp, res);
+-	}	
++		TEST_ASSERT_EQUAL_l_fp(e_res, res);
++	}
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -344,18 +368,20 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_Negation(void) {
++test_Negation(void)
++{
++	size_t idx = 0;
+ 
+-	size_t idx = 0;
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op2 = l_fp_negate(op1);
+ 		l_fp sum = l_fp_add(op1, op2);
+-		
++
+ 		l_fp zero = l_fp_init(0, 0);
+ 
+ 		TEST_ASSERT_EQUAL_l_fp(zero, sum);
+-	}	
++	}
++	return;
+ }
+ 
+ 
+@@ -364,21 +390,23 @@
+ // test absolute value
+ //----------------------------------------------------------------------
+ void
+-test_Absolute(void) {
++test_Absolute(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op2 = l_fp_abs(op1);
+ 
+-		TEST_ASSERT_TRUE(l_fp_signum(op2) >= 0);		
++		TEST_ASSERT_TRUE(l_fp_signum(op2) >= 0);
+ 
+ 		if (l_fp_signum(op1) >= 0)
+-			op1 = l_fp_subtract(op1, op2);			
++			op1 = l_fp_subtract(op1, op2);
+ 		else
+ 			op1 = l_fp_add(op1, op2);
+-		
++
+ 		l_fp zero = l_fp_init(0, 0);
+-		
++
+ 		TEST_ASSERT_EQUAL_l_fp(zero, op1);
+ 	}
+ 
+@@ -390,6 +418,8 @@
+ 	TEST_ASSERT_EQUAL(-1, l_fp_signum(minVal));
+ 
+ 	TEST_ASSERT_EQUAL_l_fp(minVal, minAbs);
++
++	return;
+ }
+ 
+ 
+@@ -397,7 +427,10 @@
+ // fp -> double -> fp rountrip test
+ //----------------------------------------------------------------------
+ void
+-test_FDF_RoundTrip(void) {
++test_FDF_RoundTrip(void)
++{
++	size_t idx = 0;
++
+ 	// since a l_fp has 64 bits in it's mantissa and a double has
+ 	// only 54 bits available (including the hidden '1') we have to
+ 	// make a few concessions on the roundtrip precision. The 'eps()'
+@@ -404,7 +437,7 @@
+ 	// function makes an educated guess about the avilable precision
+ 	// and checks the difference in the two 'l_fp' values against
+ 	// that limit.
+-	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		double op2 = l_fp_convert_to_double(op1);
+@@ -412,8 +445,10 @@
+ 
+ 		l_fp temp = l_fp_subtract(op1, op3);
+ 		double d = l_fp_convert_to_double(temp);
+- 		TEST_ASSERT_DOUBLE_WITHIN(eps(op2), 0.0, fabs(d));		  		
+-	}	
++		TEST_ASSERT_DOUBLE_WITHIN(eps(op2), 0.0, fabs(d));
++	}
++
++	return;
+ }
+ 
+ 
+@@ -424,14 +459,16 @@
+ // macros in 'ntp_fp.h' produce mathing results.
+ // ----------------------------------------------------------------------
+ void
+-test_SignedRelOps(void) {
++test_SignedRelOps(void)
++{
+ 	const lfp_hl * tv = (&addsub_tab[0][0]);
+ 	size_t lc ;
++
+ 	for (lc = addsub_tot - 1; lc; --lc, ++tv) {
+ 		l_fp op1 = l_fp_init(tv[0].h, tv[0].l);
+ 		l_fp op2 = l_fp_init(tv[1].h, tv[1].l);
+-		int cmp = l_fp_scmp(op1, op2);		
+-		
++		int cmp = l_fp_scmp(op1, op2);
++
+ 		switch (cmp) {
+ 		case -1:
+ 			//printf("op1:%d %d, op2:%d %d\n",op1.l_uf,op1.l_ui,op2.l_uf,op2.l_ui);
+@@ -458,15 +495,19 @@
+ 			TEST_ASSERT_TRUE (l_isequ(op2, op1));
+ 			break;
+ 		default:
+-			TEST_FAIL_MESSAGE("unexpected UCMP result: " );	
++			TEST_FAIL_MESSAGE("unexpected UCMP result: ");
+ 		}
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_UnsignedRelOps(void) {
+-	const lfp_hl * tv =(&addsub_tab[0][0]);	
++test_UnsignedRelOps(void)
++{
++	const lfp_hl * tv =(&addsub_tab[0][0]);
+ 	size_t lc;
++
+ 	for (lc = addsub_tot - 1; lc; --lc, ++tv) {
+ 		l_fp op1 = l_fp_init(tv[0].h, tv[0].l);
+ 		l_fp op2 = l_fp_init(tv[1].h, tv[1].l);
+@@ -492,10 +533,13 @@
+ 			TEST_ASSERT_TRUE (l_ishis(op2, op1));
+ 			break;
+ 		default:
+-			TEST_FAIL_MESSAGE("unexpected UCMP result: " );	
++			TEST_FAIL_MESSAGE("unexpected UCMP result: ");
+ 		}
+ 	}
++
++	return;
+ }
++
+ /*
+ */
+ 
+--- contrib/ntp/tests/libntp/lfptostr.c.orig
++++ contrib/ntp/tests/libntp/lfptostr.c
+@@ -20,6 +20,7 @@
+ static const int HALF_PROMILLE_DOWN = 2147483; /* slightly less than 0.0005 */
+ 
+ 
++void setUp(void);
+ void test_PositiveInteger(void);
+ void test_NegativeInteger(void);
+ void test_PositiveIntegerWithFraction(void);
+@@ -33,7 +34,15 @@
+ void test_UnsignedInteger(void);
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
+ 
++	return;
++}
++
++
+ void
+ test_PositiveInteger(void) {
+ 	l_fp test = {{200}, 0}; /* exact 200.0000000000 */
+--- contrib/ntp/tests/libntp/modetoa.c.orig
++++ contrib/ntp/tests/libntp/modetoa.c
+@@ -4,11 +4,21 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_KnownMode(void);
+ void test_UnknownMode(void);
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_KnownMode(void) {
+ 	const int MODE = 3; // Should be "client"
+ 
+--- contrib/ntp/tests/libntp/msyslog.c.orig
++++ contrib/ntp/tests/libntp/msyslog.c
+@@ -10,6 +10,7 @@
+ #endif
+ 
+ 
++void setUp(void);
+ void test_msnprintf(void);
+ void test_msnprintfLiteralPercentm(void);
+ void test_msnprintfBackslashLiteralPercentm(void);
+@@ -21,6 +22,15 @@
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_msnprintf(void) {
+ #define FMT_PREFIX "msyslog.cpp ENOENT: "
+ 	char	exp_buf[512];
+--- contrib/ntp/tests/libntp/netof.c.orig
++++ contrib/ntp/tests/libntp/netof.c
+@@ -8,6 +8,7 @@
+ #include "sockaddrtest.h"
+ 
+ 
++void setUp(void);
+ void test_ClassBAddress(void);
+ void test_ClassCAddress(void);
+ void test_ClassAAddress(void);
+@@ -14,8 +15,18 @@
+ void test_IPv6Address(void);
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
+ 
+-void test_ClassBAddress(void) {
++	return;
++}
++
++
++void
++test_ClassBAddress(void)
++{
+ 	sockaddr_u input = CreateSockaddr4("172.16.2.1", NTP_PORT);
+ 	sockaddr_u expected = CreateSockaddr4("172.16.0.0", NTP_PORT);
+ 
+@@ -23,9 +34,13 @@
+ 
+ 	TEST_ASSERT_TRUE(actual != NULL);
+ 	TEST_ASSERT_TRUE(IsEqual(expected, *actual));
++
++	return;
+ }
+ 
+-void test_ClassCAddress(void) {
++void
++test_ClassCAddress(void)
++{
+ 	sockaddr_u input = CreateSockaddr4("192.0.2.255", NTP_PORT);
+ 	sockaddr_u expected = CreateSockaddr4("192.0.2.0", NTP_PORT);
+ 
+@@ -33,9 +48,14 @@
+ 
+ 	TEST_ASSERT_TRUE(actual != NULL);
+ 	TEST_ASSERT_TRUE(IsEqual(expected, *actual));
++
++	return;
+ }
+ 
+-void  test_ClassAAddress(void) {
++
++void
++test_ClassAAddress(void)
++{
+ 	/* Class A addresses are assumed to be classless,
+ 	 * thus the same address should be returned.
+ 	 */
+@@ -46,24 +66,28 @@
+ 
+ 	TEST_ASSERT_TRUE(actual != NULL);
+ 	TEST_ASSERT_TRUE(IsEqual(expected, *actual));
++
++	return;
+ }
+ 
+-void  test_IPv6Address(void) {
++void
++test_IPv6Address(void)
++{
+ 	/* IPv6 addresses are assumed to have 64-bit host- and 64-bit network parts. */
+-	const struct in6_addr input_address = {
++	const struct in6_addr input_address = { { {
+ 		0x20, 0x01, 0x0d, 0xb8,
+-        0x85, 0xa3, 0x08, 0xd3, 
+-        0x13, 0x19, 0x8a, 0x2e,
+-        0x03, 0x70, 0x73, 0x34
+-	}; // 2001:0db8:85a3:08d3:1319:8a2e:0370:7334
++		0x85, 0xa3, 0x08, 0xd3, 
++		0x13, 0x19, 0x8a, 0x2e,
++		0x03, 0x70, 0x73, 0x34
++	} } }; // 2001:0db8:85a3:08d3:1319:8a2e:0370:7334
+ 
+-	const struct in6_addr expected_address = {
++	const struct in6_addr expected_address = { { {
+ 		0x20, 0x01, 0x0d, 0xb8,
+-        0x85, 0xa3, 0x08, 0xd3, 
+-        0x00, 0x00, 0x00, 0x00,
+-        0x00, 0x00, 0x00, 0x00
+-	}; // 2001:0db8:85a3:08d3:0000:0000:0000:0000
+-	
++		0x85, 0xa3, 0x08, 0xd3, 
++		0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x00, 0x00
++	} } }; // 2001:0db8:85a3:08d3:0000:0000:0000:0000
++
+ 	sockaddr_u input;
+ 	input.sa6.sin6_family = AF_INET6;
+ 	input.sa6.sin6_addr = input_address;
+@@ -78,5 +102,6 @@
+ 
+ 	TEST_ASSERT_TRUE(actual != NULL);
+ 	TEST_ASSERT_TRUE(IsEqual(expected, *actual));
++
++	return;
+ }
+-
+--- contrib/ntp/tests/libntp/numtoa.c.orig
++++ contrib/ntp/tests/libntp/numtoa.c
+@@ -5,10 +5,21 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_Address(void);
+ void test_Netmask(void);
+ 
++
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_Address(void) {
+ 	const u_int32 input = htonl(3221225472UL + 512UL + 1UL); // 192.0.2.1
+ 
+--- contrib/ntp/tests/libntp/numtohost.c.orig
++++ contrib/ntp/tests/libntp/numtohost.c
+@@ -5,9 +5,20 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_LoopbackNetNonResolve(void);
+ 
++
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_LoopbackNetNonResolve(void) {
+ 	/* A loopback address in 127.0.0.0/8 is chosen, and
+ 	 * numtohost() should not try to resolve it unless
+@@ -15,6 +26,6 @@
+ 	 */
+ 
+ 	const u_int32 input = 127*256*256*256 + 1*256 + 1; // 127.0.1.1
+-	
++
+ 	TEST_ASSERT_EQUAL_STRING("127.0.1.1", numtohost(htonl(input)));
+ }
+--- contrib/ntp/tests/libntp/octtoint.c.orig
++++ contrib/ntp/tests/libntp/octtoint.c
+@@ -14,61 +14,83 @@
+ void test_IllegalDigit(void);
+ 
+ 
+-void test_SingleDigit(void) {
++void
++test_SingleDigit(void)
++{
+ 	const char* str = "5";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_TRUE(octtoint(str, &actual) );
++	TEST_ASSERT_TRUE(octtoint(str, &actual));
+ 	TEST_ASSERT_EQUAL(5, actual);
++
++	return;
+ }
+ 
+-void test_MultipleDigits(void){
++void
++test_MultipleDigits(void)
++{
+ 	const char* str = "271";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_TRUE(octtoint(str, &actual) );
++	TEST_ASSERT_TRUE(octtoint(str, &actual));
+ 	TEST_ASSERT_EQUAL(185, actual);
+ 
++	return;
+ }
+ 
+-void test_Zero(void){
++void
++test_Zero(void)
++{
+ 	const char* str = "0";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_TRUE(octtoint(str, &actual) );
++	TEST_ASSERT_TRUE(octtoint(str, &actual));
+ 	TEST_ASSERT_EQUAL(0, actual);
+ 
++	return;
+ }
+ 
+-void test_MaximumUnsigned32bit(void){
++void
++test_MaximumUnsigned32bit(void)
++{
+ 	const char* str = "37777777777";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_TRUE(octtoint(str, &actual) );
++	TEST_ASSERT_TRUE(octtoint(str, &actual));
+ 	TEST_ASSERT_EQUAL(4294967295UL, actual);
+ 
++	return;
+ }
+ 
+-void test_Overflow(void){
++void
++test_Overflow(void)
++{
+ 	const char* str = "40000000000";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_FALSE(octtoint(str, &actual) );
++	TEST_ASSERT_FALSE(octtoint(str, &actual));
+ 
++	return;
+ }
+ 
+-void test_IllegalCharacter(void){
++void
++test_IllegalCharacter(void)
++{
+ 	const char* str = "5ac2";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_FALSE(octtoint(str, &actual) );
++	TEST_ASSERT_FALSE(octtoint(str, &actual));
+ 
++	return;
+ }
+ 
+-void test_IllegalDigit(void){
++void
++test_IllegalDigit(void)
++{
+ 	const char* str = "5283";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_FALSE(octtoint(str, &actual) );
++	TEST_ASSERT_FALSE(octtoint(str, &actual));
+ 
++	return;
+ }
+--- contrib/ntp/tests/libntp/prettydate.c.orig
++++ contrib/ntp/tests/libntp/prettydate.c
+@@ -6,15 +6,26 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_ConstantDate(void);
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_ConstantDate(void) {
+ 	const u_int32 HALF = 2147483648UL;
+ 
+-	l_fp time = {{3485080800UL}, HALF}; /* 2010-06-09 14:00:00.5 */
++	l_fp e_time = {{3485080800UL}, HALF}; /* 2010-06-09 14:00:00.5 */
+ 
+ 	TEST_ASSERT_EQUAL_STRING("cfba1ce0.80000000  Wed, Jun  9 2010 14:00:00.500",
+-		gmprettydate(&time));
++		gmprettydate(&e_time));
++	return;
+ }
+--- contrib/ntp/tests/libntp/recvbuff.c.orig
++++ contrib/ntp/tests/libntp/recvbuff.c
+@@ -13,6 +13,9 @@
+ setUp(void)
+ {
+ 	init_recvbuff(RECV_INIT);
++	init_lib();
++
++	return;
+ }
+ 
+ void
+@@ -36,7 +39,7 @@
+ 
+ void
+ test_GetAndFill(void) {
+-	int initial = free_recvbuffs();
++	// int initial = free_recvbuffs();
+ 	recvbuf_t* buf = get_free_recv_buffer();
+ 
+ 	add_full_recv_buffer(buf);
+--- contrib/ntp/tests/libntp/refidsmear.c.orig
++++ contrib/ntp/tests/libntp/refidsmear.c
+@@ -29,13 +29,22 @@
+  */
+ 
+ 
+-
++void setUp(void);
+ void rtol(uint32_t r, char *es);
+ void rtoltor(uint32_t er, char *es);
+ void ltor(l_fp l, char *er);
+ void test_refidsmear(void);
+ 
++
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++void
+ rtol(uint32_t r, char *es)
+ {
+ 	l_fp l;
+@@ -48,7 +57,7 @@
+ 
+ 	l = convertRefIDToLFP(htonl(r));
+ 	as = lfptoa(&l, 8);
+-	
++
+ 	//printf("refid %#x, smear %s\n", r, as);
+ 
+ 	TEST_ASSERT_NOT_NULL_MESSAGE(as, msg);
+@@ -58,8 +67,6 @@
+ }
+ 
+ 
+-
+-
+ void
+ rtoltor(uint32_t er, char *es)
+ {
+--- contrib/ntp/tests/libntp/refnumtoa.c.orig
++++ contrib/ntp/tests/libntp/refnumtoa.c
+@@ -9,11 +9,21 @@
+ /* Might need to be updated if a new refclock gets this id. */
+ static const int UNUSED_REFCLOCK_ID = 250;
+ 
++void setUp(void);
+ void test_LocalClock(void);
+ void test_UnknownId(void);
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_LocalClock(void) {
+ #ifdef REFCLOCK		/* clockname() is useless otherwise */
+ 	/* We test with a refclock address of type LOCALCLOCK.
+@@ -26,7 +36,7 @@
+ 	sockaddr_u address;
+ 	address.sa4.sin_family = AF_INET;
+ 	address.sa4.sin_addr.s_addr = htonl(addr);
+-	
++
+ 	char stringStart[100]= "";
+ 
+ 	strcat(stringStart, clockname(REFCLK_LOCALCLOCK));
+@@ -35,7 +45,7 @@
+ 	char * expected = stringStart;
+ 
+ 	TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address));
+-#else	
++#else
+ 	TEST_IGNORE_MESSAGE("REFCLOCK NOT DEFINED, SKIPPING TEST");
+ #endif	/* REFCLOCK */
+ }
+@@ -51,9 +61,9 @@
+ 	sockaddr_u address;
+ 	address.sa4.sin_family = AF_INET;
+ 	address.sa4.sin_addr.s_addr = htonl(addr);
+-	
++
+ 	char stringStart[100]= "REFCLK(";
+-	char value[100] ;	
++	char value[100] ;
+ 	snprintf(value, sizeof(value), "%d", UNUSED_REFCLOCK_ID);
+ 	strcat(stringStart,value);
+ 	strcat(stringStart,",4)");
+@@ -60,7 +70,7 @@
+ 	char * expected = stringStart;
+ 
+ 	TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address));
+-#else 	
++#else
+ 	TEST_IGNORE_MESSAGE("REFCLOCK NOT DEFINED, SKIPPING TEST");
+ #endif	/* REFCLOCK */
+ }
+--- contrib/ntp/tests/libntp/run-a_md5encrypt.c.orig
++++ contrib/ntp/tests/libntp/run-a_md5encrypt.c
+@@ -52,11 +52,11 @@
+ {
+   progname = argv[0];
+   UnityBegin("a_md5encrypt.c");
+-  RUN_TEST(test_Encrypt, 29);
+-  RUN_TEST(test_DecryptValid, 30);
+-  RUN_TEST(test_DecryptInvalid, 31);
+-  RUN_TEST(test_IPv4AddressToRefId, 32);
+-  RUN_TEST(test_IPv6AddressToRefId, 33);
++  RUN_TEST(test_Encrypt, 40);
++  RUN_TEST(test_DecryptValid, 41);
++  RUN_TEST(test_DecryptInvalid, 42);
++  RUN_TEST(test_IPv4AddressToRefId, 43);
++  RUN_TEST(test_IPv6AddressToRefId, 44);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-calendar.c.orig
++++ contrib/ntp/tests/libntp/run-calendar.c
+@@ -63,21 +63,21 @@
+ {
+   progname = argv[0];
+   UnityBegin("calendar.c");
+-  RUN_TEST(test_DaySplitMerge, 21);
+-  RUN_TEST(test_SplitYearDays1, 22);
+-  RUN_TEST(test_SplitYearDays2, 23);
+-  RUN_TEST(test_RataDie1, 24);
+-  RUN_TEST(test_LeapYears1, 25);
+-  RUN_TEST(test_LeapYears2, 26);
+-  RUN_TEST(test_RoundTripDate, 27);
+-  RUN_TEST(test_RoundTripYearStart, 28);
+-  RUN_TEST(test_RoundTripMonthStart, 29);
+-  RUN_TEST(test_RoundTripWeekStart, 30);
+-  RUN_TEST(test_RoundTripDayStart, 31);
+-  RUN_TEST(test_IsoCalYearsToWeeks, 32);
+-  RUN_TEST(test_IsoCalWeeksToYearStart, 33);
+-  RUN_TEST(test_IsoCalWeeksToYearEnd, 34);
+-  RUN_TEST(test_DaySecToDate, 35);
++  RUN_TEST(test_DaySplitMerge, 22);
++  RUN_TEST(test_SplitYearDays1, 23);
++  RUN_TEST(test_SplitYearDays2, 24);
++  RUN_TEST(test_RataDie1, 25);
++  RUN_TEST(test_LeapYears1, 26);
++  RUN_TEST(test_LeapYears2, 27);
++  RUN_TEST(test_RoundTripDate, 28);
++  RUN_TEST(test_RoundTripYearStart, 29);
++  RUN_TEST(test_RoundTripMonthStart, 30);
++  RUN_TEST(test_RoundTripWeekStart, 31);
++  RUN_TEST(test_RoundTripDayStart, 32);
++  RUN_TEST(test_IsoCalYearsToWeeks, 33);
++  RUN_TEST(test_IsoCalWeeksToYearStart, 34);
++  RUN_TEST(test_IsoCalWeeksToYearEnd, 35);
++  RUN_TEST(test_DaySecToDate, 36);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-decodenetnum.c.orig
++++ contrib/ntp/tests/libntp/run-decodenetnum.c
+@@ -53,12 +53,12 @@
+ {
+   progname = argv[0];
+   UnityBegin("decodenetnum.c");
+-  RUN_TEST(test_IPv4AddressOnly, 7);
+-  RUN_TEST(test_IPv4AddressWithPort, 8);
+-  RUN_TEST(test_IPv6AddressOnly, 10);
+-  RUN_TEST(test_IPv6AddressWithPort, 11);
+-  RUN_TEST(test_IllegalAddress, 13);
+-  RUN_TEST(test_IllegalCharInPort, 14);
++  RUN_TEST(test_IPv4AddressOnly, 8);
++  RUN_TEST(test_IPv4AddressWithPort, 9);
++  RUN_TEST(test_IPv6AddressOnly, 11);
++  RUN_TEST(test_IPv6AddressWithPort, 12);
++  RUN_TEST(test_IllegalAddress, 14);
++  RUN_TEST(test_IllegalCharInPort, 15);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-humandate.c.orig
++++ contrib/ntp/tests/libntp/run-humandate.c
+@@ -49,8 +49,8 @@
+ {
+   progname = argv[0];
+   UnityBegin("humandate.c");
+-  RUN_TEST(test_RegularTime, 8);
+-  RUN_TEST(test_CurrentTime, 9);
++  RUN_TEST(test_RegularTime, 9);
++  RUN_TEST(test_CurrentTime, 10);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-lfpfunc.c.orig
++++ contrib/ntp/tests/libntp/run-lfpfunc.c
+@@ -58,15 +58,15 @@
+ {
+   progname = argv[0];
+   UnityBegin("lfpfunc.c");
+-  RUN_TEST(test_AdditionLR, 50);
+-  RUN_TEST(test_AdditionRL, 51);
+-  RUN_TEST(test_SubtractionLR, 52);
+-  RUN_TEST(test_SubtractionRL, 53);
+-  RUN_TEST(test_Negation, 54);
+-  RUN_TEST(test_Absolute, 55);
+-  RUN_TEST(test_FDF_RoundTrip, 56);
+-  RUN_TEST(test_SignedRelOps, 57);
+-  RUN_TEST(test_UnsignedRelOps, 58);
++  RUN_TEST(test_AdditionLR, 51);
++  RUN_TEST(test_AdditionRL, 52);
++  RUN_TEST(test_SubtractionLR, 53);
++  RUN_TEST(test_SubtractionRL, 54);
++  RUN_TEST(test_Negation, 55);
++  RUN_TEST(test_Absolute, 56);
++  RUN_TEST(test_FDF_RoundTrip, 57);
++  RUN_TEST(test_SignedRelOps, 58);
++  RUN_TEST(test_UnsignedRelOps, 59);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-lfptostr.c.orig
++++ contrib/ntp/tests/libntp/run-lfptostr.c
+@@ -58,17 +58,17 @@
+ {
+   progname = argv[0];
+   UnityBegin("lfptostr.c");
+-  RUN_TEST(test_PositiveInteger, 23);
+-  RUN_TEST(test_NegativeInteger, 24);
+-  RUN_TEST(test_PositiveIntegerWithFraction, 25);
+-  RUN_TEST(test_NegativeIntegerWithFraction, 26);
+-  RUN_TEST(test_RoundingDownToInteger, 27);
+-  RUN_TEST(test_RoundingMiddleToInteger, 28);
+-  RUN_TEST(test_RoundingUpToInteger, 29);
+-  RUN_TEST(test_SingleDecimal, 30);
+-  RUN_TEST(test_MillisecondsRoundingUp, 31);
+-  RUN_TEST(test_MillisecondsRoundingDown, 32);
+-  RUN_TEST(test_UnsignedInteger, 33);
++  RUN_TEST(test_PositiveInteger, 24);
++  RUN_TEST(test_NegativeInteger, 25);
++  RUN_TEST(test_PositiveIntegerWithFraction, 26);
++  RUN_TEST(test_NegativeIntegerWithFraction, 27);
++  RUN_TEST(test_RoundingDownToInteger, 28);
++  RUN_TEST(test_RoundingMiddleToInteger, 29);
++  RUN_TEST(test_RoundingUpToInteger, 30);
++  RUN_TEST(test_SingleDecimal, 31);
++  RUN_TEST(test_MillisecondsRoundingUp, 32);
++  RUN_TEST(test_MillisecondsRoundingDown, 33);
++  RUN_TEST(test_UnsignedInteger, 34);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-modetoa.c.orig
++++ contrib/ntp/tests/libntp/run-modetoa.c
+@@ -48,8 +48,8 @@
+ {
+   progname = argv[0];
+   UnityBegin("modetoa.c");
+-  RUN_TEST(test_KnownMode, 7);
+-  RUN_TEST(test_UnknownMode, 8);
++  RUN_TEST(test_KnownMode, 8);
++  RUN_TEST(test_UnknownMode, 9);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-msyslog.c.orig
++++ contrib/ntp/tests/libntp/run-msyslog.c
+@@ -54,14 +54,14 @@
+ {
+   progname = argv[0];
+   UnityBegin("msyslog.c");
+-  RUN_TEST(test_msnprintf, 13);
+-  RUN_TEST(test_msnprintfLiteralPercentm, 14);
+-  RUN_TEST(test_msnprintfBackslashLiteralPercentm, 15);
+-  RUN_TEST(test_msnprintfBackslashPercent, 16);
+-  RUN_TEST(test_msnprintfHangingPercent, 17);
+-  RUN_TEST(test_format_errmsgHangingPercent, 18);
+-  RUN_TEST(test_msnprintfNullTarget, 19);
+-  RUN_TEST(test_msnprintfTruncate, 20);
++  RUN_TEST(test_msnprintf, 14);
++  RUN_TEST(test_msnprintfLiteralPercentm, 15);
++  RUN_TEST(test_msnprintfBackslashLiteralPercentm, 16);
++  RUN_TEST(test_msnprintfBackslashPercent, 17);
++  RUN_TEST(test_msnprintfHangingPercent, 18);
++  RUN_TEST(test_format_errmsgHangingPercent, 19);
++  RUN_TEST(test_msnprintfNullTarget, 20);
++  RUN_TEST(test_msnprintfTruncate, 21);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-netof.c.orig
++++ contrib/ntp/tests/libntp/run-netof.c
+@@ -52,10 +52,10 @@
+ {
+   progname = argv[0];
+   UnityBegin("netof.c");
+-  RUN_TEST(test_ClassBAddress, 11);
+-  RUN_TEST(test_ClassCAddress, 12);
+-  RUN_TEST(test_ClassAAddress, 13);
+-  RUN_TEST(test_IPv6Address, 14);
++  RUN_TEST(test_ClassBAddress, 12);
++  RUN_TEST(test_ClassCAddress, 13);
++  RUN_TEST(test_ClassAAddress, 14);
++  RUN_TEST(test_IPv6Address, 15);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-numtoa.c.orig
++++ contrib/ntp/tests/libntp/run-numtoa.c
+@@ -49,8 +49,8 @@
+ {
+   progname = argv[0];
+   UnityBegin("numtoa.c");
+-  RUN_TEST(test_Address, 8);
+-  RUN_TEST(test_Netmask, 9);
++  RUN_TEST(test_Address, 9);
++  RUN_TEST(test_Netmask, 10);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-numtohost.c.orig
++++ contrib/ntp/tests/libntp/run-numtohost.c
+@@ -48,7 +48,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("numtohost.c");
+-  RUN_TEST(test_LoopbackNetNonResolve, 8);
++  RUN_TEST(test_LoopbackNetNonResolve, 9);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-prettydate.c.orig
++++ contrib/ntp/tests/libntp/run-prettydate.c
+@@ -49,7 +49,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("prettydate.c");
+-  RUN_TEST(test_ConstantDate, 9);
++  RUN_TEST(test_ConstantDate, 10);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-refnumtoa.c.orig
++++ contrib/ntp/tests/libntp/run-refnumtoa.c
+@@ -49,8 +49,8 @@
+ {
+   progname = argv[0];
+   UnityBegin("refnumtoa.c");
+-  RUN_TEST(test_LocalClock, 12);
+-  RUN_TEST(test_UnknownId, 13);
++  RUN_TEST(test_LocalClock, 13);
++  RUN_TEST(test_UnknownId, 14);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-sfptostr.c.orig
++++ contrib/ntp/tests/libntp/run-sfptostr.c
+@@ -24,6 +24,7 @@
+ #include 
+ #include "config.h"
+ #include "ntp_fp.h"
++#include "ntp_stdlib.h"
+ 
+ //=======External Functions This Runner Calls=====
+ extern void setUp(void);
+@@ -54,14 +55,14 @@
+ {
+   progname = argv[0];
+   UnityBegin("sfptostr.c");
+-  RUN_TEST(test_PositiveInteger, 11);
+-  RUN_TEST(test_NegativeInteger, 12);
+-  RUN_TEST(test_PositiveIntegerPositiveFraction, 13);
+-  RUN_TEST(test_NegativeIntegerNegativeFraction, 14);
+-  RUN_TEST(test_PositiveIntegerNegativeFraction, 15);
+-  RUN_TEST(test_NegativeIntegerPositiveFraction, 16);
+-  RUN_TEST(test_SingleDecimalInteger, 17);
+-  RUN_TEST(test_SingleDecimalRounding, 18);
++  RUN_TEST(test_PositiveInteger, 13);
++  RUN_TEST(test_NegativeInteger, 14);
++  RUN_TEST(test_PositiveIntegerPositiveFraction, 15);
++  RUN_TEST(test_NegativeIntegerNegativeFraction, 16);
++  RUN_TEST(test_PositiveIntegerNegativeFraction, 17);
++  RUN_TEST(test_NegativeIntegerPositiveFraction, 18);
++  RUN_TEST(test_SingleDecimalInteger, 19);
++  RUN_TEST(test_SingleDecimalRounding, 20);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-socktoa.c.orig
++++ contrib/ntp/tests/libntp/run-socktoa.c
+@@ -54,12 +54,12 @@
+ {
+   progname = argv[0];
+   UnityBegin("socktoa.c");
+-  RUN_TEST(test_IPv4AddressWithPort, 10);
+-  RUN_TEST(test_IPv6AddressWithPort, 12);
+-  RUN_TEST(test_IgnoreIPv6Fields, 13);
+-  RUN_TEST(test_ScopedIPv6AddressWithPort, 15);
+-  RUN_TEST(test_HashEqual, 16);
+-  RUN_TEST(test_HashNotEqual, 17);
++  RUN_TEST(test_IPv4AddressWithPort, 11);
++  RUN_TEST(test_IPv6AddressWithPort, 13);
++  RUN_TEST(test_IgnoreIPv6Fields, 14);
++  RUN_TEST(test_ScopedIPv6AddressWithPort, 16);
++  RUN_TEST(test_HashEqual, 17);
++  RUN_TEST(test_HashNotEqual, 18);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-statestr.c.orig
++++ contrib/ntp/tests/libntp/run-statestr.c
+@@ -52,10 +52,10 @@
+ {
+   progname = argv[0];
+   UnityBegin("statestr.c");
+-  RUN_TEST(test_PeerRestart, 9);
+-  RUN_TEST(test_SysUnspecified, 10);
+-  RUN_TEST(test_ClockCodeExists, 11);
+-  RUN_TEST(test_ClockCodeUnknown, 12);
++  RUN_TEST(test_PeerRestart, 10);
++  RUN_TEST(test_SysUnspecified, 11);
++  RUN_TEST(test_ClockCodeExists, 12);
++  RUN_TEST(test_ClockCodeUnknown, 13);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-strtolfp.c.orig
++++ contrib/ntp/tests/libntp/run-strtolfp.c
+@@ -55,13 +55,13 @@
+ {
+   progname = argv[0];
+   UnityBegin("strtolfp.c");
+-  RUN_TEST(test_PositiveInteger, 11);
+-  RUN_TEST(test_NegativeInteger, 12);
+-  RUN_TEST(test_PositiveFraction, 13);
+-  RUN_TEST(test_NegativeFraction, 14);
+-  RUN_TEST(test_PositiveMsFraction, 15);
+-  RUN_TEST(test_NegativeMsFraction, 16);
+-  RUN_TEST(test_InvalidChars, 17);
++  RUN_TEST(test_PositiveInteger, 12);
++  RUN_TEST(test_NegativeInteger, 13);
++  RUN_TEST(test_PositiveFraction, 14);
++  RUN_TEST(test_NegativeFraction, 15);
++  RUN_TEST(test_PositiveMsFraction, 16);
++  RUN_TEST(test_NegativeMsFraction, 17);
++  RUN_TEST(test_InvalidChars, 18);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-timespecops.c.orig
++++ contrib/ntp/tests/libntp/run-timespecops.c
+@@ -78,34 +78,34 @@
+ {
+   progname = argv[0];
+   UnityBegin("timespecops.c");
+-  RUN_TEST(test_Helpers1, 36);
+-  RUN_TEST(test_Normalise, 37);
+-  RUN_TEST(test_SignNoFrac, 38);
+-  RUN_TEST(test_SignWithFrac, 39);
+-  RUN_TEST(test_CmpFracEQ, 40);
+-  RUN_TEST(test_CmpFracGT, 41);
+-  RUN_TEST(test_CmpFracLT, 42);
+-  RUN_TEST(test_AddFullNorm, 43);
+-  RUN_TEST(test_AddFullOflow1, 44);
+-  RUN_TEST(test_AddNsecNorm, 45);
+-  RUN_TEST(test_AddNsecOflow1, 46);
+-  RUN_TEST(test_SubFullNorm, 47);
+-  RUN_TEST(test_SubFullOflow, 48);
+-  RUN_TEST(test_SubNsecNorm, 49);
+-  RUN_TEST(test_SubNsecOflow, 50);
+-  RUN_TEST(test_Neg, 51);
+-  RUN_TEST(test_AbsNoFrac, 52);
+-  RUN_TEST(test_AbsWithFrac, 53);
+-  RUN_TEST(test_Helpers2, 54);
+-  RUN_TEST(test_ToLFPbittest, 55);
+-  RUN_TEST(test_ToLFPrelPos, 56);
+-  RUN_TEST(test_ToLFPrelNeg, 57);
+-  RUN_TEST(test_ToLFPabs, 58);
+-  RUN_TEST(test_FromLFPbittest, 59);
+-  RUN_TEST(test_FromLFPrelPos, 60);
+-  RUN_TEST(test_FromLFPrelNeg, 61);
+-  RUN_TEST(test_LFProundtrip, 62);
+-  RUN_TEST(test_ToString, 63);
++  RUN_TEST(test_Helpers1, 37);
++  RUN_TEST(test_Normalise, 38);
++  RUN_TEST(test_SignNoFrac, 39);
++  RUN_TEST(test_SignWithFrac, 40);
++  RUN_TEST(test_CmpFracEQ, 41);
++  RUN_TEST(test_CmpFracGT, 42);
++  RUN_TEST(test_CmpFracLT, 43);
++  RUN_TEST(test_AddFullNorm, 44);
++  RUN_TEST(test_AddFullOflow1, 45);
++  RUN_TEST(test_AddNsecNorm, 46);
++  RUN_TEST(test_AddNsecOflow1, 47);
++  RUN_TEST(test_SubFullNorm, 48);
++  RUN_TEST(test_SubFullOflow, 49);
++  RUN_TEST(test_SubNsecNorm, 50);
++  RUN_TEST(test_SubNsecOflow, 51);
++  RUN_TEST(test_Neg, 52);
++  RUN_TEST(test_AbsNoFrac, 53);
++  RUN_TEST(test_AbsWithFrac, 54);
++  RUN_TEST(test_Helpers2, 55);
++  RUN_TEST(test_ToLFPbittest, 56);
++  RUN_TEST(test_ToLFPrelPos, 57);
++  RUN_TEST(test_ToLFPrelNeg, 58);
++  RUN_TEST(test_ToLFPabs, 59);
++  RUN_TEST(test_FromLFPbittest, 60);
++  RUN_TEST(test_FromLFPrelPos, 61);
++  RUN_TEST(test_FromLFPrelNeg, 62);
++  RUN_TEST(test_LFProundtrip, 63);
++  RUN_TEST(test_ToString, 64);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-timevalops.c.orig
++++ contrib/ntp/tests/libntp/run-timevalops.c
+@@ -77,34 +77,34 @@
+ {
+   progname = argv[0];
+   UnityBegin("timevalops.c");
+-  RUN_TEST(test_Helpers1, 38);
+-  RUN_TEST(test_Normalise, 39);
+-  RUN_TEST(test_SignNoFrac, 40);
+-  RUN_TEST(test_SignWithFrac, 41);
+-  RUN_TEST(test_CmpFracEQ, 42);
+-  RUN_TEST(test_CmpFracGT, 43);
+-  RUN_TEST(test_CmpFracLT, 44);
+-  RUN_TEST(test_AddFullNorm, 45);
+-  RUN_TEST(test_AddFullOflow1, 46);
+-  RUN_TEST(test_AddUsecNorm, 47);
+-  RUN_TEST(test_AddUsecOflow1, 48);
+-  RUN_TEST(test_SubFullNorm, 49);
+-  RUN_TEST(test_SubFullOflow, 50);
+-  RUN_TEST(test_SubUsecNorm, 51);
+-  RUN_TEST(test_SubUsecOflow, 52);
+-  RUN_TEST(test_Neg, 53);
+-  RUN_TEST(test_AbsNoFrac, 54);
+-  RUN_TEST(test_AbsWithFrac, 55);
+-  RUN_TEST(test_Helpers2, 56);
+-  RUN_TEST(test_ToLFPbittest, 57);
+-  RUN_TEST(test_ToLFPrelPos, 58);
+-  RUN_TEST(test_ToLFPrelNeg, 59);
+-  RUN_TEST(test_ToLFPabs, 60);
+-  RUN_TEST(test_FromLFPbittest, 61);
+-  RUN_TEST(test_FromLFPrelPos, 62);
+-  RUN_TEST(test_FromLFPrelNeg, 63);
+-  RUN_TEST(test_LFProundtrip, 64);
+-  RUN_TEST(test_ToString, 65);
++  RUN_TEST(test_Helpers1, 39);
++  RUN_TEST(test_Normalise, 40);
++  RUN_TEST(test_SignNoFrac, 41);
++  RUN_TEST(test_SignWithFrac, 42);
++  RUN_TEST(test_CmpFracEQ, 43);
++  RUN_TEST(test_CmpFracGT, 44);
++  RUN_TEST(test_CmpFracLT, 45);
++  RUN_TEST(test_AddFullNorm, 46);
++  RUN_TEST(test_AddFullOflow1, 47);
++  RUN_TEST(test_AddUsecNorm, 48);
++  RUN_TEST(test_AddUsecOflow1, 49);
++  RUN_TEST(test_SubFullNorm, 50);
++  RUN_TEST(test_SubFullOflow, 51);
++  RUN_TEST(test_SubUsecNorm, 52);
++  RUN_TEST(test_SubUsecOflow, 53);
++  RUN_TEST(test_Neg, 54);
++  RUN_TEST(test_AbsNoFrac, 55);
++  RUN_TEST(test_AbsWithFrac, 56);
++  RUN_TEST(test_Helpers2, 57);
++  RUN_TEST(test_ToLFPbittest, 58);
++  RUN_TEST(test_ToLFPrelPos, 59);
++  RUN_TEST(test_ToLFPrelNeg, 60);
++  RUN_TEST(test_ToLFPabs, 61);
++  RUN_TEST(test_FromLFPbittest, 62);
++  RUN_TEST(test_FromLFPrelPos, 63);
++  RUN_TEST(test_FromLFPrelNeg, 64);
++  RUN_TEST(test_LFProundtrip, 65);
++  RUN_TEST(test_ToString, 66);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-uglydate.c.orig
++++ contrib/ntp/tests/libntp/run-uglydate.c
+@@ -48,7 +48,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("uglydate.c");
+-  RUN_TEST(test_ConstantDateTime, 8);
++  RUN_TEST(test_ConstantDateTime, 9);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/sfptostr.c.orig
++++ contrib/ntp/tests/libntp/sfptostr.c
+@@ -4,10 +4,12 @@
+  */
+ #include "config.h"
+ #include "ntp_fp.h"
++#include "ntp_stdlib.h"
+ #include "unity.h"
+  
+ #define SFP_MAX_PRECISION 6
+ 
++void setUp(void);
+ void test_PositiveInteger(void);
+ void test_NegativeInteger(void);
+ void test_PositiveIntegerPositiveFraction(void);
+@@ -18,6 +20,15 @@
+ void test_SingleDecimalRounding(void);
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ void test_PositiveInteger(void)
+ {
+ 	s_fp test = 300 << 16; // exact 300.000000
+--- contrib/ntp/tests/libntp/socktoa.c.orig
++++ contrib/ntp/tests/libntp/socktoa.c
+@@ -7,6 +7,7 @@
+ #include "sockaddrtest.h"
+ 
+ 
++void setUp(void);
+ void test_IPv4AddressWithPort(void);
+ //#ifdef ISC_PLATFORM_HAVEIPV6
+ void test_IPv6AddressWithPort(void);
+@@ -16,6 +17,16 @@
+ void test_HashEqual(void);
+ void test_HashNotEqual(void);
+ 
++
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ void 
+ test_IPv4AddressWithPort(void) {
+ 	sockaddr_u input = CreateSockaddr4("192.0.2.10", 123);
+@@ -62,12 +73,12 @@
+ void 
+ test_ScopedIPv6AddressWithPort(void) {
+ #ifdef ISC_PLATFORM_HAVESCOPEID
+-	const struct in6_addr address = {
++	const struct in6_addr address = { { {
+ 		0xfe, 0x80, 0x00, 0x00,
+ 		0x00, 0x00, 0x00, 0x00,
+ 		0x02, 0x12, 0x3f, 0xff, 
+ 		0xfe, 0x29, 0xff, 0xfa
+-	};
++	} } };
+ 
+ 	const char* expected =
+ 		"fe80::212:3fff:fe29:fffa%5";
+--- contrib/ntp/tests/libntp/statestr.c.orig
++++ contrib/ntp/tests/libntp/statestr.c
+@@ -6,11 +6,22 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_PeerRestart(void);
+ void test_SysUnspecified(void);
+ void test_ClockCodeExists(void);
+ void test_ClockCodeUnknown(void);
+ 
++
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ // eventstr()
+ void
+ test_PeerRestart(void) {
+--- contrib/ntp/tests/libntp/strtolfp.c.orig
++++ contrib/ntp/tests/libntp/strtolfp.c
+@@ -8,6 +8,7 @@
+ 
+ /* This file tests both atolfp and mstolfp */
+ 
++void setUp(void);
+ void test_PositiveInteger(void);
+ void test_NegativeInteger(void);
+ void test_PositiveFraction(void);
+@@ -17,6 +18,15 @@
+ void test_InvalidChars(void);
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ void test_PositiveInteger(void) {
+ 	const char *str = "500";
+ 	const char *str_ms = "500000";
+--- contrib/ntp/tests/libntp/timespecops.c.orig
++++ contrib/ntp/tests/libntp/timespecops.c
+@@ -10,14 +10,14 @@
+ #include 
+ 
+ 
+-#define TEST_ASSERT_EQUAL_timespec(a, b) { \
+-    TEST_ASSERT_EQUAL_MESSAGE(a.tv_sec, b.tv_sec, "Field tv_sec"); \
++#define TEST_ASSERT_EQUAL_timespec(a, b) {				\
++    TEST_ASSERT_EQUAL_MESSAGE(a.tv_sec, b.tv_sec, "Field tv_sec");	\
+     TEST_ASSERT_EQUAL_MESSAGE(a.tv_nsec, b.tv_nsec, "Field tv_nsec");	\
+ }
+ 
+ 
+-#define TEST_ASSERT_EQUAL_l_fp(a, b) { \
+-    TEST_ASSERT_EQUAL_MESSAGE(a.l_i, b.l_i, "Field l_i"); \
++#define TEST_ASSERT_EQUAL_l_fp(a, b) {					\
++    TEST_ASSERT_EQUAL_MESSAGE(a.l_i, b.l_i, "Field l_i");		\
+     TEST_ASSERT_EQUAL_UINT_MESSAGE(a.l_uf, b.l_uf, "Field l_uf");	\
+ }
+ 
+@@ -33,6 +33,7 @@
+ };
+ 
+ 
++void setUp(void);
+ void test_Helpers1(void);
+ void test_Normalise(void);
+ void test_SignNoFrac(void);
+@@ -64,35 +65,52 @@
+ 
+ typedef int bool;
+ 
+-const bool timespec_isValid(struct timespec V);
++const bool	timespec_isValid(struct timespec V);
+ struct timespec timespec_init(time_t hi, long lo);
+-l_fp l_fp_init(int32 i, u_int32 f);
+-bool AssertFpClose(const l_fp m, const l_fp n, const l_fp limit);
+-bool AssertTimespecClose(const struct timespec m, const struct timespec n, const struct timespec limit);
++l_fp		l_fp_init(int32 i, u_int32 f);
++bool		AssertFpClose(const l_fp m, const l_fp n, const l_fp limit);
++bool		AssertTimespecClose(const struct timespec m,
++				    const struct timespec n,
++				    const struct timespec limit);
+ 
+ 
+-//******************************************MY CUSTOM FUNCTIONS*******************************
++//***************************MY CUSTOM FUNCTIONS***************************
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
+ 
++	return;
++}
++
++
+ const bool
+-timespec_isValid(struct timespec V) {
++timespec_isValid(struct timespec V)
++{
++
+ 	return V.tv_nsec >= 0 && V.tv_nsec < 1000000000;
+ }
+ 
+ 
+ struct timespec
+-timespec_init(time_t hi, long lo) {
+-	struct timespec V;	
++timespec_init(time_t hi, long lo)
++{
++	struct timespec V;
++
+ 	V.tv_sec = hi;
+ 	V.tv_nsec = lo;
++
+ 	return V;
+ }
+ 
+ 
+ l_fp
+-l_fp_init(int32 i, u_int32 f) {
++l_fp_init(int32 i, u_int32 f)
++{
+ 	l_fp temp;
++
+ 	temp.l_i  = i;
+ 	temp.l_uf = f;
+ 
+@@ -101,7 +119,8 @@
+ 
+ 
+ bool
+-AssertFpClose(const l_fp m, const l_fp n, const l_fp limit) {
++AssertFpClose(const l_fp m, const l_fp n, const l_fp limit)
++{
+ 	l_fp diff;
+ 
+ 	if (L_ISGEQ(&m, &n)) {
+@@ -111,7 +130,7 @@
+ 		diff = n;
+ 		L_SUB(&diff, &m);
+ 	}
+-	if (L_ISGEQ(&limit, &diff)){
++	if (L_ISGEQ(&limit, &diff)) {
+ 		return TRUE;
+ 	}
+ 	else {
+@@ -122,7 +141,9 @@
+ 
+ 
+ bool
+-AssertTimespecClose(const struct timespec m, const struct timespec n, const struct timespec limit) {
++AssertTimespecClose(const struct timespec m, const struct timespec n,
++	const struct timespec limit)
++{
+ 	struct timespec diff;
+ 
+ 	diff = abs_tspec(sub_tspec(m, n));
+@@ -156,11 +177,13 @@
+ 
+ 
+ u_int32
+-my_tick_to_tsf(u_int32 ticks) {
++my_tick_to_tsf(u_int32 ticks)
++{
+ 	// convert nanoseconds to l_fp fractional units, using double
+ 	// precision float calculations or, if available, 64bit integer
+ 	// arithmetic. This should give the precise fraction, rounded to
+ 	// the nearest representation.
++
+ #ifdef HAVE_U_INT64
+ 	return (u_int32)((( ((u_int64)(ticks)) << 32) + 500000000) / 1000000000);
+ #else
+@@ -172,7 +195,9 @@
+ 
+ 
+ u_int32
+-my_tsf_to_tick(u_int32 tsf) {
++my_tsf_to_tick(u_int32 tsf)
++{
++
+ 	// Inverse operation: converts fraction to microseconds.
+ #ifdef HAVE_U_INT64
+ 	return (u_int32)(( ((u_int64)(tsf)) * 1000000000 + 0x80000000) >> 32);
+@@ -189,7 +214,8 @@
+ // ---------------------------------------------------------------------
+ 
+ void
+-test_Helpers1(void) {
++test_Helpers1(void)
++{
+ 	struct timespec x;
+ 
+ 	for (x.tv_sec = -2; x.tv_sec < 3; x.tv_sec++) {
+@@ -202,6 +228,8 @@
+ 		x.tv_nsec = 1000000000;
+ 		TEST_ASSERT_FALSE(timespec_isValid(x));
+ 	}
++
++	return;
+ }
+ 
+ 
+@@ -210,8 +238,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_Normalise(void) {
++test_Normalise(void)
++{
+ 	long ns;
++
+ 	for ( ns = -2000000000; ns <= 2000000000; ns += 10000000) {
+ 		struct timespec x = timespec_init(0, ns);
+ 
+@@ -218,6 +248,8 @@
+ 		x = normalize_tspec(x);
+ 		TEST_ASSERT_TRUE(timespec_isValid(x));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -225,9 +257,11 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_SignNoFrac(void) {
++test_SignNoFrac(void)
++{
+ 	// sign test, no fraction
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 0);
+ 		int E = (i > 0) - (i < 0);
+@@ -235,19 +269,26 @@
+ 
+ 		TEST_ASSERT_EQUAL(E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SignWithFrac(void) {
++test_SignWithFrac(void)
++{
+ 	// sign test, with fraction
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 10);
+ 		int E = (i >= 0) - (i < 0);
+ 		int r = test_tspec(a);
++
+ 		TEST_ASSERT_EQUAL(E, r);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -254,7 +295,8 @@
+ // test compare
+ //----------------------------------------------------------------------
+ void
+-test_CmpFracEQ(void) {
++test_CmpFracEQ(void)
++{
+ 	// fractions are equal
+ 	int i, j;
+ 	for (i = -4; i <= 4; ++i)
+@@ -263,15 +305,20 @@
+ 			struct timespec b = timespec_init( j , 200);
+ 			int   E = (i > j) - (i < j);
+ 			int   r = cmp_tspec_denorm(a, b);
++
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_CmpFracGT(void) {
++test_CmpFracGT(void)
++{
+ 	// fraction a bigger fraction b
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 999999800);
+@@ -278,15 +325,20 @@
+ 			struct timespec b = timespec_init(j, 200);
+ 			int   E = (i >= j) - (i < j);
+ 			int   r = cmp_tspec_denorm(a, b);
++
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_CmpFracLT(void) {
++test_CmpFracLT(void)
++{
+ 	// fraction a less fraction b
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 200);
+@@ -293,8 +345,11 @@
+ 			struct timespec b = timespec_init(j, 999999800);
+ 			int   E = (i > j) - (i <= j);
+ 			int   r = cmp_tspec_denorm(a, b);
++
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -302,8 +357,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_AddFullNorm(void) {
++test_AddFullNorm(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 200);
+@@ -314,12 +371,16 @@
+ 			c = add_tspec(a, b);
+ 			TEST_ASSERT_EQUAL_timespec(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddFullOflow1(void) {
++test_AddFullOflow1(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 200);
+@@ -330,6 +391,8 @@
+ 			c = add_tspec(a, b);
+ 			TEST_ASSERT_EQUAL_timespec(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+@@ -336,6 +399,7 @@
+ void
+ test_AddNsecNorm(void) {
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 200);
+ 		struct timespec E = timespec_init(i, 600);
+@@ -344,12 +408,16 @@
+ 		c = add_tspec_ns(a, 600 - 200);
+ 		TEST_ASSERT_EQUAL_timespec(E, c);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddNsecOflow1(void) {
++test_AddNsecOflow1(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 200);
+ 		struct timespec E = timespec_init(i + 1, 100);
+@@ -358,6 +426,8 @@
+ 		c = add_tspec_ns(a, NANOSECONDS - 100);
+ 		TEST_ASSERT_EQUAL_timespec(E, c);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -365,8 +435,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_SubFullNorm(void) {
++test_SubFullNorm(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init( i , 600);
+@@ -377,12 +449,16 @@
+ 			c = sub_tspec(a, b);
+ 			TEST_ASSERT_EQUAL_timespec(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubFullOflow(void) {
++test_SubFullOflow(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 100);
+@@ -393,12 +469,16 @@
+ 			c = sub_tspec(a, b);
+ 			TEST_ASSERT_EQUAL_timespec(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubNsecNorm(void) {
++test_SubNsecNorm(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 600);
+ 		struct timespec E = timespec_init(i, 200);
+@@ -407,12 +487,16 @@
+ 		c = sub_tspec_ns(a, 600 - 200);
+ 		TEST_ASSERT_EQUAL_timespec(E, c);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubNsecOflow(void) {
++test_SubNsecOflow(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init( i , 100);
+ 		struct timespec E = timespec_init(i-1, 200);
+@@ -421,6 +505,8 @@
+ 		c = sub_tspec_ns(a, NANOSECONDS - 100);
+ 		TEST_ASSERT_EQUAL_timespec(E, c);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -429,8 +515,10 @@
+ 
+ 
+ void
+-test_Neg(void) {
++test_Neg(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 100);
+ 		struct timespec b;
+@@ -440,6 +528,8 @@
+ 		c = add_tspec(a, b);
+ 		TEST_ASSERT_EQUAL(0, test_tspec(c));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -447,8 +537,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_AbsNoFrac(void) {
++test_AbsNoFrac(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i , 0);
+ 		struct timespec b;
+@@ -456,12 +548,16 @@
+ 		b = abs_tspec(a);
+ 		TEST_ASSERT_EQUAL((i != 0), test_tspec(b));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AbsWithFrac(void) {
++test_AbsWithFrac(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 100);
+ 		struct timespec b;
+@@ -469,6 +565,8 @@
+ 		b = abs_tspec(a);
+ 		TEST_ASSERT_EQUAL(1, test_tspec(b));
+ 	}
++
++	return;
+ }
+ 
+ // ---------------------------------------------------------------------
+@@ -476,9 +574,9 @@
+ // ---------------------------------------------------------------------
+ 
+ void
+-test_Helpers2(void) {
++test_Helpers2(void)
++{
+ 	struct timespec limit = timespec_init(0, 2);
+-	
+ 	struct timespec x, y;
+ 	long i;
+ 
+@@ -489,7 +587,7 @@
+ 			for (i = -4; i < 5; ++i) {
+ 				y = x;
+ 				y.tv_nsec += i;
+-				if (i >= -2 && i <= 2){
++				if (i >= -2 && i <= 2) {
+ 					TEST_ASSERT_TRUE(AssertTimespecClose(x, y, limit));
+ 				}
+ 				else
+@@ -498,6 +596,8 @@
+ 				}
+ 			}
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -505,9 +605,11 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_ToLFPbittest(void) {
++test_ToLFPbittest(void)
++{
+ 	l_fp lfpClose =  l_fp_init(0, 1);
+ 	u_int32 i;
++
+ 	for (i = 0; i < 1000000000; i+=1000) {
+ 		struct timespec a = timespec_init(1, i);
+ 		l_fp E= l_fp_init(1, my_tick_to_tsf(i));
+@@ -516,12 +618,16 @@
+ 		r = tspec_intv_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPrelPos(void) {
++test_ToLFPrelPos(void)
++{
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timespec a = timespec_init(1, fdata[i].nsec);
+ 		l_fp E = l_fp_init(1, fdata[i].frac);
+@@ -530,12 +636,16 @@
+ 		r = tspec_intv_to_lfp(a);
+ 		TEST_ASSERT_EQUAL_l_fp(E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPrelNeg(void) {
++test_ToLFPrelNeg(void)
++{
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timespec a = timespec_init(-1, fdata[i].nsec);
+ 		l_fp E = l_fp_init(~0, fdata[i].frac);
+@@ -544,12 +654,16 @@
+ 		r = tspec_intv_to_lfp(a);
+ 		TEST_ASSERT_EQUAL_l_fp(E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPabs(void) {
++test_ToLFPabs(void)
++{
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timespec a = timespec_init(1, fdata[i].nsec);
+ 		l_fp E = l_fp_init(1 + JAN_1970, fdata[i].frac);
+@@ -558,6 +672,8 @@
+ 		r = tspec_stamp_to_lfp(a);
+ 		TEST_ASSERT_EQUAL_l_fp(E, r);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -565,7 +681,8 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_FromLFPbittest(void) {
++test_FromLFPbittest(void)
++{
+ 	struct timespec limit = timespec_init(0, 2);
+ 
+ 	// Not *exactly* a bittest, because 2**32 tests would take a
+@@ -582,13 +699,17 @@
+ 		// comparing to calculated value.
+ 		TEST_ASSERT_TRUE(AssertTimespecClose(E, r, limit));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_FromLFPrelPos(void) {
++test_FromLFPrelPos(void)
++{
+ 	struct timespec limit = timespec_init(0, 2);
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		l_fp a = l_fp_init(1, fdata[i].frac);
+ 		struct timespec E = timespec_init(1, fdata[i].nsec);
+@@ -597,13 +718,17 @@
+ 		r = lfp_intv_to_tspec(a);
+ 		TEST_ASSERT_TRUE(AssertTimespecClose(E, r, limit));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_FromLFPrelNeg(void) {
++test_FromLFPrelNeg(void)
++{
+ 	struct timespec limit = timespec_init(0, 2);
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		l_fp a = l_fp_init(~0, fdata[i].frac);
+ 		struct timespec E = timespec_init(-1, fdata[i].nsec);
+@@ -612,14 +737,18 @@
+ 		r = lfp_intv_to_tspec(a);
+ 		TEST_ASSERT_TRUE(AssertTimespecClose(E, r, limit));
+ 	}
++
++	return;
+ }
+ 
+ 
+ // nsec -> frac -> nsec roundtrip, using a prime start and increment
+ void
+-test_LFProundtrip(void) {
++test_LFProundtrip(void)
++{
+ 	int32_t t;
+ 	u_int32 i;
++
+ 	for (t = -1; t < 2; ++t)
+ 		for (i = 4999; i < 1000000000; i += 10007) {
+ 			struct timespec E = timespec_init(t, i);
+@@ -630,6 +759,8 @@
+ 			r = lfp_intv_to_tspec(a);
+ 			TEST_ASSERT_EQUAL_timespec(E, r);
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -637,7 +768,8 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_ToString(void) {
++test_ToString(void)
++{
+ 	static const struct {
+ 		time_t		sec;
+ 		long		nsec;
+@@ -653,6 +785,7 @@
+ 		{-1,-1, "-1.000000001" },
+ 	};
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(data); ++i) {
+ 		struct timespec a = timespec_init(data[i].sec, data[i].nsec);
+ 		const char * E = data[i].repr;
+@@ -659,6 +792,8 @@
+ 		const char * r = tspectoa(a);
+ 		TEST_ASSERT_EQUAL_STRING(E, r);
+ 	}
++
++	return;
+ }
+ 
+ // -*- EOF -*-
+--- contrib/ntp/tests/libntp/timevalops.c.orig
++++ contrib/ntp/tests/libntp/timevalops.c
+@@ -11,8 +11,8 @@
+ #include "unity.h"
+ 
+ 
+-#define TEST_ASSERT_EQUAL_timeval(a, b) { \
+-    TEST_ASSERT_EQUAL_MESSAGE(a.tv_sec, b.tv_sec, "Field tv_sec"); \
++#define TEST_ASSERT_EQUAL_timeval(a, b) {				\
++    TEST_ASSERT_EQUAL_MESSAGE(a.tv_sec, b.tv_sec, "Field tv_sec");	\
+     TEST_ASSERT_EQUAL_MESSAGE(a.tv_usec, b.tv_usec, "Field tv_usec");	\
+ }
+ 
+@@ -35,6 +35,7 @@
+ bool AssertTimevalClose(const struct timeval m, const struct timeval n, const struct timeval limit);
+ bool AssertFpClose(const l_fp m, const l_fp n, const l_fp limit);
+ 
++void setUp(void);
+ void test_Helpers1(void);
+ void test_Normalise(void);
+ void test_SignNoFrac(void);
+@@ -65,28 +66,43 @@
+ void test_ToString(void);
+ 
+ 
+-//******************************************MY CUSTOM FUNCTIONS*******************************
++//**********************************MY CUSTOM FUNCTIONS***********************
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
+ 
++	return;
++}
++
++
+ struct timeval
+-timeval_init( time_t hi, long lo){
++timeval_init(time_t hi, long lo)
++{
+ 	struct timeval V; 
++
+ 	V.tv_sec = hi; 
+ 	V.tv_usec = lo;
++
+ 	return V;
+ }
+ 
+ 
+ const bool
+-timeval_isValid(struct timeval V) {
++timeval_isValid(struct timeval V)
++{
++
+ 	return V.tv_usec >= 0 && V.tv_usec < 1000000;
+ }
+ 
+ 
+ l_fp
+-l_fp_init(int32 i, u_int32 f) {
++l_fp_init(int32 i, u_int32 f)
++{
+ 	l_fp temp;
++
+ 	temp.l_i  = i;
+ 	temp.l_uf = f;
+ 
+@@ -95,18 +111,18 @@
+ 
+ 
+ bool
+-AssertTimevalClose(const struct timeval m, const struct timeval n, const struct timeval limit) {
++AssertTimevalClose(const struct timeval m, const struct timeval n, const struct timeval limit)
++{
+ 	struct timeval diff;
+ 
+ 	diff = abs_tval(sub_tval(m, n));
+ 	if (cmp_tval(limit, diff) >= 0)
+ 		return TRUE;
+-	
+ 	else 
+ 	{
+ 		printf("m_expr which is %ld.%lu \nand\nn_expr which is %ld.%lu\nare not close; diff=%ld.%luusec\n", m.tv_sec, m.tv_usec, n.tv_sec, n.tv_usec, diff.tv_sec, diff.tv_usec); 
+ 		//I don't have variables m_expr and n_expr in unity, those are command line arguments which only getst has!!!
+-		
++
+ 		return FALSE;
+ 	}
+ }
+@@ -113,7 +129,8 @@
+ 
+ 
+ bool
+-AssertFpClose(const l_fp m, const l_fp n, const l_fp limit) {
++AssertFpClose(const l_fp m, const l_fp n, const l_fp limit)
++{
+ 	l_fp diff;
+ 
+ 	if (L_ISGEQ(&m, &n)) {
+@@ -123,7 +140,7 @@
+ 		diff = n;
+ 		L_SUB(&diff, &m);
+ 	}
+-	if (L_ISGEQ(&limit, &diff)){
++	if (L_ISGEQ(&limit, &diff)) {
+ 		return TRUE;
+ 	}
+ 	else {
+@@ -155,11 +172,13 @@
+ 
+ 
+ u_int32
+-my_tick_to_tsf(u_int32 ticks) {
++my_tick_to_tsf(u_int32 ticks)
++{
+ 	// convert microseconds to l_fp fractional units, using double
+ 	// precision float calculations or, if available, 64bit integer
+ 	// arithmetic. This should give the precise fraction, rounded to
+ 	// the nearest representation.
++
+ #ifdef HAVE_U_INT64
+ 	return (u_int32)((( ((u_int64)(ticks)) << 32) + 500000) / 1000000); //I put too much () when casting just to be safe
+ #else
+@@ -171,7 +190,8 @@
+ 
+ 
+ u_int32
+-my_tsf_to_tick(u_int32 tsf) {
++my_tsf_to_tick(u_int32 tsf)
++{
+ 	// Inverse operation: converts fraction to microseconds.
+ #ifdef HAVE_U_INT64
+ 	return (u_int32)( ((u_int64)(tsf) * 1000000 + 0x80000000) >> 32); //CHECK ME!!!
+@@ -182,7 +202,7 @@
+ }
+ 
+ 
+-//***************************************END OF CUSTOM FUNCTIONS*****************************
++//*******************************END OF CUSTOM FUNCTIONS*********************
+ 
+ 
+ // ---------------------------------------------------------------------
+@@ -190,7 +210,8 @@
+ // ---------------------------------------------------------------------
+ 
+ void
+-test_Helpers1(void) {
++test_Helpers1(void)
++{
+ 	struct timeval x;
+ 
+ 	for (x.tv_sec = -2; x.tv_sec < 3; x.tv_sec++) {
+@@ -203,6 +224,8 @@
+ 		x.tv_usec = 1000000;
+ 		TEST_ASSERT_FALSE(timeval_isValid(x));
+ 	}
++
++	return;
+ }
+ 
+ 
+@@ -211,14 +234,18 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_Normalise(void) {
++test_Normalise(void)
++{
+ 	long ns;
++
+ 	for (ns = -2000000000; ns <= 2000000000; ns += 10000000) {
+ 		struct timeval x = timeval_init(0, ns);
+-		
++
+ 		x = normalize_tval(x);
+ 		TEST_ASSERT_TRUE(timeval_isValid(x));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -226,8 +253,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_SignNoFrac(void) {
++test_SignNoFrac(void)
++{
+ 	int i;
++
+ 	// sign test, no fraction
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 0);
+@@ -236,13 +265,17 @@
+ 
+ 		TEST_ASSERT_EQUAL(E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SignWithFrac(void) {
++test_SignWithFrac(void)
++{
+ 	// sign test, with fraction
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 10);
+ 		int	     E = (i >= 0) - (i < 0);
+@@ -250,6 +283,8 @@
+ 
+ 		TEST_ASSERT_EQUAL(E, r);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -256,8 +291,10 @@
+ // test compare
+ //----------------------------------------------------------------------
+ void
+-test_CmpFracEQ(void) {
++test_CmpFracEQ(void)
++{
+ 	int i, j;
++
+ 	// fractions are equal
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+@@ -268,13 +305,17 @@
+ 
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_CmpFracGT(void) {
++test_CmpFracGT(void)
++{
+ 	// fraction a bigger fraction b
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init( i , 999800);
+@@ -284,13 +325,17 @@
+ 
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_CmpFracLT(void) {
++test_CmpFracLT(void)
++{
+ 	// fraction a less fraction b
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 200);
+@@ -300,6 +345,8 @@
+ 
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -307,8 +354,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_AddFullNorm(void) {
++test_AddFullNorm(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 200);
+@@ -319,12 +368,16 @@
+ 			c = add_tval(a, b);
+ 			TEST_ASSERT_EQUAL_timeval(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddFullOflow1(void) {
++test_AddFullOflow1(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 200);
+@@ -335,12 +388,16 @@
+ 			c = add_tval(a, b);
+ 			TEST_ASSERT_EQUAL_timeval(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddUsecNorm(void) {
++test_AddUsecNorm(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 200);
+ 		struct timeval E = timeval_init(i, 600);
+@@ -349,12 +406,16 @@
+ 		c = add_tval_us(a, 600 - 200);
+ 		TEST_ASSERT_EQUAL_timeval(E, c);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddUsecOflow1(void) {
++test_AddUsecOflow1(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 200);
+ 		struct timeval E = timeval_init(i + 1, 100);
+@@ -363,6 +424,8 @@
+ 		c = add_tval_us(a, MICROSECONDS - 100);
+ 		TEST_ASSERT_EQUAL_timeval(E, c);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -370,8 +433,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_SubFullNorm(void) {
++test_SubFullNorm(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 600);
+@@ -382,12 +447,16 @@
+ 			c = sub_tval(a, b);
+ 			TEST_ASSERT_EQUAL_timeval(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubFullOflow(void) {
++test_SubFullOflow(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 100);
+@@ -398,12 +467,16 @@
+ 			c = sub_tval(a, b);
+ 			TEST_ASSERT_EQUAL_timeval(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubUsecNorm(void) {
++test_SubUsecNorm(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 600);
+ 		struct timeval E = timeval_init(i, 200);
+@@ -412,12 +485,16 @@
+ 		c = sub_tval_us(a, 600 - 200);
+ 		TEST_ASSERT_EQUAL_timeval(E, c);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubUsecOflow(void) {
++test_SubUsecOflow(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 100);
+ 		struct timeval E = timeval_init(i - 1, 200);
+@@ -426,6 +503,8 @@
+ 		c = sub_tval_us(a, MICROSECONDS - 100);
+ 		TEST_ASSERT_EQUAL_timeval(E, c);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -433,8 +512,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_Neg(void) {
++test_Neg(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 100);
+ 		struct timeval b;
+@@ -444,6 +525,8 @@
+ 		c = add_tval(a, b);
+ 		TEST_ASSERT_EQUAL(0, test_tval(c));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -451,8 +534,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_AbsNoFrac(void) {
++test_AbsNoFrac(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 0);
+ 		struct timeval b;
+@@ -460,12 +545,16 @@
+ 		b = abs_tval(a);
+ 		TEST_ASSERT_EQUAL((i != 0), test_tval(b));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AbsWithFrac(void) {
++test_AbsWithFrac(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 100);
+ 		struct timeval b;
+@@ -473,6 +562,8 @@
+ 		b = abs_tval(a);
+ 		TEST_ASSERT_EQUAL(1, test_tval(b));
+ 	}
++
++	return;
+ }
+ 
+ // ---------------------------------------------------------------------
+@@ -481,13 +572,13 @@
+ 
+ 
+ void
+-test_Helpers2(void) {
+-
++test_Helpers2(void)
++{
+ 	struct timeval limit = timeval_init(0, 2);
+ 	struct timeval x, y;
+-	long i;	
++	long i;
+ 
+-	for (x.tv_sec = -2; x.tv_sec < 3; x.tv_sec++){
++	for (x.tv_sec = -2; x.tv_sec < 3; x.tv_sec++) {
+ 		for (x.tv_usec = 1;
+ 		     x.tv_usec < 1000000;
+ 		     x.tv_usec += 499999) {
+@@ -494,7 +585,7 @@
+ 			for (i = -4; i < 5; ++i) {
+ 				y = x;
+ 				y.tv_usec += i;
+-				if (i >= -2 && i <= 2){
++				if (i >= -2 && i <= 2) {
+ 					TEST_ASSERT_TRUE(AssertTimevalClose(x, y, limit));//ASSERT_PRED_FORMAT2(isClose, x, y);
+ 				}
+ 				else {
+@@ -503,6 +594,8 @@
+ 			}
+ 		}
+ 	}
++
++	return;
+ }
+ 
+ // and the global predicate instances we're using here
+@@ -515,8 +608,9 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_ToLFPbittest(void) {
+-	l_fp lfpClose =  l_fp_init(0, 1);	
++test_ToLFPbittest(void)
++{
++	l_fp lfpClose =  l_fp_init(0, 1);
+ 
+ 	u_int32 i = 0;
+ 	for (i = 0; i < 1000000; ++i) {
+@@ -527,14 +621,17 @@
+ 		r = tval_intv_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));	//ASSERT_PRED_FORMAT2(FpClose, E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPrelPos(void) {
++test_ToLFPrelPos(void)
++{
+ 	l_fp lfpClose =  l_fp_init(0, 1);
++	int i = 0;
+ 
+-	int i = 0;
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timeval a = timeval_init(1, fdata[i].usec);
+ 		l_fp E = l_fp_init(1, fdata[i].frac);
+@@ -543,13 +640,17 @@
+ 		r = tval_intv_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPrelNeg(void) {
++test_ToLFPrelNeg(void)
++{
+ 	l_fp lfpClose =  l_fp_init(0, 1);
+ 	int i = 0;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timeval a = timeval_init(-1, fdata[i].usec);
+ 		l_fp E = l_fp_init(~0, fdata[i].frac);
+@@ -558,14 +659,17 @@
+ 		r = tval_intv_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPabs(void) {
++test_ToLFPabs(void)
++{
+ 	l_fp lfpClose =  l_fp_init(0, 1);
++	int i = 0;
+ 
+-	int i = 0;
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timeval a = timeval_init(1, fdata[i].usec);
+ 		l_fp E = l_fp_init(1 + JAN_1970, fdata[i].frac);
+@@ -574,6 +678,8 @@
+ 		r = tval_stamp_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -581,12 +687,14 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_FromLFPbittest(void) {
++test_FromLFPbittest(void)
++{
+ 	struct timeval timevalClose = timeval_init(0, 1);
+ 	// Not *exactly* a bittest, because 2**32 tests would take a
+ 	// really long time even on very fast machines! So we do test
+ 	// every 1000 fractional units.
+ 	u_int32 tsf = 0;
++
+ 	for (tsf = 0; tsf < ~((u_int32)(1000)); tsf += 1000) {
+ 		struct timeval E = timeval_init(1, my_tsf_to_tick(tsf));
+ 		l_fp a = l_fp_init(1, tsf);
+@@ -597,13 +705,17 @@
+ 		// comparing to calculated value.
+ 		TEST_ASSERT_TRUE(AssertTimevalClose(E, r, timevalClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_FromLFPrelPos(void) {
++test_FromLFPrelPos(void)
++{
+ 	struct timeval timevalClose = timeval_init(0, 1);
+-	int i = 0;	
++	int i = 0;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		l_fp a = l_fp_init(1, fdata[i].frac);
+ 		struct timeval E = timeval_init(1, fdata[i].usec);
+@@ -612,13 +724,17 @@
+ 		r = lfp_intv_to_tval(a);
+ 		TEST_ASSERT_TRUE(AssertTimevalClose(E, r, timevalClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_FromLFPrelNeg(void) {
++test_FromLFPrelNeg(void)
++{
+ 	struct timeval timevalClose = timeval_init(0, 1);
+ 	int i = 0;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		l_fp a = l_fp_init(~0, fdata[i].frac);
+ 		struct timeval E = timeval_init(-1, fdata[i].usec);
+@@ -627,14 +743,18 @@
+ 		r = lfp_intv_to_tval(a);
+ 		TEST_ASSERT_TRUE(AssertTimevalClose(E, r, timevalClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ // usec -> frac -> usec roundtrip, using a prime start and increment
+ void
+-test_LFProundtrip(void) {
++test_LFProundtrip(void)
++{
+ 	int32_t t = -1;
+ 	u_int32 i = 5;
++
+ 	for (t = -1; t < 2; ++t)
+ 		for (i = 5; i < 1000000; i += 11) {
+ 			struct timeval E = timeval_init(t, i);
+@@ -645,6 +765,8 @@
+ 			r = lfp_intv_to_tval(a);
+ 			TEST_ASSERT_EQUAL_timeval(E, r);
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -652,7 +774,8 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_ToString(void) {
++test_ToString(void)
++{
+ 	static const struct {
+ 		time_t	     sec;
+ 		long	     usec;
+@@ -668,6 +791,7 @@
+ 		{-1,-1, "-1.000001" },
+ 	};
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(data); ++i) {
+ 		struct timeval a = timeval_init(data[i].sec, data[i].usec);
+ 		const char *  E = data[i].repr;
+@@ -675,6 +799,8 @@
+ 
+ 		TEST_ASSERT_EQUAL_STRING(E, r);
+ 	}
++
++	return;
+ }
+ 
+ // -*- EOF -*-
+--- contrib/ntp/tests/libntp/uglydate.c.orig
++++ contrib/ntp/tests/libntp/uglydate.c
+@@ -5,14 +5,26 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_ConstantDateTime(void);
+ 
++
+ void
+-test_ConstantDateTime(void) {
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++void
++test_ConstantDateTime(void)
++{
+ 	const u_int32 HALF = 2147483648UL;
+ 
+-	l_fp time = {{3485080800UL}, HALF}; /* 2010-06-09 14:00:00.5 */
++	l_fp e_time = {{3485080800UL}, HALF}; /* 2010-06-09 14:00:00.5 */
+ 
+ 	TEST_ASSERT_EQUAL_STRING("3485080800.500000 10:159:14:00:00.500",
+-				 uglydate(&time));
++				 uglydate(&e_time));
++	return;
+ }
+--- contrib/ntp/tests/ntpd/leapsec.c.orig
++++ contrib/ntp/tests/ntpd/leapsec.c
+@@ -234,6 +234,7 @@
+ int stringreader(void* farg)
+ {
+ 	const char ** cpp = (const char**)farg;
++
+ 	if (**cpp)
+ 		return *(*cpp)++;
+ 	else
+@@ -247,6 +248,7 @@
+ {
+ 	int            rc;
+ 	leap_table_t * pt = leapsec_get_table(0);
++
+ 	rc = (pt != NULL) && leapsec_load(pt, stringreader, &cp, blim);
+ 	rc = rc && leapsec_set_table(pt);
+ 	return rc;
+@@ -257,6 +259,7 @@
+ {
+ 	int            rc;
+ 	leap_table_t * pt = leapsec_get_table(0);
++
+ 	if (pt)
+ 		leapsec_clear(pt);
+ 	rc = leapsec_set_table(pt);
+@@ -264,10 +267,13 @@
+ }
+ 
+ 
+-char * CalendarToString(const struct calendar cal) {
++char *
++CalendarToString(const struct calendar cal)
++{
+ 	char * ss = malloc (sizeof (char) * 100);
+-	
+ 	char buffer[100] ="";
++
++	*ss = '\0';
+ 	sprintf(buffer, "%u", cal.year);
+ 	strcat(ss,buffer);
+ 	strcat(ss,"-");
+@@ -293,34 +299,47 @@
+ }
+ 
+ 
+-int IsEqual(const struct calendar expected, const struct calendar actual) {
+-	if (expected.year == actual.year &&
+-		(expected.yearday == actual.yearday ||
+-		 (expected.month == actual.month &&
+-		  expected.monthday == actual.monthday)) &&
+-		expected.hour == actual.hour &&
+-		expected.minute == actual.minute &&
+-		expected.second == actual.second) {
++int
++IsEqual(const struct calendar expected, const struct calendar actual)
++{
++
++	if (   expected.year == actual.year
++	    && (   expected.yearday == actual.yearday
++		|| (   expected.month == actual.month
++		    && expected.monthday == actual.monthday))
++	    && expected.hour == actual.hour
++	    && expected.minute == actual.minute
++	    && expected.second == actual.second) {
+ 		return TRUE;
+ 	} else {
+-		printf("expected: %s but was %s", CalendarToString(expected) ,CalendarToString(actual));
++		char *p_exp = CalendarToString(expected);
++		char *p_act = CalendarToString(actual);
++
++		printf("expected: %s but was %s", p_exp, p_act);
++
++		free(p_exp);
++		free(p_act);
+ 		return FALSE;
+-			
+ 	}
+ }
+ 
+ //-------------------------
+ 
+-void setUp(void)
++void
++setUp(void)
+ {
+     ntpcal_set_timefunc(timefunc);
+     settime(1970, 1, 1, 0, 0, 0);
+     leapsec_ut_pristine();
++
++    return;
+ }
+ 
+-void tearDown(void)
++void
++tearDown(void)
+ {
+     ntpcal_set_timefunc(NULL);
++    return;
+ }
+ 
+ // =====================================================================
+@@ -328,45 +347,73 @@
+ // =====================================================================
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateGood(void) {
++void
++test_ValidateGood(void)
++{
+ 	const char *cp = leap_ghash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_GOODHASH, rc);
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateNoHash(void) {
++void
++test_ValidateNoHash(void)
++{
+ 	const char *cp = leap2;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_NOHASH, rc);
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateBad(void) {
++void
++test_ValidateBad(void)
++{
+ 	const char *cp = leap_bhash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_BADHASH, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateMalformed(void) {
++void
++test_ValidateMalformed(void)
++{
+ 	const char *cp = leap_mhash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_BADFORMAT, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateMalformedShort(void) {
++void
++test_ValidateMalformedShort(void)
++{
+ 	const char *cp = leap_shash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_BADFORMAT, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateNoLeadZero(void) {
++void
++test_ValidateNoLeadZero(void)
++{
+ 	const char *cp = leap_gthash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_GOODHASH, rc);
++
++	return;
+ }
+ 
+ // =====================================================================
+@@ -375,7 +422,9 @@
+ 
+ // ----------------------------------------------------------------------
+ // test table selection
+-void test_tableSelect(void) {
++void
++test_tableSelect(void)
++{
+ 	leap_table_t *pt1, *pt2, *pt3, *pt4;
+ 
+ 	pt1 = leapsec_get_table(0);
+@@ -406,12 +455,16 @@
+ 	pt3 = leapsec_get_table(1);
+ 	TEST_ASSERT_EQUAL(pt1, pt2);
+ 	TEST_ASSERT_NOT_EQUAL(pt2, pt3);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // load file & check expiration
+ 
+-void test_loadFileExpire(void) {
++void
++test_loadFileExpire(void)
++{
+ 	const char *cp = leap1;
+ 	int rc;
+ 	leap_table_t * pt = leapsec_get_table(0);
+@@ -423,19 +476,22 @@
+ 	TEST_ASSERT_EQUAL(0, rc);
+ 	rc = leapsec_expired(3610569601u, NULL);
+ 	TEST_ASSERT_EQUAL(1, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // load file & check time-to-live
+ 
+-void test_loadFileTTL(void) {
+-	const char *cp = leap1;
+-	int rc;
+-	leap_table_t * pt = leapsec_get_table(0);
+-	time_t         pivot = 0x70000000u;
++void
++test_loadFileTTL(void)
++{
++	const char     *cp = leap1;
++	int		rc;
++	leap_table_t  * pt = leapsec_get_table(0);
++	time_t		pivot = 0x70000000u;
++	const uint32_t	limit = 3610569600u;
+ 
+-	const uint32_t limit = 3610569600u;
+-
+ 	rc =   leapsec_load(pt, stringreader, &cp, FALSE)
+ 	    && leapsec_set_table(pt);
+ 	TEST_ASSERT_EQUAL(1, rc); //
+@@ -442,16 +498,18 @@
+ 
+ 	// exactly 1 day to live
+ 	rc = leapsec_daystolive(limit - 86400, &pivot);
+-	TEST_ASSERT_EQUAL( 1, rc);	
++	TEST_ASSERT_EQUAL( 1, rc);
+ 	// less than 1 day to live
+ 	rc = leapsec_daystolive(limit - 86399, &pivot);
+-	TEST_ASSERT_EQUAL( 0, rc);	
++	TEST_ASSERT_EQUAL( 0, rc);
+ 	// hit expiration exactly
+ 	rc = leapsec_daystolive(limit, &pivot);
+-	TEST_ASSERT_EQUAL( 0, rc);	
++	TEST_ASSERT_EQUAL( 0, rc);
+ 	// expired since 1 sec
+ 	rc = leapsec_daystolive(limit + 1, &pivot);
+-	TEST_ASSERT_EQUAL(-1, rc);	
++	TEST_ASSERT_EQUAL(-1, rc);
++
++	return;
+ }
+ 
+ // =====================================================================
+@@ -460,19 +518,25 @@
+ 
+ // ----------------------------------------------------------------------
+ // test query in pristine state (bug#2745 misbehaviour)
+-void test_lsQueryPristineState(void) {
++void
++test_lsQueryPristineState(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+-	
++
+ 	rc = leapsec_query(&qr, lsec2012, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump: leap second at 2009.01.01 -60days
+-void test_ls2009faraway(void) {
++void
++test_ls2009faraway(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -485,11 +549,15 @@
+ 	TEST_ASSERT_EQUAL(33, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump: leap second at 2009.01.01 -1week
+-void test_ls2009weekaway(void) {
++void
++test_ls2009weekaway(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -502,11 +570,15 @@
+ 	TEST_ASSERT_EQUAL(33, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(1,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_SCHEDULE, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump: leap second at 2009.01.01 -1hr
+-void test_ls2009houraway(void) {
++void
++test_ls2009houraway(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -519,11 +591,15 @@
+ 	TEST_ASSERT_EQUAL(33, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(1,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_ANNOUNCE, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump: leap second at 2009.01.01 -1sec
+-void test_ls2009secaway(void) {
++void
++test_ls2009secaway(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -536,11 +612,15 @@
+ 	TEST_ASSERT_EQUAL(33, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(1,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_ALERT, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump to leap second at 2009.01.01
+-void test_ls2009onspot(void) {
++void
++test_ls2009onspot(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -553,11 +633,15 @@
+ 	TEST_ASSERT_EQUAL(34, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test handling of the leap second at 2009.01.01 without table
+-void test_ls2009nodata(void) {
++void
++test_ls2009nodata(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -570,11 +654,15 @@
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test handling of the leap second at 2009.01.01 with culled data
+-void test_ls2009limdata(void) {
++void
++test_ls2009limdata(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -591,15 +679,19 @@
+ 	TEST_ASSERT_TRUE(35 >= qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // Far-distance forward jump into a transiton window.
+-void test_qryJumpFarAhead(void) {
++void
++test_qryJumpFarAhead(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 	int            last, idx;
+-	int 		mode;
++	int		mode;
+ 
+ 	for (mode=0; mode < 2; ++mode) {
+ 		leapsec_ut_pristine();
+@@ -618,10 +710,10 @@
+ // ----------------------------------------------------------------------
+ // Forward jump into the next transition window
+ void test_qryJumpAheadToTransition(void) {
+-	int            rc;
+-	leap_result_t  qr;
+-	int            last, idx;
+-	int 		mode;
++	int		rc;
++	leap_result_t	qr;
++	int		last, idx;
++	int		mode;
+ 
+ 	for (mode=0; mode < 2; ++mode) {
+ 		leapsec_ut_pristine();
+@@ -635,15 +727,19 @@
+ 		rc = leapsec_query(&qr, lsec2009+1, NULL);
+ 		TEST_ASSERT_EQUAL(TRUE, rc);
+ 	}
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // Forward jump over the next transition window
+-void test_qryJumpAheadOverTransition(void) {
+-	int            rc;
+-	leap_result_t  qr;
+-	int            last, idx;
+-	int 		mode;
++void
++test_qryJumpAheadOverTransition(void)
++{
++	int		rc;
++	leap_result_t	qr;
++	int		last, idx;
++	int		mode;
+ 
+ 	for (mode=0; mode < 2; ++mode) {
+ 		leapsec_ut_pristine();
+@@ -657,6 +753,8 @@
+ 		rc = leapsec_query(&qr, lsec2009+5, NULL);
+ 		TEST_ASSERT_EQUAL(FALSE, rc);
+ 	}
++
++	return;
+ }
+ 
+ // =====================================================================
+@@ -665,7 +763,9 @@
+ 
+ // ----------------------------------------------------------------------
+ // add dynamic leap second (like from peer/clock)
+-void test_addDynamic(void) {
++void
++test_addDynamic(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -683,8 +783,7 @@
+ 	rc = setup_load_table(leap2, FALSE);
+ 	TEST_ASSERT_EQUAL(1, rc);
+ 
+-	leap_table_t * pt = leapsec_get_table(0);
+-	int 		idx;
++	int		idx;
+ 
+ 	for (idx=1; insns[idx]; ++idx) {
+ 		rc = leapsec_add_dyn(TRUE, insns[idx] - 20*SECSPERDAY - 100, NULL);
+@@ -693,13 +792,18 @@
+ 	// try to slip in a previous entry
+ 	rc = leapsec_add_dyn(TRUE, insns[0] - 20*SECSPERDAY - 100, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++	//leap_table_t  * pt = leapsec_get_table(0);
+ 	//leapsec_dump(pt, (leapsec_dumper)fprintf, stdout);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // add fixed leap seconds (like from network packet)
+ #if 0 /* currently unused -- possibly revived later */
+-void FAILtest_addFixed(void) {
++void
++FAILtest_addFixed(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -716,8 +820,8 @@
+ 
+ 	rc = setup_load_table(leap2, FALSE);
+ 	TEST_ASSERT_EQUAL(1, rc);
++
+ 	int idx;
+-	leap_table_t * pt = leapsec_get_table(0);
+ 	// try to get in BAD time stamps...
+ 	for (idx=0; insns[idx].tt; ++idx) {
+ 	    rc = leapsec_add_fix(
+@@ -743,7 +847,10 @@
+ 	    insns[0].tt + SECSPERDAY,
+ 	    NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++	//leap_table_t * pt = leapsec_get_table(0);
+ 	//leapsec_dump(pt, (leapsec_dumper)fprintf, stdout);
++
++	return;
+ }
+ #endif
+ 
+@@ -750,7 +857,9 @@
+ // ----------------------------------------------------------------------
+ // add fixed leap seconds (like from network packet)
+ #if 0 /* currently unused -- possibly revived later */
+-void FAILtest_addFixedExtend(void) {
++void
++FAILtest_addFixedExtend(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 	int            last, idx;
+@@ -764,7 +873,6 @@
+ 	rc = setup_load_table(leap2, FALSE);
+ 	TEST_ASSERT_EQUAL(1, rc);
+ 
+-	leap_table_t * pt = leapsec_get_table(FALSE);
+ 	for (last=idx=0; insns[idx].tt; ++idx) {
+ 		last = idx;
+ 		rc = leapsec_add_fix(
+@@ -774,7 +882,7 @@
+ 		    NULL);
+ 		TEST_ASSERT_EQUAL(TRUE, rc);
+ 	}
+-	
++
+ 	// try to extend the expiration of the last entry
+ 	rc = leapsec_add_fix(
+ 	    insns[last].of,
+@@ -782,7 +890,7 @@
+ 	    insns[last].tt + 128*SECSPERDAY,
+ 	    NULL);
+ 	TEST_ASSERT_EQUAL(TRUE, rc);
+-	
++
+ 	// try to extend the expiration of the last entry with wrong offset
+ 	rc = leapsec_add_fix(
+ 	    insns[last].of+1,
+@@ -790,7 +898,10 @@
+ 	    insns[last].tt + 129*SECSPERDAY,
+ 	    NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++	//leap_table_t * pt = leapsec_get_table(FALSE);
+ 	//leapsec_dump(pt, (leapsec_dumper)fprintf, stdout);
++
++	return;
+ }
+ #endif
+ 
+@@ -799,7 +910,9 @@
+ // empty table and test queries before / between /after the tabulated
+ // values.
+ #if 0 /* currently unused -- possibly revived later */
+-void FAILtest_setFixedExtend(void) {
++void
++FAILtest_setFixedExtend(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 	int            last, idx;
+@@ -810,7 +923,6 @@
+ 		{0,0} // sentinel
+ 	};
+ 
+-	leap_table_t * pt = leapsec_get_table(0);
+ 	for (last=idx=0; insns[idx].tt; ++idx) {
+ 		last = idx;
+ 		rc = leapsec_add_fix(
+@@ -820,7 +932,7 @@
+ 		    NULL);
+ 		TEST_ASSERT_EQUAL(TRUE, rc);
+ 	}
+-	
++
+ 	rc = leapsec_query(&qr, insns[0].tt - 86400, NULL);
+ 	TEST_ASSERT_EQUAL(28, qr.tai_offs);
+ 
+@@ -833,7 +945,10 @@
+ 	rc = leapsec_query(&qr, insns[1].tt + 86400, NULL);
+ 	TEST_ASSERT_EQUAL(30, qr.tai_offs);
+ 
++	//leap_table_t * pt = leapsec_get_table(0);
+ 	//leapsec_dump(pt, (leapsec_dumper)fprintf, stdout);
++
++	return;
+ }
+ #endif
+ 
+@@ -846,7 +961,7 @@
+ void test_taiEmptyTable(void) {
+ 	int rc;
+ 
+-	rc = leapsec_autokey_tai(35, lsec2015-30*86400, NULL);	
++	rc = leapsec_autokey_tai(35, lsec2015-30*86400, NULL);
+ 	TEST_ASSERT_EQUAL(TRUE, rc);
+ 
+ 	rc = leapsec_autokey_tai(35, lsec2015-29*86400, NULL);
+@@ -855,7 +970,9 @@
+ 
+ // ----------------------------------------------------------------------
+ // Check that with fixed entries the operation fails
+-void test_taiTableFixed(void) {
++void
++test_taiTableFixed(void)
++{
+ 	int rc;
+ 
+ 	rc = setup_load_table(leap1, FALSE);
+@@ -863,11 +980,15 @@
+ 
+ 	rc = leapsec_autokey_tai(35, lsec2015-30*86400, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test adjustment with a dynamic entry already there
+-void test_taiTableDynamic(void) {
++void
++test_taiTableDynamic(void)
++{
+ 	int        rc;
+ 	leap_era_t era;
+ 
+@@ -879,7 +1000,7 @@
+ 	leapsec_query_era(&era, lsec2015+10, NULL);
+ 	TEST_ASSERT_EQUAL(1, era.taiof);
+ 
+-	rc = leapsec_autokey_tai(35, lsec2015-19*86400, NULL);	
++	rc = leapsec_autokey_tai(35, lsec2015-19*86400, NULL);
+ 	TEST_ASSERT_EQUAL(TRUE, rc);
+ 
+ 	rc = leapsec_autokey_tai(35, lsec2015-19*86400, NULL);
+@@ -889,21 +1010,27 @@
+ 	TEST_ASSERT_EQUAL(35, era.taiof);
+ 	leapsec_query_era(&era, lsec2015+10, NULL);
+ 	TEST_ASSERT_EQUAL(36, era.taiof);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test adjustment with a dynamic entry already there in dead zone
+-void test_taiTableDynamicDeadZone(void) {
++void
++test_taiTableDynamicDeadZone(void)
++{
+ 	int rc;
+ 
+ 	rc = leapsec_add_dyn(TRUE, lsec2015-20*SECSPERDAY, NULL);
+ 	TEST_ASSERT_EQUAL(TRUE, rc);
+ 
+-	rc = leapsec_autokey_tai(35, lsec2015-5, NULL);	
++	rc = leapsec_autokey_tai(35, lsec2015-5, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 
+ 	rc = leapsec_autokey_tai(35, lsec2015+5, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++
++	return;
+ }
+ 
+ 
+@@ -913,7 +1040,9 @@
+ 
+ // ----------------------------------------------------------------------
+ // leap second insert at 2009.01.01, electric mode
+-void test_ls2009seqInsElectric(void) {
++void
++test_ls2009seqInsElectric(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -952,11 +1081,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // leap second insert at 2009.01.01, dumb mode
+-void test_ls2009seqInsDumb(void) {
++void
++test_ls2009seqInsDumb(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -999,12 +1132,16 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ 
+ // ----------------------------------------------------------------------
+ // fake leap second remove at 2009.01.01, electric mode
+-void test_ls2009seqDelElectric(void) {
++void
++test_ls2009seqDelElectric(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1043,11 +1180,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // fake leap second remove at 2009.01.01. dumb mode
+-void test_ls2009seqDelDumb(void) {
++void
++test_ls2009seqDelDumb(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1085,11 +1226,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // leap second insert at 2012.07.01, electric mode
+-void test_ls2012seqInsElectric(void) {
++void
++test_ls2012seqInsElectric(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1128,11 +1273,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // leap second insert at 2012.07.01, dumb mode
+-void test_ls2012seqInsDumb(void) {
++void
++test_ls2012seqInsDumb(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1177,11 +1326,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test repeated query on empty table in dumb mode
+-void test_lsEmptyTableDumb(void) {
++void
++test_lsEmptyTableDumb(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1189,7 +1342,7 @@
+ 	time_t pivot;
+ 	pivot = lsec2012;
+ 	//	const 
+-	//time_t   pivot(lsec2012);		
++	//time_t   pivot(lsec2012);
+ 	const uint32_t t0 = lsec2012 - 10;
+ 	const uint32_t tE = lsec2012 + 10;
+ 
+@@ -1202,20 +1355,24 @@
+ 		TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 		TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
+ 	}
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test repeated query on empty table in electric mode
+-void test_lsEmptyTableElectric(void) {
++void
++test_lsEmptyTableElectric(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+-	
++
+ 	leapsec_electric(1);
+ 	TEST_ASSERT_EQUAL(1, leapsec_electric(-1));
+ 
+ 	//const 
+ 	time_t   pivot;//(lsec2012);
+-	pivot = lsec2012;	
++	pivot = lsec2012;
+ 	const uint32_t t0 = lsec2012 - 10;
+ 	const uint32_t tE = lsec2012 + 10;
+ 
+@@ -1226,4 +1383,6 @@
+ 		TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 		TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
+ 	}
++
++	return;
+ }
+--- contrib/ntp/tests/ntpd/ntp_prio_q.c.orig
++++ contrib/ntp/tests/ntpd/ntp_prio_q.c
+@@ -251,6 +251,7 @@
+ 	free_node(e3_ptr);
+ 	free_node(e4_ptr);
+ 	free_node(e5_ptr);
++	free_node(e6_ptr);
+ 
+ 	TEST_ASSERT_EQUAL(0, get_no_of_elements(q4));
+ 
+--- contrib/ntp/tests/ntpd/ntp_restrict.c.orig
++++ contrib/ntp/tests/ntpd/ntp_restrict.c
+@@ -26,6 +26,7 @@
+ }
+ 
+ 
++void
+ tearDown(void) {
+ 	restrict_u *empty_restrict = malloc(sizeof(restrict_u));
+ 	memset(empty_restrict, 0, sizeof(restrict_u));
+--- contrib/ntp/tests/ntpd/rc_cmdlength.c.orig
++++ contrib/ntp/tests/ntpd/rc_cmdlength.c
+@@ -3,6 +3,7 @@
+ #include "ntp.h"
+ #include "ntp_calendar.h"
+ #include "ntp_stdlib.h"
++#include "rc_cmdlength.h"
+ 
+ #include "unity.h"
+ 
+--- contrib/ntp/tests/ntpd/run-leapsec.c.orig
++++ contrib/ntp/tests/ntpd/run-leapsec.c
+@@ -84,39 +84,39 @@
+ {
+   progname = argv[0];
+   UnityBegin("leapsec.c");
+-  RUN_TEST(test_ValidateGood, 331);
+-  RUN_TEST(test_ValidateNoHash, 338);
+-  RUN_TEST(test_ValidateBad, 345);
+-  RUN_TEST(test_ValidateMalformed, 352);
+-  RUN_TEST(test_ValidateMalformedShort, 359);
+-  RUN_TEST(test_ValidateNoLeadZero, 366);
+-  RUN_TEST(test_tableSelect, 378);
+-  RUN_TEST(test_loadFileExpire, 414);
+-  RUN_TEST(test_loadFileTTL, 431);
+-  RUN_TEST(test_lsQueryPristineState, 463);
+-  RUN_TEST(test_ls2009faraway, 475);
+-  RUN_TEST(test_ls2009weekaway, 492);
+-  RUN_TEST(test_ls2009houraway, 509);
+-  RUN_TEST(test_ls2009secaway, 526);
+-  RUN_TEST(test_ls2009onspot, 543);
+-  RUN_TEST(test_ls2009nodata, 560);
+-  RUN_TEST(test_ls2009limdata, 577);
+-  RUN_TEST(test_qryJumpFarAhead, 598);
+-  RUN_TEST(test_qryJumpAheadToTransition, 620);
+-  RUN_TEST(test_qryJumpAheadOverTransition, 642);
+-  RUN_TEST(test_addDynamic, 668);
+-  RUN_TEST(test_taiEmptyTable, 846);
+-  RUN_TEST(test_taiTableFixed, 858);
+-  RUN_TEST(test_taiTableDynamic, 870);
+-  RUN_TEST(test_taiTableDynamicDeadZone, 896);
+-  RUN_TEST(test_ls2009seqInsElectric, 916);
+-  RUN_TEST(test_ls2009seqInsDumb, 959);
+-  RUN_TEST(test_ls2009seqDelElectric, 1007);
+-  RUN_TEST(test_ls2009seqDelDumb, 1050);
+-  RUN_TEST(test_ls2012seqInsElectric, 1092);
+-  RUN_TEST(test_ls2012seqInsDumb, 1135);
+-  RUN_TEST(test_lsEmptyTableDumb, 1184);
+-  RUN_TEST(test_lsEmptyTableElectric, 1209);
++  RUN_TEST(test_ValidateGood, 351);
++  RUN_TEST(test_ValidateNoHash, 362);
++  RUN_TEST(test_ValidateBad, 373);
++  RUN_TEST(test_ValidateMalformed, 385);
++  RUN_TEST(test_ValidateMalformedShort, 397);
++  RUN_TEST(test_ValidateNoLeadZero, 409);
++  RUN_TEST(test_tableSelect, 426);
++  RUN_TEST(test_loadFileExpire, 466);
++  RUN_TEST(test_loadFileTTL, 487);
++  RUN_TEST(test_lsQueryPristineState, 522);
++  RUN_TEST(test_ls2009faraway, 538);
++  RUN_TEST(test_ls2009weekaway, 559);
++  RUN_TEST(test_ls2009houraway, 580);
++  RUN_TEST(test_ls2009secaway, 601);
++  RUN_TEST(test_ls2009onspot, 622);
++  RUN_TEST(test_ls2009nodata, 643);
++  RUN_TEST(test_ls2009limdata, 664);
++  RUN_TEST(test_qryJumpFarAhead, 689);
++  RUN_TEST(test_qryJumpAheadToTransition, 712);
++  RUN_TEST(test_qryJumpAheadOverTransition, 737);
++  RUN_TEST(test_addDynamic, 767);
++  RUN_TEST(test_taiEmptyTable, 961);
++  RUN_TEST(test_taiTableFixed, 974);
++  RUN_TEST(test_taiTableDynamic, 990);
++  RUN_TEST(test_taiTableDynamicDeadZone, 1020);
++  RUN_TEST(test_ls2009seqInsElectric, 1044);
++  RUN_TEST(test_ls2009seqInsDumb, 1091);
++  RUN_TEST(test_ls2009seqDelElectric, 1143);
++  RUN_TEST(test_ls2009seqDelDumb, 1190);
++  RUN_TEST(test_ls2012seqInsElectric, 1236);
++  RUN_TEST(test_ls2012seqInsDumb, 1283);
++  RUN_TEST(test_lsEmptyTableDumb, 1336);
++  RUN_TEST(test_lsEmptyTableElectric, 1365);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/ntpd/run-ntp_restrict.c.orig
++++ contrib/ntp/tests/ntpd/run-ntp_restrict.c
+@@ -55,14 +55,14 @@
+ {
+   progname = argv[0];
+   UnityBegin("ntp_restrict.c");
+-  RUN_TEST(test_RestrictionsAreEmptyAfterInit, 59);
+-  RUN_TEST(test_ReturnsCorrectDefaultRestrictions, 85);
+-  RUN_TEST(test_HackingDefaultRestriction, 96);
+-  RUN_TEST(test_CantRemoveDefaultEntry, 119);
+-  RUN_TEST(test_AddingNewRestriction, 130);
+-  RUN_TEST(test_TheMostFittingRestrictionIsMatched, 143);
+-  RUN_TEST(test_DeletedRestrictionIsNotMatched, 165);
+-  RUN_TEST(test_RestrictUnflagWorks, 189);
++  RUN_TEST(test_RestrictionsAreEmptyAfterInit, 60);
++  RUN_TEST(test_ReturnsCorrectDefaultRestrictions, 86);
++  RUN_TEST(test_HackingDefaultRestriction, 97);
++  RUN_TEST(test_CantRemoveDefaultEntry, 120);
++  RUN_TEST(test_AddingNewRestriction, 131);
++  RUN_TEST(test_TheMostFittingRestrictionIsMatched, 144);
++  RUN_TEST(test_DeletedRestrictionIsNotMatched, 166);
++  RUN_TEST(test_RestrictUnflagWorks, 190);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/ntpd/run-rc_cmdlength.c.orig
++++ contrib/ntp/tests/ntpd/run-rc_cmdlength.c
+@@ -26,6 +26,7 @@
+ #include "ntp.h"
+ #include "ntp_calendar.h"
+ #include "ntp_stdlib.h"
++#include "rc_cmdlength.h"
+ #include "test-libntp.h"
+ #include 
+ 
+@@ -51,7 +52,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("rc_cmdlength.c");
+-  RUN_TEST(test_EvaluateCommandLength, 15);
++  RUN_TEST(test_EvaluateCommandLength, 16);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/ntpd/run-t-ntp_signd.c.orig
++++ contrib/ntp/tests/ntpd/run-t-ntp_signd.c
+@@ -36,7 +36,7 @@
+ extern void test_write_all(void);
+ extern void test_send_packet(void);
+ extern void test_recv_packet(void);
+-extern void test_send_via_ntp_signd();
++extern void test_send_via_ntp_signd(void);
+ 
+ 
+ //=======Test Reset Option=====
+@@ -55,12 +55,12 @@
+ {
+   progname = argv[0];
+   UnityBegin("t-ntp_signd.c");
+-  RUN_TEST(test_connect_incorrect_socket, 49);
+-  RUN_TEST(test_connect_correct_socket, 54);
+-  RUN_TEST(test_write_all, 74);
+-  RUN_TEST(test_send_packet, 84);
+-  RUN_TEST(test_recv_packet, 93);
+-  RUN_TEST(test_send_via_ntp_signd, 104);
++  RUN_TEST(test_connect_incorrect_socket, 67);
++  RUN_TEST(test_connect_correct_socket, 68);
++  RUN_TEST(test_write_all, 69);
++  RUN_TEST(test_send_packet, 70);
++  RUN_TEST(test_recv_packet, 71);
++  RUN_TEST(test_send_via_ntp_signd, 72);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/ntpd/t-ntp_scanner.c.orig
++++ contrib/ntp/tests/ntpd/t-ntp_scanner.c
+@@ -26,13 +26,13 @@
+ 
+ 
+ void test_keywordIncorrectToken(void){
+-	char * temp = keyword(999);
++	const char * temp = keyword(999);
+ 	//printf("%s\n",temp);
+ 	TEST_ASSERT_EQUAL_STRING("(keyword not found)",temp);
+ }
+ 
+ void test_keywordServerToken(void){
+-	char * temp = keyword(401);
++	const char * temp = keyword(T_Server);
+ 	//printf("%s",temp); //143 or 401 ?
+ 	TEST_ASSERT_EQUAL_STRING("server",temp);
+ }
+@@ -127,7 +127,7 @@
+ 		temp = is_EOC(';');
+ 		TEST_ASSERT_TRUE(temp);
+ 	}
+-	temp = is_EOC("A");
++	temp = is_EOC('A');
+ 	TEST_ASSERT_FALSE(temp);
+ 	temp = is_EOC('1');
+ 	TEST_ASSERT_FALSE(temp);
+--- contrib/ntp/tests/ntpd/t-ntp_signd.c.orig
++++ contrib/ntp/tests/ntpd/t-ntp_signd.c
+@@ -9,7 +9,6 @@
+ #include "test-libntp.h"
+ 
+ 
+-
+ #define HAVE_NTP_SIGND
+ 
+ #include "ntp_signd.c"
+@@ -20,41 +19,70 @@
+ //MOCKED FUNCTIONS
+ 
+ //this connect function overrides/mocks connect() from  
+-int connect(int socket, const struct sockaddr *address,
+-socklen_t address_len){
++int
++connect(int socket, const struct sockaddr *address, socklen_t address_len)
++{
+ 	return 1;
+ }
+ 
+-//mocked write will only send 4 bytes at a time. This is so write_all can be properly tested
+-ssize_t write(int fd, void const * buf, size_t len){
+-	if(len >= 4){return 4;}
+-	else return len;
++/*
++** Mocked read() and write() calls.
++**
++** These will only operate 4 bytes at a time.
++**
++** This is so write_all can be properly tested.
++*/
++
++static char rw_buf[4];
++
++ssize_t
++write(int fd, void const * buf, size_t len)
++{
++	REQUIRE(0 <= len);
++	if (len >= 4) len = 4;	/* 4 bytes, max */
++	(void)memcpy(rw_buf, buf, len);
++
++	return len;
+ }
+ 
+-ssize_t read(int fd, void * buf, size_t len){
+-	if(len >= 4){return 4;}
+-	else return len;
++ssize_t
++read(int fd, void * buf, size_t len)
++{
++	REQUIRE(0 <= len);
++	if (len >= 4) len = 4;
++	(void)memcpy(buf, rw_buf, len);
++	return len;
+ }
+ 
+ 
+ //END OF MOCKED FUNCTIONS
+ 
+-int isGE(int a,int b){ 
+-	if(a >= b) {return 1;}
++static int
++isGE(int a,int b)
++{ 
++	if (a >= b) {return 1;}
+ 	else {return 0;}
+ }
+ 
++extern void test_connect_incorrect_socket(void);
++extern void test_connect_correct_socket(void);
++extern void test_write_all(void);
++extern void test_send_packet(void);
++extern void test_recv_packet(void);
++extern void test_send_via_ntp_signd(void);
+ 
++
+ void 
+-test_connect_incorrect_socket(void){
++test_connect_incorrect_socket(void)
++{
+ 	TEST_ASSERT_EQUAL(-1, ux_socket_connect(NULL));
++
++	return;
+ }
+ 
+ void 
+-test_connect_correct_socket(void){
+-
+-
+-
++test_connect_correct_socket(void)
++{
+ 	int temp = ux_socket_connect("/socket");
+ 
+ 	//risky, what if something is listening on :123, or localhost isnt 127.0.0.1?
+@@ -67,50 +95,87 @@
+ 	//char *socketName = "Random_Socket_Name";
+ 	//int length = strlen(socketName);
+ 
++	return;
+ }
+ 
+ 
+ void
+-test_write_all(void){
++test_write_all(void)
++{
+ 	int fd = ux_socket_connect("/socket");
+-	TEST_ASSERT_TRUE(isGE(fd,0));
++
++	TEST_ASSERT_TRUE(isGE(fd, 0));
++
+ 	char * str = "TEST123";
+ 	int temp = write_all(fd, str,strlen(str));
+-	TEST_ASSERT_EQUAL(strlen(str),temp);
++	TEST_ASSERT_EQUAL(strlen(str), temp);
++
++	(void)close(fd);
++	return;
+ }
+ 
+ 
+ void
+-test_send_packet(void){
++test_send_packet(void)
++{
+ 	int fd = ux_socket_connect("/socket");
++
++	TEST_ASSERT_TRUE(isGE(fd, 0));
++
+ 	char * str2 = "PACKET12345";
+ 	int temp = send_packet(fd, str2, strlen(str2));
++
+ 	TEST_ASSERT_EQUAL(0,temp);
++
++	(void)close(fd);
++	return;
+ }
+ 
+ 
++/*
++** HMS: What's going on here?
++** Looks like this needs more work.
++*/
+ void
+-test_recv_packet(void){
++test_recv_packet(void)
++{
+ 	int fd = ux_socket_connect("/socket");
+-	int size = 256;	
+-	char str[size];
+ 
++	TEST_ASSERT_TRUE(isGE(fd, 0));
++
++	uint32_t size = 256;	
++	char *str = NULL;
+ 	int temp = recv_packet(fd, &str, &size);
++
+ 	send_packet(fd, str, strlen(str));
++	free(str);
+ 	TEST_ASSERT_EQUAL(0,temp); //0 because nobody sent us anything (yet!)
++
++	(void)close(fd);
++	return;
+ }
+ 
+ void 
+-test_send_via_ntp_signd(){
+-
++test_send_via_ntp_signd(void)
++{
+ 	struct recvbuf *rbufp = (struct recvbuf *) malloc(sizeof(struct recvbuf));
+ 	int	xmode = 1;
+ 	keyid_t	xkeyid = 12345; 
+-	int flags =0;
++	int	flags = 0;
+ 	struct pkt  *xpkt = (struct pkt *) malloc(sizeof(struct pkt)); //defined in ntp.h
+ 
++	TEST_ASSERT_NOT_NULL(rbufp);
++	TEST_ASSERT_NOT_NULL(xpkt);
++	memset(xpkt, 0, sizeof(struct pkt));
++
+ 	//send_via_ntp_signd(NULL,NULL,NULL,NULL,NULL);	//doesn't work
++	/*
++	** Send the xpkt to Samba, read the response back in rbufp
++	*/
+ 	send_via_ntp_signd(rbufp,xmode,xkeyid,flags,xpkt);
+ 
++	free(rbufp);
++	free(xpkt);
+ 
++	return;
+ }
+--- contrib/ntp/tests/sandbox/run-uglydate.c.orig
++++ contrib/ntp/tests/sandbox/run-uglydate.c
+@@ -24,6 +24,7 @@
+ #include 
+ #include "config.h"
+ #include "ntp_fp.h"
++#include "ntp_stdlib.h"
+ 
+ //=======External Functions This Runner Calls=====
+ extern void setUp(void);
+@@ -47,7 +48,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("uglydate.c");
+-  RUN_TEST(test_ConstantDateTime, 9);
++  RUN_TEST(test_ConstantDateTime, 10);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/sandbox/smeartest.c.orig
++++ contrib/ntp/tests/sandbox/smeartest.c
+@@ -2,6 +2,7 @@
+ 
+ #include 
+ #include 
++#include 
+ 
+ /*
+  * we want to test a refid format of:
+@@ -125,11 +126,14 @@
+ }
+ 
+ 
++int
+ main()
+ {
+ 	l_fp l;
+ 	int rc;
+ 
++	init_lib();
++
+ 	rtol(0xfe800000);
+ 	rtol(0xfe800001);
+ 	rtol(0xfe8ffffe);
+@@ -167,6 +171,8 @@
+ 	rtoltor(0xfe7fffff);
+ 
+ 	rc = atolfp("-.932087", &l);
++	INSIST(1 == rc);
++
+ 	ltor(l);
+ 	rtol(0xfec458b0);
+ 	printf("%x -> %d.%d.%d.%d\n",
+--- contrib/ntp/tests/sandbox/uglydate.c.orig
++++ contrib/ntp/tests/sandbox/uglydate.c
+@@ -2,15 +2,30 @@
+ #include "ntp_fp.h"
+ #include "unity.h"
+ 
+-//#include "ntp_stdlib.h"
++#include "ntp_stdlib.h"
++
+ //#include "libntptest.h"
+ 
++void setUp(void);
++void test_ConstantDateTime(void);
++
++
+ void
+-test_ConstantDateTime(void) {
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
++test_ConstantDateTime(void)
++{
+ 	const u_int32 HALF = 2147483648UL;
+ 
+-	l_fp time = {3485080800UL, HALF}; // 2010-06-09 14:00:00.5
++	l_fp e_time = {{3485080800UL}, HALF}; // 2010-06-09 14:00:00.5
+ 
+ 	TEST_ASSERT_EQUAL_STRING("3485080800.500000 10:159:14:00:00.500",
+-				 uglydate(&time));
++				 uglydate(&e_time));
+ }
+--- contrib/ntp/tests/sec-2853/sec-2853.c.orig
++++ contrib/ntp/tests/sec-2853/sec-2853.c
+@@ -13,7 +13,7 @@
+ int trailing_space( void );
+ 
+ static int verbose = 1;        // if not 0, also print results if test passed
+-static int exit_on_err = 0;    // if not 0, exit if test failed
++// static int exit_on_err = 0;    // if not 0, exit if test failed
+ 
+ 
+ void setUp(void)
+@@ -49,7 +49,6 @@
+ {
+ 	const char string[] = "good";
+ 	const char *EOstring;
+-	char *cp;
+ 	size_t len;
+ 	int failed;
+ 
+@@ -60,9 +59,9 @@
+ 	failed = ( 4 != len );
+ 
+ 	if ( failed || verbose )
+-		printf( "remoteconfig_cmdlength(\"%s\") returned %d, expected %d: %s\n",
++		printf( "remoteconfig_cmdlength(\"%s\") returned %llu, expected %u: %s\n",
+ 			string,
+-			len,
++			(unsigned long long)len,
+ 			4,
+ 			failed ? "NO <<" : "yes" );
+ 
+@@ -74,7 +73,6 @@
+ {
+ 	const char string[] = "nul\0 there";
+ 	const char *EOstring;
+-	char *cp;
+ 	size_t len;
+ 	int failed;
+ 
+@@ -85,9 +83,9 @@
+ 	failed = ( 3 != len );
+ 
+ 	if ( failed || verbose )
+-		printf( "remoteconfig_cmdlength(\"%s\") returned %d, expected %d: %s\n",
++		printf( "remoteconfig_cmdlength(\"%s\") returned %llu, expected %u: %s\n",
+ 			string,
+-			len,
++			(unsigned long long)len,
+ 			3,
+ 			failed ? "NO <<" : "yes" );
+ 
+@@ -99,7 +97,6 @@
+ {
+ 	const char string[] = "trailing space ";
+ 	const char *EOstring;
+-	char *cp;
+ 	size_t len;
+ 	int failed;
+ 
+@@ -110,9 +107,9 @@
+ 	failed = ( 14 != len );
+ 
+ 	if ( failed || verbose )
+-		printf( "remoteconfig_cmdlength(\"%s\") returned %d, expected %d: %s\n",
++		printf( "remoteconfig_cmdlength(\"%s\") returned %llu, expected %u: %s\n",
+ 			string,
+-			len,
++			(unsigned long long)len,
+ 			14,
+ 			failed ? "NO <<" : "yes" );
+ 
+--- contrib/ntp/util/invoke-ntp-keygen.texi.orig
++++ contrib/ntp/util/invoke-ntp-keygen.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntp-keygen.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:40:07 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:32:40 PM by AutoGen 5.18.5
+ # From the definitions    ntp-keygen-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -886,7 +886,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4
++ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p5
+ Usage:  ntp-keygen [ - [] | --[@{=| @}] ]...
+   Flg Arg Option-Name    Description
+    -b Num imbits         identity modulus bits
+--- contrib/ntp/util/ntp-keygen-opts.c.orig
++++ contrib/ntp/util/ntp-keygen-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:50 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:32:25 PM by AutoGen 5.18.5
+  *  From the definitions    ntp-keygen-opts.def
+  *  and the template file   options
+  *
+@@ -72,7 +72,7 @@
+  *  static const strings for ntp-keygen options
+  */
+ static char const ntp_keygen_opt_strs[2419] =
+-/*     0 */ "ntp-keygen (ntp) 4.2.8p4\n"
++/*     0 */ "ntp-keygen (ntp) 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -164,7 +164,7 @@
+ /*  2202 */ "no-load-opts\0"
+ /*  2215 */ "no\0"
+ /*  2218 */ "NTP_KEYGEN\0"
+-/*  2229 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4\n"
++/*  2229 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]...\n\0"
+ /*  2343 */ "$HOME\0"
+ /*  2349 */ ".\0"
+@@ -171,7 +171,7 @@
+ /*  2351 */ ".ntprc\0"
+ /*  2358 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  2392 */ "\n\0"
+-/*  2394 */ "ntp-keygen (ntp) 4.2.8p4";
++/*  2394 */ "ntp-keygen (ntp) 4.2.8p5";
+ 
+ /**
+  *  imbits option description:
+@@ -1309,7 +1309,7 @@
+      translate option names.
+    */
+   /* referenced via ntp_keygenOptions.pzCopyright */
+-  puts(_("ntp-keygen (ntp) 4.2.8p4\n\
++  puts(_("ntp-keygen (ntp) 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -1408,7 +1408,7 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via ntp_keygenOptions.pzUsageTitle */
+-  puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4\n\
++  puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]...\n"));
+ 
+   /* referenced via ntp_keygenOptions.pzExplain */
+@@ -1415,7 +1415,7 @@
+   puts(_("\n"));
+ 
+   /* referenced via ntp_keygenOptions.pzFullVersion */
+-  puts(_("ntp-keygen (ntp) 4.2.8p4"));
++  puts(_("ntp-keygen (ntp) 4.2.8p5"));
+ 
+   /* referenced via ntp_keygenOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/util/ntp-keygen-opts.h.orig
++++ contrib/ntp/util/ntp-keygen-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:50 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:32:24 PM by AutoGen 5.18.5
+  *  From the definitions    ntp-keygen-opts.def
+  *  and the template file   options
+  *
+@@ -94,9 +94,9 @@
+ /** count of all options for ntp-keygen */
+ #define OPTION_CT    26
+ /** ntp-keygen version */
+-#define NTP_KEYGEN_VERSION       "4.2.8p4"
++#define NTP_KEYGEN_VERSION       "4.2.8p5"
+ /** Full ntp-keygen version text */
+-#define NTP_KEYGEN_FULL_VERSION  "ntp-keygen (ntp) 4.2.8p4"
++#define NTP_KEYGEN_FULL_VERSION  "ntp-keygen (ntp) 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/util/ntp-keygen.1ntp-keygenman.orig
++++ contrib/ntp/util/ntp-keygen.1ntp-keygenman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp-keygen 1ntp-keygenman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntp-keygen 1ntp-keygenman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-r5aiQP/ag-E5aaPP)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LNaiiw/ag-XNaahw)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:40:02 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:32:36 PM by AutoGen 5.18.5
+ .\" From the definitions ntp-keygen-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc.orig
++++ contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:43 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-keygen-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/util/ntp-keygen.c.orig
++++ contrib/ntp/util/ntp-keygen.c
+@@ -187,7 +187,7 @@
+ 	int	len
+ 	)
+ {
+-	return strlen(file);
++	return (int)strlen(file); /* assume no overflow possible */
+ }
+ 
+ /*
+@@ -1957,10 +1957,10 @@
+ 	X509_time_adj(X509_get_notAfter(cert), lifetime * SECSPERDAY, &epoch);
+ 	subj = X509_get_subject_name(cert);
+ 	X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC,
+-	    (u_char *)name, strlen(name), -1, 0);
++	    (u_char *)name, -1, -1, 0);
+ 	subj = X509_get_issuer_name(cert);
+ 	X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC,
+-	    (u_char *)name, strlen(name), -1, 0);
++	    (u_char *)name, -1, -1, 0);
+ 	if (!X509_set_pubkey(cert, pkey)) {
+ 		fprintf(stderr, "Assign certificate signing key fails\n%s\n",
+ 		    ERR_error_string(ERR_get_error(), NULL));
+--- contrib/ntp/util/ntp-keygen.html.orig
++++ contrib/ntp/util/ntp-keygen.html
+@@ -70,7 +70,7 @@
+ printable ASCII format so they can be embedded as MIME attachments in
+ mail to other sites.
+ 
+-  
        This document applies to version 4.2.8p4 of ntp-keygen.
++  
        This document applies to version 4.2.8p5 of ntp-keygen.
+ 
+ 
        
+ 
        
+@@ -1085,7 +1085,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
        ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4-sec-RC2
++
        ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4
+ Usage:  ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
+   Flg Arg Option-Name    Description
+    -b Num imbits         identity modulus bits
+--- contrib/ntp/util/ntp-keygen.man.in.orig
++++ contrib/ntp/util/ntp-keygen.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp-keygen @NTP_KEYGEN_MS@ "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntp-keygen @NTP_KEYGEN_MS@ "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-r5aiQP/ag-E5aaPP)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LNaiiw/ag-XNaahw)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:40:02 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:32:36 PM by AutoGen 5.18.5
+ .\" From the definitions ntp-keygen-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/util/ntp-keygen.mdoc.in.orig
++++ contrib/ntp/util/ntp-keygen.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:43 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-keygen-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ChangeLog.orig
++++ contrib/ntp/ChangeLog
+@@ -1,4 +1,61 @@
+ ---
++(4.2.8p5) 2016/01/07 Released by Harlan Stenn 
++
++* [Sec 2956] small-step/big-step.  Close the panic gate earlier.  HStenn.
++* CID 1339955: Free allocated memory in caljulian test.  HStenn.
++* CID 1339962: Explicitly initialize variable in caljulian test.  HStenn.
++* CID 1341527: Quiet a CHECKED_RETURN in sntp/tests/t-log.c.  HStenn.
++* CID 1341533: Missing assertion in sntp/tests/t-log.c.  HStenn.
++* CID 1341534: Resource leak in tests/ntpd/t-ntp_signd.c.  HStenn.
++* CID 1341535: Resource leak in tests/ntpd/t-ntp_signd.c.  HStenn.
++* CID 1341536: Resource leak in tests/ntpd/t-ntp_signd.c.  HStenn.
++* CID 1341537: Resource leak in tests/ntpd/t-ntp_signd.c.  HStenn.
++* CID 1341538: Memory leak in tests/ntpd/ntp_prio_q.c:262.  HStenn.
++* CID 1341677: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341678: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341679: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341680: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341681: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341682: Nit in libntp/authreadkeys.c.  HStenn.
++* CID 1341684: Nit in tests/ntpd/t-ntp_signd.c.  HStenn.
++* [Bug 2829] Look at pipe_fds in ntpd.c  (did so. perlinger@ntp.org)
++* [Bug 2887] stratum -1 config results as showing value 99
++  - fudge stratum should only accept values [0..16]. perlinger@ntp.org
++* [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++* [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++  - applied patch by Christos Zoulas.  perlinger@ntp.org
++* [Bug 2952] Symmetric active/passive mode is broken.  HStenn.
++* [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++  - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
++  - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
++  - accept key file only if there are no parsing errors
++  - fixed size_t/u_int format clash
++  - fixed wrong use of 'strlcpy'
++* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
++  - fixed several other warnings (cast-alignment, missing const, missing prototypes)
++  - promote use of 'size_t' for values that express a size
++  - use ptr-to-const for read-only arguments
++  - make sure SOCKET values are not truncated (win32-specific)
++  - format string fixes
++* [Bug 2965] Local clock didn't work since 4.2.8p4.  Martin Burnicki.
++* [Bug 2967] ntpdate command suffers an assertion failure
++  - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
++* [Bug 2969]  Seg fault from ntpq/mrulist when looking at server with
++              lots of clients. perlinger@ntp.org
++* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
++  - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
++* Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++* Unity test cleanup.  Harlan Stenn.
++* Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++* Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++* Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++* Quiet a warning from clang.  Harlan Stenn.
++* Update the NEWS file.  Harlan Stenn.
++* Update scripts/calc_tickadj/Makefile.am.  Harlan Stenn.
++---
+ (4.2.8p4) 2015/10/21 Released by Harlan Stenn 
+ (4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn 
+ 
+--- contrib/ntp/CommitLog.orig
++++ contrib/ntp/CommitLog
+@@ -1,3 +1,1480 @@
++ChangeSet@1.3623, 2016-01-07 23:33:11+00:00, stenn@deacon.udel.edu
++  NTP_4_2_8P5
++  TAG: NTP_4_2_8P5
++
++  ChangeLog@1.1791 +1 -0
++    NTP_4_2_8P5
++
++  ntpd/invoke-ntp.conf.texi@1.194 +1 -1
++    NTP_4_2_8P5
++
++  ntpd/invoke-ntp.keys.texi@1.186 +1 -1
++    NTP_4_2_8P5
++
++  ntpd/invoke-ntpd.texi@1.503 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.5man@1.228 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.5mdoc@1.228 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.html@1.182 +1 -1
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.man.in@1.228 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.mdoc.in@1.228 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.5man@1.220 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.5mdoc@1.220 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.html@1.182 +1 -1
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.man.in@1.220 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.mdoc.in@1.220 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntpd-opts.c@1.525 +7 -7
++    NTP_4_2_8P5
++
++  ntpd/ntpd-opts.h@1.524 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntpd.1ntpdman@1.332 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntpd.1ntpdmdoc@1.332 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntpd.html@1.176 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntpd.man.in@1.332 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntpd.mdoc.in@1.332 +2 -2
++    NTP_4_2_8P5
++
++  ntpdc/invoke-ntpdc.texi@1.500 +2 -2
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc-opts.c@1.518 +7 -7
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc-opts.h@1.517 +3 -3
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.1ntpdcman@1.331 +3 -3
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.1ntpdcmdoc@1.331 +2 -2
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.html@1.344 +2 -2
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.man.in@1.331 +3 -3
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.mdoc.in@1.331 +2 -2
++    NTP_4_2_8P5
++
++  ntpq/invoke-ntpq.texi@1.507 +2 -2
++    NTP_4_2_8P5
++
++  ntpq/ntpq-opts.c@1.524 +7 -7
++    NTP_4_2_8P5
++
++  ntpq/ntpq-opts.h@1.522 +3 -3
++    NTP_4_2_8P5
++
++  ntpq/ntpq.1ntpqman@1.335 +3 -3
++    NTP_4_2_8P5
++
++  ntpq/ntpq.1ntpqmdoc@1.335 +2 -2
++    NTP_4_2_8P5
++
++  ntpq/ntpq.html@1.173 +2 -2
++    NTP_4_2_8P5
++
++  ntpq/ntpq.man.in@1.335 +3 -3
++    NTP_4_2_8P5
++
++  ntpq/ntpq.mdoc.in@1.335 +2 -2
++    NTP_4_2_8P5
++
++  ntpsnmpd/invoke-ntpsnmpd.texi@1.502 +2 -2
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd-opts.c@1.520 +7 -7
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd-opts.h@1.519 +3 -3
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.331 +3 -3
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.331 +2 -2
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.html@1.171 +1 -1
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.man.in@1.331 +3 -3
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.mdoc.in@1.331 +2 -2
++    NTP_4_2_8P5
++
++  packageinfo.sh@1.522 +2 -2
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.92 +3 -3
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.93 +2 -2
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.html@1.94 +1 -1
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.man.in@1.91 +3 -3
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.mdoc.in@1.93 +2 -2
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/invoke-calc_tickadj.texi@1.96 +1 -1
++    NTP_4_2_8P5
++
++  scripts/invoke-plot_summary.texi@1.113 +2 -2
++    NTP_4_2_8P5
++
++  scripts/invoke-summary.texi@1.113 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/invoke-ntp-wait.texi@1.323 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait-opts@1.59 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.1ntp-waitman@1.320 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.321 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.html@1.340 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.man.in@1.320 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.mdoc.in@1.321 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/invoke-ntpsweep.texi@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep-opts@1.61 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.1ntpsweepman@1.99 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.99 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.html@1.112 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.man.in@1.99 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.mdoc.in@1.100 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/invoke-ntptrace.texi@1.112 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace-opts@1.61 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.1ntptraceman@1.99 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.1ntptracemdoc@1.100 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.html@1.113 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.man.in@1.99 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.mdoc.in@1.101 +2 -2
++    NTP_4_2_8P5
++
++  scripts/plot_summary-opts@1.61 +2 -2
++    NTP_4_2_8P5
++
++  scripts/plot_summary.1plot_summaryman@1.111 +3 -3
++    NTP_4_2_8P5
++
++  scripts/plot_summary.1plot_summarymdoc@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/plot_summary.html@1.114 +2 -2
++    NTP_4_2_8P5
++
++  scripts/plot_summary.man.in@1.111 +3 -3
++    NTP_4_2_8P5
++
++  scripts/plot_summary.mdoc.in@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/summary-opts@1.61 +2 -2
++    NTP_4_2_8P5
++
++  scripts/summary.1summaryman@1.111 +3 -3
++    NTP_4_2_8P5
++
++  scripts/summary.1summarymdoc@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/summary.html@1.114 +2 -2
++    NTP_4_2_8P5
++
++  scripts/summary.man.in@1.111 +3 -3
++    NTP_4_2_8P5
++
++  scripts/summary.mdoc.in@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/update-leap/invoke-update-leap.texi@1.12 +1 -1
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap-opts@1.12 +2 -2
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.1update-leapman@1.12 +3 -3
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.1update-leapmdoc@1.12 +2 -2
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.html@1.12 +1 -1
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.man.in@1.12 +3 -3
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.mdoc.in@1.12 +2 -2
++    NTP_4_2_8P5
++
++  sntp/invoke-sntp.texi@1.500 +2 -2
++    NTP_4_2_8P5
++
++  sntp/sntp-opts.c@1.519 +7 -7
++    NTP_4_2_8P5
++
++  sntp/sntp-opts.h@1.517 +3 -3
++    NTP_4_2_8P5
++
++  sntp/sntp.1sntpman@1.335 +3 -3
++    NTP_4_2_8P5
++
++  sntp/sntp.1sntpmdoc@1.335 +2 -2
++    NTP_4_2_8P5
++
++  sntp/sntp.html@1.515 +2 -2
++    NTP_4_2_8P5
++
++  sntp/sntp.man.in@1.335 +3 -3
++    NTP_4_2_8P5
++
++  sntp/sntp.mdoc.in@1.335 +2 -2
++    NTP_4_2_8P5
++
++  util/invoke-ntp-keygen.texi@1.503 +2 -2
++    NTP_4_2_8P5
++
++  util/ntp-keygen-opts.c@1.521 +7 -7
++    NTP_4_2_8P5
++
++  util/ntp-keygen-opts.h@1.519 +3 -3
++    NTP_4_2_8P5
++
++  util/ntp-keygen.1ntp-keygenman@1.331 +3 -3
++    NTP_4_2_8P5
++
++  util/ntp-keygen.1ntp-keygenmdoc@1.331 +2 -2
++    NTP_4_2_8P5
++
++  util/ntp-keygen.html@1.177 +2 -2
++    NTP_4_2_8P5
++
++  util/ntp-keygen.man.in@1.331 +3 -3
++    NTP_4_2_8P5
++
++  util/ntp-keygen.mdoc.in@1.331 +2 -2
++    NTP_4_2_8P5
++
++ChangeSet@1.3622, 2016-01-07 17:52:24-05:00, stenn@deacon.udel.edu
++  ntp-4.2.8p5
++
++  packageinfo.sh@1.521 +1 -1
++    ntp-4.2.8p5
++
++ChangeSet@1.3621, 2016-01-07 22:20:05+00:00, stenn@psp-at1.ntp.org
++  cleanup
++
++  NEWS@1.152 +2 -2
++    cleanup
++
++ChangeSet@1.3620, 2016-01-07 09:33:11+00:00, stenn@psp-at1.ntp.org
++  typo in ntp_proto.c - leap smear.  Reported by Martin Burnicki
++
++  ntpd/ntp_proto.c@1.371 +1 -1
++    typo in ntp_proto.c - leap smear.  Reported by Martin Burnicki
++
++ChangeSet@1.3619, 2016-01-07 06:33:08+00:00, stenn@psp-at1.ntp.org
++  Update scripts/calc_tickadj/Makefile.am.  Harlan Stenn.
++
++  ChangeLog@1.1790 +1 -0
++    Update scripts/calc_tickadj/Makefile.am.  Harlan Stenn.
++
++  scripts/calc_tickadj/Makefile.am@1.11 +2 -0
++    Update scripts/calc_tickadj/Makefile.am.  Harlan Stenn.
++
++ChangeSet@1.3616.1.1, 2016-01-05 10:57:45+00:00, stenn@psp-at1.ntp.org
++  Bug 2952 fixes
++
++  ChangeLog@1.1787.1.1 +1 -0
++    Bug 2952 fixes
++
++  ntpd/ntp_proto.c@1.370 +165 -152
++    Bug 2952 fixes
++
++ChangeSet@1.3617, 2016-01-05 09:56:31+00:00, stenn@psp-at1.ntp.org
++  ntp-4.2.8p5 prep
++
++  ChangeLog@1.1788 +2 -1
++    ntp-4.2.8p5 prep
++
++  NEWS@1.151 +104 -3
++    ntp-4.2.8p5 prep
++
++ChangeSet@1.3616, 2015-12-06 11:20:02+00:00, stenn@psp-deb1.ntp.org
++  Quiet a warning from clang.  Harlan Stenn.
++
++  ChangeLog@1.1787 +1 -0
++    Quiet a warning from clang.  Harlan Stenn.
++
++  libntp/ntp_rfc2553.c@1.50 +3 -2
++    Quiet a warning from clang.  Harlan Stenn.
++
++ChangeSet@1.3615, 2015-12-05 10:41:51+00:00, stenn@psp-at1.ntp.org
++  CID 1341677: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1786 +1 -0
++    CID 1341677: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  sntp/tests/keyFile.c@1.12 +5 -2
++    CID 1341677: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3614, 2015-12-05 10:38:28+00:00, stenn@psp-at1.ntp.org
++  CID 1341678: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1785 +1 -0
++    CID 1341678: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  sntp/tests/keyFile.c@1.11 +5 -1
++    CID 1341678: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3613, 2015-12-05 10:31:39+00:00, stenn@psp-at1.ntp.org
++  CID 1341679: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1784 +1 -0
++    CID 1341679: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  sntp/tests/keyFile.c@1.10 +4 -2
++    CID 1341679: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3612, 2015-12-05 10:27:40+00:00, stenn@psp-at1.ntp.org
++  CID 1341680: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1783 +1 -0
++    CID 1341680: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  sntp/tests/keyFile.c@1.9 +4 -2
++    CID 1341680: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3611, 2015-12-05 10:21:07+00:00, stenn@psp-at1.ntp.org
++  CID 1341681: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1782 +1 -0
++    CID 1341681: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3610, 2015-12-05 10:18:23+00:00, stenn@psp-at1.ntp.org
++  sntp/tests/keyFile.c lint
++
++  sntp/tests/keyFile.c@1.8 +4 -2
++    sntp/tests/keyFile.c lint
++
++ChangeSet@1.3609, 2015-12-05 10:01:47+00:00, stenn@psp-at1.ntp.org
++  CID 1341682: Nit in libntp/authreadkeys.c.  HStenn.
++
++  ChangeLog@1.1781 +1 -0
++    CID 1341682: Nit in libntp/authreadkeys.c.  HStenn.
++
++  libntp/authreadkeys.c@1.24 +3 -4
++    CID 1341682: Nit in libntp/authreadkeys.c.  HStenn.
++
++ChangeSet@1.3608, 2015-12-05 09:40:44+00:00, stenn@psp-at1.ntp.org
++  CID 1341684: Nit in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++  ChangeLog@1.1780 +1 -0
++    CID 1341684: Nit in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++  tests/ntpd/t-ntp_signd.c@1.15 +4 -0
++    CID 1341684: Nit in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++ChangeSet@1.3607, 2015-12-03 12:07:30+00:00, stenn@psp-at1.ntp.org
++  Update some test runners
++
++  tests/libntp/run-sfptostr.c@1.7 +9 -8
++    update
++
++  tests/sandbox/run-uglydate.c@1.7 +2 -1
++    update
++
++ChangeSet@1.3606, 2015-12-03 03:28:15-08:00, cov-build@cov7.ntfo.org
++  Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++
++  ChangeLog@1.1779 +1 -0
++    Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++
++  tests/libntp/sfptostr.c@1.5 +1 -0
++    Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++
++ChangeSet@1.3605, 2015-12-03 03:26:50-08:00, cov-build@cov7.ntfo.org
++  Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++
++  ChangeLog@1.1778 +1 -0
++    Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++
++  tests/sandbox/uglydate.c@1.6 +2 -1
++    Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++
++ChangeSet@1.3604, 2015-12-03 02:16:02-08:00, cov-build@cov7.ntfo.org
++  CID 1341527: Quiet a CHECKED_RETURN in sntp/tests/t-log.c.  HStenn.
++
++  ChangeLog@1.1777 +1 -0
++    CID 1341527: Quiet a CHECKED_RETURN in sntp/tests/t-log.c.  HStenn.
++
++  sntp/tests/t-log.c@1.7 +1 -1
++    CID 1341527: Quiet a CHECKED_RETURN in sntp/tests/t-log.c.  HStenn.
++
++ChangeSet@1.3603, 2015-12-03 02:00:58-08:00, cov-build@cov7.ntfo.org
++  CID 1341533: Missing assertion in sntp/tests/t-log.c.  HStenn.
++
++  ChangeLog@1.1776 +1 -0
++    CID 1341533: Missing assertion in sntp/tests/t-log.c.  HStenn.
++
++  sntp/tests/t-log.c@1.6 +2 -0
++    CID 1341533: Missing assertion in sntp/tests/t-log.c.  HStenn.
++
++ChangeSet@1.3602, 2015-12-03 01:50:11-08:00, cov-build@cov7.ntfo.org
++  CID 134534-134537: Resource leaks in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++  ChangeLog@1.1775 +4 -0
++    CID 134534-134537: Resource leaks in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++  tests/ntpd/t-ntp_signd.c@1.14 +9 -0
++    CID 134534-134537: Resource leaks in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++ChangeSet@1.3601, 2015-12-03 01:22:22-08:00, cov-build@cov7.ntfo.org
++  CID 1341538: Memory leak in tests/ntpd/ntp_prio_q.c:262.  HStenn.
++
++  ChangeLog@1.1774 +1 -0
++    CID 1341538: Memory leak in tests/ntpd/ntp_prio_q.c:262.  HStenn.
++
++  tests/ntpd/ntp_prio_q.c@1.3 +1 -0
++    CID 1341538: Memory leak in tests/ntpd/ntp_prio_q.c:262.  HStenn.
++
++ChangeSet@1.3597.4.1, 2015-11-30 06:03:47+01:00, jnperlin@hydra.localnet
++  [Bug 2829] Look at pipe_fds in ntpd.c (initial value issue)
++
++  ChangeLog@1.1770.4.1 +1 -0
++    [Bug 2829] Look at pipe_fds in ntpd.c
++
++  ntpd/ntpd.c@1.167 +3 -0
++    [Bug 2829] Look at pipe_fds in ntpd.c (initial value issue)
++
++ChangeSet@1.3597.3.1, 2015-11-29 13:03:58+01:00, jnperlin@hydra.localnet
++  [Bug 2887] stratum -1 config results as showing value 99
++   - fudge stratum only accepts values [0..16].
++
++  ChangeLog@1.1770.3.1 +2 -0
++    [Bug 2887] stratum -1 config results as showing value 99
++     - fudge stratum only accepts values [0..16].
++
++  ntpd/ntp_parser.c@1.100 +178 -171
++    [Bug 2887] stratum -1 config results as showing value 99
++     - fudge stratum only accepts values [0..16]. (file regenerated by bison & trimmed manually)
++
++  ntpd/ntp_parser.y@1.90 +8 -1
++    [Bug 2887] stratum -1 config results as showing value 99
++     - fudge stratum only accepts values [0..16], gives error otherwise
++
++ChangeSet@1.3597.2.1, 2015-11-28 22:59:39+01:00, jnperlin@hydra.localnet
++  [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++   - applied patch by Christos Zoulas.
++
++  ChangeLog@1.1770.2.1 +2 -0
++    [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++     - applied patch by Christos Zoulas.
++
++  libntp/socktohost.c@1.16 +10 -2
++    [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++     - save errno around calls to getnameinfo/getaddrinfo (patch by Christos Zoulas)
++
++ChangeSet@1.3597.1.4, 2015-11-28 19:09:53+01:00, jnperlin@hydra.localnet
++  Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++   - changed stacked/nested handling of CTRL-C.
++
++  ChangeLog@1.1770.1.2 +2 -0
++    Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++     - changed stacked/nested handling of CTRL-C.
++
++  ntpq/ntpq-subs.c@1.114 +11 -8
++    Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++     - changed stacked/nested handling of CTRL-C.
++
++  ntpq/ntpq.c@1.165 +57 -8
++    Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++     - changed stacked/nested handling of CTRL-C.
++
++  ntpq/ntpq.h@1.31 +4 -0
++    Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++     - changed stacked/nested handling of CTRL-C.
++
++ChangeSet@1.3597.1.3, 2015-11-25 22:10:45-08:00, harlan@max.pfcs.com
++  Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++
++  ChangeLog@1.1770.1.1 +1 -0
++    Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++
++  sntp/m4/ntp_libevent.m4@1.16 +2 -1
++    Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++
++ChangeSet@1.3597.1.2, 2015-11-25 12:23:40+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/run-t-ntp_signd.c@1.11 +6 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/t-ntp_signd.c@1.13 +19 -5
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3597.1.1, 2015-11-25 11:50:51+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  sntp/unity/unity_internals.h@1.5 +13 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/calendar.c@1.12 +8 -3
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/leapsec.c@1.4 +241 -82
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/run-leapsec.c@1.6 +33 -33
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/run-t-ntp_signd.c@1.10 +6 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/t-ntp_signd.c@1.12 +40 -13
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/smeartest.c@1.10 +3 -0
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3598, 2015-11-24 08:06:41+01:00, jnperlin@hydra.localnet
++  [Bug 2967] ntpdate command suffers an assertion failure
++    - fixed ntp_rfc2553.c to return proper address length.
++
++  ChangeLog@1.1771 +2 -0
++    [Bug 2967] ntpdate command suffers an assertion failure
++      - fixed ntp_rfc2553.c to return proper address length.
++
++  libntp/ntp_rfc2553.c@1.49 +2 -1
++    [Bug 2967] ntpdate command suffers an assertion failure
++      - fix do_nodename() to return the proper address length when name is NULL.
++
++ChangeSet@1.3597, 2015-11-23 10:55:16+00:00, stenn@psp-at1.ntp.org
++  ChangeLog, caljulian.c:
++    * CID 1339955: Free allocated memory in caljulian test.  HStenn.
++    * CID 1339962: Explicitly initialize variable in caljulian test.  HStenn.
++
++  ChangeLog@1.1770 +2 -0
++    * CID 1339955: Free allocated memory in caljulian test.  HStenn.
++    * CID 1339962: Explicitly initialize variable in caljulian test.  HStenn.
++
++  tests/libntp/caljulian.c@1.14 +16 -10
++    * CID 1339955: Free allocated memory in caljulian test.  HStenn.
++    * CID 1339962: Explicitly initialize variable in caljulian test.  HStenn.
++
++ChangeSet@1.3596, 2015-11-20 20:16:24-08:00, harlan@hms-mbp11.pfcs.com
++  Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/kodDatabase.c@1.9 +0 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/run-kodDatabase.c@1.9 +5 -5
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3595, 2015-11-20 19:41:16-08:00, harlan@hms-mbp11.pfcs.com
++  Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/kodDatabase.c@1.8 +6 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/kodFile.c@1.9 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/run-kodDatabase.c@1.8 +6 -5
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/run-t-log.c@1.5 +3 -3
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/t-log.c@1.5 +32 -16
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/calendar.c@1.11 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/caljulian.c@1.13 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/decodenetnum.c@1.10 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/humandate.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/lfptostr.c@1.8 +9 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/modetoa.c@1.8 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/msyslog.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/netof.c@1.9 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/numtoa.c@1.7 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/numtohost.c@1.7 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/prettydate.c@1.6 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/recvbuff.c@1.7 +3 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/refidsmear.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/refnumtoa.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-calendar.c@1.11 +15 -15
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-decodenetnum.c@1.10 +6 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-humandate.c@1.7 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-lfptostr.c@1.8 +11 -11
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-modetoa.c@1.12 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-msyslog.c@1.9 +8 -8
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-netof.c@1.8 +4 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-numtoa.c@1.11 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-numtohost.c@1.11 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-prettydate.c@1.6 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-refidsmear.c@1.8 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-refnumtoa.c@1.9 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-sfptostr.c@1.6 +8 -8
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-socktoa.c@1.13 +6 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-statestr.c@1.11 +4 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-strtolfp.c@1.6 +7 -7
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-timespecops.c@1.11 +28 -28
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-timevalops.c@1.13 +28 -28
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-uglydate.c@1.11 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/sfptostr.c@1.4 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/socktoa.c@1.11 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/statestr.c@1.6 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/strtolfp.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timespecops.c@1.10 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timevalops.c@1.13 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/uglydate.c@1.10 +13 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/run-uglydate.c@1.6 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/smeartest.c@1.9 +2 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/uglydate.c@1.5 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3594, 2015-11-20 07:40:57+00:00, stenn@psp-at1.ntp.org
++  [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++
++  ChangeLog@1.1769 +1 -0
++    [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++
++  ntpq/ntpq.c@1.164 +1 -1
++    [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++
++ChangeSet@1.3593, 2015-11-20 07:27:27+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/authkeys.c@1.13 +36 -10
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/buftvtots.c@1.6 +18 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/calendar.c@1.10 +100 -47
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/caljulian.c@1.12 +27 -9
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/clocktime.c@1.9 +48 -24
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/humandate.c@1.6 +6 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/lfpfunc.c@1.15 +113 -69
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/netof.c@1.8 +22 -7
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/numtohost.c@1.6 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/octtoint.c@1.7 +36 -14
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/refidsmear.c@1.6 +1 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/refnumtoa.c@1.6 +5 -5
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-lfpfunc.c@1.18 +9 -9
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-refidsmear.c@1.7 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timespecops.c@1.9 +173 -48
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timestructs.h@1.3 +22 -22
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timevalops.c@1.12 +168 -52
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3592, 2015-11-20 02:57:37+01:00, jnperlin@nemesis.localnet
++  [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients
++
++  ChangeLog@1.1768 +2 -0
++    [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients
++
++  lib/isc/sockaddr.c@1.14 +1 -1
++    [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients
++     - cast fro size_t to u_int (no overflow danger); not related the bug, found while double-checking changes
++
++  ntpq/ntpq-subs.c@1.113 +1 -1
++    [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients
++     - make end-of-buffer test unsigned-safe
++
++ChangeSet@1.3591, 2015-11-17 11:12:02+00:00, stenn@psp-at1.ntp.org
++  [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++
++  ChangeLog@1.1767 +1 -0
++    [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++
++  html/miscopt.html@1.84 +3 -3
++    [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++
++ChangeSet@1.3588, 2015-11-17 05:02:10+00:00, stenn@psp-at1.ntp.org
++  Credit Martin for 2965
++
++  ChangeLog@1.1764.1.3 +1 -1
++    Credit Martin for 2965
++
++ChangeSet@1.3587, 2015-11-17 04:53:39+00:00, stenn@psp-at1.ntp.org
++  cleanup
++
++  ChangeLog@1.1764.1.2 +1 -1
++    cleanup
++
++ChangeSet@1.3584.2.1, 2015-11-16 11:59:55+01:00, burnicki@pc-martin4.
++  [Bug 2965] Local clock didn't work since 4.2.8p4
++
++  ChangeLog@1.1764.1.1 +1 -0
++    [Bug 2965] Local clock didn't work since 4.2.8p4
++
++  ntpd/refclock_local.c@1.22 +1 -0
++    [Bug 2965] Local clock didn't work since 4.2.8p4
++
++ChangeSet@1.3584.1.2, 2015-11-14 01:01:05+01:00, jnperlin@hydra.localnet
++  [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++   - fix warnings in test cases
++
++  tests/libntp/a_md5encrypt.c@1.14 +23 -15
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix terrible const/noconst and alignment mess 
++
++  tests/libntp/authkeys.c@1.12 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fixed cast to const cast
++
++  tests/libntp/run-a_md5encrypt.c@1.15 +5 -5
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - update generated file
++
++  tests/ntpd/rc_cmdlength.c@1.3 +1 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add header to get prototype
++
++  tests/ntpd/run-rc_cmdlength.c@1.4 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++
++ChangeSet@1.3584.1.1, 2015-11-13 22:54:35+01:00, jnperlin@hydra.localnet
++  [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++   - fixed several other warnings (cast-alignment, missing const, missing prorotypes)
++   - promote use of 'size_t' for values that express a size
++   - use ptr-to-const for read-only arguments
++   - make sure SOCKET values are not truncated (win32-specific)
++   - format string fixes
++
++  ChangeLog@1.1765 +6 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets.
++
++  include/Makefile.am@1.53 +1 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - added 'safeconst.h' to noinstall-headers
++
++  include/ntp_refclock.h@1.37 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use ptr-to-const for read-only values
++
++  include/ntp_stdlib.h@1.80 +4 -4
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - use ptr-to-const for read-only data
++
++  include/ntpd.h@1.193 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  include/safecast.h@1.1 +34 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - checked or saturated size conversion
++     - added unaligned pointer casts
++
++  include/safecast.h@1.0 +0 -0
++
++  lib/isc/backtrace.c@1.3 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid increased-alignment-earning in pointer cast 
++
++  lib/isc/buffer.c@1.2 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  lib/isc/inet_aton.c@1.6 +2 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  lib/isc/inet_pton.c@1.7 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  lib/isc/log.c@1.9 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  lib/isc/netaddr.c@1.14 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast (no overflow) to u_int
++
++  lib/isc/sockaddr.c@1.13 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast to 'u_int' (no overflow possible)
++
++  lib/isc/task.c@1.8 +8 -8
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid warnings about increased alignment requirements (not using 'safecast.h' since it's not in this lib)
++
++  lib/isc/win32/interfaceiter.c@1.23 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid truncation of SOCKET
++
++  lib/isc/win32/net.c@1.17 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid truncation of SOCKET
++
++  libntp/a_md5encrypt.c@1.35 +14 -14
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - use ptr-to-const for read-only values
++
++  libntp/atolfp.c@1.7 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explit cast from size_t to u_long (no overflow possoble)
++
++  libntp/authkeys.c@1.27.1.1 +4 -4
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  libntp/authusekey.c@1.10 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  libntp/dolfptoa.c@1.12 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast to size_t to in (no overflow possible)
++
++  libntp/hextolfp.c@1.5 +6 -4
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast size_t to u_long (no overflow possible)
++
++  libntp/mstolfp.c@1.5 +1 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  libntp/msyslog.c@1.54 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  libntp/ntp_crypto_rnd.c@1.4 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use checked cast for interface with openSSL
++
++  libntp/ntp_lineedit.c@1.14 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - downcast of size_t (no risk here)
++
++  libntp/ntp_worker.c@1.6 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - downcast of size_t (no real risk of overflow)
++
++  libntp/snprintf.c@1.13 +10 -10
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use explicit downcasts in conversions
++
++  libparse/clk_computime.c@1.13 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_dcf7000.c@1.13 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_hopf6021.c@1.12 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_meinberg.c@1.16 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_rawdcf.c@1.23 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_rcc8000.c@1.12 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_schmid.c@1.15 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_trimtaip.c@1.13 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_varitext.c@1.12 +6 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - commented unused static const values
++    ---
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_wharton.c@1.11 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/parse.c@1.21 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  ntpd/ntp_control.c@1.205 +5 -5
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/ntp_crypto.c@1.185 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix small signed/unsigned clash
++
++  ntpd/ntp_io.c@1.409 +6 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - remove cast-alignment warnings by casting via 'void*'
++     - proper cast from SOCKET to int when file descriptor needed
++
++  ntpd/ntp_loopfilter.c@1.188 +2 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid 'unused' warnings
++
++  ntpd/ntp_proto.c@1.369 +8 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes 
++     - fix signed/unsigned clash
++
++  ntpd/ntp_refclock.c@1.121 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use ptr-to-const for read-only parameters
++
++  ntpd/ntp_request.c@1.115 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid serious LP64 problem by using uint32_t instead of u_long
++
++  ntpd/ntp_restrict.c@1.40 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/ntp_signd.c@1.5 +3 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fixed missing 'const' in cast
++
++  ntpd/ntp_timer.c@1.93 +7 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid mixed float/int calculations
++
++  ntpd/ntp_util.c@1.117 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/refclock_parse.c@1.82 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/refclock_shm.c@1.38 +3 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fixed some volatile madness & casts
++
++  ntpd/refclock_true.c@1.25 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/refclock_tsyncpci.c@1.10 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - remove cast-alignment warnings by omitting superfluous cast
++
++  ntpdate/ntpdate.c@1.97 +7 -7
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - avoid truncation of SOCKET handles
++
++  ntpdc/ntpdc.c@1.105 +36 -34
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpdc/ntpdc.h@1.12 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpdc/ntpdc_ops.c@1.81 +109 -109
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpq/libntpq.c@1.13 +7 -9
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpq/libntpq.h@1.11 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - more size_t propagation and format string fixes 
++
++  ntpq/libntpq_subs.c@1.7 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - more size_t propagation and format string fixes 
++
++  ntpq/ntpq-subs.c@1.112 +39 -37
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpq/ntpq.c@1.163 +34 -34
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpq/ntpq.h@1.30 +7 -7
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ports/winnt/include/config.h@1.113 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use ptr-to-const for read-only values
++
++  ports/winnt/include/ntp_iocompletionport.h@1.21 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid truncation of SOCKET identifiers
++
++  ports/winnt/instsrv/instsrv.c@1.7 +6 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast to DWORD (overflow hardly possible)
++
++  ports/winnt/libntp/termios.c@1.32 +18 -16
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - use ptr-to-const for read-only values
++     - avoid truncation of handle
++
++  ports/winnt/ntpd/ntp_iocompletionport.c@1.72 +9 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid truncation of SOCKET handles
++
++  ports/winnt/vs2008/common.vsprops@1.2 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - disable a size_t cast warnings
++
++  ports/winnt/vs2008/ntpd/ntpd.vcproj@1.50 +49 -17
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - disable C4307 (integer constant overflow) on refclock_arc.c 
++
++  ports/winnt/vs2013/common.props@1.2 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - disable the annoying truncation-of-value error
++
++  ports/winnt/vs2013/libntp/libntp.vcxproj@1.9 +1 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add 'safecast.h' header
++
++  ports/winnt/vs2013/libntp/libntp.vcxproj.filters@1.7 +3 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add safecast.h header
++
++  ports/winnt/vs2013/ntpd/ntpd.vcxproj@1.8 +7 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - refclock_arc is very noisy with integer constant overflow
++
++  sntp/networking.c@1.67 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - remove cast-alignment warnings by casting via 'void*'
++
++  tests/libntp/authkeys.c@1.11 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix missing 'const' in cast
++
++  tests/ntpd/ntp_restrict.c@1.3 +1 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix function declarations
++
++  tests/ntpd/run-ntp_restrict.c@1.5 +8 -8
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - update auto-generated file
++
++  tests/ntpd/run-t-ntp_signd.c@1.9 +7 -7
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix function prototypes
++
++  tests/ntpd/t-ntp_scanner.c@1.7 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add missing 'const' declarations
++
++  tests/ntpd/t-ntp_signd.c@1.11 +24 -13
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - added missing prototypes and a fix serious pointer problem
++
++  tests/sandbox/run-uglydate.c@1.3.1.1 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - update generated file
++
++  tests/sandbox/uglydate.c@1.2.1.1 +4 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add prototypes
++
++  tests/sec-2853/sec-2853.c@1.7 +6 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix size_t format
++
++  util/ntp-keygen.c@1.107 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - let openssl sort out the string size
++
++ChangeSet@1.3585, 2015-11-07 23:46:41+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/t-log.c@1.4 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/run-uglydate.c@1.4 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/uglydate.c@1.3 +2 -0
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3581.1.1, 2015-11-06 08:33:23+01:00, jnperlin@hydra.localnet
++  [Bug 2957] format specifies type 'unsigned int' but the argument has type 'size_t'
++   - accept key file only if there are no parsing errors
++   - fixed size_t/u_int format clash
++   - restore pre-Bug1243 compatibility (revert 'strlcpy()' to 'strncpy()' as 'strlcpy()' is wrong here)
++
++  ChangeLog@1.1761.1.1 +4 -0
++    [Bug 2957] format specifies type 'unsigned int' but the argument has type 'size_t'
++     - accept key file only if there are no parsing errors
++     - fixed size_t/u_int format clash
++     - restore pre-Bug1243 compatibility (revert 'strlcpy()' to 'strncpy()' as 'strlcpy()' is wrong here)
++
++  libntp/authkeys.c@1.28 +17 -5
++    [Bug 2957] format specifies type 'unsigned int' but the argument has type 'size_t'
++     - restore pre-Bug1243 compatibility (revert 'strlcpy()' to 'strncpy()' as 'strlcpy()' is wrong here)
++
++  libntp/authreadkeys.c@1.23 +68 -22
++    [Bug 2957] format specifies type 'unsigned int' but the argument has type 'size_t'
++     - accept key file only if there are no parsing errors
++     - fixed size_t/u_int format clash
++
++ChangeSet@1.3584, 2015-11-05 11:47:50+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  ChangeLog@1.1764 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/run-t-log.c@1.4 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/t-log.c@1.3 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/utilities.c@1.5 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/bug-2803/bug-2803.c@1.10 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/bug-2803/run-bug-2803.c@1.9 +2 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/a_md5encrypt.c@1.13 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/caljulian.c@1.11 +4 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/lfpfunc.c@1.14 +9 -9
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/netof.c@1.7 +10 -10
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/prettydate.c@1.5 +3 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/recvbuff.c@1.6 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/socktoa.c@1.10 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/uglydate.c@1.9 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/smeartest.c@1.8 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/uglydate.c@1.2 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sec-2853/sec-2853.c@1.6 +1 -4
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3583, 2015-11-05 10:37:38+00:00, stenn@psp-at1.ntp.org
++  Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++
++  ChangeLog@1.1763 +1 -1
++    Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++
++  ChangeLog@1.1762 +1 -0
++    Unity cleanup for FreeBSD-6.2.  Harlan Stenn.
++
++  sntp/m4/ntp_problemtests.m4@1.4 +4 -1
++    Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++
++ChangeSet@1.3582, 2015-11-05 10:01:57+00:00, stenn@psp-at1.ntp.org
++  Sec 2956 cleanup
++
++  include/ntpd.h@1.192 +1 -0
++    Sec 2956 cleanup
++
++  libntp/systime.c@1.70 +2 -3
++    Sec 2956 cleanup
++
++  ntpd/ntp_loopfilter.c@1.187 +0 -2
++    Sec 2956 cleanup
++
++  ntpdate/ntpdate.c@1.96 +0 -3
++    Sec 2956 cleanup
++
++  ntpsnmpd/ntpsnmpd.c@1.10 +0 -3
++    Sec 2956 cleanup
++
++  sntp/main.c@1.98 +0 -3
++    Sec 2956 cleanup
++
++ChangeSet@1.3581, 2015-11-04 10:02:25+00:00, stenn@psp-at1.ntp.org
++  [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++
++  ChangeLog@1.1761 +2 -1
++    [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++
++  tests/ntpd/t-ntp_scanner.c@1.6 +1 -1
++    [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++
++ChangeSet@1.3580, 2015-11-04 08:39:12+00:00, stenn@psp-at1.ntp.org
++  [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  ChangeLog@1.1760 +2 -0
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  libntp/systime.c@1.69 +23 -2
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  ntpd/ntp_loopfilter.c@1.186 +17 -27
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  ntpdate/ntpdate.c@1.95 +3 -0
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  ntpsnmpd/ntpsnmpd.c@1.9 +3 -0
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  sntp/main.c@1.97 +3 -0
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++ChangeSet@1.3579, 2015-11-03 22:08:46+01:00, jnperlin@hydra.localnet
++  [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++   - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++
++  ChangeLog@1.1759 +1 -0
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++
++  ntpd/ntpd.c@1.166 +9 -2
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++
++ChangeSet@1.3578, 2015-10-31 18:04:18+00:00, perlinger@psp-deb1.ntp.org
++  [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++   - fixed race conditions between worker and main thread in DNS worker
++
++  ChangeLog@1.1758 +3 -0
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - fixed race conditions between worker and main thread in DNS worker
++
++  include/ntp_worker.h@1.4 +45 -21
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - provide shared access lock based on semaphore
++     - better isolation of OS dependencies
++
++  libntp/work_thread.c@1.18 +370 -231
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - fixed race conditions between worker and main thread
++     - better (still not perfect) isolation of OS dependent code for semaphore handling
++
+ ChangeSet@1.3577, 2015-10-21 12:42:02-04:00, stenn@deacon.udel.edu
+   NTP_4_2_8P4
+   TAG: NTP_4_2_8P4
+--- contrib/ntp/NEWS.orig
++++ contrib/ntp/NEWS
+@@ -1,7 +1,108 @@
+ ---
++
++NTP 4.2.8p5
++
++Focus: Security, Bug fixes, enhancements.
++
++Severity: MEDIUM
++
++In addition to bug fixes and enhancements, this release fixes the
++following medium-severity vulnerability:
++
++* Small-step/big-step.  Close the panic gate earlier.
++    References: Sec 2956, CVE-2015-5300
++    Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
++	4.3.0 up to, but not including 4.3.78
++    CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM
++    Summary: If ntpd is always started with the -g option, which is
++	common and against long-standing recommendation, and if at the
++	moment ntpd is restarted an attacker can immediately respond to
++	enough requests from enough sources trusted by the target, which
++	is difficult and not common, there is a window of opportunity
++	where the attacker can cause ntpd to set the time to an
++	arbitrary value. Similarly, if an attacker is able to respond
++	to enough requests from enough sources trusted by the target,
++	the attacker can cause ntpd to abort and restart, at which
++	point it can tell the target to set the time to an arbitrary
++	value if and only if ntpd was re-started against long-standing
++	recommendation with the -g flag, or if ntpd was not given the
++	-g flag, the attacker can move the target system's time by at
++	most 900 seconds' time per attack.
++    Mitigation:
++	Configure ntpd to get time from multiple sources.
++	Upgrade to 4.2.8p5, or later, from the NTP Project Download
++	    Page or the NTP Public Services Project Download Page
++	As we've long documented, only use the -g option to ntpd in
++	    cold-start situations.
++	Monitor your ntpd instances. 
++    Credit: This weakness was discovered by Aanchal Malhotra,
++	Isaac E. Cohen, and Sharon Goldberg at Boston University. 
++
++    NOTE WELL: The -g flag disables the limit check on the panic_gate
++	in ntpd, which is 900 seconds by default. The bug identified by
++	the researchers at Boston University is that the panic_gate
++	check was only re-enabled after the first change to the system
++	clock that was greater than 128 milliseconds, by default. The
++	correct behavior is that the panic_gate check should be
++	re-enabled after any initial time correction.
++
++	If an attacker is able to inject consistent but erroneous time
++	responses to your systems via the network or "over the air",
++	perhaps by spoofing radio, cellphone, or navigation satellite
++	transmissions, they are in a great position to affect your
++	system's clock. There comes a point where your very best
++	defenses include:
++
++	    Configure ntpd to get time from multiple sources.
++	    Monitor your ntpd instances. 
++
++Other fixes:
++
++* Coverity submission process updated from Coverity 5 to Coverity 7.
++  The NTP codebase has been undergoing regular Coverity scans on an
++  ongoing basis since 2006.  As part of our recent upgrade from
++  Coverity 5 to Coverity 7, Coverity identified 16 nits in some of
++  the newly-written Unity test programs.  These were fixed.
++* [Bug 2829] Clean up pipe_fds in ntpd.c  perlinger@ntp.org
++* [Bug 2887] stratum -1 config results as showing value 99
++  - fudge stratum should only accept values [0..16]. perlinger@ntp.org
++* [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++* [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++  - applied patch by Christos Zoulas.  perlinger@ntp.org
++* [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
++* [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes.
++  - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
++  - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
++  - accept key file only if there are no parsing errors
++  - fixed size_t/u_int format clash
++  - fixed wrong use of 'strlcpy'
++* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
++  - fixed several other warnings (cast-alignment, missing const, missing prototypes)
++  - promote use of 'size_t' for values that express a size
++  - use ptr-to-const for read-only arguments
++  - make sure SOCKET values are not truncated (win32-specific)
++  - format string fixes
++* [Bug 2965] Local clock didn't work since 4.2.8p4.  Martin Burnicki.
++* [Bug 2967] ntpdate command suffers an assertion failure
++  - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
++* [Bug 2969]  Seg fault from ntpq/mrulist when looking at server with
++              lots of clients. perlinger@ntp.org
++* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
++  - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
++* Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++* Unity test cleanup.  Harlan Stenn.
++* Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++* Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++* Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++* Quiet a warning from clang.  Harlan Stenn.
++
++---
+ NTP 4.2.8p4
+ 
+-Focus: Security, Bug fies, enhancements.
++Focus: Security, Bug fixes, enhancements.
+ 
+ Severity: MEDIUM
+ 
+@@ -339,8 +440,8 @@
+ 
+ Backward-Incompatible changes:
+ * [Bug 2817] Default on Linux is now "rlimit memlock -1".
+-While the general default of 32M is still the case, under Linux
+-the default value has been changed to -1 (do not lock ntpd into
++  While the general default of 32M is still the case, under Linux
++  the default value has been changed to -1 (do not lock ntpd into
+   memory).  A value of 0 means "lock ntpd into memory with whatever
+   memory it needs." If your ntp.conf file has an explicit "rlimit memlock"
+   value in it, that value will continue to be used.
+--- contrib/ntp/configure.orig
++++ contrib/ntp/configure
+@@ -1,6 +1,6 @@
+ #! /bin/sh
+ # Guess values for system-dependent variables and create Makefiles.
+-# Generated by GNU Autoconf 2.69 for ntp 4.2.8p4.
++# Generated by GNU Autoconf 2.69 for ntp 4.2.8p5.
+ #
+ # Report bugs to .
+ #
+@@ -590,8 +590,8 @@
+ # Identity of this package.
+ PACKAGE_NAME='ntp'
+ PACKAGE_TARNAME='ntp'
+-PACKAGE_VERSION='4.2.8p4'
+-PACKAGE_STRING='ntp 4.2.8p4'
++PACKAGE_VERSION='4.2.8p5'
++PACKAGE_STRING='ntp 4.2.8p5'
+ PACKAGE_BUGREPORT='http://bugs.ntp.org./'
+ PACKAGE_URL='http://www.ntp.org./'
+ 
+@@ -1616,7 +1616,7 @@
+   # Omit some internal or obsolete options to make the list less imposing.
+   # This message is too long to be a string in the A/UX 3.1 sh.
+   cat <<_ACEOF
+-\`configure' configures ntp 4.2.8p4 to adapt to many kinds of systems.
++\`configure' configures ntp 4.2.8p5 to adapt to many kinds of systems.
+ 
+ Usage: $0 [OPTION]... [VAR=VALUE]...
+ 
+@@ -1686,7 +1686,7 @@
+ 
+ if test -n "$ac_init_help"; then
+   case $ac_init_help in
+-     short | recursive ) echo "Configuration of ntp 4.2.8p4:";;
++     short | recursive ) echo "Configuration of ntp 4.2.8p5:";;
+    esac
+   cat <<\_ACEOF
+ 
+@@ -1919,7 +1919,7 @@
+ test -n "$ac_init_help" && exit $ac_status
+ if $ac_init_version; then
+   cat <<\_ACEOF
+-ntp configure 4.2.8p4
++ntp configure 4.2.8p5
+ generated by GNU Autoconf 2.69
+ 
+ Copyright (C) 2012 Free Software Foundation, Inc.
+@@ -2749,7 +2749,7 @@
+ This file contains any messages produced by compilers while
+ running configure, to aid debugging if configure makes a mistake.
+ 
+-It was created by ntp $as_me 4.2.8p4, which was
++It was created by ntp $as_me 4.2.8p5, which was
+ generated by GNU Autoconf 2.69.  Invocation command line was
+ 
+   $ $0 $@
+@@ -3750,7 +3750,7 @@
+ 
+ # Define the identity of the package.
+  PACKAGE='ntp'
+- VERSION='4.2.8p4'
++ VERSION='4.2.8p5'
+ 
+ 
+ cat >>confdefs.h <<_ACEOF
+@@ -20018,9 +20018,10 @@
+ 	    # LDADD_LIBEVENT=`$PKG_CONFIG --libs libevent | sed 's:-levent::'`
+ 	    # So now we dance...
+ 	    LDADD_LIBEVENT=
+-	    for i in `$PKG_CONFIG --libs libevent`
++	    for i in `$PKG_CONFIG --libs libevent` `$PKG_CONFIG --cflags-only-other libevent_pthreads`
+ 	    do
+ 		case "$i" in
++		 -D*) ;;
+ 		 -levent*) ;;
+ 		 *) case "$LDADD_LIBEVENT" in
+ 		     '') LDADD_LIBEVENT="$i" ;;
+@@ -37035,8 +37036,9 @@
+ $as_echo_n "checking if we can run test-ntp_restrict... " >&6; }
+ ntp_test_ntp_restrict="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
++ no:0:*-*-hpux11.23*) ;;
+  no:0:*-*-solaris*) ;;
+- no:0:*-*-hpux-11.23*) ;;
+  *) ntp_test_ntp_restrict="yes" ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_restrict" >&5
+@@ -37054,6 +37056,7 @@
+ $as_echo_n "checking if we can run test-ntp_scanner... " >&6; }
+ ntp_test_ntp_scanner="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
+  no:0:*-*-solaris*) ;;
+  *) ntp_test_ntp_scanner="yes" ;;
+ esac
+@@ -37072,6 +37075,7 @@
+ $as_echo_n "checking if we can run test-ntp_signd... " >&6; }
+ ntp_test_ntp_signd="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
+  no:0:*-*-solaris*) ;;
+  *) ntp_test_ntp_signd="yes" ;;
+ esac
+@@ -37836,7 +37840,7 @@
+ # report actual input values of CONFIG_FILES etc. instead of their
+ # values after options handling.
+ ac_log="
+-This file was extended by ntp $as_me 4.2.8p4, which was
++This file was extended by ntp $as_me 4.2.8p5, which was
+ generated by GNU Autoconf 2.69.  Invocation command line was
+ 
+   CONFIG_FILES    = $CONFIG_FILES
+@@ -37903,7 +37907,7 @@
+ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ ac_cs_version="\\
+-ntp config.status 4.2.8p4
++ntp config.status 4.2.8p5
+ configured by $0, generated by GNU Autoconf 2.69,
+   with options \\"\$ac_cs_config\\"
+ 
+--- contrib/ntp/packageinfo.sh.orig
++++ contrib/ntp/packageinfo.sh
+@@ -83,7 +83,7 @@
+ # - Numeric values increment
+ # - empty 'increments' to 1
+ # - NEW 'increments' to empty
+-point=4
++point=5
+ 
+ ### betapoint is normally modified by script.
+ # ntp-stable Beta number (betapoint)
+--- usr.sbin/ntp/doc/ntp-keygen.8.orig
++++ usr.sbin/ntp/doc/ntp-keygen.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYGEN 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:43 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-keygen-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntp.conf.5.orig
++++ usr.sbin/ntp/doc/ntp.conf.5
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_CONF 5 File Formats
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:30:57 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.conf.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntp.keys.5.orig
++++ usr.sbin/ntp/doc/ntp.keys.5
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYS 5 File Formats
+ .Os SunOS 5.10
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:00 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.keys.def
+ .\"  and the template file   agmdoc-file.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntpd.8.orig
++++ usr.sbin/ntp/doc/ntpd.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPD 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntpdc.8.orig
++++ usr.sbin/ntp/doc/ntpdc.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPDC 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:29 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpdc-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntpq.8.orig
++++ usr.sbin/ntp/doc/ntpq.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPQ 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpq-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/sntp.8.orig
++++ usr.sbin/ntp/doc/sntp.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SNTP 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:23:27 PM by AutoGen 5.18.5
+ .\"  From the definitions    sntp-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/scripts/mkver.orig
++++ usr.sbin/ntp/scripts/mkver
+@@ -6,7 +6,7 @@
+ 
+ ConfStr="$PROG"
+ 
+-ConfStr="$ConfStr 4.2.8p4"
++ConfStr="$ConfStr 4.2.8p5"
+ 
+ case "$CSET" in
+  '') ;;
+--- usr.sbin/ntp/config.h.orig
++++ usr.sbin/ntp/config.h
+@@ -335,6 +335,9 @@
+ /* Define to 1 if you have the  header file. */
+ #define HAVE_ARPA_NAMESER_H 1
+ 
++/* Define to 1 if you have the `atomic_thread_fence' function. */
++/* #undef HAVE_ATOMIC_THREAD_FENCE */
++
+ /* Do we have audio support? */
+ #define HAVE_AUDIO /**/
+ 
+@@ -388,6 +391,9 @@
+ /* Define to 1 if you have the  header file. */
+ #define HAVE_ERRNO_H 1
+ 
++/* Define to 1 if you have the `EVP_MD_do_all_sorted' function. */
++#define HAVE_EVP_MD_DO_ALL_SORTED 1
++
+ /* Define to 1 if you have the `fchmod' function. */
+ #define HAVE_FCHMOD 1
+ 
+@@ -823,6 +829,9 @@
+ /* Define to 1 if you have the  header file. */
+ #define HAVE_STDARG_H 1
+ 
++/* Define to 1 if you have the  header file. */
++#define HAVE_STDATOMIC_H 1
++
+ /* Define to 1 if you have the  header file. */
+ #define HAVE_STDBOOL_H 1
+ 
+@@ -1135,7 +1144,7 @@
+ /* #undef HAVE_UNIXWARE_SIGWAIT */
+ 
+ /* Define to 1 if the system has the type `unsigned long long int'. */
+-/* #undef HAVE_UNSIGNED_LONG_LONG_INT */
++#define HAVE_UNSIGNED_LONG_LONG_INT 1
+ 
+ /* Define to 1 if you have the `updwtmp' function. */
+ /* #undef HAVE_UPDWTMP */
+@@ -1317,6 +1326,9 @@
+ /* define to 1 if library is thread safe */
+ #define LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE 1
+ 
++/* leap smear mechanism */
++/* #undef LEAP_SMEAR */
++
+ /* Define to any value to include libseccomp sandboxing. */
+ /* #undef LIBSECCOMP */
+ 
+@@ -1333,6 +1345,10 @@
+ /* Should we recommend a minimum value for tickadj? */
+ /* #undef MIN_REC_TICKADJ */
+ 
++/* Define to 1 if the compiler does not support C99's structure
++   initialization. */
++/* #undef MISSING_C99_STRUCT_INIT */
++
+ /* Do we need HPUX adjtime() library support? */
+ /* #undef NEED_HPUX_ADJTIME */
+ 
+@@ -1421,7 +1437,7 @@
+ #define PACKAGE_NAME "ntp"
+ 
+ /* Define to the full name and version of this package. */
+-#define PACKAGE_STRING "ntp 4.2.8p4"
++#define PACKAGE_STRING "ntp 4.2.8p5"
+ 
+ /* Define to the one symbol short name of this package. */
+ #define PACKAGE_TARNAME "ntp"
+@@ -1430,13 +1446,13 @@
+ #define PACKAGE_URL "http://www.ntp.org./"
+ 
+ /* Define to the version of this package. */
+-#define PACKAGE_VERSION "4.2.8p4"
++#define PACKAGE_VERSION "4.2.8p5"
+ 
+ /* data dir */
+ #define PERLLIBDIR "/usr/local/share/ntp/lib"
+ 
+ /* define to a working POSIX compliant shell */
+-#define POSIX_SHELL "/bin/bash"
++#define POSIX_SHELL "/bin/sh"
+ 
+ /* PARSE kernel PLL PPS support */
+ /* #undef PPS_SYNC */
+@@ -1611,7 +1627,7 @@
+ /* #undef USE_UDP_SIGPOLL */
+ 
+ /* Version number of package */
+-#define VERSION "4.2.8p4"
++#define VERSION "4.2.8p5"
+ 
+ /* vsnprintf expands "%m" to strerror(errno) */
+ /* #undef VSNPRINTF_PERCENT_M */
+@@ -1788,5 +1804,5 @@
+ /*
+  * FreeBSD specific: Explicitly specify date/time for reproducible build.
+  */
+-#define	MKREPRO_DATE "Oct 22 2015"
+-#define	MKREPRO_TIME "17:58:31"
++#define	MKREPRO_DATE "Jan 8 2016"
++#define	MKREPRO_TIME "12:37:48"
diff --git a/share/security/patches/SA-16:02/ntp-10.patch.asc b/share/security/patches/SA-16:02/ntp-10.patch.asc
new file mode 100644
index 0000000000..57515d0000
--- /dev/null
+++ b/share/security/patches/SA-16:02/ntp-10.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJWl2vZAAoJEO1n7NZdz2rnza8P/i0CWpBBRnXvnA7OgD6Xq9Im
+W9uB8Hca47QOoyZXIJ45u5KUxD4wd5urJTG6SPnxrme1Nevg74yIXQFPatYC1lwS
+gGFMNLR9n7BP/NldYqnCyraf7r0sX4pTHR6oS2D+Ttg9C18OwDeGM04Q/hiMROVJ
+RdiFYiOzKU4r5EEhFGaMnEmWYYQw5u1VrKKrWJajOnOpIixzcz596xudpraa3AP5
+Tr0RytKTaHfd5QeP8vRANZSPI5lBpKahoYRJNhmURyiOKXxdOp8A2HjvXk0hdEIk
+6U6XgQSE1fVpMyoWRB1hm5sVlwH0kD2q7mYdb+TgCdR0tWS3nJRKbrThjP/CYxAy
+GOVYuIWI6qjI46V6TFi7AyyFrBCEHnkNjtRk4EUwUp1s3ZAsK9qZNxpJfM/QF1wq
+w4LzNBEsMBrgKv2QJ6PqUP9OXDQJD9p83/W9Tnd97TFt/1VnhzBj6AaOzQd0l0X5
+c5+Suk80l0dTokP1rjblE6FzZkteOUGY16E3fjK4vXu9c76jujM0YvmqKpyL3ZEN
+dWw4XwcBgmp1MYCew+HW/kqrzAZYkOk+2PyEsUrrmAqHbLAGqdH5odmrVA7NRPR5
+YMLynC+4D0tfDaurugMbtgNkycgCvuyd7aULUYjv4Rt+s+lGbZzC7EscZOGO+k/c
+AzMdAudjDsGdnyEHCIDE
+=Cnml
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-16:02/ntp-9.patch b/share/security/patches/SA-16:02/ntp-9.patch
new file mode 100644
index 0000000000..69f647dd40
--- /dev/null
+++ b/share/security/patches/SA-16:02/ntp-9.patch
@@ -0,0 +1,15928 @@
+--- contrib/ntp/html/miscopt.html.orig
++++ contrib/ntp/html/miscopt.html
+@@ -3,7 +3,7 @@
+ 
+ 
+ Miscellaneous Commands and Options
+-
++
+ 
+ 
+ 
+@@ -11,7 +11,7 @@
+ giffrom Pogo, Walt Kelly
+ 
        We have three, now looking for more.
        
+ 
        Last update:
+-  23-Sep-2015  10:20
++  17-Nov-2015  11:06
+     UTC
        
+ 
        
+ 
        Related Links
        
+@@ -57,7 +57,7 @@
+   
        interface [listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name | address[/prefixlen]]
        
+   
        This command controls which network addresses ntpd opens, and whether input is dropped without processing. The first parameter determines the action for addresses which match the second parameter. That parameter specifies a class of addresses, or a specific interface name, or an address. In the address case, prefixlen determines how many bits must match for this rule to apply. ignore prevents opening matching addresses, drop causes ntpd to open the address and drop all received packets without examination. Multiple interface commands can be used. The last rule which matches a particular address determines the action for it. interface commands are disabled if any -I, --interface, -L, or --novirtualips command-line options are used.  If none of those options are used and no interface actions are specified in the configuration file, all available network addresses are opened. The nic command is an alias for interface.
        
+   
        leapfile leapfile
        
+-  
        This command loads the NIST leapseconds file and initializes the leapsecond values for the next leapsecond time, expiration time and TAI offset. The file can be obtained directly from NIST national time servers using ftp as the ASCII file pub/leap-seconds.
        
++  
        This command loads the IERS leapseconds file and initializes the leapsecond values for the next leapsecond time, expiration time and TAI offset. The file can be obtained directly from the IERS at https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list or ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list.
        
+   
        The leapfile is scanned when ntpd processes the leapfile directive or when ntpd detects that leapfile has changed.  ntpd checks once a day to see if the leapfile has changed.
        
+   
        While not strictly a security function, the Autokey protocol provides means to securely retrieve the current or updated leapsecond values from a server.
        
+   
        leapsmearinterval seconds
        
+--- contrib/ntp/include/Makefile.am.orig
++++ contrib/ntp/include/Makefile.am
+@@ -66,6 +66,7 @@
+ 	recvbuff.h	\
+ 	refclock_atom.h	\
+ 	refidsmear.h	\
++	safecast.h	\
+ 	ssl_applink.c	\
+ 	timepps-SCO.h	\
+ 	timepps-Solaris.h	\
+--- contrib/ntp/include/Makefile.in.orig
++++ contrib/ntp/include/Makefile.in
+@@ -551,6 +551,7 @@
+ 	recvbuff.h	\
+ 	refclock_atom.h	\
+ 	refidsmear.h	\
++	safecast.h	\
+ 	ssl_applink.c	\
+ 	timepps-SCO.h	\
+ 	timepps-Solaris.h	\
+--- contrib/ntp/include/ntp_refclock.h.orig
++++ contrib/ntp/include/ntp_refclock.h
+@@ -220,7 +220,7 @@
+ extern	void	refclock_control(sockaddr_u *,
+ 				 const struct refclockstat *,
+ 				 struct refclockstat *);
+-extern	int	refclock_open	(char *, u_int, u_int);
++extern	int	refclock_open	(const char *, u_int, u_int);
+ extern	int	refclock_setup	(int, u_int, u_int);
+ extern	void	refclock_timer	(struct peer *);
+ extern	void	refclock_transmit(struct peer *);
+--- contrib/ntp/include/ntp_stdlib.h.orig
++++ contrib/ntp/include/ntp_stdlib.h
+@@ -65,8 +65,8 @@
+ /* authkeys.c */
+ extern	void	auth_delkeys	(void);
+ extern	int	auth_havekey	(keyid_t);
+-extern	int	authdecrypt	(keyid_t, u_int32 *, int, int);
+-extern	int	authencrypt	(keyid_t, u_int32 *, int);
++extern	int	authdecrypt	(keyid_t, u_int32 *, size_t, size_t);
++extern	size_t	authencrypt	(keyid_t, u_int32 *, size_t);
+ extern	int	authhavekey	(keyid_t);
+ extern	int	authistrusted	(keyid_t);
+ extern	int	authreadkeys	(const char *);
+@@ -95,8 +95,8 @@
+ extern	int	ymd2yd		(int, int, int);
+ 
+ /* a_md5encrypt.c */
+-extern	int	MD5authdecrypt	(int, u_char *, u_int32 *, int, int);
+-extern	int	MD5authencrypt	(int, u_char *, u_int32 *, int);
++extern	int	MD5authdecrypt	(int, const u_char *, u_int32 *, size_t, size_t);
++extern	size_t	MD5authencrypt	(int, const u_char *, u_int32 *, size_t);
+ extern	void	MD5auth_setkey	(keyid_t, int, const u_char *, size_t);
+ extern	u_int32	addr2refid	(sockaddr_u *);
+ 
+--- contrib/ntp/include/ntp_worker.h.orig
++++ contrib/ntp/include/ntp_worker.h
+@@ -43,19 +43,22 @@
+ } blocking_pipe_header;
+ 
+ # ifdef WORK_THREAD
+-#  ifdef WORK_PIPE
+-typedef pthread_t *	thr_ref;
+-typedef sem_t *		sem_ref;
++#  ifdef SYS_WINNT
++typedef struct { HANDLE thnd; } thread_type;
++typedef struct { HANDLE shnd; } sema_type;
+ #  else
+-typedef HANDLE		thr_ref;
+-typedef HANDLE		sem_ref;
++typedef pthread_t	thread_type;
++typedef sem_t		sema_type;
+ #  endif
++typedef thread_type	*thr_ref;
++typedef sema_type	*sem_ref;
+ # endif
+ 
+ /*
+  *
+  */
+-#ifdef WORK_FORK
++#if defined(WORK_FORK)
++
+ typedef struct blocking_child_tag {
+ 	int	reusable;
+ 	int	pid;
+@@ -66,38 +69,59 @@
+ 	int	resp_write_pipe;
+ 	int	ispipe;
+ } blocking_child;
++
+ #elif defined(WORK_THREAD)
++
+ typedef struct blocking_child_tag {
+ /*
+  * blocking workitems and blocking_responses are dynamically-sized
+  * one-dimensional arrays of pointers to blocking worker requests and
+  * responses.
++ *
++ * IMPORTANT: This structure is shared between threads, and all access
++ * that is not atomic (especially queue operations) must hold the
++ * 'accesslock' semaphore to avoid data races.
++ *
++ * The resource management (thread/semaphore creation/destruction)
++ * functions and functions just testing a handle are safe because these
++ * are only changed by the main thread when no worker is running on the
++ * same data structure.
+  */
+ 	int			reusable;
+-	thr_ref			thread_ref;
+-	u_int			thread_id;
+-	blocking_pipe_header * volatile * volatile 
++	sem_ref			accesslock;	/* shared access lock */
++	thr_ref			thread_ref;	/* thread 'handle' */
++
++	/* the reuest queue */
++	blocking_pipe_header ** volatile
+ 				workitems;
+ 	volatile size_t		workitems_alloc;
+-	size_t			next_workitem;	 /* parent */
+-	size_t			next_workeritem; /* child */
+-	blocking_pipe_header * volatile * volatile 
++	size_t			head_workitem;		/* parent */
++	size_t			tail_workitem;		/* child */
++	sem_ref			workitems_pending;	/* signalling */
++
++	/* the response queue */
++	blocking_pipe_header ** volatile
+ 				responses;
+ 	volatile size_t		responses_alloc;
+-	size_t			next_response;	/* child */
+-	size_t			next_workresp;	/* parent */
++	size_t			head_response;		/* child */
++	size_t			tail_response;		/* parent */
++
+ 	/* event handles / sem_t pointers */
+-	/* sem_ref		child_is_blocking; */
+-	sem_ref			blocking_req_ready;
+ 	sem_ref			wake_scheduled_sleep;
++
++	/* some systems use a pipe for notification, others a semaphore.
++	 * Both employ the queue above for the actual data transfer.
++	 */
+ #ifdef WORK_PIPE
+-	int			resp_read_pipe;	/* parent */
+-	int			resp_write_pipe;/* child */
++	int			resp_read_pipe;		/* parent */
++	int			resp_write_pipe;	/* child */
+ 	int			ispipe;
+-	void *			resp_read_ctx;	/* child */
++	void *			resp_read_ctx;		/* child */
+ #else
+-	sem_ref			blocking_response_ready;
++	sem_ref			responses_pending;	/* signalling */
+ #endif
++	sema_type		sem_table[4];
++	thread_type		thr_table[1];
+ } blocking_child;
+ 
+ #endif	/* WORK_THREAD */
+@@ -111,7 +135,7 @@
+ extern	int	queue_blocking_request(blocking_work_req, void *,
+ 				       size_t, blocking_work_callback,
+ 				       void *);
+-extern	int	queue_blocking_response(blocking_child *, 
++extern	int	queue_blocking_response(blocking_child *,
+ 					blocking_pipe_header *, size_t,
+ 					const blocking_pipe_header *);
+ extern	void	process_blocking_resp(blocking_child *);
+--- contrib/ntp/include/ntpd.h.orig
++++ contrib/ntp/include/ntpd.h
+@@ -156,7 +156,7 @@
+ extern 	int	freq_cnt;
+ 
+ /* ntp_monitor.c */
+-#define MON_HASH_SIZE		(1U << mon_hash_bits)
++#define MON_HASH_SIZE		((size_t)1U << mon_hash_bits)
+ #define MON_HASH_MASK		(MON_HASH_SIZE - 1)
+ #define	MON_HASH(addr)		(sock_hash(addr) & MON_HASH_MASK)
+ extern	void	init_mon	(void);
+@@ -408,6 +408,7 @@
+ extern int	ext_enable;		/* external clock enabled */
+ extern int	cal_enable;		/* refclock calibrate enable */
+ extern int	allow_panic;		/* allow panic correction (-g) */
++extern int	enable_panic_check;	/* Can we check allow_panic's state? */
+ extern int	force_step_once;	/* always step time once at startup (-G) */
+ extern int	mode_ntpdate;		/* exit on first clock set (-q) */
+ extern int	peer_ntpdate;		/* count of ntpdate peers */
+--- contrib/ntp/include/safecast.h.orig
++++ contrib/ntp/include/safecast.h
+@@ -0,0 +1,34 @@
++#ifndef SAFECAST_H
++#define SAFECAST_H
++
++#include 
++static inline int size2int_chk(size_t v)
++{
++	if (v > INT_MAX)
++		abort();
++	return (int)(v);
++}
++
++static inline int size2int_sat(size_t v)
++{
++	return (v > INT_MAX) ? INT_MAX : (int)v;
++}
++
++/* Compilers can emit warning about increased alignment requirements
++ * when casting pointers. The impact is tricky: on machines where
++ * alignment is just a performance issue (x86,x64,...) this might just
++ * cause a performance penalty. On others, an address error can occur
++ * and the process dies...
++ *
++ * Still, there are many cases where the pointer arithmetic and the
++ * buffer alignment make sure this does not happen. OTOH, the compiler
++ * doesn't know this and still emits warnings.
++ *
++ * The following cast macros are going through void pointers to tell
++ * the compiler that there is no alignment requirement to watch.
++ */
++#define UA_PTR(ptype,pval) ((ptype *)(void*)(pval))
++#define UAC_PTR(ptype,pval) ((const ptype *)(const void*)(pval))
++#define UAV_PTR(ptype,pval) ((volatile ptype *)(volatile void*)(pval))
++
++#endif
+--- contrib/ntp/lib/isc/win32/interfaceiter.c.orig
++++ contrib/ntp/lib/isc/win32/interfaceiter.c
+@@ -54,7 +54,7 @@
+ 	IP_ADAPTER_ADDRESSES *	ipaaCur;	/* enumeration position */
+ 	IP_ADAPTER_UNICAST_ADDRESS *ipuaCur;	/* enumeration subposition */
+ 	/* fields used for the older address enumeration ioctls */
+-	int			socket;
++	SOCKET			socket;
+ 	INTERFACE_INFO		IFData;		/* Current Interface Info */
+ 	int			numIF;		/* Current Interface count */
+ 	int			v4IF;		/* Number of IPv4 Interfaces */
+--- contrib/ntp/lib/isc/win32/net.c.orig
++++ contrib/ntp/lib/isc/win32/net.c
+@@ -216,7 +216,8 @@
+ 
+ static void
+ try_ipv6pktinfo(void) {
+-	int s, on;
++	SOCKET s;
++	int on;
+ 	char strbuf[ISC_STRERRORSIZE];
+ 	isc_result_t result;
+ 	int optname;
+--- contrib/ntp/lib/isc/backtrace.c.orig
++++ contrib/ntp/lib/isc/backtrace.c
+@@ -278,7 +278,7 @@
+ 		result = ISC_R_NOTFOUND;
+ 	else {
+ 		*symbolp = found->symbol;
+-		*offsetp = (const char *)addr - (char *)found->addr;
++		*offsetp = (u_long)((const char *)addr - (char *)found->addr);
+ 	}
+ 
+ 	return (result);
+--- contrib/ntp/lib/isc/buffer.c.orig
++++ contrib/ntp/lib/isc/buffer.c
+@@ -406,7 +406,7 @@
+ 
+ void
+ isc__buffer_putstr(isc_buffer_t *b, const char *source) {
+-	unsigned int l;
++	size_t l;
+ 	unsigned char *cp;
+ 
+ 	REQUIRE(ISC_BUFFER_VALID(b));
+@@ -421,7 +421,7 @@
+ 
+ 	cp = isc_buffer_used(b);
+ 	memcpy(cp, source, l);
+-	b->used += l;
++	b->used += (u_int)l; /* checked above - no overflow here */
+ }
+ 
+ isc_result_t
+--- contrib/ntp/lib/isc/inet_aton.c.orig
++++ contrib/ntp/lib/isc/inet_aton.c
+@@ -92,7 +92,7 @@
+ int
+ isc_net_aton(const char *cp, struct in_addr *addr) {
+ 	unsigned long val;
+-	int base, n;
++	int base;
+ 	unsigned char c;
+ 	isc_uint8_t parts[4];
+ 	isc_uint8_t *pp = parts;
+@@ -166,8 +166,7 @@
+ 	 * Concoct the address according to
+ 	 * the number of parts specified.
+ 	 */
+-	n = pp - parts + 1;
+-	switch (n) {
++	switch (pp - parts + 1) {
+ 	case 1:				/* a -- 32 bits */
+ 		break;
+ 
+--- contrib/ntp/lib/isc/inet_pton.c.orig
++++ contrib/ntp/lib/isc/inet_pton.c
+@@ -92,7 +92,7 @@
+ 		const char *pch;
+ 
+ 		if ((pch = strchr(digits, ch)) != NULL) {
+-			unsigned int newv = *tp * 10 + (pch - digits);
++			size_t newv = *tp * 10 + (pch - digits);
+ 
+ 			if (saw_digit && *tp == 0)
+ 				return (0);
+@@ -197,12 +197,12 @@
+ 		 * Since some memmove()'s erroneously fail to handle
+ 		 * overlapping regions, we'll do the shift by hand.
+ 		 */
+-		const int n = tp - colonp;
++		const size_t n = tp - colonp;
+ 		int i;
+ 
+ 		if (tp == endp)
+ 			return (0);
+-		for (i = 1; i <= n; i++) {
++		for (i = 1; (size_t)i <= n; i++) {
+ 			endp[- i] = colonp[n - i];
+ 			colonp[n - i] = 0;
+ 		}
+--- contrib/ntp/lib/isc/log.c.orig
++++ contrib/ntp/lib/isc/log.c
+@@ -1146,7 +1146,7 @@
+ 	char *basenam, *digit_end;
+ 	const char *dirname;
+ 	int version, greatest = -1;
+-	unsigned int basenamelen;
++	size_t basenamelen;
+ 	isc_dir_t dir;
+ 	isc_result_t result;
+ 	char sep = '/';
+--- contrib/ntp/lib/isc/netaddr.c.orig
++++ contrib/ntp/lib/isc/netaddr.c
+@@ -159,7 +159,7 @@
+ 	if (r == NULL)
+ 		return (ISC_R_FAILURE);
+ 
+-	alen = strlen(abuf);
++	alen = (unsigned int)strlen(abuf); /* no overflow possible */
+ 	INSIST(alen < sizeof(abuf));
+ 
+ 	zlen = 0;
+--- contrib/ntp/lib/isc/sockaddr.c.orig
++++ contrib/ntp/lib/isc/sockaddr.c
+@@ -134,7 +134,7 @@
+ 		break;
+ #ifdef ISC_PLAFORM_HAVESYSUNH
+ 	case AF_UNIX:
+-		plen = strlen(sockaddr->type.sunix.sun_path);
++		plen = (unsigned int)strlen(sockaddr->type.sunix.sun_path);
+ 		if (plen >= isc_buffer_availablelength(target))
+ 			return (ISC_R_NOSPACE);
+ 
+@@ -153,7 +153,7 @@
+ 		return (ISC_R_FAILURE);
+ 	}
+ 
+-	plen = strlen(pbuf);
++	plen = (unsigned int)strlen(pbuf);
+ 	INSIST(plen < sizeof(pbuf));
+ 
+ 	isc_netaddr_fromsockaddr(&netaddr, sockaddr);
+--- contrib/ntp/lib/isc/task.c.orig
++++ contrib/ntp/lib/isc/task.c
+@@ -329,7 +329,7 @@
+ isc__task_create(isc_taskmgr_t *manager0, unsigned int quantum,
+ 		 isc_task_t **taskp)
+ {
+-	isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++	isc__taskmgr_t *manager = (void*)manager0;
+ 	isc__task_t *task;
+ 	isc_boolean_t exiting;
+ 	isc_result_t result;
+@@ -1463,7 +1463,7 @@
+ 	 */
+ 
+ 	REQUIRE(managerp != NULL);
+-	manager = (isc__taskmgr_t *)*managerp;
++	manager = (void*)(*managerp);
+ 	REQUIRE(VALID_MANAGER(manager));
+ 
+ #ifndef USE_WORKER_THREADS
+@@ -1559,7 +1559,7 @@
+ 
+ ISC_TASKFUNC_SCOPE void
+ isc__taskmgr_setmode(isc_taskmgr_t *manager0, isc_taskmgrmode_t mode) {
+-	isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++	isc__taskmgr_t *manager = (void*)manager0;
+ 
+ 	LOCK(&manager->lock);
+ 	manager->mode = mode;
+@@ -1568,7 +1568,7 @@
+ 
+ ISC_TASKFUNC_SCOPE isc_taskmgrmode_t
+ isc__taskmgr_mode(isc_taskmgr_t *manager0) {
+-	isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++	isc__taskmgr_t *manager = (void*)manager0;
+ 	isc_taskmgrmode_t mode;
+ 	LOCK(&manager->lock);
+ 	mode = manager->mode;
+@@ -1579,7 +1579,7 @@
+ #ifndef USE_WORKER_THREADS
+ isc_boolean_t
+ isc__taskmgr_ready(isc_taskmgr_t *manager0) {
+-	isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++	isc__taskmgr_t *manager = (void*)manager0;
+ 	isc_boolean_t is_ready;
+ 
+ #ifdef USE_SHARED_MANAGER
+@@ -1598,7 +1598,7 @@
+ 
+ isc_result_t
+ isc__taskmgr_dispatch(isc_taskmgr_t *manager0) {
+-	isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++	isc__taskmgr_t *manager = (void*)manager0;
+ 
+ #ifdef USE_SHARED_MANAGER
+ 	if (manager == NULL)
+@@ -1615,7 +1615,7 @@
+ #else
+ ISC_TASKFUNC_SCOPE void
+ isc__taskmgr_pause(isc_taskmgr_t *manager0) {
+-	isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++	isc__taskmgr_t *manager = (void*)manager0;
+ 	LOCK(&manager->lock);
+ 	while (manager->tasks_running > 0) {
+ 		WAIT(&manager->paused, &manager->lock);
+@@ -1626,7 +1626,7 @@
+ 
+ ISC_TASKFUNC_SCOPE void
+ isc__taskmgr_resume(isc_taskmgr_t *manager0) {
+-	isc__taskmgr_t *manager = (isc__taskmgr_t *)manager0;
++	isc__taskmgr_t *manager = (void*)manager0;
+ 
+ 	LOCK(&manager->lock);
+ 	if (manager->pause_requested) {
+--- contrib/ntp/libntp/a_md5encrypt.c.orig
++++ contrib/ntp/libntp/a_md5encrypt.c
+@@ -16,12 +16,12 @@
+  *
+  * Returns length of MAC including key ID and digest.
+  */
+-int
++size_t
+ MD5authencrypt(
+-	int	type,		/* hash algorithm */
+-	u_char	*key,		/* key pointer */
+-	u_int32 *pkt,		/* packet pointer */
+-	int	length		/* packet length */
++	int		type,	/* hash algorithm */
++	const u_char *	key,	/* key pointer */
++	u_int32 *	pkt,	/* packet pointer */
++	size_t		length	/* packet length */
+ 	)
+ {
+ 	u_char	digest[EVP_MAX_MD_SIZE];
+@@ -44,7 +44,7 @@
+ 	EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
+ #endif
+ 	EVP_DigestUpdate(&ctx, key, cache_secretsize);
+-	EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
++	EVP_DigestUpdate(&ctx, (u_char *)pkt, length);
+ 	EVP_DigestFinal(&ctx, digest, &len);
+ 	memmove((u_char *)pkt + length + 4, digest, len);
+ 	return (len + 4);
+@@ -58,11 +58,11 @@
+  */
+ int
+ MD5authdecrypt(
+-	int	type,		/* hash algorithm */
+-	u_char	*key,		/* key pointer */
+-	u_int32	*pkt,		/* packet pointer */
+-	int	length,	 	/* packet length */
+-	int	size		/* MAC size */
++	int		type,	/* hash algorithm */
++	const u_char *	key,	/* key pointer */
++	u_int32	*	pkt,	/* packet pointer */
++	size_t		length,	/* packet length */
++	size_t		size	/* MAC size */
+ 	)
+ {
+ 	u_char	digest[EVP_MAX_MD_SIZE];
+@@ -85,14 +85,14 @@
+ 	EVP_DigestInit(&ctx, EVP_get_digestbynid(type));
+ #endif
+ 	EVP_DigestUpdate(&ctx, key, cache_secretsize);
+-	EVP_DigestUpdate(&ctx, (u_char *)pkt, (u_int)length);
++	EVP_DigestUpdate(&ctx, (u_char *)pkt, length);
+ 	EVP_DigestFinal(&ctx, digest, &len);
+-	if ((u_int)size != len + 4) {
++	if (size != (size_t)len + 4) {
+ 		msyslog(LOG_ERR,
+ 		    "MAC decrypt: MAC length error");
+ 		return (0);
+ 	}
+-	return !memcmp(digest, (char *)pkt + length + 4, len);
++	return !memcmp(digest, (const char *)pkt + length + 4, len);
+ }
+ 
+ /*
+--- contrib/ntp/libntp/atolfp.c.orig
++++ contrib/ntp/libntp/atolfp.c
+@@ -68,7 +68,7 @@
+ 
+ 	while (*cp != '\0' && (ind = strchr(digits, *cp)) != NULL) {
+ 		dec_i = (dec_i << 3) + (dec_i << 1);	/* multiply by 10 */
+-		dec_i += (ind - digits);
++		dec_i += (u_long)(ind - digits);
+ 		cp++;
+ 	}
+ 
+@@ -80,7 +80,7 @@
+ 		       && (ind = strchr(digits, *cp)) != NULL) {
+ 			ndec++;
+ 			dec_f = (dec_f << 3) + (dec_f << 1);	/* *10 */
+-			dec_f += (ind - digits);
++			dec_f += (u_long)(ind - digits);
+ 			cp++;
+ 		}
+ 
+--- contrib/ntp/libntp/authkeys.c.orig
++++ contrib/ntp/libntp/authkeys.c
+@@ -63,7 +63,7 @@
+  * keyid. We make this fairly big for potentially busy servers.
+  */
+ #define	DEF_AUTHHASHSIZE	64
+-//#define	HASHMASK	((HASHSIZE)-1)
++/*#define	HASHMASK	((HASHSIZE)-1)*/
+ #define	KEYHASH(keyid)	((keyid) & authhashmask)
+ 
+ int	authhashdisabled;
+@@ -511,7 +511,17 @@
+ 	return TRUE;
+ }
+ 
+-
++/* Note: There are two locations below where 'strncpy()' is used. While
++ * this function is a hazard by itself, it's essential that it is used
++ * here. Bug 1243 involved that the secret was filled with NUL bytes
++ * after the first NUL encountered, and 'strlcpy()' simply does NOT have
++ * this behaviour. So disabling the fix and reverting to the buggy
++ * behaviour due to compatibility issues MUST also fill with NUL and
++ * this needs 'strncpy'. Also, the secret is managed as a byte blob of a
++ * given size, and eventually truncating it and replacing the last byte
++ * with a NUL would be a bug.
++ * perlinger@ntp.org 2015-10-10
++ */
+ void
+ MD5auth_setkey(
+ 	keyid_t keyno,
+@@ -546,7 +556,8 @@
+ #ifndef DISABLE_BUG1243_FIX
+ 			memcpy(sk->secret, key, secretsize);
+ #else
+-			strlcpy((char *)sk->secret, (const char *)key,
++			/* >MUST< use 'strncpy()' here! See above! */
++			strncpy((char *)sk->secret, (const char *)key,
+ 				secretsize);
+ #endif
+ 			if (cache_keyid == keyno) {
+@@ -565,7 +576,8 @@
+ #ifndef DISABLE_BUG1243_FIX
+ 	memcpy(secret, key, secretsize);
+ #else
+-	strlcpy((char *)secret, (const char *)key, secretsize);
++	/* >MUST< use 'strncpy()' here! See above! */
++	strncpy((char *)secret, (const char *)key, secretsize);
+ #endif
+ 	allocsymkey(bucket, keyno, 0, (u_short)keytype, 0,
+ 		    (u_short)secretsize, secret);
+@@ -641,13 +653,13 @@
+  *
+  * Returns length of authenticator field, zero if key not found.
+  */
+-int
++size_t
+ authencrypt(
+ 	keyid_t		keyno,
+ 	u_int32 *	pkt,
+-	int		length
++	size_t		length
+ 	)
+-{\
++{
+ 	/*
+ 	 * A zero key identifier means the sender has not verified
+ 	 * the last message was correctly authenticated. The MAC
+@@ -675,8 +687,8 @@
+ authdecrypt(
+ 	keyid_t		keyno,
+ 	u_int32 *	pkt,
+-	int		length,
+-	int		size
++	size_t		length,
++	size_t		size
+ 	)
+ {
+ 	/*
+--- contrib/ntp/libntp/authreadkeys.c.orig
++++ contrib/ntp/libntp/authreadkeys.c
+@@ -77,14 +77,23 @@
+  * data on global/static level.
+  */
+ 
+-static const size_t nerr_loglimit = 5u;
+-static const size_t nerr_maxlimit = 15;
++static const u_int nerr_loglimit = 5u;
++static const u_int nerr_maxlimit = 15;
+ 
+-static void log_maybe(size_t*, const char*, ...) NTP_PRINTF(2, 3);
++static void log_maybe(u_int*, const char*, ...) NTP_PRINTF(2, 3);
+ 
++typedef struct keydata KeyDataT;
++struct keydata {
++	KeyDataT *next;		/* queue/stack link		*/
++	keyid_t   keyid;	/* stored key ID		*/
++	u_short   keytype;	/* stored key type		*/
++	u_short   seclen;	/* length of secret		*/
++	u_char    secbuf[1];	/* begin of secret (formal only)*/
++};
++
+ static void
+ log_maybe(
+-	size_t     *pnerr,
++	u_int      *pnerr,
+ 	const char *fmt  ,
+ 	...)
+ {
+@@ -113,26 +122,25 @@
+ 	u_char	keystr[32];		/* Bug 2537 */
+ 	size_t	len;
+ 	size_t	j;
+-	size_t  nerr;
++	u_int   nerr;
++	KeyDataT *list = NULL;
++	KeyDataT *next = NULL;
+ 	/*
+ 	 * Open file.  Complain and return if it can't be opened.
+ 	 */
+ 	fp = fopen(file, "r");
+ 	if (fp == NULL) {
+-		msyslog(LOG_ERR, "authreadkeys: file %s: %m",
++		msyslog(LOG_ERR, "authreadkeys: file '%s': %m",
+ 		    file);
+-		return (0);
++		goto onerror;
+ 	}
+ 	INIT_SSL();
+ 
+ 	/*
+-	 * Remove all existing keys
++	 * Now read lines from the file, looking for key entries. Put
++	 * the data into temporary store for later propagation to avoid
++	 * two-pass processing.
+ 	 */
+-	auth_delkeys();
+-
+-	/*
+-	 * Now read lines from the file, looking for key entries
+-	 */
+ 	nerr = 0;
+ 	while ((line = fgets(buf, sizeof buf, fp)) != NULL) {
+ 		if (nerr > nerr_maxlimit)
+@@ -216,11 +224,16 @@
+ 				  "authreadkeys: no key for key %d", keyno);
+ 			continue;
+ 		}
++		next = NULL;
+ 		len = strlen(token);
+ 		if (len <= 20) {	/* Bug 2537 */
+-			MD5auth_setkey(keyno, keytype, (u_char *)token, len);
++			next = emalloc(sizeof(KeyDataT) + len);
++			next->keyid   = keyno;
++			next->keytype = keytype;
++			next->seclen  = len;
++			memcpy(next->secbuf, token, len);
+ 		} else {
+-			char	hex[] = "0123456789abcdef";
++			static const char hex[] = "0123456789abcdef";
+ 			u_char	temp;
+ 			char	*ptr;
+ 			size_t	jlim;
+@@ -242,19 +255,51 @@
+ 					  keyno);
+ 				continue;
+ 			}
+-			MD5auth_setkey(keyno, keytype, keystr, jlim / 2);
++			len = jlim/2; /* hmmmm.... what about odd length?!? */
++			next = emalloc(sizeof(KeyDataT) + len);
++			next->keyid   = keyno;
++			next->keytype = keytype;
++			next->seclen  = len;
++			memcpy(next->secbuf, keystr, len);
+ 		}
++		INSIST(NULL != next);
++		next->next = list;
++		list = next;
+ 	}
+ 	fclose(fp);
+ 	if (nerr > nerr_maxlimit) {
+ 		msyslog(LOG_ERR,
+-			"authreadkeys: emergency break after %u errors",
+-			nerr);
+-		return (0);
+-	} else if (nerr > nerr_loglimit) {
++			"authreadkeys: rejecting file '%s' after %u errors (emergency break)",
++			file, nerr);
++		goto onerror;
++	}
++	if (nerr > 0) {
+ 		msyslog(LOG_ERR,
+-			"authreadkeys: found %u more error(s)",
+-			nerr - nerr_loglimit);
++			"authreadkeys: rejecting file '%s' after %u error(s)",
++			file, nerr);
++		goto onerror;
+ 	}
++
++	/* first remove old file-based keys */
++	auth_delkeys();
++	/* insert the new key material */
++	while (NULL != (next = list)) {
++		list = next->next;
++		MD5auth_setkey(next->keyid, next->keytype,
++			       next->secbuf, next->seclen);
++		/* purge secrets from memory before free()ing it */
++		memset(next, 0, sizeof(*next) + next->seclen);
++		free(next);
++	}
+ 	return (1);
++
++  onerror:
++	/* Mop up temporary storage before bailing out. */
++	while (NULL != (next = list)) {
++		list = next->next;
++		/* purge secrets from memory before free()ing it */
++		memset(next, 0, sizeof(*next) + next->seclen);
++		free(next);
++	}
++	return (0);
+ }
+--- contrib/ntp/libntp/authusekey.c.orig
++++ contrib/ntp/libntp/authusekey.c
+@@ -23,7 +23,7 @@
+ 	const u_char *str
+ 	)
+ {
+-	int len;
++	size_t	len;
+ 
+ 	len = strlen((const char *)str);
+ 	if (0 == len)
+--- contrib/ntp/libntp/dolfptoa.c.orig
++++ contrib/ntp/libntp/dolfptoa.c
+@@ -40,7 +40,7 @@
+ 	 * including a possible rounding from the fractional part.
+ 	 */
+ 	cp = cpend = cpdec = &cbuf[10];
+-	for (dec = cp - cbuf; dec > 0 && fpi != 0; dec--) {
++	for (dec = (int)(cp - cbuf); dec > 0 && fpi != 0; dec--) {
+ 		/* can add another digit */
+ 		u_int32 digit;
+ 		
+@@ -62,7 +62,7 @@
+ 		cpdec += 3;
+ 	}
+ 	if ((size_t)dec > sizeof(cbuf) - (cpend - cbuf))
+-		dec = sizeof(cbuf) - (cpend - cbuf);
++		dec = (int)(sizeof(cbuf) - (cpend - cbuf));
+ 	
+ 	/*
+ 	 * If there's a fraction to deal with, do so.
+@@ -95,7 +95,7 @@
+ 		u_char *tp    = cpend;
+ 		int     carry = ((fpv & 0x80000000) != 0);
+ 
+-		for (dec = tp - cbuf;  carry && dec > 0;  dec--) {
++		for (dec = (int)(tp - cbuf);  carry && dec > 0;  dec--) {
+ 			*--tp += 1;
+ 			if (*tp == 10)
+ 				*tp = 0;
+--- contrib/ntp/libntp/hextolfp.c.orig
++++ contrib/ntp/libntp/hextolfp.c
+@@ -37,8 +37,9 @@
+ 	while (*cp != '\0' && (cp - cpstart) < 8 &&
+ 	       (ind = strchr(digits, *cp)) != NULL) {
+ 		dec_i = dec_i << 4;	/* multiply by 16 */
+-		dec_i += ((ind - digits) > 15) ? (ind - digits) - 6
+-			: (ind - digits);
++		dec_i += ((ind - digits) > 15)
++			? (u_long)(ind - digits - 6)
++			: (u_long)(ind - digits);
+ 		cp++;
+ 	}
+ 
+@@ -51,8 +52,9 @@
+ 	while (*cp != '\0' && (cp - cpstart) < 8 &&
+ 	       (ind = strchr(digits, *cp)) != NULL) {
+ 		dec_f = dec_f << 4;	/* multiply by 16 */
+-		dec_f += ((ind - digits) > 15) ? (ind - digits) - 6
+-			: (ind - digits);
++		dec_f += ((ind - digits) > 15)
++			? (u_long)(ind - digits - 6)
++			: (u_long)(ind - digits);
+ 		cp++;
+ 	}
+ 
+--- contrib/ntp/libntp/mstolfp.c.orig
++++ contrib/ntp/libntp/mstolfp.c
+@@ -70,8 +70,7 @@
+ 	 */
+ 	*bp++ = '.';
+ 	if ((cpdec - cp) < 3) {
+-		register int i = 3 - (cpdec - cp);
+-
++		size_t i = 3 - (cpdec - cp);
+ 		do {
+ 			*bp++ = '0';
+ 		} while (--i > 0);
+--- contrib/ntp/libntp/msyslog.c.orig
++++ contrib/ntp/libntp/msyslog.c
+@@ -331,7 +331,7 @@
+ 	)
+ {
+ 	va_list	ap;
+-	size_t	rc;
++	int	rc;
+ 
+ 	va_start(ap, fmt);
+ 	rc = mvsnprintf(buf, bufsiz, fmt, ap);
+--- contrib/ntp/libntp/ntp_crypto_rnd.c.orig
++++ contrib/ntp/libntp/ntp_crypto_rnd.c
+@@ -16,6 +16,7 @@
+ 
+ #include 
+ #include 
++#include "safecast.h"
+ 
+ #ifdef USE_OPENSSL_CRYPTO_RAND
+ #include 
+@@ -93,7 +94,7 @@
+ #ifdef USE_OPENSSL_CRYPTO_RAND
+ 	int rc;
+ 
+-	rc = RAND_bytes(buf, nbytes);
++	rc = RAND_bytes(buf, size2int_chk(nbytes));
+ 	if (1 != rc) {
+ 		unsigned long err;
+ 		char *err_str;
+--- contrib/ntp/libntp/ntp_lineedit.c.orig
++++ contrib/ntp/libntp/ntp_lineedit.c
+@@ -29,6 +29,7 @@
+ #include "ntp.h"
+ #include "ntp_stdlib.h"
+ #include "ntp_lineedit.h"
++#include "safecast.h"
+ 
+ #define MAXEDITLINE	512
+ 
+@@ -213,7 +214,7 @@
+ 
+ 	line = fgets(line_buf, sizeof(line_buf), stdin);
+ 	if (NULL != line && *line) {
+-		*pcount = strlen(line);
++		*pcount = (int)strlen(line); /* cannot overflow here */
+ 		line = estrdup(line);
+ 	} else
+ 		line = NULL;
+--- contrib/ntp/libntp/ntp_rfc2553.c.orig
++++ contrib/ntp/libntp/ntp_rfc2553.c
+@@ -203,11 +203,12 @@
+ 		else
+ 			ai_nxt = ai_src->ai_next;
+ 		*ai_cpy = *ai_src;
+-		REQUIRE(ai_src->ai_addrlen <= sizeof(sockaddr_u));
++		DEBUG_INSIST(ai_cpy->ai_canonname == ai_src->ai_canonname);
++		INSIST(ai_src->ai_addrlen <= sizeof(sockaddr_u));
+ 		memcpy(psau, ai_src->ai_addr, ai_src->ai_addrlen);
+ 		ai_cpy->ai_addr = &psau->sa;
+ 		++psau;
+-		if (NULL != ai_cpy->ai_canonname) {
++		if (NULL != ai_src->ai_canonname) {
+ 			ai_cpy->ai_canonname = pcanon;
+ 			str_octets = 1 + strlen(ai_src->ai_canonname);
+ 			memcpy(pcanon, ai_src->ai_canonname, str_octets);
+@@ -480,9 +481,9 @@
+ 	 * set elsewhere so that we can set the appropriate wildcard
+ 	 */
+ 	if (nodename == NULL) {
+-		ai->ai_addrlen = sizeof(struct sockaddr_storage);
+ 		if (ai->ai_family == AF_INET)
+ 		{
++			ai->ai_addrlen = sizeof(struct sockaddr_in);
+ 			sockin = (struct sockaddr_in *)ai->ai_addr;
+ 			sockin->sin_family = (short) ai->ai_family;
+ 			sockin->sin_addr.s_addr = htonl(INADDR_ANY);
+@@ -489,6 +490,7 @@
+ 		}
+ 		else
+ 		{
++			ai->ai_addrlen = sizeof(struct sockaddr_in6);
+ 			sockin6 = (struct sockaddr_in6 *)ai->ai_addr;
+ 			sockin6->sin6_family = (short) ai->ai_family;
+ 			/*
+--- contrib/ntp/libntp/ntp_worker.c.orig
++++ contrib/ntp/libntp/ntp_worker.c
+@@ -150,7 +150,8 @@
+ 					  prev_octets);
+ 	blocking_children_alloc = new_alloc;
+ 
+-	return prev_alloc;
++	/* assume we'll never have enough workers to overflow u_int */
++	return (u_int)prev_alloc;
+ }
+ 
+ 
+--- contrib/ntp/libntp/snprintf.c.orig
++++ contrib/ntp/libntp/snprintf.c
+@@ -889,19 +889,19 @@
+ 				switch (cflags) {
+ 				case PRINT_C_CHAR:
+ 					charptr = va_arg(args, signed char *);
+-					*charptr = len;
++					*charptr = (signed char)len;
+ 					break;
+ 				case PRINT_C_SHORT:
+ 					shortptr = va_arg(args, short int *);
+-					*shortptr = len;
++					*shortptr = (short int)len;
+ 					break;
+ 				case PRINT_C_LONG:
+ 					longptr = va_arg(args, long int *);
+-					*longptr = len;
++					*longptr = (long int)len;
+ 					break;
+ 				case PRINT_C_LLONG:
+ 					llongptr = va_arg(args, LLONG *);
+-					*llongptr = len;
++					*llongptr = (LLONG)len;
+ 					break;
+ 				case PRINT_C_SIZE:
+ 					/*
+@@ -912,19 +912,19 @@
+ 					 * size_t argument." (7.19.6.1, 7)
+ 					 */
+ 					sizeptr = va_arg(args, SSIZE_T *);
+-					*sizeptr = len;
++					*sizeptr = (SSIZE_T)len;
+ 					break;
+ 				case PRINT_C_INTMAX:
+ 					intmaxptr = va_arg(args, INTMAX_T *);
+-					*intmaxptr = len;
++					*intmaxptr = (INTMAX_T)len;
+ 					break;
+ 				case PRINT_C_PTRDIFF:
+ 					ptrdiffptr = va_arg(args, PTRDIFF_T *);
+-					*ptrdiffptr = len;
++					*ptrdiffptr = (PTRDIFF_T)len;
+ 					break;
+ 				default:
+ 					intptr = va_arg(args, int *);
+-					*intptr = len;
++					*intptr = (int)len;
+ 					break;
+ 				}
+ 				break;
+@@ -1209,7 +1209,7 @@
+ 	 * Factor of ten with the number of digits needed for the fractional
+ 	 * part.  For example, if the precision is 3, the mask will be 1000.
+ 	 */
+-	mask = mypow10(precision);
++	mask = (UINTMAX_T)mypow10(precision);
+ 	/*
+ 	 * We "cheat" by converting the fractional part to integer by
+ 	 * multiplying by a factor of ten.
+@@ -1461,7 +1461,7 @@
+ 	if (value >= UINTMAX_MAX)
+ 		return UINTMAX_MAX;
+ 
+-	result = value;
++	result = (UINTMAX_T)value;
+ 	/*
+ 	 * At least on NetBSD/sparc64 3.0.2 and 4.99.30, casting long double to
+ 	 * an integer type converts e.g. 1.9 to 2 instead of 1 (which violates
+--- contrib/ntp/libntp/socktohost.c.orig
++++ contrib/ntp/libntp/socktohost.c
+@@ -36,13 +36,18 @@
+ 	sockaddr_u		addr;
+ 	size_t			octets;
+ 	int			a_info;
++	int			saved_errno;
+ 
++	saved_errno = socket_errno();
++
+ 	/* reverse the address to purported DNS name */
+ 	LIB_GETBUF(pbuf);
+ 	gni_flags = NI_DGRAM | NI_NAMEREQD;
+ 	if (getnameinfo(&sock->sa, SOCKLEN(sock), pbuf, LIB_BUFLENGTH,
+-			NULL, 0, gni_flags))
++			NULL, 0, gni_flags)) {
++		errno = saved_errno;
+ 		return stoa(sock);	/* use address */
++	}
+ 
+ 	TRACE(1, ("%s reversed to %s\n", stoa(sock), pbuf));
+ 
+@@ -97,8 +102,10 @@
+ 	}
+ 	freeaddrinfo(alist);
+ 
+-	if (ai != NULL)
++	if (ai != NULL) {
++		errno = saved_errno;
+ 		return pbuf;	/* forward check passed */
++	}
+ 
+     forward_fail:
+ 	TRACE(1, ("%s forward check lookup fail: %s\n", pbuf,
+@@ -106,5 +113,6 @@
+ 	LIB_GETBUF(pliar);
+ 	snprintf(pliar, LIB_BUFLENGTH, "%s (%s)", stoa(sock), pbuf);
+ 
++	errno = saved_errno;
+ 	return pliar;
+ }
+--- contrib/ntp/libntp/systime.c.orig
++++ contrib/ntp/libntp/systime.c
+@@ -25,6 +25,8 @@
+ # include 
+ #endif /* HAVE_UTMPX_H */
+ 
++int	allow_panic = FALSE;		/* allow panic correction (-g) */
++int	enable_panic_check = TRUE;	/* Can we check allow_panic's state? */
+ 
+ #ifndef USE_COMPILETIME_PIVOT
+ # define USE_COMPILETIME_PIVOT 1
+@@ -295,8 +297,13 @@
+ 	 * EVNT_NSET adjtime() can be aborted by a tiny adjtime()
+ 	 * triggered by sys_residual.
+ 	 */
+-	if (0. == now)
++	if (0. == now) {
++		if (enable_panic_check && allow_panic) {
++			msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!");
++			INSIST(!allow_panic);
++		}
+ 		return TRUE;
++	}
+ 
+ 	/*
+ 	 * Most Unix adjtime() implementations adjust the system clock
+@@ -333,9 +340,15 @@
+ 	if (adjtv.tv_sec != 0 || adjtv.tv_usec != 0) {
+ 		if (adjtime(&adjtv, &oadjtv) < 0) {
+ 			msyslog(LOG_ERR, "adj_systime: %m");
++			if (enable_panic_check && allow_panic) {
++				msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!");
++			}
+ 			return FALSE;
+ 		}
+ 	}
++	if (enable_panic_check && allow_panic) {
++		msyslog(LOG_ERR, "adj_systime: allow_panic is TRUE!");
++	}
+ 	return TRUE;
+ }
+ #endif
+@@ -419,6 +432,9 @@
+ 	/* now set new system time */
+ 	if (ntp_set_tod(&timetv, NULL) != 0) {
+ 		msyslog(LOG_ERR, "step-systime: %m");
++		if (enable_panic_check && allow_panic) {
++			msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
++		}
+ 		return FALSE;
+ 	}
+ 
+@@ -445,7 +461,7 @@
+ 	 *	   long    ut_time;
+ 	 * };
+ 	 * and appends line="|", name="date", host="", time for the OLD
+-	 * and appends line="{", name="date", host="", time for the NEW
++	 * and appends line="{", name="date", host="", time for the NEW // }
+ 	 * to _PATH_WTMP .
+ 	 *
+ 	 * Some OSes have utmp, some have utmpx.
+@@ -564,6 +580,10 @@
+ #endif /* UPDATE_WTMPX */
+ 
+ 	}
++	if (enable_panic_check && allow_panic) {
++		msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
++		INSIST(!allow_panic);
++	}
+ 	return TRUE;
+ }
+ 
+--- contrib/ntp/libntp/work_thread.c.orig
++++ contrib/ntp/libntp/work_thread.c
+@@ -32,16 +32,20 @@
+ #define THREAD_MINSTACKSIZE	(64U * 1024)
+ #endif
+ 
+-#ifndef DEVOLATILE
+-#define DEVOLATILE(type, var) ((type)(uintptr_t)(volatile void *)(var))
+-#endif
++#ifdef SYS_WINNT
+ 
+-#ifdef SYS_WINNT
+ # define thread_exit(c)	_endthreadex(c)
+-# define tickle_sem	SetEvent
++# define tickle_sem(sh) ReleaseSemaphore((sh->shnd), 1, NULL)
++u_int	WINAPI	blocking_thread(void *);
++static BOOL	same_os_sema(const sem_ref obj, void * osobj);
++
+ #else
++
+ # define thread_exit(c)	pthread_exit((void*)(size_t)(c))
+ # define tickle_sem	sem_post
++void *		blocking_thread(void *);
++static	void	block_thread_signals(sigset_t *);
++
+ #endif
+ 
+ #ifdef WORK_PIPE
+@@ -54,18 +58,10 @@
+ static	void	start_blocking_thread_internal(blocking_child *);
+ static	void	prepare_child_sems(blocking_child *);
+ static	int	wait_for_sem(sem_ref, struct timespec *);
+-static	void	ensure_workitems_empty_slot(blocking_child *);
+-static	void	ensure_workresp_empty_slot(blocking_child *);
++static	int	ensure_workitems_empty_slot(blocking_child *);
++static	int	ensure_workresp_empty_slot(blocking_child *);
+ static	int	queue_req_pointer(blocking_child *, blocking_pipe_header *);
+ static	void	cleanup_after_child(blocking_child *);
+-#ifdef SYS_WINNT
+-u_int	WINAPI	blocking_thread(void *);
+-#else
+-void *		blocking_thread(void *);
+-#endif
+-#ifndef SYS_WINNT
+-static	void	block_thread_signals(sigset_t *);
+-#endif
+ 
+ 
+ void
+@@ -76,7 +72,9 @@
+ 	thread_exit(exitcode);	/* see #define thread_exit */
+ }
+ 
+-
++/* --------------------------------------------------------------------
++ * sleep for a given time or until the wakup semaphore is tickled.
++ */
+ int
+ worker_sleep(
+ 	blocking_child *	c,
+@@ -98,9 +96,7 @@
+ 	}
+ # endif
+ 	until.tv_sec += seconds;
+-	do {
+-		rc = wait_for_sem(c->wake_scheduled_sleep, &until);
+-	} while (-1 == rc && EINTR == errno);
++	rc = wait_for_sem(c->wake_scheduled_sleep, &until);
+ 	if (0 == rc)
+ 		return -1;
+ 	if (-1 == rc && ETIMEDOUT == errno)
+@@ -110,6 +106,9 @@
+ }
+ 
+ 
++/* --------------------------------------------------------------------
++ * Wake up a worker that takes a nap.
++ */
+ void
+ interrupt_worker_sleep(void)
+ {
+@@ -124,65 +123,79 @@
+ 	}
+ }
+ 
+-
+-static void
++/* --------------------------------------------------------------------
++ * Make sure there is an empty slot at the head of the request
++ * queue. Tell if the queue is currently empty.
++ */
++static int
+ ensure_workitems_empty_slot(
+ 	blocking_child *c
+ 	)
+ {
+-	const size_t	each = sizeof(blocking_children[0]->workitems[0]);
+-	size_t		new_alloc;
+-	size_t		old_octets;
+-	size_t		new_octets;
+-	void *		nonvol_workitems;
++	/*
++	** !!! PRECONDITION: caller holds access lock!
++	**
++	** This simply tries to increase the size of the buffer if it
++	** becomes full. The resize operation does *not* maintain the
++	** order of requests, but that should be irrelevant since the
++	** processing is considered asynchronous anyway.
++	**
++	** Return if the buffer is currently empty.
++	*/
++	
++	static const size_t each =
++	    sizeof(blocking_children[0]->workitems[0]);
+ 
++	size_t	new_alloc;
++	size_t  slots_used;
+ 
+-	if (c->workitems != NULL &&
+-	    NULL == c->workitems[c->next_workitem])
+-		return;
+-
+-	new_alloc = c->workitems_alloc + WORKITEMS_ALLOC_INC;
+-	old_octets = c->workitems_alloc * each;
+-	new_octets = new_alloc * each;
+-	nonvol_workitems = DEVOLATILE(void *, c->workitems);
+-	c->workitems = erealloc_zero(nonvol_workitems, new_octets,
+-				     old_octets);
+-	if (0 == c->next_workitem)
+-		c->next_workitem = c->workitems_alloc;
+-	c->workitems_alloc = new_alloc;
++	slots_used = c->head_workitem - c->tail_workitem;
++	if (slots_used >= c->workitems_alloc) {
++		new_alloc  = c->workitems_alloc + WORKITEMS_ALLOC_INC;
++		c->workitems = erealloc(c->workitems, new_alloc * each);
++		c->tail_workitem   = 0;
++		c->head_workitem   = c->workitems_alloc;
++		c->workitems_alloc = new_alloc;
++	}
++	return (0 == slots_used);
+ }
+ 
+-
+-static void
++/* --------------------------------------------------------------------
++ * Make sure there is an empty slot at the head of the response
++ * queue. Tell if the queue is currently empty.
++ */
++static int
+ ensure_workresp_empty_slot(
+ 	blocking_child *c
+ 	)
+ {
+-	const size_t	each = sizeof(blocking_children[0]->responses[0]);
+-	size_t		new_alloc;
+-	size_t		old_octets;
+-	size_t		new_octets;
+-	void *		nonvol_responses;
++	/*
++	** !!! PRECONDITION: caller holds access lock!
++	**
++	** Works like the companion function above.
++	*/
++	
++	static const size_t each =
++	    sizeof(blocking_children[0]->responses[0]);
+ 
+-	if (c->responses != NULL &&
+-	    NULL == c->responses[c->next_response])
+-		return;
++	size_t	new_alloc;
++	size_t  slots_used;
+ 
+-	new_alloc = c->responses_alloc + RESPONSES_ALLOC_INC;
+-	old_octets = c->responses_alloc * each;
+-	new_octets = new_alloc * each;
+-	nonvol_responses = DEVOLATILE(void *, c->responses);
+-	c->responses = erealloc_zero(nonvol_responses, new_octets,
+-				     old_octets);
+-	if (0 == c->next_response)
+-		c->next_response = c->responses_alloc;
+-	c->responses_alloc = new_alloc;
++	slots_used = c->head_response - c->tail_response;
++	if (slots_used >= c->responses_alloc) {
++		new_alloc  = c->responses_alloc + RESPONSES_ALLOC_INC;
++		c->responses = erealloc(c->responses, new_alloc * each);
++		c->tail_response   = 0;
++		c->head_response   = c->responses_alloc;
++		c->responses_alloc = new_alloc;
++	}
++	return (0 == slots_used);
+ }
+ 
+ 
+-/*
++/* --------------------------------------------------------------------
+  * queue_req_pointer() - append a work item or idle exit request to
+- *			 blocking_workitems[].
++ *			 blocking_workitems[]. Employ proper locking.
+  */
+ static int
+ queue_req_pointer(
+@@ -190,21 +203,28 @@
+ 	blocking_pipe_header *	hdr
+ 	)
+ {
+-	c->workitems[c->next_workitem] = hdr;
+-	c->next_workitem = (1 + c->next_workitem) % c->workitems_alloc;
++	size_t qhead;
++	
++	/* >>>> ACCESS LOCKING STARTS >>>> */
++	wait_for_sem(c->accesslock, NULL);
++	ensure_workitems_empty_slot(c);
++	qhead = c->head_workitem;
++	c->workitems[qhead % c->workitems_alloc] = hdr;
++	c->head_workitem = 1 + qhead;
++	tickle_sem(c->accesslock);
++	/* <<<< ACCESS LOCKING ENDS <<<< */
+ 
+-	/*
+-	 * We only want to signal the wakeup event if the child is
+-	 * blocking on it, which is indicated by setting the blocking
+-	 * event.  Wait with zero timeout to test.
+-	 */
+-	/* !!!! if (WAIT_OBJECT_0 == WaitForSingleObject(c->child_is_blocking, 0)) */
+-		tickle_sem(c->blocking_req_ready);
++	/* queue consumer wake-up notification */
++	tickle_sem(c->workitems_pending);
+ 
+ 	return 0;
+ }
+ 
+-
++/* --------------------------------------------------------------------
++ * API function to make sure a worker is running, a proper private copy
++ * of the data is made, the data eneterd into the queue and the worker
++ * is signalled.
++ */
+ int
+ send_blocking_req_internal(
+ 	blocking_child *	c,
+@@ -223,12 +243,8 @@
+ 		return 1;	/* failure */
+ 	payload_octets = hdr->octets - sizeof(*hdr);
+ 
+-	ensure_workitems_empty_slot(c);
+-	if (NULL == c->thread_ref) {
+-		ensure_workresp_empty_slot(c);
++	if (NULL == c->thread_ref)
+ 		start_blocking_thread(c);
+-	}
+-
+ 	threadcopy = emalloc(hdr->octets);
+ 	memcpy(threadcopy, hdr, sizeof(*hdr));
+ 	memcpy((char *)threadcopy + sizeof(*hdr), data, payload_octets);
+@@ -236,7 +252,10 @@
+ 	return queue_req_pointer(c, threadcopy);
+ }
+ 
+-
++/* --------------------------------------------------------------------
++ * Wait for the 'incoming queue no longer empty' signal, lock the shared
++ * structure and dequeue an item.
++ */
+ blocking_pipe_header *
+ receive_blocking_req_internal(
+ 	blocking_child *	c
+@@ -243,36 +262,31 @@
+ 	)
+ {
+ 	blocking_pipe_header *	req;
+-	int			rc;
++	size_t			qhead, qtail;
+ 
+-	/*
+-	 * Child blocks here when idle.  SysV semaphores maintain a
+-	 * count and release from sem_wait() only when it reaches 0.
+-	 * Windows auto-reset events are simpler, and multiple SetEvent
+-	 * calls before any thread waits result in a single wakeup.
+-	 * On Windows, the child drains all workitems each wakeup, while
+-	 * with SysV semaphores wait_sem() is used before each item.
+-	 */
+-#ifdef SYS_WINNT
+-	while (NULL == c->workitems[c->next_workeritem]) {
+-		/* !!!! SetEvent(c->child_is_blocking); */
+-		rc = wait_for_sem(c->blocking_req_ready, NULL);
+-		INSIST(0 == rc);
+-		/* !!!! ResetEvent(c->child_is_blocking); */
+-	}
+-#else
++	req = NULL;
+ 	do {
+-		rc = wait_for_sem(c->blocking_req_ready, NULL);
+-	} while (-1 == rc && EINTR == errno);
+-	INSIST(0 == rc);
+-#endif
++		/* wait for tickle from the producer side */
++		wait_for_sem(c->workitems_pending, NULL);
+ 
+-	req = c->workitems[c->next_workeritem];
++		/* >>>> ACCESS LOCKING STARTS >>>> */
++		wait_for_sem(c->accesslock, NULL);
++		qhead = c->head_workitem;
++		do {
++			qtail = c->tail_workitem;
++			if (qhead == qtail)
++				break;
++			c->tail_workitem = qtail + 1;
++			qtail %= c->workitems_alloc;
++			req = c->workitems[qtail];
++			c->workitems[qtail] = NULL;
++		} while (NULL == req);
++		tickle_sem(c->accesslock);
++		/* <<<< ACCESS LOCKING ENDS <<<< */
++
++	} while (NULL == req);
++
+ 	INSIST(NULL != req);
+-	c->workitems[c->next_workeritem] = NULL;
+-	c->next_workeritem = (1 + c->next_workeritem) %
+-				c->workitems_alloc;
+-
+ 	if (CHILD_EXIT_REQ == req) {	/* idled out */
+ 		send_blocking_resp_internal(c, CHILD_GONE_RESP);
+ 		req = NULL;
+@@ -281,7 +295,10 @@
+ 	return req;
+ }
+ 
+-
++/* --------------------------------------------------------------------
++ * Push a response into the return queue and eventually tickle the
++ * receiver.
++ */
+ int
+ send_blocking_resp_internal(
+ 	blocking_child *	c,
+@@ -288,37 +305,64 @@
+ 	blocking_pipe_header *	resp
+ 	)
+ {
+-	ensure_workresp_empty_slot(c);
++	size_t	qhead;
++	int	empty;
++	
++	/* >>>> ACCESS LOCKING STARTS >>>> */
++	wait_for_sem(c->accesslock, NULL);
++	empty = ensure_workresp_empty_slot(c);
++	qhead = c->head_response;
++	c->responses[qhead % c->responses_alloc] = resp;
++	c->head_response = 1 + qhead;
++	tickle_sem(c->accesslock);
++	/* <<<< ACCESS LOCKING ENDS <<<< */
+ 
+-	c->responses[c->next_response] = resp;
+-	c->next_response = (1 + c->next_response) % c->responses_alloc;
+-
+-#ifdef WORK_PIPE
+-	write(c->resp_write_pipe, "", 1);
+-#else
+-	tickle_sem(c->blocking_response_ready);
+-#endif
+-
++	/* queue consumer wake-up notification */
++	if (empty)
++	{
++#	    ifdef WORK_PIPE
++		write(c->resp_write_pipe, "", 1);
++#	    else
++		tickle_sem(c->responses_pending);
++#	    endif
++	}
+ 	return 0;
+ }
+ 
+ 
+ #ifndef WORK_PIPE
++
++/* --------------------------------------------------------------------
++ * Check if a (Windows-)hanndle to a semaphore is actually the same we
++ * are using inside the sema wrapper.
++ */
++static BOOL
++same_os_sema(
++	const sem_ref	obj,
++	void*		osh
++	)
++{
++	return obj && osh && (obj->shnd == (HANDLE)osh);
++}
++
++/* --------------------------------------------------------------------
++ * Find the shared context that associates to an OS handle and make sure
++ * the data is dequeued and processed.
++ */
+ void
+ handle_blocking_resp_sem(
+ 	void *	context
+ 	)
+ {
+-	HANDLE			ready;
+ 	blocking_child *	c;
+ 	u_int			idx;
+ 
+-	ready = (HANDLE)context;
+ 	c = NULL;
+ 	for (idx = 0; idx < blocking_children_alloc; idx++) {
+ 		c = blocking_children[idx];
+-		if (c != NULL && c->thread_ref != NULL &&
+-		    ready == c->blocking_response_ready)
++		if (c != NULL &&
++			c->thread_ref != NULL &&
++			same_os_sema(c->responses_pending, context))
+ 			break;
+ 	}
+ 	if (idx < blocking_children_alloc)
+@@ -326,7 +370,10 @@
+ }
+ #endif	/* !WORK_PIPE */
+ 
+-
++/* --------------------------------------------------------------------
++ * Fetch the next response from the return queue. In case of signalling
++ * via pipe, make sure the pipe is flushed, too.
++ */
+ blocking_pipe_header *
+ receive_blocking_resp_internal(
+ 	blocking_child *	c
+@@ -333,19 +380,31 @@
+ 	)
+ {
+ 	blocking_pipe_header *	removed;
++	size_t			qhead, qtail, slot;
++
+ #ifdef WORK_PIPE
+ 	int			rc;
+ 	char			scratch[32];
+ 
+-	do {
++	do
+ 		rc = read(c->resp_read_pipe, scratch, sizeof(scratch));
+-	} while (-1 == rc && EINTR == errno);
++	while (-1 == rc && EINTR == errno);
+ #endif
+-	removed = c->responses[c->next_workresp];
++
++	/* >>>> ACCESS LOCKING STARTS >>>> */
++	wait_for_sem(c->accesslock, NULL);
++	qhead = c->head_response;
++	qtail = c->tail_response;
++	for (removed = NULL; !removed && (qhead != qtail); ++qtail) {
++		slot = qtail % c->responses_alloc;
++		removed = c->responses[slot];
++		c->responses[slot] = NULL;
++	}
++	c->tail_response = qtail;
++	tickle_sem(c->accesslock);
++	/* <<<< ACCESS LOCKING ENDS <<<< */
++
+ 	if (NULL != removed) {
+-		c->responses[c->next_workresp] = NULL;
+-		c->next_workresp = (1 + c->next_workresp) %
+-				   c->responses_alloc;
+ 		DEBUG_ENSURE(CHILD_GONE_RESP == removed ||
+ 			     BLOCKING_RESP_MAGIC == removed->magic_sig);
+ 	}
+@@ -357,7 +416,9 @@
+ 	return removed;
+ }
+ 
+-
++/* --------------------------------------------------------------------
++ * Light up a new worker.
++ */
+ static void
+ start_blocking_thread(
+ 	blocking_child *	c
+@@ -370,7 +431,14 @@
+ 	start_blocking_thread_internal(c);
+ }
+ 
+-
++/* --------------------------------------------------------------------
++ * Create a worker thread. There are several differences between POSIX
++ * and Windows, of course -- most notably the Windows thread is no
++ * detached thread, and we keep the handle around until we want to get
++ * rid of the thread. The notification scheme also differs: Windows
++ * makes use of semaphores in both directions, POSIX uses a pipe for
++ * integration with 'select()' or alike.
++ */
+ static void
+ start_blocking_thread_internal(
+ 	blocking_child *	c
+@@ -377,12 +445,11 @@
+ 	)
+ #ifdef SYS_WINNT
+ {
+-	thr_ref	blocking_child_thread;
+-	u_int	blocking_thread_id;
+ 	BOOL	resumed;
+ 
+-	(*addremove_io_semaphore)(c->blocking_response_ready, FALSE);
+-	blocking_child_thread =
++	c->thread_ref = NULL;
++	(*addremove_io_semaphore)(c->responses_pending->shnd, FALSE);
++	c->thr_table[0].thnd =
+ 		(HANDLE)_beginthreadex(
+ 			NULL,
+ 			0,
+@@ -389,21 +456,20 @@
+ 			&blocking_thread,
+ 			c,
+ 			CREATE_SUSPENDED,
+-			&blocking_thread_id);
++			NULL);
+ 
+-	if (NULL == blocking_child_thread) {
++	if (NULL == c->thr_table[0].thnd) {
+ 		msyslog(LOG_ERR, "start blocking thread failed: %m");
+ 		exit(-1);
+ 	}
+-	c->thread_id = blocking_thread_id;
+-	c->thread_ref = blocking_child_thread;
+ 	/* remember the thread priority is only within the process class */
+-	if (!SetThreadPriority(blocking_child_thread,
++	if (!SetThreadPriority(c->thr_table[0].thnd,
+ 			       THREAD_PRIORITY_BELOW_NORMAL))
+ 		msyslog(LOG_ERR, "Error lowering blocking thread priority: %m");
+ 
+-	resumed = ResumeThread(blocking_child_thread);
++	resumed = ResumeThread(c->thr_table[0].thnd);
+ 	DEBUG_INSIST(resumed);
++	c->thread_ref = &c->thr_table[0];
+ }
+ #else	/* pthreads start_blocking_thread_internal() follows */
+ {
+@@ -419,6 +485,8 @@
+ 	size_t		stacksize;
+ 	sigset_t	saved_sig_mask;
+ 
++	c->thread_ref = NULL;
++
+ # ifdef NEED_PTHREAD_INIT
+ 	/*
+ 	 * from lib/isc/unix/app.c:
+@@ -475,7 +543,7 @@
+ #endif
+ 	c->thread_ref = emalloc_zero(sizeof(*c->thread_ref));
+ 	block_thread_signals(&saved_sig_mask);
+-	rc = pthread_create(c->thread_ref, &thr_attr,
++	rc = pthread_create(&c->thr_table[0], &thr_attr,
+ 			    &blocking_thread, c);
+ 	saved_errno = errno;
+ 	pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL);
+@@ -485,11 +553,11 @@
+ 		msyslog(LOG_ERR, "pthread_create() blocking child: %m");
+ 		exit(1);
+ 	}
++	c->thread_ref = &c->thr_table[0];
+ }
+ #endif
+ 
+-
+-/*
++/* --------------------------------------------------------------------
+  * block_thread_signals()
+  *
+  * Temporarily block signals used by ntpd main thread, so that signal
+@@ -538,61 +606,101 @@
+ #endif	/* !SYS_WINNT */
+ 
+ 
+-/*
++/* --------------------------------------------------------------------
++ * Create & destroy semaphores. This is sufficiently different between
++ * POSIX and Windows to warrant wrapper functions and close enough to
++ * use the concept of synchronization via semaphore for all platforms.
++ */
++static sem_ref
++create_sema(
++	sema_type*	semptr,
++	u_int		inival,
++	u_int		maxval)
++{
++#ifdef SYS_WINNT
++	
++	long svini, svmax;
++	if (NULL != semptr) {
++		svini = (inival < LONG_MAX)
++		    ? (long)inival : LONG_MAX;
++		svmax = (maxval < LONG_MAX && maxval > 0)
++		    ? (long)maxval : LONG_MAX;
++		semptr->shnd = CreateSemaphore(NULL, svini, svmax, NULL);
++		if (NULL == semptr->shnd)
++			semptr = NULL;
++	}
++	
++#else
++	
++	(void)maxval;
++	if (semptr && sem_init(semptr, FALSE, inival))
++		semptr = NULL;
++	
++#endif
++
++	return semptr;
++}
++
++/* ------------------------------------------------------------------ */
++static sem_ref
++delete_sema(
++	sem_ref obj)
++{
++		
++#   ifdef SYS_WINNT
++		
++	if (obj) {
++		if (obj->shnd)
++			CloseHandle(obj->shnd);
++		obj->shnd = NULL;
++	}
++	
++#   else
++		
++	if (obj)
++		sem_destroy(obj);
++		
++#   endif
++
++	return NULL;
++}
++
++/* --------------------------------------------------------------------
+  * prepare_child_sems()
+  *
+- * create sync events (semaphores)
+- * child_is_blocking initially unset
+- * blocking_req_ready initially unset
++ * create sync & access semaphores
+  *
+- * Child waits for blocking_req_ready to be set after
+- * setting child_is_blocking.  blocking_req_ready and
+- * blocking_response_ready are auto-reset, so wake one
+- * waiter and become unset (unsignalled) in one operation.
++ * All semaphores are cleared, only the access semaphore has 1 unit.
++ * Childs wait on 'workitems_pending', then grabs 'sema_access'
++ * and dequeues jobs. When done, 'sema_access' is given one unit back.
++ *
++ * The producer grabs 'sema_access', manages the queue, restores
++ * 'sema_access' and puts one unit into 'workitems_pending'.
++ *
++ * The story goes the same for the response queue.
+  */
+ static void
+ prepare_child_sems(
+ 	blocking_child *c
+ 	)
+-#ifdef SYS_WINNT
+ {
+-	if (NULL == c->blocking_req_ready) {
+-		/* manual reset using ResetEvent() */
+-		/* !!!! c->child_is_blocking = CreateEvent(NULL, TRUE, FALSE, NULL); */
+-		/* auto reset - one thread released from wait each set */
+-		c->blocking_req_ready = CreateEvent(NULL, FALSE, FALSE, NULL);
+-		c->blocking_response_ready = CreateEvent(NULL, FALSE, FALSE, NULL);
+-		c->wake_scheduled_sleep = CreateEvent(NULL, FALSE, FALSE, NULL);
+-	} else {
+-		/* !!!! ResetEvent(c->child_is_blocking); */
+-		/* ResetEvent(c->blocking_req_ready); */
+-		/* ResetEvent(c->blocking_response_ready); */
+-		/* ResetEvent(c->wake_scheduled_sleep); */
+-	}
++	c->accesslock           = create_sema(&c->sem_table[0], 1, 1);
++	c->workitems_pending    = create_sema(&c->sem_table[1], 0, 0);
++	c->wake_scheduled_sleep = create_sema(&c->sem_table[2], 0, 1);
++#   ifndef WORK_PIPE
++	c->responses_pending    = create_sema(&c->sem_table[3], 0, 0);
++#   endif
+ }
+-#else	/* pthreads prepare_child_sems() follows */
+-{
+-	size_t	octets;
+ 
+-	if (NULL == c->blocking_req_ready) {
+-		octets = sizeof(*c->blocking_req_ready);
+-		octets += sizeof(*c->wake_scheduled_sleep);
+-		/* !!!! octets += sizeof(*c->child_is_blocking); */
+-		c->blocking_req_ready = emalloc_zero(octets);;
+-		c->wake_scheduled_sleep = 1 + c->blocking_req_ready;
+-		/* !!!! c->child_is_blocking = 1 + c->wake_scheduled_sleep; */
+-	} else {
+-		sem_destroy(c->blocking_req_ready);
+-		sem_destroy(c->wake_scheduled_sleep);
+-		/* !!!! sem_destroy(c->child_is_blocking); */
+-	}
+-	sem_init(c->blocking_req_ready, FALSE, 0);
+-	sem_init(c->wake_scheduled_sleep, FALSE, 0);
+-	/* !!!! sem_init(c->child_is_blocking, FALSE, 0); */
+-}
+-#endif
+-
+-
++/* --------------------------------------------------------------------
++ * wait for semaphore. Where the wait can be interrupted, it will
++ * internally resume -- When this function returns, there is either no
++ * semaphore at all, a timeout occurred, or the caller could
++ * successfully take a token from the semaphore.
++ *
++ * For untimed wait, not checking the result of this function at all is
++ * definitely an option.
++ */
+ static int
+ wait_for_sem(
+ 	sem_ref			sem,
+@@ -605,6 +713,11 @@
+ 	DWORD		msec;
+ 	DWORD		rc;
+ 
++	if (!(sem && sem->shnd)) {
++		errno = EINVAL;
++		return -1;
++	}
++	
+ 	if (NULL == timeout) {
+ 		msec = INFINITE;
+ 	} else {
+@@ -619,7 +732,7 @@
+ 			msec += delta.tv_nsec / (1000 * 1000);
+ 		}
+ 	}
+-	rc = WaitForSingleObject(sem, msec);
++	rc = WaitForSingleObject(sem->shnd, msec);
+ 	if (WAIT_OBJECT_0 == rc)
+ 		return 0;
+ 	if (WAIT_TIMEOUT == rc) {
+@@ -632,24 +745,28 @@
+ }
+ #else	/* pthreads wait_for_sem() follows */
+ {
+-	int rc;
++	int rc = -1;
+ 
+-	if (NULL == timeout)
+-		rc = sem_wait(sem);
++	if (sem) do {
++			if (NULL == timeout)
++				rc = sem_wait(sem);
++			else
++				rc = sem_timedwait(sem, timeout);
++		} while (rc == -1 && errno == EINTR);
+ 	else
+-		rc = sem_timedwait(sem, timeout);
+-
++		errno = EINVAL;
++		
+ 	return rc;
+ }
+ #endif
+ 
+-
+-/*
+- * blocking_thread - thread functions have WINAPI calling convention
++/* --------------------------------------------------------------------
++ * blocking_thread - thread functions have WINAPI (aka 'stdcall')
++ * calling conventions under Windows and POSIX-defined signature
++ * otherwise.
+  */
+ #ifdef SYS_WINNT
+-u_int
+-WINAPI
++u_int WINAPI
+ #else
+ void *
+ #endif
+@@ -666,9 +783,16 @@
+ 	return 0;
+ }
+ 
+-
+-/*
++/* --------------------------------------------------------------------
+  * req_child_exit() runs in the parent.
++ *
++ * This function is called from from the idle timer, too, and possibly
++ * without a thread being there any longer. Since we have folded up our
++ * tent in that case and all the semaphores are already gone, we simply
++ * ignore this request in this case.
++ *
++ * Since the existence of the semaphores is controlled exclusively by
++ * the parent, there's no risk of data race here.
+  */
+ int
+ req_child_exit(
+@@ -675,11 +799,12 @@
+ 	blocking_child *c
+ 	)
+ {
+-	return queue_req_pointer(c, CHILD_EXIT_REQ);
++	return (c->accesslock)
++	    ? queue_req_pointer(c, CHILD_EXIT_REQ)
++	    : 0;
+ }
+ 
+-
+-/*
++/* --------------------------------------------------------------------
+  * cleanup_after_child() runs in parent.
+  */
+ static void
+@@ -687,17 +812,27 @@
+ 	blocking_child *	c
+ 	)
+ {
+-	u_int	idx;
+-
+ 	DEBUG_INSIST(!c->reusable);
+-#ifdef SYS_WINNT
+-	INSIST(CloseHandle(c->thread_ref));
+-#else
+-	free(c->thread_ref);
+-#endif
++	
++#   ifdef SYS_WINNT
++	/* The thread was not created in detached state, so we better
++	 * clean up.
++	 */
++	if (c->thread_ref && c->thread_ref->thnd) {
++		WaitForSingleObject(c->thread_ref->thnd, INFINITE);
++		INSIST(CloseHandle(c->thread_ref->thnd));
++		c->thread_ref->thnd = NULL;
++	}
++#   endif
+ 	c->thread_ref = NULL;
+-	c->thread_id = 0;
+-#ifdef WORK_PIPE
++
++	/* remove semaphores and (if signalling vi IO) pipes */
++	
++	c->accesslock           = delete_sema(c->accesslock);
++	c->workitems_pending    = delete_sema(c->workitems_pending);
++	c->wake_scheduled_sleep = delete_sema(c->wake_scheduled_sleep);
++
++#   ifdef WORK_PIPE
+ 	DEBUG_INSIST(-1 != c->resp_read_pipe);
+ 	DEBUG_INSIST(-1 != c->resp_write_pipe);
+ 	(*addremove_io_fd)(c->resp_read_pipe, c->ispipe, TRUE);
+@@ -705,18 +840,22 @@
+ 	close(c->resp_read_pipe);
+ 	c->resp_write_pipe = -1;
+ 	c->resp_read_pipe = -1;
+-#else
+-	DEBUG_INSIST(NULL != c->blocking_response_ready);
+-	(*addremove_io_semaphore)(c->blocking_response_ready, TRUE);
+-#endif
+-	for (idx = 0; idx < c->workitems_alloc; idx++)
+-		c->workitems[idx] = NULL;
+-	c->next_workitem = 0;
+-	c->next_workeritem = 0;
+-	for (idx = 0; idx < c->responses_alloc; idx++)
+-		c->responses[idx] = NULL;
+-	c->next_response = 0;
+-	c->next_workresp = 0;
++#   else
++	DEBUG_INSIST(NULL != c->responses_pending);
++	(*addremove_io_semaphore)(c->responses_pending->shnd, TRUE);
++	c->responses_pending = delete_sema(c->responses_pending);
++#   endif
++
++	/* Is it necessary to check if there are pending requests and
++	 * responses? If so, and if there are, what to do with them?
++	 */
++	
++	/* re-init buffer index sequencers */
++	c->head_workitem = 0;
++	c->tail_workitem = 0;
++	c->head_response = 0;
++	c->tail_response = 0;
++
+ 	c->reusable = TRUE;
+ }
+ 
+--- contrib/ntp/libparse/clk_computime.c.orig
++++ contrib/ntp/libparse/clk_computime.c
+@@ -157,7 +157,7 @@
+ {
+ 	unsigned int rtc;
+ 
+-	parseprintf(DD_PARSE, ("inp_computime(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++	parseprintf(DD_PARSE, ("inp_computime(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+ 	switch (ch)
+ 	{
+--- contrib/ntp/libparse/clk_dcf7000.c.orig
++++ contrib/ntp/libparse/clk_dcf7000.c
+@@ -158,7 +158,7 @@
+ {
+ 	unsigned int rtc;
+ 
+-	parseprintf(DD_PARSE, ("inp_dcf7000(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++	parseprintf(DD_PARSE, ("inp_dcf7000(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+ 	switch (ch)
+ 	{
+--- contrib/ntp/libparse/clk_hopf6021.c.orig
++++ contrib/ntp/libparse/clk_hopf6021.c
+@@ -227,7 +227,7 @@
+ {
+ 	unsigned int rtc;
+ 
+-	parseprintf(DD_PARSE, ("inp_hopf6021(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++	parseprintf(DD_PARSE, ("inp_hopf6021(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+ 	switch (ch)
+ 	{
+--- contrib/ntp/libparse/clk_meinberg.c.orig
++++ contrib/ntp/libparse/clk_meinberg.c
+@@ -434,7 +434,7 @@
+ {
+ 	unsigned int rtc;
+ 
+-	parseprintf(DD_PARSE, ("mbg_input(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++	parseprintf(DD_PARSE, ("mbg_input(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+ 	switch (ch)
+ 	{
+@@ -602,7 +602,7 @@
+ 
+   msg_buf = (struct msg_buf *)parseio->parse_pdata;
+ 
+-  parseprintf(DD_PARSE, ("gps_input(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++  parseprintf(DD_PARSE, ("gps_input(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+   if (!msg_buf)
+     return PARSE_INP_SKIP;
+--- contrib/ntp/libparse/clk_rawdcf.c.orig
++++ contrib/ntp/libparse/clk_rawdcf.c
+@@ -627,7 +627,7 @@
+ {
+ 	static struct timeval timeout = { 1, 500000 }; /* 1.5 secongs denote second #60 */
+ 
+-	parseprintf(DD_PARSE, ("inp_rawdcf(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++	parseprintf(DD_PARSE, ("inp_rawdcf(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+ 	parseio->parse_dtime.parse_stime = *tstamp; /* collect timestamp */
+ 
+--- contrib/ntp/libparse/clk_rcc8000.c.orig
++++ contrib/ntp/libparse/clk_rcc8000.c
+@@ -141,7 +141,7 @@
+ {
+ 	unsigned int rtc;
+ 
+-	parseprintf(DD_PARSE, ("inp_rcc8000(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++	parseprintf(DD_PARSE, ("inp_rcc8000(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+ 	switch (ch)
+ 	{
+--- contrib/ntp/libparse/clk_schmid.c.orig
++++ contrib/ntp/libparse/clk_schmid.c
+@@ -205,7 +205,7 @@
+ {
+ 	unsigned int rtc;
+ 
+-	parseprintf(DD_PARSE, ("inp_schmid(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++	parseprintf(DD_PARSE, ("inp_schmid(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+ 	switch ((uint8_t)ch)
+ 	{
+--- contrib/ntp/libparse/clk_trimtaip.c.orig
++++ contrib/ntp/libparse/clk_trimtaip.c
+@@ -155,7 +155,7 @@
+ {
+ 	unsigned int rtc;
+ 
+-	parseprintf(DD_PARSE, ("inp_trimtaip(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++	parseprintf(DD_PARSE, ("inp_trimtaip(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+ 	switch (ch)
+ 	{
+--- contrib/ntp/libparse/clk_varitext.c.orig
++++ contrib/ntp/libparse/clk_varitext.c
+@@ -58,12 +58,12 @@
+ extern int printf (const char *, ...);
+ #endif
+ 
+-static const u_char VT_INITIALISED      = 0x01;
+-static const u_char VT_SYNCHRONISED     = 0x02;
+-static const u_char VT_ALARM_STATE      = 0x04;
++/* static const u_char VT_INITIALISED      = 0x01; */
++/* static const u_char VT_SYNCHRONISED     = 0x02; */
++/* static const u_char VT_ALARM_STATE      = 0x04; */
+ static const u_char VT_BST              = 0x08;
+-static const u_char VT_SEASON_CHANGE    = 0x10;
+-static const u_char VT_LAST_TELEGRAM_OK = 0x20;
++/* static const u_char VT_SEASON_CHANGE    = 0x10; */
++/* static const u_char VT_LAST_TELEGRAM_OK = 0x20; */
+ 
+ /*
+  * The Varitext receiver sends a datagram in the following format every minute
+@@ -195,7 +195,7 @@
+   struct varitext *t = (struct varitext *)parseio->parse_pdata;
+   int    rtc;
+ 
+-  parseprintf(DD_PARSE, ("inp_varitext(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++  parseprintf(DD_PARSE, ("inp_varitext(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 
+   if (!t)
+     return PARSE_INP_SKIP;	/* local data not allocated - sigh! */
+--- contrib/ntp/libparse/clk_wharton.c.orig
++++ contrib/ntp/libparse/clk_wharton.c
+@@ -137,7 +137,7 @@
+ {
+ 	unsigned int rtc;
+ 	
+-	parseprintf(DD_PARSE, ("inp_wharton_400a(0x%lx, 0x%x, ...)\n", (long)parseio, ch));
++	parseprintf(DD_PARSE, ("inp_wharton_400a(0x%p, 0x%x, ...)\n", (void*)parseio, ch));
+ 	
+ 	switch (ch)
+ 	{
+--- contrib/ntp/libparse/parse.c.orig
++++ contrib/ntp/libparse/parse.c
+@@ -288,7 +288,7 @@
+ 		break;
+ 	}
+ 
+-	parseprintf(DD_PARSE, ("parse_ioread(0x%lx, char=0x%x, ..., ...)\n", (unsigned long)parseio, ch & 0xFF));
++	parseprintf(DD_PARSE, ("parse_ioread(0x%p, char=0x%x, ..., ...)\n", (void*)parseio, ch & 0xFF));
+ 
+ 	if (!clockformats[parseio->parse_lformat]->convert)
+ 	{
+--- contrib/ntp/ntpd/invoke-ntp.conf.texi.orig
++++ contrib/ntp/ntpd/invoke-ntp.conf.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntp.conf.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:38:16 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:30:49 PM by AutoGen 5.18.5
+ # From the definitions    ntp.conf.def
+ # and the template file   agtexi-file.tpl
+ @end ignore
+--- contrib/ntp/ntpd/invoke-ntp.keys.texi.orig
++++ contrib/ntp/ntpd/invoke-ntp.keys.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntp.keys.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:38:19 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:30:52 PM by AutoGen 5.18.5
+ # From the definitions    ntp.keys.def
+ # and the template file   agtexi-file.tpl
+ @end ignore
+--- contrib/ntp/ntpd/invoke-ntpd.texi.orig
++++ contrib/ntp/ntpd/invoke-ntpd.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntpd.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:38:21 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:30:54 PM by AutoGen 5.18.5
+ # From the definitions    ntpd-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -142,7 +142,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntpd - NTP daemon program - Ver. 4.2.8p4
++ntpd - NTP daemon program - Ver. 4.2.8p5
+ Usage:  ntpd [ - [] | --[@{=| @}] ]... \
+                 [  ...  ]
+   Flg Arg Option-Name    Description
+--- contrib/ntp/ntpd/ntp.conf.5man.orig
++++ contrib/ntp/ntpd/ntp.conf.5man
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp.conf 5man "21 Oct 2015" "4.2.8p4" "File Formats"
++.TH ntp.conf 5man "07 Jan 2016" "4.2.8p5" "File Formats"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5
+ .\" From the definitions ntp.conf.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpd/ntp.conf.5mdoc.orig
++++ contrib/ntp/ntpd/ntp.conf.5mdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_CONF 5mdoc File Formats
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:30:57 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.conf.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpd/ntp.conf.html.orig
++++ contrib/ntp/ntpd/ntp.conf.html
+@@ -33,7 +33,7 @@
+ 
        This document describes the configuration file for the NTP Project's
+ ntpd program.
+ 
+-  
        This document applies to version 4.2.8p4 of ntp.conf.
++  
        This document applies to version 4.2.8p5 of ntp.conf.
+ 
+   
        
+ 
        Short Contents
        
+--- contrib/ntp/ntpd/ntp.conf.man.in.orig
++++ contrib/ntp/ntpd/ntp.conf.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp.conf 5 "21 Oct 2015" "4.2.8p4" "File Formats"
++.TH ntp.conf 5 "07 Jan 2016" "4.2.8p5" "File Formats"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5
+ .\" From the definitions ntp.conf.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpd/ntp.conf.mdoc.in.orig
++++ contrib/ntp/ntpd/ntp.conf.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_CONF 5 File Formats
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:30:57 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.conf.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpd/ntp.keys.5man.orig
++++ contrib/ntp/ntpd/ntp.keys.5man
+@@ -1,8 +1,8 @@
+-.TH ntp.keys 5man "21 Oct 2015" "4.2.8p4" "File Formats"
++.TH ntp.keys 5man "07 Jan 2016" "4.2.8p5" "File Formats"
+ .\"
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.man)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:30:41 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.keys.def
+ .\"  and the template file   agman-file.tpl
+ .Sh NAME
+--- contrib/ntp/ntpd/ntp.keys.5mdoc.orig
++++ contrib/ntp/ntpd/ntp.keys.5mdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYS 5mdoc File Formats
+ .Os SunOS 5.10
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:00 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.keys.def
+ .\"  and the template file   agmdoc-file.tpl
+ .Sh NAME
+--- contrib/ntp/ntpd/ntp.keys.html.orig
++++ contrib/ntp/ntpd/ntp.keys.html
+@@ -33,7 +33,7 @@
+ 
        This document describes the symmetric key file for the NTP Project's
+ ntpd program.
+ 
+-  
        This document applies to version 4.2.8p4 of ntp.keys.
++  
        This document applies to version 4.2.8p5 of ntp.keys.
+ 
+   
        
+ 
        Short Contents
        
+--- contrib/ntp/ntpd/ntp.keys.man.in.orig
++++ contrib/ntp/ntpd/ntp.keys.man.in
+@@ -1,8 +1,8 @@
+-.TH ntp.keys 5 "21 Oct 2015" "4.2.8p4" "File Formats"
++.TH ntp.keys 5 "07 Jan 2016" "4.2.8p5" "File Formats"
+ .\"
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.man)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:30:41 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.keys.def
+ .\"  and the template file   agman-file.tpl
+ .Sh NAME
+--- contrib/ntp/ntpd/ntp.keys.mdoc.in.orig
++++ contrib/ntp/ntpd/ntp.keys.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYS 5 File Formats
+ .Os SunOS 5.10
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:00 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.keys.def
+ .\"  and the template file   agmdoc-file.tpl
+ .Sh NAME
+--- contrib/ntp/ntpd/ntp_control.c.orig
++++ contrib/ntp/ntpd/ntp_control.c
+@@ -846,7 +846,7 @@
+ 	u_char errcode
+ 	)
+ {
+-	int		maclen;
++	size_t		maclen;
+ 
+ 	numctlerrors++;
+ 	DPRINTF(3, ("sending control error %u\n", errcode));
+@@ -1248,10 +1248,10 @@
+ 	)
+ {
+ 	size_t i;
+-	int dlen;
+-	int sendlen;
+-	int maclen;
+-	int totlen;
++	size_t dlen;
++	size_t sendlen;
++	size_t maclen;
++	size_t totlen;
+ 	keyid_t keyid;
+ 
+ 	dlen = datapt - rpkt.u.data;
+--- contrib/ntp/ntpd/ntp_crypto.c.orig
++++ contrib/ntp/ntpd/ntp_crypto.c
+@@ -473,9 +473,9 @@
+ 		}
+ 
+ 		/* Check if the declared size fits into the remaining
+-		 * buffer.
++		 * buffer. We *know* 'macbytes' > 0 here!
+ 		 */
+-		if (len > macbytes) {
++		if (len > (u_int)macbytes) {
+ 			DPRINTF(1, ("crypto_recv: possible attack detected, associd %d\n",
+ 				    associd));
+ 			return XEVNT_LEN;
+--- contrib/ntp/ntpd/ntp_io.c.orig
++++ contrib/ntp/ntpd/ntp_io.c
+@@ -41,6 +41,7 @@
+ #include "timevalops.h"
+ #include "timespecops.h"
+ #include "ntpd-opts.h"
++#include "safecast.h"
+ 
+ /* Don't include ISC's version of IPv6 variables and structures */
+ #define ISC_IPV6_H 1
+@@ -772,7 +773,7 @@
+ 			hints.ai_flags |= AI_NUMERICHOST;
+ 			if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) {
+ 				AF(addr) = AF_INET6;
+-				resaddr6 = (struct sockaddr_in6 *)result->ai_addr;
++				resaddr6 = UA_PTR(struct sockaddr_in6, result->ai_addr);
+ 				SET_ADDR6N(addr, resaddr6->sin6_addr);
+ 				SET_SCOPE(addr, resaddr6->sin6_scope_id);
+ 
+@@ -3365,7 +3366,7 @@
+ #endif  /* HAVE_BINTIME */
+ #ifdef HAVE_TIMESTAMPNS
+ 			case SCM_TIMESTAMPNS:
+-				tsp = (struct timespec *)CMSG_DATA(cmsghdr);
++				tsp = UA_PTR(struct timespec, CMSG_DATA(cmsghdr));
+ 				if (sys_tick > measured_tick &&
+ 				    sys_tick > 1e-9) {
+ 					ticks = (unsigned long)((tsp->tv_nsec * 1e-9) /
+@@ -3666,8 +3667,7 @@
+ 	fds = activefds;
+ 	tvzero.tv_sec = tvzero.tv_usec = 0;
+ 
+-	n = select(maxactivefd + 1, &fds, (fd_set *)0, (fd_set *)0,
+-		   &tvzero);
++	n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
+ 
+ 	/*
+ 	 * If there are no packets waiting just return
+@@ -4447,7 +4447,7 @@
+ 		break;
+ 
+ 	case FD_TYPE_FILE:
+-		closeserial(lsock->fd);
++		closeserial((int)lsock->fd);
+ 		break;
+ 
+ 	default:
+@@ -4643,7 +4643,7 @@
+ 	 * process routing message
+ 	 */
+ #ifdef HAVE_RTNETLINK
+-	for (nh = (struct nlmsghdr *)buffer;
++	for (nh = UA_PTR(struct nlmsghdr, buffer);
+ 	     NLMSG_OK(nh, cnt);
+ 	     nh = NLMSG_NEXT(nh, cnt)) {
+ 		msg_type = nh->nlmsg_type;
+--- contrib/ntp/ntpd/ntp_loopfilter.c.orig
++++ contrib/ntp/ntpd/ntp_loopfilter.c
+@@ -154,7 +154,6 @@
+ int	ext_enable;		/* external clock enabled */
+ int	pps_stratum;		/* pps stratum */
+ int	kernel_status;		/* from ntp_adjtime */
+-int	allow_panic = FALSE;	/* allow panic correction (-g) */
+ int	force_step_once = FALSE; /* always step time once at startup (-G) */
+ int	mode_ntpdate = FALSE;	/* exit on first clock set (-q) */
+ int	freq_cnt;		/* initial frequency clamp */
+@@ -459,16 +458,16 @@
+ 	double	dtemp, etemp;	/* double temps */
+ 	char	tbuf[80];	/* report buffer */
+ 
++	(void)ntp_adj_ret; /* not always used below... */
+ 	/*
+ 	 * If the loop is opened or the NIST LOCKCLOCK is in use,
+ 	 * monitor and record the offsets anyway in order to determine
+ 	 * the open-loop response and then go home.
+ 	 */
+-#ifdef LOCKCLOCK
++#ifndef LOCKCLOCK
++	if (!ntp_enable)
++#endif /* not LOCKCLOCK */
+ 	{
+-#else
+-	if (!ntp_enable) {
+-#endif /* LOCKCLOCK */
+ 		record_loop_stats(fp_offset, drift_comp, clock_jitter,
+ 		    clock_stability, sys_poll);
+ 		return (0);
+@@ -493,6 +492,8 @@
+ 		return (-1);
+ 	}
+ 
++	allow_panic = FALSE;
++
+ 	/*
+ 	 * This section simulates ntpdate. If the offset exceeds the
+ 	 * step threshold (128 ms), step the clock to that time and
+@@ -538,12 +539,8 @@
+ 		else
+ 			dtemp = (peer->delay - sys_mindly) / 2;
+ 		fp_offset += dtemp;
+-#ifdef DEBUG
+-		if (debug)
+-			printf(
+-		    "local_clock: size %d mindly %.6f huffpuff %.6f\n",
+-			    sys_hufflen, sys_mindly, dtemp);
+-#endif
++		DPRINTF(1, ("local_clock: size %d mindly %.6f huffpuff %.6f\n",
++			    sys_hufflen, sys_mindly, dtemp));
+ 	}
+ 
+ 	/*
+@@ -694,7 +691,6 @@
+ 		 * startup until the initial transient has subsided.
+ 		 */
+ 		default:
+-			allow_panic = FALSE;
+ 			if (freq_cnt == 0) {
+ 
+ 				/*
+@@ -921,15 +917,11 @@
+ 	 */
+ 	record_loop_stats(clock_offset, drift_comp, clock_jitter,
+ 	    clock_stability, sys_poll);
+-#ifdef DEBUG
+-	if (debug)
+-		printf(
+-		    "local_clock: offset %.9f jit %.9f freq %.3f stab %.3f poll %d\n",
++	DPRINTF(1, ("local_clock: offset %.9f jit %.9f freq %.3f stab %.3f poll %d\n",
+ 		    clock_offset, clock_jitter, drift_comp * 1e6,
+-		    clock_stability * 1e6, sys_poll);
+-#endif /* DEBUG */
++		    clock_stability * 1e6, sys_poll));
+ 	return (rval);
+-#endif /* LOCKCLOCK */
++#endif /* not LOCKCLOCK */
+ }
+ 
+ 
+@@ -1005,7 +997,10 @@
+ 	 * but does not automatically stop slewing when an offset
+ 	 * has decayed to zero.
+ 	 */
++	DEBUG_INSIST(enable_panic_check == TRUE);
++	enable_panic_check = FALSE;
+ 	adj_systime(offset_adj + freq_adj);
++	enable_panic_check = TRUE;
+ #endif /* LOCKCLOCK */
+ }
+ 
+@@ -1019,12 +1014,9 @@
+ 	double	offset		/* new offset */
+ 	)
+ {
+-#ifdef DEBUG
+-	if (debug > 1)
+-		printf("local_clock: mu %lu state %d poll %d count %d\n",
++	DPRINTF(2, ("rstclock: mu %lu state %d poll %d count %d\n",
+ 		    current_time - clock_epoch, trans, sys_poll,
+-		    tc_counter);
+-#endif
++		    tc_counter));
+ 	if (trans != state && trans != EVNT_FSET)
+ 		report_event(trans, NULL, NULL);
+ 	state = trans;
+@@ -1075,6 +1067,7 @@
+ 	const char *	loop_desc;
+ 	int ntp_adj_ret;
+ 
++	(void)ntp_adj_ret; /* not always used below... */
+ 	drift_comp = freq;
+ 	loop_desc = "ntpd";
+ #ifdef KERNEL_PLL
+@@ -1236,10 +1229,7 @@
+ 	int	i;
+ 	double	ftemp;
+ 
+-#ifdef DEBUG
+-	if (debug > 1)
+-		printf("loop_config: item %d freq %f\n", item, freq);
+-#endif
++	DPRINTF(2, ("loop_config: item %d freq %f\n", item, freq));
+ 	switch (item) {
+ 
+ 	/*
+--- contrib/ntp/ntpd/ntp_parser.c.orig
++++ contrib/ntp/ntpd/ntp_parser.c
+@@ -889,21 +889,21 @@
+      872,   873,   874,   875,   876,   877,   878,   879,   880,   881,
+      882,   886,   891,   899,   904,   905,   906,   910,   915,   923,
+      928,   929,   930,   931,   932,   933,   934,   935,   943,   953,
+-     958,   966,   968,   970,   972,   974,   979,   980,   984,   985,
+-     986,   987,   995,  1000,  1005,  1013,  1018,  1019,  1020,  1029,
+-    1031,  1036,  1041,  1049,  1051,  1068,  1069,  1070,  1071,  1072,
+-    1073,  1077,  1078,  1086,  1091,  1096,  1104,  1109,  1110,  1111,
+-    1112,  1113,  1114,  1115,  1116,  1117,  1118,  1127,  1128,  1129,
+-    1136,  1143,  1150,  1166,  1185,  1187,  1189,  1191,  1193,  1195,
+-    1202,  1207,  1208,  1209,  1213,  1217,  1226,  1227,  1231,  1232,
+-    1233,  1237,  1248,  1262,  1274,  1279,  1281,  1286,  1287,  1295,
+-    1297,  1305,  1310,  1318,  1343,  1350,  1360,  1361,  1365,  1366,
+-    1367,  1368,  1372,  1373,  1374,  1378,  1383,  1388,  1396,  1397,
+-    1398,  1399,  1400,  1401,  1402,  1412,  1417,  1425,  1430,  1438,
+-    1440,  1444,  1449,  1454,  1462,  1467,  1475,  1484,  1485,  1489,
+-    1490,  1499,  1517,  1521,  1526,  1534,  1539,  1540,  1544,  1549,
+-    1557,  1562,  1567,  1572,  1577,  1585,  1590,  1595,  1603,  1608,
+-    1609,  1610,  1611,  1612
++     958,   966,   968,   970,   979,   981,   986,   987,   991,   992,
++     993,   994,  1002,  1007,  1012,  1020,  1025,  1026,  1027,  1036,
++    1038,  1043,  1048,  1056,  1058,  1075,  1076,  1077,  1078,  1079,
++    1080,  1084,  1085,  1093,  1098,  1103,  1111,  1116,  1117,  1118,
++    1119,  1120,  1121,  1122,  1123,  1124,  1125,  1134,  1135,  1136,
++    1143,  1150,  1157,  1173,  1192,  1194,  1196,  1198,  1200,  1202,
++    1209,  1214,  1215,  1216,  1220,  1224,  1233,  1234,  1238,  1239,
++    1240,  1244,  1255,  1269,  1281,  1286,  1288,  1293,  1294,  1302,
++    1304,  1312,  1317,  1325,  1350,  1357,  1367,  1368,  1372,  1373,
++    1374,  1375,  1379,  1380,  1381,  1385,  1390,  1395,  1403,  1404,
++    1405,  1406,  1407,  1408,  1409,  1419,  1424,  1432,  1437,  1445,
++    1447,  1451,  1456,  1461,  1469,  1474,  1482,  1491,  1492,  1496,
++    1497,  1506,  1524,  1528,  1533,  1541,  1546,  1547,  1551,  1556,
++    1564,  1569,  1574,  1579,  1584,  1592,  1597,  1602,  1610,  1615,
++    1616,  1617,  1618,  1619
+ };
+ #endif
+ 
+@@ -2684,90 +2684,97 @@
+ 
+   case 173:
+ #line 971 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+-    { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 2689 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++    {
++			if ((yyvsp[0].Integer) >= 0 && (yyvsp[0].Integer) <= 16) {
++				(yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer));
++			} else {
++				(yyval.Attr_val) = NULL;
++				yyerror("fudge factor: stratum value not in [0..16], ignored");
++			}
++		}
++#line 2696 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 174:
+-#line 973 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 980 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); }
+-#line 2695 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2702 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 175:
+-#line 975 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 982 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); }
+-#line 2701 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2708 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 182:
+-#line 996 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1003 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { CONCAT_G_FIFOS(cfgt.rlimit, (yyvsp[0].Attr_val_fifo)); }
+-#line 2707 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2714 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 183:
+-#line 1001 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1008 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 2716 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2723 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 184:
+-#line 1006 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1013 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 2725 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2732 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 185:
+-#line 1014 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1021 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 2731 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2738 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 189:
+-#line 1030 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1037 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { CONCAT_G_FIFOS(cfgt.enable_opts, (yyvsp[0].Attr_val_fifo)); }
+-#line 2737 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2744 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 190:
+-#line 1032 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1039 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { CONCAT_G_FIFOS(cfgt.disable_opts, (yyvsp[0].Attr_val_fifo)); }
+-#line 2743 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2750 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 191:
+-#line 1037 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1044 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 2752 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2759 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 192:
+-#line 1042 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1049 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 2761 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2768 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 193:
+-#line 1050 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1057 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); }
+-#line 2767 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2774 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 194:
+-#line 1052 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1059 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			if (lex_from_file()) {
+ 				(yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer));
+@@ -2781,41 +2788,41 @@
+ 				yyerror(err_str);
+ 			}
+ 		}
+-#line 2785 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2792 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 203:
+-#line 1087 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1094 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { CONCAT_G_FIFOS(cfgt.tinker, (yyvsp[0].Attr_val_fifo)); }
+-#line 2791 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2798 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 204:
+-#line 1092 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1099 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 2800 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2807 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 205:
+-#line 1097 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1104 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 2809 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2816 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 206:
+-#line 1105 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1112 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); }
+-#line 2815 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2822 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 219:
+-#line 1130 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1137 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			attr_val *av;
+ 
+@@ -2822,11 +2829,11 @@
+ 			av = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double));
+ 			APPEND_G_FIFO(cfgt.vars, av);
+ 		}
+-#line 2826 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2833 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 220:
+-#line 1137 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1144 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			attr_val *av;
+ 
+@@ -2833,11 +2840,11 @@
+ 			av = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer));
+ 			APPEND_G_FIFO(cfgt.vars, av);
+ 		}
+-#line 2837 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2844 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 221:
+-#line 1144 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1151 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			attr_val *av;
+ 
+@@ -2844,11 +2851,11 @@
+ 			av = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String));
+ 			APPEND_G_FIFO(cfgt.vars, av);
+ 		}
+-#line 2848 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2855 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 222:
+-#line 1151 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1158 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			char error_text[64];
+ 			attr_val *av;
+@@ -2864,11 +2871,11 @@
+ 				yyerror(error_text);
+ 			}
+ 		}
+-#line 2868 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2875 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 223:
+-#line 1167 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1174 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			if (!lex_from_file()) {
+ 				YYFREE((yyvsp[-1].String)); /* avoid leak */
+@@ -2887,41 +2894,41 @@
+ 			}
+ 			YYFREE((yyvsp[-1].String)); /* avoid leak */
+ 		}
+-#line 2891 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2898 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 224:
+-#line 1186 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1193 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { lex_flush_stack(); }
+-#line 2897 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2904 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 225:
+-#line 1188 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1195 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { /* see drift_parm below for actions */ }
+-#line 2903 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2910 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 226:
+-#line 1190 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1197 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { CONCAT_G_FIFOS(cfgt.logconfig, (yyvsp[0].Attr_val_fifo)); }
+-#line 2909 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2916 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 227:
+-#line 1192 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1199 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { CONCAT_G_FIFOS(cfgt.phone, (yyvsp[0].String_fifo)); }
+-#line 2915 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2922 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 228:
+-#line 1194 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1201 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { APPEND_G_FIFO(cfgt.setvar, (yyvsp[0].Set_var)); }
+-#line 2921 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2928 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 229:
+-#line 1196 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1203 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			addr_opts_node *aon;
+ 
+@@ -2928,27 +2935,27 @@
+ 			aon = create_addr_opts_node((yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo));
+ 			APPEND_G_FIFO(cfgt.trap, aon);
+ 		}
+-#line 2932 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2939 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 230:
+-#line 1203 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1210 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { CONCAT_G_FIFOS(cfgt.ttl, (yyvsp[0].Attr_val_fifo)); }
+-#line 2938 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2945 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 235:
+-#line 1218 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1225 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ #ifndef LEAP_SMEAR
+ 			yyerror("Built without LEAP_SMEAR support.");
+ #endif
+ 		}
+-#line 2948 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2955 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 241:
+-#line 1238 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1245 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			if (lex_from_file()) {
+ 				attr_val *av;
+@@ -2959,11 +2966,11 @@
+ 				yyerror("driftfile remote configuration ignored");
+ 			}
+ 		}
+-#line 2963 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2970 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 242:
+-#line 1249 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1256 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			if (lex_from_file()) {
+ 				attr_val *av;
+@@ -2976,11 +2983,11 @@
+ 				yyerror("driftfile remote configuration ignored");
+ 			}
+ 		}
+-#line 2980 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 2987 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 243:
+-#line 1262 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1269 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			if (lex_from_file()) {
+ 				attr_val *av;
+@@ -2990,71 +2997,71 @@
+ 				yyerror("driftfile remote configuration ignored");
+ 			}
+ 		}
+-#line 2994 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3001 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 244:
+-#line 1275 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1282 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Set_var) = create_setvar_node((yyvsp[-3].String), (yyvsp[-1].String), (yyvsp[0].Integer)); }
+-#line 3000 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3007 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 246:
+-#line 1281 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1288 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Integer) = 0; }
+-#line 3006 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3013 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 247:
+-#line 1286 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1293 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val_fifo) = NULL; }
+-#line 3012 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3019 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 248:
+-#line 1288 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1295 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 3021 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3028 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 249:
+-#line 1296 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1303 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); }
+-#line 3027 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3034 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 250:
+-#line 1298 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1305 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), estrdup((yyvsp[0].Address_node)->address));
+ 			destroy_address_node((yyvsp[0].Address_node));
+ 		}
+-#line 3036 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3043 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 251:
+-#line 1306 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1313 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 3045 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3052 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 252:
+-#line 1311 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1318 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 3054 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3061 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 253:
+-#line 1319 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1326 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			char	prefix;
+ 			char *	type;
+@@ -3076,11 +3083,11 @@
+ 			(yyval.Attr_val) = create_attr_sval(prefix, estrdup(type));
+ 			YYFREE((yyvsp[0].String));
+ 		}
+-#line 3080 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3087 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 254:
+-#line 1344 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1351 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			nic_rule_node *nrn;
+ 
+@@ -3087,11 +3094,11 @@
+ 			nrn = create_nic_rule_node((yyvsp[0].Integer), NULL, (yyvsp[-1].Integer));
+ 			APPEND_G_FIFO(cfgt.nic_rules, nrn);
+ 		}
+-#line 3091 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3098 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 255:
+-#line 1351 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1358 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			nic_rule_node *nrn;
+ 
+@@ -3098,119 +3105,119 @@
+ 			nrn = create_nic_rule_node(0, (yyvsp[0].String), (yyvsp[-1].Integer));
+ 			APPEND_G_FIFO(cfgt.nic_rules, nrn);
+ 		}
+-#line 3102 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3109 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 265:
+-#line 1379 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1386 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { CONCAT_G_FIFOS(cfgt.reset_counters, (yyvsp[0].Int_fifo)); }
+-#line 3108 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3115 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 266:
+-#line 1384 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1391 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Int_fifo) = (yyvsp[-1].Int_fifo);
+ 			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer)));
+ 		}
+-#line 3117 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3124 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 267:
+-#line 1389 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1396 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Int_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer)));
+ 		}
+-#line 3126 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3133 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 275:
+-#line 1413 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1420 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer)));
+ 		}
+-#line 3135 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3142 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 276:
+-#line 1418 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1425 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer)));
+ 		}
+-#line 3144 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3151 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 277:
+-#line 1426 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1433 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo);
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 3153 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3160 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 278:
+-#line 1431 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1438 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val));
+ 		}
+-#line 3162 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3169 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 279:
+-#line 1439 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1446 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_ival('i', (yyvsp[0].Integer)); }
+-#line 3168 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3175 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 281:
+-#line 1445 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1452 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_rangeval('-', (yyvsp[-3].Integer), (yyvsp[-1].Integer)); }
+-#line 3174 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3181 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 282:
+-#line 1450 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1457 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.String_fifo) = (yyvsp[-1].String_fifo);
+ 			APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String)));
+ 		}
+-#line 3183 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3190 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 283:
+-#line 1455 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1462 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.String_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String)));
+ 		}
+-#line 3192 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3199 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 284:
+-#line 1463 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1470 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Address_fifo) = (yyvsp[-1].Address_fifo);
+ 			APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node));
+ 		}
+-#line 3201 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3208 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 285:
+-#line 1468 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1475 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Address_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node));
+ 		}
+-#line 3210 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3217 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 286:
+-#line 1476 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1483 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			if ((yyvsp[0].Integer) != 0 && (yyvsp[0].Integer) != 1) {
+ 				yyerror("Integer value is not boolean (0 or 1). Assuming 1");
+@@ -3219,29 +3226,29 @@
+ 				(yyval.Integer) = (yyvsp[0].Integer);
+ 			}
+ 		}
+-#line 3223 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3230 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 287:
+-#line 1484 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1491 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Integer) = 1; }
+-#line 3229 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3236 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 288:
+-#line 1485 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1492 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Integer) = 0; }
+-#line 3235 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3242 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 289:
+-#line 1489 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1496 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Double) = (double)(yyvsp[0].Integer); }
+-#line 3241 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3248 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 291:
+-#line 1500 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1507 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			sim_node *sn;
+ 
+@@ -3251,125 +3258,125 @@
+ 			/* Revert from ; to \n for end-of-command */
+ 			old_config_style = 1;
+ 		}
+-#line 3255 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3262 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 292:
+-#line 1517 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1524 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { old_config_style = 0; }
+-#line 3261 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3268 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 293:
+-#line 1522 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1529 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo);
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val));
+ 		}
+-#line 3270 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3277 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 294:
+-#line 1527 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1534 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val));
+ 		}
+-#line 3279 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3286 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 295:
+-#line 1535 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1542 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); }
+-#line 3285 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3292 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 298:
+-#line 1545 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1552 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Sim_server_fifo) = (yyvsp[-1].Sim_server_fifo);
+ 			APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server));
+ 		}
+-#line 3294 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3301 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 299:
+-#line 1550 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1557 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Sim_server_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server));
+ 		}
+-#line 3303 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3310 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 300:
+-#line 1558 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1565 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Sim_server) = ONLY_SIM(create_sim_server((yyvsp[-4].Address_node), (yyvsp[-2].Double), (yyvsp[-1].Sim_script_fifo))); }
+-#line 3309 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3316 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 301:
+-#line 1563 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1570 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Double) = (yyvsp[-1].Double); }
+-#line 3315 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3322 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 302:
+-#line 1568 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1575 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Address_node) = (yyvsp[0].Address_node); }
+-#line 3321 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3328 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 303:
+-#line 1573 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1580 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Sim_script_fifo) = (yyvsp[-1].Sim_script_fifo);
+ 			APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script));
+ 		}
+-#line 3330 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3337 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 304:
+-#line 1578 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1585 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Sim_script_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script));
+ 		}
+-#line 3339 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3346 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 305:
+-#line 1586 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1593 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Sim_script) = ONLY_SIM(create_sim_script_info((yyvsp[-3].Double), (yyvsp[-1].Attr_val_fifo))); }
+-#line 3345 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3352 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 306:
+-#line 1591 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1598 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo);
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val));
+ 		}
+-#line 3354 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3361 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 307:
+-#line 1596 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1603 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     {
+ 			(yyval.Attr_val_fifo) = NULL;
+ 			APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val));
+ 		}
+-#line 3363 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3370 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+   case 308:
+-#line 1604 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
++#line 1611 "../../ntpd/ntp_parser.y" /* yacc.c:1646  */
+     { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); }
+-#line 3369 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3376 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+     break;
+ 
+ 
+-#line 3373 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
++#line 3380 "../../ntpd/ntp_parser.c" /* yacc.c:1646  */
+       default: break;
+     }
+   /* User semantic actions sometimes alter yychar, and that requires
+@@ -3597,7 +3604,7 @@
+ #endif
+   return yyresult;
+ }
+-#line 1615 "../../ntpd/ntp_parser.y" /* yacc.c:1906  */
++#line 1622 "../../ntpd/ntp_parser.y" /* yacc.c:1906  */
+ 
+ 
+ void
+--- contrib/ntp/ntpd/ntp_proto.c.orig
++++ contrib/ntp/ntpd/ntp_proto.c
+@@ -15,6 +15,7 @@
+ #include "ntp_string.h"
+ #include "ntp_leapsec.h"
+ #include "refidsmear.h"
++#include "lib_strbuf.h"
+ 
+ #include 
+ #ifdef HAVE_LIBSCF_H
+@@ -172,8 +173,14 @@
+ 				 const struct addrinfo *);
+ #endif /* WORKER */
+ 
++const char *	amtoa		(int am);
++
++
+ void
+-set_sys_leap(u_char new_sys_leap) {
++set_sys_leap(
++	u_char new_sys_leap
++	)
++{
+ 	sys_leap = new_sys_leap;
+ 	xmt_leap = sys_leap;
+ 
+@@ -189,8 +196,9 @@
+ #ifdef LEAP_SMEAR
+ 		else {
+ 			/*
+-			 * If leap smear is enabled in general we must never send a leap second warning
+-			 * to clients, so make sure we only send "in sync".
++			 * If leap smear is enabled in general we must
++			 * never send a leap second warning to clients,
++			 * so make sure we only send "in sync".
+ 			 */
+ 			if (leap_smear.enabled)
+ 				xmt_leap = LEAP_NOWARNING;
+@@ -199,34 +207,39 @@
+ 	}
+ }
+ 
++
+ /*
+  * Kiss Code check
+  */
+-int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid) {
++int
++kiss_code_check(
++	u_char hisleap,
++	u_char hisstratum,
++	u_char hismode,
++	u_int32 refid
++	)
++{
+ 
+-		if (   hismode == MODE_SERVER
+-		    && hisleap == LEAP_NOTINSYNC
+-		    && hisstratum == STRATUM_UNSPEC) {
+-				if(memcmp(&refid,"RATE", 4) == 0) {
+-					return (RATEKISS);	
+-				}
+-				else if(memcmp(&refid,"DENY", 4) == 0) {
+-					return (DENYKISS);	
+-				}
+-				else if(memcmp(&refid,"RSTR", 4) == 0) {
+-					return (RSTRKISS);	
+-				}
+-				else if(memcmp(&refid,"X", 1) == 0) {
+-					return (XKISS);	
+-				}
+-				else {
+-					return (UNKNOWNKISS);
+-				}
++	if (   hismode == MODE_SERVER
++	    && hisleap == LEAP_NOTINSYNC
++	    && hisstratum == STRATUM_UNSPEC) {
++		if(memcmp(&refid,"RATE", 4) == 0) {
++			return (RATEKISS);
++		} else if(memcmp(&refid,"DENY", 4) == 0) {
++			return (DENYKISS);
++		} else if(memcmp(&refid,"RSTR", 4) == 0) {
++			return (RSTRKISS);
++		} else if(memcmp(&refid,"X", 1) == 0) {
++			return (XKISS);
++		} else {
++			return (UNKNOWNKISS);
+ 		}
+-		else {
+-			return (NOKISS);
+-		}
++	} else {
++		return (NOKISS);
++	}
+ }
++
++
+ /*
+  * transmit - transmit procedure called by poll timeout
+  */
+@@ -303,7 +316,7 @@
+ 		peer->outdate = current_time;
+ 		if (   (peer_associations <= 2 * sys_maxclock)
+ 		    && (   peer_associations < sys_maxclock
+-		    	|| sys_survivors < sys_minclock))
++			|| sys_survivors < sys_minclock))
+ 			pool_xmit(peer);
+ 		poll_update(peer, hpoll);
+ 		return;
+@@ -416,9 +429,36 @@
+ 	if (peer->hmode != MODE_BCLIENT)
+ 		peer_xmit(peer);
+ 	poll_update(peer, hpoll);
++
++	return;
+ }
+ 
+ 
++const char *
++amtoa(
++	int am
++	)
++{
++	char *bp;
++
++	switch(am) {
++	    case AM_ERR:	return "AM_ERR";
++	    case AM_NOMATCH:	return "AM_NOMATCH";
++	    case AM_PROCPKT:	return "AM_PROCPKT";
++	    case AM_BCST:	return "AM_BCST";
++	    case AM_FXMIT:	return "AM_FXMIT";
++	    case AM_MANYCAST:	return "AM_MANYCAST";
++	    case AM_NEWPASS:	return "AM_NEWPASS";
++	    case AM_NEWBCL:	return "AM_NEWBCL";
++	    case AM_POSSBCL:	return "AM_POSSBCL";
++	    default:
++		LIB_GETBUF(bp);
++		snprintf(bp, LIB_BUFLENGTH, "AM_#%d", am);
++		return bp;
++	}
++}
++
++
+ /*
+  * receive - receive procedure called for each packet received
+  */
+@@ -434,7 +474,9 @@
+ 	u_char	hismode;		/* packet mode */
+ 	u_char	hisstratum;		/* packet stratum */
+ 	u_short	restrict_mask;		/* restrict bits */
+-	int kissCode = NOKISS;	/* Kiss Code */
++	const char *hm_str;		/* hismode string */
++	const char *am_str;		/* association match string */
++	int	kissCode = NOKISS;	/* Kiss Code */
+ 	int	has_mac;		/* length of MAC field */
+ 	int	authlen;		/* offset of MAC field */
+ 	int	is_authentic = 0;	/* cryptosum ok */
+@@ -441,9 +483,9 @@
+ 	int	retcode = AM_NOMATCH;	/* match code */
+ 	keyid_t	skeyid = 0;		/* key IDs */
+ 	u_int32	opcode = 0;		/* extension field opcode */
+-	sockaddr_u *dstadr_sin; 	/* active runway */
++	sockaddr_u *dstadr_sin;		/* active runway */
+ 	struct peer *peer2;		/* aux peer structure pointer */
+-	endpt *	match_ep;		/* newpeer() local address */
++	endpt	*match_ep;		/* newpeer() local address */
+ 	l_fp	p_org;			/* origin timestamp */
+ 	l_fp	p_rec;			/* receive timestamp */
+ 	l_fp	p_xmt;			/* transmit timestamp */
+@@ -474,11 +516,12 @@
+ 		return;				/* bogus port */
+ 	}
+ 	restrict_mask = restrictions(&rbufp->recv_srcadr);
+-	DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x\n",
++	pkt = &rbufp->recv_pkt;
++	DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x org %#010x.%08x xmt %#010x.%08x\n",
+ 		    current_time, stoa(&rbufp->dstadr->sin),
+-		    stoa(&rbufp->recv_srcadr),
+-		    rbufp->dstadr->flags, restrict_mask));
+-	pkt = &rbufp->recv_pkt;
++		    stoa(&rbufp->recv_srcadr), rbufp->dstadr->flags,
++		    restrict_mask, ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
++		    ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
+ 	hisversion = PKT_VERSION(pkt->li_vn_mode);
+ 	hisleap = PKT_LEAP(pkt->li_vn_mode);
+ 	hismode = (int)PKT_MODE(pkt->li_vn_mode);
+@@ -685,6 +728,8 @@
+ 	NTOHL_FP(&pkt->org, &p_org);
+ 	NTOHL_FP(&pkt->rec, &p_rec);
+ 	NTOHL_FP(&pkt->xmt, &p_xmt);
++	hm_str = modetoa(hismode);
++	am_str = amtoa(retcode);
+ 
+ 	/*
+ 	 * Authentication is conditioned by three switches:
+@@ -713,25 +758,21 @@
+ 	if (has_mac == 0) {
+ 		restrict_mask &= ~RES_MSSNTP;
+ 		is_authentic = AUTH_NONE; /* not required */
+-#ifdef DEBUG
+-		if (debug)
+-			printf(
+-			    "receive: at %ld %s<-%s mode %d len %d\n",
++		DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n",
+ 			    current_time, stoa(dstadr_sin),
+-			    stoa(&rbufp->recv_srcadr), hismode,
+-			    authlen);
+-#endif
++			    stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
++			    authlen,
++			    ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
++			    ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
+ 	} else if (has_mac == 4) {
+ 		restrict_mask &= ~RES_MSSNTP;
+ 		is_authentic = AUTH_CRYPTO; /* crypto-NAK */
+-#ifdef DEBUG
+-		if (debug)
+-			printf(
+-			    "receive: at %ld %s<-%s mode %d keyid %08x len %d auth %d\n",
++		DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC4\n",
+ 			    current_time, stoa(dstadr_sin),
+-			    stoa(&rbufp->recv_srcadr), hismode, skeyid,
+-			    authlen + has_mac, is_authentic);
+-#endif
++			    stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
++			    skeyid, authlen + has_mac, is_authentic,
++			    ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
++			    ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
+ 
+ #ifdef HAVE_NTP_SIGND
+ 		/*
+@@ -747,7 +788,7 @@
+ 		   && (restrict_mask & RES_MSSNTP)
+ 		   && (retcode == AM_FXMIT || retcode == AM_NEWPASS)
+ 		   && (memcmp(zero_key, (char *)pkt + authlen + 4,
+-		   	      MAX_MD5_LEN - 4) == 0)) {
++			      MAX_MD5_LEN - 4) == 0)) {
+ 		is_authentic = AUTH_NONE;
+ #endif /* HAVE_NTP_SIGND */
+ 
+@@ -856,14 +897,12 @@
+ 		if (crypto_flags && skeyid > NTP_MAXKEY)
+ 			authtrust(skeyid, 0);
+ #endif	/* AUTOKEY */
+-#ifdef DEBUG
+-		if (debug)
+-			printf(
+-			    "receive: at %ld %s<-%s mode %d keyid %08x len %d auth %d\n",
++		DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x\n",
+ 			    current_time, stoa(dstadr_sin),
+-			    stoa(&rbufp->recv_srcadr), hismode, skeyid,
+-			    authlen + has_mac, is_authentic);
+-#endif
++			    stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
++			    skeyid, authlen + has_mac, is_authentic,
++			    ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
++			    ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
+ 	}
+ 
+ 	/*
+@@ -1194,11 +1233,11 @@
+ 			 * debug-printed and not logged to avoid log
+ 			 * flooding.
+ 			 */
+-			DPRINTF(1, ("receive: at %ld refusing to mobilize passive association"
+-				    " with unknown peer %s mode %d keyid %08x len %d auth %d\n",
++			DPRINTF(2, ("receive: at %ld refusing to mobilize passive association"
++				    " with unknown peer %s mode %d/%s:%s keyid %08x len %d auth %d\n",
+ 				    current_time, stoa(&rbufp->recv_srcadr),
+-				    hismode, skeyid, (authlen + has_mac),
+-				    is_authentic));
++				    hismode, hm_str, am_str, skeyid,
++				    (authlen + has_mac), is_authentic));
+ 			sys_declined++;
+ 			return;
+ 		}
+@@ -1321,26 +1360,36 @@
+ 		}
+ 
+ 	/*
+-	 * Check for bogus packet in basic mode. If found, switch to
+-	 * interleaved mode and resynchronize, but only after confirming
+-	 * the packet is not bogus in symmetric interleaved mode.
++	 * Basic mode checks:
+ 	 *
++	 * If there is no origin timestamp, it's an initial packet.
++	 *
++	 * Otherwise, check for bogus packet in basic mode.
++	 * If it is bogus, switch to interleaved mode and resynchronize,
++	 * but only after confirming the packet is not bogus in
++	 * symmetric interleaved mode.
++	 *
+ 	 * This could also mean somebody is forging packets claiming to
+ 	 * be from us, attempting to cause our server to KoD us.
+ 	 */
+ 	} else if (peer->flip == 0) {
+-		if (!L_ISEQU(&p_org, &peer->aorg)) {
++		if (0 < hisstratum && L_ISZERO(&p_org)) {
++			L_CLR(&peer->aorg);
++		} else if (!L_ISEQU(&p_org, &peer->aorg)) {
+ 			peer->bogusorg++;
+ 			peer->flash |= TEST2;	/* bogus */
+ 			msyslog(LOG_INFO,
+-				"receive: Unexpected origin timestamp from %s",
+-				ntoa(&peer->srcadr));
++				"receive: Unexpected origin timestamp %#010x.%08x from %s xmt %#010x.%08x",
++				ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
++				ntoa(&peer->srcadr),
++				ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf));
+ 			if (  !L_ISZERO(&peer->dst)
+ 			    && L_ISEQU(&p_org, &peer->dst)) {
++				/* Might be the start of an interleave */
+ 				peer->flip = 1;
+ 				report_event(PEVNT_XLEAVE, peer, NULL);
+ 			}
+-			return; /* Bogus packet, we are done */
++			return; /* Bogus or possible interleave packet */
+ 		} else {
+ 			L_CLR(&peer->aorg);
+ 		}
+@@ -1694,11 +1743,8 @@
+ 	 */
+ 	if (peer->flash & PKT_TEST_MASK) {
+ 		peer->seldisptoolarge++;
+-#ifdef DEBUG
+-		if (debug)
+-			printf("packet: flash header %04x\n",
+-			    peer->flash);
+-#endif
++		DPRINTF(1, ("packet: flash header %04x\n",
++			    peer->flash));
+ 		return;
+ 	}
+ 
+@@ -1871,15 +1917,12 @@
+ 	 * the roundtrip delay. Then it calculates the correction as a
+ 	 * fraction of d.
+ 	 */
+- 	peer->t21 = t21;
++	peer->t21 = t21;
+ 	peer->t21_last = peer->t21_bytes;
+ 	peer->t34 = -t34;
+ 	peer->t34_bytes = len;
+-#ifdef DEBUG
+-	if (debug > 1)
+-		printf("packet: t21 %.9lf %d t34 %.9lf %d\n", peer->t21,
+-		    peer->t21_bytes, peer->t34, peer->t34_bytes);
+-#endif
++	DPRINTF(2, ("packet: t21 %.9lf %d t34 %.9lf %d\n", peer->t21,
++		    peer->t21_bytes, peer->t34, peer->t34_bytes));
+ 	if (peer->r21 > 0 && peer->r34 > 0 && p_del > 0) {
+ 		if (peer->pmode != MODE_BROADCAST)
+ 			td = (peer->r34 / (peer->r21 + peer->r34) -
+@@ -1888,7 +1931,7 @@
+ 			td = 0;
+ 
+ 		/*
+- 		 * Unfortunately, in many cases the errors are
++		 * Unfortunately, in many cases the errors are
+ 		 * unacceptable, so for the present the rates are not
+ 		 * used. In future, we might find conditions where the
+ 		 * calculations are useful, so this should be considered
+@@ -1896,12 +1939,9 @@
+ 		 */
+ 		t21 -= td;
+ 		t34 -= td;
+-#ifdef DEBUG
+-		if (debug > 1)
+-			printf("packet: del %.6lf r21 %.1lf r34 %.1lf %.6lf\n",
++		DPRINTF(2, ("packet: del %.6lf r21 %.1lf r34 %.1lf %.6lf\n",
+ 			    p_del, peer->r21 / 1e3, peer->r34 / 1e3,
+-			    td);
+-#endif
++			    td));
+ 	}
+ #endif /* ASSYM */
+ 
+@@ -1994,12 +2034,8 @@
+ 	sys_rootdelay = peer->delay + peer->rootdelay;
+ 	sys_reftime = peer->dst;
+ 
+-#ifdef DEBUG
+-	if (debug)
+-		printf(
+-		    "clock_update: at %lu sample %lu associd %d\n",
+-		    current_time, peer->epoch, peer->associd);
+-#endif
++	DPRINTF(1, ("clock_update: at %lu sample %lu associd %d\n",
++		    current_time, peer->epoch, peer->associd));
+ 
+ 	/*
+ 	 * Comes now the moment of truth. Crank the clock discipline and
+@@ -2308,13 +2344,9 @@
+ #ifdef AUTOKEY
+ 	peer->refresh = current_time + (1 << NTP_REFRESH);
+ #endif	/* AUTOKEY */
+-#ifdef DEBUG
+-	if (debug)
+-		printf(
+-		    "peer_clear: at %ld next %ld associd %d refid %s\n",
++	DPRINTF(1, ("peer_clear: at %ld next %ld associd %d refid %s\n",
+ 		    current_time, peer->nextdate, peer->associd,
+-		    ident);
+-#endif
++		    ident));
+ }
+ 
+ 
+@@ -2478,11 +2510,8 @@
+ 	 * packets.
+ 	 */
+ 	if (peer->filter_epoch[k] <= peer->epoch) {
+-#if DEBUG
+-	if (debug > 1)
+-		printf("clock_filter: old sample %lu\n", current_time -
+-		    peer->filter_epoch[k]);
+-#endif
++	DPRINTF(2, ("clock_filter: old sample %lu\n", current_time -
++		    peer->filter_epoch[k]));
+ 		return;
+ 	}
+ 	peer->epoch = peer->filter_epoch[k];
+@@ -2494,13 +2523,9 @@
+ 	 */
+ 	record_peer_stats(&peer->srcadr, ctlpeerstatus(peer),
+ 	    peer->offset, peer->delay, peer->disp, peer->jitter);
+-#ifdef DEBUG
+-	if (debug)
+-		printf(
+-		    "clock_filter: n %d off %.6f del %.6f dsp %.6f jit %.6f\n",
++	DPRINTF(1, ("clock_filter: n %d off %.6f del %.6f dsp %.6f jit %.6f\n",
+ 		    m, peer->offset, peer->delay, peer->disp,
+-		    peer->jitter);
+-#endif
++		    peer->jitter));
+ 	if (peer->burst == 0 || sys_leap == LEAP_NOTINSYNC)
+ 		clock_select();
+ }
+@@ -3004,7 +3029,7 @@
+ 		typesystem = typepps;
+ 		sys_clockhop = 0;
+ 		typesystem->new_status = CTL_PST_SEL_PPS;
+- 		sys_offset = typesystem->offset;
++		sys_offset = typesystem->offset;
+ 		sys_jitter = typesystem->jitter;
+ 		DPRINTF(1, ("select: pps offset %.9f jitter %.9f\n",
+ 			sys_offset, sys_jitter));
+@@ -3157,11 +3182,11 @@
+ 	 * might not be usable.
+ 	 */
+ 	sendlen = LEN_PKT_NOMAC;
++	if (
+ #ifdef AUTOKEY
+-	if (!(peer->flags & FLAG_SKEY) && peer->keyid == 0) {
+-#else	/* !AUTOKEY follows */
+-	if (peer->keyid == 0) {
++	    !(peer->flags & FLAG_SKEY) &&
+ #endif	/* !AUTOKEY */
++	    peer->keyid == 0) {
+ 
+ 		/*
+ 		 * Transmit a-priori timestamps
+@@ -3207,13 +3232,11 @@
+ 		}
+ 		L_SUB(&xmt_ty, &xmt_tx);
+ 		LFPTOD(&xmt_ty, peer->xleave);
+-#ifdef DEBUG
+-		if (debug)
+-			printf("transmit: at %ld %s->%s mode %d len %zu\n",
+-		    	    current_time, peer->dstadr ?
+-			    stoa(&peer->dstadr->sin) : "-",
+-		            stoa(&peer->srcadr), peer->hmode, sendlen);
+-#endif
++		DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d len %zu xmt %#010x.%08x\n",
++			    current_time,
++			    peer->dstadr ? stoa(&peer->dstadr->sin) : "-",
++		            stoa(&peer->srcadr), peer->hmode, sendlen,
++			    xmt_tx.l_ui, xmt_tx.l_uf));
+ 		return;
+ 	}
+ 
+@@ -3498,7 +3521,7 @@
+ 		authtrust(xkeyid, 0);
+ #endif	/* AUTOKEY */
+ 	if (sendlen > sizeof(xpkt)) {
+-		msyslog(LOG_ERR, "proto: buffer overflow %zu", sendlen);
++		msyslog(LOG_ERR, "peer_xmit: buffer overflow %zu", sendlen);
+ 		exit (-1);
+ 	}
+ 	peer->t21_bytes = sendlen;
+@@ -3521,22 +3544,18 @@
+ 	L_SUB(&xmt_ty, &xmt_tx);
+ 	LFPTOD(&xmt_ty, peer->xleave);
+ #ifdef AUTOKEY
+-#ifdef DEBUG
+-	if (debug)
+-		printf("transmit: at %ld %s->%s mode %d keyid %08x len %zu index %d\n",
++	DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu index %d\n",
+ 		    current_time, latoa(peer->dstadr),
+ 		    ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen,
+-		    peer->keynumber);
+-#endif
++		    peer->keynumber));
+ #else	/* !AUTOKEY follows */
+-#ifdef DEBUG
+-	if (debug)
+-		printf("transmit: at %ld %s->%s mode %d keyid %08x len %d\n",
++	DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %d\n",
+ 		    current_time, peer->dstadr ?
+ 		    ntoa(&peer->dstadr->sin) : "-",
+-		    ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen);
+-#endif
++		    ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen));
+ #endif	/* !AUTOKEY */
++
++	return;
+ }
+ 
+ 
+@@ -3543,8 +3562,15 @@
+ #ifdef LEAP_SMEAR
+ 
+ static void
+-leap_smear_add_offs(l_fp *t, l_fp *t_recv) {
++leap_smear_add_offs(
++	l_fp *t,
++	l_fp *t_recv
++	)
++{
++
+ 	L_ADD(t, &leap_smear.offset);
++
++	return;
+ }
+ 
+ #endif  /* LEAP_SMEAR */
+@@ -3565,7 +3591,7 @@
+ 	struct pkt xpkt;	/* transmit packet structure */
+ 	struct pkt *rpkt;	/* receive packet structure */
+ 	l_fp	xmt_tx, xmt_ty;
+-	int	sendlen;
++	size_t	sendlen;
+ #ifdef AUTOKEY
+ 	u_int32	temp32;
+ #endif
+@@ -3684,13 +3710,10 @@
+ 	if (rbufp->recv_length == sendlen) {
+ 		sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, 0, &xpkt,
+ 		    sendlen);
+-#ifdef DEBUG
+-		if (debug)
+-			printf(
+-			    "transmit: at %ld %s->%s mode %d len %d\n",
++		DPRINTF(1, ("fast_xmit: at %ld %s->%s mode %d len %lu\n",
+ 			    current_time, stoa(&rbufp->dstadr->sin),
+-			    stoa(&rbufp->recv_srcadr), xmode, sendlen);
+-#endif
++			    stoa(&rbufp->recv_srcadr), xmode,
++			    (u_long)sendlen));
+ 		return;
+ 	}
+ 
+@@ -3717,7 +3740,7 @@
+ 		 */
+ 		cookie = session_key(&rbufp->recv_srcadr,
+ 		    &rbufp->dstadr->sin, 0, sys_private, 0);
+-		if (rbufp->recv_length > sendlen + (int)MAX_MAC_LEN) {
++		if ((size_t)rbufp->recv_length > sendlen + MAX_MAC_LEN) {
+ 			session_key(&rbufp->dstadr->sin,
+ 			    &rbufp->recv_srcadr, xkeyid, 0, 2);
+ 			temp32 = CRYPTO_RESP;
+@@ -3741,13 +3764,10 @@
+ 	get_systime(&xmt_ty);
+ 	L_SUB(&xmt_ty, &xmt_tx);
+ 	sys_authdelay = xmt_ty;
+-#ifdef DEBUG
+-	if (debug)
+-		printf(
+-		    "transmit: at %ld %s->%s mode %d keyid %08x len %d\n",
++	DPRINTF(1, ("fast_xmit: at %ld %s->%s mode %d keyid %08x len %lu\n",
+ 		    current_time, ntoa(&rbufp->dstadr->sin),
+-		    ntoa(&rbufp->recv_srcadr), xmode, xkeyid, sendlen);
+-#endif
++		    ntoa(&rbufp->recv_srcadr), xmode, xkeyid,
++		    (u_long)sendlen));
+ }
+ 
+ 
+@@ -3827,11 +3847,8 @@
+ 		LEN_PKT_NOMAC);
+ 	pool->sent++;
+ 	pool->throttle += (1 << pool->minpoll) - 2;
+-#ifdef DEBUG
+-	if (debug)
+-		printf("transmit: at %ld %s->%s pool\n",
+-		    current_time, latoa(lcladr), stoa(rmtadr));
+-#endif
++	DPRINTF(1, ("pool_xmit: at %ld %s->%s pool\n",
++		    current_time, latoa(lcladr), stoa(rmtadr)));
+ 	msyslog(LOG_INFO, "Soliciting pool server %s", stoa(rmtadr));
+ #endif	/* WORKER */
+ }
+@@ -3849,7 +3866,8 @@
+ 	 * group	different	1		ignore
+ 	 * * ignore if notrust
+ 	 */
+-int group_test(
++int
++group_test(
+ 	char	*grp,
+ 	char	*ident
+ 	)
+@@ -3929,11 +3947,8 @@
+ 	value_free(&peer->sndval);
+ 	peer->keynumber = 0;
+ 	peer->flags &= ~FLAG_ASSOC;
+-#ifdef DEBUG
+-	if (debug)
+-		printf("key_expire: at %lu associd %d\n", current_time,
+-		    peer->associd);
+-#endif
++	DPRINTF(1, ("key_expire: at %lu associd %d\n", current_time,
++		    peer->associd));
+ }
+ #endif	/* AUTOKEY */
+ 
+--- contrib/ntp/ntpd/ntp_refclock.c.orig
++++ contrib/ntp/ntpd/ntp_refclock.c
+@@ -732,9 +732,9 @@
+  */
+ int
+ refclock_open(
+-	char	*dev,		/* device name pointer */
+-	u_int	speed,		/* serial port speed (code) */
+-	u_int	lflags		/* line discipline flags */
++	const char	*dev,	/* device name pointer */
++	u_int		speed,	/* serial port speed (code) */
++	u_int		lflags	/* line discipline flags */
+ 	)
+ {
+ 	int	fd;
+--- contrib/ntp/ntpd/ntp_request.c.orig
++++ contrib/ntp/ntpd/ntp_request.c
+@@ -2006,11 +2006,11 @@
+ 	u_long trust
+ 	)
+ {
+-	register u_long *kp;
++	register uint32_t *kp;
+ 	register int items;
+ 
+ 	items = INFO_NITEMS(inpkt->err_nitems);
+-	kp = (u_long *)&inpkt->u;
++	kp = (uint32_t*)&inpkt->u;
+ 	while (items-- > 0) {
+ 		authtrust(*kp, trust);
+ 		kp++;
+--- contrib/ntp/ntpd/ntp_restrict.c.orig
++++ contrib/ntp/ntpd/ntp_restrict.c
+@@ -160,7 +160,7 @@
+ 	const size_t	count = INC_RESLIST4;
+ 	restrict_u *	rl;
+ 	restrict_u *	res;
+-	int		i;
++	size_t		i;
+ 
+ 	UNLINK_HEAD_SLIST(res, resfree4, link);
+ 	if (res != NULL)
+@@ -186,7 +186,7 @@
+ 	const size_t	count = INC_RESLIST6;
+ 	restrict_u *	rl;
+ 	restrict_u *	res;
+-	int		i;
++	size_t		i;
+ 
+ 	UNLINK_HEAD_SLIST(res, resfree6, link);
+ 	if (res != NULL)
+--- contrib/ntp/ntpd/ntp_signd.c.orig
++++ contrib/ntp/ntpd/ntp_signd.c
+@@ -66,7 +66,7 @@
+ 	while (len) {
+ 		int n = write(fd, buf, len);
+ 		if (n <= 0) return total;
+-		buf = n + (char *)buf;
++		buf = n + (const char *)buf;
+ 		len -= n;
+ 		total += n;
+ 	}
+@@ -110,9 +110,10 @@
+ {
+ 	if (read_all(fd, len, sizeof(*len)) != sizeof(*len)) return -1;
+ 	*len = ntohl(*len);
+-	(*buf) = emalloc(*len);
++	*buf = emalloc(*len);
+ 	if (read_all(fd, *buf, *len) != *len) {
+ 		free(*buf);
++		*buf = NULL;
+ 		return -1;
+ 	}
+ 	return 0;
+--- contrib/ntp/ntpd/ntp_timer.c.orig
++++ contrib/ntp/ntpd/ntp_timer.c
+@@ -626,18 +626,19 @@
+ 		 * announce the leap event has happened.
+ 		 */
+ 		const char *leapmsg = NULL;
+-		if (lsdata.warped < 0) {
++		double      lswarp  = lsdata.warped;
++		if (lswarp < 0.0) {
+ 			if (clock_max_back > 0.0 &&
+-			    clock_max_back < fabs(lsdata.warped)) {
+-				step_systime(lsdata.warped);
++			    clock_max_back < -lswarp) {
++				step_systime(lswarp);
+ 				leapmsg = leapmsg_p_step;
+ 			} else {
+ 				leapmsg = leapmsg_p_slew;
+ 			}
+-		} else 	if (lsdata.warped > 0) {
++		} else 	if (lswarp > 0.0) {
+ 			if (clock_max_fwd > 0.0 &&
+-			    clock_max_fwd < fabs(lsdata.warped)) {
+-				step_systime(lsdata.warped);
++			    clock_max_fwd < lswarp) {
++				step_systime(lswarp);
+ 				leapmsg = leapmsg_n_step;
+ 			} else {
+ 				leapmsg = leapmsg_n_slew;
+--- contrib/ntp/ntpd/ntp_util.c.orig
++++ contrib/ntp/ntpd/ntp_util.c
+@@ -334,7 +334,7 @@
+ {
+ 	FILE	*fp;
+ 	const char *value;
+-	int	len;
++	size_t	len;
+ 	double	old_drift;
+ 	l_fp	now;
+ 	time_t  ttnow;
+@@ -437,7 +437,7 @@
+ 			    (int)sizeof(statsdir) - 2);
+ 		} else {
+ 			int add_dir_sep;
+-			int value_l;
++			size_t value_l;
+ 
+ 			/* Add a DIR_SEP unless we already have one. */
+ 			value_l = strlen(value);
+@@ -933,7 +933,7 @@
+ 	const char *keyfile
+ 	)
+ {
+-	int len;
++	size_t len;
+ 
+ 	len = strlen(keyfile);
+ 	if (!len)
+--- contrib/ntp/ntpd/ntpd-opts.c.orig
++++ contrib/ntp/ntpd/ntpd-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpd-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:36:00 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:28:29 PM by AutoGen 5.18.5
+  *  From the definitions    ntpd-opts.def
+  *  and the template file   options
+  *
+@@ -75,7 +75,7 @@
+  *  static const strings for ntpd options
+  */
+ static char const ntpd_opt_strs[3129] =
+-/*     0 */ "ntpd 4.2.8p4\n"
++/*     0 */ "ntpd 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -205,12 +205,12 @@
+ /*  2900 */ "output version information and exit\0"
+ /*  2936 */ "version\0"
+ /*  2944 */ "NTPD\0"
+-/*  2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p4\n"
++/*  2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]... \\\n"
+             "\t\t[  ...  ]\n\0"
+ /*  3080 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  3114 */ "\n\0"
+-/*  3116 */ "ntpd 4.2.8p4";
++/*  3116 */ "ntpd 4.2.8p5";
+ 
+ /**
+  *  ipv4 option description with
+@@ -1529,7 +1529,7 @@
+      translate option names.
+    */
+   /* referenced via ntpdOptions.pzCopyright */
+-  puts(_("ntpd 4.2.8p4\n\
++  puts(_("ntpd 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -1670,7 +1670,7 @@
+   puts(_("output version information and exit"));
+ 
+   /* referenced via ntpdOptions.pzUsageTitle */
+-  puts(_("ntpd - NTP daemon program - Ver. 4.2.8p4\n\
++  puts(_("ntpd - NTP daemon program - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]... \\\n\
+ \t\t[  ...  ]\n"));
+ 
+@@ -1678,7 +1678,7 @@
+   puts(_("\n"));
+ 
+   /* referenced via ntpdOptions.pzFullVersion */
+-  puts(_("ntpd 4.2.8p4"));
++  puts(_("ntpd 4.2.8p5"));
+ 
+   /* referenced via ntpdOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/ntpd/ntpd-opts.h.orig
++++ contrib/ntp/ntpd/ntpd-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpd-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:35:59 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:28:28 PM by AutoGen 5.18.5
+  *  From the definitions    ntpd-opts.def
+  *  and the template file   options
+  *
+@@ -106,9 +106,9 @@
+ /** count of all options for ntpd */
+ #define OPTION_CT    38
+ /** ntpd version */
+-#define NTPD_VERSION       "4.2.8p4"
++#define NTPD_VERSION       "4.2.8p5"
+ /** Full ntpd version text */
+-#define NTPD_FULL_VERSION  "ntpd 4.2.8p4"
++#define NTPD_FULL_VERSION  "ntpd 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/ntpd/ntpd.1ntpdman.orig
++++ contrib/ntp/ntpd/ntpd.1ntpdman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpd 1ntpdman "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpd 1ntpdman "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5
+ .\" From the definitions ntpd-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpd/ntpd.1ntpdmdoc.orig
++++ contrib/ntp/ntpd/ntpd.1ntpdmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPD 1ntpdmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpd/ntpd.c.orig
++++ contrib/ntp/ntpd/ntpd.c
+@@ -27,12 +27,16 @@
+ #include "ntp_libopts.h"
+ #include "ntpd-opts.h"
+ 
+-/* there's a short treatise below what the thread stuff is for */
++/* there's a short treatise below what the thread stuff is for.
++ * [Bug 2954] enable the threading warm-up only for Linux.
++ */
+ #if defined(HAVE_PTHREADS) && HAVE_PTHREADS && !defined(NO_THREADS)
+ # ifdef HAVE_PTHREAD_H
+ #  include 
+ # endif
+-# define NEED_PTHREAD_WARMUP
++# if defined(linux)
++#  define NEED_PTHREAD_WARMUP
++# endif
+ #endif
+ 
+ #ifdef HAVE_UNISTD_H
+@@ -269,6 +273,9 @@
+  * This uses only the standard pthread API and should work with all
+  * implementations of pthreads. It is not necessary everywhere, but it's
+  * cheap enough to go on nearly unnoticed.
++ *
++ * Addendum: Bug 2954 showed that the assumption that this should work
++ * with all OS is wrong -- at least FreeBSD bombs heavily.
+  */
+ #ifdef NEED_PTHREAD_WARMUP
+ 
+@@ -646,6 +653,9 @@
+ # endif
+ 
+ # ifdef HAVE_WORKING_FORK
++	/* make sure the FDs are initialised */
++	pipe_fds[0] = -1;
++	pipe_fds[1] = -1;
+ 	do {					/* 'loop' once */
+ 		if (!HAVE_OPT( WAIT_SYNC ))
+ 			break;
+--- contrib/ntp/ntpd/ntpd.html.orig
++++ contrib/ntp/ntpd/ntpd.html
+@@ -39,7 +39,7 @@
+ symmetric and broadcast modes, and with both symmetric-key and public-key
+ cryptography.
+ 
+-  
        This document applies to version 4.2.8p4 of ntpd.
++  
        This document applies to version 4.2.8p5 of ntpd.
+ 
+ 
          
+ 
        • ntpd Description:             Description
+@@ -220,7 +220,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
          ntpd - NTP daemon program - Ver. 4.2.8p4-sec-RC2
++
          ntpd - NTP daemon program - Ver. 4.2.8p4
+ Usage:  ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
+                 [ <server1> ... <serverN> ]
+   Flg Arg Option-Name    Description
+--- contrib/ntp/ntpd/ntpd.man.in.orig
++++ contrib/ntp/ntpd/ntpd.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpd @NTPD_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpd @NTPD_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5
+ .\" From the definitions ntpd-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpd/ntpd.mdoc.in.orig
++++ contrib/ntp/ntpd/ntpd.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPD @NTPD_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpd/refclock_local.c.orig
++++ contrib/ntp/ntpd/refclock_local.c
+@@ -205,6 +205,7 @@
+ 	pp->disp = 0;
+ 	pp->jitter = 0;
+ #else /* KERNEL_PLL LOCKCLOCK */
++	pp->leap = LEAP_NOWARNING;
+ 	pp->disp = DISPERSION;
+ 	pp->jitter = 0;
+ #endif /* KERNEL_PLL LOCKCLOCK */
+--- contrib/ntp/ntpd/refclock_parse.c.orig
++++ contrib/ntp/ntpd/refclock_parse.c
+@@ -1630,9 +1630,9 @@
+ static char *
+ mkreadable(
+ 	char  *buffer,
+-	long  blen,
++	size_t blen,
+ 	const char  *src,
+-	u_long  srclen,
++	size_t srclen,
+ 	int hex
+ 	)
+ {
+--- contrib/ntp/ntpd/refclock_shm.c.orig
++++ contrib/ntp/ntpd/refclock_shm.c
+@@ -381,7 +381,8 @@
+ static enum segstat_t shm_query(volatile struct shmTime *shm_in, struct shm_stat_t *shm_stat)
+ /* try to grab a sample from the specified SHM segment */
+ {
+-    volatile struct shmTime shmcopy, *shm = shm_in;
++    struct shmTime shmcopy;
++    volatile struct shmTime *shm = shm_in;
+     volatile int cnt;
+ 
+     unsigned int cns_new, rns_new;
+@@ -418,7 +419,7 @@
+      * (b) memset compiles to an uninterruptible single-instruction bitblt.
+      */
+     memory_barrier();
+-    memcpy((void *)&shmcopy, (void *)shm, sizeof(struct shmTime));
++    memcpy(&shmcopy, (void*)(uintptr_t)shm, sizeof(struct shmTime));
+     shm->valid = 0;
+     memory_barrier();
+ 
+--- contrib/ntp/ntpd/refclock_true.c.orig
++++ contrib/ntp/ntpd/refclock_true.c
+@@ -637,7 +637,7 @@
+ 
+ 	pp = peer->procptr;
+ 	if (!(pp->sloppyclockflag & CLK_FLAG1)) {
+-		int len = strlen(cmd);
++		size_t len = strlen(cmd);
+ 
+ 		true_debug(peer, "Send '%s'\n", cmd);
+ 		if (write(pp->io.fd, cmd, (unsigned)len) != len)
+--- contrib/ntp/ntpd/refclock_tsyncpci.c.orig
++++ contrib/ntp/ntpd/refclock_tsyncpci.c
+@@ -549,7 +549,7 @@
+     memcpy(ppsRef, pRefObj->pps, TSYNC_REF_LEN);
+ 
+     // Extract the Clock Service Time Scale and convert to correct byte order
+-    memcpy(&tmscl, ((TIME_SCALE*)(it1->payloads)), sizeof(tmscl));
++    memcpy(&tmscl, it1->payloads, sizeof(tmscl));
+     tmscl = ntohl(tmscl);
+ 
+     // Extract leap second info from ioctl payload and perform byte swapping
+--- contrib/ntp/ntpdate/ntpdate.c.orig
++++ contrib/ntp/ntpdate/ntpdate.c
+@@ -561,8 +561,8 @@
+ 			nfound = poll(rdfdes, (unsigned int)nbsock, timeout.tv_sec * 1000);
+ 
+ #else
+-			nfound = select(maxfd, &rdfdes, (fd_set *)0,
+-					(fd_set *)0, &timeout);
++			nfound = select(maxfd, &rdfdes, NULL, NULL,
++					&timeout);
+ #endif
+ 			if (nfound > 0)
+ 				input_handler();
+@@ -696,7 +696,7 @@
+ 	 * If not, just timestamp it and send it away.
+ 	 */
+ 	if (sys_authenticate) {
+-		int len;
++		size_t len;
+ 
+ 		xpkt.exten[0] = htonl(sys_authkey);
+ 		get_systime(&server->xmt);
+@@ -808,11 +808,11 @@
+ 			printf("receive: rpkt keyid=%ld sys_authkey=%ld decrypt=%ld\n",
+ 			   (long int)ntohl(rpkt->exten[0]), (long int)sys_authkey,
+ 			   (long int)authdecrypt(sys_authkey, (u_int32 *)rpkt,
+-				LEN_PKT_NOMAC, (int)(rbufp->recv_length - LEN_PKT_NOMAC)));
++				LEN_PKT_NOMAC, (size_t)(rbufp->recv_length - LEN_PKT_NOMAC)));
+ 
+ 		if (has_mac && ntohl(rpkt->exten[0]) == sys_authkey &&
+ 			authdecrypt(sys_authkey, (u_int32 *)rpkt, LEN_PKT_NOMAC,
+-			(int)(rbufp->recv_length - LEN_PKT_NOMAC)))
++			(size_t)(rbufp->recv_length - LEN_PKT_NOMAC)))
+ 			is_authentic = 1;
+ 		if (debug)
+ 			printf("receive: authentication %s\n",
+@@ -1888,7 +1888,7 @@
+ #else
+ 	fd_set fds;
+ #endif
+-	int fdc = 0;
++	SOCKET fdc = 0;
+ 
+ 	/*
+ 	 * Do a poll to see if we have data
+@@ -1912,7 +1912,7 @@
+ 
+ #else
+ 		fds = fdmask;
+-		n = select(maxfd, &fds, (fd_set *)0, (fd_set *)0, &tvzero);
++		n = select(maxfd, &fds, NULL, NULL, &tvzero);
+ 
+ 		/*
+ 		 * Determine which socket received data
+--- contrib/ntp/ntpdc/invoke-ntpdc.texi.orig
++++ contrib/ntp/ntpdc/invoke-ntpdc.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntpdc.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:38:54 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:31:26 PM by AutoGen 5.18.5
+ # From the definitions    ntpdc-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -76,7 +76,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4
++ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5
+ Usage:  ntpdc [ - [] | --[@{=| @}] ]... [ host ...]
+   Flg Arg Option-Name    Description
+    -4 no  ipv4           Force IPv4 DNS name resolution
+--- contrib/ntp/ntpdc/ntpdc-opts.c.orig
++++ contrib/ntp/ntpdc/ntpdc-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:38:40 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:31:12 PM by AutoGen 5.18.5
+  *  From the definitions    ntpdc-opts.def
+  *  and the template file   options
+  *
+@@ -69,7 +69,7 @@
+  *  static const strings for ntpdc options
+  */
+ static char const ntpdc_opt_strs[1911] =
+-/*     0 */ "ntpdc 4.2.8p4\n"
++/*     0 */ "ntpdc 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -128,7 +128,7 @@
+ /*  1694 */ "no-load-opts\0"
+ /*  1707 */ "no\0"
+ /*  1710 */ "NTPDC\0"
+-/*  1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4\n"
++/*  1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n\0"
+ /*  1846 */ "$HOME\0"
+ /*  1852 */ ".\0"
+@@ -135,7 +135,7 @@
+ /*  1854 */ ".ntprc\0"
+ /*  1861 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  1895 */ "\n\0"
+-/*  1897 */ "ntpdc 4.2.8p4";
++/*  1897 */ "ntpdc 4.2.8p5";
+ 
+ /**
+  *  ipv4 option description with
+@@ -796,7 +796,7 @@
+      translate option names.
+    */
+   /* referenced via ntpdcOptions.pzCopyright */
+-  puts(_("ntpdc 4.2.8p4\n\
++  puts(_("ntpdc 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -862,7 +862,7 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via ntpdcOptions.pzUsageTitle */
+-  puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4\n\
++  puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n"));
+ 
+   /* referenced via ntpdcOptions.pzExplain */
+@@ -869,7 +869,7 @@
+   puts(_("\n"));
+ 
+   /* referenced via ntpdcOptions.pzFullVersion */
+-  puts(_("ntpdc 4.2.8p4"));
++  puts(_("ntpdc 4.2.8p5"));
+ 
+   /* referenced via ntpdcOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/ntpdc/ntpdc-opts.h.orig
++++ contrib/ntp/ntpdc/ntpdc-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:38:39 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:31:11 PM by AutoGen 5.18.5
+  *  From the definitions    ntpdc-opts.def
+  *  and the template file   options
+  *
+@@ -83,9 +83,9 @@
+ /** count of all options for ntpdc */
+ #define OPTION_CT    15
+ /** ntpdc version */
+-#define NTPDC_VERSION       "4.2.8p4"
++#define NTPDC_VERSION       "4.2.8p5"
+ /** Full ntpdc version text */
+-#define NTPDC_FULL_VERSION  "ntpdc 4.2.8p4"
++#define NTPDC_FULL_VERSION  "ntpdc 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/ntpdc/ntpdc.1ntpdcman.orig
++++ contrib/ntp/ntpdc/ntpdc.1ntpdcman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpdc 1ntpdcman "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpdc 1ntpdcman "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Gvay7L/ag-Svaq6L)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:38:51 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5
+ .\" From the definitions ntpdc-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc.orig
++++ contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPDC 1ntpdcmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:29 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpdc-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpdc/ntpdc.c.orig
++++ contrib/ntp/ntpdc/ntpdc.c
+@@ -32,6 +32,7 @@
+ 
+ #include "ntp_libopts.h"
+ #include "ntpdc-opts.h"
++#include "safecast.h"
+ 
+ #ifdef SYS_VXWORKS
+ 				/* vxWorks needs mode flag -casey*/
+@@ -74,8 +75,8 @@
+ static	int	openhost	(const char *);
+ static	int	sendpkt		(void *, size_t);
+ static	void	growpktdata	(void);
+-static	int	getresponse	(int, int, int *, int *, char **, int);
+-static	int	sendrequest	(int, int, int, u_int, size_t, char *);
++static	int	getresponse	(int, int, size_t *, size_t *, const char **, size_t);
++static	int	sendrequest	(int, int, int, size_t, size_t, const char *);
+ static	void	getcmds		(void);
+ static	RETSIGTYPE abortcmd	(int);
+ static	void	docmd		(const char *);
+@@ -526,10 +527,11 @@
+ 
+ #ifdef SYS_VXWORKS
+ 	if (connect(sockfd, (struct sockaddr *)&hostaddr, 
+-		    sizeof(hostaddr)) == -1) {
++		    sizeof(hostaddr)) == -1)
+ #else
+-	if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1) {
++	if (connect(sockfd, ai->ai_addr, ai->ai_addrlen) == -1)
+ #endif /* SYS_VXWORKS */
++	{
+ 		error("connect");
+ 		exit(-1);
+ 	}
+@@ -582,18 +584,18 @@
+ getresponse(
+ 	int implcode,
+ 	int reqcode,
+-	int *ritems,
+-	int *rsize,
+-	char **rdata,
+-	int esize
++	size_t *ritems,
++	size_t *rsize,
++	const char **rdata,
++	size_t esize
+ 	)
+ {
+ 	struct resp_pkt rpkt;
+ 	struct sock_timeval tvo;
+-	int items;
+-	int i;
+-	int size;
+-	int datasize;
++	size_t items;
++	size_t i;
++	size_t size;
++	size_t datasize;
+ 	char *datap;
+ 	char *tmp_data;
+ 	char haveseq[MAXSEQ+1];
+@@ -603,7 +605,7 @@
+ 	int seq;
+ 	fd_set fds;
+ 	ssize_t n;
+-	int pad;
++	size_t pad;
+ 
+ 	/*
+ 	 * This is pretty tricky.  We may get between 1 and many packets
+@@ -628,8 +630,7 @@
+ 		tvo = tvsout;
+ 	
+ 	FD_SET(sockfd, &fds);
+-	n = select(sockfd+1, &fds, (fd_set *)0, (fd_set *)0, &tvo);
+-
++	n = select(sockfd+1, &fds, NULL, NULL, &tvo);
+ 	if (n == -1) {
+ 		warning("select fails");
+ 		return -1;
+@@ -640,7 +641,8 @@
+ 		 */
+ 		if (firstpkt) {
+ 			(void) fprintf(stderr,
+-				       "%s: timed out, nothing received\n", currenthost);
++				       "%s: timed out, nothing received\n",
++				       currenthost);
+ 			return ERR_TIMEOUT;
+ 		} else {
+ 			(void) fprintf(stderr,
+@@ -740,7 +742,7 @@
+ 	if ((size_t)datasize > (n-RESP_HEADER_SIZE)) {
+ 		if (debug)
+ 		    printf(
+-			    "Received items %d, size %d (total %d), data in packet is %zu\n",
++			    "Received items %zu, size %zu (total %zu), data in packet is %zu\n",
+ 			    items, size, datasize, n-RESP_HEADER_SIZE);
+ 		goto again;
+ 	}
+@@ -751,7 +753,7 @@
+ 	 */
+ 	if (!firstpkt && size != *rsize) {
+ 		if (debug)
+-		    printf("Received itemsize %d, previous %d\n",
++		    printf("Received itemsize %zu, previous %zu\n",
+ 			   size, *rsize);
+ 		goto again;
+ 	}
+@@ -781,7 +783,7 @@
+ 	 * So far, so good.  Copy this data into the output array.
+ 	 */
+ 	if ((datap + datasize + (pad * items)) > (pktdata + pktdatasize)) {
+-		int offset = datap - pktdata;
++		size_t offset = datap - pktdata;
+ 		growpktdata();
+ 		*rdata = pktdata; /* might have been realloced ! */
+ 		datap = pktdata + offset;
+@@ -844,9 +846,9 @@
+ 	int implcode,
+ 	int reqcode,
+ 	int auth,
+-	u_int qitems,
++	size_t qitems,
+ 	size_t qsize,
+-	char *qdata
++	const char *qdata
+ 	)
+ {
+ 	struct req_pkt qpkt;
+@@ -855,7 +857,7 @@
+ 	u_long	key_id;
+ 	l_fp	ts;
+ 	l_fp *	ptstamp;
+-	int	maclen;
++	size_t	maclen;
+ 	char *	pass;
+ 
+ 	ZERO(qpkt);
+@@ -918,13 +920,14 @@
+ 	get_systime(&ts);
+ 	L_ADD(&ts, &delay_time);
+ 	HTONL_FP(&ts, ptstamp);
+-	maclen = authencrypt(info_auth_keyid, (void *)&qpkt, reqsize);
++	maclen = authencrypt(
++		info_auth_keyid, (void *)&qpkt, size2int_chk(reqsize));
+ 	if (!maclen) {  
+ 		fprintf(stderr, "Key not found\n");
+ 		return 1;
+ 	} else if (maclen != (int)(info_auth_hashlen + sizeof(keyid_t))) {
+ 		fprintf(stderr,
+-			"%d octet MAC, %zu expected with %zu octet digest\n",
++			"%zu octet MAC, %zu expected with %zu octet digest\n",
+ 			maclen, (info_auth_hashlen + sizeof(keyid_t)),
+ 			info_auth_hashlen);
+ 		return 1;
+@@ -941,12 +944,12 @@
+ 	int implcode,
+ 	int reqcode,
+ 	int auth,
+-	int qitems,
+-	int qsize,
+-	char *qdata,
+-	int *ritems,
+-	int *rsize,
+-	char **rdata,
++	size_t qitems,
++	size_t qsize,
++	const char *qdata,
++	size_t *ritems,
++	size_t *rsize,
++	const char **rdata,
+  	int quiet_mask,
+ 	int esize
+ 	)
+@@ -972,8 +975,7 @@
+ 		tvzero.tv_sec = tvzero.tv_usec = 0;
+ 		FD_ZERO(&fds);
+ 		FD_SET(sockfd, &fds);
+-		res = select(sockfd+1, &fds, (fd_set *)0, (fd_set *)0, &tvzero);
+-
++		res = select(sockfd+1, &fds, NULL, NULL, &tvzero);
+ 		if (res == -1) {
+ 			warning("polling select");
+ 			return -1;
+@@ -1271,7 +1273,7 @@
+ 	)
+ {
+ 	register struct xcmd *cl;
+-	register int clen;
++	size_t clen;
+ 	int nmatch;
+ 	struct xcmd *nearmatch = NULL;
+ 	struct xcmd *clist;
+@@ -1384,7 +1386,7 @@
+ 				return 0;
+ 			}
+ 			argp->uval *= 10;
+-			argp->uval += (cp - digits);
++			argp->uval += (u_long)(cp - digits);
+ 		} while (*(++np) != '\0');
+ 
+ 		if (isneg) {
+--- contrib/ntp/ntpdc/ntpdc.h.orig
++++ contrib/ntp/ntpdc/ntpdc.h
+@@ -63,5 +63,5 @@
+ extern	int showhostnames;
+ extern	int s_port;
+ 
+-extern	int	doquery	(int, int, int, int, int, char *, int *, int *, char **, int, int);
++extern	int	doquery	(int, int, int, size_t, size_t, const char *, size_t *, size_t *, const char **, int, int);
+ extern	const char * nntohost	(sockaddr_u *);
+--- contrib/ntp/ntpdc/ntpdc.html.orig
++++ contrib/ntp/ntpdc/ntpdc.html
+@@ -36,7 +36,7 @@
+ clock.  Run as root, it can correct the system clock to this offset as
+ well.  It can be run as an interactive command or from a cron job.
+ 
+-  
          This document applies to version 4.2.8p4 of ntpdc.
++  
          This document applies to version 4.2.8p5 of ntpdc.
+ 
+   
          The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
+ IETF specification.
+@@ -152,7 +152,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
          ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p4
++
          ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5
+ Usage:  ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
+   Flg Arg Option-Name    Description
+    -4 no  ipv4           Force IPv4 DNS name resolution
+--- contrib/ntp/ntpdc/ntpdc.man.in.orig
++++ contrib/ntp/ntpdc/ntpdc.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpdc @NTPDC_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpdc @NTPDC_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Gvay7L/ag-Svaq6L)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:38:51 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5
+ .\" From the definitions ntpdc-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpdc/ntpdc.mdoc.in.orig
++++ contrib/ntp/ntpdc/ntpdc.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPDC @NTPDC_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:29 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpdc-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpdc/ntpdc_ops.c.orig
++++ contrib/ntp/ntpdc/ntpdc_ops.c
+@@ -31,9 +31,9 @@
+ /*
+  * utility functions
+  */
+-static	int	checkitems	(int, FILE *);
+-static	int	checkitemsize	(int, int);
+-static	int	check1item	(int, FILE *);
++static	int	checkitems	(size_t, FILE *);
++static	int	checkitemsize	(size_t, size_t);
++static	int	check1item	(size_t, FILE *);
+ 
+ /*
+  * Declarations for command handlers in here
+@@ -288,7 +288,7 @@
+  */
+ static int
+ checkitems(
+-	int items,
++	size_t items,
+ 	FILE *fp
+ 	)
+ {
+@@ -305,14 +305,14 @@
+  */
+ static int
+ checkitemsize(
+-	int itemsize,
+-	int expected
++	size_t itemsize,
++	size_t expected
+ 	)
+ {
+ 	if (itemsize != expected) {
+ 		(void) fprintf(stderr,
+-			       "***Incorrect item size returned by remote host (%d should be %d)\n",
+-			       itemsize, expected);
++			       "***Incorrect item size returned by remote host (%lu should be %lu)\n",
++			       (u_long)itemsize, (u_long)expected);
+ 		return 0;
+ 	}
+ 	return 1;
+@@ -324,7 +324,7 @@
+  */
+ static int
+ check1item(
+-	int items,
++	size_t items,
+ 	FILE *fp
+ 	)
+ {
+@@ -333,8 +333,8 @@
+ 		return 0;
+ 	}
+ 	if (items > 1) {
+-		(void) fprintf(fp, "Expected one item in response, got %d\n",
+-			       items);
++		(void) fprintf(fp, "Expected one item in response, got %lu\n",
++			       (u_long)items);
+ 		return 0;
+ 	}
+ 	return 1;
+@@ -353,8 +353,8 @@
+ {
+ 	struct info_peer_list *plist;
+ 	sockaddr_u paddr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -430,8 +430,8 @@
+ 	struct info_peer_summary *plist;
+ 	sockaddr_u dstadr;
+ 	sockaddr_u srcadr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int ntp_poll;
+ 	int res;
+ 	int c;
+@@ -679,10 +679,10 @@
+ 	struct info_peer *pp;
+ 	/* 4 is the maximum number of peers which will fit in a packet */
+ 	struct info_peer_list *pl, plist[min(MAXARGS, 4)];
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	int sendsize;
+ 
+@@ -753,12 +753,12 @@
+ 	/* 4 is the maximum number of peers which will fit in a packet */
+ 	struct info_peer_list *pl, plist[min(MAXARGS, 4)];
+ 	sockaddr_u src, dst;
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+-	int sendsize;
++	size_t sendsize;
+ 
+ again:
+ 	if (impl_ver == IMPL_XNTPD)
+@@ -871,8 +871,8 @@
+ 	)
+ {
+ 	struct info_loop *il;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int oneline = 0;
+ 	int res;
+ 	l_fp tempts;
+@@ -946,8 +946,8 @@
+ {
+ 	struct info_sys *is;
+ 	sockaddr_u peeraddr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	l_fp tempts;
+ 
+@@ -1035,8 +1035,8 @@
+ 	)
+ {
+ 	struct info_sys_stats *ss;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -1101,8 +1101,8 @@
+ 	)
+ {
+ 	struct info_io_stats *io;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -1162,8 +1162,8 @@
+ {
+ 	struct info_mem_stats *mem;
+ 	int i;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -1219,8 +1219,8 @@
+ 	)
+ {
+ 	struct info_timer_stats *tim;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -1314,9 +1314,9 @@
+ 	)
+ {
+ 	struct conf_peer cpeer;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	u_long keyid;
+ 	u_int version;
+ 	u_char minpoll;
+@@ -1480,13 +1480,13 @@
+ {
+ 	/* 8 is the maximum number of peers which will fit in a packet */
+ 	struct conf_unpeer *pl, plist[min(MAXARGS, 8)];
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+-	int sendsize;
++	size_t sendsize;
+ 
+ again:
+ 	if (impl_ver == IMPL_XNTPD)
+@@ -1564,9 +1564,9 @@
+ 	)
+ {
+ 	struct conf_sys_flags sys;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+ 
+ 	sys.flags = 0;
+@@ -1675,8 +1675,8 @@
+ 	struct info_restrict *rl;
+ 	sockaddr_u resaddr;
+ 	sockaddr_u maskaddr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	int skip;
+ 	const char *addr;
+@@ -1827,9 +1827,9 @@
+ 	)
+ {
+ 	struct conf_restrict cres;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	u_int32 num;
+ 	u_long bit;
+ 	int i;
+@@ -1946,14 +1946,14 @@
+ 	FILE *fp
+ 	)
+ {
+-	char *struct_star;
+-	struct info_monitor *ml;
+-	struct info_monitor_1 *m1;
+-	struct old_info_monitor *oml;
++	const char *struct_star;
++	const struct info_monitor *ml;
++	const struct info_monitor_1 *m1;
++	const struct old_info_monitor *oml;
+ 	sockaddr_u addr;
+ 	sockaddr_u dstadr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	int version = -1;
+ 
+@@ -1987,7 +1987,7 @@
+ 	if (itemsize == sizeof(struct info_monitor_1) ||
+ 	    itemsize == v4sizeof(struct info_monitor_1)) {
+ 
+-		m1 = (void *)struct_star;
++	    m1 = (const void*)struct_star;
+ 		fprintf(fp,
+ 			"remote address          port local address      count m ver rstr avgint  lstint\n");
+ 		fprintf(fp,
+@@ -2014,7 +2014,7 @@
+ 	} else if (itemsize == sizeof(struct info_monitor) ||
+ 	    itemsize == v4sizeof(struct info_monitor)) {
+ 
+-		ml = (void *) struct_star;
++		ml = (const void *)struct_star;
+ 		fprintf(fp,
+ 			"     address               port     count mode ver rstr avgint  lstint\n");
+ 		fprintf(fp,
+@@ -2039,7 +2039,7 @@
+ 		}
+ 	} else if (itemsize == sizeof(struct old_info_monitor)) {
+ 
+-		oml = (void *)struct_star;
++		oml = (const void *)struct_star;
+ 		fprintf(fp,
+ 			"     address          port     count  mode version  lasttime firsttime\n");
+ 		fprintf(fp,
+@@ -2091,9 +2091,9 @@
+ 	)
+ {
+ 	struct reset_flags rflags;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int i;
+ 	size_t res;
+ 	int err;
+@@ -2148,13 +2148,13 @@
+ {
+ 	/* 8 is the maximum number of peers which will fit in a packet */
+ 	struct conf_unpeer *pl, plist[min(MAXARGS, 8)];
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+-	int sendsize;
++	size_t sendsize;
+ 
+ again:
+ 	if (impl_ver == IMPL_XNTPD)
+@@ -2205,9 +2205,9 @@
+ 	FILE *fp
+ 	)
+ {
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+ 
+ again:
+@@ -2263,9 +2263,9 @@
+ {
+ 	u_long keyids[MAXARGS];
+ 	size_t i;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int ritems;
+ 	int res;
+ 
+@@ -2302,8 +2302,8 @@
+ 	)
+ {
+ 	struct info_auth *ia;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -2356,11 +2356,11 @@
+ 	FILE *fp
+ 	)
+ {
+-	int i;
++	size_t i;
+ 	struct info_trap *it;
+ 	sockaddr_u trap_addr, local_addr;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -2446,9 +2446,9 @@
+ 	)
+ {
+ 	struct conf_trap ctrap;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+ 	int sendsize;
+ 
+@@ -2545,9 +2545,9 @@
+ 	)
+ {
+ 	u_long key;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	int res;
+ 
+ 
+@@ -2581,8 +2581,8 @@
+ 	)
+ {
+ 	struct info_control *ic;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ again:
+@@ -2648,10 +2648,10 @@
+ 	struct info_clock *cl;
+ 	/* 8 is the maximum number of clocks which will fit in a packet */
+ 	u_long clist[min(MAXARGS, 8)];
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	l_fp ts;
+ 	struct clktype *clk;
+@@ -2735,9 +2735,9 @@
+ 	)
+ {
+ 	struct conf_fudge fudgedata;
+-	int items;
+-	int itemsize;
+-	char *dummy;
++	size_t items;
++	size_t itemsize;
++	const char *dummy;
+ 	l_fp ts;
+ 	int res;
+ 	long val;
+@@ -2822,10 +2822,10 @@
+ 	/* 8 is the maximum number of clocks which will fit in a packet */
+ 	u_long clist[min(MAXARGS, 8)];
+ 	u_int32 ltemp;
+-	int qitemlim;
+-	int qitems;
+-	int items;
+-	int itemsize;
++	size_t qitemlim;
++	size_t qitems;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	int needsp;
+ 	l_fp ts;
+@@ -2916,8 +2916,8 @@
+ 	)
+ {
+ 	struct info_kernel *ik;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 	unsigned status;
+ 	double tscale = 1e-6;
+@@ -3050,8 +3050,8 @@
+ iflist(
+ 	FILE *fp,
+ 	struct info_if_stats *ifs,
+-	int items,
+-	int itemsize,
++	size_t items,
++	size_t itemsize,
+ 	int res
+ 	)
+ {
+@@ -3113,8 +3113,8 @@
+ 	)
+ {
+ 	struct info_if_stats *ifs;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ 	res = doquery(impl_ver, REQ_IF_STATS, 1, 0, 0, (char *)NULL, &items,
+@@ -3131,8 +3131,8 @@
+ 	)
+ {
+ 	struct info_if_stats *ifs;
+-	int items;
+-	int itemsize;
++	size_t items;
++	size_t itemsize;
+ 	int res;
+ 
+ 	res = doquery(impl_ver, REQ_IF_RELOAD, 1, 0, 0, (char *)NULL, &items,
+--- contrib/ntp/ntpq/invoke-ntpq.texi.orig
++++ contrib/ntp/ntpq/invoke-ntpq.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntpq.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:39:27 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:32:00 PM by AutoGen 5.18.5
+ # From the definitions    ntpq-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -847,7 +847,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntpq - standard NTP query program - Ver. 4.2.8p4
++ntpq - standard NTP query program - Ver. 4.2.8p5
+ Usage:  ntpq [ - [] | --[@{=| @}] ]... [ host ...]
+   Flg Arg Option-Name    Description
+    -4 no  ipv4           Force IPv4 DNS name resolution
+--- contrib/ntp/ntpq/libntpq.c.orig
++++ contrib/ntp/ntpq/libntpq.c
+@@ -132,7 +132,7 @@
+ {
+ 	char *	name;
+ 	char *	value;
+-	int	idatalen;
++	size_t	idatalen;
+ 
+ 	value = NULL;
+ 	idatalen = (int)datalen;
+@@ -181,8 +181,8 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
+-	u_short rstatus;
++	size_t	dsize;
++	u_short	rstatus;
+ 	
+ 	if ( numhosts > 0 )
+ 		res = doquery(VARSET,association,0,0, (char *)0, &rstatus, &dsize, &datap);
+@@ -417,7 +417,7 @@
+ {
+ 	const char *	datap;
+ 	int		res;
+-	int		dsize;
++	size_t		dsize;
+ 	u_short		rstatus;
+ 
+ 	res = doquery(CTL_OP_READVAR, associd, 0, 0, NULL, &rstatus,
+@@ -474,17 +474,16 @@
+ {
+ 	const char *	datap;
+ 	int		res;
+-	int		i_dsize;
+ 	size_t		dsize;
+ 	u_short		rstatus;
+ 
+ 	res = doquery(CTL_OP_READVAR, 0, 0, 0, NULL, &rstatus,
+-		      &i_dsize, &datap);
++		      &dsize, &datap);
+ 
+ 	if (res != 0)
+ 		return 0;
+ 
+-	if (i_dsize == 0) {
++	if (dsize == 0) {
+ 		if (numhosts > 1)
+ 			fprintf(stderr, "server=%s ", currenthost);
+ 		fprintf(stderr, "***No sysvar information returned\n");
+@@ -491,7 +490,6 @@
+ 
+ 		return 0;
+ 	} else {
+-		dsize = max(0, i_dsize);
+ 		dsize = min(dsize, maxsize);
+ 		memcpy(resultbuf, datap, dsize);
+ 	}
+@@ -661,7 +659,7 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ 	res = ntpq_doquerylist(ntpq_varlist, CTL_OP_READCLOCK, associd,
+--- contrib/ntp/ntpq/libntpq.h.orig
++++ contrib/ntp/ntpq/libntpq.h
+@@ -106,4 +106,4 @@
+ extern int ntpq_dogetassoc(void);
+ extern char ntpq_decodeaddrtype(sockaddr_u *sock);
+ extern int ntpq_doquerylist(struct ntpq_varlist *, int, associd_t, int,
+-			    u_short *, int *, const char **datap);
++			    u_short *, size_t *, const char **datap);
+--- contrib/ntp/ntpq/libntpq_subs.c.orig
++++ contrib/ntp/ntpq/libntpq_subs.c
+@@ -42,7 +42,7 @@
+ 	associd_t associd,
+ 	int auth,
+ 	u_short *rstatus,
+-	int *dsize,
++	size_t *dsize,
+ 	const char **datap
+ 	)
+ {
+--- contrib/ntp/ntpq/ntpq-opts.c.orig
++++ contrib/ntp/ntpq/ntpq-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:00 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:31:32 PM by AutoGen 5.18.5
+  *  From the definitions    ntpq-opts.def
+  *  and the template file   options
+  *
+@@ -69,7 +69,7 @@
+  *  static const strings for ntpq options
+  */
+ static char const ntpq_opt_strs[1925] =
+-/*     0 */ "ntpq 4.2.8p4\n"
++/*     0 */ "ntpq 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -129,13 +129,13 @@
+ /*  1723 */ "no-load-opts\0"
+ /*  1736 */ "no\0"
+ /*  1739 */ "NTPQ\0"
+-/*  1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p4\n"
++/*  1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n\0"
+ /*  1863 */ "$HOME\0"
+ /*  1869 */ ".\0"
+ /*  1871 */ ".ntprc\0"
+ /*  1878 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+-/*  1912 */ "ntpq 4.2.8p4";
++/*  1912 */ "ntpq 4.2.8p5";
+ 
+ /**
+  *  ipv4 option description with
+@@ -786,7 +786,7 @@
+      translate option names.
+    */
+   /* referenced via ntpqOptions.pzCopyright */
+-  puts(_("ntpq 4.2.8p4\n\
++  puts(_("ntpq 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -852,11 +852,11 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via ntpqOptions.pzUsageTitle */
+-  puts(_("ntpq - standard NTP query program - Ver. 4.2.8p4\n\
++  puts(_("ntpq - standard NTP query program - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]... [ host ...]\n"));
+ 
+   /* referenced via ntpqOptions.pzFullVersion */
+-  puts(_("ntpq 4.2.8p4"));
++  puts(_("ntpq 4.2.8p5"));
+ 
+   /* referenced via ntpqOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/ntpq/ntpq-opts.h.orig
++++ contrib/ntp/ntpq/ntpq-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpq-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:00 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:31:32 PM by AutoGen 5.18.5
+  *  From the definitions    ntpq-opts.def
+  *  and the template file   options
+  *
+@@ -83,9 +83,9 @@
+ /** count of all options for ntpq */
+ #define OPTION_CT    15
+ /** ntpq version */
+-#define NTPQ_VERSION       "4.2.8p4"
++#define NTPQ_VERSION       "4.2.8p5"
+ /** Full ntpq version text */
+-#define NTPQ_FULL_VERSION  "ntpq 4.2.8p4"
++#define NTPQ_FULL_VERSION  "ntpq 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/ntpq/ntpq-subs.c.orig
++++ contrib/ntp/ntpq/ntpq-subs.c
+@@ -22,9 +22,9 @@
+ static	void	doaddvlist	(struct varlist *, const char *);
+ static	void	dormvlist	(struct varlist *, const char *);
+ static	void	doclearvlist	(struct varlist *);
+-static	void	makequerydata	(struct varlist *, int *, char *);
++static	void	makequerydata	(struct varlist *, size_t *, char *);
+ static	int	doquerylist	(struct varlist *, int, associd_t, int,
+-				 u_short *, int *, const char **);
++				 u_short *, size_t *, const char **);
+ static	void	doprintvlist	(struct varlist *, FILE *);
+ static	void	addvars 	(struct parse *, FILE *);
+ static	void	rmvars		(struct parse *, FILE *);
+@@ -56,7 +56,7 @@
+ static	void	pstats	 	(struct parse *, FILE *);
+ static	long	when		(l_fp *, l_fp *, l_fp *);
+ static	char *	prettyinterval	(char *, size_t, long);
+-static	int	doprintpeers	(struct varlist *, int, int, int, const char *, FILE *, int);
++static	int	doprintpeers	(struct varlist *, int, int, size_t, const char *, FILE *, int);
+ static	int	dogetpeers	(struct varlist *, associd_t, FILE *, int);
+ static	void	dopeers 	(int, FILE *, int);
+ static	void	peers		(struct parse *, FILE *);
+@@ -343,7 +343,7 @@
+ /*
+  * other local function prototypes
+  */
+-void		mrulist_ctrl_c_hook(void);
++static int	mrulist_ctrl_c_hook(void);
+ static mru *	add_mru(mru *);
+ static int	collect_mru_list(const char *, l_fp *);
+ static int	fetch_nonce(char *, size_t);
+@@ -440,7 +440,7 @@
+ 	)
+ {
+ 	struct varlist *vl;
+-	int len;
++	size_t len;
+ 	char *name;
+ 	char *value;
+ 
+@@ -475,7 +475,7 @@
+ 	)
+ {
+ 	struct varlist *vl;
+-	int len;
++	size_t len;
+ 	char *name;
+ 	char *value;
+ 
+@@ -527,14 +527,14 @@
+ static void
+ makequerydata(
+ 	struct varlist *vlist,
+-	int *datalen,
++	size_t *datalen,
+ 	char *data
+ 	)
+ {
+ 	register struct varlist *vl;
+ 	register char *cp, *cpend;
+-	register int namelen, valuelen;
+-	register int totallen;
++	register size_t namelen, valuelen;
++	register size_t totallen;
+ 
+ 	cp = data;
+ 	cpend = data + *datalen;
+@@ -563,7 +563,7 @@
+ 			cp += valuelen;
+ 		}
+ 	}
+-	*datalen = cp - data;
++	*datalen = (size_t)(cp - data);
+ }
+ 
+ 
+@@ -577,12 +577,12 @@
+ 	associd_t associd,
+ 	int auth,
+ 	u_short *rstatus,
+-	int *dsize,
++	size_t *dsize,
+ 	const char **datap
+ 	)
+ {
+ 	char data[CTL_MAX_DATA_LEN];
+-	int datalen;
++	size_t datalen;
+ 
+ 	datalen = sizeof(data);
+ 	makequerydata(vlist, &datalen, data);
+@@ -686,7 +686,7 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 	int quiet;
+ 
+@@ -766,7 +766,7 @@
+ 	const char *datap;
+ 	int res;
+ 	associd_t associd;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ 	if (pcmd->nargs == 0) {
+@@ -808,8 +808,8 @@
+ 	)
+ {
+ 	associd_t	associd;
+-	u_int		tmpcount;
+-	u_int		u;
++	size_t		tmpcount;
++	size_t		u;
+ 	int		type;
+ 	struct varlist	tmplist[MAXLIST];
+ 
+@@ -849,7 +849,7 @@
+ 	int res;
+ 	associd_t associd;
+ 	int type;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 	struct varlist tmplist[MAXLIST];
+ 
+@@ -1071,7 +1071,7 @@
+ 	const char *datap;
+ 	const u_short *pus;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ 	res = doquery(CTL_OP_READSTAT, 0, 0, 0, (char *)0, &rstatus,
+@@ -1091,7 +1091,7 @@
+ 		if (numhosts > 1)
+ 			fprintf(stderr, "server=%s ", currenthost);
+ 		fprintf(stderr,
+-			"***Server returned %d octets, should be multiple of 4\n",
++			"***Server returned %zu octets, should be multiple of 4\n",
+ 			dsize);
+ 		return 0;
+ 	}
+@@ -1379,7 +1379,7 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ 	if (0 == pcmd->nargs)
+@@ -1396,7 +1396,7 @@
+ 	if (0 == dsize)
+ 		fprintf(fp, "(no response message, curiously)");
+ 	else
+-		fprintf(fp, "%.*s", dsize, datap);
++		fprintf(fp, "%.*s", (int)dsize, datap); /* cast is wobbly */
+ }
+ 
+ 
+@@ -1593,7 +1593,7 @@
+ 	struct varlist *pvl,
+ 	int associd,
+ 	int rstatus,
+-	int datalen,
++	size_t datalen,
+ 	const char *data,
+ 	FILE *fp,
+ 	int af
+@@ -1602,7 +1602,7 @@
+ 	char *name;
+ 	char *value = NULL;
+ 	int c;
+-	int len;
++	size_t len;
+ 	int have_srchost;
+ 	int have_dstadr;
+ 	int have_da_rid;
+@@ -1881,7 +1881,7 @@
+ {
+ 	const char *datap;
+ 	int res;
+-	int dsize;
++	size_t dsize;
+ 	u_short rstatus;
+ 
+ #ifdef notdef
+@@ -2186,7 +2186,7 @@
+ {
+ 	const char *cfgcmd;
+ 	u_short rstatus;
+-	int rsize;
++	size_t rsize;
+ 	const char *rdata;
+ 	char *resp;
+ 	int res;
+@@ -2201,7 +2201,8 @@
+ 			"Keyword = %s\n"
+ 			"Command = %s\n", pcmd->keyword, cfgcmd);
+ 
+-	res = doquery(CTL_OP_CONFIGURE, 0, 1, strlen(cfgcmd), cfgcmd,
++	res = doquery(CTL_OP_CONFIGURE, 0, 1,
++		      strlen(cfgcmd), cfgcmd,
+ 		      &rstatus, &rsize, &rdata);
+ 
+ 	if (res != 0)
+@@ -2251,7 +2252,7 @@
+ 	)
+ {
+ 	u_short rstatus;
+-	int rsize;
++	size_t rsize;
+ 	const char *rdata;
+ 	int res;
+ 	FILE *config_fd;
+@@ -2302,7 +2303,7 @@
+ 			rsize--;
+ 		if (rsize > 0 && '\r' == rdata[rsize - 1])
+ 			rsize--;
+-		printf("Line No: %d %.*s: %s", i, rsize, rdata,
++		printf("Line No: %d %.*s: %s", i, (int)rsize, rdata, /* cast is wobbly */
+ 		       config_cmd);
+ 	}
+ 	printf("Done sending file\n");
+@@ -2319,9 +2320,9 @@
+ 	const char	nonce_eq[] = "nonce=";
+ 	int		qres;
+ 	u_short		rstatus;
+-	int		rsize;
++	size_t		rsize;
+ 	const char *	rdata;
+-	int		chars;
++	size_t		chars;
+ 
+ 	/*
+ 	 * Retrieve a nonce specific to this client to demonstrate to
+@@ -2338,7 +2339,7 @@
+ 	if ((size_t)rsize <= sizeof(nonce_eq) - 1 ||
+ 	    strncmp(rdata, nonce_eq, sizeof(nonce_eq) - 1)) {
+ 		fprintf(stderr, "unexpected nonce response format: %.*s\n",
+-			rsize, rdata);
++			(int)rsize, rdata); /* cast is wobbly */
+ 		return FALSE;
+ 	}
+ 	chars = rsize - (sizeof(nonce_eq) - 1);
+@@ -2421,10 +2422,11 @@
+ 	} while (0)
+ 
+ 
+-void
++int
+ mrulist_ctrl_c_hook(void)
+ {
+ 	mrulist_interrupted = TRUE;
++	return TRUE;
+ }
+ 
+ 
+@@ -2449,10 +2451,10 @@
+ 	char req_buf[CTL_MAX_DATA_LEN];
+ 	char *req;
+ 	char *req_end;
+-	int chars;
++	size_t chars;
+ 	int qres;
+ 	u_short rstatus;
+-	int rsize;
++	size_t rsize;
+ 	const char *rdata;
+ 	int limit;
+ 	int frags;
+@@ -2495,11 +2497,6 @@
+ 	mon = emalloc_zero(cb);
+ 	ZERO(*pnow);
+ 	ZERO(last_older);
+-	mrulist_interrupted = FALSE;
+-	set_ctrl_c_hook(&mrulist_ctrl_c_hook);
+-	fprintf(stderr,
+-		"Ctrl-C will stop MRU retrieval and display partial results.\n");
+-	fflush(stderr);
+ 	next_report = time(NULL) + MRU_REPORT_SECS;
+ 
+ 	limit = min(3 * MAXFRAGS, ntpd_row_limit);
+@@ -2512,8 +2509,9 @@
+ 		if (debug)
+ 			fprintf(stderr, "READ_MRU parms: %s\n", req_buf);
+ 
+-		qres = doqueryex(CTL_OP_READ_MRU, 0, 0, strlen(req_buf),
+-			         req_buf, &rstatus, &rsize, &rdata, TRUE);
++		qres = doqueryex(CTL_OP_READ_MRU, 0, 0,
++				 strlen(req_buf), req_buf,
++				 &rstatus, &rsize, &rdata, TRUE);
+ 
+ 		if (CERR_UNKNOWNVAR == qres && ri > 0) {
+ 			/*
+@@ -2863,7 +2861,7 @@
+ 				 ri, sptoa(&recent->addr), ri,
+ 				 recent->last.l_ui, recent->last.l_uf);
+ 			chars = strlen(buf);
+-			if (REQ_ROOM - chars < 1)
++			if (REQ_ROOM <= chars)
+ 				break;
+ 			memcpy(req, buf, chars + 1);
+ 			req += chars;
+@@ -2870,7 +2868,6 @@
+ 		}
+ 	}
+ 
+-	set_ctrl_c_hook(NULL);
+ 	c_mru_l_rc = TRUE;
+ 	goto retain_hash_table;
+ 
+@@ -3080,6 +3077,12 @@
+ 	int lstint;
+ 	size_t i;
+ 
++	mrulist_interrupted = FALSE;
++	push_ctrl_c_handler(&mrulist_ctrl_c_hook);
++	fprintf(stderr,
++		"Ctrl-C will stop MRU retrieval and display partial results.\n");
++	fflush(stderr);
++
+ 	order = MRUSORT_DEF;
+ 	parms_buf[0] = '\0';
+ 	parms = parms_buf;
+@@ -3220,6 +3223,8 @@
+ 	free(hash_table);
+ 	hash_table = NULL;
+ 	INIT_DLIST(mru_list, mlink);
++
++	pop_ctrl_c_handler(&mrulist_ctrl_c_hook);
+ }
+ 
+ 
+@@ -3317,7 +3322,7 @@
+ 	const char	up_fmt[] =	"up.%u";	/* uptime */
+ 	const char *	datap;
+ 	int		qres;
+-	int		dsize;
++	size_t		dsize;
+ 	u_short		rstatus;
+ 	char *		tag;
+ 	char *		val;
+@@ -3533,7 +3538,7 @@
+ 	const int qdata_chars =		COUNTOF(qdata) - 1;
+ 	const char *	datap;
+ 	int		qres;
+-	int		dsize;
++	size_t		dsize;
+ 	u_short		rstatus;
+ 	char *		tag;
+ 	char *		val;
+@@ -3632,7 +3637,7 @@
+ 	char tagbuf[32];
+ 	vdc *pvdc;
+ 	u_short rstatus;
+-	int rsize;
++	size_t rsize;
+ 	const char *rdata;
+ 	int qres;
+ 	char *tag;
+--- contrib/ntp/ntpq/ntpq.1ntpqman.orig
++++ contrib/ntp/ntpq/ntpq.1ntpqman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpq 1ntpqman "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpq 1ntpqman "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-joa4fN/ag-voaWeN)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4VaaKt/ag-eWa4It)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:39:23 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:31:55 PM by AutoGen 5.18.5
+ .\" From the definitions ntpq-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpq/ntpq.1ntpqmdoc.orig
++++ contrib/ntp/ntpq/ntpq.1ntpqmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPQ 1ntpqmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpq-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpq/ntpq.c.orig
++++ contrib/ntp/ntpq/ntpq.c
+@@ -39,6 +39,7 @@
+ 
+ #include "ntp_libopts.h"
+ #include "ntpq-opts.h"
++#include "safecast.h"
+ 
+ #ifdef SYS_VXWORKS		/* vxWorks needs mode flag -casey*/
+ # define open(name, flags)   open(name, flags, 0777)
+@@ -168,13 +169,13 @@
+ static	int	openhost	(const char *, int);
+ static	void	dump_hex_printable(const void *, size_t);
+ static	int	sendpkt		(void *, size_t);
+-static	int	getresponse	(int, int, u_short *, int *, const char **, int);
+-static	int	sendrequest	(int, associd_t, int, int, const char *);
++static	int	getresponse	(int, int, u_short *, size_t *, const char **, int);
++static	int	sendrequest	(int, associd_t, int, size_t, const char *);
+ static	char *	tstflags	(u_long);
+ #ifndef BUILD_AS_LIB
+ static	void	getcmds		(void);
+ #ifndef SYS_WINNT
+-static	RETSIGTYPE abortcmd	(int);
++static	int	abortcmd	(void);
+ #endif	/* SYS_WINNT */
+ static	void	docmd		(const char *);
+ static	void	tokenize	(const char *, char **, int *);
+@@ -208,13 +209,14 @@
+     __attribute__((__format__(__printf__, 1, 2)));
+ static	u_long	getkeyid	(const char *);
+ static	void	atoascii	(const char *, size_t, char *, size_t);
+-static	void	cookedprint	(int, int, const char *, int, int, FILE *);
+-static	void	rawprint	(int, int, const char *, int, int, FILE *);
++static	void	cookedprint	(int, size_t, const char *, int, int, FILE *);
++static	void	rawprint	(int, size_t, const char *, int, int, FILE *);
+ static	void	startoutput	(void);
+ static	void	output		(FILE *, const char *, const char *);
+ static	void	endoutput	(FILE *);
+ static	void	outputarr	(FILE *, char *, int, l_fp *);
+ static	int	assoccmp	(const void *, const void *);
++static	void	on_ctrlc	(void);
+ 	u_short	varfmt		(const char *);
+ 
+ void	ntpq_custom_opt_handler	(tOptions *, tOptDesc *);
+@@ -558,9 +560,10 @@
+ 		interactive = 1;
+ 	}
+ 
++	set_ctrl_c_hook(on_ctrlc);
+ #ifndef SYS_WINNT /* Under NT cannot handle SIGINT, WIN32 spawns a handler */
+ 	if (interactive)
+-	    (void) signal_no_reset(SIGINT, abortcmd);
++		push_ctrl_c_handler(abortcmd);
+ #endif /* SYS_WINNT */
+ 
+ 	if (numcmds == 0) {
+@@ -739,9 +742,9 @@
+ 		    sizeof(hostaddr)) == -1)
+ #else
+ 	   (connect(sockfd, (struct sockaddr *)ai->ai_addr,
+-		    ai->ai_addrlen) == -1)
++		ai->ai_addrlen) == -1)
+ #endif /* SYS_VXWORKS */
+-	    {
++	{
+ 		error("connect");
+ 		freeaddrinfo(ai);
+ 		return 0;
+@@ -802,7 +805,7 @@
+ 	if (debug >= 3)
+ 		printf("Sending %zu octets\n", xdatalen);
+ 
+-	if (send(sockfd, xdata, (size_t)xdatalen, 0) == -1) {
++	if (send(sockfd, xdata, xdatalen, 0) == -1) {
+ 		warning("write to %s failed", currenthost);
+ 		return -1;
+ 	}
+@@ -822,7 +825,7 @@
+ 	int opcode,
+ 	int associd,
+ 	u_short *rstatus,
+-	int *rsize,
++	size_t *rsize,
+ 	const char **rdata,
+ 	int timeo
+ 	)
+@@ -871,8 +874,7 @@
+ 			tvo = tvsout;
+ 
+ 		FD_SET(sockfd, &fds);
+-		n = select(sockfd + 1, &fds, NULL, NULL, &tvo);
+-
++		n = select(sockfd+1, &fds, NULL, NULL, &tvo);
+ 		if (n == -1) {
+ 			warning("select fails");
+ 			return -1;
+@@ -1171,15 +1173,15 @@
+ 	int opcode,
+ 	associd_t associd,
+ 	int auth,
+-	int qsize,
++	size_t qsize,
+ 	const char *qdata
+ 	)
+ {
+ 	struct ntp_control qpkt;
+-	int	pktsize;
++	size_t	pktsize;
+ 	u_long	key_id;
+ 	char *	pass;
+-	int	maclen;
++	size_t	maclen;
+ 
+ 	/*
+ 	 * Check to make sure the data will fit in one packet
+@@ -1186,7 +1188,7 @@
+ 	 */
+ 	if (qsize > CTL_MAX_DATA_LEN) {
+ 		fprintf(stderr,
+-			"***Internal error!  qsize (%d) too large\n",
++			"***Internal error!  qsize (%zu) too large\n",
+ 			qsize);
+ 		return 1;
+ 	}
+@@ -1265,7 +1267,7 @@
+ 		return 1;
+ 	} else if ((size_t)maclen != (info_auth_hashlen + sizeof(keyid_t))) {
+ 		fprintf(stderr,
+-			"%d octet MAC, %zu expected with %zu octet digest\n",
++			"%zu octet MAC, %zu expected with %zu octet digest\n",
+ 			maclen, (info_auth_hashlen + sizeof(keyid_t)),
+ 			info_auth_hashlen);
+ 		return 1;
+@@ -1355,10 +1357,10 @@
+ 	int opcode,
+ 	associd_t associd,
+ 	int auth,
+-	int qsize,
++	size_t qsize,
+ 	const char *qdata,
+ 	u_short *rstatus,
+-	int *rsize,
++	size_t *rsize,
+ 	const char **rdata
+ 	)
+ {
+@@ -1376,10 +1378,10 @@
+ 	int opcode,
+ 	associd_t associd,
+ 	int auth,
+-	int qsize,
++	size_t qsize,
+ 	const char *qdata,
+ 	u_short *rstatus,
+-	int *rsize,
++	size_t *rsize,
+ 	const char **rdata,
+ 	int quiet
+ 	)
+@@ -1460,16 +1462,18 @@
+ /*
+  * abortcmd - catch interrupts and abort the current command
+  */
+-static RETSIGTYPE
+-abortcmd(
+-	int sig
+-	)
++static int
++abortcmd(void)
+ {
+ 	if (current_output == stdout)
+-	    (void) fflush(stdout);
++		(void) fflush(stdout);
+ 	putc('\n', stderr);
+ 	(void) fflush(stderr);
+-	if (jump) longjmp(interrupt_buf, 1);
++	if (jump) {
++		jump = 0;
++		longjmp(interrupt_buf, 1);
++	}
++	return TRUE;
+ }
+ #endif	/* !SYS_WINNT && !BUILD_AS_LIB */
+ 
+@@ -1743,7 +1747,7 @@
+ 	)
+ {
+ 	struct xcmd *cl;
+-	int clen;
++	size_t clen;
+ 	int nmatch;
+ 	struct xcmd *nearmatch = NULL;
+ 	struct xcmd *clist;
+@@ -2665,7 +2669,7 @@
+ 	int serrno = errno;
+ 	(void) fprintf(stderr, "%s: ", progname);
+ 	vfprintf(stderr, fmt, ap);
+-	(void) fprintf(stderr, ": %s", strerror(serrno));
++	(void) fprintf(stderr, ": %s\n", strerror(serrno));
+ }
+ 
+ /*
+@@ -2800,7 +2804,7 @@
+  */
+ void
+ makeascii(
+-	int length,
++	size_t length,
+ 	const char *data,
+ 	FILE *fp
+ 	)
+@@ -2916,7 +2920,7 @@
+  */
+ int
+ nextvar(
+-	int *datalen,
++	size_t *datalen,
+ 	const char **datap,
+ 	char **vname,
+ 	char **vvalue
+@@ -2963,7 +2967,7 @@
+ 		if (cp < cpend)
+ 			cp++;
+ 		*datap = cp;
+-		*datalen = cpend - cp;
++		*datalen = size2int_sat(cpend - cp);
+ 		*vvalue = NULL;
+ 		return 1;
+ 	}
+@@ -3003,7 +3007,7 @@
+ 	if (np < cpend && ',' == *np)
+ 		np++;
+ 	*datap = np;
+-	*datalen = cpend - np;
++	*datalen = size2int_sat(cpend - np);
+ 	*vvalue = value;
+ 	return 1;
+ }
+@@ -3027,7 +3031,7 @@
+  */
+ void
+ printvars(
+-	int length,
++	size_t length,
+ 	const char *data,
+ 	int status,
+ 	int sttype,
+@@ -3048,7 +3052,7 @@
+ static void
+ rawprint(
+ 	int datatype,
+-	int length,
++	size_t length,
+ 	const char *data,
+ 	int status,
+ 	int quiet,
+@@ -3113,10 +3117,10 @@
+ 	const char *value
+ 	)
+ {
+-	size_t len;
++	int len;
+ 
+ 	/* strlen of "name=value" */
+-	len = strlen(name) + 1 + strlen(value);
++	len = size2int_sat(strlen(name) + 1 + strlen(value));
+ 
+ 	if (out_chars != 0) {
+ 		out_chars += 2;
+@@ -3161,10 +3165,10 @@
+ 	l_fp *lfp
+ 	)
+ {
+-	register char *bp;
+-	register char *cp;
+-	register int i;
+-	register int len;
++	char *bp;
++	char *cp;
++	size_t i;
++	size_t len;
+ 	char buf[256];
+ 
+ 	bp = buf;
+@@ -3246,7 +3250,7 @@
+ static void
+ cookedprint(
+ 	int datatype,
+-	int length,
++	size_t length,
+ 	const char *data,
+ 	int status,
+ 	int quiet,
+@@ -3430,7 +3434,7 @@
+ 	}
+ 	assoc_cache = erealloc_zero(assoc_cache, new_sz, prior_sz); 
+ 	prior_sz = new_sz;
+-	assoc_cache_slots = new_sz / sizeof(assoc_cache[0]);
++	assoc_cache_slots = (u_int)(new_sz / sizeof(assoc_cache[0]));
+ }
+ 
+ 
+@@ -3566,3 +3570,48 @@
+ 
+     return list;
+ }
++
++#define CTRLC_STACK_MAX 4
++static volatile size_t		ctrlc_stack_len = 0;
++static volatile Ctrl_C_Handler	ctrlc_stack[CTRLC_STACK_MAX];
++
++
++
++int/*BOOL*/
++push_ctrl_c_handler(
++	Ctrl_C_Handler func
++	)
++{
++	size_t size = ctrlc_stack_len;
++	if (func && (size < CTRLC_STACK_MAX)) {
++		ctrlc_stack[size] = func;
++		ctrlc_stack_len = size + 1;
++		return TRUE;
++	}
++	return FALSE;	
++}
++
++int/*BOOL*/
++pop_ctrl_c_handler(
++	Ctrl_C_Handler func
++	)
++{
++	size_t size = ctrlc_stack_len;
++	if (size) {
++		--size;
++		if (func == NULL || func == ctrlc_stack[size]) {
++			ctrlc_stack_len = size;
++			return TRUE;
++		}
++	}
++	return FALSE;
++}
++
++static void
++on_ctrlc(void)
++{
++	size_t size = ctrlc_stack_len;
++	while (size)
++		if ((*ctrlc_stack[--size])())
++			break;
++}
+--- contrib/ntp/ntpq/ntpq.h.orig
++++ contrib/ntp/ntpq/ntpq.h
+@@ -136,19 +136,23 @@
+ extern	void	sortassoc	(void);
+ extern	void	show_error_msg	(int, associd_t);
+ extern	int	dogetassoc	(FILE *);
+-extern	int	doquery		(int, associd_t, int, int, const char *,
+-				 u_short *, int *, const char **);
+-extern	int	doqueryex	(int, associd_t, int, int, const char *,
+-				 u_short *, int *, const char **, int);
++extern	int	doquery		(int, associd_t, int, size_t, const char *,
++				 u_short *, size_t *, const char **);
++extern	int	doqueryex	(int, associd_t, int, size_t, const char *,
++				 u_short *, size_t *, const char **, int);
+ extern	const char * nntohost	(sockaddr_u *);
+ extern	const char * nntohost_col (sockaddr_u *, size_t, int);
+ extern	const char * nntohostp	(sockaddr_u *);
+ extern	int	decodets	(char *, l_fp *);
+ extern	int	decodeuint	(char *, u_long *);
+-extern	int	nextvar		(int *, const char **, char **, char **);
++extern	int	nextvar		(size_t *, const char **, char **, char **);
+ extern	int	decodetime	(char *, l_fp *);
+-extern	void	printvars	(int, const char *, int, int, int, FILE *);
++extern	void	printvars	(size_t, const char *, int, int, int, FILE *);
+ extern	int	decodeint	(char *, long *);
+-extern	void	makeascii	(int, const char *, FILE *);
++extern	void	makeascii	(size_t, const char *, FILE *);
+ extern	const char * trunc_left	(const char *, size_t);
+ extern	const char * trunc_right(const char *, size_t);
++
++typedef	int/*BOOL*/ (*Ctrl_C_Handler)(void);
++extern	int/*BOOL*/ 	push_ctrl_c_handler(Ctrl_C_Handler);
++extern	int/*BOOL*/ 	pop_ctrl_c_handler(Ctrl_C_Handler);
+--- contrib/ntp/ntpq/ntpq.html.orig
++++ contrib/ntp/ntpq/ntpq.html
+@@ -44,7 +44,7 @@
+ and determine the performance of
+ ntpd, the NTP daemon.
+ 
+-  
          This document applies to version 4.2.8p4 of ntpq.
++  
          This document applies to version 4.2.8p5 of ntpq.
+ 
+ 
            
+ 
          • ntpq Description
+@@ -769,7 +769,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
            ntpq - standard NTP query program - Ver. 4.2.8p4-sec-RC2
++
            ntpq - standard NTP query program - Ver. 4.2.8p4
+ Usage:  ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
+   Flg Arg Option-Name    Description
+    -4 no  ipv4           Force IPv4 DNS name resolution
+--- contrib/ntp/ntpq/ntpq.man.in.orig
++++ contrib/ntp/ntpq/ntpq.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpq @NTPQ_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpq @NTPQ_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-joa4fN/ag-voaWeN)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4VaaKt/ag-eWa4It)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:39:23 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:31:55 PM by AutoGen 5.18.5
+ .\" From the definitions ntpq-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpq/ntpq.mdoc.in.orig
++++ contrib/ntp/ntpq/ntpq.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPQ @NTPQ_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpq-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi.orig
++++ contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntpsnmpd.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:39:43 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:32:15 PM by AutoGen 5.18.5
+ # From the definitions    ntpsnmpd-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -47,7 +47,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p4
++ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5
+ Usage:  ntpsnmpd [ - [] | --[@{=| @}] ]...
+   Flg Arg Option-Name    Description
+    -n no  nofork         Do not fork
+--- contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:32 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:32:05 PM by AutoGen 5.18.5
+  *  From the definitions    ntpsnmpd-opts.def
+  *  and the template file   options
+  *
+@@ -61,7 +61,7 @@
+  *  static const strings for ntpsnmpd options
+  */
+ static char const ntpsnmpd_opt_strs[1610] =
+-/*     0 */ "ntpsnmpd 4.2.8p4\n"
++/*     0 */ "ntpsnmpd 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -101,7 +101,7 @@
+ /*  1414 */ "no-load-opts\0"
+ /*  1427 */ "no\0"
+ /*  1430 */ "NTPSNMPD\0"
+-/*  1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p4\n"
++/*  1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]...\n\0"
+ /*  1542 */ "$HOME\0"
+ /*  1548 */ ".\0"
+@@ -108,7 +108,7 @@
+ /*  1550 */ ".ntprc\0"
+ /*  1557 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  1591 */ "\n\0"
+-/*  1593 */ "ntpsnmpd 4.2.8p4";
++/*  1593 */ "ntpsnmpd 4.2.8p5";
+ 
+ /**
+  *  nofork option description:
+@@ -554,7 +554,7 @@
+      translate option names.
+    */
+   /* referenced via ntpsnmpdOptions.pzCopyright */
+-  puts(_("ntpsnmpd 4.2.8p4\n\
++  puts(_("ntpsnmpd 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -599,7 +599,7 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via ntpsnmpdOptions.pzUsageTitle */
+-  puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p4\n\
++  puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]...\n"));
+ 
+   /* referenced via ntpsnmpdOptions.pzExplain */
+@@ -606,7 +606,7 @@
+   puts(_("\n"));
+ 
+   /* referenced via ntpsnmpdOptions.pzFullVersion */
+-  puts(_("ntpsnmpd 4.2.8p4"));
++  puts(_("ntpsnmpd 4.2.8p5"));
+ 
+   /* referenced via ntpsnmpdOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:32 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:32:04 PM by AutoGen 5.18.5
+  *  From the definitions    ntpsnmpd-opts.def
+  *  and the template file   options
+  *
+@@ -76,9 +76,9 @@
+ /** count of all options for ntpsnmpd */
+ #define OPTION_CT    8
+ /** ntpsnmpd version */
+-#define NTPSNMPD_VERSION       "4.2.8p4"
++#define NTPSNMPD_VERSION       "4.2.8p5"
+ /** Full ntpsnmpd version text */
+-#define NTPSNMPD_FULL_VERSION  "ntpsnmpd 4.2.8p4"
++#define NTPSNMPD_FULL_VERSION  "ntpsnmpd 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpsnmpd 1ntpsnmpdman "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpsnmpd 1ntpsnmpdman "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Xna4nO/ag-9naWmO)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dZaaSu/ag-qZa4Qu)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:39:39 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:32:12 PM by AutoGen 5.18.5
+ .\" From the definitions ntpsnmpd-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:45 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:18 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpsnmpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.html.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.html
+@@ -42,7 +42,7 @@
+ 
            The ntpsnmpd utility program is used to monitor NTP daemon ntpd
+ operations and determine performance.  It uses the standard NTP mode 6 control
+ 
+-  
            This document applies to version 4.2.8p4 of ntpsnmpd.
++  
            This document applies to version 4.2.8p5 of ntpsnmpd.
+ 
+ 
              
+ 
            • ntpsnmpd Description:             Description
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.man.in.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpsnmpd @NTPSNMPD_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH ntpsnmpd @NTPSNMPD_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Xna4nO/ag-9naWmO)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dZaaSu/ag-qZa4Qu)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:39:39 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:32:12 PM by AutoGen 5.18.5
+ .\" From the definitions ntpsnmpd-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in.orig
++++ contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpsnmpd-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:45 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:18 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpsnmpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/calc_tickadj/Makefile.am.orig
++++ contrib/ntp/scripts/calc_tickadj/Makefile.am
+@@ -60,6 +60,8 @@
+ 	$(manpage_HACK)			\
+ 	$(NULL)
+ 
++BUILT_SOURCES = $(noinst_DATA)
++
+ calc_tickadj: $(srcdir)/calc_tickadj-opts
+ 
+ $(srcdir)/calc_tickadj-opts: $(srcdir)/calc_tickadj-opts.def
+--- contrib/ntp/scripts/calc_tickadj/Makefile.in.orig
++++ contrib/ntp/scripts/calc_tickadj/Makefile.in
+@@ -516,7 +516,9 @@
+ 	$(manpage_HACK)			\
+ 	$(NULL)
+ 
+-all: all-am
++BUILT_SOURCES = $(noinst_DATA)
++all: $(BUILT_SOURCES)
++	$(MAKE) $(AM_MAKEFLAGS) all-am
+ 
+ .SUFFIXES:
+ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
+@@ -785,13 +787,15 @@
+ 	  fi; \
+ 	done
+ check-am: all-am
+-check: check-am
++check: $(BUILT_SOURCES)
++	$(MAKE) $(AM_MAKEFLAGS) check-am
+ all-am: Makefile $(SCRIPTS) $(MANS) $(DATA)
+ installdirs:
+ 	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man8dir)"; do \
+ 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ 	done
+-install: install-am
++install: $(BUILT_SOURCES)
++	$(MAKE) $(AM_MAKEFLAGS) install-am
+ install-exec: install-exec-am
+ install-data: install-data-am
+ uninstall: uninstall-am
+@@ -822,6 +826,7 @@
+ maintainer-clean-generic:
+ 	@echo "This command is intended for maintainers to use"
+ 	@echo "it deletes files that may require special tools to rebuild."
++	-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+ clean: clean-am
+ 
+ clean-am: clean-generic clean-libtool mostlyclean-am
+@@ -892,7 +897,7 @@
+ 
+ uninstall-man: uninstall-man1 uninstall-man8
+ 
+-.MAKE: install-am install-strip
++.MAKE: all check install install-am install-strip
+ 
+ .PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ 	cscopelist-am ctags-am distclean distclean-generic \
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH calc_tickadj 1calc_tickadjman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH calc_tickadj 1calc_tickadjman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-3baGnz/ag-dcaOmz)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nyaOMf/ag-AyaWLf)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:33:58 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:26 PM by AutoGen 5.18.5
+ .\" From the definitions calc_tickadj-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (calc_tickadj-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:02 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:28 PM by AutoGen 5.18.5
+ .\"  From the definitions    calc_tickadj-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.html.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.html
+@@ -31,7 +31,7 @@
+ 
              calc_tickadj User's Manual
              
+ 
+ 
              This document describes the use of the NTP Project's calc_tickadj program. 
+-This document applies to version 4.2.8p4 of calc_tickadj.
++This document applies to version 4.2.8p5 of calc_tickadj.
+ 
+   
              
+ 
              Short Contents
              
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH calc_tickadj 1calc_tickadjman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH calc_tickadj 1calc_tickadjman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-3baGnz/ag-dcaOmz)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nyaOMf/ag-AyaWLf)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:33:58 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:26 PM by AutoGen 5.18.5
+ .\" From the definitions calc_tickadj-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in.orig
++++ contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (calc_tickadj-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:02 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:28 PM by AutoGen 5.18.5
+ .\"  From the definitions    calc_tickadj-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi.orig
++++ contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-calc_tickadj.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:04 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:30 PM by AutoGen 5.18.5
+ # From the definitions    calc_tickadj-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+--- contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi.orig
++++ contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntp-wait.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:12 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:39 PM by AutoGen 5.18.5
+ # From the definitions    ntp-wait-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -61,7 +61,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p4
++ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5
+ USAGE: ntp-wait [ - [] | --[@{=| @}] ]... 
+ 
+     -n, --tries=num              Number of times to check ntpd
+--- contrib/ntp/scripts/ntp-wait/ntp-wait-opts.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (ntp-wait-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:06 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:33 PM by AutoGen 5.18.5
+ # From the definitions    ntp-wait-opts.def
+ # and the template file   perlopt
+ 
+@@ -40,7 +40,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p4
++ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5
+ USAGE: ntp-wait [ - [] | --[{=| }] ]... 
+ 
+     -n, --tries=num              Number of times to check ntpd
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp-wait 1ntp-waitman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntp-wait 1ntp-waitman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-fzaONA/ag-rzaWMA)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7OaOah/ag-iPaW_g)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:08 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:35 PM by AutoGen 5.18.5
+ .\" From the definitions ntp-wait-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_WAIT 1ntp-waitmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:14 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:41 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-wait-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.html.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.html
+@@ -39,7 +39,7 @@
+ and only then start any applicaitons (like database servers) that require
+ accurate and stable time.
+ 
+-  
              This document applies to version 4.2.8p4 of ntp-wait.
++  
              This document applies to version 4.2.8p5 of ntp-wait.
+ 
+ 
              
+ 
              Short Contents
              
+@@ -114,7 +114,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
              ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p4
++
              ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5
+ USAGE: ntp-wait [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
+ 
+     -n, --tries=num              Number of times to check ntpd
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.man.in.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp-wait @NTP_WAIT_MS@ "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntp-wait @NTP_WAIT_MS@ "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-fzaONA/ag-rzaWMA)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-7OaOah/ag-iPaW_g)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:08 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:35 PM by AutoGen 5.18.5
+ .\" From the definitions ntp-wait-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in.orig
++++ contrib/ntp/scripts/ntp-wait/ntp-wait.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_WAIT @NTP_WAIT_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-wait-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:14 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:41 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-wait-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi.orig
++++ contrib/ntp/scripts/ntpsweep/invoke-ntpsweep.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntpsweep.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:18 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:45 PM by AutoGen 5.18.5
+ # From the definitions    ntpsweep-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -45,7 +45,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p4
++ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p5
+ USAGE: ntpsweep [ - [] | --[@{=| @}] ]... [hostfile]
+ 
+     -l, --host-list=str          Host to execute actions on
+--- contrib/ntp/scripts/ntpsweep/ntpsweep-opts.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (ntpsweep-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:16 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:43 PM by AutoGen 5.18.5
+ # From the definitions    ntpsweep-opts.def
+ # and the template file   perlopt
+ 
+@@ -43,7 +43,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p4
++ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p5
+ USAGE: ntpsweep [ - [] | --[{=| }] ]... [hostfile]
+ 
+     -l, --host-list=str          Host to execute actions on
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpsweep 1ntpsweepman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntpsweep 1ntpsweepman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-kqaGdC/ag-xqaOcC)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-eHaGCi/ag-rHaOBi)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:20 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:47 PM by AutoGen 5.18.5
+ .\" From the definitions ntpsweep-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPSWEEP 1ntpsweepmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpsweep-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:23 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:50 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpsweep-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.html.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.html
+@@ -30,7 +30,7 @@
+ 
+   
              This document describes the use of the NTP Project's ntpsweep program.
+ 
+-  
              This document applies to version 4.2.8p4 of ntpsweep.
++  
              This document applies to version 4.2.8p5 of ntpsweep.
+ 
+   
              
+ 
              Short Contents
              
+@@ -90,7 +90,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
              ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p4
++
              ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p5
+ USAGE: ntpsweep [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostfile]
+ 
+     -l, --host-list=str          Host to execute actions on
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.man.in.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntpsweep 1ntpsweepman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntpsweep 1ntpsweepman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-kqaGdC/ag-xqaOcC)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-eHaGCi/ag-rHaOBi)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:20 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:47 PM by AutoGen 5.18.5
+ .\" From the definitions ntpsweep-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in.orig
++++ contrib/ntp/scripts/ntpsweep/ntpsweep.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPSWEEP 1ntpsweepmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpsweep-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:23 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:26:50 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpsweep-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi.orig
++++ contrib/ntp/scripts/ntptrace/invoke-ntptrace.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntptrace.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:30 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:58 PM by AutoGen 5.18.5
+ # From the definitions    ntptrace-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -62,7 +62,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntptrace - Trace peers of an NTP server - Ver. 4.2.8p4
++ntptrace - Trace peers of an NTP server - Ver. 4.2.8p5
+ USAGE: ntptrace [ - [] | --[@{=| @}] ]... [host]
+ 
+     -n, --numeric                Print IP addresses instead of hostnames
+--- contrib/ntp/scripts/ntptrace/ntptrace-opts.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (ntptrace-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:25 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:26:52 PM by AutoGen 5.18.5
+ # From the definitions    ntptrace-opts.def
+ # and the template file   perlopt
+ 
+@@ -40,7 +40,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-ntptrace - Trace peers of an NTP server - Ver. 4.2.8p4
++ntptrace - Trace peers of an NTP server - Ver. 4.2.8p5
+ USAGE: ntptrace [ - [] | --[{=| }] ]... [host]
+ 
+     -n, --numeric                Print IP addresses instead of hostnames
+--- contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.1ntptraceman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntptrace 1ntptraceman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntptrace 1ntptraceman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-h.aOvD/ag-u.aWuD)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tqaWUj/ag-Gqa4Tj)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:27 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:54 PM by AutoGen 5.18.5
+ .\" From the definitions ntptrace-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.1ntptracemdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPTRACE 1ntptracemdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntptrace-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:32 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:00 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntptrace-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/ntptrace/ntptrace.html.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.html
+@@ -31,7 +31,7 @@
+ 
              Simple Network Time Protocol User Manual
              
+ 
+ 
              This document describes the use of the NTP Project's ntptrace program. 
+-This document applies to version 4.2.8p4 of ntptrace.
++This document applies to version 4.2.8p5 of ntptrace.
+ 
+   
              
+ 
              Short Contents
              
+@@ -107,7 +107,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
              ntptrace - Trace peers of an NTP server - Ver. 4.2.8p4
++
              ntptrace - Trace peers of an NTP server - Ver. 4.2.8p5
+ USAGE: ntptrace [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [host]
+ 
+     -n, --numeric                Print IP addresses instead of hostnames
+--- contrib/ntp/scripts/ntptrace/ntptrace.man.in.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntptrace @NTPTRACE_MS@ "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntptrace @NTPTRACE_MS@ "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-h.aOvD/ag-u.aWuD)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tqaWUj/ag-Gqa4Tj)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:27 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:26:54 PM by AutoGen 5.18.5
+ .\" From the definitions ntptrace-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in.orig
++++ contrib/ntp/scripts/ntptrace/ntptrace.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPTRACE @NTPTRACE_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntptrace-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:32 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:00 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntptrace-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/update-leap/invoke-update-leap.texi.orig
++++ contrib/ntp/scripts/update-leap/invoke-update-leap.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-update-leap.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:38 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:05 PM by AutoGen 5.18.5
+ # From the definitions    update-leap-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+--- contrib/ntp/scripts/update-leap/update-leap-opts.orig
++++ contrib/ntp/scripts/update-leap/update-leap-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (update-leap-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:44 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:11 PM by AutoGen 5.18.5
+ # From the definitions    update-leap-opts.def
+ # and the template file   perlopt
+ 
+@@ -46,7 +46,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-update-leap - leap-seconds file manager/updater - Ver. 4.2.8p4
++update-leap - leap-seconds file manager/updater - Ver. 4.2.8p5
+ USAGE: update-leap [ - [] | --[{=| }] ]... 
+ 
+     -s, --source-url=str         The URL of the master copy of the leapseconds file
+--- contrib/ntp/scripts/update-leap/update-leap.1update-leapman.orig
++++ contrib/ntp/scripts/update-leap/update-leap.1update-leapman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH update-leap 1update-leapman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH update-leap 1update-leapman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tXaylE/ag-FXaGkE)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9hayKk/ag-kiaGJk)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:34 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:02 PM by AutoGen 5.18.5
+ .\" From the definitions update-leap-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc.orig
++++ contrib/ntp/scripts/update-leap/update-leap.1update-leapmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt UPDATE_LEAP 1update-leapmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (update-leap-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:42 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:10 PM by AutoGen 5.18.5
+ .\"  From the definitions    update-leap-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/update-leap/update-leap.html.orig
++++ contrib/ntp/scripts/update-leap/update-leap.html
+@@ -30,7 +30,7 @@
+ 
+   
              This document describes the use of the NTP Project's update-leap program.
+ 
+-  
              This document applies to version 4.2.8p4 of update-leap.
++  
              This document applies to version 4.2.8p5 of update-leap.
+ 
+ 
              
+ 
              Short Contents
              
+--- contrib/ntp/scripts/update-leap/update-leap.man.in.orig
++++ contrib/ntp/scripts/update-leap/update-leap.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH update-leap 1update-leapman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH update-leap 1update-leapman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-tXaylE/ag-FXaGkE)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9hayKk/ag-kiaGJk)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:34 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:02 PM by AutoGen 5.18.5
+ .\" From the definitions update-leap-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/update-leap/update-leap.mdoc.in.orig
++++ contrib/ntp/scripts/update-leap/update-leap.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt UPDATE_LEAP 1update-leapmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (update-leap-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:42 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:10 PM by AutoGen 5.18.5
+ .\"  From the definitions    update-leap-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/invoke-plot_summary.texi.orig
++++ contrib/ntp/scripts/invoke-plot_summary.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-plot_summary.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:48 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:16 PM by AutoGen 5.18.5
+ # From the definitions    plot_summary-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -41,7 +41,7 @@
+ 
+ @exampleindent 0
+ @example
+-plot_summary - plot statistics generated by summary script - Ver. 4.2.8p4
++plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5
+ USAGE: plot_summary [ - [] | --[@{=| @}] ]... 
+ 
+         --directory=str          Where the summary files are
+--- contrib/ntp/scripts/invoke-summary.texi.orig
++++ contrib/ntp/scripts/invoke-summary.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-summary.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:54 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:22 PM by AutoGen 5.18.5
+ # From the definitions    summary-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -42,7 +42,7 @@
+ 
+ @exampleindent 0
+ @example
+-summary - compute various stastics from NTP stat files - Ver. 4.2.8p4
++summary - compute various stastics from NTP stat files - Ver. 4.2.8p5
+ USAGE: summary [ - [] | --[@{=| @}] ]... 
+ 
+         --directory=str          Directory containing stat files
+--- contrib/ntp/scripts/plot_summary-opts.orig
++++ contrib/ntp/scripts/plot_summary-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (plot_summary-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:45 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:12 PM by AutoGen 5.18.5
+ # From the definitions    plot_summary-opts.def
+ # and the template file   perlopt
+ 
+@@ -46,7 +46,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-plot_summary - plot statistics generated by summary script - Ver. 4.2.8p4
++plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5
+ USAGE: plot_summary [ - [] | --[{=| }] ]... 
+ 
+         --directory=str          Where the summary files are
+--- contrib/ntp/scripts/plot_summary.1plot_summaryman.orig
++++ contrib/ntp/scripts/plot_summary.1plot_summaryman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH plot_summary 1plot_summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH plot_summary 1plot_summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaylG/ag-RXaGkG)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-xiaqKm/ag-KiayJm)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:51 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:18 PM by AutoGen 5.18.5
+ .\" From the definitions plot_summary-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/plot_summary.1plot_summarymdoc.orig
++++ contrib/ntp/scripts/plot_summary.1plot_summarymdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (plot_summary-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:53 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:20 PM by AutoGen 5.18.5
+ .\"  From the definitions    plot_summary-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/plot_summary.html.orig
++++ contrib/ntp/scripts/plot_summary.html
+@@ -31,7 +31,7 @@
+ 
              Plot_summary User Manual
              
+ 
+ 
              This document describes the use of the NTP Project's plot_summary program. 
+-This document applies to version 4.2.8p4 of plot_summary.
++This document applies to version 4.2.8p5 of plot_summary.
+ 
+   
              
+ 
              Short Contents
              
+@@ -89,7 +89,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
              plot_summary - plot statistics generated by summary script - Ver. 4.2.8p4
++
              plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5
+ USAGE: plot_summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
+ 
+         --directory=str          Where the summary files are
+--- contrib/ntp/scripts/plot_summary.man.in.orig
++++ contrib/ntp/scripts/plot_summary.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH plot_summary 1plot_summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH plot_summary 1plot_summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaylG/ag-RXaGkG)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-xiaqKm/ag-KiayJm)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:51 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:18 PM by AutoGen 5.18.5
+ .\" From the definitions plot_summary-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/plot_summary.mdoc.in.orig
++++ contrib/ntp/scripts/plot_summary.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (plot_summary-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:53 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:20 PM by AutoGen 5.18.5
+ .\"  From the definitions    plot_summary-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/summary-opts.orig
++++ contrib/ntp/scripts/summary-opts
+@@ -1,6 +1,6 @@
+ # EDIT THIS FILE WITH CAUTION  (summary-opts)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:34:47 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:27:14 PM by AutoGen 5.18.5
+ # From the definitions    summary-opts.def
+ # and the template file   perlopt
+ 
+@@ -44,7 +44,7 @@
+         'help|?', 'more-help'));
+ 
+     $usage = <<'USAGE';
+-summary - compute various stastics from NTP stat files - Ver. 4.2.8p4
++summary - compute various stastics from NTP stat files - Ver. 4.2.8p5
+ USAGE: summary [ - [] | --[{=| }] ]... 
+ 
+         --directory=str          Directory containing stat files
+--- contrib/ntp/scripts/summary.1summaryman.orig
++++ contrib/ntp/scripts/summary.1summaryman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH summary 1summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH summary 1summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-ghaazG/ag-shaiyG)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-.Ca4Xm/ag-lDaaXm)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:56 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:24 PM by AutoGen 5.18.5
+ .\" From the definitions summary-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/summary.1summarymdoc.orig
++++ contrib/ntp/scripts/summary.1summarymdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SUMMARY 1summarymdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (summary-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:58 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:25 PM by AutoGen 5.18.5
+ .\"  From the definitions    summary-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/scripts/summary.html.orig
++++ contrib/ntp/scripts/summary.html
+@@ -31,7 +31,7 @@
+ 
              Summary User Manual
              
+ 
+ 
              This document describes the use of the NTP Project's summary program. 
+-This document applies to version 4.2.8p4 of summary.
++This document applies to version 4.2.8p5 of summary.
+ 
+   
              
+ 
              Short Contents
              
+@@ -88,7 +88,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
              summary - compute various stastics from NTP stat files - Ver. 4.2.8p4
++
              summary - compute various stastics from NTP stat files - Ver. 4.2.8p5
+ USAGE: summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
+ 
+         --directory=str          Directory containing stat files
+--- contrib/ntp/scripts/summary.man.in.orig
++++ contrib/ntp/scripts/summary.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH summary 1summaryman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH summary 1summaryman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-ghaazG/ag-shaiyG)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-.Ca4Xm/ag-lDaaXm)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:34:56 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:27:24 PM by AutoGen 5.18.5
+ .\" From the definitions summary-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/scripts/summary.mdoc.in.orig
++++ contrib/ntp/scripts/summary.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SUMMARY 1summarymdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (summary-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:34:58 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:27:25 PM by AutoGen 5.18.5
+ .\"  From the definitions    summary-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/sntp/include/version.def.orig
++++ contrib/ntp/sntp/include/version.def
+@@ -1 +1 @@
+-version = '4.2.8p4';
++version = '4.2.8p5';
+--- contrib/ntp/sntp/include/version.texi.orig
++++ contrib/ntp/sntp/include/version.texi
+@@ -1,3 +1,3 @@
+-@set UPDATED 21 October 2015
+-@set EDITION 4.2.8p4
+-@set VERSION 4.2.8p4
++@set UPDATED 07 January 2016
++@set EDITION 4.2.8p5
++@set VERSION 4.2.8p5
+--- contrib/ntp/sntp/m4/ntp_libevent.m4.orig
++++ contrib/ntp/sntp/m4/ntp_libevent.m4
+@@ -89,9 +89,10 @@
+ 	    # LDADD_LIBEVENT=`$PKG_CONFIG --libs libevent | sed 's:-levent::'`
+ 	    # So now we dance...
+ 	    LDADD_LIBEVENT=
+-	    for i in `$PKG_CONFIG --libs libevent`
++	    for i in `$PKG_CONFIG --libs libevent` `$PKG_CONFIG --cflags-only-other libevent_pthreads`
+ 	    do
+ 		case "$i" in
++		 -D*) ;;
+ 		 -levent*) ;;
+ 		 *) case "$LDADD_LIBEVENT" in
+ 		     '') LDADD_LIBEVENT="$i" ;;
+--- contrib/ntp/sntp/m4/ntp_problemtests.m4.orig
++++ contrib/ntp/sntp/m4/ntp_problemtests.m4
+@@ -28,8 +28,9 @@
+ AC_MSG_CHECKING([if we can run test-ntp_restrict])
+ ntp_test_ntp_restrict="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
++ no:0:*-*-hpux11.23*) ;;
+  no:0:*-*-solaris*) ;;
+- no:0:*-*-hpux-11.23*) ;;
+  *) ntp_test_ntp_restrict="yes" ;;
+ esac
+ AC_MSG_RESULT([$ntp_test_ntp_restrict])
+@@ -38,6 +39,7 @@
+ AC_MSG_CHECKING([if we can run test-ntp_scanner])
+ ntp_test_ntp_scanner="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
+  no:0:*-*-solaris*) ;;
+  *) ntp_test_ntp_scanner="yes" ;;
+ esac
+@@ -47,6 +49,7 @@
+ AC_MSG_CHECKING([if we can run test-ntp_signd])
+ ntp_test_ntp_signd="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
+  no:0:*-*-solaris*) ;;
+  *) ntp_test_ntp_signd="yes" ;;
+ esac
+--- contrib/ntp/sntp/m4/version.m4.orig
++++ contrib/ntp/sntp/m4/version.m4
+@@ -1 +1 @@
+-m4_define([VERSION_NUMBER],[4.2.8p4])
++m4_define([VERSION_NUMBER],[4.2.8p5])
+--- contrib/ntp/sntp/tests/keyFile.c.orig
++++ contrib/ntp/sntp/tests/keyFile.c
+@@ -62,9 +62,13 @@
+ void
+ test_ReadEmptyKeyFile(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-empty", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(0, auth_init(CreatePath("key-test-empty", INPUT_DIR), &keys));
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(0, auth_init(path, &keys));
+ 	TEST_ASSERT_NULL(keys);
++
++	free((void *)path);
+ }
+ 
+ 
+@@ -71,11 +75,14 @@
+ void
+ test_ReadASCIIKeys(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-ascii", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(2, auth_init(CreatePath("key-test-ascii", INPUT_DIR), &keys));
+-
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(2, auth_init(path, &keys));
+ 	TEST_ASSERT_NOT_NULL(keys);
+ 
++	free((void *)path);
++
+ 	struct key* result = NULL;
+ 	get_key(40, &result);
+ 	TEST_ASSERT_NOT_NULL(result);
+@@ -91,10 +98,12 @@
+ void
+ test_ReadHexKeys(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-hex", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(3, auth_init(CreatePath("key-test-hex", INPUT_DIR), &keys));
+-
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(3, auth_init(path, &keys));
+ 	TEST_ASSERT_NOT_NULL(keys);
++	free((void *)path);
+ 
+ 	struct key* result = NULL;
+ 	get_key(10, &result);
+@@ -119,10 +128,12 @@
+ void
+ test_ReadKeyFileWithComments(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-comments", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(2, auth_init(CreatePath("key-test-comments", INPUT_DIR), &keys));
+-	
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(2, auth_init(path, &keys));
+ 	TEST_ASSERT_NOT_NULL(keys);
++	free((void *)path);
+ 
+ 	struct key* result = NULL;
+ 	get_key(10, &result);
+@@ -140,10 +151,12 @@
+ void
+ test_ReadKeyFileWithInvalidHex(void) {
+ 	struct key* keys = NULL;
++	const char *path = CreatePath("key-test-invalid-hex", INPUT_DIR);
+ 
+-	TEST_ASSERT_EQUAL(1, auth_init(CreatePath("key-test-invalid-hex", INPUT_DIR), &keys));
+-
++	TEST_ASSERT_NOT_NULL(path);
++	TEST_ASSERT_EQUAL(1, auth_init(path, &keys));
+ 	TEST_ASSERT_NOT_NULL(keys);
++	free((void *)path);
+ 
+ 	struct key* result = NULL;
+ 	get_key(10, &result);
+--- contrib/ntp/sntp/tests/kodDatabase.c.orig
++++ contrib/ntp/sntp/tests/kodDatabase.c
+@@ -1,5 +1,6 @@
+ #include "config.h"
+ 
++#include "ntp_workimpl.h"
+ #include "ntp_types.h"
+ #include "sntptest.h"
+ #include "ntp_stdlib.h"
+@@ -20,6 +21,7 @@
+ void
+ setUp(void) {
+ 	kod_init_kod_db("/dev/null", TRUE);
++	init_lib();
+ }
+ 
+ 
+--- contrib/ntp/sntp/tests/kodFile.c.orig
++++ contrib/ntp/sntp/tests/kodFile.c
+@@ -28,6 +28,7 @@
+ setUp(void) {
+ 	kod_db_cnt = 0;
+ 	kod_db = NULL;
++	init_lib();
+ }
+ 
+ 
+--- contrib/ntp/sntp/tests/run-kodDatabase.c.orig
++++ contrib/ntp/sntp/tests/run-kodDatabase.c
+@@ -23,6 +23,7 @@
+ #include 
+ #include 
+ #include "config.h"
++#include "ntp_workimpl.h"
+ #include "ntp_types.h"
+ #include "sntptest.h"
+ #include "ntp_stdlib.h"
+@@ -56,11 +57,11 @@
+ {
+   progname = argv[0];
+   UnityBegin("kodDatabase.c");
+-  RUN_TEST(test_SingleEntryHandling, 13);
+-  RUN_TEST(test_MultipleEntryHandling, 14);
+-  RUN_TEST(test_NoMatchInSearch, 15);
+-  RUN_TEST(test_AddDuplicate, 16);
+-  RUN_TEST(test_DeleteEntry, 17);
++  RUN_TEST(test_SingleEntryHandling, 14);
++  RUN_TEST(test_MultipleEntryHandling, 15);
++  RUN_TEST(test_NoMatchInSearch, 16);
++  RUN_TEST(test_AddDuplicate, 17);
++  RUN_TEST(test_DeleteEntry, 18);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/sntp/tests/run-t-log.c.orig
++++ contrib/ntp/sntp/tests/run-t-log.c
+@@ -49,9 +49,9 @@
+ {
+   progname = argv[0];
+   UnityBegin("t-log.c");
+-  RUN_TEST(testChangePrognameInMysyslog, 9);
+-  RUN_TEST(testOpenLogfileTest, 10);
+-  RUN_TEST(testWriteInCustomLogfile, 35);
++  RUN_TEST(testChangePrognameInMysyslog, 10);
++  RUN_TEST(testOpenLogfileTest, 11);
++  RUN_TEST(testWriteInCustomLogfile, 12);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/sntp/tests/t-log.c.orig
++++ contrib/ntp/sntp/tests/t-log.c
+@@ -6,63 +6,82 @@
+ //#include "log.h"
+ #include "log.c"
+ 
++void setUp(void);
+ void testChangePrognameInMysyslog(void);
+ void testOpenLogfileTest(void);
++void testWriteInCustomLogfile(void);
+ 
+ 
++void
++setUp(void) {
++	init_lib();
++}
++
++
+ //in var/log/syslog (may differ depending on your OS), logged name of the program will be "TEST_PROGNAME".
+ 
+-void testChangePrognameInMysyslog(void){
++void
++testChangePrognameInMysyslog(void)
++{
+ 	sntp_init_logging("TEST_PROGNAME");
+-	msyslog(LOG_ERR, "TESTING sntp_init_logging()"); //%m will print the last errno?
++	msyslog(LOG_ERR, "TESTING sntp_init_logging()");
++
++	return;
+ }
+ 
+ //writes log files in your own file instead of syslog! (MAY BE USEFUL TO SUPPRESS ERROR MESSAGES!)
+ 
+-void testOpenLogfileTest(void){
++void
++testOpenLogfileTest(void)
++{
+ 	sntp_init_logging("TEST_PROGNAME2"); //this name is consistent through the entire program unless changed
+-	open_logfile("testLogfile.log"); 
++	open_logfile("testLogfile.log");
+ 	//open_logfile("/var/log/syslog"); //this gives me "Permission Denied" when i do %m
+-	
++
+ 	msyslog(LOG_ERR, "Cannot open log file %s","abcXX");
+ 	//cleanup_log(); //unnecessary  after log.c fix!
+-	
++
++	return;
+ }
+ 
+ 
+ //multiple cleanup_log() causes segfault. Probably the reason it's static. Opening multiple open_logfile(name) will cause segfault x.x I'm guessing it's not intended to be changed. Cleanup after unity test doesn't fix it, looks like. Calling in tearDown() also causes issues.
+ 
+-void testWriteInCustomLogfile(void){
++void
++testWriteInCustomLogfile(void)
++{
+ 	char testString[256] = "12345 ABC";
+ 	char testName[256] = "TEST_PROGNAME3";
+ 
+-	remove("testLogfile2.log");
++	(void)remove("testLogfile2.log");
+ 
+ 	sntp_init_logging(testName);
+ 	open_logfile("testLogfile2.log"); // ./ causing issues
+ 	//sntp_init_logging(testName);
+ 
+-	
+-	msyslog(LOG_ERR, testString);
++
++	msyslog(LOG_ERR, "%s", testString);
+ 	FILE * f = fopen("testLogfile2.log","r");
+ 	char line[256];
+ 
++	TEST_ASSERT_TRUE( f != NULL);
++
+ 	//should be only 1 line
+- 	while (fgets(line, sizeof(line), f)) {
+-        	printf("%s", line); 
+-    	}
+-	
++	while (fgets(line, sizeof(line), f)) {
++		printf("%s", line);
++	}
+ 
++
+ 	char* x = strstr(line,testName);
+-	
++
+ 	TEST_ASSERT_TRUE( x != NULL);
+ 
+ 	x = strstr(line,testString);
+ 	TEST_ASSERT_TRUE( x != NULL);
+ 	//cleanup_log();
+-	fclose(f); //using this will also cause segfault, because at the end, log.c will  call (using atexit(func) function) cleanup_log(void)-> fclose(syslog_file); 
++	fclose(f); //using this will also cause segfault, because at the end, log.c will  call (using atexit(func) function) cleanup_log(void)-> fclose(syslog_file);
+ 	//After the 1st fclose, syslog_file = NULL, and is never reset -> hopefully fixed by editing log.c
+ 	//TEST_ASSERT_EQUAL_STRING(testString,line); //doesn't work, line is dynamic because the process name is random.
++
++	return;
+ }
+-
+-
+--- contrib/ntp/sntp/tests/utilities.c.orig
++++ contrib/ntp/sntp/tests/utilities.c
+@@ -96,12 +96,12 @@
+ 
+ void
+ test_IPv6Address(void) {
+-	const struct in6_addr address = {
++	const struct in6_addr address = { { {
+ 						0x20, 0x01, 0x0d, 0xb8,
+ 						0x85, 0xa3, 0x08, 0xd3, 
+ 						0x13, 0x19, 0x8a, 0x2e,
+ 						0x03, 0x70, 0x73, 0x34
+-					};
++					} } };
+ 	const char * expected = "2001:db8:85a3:8d3:1319:8a2e:370:7334";
+ 	sockaddr_u	input;
+ 	struct addrinfo	inputA;
+--- contrib/ntp/sntp/unity/unity_internals.h.orig
++++ contrib/ntp/sntp/unity/unity_internals.h
+@@ -305,7 +305,19 @@
+ #   undef UNITY_WEAK_PRAGMA
+ #endif
+ 
++#if !defined(UNITY_NORETURN_ATTRIBUTE)
++#   ifdef __GNUC__ // includes clang
++#       if !(defined(__WIN32__) && defined(__clang__))
++#           define UNITY_NORETURN_ATTRIBUTE __attribute__((noreturn))
++#       endif
++#   endif
++#endif
+ 
++#ifndef UNITY_NORETURN_ATTRIBUTE
++#   define UNITY_NORETURN_ATTRIBUTE
++#endif
++
++
+ //-------------------------------------------------------
+ // Internal Structs Needed
+ //-------------------------------------------------------
+@@ -465,7 +477,7 @@
+                               const UNITY_LINE_TYPE lineNumber,
+                               const UNITY_DISPLAY_STYLE_T style);
+ 
+-void UnityFail(const char* message, const UNITY_LINE_TYPE line);
++void UnityFail(const char* message, const UNITY_LINE_TYPE line) UNITY_NORETURN_ATTRIBUTE;
+ 
+ void UnityIgnore(const char* message, const UNITY_LINE_TYPE line);
+ 
+--- contrib/ntp/sntp/configure.orig
++++ contrib/ntp/sntp/configure
+@@ -1,6 +1,6 @@
+ #! /bin/sh
+ # Guess values for system-dependent variables and create Makefiles.
+-# Generated by GNU Autoconf 2.69 for sntp 4.2.8p4.
++# Generated by GNU Autoconf 2.69 for sntp 4.2.8p5.
+ #
+ # Report bugs to .
+ #
+@@ -590,8 +590,8 @@
+ # Identity of this package.
+ PACKAGE_NAME='sntp'
+ PACKAGE_TARNAME='sntp'
+-PACKAGE_VERSION='4.2.8p4'
+-PACKAGE_STRING='sntp 4.2.8p4'
++PACKAGE_VERSION='4.2.8p5'
++PACKAGE_STRING='sntp 4.2.8p5'
+ PACKAGE_BUGREPORT='http://bugs.ntp.org./'
+ PACKAGE_URL='http://www.ntp.org./'
+ 
+@@ -1491,7 +1491,7 @@
+   # Omit some internal or obsolete options to make the list less imposing.
+   # This message is too long to be a string in the A/UX 3.1 sh.
+   cat <<_ACEOF
+-\`configure' configures sntp 4.2.8p4 to adapt to many kinds of systems.
++\`configure' configures sntp 4.2.8p5 to adapt to many kinds of systems.
+ 
+ Usage: $0 [OPTION]... [VAR=VALUE]...
+ 
+@@ -1561,7 +1561,7 @@
+ 
+ if test -n "$ac_init_help"; then
+   case $ac_init_help in
+-     short | recursive ) echo "Configuration of sntp 4.2.8p4:";;
++     short | recursive ) echo "Configuration of sntp 4.2.8p5:";;
+    esac
+   cat <<\_ACEOF
+ 
+@@ -1706,7 +1706,7 @@
+ test -n "$ac_init_help" && exit $ac_status
+ if $ac_init_version; then
+   cat <<\_ACEOF
+-sntp configure 4.2.8p4
++sntp configure 4.2.8p5
+ generated by GNU Autoconf 2.69
+ 
+ Copyright (C) 2012 Free Software Foundation, Inc.
+@@ -2536,7 +2536,7 @@
+ This file contains any messages produced by compilers while
+ running configure, to aid debugging if configure makes a mistake.
+ 
+-It was created by sntp $as_me 4.2.8p4, which was
++It was created by sntp $as_me 4.2.8p5, which was
+ generated by GNU Autoconf 2.69.  Invocation command line was
+ 
+   $ $0 $@
+@@ -3533,7 +3533,7 @@
+ 
+ # Define the identity of the package.
+  PACKAGE='sntp'
+- VERSION='4.2.8p4'
++ VERSION='4.2.8p5'
+ 
+ 
+ cat >>confdefs.h <<_ACEOF
+@@ -25155,9 +25155,10 @@
+ 	    # LDADD_LIBEVENT=`$PKG_CONFIG --libs libevent | sed 's:-levent::'`
+ 	    # So now we dance...
+ 	    LDADD_LIBEVENT=
+-	    for i in `$PKG_CONFIG --libs libevent`
++	    for i in `$PKG_CONFIG --libs libevent` `$PKG_CONFIG --cflags-only-other libevent_pthreads`
+ 	    do
+ 		case "$i" in
++		 -D*) ;;
+ 		 -levent*) ;;
+ 		 *) case "$LDADD_LIBEVENT" in
+ 		     '') LDADD_LIBEVENT="$i" ;;
+@@ -31109,7 +31110,7 @@
+ # report actual input values of CONFIG_FILES etc. instead of their
+ # values after options handling.
+ ac_log="
+-This file was extended by sntp $as_me 4.2.8p4, which was
++This file was extended by sntp $as_me 4.2.8p5, which was
+ generated by GNU Autoconf 2.69.  Invocation command line was
+ 
+   CONFIG_FILES    = $CONFIG_FILES
+@@ -31176,7 +31177,7 @@
+ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ ac_cs_version="\\
+-sntp config.status 4.2.8p4
++sntp config.status 4.2.8p5
+ configured by $0, generated by GNU Autoconf 2.69,
+   with options \\"\$ac_cs_config\\"
+ 
+--- contrib/ntp/sntp/invoke-sntp.texi.orig
++++ contrib/ntp/sntp/invoke-sntp.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-sntp.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:30:56 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:23:24 PM by AutoGen 5.18.5
+ # From the definitions    sntp-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -101,7 +101,7 @@
+ 
+ @exampleindent 0
+ @example
+-sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4
++sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5
+ Usage:  sntp [ - [] | --[@{=| @}] ]... \
+                 [ hostname-or-IP ...]
+   Flg Arg Option-Name    Description
+--- contrib/ntp/sntp/networking.c.orig
++++ contrib/ntp/sntp/networking.c
+@@ -136,7 +136,7 @@
+ 		return PACKET_UNUSEABLE;
+ 	}
+ 	/* Note: pkt_len must be a multiple of 4 at this point! */
+-	packet_end = (u_int32*)((char*)rpkt + pkt_len);
++	packet_end = (void*)((char*)rpkt + pkt_len);
+ 	exten_end = skip_efields(rpkt->exten, packet_end);
+ 	if (NULL == exten_end) {
+ 		msyslog(LOG_ERR,
+--- contrib/ntp/sntp/sntp-opts.c.orig
++++ contrib/ntp/sntp/sntp-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (sntp-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:30:23 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:22:49 PM by AutoGen 5.18.5
+  *  From the definitions    sntp-opts.def
+  *  and the template file   options
+  *
+@@ -70,7 +70,7 @@
+  *  static const strings for sntp options
+  */
+ static char const sntp_opt_strs[2549] =
+-/*     0 */ "sntp 4.2.8p4\n"
++/*     0 */ "sntp 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -155,7 +155,7 @@
+ /*  2298 */ "LOAD_OPTS\0"
+ /*  2308 */ "no-load-opts\0"
+ /*  2321 */ "SNTP\0"
+-/*  2326 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4\n"
++/*  2326 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]... \\\n"
+             "\t\t[ hostname-or-IP ...]\n\0"
+ /*  2485 */ "$HOME\0"
+@@ -163,7 +163,7 @@
+ /*  2493 */ ".ntprc\0"
+ /*  2500 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  2534 */ "\n\0"
+-/*  2536 */ "sntp 4.2.8p4";
++/*  2536 */ "sntp 4.2.8p5";
+ 
+ /**
+  *  ipv4 option description with
+@@ -1173,7 +1173,7 @@
+      translate option names.
+    */
+   /* referenced via sntpOptions.pzCopyright */
+-  puts(_("sntp 4.2.8p4\n\
++  puts(_("sntp 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -1263,7 +1263,7 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via sntpOptions.pzUsageTitle */
+-  puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4\n\
++  puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]... \\\n\
+ \t\t[ hostname-or-IP ...]\n"));
+ 
+@@ -1271,7 +1271,7 @@
+   puts(_("\n"));
+ 
+   /* referenced via sntpOptions.pzFullVersion */
+-  puts(_("sntp 4.2.8p4"));
++  puts(_("sntp 4.2.8p5"));
+ 
+   /* referenced via sntpOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/sntp/sntp-opts.h.orig
++++ contrib/ntp/sntp/sntp-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (sntp-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:30:22 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:22:48 PM by AutoGen 5.18.5
+  *  From the definitions    sntp-opts.def
+  *  and the template file   options
+  *
+@@ -91,9 +91,9 @@
+ /** count of all options for sntp */
+ #define OPTION_CT    23
+ /** sntp version */
+-#define SNTP_VERSION       "4.2.8p4"
++#define SNTP_VERSION       "4.2.8p5"
+ /** Full sntp version text */
+-#define SNTP_FULL_VERSION  "sntp 4.2.8p4"
++#define SNTP_FULL_VERSION  "sntp 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/sntp/sntp.1sntpman.orig
++++ contrib/ntp/sntp/sntp.1sntpman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH sntp 1sntpman "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH sntp 1sntpman "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-hEaqbg/ag-UEaiag)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-e.aO3S/ag-r.aG2S)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:30:52 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:23:20 PM by AutoGen 5.18.5
+ .\" From the definitions sntp-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/sntp/sntp.1sntpmdoc.orig
++++ contrib/ntp/sntp/sntp.1sntpmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SNTP 1sntpmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:23:27 PM by AutoGen 5.18.5
+ .\"  From the definitions    sntp-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/sntp/sntp.html.orig
++++ contrib/ntp/sntp/sntp.html
+@@ -36,7 +36,7 @@
+ clock.  Run as root, it can correct the system clock to this offset as
+ well.  It can be run as an interactive command or from a cron job.
+ 
+-  
              This document applies to version 4.2.8p4 of sntp.
++  
              This document applies to version 4.2.8p5 of sntp.
+ 
+   
              The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
+ IETF specification.
+@@ -176,7 +176,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
              sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p4
++
              sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p5
+ Usage:  sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
+                 [ hostname-or-IP ...]
+   Flg Arg Option-Name    Description
+--- contrib/ntp/sntp/sntp.man.in.orig
++++ contrib/ntp/sntp/sntp.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH sntp @SNTP_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
++.TH sntp @SNTP_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-hEaqbg/ag-UEaiag)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-e.aO3S/ag-r.aG2S)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:30:52 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:23:20 PM by AutoGen 5.18.5
+ .\" From the definitions sntp-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/sntp/sntp.mdoc.in.orig
++++ contrib/ntp/sntp/sntp.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SNTP @SNTP_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:23:27 PM by AutoGen 5.18.5
+ .\"  From the definitions    sntp-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/sntp/version.c.orig
++++ contrib/ntp/sntp/version.c
+@@ -2,4 +2,4 @@
+  * version file for sntp
+  */
+ #include 
+-const char * Version = "sntp 4.2.8p4@1.3265-o Wed Oct 21 16:41:07 UTC 2015 (25)";
++const char * Version = "sntp 4.2.8p4@1.3265-o Thu Jan  7 23:23:18 UTC 2016 (26)";
+--- contrib/ntp/tests/bug-2803/bug-2803.c.orig
++++ contrib/ntp/tests/bug-2803/bug-2803.c
+@@ -15,7 +15,7 @@
+ int simpleTest(void);
+ void setUp(void);
+ void tearDown(void);
+-//void test_main(void);
++void test_main(void);
+ 
+ static int verbose = 1;        // if not 0, also print results if test passed
+ static int exit_on_err = 0;    // if not 0, exit if test failed
+--- contrib/ntp/tests/bug-2803/run-bug-2803.c.orig
++++ contrib/ntp/tests/bug-2803/run-bug-2803.c
+@@ -31,6 +31,7 @@
+ //=======External Functions This Runner Calls=====
+ extern void setUp(void);
+ extern void tearDown(void);
++extern void test_main(void);
+ extern void test_main(void );
+ 
+ 
+@@ -51,6 +52,7 @@
+   progname = argv[0];
+   UnityBegin("bug-2803.c");
+   RUN_TEST(test_main, 18);
++  RUN_TEST(test_main, 18);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/a_md5encrypt.c.orig
++++ contrib/ntp/tests/libntp/a_md5encrypt.c
+@@ -16,14 +16,25 @@
+  * Example packet with MD5 hash calculated manually.
+  */
+ const int keytype = KEY_TYPE_MD5;
+-const char *key = "abcdefgh";
++const u_char *key = (const u_char*)"abcdefgh";
+ const u_short keyLength = 8;
+-const char *packet = "ijklmnopqrstuvwx";
++const u_char *packet = (const u_char*)"ijklmnopqrstuvwx";
+ #define packetLength 16
+ #define keyIdLength  4
+ #define digestLength 16
+-const int totalLength = packetLength + keyIdLength + digestLength;
+-const char *expectedPacket = "ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x53";
++#define totalLength (packetLength + keyIdLength + digestLength)
++union {
++	u_char		u8 [totalLength];
++	uint32_t	u32[1];
++} expectedPacket = {
++	"ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x53"
++};
++union {
++	u_char		u8 [totalLength];
++	uint32_t	u32[1];
++} invalidPacket = {
++	"ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x54"
++};
+ 
+ 
+ void test_Encrypt(void);
+@@ -35,7 +46,7 @@
+ 
+ void
+ test_Encrypt(void) {
+-	char *packetPtr;
++	u_int32 *packetPtr;
+ 	int length;
+ 
+ 	packetPtr = emalloc(totalLength * sizeof(*packetPtr));
+@@ -45,12 +56,12 @@
+ 
+ 	cache_secretsize = keyLength;
+ 
+-	length = MD5authencrypt(keytype, (u_char*)key, (u_int32*)packetPtr, packetLength);
++	length = MD5authencrypt(keytype, key, packetPtr, packetLength);
+ 
+-	TEST_ASSERT_TRUE(MD5authdecrypt(keytype, (u_char*)key, (u_int32*)packetPtr, packetLength, length));
++	TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, packetPtr, packetLength, length));
+ 
+ 	TEST_ASSERT_EQUAL(20, length);
+-	TEST_ASSERT_EQUAL_MEMORY(expectedPacket, packetPtr, totalLength);
++	TEST_ASSERT_EQUAL_MEMORY(expectedPacket.u8, packetPtr, totalLength);
+ 
+ 	free(packetPtr);
+ }
+@@ -58,17 +69,13 @@
+ void
+ test_DecryptValid(void) {
+ 	cache_secretsize = keyLength;
+-
+-	TEST_ASSERT_TRUE(MD5authdecrypt(keytype, (u_char*)key, (u_int32*)expectedPacket, packetLength, 20));
++	TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, expectedPacket.u32, packetLength, 20));
+ }
+ 
+ void
+ test_DecryptInvalid(void) {
+ 	cache_secretsize = keyLength;
+-
+-	const char *invalidPacket = "ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x54";
+-
+-	TEST_ASSERT_FALSE(MD5authdecrypt(keytype, (u_char*)key, (u_int32*)invalidPacket, packetLength, 20));
++	TEST_ASSERT_FALSE(MD5authdecrypt(keytype, key, invalidPacket.u32, packetLength, 20));
+ }
+ 
+ void
+@@ -87,12 +94,13 @@
+ 
+ void
+ test_IPv6AddressToRefId(void) {
+-	const struct in6_addr address = {
++	const int expected = 0x75cffd52;
++	const struct in6_addr address = { { {
+ 		0x20, 0x01, 0x0d, 0xb8,
+ 		0x85, 0xa3, 0x08, 0xd3,
+ 		0x13, 0x19, 0x8a, 0x2e,
+ 		0x03, 0x70, 0x73, 0x34
+-	};
++	} } };
+ 	sockaddr_u addr;
+ 
+ 	addr.sa6.sin6_family = AF_INET6;
+@@ -99,11 +107,11 @@
+ 
+ 	addr.sa6.sin6_addr = address;
+ 
+-	const int expected = 0x75cffd52;
+ 
+ #if 0
+ 	TEST_ASSERT_EQUAL(expected, addr2refid(&addr));
+ #else
++	(void)expected;
+ 	TEST_IGNORE_MESSAGE("Skipping because of big endian problem?");
+ #endif
+ }
+--- contrib/ntp/tests/libntp/authkeys.c.orig
++++ contrib/ntp/tests/libntp/authkeys.c
+@@ -51,18 +51,21 @@
+ 	cache_flags = 0;
+ 	cache_secret = NULL;
+ 	cache_secretsize = 0;
++
++	return;
+ }
+ 
+ void
+ tearDown(void)
+ {
+-
++	return;
+ }
+ 
+ static const int KEYTYPE = KEY_TYPE_MD5;
+ 
+ void
+-AddTrustedKey(keyid_t keyno) {
++AddTrustedKey(keyid_t keyno)
++{
+ 	/*
+ 	 * We need to add a MD5-key in addition to setting the
+ 	 * trust, because authhavekey() requires type != 0.
+@@ -70,15 +73,21 @@
+ 	MD5auth_setkey(keyno, KEYTYPE, NULL, 0);
+ 
+ 	authtrust(keyno, TRUE);
++
++	return;
+ }
+ 
+ void
+-AddUntrustedKey(keyid_t keyno) {
++AddUntrustedKey(keyid_t keyno)
++{
+ 	authtrust(keyno, FALSE);
++
++	return;
+ }
+ 
+ void
+-test_AddTrustedKeys(void) {
++test_AddTrustedKeys(void)
++{
+ 	const keyid_t KEYNO1 = 5;
+ 	const keyid_t KEYNO2 = 8;
+ 
+@@ -87,19 +96,25 @@
+ 
+ 	TEST_ASSERT_TRUE(authistrusted(KEYNO1));
+ 	TEST_ASSERT_TRUE(authistrusted(KEYNO2));
++
++	return;
+ }
+ 
+ void
+-test_AddUntrustedKey(void) {
++test_AddUntrustedKey(void)
++{
+ 	const keyid_t KEYNO = 3;
+    
+ 	AddUntrustedKey(KEYNO);
+ 
+ 	TEST_ASSERT_FALSE(authistrusted(KEYNO));
++
++	return;
+ }
+ 
+ void
+-test_HaveKeyCorrect(void) {
++test_HaveKeyCorrect(void)
++{
+ 	const keyid_t KEYNO = 3;
+ 
+ 	AddTrustedKey(KEYNO);
+@@ -106,29 +121,40 @@
+ 
+ 	TEST_ASSERT_TRUE(auth_havekey(KEYNO));
+ 	TEST_ASSERT_TRUE(authhavekey(KEYNO));
++
++	return;
+ }
+ 
+ void
+-test_HaveKeyIncorrect(void) {
++test_HaveKeyIncorrect(void)
++{
+ 	const keyid_t KEYNO = 2;
+ 
+ 	TEST_ASSERT_FALSE(auth_havekey(KEYNO));
+ 	TEST_ASSERT_FALSE(authhavekey(KEYNO));
++
++	return;
+ }
+ 
+ void
+-test_AddWithAuthUseKey(void) {
++test_AddWithAuthUseKey(void)
++{
+ 	const keyid_t KEYNO = 5;
+ 	const char* KEY = "52a";
+ 
+-	TEST_ASSERT_TRUE(authusekey(KEYNO, KEYTYPE, (u_char*)KEY));	
++	TEST_ASSERT_TRUE(authusekey(KEYNO, KEYTYPE, (const u_char*)KEY));
++
++	return;
+ }
+ 
+ void
+-test_EmptyKey(void) {
++test_EmptyKey(void)
++{
+ 	const keyid_t KEYNO = 3;
+ 	const char* KEY = "";
+ 
+ 
+-	TEST_ASSERT_FALSE(authusekey(KEYNO, KEYTYPE, (u_char*)KEY));
++	TEST_ASSERT_FALSE(authusekey(KEYNO, KEYTYPE, (const u_char*)KEY));
++
++	return;
+ }
+--- contrib/ntp/tests/libntp/buftvtots.c.orig
++++ contrib/ntp/tests/libntp/buftvtots.c
+@@ -18,7 +18,8 @@
+ 
+ 
+ void
+-test_ZeroBuffer(void) {
++test_ZeroBuffer(void)
++{
+ #ifndef SYS_WINNT
+ 	const struct timeval input = {0, 0};
+ 	const l_fp expected = {{0 + JAN_1970}, 0};
+@@ -30,10 +31,14 @@
+ #else
+ 	TEST_IGNORE_MESSAGE("Test only for Windows, skipping...");
+ #endif
++
++	return;
+ }
+ 
++
+ void
+-test_IntegerAndFractionalBuffer(void) {
++test_IntegerAndFractionalBuffer(void)
++{
+ #ifndef SYS_WINNT
+ 	const struct timeval input = {5, 500000}; /* 5.5 */
+ 	const l_fp expected = {{5 + JAN_1970}, HALF};
+@@ -53,13 +58,16 @@
+ #else
+ 	TEST_IGNORE_MESSAGE("Test only for Windows, skipping...");
+ #endif
++
++	return;
+ }
+ 
+ void
+-test_IllegalMicroseconds(void) {
++test_IllegalMicroseconds(void)
++{
+ #ifndef SYS_WINNT
+ 	const struct timeval input = {0, 1100000}; /* > 999 999 microseconds. */
+-	
++
+ 	l_fp actual;
+ 
+ 	TEST_ASSERT_FALSE(buftvtots((const char*)(&input), &actual));
+@@ -66,11 +74,14 @@
+ #else
+ 	TEST_IGNORE_MESSAGE("Test only for Windows, skipping...");
+ #endif
++
++	return;
+ }
+ 
+ 
+ void
+-test_AlwaysFalseOnWindows(void) {
++test_AlwaysFalseOnWindows(void)
++{
+ #ifdef SYS_WINNT
+ 	/*
+ 	 * Under Windows, buftvtots will just return
+@@ -81,5 +92,6 @@
+ #else
+ 	TEST_IGNORE_MESSAGE("Non-Windows test, skipping...");
+ #endif
++
++	return;
+ }
+-
+--- contrib/ntp/tests/libntp/calendar.c.orig
++++ contrib/ntp/tests/libntp/calendar.c
+@@ -8,32 +8,43 @@
+ 
+ static int leapdays(int year);
+ 
+-int isGT(int first, int second);
+-int leapdays(int year);
+-char * CalendarFromCalToString(const struct calendar *cal);
+-char * CalendarFromIsoToString(const struct isodate *iso); 
+-int IsEqualCal(const struct calendar *expected, const struct calendar *actual);
+-int IsEqualIso(const struct isodate *expected, const struct isodate *actual);
+-char * DateFromCalToString(const struct calendar *cal);
+-char * DateFromIsoToString(const struct isodate *iso);
+-int IsEqualDateCal(const struct calendar *expected, const struct calendar *actual);
+-int IsEqualDateIso(const struct isodate *expected, const struct isodate *actual);
+-void test_DaySplitMerge(void);
+-void test_SplitYearDays1(void);
+-void test_SplitYearDays2(void);
+-void test_RataDie1(void);
+-void test_LeapYears1(void);
+-void test_LeapYears2(void);
+-void test_RoundTripDate(void);
+-void test_RoundTripYearStart(void);
+-void test_RoundTripMonthStart(void);
+-void test_RoundTripWeekStart(void);
+-void test_RoundTripDayStart(void);
+-void test_IsoCalYearsToWeeks(void);
+-void test_IsoCalWeeksToYearStart(void);
+-void test_IsoCalWeeksToYearEnd(void);
+-void test_DaySecToDate(void);
++void	setUp(void);
++int	isGT(int first, int second);
++int	leapdays(int year);
++char *	CalendarFromCalToString(const struct calendar *cal);
++char *	CalendarFromIsoToString(const struct isodate *iso); 
++int	IsEqualCal(const struct calendar *expected, const struct calendar *actual);
++int	IsEqualIso(const struct isodate *expected, const struct isodate *actual);
++char *	DateFromCalToString(const struct calendar *cal);
++char *	DateFromIsoToString(const struct isodate *iso);
++int	IsEqualDateCal(const struct calendar *expected, const struct calendar *actual);
++int	IsEqualDateIso(const struct isodate *expected, const struct isodate *actual);
++void	test_DaySplitMerge(void);
++void	test_SplitYearDays1(void);
++void	test_SplitYearDays2(void);
++void	test_RataDie1(void);
++void	test_LeapYears1(void);
++void	test_LeapYears2(void);
++void	test_RoundTripDate(void);
++void	test_RoundTripYearStart(void);
++void	test_RoundTripMonthStart(void);
++void	test_RoundTripWeekStart(void);
++void	test_RoundTripDayStart(void);
++void	test_IsoCalYearsToWeeks(void);
++void	test_IsoCalWeeksToYearStart(void);
++void	test_IsoCalWeeksToYearEnd(void);
++void	test_DaySecToDate(void);
+ 
++
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ /*
+  * ---------------------------------------------------------------------
+  * test support stuff
+@@ -42,7 +53,7 @@
+ int
+ isGT(int first, int second)
+ {
+-	if(first > second) {	
++	if(first > second) {
+ 		return TRUE;
+ 	} else {
+ 		return FALSE;
+@@ -100,9 +111,14 @@
+ 	    expected->second == actual->second) {
+ 		return TRUE;
+ 	} else {
+-		printf("expected: %s but was %s",
+-		       CalendarFromCalToString(expected),
+-		       CalendarFromCalToString(actual));
++		char *p_exp = CalendarFromCalToString(expected);
++		char *p_act = CalendarFromCalToString(actual);
++
++		printf("expected: %s but was %s", p_exp, p_act);
++
++		free(p_exp);
++		free(p_act);
++
+ 		return FALSE;		  
+ 	}
+ }
+@@ -215,8 +231,10 @@
+  * the 'vint64' is definitely needed.
+  */
+ void
+-test_DaySplitMerge(void) {
++test_DaySplitMerge(void)
++{
+ 	int32 day,sec;
++
+ 	for (day = -1000000; day <= 1000000; day += 100) {
+ 		for (sec = -100000; sec <= 186400; sec += 10000) {
+ 			vint64		 merge;
+@@ -242,11 +260,15 @@
+ 			TEST_ASSERT_EQUAL(esec, split.lo);
+ 		}
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_SplitYearDays1(void) {
++test_SplitYearDays1(void)
++{
+ 	int32 eyd;
++
+ 	for (eyd = -1; eyd <= 365; eyd++) {
+ 		ntpcal_split split = ntpcal_split_yeardays(eyd, 0);
+ 		if (split.lo >= 0 && split.hi >= 0) {
+@@ -257,11 +279,15 @@
+ 		} else
+ 			TEST_ASSERT_TRUE(eyd < 0 || eyd > 364);
+ 	}
++
++	return;
+ }
+-		
++
+ void
+-test_SplitYearDays2(void) {
++test_SplitYearDays2(void)
++{
+ 	int32 eyd;
++
+ 	for (eyd = -1; eyd <= 366; eyd++) {
+ 		ntpcal_split split = ntpcal_split_yeardays(eyd, 1);
+ 		if (split.lo >= 0 && split.hi >= 0) {
+@@ -274,10 +300,13 @@
+ 		} else
+ 			TEST_ASSERT_TRUE(eyd < 0 || eyd > 365);
+ 		}
++
++	return;
+ }
+-		
++
+ void
+-test_RataDie1(void) {
++test_RataDie1(void)
++{
+ 	int32	 testDate = 1; /* 0001-01-01 (proleptic date) */
+ 	struct calendar expected = { 1, 1, 1, 1 };
+ 	struct calendar actual;
+@@ -284,11 +313,14 @@
+ 
+ 	ntpcal_rd_to_date(&actual, testDate);
+ 	TEST_ASSERT_TRUE(IsEqualDateCal(&expected, &actual));
++
++	return;
+ }
+ 
+ /* check last day of february for first 10000 years */
+ void
+-test_LeapYears1(void) {
++test_LeapYears1(void)
++{
+ 	struct calendar dateIn, dateOut;
+ 
+ 	for (dateIn.year = 1; dateIn.year < 10000; ++dateIn.year) {
+@@ -300,11 +332,14 @@
+ 
+ 		TEST_ASSERT_TRUE(IsEqualDateCal(&dateIn, &dateOut));
+ 	}
++
++	return;
+ }
+ 
+ /* check first day of march for first 10000 years */
+ void
+-test_LeapYears2(void) {
++test_LeapYears2(void)
++{
+ 	struct calendar dateIn, dateOut;
+ 
+ 	for (dateIn.year = 1; dateIn.year < 10000; ++dateIn.year) {
+@@ -315,6 +350,8 @@
+ 		ntpcal_rd_to_date(&dateOut, ntpcal_date_to_rd(&dateIn));
+ 		TEST_ASSERT_TRUE(IsEqualDateCal(&dateIn, &dateOut));
+ 	}
++
++	return;
+ }
+ 
+ /* Full roundtrip from 1601-01-01 to 2400-12-31
+@@ -324,7 +361,8 @@
+  * invalid output can occur.)
+  */
+ void
+-test_RoundTripDate(void) {
++test_RoundTripDate(void)
++{
+ 	struct calendar truDate, expDate = { 1600, 0, 12, 31 };;
+ 	int	 leaps;
+ 	int32	 truRdn, expRdn	= ntpcal_date_to_rd(&expDate);
+@@ -335,7 +373,7 @@
+ 		expDate.yearday = 0;
+ 		leaps = leapdays(expDate.year);
+ 		while (expDate.month < 12) {
+-			expDate.month++;			
++			expDate.month++;
+ 			expDate.monthday = 0;
+ 			while (expDate.monthday < real_month_days[leaps][expDate.month]) {
+ 				expDate.monthday++;
+@@ -350,11 +388,14 @@
+ 			}
+ 		}
+ 	}
++
++	return;
+ }
+ 
+ /* Roundtrip testing on calyearstart */
+ void
+-test_RoundTripYearStart(void) {
++test_RoundTripYearStart(void)
++{
+ 	static const time_t pivot = 0;
+ 	u_int32 ntp, expys, truys;
+ 	struct calendar date;
+@@ -367,11 +408,14 @@
+ 		expys = ntpcal_date_to_ntp(&date);
+ 		TEST_ASSERT_EQUAL(expys, truys);
+ 	}
+-}	
+ 
++	return;
++}
++
+ /* Roundtrip testing on calmonthstart */
+ void
+-test_RoundTripMonthStart(void) {
++test_RoundTripMonthStart(void)
++{
+ 	static const time_t pivot = 0;
+ 	u_int32 ntp, expms, trums;
+ 	struct calendar date;
+@@ -384,11 +428,14 @@
+ 		expms = ntpcal_date_to_ntp(&date);
+ 		TEST_ASSERT_EQUAL(expms, trums);
+ 	}
+-}	
+ 
++	return;
++}
++
+ /* Roundtrip testing on calweekstart */
+ void
+-test_RoundTripWeekStart(void) {
++test_RoundTripWeekStart(void)
++{
+ 	static const time_t pivot = 0;
+ 	u_int32 ntp, expws, truws;
+ 	struct isodate date;
+@@ -401,11 +448,14 @@
+ 		expws = isocal_date_to_ntp(&date);
+ 		TEST_ASSERT_EQUAL(expws, truws);
+ 	}
+-}	
+ 
++	return;
++}
++
+ /* Roundtrip testing on caldaystart */
+ void
+-test_RoundTripDayStart(void) {
++test_RoundTripDayStart(void)
++{
+ 	static const time_t pivot = 0;
+ 	u_int32 ntp, expds, truds;
+ 	struct calendar date;
+@@ -417,6 +467,8 @@
+ 		expds = ntpcal_date_to_ntp(&date);
+ 		TEST_ASSERT_EQUAL(expds, truds);
+ 	}
++
++	return;
+ }
+ 
+ /* ---------------------------------------------------------------------
+@@ -444,6 +496,7 @@
+ 	int32_t years)
+ {
+ 	int32_t days, weeks;
++
+ 	days = ntpcal_weekday_close(
+ 		ntpcal_days_in_years(years) + 1,
+ 		CAL_MONDAY) - 1;
+@@ -455,6 +508,7 @@
+ 	weeks = days / 7;
+ 	days  = days % 7;
+ 	TEST_ASSERT_EQUAL(0, days); /* paranoia check... */
++
+ 	return weeks;
+ }
+ 
+@@ -462,9 +516,11 @@
+  * they are not, the calendar needs a better implementation...
+  */
+ void
+-test_IsoCalYearsToWeeks(void) {
++test_IsoCalYearsToWeeks(void)
++{
+ 	int32_t years;
+ 	int32_t wref, wcal;
++
+ 	for (years = -1000; years < 4000; ++years) {
+ 		/* get number of weeks before years (reference) */
+ 		wref = refimpl_WeeksInIsoYears(years);
+@@ -472,13 +528,17 @@
+ 		wcal = isocal_weeks_in_years(years);
+ 		TEST_ASSERT_EQUAL(wref, wcal);
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_IsoCalWeeksToYearStart(void) {
++test_IsoCalWeeksToYearStart(void)
++{
+ 	int32_t years;
+ 	int32_t wref;
+ 	ntpcal_split ysplit;
++
+ 	for (years = -1000; years < 4000; ++years) {
+ 		/* get number of weeks before years (reference) */
+ 		wref = refimpl_WeeksInIsoYears(years);
+@@ -488,13 +548,17 @@
+ 		TEST_ASSERT_EQUAL(years, ysplit.hi);
+ 		TEST_ASSERT_EQUAL(0, ysplit.lo);
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_IsoCalWeeksToYearEnd(void) {
++test_IsoCalWeeksToYearEnd(void)
++{
+ 	int32_t years;
+ 	int32_t wref;
+ 	ntpcal_split ysplit;
++
+ 	for (years = -1000; years < 4000; ++years) {
+ 		/* get last week of previous year */
+ 		wref = refimpl_WeeksInIsoYears(years) - 1;
+@@ -504,10 +568,13 @@
+ 		TEST_ASSERT_EQUAL(years-1, ysplit.hi);
+ 		TEST_ASSERT(ysplit.lo == 51 || ysplit.lo == 52);
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_DaySecToDate(void) {
++test_DaySecToDate(void)
++{
+ 	struct calendar cal;
+ 	int32_t days;
+ 
+@@ -538,4 +605,6 @@
+ 	days = ntpcal_daysec_to_date(&cal, 86400);
+ 	TEST_ASSERT_MESSAGE((days==1 && cal.hour==0 && cal.minute==0 && cal.second==0),
+ 		"failed for 86400");
++
++	return;
+ }
+--- contrib/ntp/tests/libntp/caljulian.c.orig
++++ contrib/ntp/tests/libntp/caljulian.c
+@@ -20,10 +20,12 @@
+ 
+ 
+ char *
+-CalendarToString(const struct calendar cal) {
++CalendarToString(const struct calendar cal)
++{
+ 	char * str = emalloc (sizeof (char) * 100);
+-	
+ 	char buffer[100] ="";
++
++	*str = '\0';
+ 	snprintf(buffer, 100, "%u", cal.year);
+ 	strcat(str, buffer);
+ 	strcat(str, "-");
+@@ -48,19 +50,25 @@
+ }
+ 
+ int // technically boolean
+-IsEqual(const struct calendar expected, const struct calendar actual) {
+-	if (expected.year == actual.year &&
+-		(expected.yearday == actual.yearday ||
+-		 (expected.month == actual.month &&
+-		  expected.monthday == actual.monthday)) &&
+-		expected.hour == actual.hour &&
+-		expected.minute == actual.minute &&
+-		expected.second == actual.second) {
++IsEqual(const struct calendar expected, const struct calendar actual)
++{
++	if (   expected.year == actual.year
++	    && (   expected.yearday == actual.yearday
++		|| (   expected.month == actual.month
++		    && expected.monthday == actual.monthday))
++	    && expected.hour == actual.hour
++	    && expected.minute == actual.minute
++	    && expected.second == actual.second) {
+ 		return TRUE;
+ 	} else {
+-		printf("expected: %s but was %s", CalendarToString(expected) ,CalendarToString(actual));
++		char *p_exp, *p_act;
++
++		p_exp = CalendarToString(expected);
++		p_act = CalendarToString(actual);
++		printf("expected: %s but was %s", p_exp, p_act);
++		free(p_exp);
++		free(p_act);
+ 		return FALSE;
+-			
+ 	}
+ }
+ 
+@@ -70,6 +78,9 @@
+ {
+     ntpcal_set_timefunc(timefunc);
+     settime(1970, 1, 1, 0, 0, 0);
++    init_lib();
++
++    return;
+ }
+ 
+ void
+@@ -76,11 +87,14 @@
+ tearDown()
+ {
+     ntpcal_set_timefunc(NULL);
++
++    return;
+ }
+ 
+ 
+ void
+-test_RegularTime(void) {
++test_RegularTime(void)
++{
+ 	u_long testDate = 3485080800UL; // 2010-06-09 14:00:00
+ 	struct calendar expected = {2010,160,6,9,14,0,0};
+ 
+@@ -89,10 +103,13 @@
+ 	caljulian(testDate, &actual);
+ 
+ 	TEST_ASSERT_TRUE(IsEqual(expected, actual));
++
++	return;
+ }
+ 
+ void
+-test_LeapYear(void) {
++test_LeapYear(void)
++{
+ 	u_long input = 3549902400UL; // 2012-06-28 20:00:00Z
+ 	struct calendar expected = {2012, 179, 6, 28, 20, 0, 0};
+ 
+@@ -101,28 +118,36 @@
+ 	caljulian(input, &actual);
+ 
+ 	TEST_ASSERT_TRUE(IsEqual(expected, actual));
++
++	return;
+ }
+ 
+ void
+-test_uLongBoundary(void) {
+-	u_long time = 4294967295UL; // 2036-02-07 6:28:15
++test_uLongBoundary(void)
++{
++	u_long enc_time = 4294967295UL; // 2036-02-07 6:28:15
+ 	struct calendar expected = {2036,0,2,7,6,28,15};
+ 
+ 	struct calendar actual;
+ 
+-	caljulian(time, &actual);
++	caljulian(enc_time, &actual);
+ 
+ 	TEST_ASSERT_TRUE(IsEqual(expected, actual));
++
++	return;
+ }
+ 
+ void
+-test_uLongWrapped(void) {
+-	u_long time = 0;
++test_uLongWrapped(void)
++{
++	u_long enc_time = 0;
+ 	struct calendar expected = {2036,0,2,7,6,28,16};
+ 
+ 	struct calendar actual;
+ 
+-	caljulian(time, &actual);
++	caljulian(enc_time, &actual);
+ 
+ 	TEST_ASSERT_TRUE(IsEqual(expected, actual));
++
++	return;
+ }
+--- contrib/ntp/tests/libntp/clocktime.c.orig
++++ contrib/ntp/tests/libntp/clocktime.c
+@@ -30,14 +30,18 @@
+ void
+ setUp()
+ {
+-    ntpcal_set_timefunc(timefunc);
+-    settime(2000, 1, 1, 0, 0, 0);
++	ntpcal_set_timefunc(timefunc);
++	settime(2000, 1, 1, 0, 0, 0);
++
++	return;
+ }
+ 
+ void
+ tearDown()
+ {
+-    ntpcal_set_timefunc(NULL);
++	ntpcal_set_timefunc(NULL);
++
++	return;
+ }
+ 
+ /* ---------------------------------------------------------------------
+@@ -45,7 +49,8 @@
+  */
+ 
+ void
+-test_CurrentYear(void) {
++test_CurrentYear(void)
++{
+ 	/* Timestamp: 2010-06-24 12:50:00Z */
+ 	const u_int32 timestamp = 3486372600UL;
+ 	const u_int32 expected	= timestamp; /* exactly the same. */
+@@ -52,16 +57,19 @@
+ 
+ 	const int yday=175, hour=12, minute=50, second=0, tzoff=0;
+ 
+-	u_long yearstart=0;
++	u_long yearstart = 0;
+ 	u_int32 actual;
+ 
+-	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff, timestamp,
+-						  &yearstart, &actual));
++	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff,
++				   timestamp, &yearstart, &actual));
+ 	TEST_ASSERT_EQUAL(expected, actual);
++
++	return;
+ }
+ 
+ void
+-test_CurrentYearFuzz(void) {
++test_CurrentYearFuzz(void)
++{
+ 	/* 
+ 	 * Timestamp (rec_ui) is: 2010-06-24 12:50:00
+ 	 * Time sent into function is 12:00:00.
+@@ -78,13 +86,16 @@
+ 	u_long yearstart=0;
+ 	u_int32 actual;
+ 
+-	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff, timestamp,
+-						  &yearstart, &actual));
++	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff,
++				   timestamp, &yearstart, &actual));
+ 	TEST_ASSERT_EQUAL(expected, actual);
++
++	return;
+ }
+ 
+ void
+-test_TimeZoneOffset(void) {
++test_TimeZoneOffset(void)
++{
+ 	/*
+ 	 * Timestamp (rec_ui) is: 2010-06-24 12:00:00 +0800
+ 	 * (which is 2010-06-24 04:00:00Z)
+@@ -105,7 +116,8 @@
+ }
+ 
+ void
+-test_WrongYearStart(void) {
++test_WrongYearStart(void)
++{
+ 	/* 
+ 	 * Timestamp (rec_ui) is: 2010-01-02 11:00:00Z
+ 	 * Time sent into function is 11:00:00.
+@@ -125,7 +137,8 @@
+ }
+ 
+ void
+-test_PreviousYear(void) {
++test_PreviousYear(void)
++{
+ 	/*
+ 	 * Timestamp is: 2010-01-01 01:00:00Z
+ 	 * Time sent into function is 23:00:00
+@@ -145,7 +158,8 @@
+ }
+ 
+ void
+-test_NextYear(void) {
++test_NextYear(void)
++{
+ 	/*
+ 	 * Timestamp is: 2009-12-31 23:00:00Z
+ 	 * Time sent into function is 01:00:00
+@@ -158,28 +172,35 @@
+ 	u_long yearstart = 0;
+ 	u_int32 actual;
+ 
+-	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff, timestamp,
+-						  &yearstart, &actual));
++	TEST_ASSERT_TRUE(clocktime(yday, hour, minute, second, tzoff,
++				   timestamp, &yearstart, &actual));
+ 	TEST_ASSERT_EQUAL(expected, actual);
++
++	return;
+ }
+ 
+ void
+-test_NoReasonableConversion(void) {
++test_NoReasonableConversion(void)
++{
+ 	/* Timestamp is: 2010-01-02 11:00:00Z */
+ 	const u_int32 timestamp = 3471418800UL;
+-	
++
+ 	const int yday=100, hour=12, minute=0, second=0, tzoff=0;
+ 	u_long yearstart = 0;
+ 	u_int32 actual;
+ 
+-	TEST_ASSERT_FALSE(clocktime(yday, hour, minute, second, tzoff, timestamp,
+-						   &yearstart, &actual));
++	TEST_ASSERT_FALSE(clocktime(yday, hour, minute, second, tzoff,
++				    timestamp, &yearstart, &actual));
++
++	return;
+ }
+ 
+ 
+ int/*BOOL*/
+-isLE(u_int32 diff,u_int32 actual){
+-	if(diff <= actual){
++isLE(u_int32 diff,u_int32 actual)
++{
++
++	if (diff <= actual) {
+ 		return TRUE;
+ 	}
+ 	else return FALSE;
+@@ -187,7 +208,8 @@
+ 
+ 
+ void
+-test_AlwaysInLimit(void) {
++test_AlwaysInLimit(void)
++{
+ 	/* Timestamp is: 2010-01-02 11:00:00Z */
+ 	const u_int32 timestamp = 3471418800UL;
+ 	const u_short prime_incs[] = { 127, 151, 163, 179 };
+@@ -210,7 +232,8 @@
+ 			for (hour = -204; hour < 204; hour += 2) {
+ 				for (minute = -60; minute < 60; minute++) {
+ 					clocktime(yday, hour, minute, 30, 0,
+-						  timestamp, &yearstart, &actual);
++						  timestamp, &yearstart,
++						  &actual);
+ 					diff = actual - timestamp;
+ 					if (diff >= 0x80000000UL)
+ 						diff = ~diff + 1;
+@@ -219,4 +242,5 @@
+ 			}
+ 		}
+ 	}
++	return;
+ }
+--- contrib/ntp/tests/libntp/decodenetnum.c.orig
++++ contrib/ntp/tests/libntp/decodenetnum.c
+@@ -4,6 +4,7 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ extern void test_IPv4AddressOnly(void);
+ extern void test_IPv4AddressWithPort(void);
+ //#ifdef ISC_PLATFORM_HAVEIPV6
+@@ -15,6 +16,15 @@
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_IPv4AddressOnly(void) {
+ 	const char *str = "192.0.2.1";
+ 	sockaddr_u actual;
+--- contrib/ntp/tests/libntp/humandate.c.orig
++++ contrib/ntp/tests/libntp/humandate.c
+@@ -5,11 +5,21 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_RegularTime(void);
+ void test_CurrentTime(void);
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_RegularTime(void)
+ {
+ 	time_t sample = 1276601278;
+@@ -17,11 +27,13 @@
+ 	struct tm* tm;
+ 
+ 	tm = localtime(&sample);
+-	TEST_ASSERT_TRUE(time != NULL);
++	TEST_ASSERT_TRUE(tm != NULL);
+ 
+ 	snprintf(expected, 15, "%02d:%02d:%02d", tm->tm_hour, tm->tm_min, tm->tm_sec);
+ 
+ 	TEST_ASSERT_EQUAL_STRING(expected, humantime(sample));
++
++	return;
+ }
+ 
+ void
+@@ -34,9 +46,11 @@
+ 	time(&sample);
+ 
+ 	tm = localtime(&sample);
+-	TEST_ASSERT_TRUE(time != NULL);
++	TEST_ASSERT_TRUE(tm != NULL);
+ 
+ 	snprintf(expected, 15, "%02d:%02d:%02d", tm->tm_hour, tm->tm_min, tm->tm_sec);
+ 
+ 	TEST_ASSERT_EQUAL_STRING(expected, humantime(sample));
++
++	return;
+ }
+--- contrib/ntp/tests/libntp/lfpfunc.c.orig
++++ contrib/ntp/tests/libntp/lfpfunc.c
+@@ -9,17 +9,18 @@
+ #include 
+ 
+ 
+-/* replaced TEST_ASSERT_EQUAL_MEMORY(&a, &b, sizeof(a)) with TEST_ASSERT_EQUAL_l_fp(a, b).
+-   It's safer this way, because structs can be compared even if they aren't initiated
+-   with memset (due to padding bytes).
++/*
++   replaced:	TEST_ASSERT_EQUAL_MEMORY(&a, &b, sizeof(a))
++   with:	TEST_ASSERT_EQUAL_l_fp(a, b).
++   It's safer this way, because structs can be compared even if they
++   aren't initiated with memset (due to padding bytes).
+ */
+-#define TEST_ASSERT_EQUAL_l_fp(a, b) { \
+-    TEST_ASSERT_EQUAL_MESSAGE(a.l_i, b.l_i, "Field l_i"); \
+-    TEST_ASSERT_EQUAL_UINT_MESSAGE(a.l_uf, b.l_uf, "Field l_uf");	\
++#define TEST_ASSERT_EQUAL_l_fp(a, b) {					\
++	TEST_ASSERT_EQUAL_MESSAGE(a.l_i, b.l_i, "Field l_i");		\
++	TEST_ASSERT_EQUAL_UINT_MESSAGE(a.l_uf, b.l_uf, "Field l_uf");	\
+ }
+ 
+ 
+-
+ typedef int bool; // typedef enum { FALSE, TRUE } boolean; -> can't use this because TRUE and FALSE are already defined
+ 
+ 
+@@ -28,23 +29,23 @@
+ } lfp_hl;
+ 
+ 
+-int l_fp_scmp(const l_fp first, const l_fp second);
+-int l_fp_ucmp(const l_fp first, l_fp second );
+-l_fp l_fp_init(int32 i, u_int32 f);
+-l_fp l_fp_add(const l_fp first, const l_fp second);
+-l_fp l_fp_subtract(const l_fp first, const l_fp second);
+-l_fp l_fp_negate(const l_fp first);
+-l_fp l_fp_abs(const l_fp first);
+-int l_fp_signum(const l_fp first);
+-double l_fp_convert_to_double(const l_fp first);
+-l_fp l_fp_init_from_double( double rhs);
+-void l_fp_swap(l_fp * first, l_fp *second);
+-bool l_isgt(const l_fp first, const l_fp second);
+-bool l_isgtu(const l_fp first, const l_fp second);
+-bool l_ishis(const l_fp first, const l_fp second);
+-bool l_isgeq(const l_fp first, const l_fp second);
+-bool l_isequ(const l_fp first, const l_fp second);
+-double eps(double d);
++int	l_fp_scmp(const l_fp first, const l_fp second);
++int	l_fp_ucmp(const l_fp first, l_fp second);
++l_fp	l_fp_init(int32 i, u_int32 f);
++l_fp	l_fp_add(const l_fp first, const l_fp second);
++l_fp	l_fp_subtract(const l_fp first, const l_fp second);
++l_fp	l_fp_negate(const l_fp first);
++l_fp	l_fp_abs(const l_fp first);
++int	l_fp_signum(const l_fp first);
++double	l_fp_convert_to_double(const l_fp first);
++l_fp	l_fp_init_from_double( double rhs);
++void	l_fp_swap(l_fp * first, l_fp *second);
++bool	l_isgt(const l_fp first, const l_fp second);
++bool	l_isgtu(const l_fp first, const l_fp second);
++bool	l_ishis(const l_fp first, const l_fp second);
++bool	l_isgeq(const l_fp first, const l_fp second);
++bool	l_isequ(const l_fp first, const l_fp second);
++double	eps(double d);
+ 
+ 
+ void test_AdditionLR(void);
+@@ -58,7 +59,6 @@
+ void test_UnsignedRelOps(void);
+ 
+ 
+-
+ static int cmp_work(u_int32 a[3], u_int32 b[3]);
+ 
+ //----------------------------------------------------------------------
+@@ -72,10 +72,10 @@
+ l_fp_scmp(const l_fp first, const l_fp second)
+ {
+ 	u_int32 a[3], b[3];
+-	
++
+ 	const l_fp op1 = first;
+ 	const l_fp op2 = second;
+-	
++
+ 	a[0] = op1.l_uf; a[1] = op1.l_ui; a[2] = 0;
+ 	b[0] = op2.l_uf; b[1] = op2.l_ui; b[2] = 0;
+ 
+@@ -86,12 +86,12 @@
+ }
+ 
+ int
+-l_fp_ucmp(const l_fp first, l_fp second )
++l_fp_ucmp(const l_fp first, l_fp second)
+ {
+ 	u_int32 a[3], b[3];
+ 	const l_fp op1 = first; 
+ 	const l_fp op2 = second;
+-	
++
+ 	a[0] = op1.l_uf; a[1] = op1.l_ui; a[2] = 0;
+ 	b[0] = op2.l_uf; b[1] = op2.l_ui; b[2] = 0;
+ 
+@@ -142,7 +142,7 @@
+ {
+ 	l_fp temp = first;
+ 	L_SUB(&temp, &second);
+-	
++
+ 	return temp;
+ }
+ 
+@@ -151,7 +151,7 @@
+ {
+ 	l_fp temp = first;
+ 	L_NEG(&temp);
+-	
++
+ 	return temp;
+ }
+ 
+@@ -189,11 +189,14 @@
+ }
+ 
+ void
+-l_fp_swap(l_fp * first, l_fp *second){
++l_fp_swap(l_fp * first, l_fp *second)
++{
+ 	l_fp temp = *second;
+ 
+ 	*second = *first;
+ 	*first = temp;
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -204,27 +207,37 @@
+ 
+ 
+ bool
+-l_isgt (const l_fp first, const l_fp second) {
++l_isgt (const l_fp first, const l_fp second)
++{
++
+ 	return L_ISGT(&first, &second);
+ }
+ 
+ bool
+-l_isgtu(const l_fp first, const l_fp second) {
++l_isgtu(const l_fp first, const l_fp second)
++{
++
+ 	return L_ISGTU(&first, &second);
+ }
+ 
+ bool
+-l_ishis(const l_fp first, const l_fp second) {
++l_ishis(const l_fp first, const l_fp second)
++{
++
+ 	return L_ISHIS(&first, &second);
+ }
+ 
+ bool
+-l_isgeq(const l_fp first, const l_fp second) {
++l_isgeq(const l_fp first, const l_fp second)
++{
++
+ 	return L_ISGEQ(&first, &second);
+ }
+ 
+ bool
+-l_isequ(const l_fp first, const l_fp second) {
++l_isequ(const l_fp first, const l_fp second)
++{
++
+ 	return L_ISEQU(&first, &second);
+ }
+ 
+@@ -275,6 +288,7 @@
+ double
+ eps(double d)
+ {
++
+ 	return fmax(ldexp(1.0, -31), ldexp(fabs(d), -53));
+ }
+ 
+@@ -282,61 +296,71 @@
+ // test addition
+ //----------------------------------------------------------------------
+ void
+-test_AdditionLR(void) {
+-	
++test_AdditionLR(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op2 = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
+-		l_fp exp = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
+-		l_fp res = l_fp_add(op1, op2);		
++		l_fp e_res = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
++		l_fp res = l_fp_add(op1, op2);
+ 
+-		TEST_ASSERT_EQUAL_l_fp(exp, res);
+-	}	
++		TEST_ASSERT_EQUAL_l_fp(e_res, res);
++	}
++	return;
+ }
+ 
+ void
+-test_AdditionRL(void) {
++test_AdditionRL(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op2 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
+-		l_fp exp = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
++		l_fp e_res = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
+ 		l_fp res = l_fp_add(op1, op2);
+ 
+-		TEST_ASSERT_EQUAL_l_fp(exp, res);
+-	}	
++		TEST_ASSERT_EQUAL_l_fp(e_res, res);
++	}
++	return;
+ }
+ 
+ 
+-
+ //----------------------------------------------------------------------
+ // test subtraction
+ //----------------------------------------------------------------------
+ void
+-test_SubtractionLR(void) {
++test_SubtractionLR(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op2 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+-		l_fp exp = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
++		l_fp e_res = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
+ 		l_fp res = l_fp_subtract(op1, op2);
+-		
+-		TEST_ASSERT_EQUAL_l_fp(exp, res);		
+-	}	
++
++		TEST_ASSERT_EQUAL_l_fp(e_res, res);
++	}
++	return;
+ }
+ 
+ void
+-test_SubtractionRL(void) {
++test_SubtractionRL(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+-		l_fp exp = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
++		l_fp e_res = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op2 = l_fp_init(addsub_tab[idx][1].h, addsub_tab[idx][1].l);
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][2].h, addsub_tab[idx][2].l);
+ 		l_fp res = l_fp_subtract(op1, op2);
+ 
+-		TEST_ASSERT_EQUAL_l_fp(exp, res);
+-	}	
++		TEST_ASSERT_EQUAL_l_fp(e_res, res);
++	}
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -344,18 +368,20 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_Negation(void) {
++test_Negation(void)
++{
++	size_t idx = 0;
+ 
+-	size_t idx = 0;
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op2 = l_fp_negate(op1);
+ 		l_fp sum = l_fp_add(op1, op2);
+-		
++
+ 		l_fp zero = l_fp_init(0, 0);
+ 
+ 		TEST_ASSERT_EQUAL_l_fp(zero, sum);
+-	}	
++	}
++	return;
+ }
+ 
+ 
+@@ -364,21 +390,23 @@
+ // test absolute value
+ //----------------------------------------------------------------------
+ void
+-test_Absolute(void) {
++test_Absolute(void)
++{
+ 	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		l_fp op2 = l_fp_abs(op1);
+ 
+-		TEST_ASSERT_TRUE(l_fp_signum(op2) >= 0);		
++		TEST_ASSERT_TRUE(l_fp_signum(op2) >= 0);
+ 
+ 		if (l_fp_signum(op1) >= 0)
+-			op1 = l_fp_subtract(op1, op2);			
++			op1 = l_fp_subtract(op1, op2);
+ 		else
+ 			op1 = l_fp_add(op1, op2);
+-		
++
+ 		l_fp zero = l_fp_init(0, 0);
+-		
++
+ 		TEST_ASSERT_EQUAL_l_fp(zero, op1);
+ 	}
+ 
+@@ -390,6 +418,8 @@
+ 	TEST_ASSERT_EQUAL(-1, l_fp_signum(minVal));
+ 
+ 	TEST_ASSERT_EQUAL_l_fp(minVal, minAbs);
++
++	return;
+ }
+ 
+ 
+@@ -397,7 +427,10 @@
+ // fp -> double -> fp rountrip test
+ //----------------------------------------------------------------------
+ void
+-test_FDF_RoundTrip(void) {
++test_FDF_RoundTrip(void)
++{
++	size_t idx = 0;
++
+ 	// since a l_fp has 64 bits in it's mantissa and a double has
+ 	// only 54 bits available (including the hidden '1') we have to
+ 	// make a few concessions on the roundtrip precision. The 'eps()'
+@@ -404,7 +437,7 @@
+ 	// function makes an educated guess about the avilable precision
+ 	// and checks the difference in the two 'l_fp' values against
+ 	// that limit.
+-	size_t idx = 0;
++
+ 	for (idx = 0; idx < addsub_cnt; ++idx) {
+ 		l_fp op1 = l_fp_init(addsub_tab[idx][0].h, addsub_tab[idx][0].l);
+ 		double op2 = l_fp_convert_to_double(op1);
+@@ -412,8 +445,10 @@
+ 
+ 		l_fp temp = l_fp_subtract(op1, op3);
+ 		double d = l_fp_convert_to_double(temp);
+- 		TEST_ASSERT_DOUBLE_WITHIN(eps(op2), 0.0, fabs(d));		  		
+-	}	
++		TEST_ASSERT_DOUBLE_WITHIN(eps(op2), 0.0, fabs(d));
++	}
++
++	return;
+ }
+ 
+ 
+@@ -424,14 +459,16 @@
+ // macros in 'ntp_fp.h' produce mathing results.
+ // ----------------------------------------------------------------------
+ void
+-test_SignedRelOps(void) {
++test_SignedRelOps(void)
++{
+ 	const lfp_hl * tv = (&addsub_tab[0][0]);
+ 	size_t lc ;
++
+ 	for (lc = addsub_tot - 1; lc; --lc, ++tv) {
+ 		l_fp op1 = l_fp_init(tv[0].h, tv[0].l);
+ 		l_fp op2 = l_fp_init(tv[1].h, tv[1].l);
+-		int cmp = l_fp_scmp(op1, op2);		
+-		
++		int cmp = l_fp_scmp(op1, op2);
++
+ 		switch (cmp) {
+ 		case -1:
+ 			//printf("op1:%d %d, op2:%d %d\n",op1.l_uf,op1.l_ui,op2.l_uf,op2.l_ui);
+@@ -458,15 +495,19 @@
+ 			TEST_ASSERT_TRUE (l_isequ(op2, op1));
+ 			break;
+ 		default:
+-			TEST_FAIL_MESSAGE("unexpected UCMP result: " );	
++			TEST_FAIL_MESSAGE("unexpected UCMP result: ");
+ 		}
+ 	}
++
++	return;
+ }
+ 
+ void
+-test_UnsignedRelOps(void) {
+-	const lfp_hl * tv =(&addsub_tab[0][0]);	
++test_UnsignedRelOps(void)
++{
++	const lfp_hl * tv =(&addsub_tab[0][0]);
+ 	size_t lc;
++
+ 	for (lc = addsub_tot - 1; lc; --lc, ++tv) {
+ 		l_fp op1 = l_fp_init(tv[0].h, tv[0].l);
+ 		l_fp op2 = l_fp_init(tv[1].h, tv[1].l);
+@@ -492,10 +533,13 @@
+ 			TEST_ASSERT_TRUE (l_ishis(op2, op1));
+ 			break;
+ 		default:
+-			TEST_FAIL_MESSAGE("unexpected UCMP result: " );	
++			TEST_FAIL_MESSAGE("unexpected UCMP result: ");
+ 		}
+ 	}
++
++	return;
+ }
++
+ /*
+ */
+ 
+--- contrib/ntp/tests/libntp/lfptostr.c.orig
++++ contrib/ntp/tests/libntp/lfptostr.c
+@@ -20,6 +20,7 @@
+ static const int HALF_PROMILLE_DOWN = 2147483; /* slightly less than 0.0005 */
+ 
+ 
++void setUp(void);
+ void test_PositiveInteger(void);
+ void test_NegativeInteger(void);
+ void test_PositiveIntegerWithFraction(void);
+@@ -33,7 +34,15 @@
+ void test_UnsignedInteger(void);
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
+ 
++	return;
++}
++
++
+ void
+ test_PositiveInteger(void) {
+ 	l_fp test = {{200}, 0}; /* exact 200.0000000000 */
+--- contrib/ntp/tests/libntp/modetoa.c.orig
++++ contrib/ntp/tests/libntp/modetoa.c
+@@ -4,11 +4,21 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_KnownMode(void);
+ void test_UnknownMode(void);
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_KnownMode(void) {
+ 	const int MODE = 3; // Should be "client"
+ 
+--- contrib/ntp/tests/libntp/msyslog.c.orig
++++ contrib/ntp/tests/libntp/msyslog.c
+@@ -10,6 +10,7 @@
+ #endif
+ 
+ 
++void setUp(void);
+ void test_msnprintf(void);
+ void test_msnprintfLiteralPercentm(void);
+ void test_msnprintfBackslashLiteralPercentm(void);
+@@ -21,6 +22,15 @@
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_msnprintf(void) {
+ #define FMT_PREFIX "msyslog.cpp ENOENT: "
+ 	char	exp_buf[512];
+--- contrib/ntp/tests/libntp/netof.c.orig
++++ contrib/ntp/tests/libntp/netof.c
+@@ -8,6 +8,7 @@
+ #include "sockaddrtest.h"
+ 
+ 
++void setUp(void);
+ void test_ClassBAddress(void);
+ void test_ClassCAddress(void);
+ void test_ClassAAddress(void);
+@@ -14,8 +15,18 @@
+ void test_IPv6Address(void);
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
+ 
+-void test_ClassBAddress(void) {
++	return;
++}
++
++
++void
++test_ClassBAddress(void)
++{
+ 	sockaddr_u input = CreateSockaddr4("172.16.2.1", NTP_PORT);
+ 	sockaddr_u expected = CreateSockaddr4("172.16.0.0", NTP_PORT);
+ 
+@@ -23,9 +34,13 @@
+ 
+ 	TEST_ASSERT_TRUE(actual != NULL);
+ 	TEST_ASSERT_TRUE(IsEqual(expected, *actual));
++
++	return;
+ }
+ 
+-void test_ClassCAddress(void) {
++void
++test_ClassCAddress(void)
++{
+ 	sockaddr_u input = CreateSockaddr4("192.0.2.255", NTP_PORT);
+ 	sockaddr_u expected = CreateSockaddr4("192.0.2.0", NTP_PORT);
+ 
+@@ -33,9 +48,14 @@
+ 
+ 	TEST_ASSERT_TRUE(actual != NULL);
+ 	TEST_ASSERT_TRUE(IsEqual(expected, *actual));
++
++	return;
+ }
+ 
+-void  test_ClassAAddress(void) {
++
++void
++test_ClassAAddress(void)
++{
+ 	/* Class A addresses are assumed to be classless,
+ 	 * thus the same address should be returned.
+ 	 */
+@@ -46,24 +66,28 @@
+ 
+ 	TEST_ASSERT_TRUE(actual != NULL);
+ 	TEST_ASSERT_TRUE(IsEqual(expected, *actual));
++
++	return;
+ }
+ 
+-void  test_IPv6Address(void) {
++void
++test_IPv6Address(void)
++{
+ 	/* IPv6 addresses are assumed to have 64-bit host- and 64-bit network parts. */
+-	const struct in6_addr input_address = {
++	const struct in6_addr input_address = { { {
+ 		0x20, 0x01, 0x0d, 0xb8,
+-        0x85, 0xa3, 0x08, 0xd3, 
+-        0x13, 0x19, 0x8a, 0x2e,
+-        0x03, 0x70, 0x73, 0x34
+-	}; // 2001:0db8:85a3:08d3:1319:8a2e:0370:7334
++		0x85, 0xa3, 0x08, 0xd3, 
++		0x13, 0x19, 0x8a, 0x2e,
++		0x03, 0x70, 0x73, 0x34
++	} } }; // 2001:0db8:85a3:08d3:1319:8a2e:0370:7334
+ 
+-	const struct in6_addr expected_address = {
++	const struct in6_addr expected_address = { { {
+ 		0x20, 0x01, 0x0d, 0xb8,
+-        0x85, 0xa3, 0x08, 0xd3, 
+-        0x00, 0x00, 0x00, 0x00,
+-        0x00, 0x00, 0x00, 0x00
+-	}; // 2001:0db8:85a3:08d3:0000:0000:0000:0000
+-	
++		0x85, 0xa3, 0x08, 0xd3, 
++		0x00, 0x00, 0x00, 0x00,
++		0x00, 0x00, 0x00, 0x00
++	} } }; // 2001:0db8:85a3:08d3:0000:0000:0000:0000
++
+ 	sockaddr_u input;
+ 	input.sa6.sin6_family = AF_INET6;
+ 	input.sa6.sin6_addr = input_address;
+@@ -78,5 +102,6 @@
+ 
+ 	TEST_ASSERT_TRUE(actual != NULL);
+ 	TEST_ASSERT_TRUE(IsEqual(expected, *actual));
++
++	return;
+ }
+-
+--- contrib/ntp/tests/libntp/numtoa.c.orig
++++ contrib/ntp/tests/libntp/numtoa.c
+@@ -5,10 +5,21 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_Address(void);
+ void test_Netmask(void);
+ 
++
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_Address(void) {
+ 	const u_int32 input = htonl(3221225472UL + 512UL + 1UL); // 192.0.2.1
+ 
+--- contrib/ntp/tests/libntp/numtohost.c.orig
++++ contrib/ntp/tests/libntp/numtohost.c
+@@ -5,9 +5,20 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_LoopbackNetNonResolve(void);
+ 
++
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_LoopbackNetNonResolve(void) {
+ 	/* A loopback address in 127.0.0.0/8 is chosen, and
+ 	 * numtohost() should not try to resolve it unless
+@@ -15,6 +26,6 @@
+ 	 */
+ 
+ 	const u_int32 input = 127*256*256*256 + 1*256 + 1; // 127.0.1.1
+-	
++
+ 	TEST_ASSERT_EQUAL_STRING("127.0.1.1", numtohost(htonl(input)));
+ }
+--- contrib/ntp/tests/libntp/octtoint.c.orig
++++ contrib/ntp/tests/libntp/octtoint.c
+@@ -14,61 +14,83 @@
+ void test_IllegalDigit(void);
+ 
+ 
+-void test_SingleDigit(void) {
++void
++test_SingleDigit(void)
++{
+ 	const char* str = "5";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_TRUE(octtoint(str, &actual) );
++	TEST_ASSERT_TRUE(octtoint(str, &actual));
+ 	TEST_ASSERT_EQUAL(5, actual);
++
++	return;
+ }
+ 
+-void test_MultipleDigits(void){
++void
++test_MultipleDigits(void)
++{
+ 	const char* str = "271";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_TRUE(octtoint(str, &actual) );
++	TEST_ASSERT_TRUE(octtoint(str, &actual));
+ 	TEST_ASSERT_EQUAL(185, actual);
+ 
++	return;
+ }
+ 
+-void test_Zero(void){
++void
++test_Zero(void)
++{
+ 	const char* str = "0";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_TRUE(octtoint(str, &actual) );
++	TEST_ASSERT_TRUE(octtoint(str, &actual));
+ 	TEST_ASSERT_EQUAL(0, actual);
+ 
++	return;
+ }
+ 
+-void test_MaximumUnsigned32bit(void){
++void
++test_MaximumUnsigned32bit(void)
++{
+ 	const char* str = "37777777777";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_TRUE(octtoint(str, &actual) );
++	TEST_ASSERT_TRUE(octtoint(str, &actual));
+ 	TEST_ASSERT_EQUAL(4294967295UL, actual);
+ 
++	return;
+ }
+ 
+-void test_Overflow(void){
++void
++test_Overflow(void)
++{
+ 	const char* str = "40000000000";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_FALSE(octtoint(str, &actual) );
++	TEST_ASSERT_FALSE(octtoint(str, &actual));
+ 
++	return;
+ }
+ 
+-void test_IllegalCharacter(void){
++void
++test_IllegalCharacter(void)
++{
+ 	const char* str = "5ac2";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_FALSE(octtoint(str, &actual) );
++	TEST_ASSERT_FALSE(octtoint(str, &actual));
+ 
++	return;
+ }
+ 
+-void test_IllegalDigit(void){
++void
++test_IllegalDigit(void)
++{
+ 	const char* str = "5283";
+ 	u_long actual;
+ 
+-	TEST_ASSERT_FALSE(octtoint(str, &actual) );
++	TEST_ASSERT_FALSE(octtoint(str, &actual));
+ 
++	return;
+ }
+--- contrib/ntp/tests/libntp/prettydate.c.orig
++++ contrib/ntp/tests/libntp/prettydate.c
+@@ -6,15 +6,26 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_ConstantDate(void);
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_ConstantDate(void) {
+ 	const u_int32 HALF = 2147483648UL;
+ 
+-	l_fp time = {{3485080800UL}, HALF}; /* 2010-06-09 14:00:00.5 */
++	l_fp e_time = {{3485080800UL}, HALF}; /* 2010-06-09 14:00:00.5 */
+ 
+ 	TEST_ASSERT_EQUAL_STRING("cfba1ce0.80000000  Wed, Jun  9 2010 14:00:00.500",
+-		gmprettydate(&time));
++		gmprettydate(&e_time));
++	return;
+ }
+--- contrib/ntp/tests/libntp/recvbuff.c.orig
++++ contrib/ntp/tests/libntp/recvbuff.c
+@@ -13,6 +13,9 @@
+ setUp(void)
+ {
+ 	init_recvbuff(RECV_INIT);
++	init_lib();
++
++	return;
+ }
+ 
+ void
+@@ -36,7 +39,7 @@
+ 
+ void
+ test_GetAndFill(void) {
+-	int initial = free_recvbuffs();
++	// int initial = free_recvbuffs();
+ 	recvbuf_t* buf = get_free_recv_buffer();
+ 
+ 	add_full_recv_buffer(buf);
+--- contrib/ntp/tests/libntp/refidsmear.c.orig
++++ contrib/ntp/tests/libntp/refidsmear.c
+@@ -29,13 +29,22 @@
+  */
+ 
+ 
+-
++void setUp(void);
+ void rtol(uint32_t r, char *es);
+ void rtoltor(uint32_t er, char *es);
+ void ltor(l_fp l, char *er);
+ void test_refidsmear(void);
+ 
++
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++void
+ rtol(uint32_t r, char *es)
+ {
+ 	l_fp l;
+@@ -48,7 +57,7 @@
+ 
+ 	l = convertRefIDToLFP(htonl(r));
+ 	as = lfptoa(&l, 8);
+-	
++
+ 	//printf("refid %#x, smear %s\n", r, as);
+ 
+ 	TEST_ASSERT_NOT_NULL_MESSAGE(as, msg);
+@@ -58,8 +67,6 @@
+ }
+ 
+ 
+-
+-
+ void
+ rtoltor(uint32_t er, char *es)
+ {
+--- contrib/ntp/tests/libntp/refnumtoa.c.orig
++++ contrib/ntp/tests/libntp/refnumtoa.c
+@@ -9,11 +9,21 @@
+ /* Might need to be updated if a new refclock gets this id. */
+ static const int UNUSED_REFCLOCK_ID = 250;
+ 
++void setUp(void);
+ void test_LocalClock(void);
+ void test_UnknownId(void);
+ 
+ 
+ void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
+ test_LocalClock(void) {
+ #ifdef REFCLOCK		/* clockname() is useless otherwise */
+ 	/* We test with a refclock address of type LOCALCLOCK.
+@@ -26,7 +36,7 @@
+ 	sockaddr_u address;
+ 	address.sa4.sin_family = AF_INET;
+ 	address.sa4.sin_addr.s_addr = htonl(addr);
+-	
++
+ 	char stringStart[100]= "";
+ 
+ 	strcat(stringStart, clockname(REFCLK_LOCALCLOCK));
+@@ -35,7 +45,7 @@
+ 	char * expected = stringStart;
+ 
+ 	TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address));
+-#else	
++#else
+ 	TEST_IGNORE_MESSAGE("REFCLOCK NOT DEFINED, SKIPPING TEST");
+ #endif	/* REFCLOCK */
+ }
+@@ -51,9 +61,9 @@
+ 	sockaddr_u address;
+ 	address.sa4.sin_family = AF_INET;
+ 	address.sa4.sin_addr.s_addr = htonl(addr);
+-	
++
+ 	char stringStart[100]= "REFCLK(";
+-	char value[100] ;	
++	char value[100] ;
+ 	snprintf(value, sizeof(value), "%d", UNUSED_REFCLOCK_ID);
+ 	strcat(stringStart,value);
+ 	strcat(stringStart,",4)");
+@@ -60,7 +70,7 @@
+ 	char * expected = stringStart;
+ 
+ 	TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address));
+-#else 	
++#else
+ 	TEST_IGNORE_MESSAGE("REFCLOCK NOT DEFINED, SKIPPING TEST");
+ #endif	/* REFCLOCK */
+ }
+--- contrib/ntp/tests/libntp/run-a_md5encrypt.c.orig
++++ contrib/ntp/tests/libntp/run-a_md5encrypt.c
+@@ -52,11 +52,11 @@
+ {
+   progname = argv[0];
+   UnityBegin("a_md5encrypt.c");
+-  RUN_TEST(test_Encrypt, 29);
+-  RUN_TEST(test_DecryptValid, 30);
+-  RUN_TEST(test_DecryptInvalid, 31);
+-  RUN_TEST(test_IPv4AddressToRefId, 32);
+-  RUN_TEST(test_IPv6AddressToRefId, 33);
++  RUN_TEST(test_Encrypt, 40);
++  RUN_TEST(test_DecryptValid, 41);
++  RUN_TEST(test_DecryptInvalid, 42);
++  RUN_TEST(test_IPv4AddressToRefId, 43);
++  RUN_TEST(test_IPv6AddressToRefId, 44);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-calendar.c.orig
++++ contrib/ntp/tests/libntp/run-calendar.c
+@@ -63,21 +63,21 @@
+ {
+   progname = argv[0];
+   UnityBegin("calendar.c");
+-  RUN_TEST(test_DaySplitMerge, 21);
+-  RUN_TEST(test_SplitYearDays1, 22);
+-  RUN_TEST(test_SplitYearDays2, 23);
+-  RUN_TEST(test_RataDie1, 24);
+-  RUN_TEST(test_LeapYears1, 25);
+-  RUN_TEST(test_LeapYears2, 26);
+-  RUN_TEST(test_RoundTripDate, 27);
+-  RUN_TEST(test_RoundTripYearStart, 28);
+-  RUN_TEST(test_RoundTripMonthStart, 29);
+-  RUN_TEST(test_RoundTripWeekStart, 30);
+-  RUN_TEST(test_RoundTripDayStart, 31);
+-  RUN_TEST(test_IsoCalYearsToWeeks, 32);
+-  RUN_TEST(test_IsoCalWeeksToYearStart, 33);
+-  RUN_TEST(test_IsoCalWeeksToYearEnd, 34);
+-  RUN_TEST(test_DaySecToDate, 35);
++  RUN_TEST(test_DaySplitMerge, 22);
++  RUN_TEST(test_SplitYearDays1, 23);
++  RUN_TEST(test_SplitYearDays2, 24);
++  RUN_TEST(test_RataDie1, 25);
++  RUN_TEST(test_LeapYears1, 26);
++  RUN_TEST(test_LeapYears2, 27);
++  RUN_TEST(test_RoundTripDate, 28);
++  RUN_TEST(test_RoundTripYearStart, 29);
++  RUN_TEST(test_RoundTripMonthStart, 30);
++  RUN_TEST(test_RoundTripWeekStart, 31);
++  RUN_TEST(test_RoundTripDayStart, 32);
++  RUN_TEST(test_IsoCalYearsToWeeks, 33);
++  RUN_TEST(test_IsoCalWeeksToYearStart, 34);
++  RUN_TEST(test_IsoCalWeeksToYearEnd, 35);
++  RUN_TEST(test_DaySecToDate, 36);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-decodenetnum.c.orig
++++ contrib/ntp/tests/libntp/run-decodenetnum.c
+@@ -53,12 +53,12 @@
+ {
+   progname = argv[0];
+   UnityBegin("decodenetnum.c");
+-  RUN_TEST(test_IPv4AddressOnly, 7);
+-  RUN_TEST(test_IPv4AddressWithPort, 8);
+-  RUN_TEST(test_IPv6AddressOnly, 10);
+-  RUN_TEST(test_IPv6AddressWithPort, 11);
+-  RUN_TEST(test_IllegalAddress, 13);
+-  RUN_TEST(test_IllegalCharInPort, 14);
++  RUN_TEST(test_IPv4AddressOnly, 8);
++  RUN_TEST(test_IPv4AddressWithPort, 9);
++  RUN_TEST(test_IPv6AddressOnly, 11);
++  RUN_TEST(test_IPv6AddressWithPort, 12);
++  RUN_TEST(test_IllegalAddress, 14);
++  RUN_TEST(test_IllegalCharInPort, 15);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-humandate.c.orig
++++ contrib/ntp/tests/libntp/run-humandate.c
+@@ -49,8 +49,8 @@
+ {
+   progname = argv[0];
+   UnityBegin("humandate.c");
+-  RUN_TEST(test_RegularTime, 8);
+-  RUN_TEST(test_CurrentTime, 9);
++  RUN_TEST(test_RegularTime, 9);
++  RUN_TEST(test_CurrentTime, 10);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-lfpfunc.c.orig
++++ contrib/ntp/tests/libntp/run-lfpfunc.c
+@@ -58,15 +58,15 @@
+ {
+   progname = argv[0];
+   UnityBegin("lfpfunc.c");
+-  RUN_TEST(test_AdditionLR, 50);
+-  RUN_TEST(test_AdditionRL, 51);
+-  RUN_TEST(test_SubtractionLR, 52);
+-  RUN_TEST(test_SubtractionRL, 53);
+-  RUN_TEST(test_Negation, 54);
+-  RUN_TEST(test_Absolute, 55);
+-  RUN_TEST(test_FDF_RoundTrip, 56);
+-  RUN_TEST(test_SignedRelOps, 57);
+-  RUN_TEST(test_UnsignedRelOps, 58);
++  RUN_TEST(test_AdditionLR, 51);
++  RUN_TEST(test_AdditionRL, 52);
++  RUN_TEST(test_SubtractionLR, 53);
++  RUN_TEST(test_SubtractionRL, 54);
++  RUN_TEST(test_Negation, 55);
++  RUN_TEST(test_Absolute, 56);
++  RUN_TEST(test_FDF_RoundTrip, 57);
++  RUN_TEST(test_SignedRelOps, 58);
++  RUN_TEST(test_UnsignedRelOps, 59);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-lfptostr.c.orig
++++ contrib/ntp/tests/libntp/run-lfptostr.c
+@@ -58,17 +58,17 @@
+ {
+   progname = argv[0];
+   UnityBegin("lfptostr.c");
+-  RUN_TEST(test_PositiveInteger, 23);
+-  RUN_TEST(test_NegativeInteger, 24);
+-  RUN_TEST(test_PositiveIntegerWithFraction, 25);
+-  RUN_TEST(test_NegativeIntegerWithFraction, 26);
+-  RUN_TEST(test_RoundingDownToInteger, 27);
+-  RUN_TEST(test_RoundingMiddleToInteger, 28);
+-  RUN_TEST(test_RoundingUpToInteger, 29);
+-  RUN_TEST(test_SingleDecimal, 30);
+-  RUN_TEST(test_MillisecondsRoundingUp, 31);
+-  RUN_TEST(test_MillisecondsRoundingDown, 32);
+-  RUN_TEST(test_UnsignedInteger, 33);
++  RUN_TEST(test_PositiveInteger, 24);
++  RUN_TEST(test_NegativeInteger, 25);
++  RUN_TEST(test_PositiveIntegerWithFraction, 26);
++  RUN_TEST(test_NegativeIntegerWithFraction, 27);
++  RUN_TEST(test_RoundingDownToInteger, 28);
++  RUN_TEST(test_RoundingMiddleToInteger, 29);
++  RUN_TEST(test_RoundingUpToInteger, 30);
++  RUN_TEST(test_SingleDecimal, 31);
++  RUN_TEST(test_MillisecondsRoundingUp, 32);
++  RUN_TEST(test_MillisecondsRoundingDown, 33);
++  RUN_TEST(test_UnsignedInteger, 34);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-modetoa.c.orig
++++ contrib/ntp/tests/libntp/run-modetoa.c
+@@ -48,8 +48,8 @@
+ {
+   progname = argv[0];
+   UnityBegin("modetoa.c");
+-  RUN_TEST(test_KnownMode, 7);
+-  RUN_TEST(test_UnknownMode, 8);
++  RUN_TEST(test_KnownMode, 8);
++  RUN_TEST(test_UnknownMode, 9);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-msyslog.c.orig
++++ contrib/ntp/tests/libntp/run-msyslog.c
+@@ -54,14 +54,14 @@
+ {
+   progname = argv[0];
+   UnityBegin("msyslog.c");
+-  RUN_TEST(test_msnprintf, 13);
+-  RUN_TEST(test_msnprintfLiteralPercentm, 14);
+-  RUN_TEST(test_msnprintfBackslashLiteralPercentm, 15);
+-  RUN_TEST(test_msnprintfBackslashPercent, 16);
+-  RUN_TEST(test_msnprintfHangingPercent, 17);
+-  RUN_TEST(test_format_errmsgHangingPercent, 18);
+-  RUN_TEST(test_msnprintfNullTarget, 19);
+-  RUN_TEST(test_msnprintfTruncate, 20);
++  RUN_TEST(test_msnprintf, 14);
++  RUN_TEST(test_msnprintfLiteralPercentm, 15);
++  RUN_TEST(test_msnprintfBackslashLiteralPercentm, 16);
++  RUN_TEST(test_msnprintfBackslashPercent, 17);
++  RUN_TEST(test_msnprintfHangingPercent, 18);
++  RUN_TEST(test_format_errmsgHangingPercent, 19);
++  RUN_TEST(test_msnprintfNullTarget, 20);
++  RUN_TEST(test_msnprintfTruncate, 21);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-netof.c.orig
++++ contrib/ntp/tests/libntp/run-netof.c
+@@ -52,10 +52,10 @@
+ {
+   progname = argv[0];
+   UnityBegin("netof.c");
+-  RUN_TEST(test_ClassBAddress, 11);
+-  RUN_TEST(test_ClassCAddress, 12);
+-  RUN_TEST(test_ClassAAddress, 13);
+-  RUN_TEST(test_IPv6Address, 14);
++  RUN_TEST(test_ClassBAddress, 12);
++  RUN_TEST(test_ClassCAddress, 13);
++  RUN_TEST(test_ClassAAddress, 14);
++  RUN_TEST(test_IPv6Address, 15);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-numtoa.c.orig
++++ contrib/ntp/tests/libntp/run-numtoa.c
+@@ -49,8 +49,8 @@
+ {
+   progname = argv[0];
+   UnityBegin("numtoa.c");
+-  RUN_TEST(test_Address, 8);
+-  RUN_TEST(test_Netmask, 9);
++  RUN_TEST(test_Address, 9);
++  RUN_TEST(test_Netmask, 10);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-numtohost.c.orig
++++ contrib/ntp/tests/libntp/run-numtohost.c
+@@ -48,7 +48,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("numtohost.c");
+-  RUN_TEST(test_LoopbackNetNonResolve, 8);
++  RUN_TEST(test_LoopbackNetNonResolve, 9);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-prettydate.c.orig
++++ contrib/ntp/tests/libntp/run-prettydate.c
+@@ -49,7 +49,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("prettydate.c");
+-  RUN_TEST(test_ConstantDate, 9);
++  RUN_TEST(test_ConstantDate, 10);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-refnumtoa.c.orig
++++ contrib/ntp/tests/libntp/run-refnumtoa.c
+@@ -49,8 +49,8 @@
+ {
+   progname = argv[0];
+   UnityBegin("refnumtoa.c");
+-  RUN_TEST(test_LocalClock, 12);
+-  RUN_TEST(test_UnknownId, 13);
++  RUN_TEST(test_LocalClock, 13);
++  RUN_TEST(test_UnknownId, 14);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-sfptostr.c.orig
++++ contrib/ntp/tests/libntp/run-sfptostr.c
+@@ -24,6 +24,7 @@
+ #include 
+ #include "config.h"
+ #include "ntp_fp.h"
++#include "ntp_stdlib.h"
+ 
+ //=======External Functions This Runner Calls=====
+ extern void setUp(void);
+@@ -54,14 +55,14 @@
+ {
+   progname = argv[0];
+   UnityBegin("sfptostr.c");
+-  RUN_TEST(test_PositiveInteger, 11);
+-  RUN_TEST(test_NegativeInteger, 12);
+-  RUN_TEST(test_PositiveIntegerPositiveFraction, 13);
+-  RUN_TEST(test_NegativeIntegerNegativeFraction, 14);
+-  RUN_TEST(test_PositiveIntegerNegativeFraction, 15);
+-  RUN_TEST(test_NegativeIntegerPositiveFraction, 16);
+-  RUN_TEST(test_SingleDecimalInteger, 17);
+-  RUN_TEST(test_SingleDecimalRounding, 18);
++  RUN_TEST(test_PositiveInteger, 13);
++  RUN_TEST(test_NegativeInteger, 14);
++  RUN_TEST(test_PositiveIntegerPositiveFraction, 15);
++  RUN_TEST(test_NegativeIntegerNegativeFraction, 16);
++  RUN_TEST(test_PositiveIntegerNegativeFraction, 17);
++  RUN_TEST(test_NegativeIntegerPositiveFraction, 18);
++  RUN_TEST(test_SingleDecimalInteger, 19);
++  RUN_TEST(test_SingleDecimalRounding, 20);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-socktoa.c.orig
++++ contrib/ntp/tests/libntp/run-socktoa.c
+@@ -54,12 +54,12 @@
+ {
+   progname = argv[0];
+   UnityBegin("socktoa.c");
+-  RUN_TEST(test_IPv4AddressWithPort, 10);
+-  RUN_TEST(test_IPv6AddressWithPort, 12);
+-  RUN_TEST(test_IgnoreIPv6Fields, 13);
+-  RUN_TEST(test_ScopedIPv6AddressWithPort, 15);
+-  RUN_TEST(test_HashEqual, 16);
+-  RUN_TEST(test_HashNotEqual, 17);
++  RUN_TEST(test_IPv4AddressWithPort, 11);
++  RUN_TEST(test_IPv6AddressWithPort, 13);
++  RUN_TEST(test_IgnoreIPv6Fields, 14);
++  RUN_TEST(test_ScopedIPv6AddressWithPort, 16);
++  RUN_TEST(test_HashEqual, 17);
++  RUN_TEST(test_HashNotEqual, 18);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-statestr.c.orig
++++ contrib/ntp/tests/libntp/run-statestr.c
+@@ -52,10 +52,10 @@
+ {
+   progname = argv[0];
+   UnityBegin("statestr.c");
+-  RUN_TEST(test_PeerRestart, 9);
+-  RUN_TEST(test_SysUnspecified, 10);
+-  RUN_TEST(test_ClockCodeExists, 11);
+-  RUN_TEST(test_ClockCodeUnknown, 12);
++  RUN_TEST(test_PeerRestart, 10);
++  RUN_TEST(test_SysUnspecified, 11);
++  RUN_TEST(test_ClockCodeExists, 12);
++  RUN_TEST(test_ClockCodeUnknown, 13);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-strtolfp.c.orig
++++ contrib/ntp/tests/libntp/run-strtolfp.c
+@@ -55,13 +55,13 @@
+ {
+   progname = argv[0];
+   UnityBegin("strtolfp.c");
+-  RUN_TEST(test_PositiveInteger, 11);
+-  RUN_TEST(test_NegativeInteger, 12);
+-  RUN_TEST(test_PositiveFraction, 13);
+-  RUN_TEST(test_NegativeFraction, 14);
+-  RUN_TEST(test_PositiveMsFraction, 15);
+-  RUN_TEST(test_NegativeMsFraction, 16);
+-  RUN_TEST(test_InvalidChars, 17);
++  RUN_TEST(test_PositiveInteger, 12);
++  RUN_TEST(test_NegativeInteger, 13);
++  RUN_TEST(test_PositiveFraction, 14);
++  RUN_TEST(test_NegativeFraction, 15);
++  RUN_TEST(test_PositiveMsFraction, 16);
++  RUN_TEST(test_NegativeMsFraction, 17);
++  RUN_TEST(test_InvalidChars, 18);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-timespecops.c.orig
++++ contrib/ntp/tests/libntp/run-timespecops.c
+@@ -78,34 +78,34 @@
+ {
+   progname = argv[0];
+   UnityBegin("timespecops.c");
+-  RUN_TEST(test_Helpers1, 36);
+-  RUN_TEST(test_Normalise, 37);
+-  RUN_TEST(test_SignNoFrac, 38);
+-  RUN_TEST(test_SignWithFrac, 39);
+-  RUN_TEST(test_CmpFracEQ, 40);
+-  RUN_TEST(test_CmpFracGT, 41);
+-  RUN_TEST(test_CmpFracLT, 42);
+-  RUN_TEST(test_AddFullNorm, 43);
+-  RUN_TEST(test_AddFullOflow1, 44);
+-  RUN_TEST(test_AddNsecNorm, 45);
+-  RUN_TEST(test_AddNsecOflow1, 46);
+-  RUN_TEST(test_SubFullNorm, 47);
+-  RUN_TEST(test_SubFullOflow, 48);
+-  RUN_TEST(test_SubNsecNorm, 49);
+-  RUN_TEST(test_SubNsecOflow, 50);
+-  RUN_TEST(test_Neg, 51);
+-  RUN_TEST(test_AbsNoFrac, 52);
+-  RUN_TEST(test_AbsWithFrac, 53);
+-  RUN_TEST(test_Helpers2, 54);
+-  RUN_TEST(test_ToLFPbittest, 55);
+-  RUN_TEST(test_ToLFPrelPos, 56);
+-  RUN_TEST(test_ToLFPrelNeg, 57);
+-  RUN_TEST(test_ToLFPabs, 58);
+-  RUN_TEST(test_FromLFPbittest, 59);
+-  RUN_TEST(test_FromLFPrelPos, 60);
+-  RUN_TEST(test_FromLFPrelNeg, 61);
+-  RUN_TEST(test_LFProundtrip, 62);
+-  RUN_TEST(test_ToString, 63);
++  RUN_TEST(test_Helpers1, 37);
++  RUN_TEST(test_Normalise, 38);
++  RUN_TEST(test_SignNoFrac, 39);
++  RUN_TEST(test_SignWithFrac, 40);
++  RUN_TEST(test_CmpFracEQ, 41);
++  RUN_TEST(test_CmpFracGT, 42);
++  RUN_TEST(test_CmpFracLT, 43);
++  RUN_TEST(test_AddFullNorm, 44);
++  RUN_TEST(test_AddFullOflow1, 45);
++  RUN_TEST(test_AddNsecNorm, 46);
++  RUN_TEST(test_AddNsecOflow1, 47);
++  RUN_TEST(test_SubFullNorm, 48);
++  RUN_TEST(test_SubFullOflow, 49);
++  RUN_TEST(test_SubNsecNorm, 50);
++  RUN_TEST(test_SubNsecOflow, 51);
++  RUN_TEST(test_Neg, 52);
++  RUN_TEST(test_AbsNoFrac, 53);
++  RUN_TEST(test_AbsWithFrac, 54);
++  RUN_TEST(test_Helpers2, 55);
++  RUN_TEST(test_ToLFPbittest, 56);
++  RUN_TEST(test_ToLFPrelPos, 57);
++  RUN_TEST(test_ToLFPrelNeg, 58);
++  RUN_TEST(test_ToLFPabs, 59);
++  RUN_TEST(test_FromLFPbittest, 60);
++  RUN_TEST(test_FromLFPrelPos, 61);
++  RUN_TEST(test_FromLFPrelNeg, 62);
++  RUN_TEST(test_LFProundtrip, 63);
++  RUN_TEST(test_ToString, 64);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-timevalops.c.orig
++++ contrib/ntp/tests/libntp/run-timevalops.c
+@@ -77,34 +77,34 @@
+ {
+   progname = argv[0];
+   UnityBegin("timevalops.c");
+-  RUN_TEST(test_Helpers1, 38);
+-  RUN_TEST(test_Normalise, 39);
+-  RUN_TEST(test_SignNoFrac, 40);
+-  RUN_TEST(test_SignWithFrac, 41);
+-  RUN_TEST(test_CmpFracEQ, 42);
+-  RUN_TEST(test_CmpFracGT, 43);
+-  RUN_TEST(test_CmpFracLT, 44);
+-  RUN_TEST(test_AddFullNorm, 45);
+-  RUN_TEST(test_AddFullOflow1, 46);
+-  RUN_TEST(test_AddUsecNorm, 47);
+-  RUN_TEST(test_AddUsecOflow1, 48);
+-  RUN_TEST(test_SubFullNorm, 49);
+-  RUN_TEST(test_SubFullOflow, 50);
+-  RUN_TEST(test_SubUsecNorm, 51);
+-  RUN_TEST(test_SubUsecOflow, 52);
+-  RUN_TEST(test_Neg, 53);
+-  RUN_TEST(test_AbsNoFrac, 54);
+-  RUN_TEST(test_AbsWithFrac, 55);
+-  RUN_TEST(test_Helpers2, 56);
+-  RUN_TEST(test_ToLFPbittest, 57);
+-  RUN_TEST(test_ToLFPrelPos, 58);
+-  RUN_TEST(test_ToLFPrelNeg, 59);
+-  RUN_TEST(test_ToLFPabs, 60);
+-  RUN_TEST(test_FromLFPbittest, 61);
+-  RUN_TEST(test_FromLFPrelPos, 62);
+-  RUN_TEST(test_FromLFPrelNeg, 63);
+-  RUN_TEST(test_LFProundtrip, 64);
+-  RUN_TEST(test_ToString, 65);
++  RUN_TEST(test_Helpers1, 39);
++  RUN_TEST(test_Normalise, 40);
++  RUN_TEST(test_SignNoFrac, 41);
++  RUN_TEST(test_SignWithFrac, 42);
++  RUN_TEST(test_CmpFracEQ, 43);
++  RUN_TEST(test_CmpFracGT, 44);
++  RUN_TEST(test_CmpFracLT, 45);
++  RUN_TEST(test_AddFullNorm, 46);
++  RUN_TEST(test_AddFullOflow1, 47);
++  RUN_TEST(test_AddUsecNorm, 48);
++  RUN_TEST(test_AddUsecOflow1, 49);
++  RUN_TEST(test_SubFullNorm, 50);
++  RUN_TEST(test_SubFullOflow, 51);
++  RUN_TEST(test_SubUsecNorm, 52);
++  RUN_TEST(test_SubUsecOflow, 53);
++  RUN_TEST(test_Neg, 54);
++  RUN_TEST(test_AbsNoFrac, 55);
++  RUN_TEST(test_AbsWithFrac, 56);
++  RUN_TEST(test_Helpers2, 57);
++  RUN_TEST(test_ToLFPbittest, 58);
++  RUN_TEST(test_ToLFPrelPos, 59);
++  RUN_TEST(test_ToLFPrelNeg, 60);
++  RUN_TEST(test_ToLFPabs, 61);
++  RUN_TEST(test_FromLFPbittest, 62);
++  RUN_TEST(test_FromLFPrelPos, 63);
++  RUN_TEST(test_FromLFPrelNeg, 64);
++  RUN_TEST(test_LFProundtrip, 65);
++  RUN_TEST(test_ToString, 66);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/run-uglydate.c.orig
++++ contrib/ntp/tests/libntp/run-uglydate.c
+@@ -48,7 +48,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("uglydate.c");
+-  RUN_TEST(test_ConstantDateTime, 8);
++  RUN_TEST(test_ConstantDateTime, 9);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/libntp/sfptostr.c.orig
++++ contrib/ntp/tests/libntp/sfptostr.c
+@@ -4,10 +4,12 @@
+  */
+ #include "config.h"
+ #include "ntp_fp.h"
++#include "ntp_stdlib.h"
+ #include "unity.h"
+  
+ #define SFP_MAX_PRECISION 6
+ 
++void setUp(void);
+ void test_PositiveInteger(void);
+ void test_NegativeInteger(void);
+ void test_PositiveIntegerPositiveFraction(void);
+@@ -18,6 +20,15 @@
+ void test_SingleDecimalRounding(void);
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ void test_PositiveInteger(void)
+ {
+ 	s_fp test = 300 << 16; // exact 300.000000
+--- contrib/ntp/tests/libntp/socktoa.c.orig
++++ contrib/ntp/tests/libntp/socktoa.c
+@@ -7,6 +7,7 @@
+ #include "sockaddrtest.h"
+ 
+ 
++void setUp(void);
+ void test_IPv4AddressWithPort(void);
+ //#ifdef ISC_PLATFORM_HAVEIPV6
+ void test_IPv6AddressWithPort(void);
+@@ -16,6 +17,16 @@
+ void test_HashEqual(void);
+ void test_HashNotEqual(void);
+ 
++
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ void 
+ test_IPv4AddressWithPort(void) {
+ 	sockaddr_u input = CreateSockaddr4("192.0.2.10", 123);
+@@ -62,12 +73,12 @@
+ void 
+ test_ScopedIPv6AddressWithPort(void) {
+ #ifdef ISC_PLATFORM_HAVESCOPEID
+-	const struct in6_addr address = {
++	const struct in6_addr address = { { {
+ 		0xfe, 0x80, 0x00, 0x00,
+ 		0x00, 0x00, 0x00, 0x00,
+ 		0x02, 0x12, 0x3f, 0xff, 
+ 		0xfe, 0x29, 0xff, 0xfa
+-	};
++	} } };
+ 
+ 	const char* expected =
+ 		"fe80::212:3fff:fe29:fffa%5";
+--- contrib/ntp/tests/libntp/statestr.c.orig
++++ contrib/ntp/tests/libntp/statestr.c
+@@ -6,11 +6,22 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_PeerRestart(void);
+ void test_SysUnspecified(void);
+ void test_ClockCodeExists(void);
+ void test_ClockCodeUnknown(void);
+ 
++
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ // eventstr()
+ void
+ test_PeerRestart(void) {
+--- contrib/ntp/tests/libntp/strtolfp.c.orig
++++ contrib/ntp/tests/libntp/strtolfp.c
+@@ -8,6 +8,7 @@
+ 
+ /* This file tests both atolfp and mstolfp */
+ 
++void setUp(void);
+ void test_PositiveInteger(void);
+ void test_NegativeInteger(void);
+ void test_PositiveFraction(void);
+@@ -17,6 +18,15 @@
+ void test_InvalidChars(void);
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
+ void test_PositiveInteger(void) {
+ 	const char *str = "500";
+ 	const char *str_ms = "500000";
+--- contrib/ntp/tests/libntp/timespecops.c.orig
++++ contrib/ntp/tests/libntp/timespecops.c
+@@ -10,14 +10,14 @@
+ #include 
+ 
+ 
+-#define TEST_ASSERT_EQUAL_timespec(a, b) { \
+-    TEST_ASSERT_EQUAL_MESSAGE(a.tv_sec, b.tv_sec, "Field tv_sec"); \
++#define TEST_ASSERT_EQUAL_timespec(a, b) {				\
++    TEST_ASSERT_EQUAL_MESSAGE(a.tv_sec, b.tv_sec, "Field tv_sec");	\
+     TEST_ASSERT_EQUAL_MESSAGE(a.tv_nsec, b.tv_nsec, "Field tv_nsec");	\
+ }
+ 
+ 
+-#define TEST_ASSERT_EQUAL_l_fp(a, b) { \
+-    TEST_ASSERT_EQUAL_MESSAGE(a.l_i, b.l_i, "Field l_i"); \
++#define TEST_ASSERT_EQUAL_l_fp(a, b) {					\
++    TEST_ASSERT_EQUAL_MESSAGE(a.l_i, b.l_i, "Field l_i");		\
+     TEST_ASSERT_EQUAL_UINT_MESSAGE(a.l_uf, b.l_uf, "Field l_uf");	\
+ }
+ 
+@@ -33,6 +33,7 @@
+ };
+ 
+ 
++void setUp(void);
+ void test_Helpers1(void);
+ void test_Normalise(void);
+ void test_SignNoFrac(void);
+@@ -64,35 +65,52 @@
+ 
+ typedef int bool;
+ 
+-const bool timespec_isValid(struct timespec V);
++const bool	timespec_isValid(struct timespec V);
+ struct timespec timespec_init(time_t hi, long lo);
+-l_fp l_fp_init(int32 i, u_int32 f);
+-bool AssertFpClose(const l_fp m, const l_fp n, const l_fp limit);
+-bool AssertTimespecClose(const struct timespec m, const struct timespec n, const struct timespec limit);
++l_fp		l_fp_init(int32 i, u_int32 f);
++bool		AssertFpClose(const l_fp m, const l_fp n, const l_fp limit);
++bool		AssertTimespecClose(const struct timespec m,
++				    const struct timespec n,
++				    const struct timespec limit);
+ 
+ 
+-//******************************************MY CUSTOM FUNCTIONS*******************************
++//***************************MY CUSTOM FUNCTIONS***************************
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
+ 
++	return;
++}
++
++
+ const bool
+-timespec_isValid(struct timespec V) {
++timespec_isValid(struct timespec V)
++{
++
+ 	return V.tv_nsec >= 0 && V.tv_nsec < 1000000000;
+ }
+ 
+ 
+ struct timespec
+-timespec_init(time_t hi, long lo) {
+-	struct timespec V;	
++timespec_init(time_t hi, long lo)
++{
++	struct timespec V;
++
+ 	V.tv_sec = hi;
+ 	V.tv_nsec = lo;
++
+ 	return V;
+ }
+ 
+ 
+ l_fp
+-l_fp_init(int32 i, u_int32 f) {
++l_fp_init(int32 i, u_int32 f)
++{
+ 	l_fp temp;
++
+ 	temp.l_i  = i;
+ 	temp.l_uf = f;
+ 
+@@ -101,7 +119,8 @@
+ 
+ 
+ bool
+-AssertFpClose(const l_fp m, const l_fp n, const l_fp limit) {
++AssertFpClose(const l_fp m, const l_fp n, const l_fp limit)
++{
+ 	l_fp diff;
+ 
+ 	if (L_ISGEQ(&m, &n)) {
+@@ -111,7 +130,7 @@
+ 		diff = n;
+ 		L_SUB(&diff, &m);
+ 	}
+-	if (L_ISGEQ(&limit, &diff)){
++	if (L_ISGEQ(&limit, &diff)) {
+ 		return TRUE;
+ 	}
+ 	else {
+@@ -122,7 +141,9 @@
+ 
+ 
+ bool
+-AssertTimespecClose(const struct timespec m, const struct timespec n, const struct timespec limit) {
++AssertTimespecClose(const struct timespec m, const struct timespec n,
++	const struct timespec limit)
++{
+ 	struct timespec diff;
+ 
+ 	diff = abs_tspec(sub_tspec(m, n));
+@@ -156,11 +177,13 @@
+ 
+ 
+ u_int32
+-my_tick_to_tsf(u_int32 ticks) {
++my_tick_to_tsf(u_int32 ticks)
++{
+ 	// convert nanoseconds to l_fp fractional units, using double
+ 	// precision float calculations or, if available, 64bit integer
+ 	// arithmetic. This should give the precise fraction, rounded to
+ 	// the nearest representation.
++
+ #ifdef HAVE_U_INT64
+ 	return (u_int32)((( ((u_int64)(ticks)) << 32) + 500000000) / 1000000000);
+ #else
+@@ -172,7 +195,9 @@
+ 
+ 
+ u_int32
+-my_tsf_to_tick(u_int32 tsf) {
++my_tsf_to_tick(u_int32 tsf)
++{
++
+ 	// Inverse operation: converts fraction to microseconds.
+ #ifdef HAVE_U_INT64
+ 	return (u_int32)(( ((u_int64)(tsf)) * 1000000000 + 0x80000000) >> 32);
+@@ -189,7 +214,8 @@
+ // ---------------------------------------------------------------------
+ 
+ void
+-test_Helpers1(void) {
++test_Helpers1(void)
++{
+ 	struct timespec x;
+ 
+ 	for (x.tv_sec = -2; x.tv_sec < 3; x.tv_sec++) {
+@@ -202,6 +228,8 @@
+ 		x.tv_nsec = 1000000000;
+ 		TEST_ASSERT_FALSE(timespec_isValid(x));
+ 	}
++
++	return;
+ }
+ 
+ 
+@@ -210,8 +238,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_Normalise(void) {
++test_Normalise(void)
++{
+ 	long ns;
++
+ 	for ( ns = -2000000000; ns <= 2000000000; ns += 10000000) {
+ 		struct timespec x = timespec_init(0, ns);
+ 
+@@ -218,6 +248,8 @@
+ 		x = normalize_tspec(x);
+ 		TEST_ASSERT_TRUE(timespec_isValid(x));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -225,9 +257,11 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_SignNoFrac(void) {
++test_SignNoFrac(void)
++{
+ 	// sign test, no fraction
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 0);
+ 		int E = (i > 0) - (i < 0);
+@@ -235,19 +269,26 @@
+ 
+ 		TEST_ASSERT_EQUAL(E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SignWithFrac(void) {
++test_SignWithFrac(void)
++{
+ 	// sign test, with fraction
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 10);
+ 		int E = (i >= 0) - (i < 0);
+ 		int r = test_tspec(a);
++
+ 		TEST_ASSERT_EQUAL(E, r);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -254,7 +295,8 @@
+ // test compare
+ //----------------------------------------------------------------------
+ void
+-test_CmpFracEQ(void) {
++test_CmpFracEQ(void)
++{
+ 	// fractions are equal
+ 	int i, j;
+ 	for (i = -4; i <= 4; ++i)
+@@ -263,15 +305,20 @@
+ 			struct timespec b = timespec_init( j , 200);
+ 			int   E = (i > j) - (i < j);
+ 			int   r = cmp_tspec_denorm(a, b);
++
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_CmpFracGT(void) {
++test_CmpFracGT(void)
++{
+ 	// fraction a bigger fraction b
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 999999800);
+@@ -278,15 +325,20 @@
+ 			struct timespec b = timespec_init(j, 200);
+ 			int   E = (i >= j) - (i < j);
+ 			int   r = cmp_tspec_denorm(a, b);
++
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_CmpFracLT(void) {
++test_CmpFracLT(void)
++{
+ 	// fraction a less fraction b
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 200);
+@@ -293,8 +345,11 @@
+ 			struct timespec b = timespec_init(j, 999999800);
+ 			int   E = (i > j) - (i <= j);
+ 			int   r = cmp_tspec_denorm(a, b);
++
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -302,8 +357,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_AddFullNorm(void) {
++test_AddFullNorm(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 200);
+@@ -314,12 +371,16 @@
+ 			c = add_tspec(a, b);
+ 			TEST_ASSERT_EQUAL_timespec(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddFullOflow1(void) {
++test_AddFullOflow1(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 200);
+@@ -330,6 +391,8 @@
+ 			c = add_tspec(a, b);
+ 			TEST_ASSERT_EQUAL_timespec(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+@@ -336,6 +399,7 @@
+ void
+ test_AddNsecNorm(void) {
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 200);
+ 		struct timespec E = timespec_init(i, 600);
+@@ -344,12 +408,16 @@
+ 		c = add_tspec_ns(a, 600 - 200);
+ 		TEST_ASSERT_EQUAL_timespec(E, c);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddNsecOflow1(void) {
++test_AddNsecOflow1(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 200);
+ 		struct timespec E = timespec_init(i + 1, 100);
+@@ -358,6 +426,8 @@
+ 		c = add_tspec_ns(a, NANOSECONDS - 100);
+ 		TEST_ASSERT_EQUAL_timespec(E, c);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -365,8 +435,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_SubFullNorm(void) {
++test_SubFullNorm(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init( i , 600);
+@@ -377,12 +449,16 @@
+ 			c = sub_tspec(a, b);
+ 			TEST_ASSERT_EQUAL_timespec(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubFullOflow(void) {
++test_SubFullOflow(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timespec a = timespec_init(i, 100);
+@@ -393,12 +469,16 @@
+ 			c = sub_tspec(a, b);
+ 			TEST_ASSERT_EQUAL_timespec(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubNsecNorm(void) {
++test_SubNsecNorm(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 600);
+ 		struct timespec E = timespec_init(i, 200);
+@@ -407,12 +487,16 @@
+ 		c = sub_tspec_ns(a, 600 - 200);
+ 		TEST_ASSERT_EQUAL_timespec(E, c);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubNsecOflow(void) {
++test_SubNsecOflow(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init( i , 100);
+ 		struct timespec E = timespec_init(i-1, 200);
+@@ -421,6 +505,8 @@
+ 		c = sub_tspec_ns(a, NANOSECONDS - 100);
+ 		TEST_ASSERT_EQUAL_timespec(E, c);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -429,8 +515,10 @@
+ 
+ 
+ void
+-test_Neg(void) {
++test_Neg(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 100);
+ 		struct timespec b;
+@@ -440,6 +528,8 @@
+ 		c = add_tspec(a, b);
+ 		TEST_ASSERT_EQUAL(0, test_tspec(c));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -447,8 +537,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_AbsNoFrac(void) {
++test_AbsNoFrac(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i , 0);
+ 		struct timespec b;
+@@ -456,12 +548,16 @@
+ 		b = abs_tspec(a);
+ 		TEST_ASSERT_EQUAL((i != 0), test_tspec(b));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AbsWithFrac(void) {
++test_AbsWithFrac(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timespec a = timespec_init(i, 100);
+ 		struct timespec b;
+@@ -469,6 +565,8 @@
+ 		b = abs_tspec(a);
+ 		TEST_ASSERT_EQUAL(1, test_tspec(b));
+ 	}
++
++	return;
+ }
+ 
+ // ---------------------------------------------------------------------
+@@ -476,9 +574,9 @@
+ // ---------------------------------------------------------------------
+ 
+ void
+-test_Helpers2(void) {
++test_Helpers2(void)
++{
+ 	struct timespec limit = timespec_init(0, 2);
+-	
+ 	struct timespec x, y;
+ 	long i;
+ 
+@@ -489,7 +587,7 @@
+ 			for (i = -4; i < 5; ++i) {
+ 				y = x;
+ 				y.tv_nsec += i;
+-				if (i >= -2 && i <= 2){
++				if (i >= -2 && i <= 2) {
+ 					TEST_ASSERT_TRUE(AssertTimespecClose(x, y, limit));
+ 				}
+ 				else
+@@ -498,6 +596,8 @@
+ 				}
+ 			}
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -505,9 +605,11 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_ToLFPbittest(void) {
++test_ToLFPbittest(void)
++{
+ 	l_fp lfpClose =  l_fp_init(0, 1);
+ 	u_int32 i;
++
+ 	for (i = 0; i < 1000000000; i+=1000) {
+ 		struct timespec a = timespec_init(1, i);
+ 		l_fp E= l_fp_init(1, my_tick_to_tsf(i));
+@@ -516,12 +618,16 @@
+ 		r = tspec_intv_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPrelPos(void) {
++test_ToLFPrelPos(void)
++{
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timespec a = timespec_init(1, fdata[i].nsec);
+ 		l_fp E = l_fp_init(1, fdata[i].frac);
+@@ -530,12 +636,16 @@
+ 		r = tspec_intv_to_lfp(a);
+ 		TEST_ASSERT_EQUAL_l_fp(E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPrelNeg(void) {
++test_ToLFPrelNeg(void)
++{
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timespec a = timespec_init(-1, fdata[i].nsec);
+ 		l_fp E = l_fp_init(~0, fdata[i].frac);
+@@ -544,12 +654,16 @@
+ 		r = tspec_intv_to_lfp(a);
+ 		TEST_ASSERT_EQUAL_l_fp(E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPabs(void) {
++test_ToLFPabs(void)
++{
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timespec a = timespec_init(1, fdata[i].nsec);
+ 		l_fp E = l_fp_init(1 + JAN_1970, fdata[i].frac);
+@@ -558,6 +672,8 @@
+ 		r = tspec_stamp_to_lfp(a);
+ 		TEST_ASSERT_EQUAL_l_fp(E, r);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -565,7 +681,8 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_FromLFPbittest(void) {
++test_FromLFPbittest(void)
++{
+ 	struct timespec limit = timespec_init(0, 2);
+ 
+ 	// Not *exactly* a bittest, because 2**32 tests would take a
+@@ -582,13 +699,17 @@
+ 		// comparing to calculated value.
+ 		TEST_ASSERT_TRUE(AssertTimespecClose(E, r, limit));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_FromLFPrelPos(void) {
++test_FromLFPrelPos(void)
++{
+ 	struct timespec limit = timespec_init(0, 2);
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		l_fp a = l_fp_init(1, fdata[i].frac);
+ 		struct timespec E = timespec_init(1, fdata[i].nsec);
+@@ -597,13 +718,17 @@
+ 		r = lfp_intv_to_tspec(a);
+ 		TEST_ASSERT_TRUE(AssertTimespecClose(E, r, limit));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_FromLFPrelNeg(void) {
++test_FromLFPrelNeg(void)
++{
+ 	struct timespec limit = timespec_init(0, 2);
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		l_fp a = l_fp_init(~0, fdata[i].frac);
+ 		struct timespec E = timespec_init(-1, fdata[i].nsec);
+@@ -612,14 +737,18 @@
+ 		r = lfp_intv_to_tspec(a);
+ 		TEST_ASSERT_TRUE(AssertTimespecClose(E, r, limit));
+ 	}
++
++	return;
+ }
+ 
+ 
+ // nsec -> frac -> nsec roundtrip, using a prime start and increment
+ void
+-test_LFProundtrip(void) {
++test_LFProundtrip(void)
++{
+ 	int32_t t;
+ 	u_int32 i;
++
+ 	for (t = -1; t < 2; ++t)
+ 		for (i = 4999; i < 1000000000; i += 10007) {
+ 			struct timespec E = timespec_init(t, i);
+@@ -630,6 +759,8 @@
+ 			r = lfp_intv_to_tspec(a);
+ 			TEST_ASSERT_EQUAL_timespec(E, r);
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -637,7 +768,8 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_ToString(void) {
++test_ToString(void)
++{
+ 	static const struct {
+ 		time_t		sec;
+ 		long		nsec;
+@@ -653,6 +785,7 @@
+ 		{-1,-1, "-1.000000001" },
+ 	};
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(data); ++i) {
+ 		struct timespec a = timespec_init(data[i].sec, data[i].nsec);
+ 		const char * E = data[i].repr;
+@@ -659,6 +792,8 @@
+ 		const char * r = tspectoa(a);
+ 		TEST_ASSERT_EQUAL_STRING(E, r);
+ 	}
++
++	return;
+ }
+ 
+ // -*- EOF -*-
+--- contrib/ntp/tests/libntp/timevalops.c.orig
++++ contrib/ntp/tests/libntp/timevalops.c
+@@ -11,8 +11,8 @@
+ #include "unity.h"
+ 
+ 
+-#define TEST_ASSERT_EQUAL_timeval(a, b) { \
+-    TEST_ASSERT_EQUAL_MESSAGE(a.tv_sec, b.tv_sec, "Field tv_sec"); \
++#define TEST_ASSERT_EQUAL_timeval(a, b) {				\
++    TEST_ASSERT_EQUAL_MESSAGE(a.tv_sec, b.tv_sec, "Field tv_sec");	\
+     TEST_ASSERT_EQUAL_MESSAGE(a.tv_usec, b.tv_usec, "Field tv_usec");	\
+ }
+ 
+@@ -35,6 +35,7 @@
+ bool AssertTimevalClose(const struct timeval m, const struct timeval n, const struct timeval limit);
+ bool AssertFpClose(const l_fp m, const l_fp n, const l_fp limit);
+ 
++void setUp(void);
+ void test_Helpers1(void);
+ void test_Normalise(void);
+ void test_SignNoFrac(void);
+@@ -65,28 +66,43 @@
+ void test_ToString(void);
+ 
+ 
+-//******************************************MY CUSTOM FUNCTIONS*******************************
++//**********************************MY CUSTOM FUNCTIONS***********************
+ 
+ 
++void
++setUp(void)
++{
++	init_lib();
+ 
++	return;
++}
++
++
+ struct timeval
+-timeval_init( time_t hi, long lo){
++timeval_init(time_t hi, long lo)
++{
+ 	struct timeval V; 
++
+ 	V.tv_sec = hi; 
+ 	V.tv_usec = lo;
++
+ 	return V;
+ }
+ 
+ 
+ const bool
+-timeval_isValid(struct timeval V) {
++timeval_isValid(struct timeval V)
++{
++
+ 	return V.tv_usec >= 0 && V.tv_usec < 1000000;
+ }
+ 
+ 
+ l_fp
+-l_fp_init(int32 i, u_int32 f) {
++l_fp_init(int32 i, u_int32 f)
++{
+ 	l_fp temp;
++
+ 	temp.l_i  = i;
+ 	temp.l_uf = f;
+ 
+@@ -95,18 +111,18 @@
+ 
+ 
+ bool
+-AssertTimevalClose(const struct timeval m, const struct timeval n, const struct timeval limit) {
++AssertTimevalClose(const struct timeval m, const struct timeval n, const struct timeval limit)
++{
+ 	struct timeval diff;
+ 
+ 	diff = abs_tval(sub_tval(m, n));
+ 	if (cmp_tval(limit, diff) >= 0)
+ 		return TRUE;
+-	
+ 	else 
+ 	{
+ 		printf("m_expr which is %ld.%lu \nand\nn_expr which is %ld.%lu\nare not close; diff=%ld.%luusec\n", m.tv_sec, m.tv_usec, n.tv_sec, n.tv_usec, diff.tv_sec, diff.tv_usec); 
+ 		//I don't have variables m_expr and n_expr in unity, those are command line arguments which only getst has!!!
+-		
++
+ 		return FALSE;
+ 	}
+ }
+@@ -113,7 +129,8 @@
+ 
+ 
+ bool
+-AssertFpClose(const l_fp m, const l_fp n, const l_fp limit) {
++AssertFpClose(const l_fp m, const l_fp n, const l_fp limit)
++{
+ 	l_fp diff;
+ 
+ 	if (L_ISGEQ(&m, &n)) {
+@@ -123,7 +140,7 @@
+ 		diff = n;
+ 		L_SUB(&diff, &m);
+ 	}
+-	if (L_ISGEQ(&limit, &diff)){
++	if (L_ISGEQ(&limit, &diff)) {
+ 		return TRUE;
+ 	}
+ 	else {
+@@ -155,11 +172,13 @@
+ 
+ 
+ u_int32
+-my_tick_to_tsf(u_int32 ticks) {
++my_tick_to_tsf(u_int32 ticks)
++{
+ 	// convert microseconds to l_fp fractional units, using double
+ 	// precision float calculations or, if available, 64bit integer
+ 	// arithmetic. This should give the precise fraction, rounded to
+ 	// the nearest representation.
++
+ #ifdef HAVE_U_INT64
+ 	return (u_int32)((( ((u_int64)(ticks)) << 32) + 500000) / 1000000); //I put too much () when casting just to be safe
+ #else
+@@ -171,7 +190,8 @@
+ 
+ 
+ u_int32
+-my_tsf_to_tick(u_int32 tsf) {
++my_tsf_to_tick(u_int32 tsf)
++{
+ 	// Inverse operation: converts fraction to microseconds.
+ #ifdef HAVE_U_INT64
+ 	return (u_int32)( ((u_int64)(tsf) * 1000000 + 0x80000000) >> 32); //CHECK ME!!!
+@@ -182,7 +202,7 @@
+ }
+ 
+ 
+-//***************************************END OF CUSTOM FUNCTIONS*****************************
++//*******************************END OF CUSTOM FUNCTIONS*********************
+ 
+ 
+ // ---------------------------------------------------------------------
+@@ -190,7 +210,8 @@
+ // ---------------------------------------------------------------------
+ 
+ void
+-test_Helpers1(void) {
++test_Helpers1(void)
++{
+ 	struct timeval x;
+ 
+ 	for (x.tv_sec = -2; x.tv_sec < 3; x.tv_sec++) {
+@@ -203,6 +224,8 @@
+ 		x.tv_usec = 1000000;
+ 		TEST_ASSERT_FALSE(timeval_isValid(x));
+ 	}
++
++	return;
+ }
+ 
+ 
+@@ -211,14 +234,18 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_Normalise(void) {
++test_Normalise(void)
++{
+ 	long ns;
++
+ 	for (ns = -2000000000; ns <= 2000000000; ns += 10000000) {
+ 		struct timeval x = timeval_init(0, ns);
+-		
++
+ 		x = normalize_tval(x);
+ 		TEST_ASSERT_TRUE(timeval_isValid(x));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -226,8 +253,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_SignNoFrac(void) {
++test_SignNoFrac(void)
++{
+ 	int i;
++
+ 	// sign test, no fraction
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 0);
+@@ -236,13 +265,17 @@
+ 
+ 		TEST_ASSERT_EQUAL(E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SignWithFrac(void) {
++test_SignWithFrac(void)
++{
+ 	// sign test, with fraction
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 10);
+ 		int	     E = (i >= 0) - (i < 0);
+@@ -250,6 +283,8 @@
+ 
+ 		TEST_ASSERT_EQUAL(E, r);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -256,8 +291,10 @@
+ // test compare
+ //----------------------------------------------------------------------
+ void
+-test_CmpFracEQ(void) {
++test_CmpFracEQ(void)
++{
+ 	int i, j;
++
+ 	// fractions are equal
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+@@ -268,13 +305,17 @@
+ 
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_CmpFracGT(void) {
++test_CmpFracGT(void)
++{
+ 	// fraction a bigger fraction b
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init( i , 999800);
+@@ -284,13 +325,17 @@
+ 
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_CmpFracLT(void) {
++test_CmpFracLT(void)
++{
+ 	// fraction a less fraction b
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 200);
+@@ -300,6 +345,8 @@
+ 
+ 			TEST_ASSERT_EQUAL(E, r);
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -307,8 +354,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_AddFullNorm(void) {
++test_AddFullNorm(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 200);
+@@ -319,12 +368,16 @@
+ 			c = add_tval(a, b);
+ 			TEST_ASSERT_EQUAL_timeval(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddFullOflow1(void) {
++test_AddFullOflow1(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 200);
+@@ -335,12 +388,16 @@
+ 			c = add_tval(a, b);
+ 			TEST_ASSERT_EQUAL_timeval(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddUsecNorm(void) {
++test_AddUsecNorm(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 200);
+ 		struct timeval E = timeval_init(i, 600);
+@@ -349,12 +406,16 @@
+ 		c = add_tval_us(a, 600 - 200);
+ 		TEST_ASSERT_EQUAL_timeval(E, c);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AddUsecOflow1(void) {
++test_AddUsecOflow1(void)
++{
+ 	int i;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 200);
+ 		struct timeval E = timeval_init(i + 1, 100);
+@@ -363,6 +424,8 @@
+ 		c = add_tval_us(a, MICROSECONDS - 100);
+ 		TEST_ASSERT_EQUAL_timeval(E, c);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -370,8 +433,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_SubFullNorm(void) {
++test_SubFullNorm(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 600);
+@@ -382,12 +447,16 @@
+ 			c = sub_tval(a, b);
+ 			TEST_ASSERT_EQUAL_timeval(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubFullOflow(void) {
++test_SubFullOflow(void)
++{
+ 	int i, j;
++
+ 	for (i = -4; i <= 4; ++i)
+ 		for (j = -4; j <= 4; ++j) {
+ 			struct timeval a = timeval_init(i, 100);
+@@ -398,12 +467,16 @@
+ 			c = sub_tval(a, b);
+ 			TEST_ASSERT_EQUAL_timeval(E, c);
+ 		}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubUsecNorm(void) {
++test_SubUsecNorm(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 600);
+ 		struct timeval E = timeval_init(i, 200);
+@@ -412,12 +485,16 @@
+ 		c = sub_tval_us(a, 600 - 200);
+ 		TEST_ASSERT_EQUAL_timeval(E, c);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_SubUsecOflow(void) {
++test_SubUsecOflow(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 100);
+ 		struct timeval E = timeval_init(i - 1, 200);
+@@ -426,6 +503,8 @@
+ 		c = sub_tval_us(a, MICROSECONDS - 100);
+ 		TEST_ASSERT_EQUAL_timeval(E, c);
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -433,8 +512,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_Neg(void) {
++test_Neg(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 100);
+ 		struct timeval b;
+@@ -444,6 +525,8 @@
+ 		c = add_tval(a, b);
+ 		TEST_ASSERT_EQUAL(0, test_tval(c));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -451,8 +534,10 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_AbsNoFrac(void) {
++test_AbsNoFrac(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 0);
+ 		struct timeval b;
+@@ -460,12 +545,16 @@
+ 		b = abs_tval(a);
+ 		TEST_ASSERT_EQUAL((i != 0), test_tval(b));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_AbsWithFrac(void) {
++test_AbsWithFrac(void)
++{
+ 	int i = -4;
++
+ 	for (i = -4; i <= 4; ++i) {
+ 		struct timeval a = timeval_init(i, 100);
+ 		struct timeval b;
+@@ -473,6 +562,8 @@
+ 		b = abs_tval(a);
+ 		TEST_ASSERT_EQUAL(1, test_tval(b));
+ 	}
++
++	return;
+ }
+ 
+ // ---------------------------------------------------------------------
+@@ -481,13 +572,13 @@
+ 
+ 
+ void
+-test_Helpers2(void) {
+-
++test_Helpers2(void)
++{
+ 	struct timeval limit = timeval_init(0, 2);
+ 	struct timeval x, y;
+-	long i;	
++	long i;
+ 
+-	for (x.tv_sec = -2; x.tv_sec < 3; x.tv_sec++){
++	for (x.tv_sec = -2; x.tv_sec < 3; x.tv_sec++) {
+ 		for (x.tv_usec = 1;
+ 		     x.tv_usec < 1000000;
+ 		     x.tv_usec += 499999) {
+@@ -494,7 +585,7 @@
+ 			for (i = -4; i < 5; ++i) {
+ 				y = x;
+ 				y.tv_usec += i;
+-				if (i >= -2 && i <= 2){
++				if (i >= -2 && i <= 2) {
+ 					TEST_ASSERT_TRUE(AssertTimevalClose(x, y, limit));//ASSERT_PRED_FORMAT2(isClose, x, y);
+ 				}
+ 				else {
+@@ -503,6 +594,8 @@
+ 			}
+ 		}
+ 	}
++
++	return;
+ }
+ 
+ // and the global predicate instances we're using here
+@@ -515,8 +608,9 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_ToLFPbittest(void) {
+-	l_fp lfpClose =  l_fp_init(0, 1);	
++test_ToLFPbittest(void)
++{
++	l_fp lfpClose =  l_fp_init(0, 1);
+ 
+ 	u_int32 i = 0;
+ 	for (i = 0; i < 1000000; ++i) {
+@@ -527,14 +621,17 @@
+ 		r = tval_intv_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));	//ASSERT_PRED_FORMAT2(FpClose, E, r);
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPrelPos(void) {
++test_ToLFPrelPos(void)
++{
+ 	l_fp lfpClose =  l_fp_init(0, 1);
++	int i = 0;
+ 
+-	int i = 0;
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timeval a = timeval_init(1, fdata[i].usec);
+ 		l_fp E = l_fp_init(1, fdata[i].frac);
+@@ -543,13 +640,17 @@
+ 		r = tval_intv_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPrelNeg(void) {
++test_ToLFPrelNeg(void)
++{
+ 	l_fp lfpClose =  l_fp_init(0, 1);
+ 	int i = 0;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timeval a = timeval_init(-1, fdata[i].usec);
+ 		l_fp E = l_fp_init(~0, fdata[i].frac);
+@@ -558,14 +659,17 @@
+ 		r = tval_intv_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_ToLFPabs(void) {
++test_ToLFPabs(void)
++{
+ 	l_fp lfpClose =  l_fp_init(0, 1);
++	int i = 0;
+ 
+-	int i = 0;
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		struct timeval a = timeval_init(1, fdata[i].usec);
+ 		l_fp E = l_fp_init(1 + JAN_1970, fdata[i].frac);
+@@ -574,6 +678,8 @@
+ 		r = tval_stamp_to_lfp(a);
+ 		TEST_ASSERT_TRUE(AssertFpClose(E, r, lfpClose));
+ 	}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -581,12 +687,14 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_FromLFPbittest(void) {
++test_FromLFPbittest(void)
++{
+ 	struct timeval timevalClose = timeval_init(0, 1);
+ 	// Not *exactly* a bittest, because 2**32 tests would take a
+ 	// really long time even on very fast machines! So we do test
+ 	// every 1000 fractional units.
+ 	u_int32 tsf = 0;
++
+ 	for (tsf = 0; tsf < ~((u_int32)(1000)); tsf += 1000) {
+ 		struct timeval E = timeval_init(1, my_tsf_to_tick(tsf));
+ 		l_fp a = l_fp_init(1, tsf);
+@@ -597,13 +705,17 @@
+ 		// comparing to calculated value.
+ 		TEST_ASSERT_TRUE(AssertTimevalClose(E, r, timevalClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_FromLFPrelPos(void) {
++test_FromLFPrelPos(void)
++{
+ 	struct timeval timevalClose = timeval_init(0, 1);
+-	int i = 0;	
++	int i = 0;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		l_fp a = l_fp_init(1, fdata[i].frac);
+ 		struct timeval E = timeval_init(1, fdata[i].usec);
+@@ -612,13 +724,17 @@
+ 		r = lfp_intv_to_tval(a);
+ 		TEST_ASSERT_TRUE(AssertTimevalClose(E, r, timevalClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ void
+-test_FromLFPrelNeg(void) {
++test_FromLFPrelNeg(void)
++{
+ 	struct timeval timevalClose = timeval_init(0, 1);
+ 	int i = 0;
++
+ 	for (i = 0; i < COUNTOF(fdata); ++i) {
+ 		l_fp a = l_fp_init(~0, fdata[i].frac);
+ 		struct timeval E = timeval_init(-1, fdata[i].usec);
+@@ -627,14 +743,18 @@
+ 		r = lfp_intv_to_tval(a);
+ 		TEST_ASSERT_TRUE(AssertTimevalClose(E, r, timevalClose));
+ 	}
++
++	return;
+ }
+ 
+ 
+ // usec -> frac -> usec roundtrip, using a prime start and increment
+ void
+-test_LFProundtrip(void) {
++test_LFProundtrip(void)
++{
+ 	int32_t t = -1;
+ 	u_int32 i = 5;
++
+ 	for (t = -1; t < 2; ++t)
+ 		for (i = 5; i < 1000000; i += 11) {
+ 			struct timeval E = timeval_init(t, i);
+@@ -645,6 +765,8 @@
+ 			r = lfp_intv_to_tval(a);
+ 			TEST_ASSERT_EQUAL_timeval(E, r);
+ 		}
++
++	return;
+ }
+ 
+ //----------------------------------------------------------------------
+@@ -652,7 +774,8 @@
+ //----------------------------------------------------------------------
+ 
+ void
+-test_ToString(void) {
++test_ToString(void)
++{
+ 	static const struct {
+ 		time_t	     sec;
+ 		long	     usec;
+@@ -668,6 +791,7 @@
+ 		{-1,-1, "-1.000001" },
+ 	};
+ 	int i;
++
+ 	for (i = 0; i < COUNTOF(data); ++i) {
+ 		struct timeval a = timeval_init(data[i].sec, data[i].usec);
+ 		const char *  E = data[i].repr;
+@@ -675,6 +799,8 @@
+ 
+ 		TEST_ASSERT_EQUAL_STRING(E, r);
+ 	}
++
++	return;
+ }
+ 
+ // -*- EOF -*-
+--- contrib/ntp/tests/libntp/uglydate.c.orig
++++ contrib/ntp/tests/libntp/uglydate.c
+@@ -5,14 +5,26 @@
+ 
+ #include "unity.h"
+ 
++void setUp(void);
+ void test_ConstantDateTime(void);
+ 
++
+ void
+-test_ConstantDateTime(void) {
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++void
++test_ConstantDateTime(void)
++{
+ 	const u_int32 HALF = 2147483648UL;
+ 
+-	l_fp time = {{3485080800UL}, HALF}; /* 2010-06-09 14:00:00.5 */
++	l_fp e_time = {{3485080800UL}, HALF}; /* 2010-06-09 14:00:00.5 */
+ 
+ 	TEST_ASSERT_EQUAL_STRING("3485080800.500000 10:159:14:00:00.500",
+-				 uglydate(&time));
++				 uglydate(&e_time));
++	return;
+ }
+--- contrib/ntp/tests/ntpd/leapsec.c.orig
++++ contrib/ntp/tests/ntpd/leapsec.c
+@@ -234,6 +234,7 @@
+ int stringreader(void* farg)
+ {
+ 	const char ** cpp = (const char**)farg;
++
+ 	if (**cpp)
+ 		return *(*cpp)++;
+ 	else
+@@ -247,6 +248,7 @@
+ {
+ 	int            rc;
+ 	leap_table_t * pt = leapsec_get_table(0);
++
+ 	rc = (pt != NULL) && leapsec_load(pt, stringreader, &cp, blim);
+ 	rc = rc && leapsec_set_table(pt);
+ 	return rc;
+@@ -257,6 +259,7 @@
+ {
+ 	int            rc;
+ 	leap_table_t * pt = leapsec_get_table(0);
++
+ 	if (pt)
+ 		leapsec_clear(pt);
+ 	rc = leapsec_set_table(pt);
+@@ -264,10 +267,13 @@
+ }
+ 
+ 
+-char * CalendarToString(const struct calendar cal) {
++char *
++CalendarToString(const struct calendar cal)
++{
+ 	char * ss = malloc (sizeof (char) * 100);
+-	
+ 	char buffer[100] ="";
++
++	*ss = '\0';
+ 	sprintf(buffer, "%u", cal.year);
+ 	strcat(ss,buffer);
+ 	strcat(ss,"-");
+@@ -293,34 +299,47 @@
+ }
+ 
+ 
+-int IsEqual(const struct calendar expected, const struct calendar actual) {
+-	if (expected.year == actual.year &&
+-		(expected.yearday == actual.yearday ||
+-		 (expected.month == actual.month &&
+-		  expected.monthday == actual.monthday)) &&
+-		expected.hour == actual.hour &&
+-		expected.minute == actual.minute &&
+-		expected.second == actual.second) {
++int
++IsEqual(const struct calendar expected, const struct calendar actual)
++{
++
++	if (   expected.year == actual.year
++	    && (   expected.yearday == actual.yearday
++		|| (   expected.month == actual.month
++		    && expected.monthday == actual.monthday))
++	    && expected.hour == actual.hour
++	    && expected.minute == actual.minute
++	    && expected.second == actual.second) {
+ 		return TRUE;
+ 	} else {
+-		printf("expected: %s but was %s", CalendarToString(expected) ,CalendarToString(actual));
++		char *p_exp = CalendarToString(expected);
++		char *p_act = CalendarToString(actual);
++
++		printf("expected: %s but was %s", p_exp, p_act);
++
++		free(p_exp);
++		free(p_act);
+ 		return FALSE;
+-			
+ 	}
+ }
+ 
+ //-------------------------
+ 
+-void setUp(void)
++void
++setUp(void)
+ {
+     ntpcal_set_timefunc(timefunc);
+     settime(1970, 1, 1, 0, 0, 0);
+     leapsec_ut_pristine();
++
++    return;
+ }
+ 
+-void tearDown(void)
++void
++tearDown(void)
+ {
+     ntpcal_set_timefunc(NULL);
++    return;
+ }
+ 
+ // =====================================================================
+@@ -328,45 +347,73 @@
+ // =====================================================================
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateGood(void) {
++void
++test_ValidateGood(void)
++{
+ 	const char *cp = leap_ghash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_GOODHASH, rc);
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateNoHash(void) {
++void
++test_ValidateNoHash(void)
++{
+ 	const char *cp = leap2;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_NOHASH, rc);
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateBad(void) {
++void
++test_ValidateBad(void)
++{
+ 	const char *cp = leap_bhash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_BADHASH, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateMalformed(void) {
++void
++test_ValidateMalformed(void)
++{
+ 	const char *cp = leap_mhash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_BADFORMAT, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateMalformedShort(void) {
++void
++test_ValidateMalformedShort(void)
++{
+ 	const char *cp = leap_shash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_BADFORMAT, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+-void test_ValidateNoLeadZero(void) {
++void
++test_ValidateNoLeadZero(void)
++{
+ 	const char *cp = leap_gthash;
+ 	int         rc = leapsec_validate(stringreader, &cp);
++
+ 	TEST_ASSERT_EQUAL(LSVALID_GOODHASH, rc);
++
++	return;
+ }
+ 
+ // =====================================================================
+@@ -375,7 +422,9 @@
+ 
+ // ----------------------------------------------------------------------
+ // test table selection
+-void test_tableSelect(void) {
++void
++test_tableSelect(void)
++{
+ 	leap_table_t *pt1, *pt2, *pt3, *pt4;
+ 
+ 	pt1 = leapsec_get_table(0);
+@@ -406,12 +455,16 @@
+ 	pt3 = leapsec_get_table(1);
+ 	TEST_ASSERT_EQUAL(pt1, pt2);
+ 	TEST_ASSERT_NOT_EQUAL(pt2, pt3);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // load file & check expiration
+ 
+-void test_loadFileExpire(void) {
++void
++test_loadFileExpire(void)
++{
+ 	const char *cp = leap1;
+ 	int rc;
+ 	leap_table_t * pt = leapsec_get_table(0);
+@@ -423,19 +476,22 @@
+ 	TEST_ASSERT_EQUAL(0, rc);
+ 	rc = leapsec_expired(3610569601u, NULL);
+ 	TEST_ASSERT_EQUAL(1, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // load file & check time-to-live
+ 
+-void test_loadFileTTL(void) {
+-	const char *cp = leap1;
+-	int rc;
+-	leap_table_t * pt = leapsec_get_table(0);
+-	time_t         pivot = 0x70000000u;
++void
++test_loadFileTTL(void)
++{
++	const char     *cp = leap1;
++	int		rc;
++	leap_table_t  * pt = leapsec_get_table(0);
++	time_t		pivot = 0x70000000u;
++	const uint32_t	limit = 3610569600u;
+ 
+-	const uint32_t limit = 3610569600u;
+-
+ 	rc =   leapsec_load(pt, stringreader, &cp, FALSE)
+ 	    && leapsec_set_table(pt);
+ 	TEST_ASSERT_EQUAL(1, rc); //
+@@ -442,16 +498,18 @@
+ 
+ 	// exactly 1 day to live
+ 	rc = leapsec_daystolive(limit - 86400, &pivot);
+-	TEST_ASSERT_EQUAL( 1, rc);	
++	TEST_ASSERT_EQUAL( 1, rc);
+ 	// less than 1 day to live
+ 	rc = leapsec_daystolive(limit - 86399, &pivot);
+-	TEST_ASSERT_EQUAL( 0, rc);	
++	TEST_ASSERT_EQUAL( 0, rc);
+ 	// hit expiration exactly
+ 	rc = leapsec_daystolive(limit, &pivot);
+-	TEST_ASSERT_EQUAL( 0, rc);	
++	TEST_ASSERT_EQUAL( 0, rc);
+ 	// expired since 1 sec
+ 	rc = leapsec_daystolive(limit + 1, &pivot);
+-	TEST_ASSERT_EQUAL(-1, rc);	
++	TEST_ASSERT_EQUAL(-1, rc);
++
++	return;
+ }
+ 
+ // =====================================================================
+@@ -460,19 +518,25 @@
+ 
+ // ----------------------------------------------------------------------
+ // test query in pristine state (bug#2745 misbehaviour)
+-void test_lsQueryPristineState(void) {
++void
++test_lsQueryPristineState(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+-	
++
+ 	rc = leapsec_query(&qr, lsec2012, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump: leap second at 2009.01.01 -60days
+-void test_ls2009faraway(void) {
++void
++test_ls2009faraway(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -485,11 +549,15 @@
+ 	TEST_ASSERT_EQUAL(33, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump: leap second at 2009.01.01 -1week
+-void test_ls2009weekaway(void) {
++void
++test_ls2009weekaway(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -502,11 +570,15 @@
+ 	TEST_ASSERT_EQUAL(33, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(1,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_SCHEDULE, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump: leap second at 2009.01.01 -1hr
+-void test_ls2009houraway(void) {
++void
++test_ls2009houraway(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -519,11 +591,15 @@
+ 	TEST_ASSERT_EQUAL(33, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(1,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_ANNOUNCE, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump: leap second at 2009.01.01 -1sec
+-void test_ls2009secaway(void) {
++void
++test_ls2009secaway(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -536,11 +612,15 @@
+ 	TEST_ASSERT_EQUAL(33, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(1,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_ALERT, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // ad-hoc jump to leap second at 2009.01.01
+-void test_ls2009onspot(void) {
++void
++test_ls2009onspot(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -553,11 +633,15 @@
+ 	TEST_ASSERT_EQUAL(34, qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test handling of the leap second at 2009.01.01 without table
+-void test_ls2009nodata(void) {
++void
++test_ls2009nodata(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -570,11 +654,15 @@
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test handling of the leap second at 2009.01.01 with culled data
+-void test_ls2009limdata(void) {
++void
++test_ls2009limdata(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -591,15 +679,19 @@
+ 	TEST_ASSERT_TRUE(35 >= qr.tai_offs);
+ 	TEST_ASSERT_EQUAL(0,  qr.tai_diff);
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // Far-distance forward jump into a transiton window.
+-void test_qryJumpFarAhead(void) {
++void
++test_qryJumpFarAhead(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 	int            last, idx;
+-	int 		mode;
++	int		mode;
+ 
+ 	for (mode=0; mode < 2; ++mode) {
+ 		leapsec_ut_pristine();
+@@ -618,10 +710,10 @@
+ // ----------------------------------------------------------------------
+ // Forward jump into the next transition window
+ void test_qryJumpAheadToTransition(void) {
+-	int            rc;
+-	leap_result_t  qr;
+-	int            last, idx;
+-	int 		mode;
++	int		rc;
++	leap_result_t	qr;
++	int		last, idx;
++	int		mode;
+ 
+ 	for (mode=0; mode < 2; ++mode) {
+ 		leapsec_ut_pristine();
+@@ -635,15 +727,19 @@
+ 		rc = leapsec_query(&qr, lsec2009+1, NULL);
+ 		TEST_ASSERT_EQUAL(TRUE, rc);
+ 	}
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // Forward jump over the next transition window
+-void test_qryJumpAheadOverTransition(void) {
+-	int            rc;
+-	leap_result_t  qr;
+-	int            last, idx;
+-	int 		mode;
++void
++test_qryJumpAheadOverTransition(void)
++{
++	int		rc;
++	leap_result_t	qr;
++	int		last, idx;
++	int		mode;
+ 
+ 	for (mode=0; mode < 2; ++mode) {
+ 		leapsec_ut_pristine();
+@@ -657,6 +753,8 @@
+ 		rc = leapsec_query(&qr, lsec2009+5, NULL);
+ 		TEST_ASSERT_EQUAL(FALSE, rc);
+ 	}
++
++	return;
+ }
+ 
+ // =====================================================================
+@@ -665,7 +763,9 @@
+ 
+ // ----------------------------------------------------------------------
+ // add dynamic leap second (like from peer/clock)
+-void test_addDynamic(void) {
++void
++test_addDynamic(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -683,8 +783,7 @@
+ 	rc = setup_load_table(leap2, FALSE);
+ 	TEST_ASSERT_EQUAL(1, rc);
+ 
+-	leap_table_t * pt = leapsec_get_table(0);
+-	int 		idx;
++	int		idx;
+ 
+ 	for (idx=1; insns[idx]; ++idx) {
+ 		rc = leapsec_add_dyn(TRUE, insns[idx] - 20*SECSPERDAY - 100, NULL);
+@@ -693,13 +792,18 @@
+ 	// try to slip in a previous entry
+ 	rc = leapsec_add_dyn(TRUE, insns[0] - 20*SECSPERDAY - 100, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++	//leap_table_t  * pt = leapsec_get_table(0);
+ 	//leapsec_dump(pt, (leapsec_dumper)fprintf, stdout);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // add fixed leap seconds (like from network packet)
+ #if 0 /* currently unused -- possibly revived later */
+-void FAILtest_addFixed(void) {
++void
++FAILtest_addFixed(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -716,8 +820,8 @@
+ 
+ 	rc = setup_load_table(leap2, FALSE);
+ 	TEST_ASSERT_EQUAL(1, rc);
++
+ 	int idx;
+-	leap_table_t * pt = leapsec_get_table(0);
+ 	// try to get in BAD time stamps...
+ 	for (idx=0; insns[idx].tt; ++idx) {
+ 	    rc = leapsec_add_fix(
+@@ -743,7 +847,10 @@
+ 	    insns[0].tt + SECSPERDAY,
+ 	    NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++	//leap_table_t * pt = leapsec_get_table(0);
+ 	//leapsec_dump(pt, (leapsec_dumper)fprintf, stdout);
++
++	return;
+ }
+ #endif
+ 
+@@ -750,7 +857,9 @@
+ // ----------------------------------------------------------------------
+ // add fixed leap seconds (like from network packet)
+ #if 0 /* currently unused -- possibly revived later */
+-void FAILtest_addFixedExtend(void) {
++void
++FAILtest_addFixedExtend(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 	int            last, idx;
+@@ -764,7 +873,6 @@
+ 	rc = setup_load_table(leap2, FALSE);
+ 	TEST_ASSERT_EQUAL(1, rc);
+ 
+-	leap_table_t * pt = leapsec_get_table(FALSE);
+ 	for (last=idx=0; insns[idx].tt; ++idx) {
+ 		last = idx;
+ 		rc = leapsec_add_fix(
+@@ -774,7 +882,7 @@
+ 		    NULL);
+ 		TEST_ASSERT_EQUAL(TRUE, rc);
+ 	}
+-	
++
+ 	// try to extend the expiration of the last entry
+ 	rc = leapsec_add_fix(
+ 	    insns[last].of,
+@@ -782,7 +890,7 @@
+ 	    insns[last].tt + 128*SECSPERDAY,
+ 	    NULL);
+ 	TEST_ASSERT_EQUAL(TRUE, rc);
+-	
++
+ 	// try to extend the expiration of the last entry with wrong offset
+ 	rc = leapsec_add_fix(
+ 	    insns[last].of+1,
+@@ -790,7 +898,10 @@
+ 	    insns[last].tt + 129*SECSPERDAY,
+ 	    NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++	//leap_table_t * pt = leapsec_get_table(FALSE);
+ 	//leapsec_dump(pt, (leapsec_dumper)fprintf, stdout);
++
++	return;
+ }
+ #endif
+ 
+@@ -799,7 +910,9 @@
+ // empty table and test queries before / between /after the tabulated
+ // values.
+ #if 0 /* currently unused -- possibly revived later */
+-void FAILtest_setFixedExtend(void) {
++void
++FAILtest_setFixedExtend(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 	int            last, idx;
+@@ -810,7 +923,6 @@
+ 		{0,0} // sentinel
+ 	};
+ 
+-	leap_table_t * pt = leapsec_get_table(0);
+ 	for (last=idx=0; insns[idx].tt; ++idx) {
+ 		last = idx;
+ 		rc = leapsec_add_fix(
+@@ -820,7 +932,7 @@
+ 		    NULL);
+ 		TEST_ASSERT_EQUAL(TRUE, rc);
+ 	}
+-	
++
+ 	rc = leapsec_query(&qr, insns[0].tt - 86400, NULL);
+ 	TEST_ASSERT_EQUAL(28, qr.tai_offs);
+ 
+@@ -833,7 +945,10 @@
+ 	rc = leapsec_query(&qr, insns[1].tt + 86400, NULL);
+ 	TEST_ASSERT_EQUAL(30, qr.tai_offs);
+ 
++	//leap_table_t * pt = leapsec_get_table(0);
+ 	//leapsec_dump(pt, (leapsec_dumper)fprintf, stdout);
++
++	return;
+ }
+ #endif
+ 
+@@ -846,7 +961,7 @@
+ void test_taiEmptyTable(void) {
+ 	int rc;
+ 
+-	rc = leapsec_autokey_tai(35, lsec2015-30*86400, NULL);	
++	rc = leapsec_autokey_tai(35, lsec2015-30*86400, NULL);
+ 	TEST_ASSERT_EQUAL(TRUE, rc);
+ 
+ 	rc = leapsec_autokey_tai(35, lsec2015-29*86400, NULL);
+@@ -855,7 +970,9 @@
+ 
+ // ----------------------------------------------------------------------
+ // Check that with fixed entries the operation fails
+-void test_taiTableFixed(void) {
++void
++test_taiTableFixed(void)
++{
+ 	int rc;
+ 
+ 	rc = setup_load_table(leap1, FALSE);
+@@ -863,11 +980,15 @@
+ 
+ 	rc = leapsec_autokey_tai(35, lsec2015-30*86400, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test adjustment with a dynamic entry already there
+-void test_taiTableDynamic(void) {
++void
++test_taiTableDynamic(void)
++{
+ 	int        rc;
+ 	leap_era_t era;
+ 
+@@ -879,7 +1000,7 @@
+ 	leapsec_query_era(&era, lsec2015+10, NULL);
+ 	TEST_ASSERT_EQUAL(1, era.taiof);
+ 
+-	rc = leapsec_autokey_tai(35, lsec2015-19*86400, NULL);	
++	rc = leapsec_autokey_tai(35, lsec2015-19*86400, NULL);
+ 	TEST_ASSERT_EQUAL(TRUE, rc);
+ 
+ 	rc = leapsec_autokey_tai(35, lsec2015-19*86400, NULL);
+@@ -889,21 +1010,27 @@
+ 	TEST_ASSERT_EQUAL(35, era.taiof);
+ 	leapsec_query_era(&era, lsec2015+10, NULL);
+ 	TEST_ASSERT_EQUAL(36, era.taiof);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test adjustment with a dynamic entry already there in dead zone
+-void test_taiTableDynamicDeadZone(void) {
++void
++test_taiTableDynamicDeadZone(void)
++{
+ 	int rc;
+ 
+ 	rc = leapsec_add_dyn(TRUE, lsec2015-20*SECSPERDAY, NULL);
+ 	TEST_ASSERT_EQUAL(TRUE, rc);
+ 
+-	rc = leapsec_autokey_tai(35, lsec2015-5, NULL);	
++	rc = leapsec_autokey_tai(35, lsec2015-5, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 
+ 	rc = leapsec_autokey_tai(35, lsec2015+5, NULL);
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
++
++	return;
+ }
+ 
+ 
+@@ -913,7 +1040,9 @@
+ 
+ // ----------------------------------------------------------------------
+ // leap second insert at 2009.01.01, electric mode
+-void test_ls2009seqInsElectric(void) {
++void
++test_ls2009seqInsElectric(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -952,11 +1081,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // leap second insert at 2009.01.01, dumb mode
+-void test_ls2009seqInsDumb(void) {
++void
++test_ls2009seqInsDumb(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -999,12 +1132,16 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ 
+ // ----------------------------------------------------------------------
+ // fake leap second remove at 2009.01.01, electric mode
+-void test_ls2009seqDelElectric(void) {
++void
++test_ls2009seqDelElectric(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1043,11 +1180,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // fake leap second remove at 2009.01.01. dumb mode
+-void test_ls2009seqDelDumb(void) {
++void
++test_ls2009seqDelDumb(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1085,11 +1226,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // leap second insert at 2012.07.01, electric mode
+-void test_ls2012seqInsElectric(void) {
++void
++test_ls2012seqInsElectric(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1128,11 +1273,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // leap second insert at 2012.07.01, dumb mode
+-void test_ls2012seqInsDumb(void) {
++void
++test_ls2012seqInsDumb(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1177,11 +1326,15 @@
+ 	TEST_ASSERT_EQUAL(FALSE, rc);
+ 	TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 	TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test repeated query on empty table in dumb mode
+-void test_lsEmptyTableDumb(void) {
++void
++test_lsEmptyTableDumb(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+ 
+@@ -1189,7 +1342,7 @@
+ 	time_t pivot;
+ 	pivot = lsec2012;
+ 	//	const 
+-	//time_t   pivot(lsec2012);		
++	//time_t   pivot(lsec2012);
+ 	const uint32_t t0 = lsec2012 - 10;
+ 	const uint32_t tE = lsec2012 + 10;
+ 
+@@ -1202,20 +1355,24 @@
+ 		TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 		TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
+ 	}
++
++	return;
+ }
+ 
+ // ----------------------------------------------------------------------
+ // test repeated query on empty table in electric mode
+-void test_lsEmptyTableElectric(void) {
++void
++test_lsEmptyTableElectric(void)
++{
+ 	int            rc;
+ 	leap_result_t  qr;
+-	
++
+ 	leapsec_electric(1);
+ 	TEST_ASSERT_EQUAL(1, leapsec_electric(-1));
+ 
+ 	//const 
+ 	time_t   pivot;//(lsec2012);
+-	pivot = lsec2012;	
++	pivot = lsec2012;
+ 	const uint32_t t0 = lsec2012 - 10;
+ 	const uint32_t tE = lsec2012 + 10;
+ 
+@@ -1226,4 +1383,6 @@
+ 		TEST_ASSERT_EQUAL(0,             qr.warped   );
+ 		TEST_ASSERT_EQUAL(LSPROX_NOWARN, qr.proximity);
+ 	}
++
++	return;
+ }
+--- contrib/ntp/tests/ntpd/ntp_prio_q.c.orig
++++ contrib/ntp/tests/ntpd/ntp_prio_q.c
+@@ -251,6 +251,7 @@
+ 	free_node(e3_ptr);
+ 	free_node(e4_ptr);
+ 	free_node(e5_ptr);
++	free_node(e6_ptr);
+ 
+ 	TEST_ASSERT_EQUAL(0, get_no_of_elements(q4));
+ 
+--- contrib/ntp/tests/ntpd/ntp_restrict.c.orig
++++ contrib/ntp/tests/ntpd/ntp_restrict.c
+@@ -26,6 +26,7 @@
+ }
+ 
+ 
++void
+ tearDown(void) {
+ 	restrict_u *empty_restrict = malloc(sizeof(restrict_u));
+ 	memset(empty_restrict, 0, sizeof(restrict_u));
+--- contrib/ntp/tests/ntpd/rc_cmdlength.c.orig
++++ contrib/ntp/tests/ntpd/rc_cmdlength.c
+@@ -3,6 +3,7 @@
+ #include "ntp.h"
+ #include "ntp_calendar.h"
+ #include "ntp_stdlib.h"
++#include "rc_cmdlength.h"
+ 
+ #include "unity.h"
+ 
+--- contrib/ntp/tests/ntpd/run-leapsec.c.orig
++++ contrib/ntp/tests/ntpd/run-leapsec.c
+@@ -84,39 +84,39 @@
+ {
+   progname = argv[0];
+   UnityBegin("leapsec.c");
+-  RUN_TEST(test_ValidateGood, 331);
+-  RUN_TEST(test_ValidateNoHash, 338);
+-  RUN_TEST(test_ValidateBad, 345);
+-  RUN_TEST(test_ValidateMalformed, 352);
+-  RUN_TEST(test_ValidateMalformedShort, 359);
+-  RUN_TEST(test_ValidateNoLeadZero, 366);
+-  RUN_TEST(test_tableSelect, 378);
+-  RUN_TEST(test_loadFileExpire, 414);
+-  RUN_TEST(test_loadFileTTL, 431);
+-  RUN_TEST(test_lsQueryPristineState, 463);
+-  RUN_TEST(test_ls2009faraway, 475);
+-  RUN_TEST(test_ls2009weekaway, 492);
+-  RUN_TEST(test_ls2009houraway, 509);
+-  RUN_TEST(test_ls2009secaway, 526);
+-  RUN_TEST(test_ls2009onspot, 543);
+-  RUN_TEST(test_ls2009nodata, 560);
+-  RUN_TEST(test_ls2009limdata, 577);
+-  RUN_TEST(test_qryJumpFarAhead, 598);
+-  RUN_TEST(test_qryJumpAheadToTransition, 620);
+-  RUN_TEST(test_qryJumpAheadOverTransition, 642);
+-  RUN_TEST(test_addDynamic, 668);
+-  RUN_TEST(test_taiEmptyTable, 846);
+-  RUN_TEST(test_taiTableFixed, 858);
+-  RUN_TEST(test_taiTableDynamic, 870);
+-  RUN_TEST(test_taiTableDynamicDeadZone, 896);
+-  RUN_TEST(test_ls2009seqInsElectric, 916);
+-  RUN_TEST(test_ls2009seqInsDumb, 959);
+-  RUN_TEST(test_ls2009seqDelElectric, 1007);
+-  RUN_TEST(test_ls2009seqDelDumb, 1050);
+-  RUN_TEST(test_ls2012seqInsElectric, 1092);
+-  RUN_TEST(test_ls2012seqInsDumb, 1135);
+-  RUN_TEST(test_lsEmptyTableDumb, 1184);
+-  RUN_TEST(test_lsEmptyTableElectric, 1209);
++  RUN_TEST(test_ValidateGood, 351);
++  RUN_TEST(test_ValidateNoHash, 362);
++  RUN_TEST(test_ValidateBad, 373);
++  RUN_TEST(test_ValidateMalformed, 385);
++  RUN_TEST(test_ValidateMalformedShort, 397);
++  RUN_TEST(test_ValidateNoLeadZero, 409);
++  RUN_TEST(test_tableSelect, 426);
++  RUN_TEST(test_loadFileExpire, 466);
++  RUN_TEST(test_loadFileTTL, 487);
++  RUN_TEST(test_lsQueryPristineState, 522);
++  RUN_TEST(test_ls2009faraway, 538);
++  RUN_TEST(test_ls2009weekaway, 559);
++  RUN_TEST(test_ls2009houraway, 580);
++  RUN_TEST(test_ls2009secaway, 601);
++  RUN_TEST(test_ls2009onspot, 622);
++  RUN_TEST(test_ls2009nodata, 643);
++  RUN_TEST(test_ls2009limdata, 664);
++  RUN_TEST(test_qryJumpFarAhead, 689);
++  RUN_TEST(test_qryJumpAheadToTransition, 712);
++  RUN_TEST(test_qryJumpAheadOverTransition, 737);
++  RUN_TEST(test_addDynamic, 767);
++  RUN_TEST(test_taiEmptyTable, 961);
++  RUN_TEST(test_taiTableFixed, 974);
++  RUN_TEST(test_taiTableDynamic, 990);
++  RUN_TEST(test_taiTableDynamicDeadZone, 1020);
++  RUN_TEST(test_ls2009seqInsElectric, 1044);
++  RUN_TEST(test_ls2009seqInsDumb, 1091);
++  RUN_TEST(test_ls2009seqDelElectric, 1143);
++  RUN_TEST(test_ls2009seqDelDumb, 1190);
++  RUN_TEST(test_ls2012seqInsElectric, 1236);
++  RUN_TEST(test_ls2012seqInsDumb, 1283);
++  RUN_TEST(test_lsEmptyTableDumb, 1336);
++  RUN_TEST(test_lsEmptyTableElectric, 1365);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/ntpd/run-ntp_restrict.c.orig
++++ contrib/ntp/tests/ntpd/run-ntp_restrict.c
+@@ -55,14 +55,14 @@
+ {
+   progname = argv[0];
+   UnityBegin("ntp_restrict.c");
+-  RUN_TEST(test_RestrictionsAreEmptyAfterInit, 59);
+-  RUN_TEST(test_ReturnsCorrectDefaultRestrictions, 85);
+-  RUN_TEST(test_HackingDefaultRestriction, 96);
+-  RUN_TEST(test_CantRemoveDefaultEntry, 119);
+-  RUN_TEST(test_AddingNewRestriction, 130);
+-  RUN_TEST(test_TheMostFittingRestrictionIsMatched, 143);
+-  RUN_TEST(test_DeletedRestrictionIsNotMatched, 165);
+-  RUN_TEST(test_RestrictUnflagWorks, 189);
++  RUN_TEST(test_RestrictionsAreEmptyAfterInit, 60);
++  RUN_TEST(test_ReturnsCorrectDefaultRestrictions, 86);
++  RUN_TEST(test_HackingDefaultRestriction, 97);
++  RUN_TEST(test_CantRemoveDefaultEntry, 120);
++  RUN_TEST(test_AddingNewRestriction, 131);
++  RUN_TEST(test_TheMostFittingRestrictionIsMatched, 144);
++  RUN_TEST(test_DeletedRestrictionIsNotMatched, 166);
++  RUN_TEST(test_RestrictUnflagWorks, 190);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/ntpd/run-rc_cmdlength.c.orig
++++ contrib/ntp/tests/ntpd/run-rc_cmdlength.c
+@@ -26,6 +26,7 @@
+ #include "ntp.h"
+ #include "ntp_calendar.h"
+ #include "ntp_stdlib.h"
++#include "rc_cmdlength.h"
+ #include "test-libntp.h"
+ #include 
+ 
+@@ -51,7 +52,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("rc_cmdlength.c");
+-  RUN_TEST(test_EvaluateCommandLength, 15);
++  RUN_TEST(test_EvaluateCommandLength, 16);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/ntpd/run-t-ntp_signd.c.orig
++++ contrib/ntp/tests/ntpd/run-t-ntp_signd.c
+@@ -36,7 +36,7 @@
+ extern void test_write_all(void);
+ extern void test_send_packet(void);
+ extern void test_recv_packet(void);
+-extern void test_send_via_ntp_signd();
++extern void test_send_via_ntp_signd(void);
+ 
+ 
+ //=======Test Reset Option=====
+@@ -55,12 +55,12 @@
+ {
+   progname = argv[0];
+   UnityBegin("t-ntp_signd.c");
+-  RUN_TEST(test_connect_incorrect_socket, 49);
+-  RUN_TEST(test_connect_correct_socket, 54);
+-  RUN_TEST(test_write_all, 74);
+-  RUN_TEST(test_send_packet, 84);
+-  RUN_TEST(test_recv_packet, 93);
+-  RUN_TEST(test_send_via_ntp_signd, 104);
++  RUN_TEST(test_connect_incorrect_socket, 67);
++  RUN_TEST(test_connect_correct_socket, 68);
++  RUN_TEST(test_write_all, 69);
++  RUN_TEST(test_send_packet, 70);
++  RUN_TEST(test_recv_packet, 71);
++  RUN_TEST(test_send_via_ntp_signd, 72);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/ntpd/t-ntp_scanner.c.orig
++++ contrib/ntp/tests/ntpd/t-ntp_scanner.c
+@@ -26,13 +26,13 @@
+ 
+ 
+ void test_keywordIncorrectToken(void){
+-	char * temp = keyword(999);
++	const char * temp = keyword(999);
+ 	//printf("%s\n",temp);
+ 	TEST_ASSERT_EQUAL_STRING("(keyword not found)",temp);
+ }
+ 
+ void test_keywordServerToken(void){
+-	char * temp = keyword(401);
++	const char * temp = keyword(T_Server);
+ 	//printf("%s",temp); //143 or 401 ?
+ 	TEST_ASSERT_EQUAL_STRING("server",temp);
+ }
+@@ -127,7 +127,7 @@
+ 		temp = is_EOC(';');
+ 		TEST_ASSERT_TRUE(temp);
+ 	}
+-	temp = is_EOC("A");
++	temp = is_EOC('A');
+ 	TEST_ASSERT_FALSE(temp);
+ 	temp = is_EOC('1');
+ 	TEST_ASSERT_FALSE(temp);
+--- contrib/ntp/tests/ntpd/t-ntp_signd.c.orig
++++ contrib/ntp/tests/ntpd/t-ntp_signd.c
+@@ -9,7 +9,6 @@
+ #include "test-libntp.h"
+ 
+ 
+-
+ #define HAVE_NTP_SIGND
+ 
+ #include "ntp_signd.c"
+@@ -20,41 +19,70 @@
+ //MOCKED FUNCTIONS
+ 
+ //this connect function overrides/mocks connect() from  
+-int connect(int socket, const struct sockaddr *address,
+-socklen_t address_len){
++int
++connect(int socket, const struct sockaddr *address, socklen_t address_len)
++{
+ 	return 1;
+ }
+ 
+-//mocked write will only send 4 bytes at a time. This is so write_all can be properly tested
+-ssize_t write(int fd, void const * buf, size_t len){
+-	if(len >= 4){return 4;}
+-	else return len;
++/*
++** Mocked read() and write() calls.
++**
++** These will only operate 4 bytes at a time.
++**
++** This is so write_all can be properly tested.
++*/
++
++static char rw_buf[4];
++
++ssize_t
++write(int fd, void const * buf, size_t len)
++{
++	REQUIRE(0 <= len);
++	if (len >= 4) len = 4;	/* 4 bytes, max */
++	(void)memcpy(rw_buf, buf, len);
++
++	return len;
+ }
+ 
+-ssize_t read(int fd, void * buf, size_t len){
+-	if(len >= 4){return 4;}
+-	else return len;
++ssize_t
++read(int fd, void * buf, size_t len)
++{
++	REQUIRE(0 <= len);
++	if (len >= 4) len = 4;
++	(void)memcpy(buf, rw_buf, len);
++	return len;
+ }
+ 
+ 
+ //END OF MOCKED FUNCTIONS
+ 
+-int isGE(int a,int b){ 
+-	if(a >= b) {return 1;}
++static int
++isGE(int a,int b)
++{ 
++	if (a >= b) {return 1;}
+ 	else {return 0;}
+ }
+ 
++extern void test_connect_incorrect_socket(void);
++extern void test_connect_correct_socket(void);
++extern void test_write_all(void);
++extern void test_send_packet(void);
++extern void test_recv_packet(void);
++extern void test_send_via_ntp_signd(void);
+ 
++
+ void 
+-test_connect_incorrect_socket(void){
++test_connect_incorrect_socket(void)
++{
+ 	TEST_ASSERT_EQUAL(-1, ux_socket_connect(NULL));
++
++	return;
+ }
+ 
+ void 
+-test_connect_correct_socket(void){
+-
+-
+-
++test_connect_correct_socket(void)
++{
+ 	int temp = ux_socket_connect("/socket");
+ 
+ 	//risky, what if something is listening on :123, or localhost isnt 127.0.0.1?
+@@ -67,50 +95,87 @@
+ 	//char *socketName = "Random_Socket_Name";
+ 	//int length = strlen(socketName);
+ 
++	return;
+ }
+ 
+ 
+ void
+-test_write_all(void){
++test_write_all(void)
++{
+ 	int fd = ux_socket_connect("/socket");
+-	TEST_ASSERT_TRUE(isGE(fd,0));
++
++	TEST_ASSERT_TRUE(isGE(fd, 0));
++
+ 	char * str = "TEST123";
+ 	int temp = write_all(fd, str,strlen(str));
+-	TEST_ASSERT_EQUAL(strlen(str),temp);
++	TEST_ASSERT_EQUAL(strlen(str), temp);
++
++	(void)close(fd);
++	return;
+ }
+ 
+ 
+ void
+-test_send_packet(void){
++test_send_packet(void)
++{
+ 	int fd = ux_socket_connect("/socket");
++
++	TEST_ASSERT_TRUE(isGE(fd, 0));
++
+ 	char * str2 = "PACKET12345";
+ 	int temp = send_packet(fd, str2, strlen(str2));
++
+ 	TEST_ASSERT_EQUAL(0,temp);
++
++	(void)close(fd);
++	return;
+ }
+ 
+ 
++/*
++** HMS: What's going on here?
++** Looks like this needs more work.
++*/
+ void
+-test_recv_packet(void){
++test_recv_packet(void)
++{
+ 	int fd = ux_socket_connect("/socket");
+-	int size = 256;	
+-	char str[size];
+ 
++	TEST_ASSERT_TRUE(isGE(fd, 0));
++
++	uint32_t size = 256;	
++	char *str = NULL;
+ 	int temp = recv_packet(fd, &str, &size);
++
+ 	send_packet(fd, str, strlen(str));
++	free(str);
+ 	TEST_ASSERT_EQUAL(0,temp); //0 because nobody sent us anything (yet!)
++
++	(void)close(fd);
++	return;
+ }
+ 
+ void 
+-test_send_via_ntp_signd(){
+-
++test_send_via_ntp_signd(void)
++{
+ 	struct recvbuf *rbufp = (struct recvbuf *) malloc(sizeof(struct recvbuf));
+ 	int	xmode = 1;
+ 	keyid_t	xkeyid = 12345; 
+-	int flags =0;
++	int	flags = 0;
+ 	struct pkt  *xpkt = (struct pkt *) malloc(sizeof(struct pkt)); //defined in ntp.h
+ 
++	TEST_ASSERT_NOT_NULL(rbufp);
++	TEST_ASSERT_NOT_NULL(xpkt);
++	memset(xpkt, 0, sizeof(struct pkt));
++
+ 	//send_via_ntp_signd(NULL,NULL,NULL,NULL,NULL);	//doesn't work
++	/*
++	** Send the xpkt to Samba, read the response back in rbufp
++	*/
+ 	send_via_ntp_signd(rbufp,xmode,xkeyid,flags,xpkt);
+ 
++	free(rbufp);
++	free(xpkt);
+ 
++	return;
+ }
+--- contrib/ntp/tests/sandbox/run-uglydate.c.orig
++++ contrib/ntp/tests/sandbox/run-uglydate.c
+@@ -24,6 +24,7 @@
+ #include 
+ #include "config.h"
+ #include "ntp_fp.h"
++#include "ntp_stdlib.h"
+ 
+ //=======External Functions This Runner Calls=====
+ extern void setUp(void);
+@@ -47,7 +48,7 @@
+ {
+   progname = argv[0];
+   UnityBegin("uglydate.c");
+-  RUN_TEST(test_ConstantDateTime, 9);
++  RUN_TEST(test_ConstantDateTime, 10);
+ 
+   return (UnityEnd());
+ }
+--- contrib/ntp/tests/sandbox/smeartest.c.orig
++++ contrib/ntp/tests/sandbox/smeartest.c
+@@ -2,6 +2,7 @@
+ 
+ #include 
+ #include 
++#include 
+ 
+ /*
+  * we want to test a refid format of:
+@@ -125,11 +126,14 @@
+ }
+ 
+ 
++int
+ main()
+ {
+ 	l_fp l;
+ 	int rc;
+ 
++	init_lib();
++
+ 	rtol(0xfe800000);
+ 	rtol(0xfe800001);
+ 	rtol(0xfe8ffffe);
+@@ -167,6 +171,8 @@
+ 	rtoltor(0xfe7fffff);
+ 
+ 	rc = atolfp("-.932087", &l);
++	INSIST(1 == rc);
++
+ 	ltor(l);
+ 	rtol(0xfec458b0);
+ 	printf("%x -> %d.%d.%d.%d\n",
+--- contrib/ntp/tests/sandbox/uglydate.c.orig
++++ contrib/ntp/tests/sandbox/uglydate.c
+@@ -2,15 +2,30 @@
+ #include "ntp_fp.h"
+ #include "unity.h"
+ 
+-//#include "ntp_stdlib.h"
++#include "ntp_stdlib.h"
++
+ //#include "libntptest.h"
+ 
++void setUp(void);
++void test_ConstantDateTime(void);
++
++
+ void
+-test_ConstantDateTime(void) {
++setUp(void)
++{
++	init_lib();
++
++	return;
++}
++
++
++void
++test_ConstantDateTime(void)
++{
+ 	const u_int32 HALF = 2147483648UL;
+ 
+-	l_fp time = {3485080800UL, HALF}; // 2010-06-09 14:00:00.5
++	l_fp e_time = {{3485080800UL}, HALF}; // 2010-06-09 14:00:00.5
+ 
+ 	TEST_ASSERT_EQUAL_STRING("3485080800.500000 10:159:14:00:00.500",
+-				 uglydate(&time));
++				 uglydate(&e_time));
+ }
+--- contrib/ntp/tests/sec-2853/sec-2853.c.orig
++++ contrib/ntp/tests/sec-2853/sec-2853.c
+@@ -13,7 +13,7 @@
+ int trailing_space( void );
+ 
+ static int verbose = 1;        // if not 0, also print results if test passed
+-static int exit_on_err = 0;    // if not 0, exit if test failed
++// static int exit_on_err = 0;    // if not 0, exit if test failed
+ 
+ 
+ void setUp(void)
+@@ -49,7 +49,6 @@
+ {
+ 	const char string[] = "good";
+ 	const char *EOstring;
+-	char *cp;
+ 	size_t len;
+ 	int failed;
+ 
+@@ -60,9 +59,9 @@
+ 	failed = ( 4 != len );
+ 
+ 	if ( failed || verbose )
+-		printf( "remoteconfig_cmdlength(\"%s\") returned %d, expected %d: %s\n",
++		printf( "remoteconfig_cmdlength(\"%s\") returned %llu, expected %u: %s\n",
+ 			string,
+-			len,
++			(unsigned long long)len,
+ 			4,
+ 			failed ? "NO <<" : "yes" );
+ 
+@@ -74,7 +73,6 @@
+ {
+ 	const char string[] = "nul\0 there";
+ 	const char *EOstring;
+-	char *cp;
+ 	size_t len;
+ 	int failed;
+ 
+@@ -85,9 +83,9 @@
+ 	failed = ( 3 != len );
+ 
+ 	if ( failed || verbose )
+-		printf( "remoteconfig_cmdlength(\"%s\") returned %d, expected %d: %s\n",
++		printf( "remoteconfig_cmdlength(\"%s\") returned %llu, expected %u: %s\n",
+ 			string,
+-			len,
++			(unsigned long long)len,
+ 			3,
+ 			failed ? "NO <<" : "yes" );
+ 
+@@ -99,7 +97,6 @@
+ {
+ 	const char string[] = "trailing space ";
+ 	const char *EOstring;
+-	char *cp;
+ 	size_t len;
+ 	int failed;
+ 
+@@ -110,9 +107,9 @@
+ 	failed = ( 14 != len );
+ 
+ 	if ( failed || verbose )
+-		printf( "remoteconfig_cmdlength(\"%s\") returned %d, expected %d: %s\n",
++		printf( "remoteconfig_cmdlength(\"%s\") returned %llu, expected %u: %s\n",
+ 			string,
+-			len,
++			(unsigned long long)len,
+ 			14,
+ 			failed ? "NO <<" : "yes" );
+ 
+--- contrib/ntp/util/invoke-ntp-keygen.texi.orig
++++ contrib/ntp/util/invoke-ntp-keygen.texi
+@@ -6,7 +6,7 @@
+ #
+ # EDIT THIS FILE WITH CAUTION  (invoke-ntp-keygen.texi)
+ #
+-# It has been AutoGen-ed  October 21, 2015 at 12:40:07 PM by AutoGen 5.18.5
++# It has been AutoGen-ed  January  7, 2016 at 11:32:40 PM by AutoGen 5.18.5
+ # From the definitions    ntp-keygen-opts.def
+ # and the template file   agtexi-cmd.tpl
+ @end ignore
+@@ -886,7 +886,7 @@
+ 
+ @exampleindent 0
+ @example
+-ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4
++ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p5
+ Usage:  ntp-keygen [ - [] | --[@{=| @}] ]...
+   Flg Arg Option-Name    Description
+    -b Num imbits         identity modulus bits
+--- contrib/ntp/util/ntp-keygen-opts.c.orig
++++ contrib/ntp/util/ntp-keygen-opts.c
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.c)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:50 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:32:25 PM by AutoGen 5.18.5
+  *  From the definitions    ntp-keygen-opts.def
+  *  and the template file   options
+  *
+@@ -72,7 +72,7 @@
+  *  static const strings for ntp-keygen options
+  */
+ static char const ntp_keygen_opt_strs[2419] =
+-/*     0 */ "ntp-keygen (ntp) 4.2.8p4\n"
++/*     0 */ "ntp-keygen (ntp) 4.2.8p5\n"
+             "Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
+             "This is free software. It is licensed for use, modification and\n"
+             "redistribution under the terms of the NTP License, copies of which\n"
+@@ -164,7 +164,7 @@
+ /*  2202 */ "no-load-opts\0"
+ /*  2215 */ "no\0"
+ /*  2218 */ "NTP_KEYGEN\0"
+-/*  2229 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4\n"
++/*  2229 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p5\n"
+             "Usage:  %s [ - [] | --[{=| }] ]...\n\0"
+ /*  2343 */ "$HOME\0"
+ /*  2349 */ ".\0"
+@@ -171,7 +171,7 @@
+ /*  2351 */ ".ntprc\0"
+ /*  2358 */ "http://bugs.ntp.org, bugs@ntp.org\0"
+ /*  2392 */ "\n\0"
+-/*  2394 */ "ntp-keygen (ntp) 4.2.8p4";
++/*  2394 */ "ntp-keygen (ntp) 4.2.8p5";
+ 
+ /**
+  *  imbits option description:
+@@ -1309,7 +1309,7 @@
+      translate option names.
+    */
+   /* referenced via ntp_keygenOptions.pzCopyright */
+-  puts(_("ntp-keygen (ntp) 4.2.8p4\n\
++  puts(_("ntp-keygen (ntp) 4.2.8p5\n\
+ Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
+ This is free software. It is licensed for use, modification and\n\
+ redistribution under the terms of the NTP License, copies of which\n\
+@@ -1408,7 +1408,7 @@
+   puts(_("load options from a config file"));
+ 
+   /* referenced via ntp_keygenOptions.pzUsageTitle */
+-  puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4\n\
++  puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p5\n\
+ Usage:  %s [ - [] | --[{=| }] ]...\n"));
+ 
+   /* referenced via ntp_keygenOptions.pzExplain */
+@@ -1415,7 +1415,7 @@
+   puts(_("\n"));
+ 
+   /* referenced via ntp_keygenOptions.pzFullVersion */
+-  puts(_("ntp-keygen (ntp) 4.2.8p4"));
++  puts(_("ntp-keygen (ntp) 4.2.8p5"));
+ 
+   /* referenced via ntp_keygenOptions.pzFullUsage */
+   puts(_("<<>>"));
+--- contrib/ntp/util/ntp-keygen-opts.h.orig
++++ contrib/ntp/util/ntp-keygen-opts.h
+@@ -1,7 +1,7 @@
+ /*
+  *  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.h)
+  *
+- *  It has been AutoGen-ed  October 21, 2015 at 12:39:50 PM by AutoGen 5.18.5
++ *  It has been AutoGen-ed  January  7, 2016 at 11:32:24 PM by AutoGen 5.18.5
+  *  From the definitions    ntp-keygen-opts.def
+  *  and the template file   options
+  *
+@@ -94,9 +94,9 @@
+ /** count of all options for ntp-keygen */
+ #define OPTION_CT    26
+ /** ntp-keygen version */
+-#define NTP_KEYGEN_VERSION       "4.2.8p4"
++#define NTP_KEYGEN_VERSION       "4.2.8p5"
+ /** Full ntp-keygen version text */
+-#define NTP_KEYGEN_FULL_VERSION  "ntp-keygen (ntp) 4.2.8p4"
++#define NTP_KEYGEN_FULL_VERSION  "ntp-keygen (ntp) 4.2.8p5"
+ 
+ /**
+  *  Interface defines for all options.  Replace "n" with the UPPER_CASED
+--- contrib/ntp/util/ntp-keygen.1ntp-keygenman.orig
++++ contrib/ntp/util/ntp-keygen.1ntp-keygenman
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp-keygen 1ntp-keygenman "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntp-keygen 1ntp-keygenman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-r5aiQP/ag-E5aaPP)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LNaiiw/ag-XNaahw)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:40:02 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:32:36 PM by AutoGen 5.18.5
+ .\" From the definitions ntp-keygen-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc.orig
++++ contrib/ntp/util/ntp-keygen.1ntp-keygenmdoc
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:43 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-keygen-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/util/ntp-keygen.c.orig
++++ contrib/ntp/util/ntp-keygen.c
+@@ -187,7 +187,7 @@
+ 	int	len
+ 	)
+ {
+-	return strlen(file);
++	return (int)strlen(file); /* assume no overflow possible */
+ }
+ 
+ /*
+@@ -1957,10 +1957,10 @@
+ 	X509_time_adj(X509_get_notAfter(cert), lifetime * SECSPERDAY, &epoch);
+ 	subj = X509_get_subject_name(cert);
+ 	X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC,
+-	    (u_char *)name, strlen(name), -1, 0);
++	    (u_char *)name, -1, -1, 0);
+ 	subj = X509_get_issuer_name(cert);
+ 	X509_NAME_add_entry_by_txt(subj, "commonName", MBSTRING_ASC,
+-	    (u_char *)name, strlen(name), -1, 0);
++	    (u_char *)name, -1, -1, 0);
+ 	if (!X509_set_pubkey(cert, pkey)) {
+ 		fprintf(stderr, "Assign certificate signing key fails\n%s\n",
+ 		    ERR_error_string(ERR_get_error(), NULL));
+--- contrib/ntp/util/ntp-keygen.html.orig
++++ contrib/ntp/util/ntp-keygen.html
+@@ -70,7 +70,7 @@
+ printable ASCII format so they can be embedded as MIME attachments in
+ mail to other sites.
+ 
+-  
              This document applies to version 4.2.8p4 of ntp-keygen.
++  
              This document applies to version 4.2.8p5 of ntp-keygen.
+ 
+ 
              
+ 
              
+@@ -1085,7 +1085,7 @@
+ used to select the program, defaulting to more.  Both will exit
+ with a status code of 0.
+ 
+-
              ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4-sec-RC2
++
              ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p4
+ Usage:  ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]...
+   Flg Arg Option-Name    Description
+    -b Num imbits         identity modulus bits
+--- contrib/ntp/util/ntp-keygen.man.in.orig
++++ contrib/ntp/util/ntp-keygen.man.in
+@@ -10,11 +10,11 @@
+ .ds B-Font B
+ .ds I-Font I
+ .ds R-Font R
+-.TH ntp-keygen @NTP_KEYGEN_MS@ "21 Oct 2015" "ntp (4.2.8p4)" "User Commands"
++.TH ntp-keygen @NTP_KEYGEN_MS@ "07 Jan 2016" "ntp (4.2.8p5)" "User Commands"
+ .\"
+-.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-r5aiQP/ag-E5aaPP)
++.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LNaiiw/ag-XNaahw)
+ .\"
+-.\" It has been AutoGen-ed October 21, 2015 at 12:40:02 PM by AutoGen 5.18.5
++.\" It has been AutoGen-ed January 7, 2016 at 11:32:36 PM by AutoGen 5.18.5
+ .\" From the definitions ntp-keygen-opts.def
+ .\" and the template file agman-cmd.tpl
+ .SH NAME
+--- contrib/ntp/util/ntp-keygen.mdoc.in.orig
++++ contrib/ntp/util/ntp-keygen.mdoc.in
+@@ -1,9 +1,9 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:43 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-keygen-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- contrib/ntp/ChangeLog.orig
++++ contrib/ntp/ChangeLog
+@@ -1,4 +1,61 @@
+ ---
++(4.2.8p5) 2016/01/07 Released by Harlan Stenn 
++
++* [Sec 2956] small-step/big-step.  Close the panic gate earlier.  HStenn.
++* CID 1339955: Free allocated memory in caljulian test.  HStenn.
++* CID 1339962: Explicitly initialize variable in caljulian test.  HStenn.
++* CID 1341527: Quiet a CHECKED_RETURN in sntp/tests/t-log.c.  HStenn.
++* CID 1341533: Missing assertion in sntp/tests/t-log.c.  HStenn.
++* CID 1341534: Resource leak in tests/ntpd/t-ntp_signd.c.  HStenn.
++* CID 1341535: Resource leak in tests/ntpd/t-ntp_signd.c.  HStenn.
++* CID 1341536: Resource leak in tests/ntpd/t-ntp_signd.c.  HStenn.
++* CID 1341537: Resource leak in tests/ntpd/t-ntp_signd.c.  HStenn.
++* CID 1341538: Memory leak in tests/ntpd/ntp_prio_q.c:262.  HStenn.
++* CID 1341677: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341678: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341679: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341680: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341681: Nits in sntp/tests/keyFile.c.  HStenn.
++* CID 1341682: Nit in libntp/authreadkeys.c.  HStenn.
++* CID 1341684: Nit in tests/ntpd/t-ntp_signd.c.  HStenn.
++* [Bug 2829] Look at pipe_fds in ntpd.c  (did so. perlinger@ntp.org)
++* [Bug 2887] stratum -1 config results as showing value 99
++  - fudge stratum should only accept values [0..16]. perlinger@ntp.org
++* [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++* [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++  - applied patch by Christos Zoulas.  perlinger@ntp.org
++* [Bug 2952] Symmetric active/passive mode is broken.  HStenn.
++* [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++  - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
++  - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
++  - accept key file only if there are no parsing errors
++  - fixed size_t/u_int format clash
++  - fixed wrong use of 'strlcpy'
++* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
++  - fixed several other warnings (cast-alignment, missing const, missing prototypes)
++  - promote use of 'size_t' for values that express a size
++  - use ptr-to-const for read-only arguments
++  - make sure SOCKET values are not truncated (win32-specific)
++  - format string fixes
++* [Bug 2965] Local clock didn't work since 4.2.8p4.  Martin Burnicki.
++* [Bug 2967] ntpdate command suffers an assertion failure
++  - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
++* [Bug 2969]  Seg fault from ntpq/mrulist when looking at server with
++              lots of clients. perlinger@ntp.org
++* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
++  - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
++* Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++* Unity test cleanup.  Harlan Stenn.
++* Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++* Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++* Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++* Quiet a warning from clang.  Harlan Stenn.
++* Update the NEWS file.  Harlan Stenn.
++* Update scripts/calc_tickadj/Makefile.am.  Harlan Stenn.
++---
+ (4.2.8p4) 2015/10/21 Released by Harlan Stenn 
+ (4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn 
+ 
+--- contrib/ntp/CommitLog.orig
++++ contrib/ntp/CommitLog
+@@ -1,3 +1,1480 @@
++ChangeSet@1.3623, 2016-01-07 23:33:11+00:00, stenn@deacon.udel.edu
++  NTP_4_2_8P5
++  TAG: NTP_4_2_8P5
++
++  ChangeLog@1.1791 +1 -0
++    NTP_4_2_8P5
++
++  ntpd/invoke-ntp.conf.texi@1.194 +1 -1
++    NTP_4_2_8P5
++
++  ntpd/invoke-ntp.keys.texi@1.186 +1 -1
++    NTP_4_2_8P5
++
++  ntpd/invoke-ntpd.texi@1.503 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.5man@1.228 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.5mdoc@1.228 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.html@1.182 +1 -1
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.man.in@1.228 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntp.conf.mdoc.in@1.228 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.5man@1.220 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.5mdoc@1.220 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.html@1.182 +1 -1
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.man.in@1.220 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntp.keys.mdoc.in@1.220 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntpd-opts.c@1.525 +7 -7
++    NTP_4_2_8P5
++
++  ntpd/ntpd-opts.h@1.524 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntpd.1ntpdman@1.332 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntpd.1ntpdmdoc@1.332 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntpd.html@1.176 +2 -2
++    NTP_4_2_8P5
++
++  ntpd/ntpd.man.in@1.332 +3 -3
++    NTP_4_2_8P5
++
++  ntpd/ntpd.mdoc.in@1.332 +2 -2
++    NTP_4_2_8P5
++
++  ntpdc/invoke-ntpdc.texi@1.500 +2 -2
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc-opts.c@1.518 +7 -7
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc-opts.h@1.517 +3 -3
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.1ntpdcman@1.331 +3 -3
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.1ntpdcmdoc@1.331 +2 -2
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.html@1.344 +2 -2
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.man.in@1.331 +3 -3
++    NTP_4_2_8P5
++
++  ntpdc/ntpdc.mdoc.in@1.331 +2 -2
++    NTP_4_2_8P5
++
++  ntpq/invoke-ntpq.texi@1.507 +2 -2
++    NTP_4_2_8P5
++
++  ntpq/ntpq-opts.c@1.524 +7 -7
++    NTP_4_2_8P5
++
++  ntpq/ntpq-opts.h@1.522 +3 -3
++    NTP_4_2_8P5
++
++  ntpq/ntpq.1ntpqman@1.335 +3 -3
++    NTP_4_2_8P5
++
++  ntpq/ntpq.1ntpqmdoc@1.335 +2 -2
++    NTP_4_2_8P5
++
++  ntpq/ntpq.html@1.173 +2 -2
++    NTP_4_2_8P5
++
++  ntpq/ntpq.man.in@1.335 +3 -3
++    NTP_4_2_8P5
++
++  ntpq/ntpq.mdoc.in@1.335 +2 -2
++    NTP_4_2_8P5
++
++  ntpsnmpd/invoke-ntpsnmpd.texi@1.502 +2 -2
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd-opts.c@1.520 +7 -7
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd-opts.h@1.519 +3 -3
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.331 +3 -3
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.331 +2 -2
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.html@1.171 +1 -1
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.man.in@1.331 +3 -3
++    NTP_4_2_8P5
++
++  ntpsnmpd/ntpsnmpd.mdoc.in@1.331 +2 -2
++    NTP_4_2_8P5
++
++  packageinfo.sh@1.522 +2 -2
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.92 +3 -3
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.93 +2 -2
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.html@1.94 +1 -1
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.man.in@1.91 +3 -3
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/calc_tickadj.mdoc.in@1.93 +2 -2
++    NTP_4_2_8P5
++
++  scripts/calc_tickadj/invoke-calc_tickadj.texi@1.96 +1 -1
++    NTP_4_2_8P5
++
++  scripts/invoke-plot_summary.texi@1.113 +2 -2
++    NTP_4_2_8P5
++
++  scripts/invoke-summary.texi@1.113 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/invoke-ntp-wait.texi@1.323 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait-opts@1.59 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.1ntp-waitman@1.320 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.321 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.html@1.340 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.man.in@1.320 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntp-wait/ntp-wait.mdoc.in@1.321 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/invoke-ntpsweep.texi@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep-opts@1.61 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.1ntpsweepman@1.99 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.99 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.html@1.112 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.man.in@1.99 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntpsweep/ntpsweep.mdoc.in@1.100 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/invoke-ntptrace.texi@1.112 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace-opts@1.61 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.1ntptraceman@1.99 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.1ntptracemdoc@1.100 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.html@1.113 +2 -2
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.man.in@1.99 +3 -3
++    NTP_4_2_8P5
++
++  scripts/ntptrace/ntptrace.mdoc.in@1.101 +2 -2
++    NTP_4_2_8P5
++
++  scripts/plot_summary-opts@1.61 +2 -2
++    NTP_4_2_8P5
++
++  scripts/plot_summary.1plot_summaryman@1.111 +3 -3
++    NTP_4_2_8P5
++
++  scripts/plot_summary.1plot_summarymdoc@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/plot_summary.html@1.114 +2 -2
++    NTP_4_2_8P5
++
++  scripts/plot_summary.man.in@1.111 +3 -3
++    NTP_4_2_8P5
++
++  scripts/plot_summary.mdoc.in@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/summary-opts@1.61 +2 -2
++    NTP_4_2_8P5
++
++  scripts/summary.1summaryman@1.111 +3 -3
++    NTP_4_2_8P5
++
++  scripts/summary.1summarymdoc@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/summary.html@1.114 +2 -2
++    NTP_4_2_8P5
++
++  scripts/summary.man.in@1.111 +3 -3
++    NTP_4_2_8P5
++
++  scripts/summary.mdoc.in@1.111 +2 -2
++    NTP_4_2_8P5
++
++  scripts/update-leap/invoke-update-leap.texi@1.12 +1 -1
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap-opts@1.12 +2 -2
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.1update-leapman@1.12 +3 -3
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.1update-leapmdoc@1.12 +2 -2
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.html@1.12 +1 -1
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.man.in@1.12 +3 -3
++    NTP_4_2_8P5
++
++  scripts/update-leap/update-leap.mdoc.in@1.12 +2 -2
++    NTP_4_2_8P5
++
++  sntp/invoke-sntp.texi@1.500 +2 -2
++    NTP_4_2_8P5
++
++  sntp/sntp-opts.c@1.519 +7 -7
++    NTP_4_2_8P5
++
++  sntp/sntp-opts.h@1.517 +3 -3
++    NTP_4_2_8P5
++
++  sntp/sntp.1sntpman@1.335 +3 -3
++    NTP_4_2_8P5
++
++  sntp/sntp.1sntpmdoc@1.335 +2 -2
++    NTP_4_2_8P5
++
++  sntp/sntp.html@1.515 +2 -2
++    NTP_4_2_8P5
++
++  sntp/sntp.man.in@1.335 +3 -3
++    NTP_4_2_8P5
++
++  sntp/sntp.mdoc.in@1.335 +2 -2
++    NTP_4_2_8P5
++
++  util/invoke-ntp-keygen.texi@1.503 +2 -2
++    NTP_4_2_8P5
++
++  util/ntp-keygen-opts.c@1.521 +7 -7
++    NTP_4_2_8P5
++
++  util/ntp-keygen-opts.h@1.519 +3 -3
++    NTP_4_2_8P5
++
++  util/ntp-keygen.1ntp-keygenman@1.331 +3 -3
++    NTP_4_2_8P5
++
++  util/ntp-keygen.1ntp-keygenmdoc@1.331 +2 -2
++    NTP_4_2_8P5
++
++  util/ntp-keygen.html@1.177 +2 -2
++    NTP_4_2_8P5
++
++  util/ntp-keygen.man.in@1.331 +3 -3
++    NTP_4_2_8P5
++
++  util/ntp-keygen.mdoc.in@1.331 +2 -2
++    NTP_4_2_8P5
++
++ChangeSet@1.3622, 2016-01-07 17:52:24-05:00, stenn@deacon.udel.edu
++  ntp-4.2.8p5
++
++  packageinfo.sh@1.521 +1 -1
++    ntp-4.2.8p5
++
++ChangeSet@1.3621, 2016-01-07 22:20:05+00:00, stenn@psp-at1.ntp.org
++  cleanup
++
++  NEWS@1.152 +2 -2
++    cleanup
++
++ChangeSet@1.3620, 2016-01-07 09:33:11+00:00, stenn@psp-at1.ntp.org
++  typo in ntp_proto.c - leap smear.  Reported by Martin Burnicki
++
++  ntpd/ntp_proto.c@1.371 +1 -1
++    typo in ntp_proto.c - leap smear.  Reported by Martin Burnicki
++
++ChangeSet@1.3619, 2016-01-07 06:33:08+00:00, stenn@psp-at1.ntp.org
++  Update scripts/calc_tickadj/Makefile.am.  Harlan Stenn.
++
++  ChangeLog@1.1790 +1 -0
++    Update scripts/calc_tickadj/Makefile.am.  Harlan Stenn.
++
++  scripts/calc_tickadj/Makefile.am@1.11 +2 -0
++    Update scripts/calc_tickadj/Makefile.am.  Harlan Stenn.
++
++ChangeSet@1.3616.1.1, 2016-01-05 10:57:45+00:00, stenn@psp-at1.ntp.org
++  Bug 2952 fixes
++
++  ChangeLog@1.1787.1.1 +1 -0
++    Bug 2952 fixes
++
++  ntpd/ntp_proto.c@1.370 +165 -152
++    Bug 2952 fixes
++
++ChangeSet@1.3617, 2016-01-05 09:56:31+00:00, stenn@psp-at1.ntp.org
++  ntp-4.2.8p5 prep
++
++  ChangeLog@1.1788 +2 -1
++    ntp-4.2.8p5 prep
++
++  NEWS@1.151 +104 -3
++    ntp-4.2.8p5 prep
++
++ChangeSet@1.3616, 2015-12-06 11:20:02+00:00, stenn@psp-deb1.ntp.org
++  Quiet a warning from clang.  Harlan Stenn.
++
++  ChangeLog@1.1787 +1 -0
++    Quiet a warning from clang.  Harlan Stenn.
++
++  libntp/ntp_rfc2553.c@1.50 +3 -2
++    Quiet a warning from clang.  Harlan Stenn.
++
++ChangeSet@1.3615, 2015-12-05 10:41:51+00:00, stenn@psp-at1.ntp.org
++  CID 1341677: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1786 +1 -0
++    CID 1341677: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  sntp/tests/keyFile.c@1.12 +5 -2
++    CID 1341677: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3614, 2015-12-05 10:38:28+00:00, stenn@psp-at1.ntp.org
++  CID 1341678: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1785 +1 -0
++    CID 1341678: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  sntp/tests/keyFile.c@1.11 +5 -1
++    CID 1341678: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3613, 2015-12-05 10:31:39+00:00, stenn@psp-at1.ntp.org
++  CID 1341679: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1784 +1 -0
++    CID 1341679: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  sntp/tests/keyFile.c@1.10 +4 -2
++    CID 1341679: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3612, 2015-12-05 10:27:40+00:00, stenn@psp-at1.ntp.org
++  CID 1341680: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1783 +1 -0
++    CID 1341680: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  sntp/tests/keyFile.c@1.9 +4 -2
++    CID 1341680: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3611, 2015-12-05 10:21:07+00:00, stenn@psp-at1.ntp.org
++  CID 1341681: Nits in sntp/tests/keyFile.c.  HStenn.
++
++  ChangeLog@1.1782 +1 -0
++    CID 1341681: Nits in sntp/tests/keyFile.c.  HStenn.
++
++ChangeSet@1.3610, 2015-12-05 10:18:23+00:00, stenn@psp-at1.ntp.org
++  sntp/tests/keyFile.c lint
++
++  sntp/tests/keyFile.c@1.8 +4 -2
++    sntp/tests/keyFile.c lint
++
++ChangeSet@1.3609, 2015-12-05 10:01:47+00:00, stenn@psp-at1.ntp.org
++  CID 1341682: Nit in libntp/authreadkeys.c.  HStenn.
++
++  ChangeLog@1.1781 +1 -0
++    CID 1341682: Nit in libntp/authreadkeys.c.  HStenn.
++
++  libntp/authreadkeys.c@1.24 +3 -4
++    CID 1341682: Nit in libntp/authreadkeys.c.  HStenn.
++
++ChangeSet@1.3608, 2015-12-05 09:40:44+00:00, stenn@psp-at1.ntp.org
++  CID 1341684: Nit in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++  ChangeLog@1.1780 +1 -0
++    CID 1341684: Nit in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++  tests/ntpd/t-ntp_signd.c@1.15 +4 -0
++    CID 1341684: Nit in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++ChangeSet@1.3607, 2015-12-03 12:07:30+00:00, stenn@psp-at1.ntp.org
++  Update some test runners
++
++  tests/libntp/run-sfptostr.c@1.7 +9 -8
++    update
++
++  tests/sandbox/run-uglydate.c@1.7 +2 -1
++    update
++
++ChangeSet@1.3606, 2015-12-03 03:28:15-08:00, cov-build@cov7.ntfo.org
++  Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++
++  ChangeLog@1.1779 +1 -0
++    Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++
++  tests/libntp/sfptostr.c@1.5 +1 -0
++    Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++
++ChangeSet@1.3605, 2015-12-03 03:26:50-08:00, cov-build@cov7.ntfo.org
++  Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++
++  ChangeLog@1.1778 +1 -0
++    Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++
++  tests/sandbox/uglydate.c@1.6 +2 -1
++    Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++
++ChangeSet@1.3604, 2015-12-03 02:16:02-08:00, cov-build@cov7.ntfo.org
++  CID 1341527: Quiet a CHECKED_RETURN in sntp/tests/t-log.c.  HStenn.
++
++  ChangeLog@1.1777 +1 -0
++    CID 1341527: Quiet a CHECKED_RETURN in sntp/tests/t-log.c.  HStenn.
++
++  sntp/tests/t-log.c@1.7 +1 -1
++    CID 1341527: Quiet a CHECKED_RETURN in sntp/tests/t-log.c.  HStenn.
++
++ChangeSet@1.3603, 2015-12-03 02:00:58-08:00, cov-build@cov7.ntfo.org
++  CID 1341533: Missing assertion in sntp/tests/t-log.c.  HStenn.
++
++  ChangeLog@1.1776 +1 -0
++    CID 1341533: Missing assertion in sntp/tests/t-log.c.  HStenn.
++
++  sntp/tests/t-log.c@1.6 +2 -0
++    CID 1341533: Missing assertion in sntp/tests/t-log.c.  HStenn.
++
++ChangeSet@1.3602, 2015-12-03 01:50:11-08:00, cov-build@cov7.ntfo.org
++  CID 134534-134537: Resource leaks in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++  ChangeLog@1.1775 +4 -0
++    CID 134534-134537: Resource leaks in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++  tests/ntpd/t-ntp_signd.c@1.14 +9 -0
++    CID 134534-134537: Resource leaks in tests/ntpd/t-ntp_signd.c.  HStenn.
++
++ChangeSet@1.3601, 2015-12-03 01:22:22-08:00, cov-build@cov7.ntfo.org
++  CID 1341538: Memory leak in tests/ntpd/ntp_prio_q.c:262.  HStenn.
++
++  ChangeLog@1.1774 +1 -0
++    CID 1341538: Memory leak in tests/ntpd/ntp_prio_q.c:262.  HStenn.
++
++  tests/ntpd/ntp_prio_q.c@1.3 +1 -0
++    CID 1341538: Memory leak in tests/ntpd/ntp_prio_q.c:262.  HStenn.
++
++ChangeSet@1.3597.4.1, 2015-11-30 06:03:47+01:00, jnperlin@hydra.localnet
++  [Bug 2829] Look at pipe_fds in ntpd.c (initial value issue)
++
++  ChangeLog@1.1770.4.1 +1 -0
++    [Bug 2829] Look at pipe_fds in ntpd.c
++
++  ntpd/ntpd.c@1.167 +3 -0
++    [Bug 2829] Look at pipe_fds in ntpd.c (initial value issue)
++
++ChangeSet@1.3597.3.1, 2015-11-29 13:03:58+01:00, jnperlin@hydra.localnet
++  [Bug 2887] stratum -1 config results as showing value 99
++   - fudge stratum only accepts values [0..16].
++
++  ChangeLog@1.1770.3.1 +2 -0
++    [Bug 2887] stratum -1 config results as showing value 99
++     - fudge stratum only accepts values [0..16].
++
++  ntpd/ntp_parser.c@1.100 +178 -171
++    [Bug 2887] stratum -1 config results as showing value 99
++     - fudge stratum only accepts values [0..16]. (file regenerated by bison & trimmed manually)
++
++  ntpd/ntp_parser.y@1.90 +8 -1
++    [Bug 2887] stratum -1 config results as showing value 99
++     - fudge stratum only accepts values [0..16], gives error otherwise
++
++ChangeSet@1.3597.2.1, 2015-11-28 22:59:39+01:00, jnperlin@hydra.localnet
++  [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++   - applied patch by Christos Zoulas.
++
++  ChangeLog@1.1770.2.1 +2 -0
++    [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++     - applied patch by Christos Zoulas.
++
++  libntp/socktohost.c@1.16 +10 -2
++    [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++     - save errno around calls to getnameinfo/getaddrinfo (patch by Christos Zoulas)
++
++ChangeSet@1.3597.1.4, 2015-11-28 19:09:53+01:00, jnperlin@hydra.localnet
++  Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++   - changed stacked/nested handling of CTRL-C.
++
++  ChangeLog@1.1770.1.2 +2 -0
++    Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++     - changed stacked/nested handling of CTRL-C.
++
++  ntpq/ntpq-subs.c@1.114 +11 -8
++    Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++     - changed stacked/nested handling of CTRL-C.
++
++  ntpq/ntpq.c@1.165 +57 -8
++    Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++     - changed stacked/nested handling of CTRL-C.
++
++  ntpq/ntpq.h@1.31 +4 -0
++    Bug 2971 - ntpq bails on ^C: select fails: Interrupted system call
++     - changed stacked/nested handling of CTRL-C.
++
++ChangeSet@1.3597.1.3, 2015-11-25 22:10:45-08:00, harlan@max.pfcs.com
++  Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++
++  ChangeLog@1.1770.1.1 +1 -0
++    Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++
++  sntp/m4/ntp_libevent.m4@1.16 +2 -1
++    Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++
++ChangeSet@1.3597.1.2, 2015-11-25 12:23:40+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/run-t-ntp_signd.c@1.11 +6 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/t-ntp_signd.c@1.13 +19 -5
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3597.1.1, 2015-11-25 11:50:51+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  sntp/unity/unity_internals.h@1.5 +13 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/calendar.c@1.12 +8 -3
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/leapsec.c@1.4 +241 -82
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/run-leapsec.c@1.6 +33 -33
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/run-t-ntp_signd.c@1.10 +6 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/ntpd/t-ntp_signd.c@1.12 +40 -13
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/smeartest.c@1.10 +3 -0
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3598, 2015-11-24 08:06:41+01:00, jnperlin@hydra.localnet
++  [Bug 2967] ntpdate command suffers an assertion failure
++    - fixed ntp_rfc2553.c to return proper address length.
++
++  ChangeLog@1.1771 +2 -0
++    [Bug 2967] ntpdate command suffers an assertion failure
++      - fixed ntp_rfc2553.c to return proper address length.
++
++  libntp/ntp_rfc2553.c@1.49 +2 -1
++    [Bug 2967] ntpdate command suffers an assertion failure
++      - fix do_nodename() to return the proper address length when name is NULL.
++
++ChangeSet@1.3597, 2015-11-23 10:55:16+00:00, stenn@psp-at1.ntp.org
++  ChangeLog, caljulian.c:
++    * CID 1339955: Free allocated memory in caljulian test.  HStenn.
++    * CID 1339962: Explicitly initialize variable in caljulian test.  HStenn.
++
++  ChangeLog@1.1770 +2 -0
++    * CID 1339955: Free allocated memory in caljulian test.  HStenn.
++    * CID 1339962: Explicitly initialize variable in caljulian test.  HStenn.
++
++  tests/libntp/caljulian.c@1.14 +16 -10
++    * CID 1339955: Free allocated memory in caljulian test.  HStenn.
++    * CID 1339962: Explicitly initialize variable in caljulian test.  HStenn.
++
++ChangeSet@1.3596, 2015-11-20 20:16:24-08:00, harlan@hms-mbp11.pfcs.com
++  Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/kodDatabase.c@1.9 +0 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/run-kodDatabase.c@1.9 +5 -5
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3595, 2015-11-20 19:41:16-08:00, harlan@hms-mbp11.pfcs.com
++  Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/kodDatabase.c@1.8 +6 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/kodFile.c@1.9 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/run-kodDatabase.c@1.8 +6 -5
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/run-t-log.c@1.5 +3 -3
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/t-log.c@1.5 +32 -16
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/calendar.c@1.11 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/caljulian.c@1.13 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/decodenetnum.c@1.10 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/humandate.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/lfptostr.c@1.8 +9 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/modetoa.c@1.8 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/msyslog.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/netof.c@1.9 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/numtoa.c@1.7 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/numtohost.c@1.7 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/prettydate.c@1.6 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/recvbuff.c@1.7 +3 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/refidsmear.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/refnumtoa.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-calendar.c@1.11 +15 -15
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-decodenetnum.c@1.10 +6 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-humandate.c@1.7 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-lfptostr.c@1.8 +11 -11
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-modetoa.c@1.12 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-msyslog.c@1.9 +8 -8
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-netof.c@1.8 +4 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-numtoa.c@1.11 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-numtohost.c@1.11 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-prettydate.c@1.6 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-refidsmear.c@1.8 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-refnumtoa.c@1.9 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-sfptostr.c@1.6 +8 -8
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-socktoa.c@1.13 +6 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-statestr.c@1.11 +4 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-strtolfp.c@1.6 +7 -7
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-timespecops.c@1.11 +28 -28
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-timevalops.c@1.13 +28 -28
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-uglydate.c@1.11 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/sfptostr.c@1.4 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/socktoa.c@1.11 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/statestr.c@1.6 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/strtolfp.c@1.7 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timespecops.c@1.10 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timevalops.c@1.13 +10 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/uglydate.c@1.10 +13 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/run-uglydate.c@1.6 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/smeartest.c@1.9 +2 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/uglydate.c@1.5 +11 -0
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3594, 2015-11-20 07:40:57+00:00, stenn@psp-at1.ntp.org
++  [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++
++  ChangeLog@1.1769 +1 -0
++    [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++
++  ntpq/ntpq.c@1.164 +1 -1
++    [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++
++ChangeSet@1.3593, 2015-11-20 07:27:27+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/authkeys.c@1.13 +36 -10
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/buftvtots.c@1.6 +18 -6
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/calendar.c@1.10 +100 -47
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/caljulian.c@1.12 +27 -9
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/clocktime.c@1.9 +48 -24
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/humandate.c@1.6 +6 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/lfpfunc.c@1.15 +113 -69
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/netof.c@1.8 +22 -7
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/numtohost.c@1.6 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/octtoint.c@1.7 +36 -14
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/refidsmear.c@1.6 +1 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/refnumtoa.c@1.6 +5 -5
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-lfpfunc.c@1.18 +9 -9
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/run-refidsmear.c@1.7 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timespecops.c@1.9 +173 -48
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timestructs.h@1.3 +22 -22
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/timevalops.c@1.12 +168 -52
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3592, 2015-11-20 02:57:37+01:00, jnperlin@nemesis.localnet
++  [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients
++
++  ChangeLog@1.1768 +2 -0
++    [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients
++
++  lib/isc/sockaddr.c@1.14 +1 -1
++    [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients
++     - cast fro size_t to u_int (no overflow danger); not related the bug, found while double-checking changes
++
++  ntpq/ntpq-subs.c@1.113 +1 -1
++    [Bug 2969] Seg fault from ntpq/mrulist when looking at server with lots of clients
++     - make end-of-buffer test unsigned-safe
++
++ChangeSet@1.3591, 2015-11-17 11:12:02+00:00, stenn@psp-at1.ntp.org
++  [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++
++  ChangeLog@1.1767 +1 -0
++    [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++
++  html/miscopt.html@1.84 +3 -3
++    [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++
++ChangeSet@1.3588, 2015-11-17 05:02:10+00:00, stenn@psp-at1.ntp.org
++  Credit Martin for 2965
++
++  ChangeLog@1.1764.1.3 +1 -1
++    Credit Martin for 2965
++
++ChangeSet@1.3587, 2015-11-17 04:53:39+00:00, stenn@psp-at1.ntp.org
++  cleanup
++
++  ChangeLog@1.1764.1.2 +1 -1
++    cleanup
++
++ChangeSet@1.3584.2.1, 2015-11-16 11:59:55+01:00, burnicki@pc-martin4.
++  [Bug 2965] Local clock didn't work since 4.2.8p4
++
++  ChangeLog@1.1764.1.1 +1 -0
++    [Bug 2965] Local clock didn't work since 4.2.8p4
++
++  ntpd/refclock_local.c@1.22 +1 -0
++    [Bug 2965] Local clock didn't work since 4.2.8p4
++
++ChangeSet@1.3584.1.2, 2015-11-14 01:01:05+01:00, jnperlin@hydra.localnet
++  [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++   - fix warnings in test cases
++
++  tests/libntp/a_md5encrypt.c@1.14 +23 -15
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix terrible const/noconst and alignment mess 
++
++  tests/libntp/authkeys.c@1.12 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fixed cast to const cast
++
++  tests/libntp/run-a_md5encrypt.c@1.15 +5 -5
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - update generated file
++
++  tests/ntpd/rc_cmdlength.c@1.3 +1 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add header to get prototype
++
++  tests/ntpd/run-rc_cmdlength.c@1.4 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++
++ChangeSet@1.3584.1.1, 2015-11-13 22:54:35+01:00, jnperlin@hydra.localnet
++  [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++   - fixed several other warnings (cast-alignment, missing const, missing prorotypes)
++   - promote use of 'size_t' for values that express a size
++   - use ptr-to-const for read-only arguments
++   - make sure SOCKET values are not truncated (win32-specific)
++   - format string fixes
++
++  ChangeLog@1.1765 +6 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets.
++
++  include/Makefile.am@1.53 +1 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - added 'safeconst.h' to noinstall-headers
++
++  include/ntp_refclock.h@1.37 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use ptr-to-const for read-only values
++
++  include/ntp_stdlib.h@1.80 +4 -4
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - use ptr-to-const for read-only data
++
++  include/ntpd.h@1.193 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  include/safecast.h@1.1 +34 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - checked or saturated size conversion
++     - added unaligned pointer casts
++
++  include/safecast.h@1.0 +0 -0
++
++  lib/isc/backtrace.c@1.3 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid increased-alignment-earning in pointer cast 
++
++  lib/isc/buffer.c@1.2 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  lib/isc/inet_aton.c@1.6 +2 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  lib/isc/inet_pton.c@1.7 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  lib/isc/log.c@1.9 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  lib/isc/netaddr.c@1.14 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast (no overflow) to u_int
++
++  lib/isc/sockaddr.c@1.13 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast to 'u_int' (no overflow possible)
++
++  lib/isc/task.c@1.8 +8 -8
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid warnings about increased alignment requirements (not using 'safecast.h' since it's not in this lib)
++
++  lib/isc/win32/interfaceiter.c@1.23 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid truncation of SOCKET
++
++  lib/isc/win32/net.c@1.17 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid truncation of SOCKET
++
++  libntp/a_md5encrypt.c@1.35 +14 -14
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - use ptr-to-const for read-only values
++
++  libntp/atolfp.c@1.7 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explit cast from size_t to u_long (no overflow possoble)
++
++  libntp/authkeys.c@1.27.1.1 +4 -4
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  libntp/authusekey.c@1.10 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  libntp/dolfptoa.c@1.12 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast to size_t to in (no overflow possible)
++
++  libntp/hextolfp.c@1.5 +6 -4
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast size_t to u_long (no overflow possible)
++
++  libntp/mstolfp.c@1.5 +1 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  libntp/msyslog.c@1.54 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  libntp/ntp_crypto_rnd.c@1.4 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use checked cast for interface with openSSL
++
++  libntp/ntp_lineedit.c@1.14 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - downcast of size_t (no risk here)
++
++  libntp/ntp_worker.c@1.6 +2 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - downcast of size_t (no real risk of overflow)
++
++  libntp/snprintf.c@1.13 +10 -10
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use explicit downcasts in conversions
++
++  libparse/clk_computime.c@1.13 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_dcf7000.c@1.13 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_hopf6021.c@1.12 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_meinberg.c@1.16 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_rawdcf.c@1.23 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_rcc8000.c@1.12 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_schmid.c@1.15 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_trimtaip.c@1.13 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_varitext.c@1.12 +6 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - commented unused static const values
++    ---
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/clk_wharton.c@1.11 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  libparse/parse.c@1.21 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use "%p" to format pointers
++
++  ntpd/ntp_control.c@1.205 +5 -5
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/ntp_crypto.c@1.185 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix small signed/unsigned clash
++
++  ntpd/ntp_io.c@1.409 +6 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - remove cast-alignment warnings by casting via 'void*'
++     - proper cast from SOCKET to int when file descriptor needed
++
++  ntpd/ntp_loopfilter.c@1.188 +2 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid 'unused' warnings
++
++  ntpd/ntp_proto.c@1.369 +8 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes 
++     - fix signed/unsigned clash
++
++  ntpd/ntp_refclock.c@1.121 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use ptr-to-const for read-only parameters
++
++  ntpd/ntp_request.c@1.115 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid serious LP64 problem by using uint32_t instead of u_long
++
++  ntpd/ntp_restrict.c@1.40 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/ntp_signd.c@1.5 +3 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fixed missing 'const' in cast
++
++  ntpd/ntp_timer.c@1.93 +7 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid mixed float/int calculations
++
++  ntpd/ntp_util.c@1.117 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/refclock_parse.c@1.82 +2 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/refclock_shm.c@1.38 +3 -2
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fixed some volatile madness & casts
++
++  ntpd/refclock_true.c@1.25 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpd/refclock_tsyncpci.c@1.10 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - remove cast-alignment warnings by omitting superfluous cast
++
++  ntpdate/ntpdate.c@1.97 +7 -7
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - avoid truncation of SOCKET handles
++
++  ntpdc/ntpdc.c@1.105 +36 -34
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpdc/ntpdc.h@1.12 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ntpdc/ntpdc_ops.c@1.81 +109 -109
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpq/libntpq.c@1.13 +7 -9
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpq/libntpq.h@1.11 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - more size_t propagation and format string fixes 
++
++  ntpq/libntpq_subs.c@1.7 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - more size_t propagation and format string fixes 
++
++  ntpq/ntpq-subs.c@1.112 +39 -37
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpq/ntpq.c@1.163 +34 -34
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - format string fixes
++
++  ntpq/ntpq.h@1.30 +7 -7
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++
++  ports/winnt/include/config.h@1.113 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - use ptr-to-const for read-only values
++
++  ports/winnt/include/ntp_iocompletionport.h@1.21 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid truncation of SOCKET identifiers
++
++  ports/winnt/instsrv/instsrv.c@1.7 +6 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - explicit cast to DWORD (overflow hardly possible)
++
++  ports/winnt/libntp/termios.c@1.32 +18 -16
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - promote use of 'size_t' for values that express a size
++     - use ptr-to-const for read-only values
++     - avoid truncation of handle
++
++  ports/winnt/ntpd/ntp_iocompletionport.c@1.72 +9 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - avoid truncation of SOCKET handles
++
++  ports/winnt/vs2008/common.vsprops@1.2 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - disable a size_t cast warnings
++
++  ports/winnt/vs2008/ntpd/ntpd.vcproj@1.50 +49 -17
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - disable C4307 (integer constant overflow) on refclock_arc.c 
++
++  ports/winnt/vs2013/common.props@1.2 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - disable the annoying truncation-of-value error
++
++  ports/winnt/vs2013/libntp/libntp.vcxproj@1.9 +1 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add 'safecast.h' header
++
++  ports/winnt/vs2013/libntp/libntp.vcxproj.filters@1.7 +3 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add safecast.h header
++
++  ports/winnt/vs2013/ntpd/ntpd.vcxproj@1.8 +7 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - refclock_arc is very noisy with integer constant overflow
++
++  sntp/networking.c@1.67 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - remove cast-alignment warnings by casting via 'void*'
++
++  tests/libntp/authkeys.c@1.11 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix missing 'const' in cast
++
++  tests/ntpd/ntp_restrict.c@1.3 +1 -0
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix function declarations
++
++  tests/ntpd/run-ntp_restrict.c@1.5 +8 -8
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - update auto-generated file
++
++  tests/ntpd/run-t-ntp_signd.c@1.9 +7 -7
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix function prototypes
++
++  tests/ntpd/t-ntp_scanner.c@1.7 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add missing 'const' declarations
++
++  tests/ntpd/t-ntp_signd.c@1.11 +24 -13
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - added missing prototypes and a fix serious pointer problem
++
++  tests/sandbox/run-uglydate.c@1.3.1.1 +1 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - update generated file
++
++  tests/sandbox/uglydate.c@1.2.1.1 +4 -1
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - add prototypes
++
++  tests/sec-2853/sec-2853.c@1.7 +6 -6
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - fix size_t format
++
++  util/ntp-keygen.c@1.107 +3 -3
++    [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets
++     - let openssl sort out the string size
++
++ChangeSet@1.3585, 2015-11-07 23:46:41+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/t-log.c@1.4 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/run-uglydate.c@1.4 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/uglydate.c@1.3 +2 -0
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3581.1.1, 2015-11-06 08:33:23+01:00, jnperlin@hydra.localnet
++  [Bug 2957] format specifies type 'unsigned int' but the argument has type 'size_t'
++   - accept key file only if there are no parsing errors
++   - fixed size_t/u_int format clash
++   - restore pre-Bug1243 compatibility (revert 'strlcpy()' to 'strncpy()' as 'strlcpy()' is wrong here)
++
++  ChangeLog@1.1761.1.1 +4 -0
++    [Bug 2957] format specifies type 'unsigned int' but the argument has type 'size_t'
++     - accept key file only if there are no parsing errors
++     - fixed size_t/u_int format clash
++     - restore pre-Bug1243 compatibility (revert 'strlcpy()' to 'strncpy()' as 'strlcpy()' is wrong here)
++
++  libntp/authkeys.c@1.28 +17 -5
++    [Bug 2957] format specifies type 'unsigned int' but the argument has type 'size_t'
++     - restore pre-Bug1243 compatibility (revert 'strlcpy()' to 'strncpy()' as 'strlcpy()' is wrong here)
++
++  libntp/authreadkeys.c@1.23 +68 -22
++    [Bug 2957] format specifies type 'unsigned int' but the argument has type 'size_t'
++     - accept key file only if there are no parsing errors
++     - fixed size_t/u_int format clash
++
++ChangeSet@1.3584, 2015-11-05 11:47:50+00:00, stenn@psp-at1.ntp.org
++  Unity test cleanup.  Harlan Stenn.
++
++  ChangeLog@1.1764 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/run-t-log.c@1.4 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/t-log.c@1.3 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  sntp/tests/utilities.c@1.5 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/bug-2803/bug-2803.c@1.10 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/bug-2803/run-bug-2803.c@1.9 +2 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/a_md5encrypt.c@1.13 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/caljulian.c@1.11 +4 -4
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/lfpfunc.c@1.14 +9 -9
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/netof.c@1.7 +10 -10
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/prettydate.c@1.5 +3 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/recvbuff.c@1.6 +1 -1
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/socktoa.c@1.10 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/libntp/uglydate.c@1.9 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/smeartest.c@1.8 +1 -0
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sandbox/uglydate.c@1.2 +2 -2
++    Unity test cleanup.  Harlan Stenn.
++
++  tests/sec-2853/sec-2853.c@1.6 +1 -4
++    Unity test cleanup.  Harlan Stenn.
++
++ChangeSet@1.3583, 2015-11-05 10:37:38+00:00, stenn@psp-at1.ntp.org
++  Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++
++  ChangeLog@1.1763 +1 -1
++    Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++
++  ChangeLog@1.1762 +1 -0
++    Unity cleanup for FreeBSD-6.2.  Harlan Stenn.
++
++  sntp/m4/ntp_problemtests.m4@1.4 +4 -1
++    Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++
++ChangeSet@1.3582, 2015-11-05 10:01:57+00:00, stenn@psp-at1.ntp.org
++  Sec 2956 cleanup
++
++  include/ntpd.h@1.192 +1 -0
++    Sec 2956 cleanup
++
++  libntp/systime.c@1.70 +2 -3
++    Sec 2956 cleanup
++
++  ntpd/ntp_loopfilter.c@1.187 +0 -2
++    Sec 2956 cleanup
++
++  ntpdate/ntpdate.c@1.96 +0 -3
++    Sec 2956 cleanup
++
++  ntpsnmpd/ntpsnmpd.c@1.10 +0 -3
++    Sec 2956 cleanup
++
++  sntp/main.c@1.98 +0 -3
++    Sec 2956 cleanup
++
++ChangeSet@1.3581, 2015-11-04 10:02:25+00:00, stenn@psp-at1.ntp.org
++  [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++
++  ChangeLog@1.1761 +2 -1
++    [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++
++  tests/ntpd/t-ntp_scanner.c@1.6 +1 -1
++    [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++
++ChangeSet@1.3580, 2015-11-04 08:39:12+00:00, stenn@psp-at1.ntp.org
++  [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  ChangeLog@1.1760 +2 -0
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  libntp/systime.c@1.69 +23 -2
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  ntpd/ntp_loopfilter.c@1.186 +17 -27
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  ntpdate/ntpdate.c@1.95 +3 -0
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  ntpsnmpd/ntpsnmpd.c@1.9 +3 -0
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++  sntp/main.c@1.97 +3 -0
++    [Sec 2956] small-step/big-step.  Close the panic gate earlier.
++
++ChangeSet@1.3579, 2015-11-03 22:08:46+01:00, jnperlin@hydra.localnet
++  [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++   - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++
++  ChangeLog@1.1759 +1 -0
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++
++  ntpd/ntpd.c@1.166 +9 -2
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++
++ChangeSet@1.3578, 2015-10-31 18:04:18+00:00, perlinger@psp-deb1.ntp.org
++  [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++   - fixed race conditions between worker and main thread in DNS worker
++
++  ChangeLog@1.1758 +3 -0
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - fixed race conditions between worker and main thread in DNS worker
++
++  include/ntp_worker.h@1.4 +45 -21
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - provide shared access lock based on semaphore
++     - better isolation of OS dependencies
++
++  libntp/work_thread.c@1.18 +370 -231
++    [Bug 2954] Version 4.2.8p4 crashes on startup with sig fault
++     - fixed race conditions between worker and main thread
++     - better (still not perfect) isolation of OS dependent code for semaphore handling
++
+ ChangeSet@1.3577, 2015-10-21 12:42:02-04:00, stenn@deacon.udel.edu
+   NTP_4_2_8P4
+   TAG: NTP_4_2_8P4
+--- contrib/ntp/NEWS.orig
++++ contrib/ntp/NEWS
+@@ -1,7 +1,108 @@
+ ---
++
++NTP 4.2.8p5
++
++Focus: Security, Bug fixes, enhancements.
++
++Severity: MEDIUM
++
++In addition to bug fixes and enhancements, this release fixes the
++following medium-severity vulnerability:
++
++* Small-step/big-step.  Close the panic gate earlier.
++    References: Sec 2956, CVE-2015-5300
++    Affects: All ntp-4 releases up to, but not including 4.2.8p5, and
++	4.3.0 up to, but not including 4.3.78
++    CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM
++    Summary: If ntpd is always started with the -g option, which is
++	common and against long-standing recommendation, and if at the
++	moment ntpd is restarted an attacker can immediately respond to
++	enough requests from enough sources trusted by the target, which
++	is difficult and not common, there is a window of opportunity
++	where the attacker can cause ntpd to set the time to an
++	arbitrary value. Similarly, if an attacker is able to respond
++	to enough requests from enough sources trusted by the target,
++	the attacker can cause ntpd to abort and restart, at which
++	point it can tell the target to set the time to an arbitrary
++	value if and only if ntpd was re-started against long-standing
++	recommendation with the -g flag, or if ntpd was not given the
++	-g flag, the attacker can move the target system's time by at
++	most 900 seconds' time per attack.
++    Mitigation:
++	Configure ntpd to get time from multiple sources.
++	Upgrade to 4.2.8p5, or later, from the NTP Project Download
++	    Page or the NTP Public Services Project Download Page
++	As we've long documented, only use the -g option to ntpd in
++	    cold-start situations.
++	Monitor your ntpd instances. 
++    Credit: This weakness was discovered by Aanchal Malhotra,
++	Isaac E. Cohen, and Sharon Goldberg at Boston University. 
++
++    NOTE WELL: The -g flag disables the limit check on the panic_gate
++	in ntpd, which is 900 seconds by default. The bug identified by
++	the researchers at Boston University is that the panic_gate
++	check was only re-enabled after the first change to the system
++	clock that was greater than 128 milliseconds, by default. The
++	correct behavior is that the panic_gate check should be
++	re-enabled after any initial time correction.
++
++	If an attacker is able to inject consistent but erroneous time
++	responses to your systems via the network or "over the air",
++	perhaps by spoofing radio, cellphone, or navigation satellite
++	transmissions, they are in a great position to affect your
++	system's clock. There comes a point where your very best
++	defenses include:
++
++	    Configure ntpd to get time from multiple sources.
++	    Monitor your ntpd instances. 
++
++Other fixes:
++
++* Coverity submission process updated from Coverity 5 to Coverity 7.
++  The NTP codebase has been undergoing regular Coverity scans on an
++  ongoing basis since 2006.  As part of our recent upgrade from
++  Coverity 5 to Coverity 7, Coverity identified 16 nits in some of
++  the newly-written Unity test programs.  These were fixed.
++* [Bug 2829] Clean up pipe_fds in ntpd.c  perlinger@ntp.org
++* [Bug 2887] stratum -1 config results as showing value 99
++  - fudge stratum should only accept values [0..16]. perlinger@ntp.org
++* [Bug 2932] Update leapsecond file info in miscopt.html.  CWoodbury, HStenn.
++* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in.  HMurray
++* [Bug 2944] errno is not preserved properly in ntpdate after sendto call.
++  - applied patch by Christos Zoulas.  perlinger@ntp.org
++* [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704.
++* [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes.
++  - fixed data race conditions in threaded DNS worker. perlinger@ntp.org
++  - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org
++* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org
++  - accept key file only if there are no parsing errors
++  - fixed size_t/u_int format clash
++  - fixed wrong use of 'strlcpy'
++* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres.
++* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org
++  - fixed several other warnings (cast-alignment, missing const, missing prototypes)
++  - promote use of 'size_t' for values that express a size
++  - use ptr-to-const for read-only arguments
++  - make sure SOCKET values are not truncated (win32-specific)
++  - format string fixes
++* [Bug 2965] Local clock didn't work since 4.2.8p4.  Martin Burnicki.
++* [Bug 2967] ntpdate command suffers an assertion failure
++  - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org
++* [Bug 2969]  Seg fault from ntpq/mrulist when looking at server with
++              lots of clients. perlinger@ntp.org
++* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
++  - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
++* Unity cleanup for FreeBSD-6.4.  Harlan Stenn.
++* Unity test cleanup.  Harlan Stenn.
++* Libevent autoconf pthread fixes for FreeBSD-10.  Harlan Stenn.
++* Header cleanup in tests/sandbox/uglydate.c.  Harlan Stenn.
++* Header cleanup in tests/libntp/sfptostr.c.  Harlan Stenn.
++* Quiet a warning from clang.  Harlan Stenn.
++
++---
+ NTP 4.2.8p4
+ 
+-Focus: Security, Bug fies, enhancements.
++Focus: Security, Bug fixes, enhancements.
+ 
+ Severity: MEDIUM
+ 
+@@ -339,8 +440,8 @@
+ 
+ Backward-Incompatible changes:
+ * [Bug 2817] Default on Linux is now "rlimit memlock -1".
+-While the general default of 32M is still the case, under Linux
+-the default value has been changed to -1 (do not lock ntpd into
++  While the general default of 32M is still the case, under Linux
++  the default value has been changed to -1 (do not lock ntpd into
+   memory).  A value of 0 means "lock ntpd into memory with whatever
+   memory it needs." If your ntp.conf file has an explicit "rlimit memlock"
+   value in it, that value will continue to be used.
+--- contrib/ntp/configure.orig
++++ contrib/ntp/configure
+@@ -1,6 +1,6 @@
+ #! /bin/sh
+ # Guess values for system-dependent variables and create Makefiles.
+-# Generated by GNU Autoconf 2.69 for ntp 4.2.8p4.
++# Generated by GNU Autoconf 2.69 for ntp 4.2.8p5.
+ #
+ # Report bugs to .
+ #
+@@ -590,8 +590,8 @@
+ # Identity of this package.
+ PACKAGE_NAME='ntp'
+ PACKAGE_TARNAME='ntp'
+-PACKAGE_VERSION='4.2.8p4'
+-PACKAGE_STRING='ntp 4.2.8p4'
++PACKAGE_VERSION='4.2.8p5'
++PACKAGE_STRING='ntp 4.2.8p5'
+ PACKAGE_BUGREPORT='http://bugs.ntp.org./'
+ PACKAGE_URL='http://www.ntp.org./'
+ 
+@@ -1616,7 +1616,7 @@
+   # Omit some internal or obsolete options to make the list less imposing.
+   # This message is too long to be a string in the A/UX 3.1 sh.
+   cat <<_ACEOF
+-\`configure' configures ntp 4.2.8p4 to adapt to many kinds of systems.
++\`configure' configures ntp 4.2.8p5 to adapt to many kinds of systems.
+ 
+ Usage: $0 [OPTION]... [VAR=VALUE]...
+ 
+@@ -1686,7 +1686,7 @@
+ 
+ if test -n "$ac_init_help"; then
+   case $ac_init_help in
+-     short | recursive ) echo "Configuration of ntp 4.2.8p4:";;
++     short | recursive ) echo "Configuration of ntp 4.2.8p5:";;
+    esac
+   cat <<\_ACEOF
+ 
+@@ -1919,7 +1919,7 @@
+ test -n "$ac_init_help" && exit $ac_status
+ if $ac_init_version; then
+   cat <<\_ACEOF
+-ntp configure 4.2.8p4
++ntp configure 4.2.8p5
+ generated by GNU Autoconf 2.69
+ 
+ Copyright (C) 2012 Free Software Foundation, Inc.
+@@ -2749,7 +2749,7 @@
+ This file contains any messages produced by compilers while
+ running configure, to aid debugging if configure makes a mistake.
+ 
+-It was created by ntp $as_me 4.2.8p4, which was
++It was created by ntp $as_me 4.2.8p5, which was
+ generated by GNU Autoconf 2.69.  Invocation command line was
+ 
+   $ $0 $@
+@@ -3750,7 +3750,7 @@
+ 
+ # Define the identity of the package.
+  PACKAGE='ntp'
+- VERSION='4.2.8p4'
++ VERSION='4.2.8p5'
+ 
+ 
+ cat >>confdefs.h <<_ACEOF
+@@ -20018,9 +20018,10 @@
+ 	    # LDADD_LIBEVENT=`$PKG_CONFIG --libs libevent | sed 's:-levent::'`
+ 	    # So now we dance...
+ 	    LDADD_LIBEVENT=
+-	    for i in `$PKG_CONFIG --libs libevent`
++	    for i in `$PKG_CONFIG --libs libevent` `$PKG_CONFIG --cflags-only-other libevent_pthreads`
+ 	    do
+ 		case "$i" in
++		 -D*) ;;
+ 		 -levent*) ;;
+ 		 *) case "$LDADD_LIBEVENT" in
+ 		     '') LDADD_LIBEVENT="$i" ;;
+@@ -37035,8 +37036,9 @@
+ $as_echo_n "checking if we can run test-ntp_restrict... " >&6; }
+ ntp_test_ntp_restrict="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
++ no:0:*-*-hpux11.23*) ;;
+  no:0:*-*-solaris*) ;;
+- no:0:*-*-hpux-11.23*) ;;
+  *) ntp_test_ntp_restrict="yes" ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_restrict" >&5
+@@ -37054,6 +37056,7 @@
+ $as_echo_n "checking if we can run test-ntp_scanner... " >&6; }
+ ntp_test_ntp_scanner="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
+  no:0:*-*-solaris*) ;;
+  *) ntp_test_ntp_scanner="yes" ;;
+ esac
+@@ -37072,6 +37075,7 @@
+ $as_echo_n "checking if we can run test-ntp_signd... " >&6; }
+ ntp_test_ntp_signd="no"
+ case "$ntp_ept:$cross:$host" in
++ no:0:*-*-freebsd6.4) ;;
+  no:0:*-*-solaris*) ;;
+  *) ntp_test_ntp_signd="yes" ;;
+ esac
+@@ -37836,7 +37840,7 @@
+ # report actual input values of CONFIG_FILES etc. instead of their
+ # values after options handling.
+ ac_log="
+-This file was extended by ntp $as_me 4.2.8p4, which was
++This file was extended by ntp $as_me 4.2.8p5, which was
+ generated by GNU Autoconf 2.69.  Invocation command line was
+ 
+   CONFIG_FILES    = $CONFIG_FILES
+@@ -37903,7 +37907,7 @@
+ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ ac_cs_version="\\
+-ntp config.status 4.2.8p4
++ntp config.status 4.2.8p5
+ configured by $0, generated by GNU Autoconf 2.69,
+   with options \\"\$ac_cs_config\\"
+ 
+--- contrib/ntp/packageinfo.sh.orig
++++ contrib/ntp/packageinfo.sh
+@@ -83,7 +83,7 @@
+ # - Numeric values increment
+ # - empty 'increments' to 1
+ # - NEW 'increments' to empty
+-point=4
++point=5
+ 
+ ### betapoint is normally modified by script.
+ # ntp-stable Beta number (betapoint)
+--- usr.sbin/ntp/doc/ntp-keygen.8.orig
++++ usr.sbin/ntp/doc/ntp-keygen.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYGEN 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp-keygen-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:40:10 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:43 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp-keygen-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntp.conf.5.orig
++++ usr.sbin/ntp/doc/ntp.conf.5
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_CONF 5 File Formats
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:30:57 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.conf.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntp.keys.5.orig
++++ usr.sbin/ntp/doc/ntp.keys.5
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTP_KEYS 5 File Formats
+ .Os SunOS 5.10
+ .\"  EDIT THIS FILE WITH CAUTION  (ntp.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:00 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntp.keys.def
+ .\"  and the template file   agmdoc-file.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntpd.8.orig
++++ usr.sbin/ntp/doc/ntpd.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPD 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpd-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpd-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntpdc.8.orig
++++ usr.sbin/ntp/doc/ntpdc.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPDC 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpdc-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:38:57 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:31:29 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpdc-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/ntpq.8.orig
++++ usr.sbin/ntp/doc/ntpq.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt NTPQ 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (ntpq-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:39:29 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:32:02 PM by AutoGen 5.18.5
+ .\"  From the definitions    ntpq-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/doc/sntp.8.orig
++++ usr.sbin/ntp/doc/sntp.8
+@@ -1,4 +1,4 @@
+-.Dd October 21 2015
++.Dd January 7 2016
+ .Dt SNTP 8 User Commands
+ .Os
+ .\"  EDIT THIS FILE WITH CAUTION  (sntp-opts.mdoc)
+@@ -5,7 +5,7 @@
+ .\"
+ .\" $FreeBSD$
+ .\"
+-.\"  It has been AutoGen-ed  October 21, 2015 at 12:30:59 PM by AutoGen 5.18.5
++.\"  It has been AutoGen-ed  January  7, 2016 at 11:23:27 PM by AutoGen 5.18.5
+ .\"  From the definitions    sntp-opts.def
+ .\"  and the template file   agmdoc-cmd.tpl
+ .Sh NAME
+--- usr.sbin/ntp/scripts/mkver.orig
++++ usr.sbin/ntp/scripts/mkver
+@@ -6,7 +6,7 @@
+ 
+ ConfStr="$PROG"
+ 
+-ConfStr="$ConfStr 4.2.8p4"
++ConfStr="$ConfStr 4.2.8p5"
+ 
+ case "$CSET" in
+  '') ;;
+--- usr.sbin/ntp/config.h.orig
++++ usr.sbin/ntp/config.h
+@@ -335,6 +335,9 @@
+ /* Define to 1 if you have the  header file. */
+ #define HAVE_ARPA_NAMESER_H 1
+ 
++/* Define to 1 if you have the `atomic_thread_fence' function. */
++/* #undef HAVE_ATOMIC_THREAD_FENCE */
++
+ /* Do we have audio support? */
+ #define HAVE_AUDIO /**/
+ 
+@@ -823,6 +826,9 @@
+ /* Define to 1 if you have the  header file. */
+ #define HAVE_STDARG_H 1
+ 
++/* Define to 1 if you have the  header file. */
++#define HAVE_STDATOMIC_H 1
++
+ /* Define to 1 if you have the  header file. */
+ #define HAVE_STDBOOL_H 1
+ 
+@@ -1135,7 +1141,7 @@
+ /* #undef HAVE_UNIXWARE_SIGWAIT */
+ 
+ /* Define to 1 if the system has the type `unsigned long long int'. */
+-/* #undef HAVE_UNSIGNED_LONG_LONG_INT */
++#define HAVE_UNSIGNED_LONG_LONG_INT 1
+ 
+ /* Define to 1 if you have the `updwtmp' function. */
+ /* #undef HAVE_UPDWTMP */
+@@ -1317,6 +1323,9 @@
+ /* define to 1 if library is thread safe */
+ #define LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE 1
+ 
++/* leap smear mechanism */
++/* #undef LEAP_SMEAR */
++
+ /* Define to any value to include libseccomp sandboxing. */
+ /* #undef LIBSECCOMP */
+ 
+@@ -1333,6 +1342,10 @@
+ /* Should we recommend a minimum value for tickadj? */
+ /* #undef MIN_REC_TICKADJ */
+ 
++/* Define to 1 if the compiler does not support C99's structure
++   initialization. */
++/* #undef MISSING_C99_STRUCT_INIT */
++
+ /* Do we need HPUX adjtime() library support? */
+ /* #undef NEED_HPUX_ADJTIME */
+ 
+@@ -1421,7 +1434,7 @@
+ #define PACKAGE_NAME "ntp"
+ 
+ /* Define to the full name and version of this package. */
+-#define PACKAGE_STRING "ntp 4.2.8p4"
++#define PACKAGE_STRING "ntp 4.2.8p5"
+ 
+ /* Define to the one symbol short name of this package. */
+ #define PACKAGE_TARNAME "ntp"
+@@ -1430,13 +1443,13 @@
+ #define PACKAGE_URL "http://www.ntp.org./"
+ 
+ /* Define to the version of this package. */
+-#define PACKAGE_VERSION "4.2.8p4"
++#define PACKAGE_VERSION "4.2.8p5"
+ 
+ /* data dir */
+ #define PERLLIBDIR "/usr/local/share/ntp/lib"
+ 
+ /* define to a working POSIX compliant shell */
+-#define POSIX_SHELL "/bin/bash"
++#define POSIX_SHELL "/bin/sh"
+ 
+ /* PARSE kernel PLL PPS support */
+ /* #undef PPS_SYNC */
+@@ -1611,7 +1624,7 @@
+ /* #undef USE_UDP_SIGPOLL */
+ 
+ /* Version number of package */
+-#define VERSION "4.2.8p4"
++#define VERSION "4.2.8p5"
+ 
+ /* vsnprintf expands "%m" to strerror(errno) */
+ /* #undef VSNPRINTF_PERCENT_M */
+@@ -1788,5 +1801,5 @@
+ /*
+  * FreeBSD specific: Explicitly specify date/time for reproducible build.
+  */
+-#define	MKREPRO_DATE "Oct 22 2015"
+-#define	MKREPRO_TIME "17:58:31"
++#define	MKREPRO_DATE "Jan 8 2016"
++#define	MKREPRO_TIME "12:37:48"
+--- include/Makefile.orig
++++ include/Makefile
+@@ -19,7 +19,7 @@
+ 	printf.h proc_service.h pthread.h \
+ 	pthread_np.h pwd.h ranlib.h readpassphrase.h regex.h \
+ 	res_update.h resolv.h runetype.h search.h semaphore.h setjmp.h \
+-	signal.h spawn.h stab.h stdalign.h stdbool.h stddef.h \
++	signal.h spawn.h stab.h stdalign.h stdatomic.h stdbool.h stddef.h \
+ 	stdnoreturn.h stdio.h stdlib.h string.h stringlist.h \
+ 	strings.h sysexits.h tar.h termios.h tgmath.h \
+ 	time.h timeconv.h timers.h ttyent.h \
diff --git a/share/security/patches/SA-16:02/ntp-9.patch.asc b/share/security/patches/SA-16:02/ntp-9.patch.asc
new file mode 100644
index 0000000000..a98bef79e4
--- /dev/null
+++ b/share/security/patches/SA-16:02/ntp-9.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJWl2vaAAoJEO1n7NZdz2rnV8gQALVsnYTaTxO/MUewSFss7+i2
+z5dc+BvS0e5jW+klAvTsgcNdsG1SLsydAW4G89IUJ5QC0wFAIOVcWM7fez+8SERh
+FyQeY7xHiK5Ek6yO4SUb7pL5pHeDM1kCQMkFK/6SiE2WBEtYMzvjtInnSk+wCphP
+YWZPpmiAQibLPQebnvJP6IDJ87VUV6jsilAfikexXPXK6MYDNDTyaniKw83dyfAk
+2+50sTs32aUSgprziqEAAOOD+M1smqD/lutD5UbkdvfTHCopk889idoKVAdC5eLJ
+z9Xi9IJa7BlTrHV/0jBdM+rtXh9gCUkcwPrB0VJVe8gib93RQA/Y700cnsMLkL+O
+/aeHTrmXwLj6rS4DsqwW+Dit/4y8PReVyihR5A3zIKqA9MgU8QjHU2aA2PnQ6hyD
+0dd1ey+hKIQ/S7HDO8tBym5o7sGSkkelFjRxy5NRu5Uz/oz5IguYpFeBsLjYFWre
+hvsNvmMeIabXk5Cpc+QwAJ1EssAjoJzuGXr6AbIwoHJvoqxKCMmuW1Fxr5+0zuDA
+ebBU2Kvg6pVVSFSFizBq5/e/krhBM/SbcrGgzj9E4YcLs+/i+lI0LS8gEK1iQ3BA
+TK4CSJVsVq9a/HPf2GrHqVyurj39r439jq21JT6NgnkHGgf2QzT9UoD8QJ35coa0
+9Xt31rra4FlY4zzd8D4+
+=EMVn
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-16:03/linux.patch b/share/security/patches/SA-16:03/linux.patch
new file mode 100644
index 0000000000..766ab898ce
--- /dev/null
+++ b/share/security/patches/SA-16:03/linux.patch
@@ -0,0 +1,68 @@
+--- sys/amd64/linux32/linux32_proto.h.orig
++++ sys/amd64/linux32/linux32_proto.h
+@@ -992,7 +992,7 @@
+ };
+ struct linux_get_robust_list_args {
+ 	char pid_l_[PADL_(l_int)]; l_int pid; char pid_r_[PADR_(l_int)];
+-	char head_l_[PADL_(struct linux_robust_list_head *)]; struct linux_robust_list_head * head; char head_r_[PADR_(struct linux_robust_list_head *)];
++	char head_l_[PADL_(struct linux_robust_list_head **)]; struct linux_robust_list_head ** head; char head_r_[PADR_(struct linux_robust_list_head **)];
+ 	char len_l_[PADL_(l_size_t *)]; l_size_t * len; char len_r_[PADR_(l_size_t *)];
+ };
+ struct linux_splice_args {
+--- sys/amd64/linux32/linux32_systrace_args.c.orig
++++ sys/amd64/linux32/linux32_systrace_args.c
+@@ -2088,7 +2088,7 @@
+ 	case 312: {
+ 		struct linux_get_robust_list_args *p = params;
+ 		iarg[0] = p->pid; /* l_int */
+-		uarg[1] = (intptr_t) p->head; /* struct linux_robust_list_head * */
++		uarg[1] = (intptr_t) p->head; /* struct linux_robust_list_head ** */
+ 		uarg[2] = (intptr_t) p->len; /* l_size_t * */
+ 		*n_args = 3;
+ 		break;
+@@ -5363,7 +5363,7 @@
+ 			p = "l_int";
+ 			break;
+ 		case 1:
+-			p = "struct linux_robust_list_head *";
++			p = "struct linux_robust_list_head **";
+ 			break;
+ 		case 2:
+ 			p = "l_size_t *";
+--- sys/amd64/linux32/syscalls.master.orig
++++ sys/amd64/linux32/syscalls.master
+@@ -512,8 +512,8 @@
+ ; linux 2.6.17:
+ 311	AUE_NULL	STD	{ int linux_set_robust_list(struct linux_robust_list_head *head, \
+ 					l_size_t len); }
+-312	AUE_NULL	STD	{ int linux_get_robust_list(l_int pid, struct linux_robust_list_head *head, \
+-					l_size_t *len); }
++312	AUE_NULL	STD	{ int linux_get_robust_list(l_int pid, \
++				    struct linux_robust_list_head **head, l_size_t *len); }
+ 313	AUE_NULL	STD	{ int linux_splice(void); }
+ 314	AUE_NULL	STD	{ int linux_sync_file_range(void); }
+ 315	AUE_NULL	STD	{ int linux_tee(void); }
+--- sys/compat/linux/linux_futex.c.orig
++++ sys/compat/linux/linux_futex.c
+@@ -1090,7 +1090,7 @@
+ 		return (EFAULT);
+ 	}
+ 
+-	error = copyout(head, args->head, sizeof(struct linux_robust_list_head));
++	error = copyout(&head, args->head, sizeof(head));
+ 	if (error) {
+ 		LIN_SDT_PROBE1(futex, linux_get_robust_list, copyout_error,
+ 		    error);
+--- sys/i386/linux/syscalls.master.orig
++++ sys/i386/linux/syscalls.master
+@@ -520,8 +520,8 @@
+ ; linux 2.6.17:
+ 311	AUE_NULL	STD	{ int linux_set_robust_list(struct linux_robust_list_head *head, \
+ 					l_size_t len); }
+-312	AUE_NULL	STD	{ int linux_get_robust_list(l_int pid, struct linux_robust_list_head **head, \
+-					l_size_t *len); }
++312	AUE_NULL	STD	{ int linux_get_robust_list(l_int pid, \
++				    struct linux_robust_list_head **head, l_size_t *len); }
+ 313	AUE_NULL	STD	{ int linux_splice(void); }
+ 314	AUE_NULL	STD	{ int linux_sync_file_range(void); }
+ 315	AUE_NULL	STD	{ int linux_tee(void); }
diff --git a/share/security/patches/SA-16:03/linux.patch.asc b/share/security/patches/SA-16:03/linux.patch.asc
new file mode 100644
index 0000000000..7e169e3df9
--- /dev/null
+++ b/share/security/patches/SA-16:03/linux.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJWl2vaAAoJEO1n7NZdz2rn550QAOExAQn5tPNJatXxB7TemVBa
+NYz7vuSJInrAph8Q3g0ArFDMPxundFsqhc/T1Xd934fcxsjIL0gNKvlZYJaUDLWo
+0AuBlMmuO5YuVr5Ziy6UxZRgBp+LtpBlTbP4QY9YUB8VT2ijsZkKfjabGLuBpBPT
+tyoSt6NOrU+aFY7pRhDqiu8C9X1PSkv7xMCPIaR6eNfIi5Oq2uAahNHHi3RJxNqw
+DAvufZszMsggUXvSqJI+1ymQSqjW//LRchOp7Svqgkt+MTJKTUikgezey7Ovspsm
+lMW0DPUSUVJIo2KZBCnOJe9DrIlpTfsrfzF1VEb7ASQ/GNhdnnkDa2mB/r5QvCVI
+KtS9/nnF3+aOyCAriH1qeWH0gDSvunx9/wq7E1mH4CILPNRN0rI/06xpTV2ay7jD
+xOHoSMsCiIPrMN0o/DpmWiZN3X+elizXNiOqdKkUHz3kkjcYNlhVEUpLSDLUN9v+
+hAmdC4OQrrAnsAnhi2jILeCO4soFyOSQ/RUDomHJSUBGtLtVpkFTZM200I0fG1bY
+jDOF2mjren7cBNhtXA9M5oSRLPnaIVABPR62f2Og3+OVnwCvYNufN+U4kOVBAohX
+8Y8NfFE8TiKKk4XgBNK1PFzm4ebwRNkupLfLLayMA7aJJdfLW+dPg7vLHc5n9c6F
+Fy1m3f8+DhXt6aFjCbHG
+=3x4+
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-16:04/linux.patch b/share/security/patches/SA-16:04/linux.patch
new file mode 100644
index 0000000000..bf0973846d
--- /dev/null
+++ b/share/security/patches/SA-16:04/linux.patch
@@ -0,0 +1,44 @@
+--- sys/compat/linux/linux_misc.c.orig
++++ sys/compat/linux/linux_misc.c
+@@ -1304,9 +1304,11 @@
+ 	if (error)
+ 		goto out;
+ 	newcred = crget();
++	crextend(newcred, ngrp + 1);
+ 	p = td->td_proc;
+ 	PROC_LOCK(p);
+-	oldcred = crcopysafe(p, newcred);
++	oldcred = p->p_ucred;
++	crcopy(newcred, oldcred);
+ 
+ 	/*
+ 	 * cr_groups[0] holds egid. Setting the whole set from
+--- sys/kern/kern_prot.c.orig
++++ sys/kern/kern_prot.c
+@@ -88,7 +88,6 @@
+ 
+ SYSCTL_NODE(_security, OID_AUTO, bsd, CTLFLAG_RW, 0, "BSD security policy");
+ 
+-static void crextend(struct ucred *cr, int n);
+ static void crsetgroups_locked(struct ucred *cr, int ngrp,
+     gid_t *groups);
+ 
+@@ -1997,7 +1996,7 @@
+ /*
+  * Extend the passed in credential to hold n items.
+  */
+-static void
++void
+ crextend(struct ucred *cr, int n)
+ {
+ 	int cnt;
+--- sys/sys/ucred.h.orig
++++ sys/sys/ucred.h
+@@ -105,6 +105,7 @@
+ void	crcopy(struct ucred *dest, struct ucred *src);
+ struct ucred	*crcopysafe(struct proc *p, struct ucred *cr);
+ struct ucred	*crdup(struct ucred *cr);
++void	crextend(struct ucred *cr, int n);
+ void	cred_update_thread(struct thread *td);
+ void	crfree(struct ucred *cr);
+ struct ucred	*crget(void);
diff --git a/share/security/patches/SA-16:04/linux.patch.asc b/share/security/patches/SA-16:04/linux.patch.asc
new file mode 100644
index 0000000000..c4f9362615
--- /dev/null
+++ b/share/security/patches/SA-16:04/linux.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJWl2vbAAoJEO1n7NZdz2rn0XIQALbLH5z0mI06+5Zhc6rUXUa3
+ctXum7safaMN/xNlgfOY0LexKdc0zoIDbnVicvdKiao64iSkYROXHWk3GxQInvir
+KYyr2C9gAFf0l8q8ZE4rFmNxoaKjamIWupGqBudLKd8dID3pZENXuzzuIoCHReBs
+hFFuyIOGHcarVXq3EalF5J1uUoyRcSrJQ+dX1bpt4c22b1g82aCCmKewmrXbYST0
+GdrE/YTkMZ8AS3KZBpYLOBO62qmHF1WvK3map1vqMGvTBVUsWc+ls6ihdEadot93
+owhRWf8kH1ldXZKfKSoQNtTcDpxZWstigCE+r7G5SkaywScymQx16Y0ghpyry5mP
+yalk0vHKVZ0gejf15Q4FCI6BQavOWhhFYpNFzfIjAA0rorCgZTdZ7HQrWShY1giA
+7muCuRH6OZ3UgSV8HNiOHQiqLi1FaGU5qkHro1Gz1a4osnsRFGaqCAIgBle2SZUF
+TXlaJdxpwxDNpp0qUljNb0Y77H4S46FudNFYY0wCuMyfz8iNiayhG5Rz+HTMxiDb
+fNXU0773x3EP/IbIkYWjsySlcWDfCA2czoze3wLidoCred6WJKyGyHT7jDdxXgWK
+WP4/rkJK8cNZ3Tfpem5KpeYDQHwKIgo1ZcxjR3t1eFc7+CiAd1Gxpxe1nva6Snek
+UcwwLM1F5FbxafFI6cMV
+=qmE4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-16:05/tcp.patch b/share/security/patches/SA-16:05/tcp.patch
new file mode 100644
index 0000000000..07927f9b57
--- /dev/null
+++ b/share/security/patches/SA-16:05/tcp.patch
@@ -0,0 +1,37 @@
+--- sys/netinet/tcp_output.c.orig
++++ sys/netinet/tcp_output.c
+@@ -752,8 +752,8 @@
+ 	 * segments.  Options for SYN-ACK segments are handled in TCP
+ 	 * syncache.
+ 	 */
++	to.to_flags = 0;
+ 	if ((tp->t_flags & TF_NOOPT) == 0) {
+-		to.to_flags = 0;
+ 		/* Maximum segment size. */
+ 		if (flags & TH_SYN) {
+ 			tp->snd_nxt = tp->iss;
+@@ -1233,7 +1233,7 @@
+ 		tp->snd_up = tp->snd_una;		/* drag it along */
+ 
+ #ifdef TCP_SIGNATURE
+-	if (tp->t_flags & TF_SIGNATURE) {
++	if (to.to_flags & TOF_SIGNATURE) {
+ 		int sigoff = to.to_signature - opt;
+ 		tcp_signature_compute(m, 0, len, optlen,
+ 		    (u_char *)(th + 1) + sigoff, IPSEC_DIR_OUTBOUND);
+@@ -1713,6 +1713,7 @@
+ 			bcopy((u_char *)&to->to_tsecr, optp, sizeof(to->to_tsecr));
+ 			optp += sizeof(to->to_tsecr);
+ 			break;
++#ifdef TCP_SIGNATURE
+ 		case TOF_SIGNATURE:
+ 			{
+ 			int siglen = TCPOLEN_SIGNATURE - 2;
+@@ -1731,6 +1732,7 @@
+ 				 *optp++ = 0;
+ 			break;
+ 			}
++#endif
+ 		case TOF_SACK:
+ 			{
+ 			int sackblks = 0;
diff --git a/share/security/patches/SA-16:05/tcp.patch.asc b/share/security/patches/SA-16:05/tcp.patch.asc
new file mode 100644
index 0000000000..fb3465fb60
--- /dev/null
+++ b/share/security/patches/SA-16:05/tcp.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJWl2vcAAoJEO1n7NZdz2rnEmwQALGiV/fnzTqk82xoivjx7BYJ
+ku4OuN+ymATe2hMQfsVPvpnri6b+3W9alp0H3pvLmUmmpMSacMU5QbTyR6IRx+XN
+QNIb/ZC8xeB0zyRagsMh2sU6g+vizC/+ZrjCc9M694cVyYjEoDUHGxQJ/KtZ5fBG
+kGY4xfwxWP+NMZOcikXxEVm2t01vF3kvtEvb86FJ0wJaEqg3DXMGk2c/m/NB7yJ1
+C/5BVSAwApWOypXIHV6GrqyFoCNqTijgGF9JhFb2SsY1ADcYWmLPgiy32y405It8
+jZt2lYT6bS5xYO+O3SCTkocUvrO+GLL7NYhdHLiSZIUuT43/DUUdHESASLDDEzsx
+qzy91Q/zSMbVKlrdYND2XbCwA4EeCBswfdyKclWHIknqpFGvFSsOkq7s4vsa1zuR
+k2IG+lE4zSfVoOKbB696MQC60MNeg1S1C6hrGMq2p0EtlK5yrKdCGS8dYnV3sDXa
+u52GKTLgqnh9WdJpY/8VEXf53Sc91BojRB18gh3xAesq6/n4LK8JbpqK15Y7Ity9
+kPeZtHJuKFgZNqTVINHtcLihiAGccx7AK0zOlNvMwN2G8pLM5YYmkF7Vo/+n78pq
+/kxWMK9qyn5BFTTwd2XLKRAnKA0gT0wtMWYBOTDuDr1ZjV/zjjQf3ZPH4Zo1YDZf
+GHUAHT3j0QSi2Hquz9zf
+=25K+
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-16:06/bsnmpd.patch b/share/security/patches/SA-16:06/bsnmpd.patch
new file mode 100644
index 0000000000..9fbcd0adfc
--- /dev/null
+++ b/share/security/patches/SA-16:06/bsnmpd.patch
@@ -0,0 +1,25 @@
+--- etc/Makefile.orig
++++ etc/Makefile
+@@ -82,10 +82,6 @@
+ BIN1+= auto_master
+ .endif
+ 
+-.if ${MK_BSNMP} != "no"
+-BIN1+= snmpd.config
+-.endif
+-
+ .if ${MK_FREEBSD_UPDATE} != "no"
+ BIN1+= freebsd-update.conf
+ .endif
+@@ -219,6 +215,11 @@
+ 		${BIN2} ${DESTDIR}/etc; \
+ 	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \
+ 		master.passwd nsmb.conf opieaccess ${DESTDIR}/etc;
++.if ${MK_BSNMP} != "no"
++	cd ${.CURDIR}; \
++	    ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \
++		snmpd.config ${DESTDIR}/etc;
++.endif
+ .if ${MK_AT} == "no"
+ 	sed -i "" -e 's;.*/usr/libexec/atrun;#&;' ${DESTDIR}/etc/crontab
+ .endif
diff --git a/share/security/patches/SA-16:06/bsnmpd.patch.asc b/share/security/patches/SA-16:06/bsnmpd.patch.asc
new file mode 100644
index 0000000000..0ba43fe126
--- /dev/null
+++ b/share/security/patches/SA-16:06/bsnmpd.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAABCgAGBQJWl2vcAAoJEO1n7NZdz2rnVo4P/RzvYHiNx14BHX39eX9nxJO/
+9oGg/dTSBPeTv+nOpievz9o3AGnOqXLnWEwjvBDgJAt5147WQP5FIASusQ2exYfg
+POww/Vnk36gSYxuAqsiwQOJl7nGC78rZNSjb06npmPp4AjVosGav+pNSLmA6uo+d
+RqsErPbSo+2i1bsuLhnfoT1L9u/pySzMzJfB2lRGBY4XbyeOp7XQAZ2gM4hQXloT
+gEQrfmuzXE0s9196pK7DxZqmGtsl7tl23lAJfKuyYuNjAEJ/KTuvp7PYj+t9rGYW
+pEFa1/5ICREs1cWJeFpv6LywWmB8P0dfPYxFS3zBR+mjYN04Cep+pLBS947srDkg
+Spkz3HQTibNvpuooPI+AHv+5PdGWMJDytZW5hk2t9bpMXAXfegV2zQD8dYSbjCOK
+lOZb7HlbSMrGKOUdr+uB+fihabRvKgfEpvwkmRM8+gwlhdTO+k0sOQEwKznvSvZV
+66vMkySs6rqemG5vPD9sgWPNqP9BTqqz0RGe2ZDim3yqkuqYAxLOY2510PfXHXH5
++2GMbf3fY8ZqcmcZeERzluvYTMpi4wWCrf2ekELIvBRp8TC29R3hI8SE38f2DcoW
+HyR3rz6IiktyQ/QVmibhLZjpveQ08yPZb5qLFcgbJh7u5Nbyn2mdbbtnsHjYwJY4
+abQlvZo/4G8SbEhCsLs0
+=6rgy
+-----END PGP SIGNATURE-----