aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/ntp/ntpd
Commit message (Collapse)AuthorAgeFilesLines
* Fix multiple vulnerabilities of ntp.releng/9.3Xin LI2016-12-2237-3029/+3527
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=310419
* Fix multiple ntp vulnerabilities.Xin LI2016-06-0431-2763/+2819
| | | | | | | | Security: FreeBSD-SA-16:24.ntp Approved by: so Notes: svn path=/releng/9.3/; revision=301301
* Fix ntp multiple vulnerabilities.Xin LI2016-04-2927-442/+1082
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=298770
* Fix BIND remote denial of service vulnerability. [SA-16:08]Xin LI2016-01-2740-2645/+3843
| | | | | | | | | | | | | | | Fix multiple vulnerabilities of ntp. [SA-16:09] Fix Linux compatibility layer issetugid(2) system call vulnerability. [SA-16:10] Security: FreeBSD-SA-16:08.bind Security: FreeBSD-SA-16:09.ntp Security: FreeBSD-SA-16:10.linux Approved by: so Notes: svn path=/releng/9.3/; revision=294905
* o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]Gleb Smirnoff2016-01-1438-438/+464
| | | | | | | | | | | | | | | | | | | | | | | o Fix YP/NIS client library critical bug. [EN-16:03.yplib] o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp] o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd] Errata: FreeBSD-EN-16:02.pf Errata: FreeBSD-EN-16:03.yplib Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879 Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300 Security: FreeBSD-SA-16:03.linux, CVE-2016-1880 Security: FreeBSD-SA-16:04.linux, CVE-2016-1881 Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882 Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677 Approved by: so Notes: svn path=/releng/9.3/; revision=293896
* Upgrade NTP to 4.2.8p4.Gleb Smirnoff2015-10-26117-28884/+79368
| | | | | | | | | | | | | | | | | | | | | Security: FreeBSD-SA-15:25.ntp Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Approved by: so Notes: svn path=/releng/9.3/; revision=290001
* Improve patch for SA-15:04.igmp to solve a potential buffer overflow.Xin LI2015-04-072-53/+97
| | | | | | | | | | | Fix multiple vulnerabilities of ntp. [SA-15:07] Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09] Approved by: so Notes: svn path=/releng/9.3/; revision=281233
* [SA-14:31] Fix multiple vulnerabilities in NTP suite.Dag-Erling Smørgrav2014-12-234-7/+35
| | | | | | | | | [EN-14:13] Fix directory deletion issue in freebsd-update. Approved by: so Notes: svn path=/releng/9.3/; revision=276157
* MFC r265465:Xin LI2014-05-201-2/+0
| | | | | | | Don't reply monlist request when it's not enabled. Notes: svn path=/stable/9/; revision=266458
* MFC r260637:Xin LI2014-01-141-0/+2
| | | | | | | | | | Disable 'monitor' feature in ntpd by default. Security: FreeBSD-SA-14:02.ntpd Approved by: so Notes: svn path=/stable/9/; revision=260643
* MFC r232844: Remove extraneous log messageEd Maste2012-08-201-6/+0
| | | | | | | | | | | | | When ntp switched between PLL and FLL mode it produced a log message "kernel time sync status change %04x". This issue is reported in ntp bug 452[1] which claims that this behaviour is normal and the log message isn't necessary. I'm not sure exactly when it was removed, but it's gone in the latest ntp release (4.2.6p5). [1] http://bugs.ntp.org/show_bug.cgi?id=452 Notes: svn path=/stable/9/; revision=239427
* In case ntp cannot resolve a hostname on startup it will queue the entryBjoern A. Zeeb2011-06-292-20/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for resolving by a child process that, upon success, will add the entry to the config of the running running parent process. Unfortunately there are a couple of bugs with this, fixed in various later versions of upstream in potentially different ways due to other code changes: 1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving which does not work. Make sure we always pass the name (or IP there). 2) The intermediate file to carry the information to the child process does not know about -4/-6 restrictions, so that a dual-stacked host could resolve to an IPv6 address but that might be unreachable (see r223626) leading to no working synchronization ignoring a IPv4 record. Thus alter the intermediate format to also pass the address family (AF_UNSPEC (default), AF_INET or AF_INET6) to the child process depending on -4 or -6. 3) Make the child process to parse the new intermediate file format and save the address family for getaddrinfo() hints flags. 4) Change child to always reload resolv.conf calling res_init() before trying to resolve names. This will pick up resolv.conf changes or new resolv.confs should they have not existed or been empty or unusable on ntp startup. This fix is more conditional in upstream versions but given FreeBSD has res_init there is no need for the configure logic as well. Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 9 days Notes: svn path=/head/; revision=223667
* Compare port numbers correctly. They are stored by SRCPORT()Bjoern A. Zeeb2011-06-281-3/+3
| | | | | | | | | | | | | | | | | in host byte order, so we need to compare them as such. Properly compare IPv6 addresses as well. This allows the, by default, 8 badaddrs slots per address family to work correctly and only print sendto() errors once. The change is no longer applicable to any latest upstream versions. Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 1 week Notes: svn path=/head/; revision=223626
* The argument to setsockopt for IP_MULTICAST_LOOP depends on operatingBjoern A. Zeeb2011-05-291-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | system and is decided upon by configure and could be an u_int or a u_char. For FreeBSD it is a u_char. For IPv6 however RFC 3493, 5.2 defines the argument to IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always use that using a second variable for the IPV6 case. This is to get rid of these error messages every 5 minutes on some systems: ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument on socket 22, addr fe80::... for multicast address ff02::101 While here also fix the copy&paste error in the log message for IPV6_MULTICAST_LOOP. Reviewed by: roberto Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 10 days Filed as: Bug 1936 on ntp.org Notes: svn path=/head/; revision=222444
* Merge 4.2.4p8 into contrib (r200452 & r200454).Ollivier Robert2009-12-1521-477/+906
|\ | | | | | | | | | | | | | | | | | | Subversion is being difficult here so take a hammer and get it in. MFC after: 2 weeks Security: CVE-2009-3563 Notes: svn path=/head/; revision=200576
* | Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn'tHajimu UMEMOTO2009-12-011-0/+41
| | | | | | | | | | | | | | | | | | | | | | allow bind to an anycast addeess. It does away with an annoying message. Reviewed by: bz, roberto MFC after: 2 weeks Notes: svn path=/head/; revision=199995
* | Prevent integer overflow in direct pipe write code from circumventingColin Percival2009-06-101-17/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | virtual-to-physical page lookups. [09:09] Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10] Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11] Approved by: so (cperciva) Approved by: re (not really, but SVN wants this...) Security: FreeBSD-SA-09:09.pipe Security: FreeBSD-SA-09:10.ipv6 Security: FreeBSD-SA-09:11.ntpd Notes: svn path=/head/; revision=193893
* | Correct ntpd(8) cryptographic signature bypass [SA-09:04].Simon L. B. Nielsen2009-01-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Correct BIND DNSSEC incorrect checks for malformed signatures [SA-09:04]. Security: FreeBSD-SA-09:03.ntpd Security: FreeBSD-SA-09:04.bind Obtained from: ISC [SA-09:04] Approved by: so (simon) Notes: svn path=/head/; revision=187194
* | Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commitOllivier Robert2008-08-2270-9879/+17921
|\| | | | | | | | | | | | | | | | | will update usr.sbin/ntp to match this. MFC after: 2 weeks Notes: svn path=/head/; revision=182007
| * Flatten the dist and various 4.n.n trees in preparation of future ntp imports.Ollivier Robert2008-08-1767-70079/+0
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=181800
* | Remove an extra '}'.Ollivier Robert2004-07-201-1/+0
| | | | | | | | Notes: svn path=/head/; revision=132460
* | Merge conflicts (see also previous commit).Ollivier Robert2004-07-201-148/+170
| | | | | | | | | | | | | | | | | | | | | | Reinsert our local changes to ntp_control.c: 1.4: Do not log every potential exploit attempt since a denial-of-service may result 1.5: int -> unsigned char fixes Notes: svn path=/head/; revision=132455
* | Revert this file to the vendor version, we don't need to have our ownOllivier Robert2004-07-201-1072/+1489
| | | | | | | | | | | | | | version of it. Will help further upgrades. Notes: svn path=/head/; revision=132454
* | This commit was generated by cvs2svn to compensate for changes in r132451,Ollivier Robert2004-07-2060-8275/+13866
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=132452
| * Virgin import of ntpd 4.2.0Ollivier Robert2004-07-2062-9493/+15524
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=132451
* | Merge conflicts.Ollivier Robert2002-11-041-0/+2
| | | | | | | | | | | | | | MFC after: 1 month Notes: svn path=/head/; revision=106427
* | This commit was generated by cvs2svn to compensate for changes in r106424,Ollivier Robert2002-11-049-11/+5772
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=106425
| * Virgin import of ntpd 4.1.1bOllivier Robert2002-11-0410-11/+5774
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=106424
| * Remove files not present in 4.1.1a import.vendor/ntp/4.1.1aOllivier Robert2002-10-291-987/+0
| | | | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=106167 svn path=/vendor/ntp/4.1.1a/; revision=106165; tag=vendor/ntp/4.1.1a
* | Merge conflicts.Ollivier Robert2002-10-293-993/+6
| | | | | | | | | | | | | | MFC after: 1 month Notes: svn path=/head/; revision=106166
* | This commit was generated by cvs2svn to compensate for changes in r106163,Ollivier Robert2002-10-2920-403/+1897
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=106164
| * Virgin import of ntpd 4.1.1aOllivier Robert2002-10-2922-409/+1903
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=106163
* | Merge after 4.1.0 import.Ollivier Robert2001-08-291-986/+1573
| | | | | | | | Notes: svn path=/head/; revision=82505
* | Redo the int -> unsigned changes jedgar did. It should have been submittedOllivier Robert2001-08-291-615/+852
| | | | | | | | | | | | | | back but it was off the vendor branch anyway so... Notes: svn path=/head/; revision=82502
* | This commit was generated by cvs2svn to compensate for changes in r82498,Ollivier Robert2001-08-2955-3876/+9376
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=82499
| * Virgin import of ntpd 4.1.0Ollivier Robert2001-08-2957-5477/+11811
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=82498
* | Do not log every potential exploit attempt since a denial-of-serviceChris D. Faulhaber2001-04-061-10/+1
| | | | | | | | | | | | | | may result. Notes: svn path=/head/; revision=75260
* | - Correct off-by-one error and buffer underflow from previous fixChris D. Faulhaber2001-04-061-5/+5
| | | | | | | | | | | | | | | | | | - int -> unsigned char fixes Submitted by: ache, dillon, Mark Andrews, et.al. (on -security) Notes: svn path=/head/; revision=75259
* | Fix a potential ROOT-exploit in NTPD.Poul-Henning Kamp2001-04-041-1/+18
| | | | | | | | | | | | | | | | PR: 26358 Reviewed by: dima Notes: svn path=/head/; revision=75202
* | This commit was generated by cvs2svn to compensate for changes in r57738,Ollivier Robert2000-03-031-1/+1
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=57739
| * Fix potential alignement problems on Alpha + IPv6.Ollivier Robert2000-03-031-1/+1
| | | | | | | | | | | | | | | | | | | | This is done on the vendor branch to avoid spamming the tree. It has been sent to the NTP maintainers already. Submitted by: shin Notes: svn path=/vendor/ntp/dist/; revision=57738
* | Merge conflicts with the import of 4.0.99b.Ollivier Robert2000-01-281-229/+269
| | | | | | | | Notes: svn path=/head/; revision=56749
* | This commit was generated by cvs2svn to compensate for changes in r56746,Ollivier Robert2000-01-2826-1437/+4680
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=56747
| * Virgin import of ntpd 4.0.99bOllivier Robert2000-01-2827-1667/+4950
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=56746
* | Commit a fix several warnings on alpha for sysctlbyname arguments. It couldOllivier Robert1999-12-091-1/+3
|/ | | | | | | | | | have resulted in stack corruption. A patch has been sent to the ntp author for inclusion in next version. Obtained from: peter Notes: svn path=/head/; revision=54363
* Virgin import of ntpd 4.0.98fvendor/ntp/4.0.98fOllivier Robert1999-12-0954-0/+48161
Notes: svn path=/vendor/ntp/dist/; revision=54359 svn path=/vendor/ntp/4.0.98f/; revision=54361; tag=vendor/ntp/4.0.98f