aboutsummaryrefslogtreecommitdiffstats
path: root/contrib/ntp
Commit message (Collapse)AuthorAgeFilesLines
* Fix multiple vulnerabilities of ntp.releng/9.3Xin LI2016-12-22172-3757/+7330
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=310419
* Fix multiple ntp vulnerabilities.Xin LI2016-06-04150-3065/+4259
| | | | | | | | Security: FreeBSD-SA-16:24.ntp Approved by: so Notes: svn path=/releng/9.3/; revision=301301
* Fix ntp multiple vulnerabilities.Xin LI2016-04-29175-1194/+4409
| | | | | | | Approved by: so Notes: svn path=/releng/9.3/; revision=298770
* Fix BIND remote denial of service vulnerability. [SA-16:08]Xin LI2016-01-27191-3466/+6580
| | | | | | | | | | | | | | | Fix multiple vulnerabilities of ntp. [SA-16:09] Fix Linux compatibility layer issetugid(2) system call vulnerability. [SA-16:10] Security: FreeBSD-SA-16:08.bind Security: FreeBSD-SA-16:09.ntp Security: FreeBSD-SA-16:10.linux Approved by: so Notes: svn path=/releng/9.3/; revision=294905
* o Fix invalid TCP checksums with pf(4). [EN-16:02.pf]Gleb Smirnoff2016-01-14269-2056/+5057
| | | | | | | | | | | | | | | | | | | | | | | o Fix YP/NIS client library critical bug. [EN-16:03.yplib] o Fix SCTP ICMPv6 error message vulnerability. [SA-16:01.sctp] o Fix ntp panic threshold bypass vulnerability. [SA-16:02.ntp] o Fix Linux compatibility layer incorrect futex handling. [SA-16:03.linux] o Fix Linux compatibility layer setgroups(2) system call. [SA-16:04.linux] o Fix TCP MD5 signature denial of service. [SA-16:05.tcp] o Fix insecure default bsnmpd.conf permissions. [SA-16:06.bsnmpd] Errata: FreeBSD-EN-16:02.pf Errata: FreeBSD-EN-16:03.yplib Security: FreeBSD-SA-16:01.sctp, CVE-2016-1879 Security: FreeBSD-SA-16:02.ntp, CVE-2015-5300 Security: FreeBSD-SA-16:03.linux, CVE-2016-1880 Security: FreeBSD-SA-16:04.linux, CVE-2016-1881 Security: FreeBSD-SA-16:05.tcp, CVE-2016-1882 Security: FreeBSD-SA-16:06.bsnmpd, CVE-2015-5677 Approved by: so Notes: svn path=/releng/9.3/; revision=293896
* Upgrade NTP to 4.2.8p4.Gleb Smirnoff2015-10-261793-161686/+723678
| | | | | | | | | | | | | | | | | | | | | Security: FreeBSD-SA-15:25.ntp Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Approved by: so Notes: svn path=/releng/9.3/; revision=290001
* Improve patch for SA-15:04.igmp to solve a potential buffer overflow.Xin LI2015-04-072-53/+97
| | | | | | | | | | | Fix multiple vulnerabilities of ntp. [SA-15:07] Fix Denial of Service with IPv6 Router Advertisements. [SA-15:09] Approved by: so Notes: svn path=/releng/9.3/; revision=281233
* [SA-14:31] Fix multiple vulnerabilities in NTP suite.Dag-Erling Smørgrav2014-12-235-10/+38
| | | | | | | | | [EN-14:13] Fix directory deletion issue in freebsd-update. Approved by: so Notes: svn path=/releng/9.3/; revision=276157
* MFC r265465:Xin LI2014-05-201-2/+0
| | | | | | | Don't reply monlist request when it's not enabled. Notes: svn path=/stable/9/; revision=266458
* MFC r260637:Xin LI2014-01-141-0/+2
| | | | | | | | | | Disable 'monitor' feature in ntpd by default. Security: FreeBSD-SA-14:02.ntpd Approved by: so Notes: svn path=/stable/9/; revision=260643
* Clean some 'svn:executable' properties in the tree.Pedro F. Giffuni2013-01-2918-0/+0
| | | | | | | | | | | | | | Submitted by: Christoph Mallon While here, merge some other mergeinfo properties that were left behind from my commits /head/include:r241008,241141,241181 /head/contrib/gcc:r244776,244792 /head/cddl:r238457,238509,238558 Notes: svn path=/stable/9/; revision=246069
* MFC r232844: Remove extraneous log messageEd Maste2012-08-201-6/+0
| | | | | | | | | | | | | When ntp switched between PLL and FLL mode it produced a log message "kernel time sync status change %04x". This issue is reported in ntp bug 452[1] which claims that this behaviour is normal and the log message isn't necessary. I'm not sure exactly when it was removed, but it's gone in the latest ntp release (4.2.6p5). [1] http://bugs.ntp.org/show_bug.cgi?id=452 Notes: svn path=/stable/9/; revision=239427
* In case ntp cannot resolve a hostname on startup it will queue the entryBjoern A. Zeeb2011-06-292-20/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | for resolving by a child process that, upon success, will add the entry to the config of the running running parent process. Unfortunately there are a couple of bugs with this, fixed in various later versions of upstream in potentially different ways due to other code changes: 1) Upon server [-46] <FQDN> the [-46] are used as FQDN for later resolving which does not work. Make sure we always pass the name (or IP there). 2) The intermediate file to carry the information to the child process does not know about -4/-6 restrictions, so that a dual-stacked host could resolve to an IPv6 address but that might be unreachable (see r223626) leading to no working synchronization ignoring a IPv4 record. Thus alter the intermediate format to also pass the address family (AF_UNSPEC (default), AF_INET or AF_INET6) to the child process depending on -4 or -6. 3) Make the child process to parse the new intermediate file format and save the address family for getaddrinfo() hints flags. 4) Change child to always reload resolv.conf calling res_init() before trying to resolve names. This will pick up resolv.conf changes or new resolv.confs should they have not existed or been empty or unusable on ntp startup. This fix is more conditional in upstream versions but given FreeBSD has res_init there is no need for the configure logic as well. Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 9 days Notes: svn path=/head/; revision=223667
* Compare port numbers correctly. They are stored by SRCPORT()Bjoern A. Zeeb2011-06-281-3/+3
| | | | | | | | | | | | | | | | | in host byte order, so we need to compare them as such. Properly compare IPv6 addresses as well. This allows the, by default, 8 badaddrs slots per address family to work correctly and only print sendto() errors once. The change is no longer applicable to any latest upstream versions. Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 1 week Notes: svn path=/head/; revision=223626
* The argument to setsockopt for IP_MULTICAST_LOOP depends on operatingBjoern A. Zeeb2011-05-291-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | system and is decided upon by configure and could be an u_int or a u_char. For FreeBSD it is a u_char. For IPv6 however RFC 3493, 5.2 defines the argument to IPV6_MULTICAST_LOOP to be an unsigned integer so make sure we always use that using a second variable for the IPV6 case. This is to get rid of these error messages every 5 minutes on some systems: ntpd[1530]: setsockopt IPV6_MULTICAST_LOOP failure: Invalid argument on socket 22, addr fe80::... for multicast address ff02::101 While here also fix the copy&paste error in the log message for IPV6_MULTICAST_LOOP. Reviewed by: roberto Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 10 days Filed as: Bug 1936 on ntp.org Notes: svn path=/head/; revision=222444
* Merge 4.2.4p8 into contrib (r200452 & r200454).Ollivier Robert2009-12-1590-66096/+28506
|\ | | | | | | | | | | | | | | | | | | Subversion is being difficult here so take a hammer and get it in. MFC after: 2 weeks Security: CVE-2009-3563 Notes: svn path=/head/; revision=200576
* | Don't try to bind to an anycast addeess. The KAME IPv6 stack doesn'tHajimu UMEMOTO2009-12-011-0/+41
| | | | | | | | | | | | | | | | | | | | | | allow bind to an anycast addeess. It does away with an annoying message. Reviewed by: bz, roberto MFC after: 2 weeks Notes: svn path=/head/; revision=199995
* | Remove build timestamps from the following files:Colin Percival2009-07-111-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | /boot/kernel/hptrr.ko /etc/mail/*.cf /lib/libcrypto.so.5 /usr/bin/ntpq /usr/sbin/amd /usr/sbin/iasl /usr/sbin/ntpd /usr/sbin/ntpdate /usr/sbin/ntpdc There does not appear to be any purpose to having these timestamps, and they have the irritating consequence that the aforementioned files will be different every time they are rebuilt. After this commit, the only remaining build timestamps are in the kernel, the boot loaders, /usr/include/osreldate.h (the year in the copyright notice), and lib*.a (the timestamps on all of the included .o files). Reviewed by: scottl (hptrr), gshapiro (sendmail), simon (openssl), roberto (ntp), jkim (acpica) Approved by: re (kib) Notes: svn path=/head/; revision=195626
* | Prevent integer overflow in direct pipe write code from circumventingColin Percival2009-06-101-17/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | virtual-to-physical page lookups. [09:09] Add missing permissions check for SIOCSIFINFO_IN6 ioctl. [09:10] Fix buffer overflow in "autokey" negotiation in ntpd(8). [09:11] Approved by: so (cperciva) Approved by: re (not really, but SVN wants this...) Security: FreeBSD-SA-09:09.pipe Security: FreeBSD-SA-09:10.ipv6 Security: FreeBSD-SA-09:11.ntpd Notes: svn path=/head/; revision=193893
* | Merge r191298 into HEAD.Ollivier Robert2009-04-201-2/+2
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent a buffer overflow in ntpq. Patch taken from the PR database after being committed to the official ntp tree and present in 4.2.4p7-rc2. It will be MFH to the upcoming 7.2 pending re approval. Obtained from: https://support.ntp.org/bugs/show_bug.cgi?id=1144 MFC after: 3 days Security: http://www.securityfocus.com/bid/34481 CVE-2009-0159 Notes: svn path=/head/; revision=191302
* | Correct ntpd(8) cryptographic signature bypass [SA-09:04].Simon L. B. Nielsen2009-01-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Correct BIND DNSSEC incorrect checks for malformed signatures [SA-09:04]. Security: FreeBSD-SA-09:03.ntpd Security: FreeBSD-SA-09:04.bind Obtained from: ISC [SA-09:04] Approved by: so (simon) Notes: svn path=/head/; revision=187194
* | Merge from vendor/ntp/dist: r182856:Ollivier Robert2008-09-071-2/+2
|\| | | | | | | | | | | | | | | | | | | Apply updated patch from bin/92839 to avoid two possible buffer overflows. PR: bin/92839 Submitted by: Helge Oldach <freebsdntpd@oldach.net> Notes: svn path=/head/; revision=182857
* | Merge ntpd & friends 4.2.4p5 from vendor/ntp/dist into head. Next commitOllivier Robert2008-08-22563-55122/+193226
|\| | | | | | | | | | | | | | | | | will update usr.sbin/ntp to match this. MFC after: 2 weeks Notes: svn path=/head/; revision=182007
| * Flatten the dist and various 4.n.n trees in preparation of future ntp imports.Ollivier Robert2008-08-17724-271109/+0
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=181800
* | Move FREEBSD-upgrade as well.Ollivier Robert2008-08-181-45/+0
| | | | | | | | Notes: svn path=/head/; revision=181837
* | Move FREEBSD-Xlist in a more proper location.Ollivier Robert2008-08-181-3/+0
| | | | | | | | Notes: svn path=/head/; revision=181836
* | This commit was generated by cvs2svn to compensate for changes in r162735,Ollivier Robert2006-09-282-0/+4
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=162736
| * Fix compilation with gcc 4.1. This is imported on the vendor branch as itOllivier Robert2006-09-282-0/+4
| | | | | | | | | | | | | | | | | | | | was applied in the mainstream source and a later complete import of 4.2.2p3 will complete the fix. Submitted by: kan Notes: svn path=/vendor/ntp/dist/; revision=162735
* | This commit was generated by cvs2svn to compensate for changes in r138451,Ollivier Robert2004-12-061-2/+7
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=138452
| * Merge from the main BK repository for ntp: put two midly annoying messagesOllivier Robert2004-12-061-2/+7
| | | | | | | | | | | | | | | | | | | | | | under #ifdef DEBUG. Merge of revision 1.45 by H. Stenn. Done on the vendor branch to minimise future imports. Reminded by: obrien Notes: svn path=/vendor/ntp/dist/; revision=138451
* | This commit was generated by cvs2svn to compensate for changes in r132536,Ollivier Robert2004-07-221-14/+59
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=132537
| * The following patch has been taken from the ntp-stable vendor branch.Ollivier Robert2004-07-221-14/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Put everything OpenSSL related between #ifdef OPENSSL..#endif. This also fixes bugs #252, #275 & #293. See <http://ntp.bkbits.net:8080/ntp-stable/hist/util/ntp-keygen.c?nav=index.html|src/+|src/util> for reference. Submitted by: Marius Strobl <marius@alchemy.franken.de> Notes: svn path=/vendor/ntp/dist/; revision=132536
* | Remove an extra '}'.Ollivier Robert2004-07-201-1/+0
| | | | | | | | Notes: svn path=/head/; revision=132460
* | Update information on build/import.Ollivier Robert2004-07-201-11/+14
| | | | | | | | Notes: svn path=/head/; revision=132457
* | Merge conflicts.Ollivier Robert2004-07-20104-23620/+0
| | | | | | | | | | | | | | Lots of added files, some removed and quite a large number of renames :( Notes: svn path=/head/; revision=132456
* | Merge conflicts (see also previous commit).Ollivier Robert2004-07-201-148/+170
| | | | | | | | | | | | | | | | | | | | | | Reinsert our local changes to ntp_control.c: 1.4: Do not log every potential exploit attempt since a denial-of-service may result 1.5: int -> unsigned char fixes Notes: svn path=/head/; revision=132455
* | Revert this file to the vendor version, we don't need to have our ownOllivier Robert2004-07-201-1072/+1489
| | | | | | | | | | | | | | version of it. Will help further upgrades. Notes: svn path=/head/; revision=132454
* | This commit was generated by cvs2svn to compensate for changes in r132451,Ollivier Robert2004-07-20378-16291/+95416
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=132452
| * Virgin import of ntpd 4.2.0Ollivier Robert2004-07-20380-17509/+97074
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=132451
* | Merge conflicts.Ollivier Robert2002-11-042-39/+2
| | | | | | | | | | | | | | MFC after: 1 month Notes: svn path=/head/; revision=106427
* | This commit was generated by cvs2svn to compensate for changes in r106424,Ollivier Robert2002-11-0439-5211/+14597
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=106425
| * Virgin import of ntpd 4.1.1bOllivier Robert2002-11-0440-5211/+14599
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=106424
| * Remove files not present in 4.1.1a import.vendor/ntp/4.1.1aOllivier Robert2002-10-2925-3978/+0
| | | | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=106167 svn path=/vendor/ntp/4.1.1a/; revision=106165; tag=vendor/ntp/4.1.1a
* | Update for 4.1.1a.Ollivier Robert2002-10-291-5/+9
| | | | | | | | | | | | | | Tested on: Sparc64 (panther), Alpha (beast) & i386 Notes: svn path=/head/; revision=106170
* | This commit was generated by cvs2svn to compensate for changes in r106167,Ollivier Robert2002-10-2924-2991/+0
| | | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=106168
* | Merge conflicts.Ollivier Robert2002-10-293-993/+6
| | | | | | | | | | | | | | MFC after: 1 month Notes: svn path=/head/; revision=106166
* | This commit was generated by cvs2svn to compensate for changes in r106163,Ollivier Robert2002-10-2990-9773/+16572
|\| | | | | | | | | | | | | which included commits to RCS files with non-trunk default branches. Notes: svn path=/head/; revision=106164
| * Virgin import of ntpd 4.1.1aOllivier Robert2002-10-2992-9779/+16578
| | | | | | | | Notes: svn path=/vendor/ntp/dist/; revision=106163
* | Merge after 4.1.0 import.Ollivier Robert2001-08-291-986/+1573
| | | | | | | | Notes: svn path=/head/; revision=82505
* | Update for 4.1.0 import.Ollivier Robert2001-08-292-6/+10
| | | | | | | | Notes: svn path=/head/; revision=82503